Connectivity Profiles Entry
You can access Connectivity Profiles to manage your MPSK and Bonjour profiles.
MPSK Profiles
After you click Connectivity Profile, the MPSK Profiles tab loads by default. From there you can create or edit MPSK profiles to manage multiple pre-shared keys.
Click Create new to create an MPSK profile.
From there you can click Add to create or import MPSK groups and determine how you want to add your MPSK keys.
These fields correspond to the following CLI settings under config wireless-controller mpsk-profile
:
Name |
MPSK profile name. | edit <name> |
Maximum concurrent client count |
Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication. | set mpsk-concurrent-clients {integer} |
MPSK Group List > New/Edit MPSK Group |
List of multiple PSK groups. | config mpsk-group |
Name |
MPSK group name. | edit <name> |
VLAN type |
MPSK group VLAN options. | set vlan-type [no-vlan|fixed-vlan] |
VLAN ID |
Optional VLAN ID. Shown when VLAN type is set to Fixed VLAN. |
set vlan-id {integer} |
MPSK key list > New / Edit MPSK Key |
List of multiple PSK entries. | config mpsk-key |
Name |
Pre-shared key name. | edit <name> |
Comment |
Enter optional comment. | set comment {var-string} |
Pre-shared key |
WPA Pre-shared key. | set passphrase {password} |
MAC address |
MAC address. | set mac {mac-address} |
Client limit type |
MPSK client limit type options.
|
set concurrent-client-limit-type [default|unlimited|...] |
Client limit |
Number of clients that can connect using this pre-shared key. Shown when Client limit type is set to Specified. |
set concurrent-clients {integer} |
MPSK schedule |
Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. |
set mpsk-schedules <name1>, <name2>, … |
Bonjour Profiles
Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow FortiAPs to connect to networks using Bonjour. You can create or edit Bonjour profiles by clicking the Bonjour Profiles tab.
Click Create new to create a Bonjour profile.
From there you can create and add policies that determine which services you want to advertise across the network.
These fields correspond to the following CLI settings under config wireless-controller bonjour-profile
:
Name |
Enter a name for the profile. |
edit <name> |
Comment |
Optionally, enter comments. |
set comment {string} |
Policy list > New/Edit Bonjour Policy |
Configure the policy list. |
config policy-list |
Policy ID |
Enter the Policy ID. |
edit <policy-id> |
Description |
Description of the Bonjour profile policy. |
set description {string} |
Source VLAN |
The VLAN ID that the Bonjour service will be advertised from. |
set from-vlan {string} |
Destination VLAN |
The VLAN ID that the Bonjour service will be made available to. |
set to-vlan {string} |
Services |
Select services for the VLAN. |
set services {option1}, {option2}, … |
To apply a Bonjour profile at the FortiAP profile level - CLI:
Once you create a Bonjour profile, you can apply it at the FortiAP profile and device level.
config wireless-controller wtp-profile edit FAP234F-default set bonjour-profile "Example-Bonjour-Profile" next end
If a Bonjour profile is applied at both the device and profile level, the configuration made at the device level takes precedence. If a Bonjour profile is applied to multiple APs, the APs execute an algorithm to determine the Bonjour Default Gateway. The AP with the highest base MAC address is selected as the primary default gateway while the other APs are designated as backup default gateways in case the primary default gateway becomes unavailable.
To verify that the Bonjour profile is successfully applied to a FortiAP:
-
From the FortiAP CLI, enter
cw_diag -c bonjour
:cw_diag -c bonjour Bonjour Gateway: Controlled by AC Configured Bonjour Vlans: 10 ==> 20 services 00000001 all 101 ==> 202 services 00000001 all Total 2 Bonjour Vlans Bonjour Gateway Election Info: 1/2 e8:ed:d6:a5:2e:e8 state=cap,8825 live=16605 age=1 2/2 e8:ed:d6:a5:31:08 state=oper,8807 live=8825 age=1 ---- e0:23:ff:b2:18:68 state=cap,16609
The diagnoses output also provides details of the last election process under "Bonjour Gateway Election Info". The AP with the MAC address of
8:ed:d6:a5:31:08
is in theoper
state, meaning it serves as the default gateway. The other APs are in thecap
state, meaning they act as back-up gateways in case the primary gateway becomes unavailable. If there are any more APs in the same setup, they will go into ahold
state.