Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.

  config wireless-controller wtp-profile
      Description: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.
      edit <name>
          set comment {var-string}
          config platform
              Description: WTP, FortiAP, or AP platform.
              set type [AP-11N|220B|...]
          end
          set control-message-offload {option1}, {option2}, ...
          set ble-profile {string}
          set wan-port-mode [wan-lan|wan-only]
          config lan
              Description: WTP LAN port mapping.
              set port-mode [offline|nat-to-wan|...]
              set port-ssid {string}
              set port1-mode [offline|nat-to-wan|...]
              set port1-ssid {string}
              set port2-mode [offline|nat-to-wan|...]
              set port2-ssid {string}
              set port3-mode [offline|nat-to-wan|...]
              set port3-ssid {string}
              set port4-mode [offline|nat-to-wan|...]
              set port4-ssid {string}
              set port5-mode [offline|nat-to-wan|...]
              set port5-ssid {string}
              set port6-mode [offline|nat-to-wan|...]
              set port6-ssid {string}
              set port7-mode [offline|nat-to-wan|...]
              set port7-ssid {string}
              set port8-mode [offline|nat-to-wan|...]
              set port8-ssid {string}
          end
          set energy-efficient-ethernet [enable|disable]
          set led-state [enable|disable]
          set led-schedules <name1>, <name2>, ...
          set dtls-policy {option1}, {option2}, ...
          set dtls-in-kernel [enable|disable]
          set max-clients {integer}
          set handoff-rssi {integer}
          set handoff-sta-thresh {integer}
          set handoff-roaming [enable|disable]
          config deny-mac-list
              Description: List of MAC addresses that are denied access to this WTP, FortiAP, or AP.
              edit <id>
                  set mac {mac-address}
              next
          end
          set ap-country [NA|AL|...]
          set ip-fragment-preventing {option1}, {option2}, ...
          set tun-mtu-uplink {integer}
          set tun-mtu-downlink {integer}
          set split-tunneling-acl-path [tunnel|local]
          set split-tunneling-acl-local-ap-subnet [enable|disable]
          config split-tunneling-acl
              Description: Split tunneling ACL filter list.
              edit <id>
                  set dest-ip {ipv4-classnet}
              next
          end
          set allowaccess {option1}, {option2}, ...
          set login-passwd-change [yes|default|...]
          set login-passwd {password}
          set lldp [enable|disable]
          set poe-mode [auto|8023af|...]
          config radio-1
              Description: Configuration options for radio 1.
              set radio-id {integer}
              set mode [disabled|ap|...]
              set band [802.11a|802.11b|...]
              set airtime-fairness [enable|disable]
              set protection-mode [rtscts|ctsonly|...]
              set powersave-optimize {option1}, {option2}, ...
              set transmit-optimize {option1}, {option2}, ...
              set amsdu [enable|disable]
              set coexistence [enable|disable]
              set short-guard-interval [enable|disable]
              set channel-bonding [80MHz|40MHz|...]
              set auto-power-level [enable|disable]
              set auto-power-high {integer}
              set auto-power-low {integer}
              set power-level {integer}
              set dtim {integer}
              set beacon-interval {integer}
              set rts-threshold {integer}
              set frag-threshold {integer}
              set ap-sniffer-bufsize {integer}
              set ap-sniffer-chan {integer}
              set ap-sniffer-addr {mac-address}
              set ap-sniffer-mgmt-beacon [enable|disable]
              set ap-sniffer-mgmt-probe [enable|disable]
              set ap-sniffer-mgmt-other [enable|disable]
              set ap-sniffer-ctl [enable|disable]
              set ap-sniffer-data [enable|disable]
              set channel-utilization [enable|disable]
              set spectrum-analysis [enable|disable]
              set wids-profile {string}
              set darrp [enable|disable]
              set max-clients {integer}
              set max-distance {integer}
              set frequency-handoff [enable|disable]
              set ap-handoff [enable|disable]
              set vap-all [enable|disable]
              set vaps <name1>, <name2>, ...
              set channel <chan1>, <chan2>, ...
              set call-admission-control [enable|disable]
              set call-capacity {integer}
              set bandwidth-admission-control [enable|disable]
              set bandwidth-capacity {integer}
          end
          config radio-2
              Description: Configuration options for radio 2.
              set radio-id {integer}
              set mode [disabled|ap|...]
              set band [802.11a|802.11b|...]
              set airtime-fairness [enable|disable]
              set protection-mode [rtscts|ctsonly|...]
              set powersave-optimize {option1}, {option2}, ...
              set transmit-optimize {option1}, {option2}, ...
              set amsdu [enable|disable]
              set coexistence [enable|disable]
              set short-guard-interval [enable|disable]
              set channel-bonding [80MHz|40MHz|...]
              set auto-power-level [enable|disable]
              set auto-power-high {integer}
              set auto-power-low {integer}
              set power-level {integer}
              set dtim {integer}
              set beacon-interval {integer}
              set rts-threshold {integer}
              set frag-threshold {integer}
              set ap-sniffer-bufsize {integer}
              set ap-sniffer-chan {integer}
              set ap-sniffer-addr {mac-address}
              set ap-sniffer-mgmt-beacon [enable|disable]
              set ap-sniffer-mgmt-probe [enable|disable]
              set ap-sniffer-mgmt-other [enable|disable]
              set ap-sniffer-ctl [enable|disable]
              set ap-sniffer-data [enable|disable]
              set channel-utilization [enable|disable]
              set spectrum-analysis [enable|disable]
              set wids-profile {string}
              set darrp [enable|disable]
              set max-clients {integer}
              set max-distance {integer}
              set frequency-handoff [enable|disable]
              set ap-handoff [enable|disable]
              set vap-all [enable|disable]
              set vaps <name1>, <name2>, ...
              set channel <chan1>, <chan2>, ...
              set call-admission-control [enable|disable]
              set call-capacity {integer}
              set bandwidth-admission-control [enable|disable]
              set bandwidth-capacity {integer}
          end
          config lbs
              Description: Set various location based service (LBS) options.
              set ekahau-blink-mode [enable|disable]
              set ekahau-tag {mac-address}
              set erc-server-ip {ipv4-address-any}
              set erc-server-port {integer}
              set aeroscout [enable|disable]
              set aeroscout-server-ip {ipv4-address-any}
              set aeroscout-server-port {integer}
              set aeroscout-mu [enable|disable]
              set aeroscout-ap-mac [bssid|board-mac]
              set aeroscout-mmu-report [enable|disable]
              set aeroscout-mu-factor {integer}
              set aeroscout-mu-timeout {integer}
              set fortipresence [foreign|both|...]
              set fortipresence-server {ipv4-address-any}
              set fortipresence-port {integer}
              set fortipresence-secret {password}
              set fortipresence-project {string}
              set fortipresence-frequency {integer}
              set fortipresence-rogue [enable|disable]
              set fortipresence-unassoc [enable|disable]
              set fortipresence-ble [enable|disable]
              set station-locate [enable|disable]
          end
          set ext-info-enable [enable|disable]
      next
  end

