Category Archives: Administration Guides

FortiWLC – Configure an AP’s Radios with the CLI

Configure an AP’s Radios with the CLI

Before you can configure any radio settings, you need to enter radio interface configuration mode. To do this, follow these steps:

TABLE 22: Entering Radio Interface Configuration Mode

Command	Purpose
configure terminal	Enter global configuration mode.
interface Dot11Radio <ap-id> <Interface ID>	Enter interface configuration for the specified AP and radio interface. Use show interfaces Dot11Radio to obtain a list of radio interfaces. For AP800, the second interface provides 802.11ac support.
… commands …	Enter the 802.11 configuration commands here.
end	Return to privileged EXEC mode.
copy running-config startup-config	This is an optional step to save your entries in the configuration file.

Summary of Radio Interface Configuration Commands

The following is a summary of the commands available in radio interface configuration mode: TABLE 23: Commands available in Radio Interface Configuration Mode

Command	Purpose
admin-mode	Enables or disables a radio interface.
antenna-property	Manages external wireless interface antennas.
channel	Configures the channel ID.
localpower	Configures the AP transmit power level for all APs
mode	AP mode configuration.
n-only-mode	Supports only 802.11n clients on the radio to improve performance.
preamble-short	Enables or disables short preambles.
protection-mode	Configures 802.11b/g interoperability mode. This setting defaults to auto and should not be changed without consulting Fortinet Support.

Configure an AP’s Radios with the CLI

TABLE 23: Commands available in Radio Interface Configuration Mode

Command	Purpose
rf-mode	Configures the Radio Frequency mode (802.11a, b, g, or bg, bgn, or an). Note that All APs on the same channel in a Virtual Cell must have the same setting for rf-mode.
scanning channels	Configures the channels for scanning
tuning	Tunes the wireless interface

Set Radio Transmit Power with the CLI

The radio transmit power changes the AP’s coverage area; this setting helps manage contention between neighboring access points. Transmit power for Fortinet APs is defined as the EIRP1 (Effective Isotropic Radiated Power) at the antenna and includes the antenna gain.

(This is important to remember; transmit power is not the power at the connector.) Power level settings are dependent on the country code and the radio band (and for 802.11a, the channel) in use.

For example, if the transmit power, configured with the command localpower, is set to 20 dBm2, and the antenna gain is set 3 to 2 dBm, then the actual transmitted power at the connector is 18 dBm.

If an external antenna with an 8dBi (isotropic) gain is used, then adjust the gain value to the same value, 8. If the desired EIRP after the antenna is the same, then keep the transmit power set to the same value, 20. For higher or lower EIRP values, adjust the transmit power to the desired value.

The maximum power setting is an integer between 4-30dBm for 802.11/bg radios.

The Maximum Transmit Power for the 802.11a band is based on the channel in use, as detailed in the following table, which shows the levels for the United States:

802.11a Channel	Maximum Transmit Power (dBm) for United States
36	17
40	23
44	23
48	23
52	30
56	30
60	30
64	30
100	30
104	30

Configure an AP’s Radios with the CLI

802.11a Channel	Maximum Transmit Power (dBm) for United States
108	30
112	30
116	30
120	30
124	30
128	30
132	30
136	30
140	30
149	36
153	36
157	36
161	36
165	36

Use the localpower command in the Dot11Radio interface configuration mode to configure the maximum power level. localpower max‐level

For example, to set the 802.11a radio maximum power to 15, type

localpower 15

Enable and Disable Short Preambles with the CLI

The radio preamble, also called the header, is a section of data at the head of a packet that contains information that the access point and client devices need when sending and receiving packets. By default, a short preamble is configured, but you can set the radio preamble to long or short:

A short preamble improves throughput performance.
A long preamble ensures compatibility between the access point and some older wireless LAN cards. If you do not have any older wireless LAN cards, you should use short preambles.

