Fortinet black logo

Campus WLAN Deployment Guide

Home FortiAP / FortiWiFi 7.0.0 Campus WLAN Deployment Guide
7.0.0
7.0.0

Add an Aggregate Interface for the FortiAP Control Plane – AP Incoming Traffic

Add an Aggregate Interface for the FortiAP Control Plane – AP Incoming Traffic

You must define an interface for the APs to connect to the controller on, and it needs to be able to handle the traffic volume. Note that a FortiGate is extremely configurable and can support scenarios with multiple incoming AP interfaces, but such scenarios are rare and complex. A single AP uplink interface is the least complicated and usually best.

Mid-range FortiGates may come with most ports preassigned as LAN ports. In such a case, to configure an aggregate interface across multiple physical ports, the ports may first need to be removed from the default LAN interface.

  1. Go to Network > Interfaces.
  2. Find the default lan interface—usually under VLAN Switch or Hardware Switch.

  3. Double-click on the lan interface.

    The Edit interface screen appears.

  4. In the Interface members section, remove the interfaces that will become part of the AP uplink interface.

  5. Click OK.

Now, to create the aggregate interface:

  1. Go to Network > Interfaces.

  2. Click Create New and select Interface.

    The New Interface screen appears.

  3. In the New Interface screen:

    1. Name the interface.
    2. Under Type, select 802.3ad Aggregate.
    3. In Interface members, add the physical ports for the interface.
    4. In Role, select LAN.
    5. Give the interface an address – this is a permanent interface and needs a fixed, manually assigned IP address.
    6. Under Administrative Access, enable Security Fabric Connection.
    7. Click OK.

Note

Security Fabric Connection is the setting that tells the FortiGate Controller to accept FortiLink connections originating on this interface. If it is not enabled, the FortiGate will NOT accept and control APs communicating via this interface.

The ports of the aggregate interface are now ready to be connected to the LAG ports of the aggregation or core switch. Keep in mind, this is a HA configuration, and the uplink LAG switch stack will need enough ports for both the Primary and Secondary FortiGate WiFi Controllers. This means it needs twice as many as configured on the controller, half of them active and half of them available for the inactive controller as backup.

Previous
Next

Add an Aggregate Interface for the FortiAP Control Plane – AP Incoming Traffic

You must define an interface for the APs to connect to the controller on, and it needs to be able to handle the traffic volume. Note that a FortiGate is extremely configurable and can support scenarios with multiple incoming AP interfaces, but such scenarios are rare and complex. A single AP uplink interface is the least complicated and usually best.

Mid-range FortiGates may come with most ports preassigned as LAN ports. In such a case, to configure an aggregate interface across multiple physical ports, the ports may first need to be removed from the default LAN interface.

  1. Go to Network > Interfaces.
  2. Find the default lan interface—usually under VLAN Switch or Hardware Switch.

  3. Double-click on the lan interface.

    The Edit interface screen appears.

  4. In the Interface members section, remove the interfaces that will become part of the AP uplink interface.

  5. Click OK.

Now, to create the aggregate interface:

  1. Go to Network > Interfaces.

  2. Click Create New and select Interface.

    The New Interface screen appears.

  3. In the New Interface screen:

    1. Name the interface.
    2. Under Type, select 802.3ad Aggregate.
    3. In Interface members, add the physical ports for the interface.
    4. In Role, select LAN.
    5. Give the interface an address – this is a permanent interface and needs a fixed, manually assigned IP address.
    6. Under Administrative Access, enable Security Fabric Connection.
    7. Click OK.

Note

Security Fabric Connection is the setting that tells the FortiGate Controller to accept FortiLink connections originating on this interface. If it is not enabled, the FortiGate will NOT accept and control APs communicating via this interface.

The ports of the aggregate interface are now ready to be connected to the LAG ports of the aggregation or core switch. Keep in mind, this is a HA configuration, and the uplink LAG switch stack will need enough ports for both the Primary and Secondary FortiGate WiFi Controllers. This means it needs twice as many as configured on the controller, half of them active and half of them available for the inactive controller as backup.

Previous
Next