Fortinet black logo

CLI Reference

wireless-controller wtp

Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate.

  config wireless-controller wtp
      Description: Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate.
      edit <wtp-id>
          set index {integer}
          set admin [discovered|disable|...]
          set name {string}
          set location {string}
          set region {string}
          set region-x {string}
          set region-y {string}
          set wtp-profile {string}
          set wtp-mode [normal|remote]
          set bonjour-profile {string}
          set override-led-state [enable|disable]
          set led-state [enable|disable]
          set override-wan-port-mode [enable|disable]
          set wan-port-mode [wan-lan|wan-only]
          set override-ip-fragment [enable|disable]
          set ip-fragment-preventing {option1}, {option2}, ...
          set tun-mtu-uplink {integer}
          set tun-mtu-downlink {integer}
          set override-split-tunnel [enable|disable]
          set split-tunneling-acl-path [tunnel|local]
          set split-tunneling-acl-local-ap-subnet [enable|disable]
          config split-tunneling-acl
              Description: Split tunneling ACL filter list.
              edit <id>
                  set dest-ip {ipv4-classnet}
              next
          end
          set override-lan [enable|disable]
          config lan
              Description: WTP LAN port mapping.
              set port-mode [offline|nat-to-wan|...]
              set port-ssid {string}
              set port1-mode [offline|nat-to-wan|...]
              set port1-ssid {string}
              set port2-mode [offline|nat-to-wan|...]
              set port2-ssid {string}
              set port3-mode [offline|nat-to-wan|...]
              set port3-ssid {string}
              set port4-mode [offline|nat-to-wan|...]
              set port4-ssid {string}
              set port5-mode [offline|nat-to-wan|...]
              set port5-ssid {string}
              set port6-mode [offline|nat-to-wan|...]
              set port6-ssid {string}
              set port7-mode [offline|nat-to-wan|...]
              set port7-ssid {string}
              set port8-mode [offline|nat-to-wan|...]
              set port8-ssid {string}
          end
          set override-allowaccess [enable|disable]
          set allowaccess {option1}, {option2}, ...
          set override-login-passwd-change [enable|disable]
          set login-passwd-change [yes|default|...]
          set login-passwd {password}
          config radio-1
              Description: Configuration options for radio 1.
              set override-band [enable|disable]
              set band [802.11a|802.11b|...]
              set override-analysis [enable|disable]
              set spectrum-analysis [enable|disable]
              set override-txpower [enable|disable]
              set auto-power-level [enable|disable]
              set auto-power-high {integer}
              set auto-power-low {integer}
              set power-level {integer}
              set override-vaps [enable|disable]
              set vap-all [enable|disable]
              set vaps <name1>, <name2>, ...
              set override-channel [enable|disable]
              set channel <chan1>, <chan2>, ...
          end
          config radio-2
              Description: Configuration options for radio 2.
              set override-band [enable|disable]
              set band [802.11a|802.11b|...]
              set override-analysis [enable|disable]
              set spectrum-analysis [enable|disable]
              set override-txpower [enable|disable]
              set auto-power-level [enable|disable]
              set auto-power-high {integer}
              set auto-power-low {integer}
              set power-level {integer}
              set override-vaps [enable|disable]
              set vap-all [enable|disable]
              set vaps <name1>, <name2>, ...
              set override-channel [enable|disable]
              set channel <chan1>, <chan2>, ...
          end
          config radio-3
              Description: Configuration options for radio 3.
              set override-band [enable|disable]
              set band [802.11a|802.11b|...]
              set override-analysis [enable|disable]
              set spectrum-analysis [enable|disable]
              set override-txpower [enable|disable]
              set auto-power-level [enable|disable]
              set auto-power-high {integer}
              set auto-power-low {integer}
              set power-level {integer}
              set override-vaps [enable|disable]
              set vap-all [enable|disable]
              set vaps <name1>, <name2>, ...
              set override-channel [enable|disable]
              set channel <chan1>, <chan2>, ...
          end
          set image-download [enable|disable]
          set mesh-bridge-enable [default|enable|...]
          set coordinate-latitude {string}
          set coordinate-longitude {string}
      next
  end

