Bridged APs in a VLAN

When creating an ESS, AP400/AP822/AP832, FAP-U421EV, FAP-U423EV and AP1000 can be configured to bridge the traffic to the Ethernet interface. This is called bridged VLAN dataplane mode (per ESSID); it is also sometimes known as Remote AP mode. These two AP models also have the capability to tag the Ethernet frames when egressing the port, using 802.1Q VLAN tags, and setting the 802.1p priority bit. Bridging is configured setting the Dataplane Mode parameter in the ESS profile to Bridged (default is Tunneled).

Configure and Deploy a VLAN

In Tunneled mode, all traffic in an ESS is sent from the AP to the controller, and then forwarded from there. This is configured on a per ESS profile basis. In Bridged mode, client traffic is sent out to the local switch. Fortinet control and coordination traffic is still sent between the AP and the controller.

Remote AP400s can use VLANs with FortiWLC (SD) 4.0 and later. When configuring an ESS, the Dataplane Mode setting selects the type of AP/Controller configuration:

Bridged VLANs support:

• Non-Virtual Cell
• Virtual Port
• RADIUS profile for Mac Filtering/1x/WPA/WPA2
• Standard DSCP/802.1q to AC mapping defined in WMM
• RADIUS profile for Mac Filtering/1x/WPA/WPA2
• RADIUS assigned VLANs (even with 802.1x)
• QoS Rules

See the ESSID chapters in this guide for more information on configuring an ESSID.