Fortinet black logo

FortiWiFi and FortiAP Configuration Guide

LAN port uplink redundancy without LACP

Copy Link
Copy Doc ID aff29563-e919-11ed-8e6d-fa163e15d75b:659158
Download PDF

In a redundant interface, traffic only travels over one interface at any time. This differs from an aggregated interface where traffic travels over all interfaces for increased bandwidth.

FortiAP models with dual LAN1 and LAN2 ports can support Layer 2 redundant uplink without configuring LACP. One way to achieve redundancy is to isolate both ports with two different management VLANs.

Example Layer 2 uplink redundancy configuration

The preceding figure shows an example uplink configuration:

  • On Switch A, VLAN10 is configured as the untagged management VLAN and connects from the FortiAP LAN 1 port to Switch A. On Switch B, VLAN20 has been configured as the untagged management VLAN and connects from the FortiAP LAN 2 port to Switch B.

  • Having different management VLANs prevent L2 loops. There are no routing or policies between these VLANs/subnets so the FortiAP cannot discover a management interface outside of its subnet. This prevents routing loops if multicast policies or Bonjour are configured later.

  • On the FortiAP, AC1 is set to the VLAN10 management IP and AC2 to the VLAN20 management IP.

  • If the uplink on VLAN10 and Switch A fails, the FortiAP will reboot and come online using VLAN20 on Switch B.

    Note that even if VLAN10 becomes reachable again, the FortiAP will not switch back to VLAN 10.

  • The FortiAP does not check for AC reachability and only checks to see if the DHCP is available. It gets the IP from either VLAN10 or VLAN20 depending on which DHCP server replies first. It may take a few minutes for the FortiAP to give up on the old AC and rediscover the new one.

Note

For FortiAP models where both LAN ports support POE, this configuration can also achieve POE redundancy. Due to POE sharing, the AP will not reboot when it experiences an uplink failure.

In a redundant interface, traffic only travels over one interface at any time. This differs from an aggregated interface where traffic travels over all interfaces for increased bandwidth.

FortiAP models with dual LAN1 and LAN2 ports can support Layer 2 redundant uplink without configuring LACP. One way to achieve redundancy is to isolate both ports with two different management VLANs.

Example Layer 2 uplink redundancy configuration

The preceding figure shows an example uplink configuration:

  • On Switch A, VLAN10 is configured as the untagged management VLAN and connects from the FortiAP LAN 1 port to Switch A. On Switch B, VLAN20 has been configured as the untagged management VLAN and connects from the FortiAP LAN 2 port to Switch B.

  • Having different management VLANs prevent L2 loops. There are no routing or policies between these VLANs/subnets so the FortiAP cannot discover a management interface outside of its subnet. This prevents routing loops if multicast policies or Bonjour are configured later.

  • On the FortiAP, AC1 is set to the VLAN10 management IP and AC2 to the VLAN20 management IP.

  • If the uplink on VLAN10 and Switch A fails, the FortiAP will reboot and come online using VLAN20 on Switch B.

    Note that even if VLAN10 becomes reachable again, the FortiAP will not switch back to VLAN 10.

  • The FortiAP does not check for AC reachability and only checks to see if the DHCP is available. It gets the IP from either VLAN10 or VLAN20 depending on which DHCP server replies first. It may take a few minutes for the FortiAP to give up on the old AC and rediscover the new one.

Note

For FortiAP models where both LAN ports support POE, this configuration can also achieve POE redundancy. Due to POE sharing, the AP will not reboot when it experiences an uplink failure.