Note
This plugin is part of the fortinet.fortios collection.
To install it use: ansible-galaxy collection install fortinet.fortios
.
To use it in a playbook, specify: fortinet.fortios.fortios_wireless_controller_wtp_profile
.
New in version 2.8: of fortinet.fortios
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | |||
---|---|---|---|---|---|
host string | FortiOS or FortiGate IP address. | ||||
https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | |||
password string | Default: "" | FortiOS or FortiGate password. | |||
ssl_verify boolean added in 2.9 of fortinet.fortios |
| Ensures FortiGate certificate must be verified by a proper CA. | |||
state string added in 2.9 of fortinet.fortios |
| Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | |||
username string | FortiOS or FortiGate username. | ||||
vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | |||
wireless_controller_wtp_profile dictionary | Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms. | ||||
allowaccess string |
| Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space. | |||
ap_country string |
| Country in which this WTP, FortiAP or AP will operate . | |||
ble_profile string | Bluetooth Low Energy profile name. Source wireless-controller.ble-profile.name. | ||||
comment string | Comment. | ||||
control_message_offload string |
| Enable/disable CAPWAP control message data channel offload. | |||
deny_mac_list list / elements=string | List of MAC addresses that are denied access to this WTP, FortiAP, or AP. | ||||
id integer / required | ID. | ||||
mac string | A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP. | ||||
dtls_in_kernel string |
| Enable/disable data channel DTLS in kernel. | |||
dtls_policy string |
| WTP data channel DTLS policy . | |||
energy_efficient_ethernet string |
| Enable/disable use of energy efficient Ethernet on WTP. | |||
ext_info_enable string |
| Enable/disable station/VAP/radio extension information. | |||
handoff_roaming string |
| Enable/disable client load balancing during roaming to avoid roaming delay . | |||
handoff_rssi integer | Minimum received signal strength indicator (RSSI) value for handoff (20 - 30). | ||||
handoff_sta_thresh integer | Threshold value for AP handoff (5 - 35). | ||||
ip_fragment_preventing string |
| Select how to prevent IP fragmentation for CAPWAP tunneled control and data packets . | |||
lan dictionary | WTP LAN port mapping. | ||||
port1_mode string |
| LAN port 1 mode. | |||
port1_ssid string | Bridge LAN port 1 to SSID. Source wireless-controller.vap.name. | ||||
port2_mode string |
| LAN port 2 mode. | |||
port2_ssid string | Bridge LAN port 2 to SSID. Source wireless-controller.vap.name. | ||||
port3_mode string |
| LAN port 3 mode. | |||
port3_ssid string | Bridge LAN port 3 to SSID. Source wireless-controller.vap.name. | ||||
port4_mode string |
| LAN port 4 mode. | |||
port4_ssid string | Bridge LAN port 4 to SSID. Source wireless-controller.vap.name. | ||||
port5_mode string |
| LAN port 5 mode. | |||
port5_ssid string | Bridge LAN port 5 to SSID. Source wireless-controller.vap.name. | ||||
port6_mode string |
| LAN port 6 mode. | |||
port6_ssid string | Bridge LAN port 6 to SSID. Source wireless-controller.vap.name. | ||||
port7_mode string |
| LAN port 7 mode. | |||
port7_ssid string | Bridge LAN port 7 to SSID. Source wireless-controller.vap.name. | ||||
port8_mode string |
| LAN port 8 mode. | |||
port8_ssid string | Bridge LAN port 8 to SSID. Source wireless-controller.vap.name. | ||||
port_mode string |
| LAN port mode. | |||
port_ssid string | Bridge LAN port to SSID. Source wireless-controller.vap.name. | ||||
lbs dictionary | Set various location based service (LBS) options. | ||||
aeroscout string |
| Enable/disable AeroScout Real Time Location Service (RTLS) support. | |||
aeroscout_ap_mac string |
| Use BSSID or board MAC address as AP MAC address in the Aeroscout AP message. | |||
aeroscout_mmu_report string |
| Enable/disable MU compounded report. | |||
aeroscout_mu string |
| Enable/disable AeroScout support. | |||
aeroscout_mu_factor integer | AeroScout Mobile Unit (MU) mode dilution factor . | ||||
aeroscout_mu_timeout integer | AeroScout MU mode timeout (0 - 65535 sec). | ||||
aeroscout_server_ip string | IP address of AeroScout server. | ||||
aeroscout_server_port integer | AeroScout server UDP listening port. | ||||
ekahau_blink_mode string |
| Enable/disable Ekahua blink mode (also called AiRISTA Flow Blink Mode) to find the location of devices connected to a wireless LAN . | |||
ekahau_tag string | WiFi frame MAC address or WiFi Tag. | ||||
erc_server_ip string | IP address of Ekahua RTLS Controller (ERC). | ||||
erc_server_port integer | Ekahua RTLS Controller (ERC) UDP listening port. | ||||
fortipresence string |
| Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don"t connect to this WiFi network . | |||
fortipresence_frequency integer | FortiPresence report transmit frequency (5 - 65535 sec). | ||||
fortipresence_port integer | FortiPresence server UDP listening port . | ||||
fortipresence_project string | FortiPresence project name (max. 16 characters). | ||||
fortipresence_rogue string |
| Enable/disable FortiPresence finding and reporting rogue APs. | |||
fortipresence_secret string | FortiPresence secret password (max. 16 characters). | ||||
fortipresence_server string | FortiPresence server IP address. | ||||
fortipresence_unassoc string |
| Enable/disable FortiPresence finding and reporting unassociated stations. | |||
station_locate string |
| Enable/disable client station locating services for all clients, whether associated or not . | |||
led_schedules list / elements=string | Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid. Separate multiple schedule names with a space. | ||||
name string / required | LED schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name. | ||||
led_state string |
| Enable/disable use of LEDs on WTP . | |||
lldp string |
| Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP . | |||
login_passwd string | Set the managed WTP, FortiAP, or AP"s administrator password. | ||||
login_passwd_change string |
| Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no). | |||
max_clients integer | Maximum number of stations (STAs) supported by the WTP . | ||||
name string / required | WTP (or FortiAP or AP) profile name. | ||||
platform dictionary | WTP, FortiAP, or AP platform. | ||||
type string |
| WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in profile and customize it or create a new profile. | |||
poe_mode string |
| Set the WTP, FortiAP, or AP"s PoE mode. | |||
radio_1 dictionary | Configuration options for radio 1. | ||||
amsdu string |
| Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . | |||
ap_handoff string |
| Enable/disable AP handoff of clients to other APs . | |||
ap_sniffer_addr string | MAC address to monitor. | ||||
ap_sniffer_bufsize integer | Sniffer buffer size (1 - 32 MB). | ||||
ap_sniffer_chan integer | Channel on which to operate the sniffer . | ||||
ap_sniffer_ctl string |
| Enable/disable sniffer on WiFi control frame . | |||
ap_sniffer_data string |
| Enable/disable sniffer on WiFi data frame . | |||
ap_sniffer_mgmt_beacon string |
| Enable/disable sniffer on WiFi management Beacon frames . | |||
ap_sniffer_mgmt_other string |
| Enable/disable sniffer on WiFi management other frames . | |||
ap_sniffer_mgmt_probe string |
| Enable/disable sniffer on WiFi management probe frames . | |||
auto_power_high integer | Automatic transmit power high limit in dBm (the actual range of transmit power depends on the AP platform type). | ||||
auto_power_level string |
| Enable/disable automatic power-level adjustment to prevent co-channel interference . | |||
auto_power_low integer | Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type). | ||||
band string |
| WiFi band that Radio 1 operates on. | |||
bandwidth_admission_control string |
| Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. | |||
bandwidth_capacity integer | Maximum bandwidth capacity allowed (1 - 600000 Kbps). | ||||
beacon_interval integer | Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type). | ||||
call_admission_control string |
| Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. | |||
call_capacity integer | Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). | ||||
channel list / elements=string | Selected list of wireless radio channels. | ||||
chan string / required | Channel number. | ||||
channel_bonding string |
| Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. | |||
channel_utilization string |
| Enable/disable measuring channel utilization. | |||
coexistence string |
| Enable/disable allowing both HT20 and HT40 on the same radio . | |||
darrp string |
| Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel . | |||
dtim integer | DTIM interval. The frequency to transmit Delivery Traffic Indication Message (or Map) (DTIM) messages (1 - 255). Set higher to save client battery life. | ||||
frag_threshold integer | Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). | ||||
frequency_handoff string |
| Enable/disable frequency handoff of clients to other channels . | |||
max_clients integer | Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. | ||||
max_distance integer | Maximum expected distance between the AP and clients (0 - 54000 m). | ||||
mode string |
| Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. | |||
power_level integer | Radio power level as a percentage of the maximum transmit power (0 - 100). | ||||
powersave_optimize string |
| Enable client power-saving features such as TIM, AC VO, and OBSS etc. | |||
protection_mode string |
| Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). | |||
radio_id integer | radio-id | ||||
rts_threshold integer | Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). | ||||
short_guard_interval string |
| Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. | |||
spectrum_analysis string |
| Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. | |||
transmit_optimize string |
| Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. | |||
vap_all string |
| Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) . | |||
vaps list / elements=string | Manually selected list of Virtual Access Points (VAPs). | ||||
name string / required | Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name. | ||||
wids_profile string | Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. | ||||
