The interface to which you connect your wireless access point needs an IP address. No administrative access, DNS Query service or authentication should be enabled.
In this example, the FortiAP units connect to port3 and are controlled through IP addresses on the 10.10.70.0/24 network.
- Go to Network > Interfaces, and edit the interface to which the AP unit connects (in this example, port3).
- In Addressing mode, select Manual.
In IP/Network Mask, enter an IP address and netmask for the interface (in this example, 10.10.70.1/255.255.255.0).
- In the Administrative Access section, go to IPv4 and select the Security Fabric Connection checkbox.
When FortiAP units are connected to the interface on FortiGate (directly or through a switch), you can go to the Edit Interface section and set the Role to LAN.
Selecting the LAN role loads the DHCP Server toggle. If you enable DHCP Server, the GUI can automatically set the DHCP IP range based on the interface IP address.
- Click OK.
If you enable DHCP Server, you can also specify the Wireless controller IP address from under the Advanced section.
In the CLI, you must configure the interface IP address and DHCP server separately.
config system interface
set mode static
set ip 10.10.70.1 255.255.255.0
set allowaccess fabric
config system dhcp server
set interface "port3"
set start-ip 10.10.70.2
set end-ip 10.10.70.254
set default-gateway 10.10.70.1
set netmask 255.255.255.0
set vci-match enable
set vci-string "FortiAP"
vci-string fields ensure that the DHCP server will provide IP addresses only to FortiAP units.
The aplink link interface is an interface unique to certain FortiWiFi models, including but not limited to FWF-80F-2R and FWF-81F-2R. It acts as an internal trunk interface between the FortiAP and FortiGate. The aplink1 and aplink2 members are physical interfaces between the FortiAP and the FortiGate.
You can edit the aplink interface to change the subnet IP, however, the DHCP server should not be edited as it can cause the internal AP to stop working and lead to loss of WiFi capability on the AP.
config system interface edit "aplink" set vdom "root" set ip 192.168.80.1 255.255.255.0 set allowaccess ping fabric set type aggregate set member "aplink1" "aplink2" set device-identification enable next end