Fortinet black logo

Administration Guide

Home FortiSwitch Manager 7.2.0 Administration Guide
7.2.0
7.2.3
7.2.2
7.2.0

Configuring VLANs

Configuring VLANs

Use Virtual Local Area Networks (VLANs) to logically separate a LAN into smaller broadcast domains. VLANs allow you to define different policies for different types of users and to set finer control on the LAN traffic. (Traffic is only sent automatically within the VLAN. You must configure routing for traffic between VLANs.)

From FortiSwitch Manager, you can centrally configure and manage VLANs for the managed FortiSwitch units.

The FortiSwitch unit supports untagged and tagged frames in FortiLink mode. The switch supports up to 1,023 user-defined VLANs. You can assign a VLAN number (ranging from 1-4095) to each of the VLANs. For FortiSwitch units in FortiLink mode, you can assign a name to each VLAN.

You can configure the default VLAN for each FortiSwitch port as well as a set of allowed VLANs for each FortiSwitch port.

This section covers the following topics:

Creating VLANs

Setting up a VLAN requires you to create the VLAN and assign FortiSwitch ports to the VLAN. You can do this with either the Web GUI or CLI.

Using the GUI

To create the VLAN:

  1. Go to Switch Controller > FortiSwitch VLANs, select Create New, and change the following settings:
    Name VLAN name
    VLAN ID Enter a number (1-4094)
    Color Choose a unique color for each VLAN, for ease of visual display.
    Role Select LAN, WAN, DMZ, or Undefined.
  2. Enable DHCP for IPv4 or IPv6.
  3. Set the Administrative Access options as required.
  4. Click OK.
To assign FortiSwitch ports to the VLAN:
  1. Go to Switch Controller > FortiSwitch Ports.
  2. Click a port row.
  3. Click the pencil icon in the Native VLAN column to change the native VLAN.
  4. Select a VLAN from the displayed list and then click Apply. The new value is assigned to the selected ports.
  5. Click the pencil icon in the Allowed VLANs column to change the allowed VLANs.
  6. Select one or more of the VLANs (or All) from the displayed list and then click Apply. The new value is assigned to the selected port.

Using the FortiSwitch CLI

  1. Create the marketing VLAN.

    config system interface

    edit <VLAN_name>

    set vlanid <1-4094>

    set color <1-32>

    set interface <FortiLink-enabled interface>

    set vdom <VDOM_name>

    end

  2. Set the VLAN’s IP address.

    config system interface

    edit <VLAN_name>

    set ip <IP_address> <network_mask>

    end

  3. Enable a DHCP Server.

    config system dhcp server

    edit 1

    set default-gateway <IP address>

    set dns-service default

    set interface <vlan name>

    config ip-range

    set start-ip <IP address>

    set end-ip <IP address>

    end

    set netmask <Network mask>

    end

  4. Assign ports to the VLAN.

    config switch-controller managed-switch

    edit <FortiSwitch_serial_number>

    config ports

    edit <port name>

    set vlan <vlan name>

    set allowed-vlans <vlan name>

    or

    set allowed-vlans-all enable

    next

    end

    end

  5. Assign untagged VLANs to a managed FortiSwitch port:

    config switch-controller managed-switch

    edit <FortiSwitch_serial_number>

    config ports

    edit <port>

    set untagged-vlans <VLAN-name>

    next

    end

    next

    end

Viewing FortiSwitch VLANs

The Switch Controller > FortiSwitch VLANs page displays VLAN information for the managed switches.

Each entry in the VLAN list displays the following information:

  • Name—name of the VLAN
  • VLAN ID—the VLAN number
  • IP—address and mask of the subnetwork that corresponds to this VLAN
  • Administrative Access—administrative access settings for the VLAN
  • Ref.—number of configuration objects referencing this VLAN
Previous
Next

Configuring VLANs

Use Virtual Local Area Networks (VLANs) to logically separate a LAN into smaller broadcast domains. VLANs allow you to define different policies for different types of users and to set finer control on the LAN traffic. (Traffic is only sent automatically within the VLAN. You must configure routing for traffic between VLANs.)

From FortiSwitch Manager, you can centrally configure and manage VLANs for the managed FortiSwitch units.

The FortiSwitch unit supports untagged and tagged frames in FortiLink mode. The switch supports up to 1,023 user-defined VLANs. You can assign a VLAN number (ranging from 1-4095) to each of the VLANs. For FortiSwitch units in FortiLink mode, you can assign a name to each VLAN.

You can configure the default VLAN for each FortiSwitch port as well as a set of allowed VLANs for each FortiSwitch port.

This section covers the following topics:

Creating VLANs

Setting up a VLAN requires you to create the VLAN and assign FortiSwitch ports to the VLAN. You can do this with either the Web GUI or CLI.

Using the GUI

To create the VLAN:

  1. Go to Switch Controller > FortiSwitch VLANs, select Create New, and change the following settings:
    Name VLAN name
    VLAN ID Enter a number (1-4094)
    Color Choose a unique color for each VLAN, for ease of visual display.
    Role Select LAN, WAN, DMZ, or Undefined.
  2. Enable DHCP for IPv4 or IPv6.
  3. Set the Administrative Access options as required.
  4. Click OK.
To assign FortiSwitch ports to the VLAN:
  1. Go to Switch Controller > FortiSwitch Ports.
  2. Click a port row.
  3. Click the pencil icon in the Native VLAN column to change the native VLAN.
  4. Select a VLAN from the displayed list and then click Apply. The new value is assigned to the selected ports.
  5. Click the pencil icon in the Allowed VLANs column to change the allowed VLANs.
  6. Select one or more of the VLANs (or All) from the displayed list and then click Apply. The new value is assigned to the selected port.

Using the FortiSwitch CLI

  1. Create the marketing VLAN.

    config system interface

    edit <VLAN_name>

    set vlanid <1-4094>

    set color <1-32>

    set interface <FortiLink-enabled interface>

    set vdom <VDOM_name>

    end

  2. Set the VLAN’s IP address.

    config system interface

    edit <VLAN_name>

    set ip <IP_address> <network_mask>

    end

  3. Enable a DHCP Server.

    config system dhcp server

    edit 1

    set default-gateway <IP address>

    set dns-service default

    set interface <vlan name>

    config ip-range

    set start-ip <IP address>

    set end-ip <IP address>

    end

    set netmask <Network mask>

    end

  4. Assign ports to the VLAN.

    config switch-controller managed-switch

    edit <FortiSwitch_serial_number>

    config ports

    edit <port name>

    set vlan <vlan name>

    set allowed-vlans <vlan name>

    or

    set allowed-vlans-all enable

    next

    end

    end

  5. Assign untagged VLANs to a managed FortiSwitch port:

    config switch-controller managed-switch

    edit <FortiSwitch_serial_number>

    config ports

    edit <port>

    set untagged-vlans <VLAN-name>

    next

    end

    next

    end

Viewing FortiSwitch VLANs

The Switch Controller > FortiSwitch VLANs page displays VLAN information for the managed switches.

Each entry in the VLAN list displays the following information:

  • Name—name of the VLAN
  • VLAN ID—the VLAN number
  • IP—address and mask of the subnetwork that corresponds to this VLAN
  • Administrative Access—administrative access settings for the VLAN
  • Ref.—number of configuration objects referencing this VLAN
Previous
Next