Fortinet white logo
Fortinet white logo

FortiWiFi and FortiAP Configuration Guide

Operations Profiles Entry

Operations Profiles Entry

When you enable Advanced Wireless Features, FortiAP Profiles is renamed to Operation Profiles and contains additional tabs that enable you to manage QoS and FortiAP Configuration profiles.

FortiAP Profiles

When you create or edit a FortiAP profile, you can apply a FortiAP Configuration Profile (see FortiAP Configuration Profiles) and configure additional advanced settings:

These fields correspond to the following CLI settings under config wireless-controller wtp-profile:

DTLS Policy

Select which DTLS policy you want to apply to the profile. See WiFi data channel encryption.

set dtls-policy {option1}, {option2}, …

Maximum client count

Limit the number of clients. See Limiting the number of clients.

set max-clients {integer}

Handoff RSSI

Set the minimum handoff RSSI threshold for when FortiAP applies load balancing to a client. See Setting the handoff RSSI threshold.

set handoff-rssi {integer}

Handoff threshold

Set the number of clients at which AP load balancing begins. See Setting the AP load balance threshold.

set handoff-sta-thresh {integer}

LED usage

Enable or disable LEDs.

When you enable LED usage, you can also assign recurring firewall schedules for illuminating the LEDs. See LED options.

set led-state [enable|disable]
set led-schedules <name1>, <name2>, ...

QoS Profiles

In the QoS Profiles tab, you can create or edit Quality of Service (QoS) profiles.

Click Create new to create a QoS profile.

These fields correspond to the following CLI settings under config wireless-controller qos-profile:

Name Enter a name for the profile.
edit <name>
Comment Optionally, enter comments.
  set comment {string}
Maximum uplink bandwidth for SSIDs The maximum uplink speed (VAPs), in Kbps.
  set uplink {integer}
Maximum downlink bandwidth for SSIDs The maximum downlink speed (VAPs), in Kbps.
  set downlink {integer}
Maximum uplink bandwidth for clients The maximum uplink speed (Clients), in Kbps.
  set uplink-sta {integer}
Maximum downlink bandwidth for clients The maximum downlink speed (Clients), in Kbps.
  set downlink-sta {integer}
Client rate burst Enable/disable client rate burst.
  set burst [enable|disable]
WMM Control Enable/disable WiFi Multimedia (WMM) control.
  set wmm [enable|disable]
U-APSD power save mode

Enable/disable WMM Unscheduled Automatic Power Save Delivery (U-APSD) power save mode.

This option is only available if WMM Control is enabled.

  set wmm-uapsd [enable|disable]
Call admission control

Enable/disable WMM call admission control.

This option is only available if WMM Control is enabled.

  set call-admission-control [enable|disable]
Maximum VoWLAN phones count

Maximum number of Voice over WLAN.

Shown when Call admission control is enabled.

  set call-capacity {integer}
Bandwidth admission control

Enable/disable WMM bandwidth admission control.

This option is only available if Call admission control is enabled.

  set bandwidth-admission-control [enable|disable]
Maximum bandwidth capacity (Kbps)

Maximum bandwidth capacity allowed.

Shown when Bandwidth admission control is enabled

  set bandwidth-capacity {integer}
DSCP mapping Enable/disable differentiated Services Code Point (DSCP) mapping.
  set dscp-wmm-mapping [enable|disable]
Voice access

DSCP mapping for voice access.

Shown when DSCP mapping is enabled.

  set dscp-wmm-vo <id1>, <id2>, …
Video access

DSCP mapping for video access

Shown when DSCP mapping is enabled.

  set dscp-wmm-vi <id1>, <id2>, …
Best effort access

DSCP mapping for best effort access.

Shown when DSCP mapping is enabled.

  set dscp-wmm-be <id1>, <id2>, …
Background access

DSCP mapping for background access

Shown when DSCP mapping is enabled.

  set dscp-wmm-bk <id1>, <id2>, …
DSCP marking Enable/disable differentiated Services Code Point (DSCP) marking..
  set wmm-dscp-marking [enable|disable]
Voice access

DSCP marking for voice access.

Shown when DSCP marking is enabled.

  set wmm-vo-dscp {integer}
Video access

DSCP marking for video access.

Shown when DSCP marking is enabled.

  set wmm-vi-dscp {integer}
Best effort access

DSCP marking for best effort access.

Shown when DSCP marking is enabled.

  set wmm-be-dscp {integer}
Background access

DSCP marking for background access.

Shown when DSCP marking is enabled.

  set wmm-bk-dscp {integer}

FortiAP Configuration Profiles

In the FortiAP Configuration Profiles tab, you can create or edit FortiAP Configuration Profiles for managing local FortiAP configurations.

Click Create new to create a FortiAP Configuration profile. You can select which FortiAP family you want to apply local configurations to.

In Command list, you can create a list of commands you want to apply to a local FortiAP. Enter the name of the command you want to apply and the value you want to take effect. These fields correspond to the following CLI settings under config wireless-controller apcfg-profile:

Name

Enter a name for the profile.
edit <name>

Comment

Optionally, enter comments.
  set comment {var-string}

FortiAP family

FortiAP family type.
  set ap-family [fap|fap-u|...]

Command list > New / Edit Command

Configure FortiAP local configuration commands.

For the command names and possible values, see FortiAP CLI configuration and diagnostics commands

  config command-list

ID

Enter a command ID.
    edit <id>

Name

Enter the name of the FortiAP local configuration command name. For example, AC_DISCOVERY_TYPE.
    set name {string}

Type

Select the command type.

    set type [non-password|password]

Value/Password

Set the AP local configuration command value or password depending on the command Type you selected. For example, if you entered AC_DISCOVERY_TYPE, enter 6 for Multicast.

    set value {string} / set passwd-value {password}

Waiting time

Maximum waiting time in minutes for the AP to join the wireless controller after applying AP local configuration.
  set ac-timer {integer}

Type

Validation controller type:

  • Default: This controller is the one and only controller that the AP could join after applying AP local configuration.
  • Specify: Specified controller is the one and only controller that the AP could join after applying AP local configuration.
  • Defined by FortiAP Configuration: Any controller defined by AP local configuration after applying AP local configuration.
  set ac-type [default|specify|...]

IP

IP address of the validation controller that AP must be able to join after applying AP local configuration.

Shown when Type is set to Specify.

  set ac-ip {ipv4-address}

Port

Port of the validation controller that AP must be able to join after applying AP local configuration.

Shown when Type is set to Specify.

  set ac-port {integer}

Operations Profiles Entry

Operations Profiles Entry

When you enable Advanced Wireless Features, FortiAP Profiles is renamed to Operation Profiles and contains additional tabs that enable you to manage QoS and FortiAP Configuration profiles.

FortiAP Profiles

When you create or edit a FortiAP profile, you can apply a FortiAP Configuration Profile (see FortiAP Configuration Profiles) and configure additional advanced settings:

These fields correspond to the following CLI settings under config wireless-controller wtp-profile:

DTLS Policy

Select which DTLS policy you want to apply to the profile. See WiFi data channel encryption.

set dtls-policy {option1}, {option2}, …

Maximum client count

Limit the number of clients. See Limiting the number of clients.

set max-clients {integer}

Handoff RSSI

Set the minimum handoff RSSI threshold for when FortiAP applies load balancing to a client. See Setting the handoff RSSI threshold.

set handoff-rssi {integer}

Handoff threshold

Set the number of clients at which AP load balancing begins. See Setting the AP load balance threshold.

set handoff-sta-thresh {integer}

LED usage

Enable or disable LEDs.

When you enable LED usage, you can also assign recurring firewall schedules for illuminating the LEDs. See LED options.

set led-state [enable|disable]
set led-schedules <name1>, <name2>, ...

QoS Profiles

In the QoS Profiles tab, you can create or edit Quality of Service (QoS) profiles.

Click Create new to create a QoS profile.

These fields correspond to the following CLI settings under config wireless-controller qos-profile:

Name Enter a name for the profile.
edit <name>
Comment Optionally, enter comments.
  set comment {string}
Maximum uplink bandwidth for SSIDs The maximum uplink speed (VAPs), in Kbps.
  set uplink {integer}
Maximum downlink bandwidth for SSIDs The maximum downlink speed (VAPs), in Kbps.
  set downlink {integer}
Maximum uplink bandwidth for clients The maximum uplink speed (Clients), in Kbps.
  set uplink-sta {integer}
Maximum downlink bandwidth for clients The maximum downlink speed (Clients), in Kbps.
  set downlink-sta {integer}
Client rate burst Enable/disable client rate burst.
  set burst [enable|disable]
WMM Control Enable/disable WiFi Multimedia (WMM) control.
  set wmm [enable|disable]
U-APSD power save mode

Enable/disable WMM Unscheduled Automatic Power Save Delivery (U-APSD) power save mode.

