Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiWiFi and FortiAP Configuration Guide

Advanced Wireless Features

By default, the FortiGate GUI hides advanced features to simplify the site layout. You can go to System > Feature Visibility to enable different types advanced features, including Advanced Wireless Features.

After enabling Advanced Wireless Features, several entries in the Navigation bar will change names.

  • Operations Profiles Entry: FortiAP, QoS, and FortiAP Configuration.

  • Connectivity Profiles Entry: MPSK and Bonjour.

  • Protection Profiles Entry: WIDS and L3 Firewall (also known as L3 Access Control List configurations for FortiAPs).

  • Additional advanced options for wireless features under the SSIDs and WiFi Settings entries are visible.
    • SSIDs > Edit Interface: Voice-Enterprise, Multiband operation, Fast BSS transition, Probe response suppression, Sticky client removal, multicast enhancement, IGMP snooping, Radio sensitivity, Airtime weight, QoS profile, and L3 firewall profile.

    • WiFi Settings: Duplicate SSID, DARRP, Phishing SSID detection, and SNMP settings.

Note

Note that this guide is intended to be used when Advanced Wireless Features is disabled, and therefore uses the default entry names. If a topic covers a feature that requires Advanced Wireless Features to be enabled, it will specify users must first enable Advanced Wireless Features.

To enable Advanced Wireless Features - GUI
  1. From the FortiOS GUI, go to System > Feature Visibility.
  2. Under the Additional Features column, locate and enable Advanced Wireless Features.

  3. Click Apply.

    The Navigation bar reloads with the new features visible.

To enable Advanced Wireless Features - CLI:
config system settings
    set gui-advanced-wireless-features enable
end

Operations Profiles Entry

When you enable Advanced Wireless Features, FortiAP Profiles is renamed to Operation Profiles and contains additional tabs that enable you to manage QoS and FortiAP Configuration profiles.

FortiAP Profile Advanced Settings

When you create or edit a FortiAP profile, you can configure additional advanced settings.

These fields correspond to the following CLI settings:

FortiAP Profiles > New/Edit FortiAP Profile Advanced Settings

config wireless-controller wtp-profile
  edit <name>

 

DTLS Policy

    set dtls-policy {option1}, {option2}, …

 

Maximum client count

    set max-clients {integer}

 

Handoff RSSI

    set handoff-rssi {integer}

 

Handoff threshold

    set handoff-sta-thresh {integer}

 

LED usage

    set led-state [enable|disable]
    set led-schedules <name1>, <name2>, ...

led-schedules shown when led-state set to enable

QoS Profiles

You can create or edit Quality of Service (QoS) profiles by clicking the QoS Profiles tab.

Click Create new to create a QoS profile.

These fields correspond to the following CLI settings:

QoS Profiles > New/Edit QoS Profile

config wireless-controller qos-profile
 
Name
edit <name>
 
Comment
  set comment {string}
 
Maximum uplink bandwidth for SSIDs
  set uplink {integer}
 
Maximum downlink bandwidth for SSIDs
  set downlink {integer}
 
Maximum uplink bandwidth for clients
  set uplink-sta {integer}
 
Maximum downlink bandwidth for clients
  set downlink-sta {integer}
 
Client rate burst
  set burst [enable|disable]
 
WMM Control
  set wmm [enable|disable]
 
  U-APSD power save mode
  set wmm-uapsd [enable|disable]
 
  Call admission control
  set call-admission-control [enable|disable]
 
    Maximum VoWLAN phones count
  set call-capacity {integer}
Shown when call-admission-control set to enable
    Bandwidth admission control
  set bandwidth-admission-control [enable|disable]
 
      Maximum bandwidth capacity (Kbps)
  set bandwidth-capacity {integer}
Shown when bandwidth-admission-control set to enable
  DSCP mapping
  set dscp-wmm-mapping [enable|disable]
 
    Voice access
  set dscp-wmm-vo <id1>, <id2>, …
Shown when dscp-wmm-mapping set to enable
    Video access
  set dscp-wmm-vi <id1>, <id2>, …
Shown when dscp-wmm-mapping set to enable
    Best effort access
  set dscp-wmm-be <id1>, <id2>, …
Shown when dscp-wmm-mapping set to enable
    Background access
  set dscp-wmm-bk <id1>, <id2>, …
Shown when dscp-wmm-mapping set to enable
  DSCP marking
  set wmm-dscp-marking [enable|disable]
 
