Fortinet black logo

New Features

Support multiple DARRP profiles and per profile optimize schedule 7.0.4

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:122517
Download PDF

Support multiple DARRP profiles and per profile optimize schedule 7.0.4

In order to assign different DARRP settings and optimization schedules to different sets of APs, this enhancement adds support for multiple DARRP profiles. Profiles can be assigned to radios under FortiAP Profiles.

To make the arrp-profile unique for each FortiAP, the following options have been moved to arrp-profile:

  • override-darrp-optimize: Enable to override setting darrp-optimize and darrp-optimize-schedules (default = disable).
  • darrp-optimize: Time for running Dynamic Automatic Radio Resource Provisioning (DARRP) optimizations (0 - 86400 sec, default = 86400, 0 = disable).
  • darrp-optimize-schedules: Firewall schedules for DARRP running time. DARRP will run periodically based on darrp-optimize within the schedules. Separate multiple schedule names with a space.

Example

In the following example, a customer wants to configure two different profiles. They want one profile (arrp-profile1) to run DARRP all the time, and a second profile (arrp-profile2) to run DARRP once a day on the weekdays.

To configure and apply DARRP profiles:
  1. Configure the DARRP profile from the CLI:

    config wireless-controller arrp-profile
      edit "arrp-profile1"
        set override-darrp-optimize enable
        set darrp-optimize 3600
        set darrp-optimize-schedules "always"
      next
      edit "arrp-profile2"
        set comment ''
        set selection-period 3600
        set monitor-period 300
        set weight-managed-ap 50
        set weight-rogue-ap 10
        set weight-noise-floor 40
        set weight-channel-load 20
        set weight-spectral-rssi 40
        set weight-weather-channel 1000
        set weight-dfs-channel 500
        set threshold-ap 250
        set threshold-noise-floor "-85"
        set threshold-channel-load 60
        set threshold-spectral-rssi "-65"
        set threshold-tx-retries 300
        set threshold-rx-errors 50
        set include-weather-channel disable
        set include-dfs-channel disable
        set override-darrp-optimize disable
      next
    end
  2. After configuring the DARRP profile, apply it to individual FortiAP profiles:

    config wireless-controller wtp-profile
      edit "U431F"
        config platform
          set type U431F
        end
        set handoff-sta-thresh 30
        set allowaccess https ssh
        config radio-1
          set band 802.11ax-5G
          set darrp enable
          set arrp-profile "arrp-profile1"
        end
        config radio-2
          set band 802.11ax,n,g-only
          set darrp enable
          set arrp-profile "arrp-profile2"
        end
        config radio-3
          set mode disabled
        end
      next
    end
  3. Assign the FortiAP profile to an individual FortiAP:

    config wireless-controller wtp
      edit "PU431F5E19002478"
        set admin enable
        set wtp-profile "U431F"
        config radio-1
        end
        config radio-2
        end
      next
    end
  4. From the FortiGate, verify the DARRP profiles have been successfullyy applied:

