Fortinet black logo

New Features

Allow multiple managed FortiSwitch VLANs to be used in a software switch

Copy Link
Copy Doc ID 77966226-6996-11ec-bdf2-fa163e15d75b:503194
Download PDF

Allow multiple managed FortiSwitch VLANs to be used in a software switch

You can now add multiple managed FortiSwitch VLANs to a software switch using the GUI or CLI. In previous releases, you could add only one managed FortiSwitch VLAN per FortiGate device to a software switch.

Traffic between two VLANs is controlled by the intra-switch-policy setting under the config system switch-interface command. By default, intra-switch-policy is set to implicit, which allows traffic between software switch members.

Tooltip

The FortiSwitch VLANs must be configured without IP addresses.

Using the GUI
  1. Go to Network > Interfaces.

  2. Create or edit a software switch interface

  3. In Interface members, select multiple FortiSwitch VLANs.

  4. Click OK.

Using the CLI

In the following example, you create two managed FortiSwitch VLANs and then add them to a software switch.

config system interface

edit "vlan1"

set vdom "root"

set device-identification enable

set role lan

set snmp-index 46

set interface "fortilink"

set vlanid 3501

next

edit "vlan2"

set vdom "root"

set device-identification enable

set role lan

set snmp-index 47

set interface "fortilink"

set vlanid 3502

next

end

config system switch-interface

edit "softwareswitch"

set vdom "root"

set member "vlan1" "vlan2"

next

end

Allow multiple managed FortiSwitch VLANs to be used in a software switch

You can now add multiple managed FortiSwitch VLANs to a software switch using the GUI or CLI. In previous releases, you could add only one managed FortiSwitch VLAN per FortiGate device to a software switch.

Traffic between two VLANs is controlled by the intra-switch-policy setting under the config system switch-interface command. By default, intra-switch-policy is set to implicit, which allows traffic between software switch members.

Tooltip

The FortiSwitch VLANs must be configured without IP addresses.

Using the GUI
  1. Go to Network > Interfaces.

  2. Create or edit a software switch interface

  3. In Interface members, select multiple FortiSwitch VLANs.

  4. Click OK.

Using the CLI

In the following example, you create two managed FortiSwitch VLANs and then add them to a software switch.

config system interface

edit "vlan1"

set vdom "root"

set device-identification enable

set role lan

set snmp-index 46

set interface "fortilink"

set vlanid 3501

next

edit "vlan2"

set vdom "root"

set device-identification enable

set role lan

set snmp-index 47

set interface "fortilink"

set vlanid 3502

next

end

config system switch-interface

edit "softwareswitch"

set vdom "root"

set member "vlan1" "vlan2"

next

end