config wireless-controller wtp-profile

Parameter Name Description Type Size
comment Comment. var-string Maximum length: 255
control-message-offload Enable/disable CAPWAP control message data channel offload.
ebp-frame: Ekahau blink protocol (EBP) frames.
aeroscout-tag: AeroScout tag.
ap-list: Rogue AP list.
sta-list: Rogue STA list.
sta-cap-list: STA capability list.
stats: WTP, radio, VAP, and STA statistics.
aeroscout-mu: AeroScout Mobile Unit (MU) report.
sta-health: STA health log.
option -
ble-profile Bluetooth Low Energy profile name. string Maximum length: 35
wan-port-mode Enable/disable using a WAN port as a LAN port.
wan-lan: Enable using a WAN port as a LAN port.
wan-only: Disable using a WAN port as a LAN port.
option -
energy-efficient-ethernet Enable/disable use of energy efficient Ethernet on WTP.
enable: Enable use of energy efficient Ethernet on WTP.
disable: Disable use of energy efficient Ethernet on WTP.
option -
led-state Enable/disable use of LEDs on WTP (default = disable).
enable: Enable use of LEDs on WTP.
disable: Disable use of LEDs on WTP.
option -
led-schedules <name> Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid. Separate multiple schedule names with a space.
Schedule name.
string Maximum length: 35
dtls-policy WTP data channel DTLS policy (default = clear-text).
clear-text: Clear Text Data Channel.
dtls-enabled: DTLS Enabled Data Channel.
ipsec-vpn: IPsec VPN Data Channel.
option -
dtls-in-kernel Enable/disable data channel DTLS in kernel.
enable: Enable data channel DTLS in kernel.
disable: Disable data channel DTLS in kernel.
option -
max-clients Maximum number of stations (STAs) supported by the WTP (default = 0, meaning no client limitation). integer Minimum value: 0 Maximum value: 4294967295
handoff-rssi Minimum received signal strength indicator (RSSI) value for handoff (20 - 30, default = 25). integer Minimum value: 20 Maximum value: 30
handoff-sta-thresh Threshold value for AP handoff. integer Minimum value: 0 Maximum value: 4294967295
handoff-roaming Enable/disable client load balancing during roaming to avoid roaming delay (default = disable).
enable: Enable handoff roaming.
disable: Disable handoff roaming.
option -
ap-country Country in which this WTP, FortiAP or AP will operate (default = NA, automatically use the country configured for the current VDOM).
NA: NO_COUNTRY_SET
AL: ALBANIA
DZ: ALGERIA
AO: ANGOLA
AR: ARGENTINA
AM: ARMENIA
AU: AUSTRALIA
AT: AUSTRIA
AZ: AZERBAIJAN
BH: BAHRAIN
BD: BANGLADESH
BB: BARBADOS
BY: BELARUS
BE: BELGIUM
BZ: BELIZE
BO: BOLIVIA
BA: BOSNIA AND HERZEGOVINA
BR: BRAZIL
BN: BRUNEI DARUSSALAM
BG: BULGARIA
KH: CAMBODIA
CF: CENTRAL AFRICA REPUBLIC
CL: CHILE
CN: CHINA
CO: COLOMBIA
CR: COSTA RICA
HR: CROATIA
CY: CYPRUS
CZ: CZECH REPUBLIC
DK: DENMARK
DO: DOMINICAN REPUBLIC
EC: ECUADOR
EG: EGYPT
SV: EL SALVADOR
EE: ESTONIA
FI: FINLAND
FR: FRANCE
GE: GEORGIA
DE: GERMANY
GR: GREECE
GL: GREENLAND
GD: GRENADA
GU: GUAM
GT: GUATEMALA
HT: HAITI
HN: HONDURAS
HK: HONG KONG
HU: HUNGARY
IS: ICELAND
IN: INDIA
ID: INDONESIA
IR: IRAN
IE: IRELAND
IL: ISRAEL
IT: ITALY
JM: JAMAICA
JO: JORDAN
KZ: KAZAKHSTAN
KE: KENYA
KP: NORTH KOREA
KR: KOREA REPUBLIC
KW: KUWAIT
LV: LATVIA
LB: LEBANON
LI: LIECHTENSTEIN
LT: LITHUANIA
LU: LUXEMBOURG
MO: MACAU SAR
MK: MACEDONIA, FYRO
MY: MALAYSIA
MT: MALTA
MX: MEXICO
MC: MONACO
MA: MOROCCO
MZ: MOZAMBIQUE
MM: MYANMAR
NP: NEPAL
NL: NETHERLANDS
AN: NETHERLANDS ANTILLES
AW: ARUBA
NZ: NEW ZEALAND
NO: NORWAY
OM: OMAN
PK: PAKISTAN
PA: PANAMA
PG: PAPUA NEW GUINEA
PY: PARAGUAY
PE: PERU
PH: PHILIPPINES
PL: POLAND
PT: PORTUGAL
PR: PUERTO RICO
QA: QATAR
RO: ROMANIA
RU: RUSSIA
RW: RWANDA
SA: SAUDI ARABIA
RS: REPUBLIC OF SERBIA
ME: MONTENEGRO
SG: SINGAPORE
SK: SLOVAKIA
SI: SLOVENIA
ZA: SOUTH AFRICA
ES: SPAIN
LK: SRI LANKA
SE: SWEDEN
SD: SUDAN
CH: SWITZERLAND
SY: SYRIAN ARAB REPUBLIC
TW: TAIWAN
TZ: TANZANIA
TH: THAILAND
TT: TRINIDAD AND TOBAGO
TN: TUNISIA
TR: TURKEY
AE: UNITED ARAB EMIRATES
UA: UKRAINE
GB: UNITED KINGDOM
US: UNITED STATES2
PS: UNITED STATES (PUBLIC SAFETY)
UY: URUGUAY
UZ: UZBEKISTAN
VE: VENEZUELA
VN: VIET NAM
YE: YEMEN
ZB: ZAMBIA
ZW: ZIMBABWE
JP: JAPAN14
CA: CANADA2
option -
ip-fragment-preventing Method(s) by which IP fragmentation is prevented for control and data packets through CAPWAP tunnel (default = tcp-mss-adjust).
tcp-mss-adjust: TCP maximum segment size adjustment.
icmp-unreachable: Drop packet and send ICMP Destination Unreachable
option -
tun-mtu-uplink The maximum transmission unit (MTU) of uplink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0). integer Minimum value: 576 Maximum value: 1500
tun-mtu-downlink The MTU of downlink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0). integer Minimum value: 576 Maximum value: 1500
split-tunneling-acl-path Split tunneling ACL path is local/tunnel.
tunnel: Split tunneling ACL list traffic will be tunnel.
local: Split tunneling ACL list traffic will be local NATed.
option -
split-tunneling-acl-local-ap-subnet Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL (default = disable).
enable: Enable automatically adding local subnetwork of FortiAP to split-tunneling ACL.
disable: Disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.
option -
allowaccess Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space.
https: HTTPS access.
ssh: SSH access.
snmp: SNMP access.
option -
login-passwd-change Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no, default = no).
yes: Change the managed WTP, FortiAP or AP's administrator password. Use the login-password option to set the password.
default: Keep the managed WTP, FortiAP or AP's administrator password set to the factory default.
no: Do not change the managed WTP, FortiAP or AP's administrator password.
option -
login-passwd Set the managed WTP, FortiAP, or AP's administrator password. password Not Specified
lldp Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP (default = disable).
enable: Enable LLDP.
disable: Disable LLDP.
option -
poe-mode Set the WTP, FortiAP, or AP's PoE mode.
auto: Automatically detect the PoE mode.
8023af: Use 802.3af PoE mode.
8023at: Use 802.3at PoE mode.
power-adapter: Use the power adapter to control the PoE mode.
option -
ext-info-enable Enable/disable station/VAP/radio extension information.
enable: Enable station/VAP/radio extension information.
disable: Disable station/VAP/radio extension information.
option -

config platform

Parameter Name Description Type Size
type WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in profile and customize it or create a new profile.
AP-11N: Default 11n AP.
220B: FAP220B/221B.
210B: FAP210B.
222B: FAP222B.
112B: FAP112B.
320B: FAP320B.
11C: FAP11C.
14C: FAP14C.
223B: FAP223B.
28C: FAP28C.
320C: FAP320C.
221C: FAP221C.
25D: FAP25D.
222C: FAP222C.
224D: FAP224D.
214B: FK214B.
21D: FAP21D.
24D: FAP24D.
112D: FAP112D.
223C: FAP223C.
321C: FAP321C.
C220C: FAPC220C.
C225C: FAPC225C.
C23JD: FAPC23JD.
C24JE: FAPC24JE.
S321C: FAPS321C.
S322C: FAPS322C.
S323C: FAPS323C.
S311C: FAPS311C.
S313C: FAPS313C.
S321CR: FAPS321CR.
S322CR: FAPS322CR.
S323CR: FAPS323CR.
S421E: FAPS421E.
S422E: FAPS422E.
S423E: FAPS423E.
421E: FAP421E.
423E: FAP423E.
221E: FAP221E.
222E: FAP222E.
223E: FAP223E.
224E: FAP224E.
S221E: FAPS221E.
S223E: FAPS223E.
321E: FAP321E.
U421E: FAPU421EV.
U422EV: FAPU422EV.
U423E: FAPU423EV.
U221EV: FAPU221EV.
U223EV: FAPU223EV.
U24JEV: FAPU24JEV.
U321EV: FAPU321EV.
U323EV: FAPU323EV.
option -

config lan

Parameter Name Description Type Size
port-mode LAN port mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port-ssid Bridge LAN port to SSID. string Maximum length: 15
port1-mode LAN port 1 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port1-ssid Bridge LAN port 1 to SSID. string Maximum length: 15
port2-mode LAN port 2 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port2-ssid Bridge LAN port 2 to SSID. string Maximum length: 15
port3-mode LAN port 3 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port3-ssid Bridge LAN port 3 to SSID. string Maximum length: 15
port4-mode LAN port 4 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port4-ssid Bridge LAN port 4 to SSID. string Maximum length: 15
port5-mode LAN port 5 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port5-ssid Bridge LAN port 5 to SSID. string Maximum length: 15
port6-mode LAN port 6 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port6-ssid Bridge LAN port 6 to SSID. string Maximum length: 15
port7-mode LAN port 7 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port7-ssid Bridge LAN port 7 to SSID. string Maximum length: 15
port8-mode LAN port 8 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port8-ssid Bridge LAN port 8 to SSID. string Maximum length: 15

config deny-mac-list

Parameter Name Description Type Size
mac A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP. mac-address Not Specified

config split-tunneling-acl

Parameter Name Description Type Size
dest-ip Destination IP and mask for the split-tunneling subnet. ipv4-classnet Not Specified

config radio-1

Parameter Name Description Type Size
radio-id radio-id integer Minimum value: 0 Maximum value: 2
mode Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer.
disabled: Radio 1 is disabled.
ap: Radio 1 operates as an access point that allows WiFi clients to connect to your network.
monitor: Radio 1 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.
sniffer: Radio 1 operates as a sniffer capturing WiFi frames on air.
option -
band WiFi band that Radio 1 operates on.
802.11a: 802.11a.
802.11b: 802.11b.
802.11g: 802.11g/b.
802.11n: 802.11n/g/b at 2.4GHz.
802.11n-5G: 802.11n/a at 5GHz.
802.11ac: 802.11ac/n/a.
802.11n,g-only: 802.11n/g at 2.4GHz.
802.11g-only: 802.11g.
802.11n-only: 802.11n at 2.4GHz.
802.11n-5G-only: 802.11n at 5GHz.
802.11ac,n-only: 802.11ac/n.
802.11ac-only: 802.11ac.
option -
airtime-fairness Enable/disable airtime fairness (default = disable).
enable: Enable airtime fairness (ATF) support.
disable: Disable airtime fairness (ATF) support.
option -
protection-mode Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).
rtscts: Enable 802.11g protection RTS/CTS mode.
ctsonly: Enable 802.11g protection CTS only mode.
disable: Disable 802.11g protection mode.
option -
powersave-optimize Enable client power-saving features such as TIM, AC VO, and OBSS etc.
tim: TIM bit for client in power save mode.
ac-vo: Use AC VO priority to send out packets in the power save queue.
no-obss-scan: Do not put OBSS scan IE into beacon and probe response frames.
no-11b-rate: Do not send frame using 11b data rate.
client-rate-follow: Adapt transmitting PHY rate with receiving PHY rate from a client.
option -
transmit-optimize Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.
disable: Disable packet transmission optimization.
power-save: Tag client as operating in power save mode if excessive transmit retries occur.
aggr-limit: Set aggregation limit to a lower value when data rate is low.
retry-limit: Set software retry limit to a lower value when data rate is low.
send-bar: Limit transmission of BAR frames.
option -
amsdu Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable).
enable: Enable AMSDU support.
disable: Disable AMSDU support.
option -
coexistence Enable/disable allowing both HT20 and HT40 on the same radio (default = enable).
enable: Enable support for both HT20 and HT40 on the same radio.
disable: Disable support for both HT20 and HT40 on the same radio.
option -
short-guard-interval Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.
enable: Select the 400 ns short guard interval (Short GI).
disable: Select the 800 ns long guard interval (Long GI).
option -
channel-bonding Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.
80MHz: 80 MHz channel width.
40MHz: 40 MHz channel width.
20MHz: 20 MHz channel width.
option -
auto-power-level Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).
enable: Enable automatic transmit power adjustment.
disable: Disable automatic transmit power adjustment.
option -
auto-power-high The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
auto-power-low The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
power-level Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). integer Minimum value: 0 Maximum value: 100
dtim Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode. integer Minimum value: 1 Maximum value: 255
beacon-interval Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100). integer Minimum value: 0 Maximum value: 65535
rts-threshold Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346). integer Minimum value: 256 Maximum value: 2346
frag-threshold Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346). integer Minimum value: 800 Maximum value: 2346
ap-sniffer-bufsize Sniffer buffer size (1 - 32 MB, default = 16). integer Minimum value: 1 Maximum value: 32
ap-sniffer-chan Channel on which to operate the sniffer (default = 6). integer Minimum value: 0 Maximum value: 4294967295
ap-sniffer-addr MAC address to monitor. mac-address Not Specified
ap-sniffer-mgmt-beacon Enable/disable sniffer on WiFi management Beacon frames (default = enable).
enable: Enable sniffer on WiFi management beacon frame.
disable: Disable sniffer on WiFi management beacon frame.
option -
ap-sniffer-mgmt-probe Enable/disable sniffer on WiFi management probe frames (default = enable).
enable: Enable sniffer on WiFi management probe frame.
disable: Enable sniffer on WiFi management probe frame.
option -
ap-sniffer-mgmt-other Enable/disable sniffer on WiFi management other frames (default = enable).
enable: Enable sniffer on WiFi management other frame.
disable: Disable sniffer on WiFi management other frame.
option -
ap-sniffer-ctl Enable/disable sniffer on WiFi control frame (default = enable).
enable: Enable sniffer on WiFi control frame.
disable: Disable sniffer on WiFi control frame.
option -
ap-sniffer-data Enable/disable sniffer on WiFi data frame (default = enable).
enable: Enable sniffer on WiFi data frame
disable: Disable sniffer on WiFi data frame
option -
channel-utilization Enable/disable measuring channel utilization.
enable: Enable measuring channel utilization.
disable: Disable measuring channel utilization.
option -
spectrum-analysis Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.
enable: Enable spectrum analysis.
disable: Disable spectrum analysis.
option -
wids-profile Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. string Maximum length: 35
darrp Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable).
enable: Enable distributed automatic radio resource provisioning.
disable: Disable distributed automatic radio resource provisioning.
option -
max-clients Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. integer Minimum value: 0 Maximum value: 4294967295
max-distance Maximum expected distance between the AP and clients (0 - 54000 m, default = 0). integer Minimum value: 0 Maximum value: 54000
frequency-handoff Enable/disable frequency handoff of clients to other channels (default = disable).
enable: Enable frequency handoff.
disable: Disable frequency handoff.
option -
ap-handoff Enable/disable AP handoff of clients to other APs (default = disable).
enable: Enable AP handoff.
disable: Disable AP handoff.
option -
vap-all Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).
enable: Automatically select tunnel VAPs.
disable: Manually select VAPs.
option -
vaps <name> Manually selected list of Virtual Access Points (VAPs).
Virtual Access Point (VAP) name.
string Maximum length: 35
channel <chan> Selected list of wireless radio channels.
Channel number.
string Maximum length: 3
call-admission-control Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.
enable: Enable WMM call admission control.
disable: Disable WMM call admission control.
option -
call-capacity Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10). integer Minimum value: 0 Maximum value: 60
bandwidth-admission-control Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.
enable: Enable WMM bandwidth admission control.
disable: Disable WMM bandwidth admission control.
option -
bandwidth-capacity Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000). integer Minimum value: 1 Maximum value: 600000

