I'm not sure I'm asking it correctly, but what I have is 3 VLANS setup, besides the built in lan interface.
What I'd like to do is have is LAN 1 set as as untagged in VLAN 1, LAN 2 untagged in VLAN 2, LAN 3 untagged in VLAN 3, and LAN 4 untagged in VLAN 4, LAN 5 has VLAN1 untagged, and VLANS 2, 3, and 4 tagged.
I have the last part working, where VLAN1 is untagged, and the other 3 are tagged. I have removed ports 2,3, and 4 from the LAN interface, but now I don't how to make them "dumb" layer 2 ports.
I tried going into the CLI and using the following:
config sys interface
edit "vlan3"
set interface "lan4"
end
The result was:
VLAN IP or physical interface cannot be changed once a VLAN has been created.
So, do I need to wipe it, and start over?
Thanks!
Yes, VLAN definitions are not editable. Either you have to remove all references to that (virtual) port (e.g. VLAN2), delete and recreate the VLAN, or get a config backup file, edit and restore (with reboot).
And, I'm hoping someone would scold me "You're wrong!", but I don't think any FG supports "untagged" vlan access port.
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.