Fortinet black logo

CLI Reference

6.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0

wireless-controller global

wireless-controller global

Use this command to configure global settings for physical access points, also known as WLAN Termination Points (WTPs), configured using the Control and Provisioning of Wireless Access Points (CAPWAP) protocol.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set image-download {enable | disable}

 Enable or disable WTP image download at join time.

set control-message-offload {ebp-frame | aeroscout-tag | ap-list | sta-list | sta-cap-list | stats | aeroscout-mu}

Configure CAPWAP control message data channel offload.

 
config wireless-controller global
    set name {string}   Name of the wireless controller. size[35]
    set location {string}   Description of the location of the wireless controller. size[35]
    set image-download {enable | disable}   Enable/disable WTP image download at join time.
    set max-retransmit {integer}   Maximum number of tunnel packet retransmissions (0 - 64, default = 3). range[0-64]
    set control-message-offload {option}   Configure CAPWAP control message data channel offload.
            ebp-frame      Ekahau blink protocol (EBP) frames.
            aeroscout-tag  AeroScout tag.
            ap-list        Rogue AP list.
            sta-list       Rogue STA list.
            sta-cap-list   STA capability list.
            stats          WTP, radio, VAP, and STA statistics.
            aeroscout-mu   AeroScout Mobile Unit (MU) report.
    set data-ethernet-II {enable | disable}   Configure the wireless controller to use Ethernet II or 802.3 frames with 802.3 data tunnel mode (default = disable).
    set link-aggregation {enable | disable}   Enable/disable calculating the CAPWAP transmit hash to load balance sessions to link aggregation nodes (default = disable).
    set mesh-eth-type {integer}   Mesh Ethernet identifier included in backhaul packets (0 - 65535, default = 8755). range[0-65535]
    set fiapp-eth-type {integer}   Ethernet type for Fortinet Inter-Access Point Protocol (IAPP), or IEEE 802.11f, packets (0 - 65535, default = 5252). range[0-65535]
    set discovery-mc-addr {multicast ipv4 address}   Multicast IP address for AP discovery (default = 244.0.1.140).
    set max-clients {integer}   Maximum number of clients that can connect simultaneously (default = 0, meaning no limitation). range[0-4294967295]
    set rogue-scan-mac-adjacency {integer}   Maximum numerical difference between an AP's Ethernet and wireless MAC values to match for rogue detection (0 - 31, default = 7). range[0-31]
    set ipsec-base-ip {ipv4 address}   Base IP address for IPsec VPN tunnels between the access points and the wireless controller (default = 169.254.0.1).
    set wtp-share {enable | disable}   Enable/disable sharing of WTPs between VDOMs.
    set ap-log-server {enable | disable}   Enable/disable configuring APs or FortiAPs to send log messages to a syslog server (default = disable).
    set ap-log-server-ip {ipv4 address}   IP address that APs or FortiAPs send log messages to.
    set ap-log-server-port {integer}   Port that APs or FortiAPs send log messages to. range[0-65535]
end

Additional information

The following section is for those options that require additional explanation.

name <name>

Name for the wireless network.

location <location>

Location of the wireless network.

max-retransmit

Maximum number of retransmissions for tunnel packet. Set the value between 0-64. The default is set to 3.

data-ethernet-II {enable | disable}

Enable or disable (by default) the use of Ethernet frame type with 802.3 data tunnel mode.

link-aggregation {enable | disable}

Enable or disable (by default) CAPWAP transmit hash calculation for selecting link aggregation secondaries.

mesh-eth-type

Mesh identifier included in packets, especially useful if debugging is required. Set the value between 0-65535. The default is set to 8755.

fiapp-eth-type

Ethernet type for Fortinet Inter-Aceess Point Protocol (IAPP), or IEEE 802.11F, packets. Set the value between 0-65535. The default is set to 5252.

discovery-mc-addr <multicast-address>

Multicast IP address for AP discovery. The default is set to 244.0.1.140.

max-clients <number>

Maximum number of clients that can connect simultaneously. The default is set to 0, meaning no limitation.

rogue-scan-mac-adjacency

Maximum numerical difference between an AP's Ethernet and wireless MAC values to match for rogue detection. MAC adjacency can be used to help with rogue detection, as AP WiFi interface MAC addresses are usually in the same range as its wired MAC address. LAN and WiFi network MAC addresses are matched when they are within a defined numerical distance of each other. Set the value between 0-31. The default is set to 7.

ipsec-base-ip <value>

Base IP address for WTP IPsec VPN tunnel. The default is 169.254.0.1.

ap-log-server {enable | disable}

Enable or disable (by default) the AP log server.

ap-log-server-ip <ip>

AP log server IP address.

ap-log-server-port <port>

AP log server port number.