    Voice access
  set wmm-vo-dscp {integer}
Shown when wmm-dscp-marking set to enable
    Video access
  set wmm-vi-dscp {integer}
Shown when wmm-dscp-marking set to enable
    Best effort access
  set wmm-be-dscp {integer}
Shown when wmm-dscp-marking set to enable
    Background access
  set wmm-bk-dscp {integer}
Shown when wmm-dscp-marking set to enable

FortiAP Configuration Profiles

You can create or edit FortiAP Configuration Profile for managing local FortiAP configuration by clicking the FortiAP Configuration Profiles tab.

Click Create new to create a FortiAP Configuration profile.

These fields correspond to the following CLI settings:

FortiAP Configuration Profiles > New/Edit FortiAP Configuration Profile

config wireless-controller apcfg-profile

 

Name

  edit <name>
 

Comment

    set comment {var-string}
 

FortiAP family

    set ap-family [fap|fap-u|...]
 

Command list > New / Edit Command

    config command-list

FortiAP CLI configuration and diagnostics commands

  ID

      edit <id>
 

   Name

      set name {string}
 

   Type

      set type [non-password|password]
 

   Value

      set value {string} / set passwd-value {password}
 

Wireless controller

   

  Waiting time

    set ac-timer {integer}
 

  Type

    set ac-type [default|specify|...]
 

   IP

    set ac-ip {ipv4-address}

Shown when ac-type set to specify

  Port

    set ac-port {integer}

Shown when ac-type set to specify

Connectivity Profiles Entry

You can access Connectivity Profiles to manage your MPSK and Bonjour profiles.

MPSK Profiles

After you click Connectivity Profile, the MPSK Profiles tab loads by default. From there you can create or edit MPSK profiles to manage multiple pre-shared keys.

Click Create new to create an MPSK profile.

From there you can create and add MPSK groups and determine how you want to add your MPSK keys.

These fields correspond to the following CLI settings:

MPSK Profiles > New / Edit MPSK Profile

config wireless-controller mpsk-profile
 

Name

  edit <name>
 

Maximum concurrent client count

    set mpsk-concurrent-clients {integer}
 

MPSK Group List > New/Edit MPSK Group

    config mpsk-group
 

    Name

      edit <name>
 

     VLAN type

      set vlan-type [no-vlan|fixed-vlan]
 

   VLAN ID

      set vlan-id {integer}
Shown when vlan-type set to fixed-vlan

    MPSK key list > New / Edit MPSK Key

      config mpsk-key
 

        Name

        edit <name>
 

        Comment

        set comment {var-string}
 

        Pre-shared key

        set passphrase {password}
 

        MAC address

        set mac {mac-address}
 

        Client limit type

        set concurrent-client-limit-type [default|unlimited|...]
 

        Client limit

        set concurrent-clients {integer}
Shown when concurrent-client-limit-type set to specified

        MPSK schedule

        set mpsk-schedules <name1>, <name2>, …

 

Bonjour Profiles

Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connect to networks using Bonjour. You can create or edit Bonjour profiles by clicking the Bonjour Profiles tab.

Click Create new to create a Bonjour profile.

From there you can create and add policies that determine which services you want to advertise across the network.

These fields correspond to the following CLI settings:

Bonjour Profiles > New/Edit Bonjour Profile

config wireless-controller bonjour-profile

Name

  edit <name>

Comment

  set comment {string}

Policy list > New/Edit Bonjour Policy

  config policy-list

     Policy ID

    edit <policy-id>

  Description

    set description {string}

  Source VLAN

    set from-vlan {string}

  Destination VLAN

    set to-vlan {string}

  Services

    set services {option1}, {option2}, …

Protection Profiles Entry

When you enable Advanced Wireless Features, WIDS Profiles is renamed to Protection Profiles and contains additional tabs that enable you to manage L3 Firewall Profiles.

WIDS Profiles

After you click Protection Profiles, the WIDS Profiles tab loads by default. From there you can create or edit WIDS profiles to configure the type of security threats you want to monitor.

L3 Firewall Profile

You can create or edit L3 Firewall Profiles to configure the WiFi bridge access control list by clicking the L3 Firewall Profiles tab.

