Work environment
- FortiGate 60E
- version 7.0.1
Untagged vlan ports
The configuration of untagged vlan ports is very simple. By setting an IP address for a physical interface (for example, internal1, internal2, …), that physical interface acts as an untagged port.
That is, the vlan of a physical interface corresponds to the native vlan of the opposite switch port on that physical interface.
Tagged vlan ports
To configure the tagged ports, you need to create a vlan interface. A vlan interface is created by associating it with one physical interface. You can create multiple vlan interfaces for one physical interface. One vlan interface corresponds to one vlan id (vlan tag).
Create a vlan interface
Click Network > Interfaces > Create New > Interface.
Set each item on the interface setting screen.
Specify the VLAN in the Type field. In the Interface field, specify the physical interface with which you want to associate the vlan interface. Enter the tag ID in the VLAN ID field.
In the Address field, set the IP address of the vlan interface. The Create address object matching subnet is enabled by default, but I recommend disabling it.
In the Administrative Access field, specify the services to be accepted by the vlan interface. All are disabled by default.
Change the settings of other items as necessary.
After completing the settings, click OK at the bottom.
Confirm that the vlan interface has been created.
CLI config for vlan interface
When configuring the vlan interface with the CLI, configure it with the config system interface.
The config after setting according to the setting example in the above GUI is as follows.
config system interface
edit "Vlan10"
set vdom "root"
set ip 10.1.10.254 255.255.255.0
set allowaccess ping https ssh http
set type vlan
set device-identification enable
set role lan
set snmp-index 15
set interface "internal1"
set vlanid 10
next
end
Comments