Fortinet Document Library

Version:

Version:


Table of Contents

Admin Guide (Standalone)

Download PDF
Copy Link

Configure switch interface

A software switch is a virtual switch that is implemented at the software or firmware level. It can be used to simplify communication between devices connected to different FortiExtender interfaces. For example, using a software switch, you can place the FortiExtender interface connected to an internal network on the same subnet as your other virtual interfaces, such as VXLAN, aggregate interfaces, and so on.

Similar to a hardware switch, a software switch functions like a single interface. It has an IP address, and all the interfaces in the software switch are on the same subnet. Traffic between devices connected to each interface is not regulated by security policies, while traffic passing in and out of the switch is controlled by the same policy.

When setting up a software switch, consider the following:

  • Ensure that you have a backup of your configuration.
  • Ensure that you have at least one port or connection, such as the console port, to connect to the FortiExtender unit. This ensures that, if you accidentally combine too many ports, you have a way to undo the error.
  • The ports that you include must not have any link or relation to any other aspect of the FortiExtender unit, such as DHCP servers, security policies, and so on.
To create a software switch on the GUI:
  1. Go to Networking > Switch Interface.
  2. Click Create Switch-Interface.
  3. Configure the name, interface members, and all the other required fields.
  4. Click Save.
To create a software switch in the CLI:
config system switch-interface
    edit <interface>
        set members <interface_list>
        set span enable | disable // enable/disable spanning tree
    next
end

Upon execution of the above commands, the following configuration will be automatically generated:

config system interface
    edit <interface>
        set type switch
        set status down
    next
end

You can update the IP, allowaccess, and the other configurations based on the switch interface. And this interface can also be used in configuring the DHCP server, firewall policies, routes, and some other modules.

Configure switch interface

A software switch is a virtual switch that is implemented at the software or firmware level. It can be used to simplify communication between devices connected to different FortiExtender interfaces. For example, using a software switch, you can place the FortiExtender interface connected to an internal network on the same subnet as your other virtual interfaces, such as VXLAN, aggregate interfaces, and so on.

Similar to a hardware switch, a software switch functions like a single interface. It has an IP address, and all the interfaces in the software switch are on the same subnet. Traffic between devices connected to each interface is not regulated by security policies, while traffic passing in and out of the switch is controlled by the same policy.

When setting up a software switch, consider the following:

  • Ensure that you have a backup of your configuration.
  • Ensure that you have at least one port or connection, such as the console port, to connect to the FortiExtender unit. This ensures that, if you accidentally combine too many ports, you have a way to undo the error.
  • The ports that you include must not have any link or relation to any other aspect of the FortiExtender unit, such as DHCP servers, security policies, and so on.
To create a software switch on the GUI:
  1. Go to Networking > Switch Interface.
  2. Click Create Switch-Interface.
  3. Configure the name, interface members, and all the other required fields.
  4. Click Save.
To create a software switch in the CLI:
config system switch-interface
    edit <interface>
        set members <interface_list>
        set span enable | disable // enable/disable spanning tree
    next
end

Upon execution of the above commands, the following configuration will be automatically generated:

config system interface
    edit <interface>
        set type switch
        set status down
    next
end

You can update the IP, allowaccess, and the other configurations based on the switch interface. And this interface can also be used in configuring the DHCP server, firewall policies, routes, and some other modules.