Category Archives: FortiWLC

FortiWLC Summary of File System Commands

Summary of File System Commands

The following lists the available file system commands in privileged EXEC mode.

Upgrading System Images

Command	Purpose
controller> cd [filesystem]	Sets the default directory on the Flash memory device. If no directory name is specified, this sets the default directory to images. Permitted directories are: images: The directory containing upgrade images ATS/scripts: The directory containing AP boot scripts backup: The directory containing database backup images.
controller> pwd	Displays the current working directory.
controller> dir [filesystem:][filename]	Displays a list of files on a file system. This can be one of the permitted directories given in the cd command or a remote directory referenced by an FTP URL.
controller# delete filename controller# delete directory:filename controller# delete flash: image	Deletes a file from the file system or deletes an upgrade image file from flash memory. The directory parameter can be used to delete a file from a different folder.
controller# show flash	Display the versions of the image files contained in the controller’s flash memory.
controller# rename old new	Renames a file from old to new.
controller# show running-config	Display the contents of the running configuration file.
controller# more running-config	Display the contents of the running configuration file. Alias for show running-config, but in contrast to that command, this one prompts the user to press a key to scroll the screen once it is filled. This allows the configuration to be shown a screen at a time, instead of scrolling all the way through instantly.
controller# copy running-config ftp\|sftp\|scp:[[[//username:password]@location/directory]/filename]	Copies the running configuration file to an FTP, SFTP, or SCP server, for example: controller# copy running-config ftp://user1:userpass@server1/jan01config controller# copy running-config scp://user1:userpass@server1/ jan01-config
controller# copy running-config startupconfig	Saves the running-configuration to the startup configuration to make it persistent. You should always do this after a set of configuration commands if you want your changes to persist across reboots.

Summary of File System Commands

Command	Purpose
controller# reload ap [id] \| all \| controller \| default	Reboots the controller and/or the specified AP: If the ap keyword is specified, all APs are rebooted, or if id is included, the AP with the identifier id is rebooted. If the keyword all is specified, the Fortinet controller and all the APs are rebooted, using the current startup configuration. If the keyword controller is specified, the controller is rebooted, using the current startup configuration. If the keyword default is specified, the controller and all the APs are rebooted at the factory default startup configuration.
controller# upgrade feature *version*	Upgrades the system with the specified feature.
controller# upgrade system *version*	Upgrades the system image on the controller and all APs to the specified version.
controller# upgrade ap *version* \| same [id \| range \| all]	Upgrades the access point image to the same version of system software that the controller is running. id—Upgrades the access point with the specified ID to the same version of system software that the controller is running. range—Upgrades a range of APs, specified as a list using commas and dashes, without spaces or wildcards. AP IDs must be listed in ascending order. all—Upgrades all access point image to the same version of system software that the controller is running.
controller# downgrade system *version*	Downgrades the system image on the controller and all APs to the specified version. Note that when this command is executed, the user will be prompted to remove all local users and groups from the system.
controller# run *script*	Executes the named script. If the script is in the current directory, the relative path name is specified. Otherwise, the full path name must be specified. The script must be either in images, ATS/scripts, or backup.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

FortiWLC Upgrading System Images

Leave a reply

Upgrading System Images

The controller is shipped with a pre-installed system image, containing the complete FortiWLC (SD) software. This image is loaded when the controller boots. As new software releases become available, you may decide to upgrade the system image.

Each release is accompanied by a Release Notes file on the documentation CD, which include procedures for upgrading different types of system configurations to the current release. Be sure to use the procedure included in the Release Notes when you choose to upgrade your system, as they provide the most up-to-date procedures.

FortiWLC Manipulating System Files

Leave a reply

Manipulating System Files

To manage the system files, you might want to transfer a configuration file to a remote system to back up the file, or obtain from a remote system an update or backup file. To access the remote system, you probably need a username and password. This section provides some example commands for performing these tasks.

Manipulating Files on a Network Server

To specify a file on a network server, use one of the following forms:

ftp://<username>:<password>@server/filename
scp://<username>:<password>@server/filename
sftp://<username>:<password>@server/filename
tftp://server/filename

The server can either be an IP address or host name. The username, if specified, overrides a username specified by the global configuration command ip ftp username. A password also overrides a password specified by the global configuration command ip ftp password.

