Hello everyone, For 2 years I've been working with FGT and few days ago I bought my first FortiAP 21D. From the cookbook and other documentation, I know that FAP can work in Bridge mode in two ways: 1. Setting the 'Local brigde with Forti APs interface' in Traffic Mode in the SSID settings - then connect FortiAP unit to LAN interface in a remote location (a location other than the FortiGate interface). Result: WiFi and wired clients are on the same LAN subnet. eg: http://cookbook.fortinet....ridge-with-fortiap-54/ http://cookbook.fortinet....a-wifi-bridge-fortiap/ 2. Setting 'Tunnel to the WiFi controller' in Traffic Mode in the SSID settings - then connect FortiAP to the dedicated internal interface in FGT unit and combine the WiFi and wired interfaces with software switch. Result: WiFi and wired clients are on the same LAN subnet. eg: http://cookbook.fortinet....ith-a-software-switch/ http://www.fortinetguru.c...ith-a-software-switch/ http://www.fortinetguru.c...ith-a-software-switch/ What are the main differences between this settings? Which are the best? Thank you for the reply
The major difference between mode 1 and mode 2 is that how end user traffic is forwarded.
Mode 1)
All traffic is forwarded to local network by AP
2) all traffic is tunneled to controller 1st
Depending on your needs, you can have mixed deployment as well. For example, some SSIDs are put into mode 1 and some SSIDs are working at mode 2
One thing to take into consideration as well, Tunnel mode adds some overhead so if you have custom MTU sizes etc you can end up with fragmented packets that cause strange behavior at times.
Mike Pruett
If you tunnel the traffic to the controller and create a software switch, all traffic handled by the switch is running in the CPU.
I would say that's a drawback.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.