Description
This article describes how to keep a WiFi network on the same subnet as a LAN or desired VLAN network. This is important as a FortiGate unit requires each network interface to have a single unique network segment.
Scope
FortiGate.
Solution
Note: Bridge mode is not available on local WiFi radio on FortiWifi. Instead, use a software switch by following the instructions in
this article.
To create a bridged WiFi and wired LAN configuration, it is necessary to configure the SSID with the local bridge option so that traffic is sent directly over the FortiAP unit’s Ethernet interface to the FortiGate unit, instead of being tunneled to the WiFi controller.
- Navigate to WiFi Controller -> SSIDs.
- Give a name then select the traffic mode as 'Bridge', configure the SSID and passphrase.
If it is necessary to have the WiFi network on the same subnet of the VLAN network which is configured in FortiGate, enter the VLAN ID. By default, the VLAN ID is 0.
- Navigate to WiFi Controller -> FortiAP profiles -> edit the FortiAP profile applied to the AP, then select the bridge SSID.
Configure the bridge SSID with CLI commands.
This example creates a WiFi interface 'Corporate_WiFi' with SSID 'Office_WiFi' using the WPA-Personal security passphrase 'Fortinet1'.
config wireless-controller vap
show
config wireless-controller vap
edit "Corporate_Wifi"
set ssid "Office_Wifi"
set passphrase ENC
set local-bridging enable
set schedule "always"
set vlanid 10
next
end
config wireless-controller wtp-profile
edit "FAP221C-default"
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
set vap-all bridge
set channel "1" "6" "11"
end
If the DHCP server is configured on a LAN interface, WLAN clients get an IP from the LAN DHCP lease scope on the FortiGate. If there is a DHCP server, it is not necessary to create a DHCP relay since both the WLAN and LAN fall under the bridge interface.