Help
FortiAP
FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
vpatil
Staff
Staff

Created on ‎07-11-2022 02:28 AM Edited on ‎07-11-2022 02:32 AM By Community Manager

Article Id 217214

Technical Tip: FortiAP-U migration steps from FortiGate to FortiWLC

Description

 

This article describes how to migrate FortiAP-U from FortiGate to FortiWLC.

 

Scope

 

FortiAP-U, FortiWLC and FortiGate.

 

Solution

 

In below example, FortiAP-U is connected to managed FortiSwitch switchport; FortiAP and FortiGate are in the same subnet; FortiGate manages both FortiAP and also FortiSwitch:

 

1) On FortiGate VLAN Interface (FortiAP VLAN), FortiAP VLAN should be enabled with DHCP and CAPWAP/Security Fabric Connection as shown below:

 

vpatil_14-1657530626429.png

 

 2) Map a Native VLAN on the FortiSwitch switchport where the FortiAP is plugged for the FortiAP to obtain an IP address from Native VLAN as shown below:

 

vpatil_15-1657530653586.png

 

 3) FortiAP will reboot automatically and it will get an IP address from the Native VLAN (DHCP scope) mapped to the switchport.

On FortiGate DHCP Monitor, check if the FortiAP has obtained new IP address in Native VLAN subnet as shown below:

 

Anthony_E_2-1657531472902.png

 

 

4) FortiAP -U entry should show up under 'Managed FortiAPs', then select FortiAP Entry and Authorize FortiAP -U to successfully manage the FortiAP -U on FortiGate as shown below:

 

Anthony_E_1-1657531397618.png

 

 

5) Using Putty take Telnet/SSH access to the new FortiAP IP address and then reset the FortiAP using 'factoryreset' command on the FortiAP CLI as shown below:

 

Anthony_E_0-1657531330802.png

 

 

Note: 

FortiAP Telnet/SSH will be accessible ONLY when Telnet/SSH access is allowed in the FortiAP- profile (wtp-profile) and under 'Managed FortiAPs' list 'Connect to CLI' should show up as shown below, using that CLI access to the FortiAP can be taken:

 

vpatil_19-1657530901601.png

 

Anthony_E_3-1657531562423.png

 

6) Thereafter, the FortiAP should automatically reboot and come up with the Meru image after around 3-5 minutes.

 

Notes.

 

- The above steps are useful in migrating bulk FortiAP-U units, using this procedure, it is possible to avoid taking physical console access to each and every FortiAP for factory reset via Reset button or Console CLI access methods.

 

- Also can avoid changing FortiAP-U boot-up image via console CLI access, because 'factoryreset' should reset FortiAP-U to default image and should discover FortiWLC (Meru) Controller.

 

- If FortiGate and FortiAP-U are in different VLANs/Subnets, then use 1(static) → 2(dhcp) → 3(dns) Controller discovery methods as mentioned in the below link:

 

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-wireless-54/controller-discovery.htm...

 

- Fortinet’s FortiAP-U Series offers a wide range of Access Points capable of being managed by any of Fortinet’s controller and management options: FortiCloud, FortiGate, or FortiWLC.

 

- FortiAP™ Universal Access Point Series datasheet can be found in the below link:

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortiap-u-series.pdf

1164
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.