config wireless-controller wtp

Parameter Name Description Type Size
index Index (0 - 4294967295). integer Minimum value: 0 Maximum value: 4294967295
admin Configure how the FortiGate operating as a wireless controller discovers and manages this WTP, AP or FortiAP.
discovered: FortiGate wireless controller discovers the WTP, AP, or FortiAP though discovery or join request messages.
disable: FortiGate wireless controller is configured to not provide service to this WTP.
enable: FortiGate wireless controller is configured to provide service to this WTP.
option -
name WTP, AP or FortiAP configuration name. string Maximum length: 35
location Field for describing the physical location of the WTP, AP or FortiAP. string Maximum length: 35
region Region name WTP is associated with. string Maximum length: 35
region-x Relative horizontal region coordinate (between 0 and 1). string Maximum length: 15
region-y Relative vertical region coordinate (between 0 and 1). string Maximum length: 15
wtp-profile WTP profile name to apply to this WTP, AP or FortiAP. string Maximum length: 35
wtp-mode WTP, AP, or FortiAP operating mode; normal (by default) or remote. A tunnel mode SSID can be assigned to an AP in normal mode but not remote mode, while a local-bridge mode SSID can be assigned to an AP in either normal mode or remote mode.
normal: Normal WTP, AP, or FortiAP.
remote: Remote WTP, AP, or FortiAP.
option -
bonjour-profile Bonjour profile name. string Maximum length: 35
override-led-state Enable to override the profile LED state setting for this FortiAP. You must enable this option to use the led-state command to turn off the FortiAP's LEDs.
enable: Override the WTP profile LED state.
disable: Use the WTP profile LED state.
option -
led-state Enable to allow the FortiAPs LEDs to light. Disable to keep the LEDs off. You may want to keep the LEDs off so they are not distracting in low light areas etc.
enable: Allow the LEDs on this FortiAP to light.
disable: Keep the LEDs on this FortiAP off.
option -
override-wan-port-mode Enable/disable overriding the wan-port-mode in the WTP profile.
enable: Override the WTP profile wan-port-mode.
disable: Use the wan-port-mode in the WTP profile.
option -
wan-port-mode Enable/disable using the FortiAP WAN port as a LAN port.
wan-lan: Use the FortiAP WAN port as a LAN port.
wan-only: Do not use the WAN port as a LAN port.
option -
override-ip-fragment Enable/disable overriding the WTP profile IP fragment prevention setting.
enable: Override the WTP profile IP fragment prevention setting.
disable: Use the WTP profile IP fragment prevention setting.
option -
ip-fragment-preventing Method(s) by which IP fragmentation is prevented for control and data packets through CAPWAP tunnel (default = tcp-mss-adjust).
tcp-mss-adjust: TCP maximum segment size adjustment.
icmp-unreachable: Drop packet and send ICMP Destination Unreachable
option -
tun-mtu-uplink The maximum transmission unit (MTU) of uplink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0). integer Minimum value: 576 Maximum value: 1500
tun-mtu-downlink The MTU of downlink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0). integer Minimum value: 576 Maximum value: 1500
override-split-tunnel Enable/disable overriding the WTP profile split tunneling setting.
enable: Override the WTP profile split tunneling setting.
disable: Use the WTP profile split tunneling setting.
option -
split-tunneling-acl-path Split tunneling ACL path is local/tunnel.
tunnel: Split tunneling ACL list traffic will be tunnel.
local: Split tunneling ACL list traffic will be local NATed.
option -
split-tunneling-acl-local-ap-subnet Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL (default = disable).
enable: Enable automatically adding local subnetwork of FortiAP to split-tunneling ACL.
disable: Disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.
option -
override-lan Enable to override the WTP profile LAN port setting.
enable: Override the WTP profile LAN port setting.
disable: Use the WTP profile LAN port setting.
option -
override-allowaccess Enable to override the WTP profile management access configuration.
enable: Override the WTP profile management access configuration.
disable: Use the WTP profile management access configuration.
option -
allowaccess Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space.
https: HTTPS access.
ssh: SSH access.
snmp: SNMP access.
option -
override-login-passwd-change Enable to override the WTP profile login-password (administrator password) setting.
enable: Override the WTP profile login-password (administrator password) setting.
disable: Use the the WTP profile login-password (administrator password) setting.
option -
login-passwd-change Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no, default = no).
yes: Change the managed WTP, FortiAP or AP's administrator password. Use the login-password option to set the password.
default: Keep the managed WTP, FortiAP or AP's administrator password set to the factory default.
no: Do not change the managed WTP, FortiAP or AP's administrator password.
option -
login-passwd Set the managed WTP, FortiAP, or AP's administrator password. password Not Specified
image-download Enable/disable WTP image download.
enable: Enable WTP image download at join time.
disable: Disable WTP image download at join time.
option -
mesh-bridge-enable Enable/disable mesh Ethernet bridge when WTP is configured as a mesh branch/leaf AP.
default: Use mesh Ethernet bridge local setting on the WTP.
enable: Turn on mesh Ethernet bridge on the WTP.
disable: Turn off mesh Ethernet bridge on the WTP.
option -
coordinate-latitude WTP latitude coordinate. string Maximum length: 19
coordinate-longitude WTP longitude coordinate. string Maximum length: 19

