Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TigerEmperor
New Contributor

FortiWifi60d

Dear all I have a fortiwifi 60d, I form a sofware switch and add a vlan into this software switch, however I notice that when I bind the Wi-Fi into this software switch, it will not use the vlan, how can I turn it into the vlan, thanks.
1 Solution
wanglei_FTNT

Hi Jared,

 

FWF wireless traffic is already handled locally from FGT point of view even it's called tunnel mode.  

 

Lei

View solution in original post

21 REPLIES 21
TigerEmperor

Hi Sidewaysguy.

Sorry, I Misunderstand your answer before.

I try to add a bridge wifi, add the vlan 123 in the option, but I can not search the wifi on mobile, also I can not see enable broadcase like tunnel mode, do the bridge mode only use to enable the wifi?

 

Yes, It can use if it is used as independent subnet, but the other branch need to limited the subnet in VPN. the vlan 123 is a one of internal network with wifi and phycal cable lan port. Sorry need to use in vlan.

 

I confirmed the other branch is using the tunnel mode but can use the vlan IP, but they do not provided the config to me. What other prossible setting can make a tunnel mode ssid in vlan?

Sidewaysguy

Hello there,

 

Okay first things first, did you add the SSID you created in bridge mode to the wireless profile that you have associated with the local wifi?  The default profile will automatically add tunnel ssids but not Bridged.  You will need to manually add the SSID. 

 

Secondly, if this is an issue for needing traffic coming from a remote subnet through the vpn to the wireless network, then you will need to have the subnet defined in Phase 2 on both sides (unless you are using 0.0.0.0/0.0.0.0). As well, you will need to have the appropriate policies on both sides, referencing the appropriate subnets and interfaces.  Whether you use the SSID or VLAN it doesn't matter as each are an interface that would need to be referenced on your side in the policy.

 

Thirdly, the vlan you are trying to utilize is only on your side of the vpn correct?

 

I'm not sure what firmware you are using but http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-wireless-54/define-ssid.htm maybe something to read.  

TigerEmperor

Dear Sidewaysguy

Good Afternoon.

I add a bridge SSID again. Where can I assigned it in the local wifi? Thanks.

Sidewaysguy

Hi there,

 

In the FortiAP profile you have assigned to the local wifi. 

 

 

TigerEmperor

Dear Sidewaysguy

Good Morning.

Thanks for your reply.

I see the default FortiAP profile is assigned to Local Wifi Radio Platform. If I create a new profile, I can not see bridge mode in Platform. Don't the FortiAP profile is used to map to other Fortigate's AP?

wanglei_FTNT

Hi All,

 

To clarify a little bit

1) you can't bind bridge mode VAP to WTP profile assigned to local radio 

2) if you really need to use VLAN interface for tunnel mode VAP. There are a couple of ways to do it

a) make tunnel mode VAP an independent interface(not part of software/hardware switch) and create vlan interface under VAP itself

b) make tunnel mode VAP part of software/hardware switch, create VLAN interface under the switch. In order to include tunnel mode VAP part of switch, you can't enable DHCP server on VAP itself. 

 

Hope this will help

 

Lei

Sidewaysguy

wanglei@fortinet.com wrote:

Hi All,

 

To clarify a little bit

1) you can't bind bridge mode VAP to WTP profile assigned to local radio 

2) if you really need to use VLAN interface for tunnel mode VAP. There are a couple of ways to do it

a) make tunnel mode VAP an independent interface(not part of software/hardware switch) and create vlan interface under VAP itself

b) make tunnel mode VAP part of software/hardware switch, create VLAN interface under the switch. In order to include tunnel mode VAP part of switch, you can't enable DHCP server on VAP itself. 

 

Hope this will help

 

Lei

Thanks Lei!  I didn't know/realize that you couldn't bind bridge mode to the local radio.  Is there a reason for this?

 

Cheers,

 

Jared

wanglei_FTNT

Hi Jared,

 

FWF wireless traffic is already handled locally from FGT point of view even it's called tunnel mode.  

 

Lei

Sidewaysguy

wanglei@fortinet.com wrote:

Hi Jared,

 

FWF wireless traffic is already handled locally from FGT point of view even it's called tunnel mode.  

 

Lei

Thanks Lei!  That's interesting as I was thinking that the local radio was treated like external AP's in regards to the profiles/interfaces.

TigerEmperor

Thanks Lei & Sidewaysguy

Good Afternoon.

Finally I stay the wifi in tunnel mode and input below in command line. After REBOOT the 60D (must reboot after setting "set vlanid 123"), it return the correct IP (192.168.123.X). I wonder it can not setting in the GUI mode and not display in manual or guide clearly.

    edit "Wifi_TE_IP"         set vlanid 123

    end

 

 

One more thanks for Sidewaysguy and Lei.