Bridge SSID to FortiGate wired network

Chapter 6 Deploying Wireless Networks for FortiOS 5.0 : WiFi-Ethernet Bridge Operation : Bridge SSID to FortiGate wired network

A WiFi network can be combined with a wired LAN so that WiFi and wired clients are on the same subnet. This is a convenient configuration for users.

Figure 167: A FortiAP unit bridged with the internal network


	This configuration cannot be used in conjunction with Wireless Mesh features because it enables the FortiAP Local Bridge option.

To create the bridged WiFi and wired LAN configuration, you need to

• Configure the SSID with the Local Bridge option so that traffic is sent directly over the FortiAP unit’s Ethernet interface to the FortiGate unit, instead of being tunneled to the WiFi controller.

• Configure a software switch interface on the FortiGate unit with the WiFi and Internal network interfaces as members.

• Configure Captive Portal security for the software switch interface.

To configure the SSID - web-based manager

1. Go to WiFi Controller > WiFi Network > SSID and select Create New.

2. Enter:


Interface name	A name for the new WiFi interface, homenet_if for example.
Traffic Mode	Local bridge with FortiAP's Interface
SSID	The SSID visible to users, homenet for example.
Security Mode Data Encryption Preshared Key	Configure security as you would for a regular WiFi network.

3. Select OK.

4. Go to WiFi Controller > Managed Access Points > Managed FortiAP, select the FortiAP unit for editing.

5. Authorize the FortiAP unit.

6. The FortiAP unit can carry regular SSIDs in addition to the Bridge SSID.

Figure 168: SSID configured with Local Bridge option

To configure the SSID - CLI

This example creates a WiFi interface “homenet_if” with SSID “homenet” using WPA-Personal security, passphrase “Fortinet1”.

config wireless-controller vap

edit "homenet_if"

set vdom "root"

set ssid "homenet"

set local-bridging enable

set security wpa-personal

set passphrase "Fortinet1"

end

config wireless-controller wtp

edit FAP22B3U11005354

set admin enable

set vaps "homenet_if"

end

To configure the FortiGate unit - web-based manager

1. Go to System > Network > Interfaces and select Create New.

2. Enter:


Name	A name for the new interface, homenet_nw for example.
Type	Software Switch
Interface Members	Move internal and homenet_if into the Selected Interfaces list.
Addressing Mode	Select Manual and enter an address, for example 172.16.96.32/255.255.255.0
Enable DHCP Server	Enable.
Security Mode	Select Captive Portal. Add the permitted User Groups.

3. Select OK.

To configure the FortiGate unit - CLI

config system interface

edit homenet_nw

set ip 172.16.96.32 255.255.255.0

set type switch

set security-mode captive-portal

set security-groups "Guest-group"

end

config system interface

edit homenet_nw

set member "homenet_if" "internal"

end