FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home

Video

FortiGuard

Fuse

KB

Support

  • All Files

Home > Online Help

> Chapter 8 - Deploying Wireless Networks > Access point deployment > LAN port options

LAN port options

Some FortiAP models have one or more ethernet interfaces marked LAN. These ports can provide wired network access. LAN ports are bridged to either the wired WAN interface or to one of the WiFi SSIDs that the FortiAP unit carries.

Bridging a LAN port with an SSID

Bridging a LAN port with a FortiAP SSID combines traffic from both sources to provide a single broadcast domain for wired and wireless users.

In this configuration

  • The IP addresses for LAN clients come from the DHCP server that serves the wireless clients.
  • Traffic from LAN clients is bridged to the SSID’s VLAN. Dynamic VLAN assignment for hosts on the LAN port is not supported.
  • Wireless and LAN clients are on the same network and can communicate locally, via the FortiAP.
  • Any host connected to the LAN port will be taken as authenticated. RADIUS MAC authentication for hosts on the LAN port is not supported.

For configuration instructions, see LAN port options.

Bridging a LAN port with the WAN port

Bridging a LAN port with the WAN port enables the FortiAP unit to be used as a hub which is also an access point.

In this configuration

  • The IP addresses for LAN clients come from the WAN directly and will typically be in the same range as the AP itself.
  • All LAN client traffic is bridged directly to the WAN interface.
  • Communication between wireless and LAN clients can only occur if a policy on the FortiGate unit allows it.

For configuration instructions, see LAN port options.

Configuring FortiAP LAN ports

You can configure FortiAP LAN ports for APs in a FortiAP Profile. A profile applies to APs that are the same model and share the same configuration. If you have multiple models or different configurations, you might need to create several FortiAP Profiles. For an individual AP, it is also possible to override the profile settings.

To configure FortiAP LAN ports in a FortiAP Profile - web-based manager
  1. Go to WiFi Controller > FortiAP Profiles.
  2. Edit the default profile for your FortiAP model or select Create New.
  3. If you are creating a new profile, enter a Name and select the correct Platform (model).
  4. Select SSIDs.
  5. In the LAN Port section, set Mode to Bridge to and select an SSID or WAN Port as needed.
    On some models with multiple LAN ports, you can set Mode to Custom and configure the LAN ports individually. Enable each port that you want to use and select an SSID or WAN Port as needed.
  6. Select OK.

Be sure to select this profile when you authorize your FortiAP units.

To configure FortiAP LAN ports - CLI

In this example, the default FortiAP-11C profile is configured to bridge the LAN port to the office SSID.

config wireless-controller wtp-profile

edit FAP11C-default

config lan

set port-mode bridge-to-ssid

set port-ssid office

end

end

end

In this example, the default FortiAP-28C profile is configured to bridge LAN port1 to the office SSID and to bridge the other LAN ports to the WAN port.

config wireless-controller wtp-profile

edit FAP28C-default

config lan

set port1-mode bridge-to-ssid

set port1-ssid office

set port2-mode bridge-to-wan

set port3-mode bridge-to-wan

set port4-mode bridge-to-wan

set port5-mode bridge-to-wan

set port6-mode bridge-to-wan

set port7-mode bridge-to-wan

set port8-mode bridge-to-wan

end

end

To configure FortiAP unit LAN ports as a FortiAP Profile override - web-based manager
  1. Go to WiFi Controller > Managed Access Points > Managed FortiAPs.
    On FortiGate models 100D, 600C, 800C, and 1000C, go to WiFi & Switch Controller > Managed Devices > Managed FortiAPs.
  2. Select the FortiAP unit from the list and select Edit.
  3. Select the FortiAP Profile, if this has not already been done.
  4. Enable Override Settings.
  5. In the LAN Port section, set Mode to Bridge to and select an SSID or WAN Port as needed.
    On some models with multiple LAN ports, you can set Mode to Custom and configure the LAN ports individually. Enable each port that you want to use and select an SSID or WAN Port as needed.
  6. Select OK.
To configure FortiAP unit LAN ports as a FortiAP Profile override - CLI

In this example, a FortiAP unit’s configuration overrides the FortiAP Profile to bridge the LAN port to the WAN port.

config wireless-controller wtp

edit FAP11C3X13000412

set wtp-profile FAP11C-default

set override-profile enable

config lan

set port-mode bridge-to-wan

end

end

 

Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy