Fortinet black logo

New Features

Configure Agile Multiband Operation

Configure Agile Multiband Operation

The Wi-Fi Alliance Agile Multiband Operation (MBO) feature enables better use of Wi-Fi network resources in roaming decisions and improves overall performance. This enhancement allows the FortiGate to push the MBO configuration to managed APs, which adds the MBO information element to the beacon and probe response for 802.11ax.

config wireless-controller vap
    edit <name>
        set mbo {enable | disable}
        set gas-comeback-delay <integer>
        set gas-fragmentation-limit <integer>
        set mbo-cell-data-conn-pref {excluded | prefer-not | prefer-use}
    next
end

mbo {enable | disable}

Enable/disable Multiband Operation (default = disable).

gas-comeback-delay <integer>

GAS comeback delay in milliseconds (100 - 10000, default = 500, 0 = special).

gas-fragmentation-limit <integer>

GAS fragmentation limit (512 - 4096, default = 1024).

mbo-cell-data-conn-pref {excluded | prefer-not | prefer-use}

MBO cell data connection preference:

  • excluded: Wi-Fi Agile Multiband AP does not want the Wi-Fi Agile Multiband STA to use the cellular data connection.
  • prefer-not: Wi-Fi Agile Multiband AP prefers that the Wi-Fi Agile Multiband STA should not use cellular data connection.
  • prefer-use: Wi-Fi Agile Multiband AP prefers that the Wi-Fi Agile Multiband STA should use cellular data connection.
To configure MBO for an 802.11ax FortiAP:
  1. Configure MBO on the VAP:
    config wireless-controller vap
        edit "FOS-QA"
            set max-clients 15
            set ssid "FOS-QAehta-01"
            set pmf enable
            set pmf-assoc-comeback-timeout 8
            set mbo enable
            set gas-comeback-delay 0
            set gas-fragmentation-limit 2048
            set mbo-cell-data-conn-pref prefer-use
            set passphrase <somepassword>
            set schedule "always"
            set target-wake-time disable
            set igmp-snooping enable
            unset broadcast-suppression
            set mu-mimo disable
            set quarantine disable
            set dhcp-option82-insertion enable
            set qos-profile "test"
        next
    end
  2. Enable the VAP on a WTP profile:
    config wireless-controller wtp-profile
        edit "FAP234F-default"
            config platform
                set type 234F
                set ddscan enable
            end
            set ble-profile "new"
            set wan-port-mode wan-lan
            config lan
                set port-mode bridge-to-ssid
                set port-ssid "16sep"
            end
            set handoff-sta-thresh 55
            set ip-fragment-preventing tcp-mss-adjust icmp-unreachable
            set allowaccess https ssh snmp
            set poe-mode high
            set frequency-handoff enable
            set ap-handoff enable
            config radio-1
                set band 802.11ax
                set short-guard-interval enable
                set auto-power-level enable
                set auto-power-high 21
                set auto-power-low 1
                set darrp enable
                set vap-all manual
                set vaps "FOS-QA"
                set channel "1" "6" "11"
            end
            config radio-2
                set band 802.11ax-5G
                set short-guard-interval enable
                set auto-power-level enable
                set auto-power-low 1
                set darrp enable
                set vap-all manual
                set vaps "FOS-QA"
                set channel "36" "40" "44" "48" "149" "153" "157" "161" "165"
            end
            config radio-3
                set mode monitor
                set wids-profile "default"
            end
            config lbs
                set station-locate enable
            end
        next
    end
  3. Verify the MBO settings are pushed to the FortiAP:
    # diagnose debug application wpad 255
    21176.239 Received data - hexdump(len=153):
        13 02 00 00 00 00 00 00 00 00 00 00 B0 01 A5 C0   ................
        7E 14 01 00 04 D5 90 E9 F4 E0 46 50 34 33 31 46   ~.........FP431F
        54 46 32 30 30 30 30 30 31 35 00 00 00 00 00 00   TF20000015......
        80 18 39 91 FF 7F 00 00 00 E2 C2 90 07 E0 32 AC   ..9...........2.
        FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00   ................
        00 00 00 00 00 00 00 00 78 BF E1 15 00 00 00 00   ........x.......
        00 00 01 00 31 00 00 00 D0 00 3C 00 04 D5 90 E9   ....1.....<.....
        F4 E0 A0 51 0B 4A 84 F4 FF FF FF FF FF FF A0 03   ...Q.J..........
        04 0A 00 6C 02 00 00 10 00 00 01 02 00 10 01 DD   ...l............
        DD 06 00 50 6F 9A 12 01 02                        ...Po....
    21176.239 HOSTAPD: <0>192.165.1.176:5246<1-0>  entering state RUN
    mgmt::action
    : GAS: GAS Initial Request from a0:51:0b:4a:84:f4 (dialog token 0)
    ANQP: 1 Info IDs requested in Query list
    ANQP: Unsupported WFA vendor type 18
    ANQP: Locally generated ANQP responses - hexdump(len=0):
    ANQP: Initial response (no comeback)
    21176.239 Sending data - hexdump(len=141):
        0C 03 00 00 00 00 00 00 00 00 00 00 B0 01 A5 C0   ................
        7E 14 01 00 04 D5 90 E9 F4 D0 00 00 00 00 00 00   ~...............
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
  4. On the FortiAP, verify the MBO settings are pushed from the FortiGate:
    # vcfg
    -------------------------------VAP Configuration    1----------------------------
    Radio Id  0 WLAN Id  0 FOS-QAehta-01 ADMIN_UP(INTF_UP) init_done 0.0.0.0/0.0.0.0 unknown (-1)
               vlanid=0, intf=wlan00, vap=0x12b8018, bssid=e0:23:ff:b2:18:70
               11ax high-efficiency=enabled target-wake-time=disabled bss-color=0 partial=enabled
               mesh backhaul=disabled
               local_auth=disabled standalone=disabled nat_mode=disabled
               local_bridging=disabled split_tunnel=disabled
               intra_ssid_priv=disabled
               mcast_enhance=disabled igmp_snooping=enabled
               mac_auth=disabled fail_through_mode=disabled sta_info=0/0
               mac=local, tunnel=8023, cap=8ce0, qos=disabled
               prob_resp_suppress=disabled
               rx sop=disabled
               sticky client remove=disabled
               mu mimo=disabled           ldpc_config=rxtx
               dhcp_option43_insertion=enabled           dhcp_option82_insertion=enabled, dhcp_option82_circuit_id=disable, dhcp_option82_remote_id=disable
               access_control_list=disabled
               bc_suppression=
               auth=WPA2, PSK, AES WPA keyIdx=4, keyLen=16, keyStatus=1, gTsc=000000000000
               key=dee8be7d 3675eda2 7123f695 1d740319
               pmf=required
               okc=disabled, dynamic_vlan=disabled, extern_roaming=disabled
               voice_ent(802.11kv)=disabled, fast_bss_trans(802.11r)=disabled mbo=enabled
               airfairness weight: 20%
               schedules=SMTWTFS 00:00->00:00,
               ratelimit(Kbps): ul=100 dl=0 ul_user=0 dl_user=0 burst=disabled
    