To disable short preambles and use long preambles, type: no preamble-short

To enable short preambles, type: preamble-short

Configure an AP’s Radios with the CLI

Set a Radio to Scan for Rogue APs with the CLI

To configure radios to constantly scan for rogue APs, use this command from the Dot11Radio interface configuration mode: mode scanning

To set the radio back to servicing clients, use the command: mode normal

Enable or Disable a Radio Interface with the CLI

To temporarily disable a radio interface, use this command from Dot11Radio interface configuration mode: admin‐mode Down

To later enable the off-line interface, use the command: admin‐mode Up

Set a Radio to Support 802.11n Only with the CLI

To set an AP radio interface to support only 802.11n clients, and thus improve throughput, from the Dot11Radio interface configuration mode use the command: n‐only‐mode

To disable the 802.11n-only support, use the command: no n‐only‐mode

Note that All APs on the same channel in a Virtual Cell must have the same setting for n-only mode.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

FortiWLC – Add and Configure an AP with the CLI

Leave a reply

Add and Configure an AP with the CLI

To configure an AP with the CLI, first enter AP configuration mode (first command shown below) and then use the rest of the AP configuration commands:

Command	Purpose
configure terminal	Enter global configuration mode.
ap ap-id	Enter AP configuration for the specified AP. Use the command show ap to get a list of APs.
… commands …	Enter the AP configuration commands listed in the next chart here.
boot-script string	Name of an initialization script that the access point runs when booted. If nothing is configured here, the AP uses the default bootscript.
building string	Command to describe building identification.
contact string	Enters AP contact information
connectivity l2-only \| l2-preferred \| l3preferred	This setting configures Layer 2 or Layer 3 connectivity to the controller. Using either L3 or L2 preferred also invokes AP connectivity mode where additional connectivity configuration can be done.
dataplane-encryption {on \| off}	In a Mesh configuration, selects how the AP and Controller pass data packets: On: the AP-Controller link is encrypted Off: the AP-Controller link is unencrypted (default)
description string	Enters AP description. Note that this corresponds to the AP Name in the GUI.
floor string	Enters AP floor location
led {normal \| blink \| NodeId \| Normal}	Sets LED appearance on AP400 and AP1000. Normal: AP400 and AP1000 LEDs appear as described in the Fortinet Access Point Installation Guide Blink: Sets all LEDs flashing; this is useful to locate an AP Dark: Turns off all LEDs
link-probing duration minutes	For Remote AP, set the number of minutes between keep-alive signals. Minutes can be between 1 and 3200.
location string	Enters AP location information

Add and Configure an AP with the CLI

Command	Purpose
mac-address ff:ff:ff:ff:ff:ff	Sets the MAC address if you are pre-configuring an AP
model string	Command to enter the model type of the AP if you are pre-configuring the AP
no boot-script	Disables the boot script
end	Return to privileged EXEC mode.

Configure a Layer 3 AP with the CLI

The following commands can be used to set up a Layer 3 configuration for an AP not in the same subnet as the controller. It specifies the AP will obtain its IP address from DHCP, which allows it to use a DNS server for obtaining its IP address. If the network administrator has added to the DNS server the IP address for the controller hostname “wlan-controller,” DNS can return the IP address of the controller with the hostname “wlan-controller:”

default# configure terminal default(config)# ap 1

default(config‐ap)# connectivity l3‐preferred default(config‐ap‐connectivity)# ip address dhcp

default(config‐ap‐connectivity)# controller hostname wlan‐controller default(config‐ap‐connectivity)# end default#

The following table presents the commands available within the ap-connectivity mode. TABLE 21: Summary of Connectivity Mode Commands

Command

Purpose

controller {domainname name|hostname name|ip <ip-address>}

Configure the controller IP information.

The domainname name must be from 1 to 63 characters.

The hostname name must be from 1 to 63 characters.

The IP address must be in the format nnn.nnn.nnn.nnn or dhcp to obtain the AP IP address dynamically.

hostname name

Sets the AP hostname. name must be from 1 to 63 characters.

