Fortinet black logo

CLI Reference

config wireless-controller global

config wireless-controller global

Configure wireless controller global settings.

config wireless-controller global
    Description: Configure wireless controller global settings.
    set acd-process-count {integer}
    set ap-log-server [enable|disable]
    set ap-log-server-ip {ipv4-address}
    set ap-log-server-port {integer}
    set control-message-offload {option1}, {option2}, ...
    set data-ethernet-II [enable|disable]
    set dfs-lab-test [enable|disable]
    set discovery-mc-addr {ipv4-address-multicast}
    set fiapp-eth-type {integer}
    set image-download [enable|disable]
    set ipsec-base-ip {ipv4-address}
    set link-aggregation [enable|disable]
    set local-radio-vdom {string}
    set location {string}
    set max-clients {integer}
    set max-retransmit {integer}
    set mesh-eth-type {integer}
    set nac-interval {integer}
    set name {string}
    set rogue-scan-mac-adjacency {integer}
    set tunnel-mode [compatible|strict]
    set wtp-share [enable|disable]
end

config wireless-controller global

Parameter

Description

Type

Size

Default

acd-process-count

Configure the number cw_acd daemons for multi-core CPU support.

integer

Minimum value: 0 Maximum value: 255

0

ap-log-server

Enable/disable configuring FortiGate to redirect wireless event log messages or FortiAPs to send UTM log messages to a syslog server.

option

-

disable

Option

Description

enable

Enable AP log server.

disable

Disable AP log server.

ap-log-server-ip

IP address that FortiGate or FortiAPs send log messages to.

ipv4-address

Not Specified

0.0.0.0

ap-log-server-port

Port that FortiGate or FortiAPs send log messages to.

integer

Minimum value: 0 Maximum value: 65535

0

control-message-offload

Configure CAPWAP control message data channel offload.

option

-

ebp-frame aeroscout-tag ap-list sta-list sta-cap-list stats aeroscout-mu sta-health spectral-analysis

Option

Description

ebp-frame

Ekahau blink protocol (EBP) frames.

aeroscout-tag

AeroScout tag.

ap-list

Rogue AP list.

sta-list

Rogue STA list.

sta-cap-list

STA capability list.

stats

WTP, radio, VAP, and STA statistics.

aeroscout-mu

AeroScout Mobile Unit (MU) report.

sta-health

STA health log.

spectral-analysis

Spectral analysis report.

data-ethernet-II

Configure the wireless controller to use Ethernet II or 802.3 frames with 802.3 data tunnel mode.

option

-

enable

Option

Description

enable

Use Ethernet II frames with 802.3 data tunnel mode.

disable

Use 802.3 Ethernet frames with 802.3 data tunnel mode.

dfs-lab-test *

Enable/disable DFS certificate lab test mode.

option

-

disable

Option

Description

enable

Enable DFS certificate lab test mode.

disable

Disable DFS certificate lab test mode.

discovery-mc-addr

Multicast IP address for AP discovery.

ipv4-address-multicast

Not Specified

224.0.1.140

fiapp-eth-type

Ethernet type for Fortinet Inter-Access Point Protocol.

integer

Minimum value: 0 Maximum value: 65535

5252

image-download

Enable/disable WTP image download at join time.

option

-

enable

Option

Description

enable

Enable WTP image download at join time.

disable

Disable WTP image download at join time.

ipsec-base-ip

Base IP address for IPsec VPN tunnels between the access points and the wireless controller.

ipv4-address

Not Specified

169.254.0.1

link-aggregation

Enable/disable calculating the CAPWAP transmit hash to load balance sessions to link aggregation nodes.

option

-

disable

Option

Description

enable

Enable calculating the CAPWAP transmit hash.

disable

Disable calculating the CAPWAP transmit hash.

local-radio-vdom *

Assign local radio's virtual domain.

string

Maximum length: 31

root

location

Description of the location of the wireless controller.

string

Maximum length: 35

max-clients

Maximum number of clients that can connect simultaneously.

integer

Minimum value: 0 Maximum value: 4294967295

0

max-retransmit

Maximum number of tunnel packet retransmissions.

integer

Minimum value: 0 Maximum value: 64

3

mesh-eth-type

Mesh Ethernet identifier included in backhaul packets.

integer

Minimum value: 0 Maximum value: 65535

8755

nac-interval

Interval in seconds between two WiFi network access control.

integer

Minimum value: 10 Maximum value: 600

120

name

Name of the wireless controller.

string

Maximum length: 35

rogue-scan-mac-adjacency

Maximum numerical difference between an AP's Ethernet and wireless MAC values to match for rogue detection.

integer

Minimum value: 0 Maximum value: 31

7

tunnel-mode

Compatible/strict tunnel mode.

option

-

compatible

Option

Description

compatible

Allow for backward compatible ciphers(3DES+SHA1+Strong list).

strict

Follow system level strong-crypto ciphers.

wtp-share

Enable/disable sharing of WTPs between VDOMs.

option

-

disable

Option

Description

enable

WTP can be shared between all VDOMs.

disable

WTP can be used only in its own VDOM.

