This example uses automatic configuration to set up a basic network using a FortiGate <-> FortiSwitch <-> FortiAP topology.
To configure this network, perform the following tasks:
- Configure FortiLink on your FortiGate unit.
- Physically connect your FortiSwitch to the FortiGate.
- Configure a wireless VLAN for your APs.
- Connect your FortiAPs to the FortiSwitch and authorize your FortiAPs from the FortiGate.
FortiLink is a management protocol that enables FortiGates to manage any FortiSwitches connected to the FortiGate. Before connecting the FortiSwitch to the FortiGate unit, ensure the switch controller feature is enabled on the FortiGate. Once the feature is enabled, you can configure the FortiLink interface by assigning FortiGate interfaces as the designated FortiLink port.
- Go to System > Feature Visibility.
- From the Core Features list, enable the Switch Controller toggle.
The WiFi & Switch Controller menu option now shows in the FortiGate navigation menu.
- Go to WiFi and Switch Controller > FortiLink Interface.
In the Interface members field, click + and select the interface(s) you want to designate as FortiLink interface members.
Note: If you do not see any interfaces listed in the Select Entries pane, it means there are no available unused or unreferenced physical interfaces and you must free up an interface from other configurations.
- Configure the IP/Network Mask for your network.
- Click Apply.
For more detailed instructions, refer to the FortiSwitch Managed Switch guide.
Some FortiSwitch models provide designated ports for the FortiLink connection, check the hardware manual to see which port is the designated FortiLink port.
- Connect the FortiSwitch to the FortiGate unit via the FortiLink interface you assigned earlier.
Go to WiFi and Switch Controller > Managed FortiSwitch and locate your switch.
Note: It may take a few minutes for the switch to show up.
- Once the FortiSwitch shows up, right-click the switch and select Authorize.
Once the FortiSwitch is connected to the FortiGate and authorized, you can use a default VLAN or create a FortiSwitch VLAN to place your FortiAPs in. A new VLAN sub-interface is created under the FortiLink interface, and it will manage the IP address assignment of your FortiAPs.
- Go to WiFi and Switch Controller > FortiSwitch VLANs and click Create New.
Configure the following fields:
- Interface Name: Create a name for the VLAN.
- VLAN ID: Enter a number (1-4094).
- Role: Select LAN.
- Select the Manual Address mode and input an IP/Netmask.
- Under Administrative Access, enable Security Fabric Connection and any other access options you want.
- Enable DHCP Server. Edit the default address range if needed.
- When you finished, click OK.
For more detailed instructions on creating a FortiSwitch VLAN, refer to the FortiSwitch Managed Switch guide.
Once you create a FortiSwitch VLAN, assign the VLAN to the FortiSwitch ports you want to connect a FortiAP to.
- Go to WiFi and Switch Controller > FortiSwitch Ports and locate the port you want to connect a FortiAP to.
Click to select the port and click the edit icon in the Native VLAN column to change the VLAN.
The Select Entries menu loads.
- From the Select Entries menu, select the FortiSwitch VLAN you created and click Apply.
After you apply the FortiAP VLAN to a FortiSwitch port, you can connect a FortiAP unit to that FortiSwitch Port. Wait a few minutes for the FortiAP to be recognized, and then authorize the FortiAP.
- Connect the FortiAP to the FortiSwitch port you've assigned the FortiAP VLAN.
Go to WiFi and Switch Controller > Managed FortiAPs and wait for the FortiAP unit to be listed.
Note: Recognition of the FortiAP unit can take up to two minutes, you can periodically click the Refresh button.
When the FortiAP unit is listed, right-click and select Authorize to authorize the unit.
The FortiAP can now be managed by FortiGate through a FortiSwitch.
Once the FortiAP is connected and authorized by the FortiGate, you can configure SSIDs and attach profiles to allow wireless access to the AP. For instructions on setting up your wireless network, see Wireless network configuration tasks.