Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
shlomim
New Contributor II

Created on ‎04-07-2025 10:03 AM

Using Software Switch and CAPWAP Tunnel mode - would it have negative effect ?

Hi,

Our topology is quite simple - 

40F Firewall connected to POE FortiSwitch, 5x831F and 2x221F Access points connected to the FortiSwitch.

The FortiSwitch and APs are managed via the 40F Controller.

The 40F Firewall on a different interface is connected to Cisco Switch for RJ45/Cable connections, which is connected to more switches etc.

 

From the idea of not wasting overhead for CAPWAP Tunnel mode, the SSID's have been configured as Local switching, the interface terminates on the firewall.

 

I've been asked to extend the STAFF SSID's VLAN to the Physical network - and I see that there are 2 options to do it - the first is to connect the FortiSwitch to the Cisco Switch to span the L2.

the second option would be to create a Software Switch, configure the SSID to use tunnel mode and terminate it on the interface connected to the software switch.

 

question is - would it have negative effect on performance ?

172
0 Kudos
2 REPLIES 2
Anthony_E
Community Manager
Community Manager

Created on ‎04-09-2025 09:09 PM Edited on ‎04-10-2025 12:34 AM

Hello,

 

Using a software switch in conjunction with a CAPWAP tunnel mode can potentially have some negative effects, primarily related to performance:

 

  1. Performance Overhead: Software switches can introduce additional processing overhead compared to hardware-based switching. This can lead to increased latency and reduced throughput, especially under high-traffic conditions.
  2. IP Fragmentation: CAPWAP tunnels can increase packet size due to encapsulation overhead, potentially leading to IP fragmentation if the packets exceed the MTU size. This can result in decreased performance and increased latency.
  3. Resource Utilization: Running both a software switch and CAPWAP tunnels can increase CPU and memory usage on the device, which might affect overall performance, especially if the device is handling a large number of connections or high traffic volumes.
  4. Configuration Complexity: Managing both software switches and CAPWAP tunnels can add complexity to network configuration and troubleshooting.

 

To mitigate these effects, ensure that the network is properly configured to handle the expected traffic load, and consider using hardware-based solutions where possible to improve performance.

 

Additionally, configuring CAPWAP IP fragmentation control settings can help prevent packet fragmentation issues.

 

Hope it helps.

 

Regards,

Anthony-Fortinet Community Team.
131
shlomim
New Contributor II
In response to Anthony_E

Created on ‎04-10-2025 12:38 AM

Hi Anthony,

thank you the information and prompt response.

I was worried about damaging the performance.

is there any other way to span an interface/VLAN over the physical ports of the 40F and over the FortiSwitch while using the interface to manage the switch ?

107
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.