Description
In a typical configuration, when using FortiAP, the SSID is configured in 'Local Bridge' mode and this SSID is grouped into the software switch. However, there may be issues if trying to add the 'Local Bridge' SSID into FortiAP Profiles. The error is shown as 'Maximum number of entries has been reached'.
This article describes how to bridge a FortiWifi SSID to a wired network or VLAN network.
Scope
FortiGate, FortiWifi.
Solution
'Local Bridge' mode is not supported for FortiWifi.
For a FortiWifi unit, SSID can only be configured in 'Tunnel' mode. The key point is to configure a tunnel mode SSID with no IP address configured and a DHCP server disabled. After, add this 'Tunnel' mode SSID into the software switch so it will be in the same subnet as the local LAN network.
For a FortiWifi unit, SSID can only be configured in 'Tunnel' mode. The key point is to configure a tunnel mode SSID with no IP address configured and a DHCP server disabled. After, add this 'Tunnel' mode SSID into the software switch so it will be in the same subnet as the local LAN network.
Below are the steps:
- Create an SSID with tunnel mode with no IP address and with DHCP disabled, and create an address object matching the subnet to disable
To create an SSID in the CLI:
config wireless-controller vap
edit "TAC_INV"
set ssid "TAC_INV"
set passphrase <password>
next
end
Note:
Make sure the dependent VLAN 'wqtn' is also removed to be able to add the new SSID into the software switch.
- Add a new SSID to the Local LAN interface software switch.
To add a new SSID under a software switch in the CLI:
config system switch-interface
edit "lan"
set member "internal" "TAC_INV"
next
end
- Configure the VLAN at the 'Optional VLAN' under the SSID. This VLAN has to be the same as the VLAN ID of the other VLAN that is configured at the software switch.
- Once added, it will work in bridge mode.
Related articles:
Technical Tip: Use of Optional VLAN ID in Tunnel type Wireless SSID configuration