Click Create new to create a L3 Firewall profile.

From there, you can create IPv4 or IPv6 rule lists to allow or deny traffic that matches the configured policy.

These fields correspond to the following CLI settings:

L3 Firewall Profiles > New/Edit L3 Firewall Profile

config wireless-controller access-control-list

Name

  edit <name>

Comment

    set comment {string}

IPv4 rule list > New/Edit IPv4 Rule

    config layer3-ipv4-rules

  ID

      edit <rule-id>

   Comment

        set comment {string}

   Source address

        set srcaddr {user}

   Source port

        set srcport {integer}

   Destination address

        set dstaddr {user}

  Destination port

        set dstport {integer}

  IANA protocol number

        set protocol {integer}

  Action

        set action [allow|deny]

IPv6 rule list > New/Edit IPv6 Rule

    config layer3-ipv6-rules

   ID

      edit <rule-id>

   Comment

        set comment {string}

   Source address

        set srcaddr {user}

   Source port

        set srcport {integer}

   Destination address

        set dstaddr {user}

  Destination port

        set dstport {integer}

   IANA protocol number

        set protocol {integer}

   Action

        set action [allow|deny]

Advanced SSID options

When you create or edit an SSID, you can configure additional advanced settings.

These fields correspond to the following CLI settings:

Edit Interface > Advanced Settings

config wireless-controller vap
  edit <name>

Voice-Enterprise

    set voice-enterprise [disable|enable]

Multiband operation

    set mbo [disable|enable]

Fast BSS transition

    set fast-bss-transition [disable|enable]

Probe response suppression

    set probe-resp-suppression [enable|disable]

Sticky client removal

    set sticky-client-remove [enable|disable]

Multicast enhancement

    set multicast-enhance [enable|disable]

ICMP snooping

    set igmp-snooping [enable|disable]

Radio sensitivity

    set radio-sensitivity [enable|disable]

Airtime weight

    set atf-weight {integer}

QoS profile

    set qos-profile {string}

L3 firewall profile

    set access-control-list {string}

 

Advanced WiFi Settings options

More options are exposed on WiFi Settings page, including Duplicate SSID, DARRP related settings, Phishing SSID detection setting, and SNMP settings.

These fields correspond to the following CLI settings:

WiFi Settings

config wireless-controller setting

 

Duplicate SSID

  set duplicate-ssid [enable|disable]
 

DARRP optimization interval (seconds)

  set darrp-optimize {integer}
 

DARRP optimization schedule

  set darrp-optimize-schedules <name1>, <name2>, …
 

Phishing SSID detection setting

  set phishing-ssid-detect [enable|disable]
 

SNMP settings

config wireless-controller snmp

 

  Engine ID

  set engine-id {string}
 

   Contact information

  set contact-info {string}
 

  CPU usage threshold

  set trap-high-cpu-threshold {integer}
 

  Memory usage threshold

  set trap-high-mem-threshold {integer}
 

  User list > New/Edit SNMP User

  config user
 

    Name

    edit <name>
 

     Current SNMP user

      set status [enable|disable]
 

    Queries

      set queries [enable|disable]
 

    Traps

      set trap-status [enable|disable]
 

    Authentication

      set security-level [no-auth-no-priv|auth-no-priv|...]
 

     Authentication protocol

      set auth-proto [md5|sha]

Shown when authentication setting enabled

    Authentication password

      set auth-pwd {password}

Shown when authentication setting enabled

    Privacy

      set priv-proto [aes|des|...]

Shown when authentication setting enabled

    Privacy password

      set priv-pwd {password}

Shown when authentication setting enabled

    Notify host IP

      set notify-hosts {ipv4-address}
 

  Community list > New/Edit SNMP Community

  config community
 

    ID

    edit <id>
 

    Name

      set name {string}
 

     Current SNMP community

      set status [enable|disable]
 

     V1 queries

      set query-v1-status [enable|disable]
 

     V2c queries

      set query-v2c-status [enable|disable]
 

     V1 traps

      set trap-v1-status [enable|disable]
 

     V2c traps

      set trap-v2c-status [enable|disable]
 

     Host list > New/Edit Host List

      config hosts
 

      ID

        edit <id>
 

      IP

          set ip {user}
 

Advanced Wireless Features

By default, the FortiGate GUI hides advanced features to simplify the site layout. You can go to System > Feature Visibility to enable different types advanced features, including Advanced Wireless Features.

