If we use a "hardware switch" or "software switch" and then we configure an ip address to it like a switch virtual interface, is the physical port an access port or a trunk port?
Hi
The IP-address directly configured on the "Switch" is untagged.
If you would like to tag more VLANs. Create an new VLAN-Interface with reference your "Switch".
so configured on "hardswitch" ip/netmask is juest like native vlan and others like tags vlan?
In Fortinet's FortiGate firewall, the interface can be configured either as an access port or a trunk port, depending on your requirements.
1. Access Port: If you configure a FortiGate interface as an access port, it is connected to a single VLAN and carries traffic only for that VLAN. In this mode, the interface is not expected to handle VLAN tags.
2. Trunk Port: If you configure a FortiGate interface as a trunk port, it can carry traffic for multiple VLANs. In this mode, the interface is capable of handling VLAN tags and allows traffic from different VLANs to pass through.
Regarding the second part of your question, if you are using a "hardware switch" or "software switch" and configuring an IP address on it, the physical port connected to the switch behaves as an access port. The switch itself handles the traffic between VLANs and routes traffic based on the IP address assigned to the switch virtual interface (SVI) or VLAN interface.
In this setup, the physical port is not responsible for handling VLAN tagging or carrying traffic for multiple VLANs. Instead, the switch handles the VLAN tagging and routing internally, while the physical port is treated as an access port connecting to the switch.
Ok. How do you configure a trunk port then?
I am familiar with cisco but not fortigate.
Hi,
First of all, I recommend to do a NSE4 Course to learn the Fortinet Basic stuff. There are multiple offers from training partners or free video course on https://training.fortinet.com
Additional you will found all information in the adminstrator guides from https://docs.fortinet.com
In your situation, the following Docs page will help you: https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/402940/vlan
To create the port as "trunk" port you need to create VLAN-Interfaces:
config system interface
edit <Name of your VLAN>
set vdom root
set interface <your Switch Interface Name>
set type vlan
set vlanid <VLAN-ID>
set mode static
set ip <IP-Address, incl. subnet>
set allowaccess https ping
next
end
I have seen a vlan interface.
But can you add multiple vlans on the same interface?
Yes you can.
As the same way as my example.
I assume it can be done using GUI as well for multiple interfaces?
Hi @BusinessUser,
Yes, you can create VLAN interfaces on the GUI. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-a-VLAN-tagged-interface-802-...
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.