config wireless-controller wtp-profile

Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.

Description: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.

edit <name>

set comment {var-string}

config platform

Description: WTP, FortiAP, or AP platform.

set type [AP-11N|220B|...]

set mode [single-5G|dual-5G]

set ddscan [enable|disable]

end

set control-message-offload {option1}, {option2}, ...

set ble-profile {string}

set wan-port-mode [wan-lan|wan-only]

config lan

Description: WTP LAN port mapping.

set port-mode [offline|nat-to-wan|...]

set port-ssid {string}

set port1-mode [offline|nat-to-wan|...]

set port1-ssid {string}

set port2-mode [offline|nat-to-wan|...]

set port2-ssid {string}

set port3-mode [offline|nat-to-wan|...]

set port3-ssid {string}

set port4-mode [offline|nat-to-wan|...]

set port4-ssid {string}

set port5-mode [offline|nat-to-wan|...]

set port5-ssid {string}

set port6-mode [offline|nat-to-wan|...]

set port6-ssid {string}

set port7-mode [offline|nat-to-wan|...]

set port7-ssid {string}

set port8-mode [offline|nat-to-wan|...]

set port8-ssid {string}

end

set energy-efficient-ethernet [enable|disable]

set led-state [enable|disable]

set led-schedules <name1>, <name2>, ...

set dtls-policy {option1}, {option2}, ...

set dtls-in-kernel [enable|disable]

set max-clients {integer}

set handoff-rssi {integer}

set handoff-sta-thresh {integer}

set handoff-roaming [enable|disable]

config deny-mac-list

Description: List of MAC addresses that are denied access to this WTP, FortiAP, or AP.

edit <id>

set mac {mac-address}

end

set ap-country [NA|AL|...]

set ip-fragment-preventing {option1}, {option2}, ...

set tun-mtu-uplink {integer}

set tun-mtu-downlink {integer}

set split-tunneling-acl-path [tunnel|local]

set split-tunneling-acl-local-ap-subnet [enable|disable]

config split-tunneling-acl

Description: Split tunneling ACL filter list.

edit <id>

set dest-ip {ipv4-classnet}

end

set allowaccess {option1}, {option2}, ...

set login-passwd-change [yes|default|...]

set login-passwd {password}

set lldp [enable|disable]

set poe-mode [auto|8023af|...]

config radio-1

Description: Configuration options for radio 1.

set mode [disabled|ap|...]

set band [802.11a|802.11b|...]

set band-5g-type [5g-full|5g-high|...]

set airtime-fairness [enable|disable]

set protection-mode [rtscts|ctsonly|...]

set powersave-optimize {option1}, {option2}, ...

set transmit-optimize {option1}, {option2}, ...

set amsdu [enable|disable]

set coexistence [enable|disable]

set zero-wait-dfs [enable|disable]

set short-guard-interval [enable|disable]

set channel-bonding [160MHz|80MHz|...]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set power-level {integer}

set dtim {integer}

set beacon-interval {integer}

set rts-threshold {integer}

set frag-threshold {integer}

set ap-sniffer-bufsize {integer}

set ap-sniffer-chan {integer}

set ap-sniffer-addr {mac-address}

set ap-sniffer-mgmt-beacon [enable|disable]

set ap-sniffer-mgmt-probe [enable|disable]

set ap-sniffer-mgmt-other [enable|disable]

set ap-sniffer-ctl [enable|disable]

set ap-sniffer-data [enable|disable]

set channel-utilization [enable|disable]

set spectrum-analysis [enable|disable]

set wids-profile {string}

set darrp [enable|disable]

set max-clients {integer}

set max-distance {integer}

set frequency-handoff [enable|disable]

set ap-handoff [enable|disable]

set vap-all [enable|disable]

set vaps <name1>, <name2>, ...

set channel <chan1>, <chan2>, ...

set call-admission-control [enable|disable]

set call-capacity {integer}

set bandwidth-admission-control [enable|disable]

set bandwidth-capacity {integer}

end

config radio-2

Description: Configuration options for radio 2.

set mode [disabled|ap|...]

set band [802.11a|802.11b|...]

set band-5g-type [5g-full|5g-high|...]

set airtime-fairness [enable|disable]

set protection-mode [rtscts|ctsonly|...]

set powersave-optimize {option1}, {option2}, ...

set transmit-optimize {option1}, {option2}, ...

set amsdu [enable|disable]

set coexistence [enable|disable]

set zero-wait-dfs [enable|disable]

set short-guard-interval [enable|disable]

set channel-bonding [160MHz|80MHz|...]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set power-level {integer}

set dtim {integer}

set beacon-interval {integer}

set rts-threshold {integer}

set frag-threshold {integer}

set ap-sniffer-bufsize {integer}

set ap-sniffer-chan {integer}

set ap-sniffer-addr {mac-address}

set ap-sniffer-mgmt-beacon [enable|disable]

set ap-sniffer-mgmt-probe [enable|disable]

set ap-sniffer-mgmt-other [enable|disable]

set ap-sniffer-ctl [enable|disable]

set ap-sniffer-data [enable|disable]

set channel-utilization [enable|disable]

set spectrum-analysis [enable|disable]

set wids-profile {string}

set darrp [enable|disable]

set max-clients {integer}

set max-distance {integer}

set frequency-handoff [enable|disable]

set ap-handoff [enable|disable]

set vap-all [enable|disable]

set vaps <name1>, <name2>, ...

set channel <chan1>, <chan2>, ...

set call-admission-control [enable|disable]

set call-capacity {integer}

set bandwidth-admission-control [enable|disable]

set bandwidth-capacity {integer}

end

config radio-3

Description: Configuration options for radio 3.

set mode [disabled|ap|...]

set band [802.11a|802.11b|...]

set band-5g-type [5g-full|5g-high|...]

set airtime-fairness [enable|disable]

set protection-mode [rtscts|ctsonly|...]

set powersave-optimize {option1}, {option2}, ...

set transmit-optimize {option1}, {option2}, ...

set amsdu [enable|disable]

set coexistence [enable|disable]

set zero-wait-dfs [enable|disable]

set short-guard-interval [enable|disable]

set channel-bonding [160MHz|80MHz|...]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set power-level {integer}

set dtim {integer}

set beacon-interval {integer}

set rts-threshold {integer}

set frag-threshold {integer}

set ap-sniffer-bufsize {integer}

set ap-sniffer-chan {integer}

set ap-sniffer-addr {mac-address}

set ap-sniffer-mgmt-beacon [enable|disable]

set ap-sniffer-mgmt-probe [enable|disable]

set ap-sniffer-mgmt-other [enable|disable]

set ap-sniffer-ctl [enable|disable]

set ap-sniffer-data [enable|disable]

set channel-utilization [enable|disable]

set spectrum-analysis [enable|disable]

set wids-profile {string}

set darrp [enable|disable]

set max-clients {integer}

set max-distance {integer}

set frequency-handoff [enable|disable]

set ap-handoff [enable|disable]

set vap-all [enable|disable]

set vaps <name1>, <name2>, ...

set channel <chan1>, <chan2>, ...

set call-admission-control [enable|disable]

set call-capacity {integer}

set bandwidth-admission-control [enable|disable]

set bandwidth-capacity {integer}

end

config radio-4

Description: Configuration options for radio 4.

set mode [disabled|ap|...]

set band [802.11a|802.11b|...]

set band-5g-type [5g-full|5g-high|...]

set airtime-fairness [enable|disable]

set protection-mode [rtscts|ctsonly|...]

set powersave-optimize {option1}, {option2}, ...

set transmit-optimize {option1}, {option2}, ...

set amsdu [enable|disable]

set coexistence [enable|disable]

set zero-wait-dfs [enable|disable]

set short-guard-interval [enable|disable]

set channel-bonding [160MHz|80MHz|...]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set power-level {integer}

set dtim {integer}

set beacon-interval {integer}

set rts-threshold {integer}

set frag-threshold {integer}

set ap-sniffer-bufsize {integer}

set ap-sniffer-chan {integer}

set ap-sniffer-addr {mac-address}

set ap-sniffer-mgmt-beacon [enable|disable]

set ap-sniffer-mgmt-probe [enable|disable]

set ap-sniffer-mgmt-other [enable|disable]

set ap-sniffer-ctl [enable|disable]

set ap-sniffer-data [enable|disable]

set channel-utilization [enable|disable]

set spectrum-analysis [enable|disable]

set wids-profile {string}

set darrp [enable|disable]

set max-clients {integer}

set max-distance {integer}

set frequency-handoff [enable|disable]

set ap-handoff [enable|disable]

set vap-all [enable|disable]

set vaps <name1>, <name2>, ...

set channel <chan1>, <chan2>, ...

set call-admission-control [enable|disable]

set call-capacity {integer}

set bandwidth-admission-control [enable|disable]

set bandwidth-capacity {integer}

end

config lbs

Description: Set various location based service (LBS) options.

set ekahau-blink-mode [enable|disable]

set ekahau-tag {mac-address}

set erc-server-ip {ipv4-address-any}

set erc-server-port {integer}

set aeroscout [enable|disable]

set aeroscout-server-ip {ipv4-address-any}

set aeroscout-server-port {integer}

set aeroscout-mu [enable|disable]

set aeroscout-ap-mac [bssid|board-mac]

set aeroscout-mmu-report [enable|disable]

set aeroscout-mu-factor {integer}

set aeroscout-mu-timeout {integer}

set fortipresence [foreign|both|...]

set fortipresence-server {ipv4-address-any}

set fortipresence-port {integer}

set fortipresence-secret {password}

set fortipresence-project {string}

set fortipresence-frequency {integer}

set fortipresence-rogue [enable|disable]

set fortipresence-unassoc [enable|disable]

set fortipresence-ble [enable|disable]

set station-locate [enable|disable]

end

set ext-info-enable [enable|disable]

end

config wireless-controller wtp-profile

Parameter name

Description

Type

Size

comment

Comment.

var-string

Maximum length: 255

control-message-offload

Enable/disable CAPWAP control message data channel offload.

option

Option	Description
ebp-frame	Ekahau blink protocol (EBP) frames.
aeroscout-tag	AeroScout tag.
ap-list	Rogue AP list.
sta-list	Rogue STA list.
sta-cap-list	STA capability list.
stats	WTP, radio, VAP, and STA statistics.
aeroscout-mu	AeroScout Mobile Unit (MU) report.
sta-health	STA health log.

ble-profile

Bluetooth Low Energy profile name.

string

Maximum length: 35

wan-port-mode

Enable/disable using a WAN port as a LAN port.

option

Option	Description
wan-lan	Enable using a WAN port as a LAN port.
wan-only	Disable using a WAN port as a LAN port.

energy-efficient-ethernet

Enable/disable use of energy efficient Ethernet on WTP.

option

Option	Description
enable	Enable use of energy efficient Ethernet on WTP.
disable	Disable use of energy efficient Ethernet on WTP.

led-state

Enable/disable use of LEDs on WTP (default = disable).

option

Option	Description
enable	Enable use of LEDs on WTP.
disable	Disable use of LEDs on WTP.

led-schedules <name>

Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid. Separate multiple schedule names with a space.