* This parameter may not exist in some models.

config wireless-controller global

Configure wireless controller global settings.

config wireless-controller global
    Description: Configure wireless controller global settings.
    set acd-process-count {integer}
    set ap-log-server [enable|disable]
    set ap-log-server-ip {ipv4-address}
    set ap-log-server-port {integer}
    set control-message-offload {option1}, {option2}, ...
    set data-ethernet-II [enable|disable]
    set dfs-lab-test [enable|disable]
    set discovery-mc-addr {ipv4-address-multicast}
    set fiapp-eth-type {integer}
    set image-download [enable|disable]
    set ipsec-base-ip {ipv4-address}
    set link-aggregation [enable|disable]
    set local-radio-vdom {string}
    set location {string}
    set max-clients {integer}
    set max-retransmit {integer}
    set mesh-eth-type {integer}
    set nac-interval {integer}
    set name {string}
    set rogue-scan-mac-adjacency {integer}
    set tunnel-mode [compatible|strict]
    set wtp-share [enable|disable]
end

config wireless-controller global

Parameter

Description

Type

Size

Default

acd-process-count

Configure the number cw_acd daemons for multi-core CPU support.

integer

Minimum value: 0 Maximum value: 255

0

ap-log-server

Enable/disable configuring FortiGate to redirect wireless event log messages or FortiAPs to send UTM log messages to a syslog server.

option

-

disable

Option

Description

enable

Enable AP log server.

disable

Disable AP log server.

ap-log-server-ip

IP address that FortiGate or FortiAPs send log messages to.

ipv4-address

Not Specified

0.0.0.0

ap-log-server-port

Port that FortiGate or FortiAPs send log messages to.

integer

Minimum value: 0 Maximum value: 65535

0

control-message-offload

Configure CAPWAP control message data channel offload.

option

-

ebp-frame aeroscout-tag ap-list sta-list sta-cap-list stats aeroscout-mu sta-health spectral-analysis

Option

Description

ebp-frame

Ekahau blink protocol (EBP) frames.

aeroscout-tag

AeroScout tag.

ap-list

Rogue AP list.

sta-list

Rogue STA list.

sta-cap-list

STA capability list.

stats

WTP, radio, VAP, and STA statistics.

aeroscout-mu

AeroScout Mobile Unit (MU) report.

sta-health

STA health log.

spectral-analysis

Spectral analysis report.

data-ethernet-II

Configure the wireless controller to use Ethernet II or 802.3 frames with 802.3 data tunnel mode.

option

-

enable

Option

Description

enable

Use Ethernet II frames with 802.3 data tunnel mode.

disable

Use 802.3 Ethernet frames with 802.3 data tunnel mode.

dfs-lab-test *

Enable/disable DFS certificate lab test mode.

option

-

disable

Option

Description

enable

Enable DFS certificate lab test mode.

disable

Disable DFS certificate lab test mode.

discovery-mc-addr

Multicast IP address for AP discovery.

ipv4-address-multicast

Not Specified

224.0.1.140

fiapp-eth-type

Ethernet type for Fortinet Inter-Access Point Protocol.

integer

Minimum value: 0 Maximum value: 65535

5252

image-download

Enable/disable WTP image download at join time.

option

-

enable

Option

Description

enable

Enable WTP image download at join time.

disable

Disable WTP image download at join time.

ipsec-base-ip

Base IP address for IPsec VPN tunnels between the access points and the wireless controller.

ipv4-address

Not Specified

169.254.0.1

link-aggregation

Enable/disable calculating the CAPWAP transmit hash to load balance sessions to link aggregation nodes.

option

-

disable

Option

Description

enable

Enable calculating the CAPWAP transmit hash.

disable

Disable calculating the CAPWAP transmit hash.

local-radio-vdom *

Assign local radio's virtual domain.

string

Maximum length: 31

root

location

Description of the location of the wireless controller.

string

Maximum length: 35

max-clients

Maximum number of clients that can connect simultaneously.

integer

Minimum value: 0 Maximum value: 4294967295

0

max-retransmit

Maximum number of tunnel packet retransmissions.

integer

Minimum value: 0 Maximum value: 64

3

mesh-eth-type

Mesh Ethernet identifier included in backhaul packets.

integer

Minimum value: 0 Maximum value: 65535

8755

nac-interval

Interval in seconds between two WiFi network access control.

integer

Minimum value: 10 Maximum value: 600

120

name

Name of the wireless controller.

string

Maximum length: 35

rogue-scan-mac-adjacency

Maximum numerical difference between an AP's Ethernet and wireless MAC values to match for rogue detection.

integer

Minimum value: 0 Maximum value: 31

7

tunnel-mode

Compatible/strict tunnel mode.

option

-

compatible

Option

Description

compatible

Allow for backward compatible ciphers(3DES+SHA1+Strong list).

strict

Follow system level strong-crypto ciphers.

wtp-share

Enable/disable sharing of WTPs between VDOMs.

option

-

disable

Option

Description

enable

WTP can be shared between all VDOMs.

disable

WTP can be used only in its own VDOM.

* This parameter may not exist in some models.