config radio-2

Parameter Name Description Type Size
radio-id radio-id integer Minimum value: 0 Maximum value: 2
mode Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer.
disabled: Radio 2 is disabled.
ap: Radio 2 operates as an access point that allows WiFi clients to connect to your network.
monitor: Radio 2 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.
sniffer: Radio 2 operates as a sniffer capturing WiFi frames on air.
option -
band WiFi band that Radio 2 operates on.
802.11a: 802.11a.
802.11b: 802.11b.
802.11g: 802.11g/b.
802.11n: 802.11n/g/b at 2.4GHz.
802.11n-5G: 802.11n/a at 5GHz.
802.11ac: 802.11ac/n/a.
802.11n,g-only: 802.11n/g at 2.4GHz.
802.11g-only: 802.11g.
802.11n-only: 802.11n at 2.4GHz.
802.11n-5G-only: 802.11n at 5GHz.
802.11ac,n-only: 802.11ac/n.
802.11ac-only: 802.11ac.
option -
airtime-fairness Enable/disable airtime fairness (default = disable).
enable: Enable airtime fairness (ATF) support.
disable: Disable airtime fairness (ATF) support.
option -
protection-mode Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).
rtscts: Enable 802.11g protection RTS/CTS mode.
ctsonly: Enable 802.11g protection CTS only mode.
disable: Disable 802.11g protection mode.
option -
powersave-optimize Enable client power-saving features such as TIM, AC VO, and OBSS etc.
tim: TIM bit for client in power save mode.
ac-vo: Use AC VO priority to send out packets in the power save queue.
no-obss-scan: Do not put OBSS scan IE into beacon and probe response frames.
no-11b-rate: Do not send frame using 11b data rate.
client-rate-follow: Adapt transmitting PHY rate with receiving PHY rate from a client.
option -
transmit-optimize Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.
disable: Disable packet transmission optimization.
power-save: Tag client as operating in power save mode if excessive transmit retries occur.
aggr-limit: Set aggregation limit to a lower value when data rate is low.
retry-limit: Set software retry limit to a lower value when data rate is low.
send-bar: Limit transmission of BAR frames.
option -
amsdu Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable).
enable: Enable AMSDU support.
disable: Disable AMSDU support.
option -
coexistence Enable/disable allowing both HT20 and HT40 on the same radio (default = enable).
enable: Enable support for both HT20 and HT40 on the same radio.
disable: Disable support for both HT20 and HT40 on the same radio.
option -
short-guard-interval Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.
enable: Select the 400 ns short guard interval (Short GI).
disable: Select the 800 ns long guard interval (Long GI).
option -
channel-bonding Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.
80MHz: 80 MHz channel width.
40MHz: 40 MHz channel width.
20MHz: 20 MHz channel width.
option -
auto-power-level Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).
enable: Enable automatic transmit power adjustment.
disable: Disable automatic transmit power adjustment.
option -
auto-power-high The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
auto-power-low The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
power-level Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). integer Minimum value: 0 Maximum value: 100
dtim Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode. integer Minimum value: 1 Maximum value: 255
beacon-interval Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100). integer Minimum value: 0 Maximum value: 65535
rts-threshold Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346). integer Minimum value: 256 Maximum value: 2346
frag-threshold Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346). integer Minimum value: 800 Maximum value: 2346
ap-sniffer-bufsize Sniffer buffer size (1 - 32 MB, default = 16). integer Minimum value: 1 Maximum value: 32
ap-sniffer-chan Channel on which to operate the sniffer (default = 6). integer Minimum value: 0 Maximum value: 4294967295
ap-sniffer-addr MAC address to monitor. mac-address Not Specified
ap-sniffer-mgmt-beacon Enable/disable sniffer on WiFi management Beacon frames (default = enable).
enable: Enable sniffer on WiFi management beacon frame.
disable: Disable sniffer on WiFi management beacon frame.
option -
ap-sniffer-mgmt-probe Enable/disable sniffer on WiFi management probe frames (default = enable).
enable: Enable sniffer on WiFi management probe frame.
disable: Enable sniffer on WiFi management probe frame.
option -
ap-sniffer-mgmt-other Enable/disable sniffer on WiFi management other frames (default = enable).
enable: Enable sniffer on WiFi management other frame.
disable: Disable sniffer on WiFi management other frame.
option -
ap-sniffer-ctl Enable/disable sniffer on WiFi control frame (default = enable).
enable: Enable sniffer on WiFi control frame.
disable: Disable sniffer on WiFi control frame.
option -
ap-sniffer-data Enable/disable sniffer on WiFi data frame (default = enable).
enable: Enable sniffer on WiFi data frame
disable: Disable sniffer on WiFi data frame
option -
channel-utilization Enable/disable measuring channel utilization.
enable: Enable measuring channel utilization.
disable: Disable measuring channel utilization.
option -
spectrum-analysis Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.
enable: Enable spectrum analysis.
disable: Disable spectrum analysis.
option -
wids-profile Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. string Maximum length: 35
darrp Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable).
enable: Enable distributed automatic radio resource provisioning.
disable: Disable distributed automatic radio resource provisioning.
option -
max-clients Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. integer Minimum value: 0 Maximum value: 4294967295
max-distance Maximum expected distance between the AP and clients (0 - 54000 m, default = 0). integer Minimum value: 0 Maximum value: 54000
frequency-handoff Enable/disable frequency handoff of clients to other channels (default = disable).
enable: Enable frequency handoff.
disable: Disable frequency handoff.
option -
ap-handoff Enable/disable AP handoff of clients to other APs (default = disable).
enable: Enable AP handoff.
disable: Disable AP handoff.
option -
vap-all Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).
enable: Automatically select tunnel VAPs.
disable: Manually select VAPs.
option -
vaps <name> Manually selected list of Virtual Access Points (VAPs).
Virtual Access Point (VAP) name.
string Maximum length: 35
channel <chan> Selected list of wireless radio channels.
Channel number.
string Maximum length: 3
call-admission-control Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.
enable: Enable WMM call admission control.
disable: Disable WMM call admission control.
option -
call-capacity Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10). integer Minimum value: 0 Maximum value: 60
bandwidth-admission-control Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.
enable: Enable WMM bandwidth admission control.
disable: Disable WMM bandwidth admission control.
option -
bandwidth-capacity Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000). integer Minimum value: 1 Maximum value: 600000

config lbs

Parameter Name Description Type Size
ekahau-blink-mode Enable/disable Ekahau blink mode (now known as AiRISTA Flow) to track and locate WiFi tags (default = disable).
enable: Enable Ekahau blink mode.
disable: Disable Ekahau blink mode.
option -
ekahau-tag WiFi frame MAC address or WiFi Tag. mac-address Not Specified
erc-server-ip IP address of Ekahau RTLS Controller (ERC). ipv4-address-any Not Specified
erc-server-port Ekahau RTLS Controller (ERC) UDP listening port. integer Minimum value: 1024 Maximum value: 65535
aeroscout Enable/disable AeroScout Real Time Location Service (RTLS) support (default = disable).
enable: Enable AeroScout support.
disable: Disable AeroScout support.
option -
aeroscout-server-ip IP address of AeroScout server. ipv4-address-any Not Specified
aeroscout-server-port AeroScout server UDP listening port. integer Minimum value: 1024 Maximum value: 65535
aeroscout-mu Enable/disable AeroScout Mobile Unit (MU) support (default = disable).
enable: Enable AeroScout MU mode support.
disable: Disable AeroScout MU mode support.
option -
aeroscout-ap-mac Use BSSID or board MAC address as AP MAC address in AeroScout AP messages (default = bssid).
bssid: Use BSSID as AP MAC address in AeroScout AP messages.
board-mac: Use board MAC address as AP MAC address in AeroScout AP messages.
option -
aeroscout-mmu-report Enable/disable compounded AeroScout tag and MU report (default = enable).
enable: Enable compounded AeroScout tag and MU report.
disable: Disable compounded AeroScout tag and MU report.
option -
aeroscout-mu-factor AeroScout MU mode dilution factor (default = 20). integer Minimum value: 0 Maximum value: 4294967295
aeroscout-mu-timeout AeroScout MU mode timeout (0 - 65535 sec, default = 5). integer Minimum value: 0 Maximum value: 65535
fortipresence Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don't connect to this WiFi network (default = disable).
foreign: FortiPresence monitors foreign channels only. Foreign channels mean all other available channels than the current operating channel of the WTP, AP, or FortiAP.
both: Enable FortiPresence on both foreign and home channels. Select this option to have FortiPresence monitor all WiFi channels.
disable: Disable FortiPresence.
option -
fortipresence-server FortiPresence server IP address. ipv4-address-any Not Specified
fortipresence-port FortiPresence server UDP listening port (default = 3000). integer Minimum value: 300 Maximum value: 65535
fortipresence-secret FortiPresence secret password (max. 16 characters). password Not Specified
fortipresence-project FortiPresence project name (max. 16 characters, default = fortipresence). string Maximum length: 16
fortipresence-frequency FortiPresence report transmit frequency (5 - 65535 sec, default = 30). integer Minimum value: 5 Maximum value: 65535
fortipresence-rogue Enable/disable FortiPresence finding and reporting rogue APs.
enable: Enable FortiPresence finding and reporting rogue APs.
disable: Disable FortiPresence finding and reporting rogue APs.
option -
fortipresence-unassoc Enable/disable FortiPresence finding and reporting unassociated stations.
enable: Enable FortiPresence finding and reporting unassociated stations.
disable: Disable FortiPresence finding and reporting unassociated stations.
option -
fortipresence-ble Enable/disable FortiPresence finding and reporting BLE devices.
enable: Enable FortiPresence finding and reporting BLE devices.
disable: Disable FortiPresence finding and reporting BLE devices.
option -
station-locate Enable/disable client station locating services for all clients, whether associated or not (default = disable).
enable: Enable station locating service.
disable: Disable station locating service.
option -

Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.

  config wireless-controller wtp-profile
      Description: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.
      edit <name>
          set comment {var-string}
          config platform
              Description: WTP, FortiAP, or AP platform.
              set type [AP-11N|220B|...]
          end
          set control-message-offload {option1}, {option2}, ...
          set ble-profile {string}
          set wan-port-mode [wan-lan|wan-only]
          config lan
              Description: WTP LAN port mapping.
              set port-mode [offline|nat-to-wan|...]
              set port-ssid {string}
              set port1-mode [offline|nat-to-wan|...]
              set port1-ssid {string}
              set port2-mode [offline|nat-to-wan|...]
              set port2-ssid {string}
              set port3-mode [offline|nat-to-wan|...]
              set port3-ssid {string}
              set port4-mode [offline|nat-to-wan|...]
              set port4-ssid {string}
              set port5-mode [offline|nat-to-wan|...]
              set port5-ssid {string}
              set port6-mode [offline|nat-to-wan|...]
              set port6-ssid {string}
              set port7-mode [offline|nat-to-wan|...]
              set port7-ssid {string}
              set port8-mode [offline|nat-to-wan|...]
              set port8-ssid {string}
          end
          set energy-efficient-ethernet [enable|disable]
          set led-state [enable|disable]
          set led-schedules <name1>, <name2>, ...
          set dtls-policy {option1}, {option2}, ...
          set dtls-in-kernel [enable|disable]
          set max-clients {integer}
          set handoff-rssi {integer}
          set handoff-sta-thresh {integer}
          set handoff-roaming [enable|disable]
          config deny-mac-list
              Description: List of MAC addresses that are denied access to this WTP, FortiAP, or AP.
              edit <id>
                  set mac {mac-address}
              next
          end
          set ap-country [NA|AL|...]
          set ip-fragment-preventing {option1}, {option2}, ...
          set tun-mtu-uplink {integer}
          set tun-mtu-downlink {integer}
          set split-tunneling-acl-path [tunnel|local]
          set split-tunneling-acl-local-ap-subnet [enable|disable]
          config split-tunneling-acl
              Description: Split tunneling ACL filter list.
              edit <id>
                  set dest-ip {ipv4-classnet}
              next
          end
          set allowaccess {option1}, {option2}, ...
          set login-passwd-change [yes|default|...]
          set login-passwd {password}
          set lldp [enable|disable]
          set poe-mode [auto|8023af|...]
          config radio-1
              Description: Configuration options for radio 1.
              set radio-id {integer}
              set mode [disabled|ap|...]
              set band [802.11a|802.11b|...]
              set airtime-fairness [enable|disable]
              set protection-mode [rtscts|ctsonly|...]
              set powersave-optimize {option1}, {option2}, ...
              set transmit-optimize {option1}, {option2}, ...
              set amsdu [enable|disable]
              set coexistence [enable|disable]
              set short-guard-interval [enable|disable]
              set channel-bonding [80MHz|40MHz|...]
              set auto-power-level [enable|disable]
              set auto-power-high {integer}
              set auto-power-low {integer}
              set power-level {integer}
              set dtim {integer}
              set beacon-interval {integer}
              set rts-threshold {integer}
              set frag-threshold {integer}
              set ap-sniffer-bufsize {integer}
              set ap-sniffer-chan {integer}
              set ap-sniffer-addr {mac-address}
              set ap-sniffer-mgmt-beacon [enable|disable]
              set ap-sniffer-mgmt-probe [enable|disable]
              set ap-sniffer-mgmt-other [enable|disable]
              set ap-sniffer-ctl [enable|disable]
              set ap-sniffer-data [enable|disable]
              set channel-utilization [enable|disable]
              set spectrum-analysis [enable|disable]
              set wids-profile {string}
              set darrp [enable|disable]
              set max-clients {integer}
              set max-distance {integer}
              set frequency-handoff [enable|disable]
              set ap-handoff [enable|disable]
              set vap-all [enable|disable]
              set vaps <name1>, <name2>, ...
              set channel <chan1>, <chan2>, ...
              set call-admission-control [enable|disable]
              set call-capacity {integer}
              set bandwidth-admission-control [enable|disable]
              set bandwidth-capacity {integer}
          end
          config radio-2
              Description: Configuration options for radio 2.
              set radio-id {integer}
              set mode [disabled|ap|...]
              set band [802.11a|802.11b|...]
              set airtime-fairness [enable|disable]
              set protection-mode [rtscts|ctsonly|...]
              set powersave-optimize {option1}, {option2}, ...
              set transmit-optimize {option1}, {option2}, ...
              set amsdu [enable|disable]
              set coexistence [enable|disable]
              set short-guard-interval [enable|disable]
              set channel-bonding [80MHz|40MHz|...]
              set auto-power-level [enable|disable]
              set auto-power-high {integer}
              set auto-power-low {integer}
              set power-level {integer}
              set dtim {integer}
              set beacon-interval {integer}
              set rts-threshold {integer}
              set frag-threshold {integer}
              set ap-sniffer-bufsize {integer}
              set ap-sniffer-chan {integer}
              set ap-sniffer-addr {mac-address}
              set ap-sniffer-mgmt-beacon [enable|disable]
              set ap-sniffer-mgmt-probe [enable|disable]
              set ap-sniffer-mgmt-other [enable|disable]
              set ap-sniffer-ctl [enable|disable]
              set ap-sniffer-data [enable|disable]
              set channel-utilization [enable|disable]
              set spectrum-analysis [enable|disable]
              set wids-profile {string}
              set darrp [enable|disable]
              set max-clients {integer}
              set max-distance {integer}
              set frequency-handoff [enable|disable]
              set ap-handoff [enable|disable]
              set vap-all [enable|disable]
              set vaps <name1>, <name2>, ...
              set channel <chan1>, <chan2>, ...
              set call-admission-control [enable|disable]
              set call-capacity {integer}
              set bandwidth-admission-control [enable|disable]
              set bandwidth-capacity {integer}
          end
          config lbs
              Description: Set various location based service (LBS) options.
              set ekahau-blink-mode [enable|disable]
              set ekahau-tag {mac-address}
              set erc-server-ip {ipv4-address-any}
              set erc-server-port {integer}
              set aeroscout [enable|disable]
              set aeroscout-server-ip {ipv4-address-any}
              set aeroscout-server-port {integer}
              set aeroscout-mu [enable|disable]
              set aeroscout-ap-mac [bssid|board-mac]
              set aeroscout-mmu-report [enable|disable]
              set aeroscout-mu-factor {integer}
              set aeroscout-mu-timeout {integer}
              set fortipresence [foreign|both|...]
              set fortipresence-server {ipv4-address-any}
              set fortipresence-port {integer}
              set fortipresence-secret {password}
              set fortipresence-project {string}
              set fortipresence-frequency {integer}
              set fortipresence-rogue [enable|disable]
              set fortipresence-unassoc [enable|disable]
              set fortipresence-ble [enable|disable]
              set station-locate [enable|disable]
          end
          set ext-info-enable [enable|disable]
      next
  end

