Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.

config wireless-controller wtp-profile

Description: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.

edit <name>

set comment {var-string}

config platform

Description: WTP, FortiAP, or AP platform.

set type [AP-11N|220B|...]

set mode [single-5G|dual-5G]

set ddscan [enable|disable]

end

set control-message-offload {option1}, {option2}, ...

set apcfg-profile {string}

set ble-profile {string}

set syslog-profile {string}

set wan-port-mode [wan-lan|wan-only]

config lan

Description: WTP LAN port mapping.

set port-mode [offline|nat-to-wan|...]

set port-ssid {string}

set port1-mode [offline|nat-to-wan|...]

set port1-ssid {string}

set port2-mode [offline|nat-to-wan|...]

set port2-ssid {string}

set port3-mode [offline|nat-to-wan|...]

set port3-ssid {string}

set port4-mode [offline|nat-to-wan|...]

set port4-ssid {string}

set port5-mode [offline|nat-to-wan|...]

set port5-ssid {string}

set port6-mode [offline|nat-to-wan|...]

set port6-ssid {string}

set port7-mode [offline|nat-to-wan|...]

set port7-ssid {string}

set port8-mode [offline|nat-to-wan|...]

set port8-ssid {string}

set port-esl-mode [offline|nat-to-wan|...]

set port-esl-ssid {string}

end

set energy-efficient-ethernet [enable|disable]

set led-state [enable|disable]

set led-schedules <name1>, <name2>, ...

set dtls-policy {option1}, {option2}, ...

set dtls-in-kernel [enable|disable]

set max-clients {integer}

set handoff-rssi {integer}

set handoff-sta-thresh {integer}

set handoff-roaming [enable|disable]

config deny-mac-list

Description: List of MAC addresses that are denied access to this WTP, FortiAP, or AP.

edit <id>

set mac {mac-address}

next

end

set ap-country [--|AF|...]

set ip-fragment-preventing {option1}, {option2}, ...

set tun-mtu-uplink {integer}

set tun-mtu-downlink {integer}

set split-tunneling-acl-path [tunnel|local]

set split-tunneling-acl-local-ap-subnet [enable|disable]

config split-tunneling-acl

Description: Split tunneling ACL filter list.

edit <id>

set dest-ip {ipv4-classnet}

next

end

set allowaccess {option1}, {option2}, ...

set login-passwd-change [yes|default|...]

set login-passwd {password}

set lldp [enable|disable]

set poe-mode [auto|8023af|...]

set frequency-handoff [enable|disable]

set ap-handoff [enable|disable]

config radio-1

Description: Configuration options for radio 1.

set mode [disabled|ap|...]

set band [802.11a|802.11b|...]

set band-5g-type [5g-full|5g-high|...]

set drma [disable|enable]

set drma-sensitivity [low|medium|...]

set airtime-fairness [enable|disable]

set protection-mode [rtscts|ctsonly|...]

set powersave-optimize {option1}, {option2}, ...

set transmit-optimize {option1}, {option2}, ...

set amsdu [enable|disable]

set coexistence [enable|disable]

set zero-wait-dfs [enable|disable]

set bss-color {integer}

set bss-color-mode [auto|static]

set short-guard-interval [enable|disable]

set channel-bonding [160MHz|80MHz|...]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set auto-power-target {string}

set power-mode [dBm|percentage]

set power-level {integer}

set power-value {integer}

set dtim {integer}

set beacon-interval {integer}

set rts-threshold {integer}

set frag-threshold {integer}

set ap-sniffer-bufsize {integer}

set ap-sniffer-chan {integer}

set ap-sniffer-addr {mac-address}

set ap-sniffer-mgmt-beacon [enable|disable]

set ap-sniffer-mgmt-probe [enable|disable]

set ap-sniffer-mgmt-other [enable|disable]

set ap-sniffer-ctl [enable|disable]

set ap-sniffer-data [enable|disable]

set sam-ssid {string}

set sam-bssid {mac-address}

set sam-security-type [open|wpa-personal|...]

set sam-captive-portal [enable|disable]

set sam-cwp-username {string}

set sam-cwp-password {password}

set sam-cwp-test-url {string}

set sam-cwp-match-string {string}

set sam-cwp-success-string {string}

set sam-cwp-failure-string {string}

set sam-username {string}

set sam-password {password}

set sam-test [ping|iperf]

set sam-server-type [ip|fqdn]

set sam-server-ip {ipv4-address}

set sam-server-fqdn {string}

set iperf-server-port {integer}

set iperf-protocol [udp|tcp]

set sam-report-intv {integer}

set channel-utilization [enable|disable]

set wids-profile {string}

set darrp [enable|disable]

set arrp-profile {string}

set max-clients {integer}

set max-distance {integer}

set vap-all [tunnel|bridge|...]

set vaps <name1>, <name2>, ...

set channel <chan1>, <chan2>, ...

set call-admission-control [enable|disable]

set call-capacity {integer}

set bandwidth-admission-control [enable|disable]

set bandwidth-capacity {integer}

end

config radio-2

Description: Configuration options for radio 2.

set mode [disabled|ap|...]

set band [802.11a|802.11b|...]

set band-5g-type [5g-full|5g-high|...]

set drma [disable|enable]

set drma-sensitivity [low|medium|...]

set airtime-fairness [enable|disable]

set protection-mode [rtscts|ctsonly|...]

set powersave-optimize {option1}, {option2}, ...

set transmit-optimize {option1}, {option2}, ...

set amsdu [enable|disable]

set coexistence [enable|disable]

set zero-wait-dfs [enable|disable]

set bss-color {integer}

set bss-color-mode [auto|static]

set short-guard-interval [enable|disable]

set channel-bonding [160MHz|80MHz|...]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set auto-power-target {string}

set power-mode [dBm|percentage]

set power-level {integer}

set power-value {integer}

set dtim {integer}

set beacon-interval {integer}

set rts-threshold {integer}

set frag-threshold {integer}

set ap-sniffer-bufsize {integer}

set ap-sniffer-chan {integer}

set ap-sniffer-addr {mac-address}

set ap-sniffer-mgmt-beacon [enable|disable]

set ap-sniffer-mgmt-probe [enable|disable]

set ap-sniffer-mgmt-other [enable|disable]

set ap-sniffer-ctl [enable|disable]

set ap-sniffer-data [enable|disable]

set sam-ssid {string}

set sam-bssid {mac-address}

set sam-security-type [open|wpa-personal|...]

set sam-captive-portal [enable|disable]

set sam-cwp-username {string}

set sam-cwp-password {password}

set sam-cwp-test-url {string}

set sam-cwp-match-string {string}

set sam-cwp-success-string {string}

set sam-cwp-failure-string {string}

set sam-username {string}

set sam-password {password}

set sam-test [ping|iperf]

set sam-server-type [ip|fqdn]

set sam-server-ip {ipv4-address}

set sam-server-fqdn {string}

set iperf-server-port {integer}

set iperf-protocol [udp|tcp]

set sam-report-intv {integer}

set channel-utilization [enable|disable]

set wids-profile {string}

set darrp [enable|disable]

set arrp-profile {string}

set max-clients {integer}

set max-distance {integer}

set vap-all [tunnel|bridge|...]

set vaps <name1>, <name2>, ...

set channel <chan1>, <chan2>, ...

set call-admission-control [enable|disable]

set call-capacity {integer}

set bandwidth-admission-control [enable|disable]

set bandwidth-capacity {integer}

end

config radio-3

Description: Configuration options for radio 3.

set mode [disabled|ap|...]

set band [802.11a|802.11b|...]

set band-5g-type [5g-full|5g-high|...]

set drma [disable|enable]

set drma-sensitivity [low|medium|...]

set airtime-fairness [enable|disable]

set protection-mode [rtscts|ctsonly|...]

set powersave-optimize {option1}, {option2}, ...

set transmit-optimize {option1}, {option2}, ...

