Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiWiFi and FortiAP Configuration Guide

Support for Electronic Shelf Label systems

Some FortiAP models equipped with a USB port can support Electronic Shelf Labels (ESL) systems. These FortiAPs can be configured to accept a ESL-Radio through a USB dongle that works on a 2.4 GHz frequency band. Once the ESL dongle is connected, you can configure the communication mode from a FortiGate. ESL traffic from the ESL-Radio is sent to ESL-Servers that are either located on-premise or in the Cloud.

Fortinet currently supports the following third-party ESL service providers:

  • Hanshow
  • SES-Imagotag

Hanshow integration

To configure ESL integration for Hanshow
config wireless-controller wtp-profile
  edit "421E-dongle"
    config platform
      set type 421E
    end
    config lan
      set port-esl-mode bridge-to-ssid
      set port-esl-ssid "WIFI-Private"
    end
  next
end

The following configuration are available in port-esl-mode:

offline Offline.
nat-to-wan NAT WTP ESL port to WTP WAN port.
bridge-to-wan Bridge WTP ESL port to WTP WAN port.
bridge-to-ssid Bridge WTP ESL port to SSID.
Tooltip

Hanshow ESL is supported on select FortiAP models, including but not limited to:

  • FortiAP-S/W2 models: FAP-S421E, FAP-S423E, FAP-421E and FAP-423E, running firmware 6.4.2 and later.
  • FortiAP models: Wi-Fi 6/802.11ax capable, running firmware 6.4.3 and later.

SES-Imagotag

To configure ESL integration for SES-Imagotag
config wireless-controller wtp-profile
  edit FAP433F-default
    config esl-ses-dongle
      set esl-channel 10
      set scd-enable enable   
      set output-power b
      set apc-fqdn "example.fqdn"
      set apc-port 7354
    end
  next
end

The following configuration are available for esl-ses-dongle:

compliance-level

Compliance levels for the ESL solution integration:

  • -1: No esl-channel is set

  • 0: ESL channel 0

  • <…>

  • 10: ESL channel 10

  • 127: Managed channel enabled, indicates that the APC (server) is setting the esl-channel via the slot channel

(default = compliance-level-2)

scd-enable

Enable/disable ESL SES-imagotag Serial Communication Daemon (SCD)

(default = disable)

esl-channel

ESL SES-imagotag dongle channel

(default = 127)

output-power

ESL SES-imagotag dongle output power:

  • a: About 15mW
  • b: About 7mW
  • c: About 5mW
  • d: About 1mW
  • e: About 13mW
  • f: About 10mW
  • g: About 3mW
  • h: About 2mW

(default = A)

apc-addr-type

ESL SES-imagotag APC address type:

  • fqdn: Fully Qualified Domain Name address
  • ip IPv4: address

(default = fqdn)

apc-fqdn / apc-ip

FQDN / IP of ESL SES-imagotag Access Point Controller

apc-port

Port of ESL SES-imagotag Access Point Controller

coex-level

ESL SES-imagotag dongle coexistence level

(default = none).

Note: As of today there is no coexistence, interference-free parallel operation with regular 2.4GHz servicing radios

tls-cert-verification

Enable/disable TLS Certificate verification

(default = enable)

tls-fqdn-verification

Enable/disable TLS Certificate verification

(default = disable)

To check the ESL dongle status

On FortiOS:

diagnose wireless-controller wlac -c ws-esl [wtp-ip]

On FortiAP:

cw_diag -c esl-ses

To toggle ESL-SES debug level

To see the the ESL log level on a FortiAP:

# cw_diag -c esl-dbg 

# -----------------------ESL SCD debug conf----------------------- 
# (console-output: 0 - off, 1 - on) 
console 0 
# (debug-levels: 0 - none, 1 - fatal, 2 - error, 3 - warn, 4 - info, 5 - debug) 
data_block.data_block_container 2 
firmware.load_firmware 2 
… 
To enable debugs

cw_diag -c esl-dbg console 1

To apply the level change, you need to restart the SDC daemon or reboot the FortiAP.

To set other debug object levels

cw_diag -c esl-dbg firmware.load_firmware 3

Level "3" is "warn", which means "fatal", "error" and "warn" logs will be displayed for "firmware.load_firmware".

Tooltip

SES-Imagotag ESL is supported on Wi-Fi 6/802.11ax capable FortiAP models running firmware 7.0.1 and later.

