FortiAP
FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
vpatil
Staff
Staff
Article Id 343440
Description This article describes step-by-step instructions on how to configure a Bridge mode SSID on the FortiAP WiFi 
Scope

FortiAP 7.4, FortiSwitch 7.2, and FortiGate 7.4.

FortiAP and FortiSwitch are managed by FortiGate and FortiAP is plugged into the FortiSwitch port.

SSID authentication mode is WPA2-PSK.

Solution
  1. Navigate to 'WiFi & Switch Controller', and select 'Create New' -> SSID -> Traffic mode 'Bridge'.

    In the Bridge mode SSID, the user data traffic is locally bridged by the AP, whereas in the Tunnel mode SSID the user data traffic is tunneled between the AP and the FGT via the CAPWAP Tunnel 

  2. By default, the 'Option VLAN ID' field is set to 0, meaning the users will be in the same VLAN as the AP management VLAN.

  3. However, for better WiFi performance, use a dedicated VLAN for the Bridge SSID users: SSID and FortiAP should be in different VLANs.
 

Image-1.PNG

 

  1. Create a new VLAN 200 interface on the FortiGate (FortiSwitch Controller) and enable the DHCP Server on VLAN 200.

Image 2.PNG

 

  1. Tag/Allow the new VLAN 200 on the AP uplink switchport; WiFi users connecting to this SSID will get an IP address from VLAN 200.

 

Image 3.PNG

 

  1. Create a new Firewall policy to provide Internet access to the users in VLAN 200.

 

Image 4.PNG

 

  1. Manually add the Bridge SSID 'Fortinet' to all the 'Access Point' radios in the FortiAP profile.

 

Image 5.PNG

 

Image 6.PNG

 

  1. Connect and verify if the WiFi users connect to the WPA2-PSK with the passphrase, whether they get a valid IP address from the VLAN 200 DHCP Server scope, and whether they can access the Internet.

 

Image 7.PNG

 

Contributors