The specified directory and filename are relative to the directory used for file transfers, or in absolute format.

Manipulating System Files

The following example uses secure FTP to access the file named meru-3.7-config on a server named ftp.fortinet.com. This example uses the username admin and the password secret to access this server: controller# copy sftp://admin:secret@ftp.fortinet.com/meru-3.7-config<space>.

For SCP (secure copy), replace the prefix sftp with scp.

Remote File Transfer Tasks

On a remote file system located on an FTP, SFTP, TFTP or SSH server, you can perform the following tasks:

Copy files to or from the controller using the copy command.
List the files in a given directory using the dir command.

Copying Files to a Remote Server

For example, to copy a backup image jun01.backup.mbu from the local directory images to a remote directory /home/backup on server server1, with user user1 using FTP, with the same remote filename, type:

controller# cd images controller# dir total 48

‐rw‐r‐‐r‐‐ 1 root root 15317 Jan 9 15:46 jun01.backup.mbu

controller# copy jun01.backup.mbu ftp://user1@server1/home/backup/. FTP Password: controller#

Type the password for user user1 at the FTP Password prompt. To use SCP instead of FTP:

controller# copy jun01.backup.mbu scp://user1@server1/home/backup/.

SCP Password:

Displaying a Remote Server’s Directory Contents

To display the contents of the remote directory /home/backup on the server server1, for the username user1 and password userpass, you can type: controller# dir ftp://user1:userpass@server1/home/backup

If you only specify the user name but not the password, the CLI prompts you to enter the password:

controller# dir ftp://user1@server1/home/backup FTP Password:

Manipulating System Files

Setting a Remote Username and Password

The secure remote file transfer commands require a remote username and password on each request to a server. The CLI uses the user name and password specified in the dir or copy command to authenticate with the remote file servers.

If you do not want to type the user name and password for each secure remote file transfer command, you can set these values for the duration of your session using the ip ftp, ip sftp, or ip scp commands.

For example, to set the FTP user name to user1 and the FTP password to userpass, type:

controller# configure terminal controller(config)# ip ftp username user1 controller(config)# ip ftp password userpass controller(config)# ^Z controller#

Likewise, to set the SCP user name to user1 and the SCP password to userpass, type:

controller# configure terminal controller(config)# ip scp username user1 controller(config)# ip scp password userpass controller(config)# ^Z controller#

If you have set the FTP username and password as in the previous example, you can now type the following: controller# dir ftp://server1/home/backup

FortiWLC Working with Configuration Files

Leave a reply

Working with Configuration Files

Configuration files direct the functions of the controller. Commands in the configuration file are parsed by the CLI and executed when the system is booted from the database, or when you enter commands at the CLI in a configuration mode. There are two types of configuration files used by the CLI:

The startup database file (startup-config) is executed at system startup.
The running configuration file (running-config) contains the current (running) configuration of the software.

The startup configuration file may be different from the running configuration file. For example, you might want to change the configuration, and then for a time period evaluate your changes before saving them to the startup configuration.

In this case, you would make the configuration changes using the configure terminal commands, but not save the configuration. When you were sure you wanted to permanently incorporate the changes, you would use the copy running-config startup-config EXEC command.

Changing the Running Configuration

The configure terminal EXEC command allows you to make changes to the running configuration. Commands are executed immediately, but are not saved. To save the changes, see “Changing the Startup Configuration.”

TABLE 7: Steps to Modify the Running Configuration

Command	Purpose
controller# configure terminal	Enters global configuration mode.
controller(config)# …..	Enter the commands you want to put in your running configuration. The CLI executes these commands immediately and also inserts them to the running configuration file.

Working with Configuration Files

TABLE 7: Steps to Modify the Running Configuration

Command	Purpose
controller# copy running-config startup-config	Saves the running configuration file as the startup configuration file. You must save the running configuration to the startup configuration file for your configuration changes to persist during a reboot.
controller(config)# end or controller(config)# Ctrl-Z	Ends the configuration session and exits EXEC mode. NOTE: You need to press the Ctrl and Z keys simultaneously.
controller(config)# Ctrl-C	Cancels any changes and reverts to the previous mode.