    # diag wire wlac -c wtp PU431F5E19002478
    -------------------------------WTP    1----------------------------
    WTP vd               : root
        vfid             : 0
        id               : PU431F5E19002478
        uuid             : cf579062-5601-51ec-d06d-c831c077df39
        mgmt_vlanid      : 0
        region code      : A 
        regcode status   : valid
        refcnt           : 3 own(1) wtpprof(1) ws(1) 
        apcfg status     : N/A,N/A cfg_ac=0.0.0.0:0 val_ac=0.0.0.0:0 cmds T 0 P 0 U 0 I 0 M 0
        apcfg cmd details: 
        plain_ctl        : disabled
        deleted          : no
        image-dl(wtp,rst): yes,no
        admin            : enable
        cfg-wtp-profile  : U431F
        override-profile : disabled
        oper-wtp-profile : U431F
        wtp-mode         : normal
        cfg-apcfg-prof   : 
        oper-apcfg-pro   : 
        bonjour-profile  : 
        wtp-group        : 
        name             : 
        location         : 
        region-map       : 
        pos-x            : 0
        pos-y            : 0
        led-blink        : disabled
        led-state        : enabled
        led-schedules    : 
        poe-mode         : auto
        poe-mode-oper    : invalid
        ext-info-enable  : enabled
        ip-frag-prevent  : TCP_MSS 
        tun-mtu          : 0,0
        split-tunneling-acl-path         : local
        split-tunneling-local-ap-subnet  : disabled
        energy-efficient-ethernet        : disabled
        active sw ver    : PU431F-v6.2-build0267
        local IPv4 addr  : 10.7.80.20
        board mac        : 00:0c:e6:87:94:a0
        join_time        : Tue Nov 16 14:38:42 2021
        mesh-uplink      : ethernet
        mesh hop count   : 0
        parent wtp id    : 
        connection state : Connected
        image download progress: 0
        last failure     : 12 -- AC daemon reset timer expired
        last failure param: N/A
        last failure time: Tue Nov 16 14:38:20 2021
        station info     : 0/0
        geo              : World (0)
        deployment       : cfg platform-determined oper indoor
      Security Version
        av engine version         : 6.251
        av database version       : 89.391
        ips engine version        : 6.64
        ips database version      : 18.82
        botnet database version   : N/A
        fortiguard expiry date    : 00000000
      LLDP               : enabled (total 0)
      SNMP               : disabled
      Radio 1            : AP
        country name     : US
        country code     : 841
        drma_manual_mode : ncf
        radio_type       : 11AX_5G
        channel list     : 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 ...
        darrp            : enabled
        airtime fairness : disabled
        zero wait dfs    : enabled
        bss color mode   : Auto
        txpower          : 100% (calc 17 oper 17 max 17 dBm)
        beacon_intv      : 100
        rts_threshold    : 2346
        frag_threshold   : 2346
        ap scan          : background scan (regular)
        ap scan passive  : disabled
        bgscan oper    : enabled
          bgscan period  : oper 600 cfg 0
          bgscan intv    : 3
          bgscan dur     : 30
          bgscan idle    : 250
          bgscan rptintv : 30
        sensor mode      : disabled
        ARRP profile     : arrp-profile1
        WIDS profile     : ---
        max vaps         : 8
        base bssid       : 00:0c:e6:87:94:b0
        oper chan        : 100
        noise_floor      : -95
        chutil           : enabled
        oper chutil time : Tue Nov 16 16:33:34 2021  (age=7)
        oper chutil data : 12,12,5,15,8, 7,18,6,11,14, 7,14,12,9,16 ->newer 
        station info     : 0/0
      Radio 2            : AP
        country name     : US
        country code     : 841
        drma_manual_mode : ncf
        radio_type       : 11AX
        channel list     : 1 6 11 
        darrp            : enabled
        airtime fairness : disabled
        bss color mode   : Auto
        txpower          : 100% (calc 23 oper 23 max 23 dBm)
        beacon_intv      : 100
        rts_threshold    : 2346
        frag_threshold   : 2346
        ap scan          : background scan (regular)
        ap scan passive  : disabled
        bgscan oper    : enabled
          bgscan period  : oper 600 cfg 0
          bgscan intv    : 3
          bgscan dur     : 30
          bgscan idle    : 250
          bgscan rptintv : 30
        sensor mode      : disabled
        ARRP profile     : arrp-profile2
        WIDS profile     : ---
        max vaps         : 8
        base bssid       : 00:0c:e6:87:94:c0
        oper chan        : 1
        noise_floor      : -95
        chutil           : enabled
        oper chutil time : Tue Nov 16 16:33:34 2021  (age=7)
        oper chutil data : 53,62,56,50,67, 59,44,66,57,63, 59,60,52,68,53 ->newer 
        station info     : 0/0
      Radio 3            : Disabled
      Radio 4            : Not Exist
      Radio 5            : Not Exist
      WAN/LAN stats      :
                         : lan2 rx,tx bytes 0,0 packets 0,0 errors 0,0 dropped 0,0
                         : lan1 rx,tx bytes 1278003,13464001 packets 11278,44025 errors 0,0 dropped 0,0
      uplink status      :
                           lan1 carrier=1, speed=1000, duplex=full
                           lan2 carrier=0, speed=0, duplex=
    -------------------------------Total    1 WTPs----------------------------

Support multiple DARRP profiles and per profile optimize schedule 7.0.4

In order to assign different DARRP settings and optimization schedules to different sets of APs, this enhancement adds support for multiple DARRP profiles. Profiles can be assigned to radios under FortiAP Profiles.

To make the arrp-profile unique for each FortiAP, the following options have been moved to arrp-profile:

  • override-darrp-optimize: Enable to override setting darrp-optimize and darrp-optimize-schedules (default = disable).
  • darrp-optimize: Time for running Dynamic Automatic Radio Resource Provisioning (DARRP) optimizations (0 - 86400 sec, default = 86400, 0 = disable).
  • darrp-optimize-schedules: Firewall schedules for DARRP running time. DARRP will run periodically based on darrp-optimize within the schedules. Separate multiple schedule names with a space.

Example

In the following example, a customer wants to configure two different profiles. They want one profile (arrp-profile1) to run DARRP all the time, and a second profile (arrp-profile2) to run DARRP once a day on the weekdays.

To configure and apply DARRP profiles:
  1. Configure the DARRP profile from the CLI:

    config wireless-controller arrp-profile
      edit "arrp-profile1"
        set override-darrp-optimize enable
        set darrp-optimize 3600
        set darrp-optimize-schedules "always"
      next
      edit "arrp-profile2"
        set comment ''
        set selection-period 3600
        set monitor-period 300
        set weight-managed-ap 50
        set weight-rogue-ap 10
        set weight-noise-floor 40
        set weight-channel-load 20
        set weight-spectral-rssi 40
        set weight-weather-channel 1000
        set weight-dfs-channel 500
        set threshold-ap 250
        set threshold-noise-floor "-85"
        set threshold-channel-load 60
        set threshold-spectral-rssi "-65"
        set threshold-tx-retries 300
        set threshold-rx-errors 50
        set include-weather-channel disable
        set include-dfs-channel disable
        set override-darrp-optimize disable
      next
    end
  2. After configuring the DARRP profile, apply it to individual FortiAP profiles:

    config wireless-controller wtp-profile
      edit "U431F"
        config platform
          set type U431F
        end
        set handoff-sta-thresh 30
        set allowaccess https ssh
        config radio-1
          set band 802.11ax-5G
          set darrp enable
          set arrp-profile "arrp-profile1"
        end
        config radio-2
          set band 802.11ax,n,g-only
          set darrp enable
          set arrp-profile "arrp-profile2"
        end
        config radio-3
          set mode disabled
        end
      next
    end
  3. Assign the FortiAP profile to an individual FortiAP:

    config wireless-controller wtp
      edit "PU431F5E19002478"
        set admin enable
        set wtp-profile "U431F"
        config radio-1
        end
        config radio-2
        end
      next
    end
  4. From the FortiGate, verify the DARRP profiles have been successfullyy applied:

