Fortinet Document Library

Version:


Table of Contents

New Features

6.2.0
Download PDF
Copy Link

Change SSID to VDOM Object

This feature changes the wireless-controller VAP (for SSID configuration) from a global object to a VDOM object, simplifying tracking the object reference count. It also removes the vdom setting from VAP configuration. When multi‑vdom is enabled on a FortiGate, the wireless-controller VAP can be added, edited, or deleted only inside of a VDOM.

To create a VAP entry:
  1. When vdom-mode is no-vdom:

    # config wireless-controller vap

    (vap) # edit new

    new entry 'new' added

    (new) # set ssid new

    (new) # set passphrase 12345678

    (new) # set vdom

    command parse error before 'vdom'

    (new) # end

    # show wireless-controller vap new

    config wireless-controller vap

    edit "new"

    set ssid "new"

    set passphrase ENC qmVlo9Zn3C4aVZMIw9LrHhXX+wDNn2BMT9hP3vmZGQFZZz+gQ6Lb1jS9UkAkbQabWkGq8uDZDfqwtWV8lZdMDOFyDC0Kgh/yCuCkM5xM1bm9gvnGC9+84VY2mvkV4pUeiugJ/8o1m++buXmP9CdUmLz7eY/VZwYlKnSyFvk7DphbfZJapCOXtgN2zseNoITPQUTKLA==

    next

    end

  2. When vdom-mode is multi-vdom:
    • A VAP cannot be created in global:

      # config global

      (global) # config wireless-controller vap

      command parse error before 'vap'

      Command fail. Return code 1

      (global) #

    • A VAP can only be created in a VDOM:

      # config vdom

      (vdom) # edit vdom2

      current vf=vdom2:1

      (vdom2) # config wireless-controller vap

      (vap) # edit new

      new entry 'new' added

      (new) # set ssid new

      (new) # set passphrase 12345678

      (new) # set vdom

      command parse error before 'vdom'

      (new) # end

      (vdom2) # sh wireless-controller vap new

      config wireless-controller vap

      edit "new"

      set ssid "new"

      set passphrase ENC IidSvoD1C6feNonhsYfUTnOtO89UE/S/wWmOxRHLCud+eR0LD8xuYzWzsRg9/c299Vd2UA809NSUfyRBRD/pFFd/QS6ArQPs4sLVtPiftE63uI53d9azeQv6e5tkQjg4Z7Ztlv2hE47nKkdVXeWZE3mpfRhSxvDUKVzwpR1b8pdwbzDGFlPs+JcoNso6ZeRCuMg54g==

      next

      end

      (vdom2) #

  3. When vdom-mode is multi-vdom, references to user-group and radius can be checked correctly when they are used by a VAP interface:
    • A VAP interface with security-mode set to WPA2-Enterprise and RADIUS authentication:

      (vdom2) # show wireless-controller vap new

      config wireless-controller vap

      edit "new"

      set ssid "new"

      set security wpa2-only-enterprise

      set auth radius

      set radius-server "peap"

      next

      end

      (vdom2) # diagnose sys cmdb refcnt show user.radius.name peap

      entry used by table wireless-controller.vap:name 'new'

    • A VAP interface with security-mode set to WPA2-Enterprise and User-group authentication:

      (vdom2) # show wireless-controller vap new

      config wireless-controller vap

      edit "new"

      set ssid "new"

      set security wpa2-only-enterprise

      set auth usergroup

      set usergroup "group-radius"

      next

      end

      (vdom2) # diagnose sys cmdb refcnt show user.group.name group-radius

      entry used by child table usergroup:name 'group-radius' of table wireless-controller.vap:name 'new'

Change SSID to VDOM Object

This feature changes the wireless-controller VAP (for SSID configuration) from a global object to a VDOM object, simplifying tracking the object reference count. It also removes the vdom setting from VAP configuration. When multi‑vdom is enabled on a FortiGate, the wireless-controller VAP can be added, edited, or deleted only inside of a VDOM.

To create a VAP entry:
  1. When vdom-mode is no-vdom:

    # config wireless-controller vap

    (vap) # edit new

    new entry 'new' added

    (new) # set ssid new

    (new) # set passphrase 12345678

    (new) # set vdom

    command parse error before 'vdom'

    (new) # end

    # show wireless-controller vap new

    config wireless-controller vap

    edit "new"

    set ssid "new"

    set passphrase ENC qmVlo9Zn3C4aVZMIw9LrHhXX+wDNn2BMT9hP3vmZGQFZZz+gQ6Lb1jS9UkAkbQabWkGq8uDZDfqwtWV8lZdMDOFyDC0Kgh/yCuCkM5xM1bm9gvnGC9+84VY2mvkV4pUeiugJ/8o1m++buXmP9CdUmLz7eY/VZwYlKnSyFvk7DphbfZJapCOXtgN2zseNoITPQUTKLA==

    next

    end

  2. When vdom-mode is multi-vdom:
    • A VAP cannot be created in global:

      # config global

      (global) # config wireless-controller vap

      command parse error before 'vap'

      Command fail. Return code 1

      (global) #

    • A VAP can only be created in a VDOM:

      # config vdom

      (vdom) # edit vdom2

      current vf=vdom2:1

      (vdom2) # config wireless-controller vap

      (vap) # edit new

      new entry 'new' added

      (new) # set ssid new

      (new) # set passphrase 12345678

      (new) # set vdom

      command parse error before 'vdom'

      (new) # end

      (vdom2) # sh wireless-controller vap new

      config wireless-controller vap

      edit "new"

      set ssid "new"

      set passphrase ENC IidSvoD1C6feNonhsYfUTnOtO89UE/S/wWmOxRHLCud+eR0LD8xuYzWzsRg9/c299Vd2UA809NSUfyRBRD/pFFd/QS6ArQPs4sLVtPiftE63uI53d9azeQv6e5tkQjg4Z7Ztlv2hE47nKkdVXeWZE3mpfRhSxvDUKVzwpR1b8pdwbzDGFlPs+JcoNso6ZeRCuMg54g==

      next

      end

      (vdom2) #

  3. When vdom-mode is multi-vdom, references to user-group and radius can be checked correctly when they are used by a VAP interface:
    • A VAP interface with security-mode set to WPA2-Enterprise and RADIUS authentication:

      (vdom2) # show wireless-controller vap new

      config wireless-controller vap

      edit "new"

      set ssid "new"

      set security wpa2-only-enterprise

      set auth radius

      set radius-server "peap"

      next

      end

      (vdom2) # diagnose sys cmdb refcnt show user.radius.name peap

      entry used by table wireless-controller.vap:name 'new'

    • A VAP interface with security-mode set to WPA2-Enterprise and User-group authentication:

      (vdom2) # show wireless-controller vap new

      config wireless-controller vap

      edit "new"

      set ssid "new"

      set security wpa2-only-enterprise

      set auth usergroup

      set usergroup "group-radius"

      next

      end

      (vdom2) # diagnose sys cmdb refcnt show user.group.name group-radius

      entry used by child table usergroup:name 'group-radius' of table wireless-controller.vap:name 'new'