config split-tunneling-acl

Parameter Name Description Type Size
dest-ip Destination IP and mask for the split-tunneling subnet. ipv4-classnet Not Specified

config lan

Parameter Name Description Type Size
port-mode LAN port mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port-ssid Bridge LAN port to SSID. string Maximum length: 15
port1-mode LAN port 1 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port1-ssid Bridge LAN port 1 to SSID. string Maximum length: 15
port2-mode LAN port 2 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port2-ssid Bridge LAN port 2 to SSID. string Maximum length: 15
port3-mode LAN port 3 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port3-ssid Bridge LAN port 3 to SSID. string Maximum length: 15
port4-mode LAN port 4 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port4-ssid Bridge LAN port 4 to SSID. string Maximum length: 15
port5-mode LAN port 5 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port5-ssid Bridge LAN port 5 to SSID. string Maximum length: 15
port6-mode LAN port 6 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port6-ssid Bridge LAN port 6 to SSID. string Maximum length: 15
port7-mode LAN port 7 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port7-ssid Bridge LAN port 7 to SSID. string Maximum length: 15
port8-mode LAN port 8 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port8-ssid Bridge LAN port 8 to SSID. string Maximum length: 15

config radio-1

Parameter Name Description Type Size
override-band Enable to override the WTP profile band setting.
enable: Override the WTP profile band setting.
disable: Use the WTP profile band setting.
option -
band WiFi band that Radio 1 operates on.
802.11a: 802.11a.
802.11b: 802.11b.
802.11g: 802.11g/b.
802.11n: 802.11n/g/b radio at 2.4GHz band.
802.11n-5G: 802.11n/a at 5GHz.
802.11n,g-only: 802.11n/g at 2.4GHz.
802.11g-only: 802.11g.
802.11n-only: 802.11n at 2.4GHz.
802.11n-5G-only: 802.11n at 5GHz.
802.11ac: 802.11ac/n/a radio.
802.11ac,n-only: 802.11ac/n.
802.11ac-only: 802.11ac.
802.11ax-5G: 802.11ax/ac/n/a at 5GHz.
802.11ax,ac-only: 802.11ax/ac at 5GHz.
802.11ax,ac,n-only: 802.11ax/ac/n at 5GHz.
802.11ax-5G-only: 802.11ax at 5GHz.
802.11ax: 802.11ax/n/g/b at 2.4GHz.
802.11ax,n-only: 802.11ax/n at 2.4GHz.
802.11ax,n,g-only: 802.11ax/n/g at 2.4GHz.
802.11ax-only: 802.11ax at 2.4GHz.
option -
override-analysis Enable to override the WTP profile spectrum analysis configuration.
enable: Override the WTP profile spectrum analysis configuration.
disable: Use the WTP profile spectrum analysis configuration.
option -
spectrum-analysis Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.
enable: Enable spectrum analysis.
disable: Disable spectrum analysis.
option -
override-txpower Enable to override the WTP profile power level configuration.
enable: Override the WTP profile power level configuration.
disable: Use the WTP profile power level configuration.
option -
auto-power-level Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).
enable: Enable automatic transmit power adjustment.
disable: Disable automatic transmit power adjustment.
option -
auto-power-high The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
auto-power-low The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
power-level Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). integer Minimum value: 0 Maximum value: 100
override-vaps Enable to override WTP profile Virtual Access Point (VAP) settings.
enable: Override WTP profile VAP settings.
disable: Use WTP profile VAP settings.
option -
vap-all Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).
enable: Automatically select tunnel VAPs.
disable: Manually select VAPs.
option -
vaps <name> Manually selected list of Virtual Access Points (VAPs).
Virtual Access Point (VAP) name.
string Maximum length: 35
override-channel Enable to override WTP profile channel settings.
enable: Override WTP profile channel settings.
disable: Use WTP profile channel settings.
option -
channel <chan> Selected list of wireless radio channels.
Channel number.
string Maximum length: 3