After enabling Advanced Wireless Features, several entries in the Navigation bar will change names.

  • Operations Profiles Entry: FortiAP, QoS, and FortiAP Configuration.

  • Connectivity Profiles Entry: MPSK and Bonjour.

  • Protection Profiles Entry: WIDS and L3 Firewall (also known as L3 Access Control List configurations for FortiAPs).

  • Additional advanced options for wireless features under the SSIDs and WiFi Settings entries are visible.
    • SSIDs > Edit Interface: Voice-Enterprise, Multiband operation, Fast BSS transition, Probe response suppression, Sticky client removal, multicast enhancement, IGMP snooping, Radio sensitivity, Airtime weight, QoS profile, and L3 firewall profile.

    • WiFi Settings: Duplicate SSID, DARRP, Phishing SSID detection, and SNMP settings.

Note

Note that this guide is intended to be used when Advanced Wireless Features is disabled, and therefore uses the default entry names. If a topic covers a feature that requires Advanced Wireless Features to be enabled, it will specify users must first enable Advanced Wireless Features.

To enable Advanced Wireless Features - GUI
  1. From the FortiOS GUI, go to System > Feature Visibility.
  2. Under the Additional Features column, locate and enable Advanced Wireless Features.

  3. Click Apply.

    The Navigation bar reloads with the new features visible.

To enable Advanced Wireless Features - CLI:
config system settings
    set gui-advanced-wireless-features enable
end

Operations Profiles Entry

When you enable Advanced Wireless Features, FortiAP Profiles is renamed to Operation Profiles and contains additional tabs that enable you to manage QoS and FortiAP Configuration profiles.

FortiAP Profile Advanced Settings

When you create or edit a FortiAP profile, you can configure additional advanced settings.

These fields correspond to the following CLI settings:

FortiAP Profiles > New/Edit FortiAP Profile Advanced Settings

config wireless-controller wtp-profile
  edit <name>

 

DTLS Policy

    set dtls-policy {option1}, {option2}, …

 

Maximum client count

    set max-clients {integer}

 

Handoff RSSI

    set handoff-rssi {integer}

 

Handoff threshold

    set handoff-sta-thresh {integer}

 

LED usage

    set led-state [enable|disable]
    set led-schedules <name1>, <name2>, ...

led-schedules shown when led-state set to enable

QoS Profiles

You can create or edit Quality of Service (QoS) profiles by clicking the QoS Profiles tab.

Click Create new to create a QoS profile.

These fields correspond to the following CLI settings:

QoS Profiles > New/Edit QoS Profile

config wireless-controller qos-profile
 
Name
edit <name>
 
Comment
  set comment {string}
 
Maximum uplink bandwidth for SSIDs
  set uplink {integer}
 
Maximum downlink bandwidth for SSIDs
  set downlink {integer}
 
Maximum uplink bandwidth for clients
  set uplink-sta {integer}
 
Maximum downlink bandwidth for clients
  set downlink-sta {integer}
 
Client rate burst
  set burst [enable|disable]
 
WMM Control
  set wmm [enable|disable]
 
  U-APSD power save mode
  set wmm-uapsd [enable|disable]
 
  Call admission control
  set call-admission-control [enable|disable]
 
    Maximum VoWLAN phones count
  set call-capacity {integer}
Shown when call-admission-control set to enable
    Bandwidth admission control
  set bandwidth-admission-control [enable|disable]
 
      Maximum bandwidth capacity (Kbps)
  set bandwidth-capacity {integer}
Shown when bandwidth-admission-control set to enable
  DSCP mapping
  set dscp-wmm-mapping [enable|disable]
 
    Voice access
  set dscp-wmm-vo <id1>, <id2>, …
Shown when dscp-wmm-mapping set to enable
    Video access
  set dscp-wmm-vi <id1>, <id2>, …
Shown when dscp-wmm-mapping set to enable
    Best effort access
  set dscp-wmm-be <id1>, <id2>, …
Shown when dscp-wmm-mapping set to enable
    Background access
  set dscp-wmm-bk <id1>, <id2>, …
Shown when dscp-wmm-mapping set to enable
  DSCP marking
  set wmm-dscp-marking [enable|disable]
 
