Special Notices and Best Practices
This section lists some notes related to the usage of FortiWLC.
- In case if any patches are installed, they will be removed after controller upgrade. A new patch needs to be installed in case the relevant fix is not available in the upgraded FortiWLC release.
- GRE functionality is not available with IPv6; the controller cannot establish the GRE tunnel using IPv6 address.
- Chromecast option is visible on the YouTube application only when the publisher or subscriber is in the tunneled mode.
- By default, AP832 requests 802.3af power via LLDP. Use static 802.3at power for LACP and Bluetooth.
- SNMP OIDs starting from 1.3.6.1.4.1.15983.3 are not supported.
- To refer to the LACP configuration procedure, see the FortiWLC Configuration Guide.
- Do NOT configure APs in Secondary Interface VLAN in case of Dual Ethernet Active-Active configuration.
- Do NOT enable Vcell and Native cell load balancing on the same AP.
The following best practices are recommended for enhanced user experience.
FNAC integration with FortiWLC
Configure lower lease time for isolation VLAN scope. This helps faster transition of IP address change after the station gets moved from isolation to registration VLAN.
Rogue AP Scanning
It is recommended not to enable rogue AP scanning on APs expected to serve dense user locations to avoid the impact of channel scan duration and wait period for the wireless users.
ARRP
- It is recommended not to run channel plan with DFS enabled in presence of non DFS certified APs.
- It is recommended to enable Freeze after ARRP planning is complete to avoid unplanned disruption due to channel change that can occur when the AP detects high interference.
- In an existing deployment, if new APs are added, a re-plan is needed for the first time to add APs part of the ARRP cluster. Otherwise, the AP continues to operate in the default channel.
Channel change won’t get triggered though high interference or high neighbour count is detected.
Multicast
- The Multicast flag should be disabled on all ESS profiles unless it is needed for any multicast applications that do not support MDNS or SSDP. In such scenarios, it is recommended to use VLAN isolation for multicast application traffic to avoid flooding of data both in wired and wireless infrastructure.
- Multicast to unicast conversion must be enabled on all the ESS profiles.
- IGMP snooping should be enabled in switching infrastructure when bridged data plane is configured in an ESS profile.
- All UDP ports must be disabled and ports that are specifically needed for any application traffic should be used.
Others
- Fortinet does not recommend hand off between different models for 11n APs. Single VCELL between Wave-1 and Wave-2 AC APs is supported.
- [FortiWLC 1000D/3000D] When collecting diagnostics (Maintenance > File Management > Diagnostics) in a scale setup (3000 APs and 40k clients approximately), do not use the System Diagnostics option as it takes a long time (4 hours’ approx.). Also, do not run the diagnostics command to collect system diagnostics. The following are recommended:
- [GUI] Use Controller Diagnostics and Controller Diagnostics Snapshot options.
- [CLI] Use diagnostics-ap, diagnostics-controller, and diagnostics-controller-snapshot commands.
- In a deployment of 300 and more APs, it is recommended to configure Feature Group in FortiWLC or AP Groups in FortiWLM. Do not run ARRP globally (on all APs) in such a deployment as it is memory and processor intensive.
- In case if boot script is installed, it is recommended to remove the boot script (if any being used) before Controller upgrade and configure a new valid boot script in accordance to the upgraded FortiWLC release.