Hi Fortinet Community!
I have a question that I’m having trouble answering despite going through the training, documentation, and searching online. We recently purchased a FortiSwitch 148F-FPOE with a FortiLAN Cloud management license.
The switch has been adopted and deployed to the new network, it pulled an IP address from DHCP, and everything looks good connectivity-wise.
I need to assign a static IP address to the switch within a management network, which does not have DHCP. Does this need to be done via the command line? I found an area to set a static IP (physical interface configuration), but I do not see any place to set the gateway.
The switch will not be doing any routing, so my idea was to untag the switch uplink on the management VLAN and set a static IP/gateway (or set a static IP/GW on the VSI internal interface) and tag (allow) other VLANs.
Any advice would be greatly appreciated.
#FortiSwitch
#FortiLAN
#FortiCloud
Thank you!
Solved! Go to Solution.
Same as FGT, which you might now have experienced.
config router static edit 0 set device "internal" set dst 0.0.0.0 0.0.0.0 set gateway x.x.x.x next end
Toshi
Quick update, I decided to SSH into the switch. I noticed that on the internal interface, I can set a static IP with the commands below:
set mode static
set ip address x.x.x.x x.x.x.x
set defaultgw enable
Still looking for the command to set the default gateway.
Same as FGT, which you might now have experienced.
config router static edit 0 set device "internal" set dst 0.0.0.0 0.0.0.0 set gateway x.x.x.x next end
Toshi
Thank you so much for the response, Toshi! I will try this out. Do you know if this is the desired way to set a static IP/route in FortiSwitch, or is it recommended to leave them on DHCP? I'm sure either way can be done. When I was doing a Fortlink implementation, Fortinet recommended to run DHCP and use MAC address reservations.
Edit: It looks like there's nothing in the router static table. I'll see if I can create a new entry. I wonder where the route is stored from DHCP.
Edit: I created a new entry. Will test and see if I have connectivity now! :)
It's up to you. We use a separate VLAN for management on standalone FSWs with static IPs.
When you look up the CLI reference doc, you can refer to below for the command structure.
If you're using fortilink instead of standalone, I don't recommend configuring FSWs directly. Configure it at the controller FGT.
Toshi
Hi Toshi, this is actually for FortiLAN cloud, which in the cloud dashboard it states to also not make configuration changes locally as well.
I found where to set a static IP address in FortiLAN cloud, but I didn't see anywhere to set a gateway. That was why I was looking for an alternative way to do it via CLI. Since the FortiLAN cloud allows CLI access, I figured it would be fine. In FortiLAN cloud I was browsing to Physical > Physical Interface Config. Switched to static and can set IP/netmask but no default gateway.
Have you had much experience with FortiLAN cloud? If so, do you know how to set a static IP/GW/DNS in GUI? Thank you! :)
Hi,
Did you find any solution on this?
I think i am in the same boat as you.
We do not have a FortiGates since we have hosted routers - So we are only using the FortiSwitches (also FortiSwitch 148F-FPOE) and FortiAP's as well.
All of it are in the FortiLan Cloud. but I am also having trouble setting a static MGMT IP up in the correct way.
If i go locally on the switch --> Router --> Interface --> I can create a new interface with a
static IP (from the MGMT vlan 10)
vlan ID: vlan 10
Physical Interface: Internal
In the Switch --> Interfaces --> Uplink port (Lets say port 49)
Native vlan: vlan 10
Allowed vlan: vlan 20 (Client) etc.
In the Switch --> Interfaces --> Internal
Native vlan: 1 (default)
Allowed vlan: 10
All looks great and I can ping the switch on the static IP in vlan 10.
BUT... The FortiLan Cloud are listing on the default Internal physical port with the DHCP IP in the default vlan 1. So the management IP is not seen on the FortiCloud Lan.
How did you manage this? and du/did you experience something like this?
Created on 06-18-2024 03:22 PM Edited on 06-18-2024 03:26 PM
Your config for standalone FSW looks ok to me for the "mgmt10(vlan 10)". So only thing I can suggest (I don't use FortiLAN cloud to manage FSWs as explained below) if you have to go through FortiLAN cloud is to open the CLI Console next to tools then check what you configured in CLI.
config switch interface
edit "internal"
set allowed-vlans 10
next
end
config system interface
edit "mgmt10"
set ip x.x.x.x y.y.y.y
set allowaccess ping https ssh
set vlanid 10
set interface "internal"
next
end
Then check the native-vlan/allowed-vlans on the uplink port as well.
If those are there, the rest is either a routing issue(default route, if not directly connected to the vlan 10, or IP conflict, etc.) or uplink switching issue (not on the FSW side).
If you still can't figure it out, open a ticket at TAC to get it examined.
Toshi
We tested FLANCloud a while ago but stopped, or decided not to, using it. The configuration there was just GUI and no way to "copy&paste". Besides the config history stays on each switch and the FLANCloud was just providing a "view" to it. We configure them directly via CLI.
Besides, after we migrated user accounts from legacy email to IAM ones, those accounts at FLANCloud have messed up and can't do what each account should be able to do. Also multiple domains, Europe, US, Japan, and Global came into play and .... totally in chaos.
Again, probably more than a year ago. So it must be different now.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.