FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home > Online Help

> Chapter 8 - Deploying Wireless Networks > Reference > FortiAP CLI

FortiAP CLI

The FortiAP CLI controls radio and network operation through the use of variables manipulated with the cfg command. There are also diagnostic commands.

The cfg commands include the following:

cfg -s List variables.
cfg -a var=value Add or change a variable value.
cfg -c Commit the change to flash.
cfg -x Reset settings to factory defaults.
cfg -r var Remove variable.
cfg -e Export variables.
cfg -h Display help for all commands.

The configuration variables are:

Var Description and Values
BAUD_RATE Console data rate: 9600, 19200, 38400, 57600, or 115200 baud.
WTP_NAME By default, the name is the FortiAP serial number.
FIRMWARE_UPGRADE Default is 0.
LOGIN_PASSWD Administrator login password. By default this is empty.
ADMIN_TIMEOUT Administrative timeout in minutes. Applies to Telnet and web-based manager sessions. Default is 5 minutes.
ADDR_MODE How the FortiAP unit obtains its IP address and netmask.

DHCP - FortiGate interface assigns address.

STATIC - Specify in AP_IPADDR and AP_NETMASK.

Default is DHCP.
AP_IPADDR
AP_NETMASK
IPGW
These variables set the FortiAP unit IP address, netmask and default gateway when ADDR_MODE is STATIC.

Default 192.168.1.2 255.255.255.0, gateway 192.168.1.1.
AP_MODE FortiAP operating mode.

0 - Thin AP (default)

2 - Unmanaged Site Survey mode. See SURVEY variables.
DNS_SERVER DNS Server for clients. If ADDR_MODE is DHCP the DNS server is automatically assigned.
STP_MODE Spanning Tree Protocol. 0 is off. 1 is on.
AP_MGMT_VLAN_ID Non-zero value applies VLAN ID for unit management. Default: 0.
ALLOW_TELNET 0 (Telnet disable), 1 (Telnet enable), 2 (controlled by AC). 2 is default.
ALLOW_HTTP 0 (Http disable), 1 (Http enable), 2 (controlled by AC). 2 is default.
AC_DISCOVERY_TYPE 1 - Static. Specify WiFi Controllers

2 - DHCP

3 - DNS

5 - Broadcast

6 - Multicast

0 - Cycle through all of the discovery types until successful.
AC_IPADDR_1
AC_IPADDR_2
AC_IPADDR_3
WiFi Controller IP addresses for static discovery.
AC_HOSTNAME_1
AC_HOSTNAME_2
AC_HOSTNAME_3
WiFi Controller host names for static discovery.
AC_DISCOVERY_MC_ADDR Multicast address for controller discovery. Default 224.0.1.140.
AC_DISCOVERY_DHCP_OPTION_CODE
  Option code for DHCP server.

138 (default)
AC_CTL_PORT WiFi Controller control (CAPWAP) port. Default 5246.
AC_DATA_CHAN_SEC Data channel security.

0 - Clear text

1 - DTLS (encrypted)

2 - Accept either DTLS or clear text (default)
MESH_AP_TYPE Type of communication for backhaul to controller:

0 - Ethernet (default)

1 - WiFi mesh

2 - Ethernet with mesh backup support
MESH_AP_SSID SSID for mesh backhaul. Default: fortinet.mesh.root
MESH_AP_BSSID WiFi MAC address
MESH_AP_PASSWD Pre-shared key for mesh backhaul.
MESH_ETH_BRIDGE 1 - Bridge mesh WiFi SSID to FortiAP Ethernet port. This can be used for point-to-point bridge configuration. This is available only when MESH_AP_TYPE =1.

0 - No WiFi-Ethernet bridge (default).
MESH_MAX_HOPS Maximum number of times packets can be passed from node to node on the mesh. Default is 4.
The following factors are summed and the FortiAP associates with the lowest scoring mesh AP.
MESH_SCORE_HOP_WEIGHT  Multiplier for number of mesh hops from root. Default 50.
MESH_SCORE_CHAN_WEIGHT  AP total RSSI multiplier. Default 1.
MESH_SCORE_RATE_WEIGHT  Beacon data rate multiplier. Default 1.
MESH_SCORE_BAND_WEIGHT  Band weight (0 for 2.4GHz, 1 for 5GHz) multiplier. Default 100.
MESH_SCORE_RSSI_WEIGHT  AP channel RSSI multiplier. Default 100.
SURVEY_SSID SSID to broadcast in site survey mode (AP_MODE=2).
SURVEY_TX_POWER Transmitter power in site survey mode (AP_MODE=2).
SURVEY_CH_24 Site survey transmit channel for the 2.4Ghz band (default 6).
SURVEY_CH_50 Site survey transmit channel for the 5Ghz band (default 36).
SURVEY_BEACON_INTV Site survey beacon interval. Default 100msec.
WTP_LOCATION Optional string describing AP location.

Diagnose commands include:

cw_diag help Display help for all diagnose commands.
cw_diag uptime Show daemon uptime.
cw_diag --tlog <on|off> Turn on/off telnet log message.
cw_diag --clog <on|off> Turn on/off console log message.
cw_diag baudrate [9600 | 19200 | 38400 | 57600 | 115200] Set the console baud rate.
cw_diag plain-ctl [0|1] Show or change current plain control setting.
cw_diag sniff-cfg ip port Set sniff server ip and port.
cw_diag sniff [0|1|2] Enable/disable sniff packet.
cw_diag stats wl_intf Show wl_intf status.
cw_diag admin-timeout [30] Set shell idle timeout in minutes.
cw_diag -c wtp-cfg Show current wtp config parameters in control plane.
cw_diag -c radio-cfg Show current radio config parameters in control plane.
cw_diag -c vap-cfg Show current vaps in control plane.
cw_diag -c ap-rogue Show rogue APs pushed by AC for on-wire scan.
cw_diag -c sta-rogue Show rogue STAs pushed by AC for on-wire scan.
cw_diag -c arp-req Show scanned arp requests.
cw_diag -c ap-scan Show scanned APs.
cw_diag -c sta-scan Show scanned STAs.
cw_diag -c sta-cap Show scanned STA capabilities.
cw_diag -c wids Show scanned WIDS detections.
cw_diag -c darrp Show darrp radio channel.
cw_diag -c mesh Show mesh status.
cw_diag -c mesh-veth-acinfo Show mesh veth ac info, and mesh ether type.
cw_diag -c mesh-veth-vap Show mesh veth vap.
cw_diag -c mesh-veth-host Show mesh veth host.
cw_diag -c mesh-ap Show mesh ap candidates.
cw_diag -c scan-clr-all Flush all scanned AP/STA/ARPs.
cw_diag -c ap-suppress Show suppressed APs.
cw_diag -c sta-deauth De-authenticate an STA.