Changing the Startup Configuration

To make your configuration changes persistent across reboots, use the copy running-config startup-config EXEC command to copy the running configuration to a startup configuration.

FortiWLC Managing Files Via the WebUI

Leave a reply

Managing Files Via the WebUI

While local files can be managed via the CLI as well, the FortiWLC (SD) WebUI provides a convenient management interface from the Maintenance > File Management button. The File Management page contains separate tabs for the following types of files:

AP Init Script—Manages AP bootup scripts
Diagnostics—Contains diagnostic files
SD Versions—All software image files stored on the controller Syslog—Stored Syslog data for the various components of the system

Refer to the sections below for additional details relating to each tab.

AP Init Script

The default tab selected when the user first navigates to the File Management system shows any scripts installed on the system designed to make small tweaks to APs upon bootup. See Figure 4 below.

Figure 4: AP Init Script Table

Users can perform various tasks for a given boot script by clicking the radio button alongside the desired script and clicking the necessary button from the bottom of the screen, as described in

Managing Files Via the WebUI

TABLE 3:

Button	Action
Refresh	Refreshes the list of scripts shown.
New	Opens the Add/Edit window, which allows a user to create a new bootscript.
View	Opens a new window that shows the content of the boot script.
Edit	Allows the user to modify the selected script, including its commands as well as the name of the script itself.
Delete	Deletes the selected script.
Import	Opens up a window from which the user can browse for a local boot script file and upload it to the controller. Note: Only files with a “.txt” extension are permitted to be uploaded.
Export	Exports the selected script to the local machine.

Diagnostics

The Diagnostics tab displays any diagnostic files that have been generated by the controller. These files are in compressed format, so once they are downloaded to the local machine, the user can decompress them and view the logs contained within.

Figure 5: Diagnostics Tab

Once decompressed, the diagnostic logs can be viewed using a standard text editor. To download a log file, simply click the radio button next to the desired file and click Export. The table below describes the functions performed by the buttons on the screen.

TABLE 4:

Button	Action
Refresh	Refreshes the list of files shown.
Export	Exports the selected file to the local machine.
Delete	Deletes the selected file.

Image

The Image tab allows the user to manage the FortiWLC (SD) image files stored on the controller. Since these files can be quite large, users may occasionally need to delete older images in order to perform system upgrades. Figure 6: Image Tab

The following table details the buttons provided for managing system files.

Managing Files Via the WebUI

TABLE 5:

Button	Action
Refresh	Refreshes the list of files shown.
Import	Allows the user to upload an image file from the local machine onto the controller. Note: Controller image files must be in “.tar” format.
Delete	Deletes the selected file.

Syslog

The Syslog tab provides an interface to easily view and manage Syslog files that have been generated and stored on the controller.

Figure 7: Syslog Tab

Syslog files are stored in “.log” format and can be viewed using a standard text editor. To download and view one, simply click the radio button alongside the desired file and click Export.

TABLE 6:

Button	Action
Refresh	Refreshes the list of files shown.
Export	Allows the user to download and view the selected file.

FortiWLC About the CFS

Leave a reply

About the CFS

The CFS allows you to manage the controller operating system (FortiWLC (SD)) and its configuration files.

Files used to operate the controller are located in directories on the controller flash card. Initially, the flash contains the shipped operating system, referred to as the image, which of course is set with default settings. During the course of normal operation, you probably will want to perform some or all of the following tasks:

Configure custom settings and save the settings to a configuration file.
Save the configuration file to a backup directory on the controller.
Save the configuration file to a remote location to provide a more secure backup or as input for configuring other controllers.
Restore the settings from a known, reliable backup file.
Restore the system to its default settings.
Upgrade the system to a new version of the operating system.
Downgrade the system to a previous operating system version.
Execute scripts to automate configuration.

To accomplish these tasks you need to use the CFS to manipulate files. The CFS allows you to perform the following tasks:

Display information about files within a directory
The display information includes the file name, size, and date of modification.
Navigate to different directories
You can navigate to different directories and list the files in a directory.
Copy files

The CFS allows you to copy files on the controller via a pathname or to manipulate remote files. Use Uniform Resource Locators (URLs) to specify the location of a remote file. URLs are commonly used to specify files or locations on the World Wide Web. You can use the URL format to copy file to or retrieve files from a location on a remote file server.

