Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Reassign VLANs from port to aggregate

Hey, We currently have VLAN interfaces assigned to ports directly. Now we'd like to create aggregate interfaces and assign the VLANs to those. It's an A-P HA pair. The way with the least downtime would be to backup the config, change with a text editor, and restore the edited config. Question 1: Would that be the preferred method or how would you go about this? Question 2: What if the edited configuration is invalid for whatever reason? Will it revert to the previously running config? How to have a way back? Thanks. Marki

New Contributor III

Yeah I guess it's back to editing text files.

What about the HA pair?

1) Create full backup of both devices

2) Change the same things in both backups

3) Restore the changed config to both devices (at the same time?)


Esteemed Contributor III

That would be doable since you would have downtime. Just keep a snapshot of the before and after and ensure the script is good for creating the new LAG


Key items


>if you can start with fresh unused ports that would be a positive ( a port that has zero items attached to it ; no fwpolicy , ntp, fawners object, etc....)


> unix sed/vim subsitution or windows find+replace would help


> use  the cli cmd diag sys checkuse portXXX to find all dependencies against the new and old port b4 for you start


ymmv but review and then review, at worst case if your migration fails you restore to your last known good and working cfg








PCNSE NSE StrongSwan
New Contributor III

It (almost) worked. You have to rearrange the new config file such that the VLANs now attached to aggregates are defined AFTER the physical ports. The original order in the config file was: 1) Ports 2) VLANs 3) Aggregates Now you have to do: 1) Ports 2) VLANs on ports 3) Aggregates 4) VLANs on aggregates

New Contributor



We have to do a similar change using Fortios 5.6.12. We have one vian interface assigned to one aggregate port and we want to move it to another aggregate port.  


edit "old" set vdom "root" set allowaccess capwap set vlanforward enable set type aggregate set member "port13" "port14"


edit "new" set vdom "root" set allowaccess capwap set vlanforward enable set type aggregate set member "port11" "port12"


edit "VIDxxx" set vdom "root" set ip set allowaccess ping capwap set vlanforward enable set scan-botnet-connections monitor set interface "old" set vlanid xxx next


Can we just use the command set interface "new" while normal operation or do we need to edit the backup config file and restore it?




Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors