Fortinet black logo

FortiWiFi and FortiAP Configuration Guide

Home FortiAP / FortiWiFi 7.2.0 FortiWiFi and FortiAP Configuration Guide

VLAN assignment by FortiAP group

7.2.0
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.1
7.2.0
7.0.4
7.0.2
7.0.1
7.0.0
6.4.6
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.2
6.2.0
6.0.5
6.0.4
6.0.3
5.6.4
5.4.3
Copy Link
Copy Doc ID 89ea0dba-bc2e-11ec-9fd1-fa163e15d75b:153336
Download PDF

VLAN assignment by FortiAP group

VLANs can be assigned dynamically based on FortiAP groups. Dynamic VLAN assignment allows the same SSID to be deployed to many APs, avoiding the need to produce multiple SSIDs.

You can create FortiAP groups to manage multiple APs at once. Grouping an AP enables you to apply specific profile settings and assign VLANs to all the APs in that group, simplifying the administrative workload. For example, you can group APs based on the floor or section of the office they are installed on. Each AP can belong to one group only. This feature is useful in large deployments as you can break down the broadcast domain, rather than putting all wireless clients into a single subnet. You can also apply security inspections and firewall rules based on the location of the wireless clients, providing you with more granular control over wireless traffic.

To create a FortiAP group, navigate to WiFi and Switch Controller > Managed FortiAPs and click Create New > Managed AP Group.

To assign a VLAN by FortiAP group - GUI
  1. Navigate to WiFi and Switch Controller > SSIDs to define an SSID.

  2. Enable VLAN Pooling and select Managed AP Group to assign a VLAN ID to a specified group.

    You can also choose other methods of assigning VLAN IDs (see VLAN assignment by FortiAP group).

  3. Click Create New to enter the VLAN ID you want to assign and the AP group you want to apply the ID to.

  4. Click OK to save.
To assign a VLAN by FortiAP group - CLI

In this example, VLAN 101, 102, or 103 is assigned depending on the AP's FortiAP group.

config wireless-controller vap

edit wlan

set vlan-pooling wtp-group

config vlan-pool

edit 101

set wtp-group wtpgrp1

next

edit 102

set wtp-group wtpgrp2

next

edit 101

set wtp-group wtpgrp3

end

end

end

Previous
Next

VLAN assignment by FortiAP group

VLANs can be assigned dynamically based on FortiAP groups. Dynamic VLAN assignment allows the same SSID to be deployed to many APs, avoiding the need to produce multiple SSIDs.

You can create FortiAP groups to manage multiple APs at once. Grouping an AP enables you to apply specific profile settings and assign VLANs to all the APs in that group, simplifying the administrative workload. For example, you can group APs based on the floor or section of the office they are installed on. Each AP can belong to one group only. This feature is useful in large deployments as you can break down the broadcast domain, rather than putting all wireless clients into a single subnet. You can also apply security inspections and firewall rules based on the location of the wireless clients, providing you with more granular control over wireless traffic.

To create a FortiAP group, navigate to WiFi and Switch Controller > Managed FortiAPs and click Create New > Managed AP Group.

To assign a VLAN by FortiAP group - GUI
  1. Navigate to WiFi and Switch Controller > SSIDs to define an SSID.

  2. Enable VLAN Pooling and select Managed AP Group to assign a VLAN ID to a specified group.

    You can also choose other methods of assigning VLAN IDs (see VLAN assignment by FortiAP group).

  3. Click Create New to enter the VLAN ID you want to assign and the AP group you want to apply the ID to.

  4. Click OK to save.
To assign a VLAN by FortiAP group - CLI

In this example, VLAN 101, 102, or 103 is assigned depending on the AP's FortiAP group.

config wireless-controller vap

edit wlan

set vlan-pooling wtp-group

config vlan-pool

edit 101

set wtp-group wtpgrp1

next

edit 102

set wtp-group wtpgrp2

next

edit 101

set wtp-group wtpgrp3

end

end

end

Previous
Next