FortiAP and SDA

ahmed.sarhan · ‎11-09-2022

HI;

we will upgrade all our network to SDA and will change all switches to be 9K series but we have a large number of FortiAP which managed by Fortigate firewall and its support 802.1X, how can we migrate FortiAPs to our new SDA Network , any suggestion scenario

KevinMuller · ‎12-27-2022

Hello Ahmed,
You just need to garantte CAPWAP Connectivity between AP and FortiGate at any time. Access Points will get an IP from a configured IP Pool on DNA Center and as any other endpoints, they will be ondoarded in the Fabric.
The design you try to achieve is referenced as "Over The Top". You can take a look at this document for more information : https://www.cisco.com/c/dam/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/deploy-guide/cisco-dna-center-sd-access-wl-dg.pdf

ahmed.sarhan · ‎01-18-2023

thank you MR Kevin ,

that mean FortiAP should operate in tunnel mode and It cannot be a bridge as it should have only one IP

jedolphi · ‎01-22-2023

Hi Ahmed, the simplest answer is to fun FortiAP in tunnel mode so that wireless client traffic is centrally switched at a wireless concentrator outside of the SD-Access fabric. It may be possible to configure FortiAPs for local switching mode so that traffic is handed off from an AP trunk port to the SD-Access Fabric Edge Node trunk port, but this comes with wireless roaming performance caveats. Jerome