Change SSID to VDOM Object

This feature changes the wireless-controller VAP (for SSID configuration) from a global object to a VDOM object, simplifying tracking the object reference count. It also removes the vdom setting from VAP configuration. When multi‑vdom is enabled on a FortiGate, the wireless-controller VAP can be added, edited, or deleted only inside of a VDOM.

To create a VAP entry:

When vdom-mode is no-vdom:
# config wireless-controller vap
(vap) # edit new
new entry 'new' added
(new) # set ssid new
(new) # set passphrase 12345678
(new) # set vdom
command parse error before 'vdom'
(new) # end
# show wireless-controller vap new
config wireless-controller vap
edit "new"
set ssid "new"
set passphrase ENC qmVlo9Zn3C4aVZMIw9LrHhXX+wDNn2BMT9hP3vmZGQFZZz+gQ6Lb1jS9UkAkbQabWkGq8uDZDfqwtWV8lZdMDOFyDC0Kgh/yCuCkM5xM1bm9gvnGC9+84VY2mvkV4pUeiugJ/8o1m++buXmP9CdUmLz7eY/VZwYlKnSyFvk7DphbfZJapCOXtgN2zseNoITPQUTKLA==
next
end
When vdom-mode is multi-vdom:
- A VAP cannot be created in global:
  # config global
  (global) # config wireless-controller vap
  command parse error before 'vap'
  Command fail. Return code 1
  (global) #
- A VAP can only be created in a VDOM:
  # config vdom
  (vdom) # edit vdom2
  current vf=vdom2:1
  (vdom2) # config wireless-controller vap
  (vap) # edit new
  new entry 'new' added
  (new) # set ssid new
  (new) # set passphrase 12345678
  (new) # set vdom
  command parse error before 'vdom'
  (new) # end
  (vdom2) # sh wireless-controller vap new
  config wireless-controller vap
  edit "new"
  set ssid "new"
  set passphrase ENC IidSvoD1C6feNonhsYfUTnOtO89UE/S/wWmOxRHLCud+eR0LD8xuYzWzsRg9/c299Vd2UA809NSUfyRBRD/pFFd/QS6ArQPs4sLVtPiftE63uI53d9azeQv6e5tkQjg4Z7Ztlv2hE47nKkdVXeWZE3mpfRhSxvDUKVzwpR1b8pdwbzDGFlPs+JcoNso6ZeRCuMg54g==
  next
  end
  (vdom2) #
When vdom-mode is multi-vdom, references to user-group and radius can be checked correctly when they are used by a VAP interface:
- A VAP interface with security-mode set to WPA2-Enterprise and RADIUS authentication:
  (vdom2) # show wireless-controller vap new
  config wireless-controller vap
  edit "new"
  set ssid "new"
  set security wpa2-only-enterprise
  set auth radius
  set radius-server "peap"
  next
  end
  (vdom2) # diagnose sys cmdb refcnt show user.radius.name peap
  entry used by table wireless-controller.vap:name 'new'
- A VAP interface with security-mode set to WPA2-Enterprise and User-group authentication:
  (vdom2) # show wireless-controller vap new
  config wireless-controller vap
  edit "new"
  set ssid "new"
  set security wpa2-only-enterprise
  set auth usergroup
  set usergroup "group-radius"
  next
  end
  (vdom2) # diagnose sys cmdb refcnt show user.group.name group-radius
  entry used by child table usergroup:name 'group-radius' of table wireless-controller.vap:name 'new'

Change SSID to VDOM Object

To create a VAP entry:

When vdom-mode is no-vdom:

# config wireless-controller vap

(vap) # edit new

new entry 'new' added

(new) # set ssid new

(new) # set passphrase 12345678

(new) # set vdom

command parse error before 'vdom'

(new) # end

# show wireless-controller vap new

config wireless-controller vap

edit "new"

set ssid "new"

set passphrase ENC qmVlo9Zn3C4aVZMIw9LrHhXX+wDNn2BMT9hP3vmZGQFZZz+gQ6Lb1jS9UkAkbQabWkGq8uDZDfqwtWV8lZdMDOFyDC0Kgh/yCuCkM5xM1bm9gvnGC9+84VY2mvkV4pUeiugJ/8o1m++buXmP9CdUmLz7eY/VZwYlKnSyFvk7DphbfZJapCOXtgN2zseNoITPQUTKLA==

end

When vdom-mode is multi-vdom:

A VAP cannot be created in global:
# config global
(global) # config wireless-controller vap
command parse error before 'vap'
Command fail. Return code 1
(global) #
A VAP can only be created in a VDOM:
# config vdom
(vdom) # edit vdom2
current vf=vdom2:1
(vdom2) # config wireless-controller vap
(vap) # edit new
new entry 'new' added
(new) # set ssid new
(new) # set passphrase 12345678
(new) # set vdom
command parse error before 'vdom'
(new) # end
(vdom2) # sh wireless-controller vap new
config wireless-controller vap
edit "new"
set ssid "new"
set passphrase ENC IidSvoD1C6feNonhsYfUTnOtO89UE/S/wWmOxRHLCud+eR0LD8xuYzWzsRg9/c299Vd2UA809NSUfyRBRD/pFFd/QS6ArQPs4sLVtPiftE63uI53d9azeQv6e5tkQjg4Z7Ztlv2hE47nKkdVXeWZE3mpfRhSxvDUKVzwpR1b8pdwbzDGFlPs+JcoNso6ZeRCuMg54g==
next
end
(vdom2) #

When vdom-mode is multi-vdom, references to user-group and radius can be checked correctly when they are used by a VAP interface:

A VAP interface with security-mode set to WPA2-Enterprise and RADIUS authentication:
(vdom2) # show wireless-controller vap new
config wireless-controller vap
edit "new"
set ssid "new"
set security wpa2-only-enterprise
set auth radius
set radius-server "peap"
next
end
(vdom2) # diagnose sys cmdb refcnt show user.radius.name peap
entry used by table wireless-controller.vap:name 'new'
A VAP interface with security-mode set to WPA2-Enterprise and User-group authentication:
(vdom2) # show wireless-controller vap new
config wireless-controller vap
edit "new"
set ssid "new"
set security wpa2-only-enterprise
set auth usergroup
set usergroup "group-radius"
next
end
(vdom2) # diagnose sys cmdb refcnt show user.group.name group-radius
entry used by child table usergroup:name 'group-radius' of table wireless-controller.vap:name 'new'

New Features

Change SSID to VDOM Object

Change SSID to VDOM Object

To create a VAP entry:

Change SSID to VDOM Object

To create a VAP entry: