Access point deployment

Discovered access point unit

When you authorize (enable) a FortiAP unit, it is configured by default to use the default FortiAP profile (determined by model). You can create and select a different profile if needed. The FortiAP Profile defines the entire configuration for the AP.

 

To add and configure the discovered AP unit – web-based manager

1. Go to WiFi & Switch Controller > Managed FortiAPs.

This configuration also applies to local WiFi radio on FortiWiFi models.

2. Select the FortiAP unit from the list and edit it.

3. Optionally, enter a Name. Otherwise, the unit will be identified by serial number.

4. Select Authorize.

5. Select a FortiAP Profile.

6. Select OK.

The physical access point is now added to the system. If the rest of the configuration is complete, it should be possible to connect to the wireless network through the AP.

 

To add the discovered AP unit – CLI

First get a list of the discovered access point unit serial numbers:

get wireless-controller wtp

Add a discovered unit and associate it with AP-profile1, for example:

config wireless-controller wtp edit FAP22A3U10600118

set admin enable

set wtp-profile AP-profile1 end

 

To view the status of the added AP unit

config wireless-controller wtp edit FAP22A3U10600118

get

The join-time field should show a time, not “N/A”. See the preceding web-based manager procedure for more information.

 

Assigning the same profile to multiple FortiAP units

The same profile can now be applied to multiple managed FortiAP units at the same time. To do this, do the following:

1. Go to WiFi & Switch Controller > Managed FortiAPs to view the AP list.

2. Select all FortiAP units you wish to apply the profile to.

3. Right click on one of the selected FortiAPs and select Assign Profile.

4. Choose the profile you wish to apply.

 

Overriding the FortiAP Profile

In the FortiAP configuration WiFi & Switch Controller > Managed FortiAPs, there several radio settings where you can select Override and choose a value independently of the FortiAP Profile setting.

Band                                  The available options depend on the capability of the radio. Overriding Band

also overrides Channel. Make appropriate settings in Channel.

Channel                             Choose channels. The available channels depend on the Band.

Tx Power                           If you enable Automatic TX Power Control, adjust TX Power Low and

TX Power High to set the power range.

If you are not using automatic power control, adjust the slider. The 100% setting is the maximum power permitted in your region. See Configuring a WiFi LAN on page 828.

 

SSIDs

Choose Automatically assign Tunnel-mode SSIDs

or

Choose Select SSIDs and choose SSIDs for this AP to carry.

 

To override radio settings in the CLI

In this example, Radio 1 is set to 802.11n on channel 11, regardless of the profile setting.

config wireless-controller wtp edit FP221C3X14019926

config radio-1

set override-band enable set band 802.11n

set override-channel enable set channel 11

end

Override settings are available for band, channel, vaps (SSIDs), and txpower.

 

Accessing the FortiAP CLI through the FortiGate unit

Enable remote login for the FortiAP. In the FortiAP Profile for this FortiAP, enable remote access.

 

Connecting to the FortiAP CLI

The FortiAP unit has a CLI through which some configuration options can be set. You can access the CLI using Telnet.

 

To access the FortiAP unit CLI through the FortiAP Ethernet port

1. Connect your computer to the FortiAP Ethernet interface, either directly with a cross-over cable or through a separate switch or hub.

2. Change your computer’s IP address to 192.168.1.3

3. Telnet to IP address 192.168.1.2.

Ensure that FortiAP is in a private network with no DHCP server for the static IP address to be accessible.

4. Login with user name admin and no password.

5. Enter commands as needed.

6. Optionally, use the passwd command to assign an administrative password for better security.

7. Save the configuration by entering the following command:

cfg –c .

 

8. Unplug the FortiAP and then plug it back in, in order for the configuration to take effect

 

Accessing the FortiAP CLI through the FortiGate

After the FortiAP has been installed, physical access to the unit might be inconvenient. You can access a connected FortiAP unit’s CLI through the FortiGate unit that controls it.

