VLAN Configuration

Use Virtual Local Area Networks (VLANs) to logically separate a LAN into smaller broadcast domains. VLANs allow you to define different policies for different types of users and to set finer control on the LAN traffic (traffic is only sent automatically within the VLAN. You must configure routing for traffic between VLANs).

From the FortiGate, you can centrally configure and manage VLANs for the managed FortiSwitches.

In FortiSwitchOS 3.3.0 and later releases, the FortiSwitch supports untagged and tagged frames in Fortilink mode. The switch supports up to 1023 user-defined VLANs. The user can assign a VLAN number (in the range 1-4095) to each of the VLANs.

You can configure the default VLAN for each FortiSwitch port. You can also configure a set of allowed VLANs for each FortiSwitch port.

FortiSwitch VLANs Display

The WiFi & Switch Controller > FortiSwitch VLANs page displays VLAN information for the managed switches.

The following figure shows the VLAN page:

Each entry in the VLAN list displays the following information:

  • Name - name of the VLAN
  • VLAN ID - the VLAN number.
  • IP/Netmask - Address and mask of the subnetwork that corresponds to this VLAN
  • Access
  • Ref - how many interfaces reference this VLAN.

Creating VLANs

Setting up a VLAN requires:

  • Creating the VLAN.
  • Assigning FortiSwitch ports to the VLAN.

Using the web-based manager

Creating the VLAN
  1. Go to WiFi & Switch Controller > FortiSwitch VLANs and select Create New. Change the following settings:
Interface Name VLAN name
VLAN ID Enter a number (1-4094)
Color Choose a unique color for each VLAN, for ease of visual display.
IP/Network Mask IP address and network mask for this VLAN.
  1. Enable DHCP Server. Set the IP range.
  2. Set the Admission Control options as required.
  3. Select OK.
Assigning FortiSwitch Ports to the VLAN
  1. Go to WiFi & Switch Controller > FortiSwitch Ports.
  2. Click the rows for ports to select them.
  3. To change the native VLAN, click the Native VLAN column in one of the selected entries.
  4. Select a VLAN from the displayed list. The new value is assigned to the selected ports.
  5. To change the allowed VLANs, click the + icon in the Allowed VLANs column.
  6. Select one or more of the VLANs from the displayed list. You can also select the value all. The new value is assigned to the selected port.

Using the CLI

  1. Create the marketing VLAN.

config system interface

edit <vlan name>

set vlanid <1-4094>

set color <1-32>

set interface <fortilink-enabled-interface>

end

 

  1. Set the VLAN’s IP address.

config system interface

edit <vlan name>

set ip <IP address> <Network mask>

end

 

  1. Enable a DHCP Server.

config system dhcp server

edit 1

set default-gateway <IP address>

set dns-service default

set interface <vlan name>

config ip-range

set start-ip <IP address>

set end-ip <IP address>

end

set netmask <Network mask>

end

 

  1. Assign ports to the VLAN.

config switch-controller managed-switch

edit <Switch ID>

config ports

edit <port name>

set vlan <vlan name>

set allowed-vlans <vlan name>

or

set allowed-vlans-all enable

next

end

end