set amsdu [enable|disable]

set coexistence [enable|disable]

set zero-wait-dfs [enable|disable]

set bss-color {integer}

set bss-color-mode [auto|static]

set short-guard-interval [enable|disable]

set channel-bonding [160MHz|80MHz|...]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set auto-power-target {string}

set power-mode [dBm|percentage]

set power-level {integer}

set power-value {integer}

set dtim {integer}

set beacon-interval {integer}

set rts-threshold {integer}

set frag-threshold {integer}

set ap-sniffer-bufsize {integer}

set ap-sniffer-chan {integer}

set ap-sniffer-addr {mac-address}

set ap-sniffer-mgmt-beacon [enable|disable]

set ap-sniffer-mgmt-probe [enable|disable]

set ap-sniffer-mgmt-other [enable|disable]

set ap-sniffer-ctl [enable|disable]

set ap-sniffer-data [enable|disable]

set sam-ssid {string}

set sam-bssid {mac-address}

set sam-security-type [open|wpa-personal|...]

set sam-captive-portal [enable|disable]

set sam-cwp-username {string}

set sam-cwp-password {password}

set sam-cwp-test-url {string}

set sam-cwp-match-string {string}

set sam-cwp-success-string {string}

set sam-cwp-failure-string {string}

set sam-username {string}

set sam-password {password}

set sam-test [ping|iperf]

set sam-server-type [ip|fqdn]

set sam-server-ip {ipv4-address}

set sam-server-fqdn {string}

set iperf-server-port {integer}

set iperf-protocol [udp|tcp]

set sam-report-intv {integer}

set channel-utilization [enable|disable]

set wids-profile {string}

set darrp [enable|disable]

set arrp-profile {string}

set max-clients {integer}

set max-distance {integer}

set vap-all [tunnel|bridge|...]

set vaps <name1>, <name2>, ...

set channel <chan1>, <chan2>, ...

set call-admission-control [enable|disable]

set call-capacity {integer}

set bandwidth-admission-control [enable|disable]

set bandwidth-capacity {integer}

end

config radio-4

Description: Configuration options for radio 4.

set mode [disabled|ap|...]

set band [802.11a|802.11b|...]

set band-5g-type [5g-full|5g-high|...]

set drma [disable|enable]

set drma-sensitivity [low|medium|...]

set airtime-fairness [enable|disable]

set protection-mode [rtscts|ctsonly|...]

set powersave-optimize {option1}, {option2}, ...

set transmit-optimize {option1}, {option2}, ...

set amsdu [enable|disable]

set coexistence [enable|disable]

set zero-wait-dfs [enable|disable]

set bss-color {integer}

set bss-color-mode [auto|static]

set short-guard-interval [enable|disable]

set channel-bonding [160MHz|80MHz|...]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set auto-power-target {string}

set power-mode [dBm|percentage]

set power-level {integer}

set power-value {integer}

set dtim {integer}

set beacon-interval {integer}

set rts-threshold {integer}

set frag-threshold {integer}

set ap-sniffer-bufsize {integer}

set ap-sniffer-chan {integer}

set ap-sniffer-addr {mac-address}

set ap-sniffer-mgmt-beacon [enable|disable]

set ap-sniffer-mgmt-probe [enable|disable]

set ap-sniffer-mgmt-other [enable|disable]

set ap-sniffer-ctl [enable|disable]

set ap-sniffer-data [enable|disable]

set sam-ssid {string}

set sam-bssid {mac-address}

set sam-security-type [open|wpa-personal|...]

set sam-captive-portal [enable|disable]

set sam-cwp-username {string}

set sam-cwp-password {password}

set sam-cwp-test-url {string}

set sam-cwp-match-string {string}

set sam-cwp-success-string {string}

set sam-cwp-failure-string {string}

set sam-username {string}

set sam-password {password}

set sam-test [ping|iperf]

set sam-server-type [ip|fqdn]

set sam-server-ip {ipv4-address}

set sam-server-fqdn {string}

set iperf-server-port {integer}

set iperf-protocol [udp|tcp]

set sam-report-intv {integer}

set channel-utilization [enable|disable]

set wids-profile {string}

set darrp [enable|disable]

set arrp-profile {string}

set max-clients {integer}

set max-distance {integer}

set vap-all [tunnel|bridge|...]

set vaps <name1>, <name2>, ...

set channel <chan1>, <chan2>, ...

set call-admission-control [enable|disable]

set call-capacity {integer}

set bandwidth-admission-control [enable|disable]

set bandwidth-capacity {integer}

end

config lbs

Description: Set various location based service (LBS) options.

