Fortinet black logo

FortiWiFi and FortiAP Configuration Guide

Home FortiAP / FortiWiFi 7.4.4 FortiWiFi and FortiAP Configuration Guide
7.4.4
7.6.0
7.4.5
7.4.4
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.1
7.2.0
7.0.4
7.0.2
7.0.1
7.0.0
6.4.6
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.2
6.2.0
6.0.5
6.0.4
6.0.3
5.6.4
5.4.3

Wireless network with wired LAN configuration

Wireless network with wired LAN configuration

This section includes the following topics:

How to combine a wireless network and wired LAN with a software switch

A wireless network can be combined with a wired LAN so that wireless and wired clients are on the same subnet. This is a convenient configuration for users.

Software switches are only available if your FortiGate is in Interface mode.

Caution

Wireless Mesh features cannot be used in conjunction with this configuration because they enable the FortiAP Local Bridge option.

To create the wireless network and wired LAN configuration, you need to:

  • Configure the SSID so that traffic is tunneled to the WiFi controller.
  • Configure a software switch interface on the FortiGate unit with the wireless and internal network interface as members.
  • Configure Captive Portal security for the software switch interface.
To configure the SSID - GUI:
  1. Go to WiFi and Switch Controller > SSIDs and select Create New.
  2. Complete the following fields:

    Interface name

    A name for the new wireless interface.

    Traffic Mode

    Local bridge with FortiAP interface.

    SSID

    The SSID visible to users.

    Security Mode

    Configure security as you would for a regular wireless network.

    Pre-shared Key

    A network access key for the SSID.

  3. Click OK.
  4. Go to WiFi and Switch Controller > Managed FortiAPs, select the FortiAP unit for editing.
  5. Authorize the FortiAP unit.

    The FortiAP unit can carry regular SSIDs in addition to the Bridge SSID.

To configure the SSID - CLI:

This example creates a wireless interface "homenet_if" with SSID "homenet" using WPA-Personal security, passphrase "Fortinet1234".

config wireless-controller vap

edit "homenet_if"

set vdom "root"

set ssid "homenet"

set security wpa-personal

set passphrase "Fortinet1234"

end

config wireless-controller wtp

edit FAP22B3U11005354

set admin enable

set vaps "homenet_if"

end

To configure the FortiGate software switch - GUI:
  1. Go to Network > Interfaces and select Create New > Interface.
  2. Complete the following fields:

    Interface Name

    A name for the new interface. For example, homenet_nw.

    Type

    Software Switch

    Physical Interface Members

    Add homenet_if and the internal network interface.

    Addressing mode

    Select Manual and enter an address, for example 172.16.96.32/255.255.255.0

    DHCP Server

    Enable and configure an address range for clients.

    Security Mode

    Select Captive Portal. Add the permitted User Groups.

  3. Select OK.
To configure the FortiGate software switch - CLI:

config system interface

edit homenet_nw

set ip 172.16.96.32 255.255.255.0

set type switch

set security-mode captive-portal

set security-groups "Guest-group"

end

config system interface

edit homenet_nw

set member "homenet_if" "internal"

end

VLAN configuration

If your environment uses VLAN tagging, you assign the SSID to a specific VLAN in the CLI. See Reserved VLAN IDs. For example, to assign the homenet_if interface to VLAN 100, enter:

config wireless-controller vap

edit "homenet_if"

set vlanid 100

end

Additional configuration

The configuration described above provides communication between wireless and wired LAN users only. To provide access to other networks, create appropriate firewall policies between the software switch and other interfaces.

Previous
Next

Wireless network with wired LAN configuration

Wireless network with wired LAN configuration

This section includes the following topics:

How to combine a wireless network and wired LAN with a software switch

A wireless network can be combined with a wired LAN so that wireless and wired clients are on the same subnet. This is a convenient configuration for users.

Software switches are only available if your FortiGate is in Interface mode.

Caution

Wireless Mesh features cannot be used in conjunction with this configuration because they enable the FortiAP Local Bridge option.

To create the wireless network and wired LAN configuration, you need to:

  • Configure the SSID so that traffic is tunneled to the WiFi controller.
  • Configure a software switch interface on the FortiGate unit with the wireless and internal network interface as members.
  • Configure Captive Portal security for the software switch interface.
To configure the SSID - GUI:
  1. Go to WiFi and Switch Controller > SSIDs and select Create New.
  2. Complete the following fields:

    Interface name

    A name for the new wireless interface.

    Traffic Mode

    Local bridge with FortiAP interface.

    SSID

    The SSID visible to users.

    Security Mode

    Configure security as you would for a regular wireless network.

    Pre-shared Key

    A network access key for the SSID.

  3. Click OK.
  4. Go to WiFi and Switch Controller > Managed FortiAPs, select the FortiAP unit for editing.
  5. Authorize the FortiAP unit.

    The FortiAP unit can carry regular SSIDs in addition to the Bridge SSID.

To configure the SSID - CLI:

This example creates a wireless interface "homenet_if" with SSID "homenet" using WPA-Personal security, passphrase "Fortinet1234".

config wireless-controller vap

edit "homenet_if"

set vdom "root"

set ssid "homenet"

set security wpa-personal

set passphrase "Fortinet1234"

end

config wireless-controller wtp

edit FAP22B3U11005354

set admin enable

set vaps "homenet_if"

end

To configure the FortiGate software switch - GUI:
  1. Go to Network > Interfaces and select Create New > Interface.
  2. Complete the following fields:

    Interface Name

    A name for the new interface. For example, homenet_nw.

    Type

    Software Switch

    Physical Interface Members

    Add homenet_if and the internal network interface.

    Addressing mode

    Select Manual and enter an address, for example 172.16.96.32/255.255.255.0

    DHCP Server

    Enable and configure an address range for clients.

    Security Mode

    Select Captive Portal. Add the permitted User Groups.

  3. Select OK.
To configure the FortiGate software switch - CLI:

config system interface

edit homenet_nw

set ip 172.16.96.32 255.255.255.0

set type switch

set security-mode captive-portal

set security-groups "Guest-group"

end

config system interface

edit homenet_nw

set member "homenet_if" "internal"

end

VLAN configuration

If your environment uses VLAN tagging, you assign the SSID to a specific VLAN in the CLI. See Reserved VLAN IDs. For example, to assign the homenet_if interface to VLAN 100, enter:

config wireless-controller vap

edit "homenet_if"

set vlanid 100

end

Additional configuration

The configuration described above provides communication between wireless and wired LAN users only. To provide access to other networks, create appropriate firewall policies between the software switch and other interfaces.

Previous
Next