All our SSID's are tunneled. But now I need a locally bridged SSID (name "tech") in a separate VLAN (eg VLAN20). VLAN20 is an existing VLAN interface on the Fortigate (serving as gateway, DHCP, DNS...).
A few existing tunneled SSID's and the new bridged SSID need to be available on the same access points.
Fortigate is still on 5.8.6.
Switchport where the access point is connected should accept both VLANs: CAPWAP untagged/default, VLAN20 tagged (since I guess AP is tagging bridged traffic with setting "Optional VLAN ID" in SSID config on the fortigate).
My wifi client authenticates fine to SSID tech (WPA2 pre shared key for testing), but does not get an IP from DHCP. With manual IP on the client device, I can't even ping the VLAN20 interface IP (gateway). Nothing of significance in logs either...
I must be missing something.
Is it even possible ?
Ok, got it working, so it is possible.
VLAN was missing on a trunk somewhere in between...
User | Count |
---|---|
1883 | |
1141 | |
769 | |
447 | |
277 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.