Schedule name.

string

Maximum length: 35

dtls-policy

WTP data channel DTLS policy (default = clear-text).

option

Option	Description
clear-text	Clear Text Data Channel.
dtls-enabled	DTLS Enabled Data Channel.
ipsec-vpn	IPsec VPN Data Channel.

dtls-in-kernel

Enable/disable data channel DTLS in kernel.

option

Option	Description
enable	Enable data channel DTLS in kernel.
disable	Disable data channel DTLS in kernel.

max-clients

Maximum number of stations (STAs) supported by the WTP (default = 0, meaning no client limitation).

integer

Minimum value: 0 Maximum value: 4294967295

handoff-rssi

Minimum received signal strength indicator (RSSI) value for handoff (20 - 30, default = 25).

integer

Minimum value: 20 Maximum value: 30

handoff-sta-thresh

Threshold value for AP handoff.

integer

Minimum value: 0 Maximum value: 4294967295

handoff-roaming

Enable/disable client load balancing during roaming to avoid roaming delay (default = disable).

option

Option	Description
enable	Enable handoff roaming.
disable	Disable handoff roaming.

ap-country

Country in which this WTP, FortiAP or AP will operate (default = NA, automatically use the country configured for the current VDOM).

option

Option	Description
NA	NO_COUNTRY_SET
AL	ALBANIA
DZ	ALGERIA
AO	ANGOLA
AR	ARGENTINA
AM	ARMENIA
AU	AUSTRALIA
AT	AUSTRIA
AZ	AZERBAIJAN
BH	BAHRAIN
BD	BANGLADESH
BB	BARBADOS
BY	BELARUS
BE	BELGIUM
BZ	BELIZE
BO	BOLIVIA
BA	BOSNIA AND HERZEGOVINA
BR	BRAZIL
BN	BRUNEI DARUSSALAM
BG	BULGARIA
KH	CAMBODIA
CF	CENTRAL AFRICA REPUBLIC
CL	CHILE
CN	CHINA
CO	COLOMBIA
CR	COSTA RICA
HR	CROATIA
CY	CYPRUS
CZ	CZECH REPUBLIC
DK	DENMARK
DO	DOMINICAN REPUBLIC
EC	ECUADOR
EG	EGYPT
SV	EL SALVADOR
EE	ESTONIA
FI	FINLAND
FR	FRANCE
GE	GEORGIA
DE	GERMANY
GR	GREECE
GL	GREENLAND
GD	GRENADA
GU	GUAM
GT	GUATEMALA
HT	HAITI
HN	HONDURAS
HK	HONG KONG
HU	HUNGARY
IS	ICELAND
IN	INDIA
ID	INDONESIA
IR	IRAN
IE	IRELAND
IL	ISRAEL
IT	ITALY
JM	JAMAICA
JO	JORDAN
KZ	KAZAKHSTAN
KE	KENYA
KP	NORTH KOREA
KR	KOREA REPUBLIC
KW	KUWAIT
LV	LATVIA
LB	LEBANON
LI	LIECHTENSTEIN
LT	LITHUANIA
LU	LUXEMBOURG
MO	MACAU SAR
MK	MACEDONIA, FYRO
MY	MALAYSIA
MT	MALTA
MX	MEXICO
MC	MONACO
MA	MOROCCO
MZ	MOZAMBIQUE
MM	MYANMAR
NP	NEPAL
NL	NETHERLANDS
AN	NETHERLANDS ANTILLES
AW	ARUBA
NZ	NEW ZEALAND
NO	NORWAY
OM	OMAN
PK	PAKISTAN
PA	PANAMA
PG	PAPUA NEW GUINEA
PY	PARAGUAY
PE	PERU
PH	PHILIPPINES
PL	POLAND
PT	PORTUGAL
PR	PUERTO RICO
QA	QATAR
RO	ROMANIA
RU	RUSSIA
RW	RWANDA
SA	SAUDI ARABIA
RS	REPUBLIC OF SERBIA
ME	MONTENEGRO
SG	SINGAPORE
SK	SLOVAKIA
SI	SLOVENIA
ZA	SOUTH AFRICA
ES	SPAIN
LK	SRI LANKA
SE	SWEDEN
SD	SUDAN
CH	SWITZERLAND
SY	SYRIAN ARAB REPUBLIC
TW	TAIWAN
TZ	TANZANIA
TH	THAILAND
TT	TRINIDAD AND TOBAGO
TN	TUNISIA
TR	TURKEY
AE	UNITED ARAB EMIRATES
UA	UKRAINE
GB	UNITED KINGDOM
US	UNITED STATES2
PS	UNITED STATES (PUBLIC SAFETY)
UY	URUGUAY
UZ	UZBEKISTAN
VE	VENEZUELA
VN	VIET NAM
YE	YEMEN
ZB	ZAMBIA
ZW	ZIMBABWE
JP	JAPAN14
CA	CANADA2

ip-fragment-preventing

Method(s) by which IP fragmentation is prevented for control and data packets through CAPWAP tunnel (default = tcp-mss-adjust).

option

Option	Description
tcp-mss-adjust	TCP maximum segment size adjustment.
icmp-unreachable	Drop packet and send ICMP Destination Unreachable

tun-mtu-uplink

The maximum transmission unit (MTU) of uplink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0).

integer

Minimum value: 576 Maximum value: 1500

tun-mtu-downlink

The MTU of downlink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0).

integer

Minimum value: 576 Maximum value: 1500

split-tunneling-acl-path

Split tunneling ACL path is local/tunnel.

option

Option	Description
tunnel	Split tunneling ACL list traffic will be tunnel.
local	Split tunneling ACL list traffic will be local NATed.

split-tunneling-acl-local-ap-subnet

Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL (default = disable).

option

Option	Description
enable	Enable automatically adding local subnetwork of FortiAP to split-tunneling ACL.
disable	Disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

allowaccess

Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space.

option

Option	Description
https	HTTPS access.
ssh	SSH access.
snmp	SNMP access.

Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no, default = no).

option

Option	Description
yes	Change the managed WTP, FortiAP or AP's administrator password. Use the login-password option to set the password.
default	Keep the managed WTP, FortiAP or AP's administrator password set to the factory default.
no	Do not change the managed WTP, FortiAP or AP's administrator password.

Set the managed WTP, FortiAP, or AP's administrator password.

password

Not Specified

lldp

Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP (default = enable).

option

Option	Description
enable	Enable LLDP.
disable	Disable LLDP.

poe-mode

Set the WTP, FortiAP, or AP's PoE mode.

option

Option	Description
auto	Automatically detect the PoE mode.
8023af	Use 802.3af PoE mode.
8023at	Use 802.3at PoE mode.
power-adapter	Use the power adapter to control the PoE mode.

ext-info-enable

Enable/disable station/VAP/radio extension information.

option

Option	Description
enable	Enable station/VAP/radio extension information.
disable	Disable station/VAP/radio extension information.

config platform

Parameter name

Description

Type

Size

type

WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in profile and customize it or create a new profile.

option

Option	Description
AP-11N	Default 11n AP.
220B	FAP220B/221B.
210B	FAP210B.
222B	FAP222B.
112B	FAP112B.
320B	FAP320B.
11C	FAP11C.
14C	FAP14C.
223B	FAP223B.
28C	FAP28C.
320C	FAP320C.
221C	FAP221C.
25D	FAP25D.
222C	FAP222C.
224D	FAP224D.
214B	FK214B.
21D	FAP21D.
24D	FAP24D.
112D	FAP112D.
223C	FAP223C.
321C	FAP321C.
C220C	FAPC220C.
C225C	FAPC225C.
C23JD	FAPC23JD.
C24JE	FAPC24JE.
S321C	FAPS321C.
S322C	FAPS322C.
S323C	FAPS323C.
S311C	FAPS311C.
S313C	FAPS313C.
S321CR	FAPS321CR.
S322CR	FAPS322CR.
S323CR	FAPS323CR.
S421E	FAPS421E.
S422E	FAPS422E.
S423E	FAPS423E.
421E	FAP421E.
423E	FAP423E.
221E	FAP221E.
222E	FAP222E.
223E	FAP223E.
224E	FAP224E.
231E	FAP231E.
S221E	FAPS221E.
S223E	FAPS223E.
321E	FAP321E.
431F	FAP431F.
432F	FAP432F.
433F	FAP433F.
231F	FAP231F.
234F	FAP234F.
23JF	FAP23JF.
U421E	FAPU421EV.
U422EV	FAPU422EV.
U423E	FAPU423EV.
U221EV	FAPU221EV.
U223EV	FAPU223EV.
U24JEV	FAPU24JEV.
U321EV	FAPU321EV.
U323EV	FAPU323EV.
U431F	FAPU431F.
U433F	FAPU433F.

mode

Configure operation mode of 5G radios (default = single-5G).

option

Option	Description
single-5G	Configure radios as one 5GHz band, one 2.4GHz band, and one dedicated monitor or sniffer.
dual-5G	Configure radios as one lower 5GHz band, one higher 5GHz band and one 2.4GHz band respectively.

ddscan

Enable/disable use of one radio for dedicated dual-band scanning to detect RF characterization and wireless threat management.

option

Option	Description
enable	Enable dedicated dual-band scan mode.
disable	Disable dedicated dual-band scan mode.

config lan

Parameter name

Description

Type

Size

port-mode

LAN port mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port-ssid

Bridge LAN port to SSID.

string

Maximum length: 15

port1-mode

LAN port 1 mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port1-ssid

Bridge LAN port 1 to SSID.

string

Maximum length: 15

port2-mode

LAN port 2 mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port2-ssid

Bridge LAN port 2 to SSID.

string

Maximum length: 15

port3-mode

LAN port 3 mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port3-ssid

Bridge LAN port 3 to SSID.

string

Maximum length: 15

port4-mode

LAN port 4 mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port4-ssid

Bridge LAN port 4 to SSID.

string

Maximum length: 15

port5-mode

LAN port 5 mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port5-ssid

Bridge LAN port 5 to SSID.

string

Maximum length: 15

port6-mode

LAN port 6 mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port6-ssid

Bridge LAN port 6 to SSID.

string

Maximum length: 15

port7-mode

LAN port 7 mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port7-ssid

Bridge LAN port 7 to SSID.

string

Maximum length: 15

port8-mode

LAN port 8 mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port8-ssid

Bridge LAN port 8 to SSID.

string

Maximum length: 15

config deny-mac-list

Parameter name	Description	Type	Size
mac	A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP.	mac-address	Not Specified

config split-tunneling-acl

Parameter name	Description	Type	Size
dest-ip	Destination IP and mask for the split-tunneling subnet.	ipv4-classnet	Not Specified

config radio-1

Parameter name

Description

Type

Size

mode

Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer.

option

Option	Description
disabled	Radio 1 is disabled.
ap	Radio 1 operates as an access point that allows WiFi clients to connect to your network.
monitor	Radio 1 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.
sniffer	Radio 1 operates as a sniffer capturing WiFi frames on air.

band

WiFi band that Radio 1 operates on.

option

Option	Description
802.11a	802.11a.
802.11b	802.11b.
802.11g	802.11g/b.
802.11n	802.11n/g/b at 2.4GHz.
802.11n-5G	802.11n/a at 5GHz.
802.11ac	802.11ac/n/a.
802.11ax-5G	802.11ax/ac/n/a at 5GHz.
802.11ax	802.11ax/n/g/b at 2.4GHz.
802.11n,g-only	802.11n/g at 2.4GHz.
802.11g-only	802.11g.
802.11n-only	802.11n at 2.4GHz.
802.11n-5G-only	802.11n at 5GHz.
802.11ac,n-only	802.11ac/n.
802.11ac-only	802.11ac.
802.11ax,ac-only	802.11ax/ac at 5GHz.
802.11ax,ac,n-only	802.11ax/ac/n at 5GHz.
802.11ax-5G-only	802.11ax at 5GHz.
802.11ax,n-only	802.11ax/n at 2.4GHz.
802.11ax,n,g-only	802.11ax/n/g at 2.4GHz.
802.11ax-only	802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

Option	Description
5g-full	Full 5G band.
5g-high	High 5G band.
5g-low	Low 5G band.

airtime-fairness

Enable/disable airtime fairness (default = disable).

option

Option	Description
enable	Enable airtime fairness (ATF) support.
disable	Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

Option	Description
rtscts	Enable 802.11g protection RTS/CTS mode.
ctsonly	Enable 802.11g protection CTS only mode.
disable	Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

Option	Description
tim	TIM bit for client in power save mode.
ac-vo	Use AC VO priority to send out packets in the power save queue.
no-obss-scan	Do not put OBSS scan IE into beacon and probe response frames.
no-11b-rate	Do not send frame using 11b data rate.
client-rate-follow	Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

Option	Description
disable	Disable packet transmission optimization.
power-save	Tag client as operating in power save mode if excessive transmit retries occur.
aggr-limit	Set aggregation limit to a lower value when data rate is low.
retry-limit	Set software retry limit to a lower value when data rate is low.
send-bar	Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable).

option

Option	Description
enable	Enable AMSDU support.
disable	Disable AMSDU support.

coexistence

Enable/disable allowing both HT20 and HT40 on the same radio (default = enable).

option

Option	Description
enable	Enable support for both HT20 and HT40 on the same radio.
disable	Disable support for both HT20 and HT40 on the same radio.

zero-wait-dfs

Enable/disable zero wait DFS on radio (default = enable).

option

Option	Description
enable	Enable zero wait DFS
disable	Disable zero wait DFS

short-guard-interval

Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.

option

Option	Description
enable	Select the 400 ns short guard interval (Short GI).
disable	Select the 800 ns long guard interval (Long GI).

channel-bonding

Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.

option

Option	Description
160MHz	160 MHz channel width.
80MHz	80 MHz channel width.
40MHz	40 MHz channel width.
20MHz	20 MHz channel width.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).

option

Option	Description
enable	Enable automatic transmit power adjustment.
disable	Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

power-level

Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100).

integer

Minimum value: 0 Maximum value: 100

dtim

Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode.

integer

Minimum value: 1 Maximum value: 255

beacon-interval

Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100).

integer

Minimum value: 0 Maximum value: 65535

rts-threshold

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346).

integer

Minimum value: 256 Maximum value: 2346

frag-threshold

Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346).

integer

Minimum value: 800 Maximum value: 2346

ap-sniffer-bufsize

Sniffer buffer size (1 - 32 MB, default = 16).

integer

Minimum value: 1 Maximum value: 32

ap-sniffer-chan

Channel on which to operate the sniffer (default = 6).

integer

Minimum value: 0 Maximum value: 4294967295

ap-sniffer-addr

MAC address to monitor.

mac-address

Not Specified

ap-sniffer-mgmt-beacon

Enable/disable sniffer on WiFi management Beacon frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management beacon frame.
disable	Disable sniffer on WiFi management beacon frame.

ap-sniffer-mgmt-probe

Enable/disable sniffer on WiFi management probe frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management probe frame.
disable	Enable sniffer on WiFi management probe frame.

ap-sniffer-mgmt-other

Enable/disable sniffer on WiFi management other frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management other frame.
disable	Disable sniffer on WiFi management other frame.

ap-sniffer-ctl

Enable/disable sniffer on WiFi control frame (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi control frame.
disable	Disable sniffer on WiFi control frame.

ap-sniffer-data

Enable/disable sniffer on WiFi data frame (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi data frame
disable	Disable sniffer on WiFi data frame

channel-utilization

Enable/disable measuring channel utilization.

option

Option	Description
enable	Enable measuring channel utilization.
disable	Disable measuring channel utilization.

spectrum-analysis

Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.

option

Option	Description
enable	Enable spectrum analysis.
disable	Disable spectrum analysis.

wids-profile

Wireless Intrusion Detection System (WIDS) profile name to assign to the radio.

string

Maximum length: 35

darrp

Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable).

option

Option	Description
enable	Enable distributed automatic radio resource provisioning.
disable	Disable distributed automatic radio resource provisioning.

max-clients

Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.

integer

Minimum value: 0 Maximum value: 4294967295

max-distance

Maximum expected distance between the AP and clients (0 - 54000 m, default = 0).

integer

Minimum value: 0 Maximum value: 54000

frequency-handoff

Enable/disable frequency handoff of clients to other channels (default = disable).

option

Option	Description
enable	Enable frequency handoff.
disable	Disable frequency handoff.

ap-handoff

Enable/disable AP handoff of clients to other APs (default = disable).

option

Option	Description
enable	Enable AP handoff.
disable	Disable AP handoff.

vap-all

Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).

option

Option	Description
enable	Automatically select tunnel VAPs.
disable	Manually select VAPs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

call-admission-control

Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.

option

Option	Description
enable	Enable WMM call admission control.
disable	Disable WMM call admission control.

call-capacity

Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10).

integer

Minimum value: 0 Maximum value: 60

bandwidth-admission-control

Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.

option

Option	Description
enable	Enable WMM bandwidth admission control.
disable	Disable WMM bandwidth admission control.

bandwidth-capacity

Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000).

integer

Minimum value: 1 Maximum value: 600000

config radio-2

Parameter name

Description

Type

Size

mode

Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer.

option

Option	Description
disabled	Radio 2 is disabled.
ap	Radio 2 operates as an access point that allows WiFi clients to connect to your network.
monitor	Radio 2 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.
sniffer	Radio 2 operates as a sniffer capturing WiFi frames on air.

band

WiFi band that Radio 2 operates on.

option

Option	Description
802.11a	802.11a.
802.11b	802.11b.
802.11g	802.11g/b.
802.11n	802.11n/g/b at 2.4GHz.
802.11n-5G	802.11n/a at 5GHz.
802.11ac	802.11ac/n/a.
802.11ax-5G	802.11ax/ac/n/a at 5GHz.
802.11ax	802.11ax/n/g/b at 2.4GHz.
802.11n,g-only	802.11n/g at 2.4GHz.
802.11g-only	802.11g.
802.11n-only	802.11n at 2.4GHz.
802.11n-5G-only	802.11n at 5GHz.
802.11ac,n-only	802.11ac/n.
802.11ac-only	802.11ac.
802.11ax,ac-only	802.11ax/ac at 5GHz.
802.11ax,ac,n-only	802.11ax/ac/n at 5GHz.
802.11ax-5G-only	802.11ax at 5GHz.
802.11ax,n-only	802.11ax/n at 2.4GHz.
802.11ax,n,g-only	802.11ax/n/g at 2.4GHz.
802.11ax-only	802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

Option	Description
5g-full	Full 5G band.
5g-high	High 5G band.
5g-low	Low 5G band.

airtime-fairness

Enable/disable airtime fairness (default = disable).

option

Option	Description
enable	Enable airtime fairness (ATF) support.
disable	Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

Option	Description
rtscts	Enable 802.11g protection RTS/CTS mode.
ctsonly	Enable 802.11g protection CTS only mode.
disable	Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

Option	Description
tim	TIM bit for client in power save mode.
ac-vo	Use AC VO priority to send out packets in the power save queue.
no-obss-scan	Do not put OBSS scan IE into beacon and probe response frames.
no-11b-rate	Do not send frame using 11b data rate.
client-rate-follow	Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

Option	Description
disable	Disable packet transmission optimization.
power-save	Tag client as operating in power save mode if excessive transmit retries occur.
aggr-limit	Set aggregation limit to a lower value when data rate is low.
retry-limit	Set software retry limit to a lower value when data rate is low.
send-bar	Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable).

option

Option	Description
enable	Enable AMSDU support.
disable	Disable AMSDU support.

coexistence

Enable/disable allowing both HT20 and HT40 on the same radio (default = enable).

option

Option	Description
enable	Enable support for both HT20 and HT40 on the same radio.
disable	Disable support for both HT20 and HT40 on the same radio.

zero-wait-dfs

Enable/disable zero wait DFS on radio (default = enable).

option

Option	Description
enable	Enable zero wait DFS
disable	Disable zero wait DFS

short-guard-interval

Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.

option

Option	Description
enable	Select the 400 ns short guard interval (Short GI).
disable	Select the 800 ns long guard interval (Long GI).

channel-bonding

Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.

option

Option	Description
160MHz	160 MHz channel width.
80MHz	80 MHz channel width.
40MHz	40 MHz channel width.
20MHz	20 MHz channel width.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).

option

Option	Description
enable	Enable automatic transmit power adjustment.
disable	Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

power-level

Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100).

integer

Minimum value: 0 Maximum value: 100

dtim

Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode.

integer

Minimum value: 1 Maximum value: 255

beacon-interval

Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100).

integer

Minimum value: 0 Maximum value: 65535

rts-threshold

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346).

integer

Minimum value: 256 Maximum value: 2346

frag-threshold

Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346).

integer

Minimum value: 800 Maximum value: 2346

ap-sniffer-bufsize

Sniffer buffer size (1 - 32 MB, default = 16).

integer

Minimum value: 1 Maximum value: 32

ap-sniffer-chan

Channel on which to operate the sniffer (default = 6).

integer

Minimum value: 0 Maximum value: 4294967295

ap-sniffer-addr

MAC address to monitor.

mac-address

Not Specified

ap-sniffer-mgmt-beacon

Enable/disable sniffer on WiFi management Beacon frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management beacon frame.
disable	Disable sniffer on WiFi management beacon frame.

ap-sniffer-mgmt-probe

Enable/disable sniffer on WiFi management probe frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management probe frame.
disable	Enable sniffer on WiFi management probe frame.

ap-sniffer-mgmt-other

Enable/disable sniffer on WiFi management other frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management other frame.
disable	Disable sniffer on WiFi management other frame.

ap-sniffer-ctl

Enable/disable sniffer on WiFi control frame (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi control frame.
disable	Disable sniffer on WiFi control frame.

ap-sniffer-data

Enable/disable sniffer on WiFi data frame (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi data frame
disable	Disable sniffer on WiFi data frame

channel-utilization

Enable/disable measuring channel utilization.

option

Option	Description
enable	Enable measuring channel utilization.
disable	Disable measuring channel utilization.

spectrum-analysis

Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.

option

Option	Description
enable	Enable spectrum analysis.
disable	Disable spectrum analysis.

wids-profile

Wireless Intrusion Detection System (WIDS) profile name to assign to the radio.

string

Maximum length: 35

darrp

Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable).

option

Option	Description
enable	Enable distributed automatic radio resource provisioning.
disable	Disable distributed automatic radio resource provisioning.

max-clients

Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.

integer

Minimum value: 0 Maximum value: 4294967295

max-distance

Maximum expected distance between the AP and clients (0 - 54000 m, default = 0).

integer

Minimum value: 0 Maximum value: 54000

frequency-handoff

Enable/disable frequency handoff of clients to other channels (default = disable).

option

Option	Description
enable	Enable frequency handoff.
disable	Disable frequency handoff.

ap-handoff

Enable/disable AP handoff of clients to other APs (default = disable).

option

Option	Description
enable	Enable AP handoff.
disable	Disable AP handoff.

vap-all

Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).

option

Option	Description
enable	Automatically select tunnel VAPs.
disable	Manually select VAPs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

call-admission-control

Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.

option

Option	Description
enable	Enable WMM call admission control.
disable	Disable WMM call admission control.

call-capacity

Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10).

integer

Minimum value: 0 Maximum value: 60

bandwidth-admission-control

option

Option	Description
enable	Enable WMM bandwidth admission control.
disable	Disable WMM bandwidth admission control.

bandwidth-capacity

Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000).

integer

Minimum value: 1 Maximum value: 600000

config radio-3

Parameter name

Description

Type

Size

mode

Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer.

option

Option	Description
disabled	Radio 3 is disabled.
ap	Radio 3 operates as an access point that allows WiFi clients to connect to your network.
monitor	Radio 3 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.
sniffer	Radio 3 operates as a sniffer capturing WiFi frames on air.

band

WiFi band that Radio 3 operates on.

option

Option	Description
802.11a	802.11a.
802.11b	802.11b.
802.11g	802.11g/b.
802.11n	802.11n/g/b at 2.4GHz.
802.11n-5G	802.11n/a at 5GHz.
802.11ac	802.11ac/n/a.
802.11ax-5G	802.11ax/ac/n/a at 5GHz.
802.11ax	802.11ax/n/g/b at 2.4GHz.
802.11n,g-only	802.11n/g at 2.4GHz.
802.11g-only	802.11g.
802.11n-only	802.11n at 2.4GHz.
802.11n-5G-only	802.11n at 5GHz.
802.11ac,n-only	802.11ac/n.
802.11ac-only	802.11ac.
802.11ax,ac-only	802.11ax/ac at 5GHz.
802.11ax,ac,n-only	802.11ax/ac/n at 5GHz.
802.11ax-5G-only	802.11ax at 5GHz.
802.11ax,n-only	802.11ax/n at 2.4GHz.
802.11ax,n,g-only	802.11ax/n/g at 2.4GHz.
802.11ax-only	802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

Option	Description
5g-full	Full 5G band.
5g-high	High 5G band.
5g-low	Low 5G band.

airtime-fairness

Enable/disable airtime fairness (default = disable).

option

Option	Description
enable	Enable airtime fairness (ATF) support.
disable	Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

Option	Description
rtscts	Enable 802.11g protection RTS/CTS mode.
ctsonly	Enable 802.11g protection CTS only mode.
disable	Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

Option	Description
tim	TIM bit for client in power save mode.
ac-vo	Use AC VO priority to send out packets in the power save queue.
no-obss-scan	Do not put OBSS scan IE into beacon and probe response frames.
no-11b-rate	Do not send frame using 11b data rate.
client-rate-follow	Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

Option	Description
disable	Disable packet transmission optimization.
power-save	Tag client as operating in power save mode if excessive transmit retries occur.
aggr-limit	Set aggregation limit to a lower value when data rate is low.
retry-limit	Set software retry limit to a lower value when data rate is low.
send-bar	Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable).

option

Option	Description
enable	Enable AMSDU support.
disable	Disable AMSDU support.

coexistence

Enable/disable allowing both HT20 and HT40 on the same radio (default = enable).

option

Option	Description
enable	Enable support for both HT20 and HT40 on the same radio.
disable	Disable support for both HT20 and HT40 on the same radio.

zero-wait-dfs

Enable/disable zero wait DFS on radio (default = enable).

option

Option	Description
enable	Enable zero wait DFS
disable	Disable zero wait DFS

short-guard-interval

Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.

option

Option	Description
enable	Select the 400 ns short guard interval (Short GI).
disable	Select the 800 ns long guard interval (Long GI).

channel-bonding

Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.

option

Option	Description
160MHz	160 MHz channel width.
80MHz	80 MHz channel width.
40MHz	40 MHz channel width.
20MHz	20 MHz channel width.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).

option

Option	Description
enable	Enable automatic transmit power adjustment.
disable	Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

power-level

Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100).

integer

Minimum value: 0 Maximum value: 100

dtim

Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode.

integer

Minimum value: 1 Maximum value: 255

beacon-interval

Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100).

integer

Minimum value: 0 Maximum value: 65535

rts-threshold

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346).

integer

Minimum value: 256 Maximum value: 2346

frag-threshold

Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346).

integer

Minimum value: 800 Maximum value: 2346

ap-sniffer-bufsize

Sniffer buffer size (1 - 32 MB, default = 16).

integer

Minimum value: 1 Maximum value: 32

ap-sniffer-chan

Channel on which to operate the sniffer (default = 6).

integer

Minimum value: 0 Maximum value: 4294967295

ap-sniffer-addr

MAC address to monitor.

mac-address

Not Specified

ap-sniffer-mgmt-beacon

Enable/disable sniffer on WiFi management Beacon frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management beacon frame.
disable	Disable sniffer on WiFi management beacon frame.

ap-sniffer-mgmt-probe

Enable/disable sniffer on WiFi management probe frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management probe frame.
disable	Enable sniffer on WiFi management probe frame.

ap-sniffer-mgmt-other

Enable/disable sniffer on WiFi management other frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management other frame.
disable	Disable sniffer on WiFi management other frame.

ap-sniffer-ctl

Enable/disable sniffer on WiFi control frame (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi control frame.
disable	Disable sniffer on WiFi control frame.

ap-sniffer-data

Enable/disable sniffer on WiFi data frame (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi data frame
disable	Disable sniffer on WiFi data frame

channel-utilization

Enable/disable measuring channel utilization.

option

Option	Description
enable	Enable measuring channel utilization.
disable	Disable measuring channel utilization.

spectrum-analysis

Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.

option

Option	Description
enable	Enable spectrum analysis.
disable	Disable spectrum analysis.

wids-profile

Wireless Intrusion Detection System (WIDS) profile name to assign to the radio.

string

Maximum length: 35

darrp

Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable).

option

Option	Description
enable	Enable distributed automatic radio resource provisioning.
disable	Disable distributed automatic radio resource provisioning.

max-clients

Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.

integer

Minimum value: 0 Maximum value: 4294967295

max-distance

Maximum expected distance between the AP and clients (0 - 54000 m, default = 0).

integer

Minimum value: 0 Maximum value: 54000

frequency-handoff

Enable/disable frequency handoff of clients to other channels (default = disable).

option

Option	Description
enable	Enable frequency handoff.
disable	Disable frequency handoff.

ap-handoff

Enable/disable AP handoff of clients to other APs (default = disable).

option

Option	Description
enable	Enable AP handoff.
disable	Disable AP handoff.

vap-all

Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).

option

Option	Description
enable	Automatically select tunnel VAPs.
disable	Manually select VAPs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

call-admission-control

Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.

option

Option	Description
enable	Enable WMM call admission control.
disable	Disable WMM call admission control.

call-capacity

Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10).

integer

Minimum value: 0 Maximum value: 60

bandwidth-admission-control

option

Option	Description
enable	Enable WMM bandwidth admission control.
disable	Disable WMM bandwidth admission control.

bandwidth-capacity

Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000).

integer

Minimum value: 1 Maximum value: 600000

config radio-4

Parameter name

Description

Type

Size

mode

Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer.

option

Option	Description
disabled	Radio 3 is disabled.
ap	Radio 3 operates as an access point that allows WiFi clients to connect to your network.
monitor	Radio 3 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.
sniffer	Radio 3 operates as a sniffer capturing WiFi frames on air.

band

WiFi band that Radio 3 operates on.

option

Option	Description
802.11a	802.11a.
802.11b	802.11b.
802.11g	802.11g/b.
802.11n	802.11n/g/b at 2.4GHz.
802.11n-5G	802.11n/a at 5GHz.
802.11ac	802.11ac/n/a.
802.11ax-5G	802.11ax/ac/n/a at 5GHz.
802.11ax	802.11ax/n/g/b at 2.4GHz.
802.11n,g-only	802.11n/g at 2.4GHz.
802.11g-only	802.11g.
802.11n-only	802.11n at 2.4GHz.
802.11n-5G-only	802.11n at 5GHz.
802.11ac,n-only	802.11ac/n.
802.11ac-only	802.11ac.
802.11ax,ac-only	802.11ax/ac at 5GHz.
802.11ax,ac,n-only	802.11ax/ac/n at 5GHz.
802.11ax-5G-only	802.11ax at 5GHz.
802.11ax,n-only	802.11ax/n at 2.4GHz.
802.11ax,n,g-only	802.11ax/n/g at 2.4GHz.
802.11ax-only	802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

Option	Description
5g-full	Full 5G band.
5g-high	High 5G band.
5g-low	Low 5G band.

airtime-fairness

Enable/disable airtime fairness (default = disable).

option

Option	Description
enable	Enable airtime fairness (ATF) support.
disable	Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

Option	Description
rtscts	Enable 802.11g protection RTS/CTS mode.
ctsonly	Enable 802.11g protection CTS only mode.
disable	Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

Option	Description
tim	TIM bit for client in power save mode.
ac-vo	Use AC VO priority to send out packets in the power save queue.
no-obss-scan	Do not put OBSS scan IE into beacon and probe response frames.
no-11b-rate	Do not send frame using 11b data rate.
client-rate-follow	Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

Option	Description
disable	Disable packet transmission optimization.
power-save	Tag client as operating in power save mode if excessive transmit retries occur.
aggr-limit	Set aggregation limit to a lower value when data rate is low.
retry-limit	Set software retry limit to a lower value when data rate is low.
send-bar	Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable).

option

Option	Description
enable	Enable AMSDU support.
disable	Disable AMSDU support.

coexistence

Enable/disable allowing both HT20 and HT40 on the same radio (default = enable).

option

Option	Description
enable	Enable support for both HT20 and HT40 on the same radio.
disable	Disable support for both HT20 and HT40 on the same radio.

zero-wait-dfs

Enable/disable zero wait DFS on radio (default = enable).

option

Option	Description
enable	Enable zero wait DFS
disable	Disable zero wait DFS

short-guard-interval

Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.

option

Option	Description
enable	Select the 400 ns short guard interval (Short GI).
disable	Select the 800 ns long guard interval (Long GI).

channel-bonding

Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.

option

Option	Description
160MHz	160 MHz channel width.
80MHz	80 MHz channel width.
40MHz	40 MHz channel width.
20MHz	20 MHz channel width.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).

option

Option	Description
enable	Enable automatic transmit power adjustment.
disable	Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

power-level

Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100).

integer

Minimum value: 0 Maximum value: 100

dtim

Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode.

integer

Minimum value: 1 Maximum value: 255

beacon-interval

Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100).

integer

Minimum value: 0 Maximum value: 65535

rts-threshold

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346).

integer

Minimum value: 256 Maximum value: 2346

frag-threshold

Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346).

integer

Minimum value: 800 Maximum value: 2346

ap-sniffer-bufsize

Sniffer buffer size (1 - 32 MB, default = 16).

integer

Minimum value: 1 Maximum value: 32

ap-sniffer-chan

Channel on which to operate the sniffer (default = 6).

integer

Minimum value: 0 Maximum value: 4294967295

ap-sniffer-addr

MAC address to monitor.

mac-address

Not Specified

ap-sniffer-mgmt-beacon

Enable/disable sniffer on WiFi management Beacon frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management beacon frame.
disable	Disable sniffer on WiFi management beacon frame.

ap-sniffer-mgmt-probe

Enable/disable sniffer on WiFi management probe frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management probe frame.
disable	Enable sniffer on WiFi management probe frame.

ap-sniffer-mgmt-other

Enable/disable sniffer on WiFi management other frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management other frame.
disable	Disable sniffer on WiFi management other frame.

ap-sniffer-ctl

Enable/disable sniffer on WiFi control frame (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi control frame.
disable	Disable sniffer on WiFi control frame.

ap-sniffer-data

Enable/disable sniffer on WiFi data frame (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi data frame
disable	Disable sniffer on WiFi data frame

channel-utilization

Enable/disable measuring channel utilization.

option

Option	Description
enable	Enable measuring channel utilization.
disable	Disable measuring channel utilization.

spectrum-analysis

Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.

option

Option	Description
enable	Enable spectrum analysis.
disable	Disable spectrum analysis.

wids-profile

Wireless Intrusion Detection System (WIDS) profile name to assign to the radio.

string

Maximum length: 35

darrp

Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable).

option

Option	Description
enable	Enable distributed automatic radio resource provisioning.
disable	Disable distributed automatic radio resource provisioning.

max-clients

Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.

integer

Minimum value: 0 Maximum value: 4294967295

max-distance

Maximum expected distance between the AP and clients (0 - 54000 m, default = 0).

integer

Minimum value: 0 Maximum value: 54000

frequency-handoff

Enable/disable frequency handoff of clients to other channels (default = disable).

option

Option	Description
enable	Enable frequency handoff.
disable	Disable frequency handoff.

ap-handoff

Enable/disable AP handoff of clients to other APs (default = disable).

option

Option	Description
enable	Enable AP handoff.
disable	Disable AP handoff.

vap-all

Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).

option

Option	Description
enable	Automatically select tunnel VAPs.
disable	Manually select VAPs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

call-admission-control

Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.

option

Option	Description
enable	Enable WMM call admission control.
disable	Disable WMM call admission control.

call-capacity

Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10).

integer

Minimum value: 0 Maximum value: 60

bandwidth-admission-control

option

Option	Description
enable	Enable WMM bandwidth admission control.
disable	Disable WMM bandwidth admission control.

bandwidth-capacity

Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000).

integer

Minimum value: 1 Maximum value: 600000

config lbs

Parameter name

Description

Type

Size

ekahau-blink-mode

Enable/disable Ekahau blink mode (now known as AiRISTA Flow) to track and locate WiFi tags (default = disable).

option

Option	Description
enable	Enable Ekahau blink mode.
disable	Disable Ekahau blink mode.

ekahau-tag

WiFi frame MAC address or WiFi Tag.

mac-address

Not Specified

erc-server-ip

IP address of Ekahau RTLS Controller (ERC).

ipv4-address-any

Not Specified

erc-server-port

Ekahau RTLS Controller (ERC) UDP listening port.

integer

Minimum value: 1024 Maximum value: 65535

aeroscout

Enable/disable AeroScout Real Time Location Service (RTLS) support (default = disable).

option

Option	Description
enable	Enable AeroScout support.
disable	Disable AeroScout support.

aeroscout-server-ip

IP address of AeroScout server.

ipv4-address-any

Not Specified

aeroscout-server-port

AeroScout server UDP listening port.

integer

Minimum value: 1024 Maximum value: 65535

aeroscout-mu

Enable/disable AeroScout Mobile Unit (MU) support (default = disable).

option

Option	Description
enable	Enable AeroScout MU mode support.
disable	Disable AeroScout MU mode support.

aeroscout-ap-mac

Use BSSID or board MAC address as AP MAC address in AeroScout AP messages (default = bssid).

option

Option	Description
bssid	Use BSSID as AP MAC address in AeroScout AP messages.
board-mac	Use board MAC address as AP MAC address in AeroScout AP messages.

aeroscout-mmu-report

Enable/disable compounded AeroScout tag and MU report (default = enable).

option

Option	Description
enable	Enable compounded AeroScout tag and MU report.
disable	Disable compounded AeroScout tag and MU report.

aeroscout-mu-factor

AeroScout MU mode dilution factor (default = 20).

integer

Minimum value: 0 Maximum value: 4294967295

aeroscout-mu-timeout

AeroScout MU mode timeout (0 - 65535 sec, default = 5).

integer

Minimum value: 0 Maximum value: 65535

fortipresence

Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don't connect to this WiFi network (default = disable).

option

Option	Description
foreign	FortiPresence monitors foreign channels only. Foreign channels mean all other available channels than the current operating channel of the WTP, AP, or FortiAP.
both	Enable FortiPresence on both foreign and home channels. Select this option to have FortiPresence monitor all WiFi channels.
disable	Disable FortiPresence.

fortipresence-server

FortiPresence server IP address.

ipv4-address-any

Not Specified

fortipresence-port

FortiPresence server UDP listening port (default = 3000).

integer

Minimum value: 300 Maximum value: 65535

fortipresence-secret

FortiPresence secret password (max. 16 characters).

password

Not Specified

fortipresence-project

FortiPresence project name (max. 16 characters, default = fortipresence).

string

Maximum length: 16

fortipresence-frequency

FortiPresence report transmit frequency (5 - 65535 sec, default = 30).

integer

Minimum value: 5 Maximum value: 65535

fortipresence-rogue

Enable/disable FortiPresence finding and reporting rogue APs.

option

Option	Description
enable	Enable FortiPresence finding and reporting rogue APs.
disable	Disable FortiPresence finding and reporting rogue APs.

fortipresence-unassoc

Enable/disable FortiPresence finding and reporting unassociated stations.

option

Option	Description
enable	Enable FortiPresence finding and reporting unassociated stations.
disable	Disable FortiPresence finding and reporting unassociated stations.

fortipresence-ble

Enable/disable FortiPresence finding and reporting BLE devices.

option

Option	Description
enable	Enable FortiPresence finding and reporting BLE devices.
disable	Disable FortiPresence finding and reporting BLE devices.

station-locate

Enable/disable client station locating services for all clients, whether associated or not (default = disable).

option

Option	Description
enable	Enable station locating service.
disable	Disable station locating service.

config wireless-controller wtp-profile

Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.

config wireless-controller wtp-profile

Description: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.

edit <name>

set comment {var-string}

config platform

Description: WTP, FortiAP, or AP platform.

set type [AP-11N|220B|...]

set mode [single-5G|dual-5G]

set ddscan [enable|disable]

end

set control-message-offload {option1}, {option2}, ...