This option is only available if WMM Control is enabled.

  set wmm-uapsd [enable|disable]
Call admission control

Enable/disable WMM call admission control.

This option is only available if WMM Control is enabled.

  set call-admission-control [enable|disable]
Maximum VoWLAN phones count

Maximum number of Voice over WLAN.

Shown when Call admission control is enabled.

  set call-capacity {integer}
Bandwidth admission control

Enable/disable WMM bandwidth admission control.

This option is only available if Call admission control is enabled.

  set bandwidth-admission-control [enable|disable]
Maximum bandwidth capacity (Kbps)

Maximum bandwidth capacity allowed.

Shown when Bandwidth admission control is enabled

  set bandwidth-capacity {integer}
DSCP mapping Enable/disable differentiated Services Code Point (DSCP) mapping.
  set dscp-wmm-mapping [enable|disable]
Voice access

DSCP mapping for voice access.

Shown when DSCP mapping is enabled.

  set dscp-wmm-vo <id1>, <id2>, …
Video access

DSCP mapping for video access

Shown when DSCP mapping is enabled.

  set dscp-wmm-vi <id1>, <id2>, …
Best effort access

DSCP mapping for best effort access.

Shown when DSCP mapping is enabled.

  set dscp-wmm-be <id1>, <id2>, …
Background access

DSCP mapping for background access

Shown when DSCP mapping is enabled.

  set dscp-wmm-bk <id1>, <id2>, …
DSCP marking Enable/disable differentiated Services Code Point (DSCP) marking..
  set wmm-dscp-marking [enable|disable]
Voice access

DSCP marking for voice access.

Shown when DSCP marking is enabled.

  set wmm-vo-dscp {integer}
Video access

DSCP marking for video access.

Shown when DSCP marking is enabled.

  set wmm-vi-dscp {integer}
Best effort access

DSCP marking for best effort access.

Shown when DSCP marking is enabled.

  set wmm-be-dscp {integer}
Background access

DSCP marking for background access.

Shown when DSCP marking is enabled.

  set wmm-bk-dscp {integer}

FortiAP Configuration Profiles

In the FortiAP Configuration Profiles tab, you can create or edit FortiAP Configuration Profiles for managing local FortiAP configurations.

Click Create new to create a FortiAP Configuration profile. You can select which FortiAP family you want to apply local configurations to.

In Command list, you can create a list of commands you want to apply to a local FortiAP. Enter the name of the command you want to apply and the value you want to take effect. These fields correspond to the following CLI settings under config wireless-controller apcfg-profile:

Name

Enter a name for the profile.
edit <name>

Comment

Optionally, enter comments.
  set comment {var-string}

FortiAP family

FortiAP family type.
  set ap-family [fap|fap-u|...]

Command list > New / Edit Command

Configure FortiAP local configuration commands.

For the command names and possible values, see FortiAP CLI configuration and diagnostics commands

  config command-list

ID

Enter a command ID.
    edit <id>

Name

Enter the name of the FortiAP local configuration command name. For example, AC_DISCOVERY_TYPE.
    set name {string}

Type

Select the command type.

    set type [non-password|password]

Value/Password

Set the AP local configuration command value or password depending on the command Type you selected. For example, if you entered AC_DISCOVERY_TYPE, enter 6 for Multicast.

    set value {string} / set passwd-value {password}

Waiting time

Maximum waiting time in minutes for the AP to join the wireless controller after applying AP local configuration.
  set ac-timer {integer}

Type

Validation controller type:

  • Default: This controller is the one and only controller that the AP could join after applying AP local configuration.
  • Specify: Specified controller is the one and only controller that the AP could join after applying AP local configuration.
  • Defined by FortiAP Configuration: Any controller defined by AP local configuration after applying AP local configuration.
  set ac-type [default|specify|...]

IP

IP address of the validation controller that AP must be able to join after applying AP local configuration.

Shown when Type is set to Specify.

  set ac-ip {ipv4-address}

Port

Port of the validation controller that AP must be able to join after applying AP local configuration.

Shown when Type is set to Specify.

  set ac-port {integer}