Configuring the FortiGate interface to manage FortiAP units
This guide describes how to configure a FortiGate interface to manage FortiAPs.
Based on the above topology, this example uses port16 as the interface used to manage connection to FortiAPs.
- You must enable a DHCP server on port16:
- In FortiOS, go to Network > Interfaces.
- Double-click port16.
- In the IP/Network Mask field, enter an IP address for port16.
- Enable DHCP Server, keeping the default settings.
- If desired, you can enable the VCI-match feature using the CLI. When VCI-match is enabled, only devices with a VCI name that matches the preconfigured string can acquire an IP address from the DHCP server. To configure VCI-match, run the following commands:
config system dhcp server edit 1 set interface port16 set vci-match enable set vci-string “FortiAP”
next
end
- As it is a minimum management requirement that FortiAP establish a CAPWAP tunnel with the FortiGate, you must enable CAPWAP access on port16 to allow it to manage FortiAPs: Go to Network > Interfaces.
- Double-click port16.
- Under Administrative Access, select CAPWAP.
- Click OK.
- To create a new FortiAP entry automatically when a new FortiAP unit is discovered, run the following command. By default, this option is enabled. config system interface edit port16 set allow-access capwap set ap-discover enable|disable
next
end
- To allow FortiGate to authorize a newly discovered FortiAP to be controlled by the FortiGate, run the following command. By default, this option is disabled.
config system interface edit port16 set allow-access capwap
set auto-auth-extension-device enable|disable
next
end
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!