FortiAP CLI
The FortiAP CLI controls radio and network operation through the use of variables manipulated with the cfg
command. There are also diagnostic commands.
The cfg commands include the following:
cfg -s
|
List variables. |
cfg -a var=value
|
Add or change a variable value. |
cfg -c
|
Commit the change to flash. |
cfg -x
|
Reset settings to factory defaults. |
cfg -r var
|
Remove variable. |
cfg -e
|
Export variables. |
cfg -h
|
Display help for all commands. |
The configuration variables are:
Var | Description and Values |
---|---|
BAUD_RATE
|
Console data rate: 9600, 19200, 38400, 57600, or 115200 baud. |
WTP_NAME
|
By default, the name is the FortiAP serial number. |
FIRMWARE_UPGRADE
|
Default is 0. |
LOGIN_PASSWD
|
Administrator login password. By default this is empty. |
ADMIN_TIMEOUT
|
Administrative timeout in minutes. Applies to Telnet and web-based manager sessions. Default is 5 minutes. |
ADDR_MODE
|
How the FortiAP unit obtains its IP address and netmask. DHCP - FortiGate interface assigns address. STATIC - Specify in AP_IPADDR and AP_NETMASK. Default is DHCP. |
AP_IPADDR
AP_NETMASK
IPGW
|
These variables set the FortiAP unit IP address, netmask and default gateway when ADDR_MODE is STATIC. Default 192.168.1.2 255.255.255.0, gateway 192.168.1.1. |
AP_MODE
|
FortiAP operating mode. 0 - Thin AP (default) 2 - Unmanaged Site Survey mode. See SURVEY variables. |
DNS_SERVER
|
DNS Server for clients. If ADDR_MODE is DHCP the DNS server is automatically assigned. |
STP_MODE
|
Spanning Tree Protocol. 0 is off. 1 is on. |
AP_MGMT_VLAN_ID
|
Non-zero value applies VLAN ID for unit management. Default: 0. |
ALLOW_TELNET
|
0 (Telnet disable), 1 (Telnet enable), 2 (controlled by AC). 2 is default. |
ALLOW_HTTP
|
0 (Http disable), 1 (Http enable), 2 (controlled by AC). 2 is default. |
AC_DISCOVERY_TYPE
|
1 - Static. Specify WiFi Controllers 2 - DHCP 3 - DNS 5 - Broadcast 6 - Multicast 0 - Cycle through all of the discovery types until successful. |
AC_IPADDR_1
AC_IPADDR_2
AC_IPADDR_3
|
WiFi Controller IP addresses for static discovery. |
AC_HOSTNAME_1
AC_HOSTNAME_2
AC_HOSTNAME_3
|
WiFi Controller host names for static discovery. |
AC_DISCOVERY_MC_ADDR
|
Multicast address for controller discovery. Default 224.0.1.140. |
AC_DISCOVERY_DHCP_OPTION_CODE
|
|
Option code for DHCP server. 138 (default) |
|
AC_CTL_PORT
|
WiFi Controller control (CAPWAP) port. Default 5246. |
AC_DATA_CHAN_SEC
|
Data channel security. 0 - Clear text 1 - DTLS (encrypted) 2 - Accept either DTLS or clear text (default) |
MESH_AP_TYPE
|
Type of communication for backhaul to controller: 0 - Ethernet (default) 1 - WiFi mesh 2 - Ethernet with mesh backup support |
MESH_AP_SSID
|
SSID for mesh backhaul. Default: fortinet.mesh.root |
MESH_AP_BSSID
|
WiFi MAC address |
MESH_AP_PASSWD
|
Pre-shared key for mesh backhaul. |
MESH_ETH_BRIDGE
|
1 - Bridge mesh WiFi SSID to FortiAP Ethernet port. This can be used for point-to-point bridge configuration. This is available only when MESH_AP_TYPE =1. 0 - No WiFi-Ethernet bridge (default). |
MESH_MAX_HOPS
|
Maximum number of times packets can be passed from node to node on the mesh. Default is 4. |
The following factors are summed and the FortiAP associates with the lowest scoring mesh AP. | |
MESH_SCORE_HOP_WEIGHT
|
Multiplier for number of mesh hops from root. Default 50. |
MESH_SCORE_CHAN_WEIGHT
|
AP total RSSI multiplier. Default 1. |
MESH_SCORE_RATE_WEIGHT
|
Beacon data rate multiplier. Default 1. |
MESH_SCORE_BAND_WEIGHT
|
Band weight (0 for 2.4GHz, 1 for 5GHz) multiplier. Default 100. |
MESH_SCORE_RSSI_WEIGHT
|
AP channel RSSI multiplier. Default 100. |
SURVEY_SSID
|
SSID to broadcast in site survey mode (AP_MODE=2). |
SURVEY_TX_POWER
|
Transmitter power in site survey mode (AP_MODE=2). |
SURVEY_CH_24
|
Site survey transmit channel for the 2.4Ghz band (default 6). |
SURVEY_CH_50
|
Site survey transmit channel for the 5Ghz band (default 36). |
SURVEY_BEACON_INTV
|
Site survey beacon interval. Default 100msec. |
WTP_LOCATION
|
Optional string describing AP location. |
Diagnose commands include:
cw_diag help
|
Display help for all diagnose commands. |
cw_diag uptime
|
Show daemon uptime. |
cw_diag --tlog <on|off>
|
Turn on/off telnet log message. |
cw_diag --clog <on|off>
|
Turn on/off console log message. |
cw_diag baudrate [9600 | 19200 | 38400 | 57600 | 115200]
|
Set the console baud rate. |
cw_diag plain-ctl [0|1]
|
Show or change current plain control setting. |
cw_diag sniff-cfg ip port
|
Set sniff server ip and port. |
cw_diag sniff [0|1|2]
|
Enable/disable sniff packet. |
cw_diag stats wl_intf
|
Show wl_intf status. |
cw_diag admin-timeout [30]
|
Set shell idle timeout in minutes. |
cw_diag -c wtp-cfg
|
Show current wtp config parameters in control plane. |
cw_diag -c radio-cfg
|
Show current radio config parameters in control plane. |
cw_diag -c vap-cfg
|
Show current vaps in control plane. |
cw_diag -c ap-rogue
|
Show rogue APs pushed by AC for on-wire scan. |
cw_diag -c sta-rogue
|
Show rogue STAs pushed by AC for on-wire scan. |
cw_diag -c arp-req
|
Show scanned arp requests. |
cw_diag -c ap-scan
|
Show scanned APs. |
cw_diag -c sta-scan
|
Show scanned STAs. |
cw_diag -c sta-cap
|
Show scanned STA capabilities. |
cw_diag -c wids
|
Show scanned WIDS detections. |
cw_diag -c darrp
|
Show darrp radio channel. |
cw_diag -c mesh
|
Show mesh status. |
cw_diag -c mesh-veth-acinfo
|
Show mesh veth ac info, and mesh ether type. |
cw_diag -c mesh-veth-vap
|
Show mesh veth vap. |
cw_diag -c mesh-veth-host
|
Show mesh veth host. |
cw_diag -c mesh-ap
|
Show mesh ap candidates. |
cw_diag -c scan-clr-all
|
Flush all scanned AP/STA/ARPs. |
cw_diag -c ap-suppress
|
Show suppressed APs. |
cw_diag -c sta-deauth
|
De-authenticate an STA. |