Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

Fortigate 601F and FAP231F

Hi, I am new with fortigate.

Could you please guide me regarding Wireless configuration?

For now I configured port channel between Firtigate and my Juniper QFX core switch.

I distributed two vlans, one for OSPF and one for Forti MNG.

I configured HA and OSPF on the Fortigate.

I connected AP to the access switch and  the access port  is configured in vlan Forti MNG.

Fortigate discovered the AP.

The AP has been registered to fortigate.

But now I want to create SSID on the AP on Vlan 100, on Vlan 100 I have also DHCP configured.

But I am not able to achieve this.

I distributed the new vlan 100 between my core switch and fortigate but the missing part for me is how to provide vlan 100 to SSID on the AP?

I tried a few things but without effect, when I connect my phone to the AP, the client not receive DHCP address.

I use tunneling mode.

I didn't figured out how to implement vlan distribution over SSID on tunneling mode.


My question is do you have any Administrator guides or information how to implement this configuration with vlans?

Could I use only one VLAN on access port of the Access point or I have to use trunk with allowed vlans and native vlan?

Thank you in advance.



If you need to process the SSID client traffic via particular vlan you can configure the SSID with bridge mode.Kindly refer the below document on how to configure bridge mode.





Thank you for the information.
In Bridge mode it is easy, but the disadvantage is that when using Bridge mode, we have to distribute all vlan to all access points.

In Tunneling mode all vlans are distributed only between core sw and fortigates.
To AP I distribute only mng VLAN.

New Contributor II


My colleague did find a way to implement distributing VLAN to the AP from Fortigate in tunneling mode, but now we have another issue.

Now the issue is that the clients behind SSID receives DHCP from the VLAN but the clients are not able to ping their Gateway, also the clients don't have internet.

We implemented some policy rules to accept the traffic but without any results we continue to have connection issues.

Could you please share some advices or guidenances?

We use port X8 on fortigate and we dedicated it for receiving vlan 80 from core sw in clear trunk mode with allowed vlan 80.
The port is assigned on the new hardware switch on the fortigate with lan role.
Then we created policy rule:
Where for incoming interface we use SSID.
For outgoing interface we use OSPF interface in area 0.
For source we define the vlan 80 network.
For Destination we define ALL.

Top Kudoed Authors