FortiAP
FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
sagha
Staff
Staff
Article Id 196399

Description
It is possible in FortiWifi to make internal zone a part of software switch as described in related links below.
However, on ForitGate it is not possible.

This scenario is basically ideal when one wants assign DHCP leases to wireless clients via DHCP server that is located in LAN.

Solution
In order to make internal interface part of software switch, it is important to get rid of any IP address assigned to it and also any references to this interface has to be removed.
Marked in yellow.



 
 
Create a WiFi interface ‘wifi_int’ with SSID ‘wireless_network’ using  passphrase ‘Fortinet1234’.
# config wireless-controller vap
    edit "wifi_int"
        set vdom "root"
        set ssid " wireless_network"
        set security wpa-personal
        set passphrase "Fortinet1234"
    end

# config wireless-controller wtp
    edit FAPxxxx
        set admin enable
        set vaps "wifi_int"
    end

Note.


It is not required to assign an IP address or configure DHCP server under wireless interface.
As it will be a part of software switch, an interface with an IP address sill not get added.
Also, the DHCP lease are going to take place via DHCP server in LAN so it’s not required to configure dhcp.


 
Create a new software switch and add both internal interface and ssid interface to it.
 
 
 
 
Via CLI.
# config system interface
    edit lan
        set ip 192.168.1.10 255.255.255.0
        set type switch
        set member "wifi_int" "internal"
    end
Connect the wireless client to ssid ‘wireless_network’ using passphrase ‘Fortinet1234’.

Once trying to connect, the wireless client will reach the DHCP server as the packets are treated the same as on the switch and forwarded to the correct destination which is the DHCP server.
 
Troubleshooting.
# diag sniffer packet any ‘port 67 or port 68’ 4 0 a

# diag debug application dhcpc -1
# diag debug enable

Related link:

 

Contributors