Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Igneus
New Contributor II

Created on ‎03-06-2025 10:36 AM

Issue with VLANs in FortiLink and FSW – No DHCP on vlans

Hello everyone,

I have a network that was configured a few years ago with a FortiGate (FG) using a "hardware switch" on ports 1, 2, and 3. The setup is as follows:

  1. "internal1" interface:

    • Contains three VLANs:
      • VLAN 1: Used as the core VLAN (I know this is not ideal, but I am not authorized to change it).
      • VLAN 100: Network exclusively for wireless clients.
      • VLAN 1005: Network for phones.

  2. Network topology:

    • FG -- Cisco Switch-- FortiSwitch 108 (FSW)
    • The FSW is connected to the FortiGate through "internal1."
    • I configured the FG to recognize and manage the FSW via FortiLink, even though it is not directly connected.

  3. FortiLink configuration:

    • I created VLANs 100 and 1005 within FortiLink, assigning them IP addresses and DHCP servers different from those in "internal1."

Issue:
The VLANs configured on the FSW via FortiLink have no connectivity and do not receive IP addresses via DHCP.
I have already configured the ports on the intermediate switches (Cisco and HPE) to allow all VLANs, but the issue persists.

Any ideas on what might be missing or how to fix this? I appreciate any guidance.

Best regards.image.png

give it a shot
give it a shot
Labels:
854
0 Kudos
1 Solution
Igneus
New Contributor II

Created on ‎08-20-2025 09:57 AM

Hi 

Thank you for your clarification. I understand that FortiLink and local interfaces are usually treated as independent networks.

However, in my lab I was able to successfully extend VLANs (e.g. VLAN 1001–1009) from a VLAN switch (port1) into the FortiLink network. The FortiSwitch behind a Cisco switch was detected and managed by the FortiGate without issues, and clients on the FortiSwitch were able to obtain IPs from the VLAN defined on the FortiGate.

So in practice, it seems possible to bridge/extend VLANs from a local interface into the FortiLink domain, even though it might not be the recommended or supported approach.

Just wanted to share this observation from my testing 
from march to now working without any issue

give it a shot

View solution in original post

give it a shot
169
0 Kudos
5 REPLIES 5
riteshpv
Staff
Staff

Created on ‎03-07-2025 03:07 AM

Hi,

 

As I understand you are trying to setup FSW on Fortilink with Cisco switch in between.

 

This is not a recommended design for Fortilink L2 deployment.

 

1> Either you setup this FSW directly connected to FGT this is a L2 setup.

 

2> Or have Cisco connected between FSW with one FSW directly connected to FGT. Information in below link:

 

https://community.fortinet.com/t5/FortiSwitch/Technical-Tip-FortiLink-P2P-supported-network-topologi...

 

 

Regards,

Ritesh P V

Ritesh.P.V
822
Igneus
New Contributor II
In response to riteshpv

Created on ‎03-07-2025 11:28 AM

In this scenario, I have the option to connect FG directly to FSW. However, I face this issue—I need to 'share' VLANs between the Internal and FortiLink ports, using the same DHCP server and gateway. I don’t want to make my FortiGate configuration more complex than necessary.
is this possible? 

give it a shot
give it a shot
803
0 Kudos
riteshpv
Staff
Staff

Created on ‎03-19-2025 01:14 AM

Hi,

 

I believe their is a FGT internal interface (let say port10) under this you have vlan 50.

 

You want to share/extend this vlan50 to fortilink network. i.e client on FSW want to get Ip from vlan50.

 

If the above is true then it is not possible as the internal port10 and fortilink network are  independent network/port.

 

Regards,

Ritesh P V

Ritesh.P.V
723
Igneus
New Contributor II

Created on ‎08-20-2025 09:57 AM

Hi 

Thank you for your clarification. I understand that FortiLink and local interfaces are usually treated as independent networks.

However, in my lab I was able to successfully extend VLANs (e.g. VLAN 1001–1009) from a VLAN switch (port1) into the FortiLink network. The FortiSwitch behind a Cisco switch was detected and managed by the FortiGate without issues, and clients on the FortiSwitch were able to obtain IPs from the VLAN defined on the FortiGate.

So in practice, it seems possible to bridge/extend VLANs from a local interface into the FortiLink domain, even though it might not be the recommended or supported approach.

Just wanted to share this observation from my testing 
from march to now working without any issue

give it a shot
give it a shot
170
0 Kudos
taulaba7
New Contributor

Created on ‎08-20-2025 12:49 PM

Yes, you can extend the existing port by making sure the fortiswitch port allows the correct vlans. As to vlan 1 -- this is a default used by Fortigates to manage fortiswitches. This is likely why you're having an issue. I personally ran into that one albeit via the fortilink interface. I moved my vlans to a fortilink and would recommend doing the same for ease of setup personally but your mileage may vary.

https://9apps.ooo/
https://9apps.ooo/
155
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.