set ble-profile {string}

set wan-port-mode [wan-lan|wan-only]

config lan

Description: WTP LAN port mapping.

set port-mode [offline|nat-to-wan|...]

set port-ssid {string}

set port1-mode [offline|nat-to-wan|...]

set port1-ssid {string}

set port2-mode [offline|nat-to-wan|...]

set port2-ssid {string}

set port3-mode [offline|nat-to-wan|...]

set port3-ssid {string}

set port4-mode [offline|nat-to-wan|...]

set port4-ssid {string}

set port5-mode [offline|nat-to-wan|...]

set port5-ssid {string}

set port6-mode [offline|nat-to-wan|...]

set port6-ssid {string}

set port7-mode [offline|nat-to-wan|...]

set port7-ssid {string}

set port8-mode [offline|nat-to-wan|...]

set port8-ssid {string}

end

set energy-efficient-ethernet [enable|disable]

set led-state [enable|disable]

set led-schedules <name1>, <name2>, ...

set dtls-policy {option1}, {option2}, ...

set dtls-in-kernel [enable|disable]

set max-clients {integer}

set handoff-rssi {integer}

set handoff-sta-thresh {integer}

set handoff-roaming [enable|disable]

config deny-mac-list

Description: List of MAC addresses that are denied access to this WTP, FortiAP, or AP.

edit <id>

set mac {mac-address}

end

set ap-country [NA|AL|...]

set ip-fragment-preventing {option1}, {option2}, ...

set tun-mtu-uplink {integer}

set tun-mtu-downlink {integer}

set split-tunneling-acl-path [tunnel|local]

set split-tunneling-acl-local-ap-subnet [enable|disable]

config split-tunneling-acl

Description: Split tunneling ACL filter list.

edit <id>

set dest-ip {ipv4-classnet}

end

set allowaccess {option1}, {option2}, ...

set login-passwd-change [yes|default|...]

set login-passwd {password}

set lldp [enable|disable]

set poe-mode [auto|8023af|...]

config radio-1

Description: Configuration options for radio 1.

set mode [disabled|ap|...]

set band [802.11a|802.11b|...]

set band-5g-type [5g-full|5g-high|...]

set airtime-fairness [enable|disable]

set protection-mode [rtscts|ctsonly|...]

set powersave-optimize {option1}, {option2}, ...

set transmit-optimize {option1}, {option2}, ...

set amsdu [enable|disable]

set coexistence [enable|disable]

set zero-wait-dfs [enable|disable]

set short-guard-interval [enable|disable]

set channel-bonding [160MHz|80MHz|...]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set power-level {integer}

set dtim {integer}

set beacon-interval {integer}

set rts-threshold {integer}

set frag-threshold {integer}

set ap-sniffer-bufsize {integer}

set ap-sniffer-chan {integer}

set ap-sniffer-addr {mac-address}

set ap-sniffer-mgmt-beacon [enable|disable]

set ap-sniffer-mgmt-probe [enable|disable]

set ap-sniffer-mgmt-other [enable|disable]

set ap-sniffer-ctl [enable|disable]

set ap-sniffer-data [enable|disable]

set channel-utilization [enable|disable]

set spectrum-analysis [enable|disable]

set wids-profile {string}

set darrp [enable|disable]

set max-clients {integer}

set max-distance {integer}

set frequency-handoff [enable|disable]

set ap-handoff [enable|disable]

set vap-all [enable|disable]

set vaps <name1>, <name2>, ...

set channel <chan1>, <chan2>, ...

set call-admission-control [enable|disable]

set call-capacity {integer}

set bandwidth-admission-control [enable|disable]

set bandwidth-capacity {integer}

end

config radio-2

Description: Configuration options for radio 2.

set mode [disabled|ap|...]

set band [802.11a|802.11b|...]

set band-5g-type [5g-full|5g-high|...]

set airtime-fairness [enable|disable]

set protection-mode [rtscts|ctsonly|...]

set powersave-optimize {option1}, {option2}, ...

set transmit-optimize {option1}, {option2}, ...

set amsdu [enable|disable]

set coexistence [enable|disable]

set zero-wait-dfs [enable|disable]

set short-guard-interval [enable|disable]

set channel-bonding [160MHz|80MHz|...]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set power-level {integer}

set dtim {integer}

set beacon-interval {integer}

set rts-threshold {integer}

set frag-threshold {integer}

set ap-sniffer-bufsize {integer}

set ap-sniffer-chan {integer}

set ap-sniffer-addr {mac-address}

set ap-sniffer-mgmt-beacon [enable|disable]

set ap-sniffer-mgmt-probe [enable|disable]

set ap-sniffer-mgmt-other [enable|disable]

set ap-sniffer-ctl [enable|disable]

set ap-sniffer-data [enable|disable]

set channel-utilization [enable|disable]

set spectrum-analysis [enable|disable]

set wids-profile {string}

set darrp [enable|disable]

set max-clients {integer}

set max-distance {integer}

set frequency-handoff [enable|disable]

set ap-handoff [enable|disable]

set vap-all [enable|disable]

set vaps <name1>, <name2>, ...

set channel <chan1>, <chan2>, ...

set call-admission-control [enable|disable]

set call-capacity {integer}

set bandwidth-admission-control [enable|disable]

set bandwidth-capacity {integer}

end

config radio-3

Description: Configuration options for radio 3.

set mode [disabled|ap|...]

set band [802.11a|802.11b|...]

set band-5g-type [5g-full|5g-high|...]

set airtime-fairness [enable|disable]

set protection-mode [rtscts|ctsonly|...]

set powersave-optimize {option1}, {option2}, ...

set transmit-optimize {option1}, {option2}, ...

set amsdu [enable|disable]

set coexistence [enable|disable]

set zero-wait-dfs [enable|disable]

set short-guard-interval [enable|disable]

set channel-bonding [160MHz|80MHz|...]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set power-level {integer}

set dtim {integer}

set beacon-interval {integer}

set rts-threshold {integer}

set frag-threshold {integer}

set ap-sniffer-bufsize {integer}

set ap-sniffer-chan {integer}

set ap-sniffer-addr {mac-address}

set ap-sniffer-mgmt-beacon [enable|disable]

set ap-sniffer-mgmt-probe [enable|disable]

set ap-sniffer-mgmt-other [enable|disable]

set ap-sniffer-ctl [enable|disable]

set ap-sniffer-data [enable|disable]

set channel-utilization [enable|disable]

set spectrum-analysis [enable|disable]

set wids-profile {string}

set darrp [enable|disable]

set max-clients {integer}

set max-distance {integer}

set frequency-handoff [enable|disable]

set ap-handoff [enable|disable]

set vap-all [enable|disable]

set vaps <name1>, <name2>, ...

set channel <chan1>, <chan2>, ...

set call-admission-control [enable|disable]

set call-capacity {integer}

set bandwidth-admission-control [enable|disable]

set bandwidth-capacity {integer}

end

config radio-4

Description: Configuration options for radio 4.

set mode [disabled|ap|...]

set band [802.11a|802.11b|...]

set band-5g-type [5g-full|5g-high|...]

set airtime-fairness [enable|disable]

set protection-mode [rtscts|ctsonly|...]

set powersave-optimize {option1}, {option2}, ...

set transmit-optimize {option1}, {option2}, ...

set amsdu [enable|disable]

set coexistence [enable|disable]

set zero-wait-dfs [enable|disable]

set short-guard-interval [enable|disable]

set channel-bonding [160MHz|80MHz|...]

set auto-power-level [enable|disable]

set auto-power-high {integer}

set auto-power-low {integer}

set power-level {integer}

set dtim {integer}

set beacon-interval {integer}

set rts-threshold {integer}

set frag-threshold {integer}

set ap-sniffer-bufsize {integer}

set ap-sniffer-chan {integer}

set ap-sniffer-addr {mac-address}

set ap-sniffer-mgmt-beacon [enable|disable]

set ap-sniffer-mgmt-probe [enable|disable]

set ap-sniffer-mgmt-other [enable|disable]

set ap-sniffer-ctl [enable|disable]

set ap-sniffer-data [enable|disable]

set channel-utilization [enable|disable]

set spectrum-analysis [enable|disable]

set wids-profile {string}

set darrp [enable|disable]

set max-clients {integer}

set max-distance {integer}

set frequency-handoff [enable|disable]

set ap-handoff [enable|disable]

set vap-all [enable|disable]

set vaps <name1>, <name2>, ...

set channel <chan1>, <chan2>, ...

set call-admission-control [enable|disable]

set call-capacity {integer}

set bandwidth-admission-control [enable|disable]

set bandwidth-capacity {integer}

end

config lbs

Description: Set various location based service (LBS) options.

set ekahau-blink-mode [enable|disable]

set ekahau-tag {mac-address}

set erc-server-ip {ipv4-address-any}

set erc-server-port {integer}

set aeroscout [enable|disable]

set aeroscout-server-ip {ipv4-address-any}

set aeroscout-server-port {integer}

set aeroscout-mu [enable|disable]

set aeroscout-ap-mac [bssid|board-mac]

set aeroscout-mmu-report [enable|disable]

set aeroscout-mu-factor {integer}

set aeroscout-mu-timeout {integer}

set fortipresence [foreign|both|...]

set fortipresence-server {ipv4-address-any}

set fortipresence-port {integer}

set fortipresence-secret {password}

set fortipresence-project {string}

set fortipresence-frequency {integer}

set fortipresence-rogue [enable|disable]

set fortipresence-unassoc [enable|disable]

set fortipresence-ble [enable|disable]

set station-locate [enable|disable]

end

set ext-info-enable [enable|disable]

end

config wireless-controller wtp-profile

Parameter name

Description

Type

Size

comment

Comment.

var-string

Maximum length: 255

control-message-offload

Enable/disable CAPWAP control message data channel offload.

option

Option	Description
ebp-frame	Ekahau blink protocol (EBP) frames.
aeroscout-tag	AeroScout tag.
ap-list	Rogue AP list.
sta-list	Rogue STA list.
sta-cap-list	STA capability list.
stats	WTP, radio, VAP, and STA statistics.
aeroscout-mu	AeroScout Mobile Unit (MU) report.
sta-health	STA health log.

ble-profile

Bluetooth Low Energy profile name.

string

Maximum length: 35

wan-port-mode

Enable/disable using a WAN port as a LAN port.

option

Option	Description
wan-lan	Enable using a WAN port as a LAN port.
wan-only	Disable using a WAN port as a LAN port.

energy-efficient-ethernet

Enable/disable use of energy efficient Ethernet on WTP.

option

Option	Description
enable	Enable use of energy efficient Ethernet on WTP.
disable	Disable use of energy efficient Ethernet on WTP.

led-state

Enable/disable use of LEDs on WTP (default = disable).

option

Option	Description
enable	Enable use of LEDs on WTP.
disable	Disable use of LEDs on WTP.

led-schedules <name>

Schedule name.

string

Maximum length: 35

dtls-policy

WTP data channel DTLS policy (default = clear-text).

option

Option	Description
clear-text	Clear Text Data Channel.
dtls-enabled	DTLS Enabled Data Channel.
ipsec-vpn	IPsec VPN Data Channel.

dtls-in-kernel

Enable/disable data channel DTLS in kernel.

option

Option	Description
enable	Enable data channel DTLS in kernel.
disable	Disable data channel DTLS in kernel.

max-clients

Maximum number of stations (STAs) supported by the WTP (default = 0, meaning no client limitation).

integer

Minimum value: 0 Maximum value: 4294967295

handoff-rssi

Minimum received signal strength indicator (RSSI) value for handoff (20 - 30, default = 25).

integer

Minimum value: 20 Maximum value: 30

handoff-sta-thresh

Threshold value for AP handoff.

integer

Minimum value: 0 Maximum value: 4294967295

handoff-roaming

Enable/disable client load balancing during roaming to avoid roaming delay (default = disable).

option

Option	Description
enable	Enable handoff roaming.
disable	Disable handoff roaming.

ap-country

Country in which this WTP, FortiAP or AP will operate (default = NA, automatically use the country configured for the current VDOM).

