Changing SSID to VDOM only
You can change the wireless-controller VAP (for SSID configuration) from a global object to a VDOM object, simplifying tracking the object reference count. It also removes the vdom setting from VAP configuration. When multi‑vdom is enabled on a FortiGate, the wireless-controller VAP can be added, edited, or deleted only inside of a VDOM.
To create a VAP entry
- When
vdom-modeisno-vdom:# config wireless-controller vap (vap) # edit new new entry 'new' added (new) # set ssid new (new) # set passphrase 12345678 (new) # set vdom command parse error before 'vdom' (new) # end # show wireless-controller vap new config wireless-controller vap edit "new" set ssid "new" set passphrase ENC ****** next end - When
vdom-modeismulti-vdom:- A VAP cannot be created in global:
# config global (global) # config wireless-controller vap command parse error before 'vap' Command fail. Return code 1
- A VAP can be created in a VDOM:
# config vdom (vdom) # edit vdom2 current vf=vdom2:1 (vdom2) # config wireless-controller vap (vap) # edit new new entry 'new' added (new) # set ssid new (new) # set passphrase 12345678 (new) # set vdom command parse error before 'vdom' (new) # end (vdom2) # sh wireless-controller vap new config wireless-controller vap edit "new" set ssid "new" set passphrase ENC ****** next end
- A VAP cannot be created in global:
To check multi-vdom VAP entry authentication:
- When
vdom-modeismulti-vdom, references touser-groupandradiuscan be checked correctly when they are used by a VAP interface:- A VAP interface with security-mode set to WPA2-Enterprise and RADIUS authentication:
(vdom2) # show wireless-controller vap new config wireless-controller vap edit "new" set ssid "new" set security wpa2-only-enterprise set auth radius set radius-server "peap" next end (vdom2) # diagnose sys cmdb refcnt show user.radius.name peap entry used by table wireless-controller.vap:name 'new' - A VAP interface with security-mode set to WPA2-Enterprise and User-group authentication:
(vdom2) # show wireless-controller vap new config wireless-controller vap edit "new" set ssid "new" set security wpa2-only-enterprise set auth usergroup set usergroup "group-radius" next end (vdom2) # diagnose sys cmdb refcnt show user.group.name group-radius entry used by child table usergroup:name 'group-radius' of table wireless-controller.vap:name 'new'
- A VAP interface with security-mode set to WPA2-Enterprise and RADIUS authentication: