wireless-controller : wtp-profile
 
wtp-profile
Use this command to define an access point profile (wtp profile).
Syntax
config wireless-controller wtp-profile
edit <name_string>
set ap-country <country‑code>
set comment <comment_string>
set dtls-policy {clear‑text | dtls‑enabled}
set handoff-roaming {enable | disable}
set handoff-rssi <rssi_int>
set handof-sta-thresh <thresh_int>
set ip-fragment-preventing [icmp‑unreachable tcp‑mss‑adjust]
set led-state {enable | disable}
set max-clients <int>
set preferred-oper-mode {LE | SN}
set split-tunneling-acl-local-ap-subnet {enable | disable}
set tun-mtu-downlink {0 | 576 | 1500}
set tun-mtu-uplink {0 | 576 | 1500}
config deny-mac-list
edit <mac_id>
set mac <mac>
end
config lan
set port1-mode {offline | bridge‑to‑ssid | bridge‑to‑wan}
set port1-ssid <ssid_name>
end
config lbs
set aeroscount {enable | disable}
set aeroscout-mu-factor <int>
set aeroscout-mu-timeout <sec_int>
set aeroscout-server-ip <ip_addr>
set aeroscout-server-port <port_int>
set ekahau-blink-mode {enable | disable}
set ekahau-tag <mac_str>
set erc-server-ip <ipv4_addr>
set erc-server-port <port_int>
set station-locate {enable | disable}
end
config platform
set type <type_string>
end
config radio-1
set amsdu {enable | disable}
set ap-auto-suppress {enable | disable}
set ap-handoff {enable | disable}
set ap-sniffer-addr <mac_addr>
set ap-sniffer-bufsize <int>
set ap-sniffer-chan <channel_int>
set ap-sniffer-ctl {enable | disable}
set ap-sniffer-data {enable | disable}
set ap-sniffer-mgmt-beacon {enable | disable}
set ap-sniffer-mgmt-probe {enable | disable}
set ap-sniffer-mgmt-other {enable | disable}
set auto-power-level {enable | disable}
set auto-power-low <dBm_int>
set auto-power-high <dBm_int>
set band <band_str>
set beacon-interval <integer>
set channel <channels_string>
set channel-bonding {20MHz | 40MHz | 80MHz}
set coexistence {enable | disable}
set darrp {enable | disable}
set dtim <int>
set frag-threshold <int>
set frequency-handoff {enable | disable}
set max-distance <m_int>
set max-supported-mcs <mcs_int>
set mode <mode_string>
set power-level <dBm>
set powersave-optimize {ac‑vo client‑rate‑follow no‑11b‑rate no‑obss‑scan tim}
set protection-mode {disable | ctsonly | rtscts}
set rts-threshold <int>
set short-guard-interval {enable | disable}
set spectrum-analysis {enable | disable}
set vaps {vap1 ... vapn}
end
config radio-2
set amsdu {enable | disable}
set ap-auto-suppress {enable | disable}
set ap-handoff {enable | disable}
set ap-sniffer-addr <mac_addr>
set ap-sniffer-bufsize <int>
set ap-sniffer-chan <channel_int>
set ap-sniffer-ctl {enable | disable}
set ap-sniffer-data {enable | disable}
set ap-sniffer-mgmt-beacon {enable | disable}
set ap-sniffer-mgmt-probe {enable | disable}
set ap-sniffer-mgmt-other {enable | disable}
set auto-power-level {enable | disable}
set auto-power-low <dBm_int>
set auto-power-high <dBm_int>
set band <band_str>
set beacon-interval <integer>
set channel <channels_string>
set channel-bonding {20MHz | 40MHz | 80MHz}
set coexistence {enable | disable}
set darrp {enable | disable}
set dtim <int>
set frag-threshold <int>
set frequency-handoff {enable | disable}
set max-distance <m_int>
set max-supported-mcs <mcs_int>
set mode <mode_string>
set power-level <dBm>
set powersave-optimize {ac‑vo client‑rate‑follow no‑11b‑rate no‑obss‑scan tim}
set protection-mode {disable | ctsonly | rtscts}
set rts-threshold <int>
set short-guard-interval {enable | disable}
set spectrum-analysis {enable | disable}
set vaps {vap1 ... vapn}
end
config split-tunneling-acl
edit <id>
set dest-ip <ip4mask>
end
end
 