config radio-2

Parameter Name Description Type Size
override-band Enable to override the WTP profile band setting.
enable: Override the WTP profile band setting.
disable: Use the WTP profile band setting.
option -
band WiFi band that Radio 2 operates on.
802.11a: 802.11a.
802.11b: 802.11b.
802.11g: 802.11g/b.
802.11n: 802.11n/g/b radio at 2.4GHz band.
802.11n-5G: 802.11n/a at 5GHz.
802.11n,g-only: 802.11n/g at 2.4GHz.
802.11g-only: 802.11g.
802.11n-only: 802.11n at 2.4GHz.
802.11n-5G-only: 802.11n at 5GHz.
802.11ac: 802.11ac/n/a radio.
802.11ac,n-only: 802.11ac/n.
802.11ac-only: 802.11ac.
802.11ax-5G: 802.11ax/ac/n/a at 5GHz.
802.11ax,ac-only: 802.11ax/ac at 5GHz.
802.11ax,ac,n-only: 802.11ax/ac/n at 5GHz.
802.11ax-5G-only: 802.11ax at 5GHz.
802.11ax: 802.11ax/n/g/b at 2.4GHz.
802.11ax,n-only: 802.11ax/n at 2.4GHz.
802.11ax,n,g-only: 802.11ax/n/g at 2.4GHz.
802.11ax-only: 802.11ax at 2.4GHz.
option -
override-analysis Enable to override the WTP profile spectrum analysis configuration.
enable: Override the WTP profile spectrum analysis configuration.
disable: Use the WTP profile spectrum analysis configuration.
option -
spectrum-analysis Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.
enable: Enable spectrum analysis.
disable: Disable spectrum analysis.
option -
override-txpower Enable to override the WTP profile power level configuration.
enable: Override the WTP profile power level configuration.
disable: Use the WTP profile power level configuration.
option -
auto-power-level Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).
enable: Enable automatic transmit power adjustment.
disable: Disable automatic transmit power adjustment.
option -
auto-power-high The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
auto-power-low The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
power-level Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). integer Minimum value: 0 Maximum value: 100
override-vaps Enable to override WTP profile Virtual Access Point (VAP) settings.
enable: Override WTP profile VAP settings.
disable: Use WTP profile VAP settings.
option -
vap-all Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).
enable: Automatically select tunnel VAPs.
disable: Manually select VAPs.
option -
vaps <name> Manually selected list of Virtual Access Points (VAPs).
Virtual Access Point (VAP) name.
string Maximum length: 35
override-channel Enable to override WTP profile channel settings.
enable: Override WTP profile channel settings.
disable: Use WTP profile channel settings.
option -
channel <chan> Selected list of wireless radio channels.
Channel number.
string Maximum length: 3

config radio-3

Parameter Name Description Type Size
override-band Enable to override the WTP profile band setting.
enable: Override the WTP profile band setting.
disable: Use the WTP profile band setting.
option -
band WiFi band that Radio 3 operates on.
802.11a: 802.11a.
802.11b: 802.11b.
802.11g: 802.11g/b.
802.11n: 802.11n/g/b radio at 2.4GHz band.
802.11n-5G: 802.11n/a at 5GHz.
802.11n,g-only: 802.11n/g at 2.4GHz.
802.11g-only: 802.11g.
802.11n-only: 802.11n at 2.4GHz.
802.11n-5G-only: 802.11n at 5GHz.
802.11ac: 802.11ac/n/a radio.
802.11ac,n-only: 802.11ac/n.
802.11ac-only: 802.11ac.
802.11ax-5G: 802.11ax/ac/n/a at 5GHz.
802.11ax,ac-only: 802.11ax/ac at 5GHz.
802.11ax,ac,n-only: 802.11ax/ac/n at 5GHz.
802.11ax-5G-only: 802.11ax at 5GHz.
802.11ax: 802.11ax/n/g/b at 2.4GHz.
802.11ax,n-only: 802.11ax/n at 2.4GHz.
802.11ax,n,g-only: 802.11ax/n/g at 2.4GHz.
802.11ax-only: 802.11ax at 2.4GHz.
option -
override-analysis Enable to override the WTP profile spectrum analysis configuration.
enable: Override the WTP profile spectrum analysis configuration.
disable: Use the WTP profile spectrum analysis configuration.
option -
spectrum-analysis Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.
enable: Enable spectrum analysis.
disable: Disable spectrum analysis.
option -
override-txpower Enable to override the WTP profile power level configuration.
enable: Override the WTP profile power level configuration.
disable: Use the WTP profile power level configuration.
option -
auto-power-level Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).
enable: Enable automatic transmit power adjustment.
disable: Disable automatic transmit power adjustment.
option -
auto-power-high The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
auto-power-low The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
power-level Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). integer Minimum value: 0 Maximum value: 100
override-vaps Enable to override WTP profile Virtual Access Point (VAP) settings.
enable: Override WTP profile VAP settings.
disable: Use WTP profile VAP settings.
option -
vap-all Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).
enable: Automatically select tunnel VAPs.
disable: Manually select VAPs.
option -
vaps <name> Manually selected list of Virtual Access Points (VAPs).
Virtual Access Point (VAP) name.
string Maximum length: 35
override-channel Enable to override WTP profile channel settings.
enable: Override WTP profile channel settings.
disable: Use WTP profile channel settings.
option -
channel <chan> Selected list of wireless radio channels.
Channel number.
string Maximum length: 3

Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate.

  config wireless-controller wtp
      Description: Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate.
      edit <wtp-id>
          set index {integer}
          set admin [discovered|disable|...]
          set name {string}
          set location {string}
          set region {string}
          set region-x {string}
          set region-y {string}
          set wtp-profile {string}
          set wtp-mode [normal|remote]
          set bonjour-profile {string}
          set override-led-state [enable|disable]
          set led-state [enable|disable]
          set override-wan-port-mode [enable|disable]
          set wan-port-mode [wan-lan|wan-only]
          set override-ip-fragment [enable|disable]
          set ip-fragment-preventing {option1}, {option2}, ...
          set tun-mtu-uplink {integer}
          set tun-mtu-downlink {integer}
          set override-split-tunnel [enable|disable]
          set split-tunneling-acl-path [tunnel|local]
          set split-tunneling-acl-local-ap-subnet [enable|disable]
          config split-tunneling-acl
              Description: Split tunneling ACL filter list.
              edit <id>
                  set dest-ip {ipv4-classnet}
              next
          end
          set override-lan [enable|disable]
          config lan
              Description: WTP LAN port mapping.
              set port-mode [offline|nat-to-wan|...]
              set port-ssid {string}
              set port1-mode [offline|nat-to-wan|...]
              set port1-ssid {string}
              set port2-mode [offline|nat-to-wan|...]
              set port2-ssid {string}
              set port3-mode [offline|nat-to-wan|...]
              set port3-ssid {string}
              set port4-mode [offline|nat-to-wan|...]
              set port4-ssid {string}
              set port5-mode [offline|nat-to-wan|...]
              set port5-ssid {string}
              set port6-mode [offline|nat-to-wan|...]
              set port6-ssid {string}
              set port7-mode [offline|nat-to-wan|...]
              set port7-ssid {string}
              set port8-mode [offline|nat-to-wan|...]
              set port8-ssid {string}
          end
          set override-allowaccess [enable|disable]
          set allowaccess {option1}, {option2}, ...
          set override-login-passwd-change [enable|disable]
          set login-passwd-change [yes|default|...]
          set login-passwd {password}
          config radio-1
              Description: Configuration options for radio 1.
              set override-band [enable|disable]
              set band [802.11a|802.11b|...]
              set override-analysis [enable|disable]
              set spectrum-analysis [enable|disable]
              set override-txpower [enable|disable]
              set auto-power-level [enable|disable]
              set auto-power-high {integer}
              set auto-power-low {integer}
              set power-level {integer}
              set override-vaps [enable|disable]
              set vap-all [enable|disable]
              set vaps <name1>, <name2>, ...
              set override-channel [enable|disable]
              set channel <chan1>, <chan2>, ...
          end
          config radio-2
              Description: Configuration options for radio 2.
              set override-band [enable|disable]
              set band [802.11a|802.11b|...]
              set override-analysis [enable|disable]
              set spectrum-analysis [enable|disable]
              set override-txpower [enable|disable]
              set auto-power-level [enable|disable]
              set auto-power-high {integer}
              set auto-power-low {integer}
              set power-level {integer}
              set override-vaps [enable|disable]
              set vap-all [enable|disable]
              set vaps <name1>, <name2>, ...
              set override-channel [enable|disable]
              set channel <chan1>, <chan2>, ...
          end
          config radio-3
              Description: Configuration options for radio 3.
              set override-band [enable|disable]
              set band [802.11a|802.11b|...]
              set override-analysis [enable|disable]
              set spectrum-analysis [enable|disable]
              set override-txpower [enable|disable]
              set auto-power-level [enable|disable]
              set auto-power-high {integer}
              set auto-power-low {integer}
              set power-level {integer}
              set override-vaps [enable|disable]
              set vap-all [enable|disable]
              set vaps <name1>, <name2>, ...
              set override-channel [enable|disable]
              set channel <chan1>, <chan2>, ...
          end
          set image-download [enable|disable]
          set mesh-bridge-enable [default|enable|...]
          set coordinate-latitude {string}
          set coordinate-longitude {string}
      next
  end