option

Option	Description
NA	NO_COUNTRY_SET
AL	ALBANIA
DZ	ALGERIA
AO	ANGOLA
AR	ARGENTINA
AM	ARMENIA
AU	AUSTRALIA
AT	AUSTRIA
AZ	AZERBAIJAN
BH	BAHRAIN
BD	BANGLADESH
BB	BARBADOS
BY	BELARUS
BE	BELGIUM
BZ	BELIZE
BO	BOLIVIA
BA	BOSNIA AND HERZEGOVINA
BR	BRAZIL
BN	BRUNEI DARUSSALAM
BG	BULGARIA
KH	CAMBODIA
CF	CENTRAL AFRICA REPUBLIC
CL	CHILE
CN	CHINA
CO	COLOMBIA
CR	COSTA RICA
HR	CROATIA
CY	CYPRUS
CZ	CZECH REPUBLIC
DK	DENMARK
DO	DOMINICAN REPUBLIC
EC	ECUADOR
EG	EGYPT
SV	EL SALVADOR
EE	ESTONIA
FI	FINLAND
FR	FRANCE
GE	GEORGIA
DE	GERMANY
GR	GREECE
GL	GREENLAND
GD	GRENADA
GU	GUAM
GT	GUATEMALA
HT	HAITI
HN	HONDURAS
HK	HONG KONG
HU	HUNGARY
IS	ICELAND
IN	INDIA
ID	INDONESIA
IR	IRAN
IE	IRELAND
IL	ISRAEL
IT	ITALY
JM	JAMAICA
JO	JORDAN
KZ	KAZAKHSTAN
KE	KENYA
KP	NORTH KOREA
KR	KOREA REPUBLIC
KW	KUWAIT
LV	LATVIA
LB	LEBANON
LI	LIECHTENSTEIN
LT	LITHUANIA
LU	LUXEMBOURG
MO	MACAU SAR
MK	MACEDONIA, FYRO
MY	MALAYSIA
MT	MALTA
MX	MEXICO
MC	MONACO
MA	MOROCCO
MZ	MOZAMBIQUE
MM	MYANMAR
NP	NEPAL
NL	NETHERLANDS
AN	NETHERLANDS ANTILLES
AW	ARUBA
NZ	NEW ZEALAND
NO	NORWAY
OM	OMAN
PK	PAKISTAN
PA	PANAMA
PG	PAPUA NEW GUINEA
PY	PARAGUAY
PE	PERU
PH	PHILIPPINES
PL	POLAND
PT	PORTUGAL
PR	PUERTO RICO
QA	QATAR
RO	ROMANIA
RU	RUSSIA
RW	RWANDA
SA	SAUDI ARABIA
RS	REPUBLIC OF SERBIA
ME	MONTENEGRO
SG	SINGAPORE
SK	SLOVAKIA
SI	SLOVENIA
ZA	SOUTH AFRICA
ES	SPAIN
LK	SRI LANKA
SE	SWEDEN
SD	SUDAN
CH	SWITZERLAND
SY	SYRIAN ARAB REPUBLIC
TW	TAIWAN
TZ	TANZANIA
TH	THAILAND
TT	TRINIDAD AND TOBAGO
TN	TUNISIA
TR	TURKEY
AE	UNITED ARAB EMIRATES
UA	UKRAINE
GB	UNITED KINGDOM
US	UNITED STATES2
PS	UNITED STATES (PUBLIC SAFETY)
UY	URUGUAY
UZ	UZBEKISTAN
VE	VENEZUELA
VN	VIET NAM
YE	YEMEN
ZB	ZAMBIA
ZW	ZIMBABWE
JP	JAPAN14
CA	CANADA2

ip-fragment-preventing

Method(s) by which IP fragmentation is prevented for control and data packets through CAPWAP tunnel (default = tcp-mss-adjust).

option

Option	Description
tcp-mss-adjust	TCP maximum segment size adjustment.
icmp-unreachable	Drop packet and send ICMP Destination Unreachable

tun-mtu-uplink

The maximum transmission unit (MTU) of uplink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0).

integer

Minimum value: 576 Maximum value: 1500

tun-mtu-downlink

The MTU of downlink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0).

integer

Minimum value: 576 Maximum value: 1500

split-tunneling-acl-path

Split tunneling ACL path is local/tunnel.

option

Option	Description
tunnel	Split tunneling ACL list traffic will be tunnel.
local	Split tunneling ACL list traffic will be local NATed.

split-tunneling-acl-local-ap-subnet

Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL (default = disable).

option

Option	Description
enable	Enable automatically adding local subnetwork of FortiAP to split-tunneling ACL.
disable	Disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

allowaccess

Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space.

option

Option	Description
https	HTTPS access.
ssh	SSH access.
snmp	SNMP access.

Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no, default = no).

option

Option	Description
yes	Change the managed WTP, FortiAP or AP's administrator password. Use the login-password option to set the password.
default	Keep the managed WTP, FortiAP or AP's administrator password set to the factory default.
no	Do not change the managed WTP, FortiAP or AP's administrator password.

Set the managed WTP, FortiAP, or AP's administrator password.

password

Not Specified

lldp

Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP (default = enable).

option

Option	Description
enable	Enable LLDP.
disable	Disable LLDP.

poe-mode

Set the WTP, FortiAP, or AP's PoE mode.

option

Option	Description
auto	Automatically detect the PoE mode.
8023af	Use 802.3af PoE mode.
8023at	Use 802.3at PoE mode.
power-adapter	Use the power adapter to control the PoE mode.

ext-info-enable

Enable/disable station/VAP/radio extension information.

option

Option	Description
enable	Enable station/VAP/radio extension information.
disable	Disable station/VAP/radio extension information.

config platform

Parameter name

Description

Type

Size

type

WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in profile and customize it or create a new profile.

option

Option	Description
AP-11N	Default 11n AP.
220B	FAP220B/221B.
210B	FAP210B.
222B	FAP222B.
112B	FAP112B.
320B	FAP320B.
11C	FAP11C.
14C	FAP14C.
223B	FAP223B.
28C	FAP28C.
320C	FAP320C.
221C	FAP221C.
25D	FAP25D.
222C	FAP222C.
224D	FAP224D.
214B	FK214B.
21D	FAP21D.
24D	FAP24D.
112D	FAP112D.
223C	FAP223C.
321C	FAP321C.
C220C	FAPC220C.
C225C	FAPC225C.
C23JD	FAPC23JD.
C24JE	FAPC24JE.
S321C	FAPS321C.
S322C	FAPS322C.
S323C	FAPS323C.
S311C	FAPS311C.
S313C	FAPS313C.
S321CR	FAPS321CR.
S322CR	FAPS322CR.
S323CR	FAPS323CR.
S421E	FAPS421E.
S422E	FAPS422E.
S423E	FAPS423E.
421E	FAP421E.
423E	FAP423E.
221E	FAP221E.
222E	FAP222E.
223E	FAP223E.
224E	FAP224E.
231E	FAP231E.
S221E	FAPS221E.
S223E	FAPS223E.
321E	FAP321E.
431F	FAP431F.
432F	FAP432F.
433F	FAP433F.
231F	FAP231F.
234F	FAP234F.
23JF	FAP23JF.
U421E	FAPU421EV.
U422EV	FAPU422EV.
U423E	FAPU423EV.
U221EV	FAPU221EV.
U223EV	FAPU223EV.
U24JEV	FAPU24JEV.
U321EV	FAPU321EV.
U323EV	FAPU323EV.
U431F	FAPU431F.
U433F	FAPU433F.

mode

Configure operation mode of 5G radios (default = single-5G).

option

Option	Description
single-5G	Configure radios as one 5GHz band, one 2.4GHz band, and one dedicated monitor or sniffer.
dual-5G	Configure radios as one lower 5GHz band, one higher 5GHz band and one 2.4GHz band respectively.

ddscan

Enable/disable use of one radio for dedicated dual-band scanning to detect RF characterization and wireless threat management.

option

Option	Description
enable	Enable dedicated dual-band scan mode.
disable	Disable dedicated dual-band scan mode.

config lan

Parameter name

Description

Type

Size

port-mode

LAN port mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port-ssid

Bridge LAN port to SSID.

string

Maximum length: 15

port1-mode

LAN port 1 mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port1-ssid

Bridge LAN port 1 to SSID.

string

Maximum length: 15

port2-mode

LAN port 2 mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port2-ssid

Bridge LAN port 2 to SSID.

string

Maximum length: 15

port3-mode

LAN port 3 mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port3-ssid

Bridge LAN port 3 to SSID.

string

Maximum length: 15

port4-mode

LAN port 4 mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port4-ssid

Bridge LAN port 4 to SSID.

string

Maximum length: 15

port5-mode

LAN port 5 mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port5-ssid

Bridge LAN port 5 to SSID.

string

Maximum length: 15

port6-mode

LAN port 6 mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port6-ssid

Bridge LAN port 6 to SSID.

string

Maximum length: 15

port7-mode

LAN port 7 mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port7-ssid

Bridge LAN port 7 to SSID.

string

Maximum length: 15

port8-mode

LAN port 8 mode.

option

Option	Description
offline	Offline.
nat-to-wan	NAT WTP LAN port to WTP WAN port.
bridge-to-wan	Bridge WTP LAN port to WTP WAN port.
bridge-to-ssid	Bridge WTP LAN port to SSID.

port8-ssid

Bridge LAN port 8 to SSID.

string

Maximum length: 15

config deny-mac-list

Parameter name	Description	Type	Size
mac	A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP.	mac-address	Not Specified

config split-tunneling-acl

Parameter name	Description	Type	Size
dest-ip	Destination IP and mask for the split-tunneling subnet.	ipv4-classnet	Not Specified

config radio-1

Parameter name

Description

Type

Size

mode

Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer.

option

Option	Description
disabled	Radio 1 is disabled.
ap	Radio 1 operates as an access point that allows WiFi clients to connect to your network.
monitor	Radio 1 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.
sniffer	Radio 1 operates as a sniffer capturing WiFi frames on air.

band

WiFi band that Radio 1 operates on.

option

Option	Description
802.11a	802.11a.
802.11b	802.11b.
802.11g	802.11g/b.
802.11n	802.11n/g/b at 2.4GHz.
802.11n-5G	802.11n/a at 5GHz.
802.11ac	802.11ac/n/a.
802.11ax-5G	802.11ax/ac/n/a at 5GHz.
802.11ax	802.11ax/n/g/b at 2.4GHz.
802.11n,g-only	802.11n/g at 2.4GHz.
802.11g-only	802.11g.
802.11n-only	802.11n at 2.4GHz.
802.11n-5G-only	802.11n at 5GHz.
802.11ac,n-only	802.11ac/n.
802.11ac-only	802.11ac.
802.11ax,ac-only	802.11ax/ac at 5GHz.
802.11ax,ac,n-only	802.11ax/ac/n at 5GHz.
802.11ax-5G-only	802.11ax at 5GHz.
802.11ax,n-only	802.11ax/n at 2.4GHz.
802.11ax,n,g-only	802.11ax/n/g at 2.4GHz.
802.11ax-only	802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

Option	Description
5g-full	Full 5G band.
5g-high	High 5G band.
5g-low	Low 5G band.

airtime-fairness

Enable/disable airtime fairness (default = disable).

option

Option	Description
enable	Enable airtime fairness (ATF) support.
disable	Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

Option	Description
rtscts	Enable 802.11g protection RTS/CTS mode.
ctsonly	Enable 802.11g protection CTS only mode.
disable	Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

Option	Description
tim	TIM bit for client in power save mode.
ac-vo	Use AC VO priority to send out packets in the power save queue.
no-obss-scan	Do not put OBSS scan IE into beacon and probe response frames.
no-11b-rate	Do not send frame using 11b data rate.
client-rate-follow	Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

Option	Description
disable	Disable packet transmission optimization.
power-save	Tag client as operating in power save mode if excessive transmit retries occur.
aggr-limit	Set aggregation limit to a lower value when data rate is low.
retry-limit	Set software retry limit to a lower value when data rate is low.
send-bar	Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable).

option

Option	Description
enable	Enable AMSDU support.
disable	Disable AMSDU support.

coexistence

Enable/disable allowing both HT20 and HT40 on the same radio (default = enable).

option

Option	Description
enable	Enable support for both HT20 and HT40 on the same radio.
disable	Disable support for both HT20 and HT40 on the same radio.

zero-wait-dfs

Enable/disable zero wait DFS on radio (default = enable).

option

Option	Description
enable	Enable zero wait DFS
disable	Disable zero wait DFS

short-guard-interval

Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.

option

Option	Description
enable	Select the 400 ns short guard interval (Short GI).
disable	Select the 800 ns long guard interval (Long GI).

channel-bonding

Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.

option

Option	Description
160MHz	160 MHz channel width.
80MHz	80 MHz channel width.
40MHz	40 MHz channel width.
20MHz	20 MHz channel width.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).

option

Option	Description
enable	Enable automatic transmit power adjustment.
disable	Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

power-level

Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100).

integer

Minimum value: 0 Maximum value: 100

dtim

Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode.

integer

Minimum value: 1 Maximum value: 255

beacon-interval

Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100).

integer

Minimum value: 0 Maximum value: 65535

rts-threshold

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346).

integer

Minimum value: 256 Maximum value: 2346

frag-threshold

Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346).

integer

Minimum value: 800 Maximum value: 2346

ap-sniffer-bufsize

Sniffer buffer size (1 - 32 MB, default = 16).

integer

Minimum value: 1 Maximum value: 32

ap-sniffer-chan

Channel on which to operate the sniffer (default = 6).

integer

Minimum value: 0 Maximum value: 4294967295

ap-sniffer-addr

MAC address to monitor.

mac-address

Not Specified

ap-sniffer-mgmt-beacon

Enable/disable sniffer on WiFi management Beacon frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management beacon frame.
disable	Disable sniffer on WiFi management beacon frame.