set ekahau-blink-mode [enable|disable]

set ekahau-tag {mac-address}

set erc-server-ip {ipv4-address-any}

set erc-server-port {integer}

set aeroscout [enable|disable]

set aeroscout-server-ip {ipv4-address-any}

set aeroscout-server-port {integer}

set aeroscout-mu [enable|disable]

set aeroscout-ap-mac [bssid|board-mac]

set aeroscout-mmu-report [enable|disable]

set aeroscout-mu-factor {integer}

set aeroscout-mu-timeout {integer}

set fortipresence [foreign|both|...]

set fortipresence-server-addr-type [ipv4|fqdn]

set fortipresence-server {ipv4-address-any}

set fortipresence-server-fqdn {string}

set fortipresence-port {integer}

set fortipresence-secret {password}

set fortipresence-project {string}

set fortipresence-frequency {integer}

set fortipresence-rogue [enable|disable]

set fortipresence-unassoc [enable|disable]

set fortipresence-ble [enable|disable]

set station-locate [enable|disable]

end

set ext-info-enable [enable|disable]

set indoor-outdoor-deployment [platform-determined|outdoor|...]

config esl-ses-dongle

Description: ESL SES-imagotag dongle configuration.

set compliance-level {option}

set scd-enable [enable|disable]

set esl-channel [-1|0|...]

set output-power [a|b|...]

set apc-addr-type [fqdn|ip]

set apc-fqdn {string}

set apc-ip {ipv4-address}

set apc-port {integer}

set coex-level {option}

set tls-cert-verification [enable|disable]

set tls-fqdn-verification [enable|disable]

end

set console-login [enable|disable]

set wan-port-auth [none|802.1x]

set wan-port-auth-usrname {string}

set wan-port-auth-password {password}

set wan-port-auth-methods [all|EAP-FAST|...]

next

end

Parameter

Description

Type

Size

Default

comment

Comment.

var-string

Maximum length: 255

control-message-offload

Enable/disable CAPWAP control message data channel offload.

option

-

ebp-frame aeroscout-tag ap-list sta-list sta-cap-list stats aeroscout-mu sta-health spectral-analysis

Option

Description

ebp-frame

Ekahau blink protocol (EBP) frames.

aeroscout-tag

AeroScout tag.

ap-list

Rogue AP list.

sta-list

Rogue STA list.

sta-cap-list

STA capability list.

stats

WTP, radio, VAP, and STA statistics.

aeroscout-mu

AeroScout Mobile Unit (MU) report.

sta-health

STA health log.

spectral-analysis

Spectral analysis report.

apcfg-profile

AP local configuration profile name.

string

Maximum length: 35

ble-profile

Bluetooth Low Energy profile name.

string

Maximum length: 35

syslog-profile

System log server configuration profile name.

string

Maximum length: 35

wan-port-mode

Enable/disable using a WAN port as a LAN port.

option

-

wan-only

Option

Description

wan-lan

Enable using a WAN port as a LAN port.

wan-only

Disable using a WAN port as a LAN port.

energy-efficient-ethernet

Enable/disable use of energy efficient Ethernet on WTP.

option

-

disable

Option

Description

enable

Enable use of energy efficient Ethernet on WTP.

disable

Disable use of energy efficient Ethernet on WTP.

led-state

Enable/disable use of LEDs on WTP .

option

-

enable

Option

Description

enable

Enable use of LEDs on WTP.

disable

Disable use of LEDs on WTP.

led-schedules <name>

Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid. Separate multiple schedule names with a space.

Schedule name.

string

Maximum length: 35

dtls-policy

WTP data channel DTLS policy .

option

-

clear-text

Option

Description

clear-text

Clear Text Data Channel.

dtls-enabled

DTLS Enabled Data Channel.

ipsec-vpn

IPsec VPN Data Channel.

dtls-in-kernel

Enable/disable data channel DTLS in kernel.

option

-

disable

Option

Description

enable

Enable data channel DTLS in kernel.

disable

Disable data channel DTLS in kernel.

max-clients

Maximum number of stations .

integer

Minimum value: 0 Maximum value: 4294967295

0

handoff-rssi

Minimum received signal strength indicator .

integer

Minimum value: 20 Maximum value: 30

25

handoff-sta-thresh

Threshold value for AP handoff.