config wireless-controller wtp

Parameter Name Description Type Size
index Index (0 - 4294967295). integer Minimum value: 0 Maximum value: 4294967295
admin Configure how the FortiGate operating as a wireless controller discovers and manages this WTP, AP or FortiAP.
discovered: FortiGate wireless controller discovers the WTP, AP, or FortiAP though discovery or join request messages.
disable: FortiGate wireless controller is configured to not provide service to this WTP.
enable: FortiGate wireless controller is configured to provide service to this WTP.
option -
name WTP, AP or FortiAP configuration name. string Maximum length: 35
location Field for describing the physical location of the WTP, AP or FortiAP. string Maximum length: 35
region Region name WTP is associated with. string Maximum length: 35
region-x Relative horizontal region coordinate (between 0 and 1). string Maximum length: 15
region-y Relative vertical region coordinate (between 0 and 1). string Maximum length: 15
wtp-profile WTP profile name to apply to this WTP, AP or FortiAP. string Maximum length: 35
wtp-mode WTP, AP, or FortiAP operating mode; normal (by default) or remote. A tunnel mode SSID can be assigned to an AP in normal mode but not remote mode, while a local-bridge mode SSID can be assigned to an AP in either normal mode or remote mode.
normal: Normal WTP, AP, or FortiAP.
remote: Remote WTP, AP, or FortiAP.
option -
bonjour-profile Bonjour profile name. string Maximum length: 35
override-led-state Enable to override the profile LED state setting for this FortiAP. You must enable this option to use the led-state command to turn off the FortiAP's LEDs.
enable: Override the WTP profile LED state.
disable: Use the WTP profile LED state.
option -
led-state Enable to allow the FortiAPs LEDs to light. Disable to keep the LEDs off. You may want to keep the LEDs off so they are not distracting in low light areas etc.
enable: Allow the LEDs on this FortiAP to light.
disable: Keep the LEDs on this FortiAP off.
option -
override-wan-port-mode Enable/disable overriding the wan-port-mode in the WTP profile.
enable: Override the WTP profile wan-port-mode.
disable: Use the wan-port-mode in the WTP profile.
option -
wan-port-mode Enable/disable using the FortiAP WAN port as a LAN port.
wan-lan: Use the FortiAP WAN port as a LAN port.
wan-only: Do not use the WAN port as a LAN port.
option -
override-ip-fragment Enable/disable overriding the WTP profile IP fragment prevention setting.
enable: Override the WTP profile IP fragment prevention setting.
disable: Use the WTP profile IP fragment prevention setting.
option -
ip-fragment-preventing Method(s) by which IP fragmentation is prevented for control and data packets through CAPWAP tunnel (default = tcp-mss-adjust).
tcp-mss-adjust: TCP maximum segment size adjustment.
icmp-unreachable: Drop packet and send ICMP Destination Unreachable
option -
tun-mtu-uplink The maximum transmission unit (MTU) of uplink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0). integer Minimum value: 576 Maximum value: 1500
tun-mtu-downlink The MTU of downlink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0). integer Minimum value: 576 Maximum value: 1500
override-split-tunnel Enable/disable overriding the WTP profile split tunneling setting.
enable: Override the WTP profile split tunneling setting.
disable: Use the WTP profile split tunneling setting.
option -
split-tunneling-acl-path Split tunneling ACL path is local/tunnel.
tunnel: Split tunneling ACL list traffic will be tunnel.
local: Split tunneling ACL list traffic will be local NATed.
option -
split-tunneling-acl-local-ap-subnet Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL (default = disable).
enable: Enable automatically adding local subnetwork of FortiAP to split-tunneling ACL.
disable: Disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.
option -
override-lan Enable to override the WTP profile LAN port setting.
enable: Override the WTP profile LAN port setting.
disable: Use the WTP profile LAN port setting.
option -
override-allowaccess Enable to override the WTP profile management access configuration.
enable: Override the WTP profile management access configuration.
disable: Use the WTP profile management access configuration.
option -
allowaccess Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space.
https: HTTPS access.
ssh: SSH access.
snmp: SNMP access.
option -
override-login-passwd-change Enable to override the WTP profile login-password (administrator password) setting.
enable: Override the WTP profile login-password (administrator password) setting.
disable: Use the the WTP profile login-password (administrator password) setting.
option -
login-passwd-change Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no, default = no).
yes: Change the managed WTP, FortiAP or AP's administrator password. Use the login-password option to set the password.
default: Keep the managed WTP, FortiAP or AP's administrator password set to the factory default.
no: Do not change the managed WTP, FortiAP or AP's administrator password.
option -
login-passwd Set the managed WTP, FortiAP, or AP's administrator password. password Not Specified
image-download Enable/disable WTP image download.
enable: Enable WTP image download at join time.
disable: Disable WTP image download at join time.
option -
mesh-bridge-enable Enable/disable mesh Ethernet bridge when WTP is configured as a mesh branch/leaf AP.
default: Use mesh Ethernet bridge local setting on the WTP.
enable: Turn on mesh Ethernet bridge on the WTP.
disable: Turn off mesh Ethernet bridge on the WTP.
option -
coordinate-latitude WTP latitude coordinate. string Maximum length: 19
coordinate-longitude WTP longitude coordinate. string Maximum length: 19

config split-tunneling-acl

Parameter Name Description Type Size
dest-ip Destination IP and mask for the split-tunneling subnet. ipv4-classnet Not Specified

