config wireless-controller wtp

Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate.

config wireless-controller wtp

Description: Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate.

edit <wtp-id>

set index {integer}

set admin [discovered|disable|...]

set name {string}

set location {string}

set region {string}

set region-x {string}

set region-y {string}

set wtp-profile {string}

set wtp-mode [normal|remote]

set bonjour-profile {string}

set override-led-state [enable|disable]

set led-state [enable|disable]

set override-wan-port-mode [enable|disable]

set wan-port-mode [wan-lan|wan-only]

set override-ip-fragment [enable|disable]

set ip-fragment-preventing {option1}, {option2}, ...

set tun-mtu-uplink {integer}

set tun-mtu-downlink {integer}

set override-split-tunnel [enable|disable]

set split-tunneling-acl-path [tunnel|local]

set split-tunneling-acl-local-ap-subnet [enable|disable]

config split-tunneling-acl

Description: Split tunneling ACL filter list.

edit <id>

set dest-ip {ipv4-classnet}

next

end

set override-lan [enable|disable]

config lan

Description: WTP LAN port mapping.

set port-mode [offline|nat-to-wan|...]

set port-ssid {string}

set port1-mode [offline|nat-to-wan|...]

set port1-ssid {string}

set port2-mode [offline|nat-to-wan|...]

set port2-ssid {string}

set port3-mode [offline|nat-to-wan|...]

set port3-ssid {string}

set port4-mode [offline|nat-to-wan|...]

set port4-ssid {string}

set port5-mode [offline|nat-to-wan|...]

set port5-ssid {string}

set port6-mode [offline|nat-to-wan|...]

set port6-ssid {string}

set port7-mode [offline|nat-to-wan|...]

set port7-ssid {string}

set port8-mode [offline|nat-to-wan|...]

set port8-ssid {string}

end

set override-allowaccess [enable|disable]

set allowaccess {option1}, {option2}, ...

set override-login-passwd-change [enable|disable]

set login-passwd-change [yes|default|...]

set login-passwd {password}

config radio-1

Description: Configuration options for radio 1.

set override-band [enable|disable]

set band [802.11a|802.11b|...]

set override-analysis [enable|disable]

set spectrum-analysis [enable|disable]

set override-txpower [enable|disable]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set power-level {integer}

set override-vaps [enable|disable]

set vap-all [enable|disable]

set vaps <name1>, <name2>, ...

set override-channel [enable|disable]

set channel <chan1>, <chan2>, ...

end

config radio-2

Description: Configuration options for radio 2.

set override-band [enable|disable]

set band [802.11a|802.11b|...]

set override-analysis [enable|disable]

set spectrum-analysis [enable|disable]

set override-txpower [enable|disable]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set power-level {integer}

set override-vaps [enable|disable]

set vap-all [enable|disable]

set vaps <name1>, <name2>, ...

set override-channel [enable|disable]

set channel <chan1>, <chan2>, ...

end

config radio-3

Description: Configuration options for radio 3.

set override-band [enable|disable]

set band [802.11a|802.11b|...]

set override-analysis [enable|disable]

set spectrum-analysis [enable|disable]

set override-txpower [enable|disable]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set power-level {integer}

set override-vaps [enable|disable]

set vap-all [enable|disable]

set vaps <name1>, <name2>, ...

set override-channel [enable|disable]

set channel <chan1>, <chan2>, ...

end

config radio-4

Description: Configuration options for radio 4.

set override-band [enable|disable]

set band [802.11a|802.11b|...]

set override-analysis [enable|disable]

set spectrum-analysis [enable|disable]

set override-txpower [enable|disable]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set power-level {integer}

set override-vaps [enable|disable]

set vap-all [enable|disable]

set vaps <name1>, <name2>, ...

set override-channel [enable|disable]

set channel <chan1>, <chan2>, ...

end

set image-download [enable|disable]

set mesh-bridge-enable [default|enable|...]

