Description
In a typical configuration when using FortiAP, the SSID is configured in 'Local Bridge' mode and this SSID is grouped into the software switch. However, there may be issues if trying to add the 'Local Bridge' SSID into FortiAP Profiles. The error is shown as 'Maximum number of entries has been reached'.
This article describes how to bridge a FortiWifi SSID to a wired network or VLAN network.
Scope
FortiGate, FortiWifi.
Solution
'Local Bridge' mode is not supported for FortiWifi.
For a FortiWifi unit, SSID can only be configured in 'Tunnel' mode. The key point is to configure a tunnel mode SSID with no IP address configured and DHCP server disabled. After, add this 'Tunnel' mode SSID into the software switch so it will be in same subnet with the local LAN network.
For a FortiWifi unit, SSID can only be configured in 'Tunnel' mode. The key point is to configure a tunnel mode SSID with no IP address configured and DHCP server disabled. After, add this 'Tunnel' mode SSID into the software switch so it will be in same subnet with the local LAN network.
Below are the steps:
- Create an SSID with tunnel mode with no IP address and with DHCP disabled and Create address object matching subnet to disabled
To create an SSID in the CLI:
config wireless-controller vap
edit "TAC_INV"
set ssid "TAC_INV"
set passphrase <password>
next
end
Note:
Make sure the dependent VLAN 'wqtn' is also removed to be able to add the new SSID into the software switch.
- Add a new SSID to the Local LAN interface software switch.
To add a new SSID under a software switch in the CLI:
config system switch-interface
edit "lan"
set member "internal" "TAC_INV"
next
end
- Once added, it will work in bridge mode.