integer

Minimum value: 0 Maximum value: 4294967295

0

handoff-roaming

Enable/disable client load balancing during roaming to avoid roaming delay .

option

-

enable

Option

Description

enable

Enable handoff roaming.

disable

Disable handoff roaming.

ap-country

Country in which this WTP, FortiAP, or AP will operate .

option

-

--

Option

Description

--

NO_COUNTRY_SET

AF

AFGHANISTAN

AL

ALBANIA

DZ

ALGERIA

AS

AMERICAN SAMOA

AO

ANGOLA

AR

ARGENTINA

AM

ARMENIA

AU

AUSTRALIA

AT

AUSTRIA

AZ

AZERBAIJAN

BS

BAHAMAS

BH

BAHRAIN

BD

BANGLADESH

BB

BARBADOS

BY

BELARUS

BE

BELGIUM

BZ

BELIZE

BJ

BENIN

BM

BERMUDA

BT

BHUTAN

BO

BOLIVIA

BA

BOSNIA AND HERZEGOVINA

BW

BOTSWANA

BR

BRAZIL

BN

BRUNEI DARUSSALAM

BG

BULGARIA

BF

BURKINA-FASO

KH

CAMBODIA

CM

CAMEROON

KY

CAYMAN ISLANDS

CF

CENTRAL AFRICA REPUBLIC

TD

CHAD

CL

CHILE

CN

CHINA

CX

CHRISTMAS ISLAND

CO

COLOMBIA

CG

CONGO REPUBLIC

CD

DEMOCRATIC REPUBLIC OF CONGO

CR

COSTA RICA

HR

CROATIA

CY

CYPRUS

CZ

CZECH REPUBLIC

DK

DENMARK

DM

DOMINICA

DO

DOMINICAN REPUBLIC

EC

ECUADOR

EG

EGYPT

SV

EL SALVADOR

ET

ETHIOPIA

EE

ESTONIA

GF

FRENCH GUIANA

PF

FRENCH POLYNESIA

FO

FAEROE ISLANDS

FJ

FIJI

FI

FINLAND

FR

FRANCE

GE

GEORGIA

DE

GERMANY

GH

GHANA

GI

GIBRALTAR

GR

GREECE

GL

GREENLAND

GD

GRENADA

GP

GUADELOUPE

GU

GUAM

GT

GUATEMALA

GY

GUYANA

HT

HAITI

HN

HONDURAS

HK

HONG KONG

HU

HUNGARY

IS

ICELAND

IN

INDIA

ID

INDONESIA

IQ

IRAQ

IE

IRELAND

IM

ISLE OF MAN

IL

ISRAEL

IT

ITALY

CI

COTE_D_IVOIRE

JM

JAMAICA

JO

JORDAN

KZ

KAZAKHSTAN

KE

KENYA

KR

KOREA REPUBLIC

KW

KUWAIT

LA

LAOS

LV

LATVIA

LB

LEBANON

LS

LESOTHO

LY

LIBYA

LI

LIECHTENSTEIN

LT

LITHUANIA

LU

LUXEMBOURG

MO

MACAU SAR

MK

MACEDONIA, FYRO

MG

MADAGASCAR

MW

MALAWI

MY

MALAYSIA

MV

MALDIVES

ML

MALI

MT

MALTA

MH

MARSHALL ISLANDS

MQ

MARTINIQUE

MR

MAURITANIA

MU

MAURITIUS

YT

MAYOTTE

MX

MEXICO

FM

MICRONESIA

MD

REPUBLIC OF MOLDOVA

MC

MONACO

MA

MOROCCO

MZ

MOZAMBIQUE

MM

MYANMAR

NA

NAMIBIA

NP

NEPAL

NL

NETHERLANDS

AN

NETHERLANDS ANTILLES

AW

ARUBA

NZ

NEW ZEALAND

NI

NICARAGUA

NE

NIGER

NO

NORWAY

MP

NORTHERN MARIANA ISLANDS

OM

OMAN

PK

PAKISTAN

PW

PALAU

PA

PANAMA

PG

PAPUA NEW GUINEA

PY

PARAGUAY

PE

PERU

PH

PHILIPPINES

PL

POLAND

PT

PORTUGAL

PR

PUERTO RICO

QA

QATAR

RE

REUNION

RO

ROMANIA

RU

RUSSIA

RW

RWANDA

BL

SAINT BARTHELEMY

KN

SAINT KITTS AND NEVIS

LC

SAINT LUCIA

MF

SAINT MARTIN

PM

SAINT PIERRE AND MIQUELON

VC

SAINT VINCENT AND GRENADIENS

SA

SAUDI ARABIA

SN

SENEGAL

RS

REPUBLIC OF SERBIA

ME

MONTENEGRO

SL

SIERRA LEONE

SG

SINGAPORE

SK

SLOVAKIA

SI

SLOVENIA

ZA

SOUTH AFRICA

ES

SPAIN

LK

SRI LANKA

SE

SWEDEN

SR

SURINAME

CH

SWITZERLAND

TW

TAIWAN

TZ

TANZANIA

TH

THAILAND

TG

TOGO

TT

TRINIDAD AND TOBAGO

TN

TUNISIA

TR

TURKEY

TM

TURKMENISTAN

AE

UNITED ARAB EMIRATES

TC

TURKS AND CAICOS

UG

UGANDA

UA

UKRAINE

GB

UNITED KINGDOM

US

UNITED STATES2

PS

UNITED STATES (PUBLIC SAFETY)

UY

URUGUAY

UZ

UZBEKISTAN

VU

VANUATU

VE

VENEZUELA

VN

VIET NAM

VI

VIRGIN ISLANDS

WF

WALLIS AND FUTUNA

YE

YEMEN

ZM

ZAMBIA

ZW

ZIMBABWE

JP

JAPAN14

CA

CANADA2

ip-fragment-preventing

