Fortinet black logo

SD-Branch ZTP Framework with FortiManager

Home FortiGate / FortiOS 6.4.0 SD-Branch ZTP Framework with FortiManager

FortiAP deployment method

6.4.0
6.4.0
Copy Link
Copy Doc ID be779cd2-73cc-11ec-bdf2-fa163e15d75b:481779
Download PDF

FortiAP deployment method

FortiAPs will also be controlled by FortiGate. Contrary to the FortiSwitch device, which is connected to FortiGate, it is more practical to connect FortiAP to FortiSwitch. To manage our FortiAP, we will later use the FortiSwitch Manager module in FortiManager to create a dedicated management VLAN named AP_Management along with a DHCP server.

It is not necessary to create a specific management VLAN for our FortiAPs. Instead we can use one of the following options:

  1. Use an extra management VLAN that is created on FortiSwitch to manage our FortiAPs.

    The extra VLAN runs a DHCP server and can be routed with or without SNMP monitoring. An extra VLAN is useful if we want to completely separate our SSID network from our wired network by using only SSIDs in tunnel mode.

  2. Place our FortiAP in the same VLAN as our wired clients.

    The FortiAPs will receive an IP address on the LAN network and can have an SSID bridging the wireless clients to the wired network as well as SSIDs in tunnel mode.

In both case, we need to make sure that the Secure Fabric Connection option is enabled and that the interface runs a DHCP server.

In our example, we will use the first option and create a dedicated management VLAN with an isolated network.

Note

As this guide focuses on central management and deployment of SD-Branches, we don’t configure the advanced options and specific details pertaining to a WiFi deployment. It is strongly recommended to perform site surveys, spectrum analysis, and coverage mappings to determine the ideal AP placement.
Previous
Next

FortiAP deployment method

FortiAPs will also be controlled by FortiGate. Contrary to the FortiSwitch device, which is connected to FortiGate, it is more practical to connect FortiAP to FortiSwitch. To manage our FortiAP, we will later use the FortiSwitch Manager module in FortiManager to create a dedicated management VLAN named AP_Management along with a DHCP server.

It is not necessary to create a specific management VLAN for our FortiAPs. Instead we can use one of the following options:

  1. Use an extra management VLAN that is created on FortiSwitch to manage our FortiAPs.

    The extra VLAN runs a DHCP server and can be routed with or without SNMP monitoring. An extra VLAN is useful if we want to completely separate our SSID network from our wired network by using only SSIDs in tunnel mode.

  2. Place our FortiAP in the same VLAN as our wired clients.

    The FortiAPs will receive an IP address on the LAN network and can have an SSID bridging the wireless clients to the wired network as well as SSIDs in tunnel mode.

In both case, we need to make sure that the Secure Fabric Connection option is enabled and that the interface runs a DHCP server.

In our example, we will use the first option and create a dedicated management VLAN with an isolated network.

Note

As this guide focuses on central management and deployment of SD-Branches, we don’t configure the advanced options and specific details pertaining to a WiFi deployment. It is strongly recommended to perform site surveys, spectrum analysis, and coverage mappings to determine the ideal AP placement.
Previous
Next