Allow multiple managed FortiSwitch VLANs to be used in a software switch
You can now add multiple managed FortiSwitch VLANs to a software switch using the GUI or CLI. In previous releases, you could add only one managed FortiSwitch VLAN per FortiGate device to a software switch.
Traffic between two VLANs is controlled by the intra-switch-policy
setting under the config system switch-interface
command. By default, intra-switch-policy
is set to implicit
, which allows traffic between software switch members.
The FortiSwitch VLANs must be configured without IP addresses. |
Using the GUI
-
Go to Network > Interfaces.
-
Create or edit a software switch interface
-
In Interface members, select multiple FortiSwitch VLANs.
-
Click OK.
Using the CLI
In the following example, you create two managed FortiSwitch VLANs and then add them to a software switch.
config system interface
edit "vlan1"
set vdom "root"
set device-identification enable
set role lan
set snmp-index 46
set interface "fortilink"
set vlanid 3501
next
edit "vlan2"
set vdom "root"
set device-identification enable
set role lan
set snmp-index 47
set interface "fortilink"
set vlanid 3502
next
end
config system switch-interface
edit "softwareswitch"
set vdom "root"
set member "vlan1" "vlan2"
next
end