Skip to main content
anru
anru
New Member
March 25, 2015
Solved

FortiAP and FG with Cisco controller

  • March 25, 2015
  • 5 replies
  • 30189 views

Hi,

I've to connect two FortiAP-221B in my wireless networks where there are several Cisco AP managed by Cisco WLAN Controller in bridged configuration with 3 different SSIDs. Now, I'd like configure my FortiAP without change the actual network configuration: now FG is def gw of wireless networks that use different subnets (and VLANs) corresponding to different wireless users. Users obtain IP address from external DHCP server. My problems when I try to configure FG-600C as wlan controller are following:

- In my case, I have to configure FG wlan controller in tunnel mode or bridged? 

- IP address of Wifi SSID (def gw of FortiAP) cannot be the same of Cisco wireless network? FG gives error when I configure the same IP of other intrface as Wifi SSID

- Can FortiAP have IP addresses of other subnets than wireless networks (for example IP of wired networks?)

 

thanks!! 

 

    Best answer by Bromont_FTNT

    I would create both SSIDs in bridge mode ( Local bridge with FortiAP's Interface) and assign the same vlan IDs for both like you have configured on the Cisco controller.

    5 replies

    Dave_Hall
    Dave_Hall
    New Member
    March 25, 2015

    From my understanding: the physical FortiAPs can use any "LAN" connection as long as it can reach/contact the wifi controller -- it will use this connection as a transport or management connection. The SSID interface is what defines the actual "network or subnet" -- this is what can not overlap with other "interfaces".  But keep in mind you can add the SSID interface(s) as a member of soft switches, thus putting them on the "same subnet".

     

    config wireless-controller vap
        edit "wifi"
            set vdom "root"
            set ssid "work-wifi"
            set encrypt TKIP-AES
            set passphrase ENC GxNm
        next
    end
    config system switch-interface
        edit "internal_net"
            set vdom "root"
            set member "port1" "port2" "port3" "port4" "wifi"
        next
    end
    config system interface
        edit "port1"
            set vdom "root"
            set type physical
            set snmp-index 1
        next
        edit "port2"
            set vdom "root"
            set type physical
            set snmp-index 11
        next
        edit "port3"
            set vdom "root"
            set type physical
            set snmp-index 12
        next
        edit "port4"
            set vdom "root"
            set type physical
            set snmp-index 13
        next
        edit "wifi"
            set vdom "root"
            set type vap-switch
            set snmp-index 26
        next
        edit "internal_net"
            set vdom "root"
            set ip 192.168.1.99 255.255.255.0
            set allowaccess ping https ssh fgfm capwap
            set type switch
            set snmp-index 27
        next
    end

    anru
    anruAuthor
    New Member
    March 25, 2015

    I don't know where is my problem, but FortiAP on LANx doesn't contact controller on LANy (SSID tunnel mode), also if I define a policy on FG that LAN x->LANy and LANy->LANx.

    Defining "software switch" it mean delete all actual configuration, because physical interfaces are grouped in a trunk 802.3ad with different VLAN. Now I cannot delete all.

    I didn't think that configuration of FortiAP and controller on FG was so difficult!

     

    Integration with other system and vendor is so impossibile??? 

     

    Dave_Hall
    Dave_Hall
    New Member
    March 25, 2015

    Hi Anru.

     

    The manual that comes with your FortiAP-221Bs should provide details on how to setup the wifi controller discovery method or review the Deploying Wireless Networks Handbook (link for 5.0). 

     

    It would help us greatly if you provide us with the firmware version running on both the Fortigate and the FortiAPs.  If need be, review the firmware patch notes for both devices to confirm they are compatible with each other.

     

    As for integrating the 221Bs, it would help a lot if you provided a network topology, including what's what.

     

    Thanks.

     

    anru
    anruAuthor
    New Member
    March 26, 2015

    Hi,

    thanks all for replies. Details of firmware of my FortiAP and FG are the following:

    - FortiAP-221B v5.2,build216,140916 - FG-600C v5.2.2,build642 (GA).

     

    I attached an image with my network architecture, so the question is: how do I have to configure the FortiAP and FG as WLAN controller to integrate FortiAP in the actual Cisco AP scenario?

     

    Thank for your help!

     

    Bromont_FTNT
    Staff
    Bromont_FTNTAnswer
    Staff
    March 26, 2015

    I would create both SSIDs in bridge mode ( Local bridge with FortiAP's Interface) and assign the same vlan IDs for both like you have configured on the Cisco controller.

    anru
    anruAuthor
    New Member
    March 26, 2015

    Ok, and how I can assign VLAN ID to bridge SSID?

    Bromont_FTNT
    Staff
    Bromont_FTNT
    Staff
    March 26, 2015

    It's under "Optional VLAN ID" when you create the SSID.

     

    anru
    anruAuthor
    New Member
    March 26, 2015

    Ok, perfect!

    I define two different SSID bridged with two different VLAN. And now, on the fortiAP which WLAN Controller IP address I have specify?

     

    Bromont_FTNT
    Staff
    Bromont_FTNT
    Staff
    March 26, 2015

    The FortiAPs should be able to discover the Fortigate controller without specifying the AC IP although you may need to configure vlan ID on the APs if tagging is required for access through the switch.

    anru
    anruAuthor
    New Member
    March 26, 2015
    Ok, but where i can define IP address of controller on FG? When I configure SSID bridged I can configure only SSID and VLAN and not IP of FG controller . Excuse me but I don't understand it.
    Terms & ConditionsAccessibility statement