Fortinet white logo
Fortinet white logo

CLI Reference

config wireless-controller wtp-profile

config wireless-controller wtp-profile

Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.

config wireless-controller wtp-profile
    Description: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.
    edit <name>
        set allowaccess {option1}, {option2}, ...
        set ap-country [--|AF|...]
        set ap-handoff [enable|disable]
        set apcfg-profile {string}
        set ble-profile {string}
        set comment {var-string}
        set console-login [enable|disable]
        set control-message-offload {option1}, {option2}, ...
        config deny-mac-list
            Description: List of MAC addresses that are denied access to this WTP, FortiAP, or AP.
            edit <id>
                set mac {mac-address}
            next
        end
        set dtls-in-kernel [enable|disable]
        set dtls-policy {option1}, {option2}, ...
        set energy-efficient-ethernet [enable|disable]
        config esl-ses-dongle
            Description: ESL SES-imagotag dongle configuration.
            set compliance-level {option}
            set scd-enable [enable|disable]
            set esl-channel [-1|0|...]
            set output-power [a|b|...]
            set apc-addr-type [fqdn|ip]
            set apc-fqdn {string}
            set apc-ip {ipv4-address}
            set apc-port {integer}
            set coex-level {option}
            set tls-cert-verification [enable|disable]
            set tls-fqdn-verification [enable|disable]
        end
        set ext-info-enable [enable|disable]
        set frequency-handoff [enable|disable]
        set handoff-roaming [enable|disable]
        set handoff-rssi {integer}
        set handoff-sta-thresh {integer}
        set indoor-outdoor-deployment [platform-determined|outdoor|...]
        set ip-fragment-preventing {option1}, {option2}, ...
        config lan
            Description: WTP LAN port mapping.
            set port-mode [offline|nat-to-wan|...]
            set port-ssid {string}
            set port1-mode [offline|nat-to-wan|...]
            set port1-ssid {string}
            set port2-mode [offline|nat-to-wan|...]
            set port2-ssid {string}
            set port3-mode [offline|nat-to-wan|...]
            set port3-ssid {string}
            set port4-mode [offline|nat-to-wan|...]
            set port4-ssid {string}
            set port5-mode [offline|nat-to-wan|...]
            set port5-ssid {string}
            set port6-mode [offline|nat-to-wan|...]
            set port6-ssid {string}
            set port7-mode [offline|nat-to-wan|...]
            set port7-ssid {string}
            set port8-mode [offline|nat-to-wan|...]
            set port8-ssid {string}
            set port-esl-mode [offline|nat-to-wan|...]
            set port-esl-ssid {string}
        end
        config lbs
            Description: Set various location based service (LBS) options.
            set ekahau-blink-mode [enable|disable]
            set ekahau-tag {mac-address}
            set erc-server-ip {ipv4-address-any}
            set erc-server-port {integer}
            set aeroscout [enable|disable]
            set aeroscout-server-ip {ipv4-address-any}
            set aeroscout-server-port {integer}
            set aeroscout-mu [enable|disable]
            set aeroscout-ap-mac [bssid|board-mac]
            set aeroscout-mmu-report [enable|disable]
            set aeroscout-mu-factor {integer}
            set aeroscout-mu-timeout {integer}
            set fortipresence [foreign|both|...]
            set fortipresence-server-addr-type [ipv4|fqdn]
            set fortipresence-server {ipv4-address-any}
            set fortipresence-server-fqdn {string}
            set fortipresence-port {integer}
            set fortipresence-secret {password}
            set fortipresence-project {string}
            set fortipresence-frequency {integer}
            set fortipresence-rogue [enable|disable]
            set fortipresence-unassoc [enable|disable]
            set fortipresence-ble [enable|disable]
            set station-locate [enable|disable]
        end
        set led-schedules <name1>, <name2>, ...
        set led-state [enable|disable]
        set lldp [enable|disable]
        set login-passwd {password}
        set login-passwd-change [yes|default|...]
        set max-clients {integer}
        config platform
            Description: WTP, FortiAP, or AP platform.
            set type [AP-11N|220B|...]
            set mode [single-5G|dual-5G]
            set ddscan [enable|disable]
        end
        set poe-mode [auto|8023af|...]
        config radio-1
            Description: Configuration options for radio 1.
            set mode [disabled|ap|...]
            set band [802.11a|802.11b|...]
            set band-5g-type [5g-full|5g-high|...]
            set drma [disable|enable]
            set drma-sensitivity [low|medium|...]
            set airtime-fairness [enable|disable]
            set protection-mode [rtscts|ctsonly|...]
            set powersave-optimize {option1}, {option2}, ...
            set transmit-optimize {option1}, {option2}, ...
            set amsdu [enable|disable]
            set coexistence [enable|disable]
            set zero-wait-dfs [enable|disable]
            set bss-color {integer}
            set bss-color-mode [auto|static]
            set short-guard-interval [enable|disable]
            set channel-bonding [160MHz|80MHz|...]
            set auto-power-level [enable|disable]
            set auto-power-high {integer}
            set auto-power-low {integer}
            set auto-power-target {string}
            set power-mode [dBm|percentage]
            set power-level {integer}
            set power-value {integer}
            set dtim {integer}
            set beacon-interval {integer}
            set rts-threshold {integer}
            set frag-threshold {integer}
            set ap-sniffer-bufsize {integer}
            set ap-sniffer-chan {integer}
            set ap-sniffer-addr {mac-address}
            set ap-sniffer-mgmt-beacon [enable|disable]
            set ap-sniffer-mgmt-probe [enable|disable]
            set ap-sniffer-mgmt-other [enable|disable]
            set ap-sniffer-ctl [enable|disable]
            set ap-sniffer-data [enable|disable]
            set sam-ssid {string}
            set sam-bssid {mac-address}
            set sam-security-type [open|wpa-personal|...]
            set sam-captive-portal [enable|disable]
            set sam-cwp-username {string}
            set sam-cwp-password {password}
            set sam-cwp-test-url {string}
            set sam-cwp-match-string {string}
            set sam-cwp-success-string {string}
            set sam-cwp-failure-string {string}
            set sam-username {string}
            set sam-password {password}
            set sam-test [ping|iperf]
            set sam-server-type [ip|fqdn]
            set sam-server-ip {ipv4-address}
            set sam-server-fqdn {string}
            set iperf-server-port {integer}
            set iperf-protocol [udp|tcp]
            set sam-report-intv {integer}
            set channel-utilization [enable|disable]
            set wids-profile {string}
            set darrp [enable|disable]
            set arrp-profile {string}
            set max-clients {integer}
            set max-distance {integer}
            set vap-all [tunnel|bridge|...]
            set vaps <name1>, <name2>, ...
            set channel <chan1>, <chan2>, ...
            set call-admission-control [enable|disable]
            set call-capacity {integer}
            set bandwidth-admission-control [enable|disable]
            set bandwidth-capacity {integer}
        end
        config radio-2
            Description: Configuration options for radio 2.
            set mode [disabled|ap|...]
            set band [802.11a|802.11b|...]
            set band-5g-type [5g-full|5g-high|...]
            set drma [disable|enable]
            set drma-sensitivity [low|medium|...]
            set airtime-fairness [enable|disable]
            set protection-mode [rtscts|ctsonly|...]
            set powersave-optimize {option1}, {option2}, ...
            set transmit-optimize {option1}, {option2}, ...
            set amsdu [enable|disable]
            set coexistence [enable|disable]
            set zero-wait-dfs [enable|disable]
            set bss-color {integer}
            set bss-color-mode [auto|static]
            set short-guard-interval [enable|disable]
            set channel-bonding [160MHz|80MHz|...]
            set auto-power-level [enable|disable]
            set auto-power-high {integer}
            set auto-power-low {integer}
            set auto-power-target {string}
            set power-mode [dBm|percentage]
            set power-level {integer}
            set power-value {integer}
            set dtim {integer}
            set beacon-interval {integer}
            set rts-threshold {integer}
            set frag-threshold {integer}
            set ap-sniffer-bufsize {integer}
            set ap-sniffer-chan {integer}
            set ap-sniffer-addr {mac-address}
            set ap-sniffer-mgmt-beacon [enable|disable]
            set ap-sniffer-mgmt-probe [enable|disable]
            set ap-sniffer-mgmt-other [enable|disable]
            set ap-sniffer-ctl [enable|disable]
            set ap-sniffer-data [enable|disable]
            set sam-ssid {string}
            set sam-bssid {mac-address}
            set sam-security-type [open|wpa-personal|...]
            set sam-captive-portal [enable|disable]
            set sam-cwp-username {string}
            set sam-cwp-password {password}
            set sam-cwp-test-url {string}
            set sam-cwp-match-string {string}
            set sam-cwp-success-string {string}
            set sam-cwp-failure-string {string}
            set sam-username {string}
            set sam-password {password}
            set sam-test [ping|iperf]
            set sam-server-type [ip|fqdn]
            set sam-server-ip {ipv4-address}
            set sam-server-fqdn {string}
            set iperf-server-port {integer}
            set iperf-protocol [udp|tcp]
            set sam-report-intv {integer}
            set channel-utilization [enable|disable]
            set wids-profile {string}
            set darrp [enable|disable]
            set arrp-profile {string}
            set max-clients {integer}
            set max-distance {integer}
            set vap-all [tunnel|bridge|...]
            set vaps <name1>, <name2>, ...
            set channel <chan1>, <chan2>, ...
            set call-admission-control [enable|disable]
            set call-capacity {integer}
            set bandwidth-admission-control [enable|disable]
            set bandwidth-capacity {integer}
        end
        config radio-3
            Description: Configuration options for radio 3.
            set mode [disabled|ap|...]
            set band [802.11a|802.11b|...]
            set band-5g-type [5g-full|5g-high|...]
            set drma [disable|enable]
            set drma-sensitivity [low|medium|...]
            set airtime-fairness [enable|disable]
            set protection-mode [rtscts|ctsonly|...]
            set powersave-optimize {option1}, {option2}, ...
            set transmit-optimize {option1}, {option2}, ...
            set amsdu [enable|disable]
            set coexistence [enable|disable]
            set zero-wait-dfs [enable|disable]
            set bss-color {integer}
            set bss-color-mode [auto|static]
            set short-guard-interval [enable|disable]
            set channel-bonding [160MHz|80MHz|...]
            set auto-power-level [enable|disable]
            set auto-power-high {integer}
            set auto-power-low {integer}
            set auto-power-target {string}
            set power-mode [dBm|percentage]
            set power-level {integer}
            set power-value {integer}
            set dtim {integer}
            set beacon-interval {integer}
            set rts-threshold {integer}
            set frag-threshold {integer}
            set ap-sniffer-bufsize {integer}
            set ap-sniffer-chan {integer}
            set ap-sniffer-addr {mac-address}
            set ap-sniffer-mgmt-beacon [enable|disable]
            set ap-sniffer-mgmt-probe [enable|disable]
            set ap-sniffer-mgmt-other [enable|disable]
            set ap-sniffer-ctl [enable|disable]
            set ap-sniffer-data [enable|disable]
            set sam-ssid {string}
            set sam-bssid {mac-address}
            set sam-security-type [open|wpa-personal|...]
            set sam-captive-portal [enable|disable]
            set sam-cwp-username {string}
            set sam-cwp-password {password}
            set sam-cwp-test-url {string}
            set sam-cwp-match-string {string}
            set sam-cwp-success-string {string}
            set sam-cwp-failure-string {string}
            set sam-username {string}
            set sam-password {password}
            set sam-test [ping|iperf]
            set sam-server-type [ip|fqdn]
            set sam-server-ip {ipv4-address}
            set sam-server-fqdn {string}
            set iperf-server-port {integer}
            set iperf-protocol [udp|tcp]
            set sam-report-intv {integer}
            set channel-utilization [enable|disable]
            set wids-profile {string}
            set darrp [enable|disable]
            set arrp-profile {string}
            set max-clients {integer}
            set max-distance {integer}
            set vap-all [tunnel|bridge|...]
            set vaps <name1>, <name2>, ...
            set channel <chan1>, <chan2>, ...
            set call-admission-control [enable|disable]
            set call-capacity {integer}
            set bandwidth-admission-control [enable|disable]
            set bandwidth-capacity {integer}
        end
        config radio-4
            Description: Configuration options for radio 4.
            set mode [disabled|ap|...]
            set band [802.11a|802.11b|...]
            set band-5g-type [5g-full|5g-high|...]
            set drma [disable|enable]
            set drma-sensitivity [low|medium|...]
            set airtime-fairness [enable|disable]
            set protection-mode [rtscts|ctsonly|...]
            set powersave-optimize {option1}, {option2}, ...
            set transmit-optimize {option1}, {option2}, ...
            set amsdu [enable|disable]
            set coexistence [enable|disable]
            set zero-wait-dfs [enable|disable]
            set bss-color {integer}
            set bss-color-mode [auto|static]
            set short-guard-interval [enable|disable]
            set channel-bonding [160MHz|80MHz|...]
            set auto-power-level [enable|disable]
            set auto-power-high {integer}
            set auto-power-low {integer}
            set auto-power-target {string}
            set power-mode [dBm|percentage]
            set power-level {integer}
            set power-value {integer}
            set dtim {integer}
            set beacon-interval {integer}
            set rts-threshold {integer}
            set frag-threshold {integer}
            set ap-sniffer-bufsize {integer}
            set ap-sniffer-chan {integer}
            set ap-sniffer-addr {mac-address}
            set ap-sniffer-mgmt-beacon [enable|disable]
            set ap-sniffer-mgmt-probe [enable|disable]
            set ap-sniffer-mgmt-other [enable|disable]
            set ap-sniffer-ctl [enable|disable]
            set ap-sniffer-data [enable|disable]
            set sam-ssid {string}
            set sam-bssid {mac-address}
            set sam-security-type [open|wpa-personal|...]
            set sam-captive-portal [enable|disable]
            set sam-cwp-username {string}
            set sam-cwp-password {password}
            set sam-cwp-test-url {string}
            set sam-cwp-match-string {string}
            set sam-cwp-success-string {string}
            set sam-cwp-failure-string {string}
            set sam-username {string}
            set sam-password {password}
            set sam-test [ping|iperf]
            set sam-server-type [ip|fqdn]
            set sam-server-ip {ipv4-address}
            set sam-server-fqdn {string}
            set iperf-server-port {integer}
            set iperf-protocol [udp|tcp]
            set sam-report-intv {integer}
            set channel-utilization [enable|disable]
            set wids-profile {string}
            set darrp [enable|disable]
            set arrp-profile {string}
            set max-clients {integer}
            set max-distance {integer}
            set vap-all [tunnel|bridge|...]
            set vaps <name1>, <name2>, ...
            set channel <chan1>, <chan2>, ...
            set call-admission-control [enable|disable]
            set call-capacity {integer}
            set bandwidth-admission-control [enable|disable]
            set bandwidth-capacity {integer}
        end
        config split-tunneling-acl
            Description: Split tunneling ACL filter list.
            edit <id>
                set dest-ip {ipv4-classnet}
            next
        end
        set split-tunneling-acl-local-ap-subnet [enable|disable]
        set split-tunneling-acl-path [tunnel|local]
        set syslog-profile {string}
        set tun-mtu-downlink {integer}
        set tun-mtu-uplink {integer}
        set wan-port-auth [none|802.1x]
        set wan-port-auth-methods [all|EAP-FAST|...]
        set wan-port-auth-password {password}
        set wan-port-auth-usrname {string}
        set wan-port-mode [wan-lan|wan-only]
    next
end

config wireless-controller wtp-profile

Parameter

Description

Type

Size

Default

allowaccess

Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space.

option

-

Option

Description

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

ap-country

Country in which this WTP, FortiAP, or AP will operate.

option

-

--

Option

Description

--

NO_COUNTRY_SET

AF

AFGHANISTAN

AL

ALBANIA

DZ

ALGERIA

AS

AMERICAN SAMOA

AO

ANGOLA

AR

ARGENTINA

AM

ARMENIA

AU

AUSTRALIA

AT

AUSTRIA

AZ

AZERBAIJAN

BS

BAHAMAS

BH

BAHRAIN

BD

BANGLADESH

BB

BARBADOS

BY

BELARUS

BE

BELGIUM

BZ

BELIZE

BJ

BENIN

BM

BERMUDA

BT

BHUTAN

BO

BOLIVIA

BA

BOSNIA AND HERZEGOVINA

BW

BOTSWANA

BR

BRAZIL

BN

BRUNEI DARUSSALAM

BG

BULGARIA

BF

BURKINA-FASO

KH

CAMBODIA

CM

CAMEROON

KY

CAYMAN ISLANDS

CF

CENTRAL AFRICA REPUBLIC

TD

CHAD

CL

CHILE

CN

CHINA

CX

CHRISTMAS ISLAND

CO

COLOMBIA

CG

CONGO REPUBLIC

CD

DEMOCRATIC REPUBLIC OF CONGO

CR

COSTA RICA

HR

CROATIA

CY

CYPRUS

CZ

CZECH REPUBLIC

DK

DENMARK

DM

DOMINICA

DO

DOMINICAN REPUBLIC

EC

ECUADOR

EG

EGYPT

SV

EL SALVADOR

ET

ETHIOPIA

EE

ESTONIA

GF

FRENCH GUIANA

PF

FRENCH POLYNESIA

FO

FAEROE ISLANDS

FJ

FIJI

FI

FINLAND

FR

FRANCE

GE

GEORGIA

DE

GERMANY

GH

GHANA

GI

GIBRALTAR

GR

GREECE

GL

GREENLAND

GD

GRENADA

GP

GUADELOUPE

GU

GUAM

GT

GUATEMALA

GY

GUYANA

HT

HAITI

HN

HONDURAS

HK

HONG KONG

HU

HUNGARY

IS

ICELAND

IN

INDIA

ID

INDONESIA

IQ

IRAQ

IE

IRELAND

IM

ISLE OF MAN

IL

ISRAEL

IT

ITALY

CI

COTE_D_IVOIRE

JM

JAMAICA

JO

JORDAN

KZ

KAZAKHSTAN

KE

KENYA

KR

KOREA REPUBLIC

KW

KUWAIT

LA

LAOS

LV

LATVIA

LB

LEBANON

LS

LESOTHO

LY

LIBYA

LI

LIECHTENSTEIN

LT

LITHUANIA

LU

LUXEMBOURG

MO

MACAU SAR

MK

MACEDONIA, FYRO

MG

MADAGASCAR

MW

MALAWI

MY

MALAYSIA

MV

MALDIVES

ML

MALI

MT

MALTA

MH

MARSHALL ISLANDS

MQ

MARTINIQUE

MR

MAURITANIA

MU

MAURITIUS

YT

MAYOTTE

MX

MEXICO

FM

MICRONESIA

MD

REPUBLIC OF MOLDOVA

MC

MONACO

MN

MONGOLIA

MA

MOROCCO

MZ

MOZAMBIQUE

MM

MYANMAR

NA

NAMIBIA

NP

NEPAL

NL

NETHERLANDS

AN

NETHERLANDS ANTILLES

AW

ARUBA

NZ

NEW ZEALAND

NI

NICARAGUA

NE

NIGER

NO

NORWAY

MP

NORTHERN MARIANA ISLANDS

OM

OMAN

PK

PAKISTAN

PW

PALAU

PA

PANAMA

PG

PAPUA NEW GUINEA

PY

PARAGUAY

PE

PERU

PH

PHILIPPINES

PL

POLAND

PT

PORTUGAL

PR

PUERTO RICO

QA

QATAR

RE

REUNION

RO

ROMANIA

RU

RUSSIA

RW

RWANDA

BL

SAINT BARTHELEMY

KN

SAINT KITTS AND NEVIS

LC

SAINT LUCIA

MF

SAINT MARTIN

PM

SAINT PIERRE AND MIQUELON

VC

SAINT VINCENT AND GRENADIENS

SA

SAUDI ARABIA

SN

SENEGAL

RS

REPUBLIC OF SERBIA

ME

MONTENEGRO

SL

SIERRA LEONE

SG

SINGAPORE

SK

SLOVAKIA

SI

SLOVENIA

ZA

SOUTH AFRICA

ES

SPAIN

LK

SRI LANKA

SE

SWEDEN

SR

SURINAME

CH

SWITZERLAND

TW

TAIWAN

TZ

TANZANIA

TH

THAILAND

TG

TOGO

TT

TRINIDAD AND TOBAGO

TN

TUNISIA

TR

TURKEY

TM

TURKMENISTAN

AE

UNITED ARAB EMIRATES

TC

TURKS AND CAICOS

UG

UGANDA

UA

UKRAINE

GB

UNITED KINGDOM

US

UNITED STATES2

PS

UNITED STATES (PUBLIC SAFETY)

