Hi guys,
Today I want to write down, how to configure Fortinet WLAN access points with two ethernet interfaces to use both of them and aggregate them by 802.3ad (LACP).
In my scenario I used a FortiAP 421E that supports 802.11ac Wave 2 with 1.733 Gbit/sec. This of course, cannot work, when the ethernet uplink is limited to a single gigabit link. Therefore, the AP supports link aggregation on its two interfaces.
Unfortunately, there is no place in the GUI (FortiOS 5.6) where you can configure this feature, neither on the controlling FortiGate, nor on the AP itself.
After a little digging around and with the help of a colleague, we found the trick:
- If the AP is already operated by your firewall, deauthorize it.
- Configure your switch to create an aggregated interface (trunk, port channel, whatever your switch’s vendor calls it) and use LACP (802.3ad) as the trunking type.
- Log in to your AP by console (Default login is “Admin” without a password)
- Show the running config by typing the command:
cfg -s
Here’s a snippet from my original config:BAUD_RATE:=9600
WTP_NAME:=FP421E3X17002642
FIRMWARE_UPGRADE:=0
ADMIN_TIMEOUT:=5
WANLAN_MODE:=WAN-ONLY
ADDR_MODE:=DHCP - We need to set the parameter WANLAN_MODE to Aggregate by entering
cfg -a WANLAN_MODE=Aggregate - Here’s what your config should look like now:BAUD_RATE:=9600
WTP_NAME:=FP421E3X17002642
FIRMWARE_UPGRADE:=0
ADMIN_TIMEOUT:=5
WANLAN_MODE:=AGGREGATE
ADDR_MODE:=DHCP - Now we need to safe the changed config to flash. If you don’t, the changes are lost during the next reboot of the AP:
cfg -c - Now Authorize the AP on the firewall (again) and apply your SSIDs to it.
I hope, this post is helpful for others out there. If you have questions about this post please feel free to get in touch with me.
All the best,
Caroline