Fortinet Document Library

Version:

Version:


Table of Contents

FortiAP Cloud User Guide

Download PDF
Copy Link

Adding a WPA2 Enterprise SSID to a FortiAP network

Use this procedure to add a WPA2 Enterprise SSID to a FortiAP network.

WPA2 Enterprise SSIDs can be configured to use an external RADIUS server to authenticate wireless clients, or control access to the SSID with a configured user group.

With the RADIUS accounting server method, the Accounting Interim Interval parameter becomes available. The AP will send an Interim Update Accounting-Request to update the RADIUS accounting server with time and bandwidth usage. The default value is set to 600 seconds (or 10 minutes).

Prerequisites

  • Complete the Adding a RADIUS server procedure.
  • If you want to use the MAC access control, make sure to import MAC addresses (see the Configuring MAC access control and MAC filtering procedure).
  • If you want to apply a QoS profile, make sure that the QoS profile exists (see the Adding a QoS profile procedure).
  • If you want the SSID to be available to APs with specific tags only, make sure that the AP tags exist (see the Adding AP tags procedure).
  • If you want to enable dynamic VLAN, block intra-SSID traffic, and customize radio and rate optional settings, then purchase a FAP Advanced Management License.

Procedure steps

  1. On the FortiAP Cloud Home page, select the FortiAP network to which you want to add a WPA2 Enterprise SSID.
  2. In the Menu bar, click Configure.
  3. In the Navigation pane, click SSIDs.
  4. Click Add SSID.
  5. Complete the fields as required.
  6. For enterprise class SSIDs where individual users can have their own login (such as username and password, and VLAN, administrative control), set Authentication to WPA2-Enterprise (or WPA/WPA2-Enterprise mixed mode). To define authorized users, set the RADIUS Auth Setting to one of the following:

  • My RADIUS Server: Use your own RADIUS server. To define your RADIUS server, see Adding a RADIUS server
  • FortiCloud User/Group: Use FortiAP Cloud as the RADIUS server. In this case, you do not need to have your own RADIUS server. All users are to be defined in FortiAP Cloud (see Creating a FortiAP Cloud group and users).
  • You can now go to the Deploying a FortiAP device to a FortiAP network procedure.
  • Adding a WPA2 Enterprise SSID to a FortiAP network

    Use this procedure to add a WPA2 Enterprise SSID to a FortiAP network.

    WPA2 Enterprise SSIDs can be configured to use an external RADIUS server to authenticate wireless clients, or control access to the SSID with a configured user group.

    With the RADIUS accounting server method, the Accounting Interim Interval parameter becomes available. The AP will send an Interim Update Accounting-Request to update the RADIUS accounting server with time and bandwidth usage. The default value is set to 600 seconds (or 10 minutes).

    Prerequisites

    • Complete the Adding a RADIUS server procedure.
    • If you want to use the MAC access control, make sure to import MAC addresses (see the Configuring MAC access control and MAC filtering procedure).
    • If you want to apply a QoS profile, make sure that the QoS profile exists (see the Adding a QoS profile procedure).
    • If you want the SSID to be available to APs with specific tags only, make sure that the AP tags exist (see the Adding AP tags procedure).
    • If you want to enable dynamic VLAN, block intra-SSID traffic, and customize radio and rate optional settings, then purchase a FAP Advanced Management License.

    Procedure steps

    1. On the FortiAP Cloud Home page, select the FortiAP network to which you want to add a WPA2 Enterprise SSID.
    2. In the Menu bar, click Configure.
    3. In the Navigation pane, click SSIDs.
    4. Click Add SSID.
    5. Complete the fields as required.
    6. For enterprise class SSIDs where individual users can have their own login (such as username and password, and VLAN, administrative control), set Authentication to WPA2-Enterprise (or WPA/WPA2-Enterprise mixed mode). To define authorized users, set the RADIUS Auth Setting to one of the following:

    • My RADIUS Server: Use your own RADIUS server. To define your RADIUS server, see Adding a RADIUS server
    • FortiCloud User/Group: Use FortiAP Cloud as the RADIUS server. In this case, you do not need to have your own RADIUS server. All users are to be defined in FortiAP Cloud (see Creating a FortiAP Cloud group and users).
  • You can now go to the Deploying a FortiAP device to a FortiAP network procedure.