Fortinet white logo
Fortinet white logo

FortiWiFi and FortiAP Configuration Guide

Advanced WiFi controller discovery

Advanced WiFi controller discovery

A FortiAP unit can use any of six methods to locate a controller. By default, FortiAP units cycle through all six of the discovery methods. In most cases there is no need to make configuration changes on the FortiAP unit.

There are exceptions. The following section describes the WiFi controller discovery methods in more detail and provides information about configuration changes you might need to make so that discovery will work.

Controller discovery methods

There are six methods that a FortiAP unit can use to discover a WiFi controller. When the FortiAP discovery type is set to auto, the AP Controller (AC) uses the following discovery methods in sequence:

1(static) → 2(dhcp) → 3(dns) → 7(fortiapcloud) → 5(multicast) → 6(broadcast)

For every discovery type, FortiAP sends out discovery requests and sets a timer, an interval defined as a random number of seconds (between 2 and 180, default is 5 seconds), which is set via the CLI:

CLI syntax

config wireless-controller timers

set discovery-interval 5

end

After the timeout is reached, FortiAP sends out another discovery request, up to a maximum of 3 times.

After about 3 - 15 seconds, if FortiAP has no AC connection, it will switch to another discovery type and repeat the above process until the last one (broadcast) fails, which will lead to SULKING state.

After about 30 seconds, FortiAP will go into an AC_IP_DISCVER state. After the AC IP is found, it will go to IDLE state, and will eventually go to the DISCOVERY state, and repeat the above process again.

Note that, while the process above is showcasing the auto discovery method, it's recommended to set the AC_DISCOVERY_TYPE to your used method in order to reduce downtime.

Static IP configuration

If FortiAP and the controller are not in the same subnet, broadcast and multicast packets cannot reach the controller. The admin can specify the controller’s static IP on the AP unit. The AP unit sends a discovery request message in unicast to the controller. Routing must be properly configured in both directions.

To specify the controller’s IP address on a FortiAP unit

cfg –a AC_IPADDR_1="192.168.0.100"

By default, the FortiAP unit receives its IP address, netmask, and gateway address by DHCP. If you prefer, you can assign these statically.

To assign a static IP address to the FortiAP unit

cfg -a ADDR_MODE=STATIC

cfg –a AP_IPADDR="192.168.0.100"

cfg -a AP_NETMASK="255.255.255.0"

cfg –a IPGW=192.168.0.1

cfg -c

For information about connecting to the FortiAP CLI, see FortiAP CLI access.

DHCP

If you use DHCP to assign an IP address to your FortiAP unit, you can also provide the WiFi controller IP address at the same time. This is useful if the AP is located remotely from the WiFi controller and other discovery techniques will not work. Since the AP sequentially goes through all the different discovery methods, DHCP has the best ratio between configuration and time for discovery.

When you configure the DHCP server, configure Option 138 to specify the WiFi controller IP address(es). The most direct method is to input an IP address in hexadecimal format. For example, 192.168.0.1 converts to C0A80001.

For DHCP servers that support inputting other option types, you can select the "IP" type and then input a regular IP address.

You can also input multiple addresses (concatenated in hexadecimal format). The first address has the highest priority.

If Option 138 is used for some other purpose on your network, you can use a different option number if you configure the AP units to match.

To change the FortiAP DHCP option code

To use option code 139 for example, enter

cfg –a AC_DISCOVERY_DHCP_OPTION_CODE=139

For information about connecting to the FortiAP CLI, see FortiAP CLI access.

DNS

The access point can discover controllers through your domain name server (DNS). For the access point to do so, you must configure your DNS to return controller IP addresses in response. Allow DNS lookup of the hostname configured in the AP by using the AP parameter "AC_HOSTNAME_1".

By default, the AC_HOSTNAME_1 parameter is set to _capwap-control._udp.example.com.

To change the default parameter
  1. From the FortiAP CLI, enter the following commands:

    cfg -a AC_HOSTNAME_1=<yourcompany.com>

    cfg -c

  2. Add an A record to the DNS server to resolve the configured domain.

FortiLAN Cloud

The access point can discover FortiLAN Cloud by doing a DNS lookup of the hardcoded FortAP Cloud AP controller hostname "apctrl1.fortinet.com". The FortiAP Cloud AC discovery technique finds the AC info from apctl1.fortinet.com using HTTPS.

FortiAP Cloud - APController: apctrl1.fortinet.com:443 208.91.113.187:443

Broadcast request

The AP unit broadcasts a discovery request message to the network and the controller replies. The AP and the controller must be in the same broadcast domain. No configuration adjustments are required.

Multicast request

The AP unit sends a multicast discovery request and the controller replies with a unicast discovery response message. The AP and the controller do not need to be in the same broadcast domain if multicast routing is properly configured.

The default multicast destination address is 224.0.1.140. It can be changed through the CLI. The address must be same on the controller and AP.

To change the multicast address on the controller

config wireless-controller global

set discovery-mc-addr 224.0.1.250

end

To change the multicast address on a FortiAP unit

cfg –a AC_DISCOVERY_MC_ADDR="224.0.1.250"

For information about connecting to the FortiAP CLI, see FortiAP CLI access.

