FortiWLC – VLAN Pooling
To reduce big broadcast or risking a chance of running out of address space, you can now enable VLAN pooling in an ESS profile.
VLAN pooling essentially allows administrators to create a named alias using a subset of VLANs thereby creating a pool of address. By enabling VLAN pool, you can now associate a client/device to a specific VLAN. This allows you to effectively manage your network by monitoring appropriate or specific VLANs pools.
- You can associate up to 16 VLANs to a pool.
- You can create a maximum of 64 VLAN Pools.
- You can specify the maximum number of clients that can be associated to a VLAN.
- The client/device behaviour does not change after it is associates to a VLAN in a pool. If a VLAN is removed from a VLAN pool, clients/devices connected to the VLAN will continue to be associated to the VLAN. However, if the clients disconnect and reconnect the VLAN will change.
- Configure VLAN default(config)# vlan vlan10 tag 10 default(config‐vlan)# ip address 10.0.0.222 255.255.255.0 default(config‐vlan)# ip default‐gateway 10.0.0.1
default(config‐vlan)# exit default(config)# exit default# sh vlan vlan10
VLAN Name : vlan10
Tag : 10
Ethernet Interface Index : 1 IP Address : 10.0.0.222 Netmask : 255.255.255.0
IP Address of the Default Gateway : 10.0.0.1
Override Default DHCP Server Flag : off DHCP Server IP Address : 0.0.0.0
DHCP Relay Pass‐Through : on
Owner : controller
Maximum number of clients : 253 2. Configure VLAN Pool default(config)# vlan‐pool vlangroup default(config‐vpool)# tag‐list 10,36 default(config‐vpool)# exit default(config)# exit default# sh vlan‐pool
VLAN Pool Name Vlan Pool Tag List vlangroup 10,36
VLAN Pool Configuration(1 entry)
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos
Hello There, I was wondering if you have run into any issues with IP Prefix Validation when using vlan Pools for your tunnel interface on an ESS Profile. We are seeing strange behavior where in the station logs we see long client connection times and repeated errors similar to the following:
IP discovery fails due to prefix mismatch Allowed Range : IP PREFIX = 10.120.208.0with NETMASK = 255.255.248.0 on AP vlan20 interface.
The VLAN Pool We are are using contains vlans 18,20,21. the discovered IP is valid for vlan18 but it is failing validation against the range for vlan20.
We are running code version 8.4.2.
Currently working with Fortinet Support, but would appreciate any feedback.