config wireless-controller wtp-profile

Parameter Name Description Type Size
comment Comment. var-string Maximum length: 255
control-message-offload Enable/disable CAPWAP control message data channel offload.
ebp-frame: Ekahau blink protocol (EBP) frames.
aeroscout-tag: AeroScout tag.
ap-list: Rogue AP list.
sta-list: Rogue STA list.
sta-cap-list: STA capability list.
stats: WTP, radio, VAP, and STA statistics.
aeroscout-mu: AeroScout Mobile Unit (MU) report.
sta-health: STA health log.
option -
ble-profile Bluetooth Low Energy profile name. string Maximum length: 35
wan-port-mode Enable/disable using a WAN port as a LAN port.
wan-lan: Enable using a WAN port as a LAN port.
wan-only: Disable using a WAN port as a LAN port.
option -
energy-efficient-ethernet Enable/disable use of energy efficient Ethernet on WTP.
enable: Enable use of energy efficient Ethernet on WTP.
disable: Disable use of energy efficient Ethernet on WTP.
option -
led-state Enable/disable use of LEDs on WTP (default = disable).
enable: Enable use of LEDs on WTP.
disable: Disable use of LEDs on WTP.
option -
led-schedules <name> Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid. Separate multiple schedule names with a space.
Schedule name.
string Maximum length: 35
dtls-policy WTP data channel DTLS policy (default = clear-text).
clear-text: Clear Text Data Channel.
dtls-enabled: DTLS Enabled Data Channel.
ipsec-vpn: IPsec VPN Data Channel.
option -
dtls-in-kernel Enable/disable data channel DTLS in kernel.
enable: Enable data channel DTLS in kernel.
disable: Disable data channel DTLS in kernel.
option -
max-clients Maximum number of stations (STAs) supported by the WTP (default = 0, meaning no client limitation). integer Minimum value: 0 Maximum value: 4294967295
handoff-rssi Minimum received signal strength indicator (RSSI) value for handoff (20 - 30, default = 25). integer Minimum value: 20 Maximum value: 30
handoff-sta-thresh Threshold value for AP handoff. integer Minimum value: 0 Maximum value: 4294967295
handoff-roaming Enable/disable client load balancing during roaming to avoid roaming delay (default = disable).
enable: Enable handoff roaming.
disable: Disable handoff roaming.
option -
ap-country Country in which this WTP, FortiAP or AP will operate (default = NA, automatically use the country configured for the current VDOM).
NA: NO_COUNTRY_SET
AL: ALBANIA
DZ: ALGERIA
AO: ANGOLA
AR: ARGENTINA
AM: ARMENIA
AU: AUSTRALIA
AT: AUSTRIA
AZ: AZERBAIJAN
BH: BAHRAIN
BD: BANGLADESH
BB: BARBADOS
BY: BELARUS
BE: BELGIUM
BZ: BELIZE
BO: BOLIVIA
BA: BOSNIA AND HERZEGOVINA
BR: BRAZIL
BN: BRUNEI DARUSSALAM
BG: BULGARIA
KH: CAMBODIA
CF: CENTRAL AFRICA REPUBLIC
CL: CHILE
CN: CHINA
CO: COLOMBIA
CR: COSTA RICA
HR: CROATIA
CY: CYPRUS
CZ: CZECH REPUBLIC
DK: DENMARK
DO: DOMINICAN REPUBLIC
EC: ECUADOR
EG: EGYPT
SV: EL SALVADOR
EE: ESTONIA
FI: FINLAND
FR: FRANCE
GE: GEORGIA
DE: GERMANY
GR: GREECE
GL: GREENLAND
GD: GRENADA
GU: GUAM
GT: GUATEMALA
HT: HAITI
HN: HONDURAS
HK: HONG KONG
HU: HUNGARY
IS: ICELAND
IN: INDIA
ID: INDONESIA
IR: IRAN
IE: IRELAND
IL: ISRAEL
IT: ITALY
JM: JAMAICA
JO: JORDAN
KZ: KAZAKHSTAN
KE: KENYA
KP: NORTH KOREA
KR: KOREA REPUBLIC
KW: KUWAIT
LV: LATVIA
LB: LEBANON
LI: LIECHTENSTEIN
LT: LITHUANIA
LU: LUXEMBOURG
MO: MACAU SAR
MK: MACEDONIA, FYRO
MY: MALAYSIA
MT: MALTA
MX: MEXICO
MC: MONACO
MA: MOROCCO
MZ: MOZAMBIQUE
MM: MYANMAR
NP: NEPAL
NL: NETHERLANDS
AN: NETHERLANDS ANTILLES
AW: ARUBA
NZ: NEW ZEALAND
NO: NORWAY
OM: OMAN
PK: PAKISTAN
PA: PANAMA
PG: PAPUA NEW GUINEA
PY: PARAGUAY
PE: PERU
PH: PHILIPPINES
PL: POLAND
PT: PORTUGAL
PR: PUERTO RICO
QA: QATAR
RO: ROMANIA
RU: RUSSIA
RW: RWANDA
SA: SAUDI ARABIA
RS: REPUBLIC OF SERBIA
ME: MONTENEGRO
SG: SINGAPORE
SK: SLOVAKIA
SI: SLOVENIA
ZA: SOUTH AFRICA
ES: SPAIN
LK: SRI LANKA
SE: SWEDEN
SD: SUDAN
CH: SWITZERLAND
SY: SYRIAN ARAB REPUBLIC
TW: TAIWAN
TZ: TANZANIA
TH: THAILAND
TT: TRINIDAD AND TOBAGO
TN: TUNISIA
TR: TURKEY
AE: UNITED ARAB EMIRATES
UA: UKRAINE
GB: UNITED KINGDOM
US: UNITED STATES2
PS: UNITED STATES (PUBLIC SAFETY)
UY: URUGUAY
UZ: UZBEKISTAN
VE: VENEZUELA
VN: VIET NAM
YE: YEMEN
ZB: ZAMBIA
ZW: ZIMBABWE
JP: JAPAN14
CA: CANADA2
option -
ip-fragment-preventing Method(s) by which IP fragmentation is prevented for control and data packets through CAPWAP tunnel (default = tcp-mss-adjust).
tcp-mss-adjust: TCP maximum segment size adjustment.
icmp-unreachable: Drop packet and send ICMP Destination Unreachable
option -
tun-mtu-uplink The maximum transmission unit (MTU) of uplink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0). integer Minimum value: 576 Maximum value: 1500
tun-mtu-downlink The MTU of downlink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0). integer Minimum value: 576 Maximum value: 1500
split-tunneling-acl-path Split tunneling ACL path is local/tunnel.
tunnel: Split tunneling ACL list traffic will be tunnel.
local: Split tunneling ACL list traffic will be local NATed.
option -
split-tunneling-acl-local-ap-subnet Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL (default = disable).
enable: Enable automatically adding local subnetwork of FortiAP to split-tunneling ACL.
disable: Disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.
option -
allowaccess Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space.
https: HTTPS access.
ssh: SSH access.
snmp: SNMP access.
option -
login-passwd-change Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no, default = no).
yes: Change the managed WTP, FortiAP or AP's administrator password. Use the login-password option to set the password.
default: Keep the managed WTP, FortiAP or AP's administrator password set to the factory default.
no: Do not change the managed WTP, FortiAP or AP's administrator password.
option -
login-passwd Set the managed WTP, FortiAP, or AP's administrator password. password Not Specified
lldp Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP (default = disable).
enable: Enable LLDP.
disable: Disable LLDP.
option -
poe-mode Set the WTP, FortiAP, or AP's PoE mode.
auto: Automatically detect the PoE mode.
8023af: Use 802.3af PoE mode.
8023at: Use 802.3at PoE mode.
power-adapter: Use the power adapter to control the PoE mode.
option -
ext-info-enable Enable/disable station/VAP/radio extension information.
enable: Enable station/VAP/radio extension information.
disable: Disable station/VAP/radio extension information.
option -

config platform

Parameter Name Description Type Size
type WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in profile and customize it or create a new profile.
AP-11N: Default 11n AP.
220B: FAP220B/221B.
210B: FAP210B.
222B: FAP222B.
112B: FAP112B.
320B: FAP320B.
11C: FAP11C.
14C: FAP14C.
223B: FAP223B.
28C: FAP28C.
320C: FAP320C.
221C: FAP221C.
25D: FAP25D.
222C: FAP222C.
224D: FAP224D.
214B: FK214B.
21D: FAP21D.
24D: FAP24D.
112D: FAP112D.
223C: FAP223C.
321C: FAP321C.
C220C: FAPC220C.
C225C: FAPC225C.
C23JD: FAPC23JD.
C24JE: FAPC24JE.
S321C: FAPS321C.
S322C: FAPS322C.
S323C: FAPS323C.
S311C: FAPS311C.
S313C: FAPS313C.
S321CR: FAPS321CR.
S322CR: FAPS322CR.
S323CR: FAPS323CR.
S421E: FAPS421E.
S422E: FAPS422E.
S423E: FAPS423E.
421E: FAP421E.
423E: FAP423E.
221E: FAP221E.
222E: FAP222E.
223E: FAP223E.
224E: FAP224E.
S221E: FAPS221E.
S223E: FAPS223E.
321E: FAP321E.
U421E: FAPU421EV.
U422EV: FAPU422EV.
U423E: FAPU423EV.
U221EV: FAPU221EV.
U223EV: FAPU223EV.
U24JEV: FAPU24JEV.
U321EV: FAPU321EV.
U323EV: FAPU323EV.
option -

