Skip to main content
aviniesky
aviniesky
New Member
March 28, 2018
Question

Link between SSID in tunnel mode and Wired Ports of Fortiswitch

  • March 28, 2018
  • 1 reply
  • 3616 views

Hello, 

 

I have FG100E (firmware ver. 5.4.4) linked to FS124D-POE through fortilink and one FAP421E connected to Fortiswitch. From FG100E I can access to manage these devices. I configured a SSID in tunnel mode because I need to use MAC filtering as access control (It's a requirement), and I need connect from wi-fi clients to internal resources (servers) connected directly to other ports of the switch (wired) and also go out to internet. The switch has a default VLAN defined by the fortilink setup process. If it's possible I need that wired and wi-fi clients are in the same subnet (ex. 192.168.2/24) and look each other. The DHCP server is a Windows 2012 Server (we also need to maintain it by requirement)

 

I do several tests and I try different options without success: I can't do that wi-fi and wired devices (clients) are on same subnet and see ones with others.  Is this approach possible?

 

I had read Fortinet's cookbook articles, product documentation, posts in this forums. 

 

I'm grateful in advance if you could help me based on you experience / knowledge or propose me other alternatives that I could try. I hope you can understand my explanation (Sorry for my english).

 

Thank you very much for your attention and your help. 

Regards,

 

Alejandro Viniesky

1 reply

Markus
Markus
New Member
March 29, 2018

Hi

 

As I know, it's not possible to have same subnet on different Interfaces. Maybe somtething of this will point to a possible solution:

1) Software Switch with your Lan and WiFi Interface(s), be aware that you loose Hardware Acceleration of the SoC, but all Clients will be in the same Subnet.

 

2) Policies that allows the necessary Traffic from SSID to internal Ressources and vice versa. Not sure about Windows DHCP, but I asume you have to configure the additional Subnet and configure the SSID Interface for DHCP relay.

 

3) Zone your Interfaces and allow Intra Zone Traffic. This allows Traffic (exept Broadcast) between your Interfaces, but your WiFi Clients wouldn't get IPs from your Win DHCP Server, because they aren't in the same Broadcastdomain. But you can do DHCP with Mac Filtering on your SSID Interface.

Terms & ConditionsAccessibility statement