Chapter 8 – Deploying Wireless Networks

WiFi and Switch controllers are enabled separately (275860)

In the Feature Store (System > Features), the WiFi Controller and Switch Controller are now separate. However, the Switch Controller must be enabled in order for the WiFi Controller to be visible.

In the CLI, the settings that enable the WiFi and Switch controllers have been separated:


config system global

set wireless-controller enable set switch-controller enable



The settings that enable the GUI display for those controllers have also been separated:


config system settings

set gui-wireless-controller enable set gui-switch-controller enable



Add Support of LLDP protocol on FortiAP to send switch and port information (283107)

You can enable LLDP protocol in the FortiAP Profile. Each FortiAP using that profile can then send back information about the switch and port that it is connected to. This information is visible in the optional LLDP column of the Managed FortiAP list. To enable LLDP:


config wireless-controller wtp-profile edit <profile-name>

set lldp enable end



WTP groups (278462)

You can define FortiAP Groups. Each group can contain FortiAPs of a single platform (model). These groups can be used in VLAN-pooling to assign APs to particular VLANs. Create a FortiAP Group in the CLI like this:


config wireless-controller wtp-group edit 1

set platform-type 320C

config wtp-list

edit FP320C3X14010828 next

edit FP320C3X14010830 end


The platform-type field is optional. If it is left empty, the group can contain FortiAPs of any model.


VLANpooling (278462)

In an SSID, you can define a VLAN pool. As clients associate to an AP, they are assigned to a VLAN. A VLAN

pool can

  • assign a specific VLAN based on the AP’s FortiAP Group, usually for network configuration reasons, or
  • assign one of several available VLANs for network load balancing purposes (tunnel mode SSIDs only)


Assignment by FortiAP Group

In this example, VLAN 101, 102, or 103 is assigned depending on the AP’s FortiAP Group.


config wireless-controller vap edit wlan

set vlan-pooling wtp-group config vlan-pool

edit 101

set wtp-group wtpgrp1 next

edit 102

set wtp-group wtpgrp2 next

edit 101

set wtp-group wtpgrp3 end

end end





Load Balancing

The vlan-pooling type can be either of these:

  • roundrobin – from the VLAN pool, choose the VLAN with the smallest number of clients
  • hash – choose a VLAN from the VLAN pool based on a hash of the current number of SSID clients and the number of entries in the VLAN pool


If the VLAN pool contains no valid VLAN ID, the SSID’s static VLAN ID setting is used. In this example, VLAN 101, 102, or 103 is assigned using the round-robin method:

config wireless-controller vap

edit wlan

set vlan-pooling round-robin config vlan-pool

edit 101 next

edit 102 next

edit 103 end

end end

Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU