FortiAP CLI configuration and diagnostics commands
The FortiAP CLI controls radio and network operations through the use of variables manipulated with the configuration and diagnostics commands.
For details about accessing the FortiAP CLI, see FortiAP CLI access.
Configuration commands
Command |
Description |
---|---|
|
List variables for most popular settings and also the ones that are not using default values. |
|
Add or change a variable value. |
|
Commit the change to flash. |
|
Reset settings to factory defaults. |
|
Remove variable. |
|
Export variables. |
|
Display help for all configuration commands and a complete list of configuration variables. |
Configuration variables
Variable |
Description and value |
---|---|
|
WiFi Controller control (CAPWAP) port. Default: 5246. |
|
Supported data channel security policies. clear - Clear text dtls - DTLS (encrypted) ipsec - IPsec VPN ipsec-sn - IPsec VPN that includes the FortiAP serial number. |
|
0 - Auto - Cycle through all of the discovery types until successful. 1 - Static. Specify WiFi Controllers 2 - DHCP 3 - DNS 5 - Broadcast 6 - Multicast 7- FortiCloud |
|
WiFi Controller host names for static discovery. |
|
WiFi Controller IP addresses for static discovery. |
|
Option code for DHCP server. Default: 138. |
|
Multicast address for controller discovery. Default: 224.0.1.140. |
|
How the FortiAP unit obtains its IP address and netmask. DHCP - FortiGate interface assigns address. STATIC - Specify in AP_IPADDR and AP_NETMASK. Default: DHCP. |
|
Administrative timeout in minutes. Applies to GUI sessions. Default: 5 minutes. |
|
These variables set the FortiAP unit IP address, netmask and default gateway when ADDR_MODE is STATIC. Default for AP_NETMASK: 255.255.255.0. Default for IPGW: 192.168.1.1. |
|
0 - https disable 1 - https enable 2 - controlled by AC Default: 2. |
|
0 - SSH disable 1 - SSH enable 2 - controlled by AC Default: 2. |
|
Non-zero value applies VLAN ID for unit management. See Reserved VLAN IDs. Default: 0. |
|
FortiAP operating mode. 0 - Thin AP Default: 0. |
|
Console data rate: 9600, 19200, 38400, 57600, or 115200 baud. Default: 9600. |
|
DNS Server for clients. If ADDR_MODE is DHCP the DNS server is automatically assigned. |
|
Configure port behavior on FortiAP-U models. 0 - Dummy Switch. Default mode. 1 - Ether Hardware Bonding. Support Static Ethernet Channel Bonding on LAN1 and LAN2 ports. Only available on select FortiAP-U models. 2 - Ether 802.3ad Bonding. Support IEEE 802.3ad Link Aggregation Control Protocol (LACP) on LAN1 and LAN2 ports. 3 - Enable WAN-LAN. Supports configuration of a second WAN port as a LAN (WAN-LAN mode configuration). |
|
Enable Federal Information Processing Standards (FIPS) mode on FortiAP models. 1 - Enable FIPS mode. To disable FIPS mode, factory reset the FortiAP. Note: FAP-431F and FAP-433F do not support FIPS mode. |
|
Default: 0. |
|
Enable/disable status LEDs. 1 - LEDs disabled 2 - follow AC setting |
|
Administrator login password. By default this is empty. |
|
Spanning Tree Protocol. 0 - off 1 - on |
|
Wi-Fi 6E Models only: Enable Trusted Platform Module (TPM). 1 - Enable TPM 0 - Disable TPM Default : 0. |
|
Configure port behavior on FortiAP, FortiAP-S, and FortiAP-W2 models. WAN-ONLY - Default mode WAN-LAN - Bridges the LAN port to the incoming WAN interface AGGREGATE - Enables link aggregation |
|
Optional string describing AP location. |
|
Enable or disable background mesh root AP scan. 1 - Enabled |
|
If the signal of the root AP is weak, and lower than the received signal strength indicator (RSSI) threshold, the WiFi driver immediately starts a new round scan and ignores
the configured After the new round scan is finished, a scan done event is passed to wtp daemon to trigger roaming. |
|
Time in seconds that a delay period occurs between scans. Set the value between 1 and 3600. |
|
Time in milliseconds. Set the value between 0 and 1000. |
|
Time in milliseconds between channel scans. Set the value between 200 and 16000. |
|