config lan

Parameter Name Description Type Size
port-mode LAN port mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port-ssid Bridge LAN port to SSID. string Maximum length: 15
port1-mode LAN port 1 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port1-ssid Bridge LAN port 1 to SSID. string Maximum length: 15
port2-mode LAN port 2 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port2-ssid Bridge LAN port 2 to SSID. string Maximum length: 15
port3-mode LAN port 3 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port3-ssid Bridge LAN port 3 to SSID. string Maximum length: 15
port4-mode LAN port 4 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port4-ssid Bridge LAN port 4 to SSID. string Maximum length: 15
port5-mode LAN port 5 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port5-ssid Bridge LAN port 5 to SSID. string Maximum length: 15
port6-mode LAN port 6 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port6-ssid Bridge LAN port 6 to SSID. string Maximum length: 15
port7-mode LAN port 7 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port7-ssid Bridge LAN port 7 to SSID. string Maximum length: 15
port8-mode LAN port 8 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port8-ssid Bridge LAN port 8 to SSID. string Maximum length: 15

config deny-mac-list

Parameter Name Description Type Size
mac A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP. mac-address Not Specified

config split-tunneling-acl

Parameter Name Description Type Size
dest-ip Destination IP and mask for the split-tunneling subnet. ipv4-classnet Not Specified

config radio-1

Parameter Name Description Type Size
radio-id radio-id integer Minimum value: 0 Maximum value: 2
mode Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer.
disabled: Radio 1 is disabled.
ap: Radio 1 operates as an access point that allows WiFi clients to connect to your network.
monitor: Radio 1 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.
sniffer: Radio 1 operates as a sniffer capturing WiFi frames on air.
option -
band WiFi band that Radio 1 operates on.
802.11a: 802.11a.
802.11b: 802.11b.
802.11g: 802.11g/b.
802.11n: 802.11n/g/b at 2.4GHz.
802.11n-5G: 802.11n/a at 5GHz.
802.11ac: 802.11ac/n/a.
802.11n,g-only: 802.11n/g at 2.4GHz.
802.11g-only: 802.11g.
802.11n-only: 802.11n at 2.4GHz.
802.11n-5G-only: 802.11n at 5GHz.
802.11ac,n-only: 802.11ac/n.
802.11ac-only: 802.11ac.
option -
airtime-fairness Enable/disable airtime fairness (default = disable).
enable: Enable airtime fairness (ATF) support.
disable: Disable airtime fairness (ATF) support.
option -
protection-mode Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).
rtscts: Enable 802.11g protection RTS/CTS mode.
ctsonly: Enable 802.11g protection CTS only mode.
disable: Disable 802.11g protection mode.
option -
powersave-optimize Enable client power-saving features such as TIM, AC VO, and OBSS etc.
tim: TIM bit for client in power save mode.
ac-vo: Use AC VO priority to send out packets in the power save queue.
no-obss-scan: Do not put OBSS scan IE into beacon and probe response frames.
no-11b-rate: Do not send frame using 11b data rate.
client-rate-follow: Adapt transmitting PHY rate with receiving PHY rate from a client.
option -
transmit-optimize Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.
disable: Disable packet transmission optimization.
power-save: Tag client as operating in power save mode if excessive transmit retries occur.
aggr-limit: Set aggregation limit to a lower value when data rate is low.
retry-limit: Set software retry limit to a lower value when data rate is low.
send-bar: Limit transmission of BAR frames.
option -
amsdu Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable).
enable: Enable AMSDU support.
disable: Disable AMSDU support.
option -
coexistence Enable/disable allowing both HT20 and HT40 on the same radio (default = enable).
enable: Enable support for both HT20 and HT40 on the same radio.
disable: Disable support for both HT20 and HT40 on the same radio.
option -
short-guard-interval Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.
enable: Select the 400 ns short guard interval (Short GI).
disable: Select the 800 ns long guard interval (Long GI).
option -
channel-bonding Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.
80MHz: 80 MHz channel width.
40MHz: 40 MHz channel width.
20MHz: 20 MHz channel width.
option -
auto-power-level Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).
enable: Enable automatic transmit power adjustment.
disable: Disable automatic transmit power adjustment.
option -
auto-power-high The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
auto-power-low The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
power-level Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). integer Minimum value: 0 Maximum value: 100
dtim Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode. integer Minimum value: 1 Maximum value: 255
beacon-interval Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100). integer Minimum value: 0 Maximum value: 65535
rts-threshold Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346). integer Minimum value: 256 Maximum value: 2346
frag-threshold Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346). integer Minimum value: 800 Maximum value: 2346
ap-sniffer-bufsize Sniffer buffer size (1 - 32 MB, default = 16). integer Minimum value: 1 Maximum value: 32
ap-sniffer-chan Channel on which to operate the sniffer (default = 6). integer Minimum value: 0 Maximum value: 4294967295
ap-sniffer-addr MAC address to monitor. mac-address Not Specified
ap-sniffer-mgmt-beacon Enable/disable sniffer on WiFi management Beacon frames (default = enable).
enable: Enable sniffer on WiFi management beacon frame.
disable: Disable sniffer on WiFi management beacon frame.
option -
ap-sniffer-mgmt-probe Enable/disable sniffer on WiFi management probe frames (default = enable).
enable: Enable sniffer on WiFi management probe frame.
disable: Enable sniffer on WiFi management probe frame.
option -
ap-sniffer-mgmt-other Enable/disable sniffer on WiFi management other frames (default = enable).
enable: Enable sniffer on WiFi management other frame.
disable: Disable sniffer on WiFi management other frame.
option -
ap-sniffer-ctl Enable/disable sniffer on WiFi control frame (default = enable).
enable: Enable sniffer on WiFi control frame.
disable: Disable sniffer on WiFi control frame.
option -
ap-sniffer-data Enable/disable sniffer on WiFi data frame (default = enable).
enable: Enable sniffer on WiFi data frame
disable: Disable sniffer on WiFi data frame
option -
channel-utilization Enable/disable measuring channel utilization.
enable: Enable measuring channel utilization.
disable: Disable measuring channel utilization.
option -
spectrum-analysis Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.
enable: Enable spectrum analysis.
disable: Disable spectrum analysis.
option -
wids-profile Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. string Maximum length: 35
darrp Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable).
enable: Enable distributed automatic radio resource provisioning.
disable: Disable distributed automatic radio resource provisioning.
option -
max-clients Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. integer Minimum value: 0 Maximum value: 4294967295
max-distance Maximum expected distance between the AP and clients (0 - 54000 m, default = 0). integer Minimum value: 0 Maximum value: 54000
frequency-handoff Enable/disable frequency handoff of clients to other channels (default = disable).
enable: Enable frequency handoff.
disable: Disable frequency handoff.
option -
ap-handoff Enable/disable AP handoff of clients to other APs (default = disable).
enable: Enable AP handoff.
disable: Disable AP handoff.
option -
vap-all Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).
enable: Automatically select tunnel VAPs.
disable: Manually select VAPs.
option -
vaps <name> Manually selected list of Virtual Access Points (VAPs).
Virtual Access Point (VAP) name.
string Maximum length: 35
channel <chan> Selected list of wireless radio channels.
Channel number.
string Maximum length: 3
call-admission-control Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.
enable: Enable WMM call admission control.
disable: Disable WMM call admission control.
option -
call-capacity Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10). integer Minimum value: 0 Maximum value: 60
bandwidth-admission-control Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.
enable: Enable WMM bandwidth admission control.
disable: Disable WMM bandwidth admission control.
option -
bandwidth-capacity Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000). integer Minimum value: 1 Maximum value: 600000