Add and Configure an AP with the CLI

TABLE 21: Summary of Connectivity Mode Commands

Command	Purpose
ip address {ip-address\|dhcp}	Configures the IP addressing for the AP. Use ip-address to assign a static IP address to the AP. Use dhcp to obtain the AP IP address dynamically.
ip default-gateway gateway	Adds an IP address of the default gateway in the format nnn.nnn.nnn.nnn
ip dns-server {primary <DNS ipaddress> \|secondary <DNS ipaddress>}	Adds a DNS server entry for static IP. primary ip-address sets a primary DNS server for static IP. secondary ip-address sets the secondary DNS server for the static IP.

Configure AP Power Supply, Channel Width, and MIMO Mode with CLI

Set the power supply type, channel width, and MIMO mode by following these steps:

Open a terminal session on the controller.
Enter configuration mode by with the command terminal configuration at the CLI prompt.
Select the AP with the command ap #, for example, AP1: default(config)# ap 1
Set the power supply value to 5V-DC for AP Power, 802.3af Power Over Ethernet, 802.3at Power Over Ethernet with the CLI command power-supply. default(config‐ap)# power‐supply 5V‐DC
Exit ap configuration mode. default(config‐ap) # exit
Enter radio configuration submode with the command interface Dot11Radio node-id interface_ID. For example, for AP1, interface 1: default(config)# interface Dot11Radio 1 1
Change channel width from 20 MHz (default) to 40 MHz (either 40-mhz-extension-channel-above or 0-mhz-extension-channel-below 40) with the command channel-width. This command also sets channel bonding. default(config‐if‐802)# channel‐width above 40 MHz Extension channel
Change MIMO Mode from 2×2 (default) to 3×3 with the mimo-mode 3×3 command and exit.

default(config‐if‐802)# mimo‐mode 3×3 default(config‐if‐802)# end

Add and Configure an AP with the CLI

The AP is now configured.

FortiWLC – Configure an AP’s Radios with the Web UI

Leave a reply

Configure an AP’s Radios with the Web UI

After you “Add and Configure an AP with the Web UI” on page 337, the AP’s radios will be listed in FortiWLC (SD). Follow these steps to configure the radios:

Click Configuration > Wireless > Radio.
Select one of the radios by clicking the pencil icon in the first column; remember that most APs have two radios. In that case, you will want to configure both of them.
There are three tabs of settings for a radio, Wireless Interface, Wireless Statistics, and Antenna Property. Wireless Interface is the default tab. Here you see the existing interface settings for the radio. Any setting that is greyed out cannot be changed. Make any of the changes listed in the following chart, and then click OK.

Field	Description
Interface Description	Description can be up to 256 alphanumeric characters long and contain spaces (for example, Lobby AP interface 1). By default, the description is ieee80211-ap_id-index_ID.
Administrative Status	Indicate whether the interface is to be used: Up: Enable the interface Down: Disable the interface
Primary Channel	In the drop-down list, select the channel number for the wireless interface to use. The channel numbers displayed depend on the RF Band Selection and the regulatory domain for each country; for example, in the United States 802.11b shows channels 1 through 11 and 802.11a shows channels 36, 40, 44, etc. Two access points can belong to the same virtual AP only if they are on the same channel. Thus, two neighboring access points on different channels cannot perform seamless handoff (0 ms).
Short Preamble	Short preambles are more efficient on the air, but not all clients support them. On Off
RF Band Selection	Select the RF Band this interface uses. Available selections are based on both the AP model and radio cards installed (for example, 802.11an) and the licensing in effect.
Transmit Power (EIRP)	Fortinet AP radios operate at their maximum power level by default. High power level increases the signal strength of the frames received by the client stations, allowing a client station to decode frames at a higher rate and increasing the coverage area. This causes minimal interference because Fortinet uses Virtual Cell technology, moving clients to a better AP without re-association. For a very few cases, we recommend that you reduce the power level on APs due to co-channel-interference. Check with Support first to make sure your issue really is due to co-channel-interference. To change transmit power, change the value in the Transmit Power field. The maximum level depends on the country code and the RF band in use.