Time in milliseconds that the radio will continue scanning the channel. Set the value between 10 and 200. |
|
WiFi MAC address. |
|
Pre-shared key for mesh backhaul. |
|
Specify those channels to be scanned. |
|
Configure the security mode of a mesh-backhaul SSID. 0 - Open 1 - WPA/WPA2-Personal 2 - WPA3-SAE Default: 0. |
|
SSID for mesh backhaul. Default: fortinet.mesh.root. |
|
Type of communication for backhaul to controller: 0 - Ethernet 1 - WiFi mesh 2 - Ethernet with mesh backup support Default: 0. |
|
1 - Bridge mesh WiFi SSID to FortiAP Ethernet port. This can be used for point-to-point bridge configuration. This is available only when MESH_AP_TYPE =1. 0 - No WiFi-Ethernet bridge Default: 0. |
|
Maximum number of times packets can be passed from node to node on the mesh. Default: 4. |
The following factors are summed and the FortiAP associates with the lowest scoring mesh AP. |
|
|
Multiplier for number of mesh hops from root. Default: 50. |
|
AP total RSSI multiplier. Default: 1. |
|
Beacon data rate multiplier. Default: 1. |
|
Band weight (0 for 2.4 GHz, 1 for 5 GHz) multiplier. Default: 100. |
|
AP channel RSSI multiplier. Default: 100. |
Survey variables |
|
|
SSID to broadcast in site survey mode (AP_MODE=2). |
|
Transmitter power in site survey mode (AP_MODE=2). |
|
2.4 GHz transmitter power used for site survey SSID in dBm. Default=30. |
|
5 GHz transmitter power used for site survey SSID in dBm. Default=30. |
|
6 GHz transmitter power used for site survey SSID in dBm. Default=30. |
|
Site survey beacon interval in seconds. Default: 100 ms. |
|
Site survey transmit channel for the 2.4 GHz band. Default: 6. |
|
Site survey transmit channel for the 5 GHz band. Default: 36. |
|
Site survey transmit channel for the 6 GHz band. Default: 36. |
|
2.4 GHz channel-bonding bandwidth for site survey SSID. 0 - 20MHz 1 - 40MHz Default=0 |
|
5 GHz channel-bonding bandwidth for site survey SSID. 0 - 20MHz 1 - 40MHz 2 - 80MHz 3 - 160MHz Default=0 |
|
6 GHz channel-bonding bandwidth for site survey SSID. 0 - 20MHz 1 - 40MHz 2 - 80MHz 3 - 160MHz Default=0 |
Diagnostics commands
Command |
Description |
---|---|
|
Shows a consolidated log command output for debugging purposes. |
|
Set the shell idle timeout in minutes. |
|
Set the console baud rate. |
|
Enable AC IP ping check and set the ping interval (disabled by default). |
|
Display help for all diagnostics commands. |
|
Show or change the current plain control setting. |
|
Enable or disable the sniff packet. |
|
Set the sniff server IP and port. |
|
Show the wl_intf status. |
|
Show daemon uptime. |
|
Upload Target Assert logs to a specified TFTP server. |
|
Check the real-time status of CAPWAP connections to the AP controllers (AC). |
|
Show scanned APs. |
|
Show suppressed APs. |
|
Show scanned arp requests. |
|
Show Air Time Fairness information at the FortiAP level. |
|
Show scanned Bluetooth Low Energy (BLE) devices that are reported to FortiPresence. |
|
Show the current Bonjour gateway configuration in the control plane. |
|
Show the DARRP radio channel. |
|
Show FortiPresence statistics including reported BLE devices. |
|
Display wired client information for clients connected to LAN2 of the FortiAP |
|
Verify that the vmn-dscp-marking values are pushed to FortiAP. |
|
Show the mesh status. |
|
Show the mesh ap candidates. |
|
Show the mesh veth ac info, and mesh ether type. |
|
Show the mesh veth host. |
|
Show the mesh veth vap. |
|
Show the current radio config parameters in the control plane. |
|
Flush all scanned AP/STA/ARPs. |
|
Show configuration details for SNMP support. |
|
Show scanned STA capabilities. |
|
De-authenticate an STA. |
|
Show scanned STAs. |
|
Show operating temperature of the FortiAP CPU. |
|
Show the current VAPs in the control plane. |
|
Start the VLAN probe. "Action" value list:
Example command: Example output: VLAN probing: start intf [eth0] vlan range[2,300] retries[3] timeout[10] ... |
|
Show the VLAN probe report. |
|
Show scanned WIDS detections. |
|
Show the current wtp config parameters in the control plane. |
|
Turn on or off console log message. |