Delete files

Working with Local Directories

The controller flash card uses the following directories to organize its system files. You can access the following local directories:

Directory Name	Directory Contents
images	Directory where the current image resides and where you can place upgrade images that you have obtained remotely.
backup	Directory containing backup configuration files and databases.
ATS/scripts	Directory containing AP bootup scripts.
capture	Directory containing the packet capture files.

Viewing Directory and File Information

Use the pwd command to view the current directory. By default, the current working directory is images, as shown with the pwd command:

controller# pwd images

To view a detailed listing about the contents of a directory, use the dir command, which accepts an optional directory or filename argument: dir [[directory/]filename]

For example, to display the contents of the images directory:

About the CFS

controller# dir total 10 total 70

drwxr‐xr‐x 8 root root 1024 Jan 30 11:00 meru‐3.6‐45 drwxrwxr‐x 8 522 522 1024 Feb 21 2008 meru‐3.6‐46 ‐rw‐r‐‐r‐‐ 1 root root 2233 Feb 19 02:07 meru.user‐diagnostics.Dickens.2008‐02‐19.02‐07‐17.tar.gz

‐rw‐r‐‐r‐‐ 1 root root 3195 Feb 19 02:17 meru.user‐diagnostics.Dickens.2008‐02‐19.02‐17‐17.tar.gz

‐rw‐r‐‐r‐‐ 1 root root 3064 Feb 21 00:50 meru.user‐diagnostics.Dickens.2008‐02‐21.00‐50‐50.tar.gz

lrwxrwxrwx 1 root root 28 Feb 21 00:50 mibs.tar.gz ‐> meru‐

3.6‐46/mibs/mibs.tar.gz

‐rw‐r‐‐r‐‐ 1 root root 16778 Feb 21 00:50 pre‐upgrade‐config

‐rw‐r‐‐r‐‐ 1 root root 18549 Feb 21 00:53 script.log

‐rw‐r‐‐r‐‐ 1 root root 16427 Feb 21 00:53 startup‐config

‐rw‐‐‐‐‐‐‐ 1 root root 1915 Feb 21 00:50 upgrade.log To view information about a file in different directory, use the directory arguments:

controller# dir ATS/scripts

total 4

‐rwxr‐xr‐x 1 root root 67 Feb 21 2008 dense‐.scr

‐rwxr‐xr‐x 1 root root 25 Feb 21 2008 guard.scr

‐rwxr‐xr‐x 1 root root 82 Feb 21 2008 non‐guard.scr ‐rwxr‐xr‐x 1 root root 126 Feb 21 2008 svp.scr

Changing to Another Directory

Use the cd command to navigate to another directory on the controller: controller# cd backup

Use the pwd command to view the name of the current directory:

controller# pwd backup

FortiWLC What is Network Manager?

Leave a reply

What is Network Manager?

Network Manager is a Fortinet product that manages multiple controllers.

ESS, Security, VLAN, GRE and RADIUS profiles can all be configured either from Network Manager or from the controller. You can tell where a profile was configured by checking the read-only field Owner; the Owner is either NMS or controller. If a profile belongs to Network Manager, you cannot alter or delete it from a controller.

If a profile belongs to Network Manager, the recommendation is to alter/delete it from the Network Manager interface. If for some reason Network Manager is not reachable from the con What is Network Manager?

troller, then the recommendation is to unregister the Network Manager server from the controller using the nms-server unregister CLI command.

FortiWLC Web UI Concepts

Leave a reply

Web UI Concepts

Access FortiWLC (SD) by entering the IP address of the controller in a browser (see “Browsers” on page 46 below). The Web UI interface that displays operates from four menus: Monitor, Maintenance, Configuration, and Wizards. Clicking any entry from the list expands it to display the options contained therein.

Figure 1: Menu Options in the WebUI

How Does the GUI Relate to CLI Commands?

Most FortiWLC (SD) tasks can be accomplished using either the CLI or the GUI. Some commands can only be done with one or the other. The chart below gives some examples of this. You can refer to the illustration on the previous page or click the indicated links on the UI Interface.

