VLANs can be assigned dynamically based on FortiAP groups. Dynamic VLAN assignment allows the same SSID to be deployed to many APs, avoiding the need to produce multiple SSIDs.
You can create FortiAP groups to manage multiple APs at once. Grouping an AP enables you to apply specific profile settings and assign VLANs to all the APs in that group, simplifying the administrative workload. For example, you can group APs based on the floor or section of the office they are installed on. Each AP can belong to one group only. This feature is useful in large deployments as you can break down the broadcast domain, rather than putting all wireless clients into a single subnet. You can also apply security inspections and firewall rules based on the location of the wireless clients, providing you with more granular control over wireless traffic.
To create a FortiAP group, navigate to WiFi and Switch Controller > Managed FortiAPs and click Create New > Managed AP Group.
- Navigate to WiFi and Switch Controller > SSIDs to define an SSID.
Enable VLAN Pooling and select Managed AP Group to assign a VLAN ID to a specified group.
You can also choose other methods of assigning VLAN IDs (see VLAN assignment by FortiAP group).
Click Create New to enter the VLAN ID you want to assign and the AP group you want to apply the ID to.
- Click OK to save.
In this example, VLAN 101, 102, or 103 is assigned depending on the AP's FortiAP group.
config wireless-controller vap
set vlan-pooling wtp-group
set wtp-group wtpgrp1
set wtp-group wtpgrp2
set wtp-group wtpgrp3