Chapter 8 – Deploying Wireless Networks

Leave a reply

WiFi and Switch controllers are enabled separately (275860)

In the Feature Store (System > Features), the WiFi Controller and Switch Controller are now separate. However, the Switch Controller must be enabled in order for the WiFi Controller to be visible.

In the CLI, the settings that enable the WiFi and Switch controllers have been separated:

 

config system global

set wireless-controller enable set switch-controller enable

end

 

The settings that enable the GUI display for those controllers have also been separated:

 

config system settings

set gui-wireless-controller enable set gui-switch-controller enable

end

 

Add Support of LLDP protocol on FortiAP to send switch and port information (283107)

You can enable LLDP protocol in the FortiAP Profile. Each FortiAP using that profile can then send back information about the switch and port that it is connected to. This information is visible in the optional LLDP column of the Managed FortiAP list. To enable LLDP:

 

config wireless-controller wtp-profile edit <profile-name>

set lldp enable end

 

 

WTP groups (278462)

You can define FortiAP Groups. Each group can contain FortiAPs of a single platform (model). These groups can be used in VLAN-pooling to assign APs to particular VLANs. Create a FortiAP Group in the CLI like this:

 

config wireless-controller wtp-group edit 1

set platform-type 320C

config wtp-list

edit FP320C3X14010828 next

edit FP320C3X14010830 end

end

The platform-type field is optional. If it is left empty, the group can contain FortiAPs of any model.

 

VLANpooling (278462)

In an SSID, you can define a VLAN pool. As clients associate to an AP, they are assigned to a VLAN. A VLAN

pool can

  • assign a specific VLAN based on the AP’s FortiAP Group, usually for network configuration reasons, or
  • assign one of several available VLANs for network load balancing purposes (tunnel mode SSIDs only)

 

Assignment by FortiAP Group

In this example, VLAN 101, 102, or 103 is assigned depending on the AP’s FortiAP Group.

 

config wireless-controller vap edit wlan

set vlan-pooling wtp-group config vlan-pool

edit 101

set wtp-group wtpgrp1 next

edit 102

set wtp-group wtpgrp2 next

edit 101

set wtp-group wtpgrp3 end

end end

 

 

 

 

Load Balancing

The vlan-pooling type can be either of these:

  • roundrobin – from the VLAN pool, choose the VLAN with the smallest number of clients
  • hash – choose a VLAN from the VLAN pool based on a hash of the current number of SSID clients and the number of entries in the VLAN pool

 

If the VLAN pool contains no valid VLAN ID, the SSID’s static VLAN ID setting is used. In this example, VLAN 101, 102, or 103 is assigned using the round-robin method:

config wireless-controller vap

edit wlan

set vlan-pooling round-robin config vlan-pool

edit 101 next

edit 102 next

edit 103 end

end end

Pages: 1 2 3 4 5
This entry was posted in FortiOS 5.4 Handbook on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.