FortiAP CLI
The FortiAP CLI controls radio and network operations through the use of variables manipulated with the cfg command. There are also diagnostic commands.
The cfg command includes:
|
|
List variables. |
|
|
Add or change a variable value. |
|
|
Commit the change to flash. |
|
|
Reset settings to factory defaults. |
|
|
Remove variable. |
|
|
Export variables. |
|
|
Display help for all commands. |
The configuration variables are:
|
Var |
Description and Values |
|---|---|
|
|
WiFi Controller control (CAPWAP) port. Default 5246. |
|
|
Data channel security. |
|
|
1 - Static. Specify WiFi Controllers |
|
|
These variables set the FortiAP unit IP address, netmask and default gateway when ADDR_MODE is STATIC. |
|
|
WiFi Controller host names for static discovery. |
|
|
WiFi Controller IP addresses for static discovery. |
|
|
Option code for DHCP server. Default 138. |
|
|
Multicast address for controller discovery. Default 224.0.1.140. |
|
|
How the FortiAP unit obtains its IP address and netmask. |
|
|
Administrative timeout in minutes. Applies to Telnet and GUI sessions. Default is 5 minutes. |
|
|
Non-zero value applies VLAN ID for unit management. Default: 0. |
|
|
FortiAP operating mode. |
|
|
Console data rate: 9600, 19200, 38400, 57600, or 115200 baud. |
|
|
DNS Server for clients. If ADDR_MODE is DHCP the DNS server is automatically assigned. |
|
|
Default is 0. |
|
|
Access to FortiAP GUI |
|
|
Enable/disable status LEDs. |
|
|
Administrator login password. By default this is empty. |
|
|
Spanning Tree Protocol. 0 is off. 1 is on. |
|
|
By default (value 0), Telnet access is closed when the FortiAP unit is authorized. Set value to 1 to keep Telnet always available. |
|
|
Optional string describing AP location. |
|
|
Enable or disable background mesh root AP scan. 1 - Enabled |
|
|
If the root AP's signal is weak, and lower than the received signal strength indicator (RSSI) threshold, the WiFi driver will immediately start a new round scan and ignore
the configured After the new round scan is finished, a scan done event is passed to wtp daemon to trigger roaming. |
|
|
Time in seconds that a delay period occurs between scans. Set the value between 1-3600. |
|
|
Time in milliseconds. Set the value between 0-1000. |
|
|
Time in milliseconds between channel scans. Set the value between 200-16000. |
|
|
Time in milliseconds that the radio will continue scanning the channel. Set the value between 10-200. |
|
|
Specify those channels to be scanned. |
|
|
Type of communication for backhaul to controller: |
|
|
SSID for mesh backhaul. Default: fortinet.mesh.root |
|
|
WiFi MAC address |
|
|
Pre-shared key for mesh backhaul. |
|
|
1 - Bridge mesh WiFi SSID to FortiAP Ethernet port. This can be used for point-to-point bridge configuration. This is available only when MESH_AP_TYPE =1. |
|
|
Maximum number of times packets can be passed from node to node on the mesh. Default is 4. |
|
The following factors are summed and the FortiAP associates with the lowest scoring mesh AP. |
|
|
|
Multiplier for number of mesh hops from root. Default 50. |
|
|
AP total RSSI multiplier. Default 1. |
|
|
Beacon data rate multiplier. Default 1. |
|
|
Band weight (0 for 2.4GHz, 1 for 5GHz) multiplier. Default 100. |
|
|
AP channel RSSI multiplier. Default 100. |
|
Survey variables |
|
|
|
SSID to broadcast in site survey mode (AP_MODE=2). |
|
|
Transmitter power in site survey mode (AP_MODE=2). |
|
|
Site survey transmit channel for the 2.4Ghz band (default 6). |
|
|
Site survey transmit channel for the 5Ghz band (default 36). |
|
|
Site survey beacon interval. Default 100msec. |
|
|
Previously, FortiAP accepted Telnet and HTTP connection to any virtual interfaces that have an IP address. For
security reasons, Telnet and HTTP access are now limited to br0 or br.vlan for |
Diagnose commands include:
|
|
Display help for all diagnose commands. |
|
|
Show daemon uptime. |
|
|
Turn on/off telnet log message. |
|
|
Turn on/off console log message. |
|
|
Set the console baud rate. |
|
|
Show or change current plain control setting. |
|
|
Set sniff server ip and port. |
|
|
Enable/disable sniff packet. |
|
|
Show wl_intf status. |
|
|
Set shell idle timeout in minutes. |
|
|
Show current wtp config parameters in control plane. |
|
|
Show current radio config parameters in control plane. |
|
|
Show current vaps in control plane. |
|
|
Show scanned arp requests. |
|
|
Show scanned APs. |
|
|
Show scanned STAs. |
|
|
Show scanned STA capabilities. |
|
|
Show scanned WIDS detections. |
|
|
Show darrp radio channel. |
|
|
Show mesh status. |
|
|
Show mesh veth ac info, and mesh ether type. |
|
|
Show mesh veth vap. |
|
|
Show mesh veth host. |
|
|
Show mesh ap candidates. |
|
|
Flush all scanned AP/STA/ARPs. |
|
|
Show suppressed APs. |
|
|
De-authenticate an STA. |
|
|
Link aggregation can also be set in the CLI. Link aggregation is used to combine multiple network connections in parallel in order to increase throughput beyond what a single connection could sustain.
|