Method.

option

-

tcp-mss-adjust

Option

Description

tcp-mss-adjust

TCP maximum segment size adjustment.

icmp-unreachable

Drop packet and send ICMP Destination Unreachable

tun-mtu-uplink

The maximum transmission unit .

integer

Minimum value: 576 Maximum value: 1500

0

tun-mtu-downlink

The MTU of downlink CAPWAP tunnel .

integer

Minimum value: 576 Maximum value: 1500

0

split-tunneling-acl-path

Split tunneling ACL path is local/tunnel.

option

-

local

Option

Description

tunnel

Split tunneling ACL list traffic will be tunnel.

local

Split tunneling ACL list traffic will be local NATed.

split-tunneling-acl-local-ap-subnet

Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL .

option

-

disable

Option

Description

enable

Enable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

disable

Disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

allowaccess

Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space.

option

-

Option

Description

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

login-passwd-change

Change or reset the administrator password of a managed WTP, FortiAP or AP .

option

-

no

Option

Description

yes

Change the managed WTP, FortiAP or AP's administrator password. Use the login-password option to set the password.

default

Keep the managed WTP, FortiAP or AP's administrator password set to the factory default.

no

Do not change the managed WTP, FortiAP or AP's administrator password.

login-passwd

Set the managed WTP, FortiAP, or AP's administrator password.

password

Not Specified

lldp

Enable/disable Link Layer Discovery Protocol .

option

-

enable

Option

Description

enable

Enable LLDP.

disable

Disable LLDP.

poe-mode

Set the WTP, FortiAP, or AP's PoE mode.

option

-

auto

Option

Description

auto

Automatically detect the PoE mode.

8023af

Use 802.3af PoE mode.

8023at

Use 802.3at PoE mode.

power-adapter

Use the power adapter to control the PoE mode.

full

Use full power mode.

high

Use high power mode.

low

Use low power mode.

frequency-handoff

Enable/disable frequency handoff of clients to other channels .

option

-

disable

Option

Description

enable

Enable frequency handoff.

disable

Disable frequency handoff.

ap-handoff

Enable/disable AP handoff of clients to other APs .

option

-

disable

Option

Description

enable

Enable AP handoff.

disable

Disable AP handoff.

ext-info-enable

Enable/disable station/VAP/radio extension information.

option

-

enable

Option

Description

enable

Enable station/VAP/radio extension information.

disable

Disable station/VAP/radio extension information.

indoor-outdoor-deployment

Set to allow indoor/outdoor-only channels under regulatory rules .

option

-

platform-determined

Option

Description

platform-determined

Set AP deployment type based on its platform.

outdoor

Set AP deployment type to outdoor.

indoor

Set AP deployment type to indoor.

console-login

Enable/disable FortiAP console login access .

option

-

enable

Option

Description

enable

Enable FAP console login access.

disable

Disable FAP console login access.

wan-port-auth

Set WAN port authentication mode .

option

-

none

Option

Description

none

Disable WAN port authentication.