UY

URUGUAY

UZ

UZBEKISTAN

VU

VANUATU

VE

VENEZUELA

VN

VIET NAM

VI

VIRGIN ISLANDS

WF

WALLIS AND FUTUNA

YE

YEMEN

ZM

ZAMBIA

ZW

ZIMBABWE

JP

JAPAN14

CA

CANADA2

ap-handoff

Enable/disable AP handoff of clients to other APs.

option

-

disable

Option

Description

enable

Enable AP handoff.

disable

Disable AP handoff.

apcfg-profile

AP local configuration profile name.

string

Maximum length: 35

ble-profile

Bluetooth Low Energy profile name.

string

Maximum length: 35

comment

Comment.

var-string

Maximum length: 255

console-login

Enable/disable FortiAP console login access.

option

-

enable

Option

Description

enable

Enable FAP console login access.

disable

Disable FAP console login access.

control-message-offload

Enable/disable CAPWAP control message data channel offload.

option

-

ebp-frame aeroscout-tag ap-list sta-list sta-cap-list stats aeroscout-mu sta-health spectral-analysis

Option

Description

ebp-frame

Ekahau blink protocol (EBP) frames.

aeroscout-tag

AeroScout tag.

ap-list

Rogue AP list.

sta-list

Rogue STA list.

sta-cap-list

STA capability list.

stats

WTP, radio, VAP, and STA statistics.

aeroscout-mu

AeroScout Mobile Unit (MU) report.

sta-health

STA health log.

spectral-analysis

Spectral analysis report.

dtls-in-kernel

Enable/disable data channel DTLS in kernel.

option

-

disable

Option

Description

enable

Enable data channel DTLS in kernel.

disable

Disable data channel DTLS in kernel.

dtls-policy

WTP data channel DTLS policy.

option

-

clear-text

Option

Description

clear-text

Clear Text Data Channel.

dtls-enabled

DTLS Enabled Data Channel.

ipsec-vpn

IPsec VPN Data Channel.

energy-efficient-ethernet

Enable/disable use of energy efficient Ethernet on WTP.

option

-

disable

Option

Description

enable

Enable use of energy efficient Ethernet on WTP.

disable

Disable use of energy efficient Ethernet on WTP.

ext-info-enable

Enable/disable station/VAP/radio extension information.

option

-

enable

Option

Description

enable

Enable station/VAP/radio extension information.

disable

Disable station/VAP/radio extension information.

frequency-handoff

Enable/disable frequency handoff of clients to other channels.

option

-

disable

Option

Description

enable

Enable frequency handoff.

disable

Disable frequency handoff.

handoff-roaming

Enable/disable client load balancing during roaming to avoid roaming delay.

option

-

enable

Option

Description

enable

Enable handoff roaming.

disable

Disable handoff roaming.

handoff-rssi

Minimum received signal strength indicator.

integer

Minimum value: 20 Maximum value: 30

25

handoff-sta-thresh

Threshold value for AP handoff.

integer

Minimum value: 0 Maximum value: 4294967295

0

indoor-outdoor-deployment

Set to allow indoor/outdoor-only channels under regulatory rules.

option

-

platform-determined

Option

Description

platform-determined

Set AP deployment type based on its platform.

outdoor

Set AP deployment type to outdoor.

indoor

Set AP deployment type to indoor.

ip-fragment-preventing

Method.

option

-

tcp-mss-adjust

Option

Description

tcp-mss-adjust

TCP maximum segment size adjustment.

icmp-unreachable

Drop packet and send ICMP Destination Unreachable

led-schedules <name>

Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid. Separate multiple schedule names with a space.

Schedule name.

string

Maximum length: 35

led-state

Enable/disable use of LEDs on WTP.

option

-

enable

Option

Description

enable

Enable use of LEDs on WTP.

disable

Disable use of LEDs on WTP.

lldp

Enable/disable Link Layer Discovery Protocol.

option

-

enable

Option

Description

enable

Enable LLDP.

disable

Disable LLDP.

login-passwd

Set the managed WTP, FortiAP, or AP's administrator password.

password

Not Specified

login-passwd-change

Change or reset the administrator password of a managed WTP, FortiAP or AP.

option

-

no

Option

Description

yes

Change the managed WTP, FortiAP or AP's administrator password. Use the login-password option to set the password.

default

Keep the managed WTP, FortiAP or AP's administrator password set to the factory default.

no

Do not change the managed WTP, FortiAP or AP's administrator password.

max-clients

Maximum number of stations.

integer

Minimum value: 0 Maximum value: 4294967295

0

name

WTP (or FortiAP or AP) profile name.

string

Maximum length: 35

poe-mode

Set the WTP, FortiAP, or AP's PoE mode.

option

-

auto

Option

Description

auto

Automatically detect the PoE mode.

8023af

Use 802.3af PoE mode.

8023at

Use 802.3at PoE mode.

power-adapter

Use the power adapter to control the PoE mode.

full

Use full power mode.

high

Use high power mode.

low

Use low power mode.

split-tunneling-acl-local-ap-subnet

Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

option

-

disable

Option

Description

enable

Enable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

disable

Disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

split-tunneling-acl-path

Split tunneling ACL path is local/tunnel.

option

-

local

Option

Description

tunnel

Split tunneling ACL list traffic will be tunnel.

local

Split tunneling ACL list traffic will be local NATed.

syslog-profile

System log server configuration profile name.

string

Maximum length: 35

tun-mtu-downlink

The MTU of downlink CAPWAP tunnel.

integer

Minimum value: 576 Maximum value: 1500

0

tun-mtu-uplink

The maximum transmission unit.

integer

Minimum value: 576 Maximum value: 1500

0

wan-port-auth

Set WAN port authentication mode.

option

-

none

Option

Description

none

Disable WAN port authentication.

802.1x

Enable WAN port 802.1x authentication.

wan-port-auth-methods

WAN port 802.1x supplicant EAP methods.

option

-

all

Option

Description

all

Do not specify any EAP methods.

EAP-FAST

Enable EAP-FAST.

EAP-TLS

Enable EAP-TLS.

EAP-PEAP

Enable EAP-PEAP.

wan-port-auth-password

Set WAN port 802.1x supplicant password.

password

Not Specified

wan-port-auth-usrname

Set WAN port 802.1x supplicant user name.

string

Maximum length: 63

wan-port-mode

Enable/disable using a WAN port as a LAN port.

option

-

wan-only

Option

Description

wan-lan

Enable using a WAN port as a LAN port.

wan-only

Disable using a WAN port as a LAN port.

config deny-mac-list

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

mac

A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP.

mac-address

Not Specified

00:00:00:00:00:00

config esl-ses-dongle

Parameter

Description

Type

Size

Default

compliance-level

Compliance levels for the ESL solution integration.

option

-

compliance-level-2

Option

Description

compliance-level-2

Compliance Level 2 - Full Cloud Support, IoT and Fast-Response.

scd-enable

Enable/disable ESL SES-imagotag Serial Communication Daemon.

option

-

disable

Option

Description

enable

Enable ESL SES-imagotag SCD.

disable

Disable ESL SES-imagotag SCD.

esl-channel

ESL SES-imagotag dongle channel.

option

-

127

Option

Description

-1

No esl-channel is set.

0

ESL channel 0.

1

ESL channel 1.

2

ESL channel 2.

3

ESL channel 3.

4

ESL channel 4.

5

ESL channel 5.

6

ESL channel 6.

7

ESL channel 7.

8

ESL channel 8.

9

ESL channel 9.

10

ESL channel 10.

127

Managed channel enabled, indicates that the APC (server) is setting the esl-channel via the slot channel

output-power

ESL SES-imagotag dongle output power.

option

-

a

Option

Description

a

About 15mW.

b

About 7mW.

c

About 5mW.

d

About 1mW.

e

About 13mW.

f

About 10mW.

g

About 3mW.

h

About 2mW.

apc-addr-type

ESL SES-imagotag APC address type.

option

-

fqdn

Option

Description

fqdn

Fully Qualified Domain Name address.

ip

IPv4 address.

apc-fqdn

FQDN of ESL SES-imagotag Access Point Controller (APC).

string

Maximum length: 63

apc-ip

IP address of ESL SES-imagotag Access Point Controller (APC).

ipv4-address

Not Specified

0.0.0.0

apc-port

Port of ESL SES-imagotag Access Point Controller (APC).

integer

Minimum value: 0 Maximum value: 65535

0

coex-level

ESL SES-imagotag dongle coexistence level.

option

-

none

Option

Description

none

No support for coexistence of USB-Dongle with WiFi AP.

tls-cert-verification

Enable/disable TLS certificate verification.

option

-

enable

Option

Description

enable

Enable TLS Certificate verification.

disable

Disable TLS Certificate verification.

tls-fqdn-verification

Enable/disable TLS certificate verification.

option

-

disable

Option

Description

enable

Enable TLS FQDN verification.

disable

Disable TLS FQDN verification.

config lan

Parameter

Description

Type

Size

Default

port-mode

LAN port mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port-ssid

Bridge LAN port to SSID.

string

Maximum length: 15

port1-mode

LAN port 1 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port1-ssid

Bridge LAN port 1 to SSID.

string

Maximum length: 15

port2-mode

LAN port 2 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port2-ssid

Bridge LAN port 2 to SSID.

string

Maximum length: 15

port3-mode

LAN port 3 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port3-ssid

Bridge LAN port 3 to SSID.

string

Maximum length: 15

port4-mode

LAN port 4 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port4-ssid

Bridge LAN port 4 to SSID.

string

Maximum length: 15

port5-mode

LAN port 5 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port5-ssid

Bridge LAN port 5 to SSID.

string

Maximum length: 15

port6-mode

LAN port 6 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port6-ssid

Bridge LAN port 6 to SSID.

string

Maximum length: 15

port7-mode

LAN port 7 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port7-ssid

Bridge LAN port 7 to SSID.

string

Maximum length: 15

port8-mode

LAN port 8 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port8-ssid

Bridge LAN port 8 to SSID.

string

Maximum length: 15

port-esl-mode

ESL port mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP ESL port to WTP WAN port.

bridge-to-wan

Bridge WTP ESL port to WTP WAN port.

bridge-to-ssid

Bridge WTP ESL port to SSID.

port-esl-ssid

Bridge ESL port to SSID.

string

Maximum length: 15

config lbs

Parameter

Description

Type

Size

Default

ekahau-blink-mode

Enable/disable Ekahau blink mode.

option

-

disable

Option

Description

enable

Enable Ekahau blink mode.

disable

Disable Ekahau blink mode.

ekahau-tag

WiFi frame MAC address or WiFi Tag.

mac-address

Not Specified

01:18:8e:00:00:00

erc-server-ip

IP address of Ekahau RTLS Controller (ERC).

ipv4-address-any

Not Specified

0.0.0.0

erc-server-port

Ekahau RTLS Controller (ERC) UDP listening port.

integer

Minimum value: 1024 Maximum value: 65535

8569

aeroscout

Enable/disable AeroScout Real Time Location Service.

option

-

disable

Option

Description

enable

Enable AeroScout support.

disable

Disable AeroScout support.

aeroscout-server-ip

IP address of AeroScout server.

ipv4-address-any

Not Specified

0.0.0.0

aeroscout-server-port

AeroScout server UDP listening port.

integer

Minimum value: 1024 Maximum value: 65535

0

aeroscout-mu

Enable/disable AeroScout Mobile Unit.

option

-

disable

Option

Description

enable

Enable AeroScout MU mode support.

disable

Disable AeroScout MU mode support.

aeroscout-ap-mac

Use BSSID or board MAC address as AP MAC address in AeroScout AP messages.

option

-

bssid

Option

Description

bssid

Use BSSID as AP MAC address in AeroScout AP messages.

board-mac

Use board MAC address as AP MAC address in AeroScout AP messages.

aeroscout-mmu-report

Enable/disable compounded AeroScout tag and MU report.

option

-

enable

Option

Description

enable

Enable compounded AeroScout tag and MU report.

disable

Disable compounded AeroScout tag and MU report.

aeroscout-mu-factor

AeroScout MU mode dilution factor.

integer

Minimum value: 0 Maximum value: 4294967295

20

aeroscout-mu-timeout

AeroScout MU mode timeout.

integer

Minimum value: 0 Maximum value: 65535

5

fortipresence

Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don't connect to this WiFi network.

option

-

disable

Option

Description

foreign

FortiPresence monitors foreign channels only. Foreign channels mean all other available channels than the current operating channel of the WTP, AP, or FortiAP.

both

Enable FortiPresence on both foreign and home channels. Select this option to have FortiPresence monitor all WiFi channels.

disable

Disable FortiPresence.

fortipresence-server-addr-type

FortiPresence server address type.

option

-

ipv4

Option

Description

ipv4

IPv4 address.

fqdn

Fully Qualified Domain Name address.

fortipresence-server

IP address of FortiPresence server.

ipv4-address-any

Not Specified

0.0.0.0

fortipresence-server-fqdn

FQDN of FortiPresence server.

string

Maximum length: 255

fortipresence-port

UDP listening port of FortiPresence server.

integer

Minimum value: 300 Maximum value: 65535

3000

fortipresence-secret

FortiPresence secret password (max. 16 characters).

password

Not Specified

fortipresence-project

FortiPresence project name.

string

Maximum length: 16

fortipresence

fortipresence-frequency

FortiPresence report transmit frequency.

integer

Minimum value: 5 Maximum value: 65535

30

fortipresence-rogue

Enable/disable FortiPresence finding and reporting rogue APs.

option

-

disable

Option

Description

enable

Enable FortiPresence finding and reporting rogue APs.

disable

Disable FortiPresence finding and reporting rogue APs.

fortipresence-unassoc

Enable/disable FortiPresence finding and reporting unassociated stations.

option

-

enable

Option

Description

enable

Enable FortiPresence finding and reporting unassociated stations.

disable

Disable FortiPresence finding and reporting unassociated stations.

fortipresence-ble

Enable/disable FortiPresence finding and reporting BLE devices.

option

-

enable

Option

Description

enable

Enable FortiPresence finding and reporting BLE devices.

disable

Disable FortiPresence finding and reporting BLE devices.

station-locate

Enable/disable client station locating services for all clients, whether associated or not.

option

-

disable

Option

Description

enable

Enable station locating service.

disable

Disable station locating service.

config platform

Parameter

Description

Type

Size

Default

type

WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in profile and customize it or create a new profile.

option

-

221E

Option

Description

AP-11N

Default 11n AP.

220B

FAP220B/221B.

210B

FAP210B.

222B

FAP222B.

112B

FAP112B.

320B

FAP320B.

11C

FAP11C.

14C

FAP14C.

223B

FAP223B.

28C

FAP28C.

320C

FAP320C.

221C

FAP221C.

25D

FAP25D.

222C

FAP222C.

224D

FAP224D.

214B

FK214B.

21D

FAP21D.

24D

FAP24D.

112D

FAP112D.

223C

FAP223C.

321C

FAP321C.

C220C

FAPC220C.

C225C

FAPC225C.

C23JD

FAPC23JD.

C24JE

FAPC24JE.

S321C

FAPS321C.

S322C

FAPS322C.

S323C

FAPS323C.

S311C

FAPS311C.

S313C

FAPS313C.

S321CR

FAPS321CR.

S322CR

FAPS322CR.

S323CR

FAPS323CR.

S421E

FAPS421E.

S422E

FAPS422E.

S423E

FAPS423E.

421E

FAP421E.

423E

FAP423E.

221E

FAP221E.

222E

FAP222E.

223E

FAP223E.

224E

FAP224E.

231E

FAP231E.

S221E

FAPS221E.

S223E

FAPS223E.

321E

FAP321E.

431F

FAP431F.

431FL

FAP431FL.

432F

FAP432F.

432FR

FAP432FR.

433F

FAP433F.

433FL

FAP433FL.

231F

FAP231F.

231FL

FAP231FL.

234F

FAP234F.

23JF

FAP23JF.

831F

FAP831F.

231G

FAP231G.

233G

FAP233G.

431G

FAP431G.

433G

FAP433G.

U421E

FAPU421EV.

U422EV

FAPU422EV.

U423E

FAPU423EV.

U221EV

FAPU221EV.

U223EV

FAPU223EV.

U24JEV

FAPU24JEV.

U321EV

FAPU321EV.

U323EV

FAPU323EV.

U431F

FAPU431F.

U433F

FAPU433F.

U231F

FAPU231F.

U234F

FAPU234F.

U432F

FAPU432F.

U231G

FAPU231G.

U441G

FAPU441G.

mode

Configure operation mode of 5G radios.

option

-

single-5G

Option

Description

single-5G

Configure radios as one 5GHz band, one 2.4GHz band, and one dedicated monitor or sniffer.

dual-5G

Configure radios as one lower 5GHz band, one higher 5GHz band and one 2.4GHz band respectively.

ddscan

Enable/disable use of one radio for dedicated full-band scanning to detect RF characterization and wireless threat management.

option

-

disable

Option

Description

enable

Enable dedicated full-band scan mode.

disable

Disable dedicated full-band scan mode.

config radio-1

Parameter

Description

Type

Size

Default

mode

Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station.

option

-

ap

Option

Description

disabled

Radio 1 is disabled.

ap

Radio 1 operates as an access point that allows WiFi clients to connect to your network.

monitor

Radio 1 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.

sniffer

Radio 1 operates as a sniffer capturing WiFi frames on air.

sam

Radio 1 operates as a station that can connect to a neighboring AP for connectivity and health check.

band

WiFi band that Radio 1 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g/b.

802.11n

802.11n/g/b at 2.4GHz.

802.11n-5G

802.11n/a at 5GHz.

802.11ac

802.11ac/n/a.

802.11ax-5G

802.11ax/ac/n/a at 5GHz.

802.11ax

802.11ax/n/g/b at 2.4GHz.

802.11ac-2G

802.11ac at 2.4GHz.

802.11ax-6G

802.11ax at 6GHz.

802.11n,g-only

802.11n/g at 2.4GHz.

802.11g-only

802.11g.

802.11n-only

802.11n at 2.4GHz.

802.11n-5G-only

802.11n at 5GHz.

802.11ac,n-only

802.11ac/n.

802.11ac-only

802.11ac.

802.11ax,ac-only

802.11ax/ac at 5GHz.

802.11ax,ac,n-only

802.11ax/ac/n at 5GHz.

802.11ax-5G-only

802.11ax at 5GHz.

802.11ax,n-only

802.11ax/n at 2.4GHz.

802.11ax,n,g-only

802.11ax/n/g at 2.4GHz.

802.11ax-only

802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

-

5g-full

Option

Description

5g-full

Full 5G band.

5g-high

High 5G band.

5g-low

Low 5G band.

drma

Enable/disable dynamic radio mode assignment.

option

-

disable

Option

Description

disable

Disable dynamic radio mode assignment (DRMA).

enable

Enable dynamic radio mode assignment (DRMA).

drma-sensitivity

Network Coverage Factor.

option

-

low

Option

Description

low

Consider a radio as redundant when its NCF is 100%.

medium

Consider a radio as redundant when its NCF is 95%.

high

Consider a radio as redundant when its NCF is 90%.

airtime-fairness

Enable/disable airtime fairness.

option

-

disable

Option

Description

enable

Enable airtime fairness (ATF) support.

disable

Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

-

disable

Option

Description

rtscts

Enable 802.11g protection RTS/CTS mode.

ctsonly

Enable 802.11g protection CTS only mode.

disable

Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

-

Option

Description

tim

TIM bit for client in power save mode.

ac-vo

Use AC VO priority to send out packets in the power save queue.

no-obss-scan

Do not put OBSS scan IE into beacon and probe response frames.

no-11b-rate

Do not send frame using 11b data rate.

client-rate-follow

Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

-

power-save aggr-limit retry-limit send-bar

Option

Description

disable

Disable packet transmission optimization.

power-save

Tag client as operating in power save mode if excessive transmit retries occur.

aggr-limit

Set aggregation limit to a lower value when data rate is low.

retry-limit

Set software retry limit to a lower value when data rate is low.

send-bar

Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients.

option

-

enable

Option

Description

enable

Enable AMSDU support.

disable

Disable AMSDU support.

coexistence

Enable/disable allowing both HT20 and HT40 on the same radio.

option

-

enable

Option

Description

enable

Enable support for both HT20 and HT40 on the same radio.

disable

Disable support for both HT20 and HT40 on the same radio.

zero-wait-dfs

Enable/disable zero wait DFS on radio.

option

-

enable

Option

Description

enable

Enable zero wait DFS

disable

Disable zero wait DFS

bss-color

BSS color value for this 11ax radio.

integer

Minimum value: 0 Maximum value: 63

0

bss-color-mode

BSS color mode for this 11ax radio.

option

-

auto

Option

Description

auto

Automatically select BSS color value on AP.

static

Set BSS color value on this radio based on 'bss-color' CLI.

short-guard-interval

Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.

option

-

disable

Option

Description

enable

Select the 400 ns short guard interval (Short GI).

disable

Select the 800 ns long guard interval (Long GI).

channel-bonding

Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.

option

-

20MHz

Option

Description

160MHz

160 MHz channel width.

80MHz

80 MHz channel width.

40MHz

40 MHz channel width.

20MHz

20 MHz channel width.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference.

option

-

disable

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

Target of automatic transmit power adjustment in dBm.

string

Maximum length: 7

-70

power-mode

Set radio effective isotropic radiated power. This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power.

integer

Minimum value: 0 Maximum value: 100

100

power-value

Radio EIRP power in dBm.

integer

Minimum value: 1 Maximum value: 33

27

dtim

Delivery Traffic Indication Map. Set higher to save battery life of WiFi client in power-save mode.

integer

Minimum value: 1 Maximum value: 255

1

beacon-interval

Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type.

integer

Minimum value: 0 Maximum value: 65535

100

rts-threshold

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS.

integer

Minimum value: 256 Maximum value: 2346

2346

frag-threshold

Maximum packet size that can be sent without fragmentation.

integer

Minimum value: 800 Maximum value: 2346

2346

ap-sniffer-bufsize

Sniffer buffer size.

integer

Minimum value: 1 Maximum value: 32

16

ap-sniffer-chan

Channel on which to operate the sniffer.

integer

Minimum value: 0 Maximum value: 4294967295

36

ap-sniffer-addr

MAC address to monitor.

mac-address

Not Specified

00:00:00:00:00:00

ap-sniffer-mgmt-beacon

Enable/disable sniffer on WiFi management Beacon frames.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management beacon frame.

disable

Disable sniffer on WiFi management beacon frame.

ap-sniffer-mgmt-probe

Enable/disable sniffer on WiFi management probe frames.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management probe frame.

disable

Enable sniffer on WiFi management probe frame.

ap-sniffer-mgmt-other

Enable/disable sniffer on WiFi management other frames .

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management other frame.

disable

Disable sniffer on WiFi management other frame.

ap-sniffer-ctl

Enable/disable sniffer on WiFi control frame.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi control frame.

disable

Disable sniffer on WiFi control frame.

ap-sniffer-data

Enable/disable sniffer on WiFi data frame.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi data frame

disable

Disable sniffer on WiFi data frame

sam-ssid

SSID for WiFi network.

string

Maximum length: 32

sam-bssid

BSSID for WiFi network.

mac-address

Not Specified

00:00:00:00:00:00

sam-security-type

Select WiFi network security type.

option

-

wpa-personal

Option

Description

open

Open.

wpa-personal

WPA/WPA2 personal.

wpa-enterprise

WPA/WPA2 enterprise.

sam-captive-portal

Enable/disable Captive Portal Authentication.

option

-

disable

Option

Description

enable

Enable Captive Portal Authentication.

disable

Disable Captive Portal Authentication.

sam-cwp-username

Username for captive portal authentication.

string

Maximum length: 35

sam-cwp-password

Password for captive portal authentication.

password

Not Specified

sam-cwp-test-url

Website the client is trying to access.

string

Maximum length: 255

sam-cwp-match-string

Identification string from the captive portal login form.

string

Maximum length: 64

sam-cwp-success-string

Success identification on the page after a successful login.

string

Maximum length: 64

sam-cwp-failure-string

Failure identification on the page after an incorrect login.

string

Maximum length: 64

sam-username

Username for WiFi network connection.

string

Maximum length: 35

sam-password

Passphrase for WiFi network connection.

password

Not Specified

sam-test

Select SAM test type.

option

-

ping

Option

Description

ping

PING test.

iperf

IPERF test.

sam-server-type

Select SAM server type.

option

-

ip

Option

Description

ip

IPv4 address.

fqdn

Fully Qualified Domain Name address.

sam-server-ip

SAM test server IP address.

ipv4-address

Not Specified

0.0.0.0

sam-server-fqdn

SAM test server domain name.

string

Maximum length: 255

iperf-server-port

Iperf service port number.

integer

Minimum value: 0 Maximum value: 65535

5001

iperf-protocol

Iperf test protocol.

option

-

udp

Option

Description

udp

UDP.

tcp

TCP.

sam-report-intv

SAM report interval (sec), 0 for a one-time report.

integer

Minimum value: 60 Maximum value: 864000

0

channel-utilization

Enable/disable measuring channel utilization.

option

-

enable

Option

Description

enable

Enable measuring channel utilization.

disable

Disable measuring channel utilization.

wids-profile

Wireless Intrusion Detection System (WIDS) profile name to assign to the radio.

string

Maximum length: 35

darrp

Enable/disable Distributed Automatic Radio Resource Provisioning.

option

-

disable

Option

Description

enable

Enable distributed automatic radio resource provisioning.

disable

Disable distributed automatic radio resource provisioning.

arrp-profile

Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio.

string

Maximum length: 35

max-clients

Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.

integer

Minimum value: 0 Maximum value: 4294967295

0

max-distance

Maximum expected distance between the AP and clients.

integer

Minimum value: 0 Maximum value: 54000

0

vap-all

Configure method for assigning SSIDs to this FortiAP.

option

-

tunnel

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

call-admission-control

Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.

option

-

disable

Option

Description

enable

Enable WMM call admission control.

disable

Disable WMM call admission control.

call-capacity

Maximum number of Voice over WLAN.

integer

Minimum value: 0 Maximum value: 60

10

bandwidth-admission-control

Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.

option

-

disable

Option

Description

enable

Enable WMM bandwidth admission control.

disable

Disable WMM bandwidth admission control.

bandwidth-capacity

Maximum bandwidth capacity allowed.

integer

Minimum value: 1 Maximum value: 600000

2000

config radio-2

Parameter

Description

Type

Size

Default

mode

Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station.

option

-

ap

Option

Description

disabled

Radio 2 is disabled.

ap

Radio 2 operates as an access point that allows WiFi clients to connect to your network.

monitor

Radio 2 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.

sniffer

Radio 2 operates as a sniffer capturing WiFi frames on air.

sam

Radio 2 operates as a station that can connect to a neighboring AP for connectivity and health check.

band

WiFi band that Radio 2 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g/b.

802.11n

802.11n/g/b at 2.4GHz.

802.11n-5G

802.11n/a at 5GHz.

802.11ac

802.11ac/n/a.

802.11ax-5G

802.11ax/ac/n/a at 5GHz.

802.11ax

802.11ax/n/g/b at 2.4GHz.

802.11ac-2G

802.11ac at 2.4GHz.

802.11ax-6G

802.11ax at 6GHz.

802.11n,g-only

802.11n/g at 2.4GHz.

802.11g-only

802.11g.

802.11n-only

802.11n at 2.4GHz.

802.11n-5G-only

802.11n at 5GHz.

802.11ac,n-only

802.11ac/n.

802.11ac-only

802.11ac.

802.11ax,ac-only

802.11ax/ac at 5GHz.

802.11ax,ac,n-only

802.11ax/ac/n at 5GHz.

802.11ax-5G-only

802.11ax at 5GHz.

802.11ax,n-only

802.11ax/n at 2.4GHz.

802.11ax,n,g-only

802.11ax/n/g at 2.4GHz.

802.11ax-only

802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

-

5g-full

Option

Description

5g-full

Full 5G band.

5g-high

High 5G band.

5g-low

Low 5G band.

drma

Enable/disable dynamic radio mode assignment.

option

-

disable

Option

Description

disable

Disable dynamic radio mode assignment (DRMA).

enable

Enable dynamic radio mode assignment (DRMA).

drma-sensitivity

Network Coverage Factor.

option

-

low

Option

Description

low

Consider a radio as redundant when its NCF is 100%.

medium

Consider a radio as redundant when its NCF is 95%.

high

Consider a radio as redundant when its NCF is 90%.

airtime-fairness

Enable/disable airtime fairness.

option

-

disable

Option

Description

enable

Enable airtime fairness (ATF) support.

disable

Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

-

disable

Option

Description

rtscts

Enable 802.11g protection RTS/CTS mode.

ctsonly

Enable 802.11g protection CTS only mode.

disable

Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

-

Option

Description

tim

TIM bit for client in power save mode.

ac-vo

Use AC VO priority to send out packets in the power save queue.

no-obss-scan

Do not put OBSS scan IE into beacon and probe response frames.

no-11b-rate

Do not send frame using 11b data rate.

client-rate-follow

Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

-

power-save aggr-limit retry-limit send-bar

Option

Description

disable

Disable packet transmission optimization.

power-save

Tag client as operating in power save mode if excessive transmit retries occur.

aggr-limit

Set aggregation limit to a lower value when data rate is low.

retry-limit

Set software retry limit to a lower value when data rate is low.

send-bar

Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients.

option

-

enable

Option

Description

enable

Enable AMSDU support.

disable

Disable AMSDU support.

coexistence

Enable/disable allowing both HT20 and HT40 on the same radio.

option

-

enable

Option

Description

enable

Enable support for both HT20 and HT40 on the same radio.

disable

Disable support for both HT20 and HT40 on the same radio.

zero-wait-dfs

Enable/disable zero wait DFS on radio.

option

-

enable

Option

Description

enable

Enable zero wait DFS

disable

Disable zero wait DFS

bss-color

BSS color value for this 11ax radio.

integer

Minimum value: 0 Maximum value: 63

0

bss-color-mode

BSS color mode for this 11ax radio.

option

-

auto

Option

Description

auto

Automatically select BSS color value on AP.

static

Set BSS color value on this radio based on 'bss-color' CLI.

short-guard-interval

Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.

option

-

disable

Option

Description

enable

Select the 400 ns short guard interval (Short GI).

disable

Select the 800 ns long guard interval (Long GI).

channel-bonding

Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.

option

-

20MHz

Option

Description

160MHz

160 MHz channel width.

80MHz

80 MHz channel width.

40MHz

40 MHz channel width.

20MHz

20 MHz channel width.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference.

option

-

disable

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

Target of automatic transmit power adjustment in dBm.

string

Maximum length: 7

-70

power-mode

Set radio effective isotropic radiated power. This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power.

integer

Minimum value: 0 Maximum value: 100

100

power-value

Radio EIRP power in dBm.

integer

Minimum value: 1 Maximum value: 33

27

dtim

Delivery Traffic Indication Map. Set higher to save battery life of WiFi client in power-save mode.

integer

Minimum value: 1 Maximum value: 255

1

beacon-interval

Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type.

integer

Minimum value: 0 Maximum value: 65535

100

rts-threshold

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS.

integer

Minimum value: 256 Maximum value: 2346

2346

frag-threshold

Maximum packet size that can be sent without fragmentation.

integer

Minimum value: 800 Maximum value: 2346

2346

ap-sniffer-bufsize

Sniffer buffer size.

integer

Minimum value: 1 Maximum value: 32

16

ap-sniffer-chan

Channel on which to operate the sniffer.

integer

Minimum value: 0 Maximum value: 4294967295

6

ap-sniffer-addr

MAC address to monitor.

mac-address

Not Specified

00:00:00:00:00:00

ap-sniffer-mgmt-beacon

Enable/disable sniffer on WiFi management Beacon frames.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management beacon frame.

disable

Disable sniffer on WiFi management beacon frame.

ap-sniffer-mgmt-probe

Enable/disable sniffer on WiFi management probe frames.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management probe frame.

disable

Enable sniffer on WiFi management probe frame.

ap-sniffer-mgmt-other

Enable/disable sniffer on WiFi management other frames .

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management other frame.

disable

Disable sniffer on WiFi management other frame.

ap-sniffer-ctl

Enable/disable sniffer on WiFi control frame.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi control frame.

disable

Disable sniffer on WiFi control frame.

ap-sniffer-data

Enable/disable sniffer on WiFi data frame.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi data frame

disable

Disable sniffer on WiFi data frame

sam-ssid

SSID for WiFi network.

string

Maximum length: 32

sam-bssid

BSSID for WiFi network.

mac-address

Not Specified

00:00:00:00:00:00

sam-security-type

Select WiFi network security type.

option

-

wpa-personal

Option

Description

open

Open.

wpa-personal

WPA/WPA2 personal.

wpa-enterprise

WPA/WPA2 enterprise.

sam-captive-portal

Enable/disable Captive Portal Authentication.

option

-

disable

Option

Description

enable

Enable Captive Portal Authentication.

disable

Disable Captive Portal Authentication.

sam-cwp-username

Username for captive portal authentication.

string

Maximum length: 35

sam-cwp-password

Password for captive portal authentication.

password

Not Specified

sam-cwp-test-url

Website the client is trying to access.

string

Maximum length: 255

sam-cwp-match-string

Identification string from the captive portal login form.

string

Maximum length: 64

sam-cwp-success-string

Success identification on the page after a successful login.

string

Maximum length: 64

sam-cwp-failure-string

Failure identification on the page after an incorrect login.

string

Maximum length: 64

sam-username

Username for WiFi network connection.

string

Maximum length: 35

sam-password

Passphrase for WiFi network connection.

password

Not Specified

sam-test

Select SAM test type.

option

-

ping

Option

Description

ping

PING test.

iperf

IPERF test.

sam-server-type

Select SAM server type.

option

-

ip

Option

Description

ip

IPv4 address.

fqdn

Fully Qualified Domain Name address.

sam-server-ip

SAM test server IP address.

ipv4-address

Not Specified

0.0.0.0

sam-server-fqdn

SAM test server domain name.

string

Maximum length: 255

iperf-server-port

Iperf service port number.

integer

Minimum value: 0 Maximum value: 65535

5001

iperf-protocol

Iperf test protocol.

option

-

udp

Option

Description

udp

UDP.

tcp

TCP.

sam-report-intv

SAM report interval (sec), 0 for a one-time report.

integer

Minimum value: 60 Maximum value: 864000

0

channel-utilization

Enable/disable measuring channel utilization.

option

-

enable

Option

Description

enable

Enable measuring channel utilization.

disable

Disable measuring channel utilization.

wids-profile

Wireless Intrusion Detection System (WIDS) profile name to assign to the radio.

string

Maximum length: 35

darrp

Enable/disable Distributed Automatic Radio Resource Provisioning.

option

-

disable

Option

Description

enable

Enable distributed automatic radio resource provisioning.

disable

Disable distributed automatic radio resource provisioning.

arrp-profile

Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio.

string

Maximum length: 35

max-clients

Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.

integer

Minimum value: 0 Maximum value: 4294967295

0

max-distance

Maximum expected distance between the AP and clients.

integer

Minimum value: 0 Maximum value: 54000

0

vap-all

Configure method for assigning SSIDs to this FortiAP.

option

-

tunnel

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

call-admission-control

Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.

option

-

disable

Option

Description

enable

Enable WMM call admission control.

disable

Disable WMM call admission control.

call-capacity

Maximum number of Voice over WLAN.

integer

Minimum value: 0 Maximum value: 60

10

bandwidth-admission-control

Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.

option

-

disable

Option

Description

enable

Enable WMM bandwidth admission control.

disable

Disable WMM bandwidth admission control.

bandwidth-capacity

Maximum bandwidth capacity allowed.

integer

Minimum value: 1 Maximum value: 600000

2000

config radio-3

Parameter

Description

Type

Size

Default

mode

Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station.

option

-

ap

Option

Description

disabled

Radio 3 is disabled.

ap

Radio 3 operates as an access point that allows WiFi clients to connect to your network.

monitor

Radio 3 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.

sniffer

Radio 3 operates as a sniffer capturing WiFi frames on air.

sam

Radio 3 operates as a station that can connect to a neighboring AP for connectivity and health check.

band

WiFi band that Radio 3 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g/b.

