wireless-controller wtp-profile (5.4)

Use this command to configure WTP profiles (or FortiAP Profiles as shown in the GUI), which define radio settings for a particular platform/FortiAP model.

FortiAP units contain two radio transceivers, making it possible to provide both 2.4GHz 802.11b/g/n and 5GHz 802.11a/n service from the same AP. The profile also selects which SSIDs the APs will carry. For example, a FortiAP can be configured to carry all SSIDs on one radio, while the other only carries a specific SSID.

The radios can also be used for monitoring, used for the Rogue AP detection feature. See Monitoring rogue APs from our Online Help portal for more details, and config wireless-controller wids-profile for various AP detection settings.

Note: Radio 2 settings are only available for FortiAP models with dual radios.

Contents

config platform

A configuration method to assign the AP hardware type.

type <platform>

WTP platform type/model. For a full list of options, enter set type ? (or see wireless-controller wtp-group). The default is set to 220B.


config deny-mac-list

A configuration methods to deny specific wireless MAC addresses.

mac <mac-address>

Wireless MAC address to deny.


config split-tunneling-acl

A configuration method to set various split tunneling access control list (ACL) filter lists.

dest-ip <ipv4-netmask>

IPv4 destination address to be added to the ACL filter.


config {radio-1 | radio-2}

A configuration method to set various options for Radio 1 and/or Radio 2.

mode {disabled | ap | monitor | sniffer}

Radio mode for the AP:

  • disabled: Radio is not used; all other entries are unavailable except powersave-optimize.
  • ap: Radio provides wireless AP service (set by default); all other entries are available.
  • monitor: Radio performs monitoring only; the only other entries available when this is set are powersave-optimize, spectrum-analysis, and wids-profile.
  • sniffer: Radio performs scanning only; the only other entries available when this is set are powersave-optimize, all ap-sniffer related entries, and spectrum-analysis.

band {802.11b | 802.11g | 802.11n | 802.11n,g-only | 802.11g-only | 802.11n-only}

Band of AP-mode radio. The n bands operate at 2.4GHz.

protection-mode {rtscts | ctsonly | disable}

Note: This entry is only available under radio-2.

802.11g protection mode:

  • rtscts: Enables 802.11g protection in Request to Send/Clear to Send (RTS/CTS) mode, reducing frame collisions
  • ctsonly: Enables 802.11g protection in CTS mode
  • disable: Disables 802.11g protection

powersave-optimize {tim | ac-vo | no-obss-scan | no-11b-rate | client-rate-follow}

Power-saving optimization options:

  • tim: Set traffic indication map (TIM) bit for client in power save mode. TIM bit mask indicates to any sleeping listening stations if the AP has any buffered frames present.
  • ac-vo: Use Access Category (AC) Voice (VO) priority to send packets in the power save queue. AC VO is one of the highest classes/priority levels used to ensure quality of service (QoS).
  • no-obss-scan: Do not put Overlapping Basic Service Set (OBSS), or high-noise (i.e. non-802.11), scan IE into a Beacon or Probe Response frame.
  • no-11b-rate: Do not send frame using 11b data rate.
  • client-rate-follow: Adapt transmitted PHY rate to PHY rate received from client.

Separate each value with a space to add multiple values. Values can also be added using append.

ap-sniffer-bufsize <mb>

Note: This entry is only available when mode is set to sniffer.

AP’s sniffer buffer size in MB. Set the value between 1-32. The default is set to 16.

ap-sniffer-chan <channel>

Note: This entry is only available when mode is set to sniffer.

Channel on which to operate the sniffer. The default is set to 6.

ap-sniffer-addr <mac-address>

Note: This entry is only available when mode is set to sniffer.

MAC address to monitor.

ap-sniffer-mgmt-beacon {enable | disable}

Note: This entry is only available when mode is set to sniffer.

Enable (by default) or disable sniffer on WiFi management Beacon frame.

ap-sniffer-mgmt-probe {enable | disable}

Note: This entry is only available when mode is set to sniffer.

Enable (by default) or disable sniffer on WiFi management Probe frame.

ap-sniffer-mgmt-other {enable | disable}

Note: This entry is only available when mode is set to sniffer.

Enable (by default) or disable sniffer on WiFi management Other frame.

ap-sniffer-ctl {enable | disable}

Note: This entry is only available when mode is set to sniffer.

Enable (by default) or disable sniffer on WiFi Control frame.

ap-sniffer-data {enable | disable}

Note: This entry is only available when mode is set to sniffer.

Enable (by default) or disable sniffer on WiFi Data frame.

transmit-optimize {disable | power-save | aggr-limit | retry-limit | send-bar}

Packet transmission optimization options (enabled by default; all options except disable):

  • disable: No packet transmission optimization
  • power-save: Tags client as operating in power save mode if excessive transmit retries occur
  • aggr-limit: Sets a lower aggregation limit when the data rate is low
  • retry-limit: Sets a lower retry limit when data rate is low
  • send-bar: Limit transmission of Block Acknowledgement Request (BAR) frames

Separate each value with a space to add multiple values. Values can also be added using append.

amsdu {enable | disable}

Note: This entry is only available under radio-2.

Enable (by default) or disable Aggregate MAC Service Data Unit (A-MSDU) support, allowing multiple frames to be combined into one larger frame.

coexistence {enable | disable}

Note: This entry is only available under radio-2.

Enable (by default) or disable HT20/HT40 coexistence support, where bandwidths that use 20MHz and 40MHz can be used in the same channel.

channel-bonding {40MHz | 20MHz}

Note: This entry is only available under radio-2.

Channel bandwidth: either 40MHz or 20MHz. Channels may use both by enabling the coexistence entry (see above).

auto-power-level {enable | disable}

Enable or disable (by default) automatic power-level adjustment to prevent co-channel interference. When enabled, use the auto-power-high and auto-power-low entries to configure the high and low limitations. When disabled, use the power-level entry to configure the power level percentage.

auto-power-high <dBm>

Note: This entry is only available when auto-power-level is set to enable.

Automatic transmission power high limit in decibels (dB) of the measured power referenced to one milliwatt (mW), or dBm. Set the value between 10-17. The default is set to 17.

auto-power-low <dBm>

Note: This entry is only available when auto-power-level is set to enable.

Automatic transmission power low limit in dBm. Set the value between 1-17. The default is set to 10.

power-level <percentage>

Note: This entry is only available when auto-power-level is set to disable.

Radio power level as a percentage; as such, set the value between 0-100. The default is set to 100.

The maximum power level (i.e. 100%) will set to the regulatory maximum for your region, as determined by the country entry under config wireless-controller setting.

dtim <interval>

Interval between an Delivery Traffic Indication Message (DTIM), a kind of TIM that informs clients about the presence of buffered multicast/broadcast data on the AP. Set the value between 1-255. The default is set to 1.

beacon-interval <milliseconds>

Interval between beacon packets. AP broadcast beacons or TIMs to synchronize wireless networks. Set the value between 40-3500 (or 40 milliseconds to 3.5 seconds). The default is set to 100 (or a tenth of a second).

In an environment with high interference, a low beacon-interval value might improve network performance. In a location with few wireless nodes, you can increase this value.

rts-threshold <bytes>

Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS. This will consume more bandwidth, therefore reducing the throughput, however the more RTS packets there are the fewer instances of packet loss will occur.

Set the value between 256-2346 (or 256 bytes to over 2kB). The default is set to 2346meaning that effectively it will never be used, as the maximum packet size in Ethernet networks can only be 1518 bytes (including all headers and maximum data size).

frag-threshold <bytes>

Note: This entry is only available when band has been set.

Maximum packet size that can be sent without fragmentation. Range is 800 to 2346 bytes. Set the value between 256-2346 (or 256 bytes to over 2kB).

spectrum-analysis {enable | disable}

Enable or disable (by default) spectrum analysis, a method for finding interference that would negatively impact wireless performance.

wids-profile

Note: This entry in only available when mode is set to either ap or monitor.

WIDS profile name to assign to the radio, as configured under the wireless-controller wids-profile command.

darrp {enable | disable}

Enable or disable (by default) Distributed Automatic Radio Resource Provisioning (DARRP), a feature that autonomously and periodically determines the best-suited channel for wireless communication. This allows FortiAP units to select their channel so they do not interfere with each other in large-scale deployments.

You can optimize DARRP further under the wireless-controller timers command.

max-clients <integer>

Maximum expected number of STAs supported by the radio. The default is set to 0.

max-distance <meters>

Maximum expected distance in meters between the AP and clients. This adjusts the ACK timeout to maintain throughput at the maximum distance. Set the value between 0-54000 (or no distance to just over 33.5 miles). The default is set to 0.

frequency-handoff {enable | disable}

Enable or disable (by default) frequency handoff of clients to other channels. When enabled, you can optimize handoff further by using the handoff-rssi and handoff-sta-thresh entries.

ap-handoff {enable | disable}

Enable or disable (by default) handoff of clients to other APs.

vap-all {enable | disable}

Enable (by default) or disable the automatic inheritance of all VAPs.

vaps <vaps>

Specific VAPs carried on this physical AP. Separate each value with a space to add multiple VAPs. A maximum of eight VAPs may be added. Values can also be added using append.

