Fortinet black logo

FortiWiFi and FortiAP Configuration Guide

VLAN assignment by VLAN pool

Copy Link
Copy Doc ID 87eec643-a25f-11ed-8e6d-fa163e15d75b:84238
Download PDF

VLAN assignment by VLAN pool

You can define VLAN pooling and load balancing VLANs on the SSID configuration page. FortiGate automatically adds all load balancing VLANs to a zone based on the SSID they were defined in. VLANs are tied to the SSID interface, the zone name includes the SSID interface name followed by .zone. You must configure the network and DHCP options for each VLAN ID.

In an SSID, you can define a VLAN pool. As clients associate to an AP, they are assigned to a VLAN. A VLAN pool can:

  • assign a specific VLAN based on the AP's FortiAP group, usually for network configuration reasons, or
  • assign one of several available VLANs for network load balancing purposes (tunnel mode SSIDs only).

See Reserved VLAN IDs.

If the VLAN pool contains no valid VLAN ID, the SSID static VLAN ID setting is used.

Load balancing

VLAN pooling load balancing is available only for SSIDs operating in tunnel mode. There are two VLAN pooling methods available to provide load balancing options for wireless clients:

  • Round robin - Assigns the least busy VLAN (the VLAN with the smallest number of clients) to new clients from the VLAN pool.
  • Hash - Identifies which VLAN to use based on the hash value of the current number of clients connected to the SSID and the number of VLANs available in the pool.
To assign a VLAN load balancing method - GUI
  1. Navigate to WiFi and Switch Controller > SSIDs to define an SSID.
  2. Enable VLAN Pooling and select a load balancing method.

    • Round Robin: Assigns the next VLAN ID to each device as it is detected.
    • Hash: Always assigns the same VLAN ID to a specific device.

  3. Click Create New to enter the VLAN ID you want to assign.
  4. Click OK to save.
To assign a VLAN by round-robin selection - CLI

In this example, VLAN 101, 102, or 103 is assigned using the round-robin method:

config wireless-controller vap

edit wlan

set vlan-pooling round-robin

config vlan-pool

edit 101

next

edit 102

next

edit 103

end

end

end

To assign a VLAN by hash-based selection - CLI

In this example, VLAN 101, 102, or 103 is assigned using the hash method:

config wireless-controller vap

edit wlan

set vlan-pooling hash

config vlan-pool

edit 101

next

edit 102

next

edit 103

end

end

end

VLAN assignment by VLAN pool

You can define VLAN pooling and load balancing VLANs on the SSID configuration page. FortiGate automatically adds all load balancing VLANs to a zone based on the SSID they were defined in. VLANs are tied to the SSID interface, the zone name includes the SSID interface name followed by .zone. You must configure the network and DHCP options for each VLAN ID.

In an SSID, you can define a VLAN pool. As clients associate to an AP, they are assigned to a VLAN. A VLAN pool can:

  • assign a specific VLAN based on the AP's FortiAP group, usually for network configuration reasons, or
  • assign one of several available VLANs for network load balancing purposes (tunnel mode SSIDs only).

See Reserved VLAN IDs.

If the VLAN pool contains no valid VLAN ID, the SSID static VLAN ID setting is used.

Load balancing

VLAN pooling load balancing is available only for SSIDs operating in tunnel mode. There are two VLAN pooling methods available to provide load balancing options for wireless clients:

  • Round robin - Assigns the least busy VLAN (the VLAN with the smallest number of clients) to new clients from the VLAN pool.
  • Hash - Identifies which VLAN to use based on the hash value of the current number of clients connected to the SSID and the number of VLANs available in the pool.
To assign a VLAN load balancing method - GUI
  1. Navigate to WiFi and Switch Controller > SSIDs to define an SSID.
  2. Enable VLAN Pooling and select a load balancing method.

    • Round Robin: Assigns the next VLAN ID to each device as it is detected.
    • Hash: Always assigns the same VLAN ID to a specific device.

  3. Click Create New to enter the VLAN ID you want to assign.
  4. Click OK to save.
To assign a VLAN by round-robin selection - CLI

In this example, VLAN 101, 102, or 103 is assigned using the round-robin method:

config wireless-controller vap

edit wlan

set vlan-pooling round-robin

config vlan-pool

edit 101

next

edit 102

next

edit 103

end

end

end

To assign a VLAN by hash-based selection - CLI

In this example, VLAN 101, 102, or 103 is assigned using the hash method:

config wireless-controller vap

edit wlan

set vlan-pooling hash

config vlan-pool

edit 101

next

edit 102

next

edit 103

end

end

end