    Voice access
  set wmm-vo-dscp {integer}
Shown when wmm-dscp-marking set to enable
    Video access
  set wmm-vi-dscp {integer}
Shown when wmm-dscp-marking set to enable
    Best effort access
  set wmm-be-dscp {integer}
Shown when wmm-dscp-marking set to enable
    Background access
  set wmm-bk-dscp {integer}
Shown when wmm-dscp-marking set to enable

FortiAP Configuration Profiles

You can create or edit FortiAP Configuration Profile for managing local FortiAP configuration by clicking the FortiAP Configuration Profiles tab.

Click Create new to create a FortiAP Configuration profile.

These fields correspond to the following CLI settings:

FortiAP Configuration Profiles > New/Edit FortiAP Configuration Profile

config wireless-controller apcfg-profile

 

Name

  edit <name>
 

Comment

    set comment {var-string}
 

FortiAP family

    set ap-family [fap|fap-u|...]
 

Command list > New / Edit Command

    config command-list

FortiAP CLI configuration and diagnostics commands

  ID

      edit <id>
 

   Name

      set name {string}
 

   Type

      set type [non-password|password]
 

   Value

      set value {string} / set passwd-value {password}
 

Wireless controller

   

  Waiting time

    set ac-timer {integer}
 

  Type

    set ac-type [default|specify|...]
 

   IP

    set ac-ip {ipv4-address}

Shown when ac-type set to specify

  Port

    set ac-port {integer}

Shown when ac-type set to specify

Connectivity Profiles Entry

You can access Connectivity Profiles to manage your MPSK and Bonjour profiles.

MPSK Profiles

After you click Connectivity Profile, the MPSK Profiles tab loads by default. From there you can create or edit MPSK profiles to manage multiple pre-shared keys.

Click Create new to create an MPSK profile.

From there you can create and add MPSK groups and determine how you want to add your MPSK keys.

These fields correspond to the following CLI settings:

MPSK Profiles > New / Edit MPSK Profile

config wireless-controller mpsk-profile
 

Name

  edit <name>
 

Maximum concurrent client count

    set mpsk-concurrent-clients {integer}
 

MPSK Group List > New/Edit MPSK Group

    config mpsk-group
 

    Name

      edit <name>
 

     VLAN type

      set vlan-type [no-vlan|fixed-vlan]
 

   VLAN ID

      set vlan-id {integer}
Shown when vlan-type set to fixed-vlan

    MPSK key list > New / Edit MPSK Key

      config mpsk-key
 

        Name

        edit <name>
 

        Comment

        set comment {var-string}
 

        Pre-shared key

        set passphrase {password}
 

        MAC address

        set mac {mac-address}
 

        Client limit type

        set concurrent-client-limit-type [default|unlimited|...]
 

        Client limit

        set concurrent-clients {integer}
Shown when concurrent-client-limit-type set to specified

        MPSK schedule

        set mpsk-schedules <name1>, <name2>, …

 

Bonjour Profiles

Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connect to networks using Bonjour. You can create or edit Bonjour profiles by clicking the Bonjour Profiles tab.

Click Create new to create a Bonjour profile.

From there you can create and add policies that determine which services you want to advertise across the network.

These fields correspond to the following CLI settings:

Bonjour Profiles > New/Edit Bonjour Profile

config wireless-controller bonjour-profile

Name

  edit <name>

Comment

  set comment {string}

Policy list > New/Edit Bonjour Policy

  config policy-list

     Policy ID

    edit <policy-id>

  Description

    set description {string}

  Source VLAN

    set from-vlan {string}

  Destination VLAN

    set to-vlan {string}

  Services

    set services {option1}, {option2}, …

Protection Profiles Entry

When you enable Advanced Wireless Features, WIDS Profiles is renamed to Protection Profiles and contains additional tabs that enable you to manage L3 Firewall Profiles.

WIDS Profiles

After you click Protection Profiles, the WIDS Profiles tab loads by default. From there you can create or edit WIDS profiles to configure the type of security threats you want to monitor.

L3 Firewall Profile

You can create or edit L3 Firewall Profiles to configure the WiFi bridge access control list by clicking the L3 Firewall Profiles tab.

