Creating a FortiAP profile
A FortiAP profile defines radio settings for a particular platform (FortiAP model). The profile also selects which SSIDs (virtual APs) the APs will carry. FortiAP units contain two radio transceivers, making it possible, for example, to provide both 2.4 GHz 802.11b/g/n and 5 GHz 802.11a/n service from the same access point. The radios can also be used for monitoring, used for the Rogue AP detection feature.
You can modify existing FortiAP profiles or create new ones of your own.
On FortiGate model 30D, GUI configuration of FortiAP Profiles is disabled by default. To enable AP profiles, enter the following CLI commands: |
To configure a FortiAP profile - GUI
- Go to WiFi & Switch Controller > FortiAP Profiles and select Create New.
- Enter a Name for the FortiAP Profile.
- In Platform, select the FortiWiFi or FortiAP model to which this profile applies.
- If split tunneling is used, in Split Tunneling Subnets, enter a comma-separated list all of the destination IP address ranges that should not be routed through the FortiGate WiFi controller.
- For each radio, enter:
- Select OK.
Mode |
Select the type of mode. |
WIDS Profile |
Optionally, select a Wireless Intrusion Detection (WIDS) profile. See Wireless network protection. |
Radio Resource |
Select to enable the distributed radio resource provisioning (DARRP) feature. This feature measures utilization and interference on the available channels and selects the clearest channel at each access point. The measurement can be repeated periodically to respond to changing conditions. |
Client Load |
Select Frequency Handoff or AP Handoff as needed. See Access point configuration. |
Band |
Select the wireless protocols that you want to support. The available choices depend on the radio’s capabilities. Where multiple protocols are supported, the letter suffixes are combined: “802.11g/b” means 802.11g and 802.11b. |
Channel Width |
Select channel width for 802.11ac or 802.11n on 5 GHz. |
Short Guard |
Select to enable the short guard interval for 802.11ac or 802.11n on 5 GHz. |
Channels |
Select the channel or channels to include. The available channels depend on which IEEE wireless protocol you selected in Band. By default, all available channels are enabled. |
TX Power |
Enable automatic or manual adjustment of transmit power, specifying either minimum and maximum power levels in dBm or as a percentage. |
TX Power |
When TX Power Control is set to Auto, the TX Power is set by default to a range of 10-17 dBm. Set the range between 1 and 20 for both the lower and upper limits. When TX Power Control is set to Manual, the TX Power is set by default to 100% of the maximum power permitted in your region. To change the level, drag the slider. |
SSIDs |
Select Auto or Manual. Selecting Auto eliminates the need to re-edit the profile when new SSIDs are created. However, you can still select SSIDs individually using Manual. Note that bridge mode SSIDs cannot be manually selected for FortiWiFi local radio platforms. Automatic assignment of SSIDs (Auto) is not available for FortiAPs in Local Bridge mode. The option is hidden on both the Managed FortiAP settings and the FortiAP Profile assigned to that AP. |
Radio 1 settings are the same as Radio 2 settings except for the options for Channel.
Radio 2 settings are available only for FortiAP models with dual radios.
To configure a FortiAP profile - CLI
This example configures a FortiAP-220B to carry all SSIDs on Radio 1 but only SSID example_wlan on Radio 2.
config wireless-controller wtp-profile
edit guest_prof
config platform
set type 220B
end
config radio-1
set mode ap
set band 802.11g
set vap-all enable
end
config radio-2
set mode ap
set band 802.11g
set vaps example_wlan
end
end
To enable DARRP - CLI
To prevent interference between APs, the FortiOS WiFi Controller includes the Distributed Automatic Radio Resource Provisioning (DARRP) feature. Through DARRP, each FortiAP unit autonomously and periodically determines the channel that is best suited for wireless communications. FortiAP units to select their channel so that they do not interfere with each other in large-scale deployments where multiple access points have overlapping radio ranges.
In this example, DARRP is enabled for both radios in the FAP321C-default profile:
config wireless-controller wtp-profile
edit FAP321C-default
config radio-1
set darrp enable
end
config radio-2
set darrp enable
end
end
To set DARRP timing - CLI
By default, DARRP optimization occurs at a fixed interval of 1800 seconds (30 minutes). You can change this interval in the CLI. For example, to change the interval to 3600 seconds enter:
config wireless-controller timers
set darrp-optimize 3600
end
Optionally, you can schedule optimization for fixed times. This enables you to confine DARRP activity to a low-traffic period. Setting darrp-optimize
to 0, makes darrp-day
and darrp-time
available. For example, here's how to set DARRP optimization for 3:00 am every day:
config wireless-controller timers
set darrp-optimize 0
set darrp-day sunday monday tuesday wednesday thursday friday saturday
set darrp-time 03:00
end
Both darrp-day
and darrp-time
can accept multiple entries.