Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Bridged SSID not getting DHCP

Hi, all. 

I have two switches - Dell Powerconnect and Fortiswitch. There are several FortiAPs connected to both switches, broadcasting the same set of SSIDs.


All SSIDs that are tunneled are working fine on both switches. I have one SSID that is bridged to a LAN, as they need to be interconnected. When connecting to APs on the Powerconnect, everything works fine. But when connecting through the FortiSwitch, the clients cannot reach DHCP. Authentication is set to local, so everyone gets a connection.


I have attached a basic scheme of the setup. Could anyone point me towards what I am missing, here? Why cannot the clients connecting through FS get an IP?


SSID Tech.png



When using a bridged SSID the users VLAN should be spanned across the switches. Is the user VLAN tagged on the switch ports connecting the APs and configured on FSW/Fortilink?

If you want to use the same VLAN on different ports of FGT you have to create software/hardware switch on FortiGate:


Hi, ebilcari.

I have a SW switch enabled, but I think you are on to something. The VLAN (40) tagging the WLAN traffic was not defined as allowed on the Fortilink, and not on the ports that the APs are connected to.

I have now defined this, but it still does not work, so there is still something I'm missing - probably how to connect the traffic from the Fortilink to the SW switch. The VLAN defined on the Fortilink is not possible to include in the SW switch. Any ideas?


The trick is that the VLAN that can be included in a Software switch should be pure Layer 2, no IP configuration or address object should exist for that VLAN.

Try to create a new VLAN on FortiSwitch VLANs without selecting anything related to IP (Layer 3 configurations)


Layer 3 configuration should be done on Software switch interface only.


Hello, again.

This is how it's set up:


Fortiswitch VLAN:


Fortiswitch port 1:






The software switch:


The point here is to bridge the "LKS Teknisk" to the "teknisk lan". 


There is no way to include "wlan_fl_teknisk" in the SW switch. Does not show in the include list.





the only way that prevents it, is if this VLAN has an IP configured or a address object attached to it by default. If that is the case than change the Role from LAN to Undefined and that search in Addresses and delete the Interface subnet referring to that interface. After that it will allow you to tie this interface to the software switch





I changed the VLAN to Undefined role and removed the address object, but still not possible. Driving me kind of crazy. Should I open a support case?


The sw switch: 




The VLAN interface:




Try to delete this one and create a new VLAN for ID 40 and specify the role to Undefined before you save the settings, maybe the old one is tied with something else.

If you still can't attach it then you can create a support ticket.


OK, I deleted everything and started over. Renamed the interface (vlan_teknisk_i) to make sure. But, there is something corrupt here:




Created a new sw switch. Now I can add all the interfaces, but it fails when I add the interface with VLAN 40, says it overlaps with the VLAN "vlan_teknisk_i".


Basically, it refuses to include the two interfaces in the same switch, as they have same VLAN ID. Even when the VLAN interface defined in the FortiSwitch has undefined role and no network info. 

Contributor III

Hello Choco

Try configure a static IP on the client, then try ping your FGT and use sniffer to see if you are really on the same VLAN with your FGT.