Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
systemssupport
New Contributor

Configure FortiAP 28C on Same Subnet using FortiGate 310B

How do I set up 2 FortiAP 28C's on the same subnet?  If I create both units under Virtual Domains, WiFi Controller, WiFi Network, SSID on the FortiGate 310B, I get an error "IP address is in same subnet as the others".  How do I fix this?  Thanks!

11 REPLIES 11
localhost
Contributor III

Are you trying to assign the same subnet to two separete SSIDs or is the range overlapping with other interfaces (eg internal) on your Fortigate?

 

Either way you could use a software switch:

Create a software switch, and assign the SSIDs and interfaces to the software switch.

http://docs.fortinet.com/d/fortigate-sharing-the-same-subnet-for-wifi-and-wired-clients

 

If it's just overlapping your internal range and the access points are installed directly in the LAN, you might want to change your wifis from tunneled to bridge mode:

 

systemssupport

The IP addresses were overlapping so I had to set the IP's so that it wouldn't overlap.  It took me a while to figure out the subnet mask but that's what I did to figure out this problem.

geofbuck

I tried this and it doesn't let me configure the software switch. I am using a FortiWifi 50B running 4.0 MR3 patch 18. I go to add the interface for the software switch and the only one visible is the wifi interface. The video shows all of the physical interfaces in the left pane. What am I missing? I tried deleting everything and creating it again to no avail.

Bromont_FTNT

Geofbuck... what are you tryng to achieve?

geofbuck

I am just trying to get the internal wlan interface to bridge with the internal one. I tried a software switch but when i create and configure it no interfaces appear in the list to add. Just wifi in the left list pane. BTW VDOM's are disabled. Basically I just want this as a normal router with 6 VLANS for possible future segmentation using a managed switch.
eyexmeetsxeye

Geofbuck, try to check if the interfaces you want to move into the software switch have any references. Sometimes I forget to disable DHCP on them or remove a policy and I can't figure out why it won't let me move it over. If you have anything tying the interface to a service it won't let you add it to a software switch (DHCP server, policy, etc). This is assuming you have your unit setup as interface mode and not switch mode.

 

geofbuck

Okay, I wondered if it was something like that. So this is how I have it configured:

 

INTERNAL interface has 6 VLANS (2-6) each with DNS and a DHCP server. I want the built-in wlan to be on the same subnet as the INTERNAL interface (VLAN1). So you are saying there is no way to tie the internal interface to the wifi in a software switch without wiping this current config and all my policies? Can I set up all my other VLANS 2-6 after? Is there no there way? My segmentation is as follows with priority based on the kind of traffic:

 

VLAN1 - network devices (internal interface)

VLAN2 - SECURITY systems

VLAN3 - streaming devices (Apple TV Sonos, Kodi, etc.)

VLAN4 - Automation control systems (Crestron, AMX, Savant, etc.)

VLAN5 - Home network devices (cell phone, PC's, printers, etc)

VLAN6 - guest network

 

 I would settle for bridging the internal interface with the wlan one but I am guessing that it is not possible to bridge the wlan interface with VLAN5 right? This is because the vlan is not a physical interface so it won't work with the software switch? 

Bromont_FTNT

You only have the FWF50B for wireless? No APs? Bridged SSIDs (with vlans for 2-6) would be the way to go if you had APs but I don't think v4 MR3 supported bridge mode SSIDs

 

ede_pfau

Bridging ports is not only OS dependent but also (and foremost) hardware limited. Few of the smaller unit support it at all.

@Bromont: OP has stated he's using 2 28C APs and a FG-310B (how come you mention a FWF50B?).

 

The FG-310B should probably support software switches. In order to put physical ports and SSIDs into one switch all ports need to be free of references. More or less this means to 'exec factoryreset' the FGT, plus further deleting of the default config (DHCP server).

 

Generally, this kind of configuration is mandatorily done prior to any configuration (sorry, that's the way it is).

 

Given that you already configured VLANs on these ports you can alternatively sift through the config to find all the references to one particular physical port, delete them, make the switch, and reestablish the dependencies.

 

If you're proficient enough, you could take a config backup, edit that file and restore it. After a reboot the new config will be in effect. Doable, often less effort, but requires some skill.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors