I have a network setup consisting of a FortiGate , FortiSwitch and multiple FortiAP . The connections are as follow:
FortiGate:
FortiSwitch:
SSID Configuration:
When clients connect to the Wi-Fi SSIDs broadcasted by the FortiAPs, they are not receiving IP addresses from the DHCP server, even though DHCP is enabled and configured correctly on the FortiGate for the SSID VLANs.
Upon further investigation, I noticed that the VLANs associated with the SSIDs (configured as optional VLAN IDs) do not appear on the FortiSwitch. This leads me to believe that the issue may be with the VLAN configuration on the FortiSwitch, where the VLANs for the SSIDs are not propagated correctly.
Could someone guide me on how to correctly propagate the SSID VLANs to the FortiSwitch so that clients connected to the Wi-Fi can receive DHCP addresses? Is there any additional configuration needed on the FortiSwitch to ensure these VLANs are properly handled?
PS: I need to use SSIDs in tunnel mode to enable client isolation even between devices connected via different APs.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @Thonno ,
No, you do not need to add any extra configuration on Fortiswitches. All you need to make sure is that your FortiAP is getting IP from DHCP and if it is connected then all the DHCP discover traffic from clients will be encapsulated under the CAPWAP. You can see the document below:
Regards
Verender
Hello @Thonno ,
No, you do not need to add any extra configuration on Fortiswitches. All you need to make sure is that your FortiAP is getting IP from DHCP and if it is connected then all the DHCP discover traffic from clients will be encapsulated under the CAPWAP. You can see the document below:
Regards
Verender
I solved it. The problem was that I had created the SSID with Optional VLAN and addressing all within the WiFi configuration.
I had to create the SSID without addressing and with only optional VLAN, and then create a new VLAN as a sub-interface of the SSID with the VLAN ID identical to the optional VLAN of the SSID and correct addressing.
Thank you very much for the help.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1632 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.