802.11n

802.11n/g/b at 2.4GHz.

802.11n-5G

802.11n/a at 5GHz.

802.11ac

802.11ac/n/a.

802.11ax-5G

802.11ax/ac/n/a at 5GHz.

802.11ax

802.11ax/n/g/b at 2.4GHz.

802.11ac-2G

802.11ac at 2.4GHz.

802.11ax-6G

802.11ax at 6GHz.

802.11n,g-only

802.11n/g at 2.4GHz.

802.11g-only

802.11g.

802.11n-only

802.11n at 2.4GHz.

802.11n-5G-only

802.11n at 5GHz.

802.11ac,n-only

802.11ac/n.

802.11ac-only

802.11ac.

802.11ax,ac-only

802.11ax/ac at 5GHz.

802.11ax,ac,n-only

802.11ax/ac/n at 5GHz.

802.11ax-5G-only

802.11ax at 5GHz.

802.11ax,n-only

802.11ax/n at 2.4GHz.

802.11ax,n,g-only

802.11ax/n/g at 2.4GHz.

802.11ax-only

802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

-

5g-full

Option

Description

5g-full

Full 5G band.

5g-high

High 5G band.

5g-low

Low 5G band.

drma

Enable/disable dynamic radio mode assignment.

option

-

disable

Option

Description

disable

Disable dynamic radio mode assignment (DRMA).

enable

Enable dynamic radio mode assignment (DRMA).

drma-sensitivity

Network Coverage Factor.

option

-

low

Option

Description

low

Consider a radio as redundant when its NCF is 100%.

medium

Consider a radio as redundant when its NCF is 95%.

high

Consider a radio as redundant when its NCF is 90%.

airtime-fairness

Enable/disable airtime fairness.

option

-

disable

Option

Description

enable

Enable airtime fairness (ATF) support.

disable

Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

-

disable

Option

Description

rtscts

Enable 802.11g protection RTS/CTS mode.

ctsonly

Enable 802.11g protection CTS only mode.

disable

Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

-

Option

Description

tim

TIM bit for client in power save mode.

ac-vo

Use AC VO priority to send out packets in the power save queue.

no-obss-scan

Do not put OBSS scan IE into beacon and probe response frames.

no-11b-rate

Do not send frame using 11b data rate.

client-rate-follow

Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

-

power-save aggr-limit retry-limit send-bar

Option

Description

disable

Disable packet transmission optimization.

power-save

Tag client as operating in power save mode if excessive transmit retries occur.

aggr-limit

Set aggregation limit to a lower value when data rate is low.

retry-limit

Set software retry limit to a lower value when data rate is low.

send-bar

Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients.

option

-

enable

Option

Description

enable

Enable AMSDU support.

disable

Disable AMSDU support.

coexistence

Enable/disable allowing both HT20 and HT40 on the same radio.

option

-

enable

Option

Description

enable

Enable support for both HT20 and HT40 on the same radio.

disable

Disable support for both HT20 and HT40 on the same radio.

zero-wait-dfs

Enable/disable zero wait DFS on radio.

option

-

enable

Option

Description

enable

Enable zero wait DFS

disable

Disable zero wait DFS

bss-color

BSS color value for this 11ax radio.

integer

Minimum value: 0 Maximum value: 63

0

bss-color-mode

BSS color mode for this 11ax radio.

option

-

auto

Option

Description

auto

Automatically select BSS color value on AP.

static

Set BSS color value on this radio based on 'bss-color' CLI.

short-guard-interval

Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.

option

-

disable

Option

Description

enable

Select the 400 ns short guard interval (Short GI).

disable

Select the 800 ns long guard interval (Long GI).

channel-bonding

Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.

option

-

20MHz

Option

Description

160MHz

160 MHz channel width.

80MHz

80 MHz channel width.

40MHz

40 MHz channel width.

20MHz

20 MHz channel width.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference.

option

-

disable

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

Target of automatic transmit power adjustment in dBm.

string

Maximum length: 7

-70

power-mode

Set radio effective isotropic radiated power. This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power.

integer

Minimum value: 0 Maximum value: 100

100

power-value

Radio EIRP power in dBm.

integer

Minimum value: 1 Maximum value: 33

27

dtim

Delivery Traffic Indication Map. Set higher to save battery life of WiFi client in power-save mode.

integer

Minimum value: 1 Maximum value: 255

1

beacon-interval

Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type.

integer

Minimum value: 0 Maximum value: 65535

100

rts-threshold

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS.

integer

Minimum value: 256 Maximum value: 2346

2346

frag-threshold

Maximum packet size that can be sent without fragmentation.

integer

Minimum value: 800 Maximum value: 2346

2346

ap-sniffer-bufsize

Sniffer buffer size.

integer

Minimum value: 1 Maximum value: 32

16

ap-sniffer-chan

Channel on which to operate the sniffer.

integer

Minimum value: 0 Maximum value: 4294967295

6

ap-sniffer-addr

MAC address to monitor.

mac-address

Not Specified

00:00:00:00:00:00

ap-sniffer-mgmt-beacon

Enable/disable sniffer on WiFi management Beacon frames.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management beacon frame.

disable

Disable sniffer on WiFi management beacon frame.

ap-sniffer-mgmt-probe

Enable/disable sniffer on WiFi management probe frames.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management probe frame.

disable

Enable sniffer on WiFi management probe frame.

ap-sniffer-mgmt-other

Enable/disable sniffer on WiFi management other frames .

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management other frame.

disable

Disable sniffer on WiFi management other frame.

ap-sniffer-ctl

Enable/disable sniffer on WiFi control frame.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi control frame.

disable

Disable sniffer on WiFi control frame.

ap-sniffer-data

Enable/disable sniffer on WiFi data frame.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi data frame

disable

Disable sniffer on WiFi data frame

sam-ssid

SSID for WiFi network.

string

Maximum length: 32

sam-bssid

BSSID for WiFi network.

mac-address

Not Specified

00:00:00:00:00:00

sam-security-type

Select WiFi network security type.

option

-

wpa-personal

Option

Description

open

Open.

wpa-personal

WPA/WPA2 personal.

wpa-enterprise

WPA/WPA2 enterprise.

sam-captive-portal

Enable/disable Captive Portal Authentication.

option

-

disable

Option

Description

enable

Enable Captive Portal Authentication.

disable

Disable Captive Portal Authentication.

sam-cwp-username

Username for captive portal authentication.

string

Maximum length: 35

sam-cwp-password

Password for captive portal authentication.

password

Not Specified

sam-cwp-test-url

Website the client is trying to access.

string

Maximum length: 255

sam-cwp-match-string

Identification string from the captive portal login form.

string

Maximum length: 64

sam-cwp-success-string

Success identification on the page after a successful login.

string

Maximum length: 64

sam-cwp-failure-string

Failure identification on the page after an incorrect login.

string

Maximum length: 64

sam-username

Username for WiFi network connection.

string

Maximum length: 35

sam-password

Passphrase for WiFi network connection.

password

Not Specified

sam-test

Select SAM test type.

option

-

ping

Option

Description

ping

PING test.

iperf

IPERF test.

sam-server-type

Select SAM server type.

option

-

ip

Option

Description

ip

IPv4 address.

fqdn

Fully Qualified Domain Name address.

sam-server-ip

SAM test server IP address.

ipv4-address

Not Specified

0.0.0.0

sam-server-fqdn

SAM test server domain name.

string

Maximum length: 255

iperf-server-port

Iperf service port number.

integer

Minimum value: 0 Maximum value: 65535

5001

iperf-protocol

Iperf test protocol.

option

-

udp

Option

Description

udp

UDP.

tcp

TCP.

sam-report-intv

SAM report interval (sec), 0 for a one-time report.

integer

Minimum value: 60 Maximum value: 864000

0

channel-utilization

Enable/disable measuring channel utilization.

option

-

enable

Option

Description

enable

Enable measuring channel utilization.

disable

Disable measuring channel utilization.

wids-profile

Wireless Intrusion Detection System (WIDS) profile name to assign to the radio.

string

Maximum length: 35

darrp

Enable/disable Distributed Automatic Radio Resource Provisioning.

option

-

disable

Option

Description

enable

Enable distributed automatic radio resource provisioning.

disable

Disable distributed automatic radio resource provisioning.

arrp-profile

Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio.

string

Maximum length: 35

max-clients

Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.

integer

Minimum value: 0 Maximum value: 4294967295

0

max-distance

Maximum expected distance between the AP and clients.

integer

Minimum value: 0 Maximum value: 54000

0

vap-all

Configure method for assigning SSIDs to this FortiAP.

option

-

tunnel

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

call-admission-control

Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.

option

-

disable

Option

Description

enable

Enable WMM call admission control.

disable

Disable WMM call admission control.

call-capacity

Maximum number of Voice over WLAN.

integer

Minimum value: 0 Maximum value: 60

10

bandwidth-admission-control

Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.

option

-

disable

Option

Description

enable

Enable WMM bandwidth admission control.

disable

Disable WMM bandwidth admission control.

bandwidth-capacity

Maximum bandwidth capacity allowed.

integer

Minimum value: 1 Maximum value: 600000

2000

config radio-4

Parameter

Description

Type

Size

Default

mode

Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station.

option

-

ap

Option

Description

disabled

Radio 3 is disabled.

ap

Radio 3 operates as an access point that allows WiFi clients to connect to your network.

monitor

Radio 3 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.

sniffer

Radio 3 operates as a sniffer capturing WiFi frames on air.

sam

Radio 3 operates as a station that can connect to a neighboring AP for connectivity and health check.

band

WiFi band that Radio 3 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g/b.

802.11n

802.11n/g/b at 2.4GHz.

802.11n-5G

802.11n/a at 5GHz.

802.11ac

802.11ac/n/a.

802.11ax-5G

802.11ax/ac/n/a at 5GHz.

802.11ax

802.11ax/n/g/b at 2.4GHz.

802.11ac-2G

802.11ac at 2.4GHz.

802.11ax-6G

802.11ax at 6GHz.

802.11n,g-only

802.11n/g at 2.4GHz.

802.11g-only

802.11g.

802.11n-only

802.11n at 2.4GHz.

802.11n-5G-only

802.11n at 5GHz.

802.11ac,n-only

802.11ac/n.

802.11ac-only

802.11ac.

802.11ax,ac-only

802.11ax/ac at 5GHz.

802.11ax,ac,n-only

802.11ax/ac/n at 5GHz.

802.11ax-5G-only

802.11ax at 5GHz.

802.11ax,n-only

802.11ax/n at 2.4GHz.

802.11ax,n,g-only

802.11ax/n/g at 2.4GHz.

802.11ax-only

802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

-

5g-full

Option

Description

5g-full

Full 5G band.

5g-high

High 5G band.

5g-low

Low 5G band.

drma

Enable/disable dynamic radio mode assignment.

option

-

disable

Option

Description

disable

Disable dynamic radio mode assignment (DRMA).

enable

Enable dynamic radio mode assignment (DRMA).

drma-sensitivity

Network Coverage Factor.

option

-

low

Option

Description

low

Consider a radio as redundant when its NCF is 100%.

medium

Consider a radio as redundant when its NCF is 95%.

high

Consider a radio as redundant when its NCF is 90%.

airtime-fairness

Enable/disable airtime fairness.

option

-

disable

Option

Description

enable

Enable airtime fairness (ATF) support.

disable

Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

-

disable

Option

Description

rtscts

Enable 802.11g protection RTS/CTS mode.

ctsonly

Enable 802.11g protection CTS only mode.

disable

Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

-

Option

Description

tim

TIM bit for client in power save mode.

ac-vo

Use AC VO priority to send out packets in the power save queue.

no-obss-scan

Do not put OBSS scan IE into beacon and probe response frames.

no-11b-rate

Do not send frame using 11b data rate.

client-rate-follow

Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

-

power-save aggr-limit retry-limit send-bar

Option

Description

disable

Disable packet transmission optimization.

power-save

Tag client as operating in power save mode if excessive transmit retries occur.

aggr-limit

Set aggregation limit to a lower value when data rate is low.

retry-limit

Set software retry limit to a lower value when data rate is low.

send-bar

Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients.

option

-

enable

Option

Description

enable

Enable AMSDU support.

disable

Disable AMSDU support.

coexistence

Enable/disable allowing both HT20 and HT40 on the same radio.

option

-

enable

Option

Description

enable

Enable support for both HT20 and HT40 on the same radio.

disable

Disable support for both HT20 and HT40 on the same radio.

zero-wait-dfs

Enable/disable zero wait DFS on radio.

option

-

enable

Option

Description

enable

Enable zero wait DFS

disable

Disable zero wait DFS

bss-color

BSS color value for this 11ax radio.

integer

Minimum value: 0 Maximum value: 63

0

bss-color-mode

BSS color mode for this 11ax radio.

option

-

auto

Option

Description

auto

Automatically select BSS color value on AP.

static

Set BSS color value on this radio based on 'bss-color' CLI.

short-guard-interval

Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.

option

-

disable

Option

Description

enable

Select the 400 ns short guard interval (Short GI).

disable

Select the 800 ns long guard interval (Long GI).

channel-bonding

Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.

option

-

20MHz

Option

Description

160MHz

160 MHz channel width.

80MHz

80 MHz channel width.

40MHz

40 MHz channel width.

20MHz

20 MHz channel width.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference.

option

-

disable

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

Target of automatic transmit power adjustment in dBm.

string

Maximum length: 7

-70

power-mode

Set radio effective isotropic radiated power. This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power.

integer

Minimum value: 0 Maximum value: 100

100

power-value

Radio EIRP power in dBm.

integer

Minimum value: 1 Maximum value: 33

27

dtim

Delivery Traffic Indication Map. Set higher to save battery life of WiFi client in power-save mode.

integer

Minimum value: 1 Maximum value: 255

1

beacon-interval

Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type.

integer

Minimum value: 0 Maximum value: 65535

100

rts-threshold

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS.

integer

Minimum value: 256 Maximum value: 2346

2346

frag-threshold

Maximum packet size that can be sent without fragmentation.

integer

Minimum value: 800 Maximum value: 2346

2346

ap-sniffer-bufsize

Sniffer buffer size.

integer

Minimum value: 1 Maximum value: 32

16

ap-sniffer-chan

Channel on which to operate the sniffer.

integer

Minimum value: 0 Maximum value: 4294967295

6

ap-sniffer-addr

MAC address to monitor.

mac-address

Not Specified

00:00:00:00:00:00

ap-sniffer-mgmt-beacon

Enable/disable sniffer on WiFi management Beacon frames.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management beacon frame.

disable

Disable sniffer on WiFi management beacon frame.

ap-sniffer-mgmt-probe

Enable/disable sniffer on WiFi management probe frames.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management probe frame.

disable

Enable sniffer on WiFi management probe frame.

ap-sniffer-mgmt-other

Enable/disable sniffer on WiFi management other frames .

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management other frame.

disable

Disable sniffer on WiFi management other frame.

ap-sniffer-ctl

Enable/disable sniffer on WiFi control frame.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi control frame.

disable

Disable sniffer on WiFi control frame.

ap-sniffer-data

Enable/disable sniffer on WiFi data frame.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi data frame

disable

Disable sniffer on WiFi data frame

sam-ssid

SSID for WiFi network.

string

Maximum length: 32

sam-bssid

BSSID for WiFi network.

mac-address

Not Specified

00:00:00:00:00:00

sam-security-type

Select WiFi network security type.

option

-

wpa-personal

Option

Description

open

Open.

wpa-personal

WPA/WPA2 personal.

wpa-enterprise

WPA/WPA2 enterprise.

sam-captive-portal

Enable/disable Captive Portal Authentication.

option

-

disable

Option

Description

enable

Enable Captive Portal Authentication.

disable

Disable Captive Portal Authentication.

sam-cwp-username

Username for captive portal authentication.

string

Maximum length: 35

sam-cwp-password

Password for captive portal authentication.

password

Not Specified

sam-cwp-test-url

Website the client is trying to access.

string

Maximum length: 255

sam-cwp-match-string

Identification string from the captive portal login form.

string

Maximum length: 64

sam-cwp-success-string

Success identification on the page after a successful login.

string

Maximum length: 64

sam-cwp-failure-string

Failure identification on the page after an incorrect login.

string

Maximum length: 64

sam-username

Username for WiFi network connection.

string

Maximum length: 35

sam-password

Passphrase for WiFi network connection.

password

Not Specified

sam-test

Select SAM test type.

option

-

ping

Option

Description

ping

PING test.

iperf

IPERF test.

sam-server-type

Select SAM server type.

option

-

ip

Option

Description

ip

IPv4 address.

fqdn

Fully Qualified Domain Name address.

sam-server-ip

SAM test server IP address.

ipv4-address

Not Specified

0.0.0.0

sam-server-fqdn

SAM test server domain name.

string

Maximum length: 255

iperf-server-port

Iperf service port number.

integer

Minimum value: 0 Maximum value: 65535

5001

iperf-protocol

Iperf test protocol.

option

-

udp

Option

Description

udp

UDP.

tcp

TCP.

sam-report-intv

SAM report interval (sec), 0 for a one-time report.

integer

Minimum value: 60 Maximum value: 864000

0

channel-utilization

Enable/disable measuring channel utilization.

option

-

enable

Option

Description

enable

Enable measuring channel utilization.

disable

Disable measuring channel utilization.

wids-profile

Wireless Intrusion Detection System (WIDS) profile name to assign to the radio.

string

Maximum length: 35

darrp

Enable/disable Distributed Automatic Radio Resource Provisioning.

option

-

disable

Option

Description

enable

Enable distributed automatic radio resource provisioning.

disable

Disable distributed automatic radio resource provisioning.

arrp-profile

Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio.

string

Maximum length: 35

max-clients

Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.

integer

Minimum value: 0 Maximum value: 4294967295

0

max-distance

Maximum expected distance between the AP and clients.

integer

Minimum value: 0 Maximum value: 54000

0

vap-all

Configure method for assigning SSIDs to this FortiAP.

option

-

tunnel

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

call-admission-control

Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.

option

-

disable

Option

Description

enable

Enable WMM call admission control.

disable

Disable WMM call admission control.

call-capacity

Maximum number of Voice over WLAN.

integer

Minimum value: 0 Maximum value: 60

10

bandwidth-admission-control

Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.

option

-

disable

Option

Description

enable

Enable WMM bandwidth admission control.

disable

Disable WMM bandwidth admission control.

bandwidth-capacity

Maximum bandwidth capacity allowed.

integer

Minimum value: 1 Maximum value: 600000

2000

config split-tunneling-acl

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

dest-ip

Destination IP and mask for the split-tunneling subnet.

ipv4-classnet

Not Specified

0.0.0.0 0.0.0.0

config wireless-controller wtp-profile

config wireless-controller wtp-profile

Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.