ap-sniffer-mgmt-probe

Enable/disable sniffer on WiFi management probe frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management probe frame.
disable	Enable sniffer on WiFi management probe frame.

ap-sniffer-mgmt-other

Enable/disable sniffer on WiFi management other frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management other frame.
disable	Disable sniffer on WiFi management other frame.

ap-sniffer-ctl

Enable/disable sniffer on WiFi control frame (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi control frame.
disable	Disable sniffer on WiFi control frame.

ap-sniffer-data

Enable/disable sniffer on WiFi data frame (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi data frame
disable	Disable sniffer on WiFi data frame

channel-utilization

Enable/disable measuring channel utilization.

option

Option	Description
enable	Enable measuring channel utilization.
disable	Disable measuring channel utilization.

spectrum-analysis

Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.

option

Option	Description
enable	Enable spectrum analysis.
disable	Disable spectrum analysis.

wids-profile

Wireless Intrusion Detection System (WIDS) profile name to assign to the radio.

string

Maximum length: 35

darrp

Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable).

option

Option	Description
enable	Enable distributed automatic radio resource provisioning.
disable	Disable distributed automatic radio resource provisioning.

max-clients

Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.

integer

Minimum value: 0 Maximum value: 4294967295

max-distance

Maximum expected distance between the AP and clients (0 - 54000 m, default = 0).

integer

Minimum value: 0 Maximum value: 54000

frequency-handoff

Enable/disable frequency handoff of clients to other channels (default = disable).

option

Option	Description
enable	Enable frequency handoff.
disable	Disable frequency handoff.

ap-handoff

Enable/disable AP handoff of clients to other APs (default = disable).

option

Option	Description
enable	Enable AP handoff.
disable	Disable AP handoff.

vap-all

Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).

option

Option	Description
enable	Automatically select tunnel VAPs.
disable	Manually select VAPs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

call-admission-control

Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.

option

Option	Description
enable	Enable WMM call admission control.
disable	Disable WMM call admission control.

call-capacity

Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10).

integer

Minimum value: 0 Maximum value: 60

bandwidth-admission-control

option

Option	Description
enable	Enable WMM bandwidth admission control.
disable	Disable WMM bandwidth admission control.

bandwidth-capacity

Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000).

integer

Minimum value: 1 Maximum value: 600000

config radio-2

Parameter name

Description

Type

Size

mode

Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer.

option

Option	Description
disabled	Radio 2 is disabled.
ap	Radio 2 operates as an access point that allows WiFi clients to connect to your network.
monitor	Radio 2 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.
sniffer	Radio 2 operates as a sniffer capturing WiFi frames on air.

band

WiFi band that Radio 2 operates on.

option

Option	Description
802.11a	802.11a.
802.11b	802.11b.
802.11g	802.11g/b.
802.11n	802.11n/g/b at 2.4GHz.
802.11n-5G	802.11n/a at 5GHz.
802.11ac	802.11ac/n/a.
802.11ax-5G	802.11ax/ac/n/a at 5GHz.
802.11ax	802.11ax/n/g/b at 2.4GHz.
802.11n,g-only	802.11n/g at 2.4GHz.
802.11g-only	802.11g.
802.11n-only	802.11n at 2.4GHz.
802.11n-5G-only	802.11n at 5GHz.
802.11ac,n-only	802.11ac/n.
802.11ac-only	802.11ac.
802.11ax,ac-only	802.11ax/ac at 5GHz.
802.11ax,ac,n-only	802.11ax/ac/n at 5GHz.
802.11ax-5G-only	802.11ax at 5GHz.
802.11ax,n-only	802.11ax/n at 2.4GHz.
802.11ax,n,g-only	802.11ax/n/g at 2.4GHz.
802.11ax-only	802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

Option	Description
5g-full	Full 5G band.
5g-high	High 5G band.
5g-low	Low 5G band.

airtime-fairness

Enable/disable airtime fairness (default = disable).

option

Option	Description
enable	Enable airtime fairness (ATF) support.
disable	Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

Option	Description
rtscts	Enable 802.11g protection RTS/CTS mode.
ctsonly	Enable 802.11g protection CTS only mode.
disable	Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

Option	Description
tim	TIM bit for client in power save mode.
ac-vo	Use AC VO priority to send out packets in the power save queue.
no-obss-scan	Do not put OBSS scan IE into beacon and probe response frames.
no-11b-rate	Do not send frame using 11b data rate.
client-rate-follow	Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

Option	Description
disable	Disable packet transmission optimization.
power-save	Tag client as operating in power save mode if excessive transmit retries occur.
aggr-limit	Set aggregation limit to a lower value when data rate is low.
retry-limit	Set software retry limit to a lower value when data rate is low.
send-bar	Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable).

option

Option	Description
enable	Enable AMSDU support.
disable	Disable AMSDU support.

coexistence

Enable/disable allowing both HT20 and HT40 on the same radio (default = enable).

option

Option	Description
enable	Enable support for both HT20 and HT40 on the same radio.
disable	Disable support for both HT20 and HT40 on the same radio.

zero-wait-dfs

Enable/disable zero wait DFS on radio (default = enable).

option

Option	Description
enable	Enable zero wait DFS
disable	Disable zero wait DFS

short-guard-interval

Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.

option

Option	Description
enable	Select the 400 ns short guard interval (Short GI).
disable	Select the 800 ns long guard interval (Long GI).

channel-bonding

Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.

option

Option	Description
160MHz	160 MHz channel width.
80MHz	80 MHz channel width.
40MHz	40 MHz channel width.
20MHz	20 MHz channel width.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).

option

Option	Description
enable	Enable automatic transmit power adjustment.
disable	Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

power-level

Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100).

integer

Minimum value: 0 Maximum value: 100

dtim

Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode.

integer

Minimum value: 1 Maximum value: 255

beacon-interval

Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100).

integer

Minimum value: 0 Maximum value: 65535

rts-threshold

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346).

integer

Minimum value: 256 Maximum value: 2346

frag-threshold

Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346).

integer

Minimum value: 800 Maximum value: 2346

ap-sniffer-bufsize

Sniffer buffer size (1 - 32 MB, default = 16).

integer

Minimum value: 1 Maximum value: 32

ap-sniffer-chan

Channel on which to operate the sniffer (default = 6).

integer

Minimum value: 0 Maximum value: 4294967295

ap-sniffer-addr

MAC address to monitor.

mac-address

Not Specified

ap-sniffer-mgmt-beacon

Enable/disable sniffer on WiFi management Beacon frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management beacon frame.
disable	Disable sniffer on WiFi management beacon frame.

ap-sniffer-mgmt-probe

Enable/disable sniffer on WiFi management probe frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management probe frame.
disable	Enable sniffer on WiFi management probe frame.

ap-sniffer-mgmt-other

Enable/disable sniffer on WiFi management other frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management other frame.
disable	Disable sniffer on WiFi management other frame.

ap-sniffer-ctl

Enable/disable sniffer on WiFi control frame (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi control frame.
disable	Disable sniffer on WiFi control frame.

ap-sniffer-data

Enable/disable sniffer on WiFi data frame (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi data frame
disable	Disable sniffer on WiFi data frame

channel-utilization

Enable/disable measuring channel utilization.

option

Option	Description
enable	Enable measuring channel utilization.
disable	Disable measuring channel utilization.

spectrum-analysis

Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.

option

Option	Description
enable	Enable spectrum analysis.
disable	Disable spectrum analysis.

wids-profile

Wireless Intrusion Detection System (WIDS) profile name to assign to the radio.

string

Maximum length: 35

darrp

Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable).

option

Option	Description
enable	Enable distributed automatic radio resource provisioning.
disable	Disable distributed automatic radio resource provisioning.

max-clients

Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.

integer

Minimum value: 0 Maximum value: 4294967295

max-distance

Maximum expected distance between the AP and clients (0 - 54000 m, default = 0).

integer

Minimum value: 0 Maximum value: 54000

frequency-handoff

Enable/disable frequency handoff of clients to other channels (default = disable).

option

Option	Description
enable	Enable frequency handoff.
disable	Disable frequency handoff.

ap-handoff

Enable/disable AP handoff of clients to other APs (default = disable).

option

Option	Description
enable	Enable AP handoff.
disable	Disable AP handoff.

vap-all

Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).

option

Option	Description
enable	Automatically select tunnel VAPs.
disable	Manually select VAPs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

call-admission-control

Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.

option

Option	Description
enable	Enable WMM call admission control.
disable	Disable WMM call admission control.

call-capacity

Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10).

integer

Minimum value: 0 Maximum value: 60

bandwidth-admission-control

option

Option	Description
enable	Enable WMM bandwidth admission control.
disable	Disable WMM bandwidth admission control.

bandwidth-capacity

Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000).

integer

Minimum value: 1 Maximum value: 600000

config radio-3

Parameter name

Description

Type

Size

mode

Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer.

option

Option	Description
disabled	Radio 3 is disabled.
ap	Radio 3 operates as an access point that allows WiFi clients to connect to your network.
monitor	Radio 3 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.
sniffer	Radio 3 operates as a sniffer capturing WiFi frames on air.

band

WiFi band that Radio 3 operates on.

option

Option	Description
802.11a	802.11a.
802.11b	802.11b.
802.11g	802.11g/b.
802.11n	802.11n/g/b at 2.4GHz.
802.11n-5G	802.11n/a at 5GHz.
802.11ac	802.11ac/n/a.
802.11ax-5G	802.11ax/ac/n/a at 5GHz.
802.11ax	802.11ax/n/g/b at 2.4GHz.
802.11n,g-only	802.11n/g at 2.4GHz.
802.11g-only	802.11g.
802.11n-only	802.11n at 2.4GHz.
802.11n-5G-only	802.11n at 5GHz.
802.11ac,n-only	802.11ac/n.
802.11ac-only	802.11ac.
802.11ax,ac-only	802.11ax/ac at 5GHz.
802.11ax,ac,n-only	802.11ax/ac/n at 5GHz.
802.11ax-5G-only	802.11ax at 5GHz.
802.11ax,n-only	802.11ax/n at 2.4GHz.
802.11ax,n,g-only	802.11ax/n/g at 2.4GHz.
802.11ax-only	802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

Option	Description
5g-full	Full 5G band.
5g-high	High 5G band.
5g-low	Low 5G band.

airtime-fairness

Enable/disable airtime fairness (default = disable).

option

Option	Description
enable	Enable airtime fairness (ATF) support.
disable	Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

Option	Description
rtscts	Enable 802.11g protection RTS/CTS mode.
ctsonly	Enable 802.11g protection CTS only mode.
disable	Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

Option	Description
tim	TIM bit for client in power save mode.
ac-vo	Use AC VO priority to send out packets in the power save queue.
no-obss-scan	Do not put OBSS scan IE into beacon and probe response frames.
no-11b-rate	Do not send frame using 11b data rate.
client-rate-follow	Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

Option	Description
disable	Disable packet transmission optimization.
power-save	Tag client as operating in power save mode if excessive transmit retries occur.
aggr-limit	Set aggregation limit to a lower value when data rate is low.
retry-limit	Set software retry limit to a lower value when data rate is low.
send-bar	Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable).

option

Option	Description
enable	Enable AMSDU support.
disable	Disable AMSDU support.

coexistence

Enable/disable allowing both HT20 and HT40 on the same radio (default = enable).

option

Option	Description
enable	Enable support for both HT20 and HT40 on the same radio.
disable	Disable support for both HT20 and HT40 on the same radio.

zero-wait-dfs

Enable/disable zero wait DFS on radio (default = enable).

option

Option	Description
enable	Enable zero wait DFS
disable	Disable zero wait DFS

short-guard-interval

Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.

option

Option	Description
enable	Select the 400 ns short guard interval (Short GI).
disable	Select the 800 ns long guard interval (Long GI).

channel-bonding

Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.

option

Option	Description
160MHz	160 MHz channel width.
80MHz	80 MHz channel width.
40MHz	40 MHz channel width.
20MHz	20 MHz channel width.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).

option

Option	Description
enable	Enable automatic transmit power adjustment.
disable	Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

power-level

Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100).

integer

Minimum value: 0 Maximum value: 100

dtim

Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode.

integer

Minimum value: 1 Maximum value: 255

beacon-interval

Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100).

integer

Minimum value: 0 Maximum value: 65535

rts-threshold

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346).

integer

Minimum value: 256 Maximum value: 2346

frag-threshold

Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346).

integer

Minimum value: 800 Maximum value: 2346

ap-sniffer-bufsize

Sniffer buffer size (1 - 32 MB, default = 16).

integer

Minimum value: 1 Maximum value: 32

ap-sniffer-chan

Channel on which to operate the sniffer (default = 6).

integer

Minimum value: 0 Maximum value: 4294967295

ap-sniffer-addr

MAC address to monitor.

mac-address

Not Specified

ap-sniffer-mgmt-beacon

Enable/disable sniffer on WiFi management Beacon frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management beacon frame.
disable	Disable sniffer on WiFi management beacon frame.