Configure an AP’s Radios with the Web UI

Field	Description
AP Mode	Select whether the radio for the interface is in Service Mode (servicing clients first and scanning in the background), ScanRogues Mode (dedicated monitoring for Rogue APs), and ScanSpectrum Mode.
B/G Protection Mode	Configures 802.11b/g interoperability mode. This setting defaults to auto and should not be changed without consulting Fortinet Support.
HT Protection Mode	HT protection is set to default Off. The options are: On Off Auto
Channel Width	Channel Width can be: 20 MHz 40MHz Extension Channel Above 40MHz Extension Channel Below Note that all APs in a Virtual Cell must have the same channel width.
MIMO Mode	Select: 2×2 for either AP1000 with an 802.3af PoE 3×3 for AP400 depending on radio and power source configuration
802.11n Only Mode	802.11n only mode is for AP400/AP1000s with N capability. Select: On: to support only 802.11n Off: (default) to support 802.11an or 802.1bgn
RF Virtualization Mode	This field is displayed only when the underlying AP is a AP400 model. If the underlying AP is any of the other APs, this field shall be greyed out in GUI. The default value of RF Virtualization Mode is Virtual Port. The options are Virtual Port, Virtual Cell, and Native Cell.
Probe Response Threshold	Enter the Probe Response Threshold and the valid range is 0-100.
Mesh Service Admin Status	Enable or Disable the Mesh Service Admin Status.
Transmit Beamforming Support	Select the Transmit Beamforming Support: • Disabled • SU-MIMO • MU-MIMO (to support 802.11ac Wave 2 capable clients) Supported in AP122, AP832, OAP832e, AP822, FAP-U421EV, and FAP-U423EV.

Configure an AP’s Radios with the Web UI

Field	Description
STBC Support	Select the STBC Support: On Off
DFS Fallback Option	Select enable to allow the AP to fallback to a different channel when a radar is detected. Supported only in AP1xx, AP433, AP 8xx, AP1xxx, AP332, FAP-U421EV,and FAPU423EV. If the DFS fallback option is enabled: • DFS fallback channel 52 is selected • DFS Channel Revertive is set to 45 min • When radar detected, it checks the fallback channel 52 for 60 sec. and if no radar is found it switches to the channel 52 • After 45 min, it reverts back to original operating channel if the channel is available (Channel avail test runs successfully) If the DFS fallback option is disabled: • If radar is detected the system performs its own fallback channel selection. • It will revert back to the original channel after 30 minutes if it passes the channel availability test (monitors the channel for 60 seconds).
DFS Fallback Channel	Select the fallback channel.
DFS Channel Revertive (minutes)	Select the time AP will take to revert back to its original channel.

AP1000 radios always have Virtual Cell enabled, but there is a way to use AP1000 in non-Virtual Cell mode. See Adding an ESS with the CLI.

The FAP U42xEV and FAP U32xEV Access Points can support up to 256 clients per radio interface. The 256 client support per radio is only for a native cell environment. In a virtual cell environment, the maximum clients supported per interface are 170.

Configure an AP’s Radios with the Web UI

FortiWLC – Add and Configure an AP with the Web UI

Leave a reply

Add and Configure an AP with the Web UI

When you add an AP to a controller, you configure these features:

AP ID
AP Name
Serial Number
Location, Building, Floor
Contact
LED Mode
Boot script (AP Init Script)
Dataplane Encryption
AP Role
Parent AP ID
Link Probing Duration
Power Supply Type
AP Indoor/Outdoor Type

Meru Access Points can be connected to the controller through a Layer 2 network or a Layer 3 network. To both add and configure an AP, follow these steps:

Click Configuration > Devices > APs > Add.

