config wireless-controller wtp-profile
Description: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.
edit <name>
set comment {var-string}
config platform
Description: WTP, FortiAP, or AP platform.
set type [AP-11N|220B|...]
set mode [single-5G|dual-5G]
set ddscan [enable|disable]
end
set control-message-offload {option1}, {option2}, ...
set apcfg-profile {string}
set ble-profile {string}
set wan-port-mode [wan-lan|wan-only]
config lan
Description: WTP LAN port mapping.
set port-mode [offline|nat-to-wan|...]
set port-ssid {string}
set port1-mode [offline|nat-to-wan|...]
set port1-ssid {string}
set port2-mode [offline|nat-to-wan|...]
set port2-ssid {string}
set port3-mode [offline|nat-to-wan|...]
set port3-ssid {string}
set port4-mode [offline|nat-to-wan|...]
set port4-ssid {string}
set port5-mode [offline|nat-to-wan|...]
set port5-ssid {string}
set port6-mode [offline|nat-to-wan|...]
set port6-ssid {string}
set port7-mode [offline|nat-to-wan|...]
set port7-ssid {string}
set port8-mode [offline|nat-to-wan|...]
set port8-ssid {string}
set port-esl-mode [offline|nat-to-wan|...]
set port-esl-ssid {string}
end
set energy-efficient-ethernet [enable|disable]
set led-state [enable|disable]
set led-schedules <name1>, <name2>, ...
set dtls-policy {option1}, {option2}, ...
set dtls-in-kernel [enable|disable]
set max-clients {integer}
set handoff-rssi {integer}
set handoff-sta-thresh {integer}
set handoff-roaming [enable|disable]
config deny-mac-list
Description: List of MAC addresses that are denied access to this WTP, FortiAP, or AP.
edit <id>
set mac {mac-address}
next
end
set ap-country [NA|AL|...]
set ip-fragment-preventing {option1}, {option2}, ...
set tun-mtu-uplink {integer}
set tun-mtu-downlink {integer}
set split-tunneling-acl-path [tunnel|local]
set split-tunneling-acl-local-ap-subnet [enable|disable]
config split-tunneling-acl
Description: Split tunneling ACL filter list.
edit <id>
set dest-ip {ipv4-classnet}
next
end
set allowaccess {option1}, {option2}, ...
set login-passwd-change [yes|default|...]
set login-passwd {password}
set lldp [enable|disable]
set poe-mode [auto|8023af|...]
set frequency-handoff [enable|disable]
set ap-handoff [enable|disable]
config radio-1
Description: Configuration options for radio 1.
set mode [disabled|ap|...]
set band [802.11a|802.11b|...]
set band-5g-type [5g-full|5g-high|...]
set drma [disable|enable]
set drma-sensitivity [low|medium|...]
set airtime-fairness [enable|disable]
set protection-mode [rtscts|ctsonly|...]
set powersave-optimize {option1}, {option2}, ...
set transmit-optimize {option1}, {option2}, ...
set amsdu [enable|disable]
set coexistence [enable|disable]
set zero-wait-dfs [enable|disable]
set bss-color {integer}
set short-guard-interval [enable|disable]
set channel-bonding [160MHz|80MHz|...]
set auto-power-level [enable|disable]
set auto-power-high {integer}
set auto-power-low {integer}
set auto-power-target {string}
set power-level {integer}
set dtim {integer}
set beacon-interval {integer}
set rts-threshold {integer}
set frag-threshold {integer}
set ap-sniffer-bufsize {integer}
set ap-sniffer-chan {integer}
set ap-sniffer-addr {mac-address}
set ap-sniffer-mgmt-beacon [enable|disable]
set ap-sniffer-mgmt-probe [enable|disable]
set ap-sniffer-mgmt-other [enable|disable]
set ap-sniffer-ctl [enable|disable]
set ap-sniffer-data [enable|disable]
set channel-utilization [enable|disable]
set wids-profile {string}
set darrp [enable|disable]
set max-clients {integer}
set max-distance {integer}
set vap-all [tunnel|bridge|...]
set vaps <name1>, <name2>, ...
set channel <chan1>, <chan2>, ...
set call-admission-control [enable|disable]
set call-capacity {integer}
set bandwidth-admission-control [enable|disable]
set bandwidth-capacity {integer}
end
config radio-2
Description: Configuration options for radio 2.
set mode [disabled|ap|...]
set band [802.11a|802.11b|...]
set band-5g-type [5g-full|5g-high|...]
set drma [disable|enable]
set drma-sensitivity [low|medium|...]
set airtime-fairness [enable|disable]
set protection-mode [rtscts|ctsonly|...]
set powersave-optimize {option1}, {option2}, ...
set transmit-optimize {option1}, {option2}, ...
set amsdu [enable|disable]
set coexistence [enable|disable]
set zero-wait-dfs [enable|disable]
set bss-color {integer}
set short-guard-interval [enable|disable]
set channel-bonding [160MHz|80MHz|...]
set auto-power-level [enable|disable]
set auto-power-high {integer}
set auto-power-low {integer}
set auto-power-target {string}
set power-level {integer}
set dtim {integer}
set beacon-interval {integer}
set rts-threshold {integer}
set frag-threshold {integer}
set ap-sniffer-bufsize {integer}
set ap-sniffer-chan {integer}
set ap-sniffer-addr {mac-address}
set ap-sniffer-mgmt-beacon [enable|disable]
set ap-sniffer-mgmt-probe [enable|disable]
set ap-sniffer-mgmt-other [enable|disable]
set ap-sniffer-ctl [enable|disable]
set ap-sniffer-data [enable|disable]
set channel-utilization [enable|disable]
set wids-profile {string}
set darrp [enable|disable]
set max-clients {integer}
set max-distance {integer}
set vap-all [tunnel|bridge|...]
set vaps <name1>, <name2>, ...
set channel <chan1>, <chan2>, ...
set call-admission-control [enable|disable]
set call-capacity {integer}
set bandwidth-admission-control [enable|disable]
set bandwidth-capacity {integer}
end
config radio-3
Description: Configuration options for radio 3.
set mode [disabled|ap|...]
set band [802.11a|802.11b|...]
set band-5g-type [5g-full|5g-high|...]
set drma [disable|enable]
set drma-sensitivity [low|medium|...]
set airtime-fairness [enable|disable]
set protection-mode [rtscts|ctsonly|...]
set powersave-optimize {option1}, {option2}, ...
set transmit-optimize {option1}, {option2}, ...
set amsdu [enable|disable]
set coexistence [enable|disable]
set zero-wait-dfs [enable|disable]
set bss-color {integer}
set short-guard-interval [enable|disable]
set channel-bonding [160MHz|80MHz|...]
set auto-power-level [enable|disable]
set auto-power-high {integer}
set auto-power-low {integer}
set auto-power-target {string}
set power-level {integer}
set dtim {integer}
set beacon-interval {integer}
set rts-threshold {integer}
set frag-threshold {integer}
set ap-sniffer-bufsize {integer}
set ap-sniffer-chan {integer}
set ap-sniffer-addr {mac-address}
set ap-sniffer-mgmt-beacon [enable|disable]
set ap-sniffer-mgmt-probe [enable|disable]
set ap-sniffer-mgmt-other [enable|disable]
set ap-sniffer-ctl [enable|disable]
set ap-sniffer-data [enable|disable]
set channel-utilization [enable|disable]
set wids-profile {string}
set darrp [enable|disable]
set max-clients {integer}
set max-distance {integer}
set vap-all [tunnel|bridge|...]
set vaps <name1>, <name2>, ...
set channel <chan1>, <chan2>, ...
set call-admission-control [enable|disable]
set call-capacity {integer}
set bandwidth-admission-control [enable|disable]
set bandwidth-capacity {integer}
end
config radio-4
Description: Configuration options for radio 4.
set mode [disabled|ap|...]
set band [802.11a|802.11b|...]
set band-5g-type [5g-full|5g-high|...]
set drma [disable|enable]
set drma-sensitivity [low|medium|...]
set airtime-fairness [enable|disable]
set protection-mode [rtscts|ctsonly|...]
set powersave-optimize {option1}, {option2}, ...
set transmit-optimize {option1}, {option2}, ...
set amsdu [enable|disable]
set coexistence [enable|disable]
set zero-wait-dfs [enable|disable]
set bss-color {integer}
set short-guard-interval [enable|disable]
set channel-bonding [160MHz|80MHz|...]
set auto-power-level [enable|disable]
set auto-power-high {integer}
set auto-power-low {integer}
set auto-power-target {string}
set power-level {integer}
set dtim {integer}
set beacon-interval {integer}
set rts-threshold {integer}
set frag-threshold {integer}
set ap-sniffer-bufsize {integer}
set ap-sniffer-chan {integer}
set ap-sniffer-addr {mac-address}
set ap-sniffer-mgmt-beacon [enable|disable]
set ap-sniffer-mgmt-probe [enable|disable]
set ap-sniffer-mgmt-other [enable|disable]
set ap-sniffer-ctl [enable|disable]
set ap-sniffer-data [enable|disable]
set channel-utilization [enable|disable]
set wids-profile {string}
set darrp [enable|disable]
set max-clients {integer}
set max-distance {integer}
set vap-all [tunnel|bridge|...]
set vaps <name1>, <name2>, ...
set channel <chan1>, <chan2>, ...
set call-admission-control [enable|disable]
set call-capacity {integer}
set bandwidth-admission-control [enable|disable]
set bandwidth-capacity {integer}
end
config lbs
Description: Set various location based service (LBS) options.
set ekahau-blink-mode [enable|disable]
set ekahau-tag {mac-address}
set erc-server-ip {ipv4-address-any}
set erc-server-port {integer}
set aeroscout [enable|disable]
set aeroscout-server-ip {ipv4-address-any}
set aeroscout-server-port {integer}
set aeroscout-mu [enable|disable]
set aeroscout-ap-mac [bssid|board-mac]
set aeroscout-mmu-report [enable|disable]
set aeroscout-mu-factor {integer}
set aeroscout-mu-timeout {integer}
set fortipresence [foreign|both|...]
set fortipresence-server {ipv4-address-any}
set fortipresence-port {integer}
set fortipresence-secret {password}
set fortipresence-project {string}
set fortipresence-frequency {integer}
set fortipresence-rogue [enable|disable]
set fortipresence-unassoc [enable|disable]
set fortipresence-ble [enable|disable]
set station-locate [enable|disable]
end
set ext-info-enable [enable|disable]
next
end| Parameter Name | Description | Type | Size |
|---|---|---|---|
| comment | Comment. | var-string | Maximum length: 255 |
| control-message-offload | Enable/disable CAPWAP control message data channel offload. ebp-frame: Ekahau blink protocol (EBP) frames. aeroscout-tag: AeroScout tag. ap-list: Rogue AP list. sta-list: Rogue STA list. sta-cap-list: STA capability list. stats: WTP, radio, VAP, and STA statistics. aeroscout-mu: AeroScout Mobile Unit (MU) report. sta-health: STA health log. spectral-analysis: Spectral analysis report. |
option | - |
| apcfg-profile | AP local configuration profile name. | string | Maximum length: 35 |
| ble-profile | Bluetooth Low Energy profile name. | string | Maximum length: 35 |
| wan-port-mode | Enable/disable using a WAN port as a LAN port. wan-lan: Enable using a WAN port as a LAN port. wan-only: Disable using a WAN port as a LAN port. |
option | - |
| energy-efficient-ethernet | Enable/disable use of energy efficient Ethernet on WTP. enable: Enable use of energy efficient Ethernet on WTP. disable: Disable use of energy efficient Ethernet on WTP. |
option | - |
| led-state | Enable/disable use of LEDs on WTP (default = disable). enable: Enable use of LEDs on WTP. disable: Disable use of LEDs on WTP. |
option | - |
led-schedules <name> |
Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid. Separate multiple schedule names with a space. Schedule name. |
string | Maximum length: 35 |
| dtls-policy | WTP data channel DTLS policy (default = clear-text). clear-text: Clear Text Data Channel. dtls-enabled: DTLS Enabled Data Channel. ipsec-vpn: IPsec VPN Data Channel. |
option | - |
| dtls-in-kernel | Enable/disable data channel DTLS in kernel. enable: Enable data channel DTLS in kernel. disable: Disable data channel DTLS in kernel. |
option | - |
| max-clients | Maximum number of stations (STAs) supported by the WTP (default = 0, meaning no client limitation). | integer | Minimum value: 0 Maximum value: 4294967295 |
| handoff-rssi | Minimum received signal strength indicator (RSSI) value for handoff (20 - 30, default = 25). | integer | Minimum value: 20 Maximum value: 30 |
| handoff-sta-thresh | Threshold value for AP handoff. | integer | Minimum value: 0 Maximum value: 4294967295 |
| handoff-roaming | Enable/disable client load balancing during roaming to avoid roaming delay (default = disable). enable: Enable handoff roaming. disable: Disable handoff roaming. |
option | - |
| ap-country | |||
| ip-fragment-preventing | Method(s) by which IP fragmentation is prevented for control and data packets through CAPWAP tunnel (default = tcp-mss-adjust). tcp-mss-adjust: TCP maximum segment size adjustment. icmp-unreachable: Drop packet and send ICMP Destination Unreachable |
option | - |
| tun-mtu-uplink | The maximum transmission unit (MTU) of uplink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0). | integer | Minimum value: 576 Maximum value: 1500 |
| tun-mtu-downlink | The MTU of downlink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0). | integer | Minimum value: 576 Maximum value: 1500 |
| split-tunneling-acl-path | Split tunneling ACL path is local/tunnel. tunnel: Split tunneling ACL list traffic will be tunnel. local: Split tunneling ACL list traffic will be local NATed. |
option | - |
| split-tunneling-acl-local-ap-subnet | Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL (default = disable). enable: Enable automatically adding local subnetwork of FortiAP to split-tunneling ACL. disable: Disable automatically adding local subnetwork of FortiAP to split-tunneling ACL. |
option | - |
| allowaccess | Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space. https: HTTPS access. ssh: SSH access. snmp: SNMP access. |
option | - |
| login-passwd-change | Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no, default = no). yes: Change the managed WTP, FortiAP or AP's administrator password. Use the login-password option to set the password. default: Keep the managed WTP, FortiAP or AP's administrator password set to the factory default. no: Do not change the managed WTP, FortiAP or AP's administrator password. |
option | - |
| login-passwd | Set the managed WTP, FortiAP, or AP's administrator password. | password | Not Specified |
| lldp | Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP (default = enable). enable: Enable LLDP. disable: Disable LLDP. |
option | - |
| poe-mode | Set the WTP, FortiAP, or AP's PoE mode. auto: Automatically detect the PoE mode. 8023af: Use 802.3af PoE mode. 8023at: Use 802.3at PoE mode. power-adapter: Use the power adapter to control the PoE mode. |
option | - |
| frequency-handoff | Enable/disable frequency handoff of clients to other channels (default = disable). enable: Enable frequency handoff. disable: Disable frequency handoff. |
option | - |
| ap-handoff | Enable/disable AP handoff of clients to other APs (default = disable). enable: Enable AP handoff. disable: Disable AP handoff. |
option | - |
| ext-info-enable | Enable/disable station/VAP/radio extension information. enable: Enable station/VAP/radio extension information. disable: Disable station/VAP/radio extension information. |
option | - |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| type | WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in profile and customize it or create a new profile. AP-11N: Default 11n AP. 220B: FAP220B/221B. 210B: FAP210B. 222B: FAP222B. 112B: FAP112B. 320B: FAP320B. 11C: FAP11C. 14C: FAP14C. 223B: FAP223B. 28C: FAP28C. 320C: FAP320C. 221C: FAP221C. 25D: FAP25D. 222C: FAP222C. 224D: FAP224D. 214B: FK214B. 21D: FAP21D. 24D: FAP24D. 112D: FAP112D. 223C: FAP223C. 321C: FAP321C. C220C: FAPC220C. C225C: FAPC225C. C23JD: FAPC23JD. C24JE: FAPC24JE. S321C: FAPS321C. S322C: FAPS322C. S323C: FAPS323C. S311C: FAPS311C. S313C: FAPS313C. S321CR: FAPS321CR. S322CR: FAPS322CR. S323CR: FAPS323CR. S421E: FAPS421E. S422E: FAPS422E. S423E: FAPS423E. 421E: FAP421E. 423E: FAP423E. 221E: FAP221E. 222E: FAP222E. 223E: FAP223E. 224E: FAP224E. 231E: FAP231E. S221E: FAPS221E. S223E: FAPS223E. 321E: FAP321E. 431F: FAP431F. 432F: FAP432F. 433F: FAP433F. 231F: FAP231F. 234F: FAP234F. 23JF: FAP23JF. U421E: FAPU421EV. U422EV: FAPU422EV. U423E: FAPU423EV. U221EV: FAPU221EV. U223EV: FAPU223EV. U24JEV: FAPU24JEV. U321EV: FAPU321EV. U323EV: FAPU323EV. U431F: FAPU431F. U433F: FAPU433F. U231F: FAPU231F. |
option | - |
| mode | Configure operation mode of 5G radios (default = single-5G). single-5G: Configure radios as one 5GHz band, one 2.4GHz band, and one dedicated monitor or sniffer. dual-5G: Configure radios as one lower 5GHz band, one higher 5GHz band and one 2.4GHz band respectively. |
option | - |
| ddscan | Enable/disable use of one radio for dedicated dual-band scanning to detect RF characterization and wireless threat management. enable: Enable dedicated dual-band scan mode. disable: Disable dedicated dual-band scan mode. |
option | - |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| port-mode | LAN port mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port-ssid | Bridge LAN port to SSID. | string | Maximum length: 15 |
| port1-mode | LAN port 1 mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port1-ssid | Bridge LAN port 1 to SSID. | string | Maximum length: 15 |
| port2-mode | LAN port 2 mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port2-ssid | Bridge LAN port 2 to SSID. | string | Maximum length: 15 |
| port3-mode | LAN port 3 mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port3-ssid | Bridge LAN port 3 to SSID. | string | Maximum length: 15 |
| port4-mode | LAN port 4 mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port4-ssid | Bridge LAN port 4 to SSID. | string | Maximum length: 15 |
| port5-mode | LAN port 5 mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port5-ssid | Bridge LAN port 5 to SSID. | string | Maximum length: 15 |
| port6-mode | LAN port 6 mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port6-ssid | Bridge LAN port 6 to SSID. | string | Maximum length: 15 |
| port7-mode | LAN port 7 mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port7-ssid | Bridge LAN port 7 to SSID. | string | Maximum length: 15 |
| port8-mode | LAN port 8 mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port8-ssid | Bridge LAN port 8 to SSID. | string | Maximum length: 15 |
| port-esl-mode | ESL port mode. offline: Offline. nat-to-wan: NAT WTP ESL port to WTP WAN port. bridge-to-wan: Bridge WTP ESL port to WTP WAN port. bridge-to-ssid: Bridge WTP ESL port to SSID. |
option | - |
| port-esl-ssid | Bridge ESL port to SSID. | string | Maximum length: 15 |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| mac | A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP. | mac-address | Not Specified |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| dest-ip | Destination IP and mask for the split-tunneling subnet. | ipv4-classnet | Not Specified |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| mode | Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. disabled: Radio 1 is disabled. ap: Radio 1 operates as an access point that allows WiFi clients to connect to your network. monitor: Radio 1 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list. sniffer: Radio 1 operates as a sniffer capturing WiFi frames on air. |
option | - |
| band | WiFi band that Radio 1 operates on. 802.11a: 802.11a. 802.11b: 802.11b. 802.11g: 802.11g/b. 802.11n: 802.11n/g/b at 2.4GHz. 802.11n-5G: 802.11n/a at 5GHz. 802.11ac: 802.11ac/n/a. 802.11ax-5G: 802.11ax/ac/n/a at 5GHz. 802.11ax: 802.11ax/n/g/b at 2.4GHz. 802.11ac-2G: 802.11ac at 2.4GHz. 802.11n,g-only: 802.11n/g at 2.4GHz. 802.11g-only: 802.11g. 802.11n-only: 802.11n at 2.4GHz. 802.11n-5G-only: 802.11n at 5GHz. 802.11ac,n-only: 802.11ac/n. 802.11ac-only: 802.11ac. 802.11ax,ac-only: 802.11ax/ac at 5GHz. 802.11ax,ac,n-only: 802.11ax/ac/n at 5GHz. 802.11ax-5G-only: 802.11ax at 5GHz. 802.11ax,n-only: 802.11ax/n at 2.4GHz. 802.11ax,n,g-only: 802.11ax/n/g at 2.4GHz. 802.11ax-only: 802.11ax at 2.4GHz. |
option | - |
| band-5g-type | WiFi 5G band type. 5g-full: Full 5G band. 5g-high: High 5G band. 5g-low: Low 5G band. |
option | - |
| drma | Enable/disable dynamic radio mode assignment (DRMA) (default = disable). disable: Disable dynamic radio mode assignment (DRMA). enable: Enable dynamic radio mode assignment (DRMA). |
option | - |
| drma-sensitivity | Network Coverage Factor (NCF) percentage required to consider a radio as redundant (default = low). low: Consider a radio as redundant when its NCF is 100%. medium: Consider a radio as redundant when its NCF is 95%. high: Consider a radio as redundant when its NCF is 90%. |
option | - |
| airtime-fairness | Enable/disable airtime fairness (default = disable). enable: Enable airtime fairness (ATF) support. disable: Disable airtime fairness (ATF) support. |
option | - |
| protection-mode | Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). rtscts: Enable 802.11g protection RTS/CTS mode. ctsonly: Enable 802.11g protection CTS only mode. disable: Disable 802.11g protection mode. |
option | - |
| powersave-optimize | Enable client power-saving features such as TIM, AC VO, and OBSS etc. tim: TIM bit for client in power save mode. ac-vo: Use AC VO priority to send out packets in the power save queue. no-obss-scan: Do not put OBSS scan IE into beacon and probe response frames. no-11b-rate: Do not send frame using 11b data rate. client-rate-follow: Adapt transmitting PHY rate with receiving PHY rate from a client. |
option | - |
| transmit-optimize | Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. disable: Disable packet transmission optimization. power-save: Tag client as operating in power save mode if excessive transmit retries occur. aggr-limit: Set aggregation limit to a lower value when data rate is low. retry-limit: Set software retry limit to a lower value when data rate is low. send-bar: Limit transmission of BAR frames. |
option | - |
| amsdu | Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable). enable: Enable AMSDU support. disable: Disable AMSDU support. |
option | - |
| coexistence | Enable/disable allowing both HT20 and HT40 on the same radio (default = enable). enable: Enable support for both HT20 and HT40 on the same radio. disable: Disable support for both HT20 and HT40 on the same radio. |
option | - |
| zero-wait-dfs | Enable/disable zero wait DFS on radio (default = enable). enable: Enable zero wait DFS disable: Disable zero wait DFS |
option | - |
| bss-color | BSS color value for this 11ax radio (0 - 63, 0 means disable. default = 0). | integer | Minimum value: 0 Maximum value: 63 |
| short-guard-interval | Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. enable: Select the 400 ns short guard interval (Short GI). disable: Select the 800 ns long guard interval (Long GI). |
option | - |
| channel-bonding | Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. 160MHz: 160 MHz channel width. 80MHz: 80 MHz channel width. 40MHz: 40 MHz channel width. 20MHz: 20 MHz channel width. |
option | - |
| auto-power-level | Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable). enable: Enable automatic transmit power adjustment. disable: Disable automatic transmit power adjustment. |
option | - |
| auto-power-high | The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). | integer | Minimum value: 0 Maximum value: 4294967295 |
| auto-power-low | The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). | integer | Minimum value: 0 Maximum value: 4294967295 |
| auto-power-target | The target of automatic transmit power adjustment in dBm. (-95 to -20, default = -70). | string | Maximum length: 7 |
| power-level | Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). | integer | Minimum value: 0 Maximum value: 100 |
| dtim | Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode. | integer | Minimum value: 1 Maximum value: 255 |
| beacon-interval | Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100). | integer | Minimum value: 0 Maximum value: 65535 |
| rts-threshold | Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346). | integer | Minimum value: 256 Maximum value: 2346 |
| frag-threshold | Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346). | integer | Minimum value: 800 Maximum value: 2346 |
| ap-sniffer-bufsize | Sniffer buffer size (1 - 32 MB, default = 16). | integer | Minimum value: 1 Maximum value: 32 |
| ap-sniffer-chan | Channel on which to operate the sniffer (default = 6). | integer | Minimum value: 0 Maximum value: 4294967295 |
| ap-sniffer-addr | MAC address to monitor. | mac-address | Not Specified |
| ap-sniffer-mgmt-beacon | Enable/disable sniffer on WiFi management Beacon frames (default = enable). enable: Enable sniffer on WiFi management beacon frame. disable: Disable sniffer on WiFi management beacon frame. |
option | - |
| ap-sniffer-mgmt-probe | Enable/disable sniffer on WiFi management probe frames (default = enable). enable: Enable sniffer on WiFi management probe frame. disable: Enable sniffer on WiFi management probe frame. |
option | - |
| ap-sniffer-mgmt-other | Enable/disable sniffer on WiFi management other frames (default = enable). enable: Enable sniffer on WiFi management other frame. disable: Disable sniffer on WiFi management other frame. |
option | - |
| ap-sniffer-ctl | Enable/disable sniffer on WiFi control frame (default = enable). enable: Enable sniffer on WiFi control frame. disable: Disable sniffer on WiFi control frame. |
option | - |
| ap-sniffer-data | Enable/disable sniffer on WiFi data frame (default = enable). enable: Enable sniffer on WiFi data frame disable: Disable sniffer on WiFi data frame |
option | - |
| channel-utilization | Enable/disable measuring channel utilization. enable: Enable measuring channel utilization. disable: Disable measuring channel utilization. |
option | - |
| wids-profile | Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. | string | Maximum length: 35 |
| darrp | Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable). enable: Enable distributed automatic radio resource provisioning. disable: Disable distributed automatic radio resource provisioning. |
option | - |
| max-clients | Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. | integer | Minimum value: 0 Maximum value: 4294967295 |
| max-distance | Maximum expected distance between the AP and clients (0 - 54000 m, default = 0). | integer | Minimum value: 0 Maximum value: 54000 |
| vap-all | Configure method for assigning SSIDs to this FortiAP (default = automatically assign tunnel SSIDs). tunnel: Automatically select tunnel SSIDs. bridge: Automatically select local-bridging SSIDs. manual: Manually select SSIDs. |
option | - |
vaps <name> |
Manually selected list of Virtual Access Points (VAPs). Virtual Access Point (VAP) name. |
string | Maximum length: 35 |
channel <chan> |
Selected list of wireless radio channels. Channel number. |
string | Maximum length: 3 |
| call-admission-control | Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. enable: Enable WMM call admission control. disable: Disable WMM call admission control. |
option | - |
| call-capacity | Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10). | integer | Minimum value: 0 Maximum value: 60 |
| bandwidth-admission-control | Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. enable: Enable WMM bandwidth admission control. disable: Disable WMM bandwidth admission control. |
option | - |
| bandwidth-capacity | Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000). | integer | Minimum value: 1 Maximum value: 600000 |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| mode | Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. disabled: Radio 2 is disabled. ap: Radio 2 operates as an access point that allows WiFi clients to connect to your network. monitor: Radio 2 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list. sniffer: Radio 2 operates as a sniffer capturing WiFi frames on air. |
option | - |
| band | WiFi band that Radio 2 operates on. 802.11a: 802.11a. 802.11b: 802.11b. 802.11g: 802.11g/b. 802.11n: 802.11n/g/b at 2.4GHz. 802.11n-5G: 802.11n/a at 5GHz. 802.11ac: 802.11ac/n/a. 802.11ax-5G: 802.11ax/ac/n/a at 5GHz. 802.11ax: 802.11ax/n/g/b at 2.4GHz. 802.11ac-2G: 802.11ac at 2.4GHz. 802.11n,g-only: 802.11n/g at 2.4GHz. 802.11g-only: 802.11g. 802.11n-only: 802.11n at 2.4GHz. 802.11n-5G-only: 802.11n at 5GHz. 802.11ac,n-only: 802.11ac/n. 802.11ac-only: 802.11ac. 802.11ax,ac-only: 802.11ax/ac at 5GHz. 802.11ax,ac,n-only: 802.11ax/ac/n at 5GHz. 802.11ax-5G-only: 802.11ax at 5GHz. 802.11ax,n-only: 802.11ax/n at 2.4GHz. 802.11ax,n,g-only: 802.11ax/n/g at 2.4GHz. 802.11ax-only: 802.11ax at 2.4GHz. |
option | - |
| band-5g-type | WiFi 5G band type. 5g-full: Full 5G band. 5g-high: High 5G band. 5g-low: Low 5G band. |
option | - |
| drma | Enable/disable dynamic radio mode assignment (DRMA) (default = disable). disable: Disable dynamic radio mode assignment (DRMA). enable: Enable dynamic radio mode assignment (DRMA). |
option | - |
| drma-sensitivity | Network Coverage Factor (NCF) percentage required to consider a radio as redundant (default = low). low: Consider a radio as redundant when its NCF is 100%. medium: Consider a radio as redundant when its NCF is 95%. high: Consider a radio as redundant when its NCF is 90%. |
option | - |
| airtime-fairness | Enable/disable airtime fairness (default = disable). enable: Enable airtime fairness (ATF) support. disable: Disable airtime fairness (ATF) support. |
option | - |
| protection-mode | Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). rtscts: Enable 802.11g protection RTS/CTS mode. ctsonly: Enable 802.11g protection CTS only mode. disable: Disable 802.11g protection mode. |
option | - |
| powersave-optimize | Enable client power-saving features such as TIM, AC VO, and OBSS etc. tim: TIM bit for client in power save mode. ac-vo: Use AC VO priority to send out packets in the power save queue. no-obss-scan: Do not put OBSS scan IE into beacon and probe response frames. no-11b-rate: Do not send frame using 11b data rate. client-rate-follow: Adapt transmitting PHY rate with receiving PHY rate from a client. |
option | - |
| transmit-optimize | Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. disable: Disable packet transmission optimization. power-save: Tag client as operating in power save mode if excessive transmit retries occur. aggr-limit: Set aggregation limit to a lower value when data rate is low. retry-limit: Set software retry limit to a lower value when data rate is low. send-bar: Limit transmission of BAR frames. |
option | - |
| amsdu | Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable). enable: Enable AMSDU support. disable: Disable AMSDU support. |
option | - |
| coexistence | Enable/disable allowing both HT20 and HT40 on the same radio (default = enable). enable: Enable support for both HT20 and HT40 on the same radio. disable: Disable support for both HT20 and HT40 on the same radio. |
option | - |
| zero-wait-dfs | Enable/disable zero wait DFS on radio (default = enable). enable: Enable zero wait DFS disable: Disable zero wait DFS |
option | - |
| bss-color | BSS color value for this 11ax radio (0 - 63, 0 means disable. default = 0). | integer | Minimum value: 0 Maximum value: 63 |
| short-guard-interval | Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. enable: Select the 400 ns short guard interval (Short GI). disable: Select the 800 ns long guard interval (Long GI). |
option | - |
| channel-bonding | Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. 160MHz: 160 MHz channel width. 80MHz: 80 MHz channel width. 40MHz: 40 MHz channel width. 20MHz: 20 MHz channel width. |
option | - |
| auto-power-level | Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable). enable: Enable automatic transmit power adjustment. disable: Disable automatic transmit power adjustment. |
option | - |
| auto-power-high | The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). | integer | Minimum value: 0 Maximum value: 4294967295 |
| auto-power-low | The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). | integer | Minimum value: 0 Maximum value: 4294967295 |
| auto-power-target | The target of automatic transmit power adjustment in dBm. (-95 to -20, default = -70). | string | Maximum length: 7 |
| power-level | Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). | integer | Minimum value: 0 Maximum value: 100 |
| dtim | Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode. | integer | Minimum value: 1 Maximum value: 255 |
| beacon-interval | Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100). | integer | Minimum value: 0 Maximum value: 65535 |
| rts-threshold | Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346). | integer | Minimum value: 256 Maximum value: 2346 |
| frag-threshold | Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346). | integer | Minimum value: 800 Maximum value: 2346 |
| ap-sniffer-bufsize | Sniffer buffer size (1 - 32 MB, default = 16). | integer | Minimum value: 1 Maximum value: 32 |
| ap-sniffer-chan | Channel on which to operate the sniffer (default = 6). | integer | Minimum value: 0 Maximum value: 4294967295 |
| ap-sniffer-addr | MAC address to monitor. | mac-address | Not Specified |
| ap-sniffer-mgmt-beacon | Enable/disable sniffer on WiFi management Beacon frames (default = enable). enable: Enable sniffer on WiFi management beacon frame. disable: Disable sniffer on WiFi management beacon frame. |
option | - |
| ap-sniffer-mgmt-probe | Enable/disable sniffer on WiFi management probe frames (default = enable). enable: Enable sniffer on WiFi management probe frame. disable: Enable sniffer on WiFi management probe frame. |
option | - |
| ap-sniffer-mgmt-other | Enable/disable sniffer on WiFi management other frames (default = enable). enable: Enable sniffer on WiFi management other frame. disable: Disable sniffer on WiFi management other frame. |
option | - |
| ap-sniffer-ctl | Enable/disable sniffer on WiFi control frame (default = enable). enable: Enable sniffer on WiFi control frame. disable: Disable sniffer on WiFi control frame. |
option | - |
| ap-sniffer-data | Enable/disable sniffer on WiFi data frame (default = enable). enable: Enable sniffer on WiFi data frame disable: Disable sniffer on WiFi data frame |
option | - |
| channel-utilization | Enable/disable measuring channel utilization. enable: Enable measuring channel utilization. disable: Disable measuring channel utilization. |
option | - |
| wids-profile | Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. | string | Maximum length: 35 |
| darrp | Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable). enable: Enable distributed automatic radio resource provisioning. disable: Disable distributed automatic radio resource provisioning. |
option | - |
| max-clients | Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. | integer | Minimum value: 0 Maximum value: 4294967295 |
| max-distance | Maximum expected distance between the AP and clients (0 - 54000 m, default = 0). | integer | Minimum value: 0 Maximum value: 54000 |
| vap-all | Configure method for assigning SSIDs to this FortiAP (default = automatically assign tunnel SSIDs). tunnel: Automatically select tunnel SSIDs. bridge: Automatically select local-bridging SSIDs. manual: Manually select SSIDs. |
option | - |
vaps <name> |
Manually selected list of Virtual Access Points (VAPs). Virtual Access Point (VAP) name. |
string | Maximum length: 35 |
channel <chan> |
Selected list of wireless radio channels. Channel number. |
string | Maximum length: 3 |
| call-admission-control | Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. enable: Enable WMM call admission control. disable: Disable WMM call admission control. |
option | - |
| call-capacity | Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10). | integer | Minimum value: 0 Maximum value: 60 |
| bandwidth-admission-control | Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. enable: Enable WMM bandwidth admission control. disable: Disable WMM bandwidth admission control. |
option | - |
| bandwidth-capacity | Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000). | integer | Minimum value: 1 Maximum value: 600000 |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| mode | Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. disabled: Radio 3 is disabled. ap: Radio 3 operates as an access point that allows WiFi clients to connect to your network. monitor: Radio 3 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list. sniffer: Radio 3 operates as a sniffer capturing WiFi frames on air. |
option | - |
| band | WiFi band that Radio 3 operates on. 802.11a: 802.11a. 802.11b: 802.11b. 802.11g: 802.11g/b. 802.11n: 802.11n/g/b at 2.4GHz. 802.11n-5G: 802.11n/a at 5GHz. 802.11ac: 802.11ac/n/a. 802.11ax-5G: 802.11ax/ac/n/a at 5GHz. 802.11ax: 802.11ax/n/g/b at 2.4GHz. 802.11ac-2G: 802.11ac at 2.4GHz. 802.11n,g-only: 802.11n/g at 2.4GHz. 802.11g-only: 802.11g. 802.11n-only: 802.11n at 2.4GHz. 802.11n-5G-only: 802.11n at 5GHz. 802.11ac,n-only: 802.11ac/n. 802.11ac-only: 802.11ac. 802.11ax,ac-only: 802.11ax/ac at 5GHz. 802.11ax,ac,n-only: 802.11ax/ac/n at 5GHz. 802.11ax-5G-only: 802.11ax at 5GHz. 802.11ax,n-only: 802.11ax/n at 2.4GHz. 802.11ax,n,g-only: 802.11ax/n/g at 2.4GHz. 802.11ax-only: 802.11ax at 2.4GHz. |
option | - |
| band-5g-type | WiFi 5G band type. 5g-full: Full 5G band. 5g-high: High 5G band. 5g-low: Low 5G band. |
option | - |
| drma | Enable/disable dynamic radio mode assignment (DRMA) (default = disable). disable: Disable dynamic radio mode assignment (DRMA). enable: Enable dynamic radio mode assignment (DRMA). |
option | - |
| drma-sensitivity | Network Coverage Factor (NCF) percentage required to consider a radio as redundant (default = low). low: Consider a radio as redundant when its NCF is 100%. medium: Consider a radio as redundant when its NCF is 95%. high: Consider a radio as redundant when its NCF is 90%. |
option | - |
| airtime-fairness | Enable/disable airtime fairness (default = disable). enable: Enable airtime fairness (ATF) support. disable: Disable airtime fairness (ATF) support. |
option | - |
| protection-mode | Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). rtscts: Enable 802.11g protection RTS/CTS mode. ctsonly: Enable 802.11g protection CTS only mode. disable: Disable 802.11g protection mode. |
option | - |
| powersave-optimize | Enable client power-saving features such as TIM, AC VO, and OBSS etc. tim: TIM bit for client in power save mode. ac-vo: Use AC VO priority to send out packets in the power save queue. no-obss-scan: Do not put OBSS scan IE into beacon and probe response frames. no-11b-rate: Do not send frame using 11b data rate. client-rate-follow: Adapt transmitting PHY rate with receiving PHY rate from a client. |
option | - |
| transmit-optimize | Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. disable: Disable packet transmission optimization. power-save: Tag client as operating in power save mode if excessive transmit retries occur. aggr-limit: Set aggregation limit to a lower value when data rate is low. retry-limit: Set software retry limit to a lower value when data rate is low. send-bar: Limit transmission of BAR frames. |
option | - |
| amsdu | Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable). enable: Enable AMSDU support. disable: Disable AMSDU support. |
option | - |
| coexistence | Enable/disable allowing both HT20 and HT40 on the same radio (default = enable). enable: Enable support for both HT20 and HT40 on the same radio. disable: Disable support for both HT20 and HT40 on the same radio. |
option | - |
| zero-wait-dfs | Enable/disable zero wait DFS on radio (default = enable). enable: Enable zero wait DFS disable: Disable zero wait DFS |
option | - |
| bss-color | BSS color value for this 11ax radio (0 - 63, 0 means disable. default = 0). | integer | Minimum value: 0 Maximum value: 63 |
| short-guard-interval | Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. enable: Select the 400 ns short guard interval (Short GI). disable: Select the 800 ns long guard interval (Long GI). |
option | - |
| channel-bonding | Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. 160MHz: 160 MHz channel width. 80MHz: 80 MHz channel width. 40MHz: 40 MHz channel width. 20MHz: 20 MHz channel width. |
option | - |
| auto-power-level | Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable). enable: Enable automatic transmit power adjustment. disable: Disable automatic transmit power adjustment. |
option | - |
| auto-power-high | The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). | integer | Minimum value: 0 Maximum value: 4294967295 |
| auto-power-low | The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). | integer | Minimum value: 0 Maximum value: 4294967295 |
| auto-power-target | The target of automatic transmit power adjustment in dBm. (-95 to -20, default = -70). | string | Maximum length: 7 |
| power-level | Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). | integer | Minimum value: 0 Maximum value: 100 |
| dtim | Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode. | integer | Minimum value: 1 Maximum value: 255 |
| beacon-interval | Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100). | integer | Minimum value: 0 Maximum value: 65535 |
| rts-threshold | Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346). | integer | Minimum value: 256 Maximum value: 2346 |
| frag-threshold | Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346). | integer | Minimum value: 800 Maximum value: 2346 |
| ap-sniffer-bufsize | Sniffer buffer size (1 - 32 MB, default = 16). | integer | Minimum value: 1 Maximum value: 32 |
| ap-sniffer-chan | Channel on which to operate the sniffer (default = 6). | integer | Minimum value: 0 Maximum value: 4294967295 |
| ap-sniffer-addr | MAC address to monitor. | mac-address | Not Specified |
| ap-sniffer-mgmt-beacon | Enable/disable sniffer on WiFi management Beacon frames (default = enable). enable: Enable sniffer on WiFi management beacon frame. disable: Disable sniffer on WiFi management beacon frame. |
option | - |
| ap-sniffer-mgmt-probe | Enable/disable sniffer on WiFi management probe frames (default = enable). enable: Enable sniffer on WiFi management probe frame. disable: Enable sniffer on WiFi management probe frame. |
option | - |
| ap-sniffer-mgmt-other | Enable/disable sniffer on WiFi management other frames (default = enable). enable: Enable sniffer on WiFi management other frame. disable: Disable sniffer on WiFi management other frame. |
option | - |
| ap-sniffer-ctl | Enable/disable sniffer on WiFi control frame (default = enable). enable: Enable sniffer on WiFi control frame. disable: Disable sniffer on WiFi control frame. |
option | - |
| ap-sniffer-data | Enable/disable sniffer on WiFi data frame (default = enable). enable: Enable sniffer on WiFi data frame disable: Disable sniffer on WiFi data frame |
option | - |
| channel-utilization | Enable/disable measuring channel utilization. enable: Enable measuring channel utilization. disable: Disable measuring channel utilization. |
option | - |
| wids-profile | Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. | string | Maximum length: 35 |
| darrp | Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable). enable: Enable distributed automatic radio resource provisioning. disable: Disable distributed automatic radio resource provisioning. |
option | - |
| max-clients | Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. | integer | Minimum value: 0 Maximum value: 4294967295 |
| max-distance | Maximum expected distance between the AP and clients (0 - 54000 m, default = 0). | integer | Minimum value: 0 Maximum value: 54000 |
| vap-all | Configure method for assigning SSIDs to this FortiAP (default = automatically assign tunnel SSIDs). tunnel: Automatically select tunnel SSIDs. bridge: Automatically select local-bridging SSIDs. manual: Manually select SSIDs. |
option | - |
vaps <name> |
Manually selected list of Virtual Access Points (VAPs). Virtual Access Point (VAP) name. |
string | Maximum length: 35 |
channel <chan> |
Selected list of wireless radio channels. Channel number. |
string | Maximum length: 3 |
| call-admission-control | Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. enable: Enable WMM call admission control. disable: Disable WMM call admission control. |
option | - |
| call-capacity | Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10). | integer | Minimum value: 0 Maximum value: 60 |
| bandwidth-admission-control | Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. enable: Enable WMM bandwidth admission control. disable: Disable WMM bandwidth admission control. |
option | - |
| bandwidth-capacity | Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000). | integer | Minimum value: 1 Maximum value: 600000 |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| mode | Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. disabled: Radio 3 is disabled. ap: Radio 3 operates as an access point that allows WiFi clients to connect to your network. monitor: Radio 3 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list. sniffer: Radio 3 operates as a sniffer capturing WiFi frames on air. |
option | - |
| band | WiFi band that Radio 3 operates on. 802.11a: 802.11a. 802.11b: 802.11b. 802.11g: 802.11g/b. 802.11n: 802.11n/g/b at 2.4GHz. 802.11n-5G: 802.11n/a at 5GHz. 802.11ac: 802.11ac/n/a. 802.11ax-5G: 802.11ax/ac/n/a at 5GHz. 802.11ax: 802.11ax/n/g/b at 2.4GHz. 802.11ac-2G: 802.11ac at 2.4GHz. 802.11n,g-only: 802.11n/g at 2.4GHz. 802.11g-only: 802.11g. 802.11n-only: 802.11n at 2.4GHz. 802.11n-5G-only: 802.11n at 5GHz. 802.11ac,n-only: 802.11ac/n. 802.11ac-only: 802.11ac. 802.11ax,ac-only: 802.11ax/ac at 5GHz. 802.11ax,ac,n-only: 802.11ax/ac/n at 5GHz. 802.11ax-5G-only: 802.11ax at 5GHz. 802.11ax,n-only: 802.11ax/n at 2.4GHz. 802.11ax,n,g-only: 802.11ax/n/g at 2.4GHz. 802.11ax-only: 802.11ax at 2.4GHz. |
option | - |
| band-5g-type | WiFi 5G band type. 5g-full: Full 5G band. 5g-high: High 5G band. 5g-low: Low 5G band. |
option | - |
| drma | Enable/disable dynamic radio mode assignment (DRMA) (default = disable). disable: Disable dynamic radio mode assignment (DRMA). enable: Enable dynamic radio mode assignment (DRMA). |
option | - |
| drma-sensitivity | Network Coverage Factor (NCF) percentage required to consider a radio as redundant (default = low). low: Consider a radio as redundant when its NCF is 100%. medium: Consider a radio as redundant when its NCF is 95%. high: Consider a radio as redundant when its NCF is 90%. |
option | - |
| airtime-fairness | Enable/disable airtime fairness (default = disable). enable: Enable airtime fairness (ATF) support. disable: Disable airtime fairness (ATF) support. |
option | - |
| protection-mode | Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). rtscts: Enable 802.11g protection RTS/CTS mode. ctsonly: Enable 802.11g protection CTS only mode. disable: Disable 802.11g protection mode. |
option | - |
| powersave-optimize | Enable client power-saving features such as TIM, AC VO, and OBSS etc. tim: TIM bit for client in power save mode. ac-vo: Use AC VO priority to send out packets in the power save queue. no-obss-scan: Do not put OBSS scan IE into beacon and probe response frames. no-11b-rate: Do not send frame using 11b data rate. client-rate-follow: Adapt transmitting PHY rate with receiving PHY rate from a client. |
option | - |
| transmit-optimize | Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. disable: Disable packet transmission optimization. power-save: Tag client as operating in power save mode if excessive transmit retries occur. aggr-limit: Set aggregation limit to a lower value when data rate is low. retry-limit: Set software retry limit to a lower value when data rate is low. send-bar: Limit transmission of BAR frames. |
option | - |
| amsdu | Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable). enable: Enable AMSDU support. disable: Disable AMSDU support. |
option | - |
| coexistence | Enable/disable allowing both HT20 and HT40 on the same radio (default = enable). enable: Enable support for both HT20 and HT40 on the same radio. disable: Disable support for both HT20 and HT40 on the same radio. |
option | - |
| zero-wait-dfs | Enable/disable zero wait DFS on radio (default = enable). enable: Enable zero wait DFS disable: Disable zero wait DFS |
option | - |
| bss-color | BSS color value for this 11ax radio (0 - 63, 0 means disable. default = 0). | integer | Minimum value: 0 Maximum value: 63 |
| short-guard-interval | Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. enable: Select the 400 ns short guard interval (Short GI). disable: Select the 800 ns long guard interval (Long GI). |
option | - |
| channel-bonding | Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. 160MHz: 160 MHz channel width. 80MHz: 80 MHz channel width. 40MHz: 40 MHz channel width. 20MHz: 20 MHz channel width. |
option | - |
| auto-power-level | Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable). enable: Enable automatic transmit power adjustment. disable: Disable automatic transmit power adjustment. |
option | - |
| auto-power-high | The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). | integer | Minimum value: 0 Maximum value: 4294967295 |
| auto-power-low | The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). | integer | Minimum value: 0 Maximum value: 4294967295 |
| auto-power-target | The target of automatic transmit power adjustment in dBm. (-95 to -20, default = -70). | string | Maximum length: 7 |
| power-level | Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). | integer | Minimum value: 0 Maximum value: 100 |
| dtim | Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode. | integer | Minimum value: 1 Maximum value: 255 |
| beacon-interval | Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100). | integer | Minimum value: 0 Maximum value: 65535 |
| rts-threshold | Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346). | integer | Minimum value: 256 Maximum value: 2346 |
| frag-threshold | Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346). | integer | Minimum value: 800 Maximum value: 2346 |
| ap-sniffer-bufsize | Sniffer buffer size (1 - 32 MB, default = 16). | integer | Minimum value: 1 Maximum value: 32 |
| ap-sniffer-chan | Channel on which to operate the sniffer (default = 6). | integer | Minimum value: 0 Maximum value: 4294967295 |
| ap-sniffer-addr | MAC address to monitor. | mac-address | Not Specified |
| ap-sniffer-mgmt-beacon | Enable/disable sniffer on WiFi management Beacon frames (default = enable). enable: Enable sniffer on WiFi management beacon frame. disable: Disable sniffer on WiFi management beacon frame. |
option | - |
| ap-sniffer-mgmt-probe | Enable/disable sniffer on WiFi management probe frames (default = enable). enable: Enable sniffer on WiFi management probe frame. disable: Enable sniffer on WiFi management probe frame. |
option | - |
| ap-sniffer-mgmt-other | Enable/disable sniffer on WiFi management other frames (default = enable). enable: Enable sniffer on WiFi management other frame. disable: Disable sniffer on WiFi management other frame. |
option | - |
| ap-sniffer-ctl | Enable/disable sniffer on WiFi control frame (default = enable). enable: Enable sniffer on WiFi control frame. disable: Disable sniffer on WiFi control frame. |
option | - |
| ap-sniffer-data | Enable/disable sniffer on WiFi data frame (default = enable). enable: Enable sniffer on WiFi data frame disable: Disable sniffer on WiFi data frame |
option | - |
| channel-utilization | Enable/disable measuring channel utilization. enable: Enable measuring channel utilization. disable: Disable measuring channel utilization. |
option | - |
| wids-profile | Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. | string | Maximum length: 35 |
| darrp | Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable). enable: Enable distributed automatic radio resource provisioning. disable: Disable distributed automatic radio resource provisioning. |
option | - |
| max-clients | Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. | integer | Minimum value: 0 Maximum value: 4294967295 |
| max-distance | Maximum expected distance between the AP and clients (0 - 54000 m, default = 0). | integer | Minimum value: 0 Maximum value: 54000 |
| vap-all | Configure method for assigning SSIDs to this FortiAP (default = automatically assign tunnel SSIDs). tunnel: Automatically select tunnel SSIDs. bridge: Automatically select local-bridging SSIDs. manual: Manually select SSIDs. |
option | - |
vaps <name> |
Manually selected list of Virtual Access Points (VAPs). Virtual Access Point (VAP) name. |
string | Maximum length: 35 |
channel <chan> |
Selected list of wireless radio channels. Channel number. |
string | Maximum length: 3 |
| call-admission-control | Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. enable: Enable WMM call admission control. disable: Disable WMM call admission control. |
option | - |
| call-capacity | Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10). | integer | Minimum value: 0 Maximum value: 60 |
| bandwidth-admission-control | Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. enable: Enable WMM bandwidth admission control. disable: Disable WMM bandwidth admission control. |
option | - |
| bandwidth-capacity | Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000). | integer | Minimum value: 1 Maximum value: 600000 |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| ekahau-blink-mode | Enable/disable Ekahau blink mode (now known as AiRISTA Flow) to track and locate WiFi tags (default = disable). enable: Enable Ekahau blink mode. disable: Disable Ekahau blink mode. |
option | - |
| ekahau-tag | WiFi frame MAC address or WiFi Tag. | mac-address | Not Specified |
| erc-server-ip | IP address of Ekahau RTLS Controller (ERC). | ipv4-address-any | Not Specified |
| erc-server-port | Ekahau RTLS Controller (ERC) UDP listening port. | integer | Minimum value: 1024 Maximum value: 65535 |
| aeroscout | Enable/disable AeroScout Real Time Location Service (RTLS) support (default = disable). enable: Enable AeroScout support. disable: Disable AeroScout support. |
option | - |
| aeroscout-server-ip | IP address of AeroScout server. | ipv4-address-any | Not Specified |
| aeroscout-server-port | AeroScout server UDP listening port. | integer | Minimum value: 1024 Maximum value: 65535 |
| aeroscout-mu | Enable/disable AeroScout Mobile Unit (MU) support (default = disable). enable: Enable AeroScout MU mode support. disable: Disable AeroScout MU mode support. |
option | - |
| aeroscout-ap-mac | Use BSSID or board MAC address as AP MAC address in AeroScout AP messages (default = bssid). bssid: Use BSSID as AP MAC address in AeroScout AP messages. board-mac: Use board MAC address as AP MAC address in AeroScout AP messages. |
option | - |
| aeroscout-mmu-report | Enable/disable compounded AeroScout tag and MU report (default = enable). enable: Enable compounded AeroScout tag and MU report. disable: Disable compounded AeroScout tag and MU report. |
option | - |
| aeroscout-mu-factor | AeroScout MU mode dilution factor (default = 20). | integer | Minimum value: 0 Maximum value: 4294967295 |
| aeroscout-mu-timeout | AeroScout MU mode timeout (0 - 65535 sec, default = 5). | integer | Minimum value: 0 Maximum value: 65535 |
| fortipresence | Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don't connect to this WiFi network (default = disable). foreign: FortiPresence monitors foreign channels only. Foreign channels mean all other available channels than the current operating channel of the WTP, AP, or FortiAP. both: Enable FortiPresence on both foreign and home channels. Select this option to have FortiPresence monitor all WiFi channels. disable: Disable FortiPresence. |
option | - |
| fortipresence-server | FortiPresence server IP address. | ipv4-address-any | Not Specified |
| fortipresence-port | FortiPresence server UDP listening port (default = 3000). | integer | Minimum value: 300 Maximum value: 65535 |
| fortipresence-secret | FortiPresence secret password (max. 16 characters). | password | Not Specified |
| fortipresence-project | FortiPresence project name (max. 16 characters, default = fortipresence). | string | Maximum length: 16 |
| fortipresence-frequency | FortiPresence report transmit frequency (5 - 65535 sec, default = 30). | integer | Minimum value: 5 Maximum value: 65535 |
| fortipresence-rogue | Enable/disable FortiPresence finding and reporting rogue APs. enable: Enable FortiPresence finding and reporting rogue APs. disable: Disable FortiPresence finding and reporting rogue APs. |
option | - |
| fortipresence-unassoc | Enable/disable FortiPresence finding and reporting unassociated stations. enable: Enable FortiPresence finding and reporting unassociated stations. disable: Disable FortiPresence finding and reporting unassociated stations. |
option | - |
| fortipresence-ble | Enable/disable FortiPresence finding and reporting BLE devices. enable: Enable FortiPresence finding and reporting BLE devices. disable: Disable FortiPresence finding and reporting BLE devices. |
option | - |
| station-locate | Enable/disable client station locating services for all clients, whether associated or not (default = disable). enable: Enable station locating service. disable: Disable station locating service. |
option | - |
config wireless-controller wtp-profile
Description: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.
edit <name>
set comment {var-string}
config platform
Description: WTP, FortiAP, or AP platform.
set type [AP-11N|220B|...]
set mode [single-5G|dual-5G]
set ddscan [enable|disable]
end
set control-message-offload {option1}, {option2}, ...
set apcfg-profile {string}
set ble-profile {string}
set wan-port-mode [wan-lan|wan-only]
config lan
Description: WTP LAN port mapping.
set port-mode [offline|nat-to-wan|...]
set port-ssid {string}
set port1-mode [offline|nat-to-wan|...]
set port1-ssid {string}
set port2-mode [offline|nat-to-wan|...]
set port2-ssid {string}
set port3-mode [offline|nat-to-wan|...]
set port3-ssid {string}
set port4-mode [offline|nat-to-wan|...]
set port4-ssid {string}
set port5-mode [offline|nat-to-wan|...]
set port5-ssid {string}
set port6-mode [offline|nat-to-wan|...]
set port6-ssid {string}
set port7-mode [offline|nat-to-wan|...]
set port7-ssid {string}
set port8-mode [offline|nat-to-wan|...]
set port8-ssid {string}
set port-esl-mode [offline|nat-to-wan|...]
set port-esl-ssid {string}
end
set energy-efficient-ethernet [enable|disable]
set led-state [enable|disable]
set led-schedules <name1>, <name2>, ...
set dtls-policy {option1}, {option2}, ...
set dtls-in-kernel [enable|disable]
set max-clients {integer}
set handoff-rssi {integer}
set handoff-sta-thresh {integer}
set handoff-roaming [enable|disable]
config deny-mac-list
Description: List of MAC addresses that are denied access to this WTP, FortiAP, or AP.
edit <id>
set mac {mac-address}
next
end
set ap-country [NA|AL|...]
set ip-fragment-preventing {option1}, {option2}, ...
set tun-mtu-uplink {integer}
set tun-mtu-downlink {integer}
set split-tunneling-acl-path [tunnel|local]
set split-tunneling-acl-local-ap-subnet [enable|disable]
config split-tunneling-acl
Description: Split tunneling ACL filter list.
edit <id>
set dest-ip {ipv4-classnet}
next
end
set allowaccess {option1}, {option2}, ...
set login-passwd-change [yes|default|...]
set login-passwd {password}
set lldp [enable|disable]
set poe-mode [auto|8023af|...]
set frequency-handoff [enable|disable]
set ap-handoff [enable|disable]
config radio-1
Description: Configuration options for radio 1.
set mode [disabled|ap|...]
set band [802.11a|802.11b|...]
set band-5g-type [5g-full|5g-high|...]
set drma [disable|enable]
set drma-sensitivity [low|medium|...]
set airtime-fairness [enable|disable]
set protection-mode [rtscts|ctsonly|...]
set powersave-optimize {option1}, {option2}, ...
set transmit-optimize {option1}, {option2}, ...
set amsdu [enable|disable]
set coexistence [enable|disable]
set zero-wait-dfs [enable|disable]
set bss-color {integer}
set short-guard-interval [enable|disable]
set channel-bonding [160MHz|80MHz|...]
set auto-power-level [enable|disable]
set auto-power-high {integer}
set auto-power-low {integer}
set auto-power-target {string}
set power-level {integer}
set dtim {integer}
set beacon-interval {integer}
set rts-threshold {integer}
set frag-threshold {integer}
set ap-sniffer-bufsize {integer}
set ap-sniffer-chan {integer}
set ap-sniffer-addr {mac-address}
set ap-sniffer-mgmt-beacon [enable|disable]
set ap-sniffer-mgmt-probe [enable|disable]
set ap-sniffer-mgmt-other [enable|disable]
set ap-sniffer-ctl [enable|disable]
set ap-sniffer-data [enable|disable]
set channel-utilization [enable|disable]
set wids-profile {string}
set darrp [enable|disable]
set max-clients {integer}
set max-distance {integer}
set vap-all [tunnel|bridge|...]
set vaps <name1>, <name2>, ...
set channel <chan1>, <chan2>, ...
set call-admission-control [enable|disable]
set call-capacity {integer}
set bandwidth-admission-control [enable|disable]
set bandwidth-capacity {integer}
end
config radio-2
Description: Configuration options for radio 2.
set mode [disabled|ap|...]
set band [802.11a|802.11b|...]
set band-5g-type [5g-full|5g-high|...]
set drma [disable|enable]
set drma-sensitivity [low|medium|...]
set airtime-fairness [enable|disable]
set protection-mode [rtscts|ctsonly|...]
set powersave-optimize {option1}, {option2}, ...
set transmit-optimize {option1}, {option2}, ...
set amsdu [enable|disable]
set coexistence [enable|disable]
set zero-wait-dfs [enable|disable]
set bss-color {integer}
set short-guard-interval [enable|disable]
set channel-bonding [160MHz|80MHz|...]
set auto-power-level [enable|disable]
set auto-power-high {integer}
set auto-power-low {integer}
set auto-power-target {string}
set power-level {integer}
set dtim {integer}
set beacon-interval {integer}
set rts-threshold {integer}
set frag-threshold {integer}
set ap-sniffer-bufsize {integer}
set ap-sniffer-chan {integer}
set ap-sniffer-addr {mac-address}
set ap-sniffer-mgmt-beacon [enable|disable]
set ap-sniffer-mgmt-probe [enable|disable]
set ap-sniffer-mgmt-other [enable|disable]
set ap-sniffer-ctl [enable|disable]
set ap-sniffer-data [enable|disable]
set channel-utilization [enable|disable]
set wids-profile {string}
set darrp [enable|disable]
set max-clients {integer}
set max-distance {integer}
set vap-all [tunnel|bridge|...]
set vaps <name1>, <name2>, ...
set channel <chan1>, <chan2>, ...
set call-admission-control [enable|disable]
set call-capacity {integer}
set bandwidth-admission-control [enable|disable]
set bandwidth-capacity {integer}
end
config radio-3
Description: Configuration options for radio 3.
set mode [disabled|ap|...]
set band [802.11a|802.11b|...]
set band-5g-type [5g-full|5g-high|...]
set drma [disable|enable]
set drma-sensitivity [low|medium|...]
set airtime-fairness [enable|disable]
set protection-mode [rtscts|ctsonly|...]
set powersave-optimize {option1}, {option2}, ...
set transmit-optimize {option1}, {option2}, ...
set amsdu [enable|disable]
set coexistence [enable|disable]
set zero-wait-dfs [enable|disable]
set bss-color {integer}
set short-guard-interval [enable|disable]
set channel-bonding [160MHz|80MHz|...]
set auto-power-level [enable|disable]
set auto-power-high {integer}
set auto-power-low {integer}
set auto-power-target {string}
set power-level {integer}
set dtim {integer}
set beacon-interval {integer}
set rts-threshold {integer}
set frag-threshold {integer}
set ap-sniffer-bufsize {integer}
set ap-sniffer-chan {integer}
set ap-sniffer-addr {mac-address}
set ap-sniffer-mgmt-beacon [enable|disable]
set ap-sniffer-mgmt-probe [enable|disable]
set ap-sniffer-mgmt-other [enable|disable]
set ap-sniffer-ctl [enable|disable]
set ap-sniffer-data [enable|disable]
set channel-utilization [enable|disable]
set wids-profile {string}
set darrp [enable|disable]
set max-clients {integer}
set max-distance {integer}
set vap-all [tunnel|bridge|...]
set vaps <name1>, <name2>, ...
set channel <chan1>, <chan2>, ...
set call-admission-control [enable|disable]
set call-capacity {integer}
set bandwidth-admission-control [enable|disable]
set bandwidth-capacity {integer}
end
config radio-4
Description: Configuration options for radio 4.
set mode [disabled|ap|...]
set band [802.11a|802.11b|...]
set band-5g-type [5g-full|5g-high|...]
set drma [disable|enable]
set drma-sensitivity [low|medium|...]
set airtime-fairness [enable|disable]
set protection-mode [rtscts|ctsonly|...]
set powersave-optimize {option1}, {option2}, ...
set transmit-optimize {option1}, {option2}, ...
set amsdu [enable|disable]
set coexistence [enable|disable]
set zero-wait-dfs [enable|disable]
set bss-color {integer}
set short-guard-interval [enable|disable]
set channel-bonding [160MHz|80MHz|...]
set auto-power-level [enable|disable]
set auto-power-high {integer}
set auto-power-low {integer}
set auto-power-target {string}
set power-level {integer}
set dtim {integer}
set beacon-interval {integer}
set rts-threshold {integer}
set frag-threshold {integer}
set ap-sniffer-bufsize {integer}
set ap-sniffer-chan {integer}
set ap-sniffer-addr {mac-address}
set ap-sniffer-mgmt-beacon [enable|disable]
set ap-sniffer-mgmt-probe [enable|disable]
set ap-sniffer-mgmt-other [enable|disable]
set ap-sniffer-ctl [enable|disable]
set ap-sniffer-data [enable|disable]
set channel-utilization [enable|disable]
set wids-profile {string}
set darrp [enable|disable]
set max-clients {integer}
set max-distance {integer}
set vap-all [tunnel|bridge|...]
set vaps <name1>, <name2>, ...
set channel <chan1>, <chan2>, ...
set call-admission-control [enable|disable]
set call-capacity {integer}
set bandwidth-admission-control [enable|disable]
set bandwidth-capacity {integer}
end
config lbs
Description: Set various location based service (LBS) options.
set ekahau-blink-mode [enable|disable]
set ekahau-tag {mac-address}
set erc-server-ip {ipv4-address-any}
set erc-server-port {integer}
set aeroscout [enable|disable]
set aeroscout-server-ip {ipv4-address-any}
set aeroscout-server-port {integer}
set aeroscout-mu [enable|disable]
set aeroscout-ap-mac [bssid|board-mac]
set aeroscout-mmu-report [enable|disable]
set aeroscout-mu-factor {integer}
set aeroscout-mu-timeout {integer}
set fortipresence [foreign|both|...]
set fortipresence-server {ipv4-address-any}
set fortipresence-port {integer}
set fortipresence-secret {password}
set fortipresence-project {string}
set fortipresence-frequency {integer}
set fortipresence-rogue [enable|disable]
set fortipresence-unassoc [enable|disable]
set fortipresence-ble [enable|disable]
set station-locate [enable|disable]
end
set ext-info-enable [enable|disable]
next
end| Parameter Name | Description | Type | Size |
|---|---|---|---|
| comment | Comment. | var-string | Maximum length: 255 |
| control-message-offload | Enable/disable CAPWAP control message data channel offload. ebp-frame: Ekahau blink protocol (EBP) frames. aeroscout-tag: AeroScout tag. ap-list: Rogue AP list. sta-list: Rogue STA list. sta-cap-list: STA capability list. stats: WTP, radio, VAP, and STA statistics. aeroscout-mu: AeroScout Mobile Unit (MU) report. sta-health: STA health log. spectral-analysis: Spectral analysis report. |
option | - |
| apcfg-profile | AP local configuration profile name. | string | Maximum length: 35 |
| ble-profile | Bluetooth Low Energy profile name. | string | Maximum length: 35 |
| wan-port-mode | Enable/disable using a WAN port as a LAN port. wan-lan: Enable using a WAN port as a LAN port. wan-only: Disable using a WAN port as a LAN port. |
option | - |
| energy-efficient-ethernet | Enable/disable use of energy efficient Ethernet on WTP. enable: Enable use of energy efficient Ethernet on WTP. disable: Disable use of energy efficient Ethernet on WTP. |
option | - |
| led-state | Enable/disable use of LEDs on WTP (default = disable). enable: Enable use of LEDs on WTP. disable: Disable use of LEDs on WTP. |
option | - |
led-schedules <name> |
Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid. Separate multiple schedule names with a space. Schedule name. |
string | Maximum length: 35 |
| dtls-policy | WTP data channel DTLS policy (default = clear-text). clear-text: Clear Text Data Channel. dtls-enabled: DTLS Enabled Data Channel. ipsec-vpn: IPsec VPN Data Channel. |
option | - |
| dtls-in-kernel | Enable/disable data channel DTLS in kernel. enable: Enable data channel DTLS in kernel. disable: Disable data channel DTLS in kernel. |
option | - |
| max-clients | Maximum number of stations (STAs) supported by the WTP (default = 0, meaning no client limitation). | integer | Minimum value: 0 Maximum value: 4294967295 |
| handoff-rssi | Minimum received signal strength indicator (RSSI) value for handoff (20 - 30, default = 25). | integer | Minimum value: 20 Maximum value: 30 |
| handoff-sta-thresh | Threshold value for AP handoff. | integer | Minimum value: 0 Maximum value: 4294967295 |
| handoff-roaming | Enable/disable client load balancing during roaming to avoid roaming delay (default = disable). enable: Enable handoff roaming. disable: Disable handoff roaming. |
option | - |
| ap-country | |||
| ip-fragment-preventing | Method(s) by which IP fragmentation is prevented for control and data packets through CAPWAP tunnel (default = tcp-mss-adjust). tcp-mss-adjust: TCP maximum segment size adjustment. icmp-unreachable: Drop packet and send ICMP Destination Unreachable |
option | - |
| tun-mtu-uplink | The maximum transmission unit (MTU) of uplink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0). | integer | Minimum value: 576 Maximum value: 1500 |
| tun-mtu-downlink | The MTU of downlink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; default = 0). | integer | Minimum value: 576 Maximum value: 1500 |
| split-tunneling-acl-path | Split tunneling ACL path is local/tunnel. tunnel: Split tunneling ACL list traffic will be tunnel. local: Split tunneling ACL list traffic will be local NATed. |
option | - |
| split-tunneling-acl-local-ap-subnet | Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL (default = disable). enable: Enable automatically adding local subnetwork of FortiAP to split-tunneling ACL. disable: Disable automatically adding local subnetwork of FortiAP to split-tunneling ACL. |
option | - |
| allowaccess | Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space. https: HTTPS access. ssh: SSH access. snmp: SNMP access. |
option | - |
| login-passwd-change | Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no, default = no). yes: Change the managed WTP, FortiAP or AP's administrator password. Use the login-password option to set the password. default: Keep the managed WTP, FortiAP or AP's administrator password set to the factory default. no: Do not change the managed WTP, FortiAP or AP's administrator password. |
option | - |
| login-passwd | Set the managed WTP, FortiAP, or AP's administrator password. | password | Not Specified |
| lldp | Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP (default = enable). enable: Enable LLDP. disable: Disable LLDP. |
option | - |
| poe-mode | Set the WTP, FortiAP, or AP's PoE mode. auto: Automatically detect the PoE mode. 8023af: Use 802.3af PoE mode. 8023at: Use 802.3at PoE mode. power-adapter: Use the power adapter to control the PoE mode. |
option | - |
| frequency-handoff | Enable/disable frequency handoff of clients to other channels (default = disable). enable: Enable frequency handoff. disable: Disable frequency handoff. |
option | - |
| ap-handoff | Enable/disable AP handoff of clients to other APs (default = disable). enable: Enable AP handoff. disable: Disable AP handoff. |
option | - |
| ext-info-enable | Enable/disable station/VAP/radio extension information. enable: Enable station/VAP/radio extension information. disable: Disable station/VAP/radio extension information. |
option | - |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| type | WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in profile and customize it or create a new profile. AP-11N: Default 11n AP. 220B: FAP220B/221B. 210B: FAP210B. 222B: FAP222B. 112B: FAP112B. 320B: FAP320B. 11C: FAP11C. 14C: FAP14C. 223B: FAP223B. 28C: FAP28C. 320C: FAP320C. 221C: FAP221C. 25D: FAP25D. 222C: FAP222C. 224D: FAP224D. 214B: FK214B. 21D: FAP21D. 24D: FAP24D. 112D: FAP112D. 223C: FAP223C. 321C: FAP321C. C220C: FAPC220C. C225C: FAPC225C. C23JD: FAPC23JD. C24JE: FAPC24JE. S321C: FAPS321C. S322C: FAPS322C. S323C: FAPS323C. S311C: FAPS311C. S313C: FAPS313C. S321CR: FAPS321CR. S322CR: FAPS322CR. S323CR: FAPS323CR. S421E: FAPS421E. S422E: FAPS422E. S423E: FAPS423E. 421E: FAP421E. 423E: FAP423E. 221E: FAP221E. 222E: FAP222E. 223E: FAP223E. 224E: FAP224E. 231E: FAP231E. S221E: FAPS221E. S223E: FAPS223E. 321E: FAP321E. 431F: FAP431F. 432F: FAP432F. 433F: FAP433F. 231F: FAP231F. 234F: FAP234F. 23JF: FAP23JF. U421E: FAPU421EV. U422EV: FAPU422EV. U423E: FAPU423EV. U221EV: FAPU221EV. U223EV: FAPU223EV. U24JEV: FAPU24JEV. U321EV: FAPU321EV. U323EV: FAPU323EV. U431F: FAPU431F. U433F: FAPU433F. U231F: FAPU231F. |
option | - |
| mode | Configure operation mode of 5G radios (default = single-5G). single-5G: Configure radios as one 5GHz band, one 2.4GHz band, and one dedicated monitor or sniffer. dual-5G: Configure radios as one lower 5GHz band, one higher 5GHz band and one 2.4GHz band respectively. |
option | - |
| ddscan | Enable/disable use of one radio for dedicated dual-band scanning to detect RF characterization and wireless threat management. enable: Enable dedicated dual-band scan mode. disable: Disable dedicated dual-band scan mode. |
option | - |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| port-mode | LAN port mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port-ssid | Bridge LAN port to SSID. | string | Maximum length: 15 |
| port1-mode | LAN port 1 mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port1-ssid | Bridge LAN port 1 to SSID. | string | Maximum length: 15 |
| port2-mode | LAN port 2 mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port2-ssid | Bridge LAN port 2 to SSID. | string | Maximum length: 15 |
| port3-mode | LAN port 3 mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port3-ssid | Bridge LAN port 3 to SSID. | string | Maximum length: 15 |
| port4-mode | LAN port 4 mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port4-ssid | Bridge LAN port 4 to SSID. | string | Maximum length: 15 |
| port5-mode | LAN port 5 mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port5-ssid | Bridge LAN port 5 to SSID. | string | Maximum length: 15 |
| port6-mode | LAN port 6 mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port6-ssid | Bridge LAN port 6 to SSID. | string | Maximum length: 15 |
| port7-mode | LAN port 7 mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port7-ssid | Bridge LAN port 7 to SSID. | string | Maximum length: 15 |
| port8-mode | LAN port 8 mode. offline: Offline. nat-to-wan: NAT WTP LAN port to WTP WAN port. bridge-to-wan: Bridge WTP LAN port to WTP WAN port. bridge-to-ssid: Bridge WTP LAN port to SSID. |
option | - |
| port8-ssid | Bridge LAN port 8 to SSID. | string | Maximum length: 15 |
| port-esl-mode | ESL port mode. offline: Offline. nat-to-wan: NAT WTP ESL port to WTP WAN port. bridge-to-wan: Bridge WTP ESL port to WTP WAN port. bridge-to-ssid: Bridge WTP ESL port to SSID. |
option | - |
| port-esl-ssid | Bridge ESL port to SSID. | string | Maximum length: 15 |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| mac | A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP. | mac-address | Not Specified |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| dest-ip | Destination IP and mask for the split-tunneling subnet. | ipv4-classnet | Not Specified |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| mode | Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. disabled: Radio 1 is disabled. ap: Radio 1 operates as an access point that allows WiFi clients to connect to your network. monitor: Radio 1 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list. sniffer: Radio 1 operates as a sniffer capturing WiFi frames on air. |
option | - |
| band | WiFi band that Radio 1 operates on. 802.11a: 802.11a. 802.11b: 802.11b. 802.11g: 802.11g/b. 802.11n: 802.11n/g/b at 2.4GHz. 802.11n-5G: 802.11n/a at 5GHz. 802.11ac: 802.11ac/n/a. 802.11ax-5G: 802.11ax/ac/n/a at 5GHz. 802.11ax: 802.11ax/n/g/b at 2.4GHz. 802.11ac-2G: 802.11ac at 2.4GHz. 802.11n,g-only: 802.11n/g at 2.4GHz. 802.11g-only: 802.11g. 802.11n-only: 802.11n at 2.4GHz. 802.11n-5G-only: 802.11n at 5GHz. 802.11ac,n-only: 802.11ac/n. 802.11ac-only: 802.11ac. 802.11ax,ac-only: 802.11ax/ac at 5GHz. 802.11ax,ac,n-only: 802.11ax/ac/n at 5GHz. 802.11ax-5G-only: 802.11ax at 5GHz. 802.11ax,n-only: 802.11ax/n at 2.4GHz. 802.11ax,n,g-only: 802.11ax/n/g at 2.4GHz. 802.11ax-only: 802.11ax at 2.4GHz. |
option | - |
| band-5g-type | WiFi 5G band type. 5g-full: Full 5G band. 5g-high: High 5G band. 5g-low: Low 5G band. |
option | - |
| drma | Enable/disable dynamic radio mode assignment (DRMA) (default = disable). disable: Disable dynamic radio mode assignment (DRMA). enable: Enable dynamic radio mode assignment (DRMA). |
option | - |
| drma-sensitivity | Network Coverage Factor (NCF) percentage required to consider a radio as redundant (default = low). low: Consider a radio as redundant when its NCF is 100%. medium: Consider a radio as redundant when its NCF is 95%. high: Consider a radio as redundant when its NCF is 90%. |
option | - |
| airtime-fairness | Enable/disable airtime fairness (default = disable). enable: Enable airtime fairness (ATF) support. disable: Disable airtime fairness (ATF) support. |
option | - |
| protection-mode | Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). rtscts: Enable 802.11g protection RTS/CTS mode. ctsonly: Enable 802.11g protection CTS only mode. disable: Disable 802.11g protection mode. |
option | - |
| powersave-optimize | Enable client power-saving features such as TIM, AC VO, and OBSS etc. tim: TIM bit for client in power save mode. ac-vo: Use AC VO priority to send out packets in the power save queue. no-obss-scan: Do not put OBSS scan IE into beacon and probe response frames. no-11b-rate: Do not send frame using 11b data rate. client-rate-follow: Adapt transmitting PHY rate with receiving PHY rate from a client. |
option | - |
| transmit-optimize | Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. disable: Disable packet transmission optimization. power-save: Tag client as operating in power save mode if excessive transmit retries occur. aggr-limit: Set aggregation limit to a lower value when data rate is low. retry-limit: Set software retry limit to a lower value when data rate is low. send-bar: Limit transmission of BAR frames. |
option | - |
| amsdu | Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable). enable: Enable AMSDU support. disable: Disable AMSDU support. |
option | - |
| coexistence | Enable/disable allowing both HT20 and HT40 on the same radio (default = enable). enable: Enable support for both HT20 and HT40 on the same radio. disable: Disable support for both HT20 and HT40 on the same radio. |
option | - |
| zero-wait-dfs | Enable/disable zero wait DFS on radio (default = enable). enable: Enable zero wait DFS disable: Disable zero wait DFS |
option | - |
| bss-color | BSS color value for this 11ax radio (0 - 63, 0 means disable. default = 0). | integer | Minimum value: 0 Maximum value: 63 |
| short-guard-interval | Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. enable: Select the 400 ns short guard interval (Short GI). disable: Select the 800 ns long guard interval (Long GI). |
option | - |
| channel-bonding | Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. 160MHz: 160 MHz channel width. 80MHz: 80 MHz channel width. 40MHz: 40 MHz channel width. 20MHz: 20 MHz channel width. |
option | - |
| auto-power-level | Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable). enable: Enable automatic transmit power adjustment. disable: Disable automatic transmit power adjustment. |
option | - |
| auto-power-high | The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). | integer | Minimum value: 0 Maximum value: 4294967295 |
| auto-power-low | The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). | integer | Minimum value: 0 Maximum value: 4294967295 |
| auto-power-target | The target of automatic transmit power adjustment in dBm. (-95 to -20, default = -70). | string | Maximum length: 7 |
| power-level | Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). | integer | Minimum value: 0 Maximum value: 100 |
| dtim | Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode. | integer | Minimum value: 1 Maximum value: 255 |
| beacon-interval | Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100). | integer | Minimum value: 0 Maximum value: 65535 |
| rts-threshold | Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346). | integer | Minimum value: 256 Maximum value: 2346 |
| frag-threshold | Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346). | integer | Minimum value: 800 Maximum value: 2346 |
| ap-sniffer-bufsize | Sniffer buffer size (1 - 32 MB, default = 16). | integer | Minimum value: 1 Maximum value: 32 |
| ap-sniffer-chan | Channel on which to operate the sniffer (default = 6). | integer | Minimum value: 0 Maximum value: 4294967295 |
| ap-sniffer-addr | MAC address to monitor. | mac-address | Not Specified |
| ap-sniffer-mgmt-beacon | Enable/disable sniffer on WiFi management Beacon frames (default = enable). enable: Enable sniffer on WiFi management beacon frame. disable: Disable sniffer on WiFi management beacon frame. |
option | - |
| ap-sniffer-mgmt-probe | Enable/disable sniffer on WiFi management probe frames (default = enable). enable: Enable sniffer on WiFi management probe frame. disable: Enable sniffer on WiFi management probe frame. |
option | - |
| ap-sniffer-mgmt-other | Enable/disable sniffer on WiFi management other frames (default = enable). enable: Enable sniffer on WiFi management other frame. disable: Disable sniffer on WiFi management other frame. |
option | - |
| ap-sniffer-ctl | Enable/disable sniffer on WiFi control frame (default = enable). enable: Enable sniffer on WiFi control frame. disable: Disable sniffer on WiFi control frame. |
option | - |
| ap-sniffer-data | Enable/disable sniffer on WiFi data frame (default = enable). enable: Enable sniffer on WiFi data frame disable: Disable sniffer on WiFi data frame |
option | - |
| channel-utilization | Enable/disable measuring channel utilization. enable: Enable measuring channel utilization. disable: Disable measuring channel utilization. |
option | - |
| wids-profile | Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. | string | Maximum length: 35 |
| darrp | Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable). enable: Enable distributed automatic radio resource provisioning. disable: Disable distributed automatic radio resource provisioning. |
option | - |
| max-clients | Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. | integer | Minimum value: 0 Maximum value: 4294967295 |
| max-distance | Maximum expected distance between the AP and clients (0 - 54000 m, default = 0). | integer | Minimum value: 0 Maximum value: 54000 |
| vap-all | Configure method for assigning SSIDs to this FortiAP (default = automatically assign tunnel SSIDs). tunnel: Automatically select tunnel SSIDs. bridge: Automatically select local-bridging SSIDs. manual: Manually select SSIDs. |
option | - |
vaps <name> |
Manually selected list of Virtual Access Points (VAPs). Virtual Access Point (VAP) name. |
string | Maximum length: 35 |
channel <chan> |
Selected list of wireless radio channels. Channel number. |
string | Maximum length: 3 |
| call-admission-control | Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. enable: Enable WMM call admission control. disable: Disable WMM call admission control. |
option | - |
| call-capacity | Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10). | integer | Minimum value: 0 Maximum value: 60 |
| bandwidth-admission-control | Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. enable: Enable WMM bandwidth admission control. disable: Disable WMM bandwidth admission control. |
option | - |
| bandwidth-capacity | Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000). | integer | Minimum value: 1 Maximum value: 600000 |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| mode | Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. disabled: Radio 2 is disabled. ap: Radio 2 operates as an access point that allows WiFi clients to connect to your network. monitor: Radio 2 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list. sniffer: Radio 2 operates as a sniffer capturing WiFi frames on air. |
option | - |
| band | WiFi band that Radio 2 operates on. 802.11a: 802.11a. 802.11b: 802.11b. 802.11g: 802.11g/b. 802.11n: 802.11n/g/b at 2.4GHz. 802.11n-5G: 802.11n/a at 5GHz. 802.11ac: 802.11ac/n/a. 802.11ax-5G: 802.11ax/ac/n/a at 5GHz. 802.11ax: 802.11ax/n/g/b at 2.4GHz. 802.11ac-2G: 802.11ac at 2.4GHz. 802.11n,g-only: 802.11n/g at 2.4GHz. 802.11g-only: 802.11g. 802.11n-only: 802.11n at 2.4GHz. 802.11n-5G-only: 802.11n at 5GHz. 802.11ac,n-only: 802.11ac/n. 802.11ac-only: 802.11ac. 802.11ax,ac-only: 802.11ax/ac at 5GHz. 802.11ax,ac,n-only: 802.11ax/ac/n at 5GHz. 802.11ax-5G-only: 802.11ax at 5GHz. 802.11ax,n-only: 802.11ax/n at 2.4GHz. 802.11ax,n,g-only: 802.11ax/n/g at 2.4GHz. 802.11ax-only: 802.11ax at 2.4GHz. |
option | - |
| band-5g-type | WiFi 5G band type. 5g-full: Full 5G band. 5g-high: High 5G band. 5g-low: Low 5G band. |
option | - |
| drma | Enable/disable dynamic radio mode assignment (DRMA) (default = disable). disable: Disable dynamic radio mode assignment (DRMA). enable: Enable dynamic radio mode assignment (DRMA). |
option | - |
| drma-sensitivity | Network Coverage Factor (NCF) percentage required to consider a radio as redundant (default = low). low: Consider a radio as redundant when its NCF is 100%. medium: Consider a radio as redundant when its NCF is 95%. high: Consider a radio as redundant when its NCF is 90%. |
option | - |
| airtime-fairness | Enable/disable airtime fairness (default = disable). enable: Enable airtime fairness (ATF) support. disable: Disable airtime fairness (ATF) support. |
option | - |
| protection-mode | Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). rtscts: Enable 802.11g protection RTS/CTS mode. ctsonly: Enable 802.11g protection CTS only mode. disable: Disable 802.11g protection mode. |
option | - |
| powersave-optimize | Enable client power-saving features such as TIM, AC VO, and OBSS etc. tim: TIM bit for client in power save mode. ac-vo: Use AC VO priority to send out packets in the power save queue. no-obss-scan: Do not put OBSS scan IE into beacon and probe response frames. no-11b-rate: Do not send frame using 11b data rate. client-rate-follow: Adapt transmitting PHY rate with receiving PHY rate from a client. |
option | - |
| transmit-optimize | Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. disable: Disable packet transmission optimization. power-save: Tag client as operating in power save mode if excessive transmit retries occur. aggr-limit: Set aggregation limit to a lower value when data rate is low. retry-limit: Set software retry limit to a lower value when data rate is low. send-bar: Limit transmission of BAR frames. |
option | - |
| amsdu | Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable). enable: Enable AMSDU support. disable: Disable AMSDU support. |
option | - |
| coexistence | Enable/disable allowing both HT20 and HT40 on the same radio (default = enable). enable: Enable support for both HT20 and HT40 on the same radio. disable: Disable support for both HT20 and HT40 on the same radio. |
option | - |
| zero-wait-dfs | Enable/disable zero wait DFS on radio (default = enable). enable: Enable zero wait DFS disable: Disable zero wait DFS |
option | - |
| bss-color | BSS color value for this 11ax radio (0 - 63, 0 means disable. default = 0). | integer | Minimum value: 0 Maximum value: 63 |
| short-guard-interval | Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. enable: Select the 400 ns short guard interval (Short GI). disable: Select the 800 ns long guard interval (Long GI). |
option | - |
| channel-bonding | Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. 160MHz: 160 MHz channel width. 80MHz: 80 MHz channel width. 40MHz: 40 MHz channel width. 20MHz: 20 MHz channel width. |
option | - |
| auto-power-level | Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable). enable: Enable automatic transmit power adjustment. disable: Disable automatic transmit power adjustment. |
option | - |
| auto-power-high | The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). | integer | Minimum value: 0 Maximum value: 4294967295 |
| auto-power-low | The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). | integer | Minimum value: 0 Maximum value: 4294967295 |
| auto-power-target | The target of automatic transmit power adjustment in dBm. (-95 to -20, default = -70). | string | Maximum length: 7 |
| power-level | Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). | integer | Minimum value: 0 Maximum value: 100 |
| dtim | Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode. | integer | Minimum value: 1 Maximum value: 255 |
| beacon-interval | Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100). | integer | Minimum value: 0 Maximum value: 65535 |
| rts-threshold | Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346). | integer | Minimum value: 256 Maximum value: 2346 |
| frag-threshold | Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346). | integer | Minimum value: 800 Maximum value: 2346 |
| ap-sniffer-bufsize | Sniffer buffer size (1 - 32 MB, default = 16). | integer | Minimum value: 1 Maximum value: 32 |
| ap-sniffer-chan | Channel on which to operate the sniffer (default = 6). | integer | Minimum value: 0 Maximum value: 4294967295 |
| ap-sniffer-addr | MAC address to monitor. | mac-address | Not Specified |
| ap-sniffer-mgmt-beacon | Enable/disable sniffer on WiFi management Beacon frames (default = enable). enable: Enable sniffer on WiFi management beacon frame. disable: Disable sniffer on WiFi management beacon frame. |
option | - |
| ap-sniffer-mgmt-probe | Enable/disable sniffer on WiFi management probe frames (default = enable). enable: Enable sniffer on WiFi management probe frame. disable: Enable sniffer on WiFi management probe frame. |
option | - |
| ap-sniffer-mgmt-other | Enable/disable sniffer on WiFi management other frames (default = enable). enable: Enable sniffer on WiFi management other frame. disable: Disable sniffer on WiFi management other frame. |
option | - |
| ap-sniffer-ctl | Enable/disable sniffer on WiFi control frame (default = enable). enable: Enable sniffer on WiFi control frame. disable: Disable sniffer on WiFi control frame. |
option | - |
| ap-sniffer-data | Enable/disable sniffer on WiFi data frame (default = enable). enable: Enable sniffer on WiFi data frame disable: Disable sniffer on WiFi data frame |
option | - |
| channel-utilization | Enable/disable measuring channel utilization. enable: Enable measuring channel utilization. disable: Disable measuring channel utilization. |
option | - |
| wids-profile | Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. | string | Maximum length: 35 |
| darrp | Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable). enable: Enable distributed automatic radio resource provisioning. disable: Disable distributed automatic radio resource provisioning. |
option | - |
| max-clients | Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. | integer | Minimum value: 0 Maximum value: 4294967295 |
| max-distance | Maximum expected distance between the AP and clients (0 - 54000 m, default = 0). | integer | Minimum value: 0 Maximum value: 54000 |
| vap-all | Configure method for assigning SSIDs to this FortiAP (default = automatically assign tunnel SSIDs). tunnel: Automatically select tunnel SSIDs. bridge: Automatically select local-bridging SSIDs. manual: Manually select SSIDs. |
option | - |
vaps <name> |
Manually selected list of Virtual Access Points (VAPs). Virtual Access Point (VAP) name. |
string | Maximum length: 35 |
channel <chan> |
Selected list of wireless radio channels. Channel number. |
string | Maximum length: 3 |
| call-admission-control | Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. enable: Enable WMM call admission control. disable: Disable WMM call admission control. |
option | - |
| call-capacity | Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10). | integer | Minimum value: 0 Maximum value: 60 |
| bandwidth-admission-control | Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. enable: Enable WMM bandwidth admission control. disable: Disable WMM bandwidth admission control. |
option | - |
| bandwidth-capacity | Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000). | integer | Minimum value: 1 Maximum value: 600000 |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| mode | Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. disabled: Radio 3 is disabled. ap: Radio 3 operates as an access point that allows WiFi clients to connect to your network. monitor: Radio 3 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list. sniffer: Radio 3 operates as a sniffer capturing WiFi frames on air. |
option | - |
| band | WiFi band that Radio 3 operates on. 802.11a: 802.11a. 802.11b: 802.11b. 802.11g: 802.11g/b. 802.11n: 802.11n/g/b at 2.4GHz. 802.11n-5G: 802.11n/a at 5GHz. 802.11ac: 802.11ac/n/a. 802.11ax-5G: 802.11ax/ac/n/a at 5GHz. 802.11ax: 802.11ax/n/g/b at 2.4GHz. 802.11ac-2G: 802.11ac at 2.4GHz. 802.11n,g-only: 802.11n/g at 2.4GHz. 802.11g-only: 802.11g. 802.11n-only: 802.11n at 2.4GHz. 802.11n-5G-only: 802.11n at 5GHz. 802.11ac,n-only: 802.11ac/n. 802.11ac-only: 802.11ac. 802.11ax,ac-only: 802.11ax/ac at 5GHz. 802.11ax,ac,n-only: 802.11ax/ac/n at 5GHz. 802.11ax-5G-only: 802.11ax at 5GHz. 802.11ax,n-only: 802.11ax/n at 2.4GHz. 802.11ax,n,g-only: 802.11ax/n/g at 2.4GHz. 802.11ax-only: 802.11ax at 2.4GHz. |
option | - |
| band-5g-type | WiFi 5G band type. 5g-full: Full 5G band. 5g-high: High 5G band. 5g-low: Low 5G band. |
option | - |
| drma | Enable/disable dynamic radio mode assignment (DRMA) (default = disable). disable: Disable dynamic radio mode assignment (DRMA). enable: Enable dynamic radio mode assignment (DRMA). |
option | - |
| drma-sensitivity | Network Coverage Factor (NCF) percentage required to consider a radio as redundant (default = low). low: Consider a radio as redundant when its NCF is 100%. medium: Consider a radio as redundant when its NCF is 95%. high: Consider a radio as redundant when its NCF is 90%. |
option | - |
| airtime-fairness | Enable/disable airtime fairness (default = disable). enable: Enable airtime fairness (ATF) support. disable: Disable airtime fairness (ATF) support. |
option | - |
| protection-mode | Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). rtscts: Enable 802.11g protection RTS/CTS mode. ctsonly: Enable 802.11g protection CTS only mode. disable: Disable 802.11g protection mode. |
option | - |
| powersave-optimize | Enable client power-saving features such as TIM, AC VO, and OBSS etc. tim: TIM bit for client in power save mode. ac-vo: Use AC VO priority to send out packets in the power save queue. no-obss-scan: Do not put OBSS scan IE into beacon and probe response frames. no-11b-rate: Do not send frame using 11b data rate. client-rate-follow: Adapt transmitting PHY rate with receiving PHY rate from a client. |
option | - |
| transmit-optimize | Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. disable: Disable packet transmission optimization. power-save: Tag client as operating in power save mode if excessive transmit retries occur. aggr-limit: Set aggregation limit to a lower value when data rate is low. retry-limit: Set software retry limit to a lower value when data rate is low. send-bar: Limit transmission of BAR frames. |
option | - |
| amsdu | Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable). enable: Enable AMSDU support. disable: Disable AMSDU support. |
option | - |
| coexistence | Enable/disable allowing both HT20 and HT40 on the same radio (default = enable). enable: Enable support for both HT20 and HT40 on the same radio. disable: Disable support for both HT20 and HT40 on the same radio. |
option | - |
| zero-wait-dfs | Enable/disable zero wait DFS on radio (default = enable). enable: Enable zero wait DFS disable: Disable zero wait DFS |
option | - |
| bss-color | BSS color value for this 11ax radio (0 - 63, 0 means disable. default = 0). | integer | Minimum value: 0 Maximum value: 63 |
| short-guard-interval | Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. enable: Select the 400 ns short guard interval (Short GI). disable: Select the 800 ns long guard interval (Long GI). |
option | - |
| channel-bonding | Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. 160MHz: 160 MHz channel width. 80MHz: 80 MHz channel width. 40MHz: 40 MHz channel width. 20MHz: 20 MHz channel width. |
option | - |
| auto-power-level | Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable). enable: Enable automatic transmit power adjustment. disable: Disable automatic transmit power adjustment. |
option | - |
| auto-power-high | The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). | integer | Minimum value: 0 Maximum value: 4294967295 |
| auto-power-low | The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). | integer | Minimum value: 0 Maximum value: 4294967295 |
| auto-power-target | The target of automatic transmit power adjustment in dBm. (-95 to -20, default = -70). | string | Maximum length: 7 |
| power-level | Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). | integer | Minimum value: 0 Maximum value: 100 |
| dtim | Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode. | integer | Minimum value: 1 Maximum value: 255 |
| beacon-interval | Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100). | integer | Minimum value: 0 Maximum value: 65535 |
| rts-threshold | Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346). | integer | Minimum value: 256 Maximum value: 2346 |
