Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

DHCP on VLAN - No IP Address assigned, no communication

I'm new to Fortigate and installing a Fortigate 40F on my homenetwork.
The goal is to isolate IoT Devices with a VLAN, but at first i'd like to connect only one PC to one Port of the Fortigate to test.

The setup is pretty easy at the moment:


Fortigate is directly connected to the PC on lan2 Port. The Interface has one single VLAN configured with DHCP enabled.

Config is:
The "physical interface" lan2 is unconfigured.



config system interface
    edit "VLAN_7"
        set vdom "root"
        set ip
        set allowaccess ping https ssh http
        set device-identification enable
        set role lan
        set snmp-index 13
        set interface "lan2"
        set vlanid 7



Output of command


config system interface




name Name.
VLAN_7 static up disable vlan
a static up disable physical
fortilink static up disable aggregate
l2t.root static up disable tunnel
lan static up disable hard-switch
lan1 static up disable physical
lan2 static up disable physical
lan3 static up disable physical
modem pppoe down disable physical
naf.root static up disable tunnel
ssl.root static up disable tunnel
wan dhcp up disable physical



  • The PC cannot get an IP address assigned and always ends with a self-assigned IP (
  • Setting the PC to static ip address, it shows "connected" but cannot communicate in either way with the Fortigate.
  • Configuring the DHCP on the "Physical Interface" works well.
  • FortiOS is 7.2.3 

What am i missing here to get the IP assigned?

As per this configuration the interface VLAN_7 will expect packets to reach with vlan-tag 7. Your PC cannot send packets with VLAN tag and thats the possible issue.


Can you delete the VLAN interface and configure IP and DHCP services directly on port 2 and check?

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.


This will not work. You would need to put switch in between that will mark packets with vlan for you or you would need to configure vlan-id on PC directly. And to be honest, with Window PC I don't have experience how well it works with vlans. On linux, you can do quite easily and works good.

Because the problem is, that at the moment, your PC is sending packets without any VLAN-id. So it will be processed by LAN2 interface. That's reason why it also works when you configure IP on LAN2 directly. With Vlan configured under LAN2 port, FortiGate expect incoming packet with vlan-tag and based on this vlan-tag, it will be forwarded to correct VLAN. So you need to instruct either PC to send packets with these VLAN-tags or have switch (managed) in between PC and FGT, configure VLANs on switch and access and trunk ports correctly. Hope it makes sense.

New Contributor II

What i actually thought was, that the internal switch of the Fortigate will do the tagging.

On the LAN, it reads "hardware switch"


and that there is no VLAN tagging available is not clear.



Hi @gateberg77 


PC did not support VLAN. By default there are no options for you to set VLAN on the PC level.
On the switch, you have 3 VLAN.


When you connect to switch, how you define your PC to sit on VLAN10,20 or 30 ?
This must be done on the switch level. example:
Port1 - VLAN10 << If your pc connect to port1, you will get VLAN10 IP

Port2 - VLAN20 <<  If your pc connect to port1, you will get VLAN20 IP

Port3 - VLAN30 <<  If your pc connect to port1, you will get VLAN30 IP

Fortigate <<Trunk>> Switch (port1-vlan10) <<>> PC
PC will get VLAN10 ip.

Hope that helps.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors