Troubleshooting Tip: How to get management access (CLI/GUI) of the standalone switch through particular VLAN

mp2 · ‎08-17-2020

Description
This article describes how to get management access (CLI/GUI) of the standalone switch through particular VLAN.

Related links:
Page#87 steps to allow tagged and untagged vlan on switchport: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/b895b007-f1f3-11e9-8977-005056...
Page#24 Configuring management port: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/b895b007-f1f3-11e9-8977-005056...

Solution
1) Create a Layer-3 system VLAN interface with HTTP,HTTPS,PING,SSH access below.

From GUI of standalone Fortiswitch go to System -> Network -> Interface -> VLAN and select 'Add VLAN'.

From CLI.

# config system interface
(interface) edit "interface name"
(interface name) set mode <static/dhcp> <----- Select static or DHCP.
(interface name) set ip <xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx> <----- IPv4 and subnet mask, if mode set to static.
(interface name) set allowaccess < http https ping ssh >
(interface name) set vlanid <1-4094>
(interface name) set type vlan
(interface name) set status up
(interface name) end

2). Create a static route to get FortiSwitch access on the VLAN.
To provide remote access to the management VLAN, configure a static route.

Set the gateway address to the IP address of the router.

Using the GUI: go to Router -> Config -> Static and select 'Add Route'.

From CLI.

#config router static
(static)#edit 1
(1) set device <vlan interface>
(1) set gateway <xxx.xxx.xxx.xxx>
(1) set status enable
(1)end

3) Map the VLAN to desired interface of the switch port.

This particular VLAN can be tagged or untagged on the switchport.
The same VLAN interface can be used to contact FortiSwitch cloud by allowing port 443 and internet access to the FortiSwitch.