Staff

Technical Tip: How to bridge a FortiWifi SSID to a wired network or VLAN network

Forum|Forum|11 years ago
May 30, 2015
0 replies
10534 views

Description

This article describes how to bridge a FortiWifi SSID to a wired network or VLAN network.

In a typical configuration, when using FortiAP, the SSID is configured in 'Local Bridge' mode, and this SSID is grouped into the software switch. However, there may be issues if trying to add the 'Local Bridge' SSID into FortiAP Profiles. The error is shown as 'Maximum number of entries has been reached'.

Scope

FortiGate, FortiWifi.

Solution

'Local Bridge' mode is not supported for FortiWifi.

For a FortiWifi unit, SSID can only be configured in 'Tunnel' mode. The key point is to configure a tunnel mode SSID with no IP address configured and a DHCP server disabled. After, add this 'Tunnel' mode SSID into the software switch so it will be in the same subnet as the local LAN network.

Below are the steps:

Create an SSID with tunnel mode with no IP address and with DHCP disabled, and create an address object matching the subnet to disable.

A screenshot of a computer__Description automatically generated.png

To create an SSID in the CLI:

config wireless-controller vap
edit "TAC_INV"
set ssid "TAC_INV"
set passphrase <password>
next
end

Note:

Make sure the dependent VLAN 'wqtn' is also removed to be able to add the new SSID into the software switch.

Add a new SSID to the Local LAN interface software switch.

A screenshot of a computer__Description automatically generated (1).png

To add a new SSID under a software switch in the CLI:

config system switch-interface
edit "lan"
set member "internal" "TAC_INV"
next
end

Configure the VLAN at the 'Optional VLAN' under the SSID. This VLAN has to be the same as the VLAN ID of the other VLAN that is configured at the software switch.