The AP Table Add window displays.

Add and Configure an AP with the Web UI

Figure 65: Add an AP to the Network

Provide the following values and then click OK.

Field	Description
AP ID (required)	Unique AP numeric identifier up to 9999 characters long
AP Name (required)	Alphanumeric string up to 64 characters long assigned as identifier for the access point. Note that it can be helpful to name the AP something descriptive, such as a means of indicating its location in the building.
Serial Number (optional)	These boxes are designed to hold the MAC address which is part of the longer part number on the bottom of an AP. The MAC address is the last 12 numbers.
Location (optional)	Alphanumeric string up to 64 characters long
Building (optional)	Alphanumeric string up to 64 characters long

Add and Configure an AP with the Web UI

Field	Description
Floor (optional)	Alphanumeric string up to 64 characters long
Contact (optional)	Alphanumeric string up to 64 characters long
LED Mode (optional)	Sets LED appearance on AP332/AP400 and AP1000. Normal: LEDs are as described in the Access Point Installation Guide Node ID: Not supported in release 5.1 Blink: Sets all LEDs flashing; this is useful to locate one AP. The blink sequence is unique for different AP models. Dark: Turns off all LEDs except power
AP Init Script (optional)	Name of an initialization script that the access point runs when booted.
Dataplane Encryption (optional)	In a Mesh configuration, selects how the AP and Controller pass data packets: On: the AP-Controller link is encrypted Off: the AP-Controller link is unencrypted (default)
AP Role (optional)	In a Mesh configuration, determines the role that the AP plays in the mesh: access: Access point is operating as a standard, wired AP. wireless: Access Point is part of the Enterprise Mesh configuration, providing wireless access services to 802.11/bg clients and backhaul services on the 802.11/a link. gateway: Access point is part of the Enterprise Mesh configuration, providing the link between the wired and wireless service.
Parent AP ID (optional)	In a Mesh configuration, a wireless AP is directed to look for a signal from a Parent AP, which provides the wireless AP with its backhaul connectivity. Several APs can be assigned the same Parent AP ID.
Link Probing Duration (optional)	Length of time (from 1 to 32000 minutes) that bridged APs wait before rebooting when the controller link is broken. This setting is used in Remote AP configurations to prevent AP reboots when the connectivity to the remote controller is lost. The default is 120.
KeepAlive Timeout (seconds)	In the KeepAlive Timeout (seconds), specify the duration of time (from 1 to 1800 seconds), for the remote APs to remain in the online state with respect to the controller, even when the link to the AP is down. The discovery message from the controller to the AP is modified depending on the time lapse provided in the Link Probing Duration box and the KeepAlive Timeout (seconds) box. The default is 25.
AP Indoor/ Outdoor AP (optional)	An Indoor and outdoor AP have different regulatory settings for channels and power levels. This setting adjusts those values.

Add and Configure an AP with the Web UI

FortiWLC – Support for CAPWAP

Leave a reply

Support for CAPWAP

FortiWLC supports Control and Provisioning of Wireless Access Points (CAPWAP) protocol to allow Fortinet access points to discover Fortinet WLAN controllers. In addition to controller discovery, APs can send keep-alive packets to controllers via CAPWAP.

This is a partial implementation of the CAPWAP protocol that is limited to controller discovery, keepalive packets (echo request and response), AP image upgrade, and tunnelled client data packets between AP and controller.

Legacy Discovery Process

There are three types of access point discovery:

Layer 2 only-Access point is in the same subnet as controller.
Layer 2 preferred-Access point sends broadcasts to find the controller by trying Layer 2 discovery first. If the access point gets no response, it tries Layer 3 discovery.
Layer 3 preferred-Access point sends discovery message to the controller by trying Layer 3 discovery first. If the access point gets no response, it tries Layer 2 discovery.
Layer 3 only-Access point sends discovery message to the controller by trying Layer 3 only.

