Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Forti-Mon
New Contributor III

Created on ‎11-28-2024 12:14 AM

FortiAP's on 3rd party switch

I need to connect a Forti AP through a Dell switch

 

I have 2 x fortiswitches with several working AP's, 2x SSID's all fine.

 

I setup a physical port which connects my Dell switch to my Edge switch stack and the fortiAP is online and given the correct DHCP address i setup.

 

But I cannot get DHCP to work on the SSID's of this AP.

 

Do i need to recreate VLANS? as I tried this and nobody could connect on any AP and was giving random 169.xxx addressed.

 

When i try and connect to either SSID on the not working AP - i get a 169 address.

 

I need it to see the VLANS on the fortlink - but dont know how to do this or if it can? thats why i think i need to recreate them?

 

Thanks

Labels:
949
0 Kudos
16 REPLIES 16
sjoshi
Staff
Staff

Created on ‎11-28-2024 01:37 AM

Hi,

 

To enable DHCP for the SSIDs on the FortiAP connected through a Dell switch, ensure that the VLANs are correctly configured on the FortiSwitches. Create FortiSwitch VLANs for the APs, assign them to the FortiSwitch ports connected to the Dell switch, and verify that the VLANs are correctly tagged on the Dell switch ports. Make sure the DHCP server settings on the FortiGate are properly configured to assign IP addresses to the SSIDs. If clients are receiving 169.xxx addresses, it indicates a DHCP issue, possibly due to VLAN misconfiguration. Double-check VLAN settings and ensure proper VLAN tagging on all switches involved in the network path.

Let us know if this helps.
Salon Raj Joshi
552
Forti-Mon
New Contributor III
In response to sjoshi

Created on ‎11-28-2024 01:48 AM

Hi, thanks for the reply

 

The Fortiswitch VLAN's work perfectly for any AP connecting to any ports on the Fortiswtich

I have several AP's running using those VLANs with no issues.

The DHCP works perfectly for both SSID's on the Fortiswitch AP's

 

The Fortiswitch isn't connected to the Dell switch

The Dell switch is connected to the Fortigate

545
0 Kudos
ebilcari
Staff
Staff
In response to Forti-Mon

Created on ‎11-28-2024 02:43 AM

If the SSIDs for this AP are in bridge mode, you have to span the VLANs through the Dell switch and configure them as sub interfaces in the FGT port where the Dell switch uplink is connected, like as the example:

subinterface.PNG

If you can use tunneled SSID, it will simplify the configuration since only the AP management VLAN need to be configured on the Dell switch, user traffic will be tunneled.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
535
Forti-Mon
New Contributor III
In response to ebilcari

Created on ‎11-28-2024 02:56 AM

I have done that

 

VLAN.png
 
Still doesn't work
529
0 Kudos
ebilcari
Staff
Staff
In response to Forti-Mon

Created on ‎11-28-2024 03:08 AM

Keep in mind that this is considered a new interface, using the same VLAN ID with a VLAN in the FortiLink will not span this VLAN.

You need to configure this sub/interface with its own IP and a DHCP server role and range.
A software switch creation may allow 'merging' this traffic but that require changes on existing configuration.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
521
Forti-Mon
New Contributor III
In response to ebilcari

Created on ‎11-28-2024 03:10 AM

Ok that makes sense.

So it's the mgmt VLAN that's the issue

I just have 2 VLAN's for the SSID's in the physical interface

Is a mgmt VLAN needed to be setup? then used as the native on the DELL switch?

513
0 Kudos
Forti-Mon
New Contributor III
In response to ebilcari

Created on ‎11-28-2024 03:07 AM

The AP mgmt VLAN is in the Fortilink....there isn't a mgmt VLAN in the physical port interface.....would I be using the fortilink mgmt VLAN as the native VLAN on the Dell switch port? or do I need a different one?

523
0 Kudos
ebilcari
Staff
Staff
In response to Forti-Mon

Created on ‎11-28-2024 06:59 AM

The new VLAN used for AP management in the Dell switch will not be related to FortiLink, just make sure to enable 'Security Fabric Connection' under 'Administrative Access' in FGT sub/interface settings. This will allow the build of CAPWAP tunnel and to manage the AP.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
445
Forti-Mon
New Contributor III

Created on ‎11-29-2024 01:23 AM

So to be clear

 

I have the physical port

I then need a mgmt VLAN

I then need a VLAN for one of the SSIDs

I then need a VLAN for the second SSID

 

These VLANs must have different ID's to the VLAN's in the Fortilink?

 

394
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.