config radio-2

Parameter Name Description Type Size
radio-id radio-id integer Minimum value: 0 Maximum value: 2
mode Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer.
disabled: Radio 2 is disabled.
ap: Radio 2 operates as an access point that allows WiFi clients to connect to your network.
monitor: Radio 2 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.
sniffer: Radio 2 operates as a sniffer capturing WiFi frames on air.
option -
band WiFi band that Radio 2 operates on.
802.11a: 802.11a.
802.11b: 802.11b.
802.11g: 802.11g/b.
802.11n: 802.11n/g/b at 2.4GHz.
802.11n-5G: 802.11n/a at 5GHz.
802.11ac: 802.11ac/n/a.
802.11n,g-only: 802.11n/g at 2.4GHz.
802.11g-only: 802.11g.
802.11n-only: 802.11n at 2.4GHz.
802.11n-5G-only: 802.11n at 5GHz.
802.11ac,n-only: 802.11ac/n.
802.11ac-only: 802.11ac.
option -
airtime-fairness Enable/disable airtime fairness (default = disable).
enable: Enable airtime fairness (ATF) support.
disable: Disable airtime fairness (ATF) support.
option -
protection-mode Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).
rtscts: Enable 802.11g protection RTS/CTS mode.
ctsonly: Enable 802.11g protection CTS only mode.
disable: Disable 802.11g protection mode.
option -
powersave-optimize Enable client power-saving features such as TIM, AC VO, and OBSS etc.
tim: TIM bit for client in power save mode.
ac-vo: Use AC VO priority to send out packets in the power save queue.
no-obss-scan: Do not put OBSS scan IE into beacon and probe response frames.
no-11b-rate: Do not send frame using 11b data rate.
client-rate-follow: Adapt transmitting PHY rate with receiving PHY rate from a client.
option -
transmit-optimize Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.
disable: Disable packet transmission optimization.
power-save: Tag client as operating in power save mode if excessive transmit retries occur.
aggr-limit: Set aggregation limit to a lower value when data rate is low.
retry-limit: Set software retry limit to a lower value when data rate is low.
send-bar: Limit transmission of BAR frames.
option -
amsdu Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable).
enable: Enable AMSDU support.
disable: Disable AMSDU support.
option -
coexistence Enable/disable allowing both HT20 and HT40 on the same radio (default = enable).
enable: Enable support for both HT20 and HT40 on the same radio.
disable: Disable support for both HT20 and HT40 on the same radio.
option -
short-guard-interval Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.
enable: Select the 400 ns short guard interval (Short GI).
disable: Select the 800 ns long guard interval (Long GI).
option -
channel-bonding Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.
80MHz: 80 MHz channel width.
40MHz: 40 MHz channel width.
20MHz: 20 MHz channel width.
option -
auto-power-level Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).
enable: Enable automatic transmit power adjustment.
disable: Disable automatic transmit power adjustment.
option -
auto-power-high The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
auto-power-low The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
power-level Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). integer Minimum value: 0 Maximum value: 100
dtim Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode. integer Minimum value: 1 Maximum value: 255
beacon-interval Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100). integer Minimum value: 0 Maximum value: 65535
rts-threshold Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346). integer Minimum value: 256 Maximum value: 2346
frag-threshold Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346). integer Minimum value: 800 Maximum value: 2346
ap-sniffer-bufsize Sniffer buffer size (1 - 32 MB, default = 16). integer Minimum value: 1 Maximum value: 32
ap-sniffer-chan Channel on which to operate the sniffer (default = 6). integer Minimum value: 0 Maximum value: 4294967295
ap-sniffer-addr MAC address to monitor. mac-address Not Specified
ap-sniffer-mgmt-beacon Enable/disable sniffer on WiFi management Beacon frames (default = enable).
enable: Enable sniffer on WiFi management beacon frame.
disable: Disable sniffer on WiFi management beacon frame.
option -
ap-sniffer-mgmt-probe Enable/disable sniffer on WiFi management probe frames (default = enable).
enable: Enable sniffer on WiFi management probe frame.
disable: Enable sniffer on WiFi management probe frame.
option -
ap-sniffer-mgmt-other Enable/disable sniffer on WiFi management other frames (default = enable).
enable: Enable sniffer on WiFi management other frame.
disable: Disable sniffer on WiFi management other frame.
option -
ap-sniffer-ctl Enable/disable sniffer on WiFi control frame (default = enable).
enable: Enable sniffer on WiFi control frame.
disable: Disable sniffer on WiFi control frame.
option -
ap-sniffer-data Enable/disable sniffer on WiFi data frame (default = enable).
enable: Enable sniffer on WiFi data frame
disable: Disable sniffer on WiFi data frame
option -
channel-utilization Enable/disable measuring channel utilization.
enable: Enable measuring channel utilization.
disable: Disable measuring channel utilization.
option -
spectrum-analysis Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.
enable: Enable spectrum analysis.
disable: Disable spectrum analysis.
option -
wids-profile Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. string Maximum length: 35
darrp Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable).
enable: Enable distributed automatic radio resource provisioning.
disable: Disable distributed automatic radio resource provisioning.
option -
max-clients Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. integer Minimum value: 0 Maximum value: 4294967295
max-distance Maximum expected distance between the AP and clients (0 - 54000 m, default = 0). integer Minimum value: 0 Maximum value: 54000
frequency-handoff Enable/disable frequency handoff of clients to other channels (default = disable).
enable: Enable frequency handoff.
disable: Disable frequency handoff.
option -
ap-handoff Enable/disable AP handoff of clients to other APs (default = disable).
enable: Enable AP handoff.
disable: Disable AP handoff.
option -
vap-all Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).
enable: Automatically select tunnel VAPs.
disable: Manually select VAPs.
option -
vaps <name> Manually selected list of Virtual Access Points (VAPs).
Virtual Access Point (VAP) name.
string Maximum length: 35
channel <chan> Selected list of wireless radio channels.
Channel number.
string Maximum length: 3
call-admission-control Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.
enable: Enable WMM call admission control.
disable: Disable WMM call admission control.
option -
call-capacity Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10). integer Minimum value: 0 Maximum value: 60
bandwidth-admission-control Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.
enable: Enable WMM bandwidth admission control.
disable: Disable WMM bandwidth admission control.
option -
bandwidth-capacity Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000). integer Minimum value: 1 Maximum value: 600000

config lbs

Parameter Name Description Type Size
ekahau-blink-mode Enable/disable Ekahau blink mode (now known as AiRISTA Flow) to track and locate WiFi tags (default = disable).
enable: Enable Ekahau blink mode.
disable: Disable Ekahau blink mode.
option -
ekahau-tag WiFi frame MAC address or WiFi Tag. mac-address Not Specified
erc-server-ip IP address of Ekahau RTLS Controller (ERC). ipv4-address-any Not Specified
erc-server-port Ekahau RTLS Controller (ERC) UDP listening port. integer Minimum value: 1024 Maximum value: 65535
aeroscout Enable/disable AeroScout Real Time Location Service (RTLS) support (default = disable).
enable: Enable AeroScout support.
disable: Disable AeroScout support.
option -
aeroscout-server-ip IP address of AeroScout server. ipv4-address-any Not Specified
aeroscout-server-port AeroScout server UDP listening port. integer Minimum value: 1024 Maximum value: 65535
aeroscout-mu Enable/disable AeroScout Mobile Unit (MU) support (default = disable).
enable: Enable AeroScout MU mode support.
disable: Disable AeroScout MU mode support.
option -
aeroscout-ap-mac Use BSSID or board MAC address as AP MAC address in AeroScout AP messages (default = bssid).
bssid: Use BSSID as AP MAC address in AeroScout AP messages.
board-mac: Use board MAC address as AP MAC address in AeroScout AP messages.
option -
aeroscout-mmu-report Enable/disable compounded AeroScout tag and MU report (default = enable).
enable: Enable compounded AeroScout tag and MU report.
disable: Disable compounded AeroScout tag and MU report.
option -
aeroscout-mu-factor AeroScout MU mode dilution factor (default = 20). integer Minimum value: 0 Maximum value: 4294967295
aeroscout-mu-timeout AeroScout MU mode timeout (0 - 65535 sec, default = 5). integer Minimum value: 0 Maximum value: 65535
fortipresence Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don't connect to this WiFi network (default = disable).
foreign: FortiPresence monitors foreign channels only. Foreign channels mean all other available channels than the current operating channel of the WTP, AP, or FortiAP.
both: Enable FortiPresence on both foreign and home channels. Select this option to have FortiPresence monitor all WiFi channels.
disable: Disable FortiPresence.
option -
fortipresence-server FortiPresence server IP address. ipv4-address-any Not Specified
fortipresence-port FortiPresence server UDP listening port (default = 3000). integer Minimum value: 300 Maximum value: 65535
fortipresence-secret FortiPresence secret password (max. 16 characters). password Not Specified
fortipresence-project FortiPresence project name (max. 16 characters, default = fortipresence). string Maximum length: 16
fortipresence-frequency FortiPresence report transmit frequency (5 - 65535 sec, default = 30). integer Minimum value: 5 Maximum value: 65535
fortipresence-rogue Enable/disable FortiPresence finding and reporting rogue APs.
enable: Enable FortiPresence finding and reporting rogue APs.
disable: Disable FortiPresence finding and reporting rogue APs.
option -
fortipresence-unassoc Enable/disable FortiPresence finding and reporting unassociated stations.
enable: Enable FortiPresence finding and reporting unassociated stations.
disable: Disable FortiPresence finding and reporting unassociated stations.
option -
fortipresence-ble Enable/disable FortiPresence finding and reporting BLE devices.
enable: Enable FortiPresence finding and reporting BLE devices.
disable: Disable FortiPresence finding and reporting BLE devices.
option -
station-locate Enable/disable client station locating services for all clients, whether associated or not (default = disable).
enable: Enable station locating service.
disable: Disable station locating service.
option -