802.1x

Enable WAN port 802.1x authentication.

wan-port-auth-usrname

Set WAN port 802.1x supplicant user name.

string

Maximum length: 63

wan-port-auth-password

Set WAN port 802.1x supplicant password.

password

Not Specified

wan-port-auth-methods

WAN port 802.1x supplicant EAP methods .

option

-

all

Option

Description

all

Do not specify any EAP methods.

EAP-FAST

Enable EAP-FAST.

EAP-TLS

Enable EAP-TLS.

EAP-PEAP

Enable EAP-PEAP.

config platform

Parameter

Description

Type

Size

Default

type

WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in profile and customize it or create a new profile.

option

-

221E

Option

Description

AP-11N

Default 11n AP.

220B

FAP220B/221B.

210B

FAP210B.

222B

FAP222B.

112B

FAP112B.

320B

FAP320B.

11C

FAP11C.

14C

FAP14C.

223B

FAP223B.

28C

FAP28C.

320C

FAP320C.

221C

FAP221C.

25D

FAP25D.

222C

FAP222C.

224D

FAP224D.

214B

FK214B.

21D

FAP21D.

24D

FAP24D.

112D

FAP112D.

223C

FAP223C.

321C

FAP321C.

C220C

FAPC220C.

C225C

FAPC225C.

C23JD

FAPC23JD.

C24JE

FAPC24JE.

S321C

FAPS321C.

S322C

FAPS322C.

S323C

FAPS323C.

S311C

FAPS311C.

S313C

FAPS313C.

S321CR

FAPS321CR.

S322CR

FAPS322CR.

S323CR

FAPS323CR.

S421E

FAPS421E.

S422E

FAPS422E.

S423E

FAPS423E.

421E

FAP421E.

423E

FAP423E.

221E

FAP221E.

222E

FAP222E.

223E

FAP223E.

224E

FAP224E.

231E

FAP231E.

S221E

FAPS221E.

S223E

FAPS223E.

321E

FAP321E.

431F

FAP431F.

432F

FAP432F.

433F

FAP433F.

231F

FAP231F.

234F

FAP234F.

23JF

FAP23JF.

831F

FAP831F.

U421E

FAPU421EV.

U422EV

FAPU422EV.

U423E

FAPU423EV.

U221EV

FAPU221EV.

U223EV

FAPU223EV.

U24JEV

FAPU24JEV.

U321EV

FAPU321EV.

U323EV

FAPU323EV.

U431F

FAPU431F.

U433F

FAPU433F.

U231F

FAPU231F.

U234F

FAPU234F.

U432F

FAPU432F.

mode

Configure operation mode of 5G radios .

option

-

single-5G

Option

Description

single-5G

Configure radios as one 5GHz band, one 2.4GHz band, and one dedicated monitor or sniffer.

dual-5G

Configure radios as one lower 5GHz band, one higher 5GHz band and one 2.4GHz band respectively.

ddscan

Enable/disable use of one radio for dedicated dual-band scanning to detect RF characterization and wireless threat management.

option

-

disable

Option

Description

enable

Enable dedicated dual-band scan mode.

disable

Disable dedicated dual-band scan mode.

config lan

Parameter

Description

Type

Size

Default

port-mode

LAN port mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port-ssid

Bridge LAN port to SSID.

string

Maximum length: 15

port1-mode

LAN port 1 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port1-ssid

Bridge LAN port 1 to SSID.

string

Maximum length: 15

port2-mode

LAN port 2 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port2-ssid

Bridge LAN port 2 to SSID.

string

Maximum length: 15

port3-mode

LAN port 3 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port3-ssid

Bridge LAN port 3 to SSID.

string

Maximum length: 15

port4-mode

LAN port 4 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port4-ssid

Bridge LAN port 4 to SSID.

string

Maximum length: 15

port5-mode

LAN port 5 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port5-ssid

Bridge LAN port 5 to SSID.

