cfg -s | List variables. |
cfg -a var=value | Add or change a variable value. |
cfg -c | Commit the change to flash. |
cfg -x | Reset settings to factory defaults. |
cfg -r var | Remove variable. |
cfg -e | Export variables. |
cfg -h | Display help for all commands. |
Var | Description and Values |
BAUD_RATE | Console data rate: 9600, 19200, 38400, 57600, or 115200 baud. |
WTP_NAME | By default, the name is the FortiAP serial number. |
FIRMWARE_UPGRADE | Default is 0. |
LOGIN_PASSWD | Administrator login password. By default this is empty. |
ADMIN_TIMEOUT | Administrative timeout in minutes. Applies to Telnet and web-based manager sessions. Default is 5 minutes. |
ADDR_MODE | How the FortiAP unit obtains its IP address and netmask. DHCP - FortiGate interface assigns address. STATIC - Specify in AP_IPADDR and AP_NETMASK. Default is DHCP. |
AP_IPADDR AP_NETMASK IPGW | These variables set the FortiAP unit IP address, netmask and default gateway when ADDR_MODE is STATIC. Default 192.168.1.2 255.255.255.0, gateway 192.168.1.1. |
AP_MODE | FortiAP operating mode. 0 - Thin AP (default) 2 - Unmanaged Site Survey mode. See SURVEY variables. |
DNS_SERVER | DNS Server for clients. If ADDR_MODE is DHCP the DNS server is automatically assigned. |
STP_MODE | Spanning Tree Protocol. 0 is off. 1 is on. |
AP_MGMT_VLAN_ID | Non-zero value applies VLAN ID for unit management. Default: 0. |
TELNET_ALLOW | By default (value 0), Telnet access is closed when the FortiAP unit is authorized. Set value to 1 to keep Telnet always available. |
HTTP_ALLOW | Access to FortiAP web-based manager 1 - Yes (default), 0 - No. |
AC_DISCOVERY_TYPE | 1 - Static. Specify WiFi Controllers 2 - DHCP 3 - DNS 5 - Broadcast 6 - Multicast 0 - Cycle through all of the discovery types until successful. |
AC_IPADDR_1 AC_IPADDR_2 AC_IPADDR_3 | WiFi Controller IP addresses for static discovery. |
AC_HOSTNAME_1 AC_HOSTNAME_2 AC_HOSTNAME_3 | WiFi Controller host names for static discovery. |
AC_DISCOVERY_MC_ADDR | Multicast address for controller discovery. Default 224.0.1.140. |
AC_DISCOVERY_DHCP_OPTION_CODE | |
Option code for DHCP server. 138 (default) | |
AC_CTL_PORT | WiFi Controller control (CAPWAP) port. Default 5246. |
AC_DATA_CHAN_SEC | Data channel security. 0 - Clear text 1 - DTLS (encrypted) 2 - Accept either DTLS or clear text (default) |
MESH_AP_TYPE | Type of communication for backhaul to controller: 0 - Ethernet (default) 1 - WiFi mesh 2 - Ethernet with mesh backup support |
MESH_AP_SSID | SSID for mesh backhaul. Default: fortinet.mesh.root |
MESH_AP_BSSID | WiFi MAC address |
MESH_AP_PASSWD | Pre-shared key for mesh backhaul. |
MESH_ETH_BRIDGE | 1 - Bridge mesh WiFi SSID to FortiAP Ethernet port. This can be used for point-to-point bridge configuration. This is available only when MESH_AP_TYPE =1. 0 - No WiFi-Ethernet bridge (default). |
MESH_MAX_HOPS | Maximum number of times packets can be passed from node to node on the mesh. Default is 4. |
The following factors are summed and the FortiAP associates with the lowest scoring mesh AP. | |
MESH_SCORE_HOP_WEIGHT | Multiplier for number of mesh hops from root. Default 50. |
MESH_SCORE_CHAN_WEIGHT | AP total RSSI multiplier. Default 1. |
MESH_SCORE_RATE_WEIGHT | Beacon data rate multiplier. Default 1. |
MESH_SCORE_BAND_WEIGHT | Band weight (0 for 2.4GHz, 1 for 5GHz) multiplier. Default 100. |
MESH_SCORE_RSSI_WEIGHT | AP channel RSSI multiplier. Default 100. |
SURVEY_SSID | SSID to broadcast in site survey mode (AP_MODE=2). |
SURVEY_TX_POWER | Transmitter power in site survey mode (AP_MODE=2). |
SURVEY_CH_24 | Site survey transmit channel for the 2.4Ghz band (default 6). |
SURVEY_CH_50 | Site survey transmit channel for the 5Ghz band (default 36). |
SURVEY_BEACON_INTV | Site survey beacon interval. Default 100msec. |
WTP_LOCATION | Optional string describing AP location. |
cw_diag help | Display help for all diagnose commands. |
cw_diag uptime | Show daemon uptime. |
cw_diag --tlog <on|off> | Turn on/off telnet log message. |
cw_diag --clog <on|off> | Turn on/off console log message. |
cw_diag baudrate [9600 | 19200 | 38400 | 57600 | 115200] | Set the console baud rate. |
cw_diag plain-ctl [0|1] | Show or change current plain control setting. |
cw_diag sniff-cfg ip port | Set sniff server ip and port. |
cw_diag sniff [0|1|2] | Enable/disable sniff packet. |
cw_diag stats wl_intf | Show wl_intf status. |
cw_diag admin-timeout [30] | Set shell idle timeout in minutes. |
cw_diag -c wtp-cfg | Show current wtp config parameters in control plane. |
cw_diag -c radio-cfg | Show current radio config parameters in control plane. |
cw_diag -c vap-cfg | Show current vaps in control plane. |
cw_diag -c ap-rogue | Show rogue APs pushed by AC for on-wire scan. |
cw_diag -c sta-rogue | Show rogue STAs pushed by AC for on-wire scan. |
cw_diag -c arp-req | Show scanned arp requests. |
cw_diag -c ap-scan | Show scanned APs. |
cw_diag -c sta-scan | Show scanned STAs. |
cw_diag -c sta-cap | Show scanned STA capabilities. |
cw_diag -c wids | Show scanned WIDS detections. |
cw_diag -c darrp | Show darrp radio channel. |
cw_diag -c mesh | Show mesh status. |
cw_diag -c mesh-veth-acinfo | Show mesh veth ac info, and mesh ether type. |
cw_diag -c mesh-veth-vap | Show mesh veth vap. |
cw_diag -c mesh-veth-host | Show mesh veth host. |
cw_diag -c mesh-ap | Show mesh ap candidates. |
cw_diag -c scan-clr-all | Flush all scanned AP/STA/ARPs. |
cw_diag -c ap-suppress | Show suppressed APs. |
cw_diag -c sta-deauth | De-authenticate an STA. |