Hi
I'm currently replace a CISCO wifi solution by FortiAP one.
Actually, SSID'd are the same on all my subsite, but VLAN are different on each subsite.
For example :
[ul]On my forti wifi controller (200D), the SSID is linked to a single VLAN. Is there a way to configure each SSID on each subsite to use a different VLAN ?
Thanks for your help, Kevin
Hi,
I think you have two options:
1. Create a unique SSID profile for each site with the correct VLAN in it (can still have the same SSID name), the downside is that you are limited to how many SSID profiles you can create. Then apply that SSID to the FortiAP Profile.
2. Use "dynamic-vlan" command in the CLI, downside is that it must be WPA2-Enterprise, and you are also forced to use a server with radius so the correct VLAN can be applied.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Thanks for your help.
My problem is that i can not create 2 SSID with the same name, on the same controller (200D)... It would be to easy :)
Yeah, I see that now, I just tried ;)
Then dynamic-vlan is probably what you need.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Use Bridge SSID (instead tunnel) .... And control the VLAN on switch side...
Regards, Paulo Raponi
I agree with pcraponi... if you use dynamic vlan in this case then if a user visits the other office they'll be on the wrong vlan.
OK for the Bridge Local mode, but the result is the same : You can not have 2 VLAN definition on 1 SSID.
And You can not have 2 SSID with the same name, on the same controller.
I think you do not understand...
If you create a SSID as bridge, you do not need configure any VLAN on Fortigate side. Forget 2 ssid.
- Configure ONE ssid corp as bridge (Fortigate)
- configure your switch port on VLAN 125 on site A and VLAN 135 on site B. Both as "access mode" (Switch)
- Power yours access point in each site on those ports. (FortiAP)
- Now you have 1 SSID on Fortigate and yours VLANs on each site... FortiAP as bridge ssid will receive the VLAN that you configure in your switch
Regards,
Paulo Raponi
Regards, Paulo Raponi
An information that i haven't given : I need multiple SSID on this case.
So the access mode will allow only one SSID...
You can do bridge mode and assign vlan for each SSID, however the vlans will be identical for each site... you'll need to make sure the router assigns different subnets for those vlans at each site.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.