Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ESCHAN_FTNT
Staff
Staff

Created on ‎05-30-2015 07:50 AM Edited on ‎09-16-2025 11:36 PM By Moderator

Article Id 189683

Technical Tip: How to bridge a FortiWifi SSID to a wired network or VLAN network

Description

 
This article describes how to bridge a FortiWifi SSID to a wired network or VLAN network.
In a typical configuration, when using FortiAP, the SSID is configured in 'Local Bridge' mode, and this SSID is grouped into the software switch. However, there may be issues if trying to add the 'Local Bridge' SSID into FortiAP Profiles. The error is shown as 'Maximum number of entries has been reached'.
 
Scope
 
FortiGate, FortiWifi.


Solution

 

'Local Bridge' mode is not supported for FortiWifi.
 
For a FortiWifi unit, SSID can only be configured in 'Tunnel' mode. The key point is to configure a tunnel mode SSID with no IP address configured and a DHCP server disabled. After, add this 'Tunnel' mode SSID into the software switch so it will be in the same subnet as the local LAN network.
 
Below are the steps:
  1. Create an SSID with tunnel mode with no IP address and with DHCP disabled, and create an address object matching the subnet to disable.
 

A screenshot of a computer__Description automatically generated.png

To create an SSID in the CLI:

 

config wireless-controller vap
    edit "TAC_INV"
        set ssid "TAC_INV"
        set passphrase <password> 
    next
end

 

Note:

Make sure the dependent VLAN 'wqtn' is also removed to be able to add the new SSID into the software switch.

tunnel.png

 

  1. Add a new SSID to the Local LAN interface software switch. 

 

A screenshot of a computer__Description automatically generated (1).png

 

To add a new SSID under a software switch in the CLI: 

 

config system switch-interface
    edit "lan"
        set member "internal" "TAC_INV"
    next
end

 

  1. Configure the VLAN at the 'Optional VLAN' under the SSID. This VLAN has to be the same as the VLAN ID of the other VLAN that is configured at the software switch.     

 

1112.jpg

 

  1. Once added, it will work in bridge mode.


A screenshot of a computer__Description automatically generated (2).png

 

Related articles:

Technical Tip: Use of Optional VLAN ID in Tunnel type Wireless SSID configuration 

Technical Tip: SSID Local bridge vs Tunnel mode 

Technical Tip: How to setup a wireless network on FortiGate using Tunnel-Mode 

9256
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.