channel {1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11}

Wireless radio channels. Separate each value with a space to add multiple channels. Values can also be added using append.


config lbs

A configuration method to set various location based service (LBS) options.

ekahau-blink-mode {enable | disable}

Enable or disable (by default)

ekahau-tag <mac-address>

WiFi frame MAC address.

erc-energy-ip <ip-address>

IP address of the Ekahau real-time location system (RTLS) controller.

er-server-port <port>

Ekahau RTLS controller UDP listening port.

aeroscout {enable | disable}

Enable or disable (by default) AeroScout support.

aeroscout-server-ip <ip-address>

AeroScout server IP address.

aeroscout-server-port <port>

AeroScout server UDP listening port.

aeroscout-mu-factor <mu-factor>

AeroScout Mobile Unit (MU) mode dilution factor. The default is set to 20.

aeroscout-mu-timeout <seconds>

AeroScout MU mode timeout in seconds. Set the value between 0-65535 (or not timeout to over 18 hours). The default is set to 5.

fortipresence {enable | disable}

Enable or disable (by default) FortiPresence support.

fortipresence-server <ip-address>

FortiPresence server IP address.

fortipresence-port <port>

FortiPresence server UDP listening port. Set the value between 300-65535. The default is set to 3000.

fortipresence-secret <password>

FortiPresence secret password, with a maximum length of eight characters.

fortipresence-project <name>

Name of the FortiPresence project, with a maximum length of 16 characters. The default is set to fortipresence.

fortipresence-frequency <seconds>

FortiPresence report transmit frequency in seconds. Set the value between 5-65535 (or five seconds to over 18 hours). The default is set to 30.

fortipresence-rogue {enable | disable}

Enable or disable (by default) FortiPresence reporting Rogue APs.

fortipresence-unassoc {enable | disable}

Enable or disable (by default) FortiPresence reporting unassociated stations.

station-locate {enable | disable}

Enable or disable (by default) client station locating services for all clients, whether associated or not.


comment [string]

Optional comments.

led-state {enable | disable}

Enable (by default) or disable


dtls-policy {clear-text | dtls-enabled}

`:

  • clear-text: (set by default).
  • dtls-enabled:

Separate each value with a space to add multiple options. Values can also be added using append.


max-clients <number>

`. The default is set to 0, meaning there is no client limitation.


handoff-rssi <rssi>

Minimum received signal strength indicator (RSSI) value for handoff. Set the value between 20-30. The default is set to 25.


handoff-sta-thresh <threshold>

Threshold value for AP handoff. Set the value between 5-35. The default is set to 30.


handoff-roaming {enable | disable}

Enable (by default) or disable client load balancing during roaming to avoid roaming delay.


ap-country <country>

Country in which this AP will operate. To display all available countries, enter set country ?. The default is set to US (United States).


ip-fragment-preventing {tcp-mss-adjust | icmp-unreachable}

Method by which IP fragmentation is prevented for CAPWAP tunneled control and data packets:

  • tcp-mss-adjust: TCP maximum segment adjustment (by default).
  • icmp-unreachable: Drop packet and send an Internet Control Message Protocol (ICMP) Destination Unreachable error message.

Separate with a space to add both values. Values can also be added using append.


tun-mtu-uplink <bytes>

Uplink tunnel maximum transmission unit (MTU) in octets (eight-bit bytes). An MTU is the largest size packet or frame that can be sent in a packet.

Set the value to either 0 (by default), 576, or 1500.


tun-mtu-downlink <bytes>

Downlink tunnel MTU in octets. Set the value to either 0 (by default), 576, or 1500.


split-tunneling-acl-local-ap-subnet {enable | disable}

Enable or disable (by default) specified destinations to be accessed locally instead of through the WiFi controller.


allowaccess {telnet | http | https | ssh}

Protocols to allow management-access to managed APs: telnet, http, https, and ssh.

Separate each value with a space to add multiple protocols. Values can also be added using append.


login-passwd-change {yes | default | no}

Login password options:

  • yes: Change login password of the managed AP
  • default: Reset login password to factory default
  • no: Do not change login password (by default)

When set to yes, use the login-passwd entry to determine the password of the managed AP.


login-passwd <password>

Note: This entry is only available when login-passwd-change is set to yes.

Login password of the managed AP.


lldp {enable | disable}

Enable or disable (by default) Link Layer Discovery Protocol (LLDP), a vendor-neutral link layer protocol used by network devices for advertising their identity, capabilities, and neighbours.

Share this page:
Facebooktwittergoogle_pluslinkedinmail

Leave a Reply

Be the First to Comment!

avatar
wpDiscuz