Solved! Go to Solution.
Hi Jared,
FWF wireless traffic is already handled locally from FGT point of view even it's called tunnel mode.
Lei
Have you added the VLAN ID to the Wifi Interface ?
Balaji
Sorry, I just login back the fortigate. I can not see the vlan option in the wifi.
Anyone know how can I set it to use the vlan for wifi? I open a software switch named lan, and create a vlan in this software switch, then put the wifi into this software switch. The wifi got the IP of software switch only not the vlan.
Hey there,
What you are seeing is the default behavior of a software switch. IP info assigned to a software switch overrides ip info on any interface added to a software switch.
As a side note, you may want to strengthen your Google Fu a little bit as my first query pulled up: https://docs.fortinet.com/uploaded/files/1671/assigning-wireless-users-to-different-networks-using-d... While that may or may not be what you are looking for, there is a ton of documentation out there with examples before getting snippy in a forum.
Cheers,
Sidwaysguy
Hi there,
Do you have the vlan already configured on switches in the environment? If so then using Bridge mode, you can specify the VLAN. At that point, the port that the AP is plugged into will need to have that tag as an allowed VLAN for the SSID to bridge to the LAN.
Thanks Sidewaysguy.
No. I am not using the external AP, I am using the internal AP Feature.
Software Switch=lan
Role=lan
Vlan Interface=Vlan123
Wifi=tunnel mode (Builtin in Fortigate)
Wifi attached interface=lan
My software switch IP (192.168.10.28), DHCP=192.168.10.51-192.168.10.100
My Vlan interface IP (192.168.123.28), DHCP=192.168.123.51-192.168.123.100
The connected device (example: iphone) get the IP 192.168.10.51, but I want it get 192.168.123.51. How can I set it? I can not find the vlan option in wifi. Thanks.
I think you may be missing what I said above.... Have you tried configuring the SSID in bridge mode and specifying the VLAN there. As well, also noted above is that with a Software Switch, any IP configuration will override any interfaces' configuration that is added to the Software Switch. I haven't specifically tested your scenario, but i would see that would still apply.
Besides, just wanting to accomplish this, if everything is internal to the FortiWifi, why not just leave the SSID as a separate interface and use policy to direct traffic to the other subnets? You haven't explained why the VLAN interface is actually needed if it's not being tagged on other devices.
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.