Add VLAN subinterfaces
This step creates the VLANs on the FortiGate unit internal physical interface. The IP address of the internal interface does not matter to us, as long as it does not overlap with the subnets of the VLAN subinterfaces we are configuring on it.
The rest of this example shows how to configure the VLAN behavior on the FortiGate unit, configure the switches to direct VLAN traffic the same as the FortiGate unit, and test that the configuration is correct.
Adding VLAN subinterfaces can be completed through the web-based manager, or the CLI.
To add VLAN subinterfaces - web-based manager
1. Go to System > Network > Interface.
2. Select Create New.
3. Enter the following information and select OK:
Name | VLAN_100 |
Interface | internal |
VLAN ID | 100 |
Addressing mode | Manual |
IP/Network Mask | 10.1.1.1/255.255.255.0 |
Administrative Access | HTTPS, PING, TELNET |
4. Select Create New.
5. Enter the following information and select OK:
Name | VLAN_200 |
Interface | internal |
VLAN ID | 200 |
Addressing mode | Manual |
IP/Network Mask | 10.1.2.1/255.255.255.0 |
Administrative Access | HTTPS, PING, TELNET |
To add VLAN subinterfaces - CLI
config system interface
edit VLAN_100
set vdom root
set interface internal
set type vlan
set vlanid 100
set mode static
set ip 10.1.1.1 255.255.255.0
set allowaccess https ping telnet
next
edit VLAN_200
set vdom root
set interface internal
set type vlan
set vlanid 200
set mode static
set ip 10.1.2.1 255.255.255.0
set allowaccess https ping telnet
end
See Also