Hello,
In the standalone Fortiswitch, we can configure the following VLAN settings in a port: Native VLAN, Allowed VLAN list and Untagged VLAN list. This configuration is available only in the standalone switch; when the switch is managed by a FortiGate, the only settings available are the Native VLAN and the Allowed VLAN list.
Can somebody explain to me why should someone need to set the Untagged VLAN list? It seems to me that the Native VLAN alone should be sufficient. What additional functionality does the Untagged VLAN list provides to the port consifuration, that is not covered by the Native VLAN?
Thanks
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Maybe you need to untag vlans to send to a non 802.1q device that has a bunch of secondary address on a single interface.
I personally have never use it so I can't explain any business case. Do you need that feature is the question you should be asking yourself. What it does it clear in the supporting documents.
Ken Felix
PCNSE
NSE
StrongSwan
Did you read the docs https://docs.fortinet.com/document/fortiswitch/6.4.2/administration-guide/146333/vlans-and-vlan-tagg...
It explain where and how these apply.
Ken Felix
PCNSE
NSE
StrongSwan
I have seen this document. But it's not clear to me the difference between the native vlan and the untagged vlan. Can you tell me a use case where the untagged-vlan list is needed?
Maybe you need to untag vlans to send to a non 802.1q device that has a bunch of secondary address on a single interface.
I personally have never use it so I can't explain any business case. Do you need that feature is the question you should be asking yourself. What it does it clear in the supporting documents.
Ken Felix
PCNSE
NSE
StrongSwan
Thanks a lot for the answer Ken. Makes sense. To comment on your last statement, in order to answer to myself if I need that feature or not, I need to understand why it is there for :) So far, it seems that using the native VLAN is enough.
Native VLAN You can configure a native VLAN for each port. The native VLAN is like a default VLAN for untagged incoming packets. Outgoing packets for the native VLAN are sent as untagged frames. The native VLAN is assigned to any untagged packet arriving at an ingress port. At an egress port, if the packet tag matches the native VLAN, the packet is sent out without the VLAN header.
Untagged VLAN list The untagged VLAN list on a port specifies the VLAN tag values for which the port will transmit packets without the VLAN tag. Any VLAN in the untagged VLAN list must also be a member of the allowed VLAN list. The untagged VLAN list applies only to egress traffic on a port.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.