Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Agreen
New Contributor

Created on ‎01-19-2024 06:25 AM

VLAN tagging on tunnel SSID

I am working on converting a customer from WatchGuard to Fortinet, to start with the FortiGate will only be used as WiFi controller. The setup is one FortiGate 200F running v7.4.2 and 32 FortiAP 233G.

 

Struggling with VLAN tagging on a tunnel SSID. Due to a desire to have client isolation and avoid VLAN configuration in the switch network, tunnel SSID is a requirement. No problem in to configure “Optional VLAN ID” on a bridge SSID and have the VLAN tagged on the LAN port but cannot get it working on a tunnel SSID.

 

Have tried only configuring “Optional VLAN ID” as on bridge SSID, tried configuring a VLAN under the SSID with and without IP address and a hundred other things but cannot get the VLAN tagged on the LAN port. What am I missing ?

 

 

Udklip 2.PNG

 

Agreen
Agreen
Labels:
1431
0 Kudos
4 REPLIES 4
mle2802
Staff
Staff

Created on ‎01-19-2024 06:33 AM

Hi @Agreen,

Can you please check this document https://community.fortinet.com/t5/FortiGate/Technical-Tip-Use-of-Optional-VLAN-ID-in-Tunnel-type-Wir...

Regards, 

1423
0 Kudos
Agreen
New Contributor
In response to mle2802

Created on ‎01-19-2024 06:45 AM

This is exactly the document I have looked at and tried to follow with a VLAN under the tunnel SSID, as shown on the screen dump. But the VLAN is not tagged on the LAN port, I must be missing something but can't figure out what.

Agreen
Agreen
1414
0 Kudos
mle2802
Staff
Staff
In response to Agreen

Created on ‎01-19-2024 08:37 AM

Hi @Agreen,

In that case I would suggest to open a case with TAC to better troubleshooting your issue.

1392
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎02-02-2024 04:55 PM

@Agreen 

 

Did you get the answer from TAC? I tried the same with Optional VLAN ID to test "L2 roaming" between multiple controllers/FGTs but the immediate controller FGT (7.2.6) ignores wifi client's DHCP Discovers although they're hitting it based on "dhcpc" app debug. I opened a ticket at TAC.

I'm thinking this might be a bug if I didn't miss anything important.

But I was wondering how your case turned out.

 

Toshi

1247
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.