Technical Tip: FortiWifi client mode

sachitdas_FTNT · ‎07-01-2020

Description
This article explains how to configure FortiWifi in client mode.

Related link.
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-wireless-54/fortiwifi-client-mode-co...

Solution
The local radio of FortiWifi can work in client mode and associate to an AP. Traffic from the LAN side can use this wifi interface as new WAN interface to go out.

Sample Configuration.

# config system global
set wireless-mode client
end

# config system interface
    edit "wifi"
        set mode dhcp
        set allowaccess ping https ssh
        set type wireless
            # config wifi-networks
                edit 1
                    set wifi-ssid "aaaa"
                    set wifi-security wpa-personal
                    set wifi-passphrase 12345678
                next
            end
    next
end

Add band selection support when set FWF local radio to client mode.
This feature helps the user to have FWF client connect to AP via specific band. There are three options: 'any', '5g-preferred" and "5g-only'.

Set preferred band/networks.

# config system interface
    edit "wifi"
        set vdom "root"
        set mode dhcp
        set type wireless
FW502R3U16-----1 (wifi) set wifi-ap-band ?

Any Connect to the best 2G or 5G AP.
5g-preferred Connect to the 5G AP if a good 5G FortiAP exists.
5g-only Only connect to the 5G FortiAP.

        # config wifi-networks
            edit 1
                set wifi-ssid "xxxxx"
                set wifi-passphrase ENC VbqWtdJ+VuOz+M9AdbQfbCIeiLROreH54QESzNrGBOkremVO1ELwXeKH+xMul40Qf7EFnRkovxl7kpg7EUZgB5uKfG6C6TEVFyyPKLnMNqMVDFBEMc36ekHEccdArehGqtuKt4O3AUxjNkWMpgPKg+Vny1lw+A8ohdR1sy8DzUIKV/mKE7PAcLKruR3+xQ50mSL3JA==
            next
            edit 2
                set wifi-ssid "yyyy"
                set wifi-passphrase ENC E/5+C54GOPed766SHkjADcVawaZw2OHsV7X8TMa9N2tW20zWbbAaspdniVxFhAxZQ0/ZUPvdZi1Rql46OB/owsttwq9aH9HmyZo03QK8vMCB8+eIbG6nlhbbuuaiW8dnY5gicjZiwJLXfUottHNRRLHS9EgUs0x0bYK+wRSRJ6B4x03ZvQ41mLbfJvUNnDM30zsZ+Q==
            next

Troubleshooting commands and sample output.

FWF30D3X14-----9 # diagnose sys wireless
wifi IEEE 802.11na ESSID:"TEST"
Mode:Managed Frequency:5.24GHz(48) Access Point: xx:xx:xx:xx:xx:xx
Bit Rate:144.4Mb/s Tx-Power:11 dBm
RTS thr:off Fragment thr:off
Power Management:off
Link Quality:94/94 Signal level:-43 dBm Noise level:-95 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
Wlan ID: 0 MAC Mode:fat Tun Mode:local
wifi get_bintval:100
FWF30D3X14-----9 # get system interface

name: wifi mode: dhcp ip: 192.168.250.3 255.255.255.0 status: up netbios-forward: disable type: wireless netflow-sampler
# diagnose wireless-controller wlsta ap-list     <----- It shows the scanned ap-list with the target SSID.

SSID xx:xx:xx:xx:xx:xx 172                 WPA2 Personal

# diagnose wireless-controller wlsta ap-selected <----- Check if selected FortiAP is expected.
Selected AP:
ssid=SSID bssid= xx:xx:xx:xx:xx:xx sec=8 status=connected

# diagnose wireless-controller wlsta cfg          <----- Shows the sta wifi config and if the sta is connected to expected ssid with assigned IP.

STA intf name: wifi
              status: up
                  ip: 8.1.1.6
                 mac: 08:5b:0e:6c:ca:10
        auto connect: yes
           auto save: no
             ap band: 5g preferred
        5g threshold: -78dBm
    wifi network cnt: 1
                   1: SSID, 8, 1
           connected: SSID

Note: Only WPA/WPA2 personal are supported.