Combining WiFi and wired networks with a software switch

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

Including mobile (WiFi) users on your office LAN can be more convenient than putting them on a separate wireless network. The Software Switch feature of your FortiGate is a simple way to do this.

Software Switches are only available if your FortiGate is in Interface mode. For more information, see Choosing your FortiGate’s switch mode.

1. Create the SSID

Go to WiFi Controller > WiFi Network > SSID and configure your wireless network.

Leave the IP address empty. This is allowed.

You can use any type of security/authentication. In this example, your users must be members of the employees group to access the network. 

ssid

2. Combine the WiFi and wired interfaces

Go to System > Network > Interface. Edit the existing lan software switch interface or create a new one. 

Make sure your wired and WiFi interfaces are both included.

Make sure there is a DHCP Server configured. It will provide IP addresses to both WiFi and wired users.

switch

3. Create the security policy

Go to Policy & Objects > Policy > IPv4 and create a policy allowing all users on the software switch interface to connect to the Internet. policy

4. Connect and authorize the FortiAP unit

Go to System > Network > Interface. Configure a network interface that is dedicated to extension devices.

fap-interface

Connect the FortiAP unit and wait for it to be listed in WiFi Controller > Managed Access Points > Managed FortiAPs.

Highlight the FortiAP unit on the list and select Authorize.

managed-list

5. Add the SSID to the FortiAP profile

Go to WiFi Controller > WiFi Network > FortiAP Profiles and edit the profile for your FortiAP model.

For each radio:

  • Enable Radio Resource Provision.
  • Select your SSID.
ap-profile

Results

Go to WiFi Controller > Monitor > Client Monitor to see connected users. client_monitor

For further reading, check out Software switch in the FortiOS 5.2 Handbook.

Jonathan Coles

Jonathan Coles

Technical Writer at Fortinet
Jonathan Coles is part of the FortiOS Technical Documentation team in Ottawa. He has a B.A. in English from the University of Waterloo and an Electronics Technologist diploma from Conestoga College. Long ago at another company he convinced a documentation manager that he could write. After writing about telephone PBXs, text search software, cell tower planning software, and some less memorable things, he joined Fortinet around the time that FortiOS 3.0 was released.
Jonathan Coles

Latest posts by Jonathan Coles (see all)

  • Was this helpful?
  • Yes   No
  • ARIEH

    important SSID:

    has no DHCP Server, has IP/Netmask: 0.0.0.0/0.0.0.0 or 0.0.0.0/0 as default route

    it is not empty as described above

    Question:

    are multiple WLAN-SSIDs possible separated to multiple
    LANs for Example:

    WLAN-SSIDs:
    SSID_internal_11 (10.10.11.2),
    SSID_internal_12(10.10.12.2),
    SSID_external_13 (10.10.13.2)
    to
    LANs:
    LAN_internal_11 (10.10.11.3),
    LAN_internal_12 (10.10.12.3),
    LAN_external_13 (10.10.13.3)

    Answer:
    yes it is possible:
    You create three Software Switches as

    SSID11_to_LAN11,
    SSID12_to_LAN12,
    SSID13_to_LAN13

    • Kerrie Newton

      Hello Arieh,

      The question was not very clear can you please reword it. It seems you provided a Question and Answer .

      Regards,
      Kerrie

      • ARIEH

        The Question was can You create three WLAN Subnets
        or WIFI Subnets for Example

        WLAN-SSIDs: on one single AccessPoint (AP),
        which are independent Subnets as VLANS on a Switch. For Example:

        SSID_internal_11 (10.10.11.X), IP Range from DHCP (10.10.11.100 to 150),

        SSID_internal_12(10.10.12.X), IP Range from DHCP (10.10.12.100 to 150),

        SSID_external_13 (10.10.13X), IP Range from DHCP (10.10.13.100 to 150),

        and can each independent Subnet connect from
        the single Access point (AP) to the local LAN with the same Subnets on the
        Switch of the FortiGate, so the Subnet from the Access point connects directly
        to the local LANs Subnet on the FortiGate.

        For Example

        SSID_internal_11 (10.10.11.X), IP Range from DHCP (10.10.11.100 to 150) from the AP,
        connect directly to
        local_LAN_11 (10.10.11.X), IP Range from DHCP (10.10.11.151 to 200),

        SSID_internal_12 (10.10.12.X), IP Range from DHCP (10.10.12.100 to 150) from the AP,
        connect directly to
        local_LAN_11 _12(10.10.12.X), IP Range from DHCP (10.10. 151 to 200),

        SSID_external_13 (10.10.13X), IP Range from DHCP (10.10.13.100 to 150) from the AP,
        connect directly to
        local_LAN_13 (10.10.13X), IP Range from DHCP (10.10.13.151 to 200)
        As far i got Informations the SoftwareSwicht isn’t supported by Fortinet

        • Kerrie Newton

          Hello Arieh,

          Unfortunately that would require for detail that can be provided via this channel. I however suggest that you contact Fortinet Support who will be better suited to assit you.

          How to work with Fortinet Support
          http://cookbook.fortinet.com/how-to-work-with-fortinet-support/

          Regards,
          Kerrie