config lan

Parameter Name Description Type Size
port-mode LAN port mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port-ssid Bridge LAN port to SSID. string Maximum length: 15
port1-mode LAN port 1 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port1-ssid Bridge LAN port 1 to SSID. string Maximum length: 15
port2-mode LAN port 2 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port2-ssid Bridge LAN port 2 to SSID. string Maximum length: 15
port3-mode LAN port 3 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port3-ssid Bridge LAN port 3 to SSID. string Maximum length: 15
port4-mode LAN port 4 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port4-ssid Bridge LAN port 4 to SSID. string Maximum length: 15
port5-mode LAN port 5 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port5-ssid Bridge LAN port 5 to SSID. string Maximum length: 15
port6-mode LAN port 6 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port6-ssid Bridge LAN port 6 to SSID. string Maximum length: 15
port7-mode LAN port 7 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port7-ssid Bridge LAN port 7 to SSID. string Maximum length: 15
port8-mode LAN port 8 mode.
offline: Offline.
nat-to-wan: NAT WTP LAN port to WTP WAN port.
bridge-to-wan: Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid: Bridge WTP LAN port to SSID.
option -
port8-ssid Bridge LAN port 8 to SSID. string Maximum length: 15

config radio-1

Parameter Name Description Type Size
override-band Enable to override the WTP profile band setting.
enable: Override the WTP profile band setting.
disable: Use the WTP profile band setting.
option -
band WiFi band that Radio 1 operates on.
802.11a: 802.11a.
802.11b: 802.11b.
802.11g: 802.11g/b.
802.11n: 802.11n/g/b radio at 2.4GHz band.
802.11n-5G: 802.11n/a at 5GHz.
802.11n,g-only: 802.11n/g at 2.4GHz.
802.11g-only: 802.11g.
802.11n-only: 802.11n at 2.4GHz.
802.11n-5G-only: 802.11n at 5GHz.
802.11ac: 802.11ac/n/a radio.
802.11ac,n-only: 802.11ac/n.
802.11ac-only: 802.11ac.
802.11ax-5G: 802.11ax/ac/n/a at 5GHz.
802.11ax,ac-only: 802.11ax/ac at 5GHz.
802.11ax,ac,n-only: 802.11ax/ac/n at 5GHz.
802.11ax-5G-only: 802.11ax at 5GHz.
802.11ax: 802.11ax/n/g/b at 2.4GHz.
802.11ax,n-only: 802.11ax/n at 2.4GHz.
802.11ax,n,g-only: 802.11ax/n/g at 2.4GHz.
802.11ax-only: 802.11ax at 2.4GHz.
option -
override-analysis Enable to override the WTP profile spectrum analysis configuration.
enable: Override the WTP profile spectrum analysis configuration.
disable: Use the WTP profile spectrum analysis configuration.
option -
spectrum-analysis Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.
enable: Enable spectrum analysis.
disable: Disable spectrum analysis.
option -
override-txpower Enable to override the WTP profile power level configuration.
enable: Override the WTP profile power level configuration.
disable: Use the WTP profile power level configuration.
option -
auto-power-level Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).
enable: Enable automatic transmit power adjustment.
disable: Disable automatic transmit power adjustment.
option -
auto-power-high The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
auto-power-low The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
power-level Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). integer Minimum value: 0 Maximum value: 100
override-vaps Enable to override WTP profile Virtual Access Point (VAP) settings.
enable: Override WTP profile VAP settings.
disable: Use WTP profile VAP settings.
option -
vap-all Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).
enable: Automatically select tunnel VAPs.
disable: Manually select VAPs.
option -
vaps <name> Manually selected list of Virtual Access Points (VAPs).
Virtual Access Point (VAP) name.
string Maximum length: 35
override-channel Enable to override WTP profile channel settings.
enable: Override WTP profile channel settings.
disable: Use WTP profile channel settings.
option -
channel <chan> Selected list of wireless radio channels.
Channel number.
string Maximum length: 3

