VLAN assignment by FortiAP group
VLANs can be assigned dynamically based on FortiAP groups. Dynamic VLAN assignment allows the same SSID to be deployed to many APs, avoiding the need to produce multiple SSIDs.
You can create FortiAP groups to manage multiple APs at once. Grouping an AP enables you to apply assign VLANs to all the APs in that group, simplifying the administrative workload. For example, you can group APs based on the floor or section of the office they are installed on. Each AP can belong to one group only. This feature is useful in large deployments as you can break down the broadcast domain, rather than putting all wireless clients into a single subnet. You can also apply security inspections and firewall rules based on the location of the wireless clients, providing you with more granular control over wireless traffic.
To create a FortiAP group, navigate to WiFi and Switch Controller > Managed FortiAPs and click Create New > Managed AP Group.
To assign a VLAN by FortiAP group - GUI:
- Navigate to WiFi and Switch Controller > SSIDs to define an SSID.
-
Enable VLAN Pooling and select Managed AP Group to assign a VLAN ID to a specified group.
You can also choose other methods of assigning VLAN IDs (see Load balancing ).
-
Click Create New to enter the VLAN ID you want to assign and the AP group you want to apply the ID to.
- Click OK to save.
To assign a VLAN by FortiAP group - CLI:
In this example, VLAN 101, 102, or 103 is assigned depending on the AP's FortiAP group.
config wireless-controller vap
edit wlan
set vlan-pooling wtp-group
config vlan-pool
edit 101
set wtp-group wtpgrp1
next
edit 102
set wtp-group wtpgrp2
next
edit 101
set wtp-group wtpgrp3
end
end
end