Variable
Description
Default
ap-country <country‑code>
Set the country in which this AP will operate. To list available country codes, enter set ap‑country ?
US
comment <comment_string>
Optionally, enter a description.
No default.
dtls-policy {clear‑text | dtls‑enabled}
Select whether CAPWAP protocol uses clear-text or DTLS encryption.
clear‑text
handoff-roaming {enable | disable}
Optionally disable client load balancing during roaming to avoid roaming delay.
enable
handoff-rssi <rssi_int>
Enter the minimum RSSI value for handoff.
25
handof-sta-thresh <thresh_int>
Enter the threshold value for AP handoff.
30
ip-fragment-preventing [icmp‑unreachable tcp‑mss‑adjust]
Enable options to deal with CAPWAP packet fragmentation:
icmp‑unreachabledrop packet, send ICMP Destination unreachable
tcp‑mss‑adjustadjust MTU using tun‑mtu‑uplink and tun‑mtu‑downlink
null
led-state {enable | disable}
Optionally disable the LED indicators on the FortiAP.
enable
max-clients <int>
Enter the maximum number of clients this AP supports. Use 0 for no limit.
0
preferred-oper-mode {LE | SN}
Select the preferred operating mode:
LE — local MAC and 802.3 frame tunnel mode
SN — split MAC and 802.11 frame tunnel mode
LE
split-tunneling-acl-local-ap-subnet {enable | disable}
Enable to allow specified destinations to be accessed locally instead of through Wifi controller.
disable
tun-mtu-downlink {0 | 576 | 1500}
Set CAPWAP uplink MTU to 576 or 1500, or leave alone (0).
0
tun-mtu-uplink {0 | 576 | 1500}
Set CAPWAP downlink MTU to 576 or 1500, or leave alone (0).
0
config deny-mac-list variables
 
<mac_id>
Enter a number to identify this entry.
No default.
mac <mac>
Enter the wireless MAC address to deny.
No default.
config lan variables
port1-mode {offline | bridge‑to‑ssid | bridge‑to‑wan}
Set FortiAP LAN port mode:
offline — not used
bridge‑to‑ssid — bridge with specified SSID
bridge‑to‑wan — bridge with WAN port
There is also port2-mode, port3-mode, etc., depending on the number of independent LAN interfaces on the FortiAP unit.
offline
port1-ssid <ssid_name>
Enter the SSID to bridge with LAN port 1. This is available when port1-mode is bridge‑to‑ssid.
There is also port2-ssid, port3-ssid, etc., depending on the number of independent LAN interfaces on the FortiAP unit.
No default.
config lbs variables
Location-based services configuration.
aeroscount {enable | disable}
Enable or disable AeroScout support.
disable
aeroscout-mu-factor <int>
Set the AeroScout MU mode dilution factor.
20
aeroscout-mu-timeout <sec_int>
Set the AeroScout MU mode timeout in seconds.
5
aeroscout-server-ip <ip_addr>
Enter the AeroScout server IP address.
172.30.144.18
aeroscout-server-port <port_int>
Enter the AeroScout server UDP listening port.
60943
ekahau-blink-mode {enable | disable}
Enable or disable Ekahau blink mode.
disable
ekahau-tag <mac_str>
Enter the WiFi frame MAC address.
 
