FortiWLC – Dual-Ethernet Operation

Dual-Ethernet Operation

Dual-Ethernet support enables the controller’s second Ethernet port and provides the ability for it to work either as a redundant interface or a second active interface.

If the second interface is configured as redundant, it will serve as a backup interface to the first interface. This means that it will be idle as long as the first interface is functional and will perform all functions of the first interface if the first interface fails. In a redundant configuration, the first interface can have static or DHCP IP address.

If the second interface is configured as active, it can be configured as a separate interface that can support an additional configuration, for example to support GRE tunneling while the first interface is configured for VLANs.

The first Ethernet interface is treated as the default interface. The responsibility of the default interface is to pass wireless tunnel traffic between the APs and the controller. In addition to the general support of GRE and VLAN, the default interface is also the designated management interface for the controller, providing support for management access traffic via SSH and HTTPS.

It is implicit in the configuration of redundant mode that the second Ethernet interface should be connected to a switch port in which it can perform the same functions as the default Ethernet interface.

Note that when changing from redundant to dual active operation, a controller reboot is required.

Configuring Dual Ethernet

The second Ethernet interface can be configured as either redundant or active. An active interface can be used to support a VLAN or GRE (Generic Routing Encapsulation) tunneling. A redundant interface is a backup interface in case the primary interface fails.

Dual-Ethernet Operation

Configuring a Redundant Interface

See the chapter Implementing Redundancy.

Configuring an Active Interface

The following commands configure Ethernet port 2 as an active interface that can be used to support a VLAN or GRE (Generic Routing Encapsulation) tunneling. The ip address specifies the IP address of the VLAN or GRE local endpoint followed by the associated netmask. The gw command specifies the gateway address, and is a mandatory field.

default# configure terminal default(config)# interface FastEthernet 2

default(config‐if‐FastEth)# ip address 172.26.16.200 255.0.0.0 default(config‐if‐FastEth)# gw 172.26.16.1 default(config‐if‐FastEth)# type active default(config‐if‐FastEth)# exit default(config)# exit

After completing the interface configuration above, to configure a GRE tunnel, see Configure GRE Tunnels in the Security chapter.

Viewing FastEthernet Interface Information

To view the FastEthernet interface 1 configuration, use the show interfaces FastEthernet controller or show interfaces FastEthernet ap commands to display information relating to each type of interface.

To view the FastEthernet interface 2 redundant configuration, use the command show second_interface_status.

Interface and Networking Commands

The following interface and networking configuration commands are available.

Dual-Ethernet Operation

TABLE 10: Interface and Networking Commands

Command Purpose
controller(config)# interface FastEthernet controller interface-index Specify the controller interface index (0-31) and enter FastEthernet interface configuration submode.
controller(config)# ip address ip-address mask Specifies the IP address and subnet mask for the controller. This is used to specify the static IP address if you are not enabling DHCP.
controller(config)# gw ip-address Specifies the IP address of the default gateway. Used to specify the gateway if you are not using DHCP.
controller# setup Interactive script that helps set up hostname and other system and networking parameters.
controller# show interfaces FastEthernet statistics Displays the summary table of Ethernet statistics for the controller and APs.
controller# show interfaces FastEthernet statistics controller Displays the Ethernet statistics for the controller.
controller# show interfaces FastEthernet statistics ap id Displays the Ethernet statistics for the AP with the given node ID.
controller# show second_interface_status Displays the status of the second FastEthernet interface when configured for redundant mode.
This entry was posted in Administration Guides, FortiWLC on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.