Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Forti-Mon
New Contributor III

Created on ‎11-28-2024 12:14 AM

FortiAP's on 3rd party switch

I need to connect a Forti AP through a Dell switch

 

I have 2 x fortiswitches with several working AP's, 2x SSID's all fine.

 

I setup a physical port which connects my Dell switch to my Edge switch stack and the fortiAP is online and given the correct DHCP address i setup.

 

But I cannot get DHCP to work on the SSID's of this AP.

 

Do i need to recreate VLANS? as I tried this and nobody could connect on any AP and was giving random 169.xxx addressed.

 

When i try and connect to either SSID on the not working AP - i get a 169 address.

 

I need it to see the VLANS on the fortlink - but dont know how to do this or if it can? thats why i think i need to recreate them?

 

Thanks

Labels:
892
0 Kudos
16 REPLIES 16
ebilcari
Staff
Staff
In response to Forti-Mon

Created on ‎11-29-2024 02:26 AM Edited on ‎11-29-2024 02:32 AM

Yes, and the VLAN used for AP management should have enabled 'Security Fabric Connection'.

The VLAN ID can also have the same ID with the VLANs used in Fortilink but they will not be related at all so it would be better to use other IDs to avoid the confusion.

As mentioned earlier you can also use a software switch to combine all this networks to a single subnet, but that involves configuration changes and doesn't fit every deployment due to performance limitation. In the example below there are 3 type of interfaces: sub/interface VLAN, a Fortilink VLAN and a SSID in the same software switch and they are using the same subnet:

software switch.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
353
Forti-Mon
New Contributor III

Created on ‎11-29-2024 06:41 AM

the second I change the native VLAN on the switch to the VLAN created in fortigate, the AP drops offline. 

any ideas?

333
0 Kudos
ebilcari
Staff
Staff
In response to Forti-Mon

Created on ‎11-29-2024 06:50 AM

You can try to reboot the AP by cutting PoE, so it can receive an IP from the new subnet. Also make sure on the switch configuration to have the VLAN as access on the port when the AP is connected and allow it in the trunk/uplink port with the FGT.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
329
Forti-Mon
New Contributor III

Created on ‎11-29-2024 07:13 AM

So set the managed AP VLAN attached to the physical interface an access port on the DELL switch?

as it's currently a trunk port?

322
0 Kudos
ebilcari
Staff
Staff
In response to Forti-Mon

Created on ‎11-29-2024 07:27 AM

I meant to set the AP management VLAN as the native/PVID/untagged VLAN in the port. Every vendor like to put a different name on this :)

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
301
Forti-Mon
New Contributor III

Created on ‎12-05-2024 01:48 AM

The second i change the untagged native VLAN from the Fortilink VLAN to the Phyiscal interface untagged VLAN the AP goes offline

 

Just dont understand why

213
0 Kudos
ebilcari
Staff
Staff
In response to Forti-Mon

Created on ‎12-06-2024 01:19 AM

You need to isolate the problem:
- at L2 level, verify that the switch learns the MAC addresses of the AP and the FGT on the new VLAN.
- at L3 level, verify that the AP has received a new IP from DHCP and the new subnet, AP should be pinged by FGT. Verify AP configuration if it has any static IP configured.
- CAPWAP tunnel troubleshoot, like shown in this article.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
180
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.