Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Agreen
New Contributor

VLAN tagging on tunnel SSID

I am working on converting a customer from WatchGuard to Fortinet, to start with the FortiGate will only be used as WiFi controller. The setup is one FortiGate 200F running v7.4.2 and 32 FortiAP 233G.

 

Struggling with VLAN tagging on a tunnel SSID. Due to a desire to have client isolation and avoid VLAN configuration in the switch network, tunnel SSID is a requirement. No problem in to configure “Optional VLAN ID” on a bridge SSID and have the VLAN tagged on the LAN port but cannot get it working on a tunnel SSID.

 

Have tried only configuring “Optional VLAN ID” as on bridge SSID, tried configuring a VLAN under the SSID with and without IP address and a hundred other things but cannot get the VLAN tagged on the LAN port. What am I missing ?

 

 

Udklip 2.PNG

 

Agreen
Agreen
4 REPLIES 4
mle2802
Staff
Staff
Agreen
New Contributor

This is exactly the document I have looked at and tried to follow with a VLAN under the tunnel SSID, as shown on the screen dump. But the VLAN is not tagged on the LAN port, I must be missing something but can't figure out what.

Agreen
Agreen
mle2802

Hi @Agreen,

In that case I would suggest to open a case with TAC to better troubleshooting your issue.

Toshi_Esumi
Esteemed Contributor III

@Agreen 

 

Did you get the answer from TAC? I tried the same with Optional VLAN ID to test "L2 roaming" between multiple controllers/FGTs but the immediate controller FGT (7.2.6) ignores wifi client's DHCP Discovers although they're hitting it based on "dhcpc" app debug. I opened a ticket at TAC.

I'm thinking this might be a bug if I didn't miss anything important.

But I was wondering how your case turned out.

 

Toshi

Labels
Top Kudoed Authors