Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.4.10
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    7.4.10
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.8
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.0
    5.2.0
    4.1.0

    Add or edit a VLAN

    Add or edit a VLAN

    To add or edit a VLAN:

    1. In Switch > Configuration > VLANs:

      1. Select the appropriate Site and Domain.

      2. Click Create New to add a new VLAN interface.

      3. Select a VLAN and click Edit to edit an existing VLAN.

    2. In the form, enter or update the following information:

      Field

      Required

      Description

      Name

      Y

      Enter a unique name for the VLAN.

      Type

      Y

      The type is automatically set to VLAN and is not editable.

      Interface

      Y

      Select the physical interface port on the switch.

      VLAN ID

      Y

      Enter a unique ID for this VLAN.

      This value is automatically generated if no value is entered.

      Color

      N

      Click Change to select the color that will be used to display information about this VLAN.

      Addressing Mode

      Y

      Choose either Manual or DHCP.

      IP/Netmask

      Y

      Enter the IP address and netmask for this VLAN.

      This field is only available when Addressing Mode is Manual.

      IPv6 Addressing Mode

      Y

      Choose either Manual or DHCP.

      IPv6 Address/Profile

      Y

      Enter the IPv6 address and profilefor this VLAN.

      This field is only available when IPv6 Addressing Mode is Manual.

      Administrative Access

      IPv4

      N

      Select the allowed administrative access ports.

      DHCP Server

      DHCP Status

      Y

      Enable or disable the FortiSwitch DHCP server for this VLAN.

      Address Range

      Y

      Enter the address ranges for IP addresses to be issued.

      This field is only available if DHCP Status is Enabled.

      Netmask

      Y

      Enter the netmask to use for IP addresses issued.

      This field is only available if DHCP Status is Enabled.

      Default Gateway

      Y

      Select whether the gateway should be Same as interface IP or Specify a gateway IP address.

      This field is only available if DHCP Status is Enabled.

      DNS Server

      Y

      Select whether the assigned DNS server should be Same as System DNS, Same as Interface IP, or Specify a DNS server address.

      This field is only available if DHCP Status is Enabled.

      Lease Time

      Y

      Enable or disable an IP address lease time limit, and specify the lease limit in seconds.

      This field is only available if DHCP Status is Enabled.

      Network

      Device Detection

      N

      Enable or disable automatic device detection, which allows the firewall device to use the information about connected devices detected by this switch.

      IGMP Snooping

      N

      Enable or disable IGMP snooping.

      DHCP Snooping

      N

      Enable or disable DHCP snooping.

      Block intra-VLAN traffic

      N

      Enable or disable blocking traffic between this VLAN and other VLANs.

      Miscellaneous

      Comments

      N

      Enter comments, if needed.

      Status

      Y

      Enable or disable this VLAN.

      Per-Device Mapping

      N

      Configure per-device mapping. See Configuring per-device mapping.

    3. Click Save.

    Configuring per-device mapping

    Use per-device mappings in switch VLANs to configure generic VLAN definitions that can be applied to all devices.

    When using dynamic mapping, the devices specified will receive the configurations specified in the mapping rule. Devices which do not match will receive the default configuration.

    To configure a VLAN per-device mapping:

    1. In Switch > Configuration > VLANs, create or edit a VLAN definition.

    2. In Per-Device Mapping, click Create.

    3. Configure the mapping as follows:

      Settings

      Description

      Mapped Device

      Select the device to be mapped.
      VLAN ID

      Enter a unique ID for this VLAN, a number from 1-4094.

      IP/Network Mask

      Specify the mapped IP address and netmask.

      IPv6 Address/Prefix

      If needed, enter the IPv6 address and prefix.

      Mapped DHCP Server

      Enable or disable the DHCP server on this SSID, then configure the DHCP server settings as needed.

      Administrative access

      Select the allowed administrative access methods.

    4. Click Save.

    Previous
    Next

    Add or edit a VLAN

    Add or edit a VLAN

    To add or edit a VLAN:

    1. In Switch > Configuration > VLANs:

      1. Select the appropriate Site and Domain.

      2. Click Create New to add a new VLAN interface.

      3. Select a VLAN and click Edit to edit an existing VLAN.

    2. In the form, enter or update the following information:

      Field

      Required

      Description

      Name

      Y

      Enter a unique name for the VLAN.

      Type

      Y

      The type is automatically set to VLAN and is not editable.

      Interface

      Y

      Select the physical interface port on the switch.

      VLAN ID

      Y

      Enter a unique ID for this VLAN.

      This value is automatically generated if no value is entered.

      Color

      N

      Click Change to select the color that will be used to display information about this VLAN.

      Addressing Mode

      Y

      Choose either Manual or DHCP.

      IP/Netmask

      Y

      Enter the IP address and netmask for this VLAN.

      This field is only available when Addressing Mode is Manual.

      IPv6 Addressing Mode

      Y

      Choose either Manual or DHCP.

      IPv6 Address/Profile

      Y

      Enter the IPv6 address and profilefor this VLAN.

      This field is only available when IPv6 Addressing Mode is Manual.

      Administrative Access

      IPv4

      N

      Select the allowed administrative access ports.

      DHCP Server

      DHCP Status

      Y

      Enable or disable the FortiSwitch DHCP server for this VLAN.

      Address Range

      Y

      Enter the address ranges for IP addresses to be issued.

      This field is only available if DHCP Status is Enabled.

      Netmask

      Y

      Enter the netmask to use for IP addresses issued.

      This field is only available if DHCP Status is Enabled.

      Default Gateway

      Y

      Select whether the gateway should be Same as interface IP or Specify a gateway IP address.

      This field is only available if DHCP Status is Enabled.

      DNS Server

      Y

      Select whether the assigned DNS server should be Same as System DNS, Same as Interface IP, or Specify a DNS server address.

      This field is only available if DHCP Status is Enabled.

      Lease Time

      Y

      Enable or disable an IP address lease time limit, and specify the lease limit in seconds.

      This field is only available if DHCP Status is Enabled.

      Network

      Device Detection

      N

      Enable or disable automatic device detection, which allows the firewall device to use the information about connected devices detected by this switch.

      IGMP Snooping

      N

      Enable or disable IGMP snooping.

      DHCP Snooping

      N

      Enable or disable DHCP snooping.

      Block intra-VLAN traffic

      N

      Enable or disable blocking traffic between this VLAN and other VLANs.

      Miscellaneous

      Comments

      N

      Enter comments, if needed.

      Status

      Y

      Enable or disable this VLAN.

      Per-Device Mapping

      N

      Configure per-device mapping. See Configuring per-device mapping.

    3. Click Save.

    Configuring per-device mapping

    Use per-device mappings in switch VLANs to configure generic VLAN definitions that can be applied to all devices.

    When using dynamic mapping, the devices specified will receive the configurations specified in the mapping rule. Devices which do not match will receive the default configuration.

    To configure a VLAN per-device mapping:

    1. In Switch > Configuration > VLANs, create or edit a VLAN definition.

    2. In Per-Device Mapping, click Create.

    3. Configure the mapping as follows:

      Settings

      Description

      Mapped Device

      Select the device to be mapped.
      VLAN ID

      Enter a unique ID for this VLAN, a number from 1-4094.

      IP/Network Mask

      Specify the mapped IP address and netmask.

      IPv6 Address/Prefix

      If needed, enter the IPv6 address and prefix.

      Mapped DHCP Server

      Enable or disable the DHCP server on this SSID, then configure the DHCP server settings as needed.

      Administrative access

      Select the allowed administrative access methods.

    4. Click Save.

    Previous
    Next