How Does the GUI Relate to CLI Commands? 43

I need to know…	With the CLI	With the GUI
Stations that are associated	show station show phones	Station table (Monitor > Devices > All Stations)
Stations and APs that are detectable	show ap-discovered	Station table (Monitor > Devices > All Stations)
Controller setup	show controller	System Summary (Monitor > Dashboard > System)
APs that are connected	show ap	Station table (click Monitor > Devices > All Stations)
How are APs connected	show ap-connectivity ap-id	Station table (click Monitor > Devices > All Stations)
How many stations are connected	show station or show topostation	Station table (Monitor > Devices > All Stations)
Stations connections to certain AP	show ap-assigned mac-address	Station table (Monitor > Devices > All Stations)
Add a new operating system version to a controller using FTP	copy ftp://ftpuser:ftppasswd@*offbox-ip-address*/ meru-x.x-xxxMODEL-rpm.tar. upgrade system x.x	NA
See aggregate throughput for all APs	NA	System Dashboard (Monitor > Dashboard > System)
Syslog message summary	show syslog-table shows the entire log	SysLog Files Table (Maintenance > View Syslog) shows a segment of the log based on time
Alarms	show alarm	Alarms (Monitor > Fault Management > Alarms)
Rogues detected	show rogue-ap-list	Rogue AP Table (Monitor > Rogue Devices)
AP400 model	show ap

How Does the GUI Relate to CLI Commands?

I need to know…	With the CLI	With the GUI
Throughput bottlenecks	show statistics top10 -ap -problem (shows loss %) analyze-capture start, analyze-capture stop, analyze-capture capture	System Dashboard (Monitor > Dashboard > System)
High-volume users	show statistics top10-station-talker	Stations Dashboard (click Monitor > Dashboard > Station)
Why a user’s connection failed	station-log/station add analyze-capture	Station Diagnostics (click Monitor > Diagnostics > Station)
Dead spots	show topoap	Station Diagnostics (Monitor > Diagnostics > All Station > Signal Strength Chart)
Station retries	show station	Monitor > Dashboard > Station > Retries chart
User’s location	show station or show topostation	NA
Overloaded radios	show station show statistics top10-ap-problem	Monitor > Dashboard > Radio > Retries chart Radio Dashboard (Monitor > Dashboard > Radio > Throughput Chart)
High-loss radios	show station analyze-capture start, analyze-capture stop, analyze-capture snapshot	Monitor > Dashboard > Radio > Loss % chart Controller Dashboard (Monitor > Controller > High-Loss Radio chart)
Noisy radios	NA	Monitor > Diagnostics > Radio Controller Dashboard (Monitor > Controller > Noise Level chart)
Radio Management Overhead	show interfaces Dot11Radio statistics	Monitor > Dashboard > Radio > Management Overhead Distribution chart
Average Station data rates	show station 802.11 \| “802.11a” show station 802.11 \| “802.11b” show station 802.11 \| “802.11g” show station 802.11 \| “802.11g” show station 802.11 \| “802.11ab” show station 802.11 \| “802.11bg” show station 802.11 \| “802.11bgn”	Monitor > Dashboard > Station > Average Rate charts

How Does the GUI Relate to CLI Commands?

Browsers

WebUI

Internet Explorer 9,10 (Vista and Win XP)
Mozilla Firefox 25+ (Vista and Win XP)
Google Chrome 31+

Captive Portal

Internet Explorer 6, 7, 8,9, and 10
Apple Safari
Google Chrome
Mozilla Firefox 4.x and earlier
Mobile devices (such as Apple iPhone and BlackBerry)

Internet Explorer Caching Settings

Be sure to turn off caching on any computer using Internet Explorer, because dashboard updates are frequently ignored with caching on. To configure Windows Internet Explorer, follow these steps:

Access Internet Options by opening an Internet Explorer window and then clicking Tools > Internet Options.
- window like this one displays:

Browsers

Figure 2: Internet Options for Microsoft Windows

Under Browsing history, click Settings.
- window like this one displays:

Browsers

Figure 3: Website Data Settings

Select the option Every time I visit the web page.
Click OK.

The dashboard will now be updated every time the statistics change.

Note that no configuration is needed for Mozilla Firefox.