How do I set up 2 FortiAP 28C's on the same subnet? If I create both units under Virtual Domains, WiFi Controller, WiFi Network, SSID on the FortiGate 310B, I get an error "IP address is in same subnet as the others". How do I fix this? Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are you trying to assign the same subnet to two separete SSIDs or is the range overlapping with other interfaces (eg internal) on your Fortigate?
Either way you could use a software switch:
Create a software switch, and assign the SSIDs and interfaces to the software switch.
http://docs.fortinet.com/d/fortigate-sharing-the-same-subnet-for-wifi-and-wired-clients
If it's just overlapping your internal range and the access points are installed directly in the LAN, you might want to change your wifis from tunneled to bridge mode:
The IP addresses were overlapping so I had to set the IP's so that it wouldn't overlap. It took me a while to figure out the subnet mask but that's what I did to figure out this problem.
I tried this and it doesn't let me configure the software switch. I am using a FortiWifi 50B running 4.0 MR3 patch 18. I go to add the interface for the software switch and the only one visible is the wifi interface. The video shows all of the physical interfaces in the left pane. What am I missing? I tried deleting everything and creating it again to no avail.
Geofbuck... what are you tryng to achieve?
Geofbuck, try to check if the interfaces you want to move into the software switch have any references. Sometimes I forget to disable DHCP on them or remove a policy and I can't figure out why it won't let me move it over. If you have anything tying the interface to a service it won't let you add it to a software switch (DHCP server, policy, etc). This is assuming you have your unit setup as interface mode and not switch mode.
Okay, I wondered if it was something like that. So this is how I have it configured:
INTERNAL interface has 6 VLANS (2-6) each with DNS and a DHCP server. I want the built-in wlan to be on the same subnet as the INTERNAL interface (VLAN1). So you are saying there is no way to tie the internal interface to the wifi in a software switch without wiping this current config and all my policies? Can I set up all my other VLANS 2-6 after? Is there no there way? My segmentation is as follows with priority based on the kind of traffic:
VLAN1 - network devices (internal interface)
VLAN2 - SECURITY systems
VLAN3 - streaming devices (Apple TV Sonos, Kodi, etc.)
VLAN4 - Automation control systems (Crestron, AMX, Savant, etc.)
VLAN5 - Home network devices (cell phone, PC's, printers, etc)
VLAN6 - guest network
I would settle for bridging the internal interface with the wlan one but I am guessing that it is not possible to bridge the wlan interface with VLAN5 right? This is because the vlan is not a physical interface so it won't work with the software switch?
You only have the FWF50B for wireless? No APs? Bridged SSIDs (with vlans for 2-6) would be the way to go if you had APs but I don't think v4 MR3 supported bridge mode SSIDs
Bridging ports is not only OS dependent but also (and foremost) hardware limited. Few of the smaller unit support it at all.
@Bromont: OP has stated he's using 2 28C APs and a FG-310B (how come you mention a FWF50B?).
The FG-310B should probably support software switches. In order to put physical ports and SSIDs into one switch all ports need to be free of references. More or less this means to 'exec factoryreset' the FGT, plus further deleting of the default config (DHCP server).
Generally, this kind of configuration is mandatorily done prior to any configuration (sorry, that's the way it is).
Given that you already configured VLANs on these ports you can alternatively sift through the config to find all the references to one particular physical port, delete them, make the switch, and reestablish the dependencies.
If you're proficient enough, you could take a config backup, edit that file and restore it. After a reboot the new config will be in effect. Doable, often less effort, but requires some skill.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.