Refer to the exhibits. Traffic arriving on port2 on FortiSwitch is tagged with VLAN ID 10 and destined for PC1 connected on port1. PC1 expects to receive traffic untagged from port1 on FortiSwitch. Which two configurations can you perform on FortiSwitch to ensure PC1 receives untagged traffic on port1? (Choose two answers)

A. Add VLAN ID 10 as a member of the untagged VLANs on port1.
B. Include VLAN 10 and VLAN 20 as allowed VLANs on port1.
C. Add the MAC address of PC1 as a member of VLAN 10.
D. Remove VLAN 10 from the allowed VLANs and add it to untagged VLANs on port1.

Correct Answer: A,D

Brave-Dump Clients Votes

AD 50%

AC 50%

Comments

javaughn Bryan 2025-12-09 23:33:33

Selected Answers: A, D

A&D are absolutely correct.

If the connected device expects to receive untagged traffic, then you must also include VLAN 10 in the untagged VLANs setting so FortiSwitch forwards the frames without a VLAN tag.

PAGE: 367 | FORTISWITCH 7.6 ADMIN GUIDE

John 2025-12-27 19:48:45

Selected Answers: A, C

ANSWER: A & C
Untagged VLANs do not bypass Allowed VLANs; Fortinet documentation explicitly requires untagged VLANs to also be members of the allowed VLAN list (page 117 FS.7.6). & pg 121 fs 7.2
DIRECT QUOTE:
Untagged VLANs: Usually, you don’t have to configure this setting. However, some features, like
quarantine MAC or dynamic VLAN assignment, require it for the feature to work. This setting applies to
egress traffic only, and defines a list of VLANs for which the egress traffic is sent untagged. For the setting
to take effect, the untagged VLAN must also be a member of the allowed VLANs list.