Automatic all-SSID selection in FortiAP Profile (219347)
The SSID field in FortiAP Profiles now includes the option Automatically assign Tunnel-mode SSIDs. This eliminates the need to re-edit the profile when new SSIDs are created. You can still select SSIDs individually using the Select SSIDs option.
Automatic assignment of SSIDs is not available for FortiAPs in Local Bridge mode. The option is hidden on both the Managed FortiAP settings and the FortiAP Profile assigned to that AP.
Improved override of FortiAP settings (219347 264010 264897)
The configuration settings of a FortiAP in WiFi Controller > Managed FortiAPs can override selected settings in the FortiAP Profile:
- Band and/or Channel
- Transmitter Power
- LAN Port mode
Note that a Band override also overrides Channel selections.
In the CLI, you can also override FortiAP LED state, WAN port mode, IP Fragmentation prevention method, spectrum analysis, and split tunneling settings.
Spectrum Analysis removed from FortiAP Profile GUI
Spectrum Analysis is no longer available in FortiAP Profiles in the GUI. It can be enabled in the CLI if needed.
Disable low data rates in 802.11a, g, n ac (297821)
To reduce air-time usage on your WiFi network, you can disable the use of low data rates which cause communications to consume more air time.
The 802.11 a, b, and g protocols are specified by data rate. 802.11a can support 6,9,12, 18, 24, 36, 48, and 54
Mb/s. 802.11b/g can support 1, 2, 5.5, 6, 9,12, 18, 24, 36, 48, 54 Mb/s. Basic rates are specified with the suffix “basic”, “12-basic” for example. The capabilities of expected client devices need to be considered when deciding the lowest Basic rate.
The 802.11n and ac protocols are specified by MSC (Modulation and Coding Scheme) Index and the number of spatial streams.
- 802.11n with 1 or 2 spatial streams can support mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1,mcs8/2,mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
- 802.11n with 3 or 4 spatial streams can support mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
- 802.11ac with 1 or 2 spatial streams can support mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2.
- 802.11ac with 3 or 4 spatial streams can support mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4
Here are some examples of setting basic and supported rates.
config wireless-controller vap edit <vap_name>
set rates-11a 12-basic 18 24 36 48 54 set rates-11bg 12-basic 18 24 36 48 54
set rates-11n-ss34 mcs16/3 mcs18/3 mcs20/3 mcs21/3 mcs22/3 mcs23/3 mcs24/4 mcs25/4 set rates-11ac-ss34 mcs0/3 mcs1/3 mcs2/3 mcs9/4 mcs9/3
WiFi and Switch controllers are enabled separately (275860)
In the Feature Store (System > Features), the WiFi Controller and Switch Controller are now separate. However, the Switch Controller must be enabled in order for the WiFi Controller to be visible.
In the CLI, the settings that enable the WiFi and Switch controllers have been separated:
config system global
set wireless-controller enable set switch-controller enable
The settings that enable the GUI display for those controllers have also been separated:
config system settings
set gui-wireless-controller enable set gui-switch-controller enable
Add Support of LLDP protocol on FortiAP to send switch and port information (283107)
You can enable LLDP protocol in the FortiAP Profile. Each FortiAP using that profile can then send back information about the switch and port that it is connected to. This information is visible in the optional LLDP column of the Managed FortiAP list. To enable LLDP:
config wireless-controller wtp-profile edit <profile-name>
set lldp enable end
WTP groups (278462)
You can define FortiAP Groups. Each group can contain FortiAPs of a single platform (model). These groups can be used in VLAN-pooling to assign APs to particular VLANs. Create a FortiAP Group in the CLI like this:
config wireless-controller wtp-group edit 1
set platform-type 320C
edit FP320C3X14010828 next
edit FP320C3X14010830 end
The platform-type field is optional. If it is left empty, the group can contain FortiAPs of any model.
In an SSID, you can define a VLAN pool. As clients associate to an AP, they are assigned to a VLAN. A VLAN
- assign a specific VLAN based on the AP’s FortiAP Group, usually for network configuration reasons, or
- assign one of several available VLANs for network load balancing purposes (tunnel mode SSIDs only)
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos