FortiOS Handbook - Deploying Wireless Networks

More documents

Recommendations

Info

Defining a wireless network interface (SSID) Configuring a WiFi LAN Security Mode Select the security mode for the wireless interface. Wireless users must use the same security mode to be able to connect to this wireless interface. Additional security mode options are available in the CLI. For more information, see Configuring security on page 36. Captive Portal – authenticates users through a customizable web page. WPA2-Personal – WPA2 is WiFi Protected Access version 2. There is one pre-shared key (password) that all users use. WPA2-Personal with Captive Portal – The user will need to know the pre-shared key and will also be authenticated through the custom portal. WPA2-Enterprise – similar to WPA2-Personal, but is best used for enterprise networks. Each user is separately authenticated by user name and password. Pre-shared Key Authentication Available only when Security Mode is WPA2-Personal. Enter the encryption key that the clients must use. Available only when Security Mode is WPA2-Enterprise. Select one of the following: RADIUS Server — Select the RADIUS server that will authenticate the clients. Local – Select the user group(s) that can authenticate. Portal Type Authentication Portal User Groups Exempt List Customize Portal Messages Redirect after Captive Portal Allow New WiFi Client Connections When Controller Is Down Available only when Security Mode is Captive Portal. Choose the captive portal type. Authentication is available with or without a usage policy disclaimer notice. Local - portal hosted on the FortiGate unit External - enter FQDN or IP address of external portal Select permitted user groups for captive portal authentication. Select exempt lists whose members will not be subject to captive portal authentication. Click the listed portal pages to edit them. Optionally, select Specific URL and enter a URL for user redirection after captive portal authentication. By default, users are redirected to the URL that they originally requested. This option is available for local bridge SSIDs with WPA-Personal security. See WiFi- Ethernet Bridge Operation on page 78. 34 Deploying Wireless Networks for FortiOS 5.4 Fortinet Technologies Inc.
Configuring a WiFi LAN Defining a wireless network interface (SSID) Broadcast SSID Schedule Block Intra-SSID Traffic Maximum Clients Split Tunneling Optional VLAN ID Enable Explicit Web Proxy Listen for RADIUS Accounting Messages Secondary IP Address Comments Optionally, disable broadcast of SSID. By default, the SSID is broadcast. For more information, see Introduction to wireless networking on page 22. Select when the SSID is enabled. You can choose any schedule defined in Policy & Objects > Objects > Schedules. Select to enable the unit to block intra-SSID traffic. Select to limit the number of clients permitted to connect simultaneously. Enter the limit value. Select to enable some subnets to remain local to the remote FortiAP. Traffic for these networks is not routed through the WiFi Controller. Specify split-tunnel networks in the FortAP Profile. See Split tunneling on page 86. Enter the ID of the VLAN this SSID belongs to. Enter 0 for non-VLAN operation. Select to enable explicit web proxy for the SSID. Enable if you are using RADIUS-based Single Sign-On (SSO). Optioanally, enable and define secondary IP addresses. Administrative access can be enabled on secondary interfaces. Enter a description or comment for the SSID. To configure a virtual access point (SSID) - CLI This example creates an access point with SSID “example” and WPA2-Personal security. The wireless interface is named example_wlan. config wireless-controller vap edit example_wlan set ssid "example" set broadcast-ssid enable set security wpa2-only-personal set passphrase "hardtoguess” set schedule always set vdom root end config system interface edit example_wlan set ip 10.10.120.1 255.255.255.0 end Deploying Wireless Networks for FortiOS 5.4 Fortinet Technologies Inc. 35
Page 1 and 2: FortiOS Handbook - Deploying Wirele
Page 3 and 4: TABLE OF CONTENTS Change Log 9 Intr
Page 5 and 6: Configuring the built-in access poi
Page 7 and 8: Monitoring wireless network health
Page 9 and 10: Change Log Change Log Date Change D
Page 11 and 12: Introduction How this guide is orga
Page 13 and 14: What’s new in FortiOS 5.4 In the
Page 15 and 16: What’s new in FortiOS 5.4 set wtp
Page 17 and 18: What’s new in FortiOS 5.4 A new c
Page 19 and 20: What’s new in FortiOS 5.4 Opportu
Page 21 and 22: What’s new in FortiOS 5.4 The all
Page 23 and 24: Introduction to wireless networking
Page 29 and 30: Configuring a WiFi LAN Overview of
Page 31 and 32: Configuring a WiFi LAN Creating a F
Page 33: Configuring a WiFi LAN Defining a w
Page 37 and 38: Configuring a WiFi LAN Defining a w
Page 43 and 44: Configuring a WiFi LAN Dynamic user
Page 45 and 46: Configuring a WiFi LAN Configuring
Page 51 and 52: Access point deployment This chapte
Page 53 and 54: Access point deployment Network top
Page 55 and 56: Access point deployment Discovering
Page 61 and 62: Access point deployment Wireless cl
Page 63 and 64: Access point deployment FortiAP Gro
Page 65 and 66: Access point deployment LAN port op
Page 67 and 68: Access point deployment LED options
Page 69 and 70: Wireless Mesh The access points of
Page 71 and 72: Wireless Mesh Overview of Wireless
Page 73 and 74: Wireless Mesh Configuring a meshed
Page 75 and 76: Wireless Mesh Configuring a meshed
Page 77 and 78: Wireless Mesh Configuring a point-t
Page 79 and 80: WiFi-Ethernet Bridge Operation Brid
Page 81 and 82: WiFi-Ethernet Bridge Operation Brid
Page 83 and 84: WiFi-Ethernet Bridge Operation Fort
Page 85 and 86:
WiFi-Ethernet Bridge Operation Usin
Page 87 and 88:
Using Remote WLAN FortiAPs Configur
Page 89 and 90:
Features for high-density deploymen
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Protecting the WiFi Network WiFi da
Page 97 and 98:
Wireless network monitoring You can
Page 99 and 100:
Wireless network monitoring Monitor
Page 101 and 102:
Wireless network monitoring Monitor
Page 103 and 104:
Configuring wireless network client
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Wireless network examples This chap
Page 121 and 122:
Wireless network examples Basic wir
Page 123 and 124:
Wireless network examples Basic wir
Page 125 and 126:
Wireless network examples A more co
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Using a FortiWiFi unit as a client
Page 137 and 138:
Support for location-based services
Page 139 and 140:
Troubleshooting In the following se
Page 141 and 142:
Troubleshooting Signal strength iss
Page 143 and 144:
Troubleshooting Throughput issues T
Page 145 and 146:
Troubleshooting Connection issues C
Page 147 and 148:
Troubleshooting Connection issues D
Page 149 and 150:
Troubleshooting General problems wh
Page 151 and 152:
Troubleshooting General problems To
Page 153 and 154:
Troubleshooting Packet sniffer Resu
Page 155 and 156:
Troubleshooting Packet sniffer •
Page 157 and 158:
Troubleshooting Useful debugging co
Page 159 and 160:
Reference FortiAP web-based manager
Page 161 and 162:
Reference Wireless radio channels W
Page 163 and 164:
Reference FortiAP CLI cfg -c cfg -x
Page 165 and 166:
Reference FortiAP CLI Var WTP_LOCAT
Page 167 and 168:
Reference FortiAP CLI cw_diag -c da
show all

FortiOS Handbook - Deploying Wireless Networks

Create successful ePaper yourself

Delete template?

Save as template?