string

Maximum length: 15

port6-mode

LAN port 6 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port6-ssid

Bridge LAN port 6 to SSID.

string

Maximum length: 15

port7-mode

LAN port 7 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port7-ssid

Bridge LAN port 7 to SSID.

string

Maximum length: 15

port8-mode

LAN port 8 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port8-ssid

Bridge LAN port 8 to SSID.

string

Maximum length: 15

port-esl-mode

ESL port mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP ESL port to WTP WAN port.

bridge-to-wan

Bridge WTP ESL port to WTP WAN port.

bridge-to-ssid

Bridge WTP ESL port to SSID.

port-esl-ssid

Bridge ESL port to SSID.

string

Maximum length: 15

config deny-mac-list

Parameter

Description

Type

Size

Default

mac

A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP.

mac-address

Not Specified

00:00:00:00:00:00

config split-tunneling-acl

Parameter

Description

Type

Size

Default

dest-ip

Destination IP and mask for the split-tunneling subnet.

ipv4-classnet

Not Specified

0.0.0.0 0.0.0.0

config radio-1

Parameter

Description

Type

Size

Default

mode

Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station.

option

-

ap

Option

Description

disabled

Radio 1 is disabled.

ap

Radio 1 operates as an access point that allows WiFi clients to connect to your network.

monitor

Radio 1 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.

sniffer

Radio 1 operates as a sniffer capturing WiFi frames on air.

sam

Radio 1 operates as a station that can connect to a neighboring AP for connectivity and health check.

band

WiFi band that Radio 1 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g/b.

802.11n

802.11n/g/b at 2.4GHz.

802.11n-5G

802.11n/a at 5GHz.

802.11ac

802.11ac/n/a.

802.11ax-5G

802.11ax/ac/n/a at 5GHz.

802.11ax

802.11ax/n/g/b at 2.4GHz.

802.11ac-2G

802.11ac at 2.4GHz.

802.11n,g-only

802.11n/g at 2.4GHz.

802.11g-only

802.11g.

802.11n-only

802.11n at 2.4GHz.

802.11n-5G-only

802.11n at 5GHz.

802.11ac,n-only

802.11ac/n.

802.11ac-only

802.11ac.

802.11ax,ac-only

802.11ax/ac at 5GHz.

802.11ax,ac,n-only

802.11ax/ac/n at 5GHz.

802.11ax-5G-only

802.11ax at 5GHz.

802.11ax,n-only

802.11ax/n at 2.4GHz.

802.11ax,n,g-only

802.11ax/n/g at 2.4GHz.

802.11ax-only

802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

-

5g-full

Option

Description

5g-full

Full 5G band.

5g-high

High 5G band.

5g-low

Low 5G band.

drma

Enable/disable dynamic radio mode assignment .

option

-

disable

Option

Description

disable

Disable dynamic radio mode assignment (DRMA).

enable

Enable dynamic radio mode assignment (DRMA).

drma-sensitivity

Network Coverage Factor .

option

-

low

Option

Description

low

Consider a radio as redundant when its NCF is 100%.

medium

Consider a radio as redundant when its NCF is 95%.

high

Consider a radio as redundant when its NCF is 90%.

airtime-fairness

Enable/disable airtime fairness .

option

-

disable

Option

Description

enable

Enable airtime fairness (ATF) support.

disable

Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

-

disable

Option

Description

rtscts

Enable 802.11g protection RTS/CTS mode.

ctsonly

Enable 802.11g protection CTS only mode.

disable

Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

-

Option

Description

tim

TIM bit for client in power save mode.

ac-vo

Use AC VO priority to send out packets in the power save queue.

no-obss-scan

Do not put OBSS scan IE into beacon and probe response frames.

no-11b-rate

Do not send frame using 11b data rate.

client-rate-follow

Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

-

power-save aggr-limit retry-limit send-bar

Option

Description

disable

Disable packet transmission optimization.

power-save

Tag client as operating in power save mode if excessive transmit retries occur.

aggr-limit

Set aggregation limit to a lower value when data rate is low.

retry-limit

Set software retry limit to a lower value when data rate is low.

send-bar

Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients .

option

-

enable

Option

Description

enable

Enable AMSDU support.