- The Tcl script can be used to create or modify any configuration for the FortiAPs connected to FortiGate that the script is run on.
In this example, a new FortiAP profile (wtp-profile) is created and assigned only to a specific model of FortiAP (221E) instead of making changes on all connected FortiAPs.
- To checking the current FortiAP profile for the 221E FAPs on the FortiGate, go to WiFi & Switch Controller -> Managed FortiAPs.
The Current profile is FAP221E-default.
Note: Follow the initial steps from Technical Tip: How to use Tcl script...existing route to enable and run Tcl scripts in FortiManager.
- Go to Device Manager -> Scripts, select Tcl Script as the Type, and select 'Create new'.
Create the following Tcl script:
#! proc do_cmd {cmd} { puts [exec "$cmd\n" "# "] } # # Taking the output of wireless-controller wtp: # foreach line [split [exec "show wireless-controller wtp\n" "# "] \n] { # # Fetching the 'edit' and its value, that is, the 16 digit serial number: # if {[regexp {edit[ ]"(\w{16})} $line match fap]} { continue # # Checking if wtp-profile is present: # } elseif {[regexp {set[ ]+(\wtp-profile)[ ]+"(.*)} $line match key value]} { # # Storing "key = 'wtp-profile'" and "value = profile name" to an array: # lappend fap_serials($fap) "$key $value" } } puts [exec "#Creating new WTP Profile\n" "# " 15 ] # # Set the model of the FortiAP where change is required: # set fapmodel "FP221E" # # Setting a name for the new WTP Profile to create: # set newprofile "FP221E-new1" # # Set the platform type for the FortiAP: # set faptype "221E" # # Creating a new WTP profile using the parameters set above: # do_cmd "config wireless-controller wtp-profile" do_cmd "edit $newprofile" do_cmd "config platform" do_cmd "set type $faptype" do_cmd "end" do_cmd "set handoff-sta-thresh 30" do_cmd "config radio-1" do_cmd "set band 802.11n,g-only" do_cmd "end" do_cmd "config radio-2" do_cmd "set band 802.11ac" do_cmd "end" do_cmd "next" do_cmd "end" # # Changing the wtp-profiles: # do_cmd "config wireless-controller wtp\n" # # Looping for each FortiAP serial key # and checking if the serial of the FortiAP contains the FortiAP model number # if yes, change the wtp profile to the newly created one # using this condition in order to NOT make changes to all FortiAPs # # array -> calls an array # names -> names of the indices are used # fap_serials -> name of array # foreach fap [array names fap_serials] { if {[string first $fapmodel $fap] != -1} { do_cmd "edit $fap" do_cmd "set wtp-profile $newprofile" do_cmd "next" } } do_cmd "end"
- After the script is run, check the wtp-profiles again on the FortiGate, a new FortiAP Profile 'FP2221E-new1' has been created and assigned only to the FortiAPs model 221E.
Note:
The FortiAP config can also be modified and pushed to FortiGate(s) using the AP Manager.
Related documents:
Tcl scripts.
Technical Tip: How to fetch FortiAP and FortiSwitch Serials using TCL Script in FortiManager.
Technical Tip: How to troubleshoot TCL Scripts failed in FortiManager.
Technical Tip: How to use TCL script to create static routes by fetching gateway IP from an existing....
Technical Tip: Use TCL Script in FortiManager to set source IP in FortiGate config by fetching Forti....
|