Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Robin_Svanberg
Contributor

Remote FortiAP + Wired port?

We are looking into a Remote FortiAP solution but have the need for one ethernet port for a printer.

 

Do anyone know if it´s possible to use a FortiAP in Remote Mode with two ethernet ports like FAP-421E and configure one port for printer VLAN?

 

Robin Svanberg Network Consultant @ Ethersec AB in Östersund, Sweden

 

robin.svanberg@ethersec.se

4 REPLIES 4
wanglei_FTNT
Staff
Staff

Hello Robin,

 

Please let me know if I understood your requirement correctly.

 

Switch/Router=======WAN-Port(FAP421E)-------(VLANID-100)LAN-Port=====Printer

 

If this is your requirement, you can achieve this by bridging the LAN Port to a SSID with a VLAN ID.

 

1. In FAP you have to configure the following CLI to change the 2nd WAN Port as a LAN Port

cfg -a WANLAN_MODE=WAN-LAN

cfg -c

 

2. Configure a SSID with the VLAN ID

 

FGT60E # show wireless-controller vap FGT-60E-BR-Open config wireless-controller vap edit "FGT-60E-BR-Open" set ssid "FGT-60E-BR-Open" set security open set local-bridging enable set schedule "always" set vlanid 100

 

3. In FOS WTP_Profile

FGT60E # config wireless-controller wtp-profile

FGT60E (wtp-profile) # edit FAP421E-default

FGT60E (FAP421E-default) # set wan-port-mode wan-lan FGT60E (FAP421E-default) # config lan

FGT60E (lan) # set port-mode bridge-to-ssid FGT60E (lan) # set port-ssid FGT-60E-BR-Open

FGT60E (lan) # end

 

The above config will make the Printer part of VLAN100.

 

Thanks.

Robin_Svanberg

That was exactly my requirement, thanks!

 

A FAP-421E have been ordered :)

 

Robin Svanberg Network Consultant @ Ethersec AB in Östersund, Sweden

 

robin.svanberg@ethersec.se

Robin_Svanberg

wanglei@fortinet.com wrote:

Hello Robin,

 

Please let me know if I understood your requirement correctly.

 

Switch/Router=======WAN-Port(FAP421E)-------(VLANID-100)LAN-Port=====Printer

 

If this is your requirement, you can achieve this by bridging the LAN Port to a SSID with a VLAN ID.

 

1. In FAP you have to configure the following CLI to change the 2nd WAN Port as a LAN Port

cfg -a WANLAN_MODE=WAN-LAN

cfg -c

 

2. Configure a SSID with the VLAN ID

 

FGT60E # show wireless-controller vap FGT-60E-BR-Open config wireless-controller vap edit "FGT-60E-BR-Open" set ssid "FGT-60E-BR-Open" set security open set local-bridging enable set schedule "always" set vlanid 100

 

3. In FOS WTP_Profile

FGT60E # config wireless-controller wtp-profile

FGT60E (wtp-profile) # edit FAP421E-default

FGT60E (FAP421E-default) # set wan-port-mode wan-lan FGT60E (FAP421E-default) # config lan

FGT60E (lan) # set port-mode bridge-to-ssid FGT60E (lan) # set port-ssid FGT-60E-BR-Open

FGT60E (lan) # end

 

The above config will make the Printer part of VLAN100.

 

Thanks.

Thanks for the help, configuration works really good. But, both the FAP421E and a FAP221E I had on the shelf gets the configuration and the tunnel to the Fortigate works, when the FortiAPs are behind NAT and connecting over the internet, but both of them doesn´t report any status. Is that a bug or a feature? (Ticket created but no response yet..)

 

Robin Svanberg Network Consultant @ Ethersec AB in Östersund, Sweden

 

robin.svanberg@ethersec.se

wanglei_FTNT

the configuration should not relate to the issue you described. There are quite some possibilities about why you can't manage your APs when they are connected over Internet such as the way you point your AP to the FGT, potential packet fragmentation etc,  I suggest you work with our TAC and they should be able to help you on that.