How to bind VLAN (subnet) to one specific physical port not in an SW/HW switch on a FortiGate

mhaneke · ‎03-23-2024

Hello,

is there an opportunity to bind a VLAN (subnet) to one specific physical port which is not in an SW/HW switch on a FortiGate ?

My problem is, that I actually have configured a hardware switch containing one pyhsical port within the FortiGate and also have created a VLAN on that switch. So, that I would have a tagged VLAN on that port.

That would have been alright, if the FortiGate would not force me to assign an IP address to that hardware switch (but not the VLAN).

I also do not understand why an IP address is necessary for a L2 switch.

Is there any documentation how FortiGates understand the concept of VLAN (Access, Trunk, Hybrid)?

best regards

Martin Haneke

best regards
Martin

Toshi_Esumi · ‎03-23-2024

Are you saying this doesn't work on your FGT? I separated internal4 and 5 from the default "internal" hardswitch (VLANswitch) and put internal4 in a new hardswitch4. Then I created vlan4 on hardswitch4 and vlan5 on internal5 but I didn't assign any IP on those parent interfaces, hardswitch4 and internal5.

Toshi

View solution in original post

ede_pfau · ‎03-24-2024

Firstly, why would you create a one-port HW switch at all? What for?

VLANs depend on physical ports, and this can be single physical ports as well. Using a HW switch is rather the exception on a FGT.

I guess you cannot get out of the config web page without specifying a valid IPv4 address, right? Try "0.0.0.0/0", a wildcard to denote "no address".

Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

Toshi_Esumi · ‎03-23-2024

Are you saying this doesn't work on your FGT? I separated internal4 and 5 from the default "internal" hardswitch (VLANswitch) and put internal4 in a new hardswitch4. Then I created vlan4 on hardswitch4 and vlan5 on internal5 but I didn't assign any IP on those parent interfaces, hardswitch4 and internal5.

Toshi

ede_pfau · ‎03-24-2024

Firstly, why would you create a one-port HW switch at all? What for?

VLANs depend on physical ports, and this can be single physical ports as well. Using a HW switch is rather the exception on a FGT.

I guess you cannot get out of the config web page without specifying a valid IPv4 address, right? Try "0.0.0.0/0", a wildcard to denote "no address".

Ede

"Kernel panic: Aiee, killing interrupt handler!"

mhaneke · ‎03-24-2024

@ede_pfau

Thank You for Your solution. I don´t know why I did not try to create the VLAN directly upon the physical port.

Thank You also for the 0.0.0.0/0.0.0.0. I am new to Fortinet devices, so I have to learn the Fortinet-specific configuration tricks.

best regards

Martin Haneke

best regards
Martin

ede_pfau · ‎03-24-2024

me too, it's just a couple of years ago...

Ede

"Kernel panic: Aiee, killing interrupt handler!"

Toshi_Esumi · ‎03-24-2024

By the way, I never configured 0.0.0.0/0.0.0.0 when I set the above up. I didn't fill anything when I created "hardswitch4" because I know I don't have to do it. I didn't even touch anything on "internal5" once it's separated from "internal" VLAN-switch(config system virtual-switch).

Toshi