wireless-controller : wtp
 
wtp
Use this command to configure physical access points (APs) for management by the wireless controller, also known as an access controller (AC).
Syntax
config wireless-controller wtp
edit <wtp-id>
set admin <admin_status>
set coordinate-enable {enable | disable}
set coordinate-x <int>
set coordinate-y <int>
set image-download {enable | disable}
set location <string>
set login-enable {default | enable | disable}
set login-passwd <pwd_string>
set login-passwd-change {default | yes | no}
set mesh-bridge-enable {default | enable | disable}
set name <string>
set override-profile {enable | disable}
set wtp-mode {normal | remote}
set wtp-profile <name_string>
end
If override-profile is enabled, you can set many fields normally controlled by the wtp-profile or wids-profile:
config wireless-controller wtp
edit <wtp-id>
set override-profile enable
set ap-scan {enable | disable}
set auto-power-level {enable | disable}
set auto-power-low <dBm_int>
set auto-power-high <dBm_int>
set ip-fragment-preventing [icmp‑unreachable tcp‑mss‑adjust]
set power-level <int>
set radio-enable {enable | disable}
set split-tunneling-acl-local-ap-subnet {enable | disable}
set tun-mtu-downlink {0 | 576 | 1500}
set tun-mtu-uplink {0 | 576 | 1500}
set vap-all {enable | disable}
set vaps {vap1 ... vapn>
config lan
set port1-mode {offline | bridge‑to‑ssid | bridge‑to‑wan}
set port1-ssid <ssid_name>
end
config split-tunneling-acl
edit <id>
set dest-ip <ip4mask>
end
end
To retrieve information about a physical access point:
config wireless-controller wtp
edit <wtp-id>
get
end
Along with the current configuration settings, information such as the current number of clients, is returned. See the read-only variables section of the table below.
 
Variable
Description
Default
edit <wtp-id>
Enter the ID for the AP unit.
No default.
admin <admin_status>
Set to one of the following:
discovered — This is the setting for APs that have discovered this AC and registered themselves. To use such an AP, select enable.
disable — Do not manage this AP.
enable — Manage this AP.
enable
coordinate-enable {enable | disable}
Enable AP unit coordinates.
disable
coordinate-x <int>
coordinate-y <int>
Enter x and y coordinates for AP. This is available if coordinate-enable is enabled.
0,0
image-download {enable | disable}
Enable or disable downloading of firmware to the AP unit.
enable
location <string>
Optionally, enter the location of this AP.
No default.
login-enable {default | enable | disable}
Enable or disable AP telnet login. Set to default to control the AP telnet login capability with the TELNET_ALLOW setting on the AP unit.
default
login-passwd <pwd_string>
Set the AP unit login password.
This is available if login-passwd-change is yes.
No default.
login-passwd-change {default | yes | no}
Select whether to change AP unit login password.
Select default to change the AP unit password back to its default.
no
mesh-bridge-enable {default | enable | disable}
Enable to create a bridge between the AP unit’s WiFi interface and its Ethernet interface. Set to default to use the setting configured on the FortiAP unit.
disable
name <string>
Enter a name to identify this access point.
No default.
override-profile {enable | disable}
Enable to override the FortiAP Profile.
disable
wtp-mode {normal | remote}
Select the AP operating mode.
normal
wtp-profile <name_string>
Enter the name of the wtp profile to apply to this access point.
No default.
wids-profile variables that can be overridden when override-profile is enabled
ap-scan {enable | disable}
Enable or disable rogue AP scanning.
enable
wtp-profile variables that can be overridden when override-profile is enabled
auto-power-level {enable | disable}
Enable or disable automatic power-level adjustment to prevent co-channel interference.
disable
auto-power-low <dBm_int>
Set automatic power level low limit, in dBm. Range 0 to 17dBm.
10
auto-power-high <dBm_int>
Set automatic power level high limit, in dBm. Range 0 to 17dBm.
17
ip-fragment-preventing [icmp‑unreachable tcp‑mss‑adjust]
Enable options to deal with CAPWAP packet fragmentation:
icmp‑unreachabledrop packet, send ICMP Destination unreachable
tcp‑mss‑adjustadjust MTU using tun‑mtu‑uplink and tun‑mtu‑downlink
null
power-level <int>
Set radio power level. Range is 0 (minimum) to 100 (maximum).
The maximum power level is set to the regulatory maximum for your region, as determined by your selection in the country field of wireless-controller setting.
100
radio-enable {enable | disable}
Enable or disable radio operation.
enable
split-tunneling-acl-local-ap-subnet {enable | disable}
Enable to allow specified destinations to be accessed locally instead of through Wifi controller.
disable
tun-mtu-downlink {0 | 576 | 1500}
Set CAPWAP uplink MTU to 576 or 1500, or leave alone (0).
0
tun-mtu-uplink {0 | 576 | 1500}
Set CAPWAP downlink MTU to 576 or 1500, or leave alone (0).
0
vap-all {enable | disable}
Enable to inherit all VAPs. Disable to select VAPs.
enable
vaps {vap1 ... vapn>
Set the virtual access points carried on this physical access point.
This is used only when wtp-profile is not set.
No default.
config lan variables
Available when override-profile is enabled. Not all models have a LAN port.
 
port1-mode {offline | bridge‑to‑ssid | bridge‑to‑wan}
Set FortiAP LAN port mode:
offline — not used
bridge‑to‑ssid — bridge with specified SSID
bridge‑to‑wan — bridge with WAN port
There is also port2-mode, port3-mode, etc., depending on the number of independent LAN interfaces on the FortiAP unit.
offline
port1-ssid <ssid_name>
Enter the SSID to bridge with LAN port 1. This is available when port1-mode is bridge‑to‑ssid.
There is also port2-ssid, port3-ssid, etc., depending on the number of independent LAN interfaces on the FortiAP unit.
No default.
config split-tunneling-acl variables
Available when override-profile and split-tunneling-acl-local-ap-subnet are enabled.
<id>
Item ID
 
dest-ip <ip4mask>
Destination IP (with netmask) that is local to the AP.
0.0.0.0 0.0.0.0
Read-only variables (view using get command)
base-bssid
base-bssid-2
The wireless MAC address of each radio.
client-count
The number of clients connected to this managed access point.
connection-state
Shows “connected” if FortiAP is connected, otherwise “idle”.
image-download-progress
Shows 0-100% progress during FortiAP image upload.
join-time
Date and time that the managed AP connected to the controller.
last-failure
Last error message concerning this managed AP.
last-failure-param
Additional information about the last error.
last-failure-time
Date and time of last error message.
local-ipv4-address
The IP address assigned to the AP.
max-vaps
max-vaps-2
The maximum number of SSIDs supported on each radio.
oper-chan
oper-chan-2
The current operating channel of each radio.
region-code
The region-code (country) currently set on the FortiAP unit.
software-version
The build number of the FortiAP firmware, e.g.:FAP22A-v4.0-build212