config wireless-controller wtp

Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate.

config wireless-controller wtp

Description: Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate.

edit <wtp-id>

set index {integer}

set uuid {uuid}

set admin [discovered|disable|...]

set name {string}

set location {string}

set region {string}

set region-x {string}

set region-y {string}

set firmware-provision {string}

set wtp-profile {string}

set apcfg-profile {string}

set bonjour-profile {string}

set override-led-state [enable|disable]

set led-state [enable|disable]

set override-wan-port-mode [enable|disable]

set wan-port-mode [wan-lan|wan-only]

set override-ip-fragment [enable|disable]

set ip-fragment-preventing {option1}, {option2}, ...

set tun-mtu-uplink {integer}

set tun-mtu-downlink {integer}

set override-split-tunnel [enable|disable]

set split-tunneling-acl-path [tunnel|local]

set split-tunneling-acl-local-ap-subnet [enable|disable]

config split-tunneling-acl

Description: Split tunneling ACL filter list.

edit <id>

set dest-ip {ipv4-classnet}

next

end

set override-lan [enable|disable]

config lan

Description: WTP LAN port mapping.

set port-mode [offline|nat-to-wan|...]

set port-ssid {string}

set port1-mode [offline|nat-to-wan|...]

set port1-ssid {string}

set port2-mode [offline|nat-to-wan|...]

set port2-ssid {string}

set port3-mode [offline|nat-to-wan|...]

set port3-ssid {string}

set port4-mode [offline|nat-to-wan|...]

set port4-ssid {string}

set port5-mode [offline|nat-to-wan|...]

set port5-ssid {string}

set port6-mode [offline|nat-to-wan|...]

set port6-ssid {string}

set port7-mode [offline|nat-to-wan|...]

set port7-ssid {string}

set port8-mode [offline|nat-to-wan|...]

set port8-ssid {string}

set port-esl-mode [offline|nat-to-wan|...]

set port-esl-ssid {string}

end

set override-allowaccess [enable|disable]

set allowaccess {option1}, {option2}, ...

set override-login-passwd-change [enable|disable]

set login-passwd-change [yes|default|...]

set login-passwd {password}

config radio-1

Description: Configuration options for radio 1.

set override-band [enable|disable]

set band [802.11a|802.11b|...]

set override-txpower [enable|disable]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set auto-power-target {string}

set power-mode [dBm|percentage]

set power-level {integer}

set power-value {integer}

set override-vaps [enable|disable]

set vap-all [tunnel|bridge|...]

set vaps <name1>, <name2>, ...

set override-channel [enable|disable]

set channel <chan1>, <chan2>, ...

set drma-manual-mode [ap|monitor|...]

end

config radio-2

Description: Configuration options for radio 2.

set override-band [enable|disable]

set band [802.11a|802.11b|...]

set override-txpower [enable|disable]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set auto-power-target {string}

set power-mode [dBm|percentage]

set power-level {integer}

set power-value {integer}

set override-vaps [enable|disable]

set vap-all [tunnel|bridge|...]

set vaps <name1>, <name2>, ...

set override-channel [enable|disable]

set channel <chan1>, <chan2>, ...

set drma-manual-mode [ap|monitor|...]

end

config radio-3

Description: Configuration options for radio 3.

set override-band [enable|disable]

set band [802.11a|802.11b|...]

set override-txpower [enable|disable]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set auto-power-target {string}

set power-mode [dBm|percentage]

set power-level {integer}

set power-value {integer}

set override-vaps [enable|disable]

set vap-all [tunnel|bridge|...]

set vaps <name1>, <name2>, ...

set override-channel [enable|disable]

set channel <chan1>, <chan2>, ...

set drma-manual-mode [ap|monitor|...]

end

config radio-4

Description: Configuration options for radio 4.

set override-band [enable|disable]

set band [802.11a|802.11b|...]

set override-txpower [enable|disable]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set auto-power-target {string}

set power-mode [dBm|percentage]

set power-level {integer}

set power-value {integer}

set override-vaps [enable|disable]

set vap-all [tunnel|bridge|...]

set vaps <name1>, <name2>, ...

set override-channel [enable|disable]

set channel <chan1>, <chan2>, ...

set drma-manual-mode [ap|monitor|...]

end

set image-download [enable|disable]

set mesh-bridge-enable [default|enable|...]

set coordinate-latitude {string}

set coordinate-longitude {string}

next

end

config wireless-controller wtp

Parameter

Description

Type

Size

Default

index

Index .

integer

Minimum value: 0 Maximum value: 4294967295

0

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

admin

Configure how the FortiGate operating as a wireless controller discovers and manages this WTP, AP or FortiAP.

option

-

enable

 

Option

Description

discovered

FortiGate wireless controller discovers the WTP, AP, or FortiAP though discovery or join request messages.

disable

FortiGate wireless controller is configured to not provide service to this WTP.

enable

FortiGate wireless controller is configured to provide service to this WTP.

name

WTP, AP or FortiAP configuration name.

string

Maximum length: 35

location

Field for describing the physical location of the WTP, AP or FortiAP.

string

Maximum length: 35

region

Region name WTP is associated with.

string

Maximum length: 35

region-x

Relative horizontal region coordinate (between 0 and 1).

string

Maximum length: 15

0

region-y

Relative vertical region coordinate (between 0 and 1).

string

Maximum length: 15

0

firmware-provision

Firmware version to provision to this FortiAP on bootup (major.minor.build, i.e. 6.2.1234).

string

Maximum length: 35

wtp-profile

WTP profile name to apply to this WTP, AP or FortiAP.

string

Maximum length: 35

apcfg-profile

AP local configuration profile name.

string

Maximum length: 35

bonjour-profile

Bonjour profile name.

string

Maximum length: 35

override-led-state

Enable to override the profile LED state setting for this FortiAP. You must enable this option to use the led-state command to turn off the FortiAP's LEDs.

option

-

disable

 

Option

Description

enable

Override the WTP profile LED state.

disable

Use the WTP profile LED state.

led-state

Enable to allow the FortiAPs LEDs to light. Disable to keep the LEDs off. You may want to keep the LEDs off so they are not distracting in low light areas etc.

option

-

enable

 

Option

Description

enable

Allow the LEDs on this FortiAP to light.

disable

Keep the LEDs on this FortiAP off.

override-wan-port-mode

Enable/disable overriding the wan-port-mode in the WTP profile.

option

-

disable

 

Option

Description

enable

Override the WTP profile wan-port-mode.

disable

Use the wan-port-mode in the WTP profile.

wan-port-mode

Enable/disable using the FortiAP WAN port as a LAN port.

option

-

wan-only

 

Option

Description

wan-lan

Use the FortiAP WAN port as a LAN port.

wan-only

Do not use the WAN port as a LAN port.

override-ip-fragment

Enable/disable overriding the WTP profile IP fragment prevention setting.

option

-

disable

 

Option

Description

enable

Override the WTP profile IP fragment prevention setting.

disable

Use the WTP profile IP fragment prevention setting.

ip-fragment-preventing

Method.

option

-

tcp-mss-adjust

 

Option

Description

tcp-mss-adjust

TCP maximum segment size adjustment.

icmp-unreachable

Drop packet and send ICMP Destination Unreachable

tun-mtu-uplink

The maximum transmission unit .

integer

Minimum value: 576 Maximum value: 1500

0

tun-mtu-downlink

The MTU of downlink CAPWAP tunnel .

integer

Minimum value: 576 Maximum value: 1500

0

override-split-tunnel

Enable/disable overriding the WTP profile split tunneling setting.

option

-

disable

 

Option

Description

enable

Override the WTP profile split tunneling setting.

disable

Use the WTP profile split tunneling setting.

split-tunneling-acl-path

Split tunneling ACL path is local/tunnel.

option

-

local

 

Option

Description

tunnel

Split tunneling ACL list traffic will be tunnel.

local

Split tunneling ACL list traffic will be local NATed.

split-tunneling-acl-local-ap-subnet

Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL .

option

-

disable

 

Option

Description

enable

Enable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

disable

Disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

override-lan

Enable to override the WTP profile LAN port setting.

option

-

disable

 

Option

Description

enable

Override the WTP profile LAN port setting.

disable

Use the WTP profile LAN port setting.

override-allowaccess

Enable to override the WTP profile management access configuration.

option

-

disable

 

Option

Description

enable

Override the WTP profile management access configuration.

disable

Use the WTP profile management access configuration.

allowaccess

Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space.

option

-

 

Option

Description

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

override-login-passwd-change

Enable to override the WTP profile login-password (administrator password) setting.

option

-

disable

 

Option

Description

enable

Override the WTP profile login-password (administrator password) setting.

disable

Use the the WTP profile login-password (administrator password) setting.

login-passwd-change

Change or reset the administrator password of a managed WTP, FortiAP or AP .

option

-

no

 

Option

Description

yes

Change the managed WTP, FortiAP or AP's administrator password. Use the login-password option to set the password.

default

Keep the managed WTP, FortiAP or AP's administrator password set to the factory default.

no

Do not change the managed WTP, FortiAP or AP's administrator password.

login-passwd

Set the managed WTP, FortiAP, or AP's administrator password.

password

Not Specified

image-download

Enable/disable WTP image download.

option

-

enable

 

Option

Description

enable

Enable WTP image download at join time.

disable

Disable WTP image download at join time.

