In this example we will create a wireless VAP in bridge mode with dynamic VLAN assignment via radius serverbased on group membership.
First we need to create a new bridge mode SSID on the Fortigate controller.
Next we need to enable dynamic vlan via CLI:
config wireles-controller vap edit DynamicVLAN set dynamic-vlan enable end
Next we create the vlans on the Fortigate interface upon which the FortiAPs are connected.
We have vlans v1000 and v2000 off the internal interface:
Next we’ll need firewall policies to allow traffic out to the internet for each vlan. This is where different security policies can be applies to each vlan.