Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSwitch 7.0.8 Administration Guide
    7.0.8
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.11
    6.4.6
    6.4.5
    6.4.3
    6.4.2
    6.4.0
    6.2.5
    6.2.2
    6.2.1
    6.2.0

    Switch virtual interfaces

    Switch virtual interfaces

    A switch virtual interface (or SVI) is a logical interface that is associated with a VLAN and supports routing and switching protocols.

    You can assign an IP address to the SVI to enable routing between VLANs. For example, SVIs can route between two different VLANs connected to a switch (no need to connect through a layer-3 router).

    Configuring a switch virtual interface

    Using the GUI:
    1. Go to System > Network > Interface > VLAN.
    2. Select Add VLAN.
    3. Enter a name for the interface.
    4. Select internal from the Interface drop-down list.
    5. Enter a VLAN identifier in the VLAN ID field.
    6. Select Static for the mode and enter an IP address and netmask in the IP/Netmask field.
    7. Select the administration status.
    8. Select PING, SSH, and TELNET for the Access options.
    9. Select Add.
    Using the CLI:

    Create a system interface. Give it an IP subnet and an associated VLAN:

    config system interface

    edit <system interface name>

    set ip <IP address and mask>

    set vlanid <vlan>

    set allowaccess ping ssh telnet

    Example SVI configuration

    The following is an example CLI configuration for SVI static routing.

    In this configuration, Server-1 is connected to switch Port1, and Server-2 is connected to switch Port2. Port1 is a member of VLAN 4000, and Port2 is a member of VLAN 2. Port1 is the gateway for Server-1, and port2 is the gateway for Server-2.

    NOTE: For simplicity, assume that both port1 and port are on same switch.

    1. Configure the native VLANs for Port 1 and Port 2:

      config switch interface

      edit port1

      set native-vlan 4000

      edit port2

      set native-vlan 2

      end

    2. Create L3 system interfaces that correspond to Port 1 (VLAN 4000) and Port 2 (VLAN 2):

      config system interface

      edit vlan4000

      set ip 192.168.11.1/24

      set vlanid 4000

      set allowaccess ping ssh telnet

      next

      edit vlan2

      set ip 192.168.10.1/24

      set vlanid 2

      set allowaccess ping ssh telnet

      end

    Viewing the SVI configuration

    Display the status of SVI configuration using following command:

    show system interface [ <system interface name> ]

    Previous
    Next

    Switch virtual interfaces

    Switch virtual interfaces

    A switch virtual interface (or SVI) is a logical interface that is associated with a VLAN and supports routing and switching protocols.

    You can assign an IP address to the SVI to enable routing between VLANs. For example, SVIs can route between two different VLANs connected to a switch (no need to connect through a layer-3 router).

    Configuring a switch virtual interface

    Using the GUI:
    1. Go to System > Network > Interface > VLAN.
    2. Select Add VLAN.
    3. Enter a name for the interface.
    4. Select internal from the Interface drop-down list.
    5. Enter a VLAN identifier in the VLAN ID field.
    6. Select Static for the mode and enter an IP address and netmask in the IP/Netmask field.
    7. Select the administration status.
    8. Select PING, SSH, and TELNET for the Access options.
    9. Select Add.
    Using the CLI:

    Create a system interface. Give it an IP subnet and an associated VLAN:

    config system interface

    edit <system interface name>

    set ip <IP address and mask>

    set vlanid <vlan>

    set allowaccess ping ssh telnet

    Example SVI configuration

    The following is an example CLI configuration for SVI static routing.

    In this configuration, Server-1 is connected to switch Port1, and Server-2 is connected to switch Port2. Port1 is a member of VLAN 4000, and Port2 is a member of VLAN 2. Port1 is the gateway for Server-1, and port2 is the gateway for Server-2.

    NOTE: For simplicity, assume that both port1 and port are on same switch.

    1. Configure the native VLANs for Port 1 and Port 2:

      config switch interface

      edit port1

      set native-vlan 4000

      edit port2

      set native-vlan 2

      end

    2. Create L3 system interfaces that correspond to Port 1 (VLAN 4000) and Port 2 (VLAN 2):

      config system interface

      edit vlan4000

      set ip 192.168.11.1/24

      set vlanid 4000

      set allowaccess ping ssh telnet

      next

      edit vlan2

      set ip 192.168.10.1/24

      set vlanid 2

      set allowaccess ping ssh telnet

      end

    Viewing the SVI configuration

    Display the status of SVI configuration using following command:

    show system interface [ <system interface name> ]

    Previous
    Next