erc-server-ip <ipv4_addr>
Enter the IP address of the Ekahau RTLS controller.
0.0.0.0
erc-server-port <port_int>
Enter the Ekahau controller UDP listening port.
8569
station-locate {enable | disable}
Enable or disable station location services for all clients, associated or not.
disable
config platform variables
type <type_string>
Enter the AP hardware type. To see a list of hardware types, enter set type ?
220B
config radio-1, config radio-2 variables
amsdu {enable | disable}
Enable or disable support for Aggregate MAC Service Data Unit (AMSDU) operation.
enable
ap-auto-suppress {enable | disable}
Enable or disable automatic suppression of detected rogue APs. This is available only if mode is monitor.
disable
ap-handoff {enable | disable}
Enable or disable handoff of clients to other APs.
disable
ap-sniffer-addr <mac_addr>
Enter the MAC address to monitor.
00:00:00:00:00:00
ap-sniffer-bufsize <int>
Enter sniffer buffer size.
16
ap-sniffer-chan <channel_int>
Enter the channel on which to operate the sniffer.
6
ap-sniffer-ctl {enable | disable}
Enable or disable sniffer on WiFi control frame. mode must be sniffer.
enable
ap-sniffer-data {enable | disable}
Enable or disable sniffer on WiFi data frame. mode must be sniffer.
enable
ap-sniffer-mgmt-beacon {enable | disable}
Enable or disable sniffer on WiFi management beacon frame. mode must be sniffer.
enable
ap-sniffer-mgmt-probe {enable | disable}
Enable or disable sniffer on WiFi management probe frame. mode must be sniffer.
enable
ap-sniffer-mgmt-other {enable | disable}
Enable or disable sniffer on WiFi management other frame. mode must be sniffer.
enable
auto-power-level {enable | disable}
Enable or disable automatic power-level adjustment to prevent co-channel interference.
disable
auto-power-low <dBm_int>
Set automatic power level low limit, in dBm. Range 0 to 17dBm.
10
auto-power-high <dBm_int>
Set automatic power level high limit, in dBm. Range 0 to 17dBm.
17
band <band_str>
Enter the wireless band to use. band_str is one of:
802.11a, 802.11b, 802.11g
802.11g-only — 802.11g, 2.4GHz band only
802.11n-only — 802.11n, 2.4GHz band only
802.11n,g-only — 802.11g and 802.11n, 2.4GHz only
802.11n-5G — 802.11n and 802.11a, 5GHz band only
802.11n-5G-only — 802.11n, 5GHz band only
802.11ac — 802.11ac, 802.11a, 802.11n
802.11ac,n-only — 802.11ac, 802.11n
802.11ac-only — 802.11ac
Available bands depend on the capabilities of the radio.
No default.
beacon-interval <integer>
Set the interval between beacon packets. Access Points broadcast beacons or Traffic Indication Messages (TIM) to synchronize wireless networks. In an environment with high interference, decreasing the beacon-interval might improve network performance. In a location with few wireless nodes, you can increase this value.
100
channel <channels_string>
Enter a list of the radio channels your access point can use. Separate the channel numbers with spaces. The AP will use the least busy of the listed channels.
To determine which channels are available for your selected radio band and geography, enter set channel ?
No default.
channel-bonding {20MHz | 40MHz | 80MHz}
Set channel width. Available widths depend on band, radio type, and country of operation.
20MHz
coexistence {enable | disable}
Enable or disable HT20/HT40 coexistence support.
enable
darrp {enable | disable}
Enable Distributed Automatic Radio Resource Provisioning.
disable
dtim <int>
Set the interval for Delivery Traffic Indication Message (DTIM). Range is 1 to 255.
1
frag-threshold <int>
Set the maximum packet size that can be sent without fragmentation. Range is 800 to 2346 bytes.
2346
frequency-handoff {enable | disable}
Enable or disable handoff of clients to other channels.
disable
max-distance <m_int>
Set the maximum expected distance in meters between the AP and clients. This adjusts the ACK timeout to maintain throughput at the maximum distance. Range 0 to 20 000 meters.
0
max-supported-mcs <mcs_int>
 
Range 0 - 31.
15
mode <mode_string>
Select one of the following modes for the access point:
ap — Radio provides wireless Access Point service.
sniffer — Radio performs scanning only.
disable — Radio is not used.
ap
power-level <dBm>
Set transmitter power level in dBm. Range 0 to 17.
17
powersave-optimize {ac‑vo client‑rate‑follow no‑11b‑rate no‑obss‑scan tim}
Enable power-saving options:
ac-vo — Use AC VO priority to send packets in the power save queue.
client-rate-follow — Adapt transmitted PHY rate to PHY rate received from client.
no-11b-rate — Do not send frame using 11b data rate.
no-obss-scan — Do not put OBSS scan IE into beacon and probe response frame.
time — Set TIM bit for client in power save mode.
null
protection-mode {disable | ctsonly | rtscts}
Select 802.11g proection mode.
disable
rts-threshold <int>
Set the packet size for RTS transmissions. Range 256 to 2346 bytes.
2346
short-guard-interval {enable | disable}
Optionally, enabling this option might increase the data rate.
disable
spectrum-analysis {enable | disable}
Enable or disable spectrum analysis.
disable
vaps {vap1 ... vapn}
Set the virtual access points carried on this physical access point.
No default.
wids-profile <wids‑profile_name>
Enter the WIDS profile name.
No default.
config split-tunneling-acl variables
<id>
Item ID
 
dest-ip <ip4mask>
Destination IP (with netmask) that is local to the AP.
0.0.0.0 0.0.0.0