Access VLAN on Fortigate

VanDerTuch · ‎01-27-2024

Hello, i am playing with older Fortigate 100D, everything works fine, but i cannot find how to create access port for specific VLAN.

There is Hardware switch(port1-port16), how can i add specific port to specific VLAN? Something like on cisco switch(switchport mode access, switchport access vlan 10). L2 interface, not L3 vlan interface..? Normal fortigate way is creating vlan interface under physical port(but it is L3 interface). My goal is create classic L2 switchport without any ip addressing in specisifc VLAN.

Thanks a lot for any advice.

AEK · ‎01-27-2024

Hello

So on FG you want to put one of the hardware switch ports as access port in a specific VLAN?

Never seen such on FG but it is possible that VLAN switch can have something to do with that.

https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/183531/virtual-vlan-switch

But the question is why you need such configuration? If you explain your need we may suggest a solution.

AEK

ede_pfau · ‎01-27-2024

VLAN ports on a FGT are trunk ports, i.e. tagged. If you need an access port to connect a non-tagging host (that's what I assume) the easiest way is to use an additional FortiSwitch.

Of course, the link to the Admin Guide is highly valuable. It makes this typical switch feature available on a lesser used hardware detail on a FGT, the hardware switch. That's why not all FGT models support it, they need the switch chip (ISE).

But, note the limitations:

1- not available on all models

2- FortiOS 7.4, which is cited, is "bleeding edge". I would not use it in a production environment at the moment, although I admit it's exiting. Just too early. So better stick to v7.2 which supports VLAN switches as well.

Ede Kernel panic: Aiee, killing interrupt handler!

Access VLAN on Fortigate

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website