Hello,
is there an opportunity to bind a VLAN (subnet) to one specific physical port which is not in an SW/HW switch on a FortiGate ?
My problem is, that I actually have configured a hardware switch containing one pyhsical port within the FortiGate and also have created a VLAN on that switch. So, that I would have a tagged VLAN on that port.
That would have been alright, if the FortiGate would not force me to assign an IP address to that hardware switch (but not the VLAN).
I also do not understand why an IP address is necessary for a L2 switch.
Is there any documentation how FortiGates understand the concept of VLAN (Access, Trunk, Hybrid)?
best regards
Martin Haneke
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are you saying this doesn't work on your FGT? I separated internal4 and 5 from the default "internal" hardswitch (VLANswitch) and put internal4 in a new hardswitch4. Then I created vlan4 on hardswitch4 and vlan5 on internal5 but I didn't assign any IP on those parent interfaces, hardswitch4 and internal5.
Toshi
Firstly, why would you create a one-port HW switch at all? What for?
VLANs depend on physical ports, and this can be single physical ports as well. Using a HW switch is rather the exception on a FGT.
I guess you cannot get out of the config web page without specifying a valid IPv4 address, right? Try "0.0.0.0/0", a wildcard to denote "no address".
Are you saying this doesn't work on your FGT? I separated internal4 and 5 from the default "internal" hardswitch (VLANswitch) and put internal4 in a new hardswitch4. Then I created vlan4 on hardswitch4 and vlan5 on internal5 but I didn't assign any IP on those parent interfaces, hardswitch4 and internal5.
Toshi
Firstly, why would you create a one-port HW switch at all? What for?
VLANs depend on physical ports, and this can be single physical ports as well. Using a HW switch is rather the exception on a FGT.
I guess you cannot get out of the config web page without specifying a valid IPv4 address, right? Try "0.0.0.0/0", a wildcard to denote "no address".
Thank You for Your solution. I don´t know why I did not try to create the VLAN directly upon the physical port.
Thank You also for the 0.0.0.0/0.0.0.0. I am new to Fortinet devices, so I have to learn the Fortinet-specific configuration tricks.
best regards
Martin Haneke
me too, it's just a couple of years ago...
By the way, I never configured 0.0.0.0/0.0.0.0 when I set the above up. I didn't fill anything when I created "hardswitch4" because I know I don't have to do it. I didn't even touch anything on "internal5" once it's separated from "internal" VLAN-switch(config system virtual-switch).
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.