mesh-bridge-enable

Enable/disable mesh Ethernet bridge when WTP is configured as a mesh branch/leaf AP.

option

-

default

 

Option

Description

default

Use mesh Ethernet bridge local setting on the WTP.

enable

Turn on mesh Ethernet bridge on the WTP.

disable

Turn off mesh Ethernet bridge on the WTP.

coordinate-latitude

WTP latitude coordinate.

string

Maximum length: 19

coordinate-longitude

WTP longitude coordinate.

string

Maximum length: 19

config split-tunneling-acl

Parameter

Description

Type

Size

Default

dest-ip

Destination IP and mask for the split-tunneling subnet.

ipv4-classnet

Not Specified

0.0.0.0 0.0.0.0

config lan

Parameter

Description

Type

Size

Default

port-mode

LAN port mode.

option

-

offline

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port-ssid

Bridge LAN port to SSID.

string

Maximum length: 15

port1-mode

LAN port 1 mode.

option

-

offline

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port1-ssid

Bridge LAN port 1 to SSID.

string

Maximum length: 15

port2-mode

LAN port 2 mode.

option

-

offline

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port2-ssid

Bridge LAN port 2 to SSID.

string

Maximum length: 15

port3-mode

LAN port 3 mode.

option

-

offline

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port3-ssid

Bridge LAN port 3 to SSID.

string

Maximum length: 15

port4-mode

LAN port 4 mode.

option

-

offline

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port4-ssid

Bridge LAN port 4 to SSID.

string

Maximum length: 15

port5-mode

LAN port 5 mode.

option

-

offline

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port5-ssid

Bridge LAN port 5 to SSID.

string

Maximum length: 15

port6-mode

LAN port 6 mode.

option

-

offline

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port6-ssid

Bridge LAN port 6 to SSID.

string

Maximum length: 15

port7-mode

LAN port 7 mode.

option

-

offline

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port7-ssid

Bridge LAN port 7 to SSID.

string

Maximum length: 15

port8-mode

LAN port 8 mode.

option

-

offline

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port8-ssid

Bridge LAN port 8 to SSID.

string

Maximum length: 15

port-esl-mode

ESL port mode.

option

-

offline

 

Option

Description

offline

Offline.

nat-to-wan

NAT WTP ESL port to WTP WAN port.

bridge-to-wan

Bridge WTP ESL port to WTP WAN port.

bridge-to-ssid

Bridge WTP ESL port to SSID.

port-esl-ssid

Bridge ESL port to SSID.

string

Maximum length: 15

config radio-1

Parameter

Description

Type

Size

Default

override-band

Enable to override the WTP profile band setting.

option

-

disable

 

Option

Description

enable

Override the WTP profile band setting.

disable

Use the WTP profile band setting.

band

WiFi band that Radio 1 operates on.

option

-

 

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g/b.

802.11n

802.11n/g/b at 2.4GHz.

802.11n-5G

802.11n/a at 5GHz.

802.11ac

802.11ac/n/a.

802.11ax-5G

802.11ax/ac/n/a at 5GHz.

802.11ax

802.11ax/n/g/b at 2.4GHz.

802.11ac-2G

802.11ac at 2.4GHz.

802.11n,g-only

802.11n/g at 2.4GHz.

802.11g-only

802.11g.

802.11n-only

802.11n at 2.4GHz.

802.11n-5G-only

802.11n at 5GHz.

802.11ac,n-only

802.11ac/n.

802.11ac-only

802.11ac.

802.11ax,ac-only

802.11ax/ac at 5GHz.

802.11ax,ac,n-only

802.11ax/ac/n at 5GHz.

802.11ax-5G-only

802.11ax at 5GHz.

802.11ax,n-only

802.11ax/n at 2.4GHz.

802.11ax,n,g-only

802.11ax/n/g at 2.4GHz.

802.11ax-only

802.11ax at 2.4GHz.

override-txpower

Enable to override the WTP profile power level configuration.

option

-

disable

 

Option

Description

enable

Override the WTP profile power level configuration.

disable

Use the WTP profile power level configuration.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference .

option

-

disable

 

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

The target of automatic transmit power adjustment in dBm. .

string

Maximum length: 7

-70

power-mode

Set radio effective isotropic radiated power . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

 

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power .

integer

Minimum value: 0 Maximum value: 100

100

power-value

Radio EIRP power in dBm .

integer

Minimum value: 1 Maximum value: 33

27

override-vaps

Enable to override WTP profile Virtual Access Point (VAP) settings.

option

-

disable

 

Option

Description

enable

Override WTP profile VAP settings.

disable

Use WTP profile VAP settings.

vap-all

Configure method for assigning SSIDs to this FortiAP .

option

-

tunnel

 

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

override-channel

Enable to override WTP profile channel settings.

option

-

disable