config radio-2

Parameter Name Description Type Size
override-band Enable to override the WTP profile band setting.
enable: Override the WTP profile band setting.
disable: Use the WTP profile band setting.
option -
band WiFi band that Radio 2 operates on.
802.11a: 802.11a.
802.11b: 802.11b.
802.11g: 802.11g/b.
802.11n: 802.11n/g/b radio at 2.4GHz band.
802.11n-5G: 802.11n/a at 5GHz.
802.11n,g-only: 802.11n/g at 2.4GHz.
802.11g-only: 802.11g.
802.11n-only: 802.11n at 2.4GHz.
802.11n-5G-only: 802.11n at 5GHz.
802.11ac: 802.11ac/n/a radio.
802.11ac,n-only: 802.11ac/n.
802.11ac-only: 802.11ac.
802.11ax-5G: 802.11ax/ac/n/a at 5GHz.
802.11ax,ac-only: 802.11ax/ac at 5GHz.
802.11ax,ac,n-only: 802.11ax/ac/n at 5GHz.
802.11ax-5G-only: 802.11ax at 5GHz.
802.11ax: 802.11ax/n/g/b at 2.4GHz.
802.11ax,n-only: 802.11ax/n at 2.4GHz.
802.11ax,n,g-only: 802.11ax/n/g at 2.4GHz.
802.11ax-only: 802.11ax at 2.4GHz.
option -
override-analysis Enable to override the WTP profile spectrum analysis configuration.
enable: Override the WTP profile spectrum analysis configuration.
disable: Use the WTP profile spectrum analysis configuration.
option -
spectrum-analysis Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.
enable: Enable spectrum analysis.
disable: Disable spectrum analysis.
option -
override-txpower Enable to override the WTP profile power level configuration.
enable: Override the WTP profile power level configuration.
disable: Use the WTP profile power level configuration.
option -
auto-power-level Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).
enable: Enable automatic transmit power adjustment.
disable: Disable automatic transmit power adjustment.
option -
auto-power-high The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
auto-power-low The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
power-level Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). integer Minimum value: 0 Maximum value: 100
override-vaps Enable to override WTP profile Virtual Access Point (VAP) settings.
enable: Override WTP profile VAP settings.
disable: Use WTP profile VAP settings.
option -
vap-all Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).
enable: Automatically select tunnel VAPs.
disable: Manually select VAPs.
option -
vaps <name> Manually selected list of Virtual Access Points (VAPs).
Virtual Access Point (VAP) name.
string Maximum length: 35
override-channel Enable to override WTP profile channel settings.
enable: Override WTP profile channel settings.
disable: Use WTP profile channel settings.
option -
channel <chan> Selected list of wireless radio channels.
Channel number.
string Maximum length: 3

config radio-3

Parameter Name Description Type Size
override-band Enable to override the WTP profile band setting.
enable: Override the WTP profile band setting.
disable: Use the WTP profile band setting.
option -
band WiFi band that Radio 3 operates on.
802.11a: 802.11a.
802.11b: 802.11b.
802.11g: 802.11g/b.
802.11n: 802.11n/g/b radio at 2.4GHz band.
802.11n-5G: 802.11n/a at 5GHz.
802.11n,g-only: 802.11n/g at 2.4GHz.
802.11g-only: 802.11g.
802.11n-only: 802.11n at 2.4GHz.
802.11n-5G-only: 802.11n at 5GHz.
802.11ac: 802.11ac/n/a radio.
802.11ac,n-only: 802.11ac/n.
802.11ac-only: 802.11ac.
802.11ax-5G: 802.11ax/ac/n/a at 5GHz.
802.11ax,ac-only: 802.11ax/ac at 5GHz.
802.11ax,ac,n-only: 802.11ax/ac/n at 5GHz.
802.11ax-5G-only: 802.11ax at 5GHz.
802.11ax: 802.11ax/n/g/b at 2.4GHz.
802.11ax,n-only: 802.11ax/n at 2.4GHz.
802.11ax,n,g-only: 802.11ax/n/g at 2.4GHz.
802.11ax-only: 802.11ax at 2.4GHz.
option -
override-analysis Enable to override the WTP profile spectrum analysis configuration.
enable: Override the WTP profile spectrum analysis configuration.
disable: Use the WTP profile spectrum analysis configuration.
option -
spectrum-analysis Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.
enable: Enable spectrum analysis.
disable: Disable spectrum analysis.
option -
override-txpower Enable to override the WTP profile power level configuration.
enable: Override the WTP profile power level configuration.
disable: Use the WTP profile power level configuration.
option -
auto-power-level Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).
enable: Enable automatic transmit power adjustment.
disable: Disable automatic transmit power adjustment.
option -
auto-power-high The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
auto-power-low The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). integer Minimum value: 0 Maximum value: 4294967295
power-level Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). integer Minimum value: 0 Maximum value: 100
override-vaps Enable to override WTP profile Virtual Access Point (VAP) settings.
enable: Override WTP profile VAP settings.
disable: Use WTP profile VAP settings.
option -
vap-all Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).
enable: Automatically select tunnel VAPs.
disable: Manually select VAPs.
option -
vaps <name> Manually selected list of Virtual Access Points (VAPs).
Virtual Access Point (VAP) name.
string Maximum length: 35
override-channel Enable to override WTP profile channel settings.
enable: Override WTP profile channel settings.
disable: Use WTP profile channel settings.
option -
channel <chan> Selected list of wireless radio channels.
Channel number.
string Maximum length: 3