Previous
Next

wireless-controller global

Use this command to configure global settings for physical access points, also known as WLAN Termination Points (WTPs), configured using the Control and Provisioning of Wireless Access Points (CAPWAP) protocol.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set image-download {enable | disable}

 Enable or disable WTP image download at join time.

set control-message-offload {ebp-frame | aeroscout-tag | ap-list | sta-list | sta-cap-list | stats | aeroscout-mu}

Configure CAPWAP control message data channel offload.

 
config wireless-controller global
    set name {string}   Name of the wireless controller. size[35]
    set location {string}   Description of the location of the wireless controller. size[35]
    set image-download {enable | disable}   Enable/disable WTP image download at join time.
    set max-retransmit {integer}   Maximum number of tunnel packet retransmissions (0 - 64, default = 3). range[0-64]
    set control-message-offload {option}   Configure CAPWAP control message data channel offload.
            ebp-frame      Ekahau blink protocol (EBP) frames.
            aeroscout-tag  AeroScout tag.
            ap-list        Rogue AP list.
            sta-list       Rogue STA list.
            sta-cap-list   STA capability list.
            stats          WTP, radio, VAP, and STA statistics.
            aeroscout-mu   AeroScout Mobile Unit (MU) report.
    set data-ethernet-II {enable | disable}   Configure the wireless controller to use Ethernet II or 802.3 frames with 802.3 data tunnel mode (default = disable).
    set link-aggregation {enable | disable}   Enable/disable calculating the CAPWAP transmit hash to load balance sessions to link aggregation nodes (default = disable).
    set mesh-eth-type {integer}   Mesh Ethernet identifier included in backhaul packets (0 - 65535, default = 8755). range[0-65535]
    set fiapp-eth-type {integer}   Ethernet type for Fortinet Inter-Access Point Protocol (IAPP), or IEEE 802.11f, packets (0 - 65535, default = 5252). range[0-65535]
    set discovery-mc-addr {multicast ipv4 address}   Multicast IP address for AP discovery (default = 244.0.1.140).
    set max-clients {integer}   Maximum number of clients that can connect simultaneously (default = 0, meaning no limitation). range[0-4294967295]
    set rogue-scan-mac-adjacency {integer}   Maximum numerical difference between an AP's Ethernet and wireless MAC values to match for rogue detection (0 - 31, default = 7). range[0-31]
    set ipsec-base-ip {ipv4 address}   Base IP address for IPsec VPN tunnels between the access points and the wireless controller (default = 169.254.0.1).
    set wtp-share {enable | disable}   Enable/disable sharing of WTPs between VDOMs.
    set ap-log-server {enable | disable}   Enable/disable configuring APs or FortiAPs to send log messages to a syslog server (default = disable).
    set ap-log-server-ip {ipv4 address}   IP address that APs or FortiAPs send log messages to.
    set ap-log-server-port {integer}   Port that APs or FortiAPs send log messages to. range[0-65535]
end

Additional information

The following section is for those options that require additional explanation.

name <name>

Name for the wireless network.

location <location>

Location of the wireless network.

max-retransmit

Maximum number of retransmissions for tunnel packet. Set the value between 0-64. The default is set to 3.

data-ethernet-II {enable | disable}

Enable or disable (by default) the use of Ethernet frame type with 802.3 data tunnel mode.

link-aggregation {enable | disable}

Enable or disable (by default) CAPWAP transmit hash calculation for selecting link aggregation secondaries.

mesh-eth-type

Mesh identifier included in packets, especially useful if debugging is required. Set the value between 0-65535. The default is set to 8755.

fiapp-eth-type

Ethernet type for Fortinet Inter-Aceess Point Protocol (IAPP), or IEEE 802.11F, packets. Set the value between 0-65535. The default is set to 5252.

discovery-mc-addr <multicast-address>

Multicast IP address for AP discovery. The default is set to 244.0.1.140.

max-clients <number>

Maximum number of clients that can connect simultaneously. The default is set to 0, meaning no limitation.

rogue-scan-mac-adjacency

Maximum numerical difference between an AP's Ethernet and wireless MAC values to match for rogue detection. MAC adjacency can be used to help with rogue detection, as AP WiFi interface MAC addresses are usually in the same range as its wired MAC address. LAN and WiFi network MAC addresses are matched when they are within a defined numerical distance of each other. Set the value between 0-31. The default is set to 7.

ipsec-base-ip <value>

Base IP address for WTP IPsec VPN tunnel. The default is 169.254.0.1.

ap-log-server {enable | disable}

Enable or disable (by default) the AP log server.

ap-log-server-ip <ip>

AP log server IP address.

ap-log-server-port <port>

AP log server port number.

Previous
Next