For Layer 2 and Layer 3 discovery, the access point cycles between Layer 2, Layer 3, and Mesh (if mesh is enabled) until it finds the controller.

An access point obtains its own IP address from DHCP (the default method), or you can assign a static IP address. After the access point has an IP address, it must find a controller’s IP address. By default, when using Layer 3 discovery, the access point obtains the controller’s IP address by using DNS and querying for hostname. The default hostname is “wlan-controller.” This presumes the DNS server knows the domain name where the controller is located. The domain name can be entered via the AP configuration or it can be obtained from the DHCP server, but without it, an Layer 3-configured AP will fail to find a controller. Alternately, you can configure the AP to point to the controller’s IP directly (if the controller has a static IP configuration).

After the access point obtains the controller IP address, it sends discovery messages using UDP port 9393. After the controller acknowledges the messages, a link is formed between the AP and the controller.

Discovery sequence for OAP832 and OAP433

Even if OAP832 and OAP433 are configured in the L3-only mode, the access points will be use L3 preferred mode to find controller. If the L3-preferred mode fails, they will fall back to L2 mode.

Legacy Discovery Process

CAPWAP and Legacy Reference

Port Requirements

Activity	CAPWAP UDP Ports	L3 UDP Ports	Ethertype (L2)
Discovery	5246	9292	0x4003
Configuration and KeepAlive	5246	5000	0x4001
Data Flow	5247	9393	0x4000

Controller and AP Communication Ports

AP firmware version	Discovery Mode	Discovery Port / Ethertype	keep-alive ports / Ethertype	Configuration ports/ Ethertype	Data Flow Ports / Ethertype	Notes
Pre-8.3 (8.2, 8.1, 8.0, 7.0, etc.,)	L2 L3	0x4003 9292	0x4001 5000	0x4001 5000	0x4000 9393	After upgrade, UDP 5246 and
8.3.0	L2	0x4003	0x4001	0x4001	0x4000	5247 is used for future discovery process and data flow respectively.
	L3	5246	5246	5000	5247

CAPWAP Discovery

The CAPWAP protocol requires the UDP ports 5246 and 5247 to exchange control and data packets respectively

Legacy Discovery Process

Discovery Sequence

The CAPWAP discovery supports the following sequence on port UDP 5246:

Unicast Options Controller IP address: AP sends discovery request to a controller based on the configured IP address in the AP.
- DHCP Option 138: AP sends discover request to the controller configured with DHCP option 138. Alternatively, option 43 is also available for discovering controller.
- DNS: AP sends discovery request based on the DNS resolution of – _capwap-control._udp.example.com
Multicast: AP sends discovery request via multicast address – 224.0.1.140
Broadcast: AP sends discovery request via broadcast address on – 255.255.255

Discovery Process

In L3 discovery mode, the AP sends discovery request on both port 5246 and port 9292 to the controller.
If the controller is already upgraded to 8.3 release, it sends response on port 5246 to complete the AP association.
Further the keep-alive and image upgrade message exchange happens on port 5246.
Tunnelled client data are sent to controller on port 5247.

Upgrading from Pre-8.3 Release

Using the upgrade controller command with auto‐ap‐upgrade ON

The controller is upgraded to 8.3 and will now listen on port 5246 and 9292 for discovery request from access points. During the controller upgrade process, the pre-8.3 access points will continue re-discovery of the controller using the legacy method.

Once the controller is upgraded, the pre-8.3 APs will associate with the controller using the legacy method.

Now, the access points begin the upgrade process. After the upgrade is complete, the access points will send discovery request on port 5246 and port 9292. The controller that is already upgraded to 8.3 will respond on port 5246 to complete AP association.

Legacy Discovery Process

Using the upgrade system command

The APs are upgraded first to the 8.3 release. After upgrade the APs will send discovery request using a method sequence as mentioned in the Discovery Sequence section.
The controller is upgraded to 8.3 after the APs are upgraded. The 8.3 controller will respond to AP discovery request.