    -------------------------------VAP Configuration    2----------------------------
    Radio Id  1 WLAN Id  0 FOS-QAehta-01 ADMIN_UP(INTF_UP) init_done 0.0.0.0/0.0.0.0 unknown (-1)
               vlanid=0, intf=wlan10, vap=0x12b8860, bssid=e0:23:ff:b2:18:78
               11ax high-efficiency=enabled target-wake-time=disabled bss-color=0 partial=enabled
               mesh backhaul=disabled
               local_auth=disabled standalone=disabled nat_mode=disabled
               local_bridging=disabled split_tunnel=disabled
               intra_ssid_priv=disabled
               mcast_enhance=disabled igmp_snooping=enabled
               mac_auth=disabled fail_through_mode=disabled sta_info=0/0
               mac=local, tunnel=8023, cap=8ce0, qos=disabled
               prob_resp_suppress=disabled
               rx sop=disabled
               sticky client remove=disabled
               mu mimo=disabled           ldpc_config=rxtx
               dhcp_option43_insertion=enabled           dhcp_option82_insertion=enabled, dhcp_option82_circuit_id=disable, dhcp_option82_remote_id=disable
               access_control_list=disabled
               bc_suppression=
               auth=WPA2, PSK, AES WPA keyIdx=4, keyLen=16, keyStatus=1, gTsc=000000000000
               key=6042ccb8 66c18743 18cdb5d0 12f9c0fc
               pmf=required
               okc=disabled, dynamic_vlan=disabled, extern_roaming=disabled
               voice_ent(802.11kv)=disabled, fast_bss_trans(802.11r)=disabled mbo=enabled
               airfairness weight: 20%
               schedules=SMTWTFS 00:00->00:00,
               ratelimit(Kbps): ul=100 dl=0 ul_user=0 dl_user=0 burst=disabled
    
    -------------------------------Total    2 VAP Configurations----------------------------
  5. Verify the beacon frames in the packet captures:

Configure Agile Multiband Operation

Configure Agile Multiband Operation

The Wi-Fi Alliance Agile Multiband Operation (MBO) feature enables better use of Wi-Fi network resources in roaming decisions and improves overall performance. This enhancement allows the FortiGate to push the MBO configuration to managed APs, which adds the MBO information element to the beacon and probe response for 802.11ax.

config wireless-controller vap
    edit <name>
        set mbo {enable | disable}
        set gas-comeback-delay <integer>
        set gas-fragmentation-limit <integer>
        set mbo-cell-data-conn-pref {excluded | prefer-not | prefer-use}
    next
end

mbo {enable | disable}

Enable/disable Multiband Operation (default = disable).

gas-comeback-delay <integer>

GAS comeback delay in milliseconds (100 - 10000, default = 500, 0 = special).

gas-fragmentation-limit <integer>

GAS fragmentation limit (512 - 4096, default = 1024).

mbo-cell-data-conn-pref {excluded | prefer-not | prefer-use}

MBO cell data connection preference:

  • excluded: Wi-Fi Agile Multiband AP does not want the Wi-Fi Agile Multiband STA to use the cellular data connection.
  • prefer-not: Wi-Fi Agile Multiband AP prefers that the Wi-Fi Agile Multiband STA should not use cellular data connection.
  • prefer-use: Wi-Fi Agile Multiband AP prefers that the Wi-Fi Agile Multiband STA should use cellular data connection.
To configure MBO for an 802.11ax FortiAP:
  1. Configure MBO on the VAP:
    config wireless-controller vap
        edit "FOS-QA"
            set max-clients 15
            set ssid "FOS-QAehta-01"
            set pmf enable
            set pmf-assoc-comeback-timeout 8
            set mbo enable
            set gas-comeback-delay 0
            set gas-fragmentation-limit 2048
            set mbo-cell-data-conn-pref prefer-use
            set passphrase <somepassword>
            set schedule "always"
            set target-wake-time disable
            set igmp-snooping enable
            unset broadcast-suppression
            set mu-mimo disable
            set quarantine disable
            set dhcp-option82-insertion enable
            set qos-profile "test"
        next
    end
  2. Enable the VAP on a WTP profile:
    config wireless-controller wtp-profile
        edit "FAP234F-default"
            config platform
                set type 234F
                set ddscan enable
            end
            set ble-profile "new"
            set wan-port-mode wan-lan
            config lan
                set port-mode bridge-to-ssid
                set port-ssid "16sep"
            end
            set handoff-sta-thresh 55
            set ip-fragment-preventing tcp-mss-adjust icmp-unreachable
            set allowaccess https ssh snmp
            set poe-mode high
            set frequency-handoff enable
            set ap-handoff enable
            config radio-1
                set band 802.11ax
                set short-guard-interval enable
                set auto-power-level enable
                set auto-power-high 21
                set auto-power-low 1
                set darrp enable
                set vap-all manual
                set vaps "FOS-QA"
                set channel "1" "6" "11"
            end
            config radio-2
                set band 802.11ax-5G
                set short-guard-interval enable
                set auto-power-level enable
                set auto-power-low 1
                set darrp enable
                set vap-all manual
                set vaps "FOS-QA"
                set channel "36" "40" "44" "48" "149" "153" "157" "161" "165"
            end
            config radio-3
                set mode monitor
                set wids-profile "default"
            end
            config lbs
                set station-locate enable
            end
        next
    end
  3. Verify the MBO settings are pushed to the FortiAP:
    # diagnose debug application wpad 255
    21176.239 Received data - hexdump(len=153):
        13 02 00 00 00 00 00 00 00 00 00 00 B0 01 A5 C0   ................
        7E 14 01 00 04 D5 90 E9 F4 E0 46 50 34 33 31 46   ~.........FP431F
        54 46 32 30 30 30 30 30 31 35 00 00 00 00 00 00   TF20000015......
        80 18 39 91 FF 7F 00 00 00 E2 C2 90 07 E0 32 AC   ..9...........2.
        FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00   ................
        00 00 00 00 00 00 00 00 78 BF E1 15 00 00 00 00   ........x.......
        00 00 01 00 31 00 00 00 D0 00 3C 00 04 D5 90 E9   ....1.....<.....
        F4 E0 A0 51 0B 4A 84 F4 FF FF FF FF FF FF A0 03   ...Q.J..........
        04 0A 00 6C 02 00 00 10 00 00 01 02 00 10 01 DD   ...l............
        DD 06 00 50 6F 9A 12 01 02                        ...Po....
    21176.239 HOSTAPD: <0>192.165.1.176:5246<1-0>  entering state RUN
    mgmt::action
    : GAS: GAS Initial Request from a0:51:0b:4a:84:f4 (dialog token 0)
    ANQP: 1 Info IDs requested in Query list
    ANQP: Unsupported WFA vendor type 18
    ANQP: Locally generated ANQP responses - hexdump(len=0):
    ANQP: Initial response (no comeback)
    21176.239 Sending data - hexdump(len=141):
        0C 03 00 00 00 00 00 00 00 00 00 00 B0 01 A5 C0   ................
        7E 14 01 00 04 D5 90 E9 F4 D0 00 00 00 00 00 00   ~...............
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
  4. On the FortiAP, verify the MBO settings are pushed from the FortiGate:
    # vcfg
    -------------------------------VAP Configuration    1----------------------------
    Radio Id  0 WLAN Id  0 FOS-QAehta-01 ADMIN_UP(INTF_UP) init_done 0.0.0.0/0.0.0.0 unknown (-1)
               vlanid=0, intf=wlan00, vap=0x12b8018, bssid=e0:23:ff:b2:18:70
               11ax high-efficiency=enabled target-wake-time=disabled bss-color=0 partial=enabled
               mesh backhaul=disabled
               local_auth=disabled standalone=disabled nat_mode=disabled
               local_bridging=disabled split_tunnel=disabled
               intra_ssid_priv=disabled
               mcast_enhance=disabled igmp_snooping=enabled
               mac_auth=disabled fail_through_mode=disabled sta_info=0/0
               mac=local, tunnel=8023, cap=8ce0, qos=disabled
               prob_resp_suppress=disabled
               rx sop=disabled
               sticky client remove=disabled
               mu mimo=disabled           ldpc_config=rxtx
               dhcp_option43_insertion=enabled           dhcp_option82_insertion=enabled, dhcp_option82_circuit_id=disable, dhcp_option82_remote_id=disable
               access_control_list=disabled
               bc_suppression=
               auth=WPA2, PSK, AES WPA keyIdx=4, keyLen=16, keyStatus=1, gTsc=000000000000
               key=dee8be7d 3675eda2 7123f695 1d740319
               pmf=required
               okc=disabled, dynamic_vlan=disabled, extern_roaming=disabled
               voice_ent(802.11kv)=disabled, fast_bss_trans(802.11r)=disabled mbo=enabled
               airfairness weight: 20%
               schedules=SMTWTFS 00:00->00:00,
               ratelimit(Kbps): ul=100 dl=0 ul_user=0 dl_user=0 burst=disabled
    
