FortiAP Advanced Configuration

Frequency and AP handoff

From the web‑based manager edit a custom AP profile and select Frequency Handoff and AP Handoff as required for each radio on the AP.
From the CLI, you configure wireless client load balancing thresholds for each custom AP profile. Enable access point hand-off and frequency hand-off separately for each radio in the custom AP profile.
config wireless-controller wtp-profile
edit new-ap-profile
set handoff-rssi <rssi_int>
set handoff-sta-thresh <clients_int>
config radio-1
set frequency-handoff {disable | enable}
set ap-handoff {disable | enable}
config radio-2
set frequency-handoff {disable | enable}
set ap-handoff {disable | enable}

• handoff-rssi is the RSSI threshold. Clients with a 5 Ghz RSSI threshold over this value are load balanced to the 5GHz frequency band. Default is 25. Range is 20 to 30.
• handoff-sta-thresh is the access point handoff threshold. If the access point has more clients than this threshold it is considered busy and clients are changed to another access point. Default is 30, range is 5 to 25.
• frequency-handoff enable or disable frequency handoff load balancing for this radio. Disabled by default.
• ap-handoff enable or disable access point handoff load balancing for this radio. Disabled by default.

Rogue AP scanning as a background activity

Each WiFi radio can perform monitoring of radio channels in its operating band while acting as an AP. It does this by briefly switching from AP to monitoring mode. By default, a scan period starts every 300 seconds. Each second a different channel is monitored for 20ms until all channels have been checked.

During heavy AP traffic, it is possible for background scanning to cause lost packets when the radio switches to monitoring. To reduce the probability of lost packets, you can set the CLI ap-bgscan-idle field to delay the switch to monitoring until the AP has been idle for a specified period. This means that heavy AP traffic may slow background scanning.
The following CLI example configures default background rogue scanning operation except that it sets ap-bgscan-idle to require 100ms of AP inactivity before scanning the next channel.
config wireless-controller wtp-profile
edit ourprofile
config radio-1
set ap-bgscan enable
set rogue-scan enable
set ap-bgscan-period 300
set ap-bgscan-intv 1
set ap-bgscan-duration 20
set ap-bgscan-idle 100

Background scan settings:

ap-bgscan                ap-bgscan
ap-bgscan-period         interval between two rounds of scanning  s
ap-bgscan-intv           interval between two scanning channels  s
ap-bgscan-duration       listening time on a scanning channel  ms
ap-bgscan-idle           waiting channel idle time before scanning channel  ms
ap-bgscan-report-intv    interval between two bgscan reports  sec
ap-bgscan-disable-day    bgscan disable weekday

Upgrading AP Firmware to Several units Simultaneously

You can upload AP firmware to the Fortigate then initiate a reset on the APs which are controlled by it to push the upgrade out to them.

execute wireless-controller upload-wtp-image ?
execute wireless-controller list-wtp-image
execute wireless-controller reset-wtp all

TX Power levels

100% –> 27dbm (500mw)
50% –> 24dbm (250mw)
10% –> 17dbm (50mw)
5% –> 14dbm (25mw)
1% –> 7dbm (5mw)

Leave a Reply