Skip to main content
shlomim
shlomim
New Member
April 7, 2025
Question

Using Software Switch and CAPWAP Tunnel mode - would it have negative effect ?

  • April 7, 2025
  • 1 reply
  • 1068 views

Hi,

Our topology is quite simple - 

40F Firewall connected to POE FortiSwitch, 5x831F and 2x221F Access points connected to the FortiSwitch.

The FortiSwitch and APs are managed via the 40F Controller.

The 40F Firewall on a different interface is connected to Cisco Switch for RJ45/Cable connections, which is connected to more switches etc.

 

From the idea of not wasting overhead for CAPWAP Tunnel mode, the SSID's have been configured as Local switching, the interface terminates on the firewall.

 

I've been asked to extend the STAFF SSID's VLAN to the Physical network - and I see that there are 2 options to do it - the first is to connect the FortiSwitch to the Cisco Switch to span the L2.

the second option would be to create a Software Switch, configure the SSID to use tunnel mode and terminate it on the interface connected to the software switch.

 

question is - would it have negative effect on performance ?

1 reply

Anthony_E
Staff
Anthony_E
Staff
April 10, 2025

Hello,

 

Using a software switch in conjunction with a CAPWAP tunnel mode can potentially have some negative effects, primarily related to performance:

 

  1. Performance Overhead: Software switches can introduce additional processing overhead compared to hardware-based switching. This can lead to increased latency and reduced throughput, especially under high-traffic conditions.
  2. IP Fragmentation: CAPWAP tunnels can increase packet size due to encapsulation overhead, potentially leading to IP fragmentation if the packets exceed the MTU size. This can result in decreased performance and increased latency.
  3. Resource Utilization: Running both a software switch and CAPWAP tunnels can increase CPU and memory usage on the device, which might affect overall performance, especially if the device is handling a large number of connections or high traffic volumes.
  4. Configuration Complexity: Managing both software switches and CAPWAP tunnels can add complexity to network configuration and troubleshooting.

 

To mitigate these effects, ensure that the network is properly configured to handle the expected traffic load, and consider using hardware-based solutions where possible to improve performance.

 

Additionally, configuring CAPWAP IP fragmentation control settings can help prevent packet fragmentation issues.

 

Hope it helps.

 

Regards,

Best Regards
    shlomim
    shlomimAuthor
    New Member
    April 10, 2025

    Hi Anthony,

    thank you the information and prompt response.

    I was worried about damaging the performance.

    is there any other way to span an interface/VLAN over the physical ports of the 40F and over the FortiSwitch while using the interface to manage the switch ?

      Terms & ConditionsAccessibility statement