Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortiWizard
New Contributor II

FortiLAN Cloud - FortiSwitch Management IP

Hi Fortinet Community!

 

I have a question that I’m having trouble answering despite going through the training, documentation, and searching online. We recently purchased a FortiSwitch 148F-FPOE with a FortiLAN Cloud management license.

The switch has been adopted and deployed to the new network, it pulled an IP address from DHCP, and everything looks good connectivity-wise.

 

I need to assign a static IP address to the switch within a management network, which does not have DHCP. Does this need to be done via the command line? I found an area to set a static IP (physical interface configuration), but I do not see any place to set the gateway.

 

The switch will not be doing any routing, so my idea was to untag the switch uplink on the management VLAN and set a static IP/gateway (or set a static IP/GW on the VSI internal interface) and tag (allow) other VLANs.

Any advice would be greatly appreciated.

 

#FortiSwitch

#FortiLAN

#FortiCloud

 

Thank you!

 

1 Solution
Toshi_Esumi
SuperUser
SuperUser

Same as FGT, which you might now have experienced.

config router static
    edit 0
        set device "internal"
        set dst 0.0.0.0 0.0.0.0
        set gateway x.x.x.x
    next
end

 
Toshi

View solution in original post

9 REPLIES 9
FortiWizard
New Contributor II

Quick update, I decided to SSH into the switch. I noticed that on the internal interface, I can set a static IP with the commands below:

 

set mode static

set ip address x.x.x.x x.x.x.x

set defaultgw enable

 

Still looking for the command to set the default gateway.

 

 

Toshi_Esumi
SuperUser
SuperUser

Same as FGT, which you might now have experienced.

config router static
    edit 0
        set device "internal"
        set dst 0.0.0.0 0.0.0.0
        set gateway x.x.x.x
    next
end

 
Toshi

FortiWizard
New Contributor II

Thank you so much for the response, Toshi! I will try this out. Do you know if this is the desired way to set a static IP/route in FortiSwitch, or is it recommended to leave them on DHCP? I'm sure either way can be done. When I was doing a Fortlink implementation, Fortinet recommended to run DHCP and use MAC address reservations.

 

Edit: It looks like there's nothing in the router static table. I'll see if I can create a new entry. I wonder where the route is stored from DHCP.

 

Edit: I created a new entry. Will test and see if I have connectivity now! :)

Toshi_Esumi
SuperUser
SuperUser

It's up to you. We use a separate VLAN for management on standalone FSWs with static IPs.
When you look up the CLI reference doc, you can refer to below for the command structure.

FSW-internal-int.png

 

Toshi_Esumi
SuperUser
SuperUser

If you're using fortilink instead of standalone, I don't recommend configuring FSWs directly. Configure it at the controller FGT.

Toshi

FortiWizard
New Contributor II

Hi Toshi, this is actually for FortiLAN cloud, which in the cloud dashboard it states to also not make configuration changes locally as well.

 

I found where to set a static IP address in FortiLAN cloud, but I didn't see anywhere to set a gateway. That was why I was looking for an alternative way to do it via CLI. Since the FortiLAN cloud allows CLI access, I figured it would be fine. In FortiLAN cloud I was browsing to Physical > Physical Interface Config. Switched to static and can set IP/netmask but no default gateway.

 

Have you had much experience with FortiLAN cloud? If so, do you know how to set a static IP/GW/DNS in GUI? Thank you! :) 

jalu

Hi,

Did you find any solution on this?

I think i am in the same boat as you.

We do not have a FortiGates since we have hosted routers - So we are only using the FortiSwitches (also FortiSwitch 148F-FPOE) and FortiAP's as well.

All of it are in the FortiLan Cloud. but I am also having trouble setting a static MGMT IP up in the correct way.

If i go locally on the switch --> Router --> Interface --> I can create a new interface with a
static IP (from the MGMT vlan 10)
vlan ID: vlan 10
Physical Interface: Internal

In the Switch --> Interfaces --> Uplink port (Lets say port 49)
Native vlan: vlan 10
Allowed vlan: vlan 20 (Client) etc.

In the Switch --> Interfaces --> Internal
Native vlan: 1 (default)
Allowed vlan: 10

All looks great and I can ping the switch on the static IP in vlan 10.

BUT... The FortiLan Cloud are listing on the default Internal physical port with the DHCP IP in the default vlan 1. So the management IP is not seen on the FortiCloud Lan.

How did you manage this? and du/did you experience something like this?

Toshi_Esumi

Your config for standalone FSW looks ok to me for the "mgmt10(vlan 10)". So only thing I can suggest (I don't use FortiLAN cloud to manage FSWs as explained below) if you have to go through FortiLAN cloud is to open the CLI Console next to tools then check what you configured in CLI.

config switch interface
  edit "internal"
    set allowed-vlans 10
  next
end


config system interface
  edit "mgmt10"
    set ip x.x.x.x y.y.y.y 
    set allowaccess ping https ssh
    set vlanid 10
    set interface "internal"
  next
end

Then check the native-vlan/allowed-vlans on the uplink port as well.

If those are there, the rest is either a routing issue(default route, if not directly connected to the vlan 10, or IP conflict, etc.) or uplink switching issue (not on the FSW side). 
If you still can't figure it out, open a ticket at TAC to get it examined.

Toshi

Toshi_Esumi
SuperUser
SuperUser

We tested FLANCloud a while ago but stopped, or decided not to, using it. The configuration there was just GUI and no way to "copy&paste". Besides the config history stays on each switch and the FLANCloud was just providing a "view" to it. We configure them directly via CLI. 

Besides, after we migrated user accounts from legacy email to IAM ones, those accounts at FLANCloud have messed up and can't do what each account should be able to do. Also multiple domains, Europe, US, Japan, and Global came into play and .... totally in chaos.
Again, probably more than a year ago. So it must be different now.

Toshi

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors