Band Steering Feature
Band steering works with multi-band capable clients by letting you assign bands to clients based on their capabilities. Without band steering, an ABG client could formerly associate on either the A or the B/G channels, leading to overcrowding on one band or the other. With band steering, you can direct some of this traffic to the A band. Another example of using band steering is to separate and data traffic. You can leave all -capable clients the B/G channels (where bandwidth is not a concern) and move data-only clients to the A bands to achieve higher data rates. To use band steering for ABGN traffic, you could use A-Steering to direct dual mode clients with A capability to the 5GHz band and use N-Steering to direct all dual mode clients with AN capability to the 5GHz band. Band steering is also useful for directing multicast traffic.
Configure Band Steering with the Web UI
Band Steering is enabled on a per-ESS basis. When you create or modify an ESS, you can enable band steering. To do this with the Web UI, follow the directions “Add an ESS with the Web UI” on page 137 setting the field Enable Band Steering to On. The field Band Steering Timeout defaults to 5 seconds; this is the number of seconds that assignment for a steered client is blocked on the forbidden band while it is unassociated. For this command to work as clients are added, also set the field New APs Join ESS to on in the ESS.
Multicast Restriction per VLAN
Configure Band Steering with the CLI
Two new CLI commands have been added for band steering. band-steering-mode enables band steering on an ESS and band-steering-timeout sets the number of seconds that assignment for a steered client is blocked on the forbidden band while it is unassociated. The command band-steering-mode disable turns off band steering. To use band steering, create an ESS with the following configuration:
ESS Profile
ESS Profile : bandsteering Enable/Disable : enable
SSID : bandsteering
Security Profile : default Primary RADIUS Accounting Server : Secondary RADIUS Accounting Server :
Accounting Interim Interval (seconds) : 3600
Beacon Interval (msec) : 100
SSID Broadcast : on
Bridging : none New AP’s Join ESS : on
Tunnel Interface Type : none VLAN Name : Virtual Interface Profile Name :
GRE Tunnel Profile Name :
Allow Multicast Flag : off
Isolate Wireless To Wireless traffic : off
Multicast‐to‐Unicast Conversion : on
RF Virtualization Mode : VirtualCell
Overflow from :
APSD Support : on
DTIM Period (number of beacons) : 1
Dataplane Mode : tunneled AP VLAN Tag : 0
AP VLAN Priority : off Countermeasure : on
Multicast MAC Transparency : off
Band Steering Mode : a‐steering Band Steering Timeout(seconds) : 5
This example sets band steering to the A channel on the existing ESS named bandsteering:
default(15)# configure terminal default(15)(config)# essid bandsteering default(15)(config‐essid)# dataplane bridged default(15)(config‐essid)# band‐steering‐mode a‐steering default(15)(config‐essid)# end default(15)#
| default(15)# show essid bandsteering ESS Profile | |
| ESS Profile | bandsteering |
| Enable/Disable | enable |
| SSID | bandsteering |
| Security Profile | default |
Primary RADIUS Accounting Server Secondary RADIUS Accounting Server
Accounting Interim Interval (seconds) : 3600
Beacon Interval (msec) : 100
SSID Broadcast : on
Bridging : none New AP’s Join ESS : on
Tunnel Interface Type : none
VLAN Name :
Virtual Interface Profile Name : GRE Tunnel Profile Name :
Allow Multicast Flag : off
Isolate Wireless To Wireless traffic : off
Multicast‐to‐Unicast Conversion : on
RF Virtualization Mode : VirtualPort
Overflow from :
APSD Support : on
DTIM Period (number of beacons) : 1
Dataplane Mode : bridged AP VLAN Tag : 0
AP VLAN Priority : off Countermeasure : on
Multicast MAC Transparency : off
Band Steering Mode : a‐steering Band Steering Timeout(seconds) : 5 This example disables band steering:
default(15)# configure terminal
default(15)(config)# essid bandsteering default(15)(config‐essid)# band‐steering‐mode disable default(15)(config‐essid)# end default(15)#
default(15)# sh essid bandsteering
ESS Profile
ESS Profile : bandsteering Enable/Disable : enable
SSID : bandsteering
Security Profile default
Primary RADIUS Accounting Server
Secondary RADIUS Accounting Server
Band Steering Feature
| Accounting Interim Interval (seconds) | 3600 |
| Beacon Interval (msec) | 100 |
| SSID Broadcast | on |
| Bridging | none |
| New AP’s Join ESS | on |
| Tunnel Interface Type | none |
VLAN Name Virtual Interface Profile Name
GRE Tunnel Profile Name :
Allow Multicast Flag : off
Isolate Wireless To Wireless traffic : off
Multicast‐to‐Unicast Conversion : on
RF Virtualization Mode : VirtualPort
Overflow from :
APSD Support : on
DTIM Period (number of beacons) : 1
Dataplane Mode : bridged AP VLAN Tag : 0
AP VLAN Priority : off
Countermeasure : on
Multicast MAC Transparency : off
Band Steering Mode : disable
Band Steering Timeout(seconds) : 5
Expedited Forward Override
The Expedited Forward Override option is implemented to override the system’s default DSCP-to-WMM priority mapping. IP datagrams marked with DSCP Expedited Forwarding (46) will be sent from the WMM queue (AC_VO) of the AP rather than the Video queue (AC_VI) in downstream (to stations). This feature is specific to AP400 and is disabled by Default. It is configured on a per-ESS Profile basis and works in both bridged and tunneled ESS profiles.
Steps to configure Expedited Forward Override
- Steps to Enable Expedited Forward Override Feature in ESSID:
default # config terminal default(config)# essid meru
default(config‐essid)# expedited‐forward‐override default(config‐essid)# end
default# show essid meru
ESS Profile
ESS Profile meru
Enable/Disable enable
SSID meru
| Security Profile Primary RADIUS Accounting Server Secondary RADIUS Accounting Server | default |
| Accounting Interim Interval (seconds) | 3600 |
| Beacon Interval (msec) | 100 |
| SSID Broadcast | on |
| Bridging | none |
| New AP’s Join ESS | on |
Tunnel Interface Type : none
VLAN Name :
Virtual Interface Profile Name : GRE Tunnel Profile Name :
Allow Multicast Flag : off
Isolate Wireless To Wireless traffic : off
Multicast‐to‐Unicast Conversion : on
RF Virtualization Mode : VirtualPort Overflow from :
APSD Support : on
DTIM Period (number of beacons) : 1
Dataplane Mode : tunneled AP VLAN Tag : 0
AP VLAN Priority : off
Countermeasure : on
Multicast MAC Transparency : off
Band Steering Mode : disable
Band Steering Timeout(seconds) : 5
Expedited Forward Override : on
SSID Broadcast Preference : till‐association
B Supported Transmit Rates (Mbps) : 1,2,5.5,11 B Base Transmit Rates (Mbps) : 11
- Steps to Disable Expedited Forward Override Feature in ESSID:
Meru# config terminal
Meru(config)# essid meru
Meru (config‐essid)# no expedited‐forward‐override
Meru(config‐essid)# end
Meru # show essid meru
ESS Profile
ESS Profile : meru
Enable/Disable : enable SSID : meru
Security Profile : default
Primary RADIUS Accounting Server : Secondary RADIUS Accounting Server
Accounting Interim Interval (seconds) 3600
Beacon Interval (msec) 100
Band Steering Feature
| SSID Broadcast | on |
| Bridging | none |
| New AP’s Join ESS | on |
| Tunnel Interface Type VLAN Name Virtual Interface Profile Name GRE Tunnel Profile Name | none |
| Allow Multicast Flag | off |
Isolate Wireless To Wireless traffic : off
Multicast‐to‐Unicast Conversion : on
RF Virtualization Mode : VirtualPort
Overflow from :
APSD Support : on
DTIM Period (number of beacons) : 1
Dataplane Mode : tunneled AP VLAN Tag : 0
AP VLAN Priority : off Countermeasure : on
Multicast MAC Transparency : off
Band Steering Mode : disable
Band Steering Timeout(seconds) : 5
Expedited Forward Override : off
SSID Broadcast Preference : till‐association
B Supported Transmit Rates (Mbps) : 1,2,5.5,11
B Base Transmit Rates (Mbps) : 11
SSID Broadcast for Vport
The SSID Broadcast for Vport function is designed to improve connectivity when using Cisco phones.
Configuration of SSID Broadcast for Vport
The SSID Broadcast for Vport option is similar to that for the ESSID configuration parameter. From the ESSID configuration, the SSID Broadcast for Vport option has three configurable parameters from GUI and IOSCLI as follows:
- Disable: This is the default configuration on the ESSID profile page. Configuring the parameter to “Disable” makes the AP not to advertise the SSID in the beacon.
Example for configuring the option to Disable from IOSCLI:
| default# configure terminal default(config)# essid assign
default(config‐essid)# publish‐essid‐vport disabled default(config‐essid)# exit default(config)# exit |
- Always: Configuring the parameter to “Always” enables the AP to advertise the SSID on the beacons always. This must not be configured unless recommended. Example for configuring the option to till association from IOSCLI:
| default# conf terminal default(config)# essid assign
default(config‐essid)# publish‐essid‐vport always default(config‐essid)# end |
- Till-Association: Configuring the parameter to “Till-Association” enables the AP to advertise the SSID in the beacons until the association stage of the client and disables the SSID broadcast in the later part of connectivity. This parameter is preferable to configure for the certain version of phones which will resolves the connectivity issues with the Vport ON. Once station associated, The AP will stop broadcasting SSID string. Here the users are allowed to configure SSID broadcast for VPort parameter from controller GUI per ESS basis in addition to AP CLI.
Example for configuring the option to till association from IOSCLI:
| default# conf terminal default(config)# essid assign
default(config‐essid)# publish‐essid‐vport till‐association default(config‐essid)# end |
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!