    -------------------------------VAP Configuration    2----------------------------
    Radio Id  1 WLAN Id  0 FOS-QAehta-01 ADMIN_UP(INTF_UP) init_done 0.0.0.0/0.0.0.0 unknown (-1)
               vlanid=0, intf=wlan10, vap=0x12b8860, bssid=e0:23:ff:b2:18:78
               11ax high-efficiency=enabled target-wake-time=disabled bss-color=0 partial=enabled
               mesh backhaul=disabled
               local_auth=disabled standalone=disabled nat_mode=disabled
               local_bridging=disabled split_tunnel=disabled
               intra_ssid_priv=disabled
               mcast_enhance=disabled igmp_snooping=enabled
               mac_auth=disabled fail_through_mode=disabled sta_info=0/0
               mac=local, tunnel=8023, cap=8ce0, qos=disabled
               prob_resp_suppress=disabled
               rx sop=disabled
               sticky client remove=disabled
               mu mimo=disabled           ldpc_config=rxtx
               dhcp_option43_insertion=enabled           dhcp_option82_insertion=enabled, dhcp_option82_circuit_id=disable, dhcp_option82_remote_id=disable
               access_control_list=disabled
               bc_suppression=
               auth=WPA2, PSK, AES WPA keyIdx=4, keyLen=16, keyStatus=1, gTsc=000000000000
               key=6042ccb8 66c18743 18cdb5d0 12f9c0fc
               pmf=required
               okc=disabled, dynamic_vlan=disabled, extern_roaming=disabled
               voice_ent(802.11kv)=disabled, fast_bss_trans(802.11r)=disabled mbo=enabled
               airfairness weight: 20%
               schedules=SMTWTFS 00:00->00:00,
               ratelimit(Kbps): ul=100 dl=0 ul_user=0 dl_user=0 burst=disabled
    
    -------------------------------Total    2 VAP Configurations----------------------------
  5. Verify the beacon frames in the packet captures: