Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSwitch 7.2.8 Administration Guide
    7.2.8
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.11
    6.4.6
    6.4.5
    6.4.3
    6.4.2
    6.4.0
    6.2.5
    6.2.2
    6.2.1
    6.2.0

    Routed VLAN interfaces

    Routed VLAN interfaces

    A routed VLAN interface (RVI) is a physical port or trunk interface that supports layer-3 routing protocols. When the physical port or trunk is administratively down, the RVI for that physical port or trunk goes down as well. All RVIs use the same VLAN, 4095.

    RVIs support ECMP, VRF, multiple IP addresses, IPv4 addresses, IPv6 addresses, BFD, VRRP, DHCP server, DHCP relay, RIP, OSPF, ISIS, BGP, and PIM.

    Layer-2 protocols and most switch interface features are disabled on RVIs. When RVI is enabled, the following features are not available:

    • 802.1X port mode

    • 802.1X MAC-based security mode

    • User-based (802.1X) VLAN assignment

    • 802.1X enhancements, including MAB

    • MAB reauthentication

    • open-auth mode

    • Support of the RADIUS accounting server

    • Support of RADIUS CoA and disconnect messages

    • EAP pass-through

    • Network device detection

    • DHCP snooping

    • DHCP blocking

    • Dynamic ARP inspection

    • Access VLANs

    • VLAN tag by ACL

    • IGMP snooping

    • IGMP proxy

    • IGMP querier

    • Per-port maximum for learned MACs

    • MAC learning limit

    • Learning limit violation log

    • set mac-violation-timer

    • Sticky MAC

    • Total MAC entries

    • MSTP

    • STP root guard

    • STP BPDU guard

    • 'forced-untagged' or 'force-tagged' setting on switch interfaces

    • Private VLANs

    • Multi-stage load balancing

    • MAC/IP/protocol-based VLAN assignment

    • Virtual wire

    • Loop guard

    • VLAN stacking (QnQ)

    • VLAN mapping

    • MCLAG

    • STP support in MCLAGs

    • IGMP snooping support in MCLAG

    • Cut-through switching

    • Edge port

    • Host quarantine on switch port

    Configuring an RVI

    tooltip icon When you configure a trunk interface as an RVI, you must confgure a static MAC address to avoida disruption of adjacency when adding or removing a group of ports.
    Using the CLI:

    Create a system interface. Set the IP address and netmask, set the interface type to physical, and then assign the layer-2 interface.

    config system interface

    edit <new_interface_name>

    set ip <IP_address_and_netmask>

    set type physical

    set l2-interface <existing_interface_name>

    next

    end

    For example:

    config system interface

    edit RVInew

    set ip 10.1.1.1 255.255.255.0

    set allowaccess ping

    set type physical

    set l2-interface port2

    next

    end

    Configuring VRF for an RVI

    Starting in FortiSwitchOS 7.2.1, you can configure port-based virtual routing and forwarding (VRF) for an RVI.

    To configure VRF for an RVI:

    config system interface

    edit <new_interface_name>

    set ip <IP_address_and_netmask>

    set type physical

    set l2-interface <port_name>

    set vrf <VRF_instance_name>

    next

    end

    For example:

    config system interface

    edit "rvi1"

    set ip 192.168.10.1 255.255.255.0

    set allowaccess ping https http ssh telnet radius-acct

    set type physical

    set l2-interface "port15"

    set snmp-index 77

    set vrf "vrf2"

    config ipv6

    set ip6-address 192:168:10::1/64

    set ip6-allowaccess ping

    set dhcp6-information-request enable

    end

    next

    end

    Viewing the RVIs

    Use the following command to list which ports and trunks are RVIs:

    diagnose ip router fwd l3-rvi-info

    Use the following command to list MAC addresses, priorities, source ports, and flags for RVIs:

    diagnose hardware switchinfo l2-station-table

    Previous
    Next

    Routed VLAN interfaces

    Routed VLAN interfaces

    A routed VLAN interface (RVI) is a physical port or trunk interface that supports layer-3 routing protocols. When the physical port or trunk is administratively down, the RVI for that physical port or trunk goes down as well. All RVIs use the same VLAN, 4095.

    RVIs support ECMP, VRF, multiple IP addresses, IPv4 addresses, IPv6 addresses, BFD, VRRP, DHCP server, DHCP relay, RIP, OSPF, ISIS, BGP, and PIM.

    Layer-2 protocols and most switch interface features are disabled on RVIs. When RVI is enabled, the following features are not available:

    • 802.1X port mode

    • 802.1X MAC-based security mode

    • User-based (802.1X) VLAN assignment

    • 802.1X enhancements, including MAB

    • MAB reauthentication

    • open-auth mode

    • Support of the RADIUS accounting server

    • Support of RADIUS CoA and disconnect messages

    • EAP pass-through

    • Network device detection

    • DHCP snooping

    • DHCP blocking

    • Dynamic ARP inspection

    • Access VLANs

    • VLAN tag by ACL

    • IGMP snooping

    • IGMP proxy

    • IGMP querier

    • Per-port maximum for learned MACs

    • MAC learning limit

    • Learning limit violation log

    • set mac-violation-timer

    • Sticky MAC

    • Total MAC entries

    • MSTP

    • STP root guard

    • STP BPDU guard

    • 'forced-untagged' or 'force-tagged' setting on switch interfaces

    • Private VLANs

    • Multi-stage load balancing

    • MAC/IP/protocol-based VLAN assignment

    • Virtual wire

    • Loop guard

    • VLAN stacking (QnQ)

    • VLAN mapping

    • MCLAG

    • STP support in MCLAGs

    • IGMP snooping support in MCLAG

    • Cut-through switching

    • Edge port

    • Host quarantine on switch port

    Configuring an RVI

    tooltip icon When you configure a trunk interface as an RVI, you must confgure a static MAC address to avoida disruption of adjacency when adding or removing a group of ports.
    Using the CLI:

    Create a system interface. Set the IP address and netmask, set the interface type to physical, and then assign the layer-2 interface.

    config system interface

    edit <new_interface_name>

    set ip <IP_address_and_netmask>

    set type physical

    set l2-interface <existing_interface_name>

    next

    end

    For example:

    config system interface

    edit RVInew

    set ip 10.1.1.1 255.255.255.0

    set allowaccess ping

    set type physical

    set l2-interface port2

    next

    end

    Configuring VRF for an RVI

    Starting in FortiSwitchOS 7.2.1, you can configure port-based virtual routing and forwarding (VRF) for an RVI.

    To configure VRF for an RVI:

    config system interface

    edit <new_interface_name>

    set ip <IP_address_and_netmask>

    set type physical

    set l2-interface <port_name>

    set vrf <VRF_instance_name>

    next

    end

    For example:

    config system interface

    edit "rvi1"

    set ip 192.168.10.1 255.255.255.0

    set allowaccess ping https http ssh telnet radius-acct

    set type physical

    set l2-interface "port15"

    set snmp-index 77

    set vrf "vrf2"

    config ipv6

    set ip6-address 192:168:10::1/64

    set ip6-allowaccess ping

    set dhcp6-information-request enable

    end

    next

    end

    Viewing the RVIs

    Use the following command to list which ports and trunks are RVIs:

    diagnose ip router fwd l3-rvi-info

    Use the following command to list MAC addresses, priorities, source ports, and flags for RVIs:

    diagnose hardware switchinfo l2-station-table

    Previous
    Next