DescriptionThis article describes the steps to authorize FortiAP's automatically.
ScopeFortiGate & FortiAP, v5.6.
SolutionUse the following steps to authorize a FortiAP automatically.
1.) Enable the following option on the respective interface from where the FortiAP will be discovered:
dedicated to fortiswitch ----> enable this in GUI.
set auto-auth-extension-device enable ----> enable this in CLI.
set ap-discover enable ----> enable this in CLI.
For example:
# config system interface
edit "internal1"
set vdom "root"
set fortilink enable
set ip 42.42.42.1 255.255.255.0
set allowaccess ping capwap
set vlanforward enable
set type physical
set snmp-index 19
set auto-auth-extension-device enable
set ap-discover enable
2.) Check the DHCP server config.
By default, vci-match is enabled and vci-string is configured as "FortiSwitch" "FortiExtender".
In this case, make one more change on the DHCP server for this interface and add vci string as FortiAP or disable vci-match.
For example:
# config system dhcp server
(server) # edit 16
(16) # show
config system dhcp server
edit 16
set dns-service default
set ntp-service local
set default-gateway 42.42.42.1
set netmask 255.255.255.0
set interface "internal1"
config ip-range
edit 1
set start-ip 42.42.42.2
set end-ip 42.42.42.254
next
end
set timezone-option default
set vci-match enable ----> Either disable this.
set vci-string "FortiAP" ----> Or add this option.
After a little time the AP will come online automatically and will not have to be authorized manually.
