Hello,
I am trying to understand how the "VLAN assignment by FortiAP group" works. I can understand that this function allows using one SSID in multiple locations, and each location can be configured with a different VLAN with this SSID.
I would like to understand how this configuration is working when the SSID is in tunnel mode and has an IP address configured in it.
The plan is to have 5 locations with 1 SSID for corporate users. Each location will have it's own VLAN for corporate users and the DHCP scope will be individual per each location.
How FortiGate will be able to use one SSID and switch between VLANs, route the traffic and forward requests to the DHCP server based on the VLAN configured to the specific AP group?
Will be grateful for any hint.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Group the APs based on location (e.g., Location A, Location B, etc.) under WiFi and Switch Controller > Managed FortiAPs. Navigate to WiFi and Switch Controller > SSIDs to define the SSID in tunnel mode. - Enable VLAN Pooling and select Managed AP Group to assign a VLAN ID to each FortiAP group. - Configure individual VLANs for each location (e.g., VLAN 101 for Location A, VLAN 102 for Location B, etc.). - Ensure each FortiAP group is associated with the correct VLAN ID. Setup a DHCP scope on each vlan
Please check the doc: https://docs.fortinet.com/document/fortiap/7.4.0/fortiwifi-and-fortiap-configuration-guide/153336/vl...
Created on 09-07-2024 09:25 AM Edited on 09-07-2024 09:26 AM
Thank you very much for your answer.
The documentation is not what I am looking for. I am trying to understand how FortiGate will use this type of configuration.
I will create a L3 interfaces for each VLANs with IP address and DHCP scope in each VLAN. I will create AP Group per location and associate all the relevant APs per location. I will create a single SSID, which will be configured with IP address, DHCP scope and some other parameters.
After this is complete, I will configure VLAN pooling associate each Managed AP Group with ID of the VLAN.
My question is how FortiGate will make the connection between the VLAN and the SSID for the correct location.
In case user A in location A is connecting to the SSID. Normally, the user will obtain an IP from the SSID DHCP scope. Since there is a VLAN pooling, I assume that FortiGate will not provide an IP address from the SSID scope but will virtually pull the IP address of the relevant VLAN associated to the AP group.
Can you please confirm that my understanding is correct?
You can also consider dynamic VLAN configuration.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.