Support for Electronic Shelf Label systems

Some FortiAP models equipped with a USB port can support Electronic Shelf Labels (ESL) systems. These FortiAPs can be configured to accept a ESL-Radio through a USB dongle that works on a 2.4 GHz frequency band. Once the ESL dongle is connected, you can configure the communication mode from a FortiGate. ESL traffic from the ESL-Radio is sent to ESL-Servers that are either located on-premise or in the Cloud.

Fortinet currently supports the following third-party ESL service providers:

  • Hanshow
  • SES-Imagotag

Hanshow integration

To configure ESL integration for Hanshow
config wireless-controller wtp-profile
  edit "421E-dongle"
    config platform
      set type 421E
    end
    config lan
      set port-esl-mode bridge-to-ssid
      set port-esl-ssid "WIFI-Private"
    end
  next
end

The following configuration are available in port-esl-mode:

offline Offline.
nat-to-wan NAT WTP ESL port to WTP WAN port.
bridge-to-wan Bridge WTP ESL port to WTP WAN port.
bridge-to-ssid Bridge WTP ESL port to SSID.
Tooltip

Hanshow ESL is supported on select FortiAP models, including but not limited to:

  • FortiAP-S/W2 models: FAP-S421E, FAP-S423E, FAP-421E and FAP-423E, running firmware 6.4.2 and later.
  • FortiAP models: Wi-Fi 6/802.11ax capable, running firmware 6.4.3 and later.

SES-Imagotag

To configure ESL integration for SES-Imagotag
config wireless-controller wtp-profile
  edit FAP433F-default
    config esl-ses-dongle
      set esl-channel 10
      set scd-enable enable   
      set output-power b
      set apc-fqdn "example.fqdn"
      set apc-port 7354
    end
  next
end

The following configuration are available for esl-ses-dongle:

compliance-level

Compliance levels for the ESL solution integration:

  • -1: No esl-channel is set

  • 0: ESL channel 0

  • <…>

  • 10: ESL channel 10

  • 127: Managed channel enabled, indicates that the APC (server) is setting the esl-channel via the slot channel

(default = compliance-level-2)

scd-enable

Enable/disable ESL SES-imagotag Serial Communication Daemon (SCD)

(default = disable)

esl-channel

ESL SES-imagotag dongle channel

(default = 127)

output-power

ESL SES-imagotag dongle output power:

  • a: About 15mW
  • b: About 7mW
  • c: About 5mW
  • d: About 1mW
  • e: About 13mW
  • f: About 10mW
  • g: About 3mW
  • h: About 2mW

(default = A)

apc-addr-type

ESL SES-imagotag APC address type:

  • fqdn: Fully Qualified Domain Name address
  • ip IPv4: address

(default = fqdn)

apc-fqdn / apc-ip

FQDN / IP of ESL SES-imagotag Access Point Controller

apc-port

Port of ESL SES-imagotag Access Point Controller

coex-level

ESL SES-imagotag dongle coexistence level

(default = none).

Note: As of today there is no coexistence, interference-free parallel operation with regular 2.4GHz servicing radios

tls-cert-verification

Enable/disable TLS Certificate verification

(default = enable)

tls-fqdn-verification

Enable/disable TLS Certificate verification

(default = disable)

To check the ESL dongle status

On FortiOS:

diagnose wireless-controller wlac -c ws-esl [wtp-ip]

On FortiAP:

cw_diag -c esl-ses

To toggle ESL-SES debug level

To see the the ESL log level on a FortiAP:

# cw_diag -c esl-dbg 

# -----------------------ESL SCD debug conf----------------------- 
# (console-output: 0 - off, 1 - on) 
console 0 
# (debug-levels: 0 - none, 1 - fatal, 2 - error, 3 - warn, 4 - info, 5 - debug) 
data_block.data_block_container 2 
firmware.load_firmware 2 
… 
To enable debugs

cw_diag -c esl-dbg console 1

To apply the level change, you need to restart the SDC daemon or reboot the FortiAP.

To set other debug object levels

cw_diag -c esl-dbg firmware.load_firmware 3

Level "3" is "warn", which means "fatal", "error" and "warn" logs will be displayed for "firmware.load_firmware".

Tooltip

SES-Imagotag ESL is supported on Wi-Fi 6/802.11ax capable FortiAP models running firmware 7.0.1 and later.