View all questions & answers for the NSE 5 - FortiSwitch 7.6 Administrator Exam Materials exam


Question 21 Discussion

Refer to the exhibit. PC1 and PC2 are connected to port1 on FortiSwitch. Which VLAN tags will FortiSwitch apply when forwarding PC1 and PC2 traffic out of port2? (Choose one answer)

  • A. FortiSwitch will tag PC1 and PC2 frames with VLAN 20.
  • B. FortiSwitch will tag both PC1 and PC2 frames with VLAN 10, due to MAC override.
  • C. FortiSwitch will tag PC1 frames with VLAN 10 and PC2 frames with VLAN 20.
  • D. FortiSwitch will leave PC1 frames untagged and will tag PC2 frames with VLAN 10.
Correct Answer: C

Brave-Dump Clients Votes

C 100%

Comments



javaughn Bryan 2025-12-10 20:23:13

Selected Answers: C


C is absolutely correct.
PAGE: 365 | FORTISWITCH 7.6 ADMIN GUIDE

Usually, you assign ports to VLANs by configuring the native VLAN and allowed VLAN settings on the port.

FortiSwitch then uses these settings to determine the VLAN to assign untagged and tagged ingress traffic to. But what if you want to assign traffic to VLANs based on the source address and Ethernet protocol of the traffic? The latter is possible with MAC, IP, and protocol-based VLANs.

MAC, IP, and protocol-based VLANs enable you to assign ingress traffic to VLANs based on the endpoint source MAC address, source IP address, and Ethernet protocol (or Ethernet type). Then, when processing ingress traffic, FortiSwitch overrides the VLAN settings on the port with the VLAN assigned to the endpoint (or member) in the MAC, IP, and protocol-based VLAN configuration. One benefit is that you can place different devices behind the same switch port in different VLANs. Another benefit is mobility because endpoints can be assigned to the same VLAN regardless of the switch port they are connected to.

The benefits provided by MAC, IP, and protocol-based VLANs can also be obtained with 802.1X authentication. However, 802.1X is considered more scalable and secure, and therefore generally a better option. For this reason, MAC, IP, and protocol-based VLANs are more often used as a solution for specific scenarios rather than as the main VLAN assignment method in the network.

For example, if you have PC1 and PC2 behind port1 on FortiSwitch. The native VLAN on port1 is VLAN 20. Under standard VLAN operation, this would result in FortiSwitch tagging frames from PC1 with VLAN 20 when forwarding them to port2. However, because PC1 is a member of VLAN 10 (a member by MAC address), then FortiSwitch tags the frames from PC1 with VLAN 10 instead. Frames from PC2 that egress port2 are tagged with VLAN 20 because, unlike PC1, PC2 is not configured as a member of VLAN 10.