 

To enable remote access to the FortiAP CLI

In the CLI, edit the FortiAP Profile that applies to this FortiAP.

config wireless-controller wtp-profile edit FAP221C-default

set allowaccess telnet end

 

To access the FortiAP unit CLI through the FortiGate unit – GUI

1. Go to WiFi & Switch Controller > Managed FortiAPs.

2. In the list, right-click the FortiAP unit and select >_Connect to CLI.

A detached Console window opens.

3. At the FortiAP login prompt, enter admin. When you are finished using the FortiAP CLI, enter exit.

 

To access the FortiAP unit CLI through the FortiGate unit – CLI

1. Use the FortiGate CLI execute telnet command to access the FortiAP. For example, if the FortiAP unit IP

address is 192.168.1.2, enter:

execute telnet 192.168.1.2

2. At the FortiAP login prompt, enter admin. When you are finished using the FortiAP CLI, enter exit.

When a WiFi controller has taken control of the FortiAP unit, Telnet access to the

FortiAP unit’s CLI is no longer available.

 

Checking and updating FortiAP unit firmware

You can view and update the FortiAP unit’s firmware from the FortiGate unit that acts as its WiFi controller.

 

Checking the FortiAP unit firmware version

Go to WiFi & Switch Controller > Managed FortiAPs to view the list of FortiAP units that the FortiGate unit can manage. The OS Version column shows the current firmware version running on each AP.

 

Updating FortiAP firmware from the FortiGate unit

You can update the FortiAP firmware using either the web-based manager or the CLI. Only the CLI method can update all FortiAP units at once.

 

To update FortiAP unit firmware – web-based manager

1. Go to WiFi & Switch Controller > Managed FortiAPs.

2. Right-click the FortiAP unit in the list and select Upgrade Firmware. or

Edit the FortiAP entry and select Upgrade from File in FortiAP OS Version.

3. Select Browse and locate the firmware upgrade file.

4. Select OK.

5. When the upgrade process completes, select OK.

The FortiAP unit restarts.

 

 

To update FortiAP unit firmware – CLI

1. Upload the FortiAP image to the FortiGate unit.

For example, the Firmware file is FAP_22A_v4.3.0_b0212_fortinet.out and the server IP address is

192.168.0.100.

execute wireless-controller upload-wtp-image tftp FAP_22A_v4.3.0_b0212_fortinet.out

192.168.0.100

If your server is FTP, change tftp to ftp, and if necessary add your user name and password at the end of the command.

 

2. Verify that the image is uploaded:

execute wireless-controller list-wtp-image

 

3. Upgrade the FortiAP units:

exec wireless-controller reset-wtp all

If you want to upgrade only one FortiAP unit, enter its serial number instead of all.

 

Updating FortiAP firmware from the FortiAP unit

You can connect to a FortiAP unit’s internal CLI to update its firmware from a TFTP server on the same network. This method does not require access to the wireless controller.

1. Place the FortiAP firmware image on a TFTP server on your computer.

2. Connect the FortiAP unit to a separate private switch or hub or directly connect to your computer via a cross-over cable.

3. Change your computer’s IP address to 192.168.1.3.

4. Telnet to IP address 192.168.1.2.

This IP address is overwritten if the FortiAP is connected to a DHCP environment. Ensure that the FortiAP unit is in a private network with no DHCP server.

5. Login with the username “admin” and no password.

6. Enter the following command.

For example, the FortiAP image file name is FAP_22A_v4.3.0_b0212_fortinet.out.

restore FAP_22A_v4.3.0_b0212_fortinet.out 192.168.1.3

 

 

Advanced WiFi controller discovery

A FortiAP unit can use any of four methods to locate a controller. By default, FortiAP units cycle through all four of the discovery methods. In most cases there is no need to make configuration changes on the FortiAP unit.

There are exceptions. The following section describes the WiFi controller discovery methods in more detail and provides information about configuration changes you might need to make so that discovery will work.

 

Controller discovery methods

There are four methods that a FortiAP unit can use to discover a WiFi controller.

 

Static IP configuration

If FortiAP and the controller are not in the same subnet, broadcast and multicast packets cannot reach the controller. The admin can specify the controller’s static IP on the AP unit. The AP unit sends a discovery request message in unicast to the controller. Routing must be properly configured in both directions.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.