DNS configuration for local standalone NAT VAPs 7.0.1
For SSIDs in local standalone NAT mode, up to three DNS servers can be defined and assigned to wireless endpoints through DHCP.
Example
In this example, an SSID (wifi.fap.01) is configured in local standalone mode with local standalone NAT enabled. Two DNS servers are specified so that wireless endpoints receive the DNS server IP addresses through DHCP when the endpoints connect to the SSID.
To configure the DNS servers and confirm that they are propagated to the endpoints:
-
Configure a VAP:
config wireless-controller vap edit "wifi.fap.01" set ssid "wifi-ssid.fap.01" set passphrase ********** set local-standalone enable set local-standalone-nat enable set local-standalone-dns enable set local-standalone-dns-ip 8.8.8.8 8.8.4.4 set local-bridging enable set local-authentication enable next end
-
Check the configured DNS server:
# diagnose wireless-controller wlac -c wlan wifi.fap.01 WLAN (001/002) vdom,name: vdom1, wifi.fap.01 vlanid : 0 (auto vlan intf disabled) ... mesh backhaul : disabled local standalone : enabled (nat enabled 0.0.0.0/0.0.0.0 lease 2400 dns enabled dns-ip 8.8.8.8 8.8.4.4) local bridging : enabled ... ldpc config : rxtx mf acl cfg : disabled, allow, 0 entries WTP 0001 : 3, FP431FTF20013818 ---- 3-10.100.100.230:5246 (13 - CWAS_RUN)
-
On the managed FortiAP, verify the configuration:
FortiAP-431F # vcfg -------------------------------VAP Configuration 1---------------------------- Radio Id 1 WLAN Id 0 wifi-ssid.fap.01 ADMIN_UP(INTF_UP) init_going 0.0.0.0/0.0.0.0 unknown (-1) vlanid=0, intf=wlan10, vap=0xb85018, bssid=e0:23:ff:b5:2a:40 11ax high-efficiency=enabled target-wake-time=enabled bss-color=0 partial=enabled mesh backhaul=disabled local_auth=enabled standalone=enabled nat_mode=enabled standalone_dns=enabled dns_ip=8.8.8.8,8.8.4.4 bandsteering=disabled ... primary wag: secondary wag: -------------------------------Total 1 VAP Configurations----------------------------
FortiAP-431F # dhcpconf # dhcpd.conf default-lease-time 2400; max-lease-time 8640000; option domain-name-servers 172.17.254.148,208.91.112.53; ddns-update-style none; authoritative; # intf br.nat.0 subnet 192.168.116.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; option broadcast-address 192.168.116.255; option routers 192.168.116.1; option domain-name-servers 8.8.8.8,8.8.4.4; range 192.168.116.20 192.168.116.249; default-lease-time 2400; }
FortiAP-431F # acconf | grep dns local_st_dns_1_0=1 sz_st_dns_ip_1_0=2 local_st_dns_ip_list[0]_1_0=8080808 local_st_dns_ip_list[1]_1_0=8080404
-
Check the SSID and DNS configuration on a Linux client connected to that SSID:
# iwconfig wlan0 IEEE 802.11 ESSID:"wifi-ssid.fap.01" Mode:Managed Frequency:5.22 GHz Access Point: E0:23:FF:B5:2A:40 Bit Rate=260 Mb/s Tx-Power=200 dBm ...
# resolvectl status | grep -1 'DNS Server' DNSSEC supported: no Current DNS Server: 8.8.8.8 DNS Servers: 8.8.8.8 8.8.4.4