ap-sniffer-mgmt-probe

Enable/disable sniffer on WiFi management probe frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management probe frame.
disable	Enable sniffer on WiFi management probe frame.

ap-sniffer-mgmt-other

Enable/disable sniffer on WiFi management other frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management other frame.
disable	Disable sniffer on WiFi management other frame.

ap-sniffer-ctl

Enable/disable sniffer on WiFi control frame (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi control frame.
disable	Disable sniffer on WiFi control frame.

ap-sniffer-data

Enable/disable sniffer on WiFi data frame (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi data frame
disable	Disable sniffer on WiFi data frame

channel-utilization

Enable/disable measuring channel utilization.

option

Option	Description
enable	Enable measuring channel utilization.
disable	Disable measuring channel utilization.

spectrum-analysis

Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.

option

Option	Description
enable	Enable spectrum analysis.
disable	Disable spectrum analysis.

wids-profile

Wireless Intrusion Detection System (WIDS) profile name to assign to the radio.

string

Maximum length: 35

darrp

Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable).

option

Option	Description
enable	Enable distributed automatic radio resource provisioning.
disable	Disable distributed automatic radio resource provisioning.

max-clients

Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.

integer

Minimum value: 0 Maximum value: 4294967295

max-distance

Maximum expected distance between the AP and clients (0 - 54000 m, default = 0).

integer

Minimum value: 0 Maximum value: 54000

frequency-handoff

Enable/disable frequency handoff of clients to other channels (default = disable).

option

Option	Description
enable	Enable frequency handoff.
disable	Disable frequency handoff.

ap-handoff

Enable/disable AP handoff of clients to other APs (default = disable).

option

Option	Description
enable	Enable AP handoff.
disable	Disable AP handoff.

vap-all

Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).

option

Option	Description
enable	Automatically select tunnel VAPs.
disable	Manually select VAPs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

call-admission-control

Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.

option

Option	Description
enable	Enable WMM call admission control.
disable	Disable WMM call admission control.

call-capacity

Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10).

integer

Minimum value: 0 Maximum value: 60

bandwidth-admission-control

option

Option	Description
enable	Enable WMM bandwidth admission control.
disable	Disable WMM bandwidth admission control.

bandwidth-capacity

Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000).

integer

Minimum value: 1 Maximum value: 600000

config radio-4

Parameter name

Description

Type

Size

mode

Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer.

option

Option	Description
disabled	Radio 3 is disabled.
ap	Radio 3 operates as an access point that allows WiFi clients to connect to your network.
monitor	Radio 3 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.
sniffer	Radio 3 operates as a sniffer capturing WiFi frames on air.

band

WiFi band that Radio 3 operates on.

option

Option	Description
802.11a	802.11a.
802.11b	802.11b.
802.11g	802.11g/b.
802.11n	802.11n/g/b at 2.4GHz.
802.11n-5G	802.11n/a at 5GHz.
802.11ac	802.11ac/n/a.
802.11ax-5G	802.11ax/ac/n/a at 5GHz.
802.11ax	802.11ax/n/g/b at 2.4GHz.
802.11n,g-only	802.11n/g at 2.4GHz.
802.11g-only	802.11g.
802.11n-only	802.11n at 2.4GHz.
802.11n-5G-only	802.11n at 5GHz.
802.11ac,n-only	802.11ac/n.
802.11ac-only	802.11ac.
802.11ax,ac-only	802.11ax/ac at 5GHz.
802.11ax,ac,n-only	802.11ax/ac/n at 5GHz.
802.11ax-5G-only	802.11ax at 5GHz.
802.11ax,n-only	802.11ax/n at 2.4GHz.
802.11ax,n,g-only	802.11ax/n/g at 2.4GHz.
802.11ax-only	802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

Option	Description
5g-full	Full 5G band.
5g-high	High 5G band.
5g-low	Low 5G band.

airtime-fairness

Enable/disable airtime fairness (default = disable).

option

Option	Description
enable	Enable airtime fairness (ATF) support.
disable	Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

Option	Description
rtscts	Enable 802.11g protection RTS/CTS mode.
ctsonly	Enable 802.11g protection CTS only mode.
disable	Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

Option	Description
tim	TIM bit for client in power save mode.
ac-vo	Use AC VO priority to send out packets in the power save queue.
no-obss-scan	Do not put OBSS scan IE into beacon and probe response frames.
no-11b-rate	Do not send frame using 11b data rate.
client-rate-follow	Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

Option	Description
disable	Disable packet transmission optimization.
power-save	Tag client as operating in power save mode if excessive transmit retries occur.
aggr-limit	Set aggregation limit to a lower value when data rate is low.
retry-limit	Set software retry limit to a lower value when data rate is low.
send-bar	Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable).

option

Option	Description
enable	Enable AMSDU support.
disable	Disable AMSDU support.

coexistence

Enable/disable allowing both HT20 and HT40 on the same radio (default = enable).

option

Option	Description
enable	Enable support for both HT20 and HT40 on the same radio.
disable	Disable support for both HT20 and HT40 on the same radio.

zero-wait-dfs

Enable/disable zero wait DFS on radio (default = enable).

option

Option	Description
enable	Enable zero wait DFS
disable	Disable zero wait DFS

short-guard-interval

Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.

option

Option	Description
enable	Select the 400 ns short guard interval (Short GI).
disable	Select the 800 ns long guard interval (Long GI).

channel-bonding

Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.

option

Option	Description
160MHz	160 MHz channel width.
80MHz	80 MHz channel width.
40MHz	40 MHz channel width.
20MHz	20 MHz channel width.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable).

option

Option	Description
enable	Enable automatic transmit power adjustment.
disable	Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

power-level

Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100).

integer

Minimum value: 0 Maximum value: 100

dtim

Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode.

integer

Minimum value: 1 Maximum value: 255

beacon-interval

Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100).

integer

Minimum value: 0 Maximum value: 65535

rts-threshold

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346).

integer

Minimum value: 256 Maximum value: 2346

frag-threshold

Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346).

integer

Minimum value: 800 Maximum value: 2346

ap-sniffer-bufsize

Sniffer buffer size (1 - 32 MB, default = 16).

integer

Minimum value: 1 Maximum value: 32

ap-sniffer-chan

Channel on which to operate the sniffer (default = 6).

integer

Minimum value: 0 Maximum value: 4294967295

ap-sniffer-addr

MAC address to monitor.

mac-address

Not Specified

ap-sniffer-mgmt-beacon

Enable/disable sniffer on WiFi management Beacon frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management beacon frame.
disable	Disable sniffer on WiFi management beacon frame.

ap-sniffer-mgmt-probe

Enable/disable sniffer on WiFi management probe frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management probe frame.
disable	Enable sniffer on WiFi management probe frame.

ap-sniffer-mgmt-other

Enable/disable sniffer on WiFi management other frames (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi management other frame.
disable	Disable sniffer on WiFi management other frame.

ap-sniffer-ctl

Enable/disable sniffer on WiFi control frame (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi control frame.
disable	Disable sniffer on WiFi control frame.

ap-sniffer-data

Enable/disable sniffer on WiFi data frame (default = enable).

option

Option	Description
enable	Enable sniffer on WiFi data frame
disable	Disable sniffer on WiFi data frame

channel-utilization

Enable/disable measuring channel utilization.

option

Option	Description
enable	Enable measuring channel utilization.
disable	Disable measuring channel utilization.

spectrum-analysis

Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.

option

Option	Description
enable	Enable spectrum analysis.
disable	Disable spectrum analysis.

wids-profile

Wireless Intrusion Detection System (WIDS) profile name to assign to the radio.

string

Maximum length: 35

darrp

Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable).

option

Option	Description
enable	Enable distributed automatic radio resource provisioning.
disable	Disable distributed automatic radio resource provisioning.

max-clients

Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.

integer

Minimum value: 0 Maximum value: 4294967295

max-distance

Maximum expected distance between the AP and clients (0 - 54000 m, default = 0).

integer

Minimum value: 0 Maximum value: 54000

frequency-handoff

Enable/disable frequency handoff of clients to other channels (default = disable).

option

Option	Description
enable	Enable frequency handoff.
disable	Disable frequency handoff.

ap-handoff

Enable/disable AP handoff of clients to other APs (default = disable).

option

Option	Description
enable	Enable AP handoff.
disable	Disable AP handoff.

vap-all

Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).

option

Option	Description
enable	Automatically select tunnel VAPs.
disable	Manually select VAPs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

call-admission-control

Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.

option

Option	Description
enable	Enable WMM call admission control.
disable	Disable WMM call admission control.

call-capacity

Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10).

integer

Minimum value: 0 Maximum value: 60

bandwidth-admission-control

option

Option	Description
enable	Enable WMM bandwidth admission control.
disable	Disable WMM bandwidth admission control.

bandwidth-capacity

Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000).

integer

Minimum value: 1 Maximum value: 600000

config lbs

Parameter name

Description

Type

Size

ekahau-blink-mode

Enable/disable Ekahau blink mode (now known as AiRISTA Flow) to track and locate WiFi tags (default = disable).

option

Option	Description
enable	Enable Ekahau blink mode.
disable	Disable Ekahau blink mode.

ekahau-tag

WiFi frame MAC address or WiFi Tag.

mac-address

Not Specified

erc-server-ip

IP address of Ekahau RTLS Controller (ERC).

ipv4-address-any

Not Specified

erc-server-port

Ekahau RTLS Controller (ERC) UDP listening port.

integer

Minimum value: 1024 Maximum value: 65535

aeroscout

Enable/disable AeroScout Real Time Location Service (RTLS) support (default = disable).

option

Option	Description
enable	Enable AeroScout support.
disable	Disable AeroScout support.

aeroscout-server-ip

IP address of AeroScout server.

ipv4-address-any

Not Specified

aeroscout-server-port

AeroScout server UDP listening port.

integer

Minimum value: 1024 Maximum value: 65535

aeroscout-mu

Enable/disable AeroScout Mobile Unit (MU) support (default = disable).

option

Option	Description
enable	Enable AeroScout MU mode support.
disable	Disable AeroScout MU mode support.

aeroscout-ap-mac

Use BSSID or board MAC address as AP MAC address in AeroScout AP messages (default = bssid).

option

Option	Description
bssid	Use BSSID as AP MAC address in AeroScout AP messages.
board-mac	Use board MAC address as AP MAC address in AeroScout AP messages.

aeroscout-mmu-report

Enable/disable compounded AeroScout tag and MU report (default = enable).

option

Option	Description
enable	Enable compounded AeroScout tag and MU report.
disable	Disable compounded AeroScout tag and MU report.

aeroscout-mu-factor

AeroScout MU mode dilution factor (default = 20).

integer

Minimum value: 0 Maximum value: 4294967295

aeroscout-mu-timeout

AeroScout MU mode timeout (0 - 65535 sec, default = 5).

integer

Minimum value: 0 Maximum value: 65535

fortipresence

Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don't connect to this WiFi network (default = disable).

option

Option	Description
foreign	FortiPresence monitors foreign channels only. Foreign channels mean all other available channels than the current operating channel of the WTP, AP, or FortiAP.
both	Enable FortiPresence on both foreign and home channels. Select this option to have FortiPresence monitor all WiFi channels.
disable	Disable FortiPresence.

fortipresence-server

FortiPresence server IP address.

ipv4-address-any

Not Specified

fortipresence-port

FortiPresence server UDP listening port (default = 3000).

integer

Minimum value: 300 Maximum value: 65535

fortipresence-secret

FortiPresence secret password (max. 16 characters).

password

Not Specified

fortipresence-project

FortiPresence project name (max. 16 characters, default = fortipresence).

string

Maximum length: 16

fortipresence-frequency

FortiPresence report transmit frequency (5 - 65535 sec, default = 30).

integer

Minimum value: 5 Maximum value: 65535

fortipresence-rogue

Enable/disable FortiPresence finding and reporting rogue APs.

option

Option	Description
enable	Enable FortiPresence finding and reporting rogue APs.
disable	Disable FortiPresence finding and reporting rogue APs.

fortipresence-unassoc

Enable/disable FortiPresence finding and reporting unassociated stations.

option

Option	Description
enable	Enable FortiPresence finding and reporting unassociated stations.
disable	Disable FortiPresence finding and reporting unassociated stations.

fortipresence-ble

Enable/disable FortiPresence finding and reporting BLE devices.

option

Option	Description
enable	Enable FortiPresence finding and reporting BLE devices.
disable	Disable FortiPresence finding and reporting BLE devices.

station-locate

Enable/disable client station locating services for all clients, whether associated or not (default = disable).

option

Option	Description
enable	Enable station locating service.
disable	Disable station locating service.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

config wireless-controller wtp-profile

config wireless-controller wtp-profile

config wireless-controller wtp-profile

config platform

config lan

config deny-mac-list

config split-tunneling-acl

config radio-1

config radio-2

config radio-3

config radio-4

config lbs

config wireless-controller wtp-profile