config wireless-controller wtp-profile
    Description: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.
    edit <name>
        set allowaccess {option1}, {option2}, ...
        set ap-country [--|AF|...]
        set ap-handoff [enable|disable]
        set apcfg-profile {string}
        set ble-profile {string}
        set comment {var-string}
        set console-login [enable|disable]
        set control-message-offload {option1}, {option2}, ...
        config deny-mac-list
            Description: List of MAC addresses that are denied access to this WTP, FortiAP, or AP.
            edit <id>
                set mac {mac-address}
            next
        end
        set dtls-in-kernel [enable|disable]
        set dtls-policy {option1}, {option2}, ...
        set energy-efficient-ethernet [enable|disable]
        config esl-ses-dongle
            Description: ESL SES-imagotag dongle configuration.
            set compliance-level {option}
            set scd-enable [enable|disable]
            set esl-channel [-1|0|...]
            set output-power [a|b|...]
            set apc-addr-type [fqdn|ip]
            set apc-fqdn {string}
            set apc-ip {ipv4-address}
            set apc-port {integer}
            set coex-level {option}
            set tls-cert-verification [enable|disable]
            set tls-fqdn-verification [enable|disable]
        end
        set ext-info-enable [enable|disable]
        set frequency-handoff [enable|disable]
        set handoff-roaming [enable|disable]
        set handoff-rssi {integer}
        set handoff-sta-thresh {integer}
        set indoor-outdoor-deployment [platform-determined|outdoor|...]
        set ip-fragment-preventing {option1}, {option2}, ...
        config lan
            Description: WTP LAN port mapping.
            set port-mode [offline|nat-to-wan|...]
            set port-ssid {string}
            set port1-mode [offline|nat-to-wan|...]
            set port1-ssid {string}
            set port2-mode [offline|nat-to-wan|...]
            set port2-ssid {string}
            set port3-mode [offline|nat-to-wan|...]
            set port3-ssid {string}
            set port4-mode [offline|nat-to-wan|...]
            set port4-ssid {string}
            set port5-mode [offline|nat-to-wan|...]
            set port5-ssid {string}
            set port6-mode [offline|nat-to-wan|...]
            set port6-ssid {string}
            set port7-mode [offline|nat-to-wan|...]
            set port7-ssid {string}
            set port8-mode [offline|nat-to-wan|...]
            set port8-ssid {string}
            set port-esl-mode [offline|nat-to-wan|...]
            set port-esl-ssid {string}
        end
        config lbs
            Description: Set various location based service (LBS) options.
            set ekahau-blink-mode [enable|disable]
            set ekahau-tag {mac-address}
            set erc-server-ip {ipv4-address-any}
            set erc-server-port {integer}
            set aeroscout [enable|disable]
            set aeroscout-server-ip {ipv4-address-any}
            set aeroscout-server-port {integer}
            set aeroscout-mu [enable|disable]
            set aeroscout-ap-mac [bssid|board-mac]
            set aeroscout-mmu-report [enable|disable]
            set aeroscout-mu-factor {integer}
            set aeroscout-mu-timeout {integer}
            set fortipresence [foreign|both|...]
            set fortipresence-server-addr-type [ipv4|fqdn]
            set fortipresence-server {ipv4-address-any}
            set fortipresence-server-fqdn {string}
            set fortipresence-port {integer}
            set fortipresence-secret {password}
            set fortipresence-project {string}
            set fortipresence-frequency {integer}
            set fortipresence-rogue [enable|disable]
            set fortipresence-unassoc [enable|disable]
            set fortipresence-ble [enable|disable]
            set station-locate [enable|disable]
        end
        set led-schedules <name1>, <name2>, ...
        set led-state [enable|disable]
        set lldp [enable|disable]
        set login-passwd {password}
        set login-passwd-change [yes|default|...]
        set max-clients {integer}
        config platform
            Description: WTP, FortiAP, or AP platform.
            set type [AP-11N|220B|...]
            set mode [single-5G|dual-5G]
            set ddscan [enable|disable]
        end
        set poe-mode [auto|8023af|...]
        config radio-1
            Description: Configuration options for radio 1.
            set mode [disabled|ap|...]
            set band [802.11a|802.11b|...]
            set band-5g-type [5g-full|5g-high|...]
            set drma [disable|enable]
            set drma-sensitivity [low|medium|...]
            set airtime-fairness [enable|disable]
            set protection-mode [rtscts|ctsonly|...]
            set powersave-optimize {option1}, {option2}, ...
            set transmit-optimize {option1}, {option2}, ...
            set amsdu [enable|disable]
            set coexistence [enable|disable]
            set zero-wait-dfs [enable|disable]
            set bss-color {integer}
            set bss-color-mode [auto|static]
            set short-guard-interval [enable|disable]
            set channel-bonding [160MHz|80MHz|...]
            set auto-power-level [enable|disable]
            set auto-power-high {integer}
            set auto-power-low {integer}
            set auto-power-target {string}
            set power-mode [dBm|percentage]
            set power-level {integer}
            set power-value {integer}
            set dtim {integer}
            set beacon-interval {integer}
            set rts-threshold {integer}
            set frag-threshold {integer}
            set ap-sniffer-bufsize {integer}
            set ap-sniffer-chan {integer}
            set ap-sniffer-addr {mac-address}
            set ap-sniffer-mgmt-beacon [enable|disable]
            set ap-sniffer-mgmt-probe [enable|disable]
            set ap-sniffer-mgmt-other [enable|disable]
            set ap-sniffer-ctl [enable|disable]
            set ap-sniffer-data [enable|disable]
            set sam-ssid {string}
            set sam-bssid {mac-address}
            set sam-security-type [open|wpa-personal|...]
            set sam-captive-portal [enable|disable]
            set sam-cwp-username {string}
            set sam-cwp-password {password}
            set sam-cwp-test-url {string}
            set sam-cwp-match-string {string}
            set sam-cwp-success-string {string}
            set sam-cwp-failure-string {string}
            set sam-username {string}
            set sam-password {password}
            set sam-test [ping|iperf]
            set sam-server-type [ip|fqdn]
            set sam-server-ip {ipv4-address}
            set sam-server-fqdn {string}
            set iperf-server-port {integer}
            set iperf-protocol [udp|tcp]
            set sam-report-intv {integer}
            set channel-utilization [enable|disable]
            set wids-profile {string}
            set darrp [enable|disable]
            set arrp-profile {string}
            set max-clients {integer}
            set max-distance {integer}
            set vap-all [tunnel|bridge|...]
            set vaps <name1>, <name2>, ...
            set channel <chan1>, <chan2>, ...
            set call-admission-control [enable|disable]
            set call-capacity {integer}
            set bandwidth-admission-control [enable|disable]
            set bandwidth-capacity {integer}
        end
        config radio-2
            Description: Configuration options for radio 2.
            set mode [disabled|ap|...]
            set band [802.11a|802.11b|...]
            set band-5g-type [5g-full|5g-high|...]
            set drma [disable|enable]
            set drma-sensitivity [low|medium|...]
            set airtime-fairness [enable|disable]
            set protection-mode [rtscts|ctsonly|...]
            set powersave-optimize {option1}, {option2}, ...
            set transmit-optimize {option1}, {option2}, ...
            set amsdu [enable|disable]
            set coexistence [enable|disable]
            set zero-wait-dfs [enable|disable]
            set bss-color {integer}
            set bss-color-mode [auto|static]
            set short-guard-interval [enable|disable]
            set channel-bonding [160MHz|80MHz|...]
            set auto-power-level [enable|disable]
            set auto-power-high {integer}
            set auto-power-low {integer}
            set auto-power-target {string}
            set power-mode [dBm|percentage]
            set power-level {integer}
            set power-value {integer}
            set dtim {integer}
            set beacon-interval {integer}
            set rts-threshold {integer}
            set frag-threshold {integer}
            set ap-sniffer-bufsize {integer}
            set ap-sniffer-chan {integer}
            set ap-sniffer-addr {mac-address}
            set ap-sniffer-mgmt-beacon [enable|disable]
            set ap-sniffer-mgmt-probe [enable|disable]
            set ap-sniffer-mgmt-other [enable|disable]
            set ap-sniffer-ctl [enable|disable]
            set ap-sniffer-data [enable|disable]
            set sam-ssid {string}
            set sam-bssid {mac-address}
            set sam-security-type [open|wpa-personal|...]
            set sam-captive-portal [enable|disable]
            set sam-cwp-username {string}
            set sam-cwp-password {password}
            set sam-cwp-test-url {string}
            set sam-cwp-match-string {string}
            set sam-cwp-success-string {string}
            set sam-cwp-failure-string {string}
            set sam-username {string}
            set sam-password {password}
            set sam-test [ping|iperf]
            set sam-server-type [ip|fqdn]
            set sam-server-ip {ipv4-address}
            set sam-server-fqdn {string}
            set iperf-server-port {integer}
            set iperf-protocol [udp|tcp]
            set sam-report-intv {integer}
            set channel-utilization [enable|disable]
            set wids-profile {string}
            set darrp [enable|disable]
            set arrp-profile {string}
            set max-clients {integer}
            set max-distance {integer}
            set vap-all [tunnel|bridge|...]
            set vaps <name1>, <name2>, ...
            set channel <chan1>, <chan2>, ...
            set call-admission-control [enable|disable]
            set call-capacity {integer}
            set bandwidth-admission-control [enable|disable]
            set bandwidth-capacity {integer}
        end
        config radio-3
            Description: Configuration options for radio 3.
            set mode [disabled|ap|...]
            set band [802.11a|802.11b|...]
            set band-5g-type [5g-full|5g-high|...]
            set drma [disable|enable]
            set drma-sensitivity [low|medium|...]
            set airtime-fairness [enable|disable]
            set protection-mode [rtscts|ctsonly|...]
            set powersave-optimize {option1}, {option2}, ...
            set transmit-optimize {option1}, {option2}, ...
            set amsdu [enable|disable]
            set coexistence [enable|disable]
            set zero-wait-dfs [enable|disable]
            set bss-color {integer}
            set bss-color-mode [auto|static]
            set short-guard-interval [enable|disable]
            set channel-bonding [160MHz|80MHz|...]
            set auto-power-level [enable|disable]
            set auto-power-high {integer}
            set auto-power-low {integer}
            set auto-power-target {string}
            set power-mode [dBm|percentage]
            set power-level {integer}
            set power-value {integer}
            set dtim {integer}
            set beacon-interval {integer}
            set rts-threshold {integer}
            set frag-threshold {integer}
            set ap-sniffer-bufsize {integer}
            set ap-sniffer-chan {integer}
            set ap-sniffer-addr {mac-address}
            set ap-sniffer-mgmt-beacon [enable|disable]
            set ap-sniffer-mgmt-probe [enable|disable]
            set ap-sniffer-mgmt-other [enable|disable]
            set ap-sniffer-ctl [enable|disable]
            set ap-sniffer-data [enable|disable]
            set sam-ssid {string}
            set sam-bssid {mac-address}
            set sam-security-type [open|wpa-personal|...]
            set sam-captive-portal [enable|disable]
            set sam-cwp-username {string}
            set sam-cwp-password {password}
            set sam-cwp-test-url {string}
            set sam-cwp-match-string {string}
            set sam-cwp-success-string {string}
            set sam-cwp-failure-string {string}
            set sam-username {string}
            set sam-password {password}
            set sam-test [ping|iperf]
            set sam-server-type [ip|fqdn]
            set sam-server-ip {ipv4-address}
            set sam-server-fqdn {string}
            set iperf-server-port {integer}
            set iperf-protocol [udp|tcp]
            set sam-report-intv {integer}
            set channel-utilization [enable|disable]
            set wids-profile {string}
            set darrp [enable|disable]
            set arrp-profile {string}
            set max-clients {integer}
            set max-distance {integer}
            set vap-all [tunnel|bridge|...]
            set vaps <name1>, <name2>, ...
            set channel <chan1>, <chan2>, ...
            set call-admission-control [enable|disable]
            set call-capacity {integer}
            set bandwidth-admission-control [enable|disable]
            set bandwidth-capacity {integer}
        end
        config radio-4
            Description: Configuration options for radio 4.
            set mode [disabled|ap|...]
            set band [802.11a|802.11b|...]
            set band-5g-type [5g-full|5g-high|...]
            set drma [disable|enable]
            set drma-sensitivity [low|medium|...]
            set airtime-fairness [enable|disable]
            set protection-mode [rtscts|ctsonly|...]
            set powersave-optimize {option1}, {option2}, ...
            set transmit-optimize {option1}, {option2}, ...
            set amsdu [enable|disable]
            set coexistence [enable|disable]
            set zero-wait-dfs [enable|disable]
            set bss-color {integer}
            set bss-color-mode [auto|static]
            set short-guard-interval [enable|disable]
            set channel-bonding [160MHz|80MHz|...]
            set auto-power-level [enable|disable]
            set auto-power-high {integer}
            set auto-power-low {integer}
            set auto-power-target {string}
            set power-mode [dBm|percentage]
            set power-level {integer}
            set power-value {integer}
            set dtim {integer}
            set beacon-interval {integer}
            set rts-threshold {integer}
            set frag-threshold {integer}
            set ap-sniffer-bufsize {integer}
            set ap-sniffer-chan {integer}
            set ap-sniffer-addr {mac-address}
            set ap-sniffer-mgmt-beacon [enable|disable]
            set ap-sniffer-mgmt-probe [enable|disable]
            set ap-sniffer-mgmt-other [enable|disable]
            set ap-sniffer-ctl [enable|disable]
            set ap-sniffer-data [enable|disable]
            set sam-ssid {string}
            set sam-bssid {mac-address}
            set sam-security-type [open|wpa-personal|...]
            set sam-captive-portal [enable|disable]
            set sam-cwp-username {string}
            set sam-cwp-password {password}
            set sam-cwp-test-url {string}
            set sam-cwp-match-string {string}
            set sam-cwp-success-string {string}
            set sam-cwp-failure-string {string}
            set sam-username {string}
            set sam-password {password}
            set sam-test [ping|iperf]
            set sam-server-type [ip|fqdn]
            set sam-server-ip {ipv4-address}
            set sam-server-fqdn {string}
            set iperf-server-port {integer}
            set iperf-protocol [udp|tcp]
            set sam-report-intv {integer}
            set channel-utilization [enable|disable]
            set wids-profile {string}
            set darrp [enable|disable]
            set arrp-profile {string}
            set max-clients {integer}
            set max-distance {integer}
            set vap-all [tunnel|bridge|...]
            set vaps <name1>, <name2>, ...
            set channel <chan1>, <chan2>, ...
            set call-admission-control [enable|disable]
            set call-capacity {integer}
            set bandwidth-admission-control [enable|disable]
            set bandwidth-capacity {integer}
        end
        config split-tunneling-acl
            Description: Split tunneling ACL filter list.
            edit <id>
                set dest-ip {ipv4-classnet}
            next
        end
        set split-tunneling-acl-local-ap-subnet [enable|disable]
        set split-tunneling-acl-path [tunnel|local]
        set syslog-profile {string}
        set tun-mtu-downlink {integer}
        set tun-mtu-uplink {integer}
        set wan-port-auth [none|802.1x]
        set wan-port-auth-methods [all|EAP-FAST|...]
        set wan-port-auth-password {password}
        set wan-port-auth-usrname {string}
        set wan-port-mode [wan-lan|wan-only]
    next
end

config wireless-controller wtp-profile

Parameter

Description

Type

Size

Default

allowaccess

Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space.

option

-

Option

Description

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

ap-country

Country in which this WTP, FortiAP, or AP will operate.

option

-

--

Option

Description

--

NO_COUNTRY_SET

AF

AFGHANISTAN

AL

ALBANIA

DZ

ALGERIA

AS

AMERICAN SAMOA

AO

ANGOLA

AR

ARGENTINA

AM

ARMENIA

AU

AUSTRALIA

AT

AUSTRIA

AZ

AZERBAIJAN

BS

BAHAMAS

BH

BAHRAIN

BD

BANGLADESH

BB

BARBADOS

BY

BELARUS

BE

BELGIUM

BZ

BELIZE

BJ

BENIN

BM

BERMUDA

BT

BHUTAN

BO

BOLIVIA

BA

BOSNIA AND HERZEGOVINA

BW

BOTSWANA

BR

BRAZIL

BN

BRUNEI DARUSSALAM

BG

BULGARIA

BF

BURKINA-FASO

KH

CAMBODIA

CM

CAMEROON

KY

CAYMAN ISLANDS

CF

CENTRAL AFRICA REPUBLIC

TD

CHAD

CL

CHILE

CN

CHINA

CX

CHRISTMAS ISLAND

CO

COLOMBIA

CG

CONGO REPUBLIC

CD

DEMOCRATIC REPUBLIC OF CONGO

CR

COSTA RICA

HR

CROATIA

CY

CYPRUS

CZ

CZECH REPUBLIC

DK

DENMARK

DM

DOMINICA

DO

DOMINICAN REPUBLIC

EC

ECUADOR

EG

EGYPT

SV

EL SALVADOR

ET

ETHIOPIA

EE

ESTONIA

GF

FRENCH GUIANA

PF

FRENCH POLYNESIA

FO

FAEROE ISLANDS

FJ

FIJI

FI

FINLAND

FR

FRANCE

GE

GEORGIA

DE

GERMANY

GH

GHANA

GI

GIBRALTAR

GR

GREECE

GL

GREENLAND

GD

GRENADA

GP

GUADELOUPE

GU

GUAM

GT

GUATEMALA

GY

GUYANA

HT

HAITI

HN

HONDURAS

HK

HONG KONG

HU

HUNGARY

IS

ICELAND

IN

INDIA

ID

INDONESIA

IQ

IRAQ

IE

IRELAND

IM

ISLE OF MAN

IL

ISRAEL

IT

ITALY

CI

COTE_D_IVOIRE

JM

JAMAICA

JO

JORDAN

KZ

KAZAKHSTAN

KE

KENYA

KR

KOREA REPUBLIC

KW

KUWAIT

LA

LAOS

LV

LATVIA

LB

LEBANON

LS

LESOTHO

LY

LIBYA

LI

LIECHTENSTEIN

LT

LITHUANIA

LU

LUXEMBOURG

MO

MACAU SAR

MK

MACEDONIA, FYRO

MG

MADAGASCAR

MW

MALAWI

MY

MALAYSIA

MV

MALDIVES

ML

MALI

MT

MALTA

MH

MARSHALL ISLANDS

MQ

MARTINIQUE

MR

MAURITANIA

MU

MAURITIUS

YT

MAYOTTE

MX

MEXICO

FM

MICRONESIA

MD

REPUBLIC OF MOLDOVA

MC

MONACO

MN

MONGOLIA

MA

MOROCCO

MZ

MOZAMBIQUE

MM

MYANMAR

NA

NAMIBIA

NP

NEPAL

NL

NETHERLANDS

AN

NETHERLANDS ANTILLES

AW

ARUBA

NZ

NEW ZEALAND

NI

NICARAGUA

NE

NIGER

NO

NORWAY

MP

NORTHERN MARIANA ISLANDS

OM

OMAN

PK

PAKISTAN

PW

PALAU

PA

PANAMA

PG

PAPUA NEW GUINEA

PY

PARAGUAY

PE

PERU

PH

PHILIPPINES

PL

POLAND

PT

PORTUGAL

PR

PUERTO RICO

QA

QATAR

RE

REUNION

RO

ROMANIA

RU

RUSSIA

RW

RWANDA

BL

SAINT BARTHELEMY

KN

SAINT KITTS AND NEVIS

LC

SAINT LUCIA

MF

SAINT MARTIN

PM

SAINT PIERRE AND MIQUELON

VC

SAINT VINCENT AND GRENADIENS

SA

SAUDI ARABIA

SN

SENEGAL

RS

REPUBLIC OF SERBIA

ME

MONTENEGRO

SL

SIERRA LEONE

SG

SINGAPORE

SK

SLOVAKIA

SI

SLOVENIA

ZA

SOUTH AFRICA

ES

SPAIN

LK

SRI LANKA

SE

SWEDEN

SR

SURINAME

CH

SWITZERLAND

TW

TAIWAN

TZ

TANZANIA

TH

THAILAND

TG

TOGO

TT

TRINIDAD AND TOBAGO

TN

TUNISIA

TR

TURKEY

TM

TURKMENISTAN

AE

UNITED ARAB EMIRATES

TC

TURKS AND CAICOS

UG

UGANDA

UA

UKRAINE

GB

UNITED KINGDOM

US

UNITED STATES2

PS

UNITED STATES (PUBLIC SAFETY)

UY

URUGUAY

UZ

UZBEKISTAN

VU

VANUATU

VE

VENEZUELA

VN

VIET NAM

VI

VIRGIN ISLANDS

WF

WALLIS AND FUTUNA

YE

YEMEN

ZM

ZAMBIA

ZW

ZIMBABWE

JP

JAPAN14

CA

CANADA2

ap-handoff

Enable/disable AP handoff of clients to other APs.

option

-

disable

Option

Description

enable

Enable AP handoff.

disable

Disable AP handoff.

apcfg-profile

AP local configuration profile name.

string

Maximum length: 35

ble-profile

Bluetooth Low Energy profile name.

string

Maximum length: 35

comment

Comment.

var-string

Maximum length: 255

console-login

Enable/disable FortiAP console login access.

option

-

enable

Option

Description

enable

Enable FAP console login access.

disable

Disable FAP console login access.

control-message-offload

Enable/disable CAPWAP control message data channel offload.

option

-

ebp-frame aeroscout-tag ap-list sta-list sta-cap-list stats aeroscout-mu sta-health spectral-analysis

Option

Description

ebp-frame

Ekahau blink protocol (EBP) frames.

aeroscout-tag

AeroScout tag.

ap-list

Rogue AP list.

sta-list

Rogue STA list.

sta-cap-list

STA capability list.

stats

WTP, radio, VAP, and STA statistics.

aeroscout-mu

AeroScout Mobile Unit (MU) report.

sta-health

STA health log.

spectral-analysis

Spectral analysis report.

dtls-in-kernel

Enable/disable data channel DTLS in kernel.

option

-

disable

Option

Description

enable

Enable data channel DTLS in kernel.

disable

Disable data channel DTLS in kernel.

dtls-policy

WTP data channel DTLS policy.

option

-

clear-text

Option

Description

clear-text

Clear Text Data Channel.

dtls-enabled

DTLS Enabled Data Channel.

ipsec-vpn

IPsec VPN Data Channel.

energy-efficient-ethernet

Enable/disable use of energy efficient Ethernet on WTP.

option

-

disable

Option

Description

enable

Enable use of energy efficient Ethernet on WTP.

disable

Disable use of energy efficient Ethernet on WTP.

ext-info-enable

Enable/disable station/VAP/radio extension information.

option

-

enable

Option

Description

enable

Enable station/VAP/radio extension information.

disable

Disable station/VAP/radio extension information.

frequency-handoff

Enable/disable frequency handoff of clients to other channels.

option

-

disable

Option

Description

enable

Enable frequency handoff.

disable

Disable frequency handoff.

handoff-roaming

Enable/disable client load balancing during roaming to avoid roaming delay.

option

-

enable

Option

Description

enable

Enable handoff roaming.

disable

Disable handoff roaming.

handoff-rssi

Minimum received signal strength indicator.

integer

Minimum value: 20 Maximum value: 30

25

handoff-sta-thresh

Threshold value for AP handoff.

integer

Minimum value: 0 Maximum value: 4294967295

0

indoor-outdoor-deployment

Set to allow indoor/outdoor-only channels under regulatory rules.

option

-

platform-determined

Option

Description

platform-determined

Set AP deployment type based on its platform.

outdoor

Set AP deployment type to outdoor.

indoor

Set AP deployment type to indoor.

ip-fragment-preventing

Method.

option

-

tcp-mss-adjust

Option

Description

tcp-mss-adjust

TCP maximum segment size adjustment.

icmp-unreachable

Drop packet and send ICMP Destination Unreachable

led-schedules <name>

Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid. Separate multiple schedule names with a space.

Schedule name.

string

Maximum length: 35

led-state

Enable/disable use of LEDs on WTP.

option

-

enable

Option

Description

enable

Enable use of LEDs on WTP.

disable

Disable use of LEDs on WTP.

lldp

Enable/disable Link Layer Discovery Protocol.

option

-

enable

Option

Description

enable

Enable LLDP.

disable

Disable LLDP.

login-passwd

Set the managed WTP, FortiAP, or AP's administrator password.

password

Not Specified

login-passwd-change

Change or reset the administrator password of a managed WTP, FortiAP or AP.

option

-

no

Option

Description

yes

Change the managed WTP, FortiAP or AP's administrator password. Use the login-password option to set the password.

default

Keep the managed WTP, FortiAP or AP's administrator password set to the factory default.

no

Do not change the managed WTP, FortiAP or AP's administrator password.

max-clients

Maximum number of stations.

integer

Minimum value: 0 Maximum value: 4294967295

0

name

WTP (or FortiAP or AP) profile name.

string

Maximum length: 35

poe-mode

Set the WTP, FortiAP, or AP's PoE mode.

option

-

auto

Option

Description

auto

Automatically detect the PoE mode.

8023af

Use 802.3af PoE mode.

8023at

Use 802.3at PoE mode.

power-adapter

Use the power adapter to control the PoE mode.

full

Use full power mode.

high

Use high power mode.

low

Use low power mode.

split-tunneling-acl-local-ap-subnet

Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

option

-

disable

Option

Description

enable

Enable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

disable

Disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

split-tunneling-acl-path

Split tunneling ACL path is local/tunnel.

option

-

local

Option

Description

tunnel

Split tunneling ACL list traffic will be tunnel.

local

Split tunneling ACL list traffic will be local NATed.

syslog-profile

System log server configuration profile name.

string

Maximum length: 35

tun-mtu-downlink

The MTU of downlink CAPWAP tunnel.

integer

Minimum value: 576 Maximum value: 1500

0

tun-mtu-uplink

The maximum transmission unit.

integer

Minimum value: 576 Maximum value: 1500

0

wan-port-auth

Set WAN port authentication mode.

option

-

none

Option

Description

none

Disable WAN port authentication.

802.1x

Enable WAN port 802.1x authentication.

wan-port-auth-methods

WAN port 802.1x supplicant EAP methods.

option

-

all

Option

Description

all

Do not specify any EAP methods.

EAP-FAST

Enable EAP-FAST.

EAP-TLS

Enable EAP-TLS.

EAP-PEAP

Enable EAP-PEAP.

wan-port-auth-password

Set WAN port 802.1x supplicant password.

password

Not Specified

wan-port-auth-usrname

Set WAN port 802.1x supplicant user name.

string

Maximum length: 63

wan-port-mode

Enable/disable using a WAN port as a LAN port.

option

-

wan-only

Option

Description

wan-lan

Enable using a WAN port as a LAN port.

wan-only

Disable using a WAN port as a LAN port.

config deny-mac-list

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

mac

A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP.

mac-address

Not Specified

00:00:00:00:00:00

config esl-ses-dongle

Parameter

Description

Type

Size

Default

compliance-level

Compliance levels for the ESL solution integration.

option

-

compliance-level-2

Option

Description

compliance-level-2

Compliance Level 2 - Full Cloud Support, IoT and Fast-Response.

scd-enable

Enable/disable ESL SES-imagotag Serial Communication Daemon.

option

-

disable

Option

Description

enable

Enable ESL SES-imagotag SCD.

disable

Disable ESL SES-imagotag SCD.

esl-channel

ESL SES-imagotag dongle channel.

option

-

127

Option

Description

-1

No esl-channel is set.

0

ESL channel 0.

1

ESL channel 1.

2

ESL channel 2.

3

ESL channel 3.

4

ESL channel 4.

5

ESL channel 5.

6

ESL channel 6.

7

ESL channel 7.

8

ESL channel 8.

9

ESL channel 9.

10

ESL channel 10.

127

Managed channel enabled, indicates that the APC (server) is setting the esl-channel via the slot channel

output-power

ESL SES-imagotag dongle output power.

option

-

a

Option

Description

a

About 15mW.

b

About 7mW.

c

About 5mW.

d

About 1mW.

e

About 13mW.

f

About 10mW.

g

About 3mW.

h

About 2mW.

apc-addr-type

ESL SES-imagotag APC address type.

option

-

fqdn

Option

Description

fqdn

Fully Qualified Domain Name address.

ip

IPv4 address.

apc-fqdn

FQDN of ESL SES-imagotag Access Point Controller (APC).

string

Maximum length: 63

apc-ip

IP address of ESL SES-imagotag Access Point Controller (APC).

ipv4-address

Not Specified

0.0.0.0

apc-port

Port of ESL SES-imagotag Access Point Controller (APC).

integer

Minimum value: 0 Maximum value: 65535

0

coex-level

ESL SES-imagotag dongle coexistence level.

option

-

none

Option

Description

none

No support for coexistence of USB-Dongle with WiFi AP.

tls-cert-verification

Enable/disable TLS certificate verification.

option

-

enable

Option

Description

enable

Enable TLS Certificate verification.

disable

Disable TLS Certificate verification.

tls-fqdn-verification

Enable/disable TLS certificate verification.

option

-

disable

Option

Description

enable

Enable TLS FQDN verification.

disable

Disable TLS FQDN verification.

config lan

Parameter

Description

Type

Size

Default

port-mode

LAN port mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port-ssid

Bridge LAN port to SSID.

string

Maximum length: 15

port1-mode

LAN port 1 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port1-ssid

Bridge LAN port 1 to SSID.

string

Maximum length: 15

port2-mode

LAN port 2 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port2-ssid

Bridge LAN port 2 to SSID.

string

Maximum length: 15

port3-mode

LAN port 3 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port3-ssid

Bridge LAN port 3 to SSID.

string

Maximum length: 15

port4-mode

LAN port 4 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port4-ssid

Bridge LAN port 4 to SSID.

string

Maximum length: 15

port5-mode

LAN port 5 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port5-ssid

Bridge LAN port 5 to SSID.

string

Maximum length: 15

port6-mode

LAN port 6 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port6-ssid

Bridge LAN port 6 to SSID.

string

Maximum length: 15

port7-mode

LAN port 7 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port7-ssid

Bridge LAN port 7 to SSID.

string

Maximum length: 15

port8-mode

LAN port 8 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port8-ssid

Bridge LAN port 8 to SSID.

string

Maximum length: 15

port-esl-mode

ESL port mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP ESL port to WTP WAN port.

bridge-to-wan

Bridge WTP ESL port to WTP WAN port.

bridge-to-ssid

Bridge WTP ESL port to SSID.

port-esl-ssid

Bridge ESL port to SSID.

string

Maximum length: 15

config lbs

Parameter

Description

Type

Size

Default

ekahau-blink-mode

Enable/disable Ekahau blink mode.

option

-

disable

Option

Description

enable

Enable Ekahau blink mode.

disable

Disable Ekahau blink mode.

ekahau-tag

WiFi frame MAC address or WiFi Tag.

mac-address

Not Specified

01:18:8e:00:00:00

erc-server-ip

IP address of Ekahau RTLS Controller (ERC).

ipv4-address-any

Not Specified

0.0.0.0

erc-server-port

Ekahau RTLS Controller (ERC) UDP listening port.

integer

Minimum value: 1024 Maximum value: 65535

8569

aeroscout

Enable/disable AeroScout Real Time Location Service.

option

-

disable

Option

Description

enable

Enable AeroScout support.

disable

Disable AeroScout support.

aeroscout-server-ip

IP address of AeroScout server.

ipv4-address-any

Not Specified

0.0.0.0

aeroscout-server-port

AeroScout server UDP listening port.

integer

Minimum value: 1024 Maximum value: 65535

0

aeroscout-mu

Enable/disable AeroScout Mobile Unit.

option

-

disable

Option

Description

enable

Enable AeroScout MU mode support.

disable

Disable AeroScout MU mode support.

aeroscout-ap-mac

Use BSSID or board MAC address as AP MAC address in AeroScout AP messages.

option

-

bssid

Option

Description

bssid

Use BSSID as AP MAC address in AeroScout AP messages.

board-mac

Use board MAC address as AP MAC address in AeroScout AP messages.

aeroscout-mmu-report

Enable/disable compounded AeroScout tag and MU report.

option

-

enable

Option

Description

enable

Enable compounded AeroScout tag and MU report.

disable

Disable compounded AeroScout tag and MU report.

aeroscout-mu-factor

AeroScout MU mode dilution factor.

integer

Minimum value: 0 Maximum value: 4294967295

20

aeroscout-mu-timeout

AeroScout MU mode timeout.

integer

Minimum value: 0 Maximum value: 65535

5

fortipresence

Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don't connect to this WiFi network.

option

-

disable

Option

Description

foreign

FortiPresence monitors foreign channels only. Foreign channels mean all other available channels than the current operating channel of the WTP, AP, or FortiAP.

both

Enable FortiPresence on both foreign and home channels. Select this option to have FortiPresence monitor all WiFi channels.

disable

Disable FortiPresence.

fortipresence-server-addr-type

FortiPresence server address type.

option

-

ipv4

Option

Description

ipv4

IPv4 address.

fqdn

Fully Qualified Domain Name address.

fortipresence-server

IP address of FortiPresence server.

ipv4-address-any

Not Specified

0.0.0.0

fortipresence-server-fqdn

FQDN of FortiPresence server.

string

Maximum length: 255

fortipresence-port

UDP listening port of FortiPresence server.

integer

Minimum value: 300 Maximum value: 65535

3000

fortipresence-secret

FortiPresence secret password (max. 16 characters).

password

Not Specified

fortipresence-project

FortiPresence project name.

string

Maximum length: 16

fortipresence

fortipresence-frequency

FortiPresence report transmit frequency.

integer

Minimum value: 5 Maximum value: 65535

30

fortipresence-rogue

Enable/disable FortiPresence finding and reporting rogue APs.

option

-

disable

Option

Description

enable

Enable FortiPresence finding and reporting rogue APs.

disable

Disable FortiPresence finding and reporting rogue APs.

fortipresence-unassoc

Enable/disable FortiPresence finding and reporting unassociated stations.

option

-

enable

Option

Description

enable

Enable FortiPresence finding and reporting unassociated stations.

disable

Disable FortiPresence finding and reporting unassociated stations.

fortipresence-ble

Enable/disable FortiPresence finding and reporting BLE devices.

option

-

enable

Option

Description

enable

Enable FortiPresence finding and reporting BLE devices.

disable

Disable FortiPresence finding and reporting BLE devices.

station-locate

Enable/disable client station locating services for all clients, whether associated or not.

option

-

disable

Option

Description

enable

Enable station locating service.

disable

Disable station locating service.

config platform

Parameter

Description

Type

Size

Default

type

WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in profile and customize it or create a new profile.

option

-

221E

Option

Description

AP-11N

Default 11n AP.

220B

FAP220B/221B.

210B

FAP210B.

222B

FAP222B.

112B

FAP112B.

320B

FAP320B.

11C

FAP11C.

14C

FAP14C.

223B

FAP223B.

28C

FAP28C.

320C

FAP320C.

221C

FAP221C.

25D

FAP25D.

222C

FAP222C.

224D

FAP224D.

214B

FK214B.

21D

FAP21D.

24D

FAP24D.

112D

FAP112D.

223C

FAP223C.

321C

FAP321C.

C220C

FAPC220C.

C225C

FAPC225C.

C23JD

FAPC23JD.

C24JE

FAPC24JE.

S321C

FAPS321C.

S322C

FAPS322C.

S323C

FAPS323C.

S311C

FAPS311C.

S313C

FAPS313C.

S321CR

FAPS321CR.

S322CR

FAPS322CR.

S323CR

FAPS323CR.

S421E

FAPS421E.

S422E

FAPS422E.

S423E

FAPS423E.

421E

FAP421E.

423E

FAP423E.

221E

FAP221E.

222E

FAP222E.

223E

FAP223E.

224E

FAP224E.

231E

FAP231E.

S221E

FAPS221E.

S223E

FAPS223E.

321E

FAP321E.

431F

FAP431F.

431FL

FAP431FL.

432F

FAP432F.

432FR

FAP432FR.

433F

FAP433F.

433FL

FAP433FL.

231F

FAP231F.

231FL

FAP231FL.

234F

FAP234F.

23JF

FAP23JF.

831F

FAP831F.

231G

FAP231G.

233G

FAP233G.

431G

FAP431G.

433G

FAP433G.

U421E

FAPU421EV.

U422EV

FAPU422EV.

U423E

FAPU423EV.

U221EV

FAPU221EV.

U223EV

FAPU223EV.

U24JEV

FAPU24JEV.

U321EV

FAPU321EV.

U323EV

FAPU323EV.

U431F

FAPU431F.

U433F

FAPU433F.

U231F

FAPU231F.

U234F

FAPU234F.

U432F

FAPU432F.

U231G

FAPU231G.

U441G

FAPU441G.

mode

Configure operation mode of 5G radios.

option

-

single-5G

Option

Description

single-5G

Configure radios as one 5GHz band, one 2.4GHz band, and one dedicated monitor or sniffer.

dual-5G

Configure radios as one lower 5GHz band, one higher 5GHz band and one 2.4GHz band respectively.

ddscan

Enable/disable use of one radio for dedicated full-band scanning to detect RF characterization and wireless threat management.

option

-

disable

Option

Description

enable

Enable dedicated full-band scan mode.

disable

Disable dedicated full-band scan mode.

config radio-1

Parameter

Description

Type

Size

Default

mode

Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station.

option

-

ap

Option

Description

disabled

Radio 1 is disabled.

ap

Radio 1 operates as an access point that allows WiFi clients to connect to your network.

monitor

Radio 1 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.

sniffer

Radio 1 operates as a sniffer capturing WiFi frames on air.

sam

Radio 1 operates as a station that can connect to a neighboring AP for connectivity and health check.

band

WiFi band that Radio 1 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g/b.

802.11n

802.11n/g/b at 2.4GHz.

802.11n-5G

802.11n/a at 5GHz.

802.11ac

802.11ac/n/a.

