Adding a WPA3 Enterprise SSID to a FortiAP network
Use this procedure to add a WPA3 Enterprise SSID to a FortiAP network.
WPA3 Enterprise SSIDs can be configured to use an external RADIUS server to authenticate wireless clients, or control access to the SSID with a configured user group.
With the RADIUS accounting server method, the Accounting Interim Interval parameter becomes available. The AP will send an Interim Update Accounting-Request to update the RADIUS accounting server with time and bandwidth usage. The default value is set to 600 seconds (or 10 minutes).
- Complete the Adding a RADIUS server procedure. The RADIUS server must support 192-bit AES encryption as required by WPA3-Enterprise security level.
- If you want to use the MAC access control, make sure to import MAC addresses (see the Configuring MAC access control and MAC filtering procedure).
- If you want to apply a QoS profile, make sure that the QoS profile exists (see the Adding a QoS profile procedure).
- If you want the SSID to be available to APs with specific tags only, make sure that the AP tags exist (see the Adding AP tags procedure).
- If you want to enable dynamic VLAN, block intra-SSID traffic, and customize radio and rate optional settings, then purchase a FAP Advanced Management License.
- On the FortiAP Cloud Home page, select the FortiAP network to which you want to add a WPA3 Enterprise SSID.
- In the Menu bar, click Configure.
- In the Navigation pane, click SSIDs.
- Click Add SSID.
- Complete the fields as required.
- You can now go to the Deploying a FortiAP device to a FortiAP network procedure.
For enterprise class SSIDs where individual users can have their own login (such as username and password, and VLAN, administrative control), set Authentication to WPA3-Enterprise . To define authorized users, set the RADIUS Auth Setting to My RADIUS Server where you use your own RADIUS server. To define your RADIUS server, see Adding a RADIUS server