Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mehmet
New Contributor II

Question: two Vdom vlans to the same port ( native and allowed)

Hi there. I have a question 

Let's say I have a root vdom and vdom2 as a secondary vdom.

Root vdom has own vlans under fortilink and connected to the fortiswich with fortilink.

Vdom2 also has a vlan which is part of root vdom's fortilink and fortiswich's port1 configured as shown in the link below

 

https://docs.fortinet.com/document/fortiswitch/7.0.0/devices-managed-by-fortios/801172/multitenancy-...

 

The problem with that setup the port is dedicated to vdom2.

What I want is share that port with the root vdom.

Example: 

port 1 native vlan for root vlan10

Port 1 Allowed vlan for Vdom2 vlan20

 

Any idea or advice for this will save my life. Thank you very much in advance.

 

 

 

 

1 Solution
sachitdas_FTNT

Hi Mehmet,

No need to move the port to a different vdom. Have the port on root vdom and then map the vlans from FGT CLI root vdom:


FG (root) # config switch-controller managed-switch

FG (managed-switch) # edit <FSW serial#>

FG (S248E) # config ports

FG (ports) # edit port1

FG (port1) # set vlan 10

FG (port1) # set allowed-vlans vlan20

FG (port1) # end

Regards,
Sachit Das
ETAC Engineer
Wifi-Switching – International Support

View solution in original post

4 REPLIES 4
pciurea
Staff
Staff

Hello Mehmet

 

Interface to VDOM implementation allows you to map unique interfaces (physical or virtual) to different VDOMS. In your example port1 would have a child virtual interface ( Vlan20) that can be mapped to a vdom that is different from the one that is mapped for that parent interface (port1). FortiOS does not care about interface relationship, as long as different interfaces are created/defined. If interface is already created, be aware that to move an interface from a vdom to another you need to first delete all the references .

 

Hope this helps,

Petre

"Serenity now. Insanity later"
mehmet
New Contributor II

Vlans are already part of fortilink interface. I just wonder if it is possible to link these two Vdom Vlans as a native and allowed together on the managed switch port 1 like drawing below example.

Example.PNG

sachitdas_FTNT

Hi Mehmet,

No need to move the port to a different vdom. Have the port on root vdom and then map the vlans from FGT CLI root vdom:


FG (root) # config switch-controller managed-switch

FG (managed-switch) # edit <FSW serial#>

FG (S248E) # config ports

FG (ports) # edit port1

FG (port1) # set vlan 10

FG (port1) # set allowed-vlans vlan20

FG (port1) # end

Regards,
Sachit Das
ETAC Engineer
Wifi-Switching – International Support
mehmet

Thank you so much. It worked