Click Create new to create a L3 Firewall profile.

From there, you can create IPv4 or IPv6 rule lists to allow or deny traffic that matches the configured policy.

These fields correspond to the following CLI settings:

L3 Firewall Profiles > New/Edit L3 Firewall Profile

config wireless-controller access-control-list

Name

  edit <name>

Comment

    set comment {string}

IPv4 rule list > New/Edit IPv4 Rule

    config layer3-ipv4-rules

  ID

      edit <rule-id>

   Comment

        set comment {string}

   Source address

        set srcaddr {user}

   Source port

        set srcport {integer}

   Destination address

        set dstaddr {user}

  Destination port

        set dstport {integer}

  IANA protocol number

        set protocol {integer}

  Action

        set action [allow|deny]

IPv6 rule list > New/Edit IPv6 Rule

    config layer3-ipv6-rules

   ID

      edit <rule-id>

   Comment

        set comment {string}

   Source address

        set srcaddr {user}

   Source port

        set srcport {integer}

   Destination address

        set dstaddr {user}

  Destination port

        set dstport {integer}

   IANA protocol number

        set protocol {integer}

   Action

        set action [allow|deny]

Advanced SSID options

When you create or edit an SSID, you can configure additional advanced settings.

These fields correspond to the following CLI settings:

Edit Interface > Advanced Settings

config wireless-controller vap
  edit <name>

Voice-Enterprise

    set voice-enterprise [disable|enable]

Multiband operation

    set mbo [disable|enable]

Fast BSS transition

    set fast-bss-transition [disable|enable]

Probe response suppression

    set probe-resp-suppression [enable|disable]

Sticky client removal

    set sticky-client-remove [enable|disable]

Multicast enhancement

    set multicast-enhance [enable|disable]

ICMP snooping

    set igmp-snooping [enable|disable]

Radio sensitivity

    set radio-sensitivity [enable|disable]

Airtime weight

    set atf-weight {integer}

QoS profile

    set qos-profile {string}

L3 firewall profile

    set access-control-list {string}

 

Advanced WiFi Settings options

More options are exposed on WiFi Settings page, including Duplicate SSID, DARRP related settings, Phishing SSID detection setting, and SNMP settings.

These fields correspond to the following CLI settings:

WiFi Settings

config wireless-controller setting

 

Duplicate SSID

  set duplicate-ssid [enable|disable]
 

DARRP optimization interval (seconds)

  set darrp-optimize {integer}
 

DARRP optimization schedule

  set darrp-optimize-schedules <name1>, <name2>, …
 

Phishing SSID detection setting

  set phishing-ssid-detect [enable|disable]
 

SNMP settings

config wireless-controller snmp

 

  Engine ID

  set engine-id {string}
 

   Contact information

  set contact-info {string}
 

  CPU usage threshold

  set trap-high-cpu-threshold {integer}
 

  Memory usage threshold

  set trap-high-mem-threshold {integer}
 

  User list > New/Edit SNMP User

  config user
 

    Name

    edit <name>
 

     Current SNMP user

      set status [enable|disable]
 

    Queries

      set queries [enable|disable]
 

    Traps

      set trap-status [enable|disable]
 

    Authentication

      set security-level [no-auth-no-priv|auth-no-priv|...]
 

     Authentication protocol

      set auth-proto [md5|sha]

Shown when authentication setting enabled

    Authentication password

      set auth-pwd {password}

Shown when authentication setting enabled

    Privacy

      set priv-proto [aes|des|...]

Shown when authentication setting enabled

    Privacy password

      set priv-pwd {password}

Shown when authentication setting enabled

    Notify host IP

      set notify-hosts {ipv4-address}
 

  Community list > New/Edit SNMP Community

  config community
 

    ID

    edit <id>
 

    Name

      set name {string}
 

     Current SNMP community

      set status [enable|disable]
 

     V1 queries

      set query-v1-status [enable|disable]
 

     V2c queries

      set query-v2c-status [enable|disable]
 

     V1 traps

      set trap-v1-status [enable|disable]
 

     V2c traps

      set trap-v2c-status [enable|disable]
 

     Host list > New/Edit Host List

      config hosts
 

      ID

        edit <id>
 

      IP

          set ip {user}