FortiAP CLI configuration and diagnostics commands
The FortiAP CLI controls radio and network operations through the use of variables manipulated with the configuration and diagnostics commands.
For details about accessing the FortiAP CLI, see FortiAP CLI access.
Configuration commands
Command |
Description |
---|---|
|
List variables for most popular settings and also the ones that are not using default values. |
|
Add or change a variable value. |
|
Commit the change to flash. |
|
Reset settings to factory defaults. |
|
Remove variable. |
|
Export variables. |
|
Display help for all configuration commands and a complete list of configuration variables. |
Configuration variables
Variable |
Description and value |
---|---|
|
WiFi Controller control (CAPWAP) port. Default: 5246. |
|
Data channel security. 0 - Clear text 1 - DTLS (encrypted) 2 - Accept either DTLS or clear text (default) |
|
0 - Auto - Cycle through all of the discovery types until successful. 1 - Static. Specify WiFi Controllers 2 - DHCP 3 - DNS 5 - Broadcast 6 - Multicast 7- FortiCloud |
|
WiFi Controller host names for static discovery. |
|
WiFi Controller IP addresses for static discovery. |
|
Option code for DHCP server. Default: 138. |
|
Multicast address for controller discovery. Default: 224.0.1.140. |
|
How the FortiAP unit obtains its IP address and netmask. DHCP - FortiGate interface assigns address. STATIC - Specify in AP_IPADDR and AP_NETMASK. Default: DHCP. |
|
Administrative timeout in minutes. Applies to GUI sessions. Default: 5 minutes. |
|
These variables set the FortiAP unit IP address, netmask and default gateway when ADDR_MODE is STATIC. Default for AP_NETMASK: 255.255.255.0. Default for IPGW: 192.168.1.1. |
|
0 - https disable 1 - https enable 2 - controlled by AC Default: 2. |
|
0 - SSH disable 1 - SSH enable 2 - controlled by AC Default: 2. |
|
Non-zero value applies VLAN ID for unit management. See Reserved VLAN IDs. Default: 0. |
|
FortiAP operating mode. 0 - Thin AP Default: 0. |
|
Console data rate: 9600, 19200, 38400, 57600, or 115200 baud. Default: 9600. |
|
DNS Server for clients. If ADDR_MODE is DHCP the DNS server is automatically assigned. |
|
Configure port behavior on FortiAP-U models. 0 - Dummy Switch. Default mode. 1 - Ether Hardware Bonding. Support Static Ethernet Channel Bonding on LAN1 and LAN2 ports. Only available on select FortiAP-U models. 2 - Ether 802.3ad Bonding. Support IEEE 802.3ad Link Aggregation Control Protocol (LACP) on LAN1 and LAN2 ports. 3 - Enable WAN-LAN. Supports configuration of a second WAN port as a LAN (WAN-LAN mode configuration). |
|
Default: 0. |
|
Enable/disable status LEDs. 1 - LEDs disabled 2 - follow AC setting |
|
Administrator login password. By default this is empty. |
|
Spanning Tree Protocol. 0 - off 1 - on |
|
Configure port behavior on FortiAP, FortiAP-S, and FortiAP-W2 models. WAN-ONLY - Default mode WAN-LAN - Bridges the LAN port to the incoming WAN interface AGGREGATE - Enables link aggregation |
|
Optional string describing AP location. |
|
Enable or disable background mesh root AP scan. 1 - Enabled |
|
If the signal of the root AP is weak, and lower than the received signal strength indicator (RSSI) threshold, the WiFi driver immediately starts a new round scan and ignores
the configured After the new round scan is finished, a scan done event is passed to wtp daemon to trigger roaming. |
|
Time in seconds that a delay period occurs between scans. Set the value between 1 and 3600. |
|
Time in milliseconds. Set the value between 0 and 1000. |
|
Time in milliseconds between channel scans. Set the value between 200 and 16000. |
|
Time in milliseconds that the radio will continue scanning the channel. Set the value between 10 and 200. |
|
Specify those channels to be scanned. |
|
Type of communication for backhaul to controller: 0 - Ethernet 1 - WiFi mesh 2 - Ethernet with mesh backup support Default: 0. |
|
SSID for mesh backhaul. Default: fortinet.mesh.root. |
|
WiFi MAC address. |
|
Pre-shared key for mesh backhaul. |
|
1 - Bridge mesh WiFi SSID to FortiAP Ethernet port. This can be used for point-to-point bridge configuration. This is available only when MESH_AP_TYPE =1. 0 - No WiFi-Ethernet bridge Default: 0. |
|
Maximum number of times packets can be passed from node to node on the mesh. Default: 4. |
The following factors are summed and the FortiAP associates with the lowest scoring mesh AP. |
|
|
Multiplier for number of mesh hops from root. Default: 50. |
|
AP total RSSI multiplier. Default: 1. |
|
Beacon data rate multiplier. Default: 1. |
|
Band weight (0 for 2.4 GHz, 1 for 5 GHz) multiplier. Default: 100. |
|
AP channel RSSI multiplier. Default: 100. |
Survey variables |
|
|
SSID to broadcast in site survey mode (AP_MODE=2). |
|
Transmitter power in site survey mode (AP_MODE=2). |
|
Site survey transmit channel for the 2.4 GHz band. Default: 6. |
|
Site survey transmit channel for the 5 GHz band. Default: 36. |
|
Site survey beacon interval. Default: 100 ms. |
Diagnostics commands
Command |
Description |
---|---|
|
Set the shell idle timeout in minutes. |
|
Set the console baud rate. |
|
Display help for all diagnostics commands. |
|
Show or change the current plain control setting. |
|
Enable or disable the sniff packet. |
|
Set the sniff server IP and port. |
|
Show the wl_intf status. |
|
Show daemon uptime. |
|
Show scanned APs. |
|
Show suppressed APs. |
|
Show scanned arp requests. |
|
Show Air Time Fairness information at the FortiAP level. |
|
Show scanned Bluetooth Low Energy (BLE) devices that are reported to FortiPresence. |
|
Show the DARRP radio channel. |
|
Show FortiPresence statistics including reported BLE devices. |
|
Verify that the vmn-dscp-marking values are pushed to FortiAP. |
|
Show the mesh status. |
|
Show the mesh ap candidates. |
|
Show the mesh veth ac info, and mesh ether type. |
|
Show the mesh veth host. |
|
Show the mesh veth vap. |
|
Show the current radio config parameters in the control plane. |
|
Flush all scanned AP/STA/ARPs. |
|
Show configuration details for SNMP support. |
|
Show scanned STA capabilities. |
|
De-authenticate an STA. |
|
Show scanned STAs. |
|
Show the current VAPs in the control plane. |
|
Start the VLAN probe. Example command: cw_diag -c vlan-probe-cmd 0 eth0 2 300 3 10 Example output: VLAN probing: start intf [eth0] vlan range[2,300] retries[3] timeout[10] ... |
|
Show the VLAN probe report. |
|
Show scanned WIDS detections. |
|
Show the current wtp config parameters in the control plane. |
|
Turn on or off console log message. |