set coordinate-latitude {string}

set coordinate-longitude {string}

next

end

config wireless-controller wtp

Parameter name

Description

Type

Size

index

Index (0 - 4294967295).

integer

Minimum value: 0 Maximum value: 4294967295

admin

Configure how the FortiGate operating as a wireless controller discovers and manages this WTP, AP or FortiAP.

option

-

 

Option

Description

discovered

FortiGate wireless controller discovers the WTP, AP, or FortiAP though discovery or join request messages.

disable

FortiGate wireless controller is configured to not provide service to this WTP.

enable

FortiGate wireless controller is configured to provide service to this WTP.

name

WTP, AP or FortiAP configuration name.

string

Maximum length: 35

location

Field for describing the physical location of the WTP, AP or FortiAP.

string

Maximum length: 35

region

Region name WTP is associated with.

string

Maximum length: 35

region-x

Relative horizontal region coordinate (between 0 and 1).

string

Maximum length: 15

region-y

Relative vertical region coordinate (between 0 and 1).

string

Maximum length: 15

wtp-profile

WTP profile name to apply to this WTP, AP or FortiAP.

string

Maximum length: 35

wtp-mode

WTP, AP, or FortiAP operating mode; normal (by default) or remote. A tunnel mode SSID can be assigned to an AP in normal mode but not remote mode, while a local-bridge mode SSID can be assigned to an AP in either normal mode or remote mode.

option

-

 

Option

Description

normal

Normal WTP, AP, or FortiAP.

remote

Remote WTP, AP, or FortiAP.

bonjour-profile

Bonjour profile name.

string

Maximum length: 35

override-led-state

Enable to override the profile LED state setting for this FortiAP. You must enable this option to use the led-state command to turn off the FortiAP's LEDs.

option

-

 

Option

Description

enable

Override the WTP profile LED state.

disable

Use the WTP profile LED state.

led-state

Enable to allow the FortiAPs LEDs to light. Disable to keep the LEDs off. You may want to keep the LEDs off so they are not distracting in low light areas etc.

option

-

 

Option

Description

enable

Allow the LEDs on this FortiAP to light.

disable

Keep the LEDs on this FortiAP off.

override-wan-port-mode

Enable/disable overriding the wan-port-mode in the WTP profile.

option

-

 

Option

Description

enable

Override the WTP profile wan-port-mode.

disable

Use the wan-port-mode in the WTP profile.

wan-port-mode

Enable/disable using the FortiAP WAN port as a LAN port.

option

-

 

Option

Description

wan-lan

Use the FortiAP WAN port as a LAN port.

wan-only

Do not use the WAN port as a LAN port.

override-ip-fragment

Enable/disable overriding the WTP profile IP fragment prevention setting.

option

-

 

Option

Description

enable

Override the WTP profile IP fragment prevention setting.

disable

Use the WTP profile IP fragment prevention setting.

ip-fragment-preventing

Method(s) by which IP fragmentation is prevented for control and data packets through CAPWAP tunnel (default = tcp-mss-adjust).

option

-

 

Option

Description

tcp-mss-adjust

TCP maximum segment size adjustment.

icmp-unreachable

Drop packet and send ICMP Destination Unreachable

tun-mtu-uplink

The maximum transmission unit (MTU) of uplink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0).

integer

Minimum value: 576 Maximum value: 1500

tun-mtu-downlink

The MTU of downlink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0).

integer

Minimum value: 576 Maximum value: 1500

override-split-tunnel

Enable/disable overriding the WTP profile split tunneling setting.

option

-

 

Option

Description

enable

Override the WTP profile split tunneling setting.

disable

Use the WTP profile split tunneling setting.

split-tunneling-acl-path

Split tunneling ACL path is local/tunnel.

option

-

 

Option

Description

tunnel

Split tunneling ACL list traffic will be tunnel.

local

Split tunneling ACL list traffic will be local NATed.

split-tunneling-acl-local-ap-subnet

Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL (default = disable).

option

-

 

