Fortinet black logo

SD-WAN / SD-Branch Deployment Guide

Home FortiGate / FortiOS 7.0.0 SD-WAN / SD-Branch Deployment Guide
7.0.0
7.0.0

Adding an AP VLAN

Adding an AP VLAN

Prepare an AP VLAN by going to FortiSwitch VLANS and creating a VLAN for AP management on the control plane. The VLAN is used to create security isolation between the AP management on the control channel and user traffic on the data channel. You can use many different methods to configure administrative access. For alternative methods, see the Campus WLAN Architecture Guide.

To add an AP VLAN:
  1. Go to WiFi & Switch Controller > FortiSwitch VLANs, and click Create New.
  2. Enter a name for the interface.
  3. In the Address section, set the following options:
    1. Set Addressing Mode to Manual.
    2. Set IP/Netmask to a VLAN or gateway IP address.
  4. Under Administrative Access, select Security Fabric Connection under administrative access. Add others as needed.
  5. Under Network, set the following option:
    1. Enable Device detection.
    2. Enable Automatically authorize devices.

      Even in a high-security environment, it is recommended to enable this option, until initial deployment is done. Then disable the option to lock down the network.

  6. Enable DHCP Server, and configure the IP range.
  7. Click OK.
Previous
Next

Adding an AP VLAN

Prepare an AP VLAN by going to FortiSwitch VLANS and creating a VLAN for AP management on the control plane. The VLAN is used to create security isolation between the AP management on the control channel and user traffic on the data channel. You can use many different methods to configure administrative access. For alternative methods, see the Campus WLAN Architecture Guide.

To add an AP VLAN:
  1. Go to WiFi & Switch Controller > FortiSwitch VLANs, and click Create New.
  2. Enter a name for the interface.
  3. In the Address section, set the following options:
    1. Set Addressing Mode to Manual.
    2. Set IP/Netmask to a VLAN or gateway IP address.
  4. Under Administrative Access, select Security Fabric Connection under administrative access. Add others as needed.
  5. Under Network, set the following option:
    1. Enable Device detection.
    2. Enable Automatically authorize devices.

      Even in a high-security environment, it is recommended to enable this option, until initial deployment is done. Then disable the option to lock down the network.

  6. Enable DHCP Server, and configure the IP range.
  7. Click OK.
Previous
Next