FortiWLC – Configuring Management Interfaces

Configuring Management Interfaces

The Management Interfaces table (Configuration > Devices > System Settings > Management Interfaces) allows the user to control how traffic is sent from the controller to the wireless network. Refer to the following sections for each tab in the table.

Physical Interfaces

The Physical Interfaces table is where the user may configure the IP information for the physical Ethernet ports on the controller. The number of ports that may be configured will vary depending on the controller model purchased.

Add a Physical Interface

To configure a new physical interface, follow the steps below:

  1. From the Physical Interfaces table, click Add. The Management Interface-Add window appears.

Configuring Management Interfaces

Figure 39: Adding a Physical Interface

  1. Add in the required data as described in the table below.
Field Description
Interface Number The number for the desired interface.
Assignment Type Specifies whether the interface utilizes a Static or Dynamic IP address.
IP Address If using a static IP, enter the IP address to be used by the interface.
NetMask If using a static IP, enter the NetMask for the interface.
Gateway Address If using a static IP, enter the gateway address for the interface.
Interface Mode Specify whether the interface will be a active redundant.
  1. Click Save to save the interface. Note that the controller must be rebooted in order to apply the changes.
VLAN Interfaces

VLAN Interfaces allow the user to specify VLANs that are to be used specifically for Management traffic on the network. This traffic includes:

  • Communications between the controller and APs or controller to controller Access to the WebUI or CLI

Configuring Management Interfaces

  • SNMP traffic
  • Communications to the Network Management server and any additional Fortinet applications (SAM, Spectrum Manager, etc)
  • Syslog messages
  • Authentication server traffic (RADIUS, TACACS+, etc)
  • NTP communications

Using this functionality, users can isolate management traffic from the rest of the network and route it specifically to the devices for which it is intended. Follow the steps in the section below to create a VLAN interface.

Add a Management VLAN Interface
  1. From the VLAN Interfaces table, click Add. The Management Interface-Add window appears.

Figure 40: Adding a VLAN Interface

  1. Add in the required data as described in the table below.
Field Description
VLAN Name Enter a name for the VLAN.
Interface Number The physical interface number to be used.

Note: Management VLANs must utilize Interface number 1, so this field cannot be modified.

Tag Enter a tag for the VLAN.

Configuring Management Interfaces

Field Description
IP Address Enter the IP address to be used by the VLAN.
NetMask Enter the NetMask for the VLAN.
Default Gateway Enter the gateway to be used by the VLAN.
Assignment Type Management VLANs can only be implemented on static IP addresses, so this field cannot be changed.
Interface Mode Management VLANs can only operate on Active interfaces, so this field cannot be changed.
  1. Click Save to save the VLAN. The new VLAN will appear in the VLAN Interfaces table.
Using Static Routes

Static routes allow the system administrator to manually define the adapters that are permitted access to configured subnets. This is of particular use in smaller deployments where only a few routes are needed, or in larger ones where certain subnets must be kept separate from each other. Static routing can also be advantageous in that it doesn’t require the processing power that dynamic routes (in which the network router automatically determines the best delivery path for packets) can.

To view the static route table, access the WebUI and navigate to Configuration > Devices > System Settings > Management Interfaces > Static Route. Figure 41: Static Route Table

Adding a Static Route

To create a new static route, access the Static Route Table and click Add. The Static Route Configuration – Add screen appears.

Configuring Management Interfaces

Figure 42: Creating a Static Route

Provide the required details as described in the following table.

TABLE 12: Static Route Fields

Field Description
Static Route Name Enter a descriptive name for the route. Note that this must be between 1 and 16 characters in length.
IP Address/Subnet Enter the subnet for which the route provides access. This is typically in the xxx.xxx.xxx.0 format, as shown above.
Subnet Mask Enter the subnet mask for the route. This is typically in the 255.255.255.0 format, as shown above.
FastEthernet Use this drop-down to specify which Ethernet adapter will utilize the route. The specified adapter will subsequently gain access to the configured subnet.
Interface Name The name of the interface used for the route.
Default Gateway The default gateway for the route.

Once the fields are filled in, click OK to save the route. Repeat this process for as many routes as desired.

This entry was posted in Administration Guides, FortiWLC on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.