Configuring the FortiGate interface to manage FortiAP units
This guide describes how to configure a FortiGate interface to manage FortiAPs.
Based on the above topology, this example uses port16 as the interface used to manage connection to FortiAPs.
- You must enable a DHCP server on port16:
- In FortiOS, go to Network > Interfaces.
- Double-click port16.
- In the IP/Network Mask field, enter an IP address for port16.
- Enable DHCP Server, keeping the default settings.
- If desired, you can enable the VCI-match feature using the CLI. When VCI-match is enabled, only devices with a VCI name that matches the preconfigured string can acquire an IP address from the DHCP server. To configure VCI-match, run the following commands:
config system dhcp server edit 1 set interface port16 set vci-match enable set vci-string “FortiAP”
next
end
- As it is a minimum management requirement that FortiAP establish a CAPWAP tunnel with the FortiGate, you must enable CAPWAP access on port16 to allow it to manage FortiAPs: Go to Network > Interfaces.
- Double-click port16.
- Under Administrative Access, select CAPWAP.
- Click OK.
- To create a new FortiAP entry automatically when a new FortiAP unit is discovered, run the following command. By default, this option is enabled. config system interface edit port16 set allow-access capwap set ap-discover enable|disable
next
end
- To allow FortiGate to authorize a newly discovered FortiAP to be controlled by the FortiGate, run the following command. By default, this option is disabled.
config system interface edit port16 set allow-access capwap
set auto-auth-extension-device enable|disable
next
end