| frag-threshold | Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346). | integer | Minimum value: 800 Maximum value: 2346 |
| ap-sniffer-bufsize | Sniffer buffer size (1 - 32 MB, default = 16). | integer | Minimum value: 1 Maximum value: 32 |
| ap-sniffer-chan | Channel on which to operate the sniffer (default = 6). | integer | Minimum value: 0 Maximum value: 4294967295 |
| ap-sniffer-addr | MAC address to monitor. | mac-address | Not Specified |
| ap-sniffer-mgmt-beacon | Enable/disable sniffer on WiFi management Beacon frames (default = enable). enable: Enable sniffer on WiFi management beacon frame. disable: Disable sniffer on WiFi management beacon frame. |
option | - |
| ap-sniffer-mgmt-probe | Enable/disable sniffer on WiFi management probe frames (default = enable). enable: Enable sniffer on WiFi management probe frame. disable: Enable sniffer on WiFi management probe frame. |
option | - |
| ap-sniffer-mgmt-other | Enable/disable sniffer on WiFi management other frames (default = enable). enable: Enable sniffer on WiFi management other frame. disable: Disable sniffer on WiFi management other frame. |
option | - |
| ap-sniffer-ctl | Enable/disable sniffer on WiFi control frame (default = enable). enable: Enable sniffer on WiFi control frame. disable: Disable sniffer on WiFi control frame. |
option | - |
| ap-sniffer-data | Enable/disable sniffer on WiFi data frame (default = enable). enable: Enable sniffer on WiFi data frame disable: Disable sniffer on WiFi data frame |
option | - |
| channel-utilization | Enable/disable measuring channel utilization. enable: Enable measuring channel utilization. disable: Disable measuring channel utilization. |
option | - |
| wids-profile | Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. | string | Maximum length: 35 |
| darrp | Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable). enable: Enable distributed automatic radio resource provisioning. disable: Disable distributed automatic radio resource provisioning. |
option | - |
| max-clients | Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. | integer | Minimum value: 0 Maximum value: 4294967295 |
| max-distance | Maximum expected distance between the AP and clients (0 - 54000 m, default = 0). | integer | Minimum value: 0 Maximum value: 54000 |
| vap-all | Configure method for assigning SSIDs to this FortiAP (default = automatically assign tunnel SSIDs). tunnel: Automatically select tunnel SSIDs. bridge: Automatically select local-bridging SSIDs. manual: Manually select SSIDs. |
option | - |
vaps <name> |
Manually selected list of Virtual Access Points (VAPs). Virtual Access Point (VAP) name. |
string | Maximum length: 35 |
channel <chan> |
Selected list of wireless radio channels. Channel number. |
string | Maximum length: 3 |
| call-admission-control | Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. enable: Enable WMM call admission control. disable: Disable WMM call admission control. |
option | - |
| call-capacity | Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10). | integer | Minimum value: 0 Maximum value: 60 |
| bandwidth-admission-control | Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. enable: Enable WMM bandwidth admission control. disable: Disable WMM bandwidth admission control. |
option | - |
| bandwidth-capacity | Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000). | integer | Minimum value: 1 Maximum value: 600000 |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| mode | Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. disabled: Radio 3 is disabled. ap: Radio 3 operates as an access point that allows WiFi clients to connect to your network. monitor: Radio 3 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list. sniffer: Radio 3 operates as a sniffer capturing WiFi frames on air. |
option | - |
| band | WiFi band that Radio 3 operates on. 802.11a: 802.11a. 802.11b: 802.11b. 802.11g: 802.11g/b. 802.11n: 802.11n/g/b at 2.4GHz. 802.11n-5G: 802.11n/a at 5GHz. 802.11ac: 802.11ac/n/a. 802.11ax-5G: 802.11ax/ac/n/a at 5GHz. 802.11ax: 802.11ax/n/g/b at 2.4GHz. 802.11ac-2G: 802.11ac at 2.4GHz. 802.11n,g-only: 802.11n/g at 2.4GHz. 802.11g-only: 802.11g. 802.11n-only: 802.11n at 2.4GHz. 802.11n-5G-only: 802.11n at 5GHz. 802.11ac,n-only: 802.11ac/n. 802.11ac-only: 802.11ac. 802.11ax,ac-only: 802.11ax/ac at 5GHz. 802.11ax,ac,n-only: 802.11ax/ac/n at 5GHz. 802.11ax-5G-only: 802.11ax at 5GHz. 802.11ax,n-only: 802.11ax/n at 2.4GHz. 802.11ax,n,g-only: 802.11ax/n/g at 2.4GHz. 802.11ax-only: 802.11ax at 2.4GHz. |
option | - |
| band-5g-type | WiFi 5G band type. 5g-full: Full 5G band. 5g-high: High 5G band. 5g-low: Low 5G band. |
option | - |
| drma | Enable/disable dynamic radio mode assignment (DRMA) (default = disable). disable: Disable dynamic radio mode assignment (DRMA). enable: Enable dynamic radio mode assignment (DRMA). |
option | - |
| drma-sensitivity | Network Coverage Factor (NCF) percentage required to consider a radio as redundant (default = low). low: Consider a radio as redundant when its NCF is 100%. medium: Consider a radio as redundant when its NCF is 95%. high: Consider a radio as redundant when its NCF is 90%. |
option | - |
| airtime-fairness | Enable/disable airtime fairness (default = disable). enable: Enable airtime fairness (ATF) support. disable: Disable airtime fairness (ATF) support. |
option | - |
| protection-mode | Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). rtscts: Enable 802.11g protection RTS/CTS mode. ctsonly: Enable 802.11g protection CTS only mode. disable: Disable 802.11g protection mode. |
option | - |
| powersave-optimize | Enable client power-saving features such as TIM, AC VO, and OBSS etc. tim: TIM bit for client in power save mode. ac-vo: Use AC VO priority to send out packets in the power save queue. no-obss-scan: Do not put OBSS scan IE into beacon and probe response frames. no-11b-rate: Do not send frame using 11b data rate. client-rate-follow: Adapt transmitting PHY rate with receiving PHY rate from a client. |
option | - |
| transmit-optimize | Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. disable: Disable packet transmission optimization. power-save: Tag client as operating in power save mode if excessive transmit retries occur. aggr-limit: Set aggregation limit to a lower value when data rate is low. retry-limit: Set software retry limit to a lower value when data rate is low. send-bar: Limit transmission of BAR frames. |
option | - |
| amsdu | Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable). enable: Enable AMSDU support. disable: Disable AMSDU support. |
option | - |
| coexistence | Enable/disable allowing both HT20 and HT40 on the same radio (default = enable). enable: Enable support for both HT20 and HT40 on the same radio. disable: Disable support for both HT20 and HT40 on the same radio. |
option | - |
| zero-wait-dfs | Enable/disable zero wait DFS on radio (default = enable). enable: Enable zero wait DFS disable: Disable zero wait DFS |
option | - |
| bss-color | BSS color value for this 11ax radio (0 - 63, 0 means disable. default = 0). | integer | Minimum value: 0 Maximum value: 63 |
| short-guard-interval | Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. enable: Select the 400 ns short guard interval (Short GI). disable: Select the 800 ns long guard interval (Long GI). |
option | - |
| channel-bonding | Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. 160MHz: 160 MHz channel width. 80MHz: 80 MHz channel width. 40MHz: 40 MHz channel width. 20MHz: 20 MHz channel width. |
option | - |
| auto-power-level | Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable). enable: Enable automatic transmit power adjustment. disable: Disable automatic transmit power adjustment. |
option | - |
| auto-power-high | The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). | integer | Minimum value: 0 Maximum value: 4294967295 |
| auto-power-low | The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). | integer | Minimum value: 0 Maximum value: 4294967295 |
| auto-power-target | The target of automatic transmit power adjustment in dBm. (-95 to -20, default = -70). | string | Maximum length: 7 |
| power-level | Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). | integer | Minimum value: 0 Maximum value: 100 |
| dtim | Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client in power-save mode. | integer | Minimum value: 1 Maximum value: 255 |
| beacon-interval | Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100). | integer | Minimum value: 0 Maximum value: 65535 |
| rts-threshold | Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346). | integer | Minimum value: 256 Maximum value: 2346 |
| frag-threshold | Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346). | integer | Minimum value: 800 Maximum value: 2346 |
| ap-sniffer-bufsize | Sniffer buffer size (1 - 32 MB, default = 16). | integer | Minimum value: 1 Maximum value: 32 |
| ap-sniffer-chan | Channel on which to operate the sniffer (default = 6). | integer | Minimum value: 0 Maximum value: 4294967295 |
| ap-sniffer-addr | MAC address to monitor. | mac-address | Not Specified |
| ap-sniffer-mgmt-beacon | Enable/disable sniffer on WiFi management Beacon frames (default = enable). enable: Enable sniffer on WiFi management beacon frame. disable: Disable sniffer on WiFi management beacon frame. |
option | - |
| ap-sniffer-mgmt-probe | Enable/disable sniffer on WiFi management probe frames (default = enable). enable: Enable sniffer on WiFi management probe frame. disable: Enable sniffer on WiFi management probe frame. |
option | - |
| ap-sniffer-mgmt-other | Enable/disable sniffer on WiFi management other frames (default = enable). enable: Enable sniffer on WiFi management other frame. disable: Disable sniffer on WiFi management other frame. |
option | - |
| ap-sniffer-ctl | Enable/disable sniffer on WiFi control frame (default = enable). enable: Enable sniffer on WiFi control frame. disable: Disable sniffer on WiFi control frame. |
option | - |
| ap-sniffer-data | Enable/disable sniffer on WiFi data frame (default = enable). enable: Enable sniffer on WiFi data frame disable: Disable sniffer on WiFi data frame |
option | - |
| channel-utilization | Enable/disable measuring channel utilization. enable: Enable measuring channel utilization. disable: Disable measuring channel utilization. |
option | - |
| wids-profile | Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. | string | Maximum length: 35 |
| darrp | Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable). enable: Enable distributed automatic radio resource provisioning. disable: Disable distributed automatic radio resource provisioning. |
option | - |
| max-clients | Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. | integer | Minimum value: 0 Maximum value: 4294967295 |
| max-distance | Maximum expected distance between the AP and clients (0 - 54000 m, default = 0). | integer | Minimum value: 0 Maximum value: 54000 |
| vap-all | Configure method for assigning SSIDs to this FortiAP (default = automatically assign tunnel SSIDs). tunnel: Automatically select tunnel SSIDs. bridge: Automatically select local-bridging SSIDs. manual: Manually select SSIDs. |
option | - |
vaps <name> |
Manually selected list of Virtual Access Points (VAPs). Virtual Access Point (VAP) name. |
string | Maximum length: 35 |
channel <chan> |
Selected list of wireless radio channels. Channel number. |
string | Maximum length: 3 |
| call-admission-control | Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. enable: Enable WMM call admission control. disable: Disable WMM call admission control. |
option | - |
| call-capacity | Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10). | integer | Minimum value: 0 Maximum value: 60 |
| bandwidth-admission-control | Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. enable: Enable WMM bandwidth admission control. disable: Disable WMM bandwidth admission control. |
option | - |
| bandwidth-capacity | Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000). | integer | Minimum value: 1 Maximum value: 600000 |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| ekahau-blink-mode | Enable/disable Ekahau blink mode (now known as AiRISTA Flow) to track and locate WiFi tags (default = disable). enable: Enable Ekahau blink mode. disable: Disable Ekahau blink mode. |
option | - |
| ekahau-tag | WiFi frame MAC address or WiFi Tag. | mac-address | Not Specified |
| erc-server-ip | IP address of Ekahau RTLS Controller (ERC). | ipv4-address-any | Not Specified |
| erc-server-port | Ekahau RTLS Controller (ERC) UDP listening port. | integer | Minimum value: 1024 Maximum value: 65535 |
| aeroscout | Enable/disable AeroScout Real Time Location Service (RTLS) support (default = disable). enable: Enable AeroScout support. disable: Disable AeroScout support. |
option | - |
| aeroscout-server-ip | IP address of AeroScout server. | ipv4-address-any | Not Specified |
| aeroscout-server-port | AeroScout server UDP listening port. | integer | Minimum value: 1024 Maximum value: 65535 |
| aeroscout-mu | Enable/disable AeroScout Mobile Unit (MU) support (default = disable). enable: Enable AeroScout MU mode support. disable: Disable AeroScout MU mode support. |
option | - |
| aeroscout-ap-mac | Use BSSID or board MAC address as AP MAC address in AeroScout AP messages (default = bssid). bssid: Use BSSID as AP MAC address in AeroScout AP messages. board-mac: Use board MAC address as AP MAC address in AeroScout AP messages. |
option | - |
| aeroscout-mmu-report | Enable/disable compounded AeroScout tag and MU report (default = enable). enable: Enable compounded AeroScout tag and MU report. disable: Disable compounded AeroScout tag and MU report. |
option | - |
| aeroscout-mu-factor | AeroScout MU mode dilution factor (default = 20). | integer | Minimum value: 0 Maximum value: 4294967295 |
| aeroscout-mu-timeout | AeroScout MU mode timeout (0 - 65535 sec, default = 5). | integer | Minimum value: 0 Maximum value: 65535 |
| fortipresence | Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don't connect to this WiFi network (default = disable). foreign: FortiPresence monitors foreign channels only. Foreign channels mean all other available channels than the current operating channel of the WTP, AP, or FortiAP. both: Enable FortiPresence on both foreign and home channels. Select this option to have FortiPresence monitor all WiFi channels. disable: Disable FortiPresence. |
option | - |
| fortipresence-server | FortiPresence server IP address. | ipv4-address-any | Not Specified |
| fortipresence-port | FortiPresence server UDP listening port (default = 3000). | integer | Minimum value: 300 Maximum value: 65535 |
| fortipresence-secret | FortiPresence secret password (max. 16 characters). | password | Not Specified |
| fortipresence-project | FortiPresence project name (max. 16 characters, default = fortipresence). | string | Maximum length: 16 |
| fortipresence-frequency | FortiPresence report transmit frequency (5 - 65535 sec, default = 30). | integer | Minimum value: 5 Maximum value: 65535 |
| fortipresence-rogue | Enable/disable FortiPresence finding and reporting rogue APs. enable: Enable FortiPresence finding and reporting rogue APs. disable: Disable FortiPresence finding and reporting rogue APs. |
option | - |
| fortipresence-unassoc | Enable/disable FortiPresence finding and reporting unassociated stations. enable: Enable FortiPresence finding and reporting unassociated stations. disable: Disable FortiPresence finding and reporting unassociated stations. |
option | - |
| fortipresence-ble | Enable/disable FortiPresence finding and reporting BLE devices. enable: Enable FortiPresence finding and reporting BLE devices. disable: Disable FortiPresence finding and reporting BLE devices. |
option | - |
| station-locate | Enable/disable client station locating services for all clients, whether associated or not (default = disable). enable: Enable station locating service. disable: Disable station locating service. |
option | - |