Post Upgrade

Ensure that UDP 5000 is open after the upgrade is complete.

Downgrading

When downgraded to a previous release, the discovery mechanism will switch back to the legacy discovery process. However, we recommend that you open the CAPWAP UDP ports, Kcom (L3) UDP ports, and Ethertypes.

FortiWLC – VLAN Pooling

1 Reply

VLAN Pooling

To reduce big broadcast or risking a chance of running out of address space, you can now enable VLAN pooling in an ESS profile.

VLAN pooling essentially allows administrators to create a named alias using a subset of VLANs thereby creating a pool of address. By enabling VLAN pool, you can now associate a client/device to a specific VLAN. This allows you to effectively manage your network by monitoring appropriate or specific VLANs pools.

Features

You can associate up to 16 VLANs to a pool.
You can create a maximum of 64 VLAN Pools.
You can specify the maximum number of clients that can be associated to a VLAN.
The client/device behaviour does not change after it is associates to a VLAN in a pool. If a VLAN is removed from a VLAN pool, clients/devices connected to the VLAN will continue to be associated to the VLAN. However, if the clients disconnect and reconnect the VLAN will change.

VLAN Pooling

Configuration

Using WebUI

Using CLI

Configure VLAN default(config)# vlan vlan10 tag 10 default(config‐vlan)# ip address 10.0.0.222 255.255.255.0 default(config‐vlan)# ip default‐gateway 10.0.0.1

VLAN Pooling

default(config‐vlan)# exit default(config)# exit default# sh vlan vlan10

VLAN Configuration

VLAN Name : vlan10

Tag : 10

Ethernet Interface Index : 1 IP Address : 10.0.0.222 Netmask : 255.255.255.0

IP Address of the Default Gateway : 10.0.0.1

Override Default DHCP Server Flag : off DHCP Server IP Address : 0.0.0.0

DHCP Relay Pass‐Through : on

Owner : controller

Maximum number of clients : 253 2. Configure VLAN Pool default(config)# vlan‐pool vlangroup default(config‐vpool)# tag‐list 10,36 default(config‐vpool)# exit default(config)# exit default# sh vlan‐pool

VLAN Pool Name Vlan Pool Tag List vlangroup 10,36

VLAN Pool Configuration(1 entry)

FortiWLC – More About VLANs

Leave a reply

More About VLANs

FortiWLC (SD) provides commands for configuring both virtual LAN (VLANs) and Generic Routing Encapsulation (GRE) tunnels to facilitate the separation of traffic using logical rather than physical constraints. As an alternative to VLANs, GRE Tunneling can be configured on the either Ethernet interface, as described in Configure GRE Tunnels in the Security chapter. VLANs and GRE tunnels can coexist within any given network, logically segmenting traffic by organization or function. In this way, all systems used by a given organization can be interconnected, independent of physical location. This has the benefit of limiting the broadcast domain and increasing security.

VLANs, when used in conjunction with multiple ESSIDs, as discussed in Chapter , “,” allow you to support multiple wireless networks on a single access point. You can create a one-toone mapping of ESSID to VLAN or map multiple ESSIDs to one VLAN.

Customized security configuration by VLAN is also supported. By assigning a VLAN a Security Profile, you can fine-tune the security requirements based on the use of the VLAN (see Chapter , “,” for details).

Dynamic VLAN support in Bridge mode

FortiWLC – Delete a VLAN

Leave a reply

Delete a VLAN

You cannot delete a VLAN if it is currently assigned to an ESSID (see Chapter , “” on page 137). You cannot delete a VLAN created by E(z)RF Network Server; that must be done from Network Server. To delete a VLAN created on a controller, use the following command in global configuration mode:

no vlan name

For example, to delete the VLAN name vlan1, enter the following:

controller (config)# no vlan vlan1 controller (config)#