802.11ax-5G

802.11ax/ac/n/a at 5GHz.

802.11ax

802.11ax/n/g/b at 2.4GHz.

802.11ac-2G

802.11ac at 2.4GHz.

802.11ax-6G

802.11ax at 6GHz.

802.11n,g-only

802.11n/g at 2.4GHz.

802.11g-only

802.11g.

802.11n-only

802.11n at 2.4GHz.

802.11n-5G-only

802.11n at 5GHz.

802.11ac,n-only

802.11ac/n.

802.11ac-only

802.11ac.

802.11ax,ac-only

802.11ax/ac at 5GHz.

802.11ax,ac,n-only

802.11ax/ac/n at 5GHz.

802.11ax-5G-only

802.11ax at 5GHz.

802.11ax,n-only

802.11ax/n at 2.4GHz.

802.11ax,n,g-only

802.11ax/n/g at 2.4GHz.

802.11ax-only

802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

-

5g-full

Option

Description

5g-full

Full 5G band.

5g-high

High 5G band.

5g-low

Low 5G band.

drma

Enable/disable dynamic radio mode assignment.

option

-

disable

Option

Description

disable

Disable dynamic radio mode assignment (DRMA).

enable

Enable dynamic radio mode assignment (DRMA).

drma-sensitivity

Network Coverage Factor.

option

-

low

Option

Description

low

Consider a radio as redundant when its NCF is 100%.

medium

Consider a radio as redundant when its NCF is 95%.

high

Consider a radio as redundant when its NCF is 90%.

airtime-fairness

Enable/disable airtime fairness.

option

-

disable

Option

Description

enable

Enable airtime fairness (ATF) support.

disable

Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

-

disable

Option

Description

rtscts

Enable 802.11g protection RTS/CTS mode.

ctsonly

Enable 802.11g protection CTS only mode.

disable

Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

-

Option

Description

tim

TIM bit for client in power save mode.

ac-vo

Use AC VO priority to send out packets in the power save queue.

no-obss-scan

Do not put OBSS scan IE into beacon and probe response frames.

no-11b-rate

Do not send frame using 11b data rate.

client-rate-follow

Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

-

power-save aggr-limit retry-limit send-bar

Option

Description

disable

Disable packet transmission optimization.

power-save

Tag client as operating in power save mode if excessive transmit retries occur.

aggr-limit

Set aggregation limit to a lower value when data rate is low.

retry-limit

Set software retry limit to a lower value when data rate is low.

send-bar

Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients.

option

-

enable

Option

Description

enable

Enable AMSDU support.

disable

Disable AMSDU support.

coexistence

Enable/disable allowing both HT20 and HT40 on the same radio.

option

-

enable

Option

Description

enable

Enable support for both HT20 and HT40 on the same radio.

disable

Disable support for both HT20 and HT40 on the same radio.

zero-wait-dfs

Enable/disable zero wait DFS on radio.

option

-

enable

Option

Description

enable

Enable zero wait DFS

disable

Disable zero wait DFS

bss-color

BSS color value for this 11ax radio.

integer

Minimum value: 0 Maximum value: 63

0

bss-color-mode

BSS color mode for this 11ax radio.

option

-

auto

Option

Description

auto

Automatically select BSS color value on AP.

static

Set BSS color value on this radio based on 'bss-color' CLI.

short-guard-interval

Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.

option

-

disable

Option

Description

enable

Select the 400 ns short guard interval (Short GI).

disable

Select the 800 ns long guard interval (Long GI).

channel-bonding

Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.

option

-

20MHz

Option

Description

160MHz

160 MHz channel width.

80MHz

80 MHz channel width.

40MHz

40 MHz channel width.

20MHz

20 MHz channel width.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference.

option

-

disable

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

Target of automatic transmit power adjustment in dBm.

string

Maximum length: 7

-70

power-mode

Set radio effective isotropic radiated power. This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power.

integer

Minimum value: 0 Maximum value: 100

100

power-value

Radio EIRP power in dBm.

integer

Minimum value: 1 Maximum value: 33

27

dtim

Delivery Traffic Indication Map. Set higher to save battery life of WiFi client in power-save mode.

integer

Minimum value: 1 Maximum value: 255

1

beacon-interval

Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type.

integer

Minimum value: 0 Maximum value: 65535

100

rts-threshold

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS.

integer

Minimum value: 256 Maximum value: 2346

2346

frag-threshold

Maximum packet size that can be sent without fragmentation.

integer

Minimum value: 800 Maximum value: 2346

2346

ap-sniffer-bufsize

Sniffer buffer size.

integer

Minimum value: 1 Maximum value: 32

16

ap-sniffer-chan

Channel on which to operate the sniffer.

integer

Minimum value: 0 Maximum value: 4294967295

36

ap-sniffer-addr

MAC address to monitor.

mac-address

Not Specified

00:00:00:00:00:00

ap-sniffer-mgmt-beacon

Enable/disable sniffer on WiFi management Beacon frames.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management beacon frame.

disable

Disable sniffer on WiFi management beacon frame.

ap-sniffer-mgmt-probe

Enable/disable sniffer on WiFi management probe frames.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management probe frame.

disable

Enable sniffer on WiFi management probe frame.

ap-sniffer-mgmt-other

Enable/disable sniffer on WiFi management other frames .

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management other frame.

disable

Disable sniffer on WiFi management other frame.

ap-sniffer-ctl

Enable/disable sniffer on WiFi control frame.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi control frame.

disable

Disable sniffer on WiFi control frame.

ap-sniffer-data

Enable/disable sniffer on WiFi data frame.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi data frame

disable

Disable sniffer on WiFi data frame

sam-ssid

SSID for WiFi network.

string

Maximum length: 32

sam-bssid

BSSID for WiFi network.

mac-address

Not Specified

00:00:00:00:00:00

sam-security-type

Select WiFi network security type.

option

-

wpa-personal

Option

Description

open

Open.

wpa-personal

WPA/WPA2 personal.

wpa-enterprise

WPA/WPA2 enterprise.

sam-captive-portal

Enable/disable Captive Portal Authentication.

option

-

disable

Option

Description

enable

Enable Captive Portal Authentication.

disable

Disable Captive Portal Authentication.

sam-cwp-username

Username for captive portal authentication.

string

Maximum length: 35

sam-cwp-password

Password for captive portal authentication.

password

Not Specified

sam-cwp-test-url

Website the client is trying to access.

string

Maximum length: 255

sam-cwp-match-string

Identification string from the captive portal login form.

string

Maximum length: 64

sam-cwp-success-string

Success identification on the page after a successful login.

string

Maximum length: 64

sam-cwp-failure-string

Failure identification on the page after an incorrect login.

string

Maximum length: 64

sam-username

Username for WiFi network connection.

string

Maximum length: 35

sam-password

Passphrase for WiFi network connection.

password

Not Specified

sam-test

Select SAM test type.

option

-

ping

Option

Description

ping

PING test.

iperf

IPERF test.

sam-server-type

Select SAM server type.

option

-

ip

Option

Description

ip

IPv4 address.

fqdn

Fully Qualified Domain Name address.

sam-server-ip

SAM test server IP address.

ipv4-address

Not Specified

0.0.0.0

sam-server-fqdn

SAM test server domain name.

string

Maximum length: 255

iperf-server-port

Iperf service port number.

integer

Minimum value: 0 Maximum value: 65535

5001

iperf-protocol

Iperf test protocol.

option

-

udp

Option

Description

udp

UDP.

tcp

TCP.

sam-report-intv

SAM report interval (sec), 0 for a one-time report.

integer

Minimum value: 60 Maximum value: 864000

0

channel-utilization

Enable/disable measuring channel utilization.

option

-

enable

Option

Description

enable

Enable measuring channel utilization.

disable

Disable measuring channel utilization.

wids-profile

Wireless Intrusion Detection System (WIDS) profile name to assign to the radio.

string

Maximum length: 35

darrp

Enable/disable Distributed Automatic Radio Resource Provisioning.

option

-

disable

Option

Description

enable

Enable distributed automatic radio resource provisioning.

disable

Disable distributed automatic radio resource provisioning.

arrp-profile

Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio.

string

Maximum length: 35

max-clients

Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.

integer

Minimum value: 0 Maximum value: 4294967295

0

max-distance

Maximum expected distance between the AP and clients.

integer

Minimum value: 0 Maximum value: 54000

0

vap-all

Configure method for assigning SSIDs to this FortiAP.

option

-

tunnel

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

call-admission-control

Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.

option

-

disable

Option

Description

enable

Enable WMM call admission control.

disable

Disable WMM call admission control.

call-capacity

Maximum number of Voice over WLAN.

integer

Minimum value: 0 Maximum value: 60

10

bandwidth-admission-control

Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.

option

-

disable

Option

Description

enable

Enable WMM bandwidth admission control.

disable

Disable WMM bandwidth admission control.

bandwidth-capacity

Maximum bandwidth capacity allowed.

integer

Minimum value: 1 Maximum value: 600000

2000

config radio-2

Parameter

Description

Type

Size

Default

mode

Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station.

option

-

ap

Option

Description

disabled

Radio 2 is disabled.

ap

Radio 2 operates as an access point that allows WiFi clients to connect to your network.

monitor

Radio 2 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.

sniffer

Radio 2 operates as a sniffer capturing WiFi frames on air.

sam

Radio 2 operates as a station that can connect to a neighboring AP for connectivity and health check.

band

WiFi band that Radio 2 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g/b.

802.11n

802.11n/g/b at 2.4GHz.

802.11n-5G

802.11n/a at 5GHz.

802.11ac

802.11ac/n/a.

802.11ax-5G

802.11ax/ac/n/a at 5GHz.

802.11ax

802.11ax/n/g/b at 2.4GHz.

802.11ac-2G

802.11ac at 2.4GHz.

802.11ax-6G

802.11ax at 6GHz.

802.11n,g-only

802.11n/g at 2.4GHz.

802.11g-only

802.11g.

802.11n-only

802.11n at 2.4GHz.

802.11n-5G-only

802.11n at 5GHz.

802.11ac,n-only

802.11ac/n.

802.11ac-only

802.11ac.

802.11ax,ac-only

802.11ax/ac at 5GHz.

802.11ax,ac,n-only

802.11ax/ac/n at 5GHz.

802.11ax-5G-only

802.11ax at 5GHz.

802.11ax,n-only

802.11ax/n at 2.4GHz.

802.11ax,n,g-only

802.11ax/n/g at 2.4GHz.

802.11ax-only

802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

-

5g-full

Option

Description

5g-full

Full 5G band.

5g-high

High 5G band.

5g-low

Low 5G band.

drma

Enable/disable dynamic radio mode assignment.

option

-

disable

Option

Description

disable

Disable dynamic radio mode assignment (DRMA).

enable

Enable dynamic radio mode assignment (DRMA).

drma-sensitivity

Network Coverage Factor.

option

-

low

Option

Description

low

Consider a radio as redundant when its NCF is 100%.

medium

Consider a radio as redundant when its NCF is 95%.

high

Consider a radio as redundant when its NCF is 90%.

airtime-fairness

Enable/disable airtime fairness.

option

-

disable

Option

Description

enable

Enable airtime fairness (ATF) support.

disable

Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

-

disable

Option

Description

rtscts

Enable 802.11g protection RTS/CTS mode.

ctsonly

Enable 802.11g protection CTS only mode.

disable

Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

-

Option

Description

tim

TIM bit for client in power save mode.

ac-vo

Use AC VO priority to send out packets in the power save queue.

no-obss-scan

Do not put OBSS scan IE into beacon and probe response frames.

no-11b-rate

Do not send frame using 11b data rate.

client-rate-follow

Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

-

power-save aggr-limit retry-limit send-bar

Option

Description

disable

Disable packet transmission optimization.

power-save

Tag client as operating in power save mode if excessive transmit retries occur.

aggr-limit

Set aggregation limit to a lower value when data rate is low.

retry-limit

Set software retry limit to a lower value when data rate is low.

send-bar

Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients.

option

-

enable

Option

Description

enable

Enable AMSDU support.

disable

Disable AMSDU support.

coexistence

Enable/disable allowing both HT20 and HT40 on the same radio.

option

-

enable

Option

Description

enable

Enable support for both HT20 and HT40 on the same radio.

disable

Disable support for both HT20 and HT40 on the same radio.

zero-wait-dfs

Enable/disable zero wait DFS on radio.

option

-

enable

Option

Description

enable

Enable zero wait DFS

disable

Disable zero wait DFS

bss-color

BSS color value for this 11ax radio.

integer

Minimum value: 0 Maximum value: 63

0

bss-color-mode

BSS color mode for this 11ax radio.

option

-

auto

Option

Description

auto

Automatically select BSS color value on AP.

static

Set BSS color value on this radio based on 'bss-color' CLI.

short-guard-interval

Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.

option

-

disable

Option

Description

enable

Select the 400 ns short guard interval (Short GI).

disable

Select the 800 ns long guard interval (Long GI).

channel-bonding

Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.

option

-

20MHz

Option

Description

160MHz

160 MHz channel width.

80MHz

80 MHz channel width.

40MHz

40 MHz channel width.

20MHz

20 MHz channel width.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference.

option

-

disable

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

Target of automatic transmit power adjustment in dBm.

string

Maximum length: 7

-70

power-mode

Set radio effective isotropic radiated power. This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power.

integer

Minimum value: 0 Maximum value: 100

100

power-value

Radio EIRP power in dBm.

integer

Minimum value: 1 Maximum value: 33

27

dtim

Delivery Traffic Indication Map. Set higher to save battery life of WiFi client in power-save mode.

integer

Minimum value: 1 Maximum value: 255

1

beacon-interval

Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type.

integer

Minimum value: 0 Maximum value: 65535

100

rts-threshold

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS.

integer

Minimum value: 256 Maximum value: 2346

2346

frag-threshold

Maximum packet size that can be sent without fragmentation.

integer

Minimum value: 800 Maximum value: 2346

2346

ap-sniffer-bufsize

Sniffer buffer size.

integer

Minimum value: 1 Maximum value: 32

16

ap-sniffer-chan

Channel on which to operate the sniffer.

integer

Minimum value: 0 Maximum value: 4294967295

6

ap-sniffer-addr

MAC address to monitor.

mac-address

Not Specified

00:00:00:00:00:00

ap-sniffer-mgmt-beacon

Enable/disable sniffer on WiFi management Beacon frames.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management beacon frame.

disable

Disable sniffer on WiFi management beacon frame.

ap-sniffer-mgmt-probe

Enable/disable sniffer on WiFi management probe frames.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management probe frame.

disable

Enable sniffer on WiFi management probe frame.

ap-sniffer-mgmt-other

Enable/disable sniffer on WiFi management other frames .

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management other frame.

disable

Disable sniffer on WiFi management other frame.

ap-sniffer-ctl

Enable/disable sniffer on WiFi control frame.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi control frame.

disable

Disable sniffer on WiFi control frame.

ap-sniffer-data

Enable/disable sniffer on WiFi data frame.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi data frame

disable

Disable sniffer on WiFi data frame

sam-ssid

SSID for WiFi network.

string

Maximum length: 32

sam-bssid

BSSID for WiFi network.

mac-address

Not Specified

00:00:00:00:00:00

sam-security-type

Select WiFi network security type.

option

-

wpa-personal

Option

Description

open

Open.

wpa-personal

WPA/WPA2 personal.

wpa-enterprise

WPA/WPA2 enterprise.

sam-captive-portal

Enable/disable Captive Portal Authentication.

option

-

disable

Option

Description

enable

Enable Captive Portal Authentication.

disable

Disable Captive Portal Authentication.

sam-cwp-username

Username for captive portal authentication.

string

Maximum length: 35

sam-cwp-password

Password for captive portal authentication.

password

Not Specified

sam-cwp-test-url

Website the client is trying to access.

string

Maximum length: 255

sam-cwp-match-string

Identification string from the captive portal login form.

string

Maximum length: 64

sam-cwp-success-string

Success identification on the page after a successful login.

string

Maximum length: 64

sam-cwp-failure-string

Failure identification on the page after an incorrect login.

string

Maximum length: 64

sam-username

Username for WiFi network connection.

string

Maximum length: 35

sam-password

Passphrase for WiFi network connection.

password

Not Specified

sam-test

Select SAM test type.

option

-

ping

Option

Description

ping

PING test.

iperf

IPERF test.

sam-server-type

Select SAM server type.

option

-

ip

Option

Description

ip

IPv4 address.

fqdn

Fully Qualified Domain Name address.

sam-server-ip

SAM test server IP address.

ipv4-address

Not Specified

0.0.0.0

sam-server-fqdn

SAM test server domain name.

string

Maximum length: 255

iperf-server-port

Iperf service port number.

integer

Minimum value: 0 Maximum value: 65535

5001

iperf-protocol

Iperf test protocol.

option

-

udp

Option

Description

udp

UDP.

tcp

TCP.

sam-report-intv

SAM report interval (sec), 0 for a one-time report.

integer

Minimum value: 60 Maximum value: 864000

0

channel-utilization

Enable/disable measuring channel utilization.

option

-

enable

Option

Description

enable

Enable measuring channel utilization.

disable

Disable measuring channel utilization.

wids-profile

Wireless Intrusion Detection System (WIDS) profile name to assign to the radio.

string

Maximum length: 35

darrp

Enable/disable Distributed Automatic Radio Resource Provisioning.

option

-

disable

Option

Description

enable

Enable distributed automatic radio resource provisioning.

disable

Disable distributed automatic radio resource provisioning.

arrp-profile

Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio.

string

Maximum length: 35

max-clients

Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.

integer

Minimum value: 0 Maximum value: 4294967295

0

max-distance

Maximum expected distance between the AP and clients.

integer

Minimum value: 0 Maximum value: 54000

0

vap-all

Configure method for assigning SSIDs to this FortiAP.

option

-

tunnel

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

call-admission-control

Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.

option

-

disable

Option

Description

enable

Enable WMM call admission control.

disable

Disable WMM call admission control.

call-capacity

Maximum number of Voice over WLAN.

integer

Minimum value: 0 Maximum value: 60

10

bandwidth-admission-control

Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.

option

-

disable

Option

Description

enable

Enable WMM bandwidth admission control.

disable

Disable WMM bandwidth admission control.

bandwidth-capacity

Maximum bandwidth capacity allowed.

integer

Minimum value: 1 Maximum value: 600000

2000

config radio-3

Parameter

Description

Type

Size

Default

mode

Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station.

option

-

ap

Option

Description

disabled

Radio 3 is disabled.

ap

Radio 3 operates as an access point that allows WiFi clients to connect to your network.

monitor

Radio 3 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.

sniffer

Radio 3 operates as a sniffer capturing WiFi frames on air.

sam

Radio 3 operates as a station that can connect to a neighboring AP for connectivity and health check.

band

WiFi band that Radio 3 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g/b.

802.11n

802.11n/g/b at 2.4GHz.

802.11n-5G

802.11n/a at 5GHz.

802.11ac

802.11ac/n/a.

802.11ax-5G

802.11ax/ac/n/a at 5GHz.

802.11ax

802.11ax/n/g/b at 2.4GHz.

