| Description | This article describes how the LAN port handles connected wired devices, particularly through the 'Bridge to LAN' and 'Bridge to SSID' options. |
| Scope | FortiAP, FortiGate. |
| Solution |
FortiAPs can operate their LAN ports in two main modes:
Once Uplink & Bridge is enabled, there are two choices for LAN port bridging:
Option 1: Bridge to LAN. Function: The LAN port acts like a switch port, bridging wired clients directly to the wired LAN (uplink). Use case: Connect wired devices like IP phones, printers, or desktops to the same VLAN/subnet as the AP’s uplink. Traffic behavior: Wired device traffic is bridged to the same network that the AP is using for its uplink.
Option 2: Bridge to SSID. Function: The LAN port bridges the wired client’s traffic into the wireless SSID’s VLAN. Use case: Use this when the wired devices need to behave like wireless clients connected to a specific SSID (e.g., guest devices). Traffic behavior: Traffic from the wired port is tagged and tunneled to the controller as if it is part of the wireless SSID.
Note: For this functionality to work correctly, the WAN-LAN functionality must be activated from the CLI of the FortiAPs individually.
For F and G series APs (e.g., FortiAP-xxxF, FortiAP-xxxG, FortiAP-xxxK):
cfg -a WANLAN_MODE=WAN-LAN cfg -c
For FortiAP-U models:
cfg -a FAP_ETHER_TRUNK=3 cfg -c
If these commands are not run in the FortiAP CLI, any device connected to the FortiAP's secondary LAN will connect to the FortiAP's management VLAN (direct bridge to port 1). |