    # diag wire wlac -c wtp PU431F5E19002478
    -------------------------------WTP    1----------------------------
    WTP vd               : root
        vfid             : 0
        id               : PU431F5E19002478
        uuid             : cf579062-5601-51ec-d06d-c831c077df39
        mgmt_vlanid      : 0
        region code      : A 
        regcode status   : valid
        refcnt           : 3 own(1) wtpprof(1) ws(1) 
        apcfg status     : N/A,N/A cfg_ac=0.0.0.0:0 val_ac=0.0.0.0:0 cmds T 0 P 0 U 0 I 0 M 0
        apcfg cmd details: 
        plain_ctl        : disabled
        deleted          : no
        image-dl(wtp,rst): yes,no
        admin            : enable
        cfg-wtp-profile  : U431F
        override-profile : disabled
        oper-wtp-profile : U431F
        wtp-mode         : normal
        cfg-apcfg-prof   : 
        oper-apcfg-pro   : 
        bonjour-profile  : 
        wtp-group        : 
        name             : 
        location         : 
        region-map       : 
        pos-x            : 0
        pos-y            : 0
        led-blink        : disabled
        led-state        : enabled
        led-schedules    : 
        poe-mode         : auto
        poe-mode-oper    : invalid
        ext-info-enable  : enabled
        ip-frag-prevent  : TCP_MSS 
        tun-mtu          : 0,0
        split-tunneling-acl-path         : local
        split-tunneling-local-ap-subnet  : disabled
        energy-efficient-ethernet        : disabled
        active sw ver    : PU431F-v6.2-build0267
        local IPv4 addr  : 10.7.80.20
        board mac        : 00:0c:e6:87:94:a0
        join_time        : Tue Nov 16 14:38:42 2021
        mesh-uplink      : ethernet
        mesh hop count   : 0
        parent wtp id    : 
        connection state : Connected
        image download progress: 0
        last failure     : 12 -- AC daemon reset timer expired
        last failure param: N/A
        last failure time: Tue Nov 16 14:38:20 2021
        station info     : 0/0
        geo              : World (0)
        deployment       : cfg platform-determined oper indoor
      Security Version
        av engine version         : 6.251
        av database version       : 89.391
        ips engine version        : 6.64
        ips database version      : 18.82
        botnet database version   : N/A
        fortiguard expiry date    : 00000000
      LLDP               : enabled (total 0)
      SNMP               : disabled
      Radio 1            : AP
        country name     : US
        country code     : 841
        drma_manual_mode : ncf
        radio_type       : 11AX_5G
        channel list     : 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 ...
        darrp            : enabled
        airtime fairness : disabled
        zero wait dfs    : enabled
        bss color mode   : Auto
        txpower          : 100% (calc 17 oper 17 max 17 dBm)
        beacon_intv      : 100
        rts_threshold    : 2346
        frag_threshold   : 2346
        ap scan          : background scan (regular)
        ap scan passive  : disabled
        bgscan oper    : enabled
          bgscan period  : oper 600 cfg 0
          bgscan intv    : 3
          bgscan dur     : 30
          bgscan idle    : 250
          bgscan rptintv : 30
        sensor mode      : disabled
        ARRP profile     : arrp-profile1
        WIDS profile     : ---
        max vaps         : 8
        base bssid       : 00:0c:e6:87:94:b0
        oper chan        : 100
        noise_floor      : -95
        chutil           : enabled
        oper chutil time : Tue Nov 16 16:33:34 2021  (age=7)
        oper chutil data : 12,12,5,15,8, 7,18,6,11,14, 7,14,12,9,16 ->newer 
        station info     : 0/0
      Radio 2            : AP
        country name     : US
        country code     : 841
        drma_manual_mode : ncf
        radio_type       : 11AX
        channel list     : 1 6 11 
        darrp            : enabled
        airtime fairness : disabled
        bss color mode   : Auto
        txpower          : 100% (calc 23 oper 23 max 23 dBm)
        beacon_intv      : 100
        rts_threshold    : 2346
        frag_threshold   : 2346
        ap scan          : background scan (regular)
        ap scan passive  : disabled
        bgscan oper    : enabled
          bgscan period  : oper 600 cfg 0
          bgscan intv    : 3
          bgscan dur     : 30
          bgscan idle    : 250
          bgscan rptintv : 30
        sensor mode      : disabled
        ARRP profile     : arrp-profile2
        WIDS profile     : ---
        max vaps         : 8
        base bssid       : 00:0c:e6:87:94:c0
        oper chan        : 1
        noise_floor      : -95
        chutil           : enabled
        oper chutil time : Tue Nov 16 16:33:34 2021  (age=7)
        oper chutil data : 53,62,56,50,67, 59,44,66,57,63, 59,60,52,68,53 ->newer 
        station info     : 0/0
      Radio 3            : Disabled
      Radio 4            : Not Exist
      Radio 5            : Not Exist
      WAN/LAN stats      :
                         : lan2 rx,tx bytes 0,0 packets 0,0 errors 0,0 dropped 0,0
                         : lan1 rx,tx bytes 1278003,13464001 packets 11278,44025 errors 0,0 dropped 0,0
      uplink status      :
                           lan1 carrier=1, speed=1000, duplex=full
                           lan2 carrier=0, speed=0, duplex=
    -------------------------------Total    1 WTPs----------------------------