Advanced WiFi controller discovery

Advanced WiFi controller discovery

A FortiAP unit can use any of six methods to locate a controller. By default, FortiAP units cycle through all six of the discovery methods. In most cases there is no need to make configuration changes on the FortiAP unit.

There are exceptions. The following section describes the WiFi controller discovery methods in more detail and provides information about configuration changes you might need to make so that discovery will work.

Controller discovery methods

There are six methods that a FortiAP unit can use to discover a WiFi controller. When the FortiAP discovery type is set to auto, the AP Controller (AC) uses the following discovery methods in sequence:

1(static) → 2(dhcp) → 3(dns) → 7(fortiapcloud) → 5(multicast) → 6(broadcast)

For every discovery type, FortiAP sends out discovery requests and sets a timer, an interval defined as a random number of seconds (between 2 and 180, default is 5 seconds), which is set via the CLI:

CLI syntax

config wireless-controller timers

set discovery-interval 5

end

After the timeout is reached, FortiAP sends out another discovery request, up to a maximum of 3 times.

After about 3 - 15 seconds, if FortiAP has no AC connection, it will switch to another discovery type and repeat the above process until the last one (broadcast) fails, which will lead to SULKING state.

After about 30 seconds, FortiAP will go into an AC_IP_DISCVER state. After the AC IP is found, it will go to IDLE state, and will eventually go to the DISCOVERY state, and repeat the above process again.

Note that, while the process above is showcasing the auto discovery method, it's recommended to set the AC_DISCOVERY_TYPE to your used method in order to reduce downtime.

Static IP configuration

If FortiAP and the controller are not in the same subnet, broadcast and multicast packets cannot reach the controller. The admin can specify the controller’s static IP on the AP unit. The AP unit sends a discovery request message in unicast to the controller. Routing must be properly configured in both directions.

To specify the controller’s IP address on a FortiAP unit

cfg –a AC_IPADDR_1="192.168.0.100"

By default, the FortiAP unit receives its IP address, netmask, and gateway address by DHCP. If you prefer, you can assign these statically.

To assign a static IP address to the FortiAP unit

cfg -a ADDR_MODE=STATIC

cfg –a AP_IPADDR="192.168.0.100"

cfg -a AP_NETMASK="255.255.255.0"

cfg –a IPGW=192.168.0.1

cfg -c

For information about connecting to the FortiAP CLI, see FortiAP CLI access.

DHCP

If you use DHCP to assign an IP address to your FortiAP unit, you can also provide the WiFi controller IP address at the same time. This is useful if the AP is located remotely from the WiFi controller and other discovery techniques will not work. Since the AP sequentially goes through all the different discovery methods, DHCP has the best ratio between configuration and time for discovery.

When you configure the DHCP server, configure Option 138 to specify the WiFi controller IP address(es). The most direct method is to input an IP address in hexadecimal format. For example, 192.168.0.1 converts to C0A80001.

For DHCP servers that support inputting other option types, you can select the "IP" type and then input a regular IP address.

You can also input multiple addresses (concatenated in hexadecimal format). The first address has the highest priority.

If Option 138 is used for some other purpose on your network, you can use a different option number if you configure the AP units to match.

To change the FortiAP DHCP option code

To use option code 139 for example, enter

cfg –a AC_DISCOVERY_DHCP_OPTION_CODE=139

For information about connecting to the FortiAP CLI, see FortiAP CLI access.

DNS

The access point can discover controllers through your domain name server (DNS). For the access point to do so, you must configure your DNS to return controller IP addresses in response. Allow DNS lookup of the hostname configured in the AP by using the AP parameter "AC_HOSTNAME_1".

By default, the AC_HOSTNAME_1 parameter is set to _capwap-control._udp.example.com.

To change the default parameter
  1. From the FortiAP CLI, enter the following commands:

    cfg -a AC_HOSTNAME_1=<yourcompany.com>

    cfg -c

  2. Add an A record to the DNS server to resolve the configured domain.

FortiLAN Cloud

The access point can discover FortiLAN Cloud by doing a DNS lookup of the hardcoded FortAP Cloud AP controller hostname "apctrl1.fortinet.com". The FortiAP Cloud AC discovery technique finds the AC info from apctl1.fortinet.com using HTTPS.

FortiAP Cloud - APController: apctrl1.fortinet.com:443 208.91.113.187:443

Broadcast request

The AP unit broadcasts a discovery request message to the network and the controller replies. The AP and the controller must be in the same broadcast domain. No configuration adjustments are required.

Multicast request

The AP unit sends a multicast discovery request and the controller replies with a unicast discovery response message. The AP and the controller do not need to be in the same broadcast domain if multicast routing is properly configured.

The default multicast destination address is 224.0.1.140. It can be changed through the CLI. The address must be same on the controller and AP.

To change the multicast address on the controller

config wireless-controller global

set discovery-mc-addr 224.0.1.250

end

To change the multicast address on a FortiAP unit

cfg –a AC_DISCOVERY_MC_ADDR="224.0.1.250"

For information about connecting to the FortiAP CLI, see FortiAP CLI access.