Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiWiFi and FortiAP Configuration Guide

LAN port aggregation and redundancy

Some FortiAP models have dual Ethernet ports, labeled LAN1 and LAN2. These ports can be reconfigured to support Link Aggregation Control Protocol (LACP) and uplink/POE redundancy.

For information on which FortiAP models have ports that support being reconfigured, refer to the FortiAP product data sheet.

Enabling LACP

Such FortiAP LAN1 and LAN2 ports can be re-configured to function as one aggregated link, per IEEE 802.3ad Link Aggregation Control Protocol (LACP), allowing data traffic across both ports to increase the overall throughput and support redundancy.

LACP enables you to bind two or more physical interfaces together to form an aggregated (combined) link. This new link has the bandwidth of all the links combined. If a link in the group fails, traffic is transferred automatically to the remaining interfaces. The only noticeable effect is reduced bandwidth.

Tooltip

You can only enable the Link Aggregation Control Protocol (LACP) from the FortiAP CLI. The commands for enabling LACP differ depending on the FortiAP model type.

To enable LACP on a FortiAP, FortiAP-S, or FortiAP-W2 model - CLI
  1. Access the CLI of your FortiAP (see FortiAP CLI access).
  2. In the FortiAP CLI, set the WANLAN_MODE parameter to AGGREGATE by entering the following command:

    cfg -a WANLAN_MODE=AGGREGATE

    Note: By default, WANLAN_MODE is set to WAN-ONLY.

  3. Save the changes to the device flash with the following command:

    cfg -c

To enable LACP on a FortiAP U model - CLI
  1. Access the CLI of your FortiAP (see FortiAP CLI access).
  2. In the FortiAP CLI, set the FAP_ETHER_TRUNK parameter to 2 by entering the following command:

    cfg -a FAP_ETHER_TRUNK=2

    Note: By default, FAP_ETHER_TRUNK is set to 0.

  3. Save the changes to the device flash with the following command:

    cfg -c

Configuring uplink redundancy without LACP

In a redundant interface, traffic only travels over one interface at any time. This differs from an aggregated interface where traffic travels over all interfaces for increased bandwidth.

FortiAP models with dual LAN1 and LAN2 ports can support redundant uplink without configuring LACP. The redundancy is achieved by isolating both ports with two different management VLANs.

Example uplink redundancy configuration

The preceding figure shows an example uplink configuration:

  • On Switch A, VLAN10 is configured as the untagged management VLAN and connects from the FortiAP LAN 1 port to Switch A.

  • On Switch B, VLAN20 has been configured the untagged management VLAN and connects from the FortiAP LAN 2 port to Switch B.

  • Having different management VLANs prevent L2 loops.

  • There are no routing or policies between these VLANs/subnets so the FortiAP cannot discover a management interface outside of its subnet. This prevents routing loops if multicast policies or Bonjour are configured later.

  • On the FortiAP, AC1 is set to the VLAN10 management IP and AC2 to the VLAN20 management IP.

  • If the uplink on VLAN 10 and Switch A fails, the FortiAP will reboot and come online using VLAN20 on Switch B. As soon as AC1 on VLAN10 becomes reachable again, the AP will fallback to the primary link.

Note

For FortiAP models where both LAN ports support POE, this configuration can also achieve POE redundancy.

LAN port aggregation and redundancy

Some FortiAP models have dual Ethernet ports, labeled LAN1 and LAN2. These ports can be reconfigured to support Link Aggregation Control Protocol (LACP) and uplink/POE redundancy.

For information on which FortiAP models have ports that support being reconfigured, refer to the FortiAP product data sheet.

Enabling LACP

Such FortiAP LAN1 and LAN2 ports can be re-configured to function as one aggregated link, per IEEE 802.3ad Link Aggregation Control Protocol (LACP), allowing data traffic across both ports to increase the overall throughput and support redundancy.

LACP enables you to bind two or more physical interfaces together to form an aggregated (combined) link. This new link has the bandwidth of all the links combined. If a link in the group fails, traffic is transferred automatically to the remaining interfaces. The only noticeable effect is reduced bandwidth.

Tooltip

You can only enable the Link Aggregation Control Protocol (LACP) from the FortiAP CLI. The commands for enabling LACP differ depending on the FortiAP model type.

To enable LACP on a FortiAP, FortiAP-S, or FortiAP-W2 model - CLI
  1. Access the CLI of your FortiAP (see FortiAP CLI access).
  2. In the FortiAP CLI, set the WANLAN_MODE parameter to AGGREGATE by entering the following command:

    cfg -a WANLAN_MODE=AGGREGATE

    Note: By default, WANLAN_MODE is set to WAN-ONLY.

  3. Save the changes to the device flash with the following command:

    cfg -c

To enable LACP on a FortiAP U model - CLI
  1. Access the CLI of your FortiAP (see FortiAP CLI access).
  2. In the FortiAP CLI, set the FAP_ETHER_TRUNK parameter to 2 by entering the following command:

    cfg -a FAP_ETHER_TRUNK=2

    Note: By default, FAP_ETHER_TRUNK is set to 0.

  3. Save the changes to the device flash with the following command:

    cfg -c

Configuring uplink redundancy without LACP

In a redundant interface, traffic only travels over one interface at any time. This differs from an aggregated interface where traffic travels over all interfaces for increased bandwidth.

FortiAP models with dual LAN1 and LAN2 ports can support redundant uplink without configuring LACP. The redundancy is achieved by isolating both ports with two different management VLANs.

Example uplink redundancy configuration

The preceding figure shows an example uplink configuration:

  • On Switch A, VLAN10 is configured as the untagged management VLAN and connects from the FortiAP LAN 1 port to Switch A.

  • On Switch B, VLAN20 has been configured the untagged management VLAN and connects from the FortiAP LAN 2 port to Switch B.

  • Having different management VLANs prevent L2 loops.

  • There are no routing or policies between these VLANs/subnets so the FortiAP cannot discover a management interface outside of its subnet. This prevents routing loops if multicast policies or Bonjour are configured later.

  • On the FortiAP, AC1 is set to the VLAN10 management IP and AC2 to the VLAN20 management IP.

  • If the uplink on VLAN 10 and Switch A fails, the FortiAP will reboot and come online using VLAN20 on Switch B. As soon as AC1 on VLAN10 becomes reachable again, the AP will fallback to the primary link.

Note

For FortiAP models where both LAN ports support POE, this configuration can also achieve POE redundancy.