Hi, I am new with fortigate.
Could you please guide me regarding Wireless configuration?
For now I configured port channel between Firtigate and my Juniper QFX core switch.
I distributed two vlans, one for OSPF and one for Forti MNG.
I configured HA and OSPF on the Fortigate.
I connected AP to the access switch and the access port is configured in vlan Forti MNG.
Fortigate discovered the AP.
The AP has been registered to fortigate.
But now I want to create SSID on the AP on Vlan 100, on Vlan 100 I have also DHCP configured.
But I am not able to achieve this.
I distributed the new vlan 100 between my core switch and fortigate but the missing part for me is how to provide vlan 100 to SSID on the AP?
I tried a few things but without effect, when I connect my phone to the AP, the client not receive DHCP address.
I use tunneling mode.
I didn't figured out how to implement vlan distribution over SSID on tunneling mode.
My question is do you have any Administrator guides or information how to implement this configuration with vlans?
Could I use only one VLAN on access port of the Access point or I have to use trunk with allowed vlans and native vlan?
Thank you in advance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
If you need to process the SSID client traffic via particular vlan you can configure the SSID with bridge mode.Kindly refer the below document on how to configure bridge mode.
Regards
Jamal
Thank you for the information.
In Bridge mode it is easy, but the disadvantage is that when using Bridge mode, we have to distribute all vlan to all access points.
In Tunneling mode all vlans are distributed only between core sw and fortigates.
To AP I distribute only mng VLAN.
Hi,
My colleague did find a way to implement distributing VLAN to the AP from Fortigate in tunneling mode, but now we have another issue.
Now the issue is that the clients behind SSID receives DHCP from the VLAN but the clients are not able to ping their Gateway, also the clients don't have internet.
We implemented some policy rules to accept the traffic but without any results we continue to have connection issues.
Could you please share some advices or guidenances?
We use port X8 on fortigate and we dedicated it for receiving vlan 80 from core sw in clear trunk mode with allowed vlan 80.
The port is assigned on the new hardware switch on the fortigate with lan role.
Then we created policy rule:
Where for incoming interface we use SSID.
For outgoing interface we use OSPF interface in area 0.
For source we define the vlan 80 network.
For Destination we define ALL.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1548 | |
1032 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.