Fortinet black logo

Campus WLAN Deployment Guide

Home FortiAP / FortiWiFi 7.0.0 Campus WLAN Deployment Guide
7.0.0
7.0.0

Configure FortiGate WLAN Controller Interfaces for the Campus Network

Configure FortiGate WLAN Controller Interfaces for the Campus Network

FortiGate are versatile network devices and extremely configurable to match the needs of your network layout. This section covers the most common and straightforward network interface configuration for a campus network, with redundancy, for three interfaces:

  • A Management interface for out-of-band management of the FortiGate WiFi controller(s).
  • A FortiAP control interface, or 'control plane' as an LACP aggregate (802.3ad) interface, with AP traffic L3 connected and routed here. AP 'data plane' traffic will be tunneled to this interface.
  • A WLAN traffic distribution interface to the rest of the network, also as a LACP aggregate interface, with additional routing upstream from here.

You can use the FortiGate WiFi controller's capabilities with a more nuanced configuration interfaces serving some of the traffic, but all such interfaces necessarily serve one of the above three roles. For more details on configuring FortiGate Interfaces, refer to the Interface section in the FortiOS Administration Guide.

Edit the FortiGate Management Interface

  1. Go to Network > Interfaces.

  2. Expand Physical Interface.

  3. Double-click on the mgmt interface.

    The Edit Interface screen loads.

You can make any changes here to fit deployment in the existing network. Changes will be synched to the backup WiFi Controller.

  • Trusted hosts, as in management stations, can be added. These can be either specific IPs or subnets. The default is any host -0.0.0.0/0.
  • The IP address can be changed to whatever matches the campus network for out of band management of the WiFi Controllers and the WLANs they control.
  • Administrative Access defaults are best accepted. These are the protocols the FortiGate will respond to on this interface. HTTPS is necessary for the Web UI.
    • If you want to manage the FortiGate WiFi Controller over multiple interfaces, any additional interfaces will need the appropriate "Administrative Access" setting as here.
  • DHCP server is enabled by default, so that a management laptop can be quickly connected to the FortiGate for setup. If there is already a DHCP server on the subnet the management ports will be connected to, this must be disabled to avoid problems.
  • When the settings match the campus network's needs, click OK.

At this point, assuming the management IP has been updated and the DHCP server disabled, the administrative laptop will lose contact with the FortiGate WiFi Controller HA pair. Move the FortiGate HA pair to their final location if they are not already there, verify the HA ports are connected, and connect the management ports to the management subnet, preferably via a pair of redundant switches in an MCLAG pair.

Additional configuration can now be done from any trusted host.

Previous
Next

Configure FortiGate WLAN Controller Interfaces for the Campus Network

FortiGate are versatile network devices and extremely configurable to match the needs of your network layout. This section covers the most common and straightforward network interface configuration for a campus network, with redundancy, for three interfaces:

  • A Management interface for out-of-band management of the FortiGate WiFi controller(s).
  • A FortiAP control interface, or 'control plane' as an LACP aggregate (802.3ad) interface, with AP traffic L3 connected and routed here. AP 'data plane' traffic will be tunneled to this interface.
  • A WLAN traffic distribution interface to the rest of the network, also as a LACP aggregate interface, with additional routing upstream from here.

You can use the FortiGate WiFi controller's capabilities with a more nuanced configuration interfaces serving some of the traffic, but all such interfaces necessarily serve one of the above three roles. For more details on configuring FortiGate Interfaces, refer to the Interface section in the FortiOS Administration Guide.

Edit the FortiGate Management Interface

  1. Go to Network > Interfaces.

  2. Expand Physical Interface.

  3. Double-click on the mgmt interface.

    The Edit Interface screen loads.

You can make any changes here to fit deployment in the existing network. Changes will be synched to the backup WiFi Controller.

  • Trusted hosts, as in management stations, can be added. These can be either specific IPs or subnets. The default is any host -0.0.0.0/0.
  • The IP address can be changed to whatever matches the campus network for out of band management of the WiFi Controllers and the WLANs they control.
  • Administrative Access defaults are best accepted. These are the protocols the FortiGate will respond to on this interface. HTTPS is necessary for the Web UI.
    • If you want to manage the FortiGate WiFi Controller over multiple interfaces, any additional interfaces will need the appropriate "Administrative Access" setting as here.
  • DHCP server is enabled by default, so that a management laptop can be quickly connected to the FortiGate for setup. If there is already a DHCP server on the subnet the management ports will be connected to, this must be disabled to avoid problems.
  • When the settings match the campus network's needs, click OK.

At this point, assuming the management IP has been updated and the DHCP server disabled, the administrative laptop will lose contact with the FortiGate WiFi Controller HA pair. Move the FortiGate HA pair to their final location if they are not already there, verify the HA ports are connected, and connect the management ports to the management subnet, preferably via a pair of redundant switches in an MCLAG pair.

Additional configuration can now be done from any trusted host.

Previous
Next