802.11ac-2G

802.11ac at 2.4GHz.

802.11ax-6G

802.11ax at 6GHz.

802.11n,g-only

802.11n/g at 2.4GHz.

802.11g-only

802.11g.

802.11n-only

802.11n at 2.4GHz.

802.11n-5G-only

802.11n at 5GHz.

802.11ac,n-only

802.11ac/n.

802.11ac-only

802.11ac.

802.11ax,ac-only

802.11ax/ac at 5GHz.

802.11ax,ac,n-only

802.11ax/ac/n at 5GHz.

802.11ax-5G-only

802.11ax at 5GHz.

802.11ax,n-only

802.11ax/n at 2.4GHz.

802.11ax,n,g-only

802.11ax/n/g at 2.4GHz.

802.11ax-only

802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

-

5g-full

Option

Description

5g-full

Full 5G band.

5g-high

High 5G band.

5g-low

Low 5G band.

drma

Enable/disable dynamic radio mode assignment.

option

-

disable

Option

Description

disable

Disable dynamic radio mode assignment (DRMA).

enable

Enable dynamic radio mode assignment (DRMA).

drma-sensitivity

Network Coverage Factor.

option

-

low

Option

Description

low

Consider a radio as redundant when its NCF is 100%.

medium

Consider a radio as redundant when its NCF is 95%.

high

Consider a radio as redundant when its NCF is 90%.

airtime-fairness

Enable/disable airtime fairness.

option

-

disable

Option

Description

enable

Enable airtime fairness (ATF) support.

disable

Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

-

disable

Option

Description

rtscts

Enable 802.11g protection RTS/CTS mode.

ctsonly

Enable 802.11g protection CTS only mode.

disable

Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

-

Option

Description

tim

TIM bit for client in power save mode.

ac-vo

Use AC VO priority to send out packets in the power save queue.

no-obss-scan

Do not put OBSS scan IE into beacon and probe response frames.

no-11b-rate

Do not send frame using 11b data rate.

client-rate-follow

Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

-

power-save aggr-limit retry-limit send-bar

Option

Description

disable

Disable packet transmission optimization.

power-save

Tag client as operating in power save mode if excessive transmit retries occur.

aggr-limit

Set aggregation limit to a lower value when data rate is low.

retry-limit

Set software retry limit to a lower value when data rate is low.

send-bar

Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients.

option

-

enable

Option

Description

enable

Enable AMSDU support.

disable

Disable AMSDU support.

coexistence

Enable/disable allowing both HT20 and HT40 on the same radio.

option

-

enable

Option

Description

enable

Enable support for both HT20 and HT40 on the same radio.

disable

Disable support for both HT20 and HT40 on the same radio.

zero-wait-dfs

Enable/disable zero wait DFS on radio.

option

-

enable

Option

Description

enable

Enable zero wait DFS

disable

Disable zero wait DFS

bss-color

BSS color value for this 11ax radio.

integer

Minimum value: 0 Maximum value: 63

0

bss-color-mode

BSS color mode for this 11ax radio.

option

-

auto

Option

Description

auto

Automatically select BSS color value on AP.

static

Set BSS color value on this radio based on 'bss-color' CLI.

short-guard-interval

Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.

option

-

disable

Option

Description

enable

Select the 400 ns short guard interval (Short GI).

disable

Select the 800 ns long guard interval (Long GI).

channel-bonding

Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.

option

-

20MHz

Option

Description

160MHz

160 MHz channel width.

80MHz

80 MHz channel width.

40MHz

40 MHz channel width.

20MHz

20 MHz channel width.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference.

option

-

disable

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

Target of automatic transmit power adjustment in dBm.

string

Maximum length: 7

-70

power-mode

Set radio effective isotropic radiated power. This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power.

integer

Minimum value: 0 Maximum value: 100

100

power-value

Radio EIRP power in dBm.

integer

Minimum value: 1 Maximum value: 33

27

dtim

Delivery Traffic Indication Map. Set higher to save battery life of WiFi client in power-save mode.

integer

Minimum value: 1 Maximum value: 255

1

beacon-interval

Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type.

integer

Minimum value: 0 Maximum value: 65535

100

rts-threshold

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS.

integer

Minimum value: 256 Maximum value: 2346

2346

frag-threshold

Maximum packet size that can be sent without fragmentation.

integer

Minimum value: 800 Maximum value: 2346

2346

ap-sniffer-bufsize

Sniffer buffer size.

integer

Minimum value: 1 Maximum value: 32

16

ap-sniffer-chan

Channel on which to operate the sniffer.

integer

Minimum value: 0 Maximum value: 4294967295

6

ap-sniffer-addr

MAC address to monitor.

mac-address

Not Specified

00:00:00:00:00:00

ap-sniffer-mgmt-beacon

Enable/disable sniffer on WiFi management Beacon frames.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management beacon frame.

disable

Disable sniffer on WiFi management beacon frame.

ap-sniffer-mgmt-probe

Enable/disable sniffer on WiFi management probe frames.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management probe frame.

disable

Enable sniffer on WiFi management probe frame.

ap-sniffer-mgmt-other

Enable/disable sniffer on WiFi management other frames .

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management other frame.

disable

Disable sniffer on WiFi management other frame.

ap-sniffer-ctl

Enable/disable sniffer on WiFi control frame.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi control frame.

disable

Disable sniffer on WiFi control frame.

ap-sniffer-data

Enable/disable sniffer on WiFi data frame.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi data frame

disable

Disable sniffer on WiFi data frame

sam-ssid

SSID for WiFi network.

string

Maximum length: 32

sam-bssid

BSSID for WiFi network.

mac-address

Not Specified

00:00:00:00:00:00

sam-security-type

Select WiFi network security type.

option

-

wpa-personal

Option

Description

open

Open.

wpa-personal

WPA/WPA2 personal.

wpa-enterprise

WPA/WPA2 enterprise.

sam-captive-portal

Enable/disable Captive Portal Authentication.

option

-

disable

Option

Description

enable

Enable Captive Portal Authentication.

disable

Disable Captive Portal Authentication.

sam-cwp-username

Username for captive portal authentication.

string

Maximum length: 35

sam-cwp-password

Password for captive portal authentication.

password

Not Specified

sam-cwp-test-url

Website the client is trying to access.

string

Maximum length: 255

sam-cwp-match-string

Identification string from the captive portal login form.

string

Maximum length: 64

sam-cwp-success-string

Success identification on the page after a successful login.

string

Maximum length: 64

sam-cwp-failure-string

Failure identification on the page after an incorrect login.

string

Maximum length: 64

sam-username

Username for WiFi network connection.

string

Maximum length: 35

sam-password

Passphrase for WiFi network connection.

password

Not Specified

sam-test

Select SAM test type.

option

-

ping

Option

Description

ping

PING test.

iperf

IPERF test.

sam-server-type

Select SAM server type.

option

-

ip

Option

Description

ip

IPv4 address.

fqdn

Fully Qualified Domain Name address.

sam-server-ip

SAM test server IP address.

ipv4-address

Not Specified

0.0.0.0

sam-server-fqdn

SAM test server domain name.

string

Maximum length: 255

iperf-server-port

Iperf service port number.

integer

Minimum value: 0 Maximum value: 65535

5001

iperf-protocol

Iperf test protocol.

option

-

udp

Option

Description

udp

UDP.

tcp

TCP.

sam-report-intv

SAM report interval (sec), 0 for a one-time report.

integer

Minimum value: 60 Maximum value: 864000

0

channel-utilization

Enable/disable measuring channel utilization.

option

-

enable

Option

Description

enable

Enable measuring channel utilization.

disable

Disable measuring channel utilization.

wids-profile

Wireless Intrusion Detection System (WIDS) profile name to assign to the radio.

string

Maximum length: 35

darrp

Enable/disable Distributed Automatic Radio Resource Provisioning.

option

-

disable

Option

Description

enable

Enable distributed automatic radio resource provisioning.

disable

Disable distributed automatic radio resource provisioning.

arrp-profile

Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio.

string

Maximum length: 35

max-clients

Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.

integer

Minimum value: 0 Maximum value: 4294967295

0

max-distance

Maximum expected distance between the AP and clients.

integer

Minimum value: 0 Maximum value: 54000

0

vap-all

Configure method for assigning SSIDs to this FortiAP.

option

-

tunnel

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

call-admission-control

Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.

option

-

disable

Option

Description

enable

Enable WMM call admission control.

disable

Disable WMM call admission control.

call-capacity

Maximum number of Voice over WLAN.

integer

Minimum value: 0 Maximum value: 60

10

bandwidth-admission-control

Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.

option

-

disable

Option

Description

enable

Enable WMM bandwidth admission control.

disable

Disable WMM bandwidth admission control.

bandwidth-capacity

Maximum bandwidth capacity allowed.

integer

Minimum value: 1 Maximum value: 600000

2000

config radio-4

Parameter

Description

Type

Size

Default

mode

Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station.

option

-

ap

Option

Description

disabled

Radio 3 is disabled.

ap

Radio 3 operates as an access point that allows WiFi clients to connect to your network.

monitor

Radio 3 operates as a dedicated monitor. As a monitor, the radio scans for other WiFi access points and adds them to the Rogue AP monitor list.

sniffer

Radio 3 operates as a sniffer capturing WiFi frames on air.

sam

Radio 3 operates as a station that can connect to a neighboring AP for connectivity and health check.

band

WiFi band that Radio 3 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g/b.

802.11n

802.11n/g/b at 2.4GHz.

802.11n-5G

802.11n/a at 5GHz.

802.11ac

802.11ac/n/a.

802.11ax-5G

802.11ax/ac/n/a at 5GHz.

802.11ax

802.11ax/n/g/b at 2.4GHz.

802.11ac-2G

802.11ac at 2.4GHz.

802.11ax-6G

802.11ax at 6GHz.

802.11n,g-only

802.11n/g at 2.4GHz.

802.11g-only

802.11g.

802.11n-only

802.11n at 2.4GHz.

802.11n-5G-only

802.11n at 5GHz.

802.11ac,n-only

802.11ac/n.

802.11ac-only

802.11ac.

802.11ax,ac-only

802.11ax/ac at 5GHz.

802.11ax,ac,n-only

802.11ax/ac/n at 5GHz.

802.11ax-5G-only

802.11ax at 5GHz.

802.11ax,n-only

802.11ax/n at 2.4GHz.

802.11ax,n,g-only

802.11ax/n/g at 2.4GHz.

802.11ax-only

802.11ax at 2.4GHz.

band-5g-type

WiFi 5G band type.

option

-

5g-full

Option

Description

5g-full

Full 5G band.

5g-high

High 5G band.

5g-low

Low 5G band.

drma

Enable/disable dynamic radio mode assignment.

option

-

disable

Option

Description

disable

Disable dynamic radio mode assignment (DRMA).

enable

Enable dynamic radio mode assignment (DRMA).

drma-sensitivity

Network Coverage Factor.

option

-

low

Option

Description

low

Consider a radio as redundant when its NCF is 100%.

medium

Consider a radio as redundant when its NCF is 95%.

high

Consider a radio as redundant when its NCF is 90%.

airtime-fairness

Enable/disable airtime fairness.

option

-

disable

Option

Description

enable

Enable airtime fairness (ATF) support.

disable

Disable airtime fairness (ATF) support.

protection-mode

Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).

option

-

disable

Option

Description

rtscts

Enable 802.11g protection RTS/CTS mode.

ctsonly

Enable 802.11g protection CTS only mode.

disable

Disable 802.11g protection mode.

powersave-optimize

Enable client power-saving features such as TIM, AC VO, and OBSS etc.

option

-

Option

Description

tim

TIM bit for client in power save mode.

ac-vo

Use AC VO priority to send out packets in the power save queue.

no-obss-scan

Do not put OBSS scan IE into beacon and probe response frames.

no-11b-rate

Do not send frame using 11b data rate.

client-rate-follow

Adapt transmitting PHY rate with receiving PHY rate from a client.

transmit-optimize

Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.

option

-

power-save aggr-limit retry-limit send-bar

Option

Description

disable

Disable packet transmission optimization.

power-save

Tag client as operating in power save mode if excessive transmit retries occur.

aggr-limit

Set aggregation limit to a lower value when data rate is low.

retry-limit

Set software retry limit to a lower value when data rate is low.

send-bar

Limit transmission of BAR frames.

amsdu

Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients.

option

-

enable

Option

Description

enable

Enable AMSDU support.

disable

Disable AMSDU support.

coexistence

Enable/disable allowing both HT20 and HT40 on the same radio.

option

-

enable

Option

Description

enable

Enable support for both HT20 and HT40 on the same radio.

disable

Disable support for both HT20 and HT40 on the same radio.

zero-wait-dfs

Enable/disable zero wait DFS on radio.

option

-

enable

Option

Description

enable

Enable zero wait DFS

disable

Disable zero wait DFS

bss-color

BSS color value for this 11ax radio.

integer

Minimum value: 0 Maximum value: 63

0

bss-color-mode

BSS color mode for this 11ax radio.

option

-

auto

Option

Description

auto

Automatically select BSS color value on AP.

static

Set BSS color value on this radio based on 'bss-color' CLI.

short-guard-interval

Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.

option

-

disable

Option

Description

enable

Select the 400 ns short guard interval (Short GI).

disable

Select the 800 ns long guard interval (Long GI).

channel-bonding

Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.

option

-

20MHz

Option

Description

160MHz

160 MHz channel width.

80MHz

80 MHz channel width.

40MHz

40 MHz channel width.

20MHz

20 MHz channel width.

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference.

option

-

disable

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

Target of automatic transmit power adjustment in dBm.

string

Maximum length: 7

-70

power-mode

Set radio effective isotropic radiated power. This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power.

integer

Minimum value: 0 Maximum value: 100

100

power-value

Radio EIRP power in dBm.

integer

Minimum value: 1 Maximum value: 33

27

dtim

Delivery Traffic Indication Map. Set higher to save battery life of WiFi client in power-save mode.

integer

Minimum value: 1 Maximum value: 255

1

beacon-interval

Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type.

integer

Minimum value: 0 Maximum value: 65535

100

rts-threshold

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS.

integer

Minimum value: 256 Maximum value: 2346

2346

frag-threshold

Maximum packet size that can be sent without fragmentation.

integer

Minimum value: 800 Maximum value: 2346

2346

ap-sniffer-bufsize

Sniffer buffer size.

integer

Minimum value: 1 Maximum value: 32

16

ap-sniffer-chan

Channel on which to operate the sniffer.

integer

Minimum value: 0 Maximum value: 4294967295

6

ap-sniffer-addr

MAC address to monitor.

mac-address

Not Specified

00:00:00:00:00:00

ap-sniffer-mgmt-beacon

Enable/disable sniffer on WiFi management Beacon frames.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management beacon frame.

disable

Disable sniffer on WiFi management beacon frame.

ap-sniffer-mgmt-probe

Enable/disable sniffer on WiFi management probe frames.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management probe frame.

disable

Enable sniffer on WiFi management probe frame.

ap-sniffer-mgmt-other

Enable/disable sniffer on WiFi management other frames .

option

-

enable

Option

Description

enable

Enable sniffer on WiFi management other frame.

disable

Disable sniffer on WiFi management other frame.

ap-sniffer-ctl

Enable/disable sniffer on WiFi control frame.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi control frame.

disable

Disable sniffer on WiFi control frame.

ap-sniffer-data

Enable/disable sniffer on WiFi data frame.

option

-

enable

Option

Description

enable

Enable sniffer on WiFi data frame

disable

Disable sniffer on WiFi data frame

sam-ssid

SSID for WiFi network.

string

Maximum length: 32

sam-bssid

BSSID for WiFi network.

mac-address

Not Specified

00:00:00:00:00:00

sam-security-type

Select WiFi network security type.

option

-

wpa-personal

Option

Description

open

Open.

wpa-personal

WPA/WPA2 personal.

wpa-enterprise

WPA/WPA2 enterprise.

sam-captive-portal

Enable/disable Captive Portal Authentication.

option

-

disable

Option

Description

enable

Enable Captive Portal Authentication.

disable

Disable Captive Portal Authentication.

sam-cwp-username

Username for captive portal authentication.

string

Maximum length: 35

sam-cwp-password

Password for captive portal authentication.

password

Not Specified

sam-cwp-test-url

Website the client is trying to access.

string

Maximum length: 255

sam-cwp-match-string

Identification string from the captive portal login form.

string

Maximum length: 64

sam-cwp-success-string

Success identification on the page after a successful login.

string

Maximum length: 64

sam-cwp-failure-string

Failure identification on the page after an incorrect login.

string

Maximum length: 64

sam-username

Username for WiFi network connection.

string

Maximum length: 35

sam-password

Passphrase for WiFi network connection.

password

Not Specified

sam-test

Select SAM test type.

option

-

ping

Option

Description

ping

PING test.

iperf

IPERF test.

sam-server-type

Select SAM server type.

option

-

ip

Option

Description

ip

IPv4 address.

fqdn

Fully Qualified Domain Name address.

sam-server-ip

SAM test server IP address.

ipv4-address

Not Specified

0.0.0.0

sam-server-fqdn

SAM test server domain name.

string

Maximum length: 255

iperf-server-port

Iperf service port number.

integer

Minimum value: 0 Maximum value: 65535

5001

iperf-protocol

Iperf test protocol.

option

-

udp

Option

Description

udp

UDP.

tcp

TCP.

sam-report-intv

SAM report interval (sec), 0 for a one-time report.

integer

Minimum value: 60 Maximum value: 864000

0

channel-utilization

Enable/disable measuring channel utilization.

option

-

enable

Option

Description

enable

Enable measuring channel utilization.

disable

Disable measuring channel utilization.

wids-profile

Wireless Intrusion Detection System (WIDS) profile name to assign to the radio.

string

Maximum length: 35

darrp

Enable/disable Distributed Automatic Radio Resource Provisioning.

option

-

disable

Option

Description

enable

Enable distributed automatic radio resource provisioning.

disable

Disable distributed automatic radio resource provisioning.

arrp-profile

Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio.

string

Maximum length: 35

max-clients

Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.

integer

Minimum value: 0 Maximum value: 4294967295

0

max-distance

Maximum expected distance between the AP and clients.

integer

Minimum value: 0 Maximum value: 54000

0

vap-all

Configure method for assigning SSIDs to this FortiAP.

option

-

tunnel

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

call-admission-control

Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.

option

-

disable

Option

Description

enable

Enable WMM call admission control.

disable

Disable WMM call admission control.

call-capacity

Maximum number of Voice over WLAN.

integer

Minimum value: 0 Maximum value: 60

10

bandwidth-admission-control

Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.

option

-

disable

Option

Description

enable

Enable WMM bandwidth admission control.

disable

Disable WMM bandwidth admission control.

bandwidth-capacity

Maximum bandwidth capacity allowed.

integer

Minimum value: 1 Maximum value: 600000

2000

config split-tunneling-acl

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

dest-ip

Destination IP and mask for the split-tunneling subnet.

ipv4-classnet

Not Specified

0.0.0.0 0.0.0.0