FortiWLC – Sitesurvey

Sitesurvey

Fortinet sitesurvey is a simple tool that aids in network planning to find the right placement (mounting location) of APs such that clients connected to these APs receive high throughput, excellent coverage. To find the right placement of your AP, connect your Wi-Fi client to the AP that is in the sitesurvey mode and move around the deployment perimeter to identify areas that provide good connectivity (based on the results from the sitesurvey tool) to the Wi-Fi client. You can adjust the placement of the AP depending on the sitesurvey results.

Pre-requisites
  • Sitesurvey is supported only on AP832, AP822, FAP-U421, and FAP-U423.
  • The AP must be running FortiWLC (SD) 6.1-2 or higher and can connect only in Open Clear mode.
Configuring Sitesurvey Options

Sitesurvey configuration and monitor options are available via CLI (AP boot console) and GUI. To access sitesurvey options, Connect to AP CLI from a controller or use a serial port.

Using the CLI

After the normal AP boot process, enter the sitesurvey enable command at the AP boot prompt to restart AP into the sitesurvey mode. In the sitesurvey mode the AP displays the sitesurvey prompt (ss >).

Sitesurvey commands always begin with the sitesurvey keyword or alternatively you can use the ss (alias) instead of the sitesurvey keyword. Sitesurvey provides the following additional commands to configure and monitor sitesurvey features.

Enabling Sitesurvey

sitesurvey enable

This command enables the sitesurvey mode. The AP will reboot into sitesurvey mode and display the sitesurvey prompt. ss > _

Disabling Sitesurvey

sitesurvey disable

This command disables the sitesurvey mode. AP will reboot into normal mode of operation.

Setting Country Code and Channel

sitesurvey countrycode set <country code>

By default the country code is set to US. When you set a country code, the first valid channel and the max supported Tx power for radio 0 and radio 1 for that country code is automatically set. To override the default channel for a country code, enter the following command sitesurvey channel set <radio_index> <channel>

Where,

  • radio_index refers to the AP radios.
  • Enter 1 for radio 1 (2.4 Ghz).
  • Enter 2 for radio 2 (5Ghz).

To get the list of supported country codes, use the ss countrycode help command.

Setting Inactivity Time

sitesurvey inactivitytime <itime>

This command sets the time (in seconds) the AP will remain in the sitesurvey mode before a client associates with it. The time is specified in seconds and by default the AP will remain in the sitesurvey mode for 3600s. After the period of inactivity, the AP will reboot into normal AP mode.

When using the GUI, the browser window will reset after 3600 seconds of inactivity, irrespective of the time set for inactivity. The browser refresh time cannot be changed.

Setting IP Address

sitesurvey ipconfig <ip_address> <netmask>

This command configures the sitesurvey AP with an IP address. You can use this IP address to access the sitesurvey GUI page via a browser. By default, the IP address and netmask are set to 192.168.0.1 and 255.255.255.0.

Configuring SSID

sitesurvey ssid <radio_index> [<ssid>]

Where,

  • radio_index can be 0, 1, or 3
  • Enter 0 for radio 1 (2.4 Ghz)
  • Enter 1 for radio 2 (5 Ghz)
  • Enter 3 to specify SSID for both the radios

This command configures SSID for the specified radio. By default, SSID for radio 1 (2.4Ghz) is set to Meru_Site_Survey_2.4 and SSID for radio 2 (5 Ghz) is set to Meru_Site_Survey_5.

Examples ss > sitesurvey ssid 3

MERU_SITE_SURVEY SSID is assigned for both radio1 and radio2 as MERU_SITE_SURVEY

ss > sitesurvey ssid 1 <‐‐ if SSID is not specified SSID is assigned to radio1 as MERU_SITE_SURVEY_2.4 by default

ss > sitesurvey ssid 2 <‐‐ if SSID is not specified SSID is assigned to radio2 as MERU_SITE_SURVEY_5 by default

ss > sitesurvey ssid 3 <‐‐ if SSID is not specified MERU_SITE_SURVEY_2.4 is assigned as SSID for radio1

MERU_SITE_SURVEY_5 is assigned as SSID for radio2.

After configuring SSID on AP radios, you can use the following command to selectively (per radio) enable or disable broadcasting SSID. sitesurvey publishssid <radio_index> [on|off] By default, SSID for both radios are broadcast.

Enable or Disable Radio

sitesurvey {radio | r} <radio_index> [on|off]

Where,

  • radio_index can be 0, 1, or 3
  • Enter 0 for radio 1 (2.4 Ghz)
  • Enter 1 for radio 2 (5 Ghz)
  • Enter 3 for both the radios

This command enables or disables AP radio. Wi-fi clients connecting to the sitesurvey AP must use the same radio that is enabled in the AP. By default, both the radios are enabled.

Configure Sitesurvey Refresh Rate

sitesurvey statsrefrate [<rate>]

This command configures the time interval (specified in milliseconds) at which the AP will collect and send (display) sitesurvey results. By default, the refresh rate is set to 1000ms. The sitesurvey results can be viewed from the sitesurvey GUI page or the CLI.

Setting the Tx Power

sitesurvey txpwr set <radio_index> [<tx_power>]

Where,

  • radio_index can be 0, 1, or 3
  • Enter 0 for radio 1 (2.4 Ghz)
  • Enter 1 for radio 2 (5 Ghz)
  • Enter 3 for both the radios

Use this command to selectively set the transmit power for AP radios. By default, Tx power is set to maximum possible Tx power based on the country code, channel and the hardware capabilities. The sitesurvey txpwr set 3 command (without the power value) will set the max Tx power supported for the selected country to both the radios.

Save Sitesurvey Configuration

sitesurvey save

After you have configured all sitesurvey options, enter this command to save your sitesurvey configuration. This command creates an ESSID with all configured parameters. Your Wi-Fi can now associate to this AP using the ESSID.

Using GUI

To access the sitesurvey GUI page, enter the IP address of the AP. If not previously set, enter the default IP address (192.168.0.1) of the AP. By default, the GUI page shows the sitesurveyresults page. Click the Configure button to access the sitesurvey configuration options.

Figure 67: Sitesurvey Configuration Options:

 

TABLE 24: Sitesurvey Configuration Parameters using GUI

Parameters Description
SSID Radio 0

SSID Radio 1

Enter a value that you will be broadcast for connecting your Wi-Fi client. The default values are Meru_Site_Survey_2.4 for Radio 0 and Meru_Site_Survey_5 for Radio 1.
Country Select a country from this list. This selection automatically sets the first valid channel for each radio. However, you can choose to override them by selecting a different channel number.
Radio 2.4 Ghz

Radio 5 Ghz

Select ON or OFF to enable or disable a radio.
Tx Power Radio 0

Tx Power Radio 1

Enter transmit power for each of the radios. Maximum value for Radio 0 (2.4 Ghz) and maximum value for Radio 1 (5 Ghz) is dependent on the selected country and the channel.
2.4 Ghz Channels

5 Ghz Channels

Select a valid channel. By default this is automatically set to the first valid channel for the selected country.
Publish SSID Radio 0

Publish SSID Radio 1

Select ON or OFF to broadcast SSID.

TABLE 24: Sitesurvey Configuration Parameters using GUI

Parameters Description
Stats Refresh Rate Enter the time interval (in milliseconds) to collect and send (display) sitesurvey results.
Inactivity timeout period Enter the time interval (in seconds) for the AP to wait for client to connect. After the inactivity time period, the AP will reboot to normal AP mode.

After configuring the above parameters click the Apply button to save the configuration.

Viewing Sitesurvey Results

Sitesurvey results can be viewed from CLI and using the GUI.

Using GUI

By default, the Sitesurvey page (Figure 2) is displayed when you connect to the AP via browser. The Sitesurvey page among other pre-configured values displays key information about the connectivity experience of your Wi-Fi client.

The GUI page shows Sitesurvey results of only ONE client (the last connected client) connected to the AP. To view Sitesurvey results from all connected clients, use options from CLI.

Figure 68: Viewing Sitesurvey Results

Connectivity Experience Parameters

The Sitesurvey parameters that include RSSI, S/N Ratio, Tx Power, 802.11 Tx Rate, and

802.11 Rx Rate illustrate the connection experience of the Wi-Fi client at the given location.

Troubleshooting Parameters

The parameters, Tx Retry count and Tx Failure illustrate issues or errors in connection between the Wi-Fi client and the AP at the given location.

Network Parameters

Tx Packets and Rx Packets indicate the network data traffic between the AP and the Wi-Fi client.

NOTE : As you move with your Wi-Fi client, the survey results are updated as per configured refresh rate.

Disable Site Survey

To disable Sitesurvey on the AP, click the Disable Sitesurvey button. This button will reboot the AP into normal AP mode.

Using CLI
Viewing Sitesurvey Configuration

sitesurvey showconfig

This command displays the current sitesurvey configuration.

Sample Output ss > sitesurvey showconfig

Site Survey                          : 1

Country Code                         : US

AP IP address                        : 192.168.0.1

AP Netmask                           : 255.255.255.0

SSID for radio0                      : MERU_SITE_SURVEY_2.4

SSID for radio1                      : MERU_SITE_SURVEY_5

Broadcast SSID for radio0            : 1

Broadcast SSID for radio1            : 1 radio0 <2.4G>                        : 1 radio1 <5G>                          : 1 Channel for radio0                   : 6

Channel for radio1                   : 36

Tx Power for radio0             : 25

Tx Power for radio1             : 23

Basic Tx Rate for radio0       : 1 2 5.5 11

Basic Tx Rate for radio1       : 1 2 5.5 11

Stats Refresh Rate            : 1000

Inactivity Timeout             : 3600 ss >

Viewing Sitesurvey Results (Statistics)

sitesurvey showstatistics

This command displays sitesurvey results of all the Wi-Fi clients connected to the AP.

Sample Output

ss > sitesurvey showstatistics ss >

      AP MAC         STATION MAC                 ESSID              Ch  ChWd SNR RSSI TxPwr TxRate RxRate TxRetry TxFail  TxPkts  RxPkts

‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐  ‐‐‐ ‐‐‐‐ ‐‐ ‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐

00:0c:e6:12:28:1f 6c:88:14:f3:a8:04                       survey51   36   20  42  ‐45    23    144    130       0       1      65     68 ss stats ss >

      AP MAC         STATION MAC                 ESSID              Ch  ChWd SNR RSSI TxPwr TxRate RxRate TxRetry TxFail  TxPkts  RxPkts

‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐  ‐‐‐ ‐‐‐‐ ‐‐ ‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐

00:0c:e6:12:28:1f 6c:88:14:f3:a8:04                       survey51   36   20  42  ‐45    23    144    130       0       1      66     68 ss stats ss >

      AP MAC         STATION MAC                 ESSID              Ch  ChWd SNR RSSI TxPwr TxRate RxRate TxRetry TxFail  TxPkts  RxPkts

‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐  ‐‐‐ ‐‐‐‐ ‐‐ ‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐

00:0c:e6:12:28:1f 6c:88:14:f3:a8:04                       survey51   36   20  42  ‐45    23    144    123       0       1      68     68 ss stats ss >

      AP MAC         STATION MAC                 ESSID              Ch  ChWd SNR

RSSI TxPwr TxRate RxRate TxRetry TxFail  TxPkts  RxPkts

 

‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐  ‐‐‐ ‐‐‐‐ ‐‐ ‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐

00:0c:e6:12:28:1f 6c:88:14:f3:a8:04                       survey51   36   20  42  ‐45    23    144    104       0       1      69     691 ss >

FortiWLC – Configuring an AP’s Radio Channels

Configuring an AP’s Radio Channels

AP channel configuration is configurable for 802.11bg which consists of 11 overlapping channels in United States deployments. Channel configuration for 802.11a is not an issue because there are no overlapping channels within the 802.11a spectrum.

In the 802.11b/g standard, there are 14 channels. As a result of FCC rules, there are 11 channels: channels 1 through 11 are used in the USA. Other countries may also use channels 12, 13, and 14. These channels represent the center frequency of the wireless transmission wave.

In practice, 802.11bg has only three operational frequencies in a given area, and most deploy-

Configuring an AP’s Radio Channels

 

ments use channels 1, 6, and 11, for which there is no overlap.

Figure 66: Channel 1, 6, and 11

To assign a channel, use the Dot11Radio interface command channel. With the Web UI, configure a channel by clicking Configuration > Wireless > Radio, select a radio and then select a Channel from the drop-down list.

FortiWLC – Configure an AP’s Radios with the CLI

Configure an AP’s Radios with the CLI

Before you can configure any radio settings, you need to enter radio interface configuration mode. To do this, follow these steps:

TABLE 22: Entering Radio Interface Configuration Mode

Command Purpose
configure terminal Enter global configuration mode.
interface Dot11Radio <ap-id> <Interface ID> Enter interface configuration for the specified AP and radio interface. Use show interfaces Dot11Radio to obtain a list of radio interfaces.

For AP800, the second interface provides 802.11ac support.

… commands … Enter the 802.11 configuration commands here.
end Return to privileged EXEC mode.
copy running-config startup-config This is an optional step to save your entries in the configuration file.
Summary of Radio Interface Configuration Commands

The following is a summary of the commands available in radio interface configuration mode: TABLE 23: Commands available in Radio Interface Configuration Mode

Command Purpose
admin-mode Enables or disables a radio interface.
antenna-property Manages external wireless interface antennas.
channel Configures the channel ID.
localpower Configures the AP transmit power level for all APs
mode AP mode configuration.
n-only-mode Supports only 802.11n clients on the radio to improve performance.
preamble-short Enables or disables short preambles.
protection-mode Configures 802.11b/g interoperability mode. This setting defaults to auto and should not be changed without consulting Fortinet Support.

Configure an AP’s Radios with the CLI

TABLE 23: Commands available in Radio Interface Configuration Mode

Command Purpose
rf-mode Configures the Radio Frequency mode (802.11a, b, g, or bg, bgn, or an). Note that All APs on the same channel in a Virtual Cell must have the same setting for rf-mode.
scanning channels Configures the channels for scanning
tuning Tunes the wireless interface
Set Radio Transmit Power with the CLI

The radio transmit power changes the AP’s coverage area; this setting helps manage contention between neighboring access points. Transmit power for Fortinet APs is defined as the EIRP1 (Effective Isotropic Radiated Power) at the antenna and includes the antenna gain.

(This is important to remember; transmit power is not the power at the connector.) Power level settings are dependent on the country code and the radio band (and for 802.11a, the channel) in use.

For example, if the transmit power, configured with the command localpower, is set to 20 dBm2, and the antenna gain is set 3 to 2 dBm, then the actual transmitted power at the connector is 18 dBm.

If an external antenna with an 8dBi (isotropic) gain is used, then adjust the gain value to the same value, 8. If the desired EIRP after the antenna is the same, then keep the transmit power set to the same value, 20. For higher or lower EIRP values, adjust the transmit power to the desired value.

The maximum power setting is an integer between 4-30dBm for 802.11/bg radios.

The Maximum Transmit Power for the 802.11a band is based on the channel in use, as detailed in the following table, which shows the levels for the United States:

802.11a Channel Maximum Transmit Power (dBm) for United States
36 17
40 23
44 23
48 23
52 30
56 30
60 30
64 30
100 30
104 30

Configure an AP’s Radios with the CLI

802.11a Channel Maximum Transmit Power (dBm) for United States
108 30
112 30
116 30
120 30
124 30
128 30
132 30
136 30
140 30
149 36
153 36
157 36
161 36
165 36

Use the localpower command in the Dot11Radio interface configuration mode to configure the maximum power level. localpower max‐level

For example, to set the 802.11a radio maximum power to 15, type

localpower 15

Enable and Disable Short Preambles with the CLI

The radio preamble, also called the header, is a section of data at the head of a packet that contains information that the access point and client devices need when sending and receiving packets. By default, a short preamble is configured, but you can set the radio preamble to long or short:

  • A short preamble improves throughput performance.
  • A long preamble ensures compatibility between the access point and some older wireless LAN cards. If you do not have any older wireless LAN cards, you should use short preambles.

To disable short preambles and use long preambles, type: no preamble-short

To enable short preambles, type: preamble-short

Configure an AP’s Radios with the CLI

Set a Radio to Scan for Rogue APs with the CLI

To configure radios to constantly scan for rogue APs, use this command from the Dot11Radio interface configuration mode: mode scanning

To set the radio back to servicing clients, use the command: mode normal

Enable or Disable a Radio Interface with the CLI

To temporarily disable a radio interface, use this command from Dot11Radio interface configuration mode: admin‐mode Down

To later enable the off-line interface, use the command: admin‐mode Up

Set a Radio to Support 802.11n Only with the CLI

To set an AP radio interface to support only 802.11n clients, and thus improve throughput, from the Dot11Radio interface configuration mode use the command: n‐only‐mode

To disable the 802.11n-only support, use the command: no n‐only‐mode

Note that All APs on the same channel in a Virtual Cell must have the same setting for n-only mode.

FortiWLC – Add and Configure an AP with the CLI

Add and Configure an AP with the CLI

To configure an AP with the CLI, first enter AP configuration mode (first command shown below) and then use the rest of the AP configuration commands:

Command Purpose
configure terminal Enter global configuration mode.
ap ap-id Enter AP configuration for the specified AP. Use the command show ap to get a list of APs.
… commands … Enter the AP configuration commands listed in the next chart here.
boot-script string Name of an initialization script that the access point runs when booted. If nothing is configured here, the AP uses the default bootscript.
building string Command to describe building identification.
contact string Enters AP contact information
connectivity l2-only | l2-preferred | l3preferred This setting configures Layer 2 or Layer 3 connectivity to the controller. Using either L3 or L2 preferred also invokes AP connectivity mode where additional connectivity configuration can be done.
dataplane-encryption {on | off} In a Mesh configuration, selects how the AP and Controller pass data packets:

On: the AP-Controller link is encrypted

Off: the AP-Controller link is unencrypted (default)

description string Enters AP description. Note that this corresponds to the AP Name in the GUI.
floor string Enters AP floor location
led {normal | blink | NodeId | Normal} Sets LED appearance on AP400 and AP1000.

Normal: AP400 and AP1000 LEDs appear as described in the Fortinet

Access Point Installation Guide

Blink: Sets all LEDs flashing; this is useful to locate an AP

Dark: Turns off all LEDs

link-probing duration minutes For Remote AP, set the number of minutes between keep-alive signals. Minutes can be between 1 and 3200.
location string Enters AP location information

Add and Configure an AP with the CLI

Command Purpose
mac-address ff:ff:ff:ff:ff:ff Sets the MAC address if you are pre-configuring an AP
model string Command to enter the model type of the AP if you are pre-configuring the

AP

no boot-script Disables the boot script
end Return to privileged EXEC mode.
Configure a Layer 3 AP with the CLI

The following commands can be used to set up a Layer 3 configuration for an AP not in the same subnet as the controller. It specifies the AP will obtain its IP address from DHCP, which allows it to use a DNS server for obtaining its IP address. If the network administrator has added to the DNS server the IP address for the controller hostname “wlan-controller,” DNS can return the IP address of the controller with the hostname “wlan-controller:”

default# configure terminal default(config)# ap 1

default(config‐ap)# connectivity l3‐preferred default(config‐ap‐connectivity)# ip address dhcp

default(config‐ap‐connectivity)# controller hostname wlan‐controller default(config‐ap‐connectivity)# end default#

The following table presents the commands available within the ap-connectivity mode. TABLE 21: Summary of Connectivity Mode Commands

Command Purpose
controller {domainname name|hostname name|ip <ip-address>} Configure the controller IP information.

The domainname name must be from 1 to 63 characters.

The hostname name must be from 1 to 63 characters.

The IP address must be in the format nnn.nnn.nnn.nnn or dhcp to obtain the AP IP address dynamically.

hostname name Sets the AP hostname. name must be from 1 to 63 characters.

Add and Configure an AP with the CLI

TABLE 21: Summary of Connectivity Mode Commands

Command Purpose
ip address {ip-address|dhcp} Configures the IP addressing for the AP.

Use ip-address to assign a static IP address to the AP.

Use dhcp to obtain the AP IP address dynamically.

ip default-gateway gateway Adds an IP address of the default gateway in the format nnn.nnn.nnn.nnn
ip dns-server {primary <DNS ipaddress> |secondary <DNS ipaddress>} Adds a DNS server entry for static IP.

primary ip-address sets a primary DNS server for static IP. secondary ip-address sets the secondary DNS server for the static IP.

Configure AP Power Supply, Channel Width, and MIMO Mode with CLI

Set the power supply type, channel width, and MIMO mode by following these steps:

  1. Open a terminal session on the controller.
  2. Enter configuration mode by with the command terminal configuration at the CLI prompt.
  3. Select the AP with the command ap #, for example, AP1: default(config)# ap 1
  4. Set the power supply value to 5V-DC for AP Power, 802.3af Power Over Ethernet, 802.3at Power Over Ethernet with the CLI command power-supply. default(config‐ap)# power‐supply 5V‐DC
  5. Exit ap configuration mode. default(config‐ap) # exit
  6. Enter radio configuration submode with the command interface Dot11Radio node-id interface_ID. For example, for AP1, interface 1: default(config)# interface Dot11Radio 1 1
  7. Change channel width from 20 MHz (default) to 40 MHz (either 40-mhz-extension-channel-above or 0-mhz-extension-channel-below 40) with the command channel-width. This command also sets channel bonding. default(config‐if‐802)# channel‐width above 40 MHz Extension channel
  8. Change MIMO Mode from 2×2 (default) to 3×3 with the mimo-mode 3×3 command and exit.

default(config‐if‐802)# mimo‐mode 3×3 default(config‐if‐802)# end

Add and Configure an AP with the CLI

The AP is now configured.

FortiWLC – Configure an AP’s Radios with the Web UI

Configure an AP’s Radios with the Web UI

After you “Add and Configure an AP with the Web UI” on page 337, the AP’s radios will be listed in FortiWLC (SD). Follow these steps to configure the radios:

  1. Click Configuration > Wireless > Radio.
  2. Select one of the radios by clicking the pencil icon in the first column; remember that most APs have two radios. In that case, you will want to configure both of them.
  3. There are three tabs of settings for a radio, Wireless Interface, Wireless Statistics, and Antenna Property. Wireless Interface is the default tab. Here you see the existing interface settings for the radio. Any setting that is greyed out cannot be changed. Make any of the changes listed in the following chart, and then click OK.
Field Description
Interface Description Description can be up to 256 alphanumeric characters long and contain spaces (for example, Lobby AP  interface 1). By default, the description is ieee80211-ap_id-index_ID.
Administrative Status Indicate whether the interface is to be used:

Up: Enable the interface

Down: Disable the interface

Primary Channel In the drop-down list, select the channel number for the wireless interface to use. The channel numbers displayed depend on the RF Band Selection and the regulatory domain for each country; for example, in the United States 802.11b shows channels 1 through 11 and 802.11a shows channels 36, 40, 44, etc. Two access points can belong to the same virtual AP only if they are on the same channel. Thus, two neighboring access points on different channels cannot perform seamless handoff (0 ms).
Short Preamble Short preambles are more efficient on the air, but not all clients support them. On

Off

RF Band Selection Select the RF Band this interface uses. Available selections are based on both the AP model and radio cards installed (for example, 802.11an) and the licensing in effect.
Transmit Power (EIRP) Fortinet AP radios operate at their maximum power level by default. High power level increases the signal strength of the frames received by the client stations, allowing a client station to decode frames at a higher rate and increasing the coverage area. This causes minimal interference because Fortinet uses Virtual Cell technology, moving clients to a better AP without re-association. For a very few cases, we recommend that you reduce the power level on APs due to co-channel-interference. Check with Support first to make sure your issue really is due to co-channel-interference. To change transmit power, change the value in the Transmit Power field. The maximum level depends on the country code and the RF band in use.

Configure an AP’s Radios with the Web UI

Field Description
AP Mode Select whether the radio for the interface is in Service Mode (servicing clients first and scanning in the background), ScanRogues Mode (dedicated monitoring for Rogue APs), and ScanSpectrum Mode.
B/G Protection Mode Configures 802.11b/g interoperability mode. This setting defaults to auto and should not be changed without consulting Fortinet Support.
HT Protection Mode HT protection is set to default Off. The options are:

On

Off

Auto

Channel Width Channel Width can be:

20 MHz

40MHz Extension Channel Above

40MHz Extension Channel Below

Note that all APs in a Virtual Cell must have the same channel width.

MIMO Mode Select:

2×2 for either AP1000 with an 802.3af PoE

3×3 for AP400 depending on radio and power source configuration

802.11n Only Mode 802.11n only mode is for AP400/AP1000s with N capability. Select:

On: to support only 802.11n

Off: (default) to support 802.11an or 802.1bgn

RF Virtualization Mode This field is displayed only when the underlying AP is a AP400 model. If the underlying AP is any of the other APs, this field shall be greyed out in GUI. The default value of RF Virtualization Mode is Virtual Port. The options are Virtual Port, Virtual Cell, and Native Cell.
Probe Response Threshold Enter the Probe Response Threshold and the valid range is 0-100.
Mesh Service Admin Status Enable or Disable the Mesh Service Admin Status.
Transmit Beamforming Support Select the Transmit Beamforming Support:

•  Disabled

•  SU-MIMO

•  MU-MIMO (to support 802.11ac Wave 2 capable clients)

Supported in AP122, AP832, OAP832e, AP822, FAP-U421EV, and FAP-U423EV.

Configure an AP’s Radios with the Web UI

Field Description
STBC Support Select the STBC Support:

On

Off

DFS Fallback Option Select enable to allow the AP to fallback to a different channel when a radar is detected. Supported only in AP1xx, AP433, AP 8xx, AP1xxx, AP332, FAP-U421EV,and FAPU423EV.

If the DFS fallback option is enabled:

•  DFS fallback channel 52 is selected

•  DFS Channel Revertive is set to 45 min

•  When radar detected, it checks the fallback channel 52 for 60 sec. and if no radar is found it switches to the channel 52

•  After 45 min, it reverts back to original operating channel if the channel is available

(Channel avail test runs successfully) If the DFS fallback option is disabled:

•  If radar is detected the system performs its own fallback channel selection.

•  It will revert back to the original channel after 30 minutes if it passes the channel availability test (monitors the channel for 60 seconds).

DFS Fallback Channel Select the fallback channel.
DFS Channel Revertive (minutes) Select the time AP will take to revert back to its original channel.

AP1000 radios always have Virtual Cell enabled, but there is a way to use AP1000 in non-Virtual Cell mode. See Adding an ESS with the CLI.

The FAP U42xEV and FAP U32xEV Access Points can support up to 256 clients per radio interface. The 256 client support per radio is only for a native cell environment. In a virtual cell environment, the maximum clients supported per interface are 170.

Configure an AP’s Radios with the Web UI

FortiWLC – Add and Configure an AP with the Web UI

Add and Configure an AP with the Web UI

When you add an AP to a controller, you configure these features:

  • AP ID
  • AP Name
  • Serial Number
  • Location, Building, Floor
  • Contact
  • LED Mode
  • Boot script (AP Init Script)
  • Dataplane Encryption
  • AP Role
  • Parent AP ID
  • Link Probing Duration
  • Power Supply Type
  • AP Indoor/Outdoor Type

Meru Access Points can be connected to the controller through a Layer 2 network or a Layer 3 network. To both add and configure an AP, follow these steps:

  1. Click Configuration > Devices > APs > Add.

The AP Table Add window displays.

Add and Configure an AP with the Web UI

Figure 65: Add an AP to the Network

  1. Provide the following values and then click OK.
Field Description
AP ID

(required)

Unique AP numeric identifier up to 9999 characters long
AP Name

(required)

Alphanumeric string up to 64 characters long assigned as identifier for the access point. Note that it can be helpful to name the AP something descriptive, such as a means of indicating its location in the building.
Serial Number (optional) These boxes are designed to hold the MAC address which is part of the longer part number on the bottom of an AP. The MAC address is the last 12 numbers.
Location (optional) Alphanumeric string up to 64 characters long
Building (optional) Alphanumeric string up to 64 characters long

Add and Configure an AP with the Web UI

Field Description
Floor

(optional)

Alphanumeric string up to 64 characters long
Contact (optional) Alphanumeric string up to 64 characters long
LED Mode

(optional)

Sets LED appearance on AP332/AP400 and AP1000.

Normal: LEDs are as described in the Access Point Installation Guide

Node ID: Not supported in release 5.1

Blink: Sets all LEDs flashing; this is useful to locate one AP. The blink sequence is unique for different AP models.

Dark: Turns off all LEDs except power

AP Init Script (optional) Name of an initialization script that the access point runs when booted.
Dataplane Encryption (optional) In a Mesh configuration, selects how the AP and Controller pass data packets:

On: the AP-Controller link is encrypted

Off: the AP-Controller link is unencrypted (default)

AP Role

(optional)

In a Mesh configuration, determines the role that the AP plays in the mesh: access: Access point is operating as a standard, wired AP.

wireless: Access Point is part of the Enterprise Mesh configuration, providing wireless access services to 802.11/bg clients and backhaul services on the 802.11/a link.

gateway: Access point is part of the Enterprise Mesh configuration, providing the link between the wired and wireless service.

Parent AP ID (optional) In a Mesh configuration, a wireless AP is directed to look for a signal from a Parent AP, which provides the wireless AP with its backhaul connectivity. Several APs can be assigned the same Parent AP ID.
Link Probing Duration (optional) Length of time (from 1 to 32000 minutes) that bridged APs wait before rebooting when the controller link is broken. This setting is used in Remote AP configurations to prevent AP reboots when the connectivity to the remote controller is lost. The default is 120.
KeepAlive Timeout (seconds) In the KeepAlive Timeout (seconds), specify the duration of time (from 1 to 1800 seconds), for the remote APs to remain in the online state with respect to the controller, even when the link to the AP is down. The discovery message from the controller to the AP is modified depending on the time lapse provided in the Link Probing Duration box and the KeepAlive Timeout (seconds) box. The default is 25.
AP Indoor/ Outdoor

AP

(optional)

An Indoor and outdoor AP have different regulatory settings for channels and power levels. This setting adjusts those values.

Add and Configure an AP with the Web UI

FortiWLC – Support for CAPWAP

Support for CAPWAP

FortiWLC supports Control and Provisioning of Wireless Access Points (CAPWAP) protocol to allow Fortinet access points to discover Fortinet WLAN controllers. In addition to controller discovery, APs can send keep-alive packets to controllers via CAPWAP.

This is a partial implementation of the CAPWAP protocol that is limited to controller discovery, keepalive packets (echo request and response), AP image upgrade, and tunnelled client data packets between AP and controller.

Legacy Discovery Process

There are three types of access point discovery:

  • Layer 2 only-Access point is in the same subnet as controller.
  • Layer 2 preferred-Access point sends broadcasts to find the controller by trying Layer 2 discovery first. If the access point gets no response, it tries Layer 3 discovery.
  • Layer 3 preferred-Access point sends discovery message to the controller by trying Layer 3 discovery first. If the access point gets no response, it tries Layer 2 discovery.
  • Layer 3 only-Access point sends discovery message to the controller by trying Layer 3 only.

For Layer 2 and Layer 3 discovery, the access point cycles between Layer 2, Layer 3, and Mesh (if mesh is enabled) until it finds the controller.

An access point obtains its own IP address from DHCP (the default method), or you can assign a static IP address. After the access point has an IP address, it must find a controller’s IP address. By default, when using Layer 3 discovery, the access point obtains the controller’s IP address by using DNS and querying for hostname. The default hostname is “wlan-controller.” This presumes the DNS server knows the domain name where the controller is located. The domain name can be entered via the AP configuration or it can be obtained from the DHCP server, but without it, an Layer 3-configured AP will fail to find a controller. Alternately, you can configure the AP to point to the controller’s IP directly (if the controller has a static IP configuration).

After the access point obtains the controller IP address, it sends discovery messages using UDP port 9393. After the controller acknowledges the messages, a link is formed between the AP and the controller.

Discovery sequence for OAP832 and OAP433

Even if OAP832 and OAP433 are configured in the L3-only mode, the access points will be use L3 preferred mode to find controller. If the L3-preferred mode fails, they will fall back to L2 mode.

Legacy Discovery Process

 

CAPWAP and Legacy Reference
Port Requirements
Activity CAPWAP UDP Ports L3 UDP Ports Ethertype (L2)
Discovery 5246 9292 0x4003
Configuration and KeepAlive 5246 5000 0x4001
Data Flow 5247 9393 0x4000
Controller and AP Communication Ports
AP firmware version Discovery Mode Discovery

Port /

Ethertype

keep-alive ports /

Ethertype

Configuration ports/

Ethertype

Data

Flow

Ports /

Ethertype

Notes
Pre-8.3 (8.2, 8.1, 8.0, 7.0,  etc.,) L2

L3

0x4003

9292

0x4001

5000

0x4001

5000

0x4000

9393

After upgrade,

UDP 5246 and

8.3.0 L2 0x4003 0x4001 0x4001 0x4000 5247 is used for future discovery process and data flow respectively.
  L3 5246 5246 5000 5247  
CAPWAP Discovery

The CAPWAP protocol requires the UDP ports 5246 and 5247 to exchange control and data packets respectively

Legacy Discovery Process

Discovery Sequence

The CAPWAP discovery supports the following sequence on port UDP 5246:

  1. Unicast Options Controller IP address: AP sends discovery request to a controller based on the configured IP address in the AP.
    • DHCP Option 138: AP sends discover request to the controller configured with DHCP option 138. Alternatively, option 43 is also available for discovering controller.
    • DNS: AP sends discovery request based on the DNS resolution of – _capwap-control._udp.example.com
  2. Multicast: AP sends discovery request via multicast address – 224.0.1.140
  3. Broadcast: AP sends discovery request via broadcast address on – 255.255.255
Discovery Process
  1. In L3 discovery mode, the AP sends discovery request on both port 5246 and port 9292 to the controller.
  2. If the controller is already upgraded to 8.3 release, it sends response on port 5246 to complete the AP association.
  3. Further the keep-alive and image upgrade message exchange happens on port 5246.
  4. Tunnelled client data are sent to controller on port 5247.
Upgrading from Pre-8.3 Release

Using the upgrade controller command with auto‐ap‐upgrade ON

  1. The controller is upgraded to 8.3 and will now listen on port 5246 and 9292 for discovery request from access points. During the controller upgrade process, the pre-8.3 access points will continue re-discovery of the controller using the legacy method.
  • Once the controller is upgraded, the pre-8.3 APs will associate with the controller using the legacy method.
  1. Now, the access points begin the upgrade process. After the upgrade is complete, the access points will send discovery request on port 5246 and port 9292. The controller that is already upgraded to 8.3 will respond on port 5246 to complete AP association.

Legacy Discovery Process

Using the upgrade system command
  1. The APs are upgraded first to the 8.3 release. After upgrade the APs will send discovery request using a method sequence as mentioned in the Discovery Sequence section.
  2. The controller is upgraded to 8.3 after the APs are upgraded. The 8.3 controller will respond to AP discovery request.

Post Upgrade

Ensure that UDP 5000 is open after the upgrade is complete.

Downgrading

When downgraded to a previous release, the discovery mechanism will switch back to the legacy discovery process. However, we recommend that you open the CAPWAP UDP ports, Kcom (L3) UDP ports, and Ethertypes.

FortiWLC – VLAN Pooling

VLAN Pooling

To reduce big broadcast or risking a chance of running out of address space, you can now enable VLAN pooling in an ESS profile.

VLAN pooling essentially allows administrators to create a named alias using a subset of VLANs thereby creating a pool of address. By enabling VLAN pool, you can now associate a client/device to a specific VLAN. This allows you to effectively manage your network by monitoring appropriate or specific VLANs pools.

Features
  • You can associate up to 16 VLANs to a pool.
  • You can create a maximum of 64 VLAN Pools.
  • You can specify the maximum number of clients that can be associated to a VLAN.
  • The client/device behaviour does not change after it is associates to a VLAN in a pool. If a VLAN is removed from a VLAN pool, clients/devices connected to the VLAN will continue to be associated to the VLAN. However, if the clients disconnect and reconnect the VLAN will change.

VLAN Pooling

Configuration
Using WebUI
Using CLI
  1. Configure VLAN default(config)# vlan vlan10 tag 10 default(config‐vlan)# ip address 10.0.0.222 255.255.255.0 default(config‐vlan)# ip default‐gateway 10.0.0.1

VLAN Pooling

default(config‐vlan)# exit default(config)# exit default# sh vlan vlan10

VLAN Configuration

VLAN Name                             : vlan10

Tag                                   : 10

Ethernet Interface Index              : 1 IP Address                            : 10.0.0.222 Netmask                               : 255.255.255.0

IP Address of the Default Gateway     : 10.0.0.1

Override Default DHCP Server Flag     : off DHCP Server IP Address                : 0.0.0.0

DHCP Relay Pass‐Through               : on

Owner                                 : controller

Maximum number of clients             : 253 2. Configure VLAN Pool default(config)# vlan‐pool vlangroup default(config‐vpool)# tag‐list 10,36 default(config‐vpool)# exit default(config)# exit default# sh vlan‐pool

VLAN Pool Name           Vlan Pool Tag List vlangroup                10,36

VLAN Pool Configuration(1 entry)