- The Tcl script can be used to create or modify any configuration for the FortiAPs connected to FortiGate that the script is run on.
In this example, a new FortiAP profile (wtp-profile) is created and assigned only to a specific model of FortiAP (221E) instead of making changes on all connected FortiAPs.
- To checking the current FortiAP profile for the 221E FAPs on the FortiGate, go to WiFi & Switch Controller -> Managed FortiAPs.
The Current profile is FAP221E-default.
Note:
Follow the initial steps from Technical Tip: How to use Tcl script...existing route to enable and run Tcl scripts in FortiManager.
- Go to Device Manager -> Scripts, select Tcl Script as the Type, and select 'Create new'.
Create the following Tcl script:
#!
proc do_cmd {cmd} {
puts [exec "$cmd\n" "# "]
}
#
# Taking the output of wireless-controller wtp:
#
foreach line [split [exec "show wireless-controller wtp\n" "# "] \n] {
#
# Fetching the 'edit' and its value, that is, the 16 digit serial number:
#
if {[regexp {edit[ ]"(\w{16})} $line match fap]} {
continue
#
# Checking if wtp-profile is present:
#
} elseif {[regexp {set[ ]+(\wtp-profile)[ ]+"(.*)} $line match key value]} {
#
# Storing "key = 'wtp-profile'" and "value = profile name" to an array:
#
lappend fap_serials($fap) "$key $value"
}
}
puts [exec "#Creating new WTP Profile\n" "# " 15 ]
#
# Set the model of the FortiAP where change is required:
#
set fapmodel "FP221E"
#
# Setting a name for the new WTP Profile to create:
#
set newprofile "FP221E-new1"
#
# Set the platform type for the FortiAP:
#
set faptype "221E"
#
# Creating a new WTP profile using the parameters set above:
#
do_cmd "config wireless-controller wtp-profile"
do_cmd "edit $newprofile"
do_cmd "config platform"
do_cmd "set type $faptype"
do_cmd "end"
do_cmd "set handoff-sta-thresh 30"
do_cmd "config radio-1"
do_cmd "set band 802.11n,g-only"
do_cmd "end"
do_cmd "config radio-2"
do_cmd "set band 802.11ac"
do_cmd "end"
do_cmd "next"
do_cmd "end"
#
# Changing the wtp-profiles:
#
do_cmd "config wireless-controller wtp\n"
#
# Looping for each FortiAP serial key
# and checking if the serial of the FortiAP contains the FortiAP model number
# if yes, change the wtp profile to the newly created one
# using this condition in order to NOT make changes to all FortiAPs
#
# array -> calls an array
# names -> names of the indices are used
# fap_serials -> name of array
#
foreach fap [array names fap_serials] {
if {[string first $fapmodel $fap] != -1} {
do_cmd "edit $fap"
do_cmd "set wtp-profile $newprofile"
do_cmd "next"
}
}
do_cmd "end"
- After the script is run, check the wtp-profiles again on the FortiGate, a new FortiAP Profile 'FP2221E-new1' has been created and assigned only to the FortiAPs model 221E.
Note:
The FortiAP config can also be modified and pushed to FortiGate(s) using the AP Manager.
Related documents:
Tcl scripts.
Technical Tip: How to fetch FortiAP and FortiSwitch Serials using TCL Script in FortiManager.
Technical Tip: How to troubleshoot TCL Scripts failed in FortiManager.
Technical Tip: How to use TCL script to create static routes by fetching gateway IP from an existing....
Technical Tip: Use TCL Script in FortiManager to set source IP in FortiGate config by fetching Forti....
|
