Access point deployment

Leave a reply

Assigning the same profile to multiple FortiAP units

The same profile can now be applied to multiple managed FortiAP units at the same time. To do this, do the following:

  1. Go to WiFi & Switch Controller > Managed FortiAPs to view the AP list.
  2. Select all FortiAP units you wish to apply the profile to.
  3. Right click on one of the selected FortiAPs and select Assign Profile.
  4. Choose the profile you wish to apply.

Overriding the FortiAP profile

In the FortiAP configuration WiFi & Switch Controller > Managed FortiAPs, there several radio settings under Override Radio 1 and Override Radio 2 to choose a value independently of the FortiAP profile setting.

When each of the radios are disabled, you will see what the FortiAP Profile has each of the settings configured to.

Band The available options depend on the capability of the radio. Overriding Band also overrides Channels. Make appropriate settings in Channels.
Channels Choose channels. The available channels depend on the Band.
TX Power Control If you enable Auto, adjust to set the power range in dBm.

If you enable Manual, adjust the slider. The 100% setting is the maximum power permitted in your region. See Configuring a WiFi LAN on page 30.
SSIDs Select between Auto or Manual. Selecting Auto eliminates the need to re-edit the profile when new SSIDs are created. However, you can still select SSIDs individually using Manual.

To override radio settings in the CLI

In this example, Radio 1 is set to 802.11n on channel 11, regardless of the profile setting.

config wireless-controller wtp edit FP221C3X14019926 config radio-1 set override-band enable set band 802.11n set override-channel enable

set channel 11

end

Override settings are available for band, channel, vaps (SSIDs), and txpower.

Outside of configuring radio settings, you can also override FortiAP LED state, WAN port mode, IP Fragmentation prevention method, spectrum analysis, split tunneling, and login password settings.

Accessing the FortiAP CLI through the FortiGate unit

Enable remote login for the FortiAP. In the FortiAP Profile for this FortiAP, enable remote access.

Connecting to the FortiAP CLI

The FortiAP unit has a CLI through which some configuration options can be set. You can access the CLI using Telnet.

To access the FortiAP unit CLI through the FortiAP Ethernet port

  1. Connect your computer to the FortiAP Ethernet interface, either directly with a cross-over cable or through a separate switch or hub.
  2. Change your computer’s IP address to 192.168.1.3
  3. Telnet to IP address 192.168.1.2.

Ensure that FortiAP is in a private network with no DHCP server for the static IP address to be accessible.

  1. Login with user name admin and no password.
  2. Enter commands as needed.
  3. Optionally, use the passwd command to assign an administrative password for better security.
  4. Save the configuration by entering the following command: cfg –c .
  5. Unplug the FortiAP and then plug it back in, in order for the configuration to take effect

Accessing the FortiAP CLI through the FortiGate

After the FortiAP has been installed, physical access to the unit might be inconvenient. You can access a connected FortiAP unit’s CLI through the FortiGate unit that controls it.

To enable remote access to the FortiAP CLI

In the CLI, edit the FortiAP Profile that applies to this FortiAP.

config wireless-controller wtp-profile edit FAP221C-default set allowaccess telnet

end

FortiAP now supports HTTPS and SSH administrative access, as well as HTTP and Telnet. Use the command above to set administrative access to telnet, http, https, or ssh.

To access the FortiAP unit CLI through the FortiGate unit – GUI

  1. Go to WiFi & Switch Controller > Managed FortiAPs.
  2. In the list, right-click the FortiAP unit and select >_Connect to CLI. A detached Console window opens.
  3. At the FortiAP login prompt, enter admin. When you are finished using the FortiAP CLI, enter exit.

To access the FortiAP unit CLI through the FortiGate unit – CLI

  1. Use the FortiGate CLI execute telnet command to access the FortiAP. For example, if the FortiAP unit IP address is 192.168.1.2, enter:

execute telnet 192.168.1.2

  1. At the FortiAP login prompt, enter admin. When you are finished using the FortiAP CLI, enter exit.

Pages: 1 2 3 4 5 6 7 8 9 10
This entry was posted in Administration Guides, FortiAP, FortiGate, FortiOS, FortiOS 6, FortiWLC on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.