Option

Description

enable

Enable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

disable

Disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

override-lan

Enable to override the WTP profile LAN port setting.

option

-

 

Option

Description

enable

Override the WTP profile LAN port setting.

disable

Use the WTP profile LAN port setting.

override-allowaccess

Enable to override the WTP profile management access configuration.

option

-

 

Option

Description

enable

Override the WTP profile management access configuration.

disable

Use the WTP profile management access configuration.

allowaccess

Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space.

option

-

 

Option

Description

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

override-login-passwd-change

Enable to override the WTP profile login-password (administrator password) setting.

option

-

 

Option

Description

enable

Override the WTP profile login-password (administrator password) setting.

disable

Use the the WTP profile login-password (administrator password) setting.

login-passwd-change

Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no, default = no).

option

-

 

Option

Description

yes

Change the managed WTP, FortiAP or AP's administrator password. Use the login-password option to set the password.

default

Keep the managed WTP, FortiAP or AP's administrator password set to the factory default.

no

Do not change the managed WTP, FortiAP or AP's administrator password.

login-passwd

Set the managed WTP, FortiAP, or AP's administrator password.

password

Not Specified

image-download

Enable/disable WTP image download.

option

-

 

Option

Description

enable

Enable WTP image download at join time.

disable

Disable WTP image download at join time.

mesh-bridge-enable

Enable/disable mesh Ethernet bridge when WTP is configured as a mesh branch/leaf AP.

option

-

 

Option

Description

default

Use mesh Ethernet bridge local setting on the WTP.

enable

Turn on mesh Ethernet bridge on the WTP.

disable

Turn off mesh Ethernet bridge on the WTP.

coordinate-latitude

WTP latitude coordinate.

string

Maximum length: 19

coordinate-longitude

WTP longitude coordinate.

string

Maximum length: 19

config split-tunneling-acl

Parameter name

Description

Type

Size

dest-ip

Destination IP and mask for the split-tunneling subnet.

ipv4-classnet

Not Specified

config lan

Parameter name

Description

Type

Size

port-mode

LAN port mode.

option

-

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port-ssid

Bridge LAN port to SSID.

string

Maximum length: 15

port1-mode

LAN port 1 mode.

option

-

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port1-ssid

Bridge LAN port 1 to SSID.

string

Maximum length: 15

port2-mode

LAN port 2 mode.

option

-

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port2-ssid

Bridge LAN port 2 to SSID.

string

Maximum length: 15

port3-mode

LAN port 3 mode.

option

-

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port3-ssid

Bridge LAN port 3 to SSID.

string

Maximum length: 15

port4-mode

LAN port 4 mode.

option

-

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port4-ssid

Bridge LAN port 4 to SSID.

string

Maximum length: 15

port5-mode

LAN port 5 mode.

option

-

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port5-ssid

Bridge LAN port 5 to SSID.

string

Maximum length: 15

port6-mode

LAN port 6 mode.

option

-

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port6-ssid

Bridge LAN port 6 to SSID.

string

Maximum length: 15

port7-mode

LAN port 7 mode.

option

-

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port7-ssid

Bridge LAN port 7 to SSID.

string

Maximum length: 15

port8-mode

LAN port 8 mode.

option

-

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port8-ssid

Bridge LAN port 8 to SSID.

string

Maximum length: 15

config radio-1

Parameter name

Description

Type

Size

override-band

Enable to override the WTP profile band setting.

option

-

 

Option

Description

enable

Override the WTP profile band setting.

disable

Use the WTP profile band setting.

band

WiFi band that Radio 1 operates on.

option

-

 

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g/b.

802.11n

802.11n/g/b radio at 2.4GHz band.

802.11n-5G

802.11n/a at 5GHz.

802.11n,g-only

802.11n/g at 2.4GHz.

802.11g-only

802.11g.

802.11n-only

802.11n at 2.4GHz.

802.11n-5G-only

802.11n at 5GHz.

802.11ac

802.11ac/n/a radio.

802.11ac,n-only

802.11ac/n.

802.11ac-only

802.11ac.

802.11ax-5G

802.11ax/ac/n/a at 5GHz.

802.11ax,ac-only

802.11ax/ac at 5GHz.

802.11ax,ac,n-only

802.11ax/ac/n at 5GHz.

802.11ax-5G-only

802.11ax at 5GHz.

802.11ax

802.11ax/n/g/b at 2.4GHz.

802.11ax,n-only

802.11ax/n at 2.4GHz.

802.11ax,n,g-only

802.11ax/n/g at 2.4GHz.

802.11ax-only

802.11ax at 2.4GHz.

override-analysis

Enable to override the WTP profile spectrum analysis configuration.

option

-

 

Option

Description

enable

Override the WTP profile spectrum analysis configuration.

disable

Use the WTP profile spectrum analysis configuration.

spectrum-analysis

Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.

option

-

 

Option

Description

enable

Enable spectrum analysis.

disable

Disable spectrum analysis.

override-txpower

Enable to override the WTP profile power level configuration.

option

-

 

Option

Description

enable

Override the WTP profile power level configuration.

disable

Use the WTP profile power level configuration.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).

option

-

 

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

power-level

Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100).

integer

Minimum value: 0 Maximum value: 100

override-vaps

Enable to override WTP profile Virtual Access Point (VAP) settings.

option

-

 

Option

Description

enable

Override WTP profile VAP settings.

disable

Use WTP profile VAP settings.

vap-all

Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).

option

-

 

Option

Description

enable

Automatically select tunnel VAPs.

disable

Manually select VAPs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

override-channel

Enable to override WTP profile channel settings.

option

-

 

Option

Description

enable

Override WTP profile channel settings.

disable

Use WTP profile channel settings.

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

config radio-2

Parameter name

Description

Type

Size

override-band

Enable to override the WTP profile band setting.

option

-

 

Option

Description

enable

Override the WTP profile band setting.

disable

Use the WTP profile band setting.

band

WiFi band that Radio 2 operates on.

option

-

 

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g/b.

802.11n

802.11n/g/b radio at 2.4GHz band.

802.11n-5G

802.11n/a at 5GHz.

802.11n,g-only

802.11n/g at 2.4GHz.

802.11g-only

802.11g.

802.11n-only

802.11n at 2.4GHz.

802.11n-5G-only

802.11n at 5GHz.

802.11ac

802.11ac/n/a radio.

802.11ac,n-only

802.11ac/n.

802.11ac-only

802.11ac.

802.11ax-5G

802.11ax/ac/n/a at 5GHz.

802.11ax,ac-only

802.11ax/ac at 5GHz.

802.11ax,ac,n-only

802.11ax/ac/n at 5GHz.

802.11ax-5G-only

802.11ax at 5GHz.

802.11ax

802.11ax/n/g/b at 2.4GHz.

802.11ax,n-only

802.11ax/n at 2.4GHz.

802.11ax,n,g-only

802.11ax/n/g at 2.4GHz.

802.11ax-only

802.11ax at 2.4GHz.

override-analysis

Enable to override the WTP profile spectrum analysis configuration.

option

-

 

Option

Description

enable

Override the WTP profile spectrum analysis configuration.

disable

Use the WTP profile spectrum analysis configuration.

spectrum-analysis

Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.

option

-

 

Option

Description

enable

Enable spectrum analysis.

disable

Disable spectrum analysis.

override-txpower

Enable to override the WTP profile power level configuration.

option

-

 

Option

Description

enable

Override the WTP profile power level configuration.

disable

Use the WTP profile power level configuration.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).

option

-

 

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

power-level

Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100).

integer

Minimum value: 0 Maximum value: 100

override-vaps

Enable to override WTP profile Virtual Access Point (VAP) settings.

option

-

 

Option

Description

enable

Override WTP profile VAP settings.

disable

Use WTP profile VAP settings.

vap-all

Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).

option

-

 

Option