radio_2 dictionary | Configuration options for radio 2. | ||||
amsdu string |
| Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . | |||
ap_handoff string |
| Enable/disable AP handoff of clients to other APs . | |||
ap_sniffer_addr string | MAC address to monitor. | ||||
ap_sniffer_bufsize integer | Sniffer buffer size (1 - 32 MB). | ||||
ap_sniffer_chan integer | Channel on which to operate the sniffer . | ||||
ap_sniffer_ctl string |
| Enable/disable sniffer on WiFi control frame . | |||
ap_sniffer_data string |
| Enable/disable sniffer on WiFi data frame . | |||
ap_sniffer_mgmt_beacon string |
| Enable/disable sniffer on WiFi management Beacon frames . | |||
ap_sniffer_mgmt_other string |
| Enable/disable sniffer on WiFi management other frames . | |||
ap_sniffer_mgmt_probe string |
| Enable/disable sniffer on WiFi management probe frames . | |||
auto_power_high integer | Automatic transmit power high limit in dBm (the actual range of transmit power depends on the AP platform type). | ||||
auto_power_level string |
| Enable/disable automatic power-level adjustment to prevent co-channel interference . | |||
auto_power_low integer | Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type). | ||||
band string |
| WiFi band that Radio 2 operates on. | |||
bandwidth_admission_control string |
| Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. | |||
bandwidth_capacity integer | Maximum bandwidth capacity allowed (1 - 600000 Kbps). | ||||
beacon_interval integer | Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type). | ||||
call_admission_control string |
| Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. | |||
call_capacity integer | Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). | ||||
channel list / elements=string | Selected list of wireless radio channels. | ||||
chan string / required | Channel number. | ||||
channel_bonding string |
| Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. | |||
channel_utilization string |
| Enable/disable measuring channel utilization. | |||
coexistence string |
| Enable/disable allowing both HT20 and HT40 on the same radio . | |||
darrp string |
| Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel . | |||
dtim integer | DTIM interval. The frequency to transmit Delivery Traffic Indication Message (or Map) (DTIM) messages (1 - 255). Set higher to save client battery life. | ||||
frag_threshold integer | Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). | ||||
frequency_handoff string |
| Enable/disable frequency handoff of clients to other channels . | |||
max_clients integer | Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. | ||||
max_distance integer | Maximum expected distance between the AP and clients (0 - 54000 m). | ||||
mode string |
| Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. | |||
power_level integer | Radio power level as a percentage of the maximum transmit power (0 - 100). | ||||
powersave_optimize string |
| Enable client power-saving features such as TIM, AC VO, and OBSS etc. | |||
protection_mode string |
| Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). | |||
radio_id integer | radio-id | ||||
rts_threshold integer | Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). | ||||
short_guard_interval string |
| Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. | |||
spectrum_analysis string |
| Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. | |||
transmit_optimize string |
| Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. | |||
vap_all string |
| Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) . | |||
vaps list / elements=string | Manually selected list of Virtual Access Points (VAPs). | ||||
name string / required | Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name. | ||||
wids_profile string | Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. | ||||
split_tunneling_acl list / elements=string | Split tunneling ACL filter list. | ||||
dest_ip string | Destination IP and mask for the split-tunneling subnet. | ||||
id integer / required | ID. | ||||
split_tunneling_acl_local_ap_subnet string |
| Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL . | |||
split_tunneling_acl_path string |
| Split tunneling ACL path is local/tunnel. | |||
state string |
| Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | |||
tun_mtu_downlink integer | Downlink CAPWAP tunnel MTU (0, 576, or 1500 bytes). | ||||
tun_mtu_uplink integer | Uplink CAPWAP tunnel MTU (0, 576, or 1500 bytes). | ||||
wan_port_mode string |
| Enable/disable using a WAN port as a LAN port. |
Note
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms. fortios_wireless_controller_wtp_profile: vdom: "{{ vdom }}" state: "present" wireless_controller_wtp_profile: allowaccess: "telnet" ap_country: "NA" ble_profile: "<your_own_value> (source wireless-controller.ble-profile.name)" comment: "Comment." control_message_offload: "ebp-frame" deny_mac_list: - id: "9" mac: "<your_own_value>" dtls_in_kernel: "enable" dtls_policy: "clear-text" energy_efficient_ethernet: "enable" ext_info_enable: "enable" handoff_roaming: "enable" handoff_rssi: "16" handoff_sta_thresh: "17" ip_fragment_preventing: "tcp-mss-adjust" lan: port_mode: "offline" port_ssid: "<your_own_value> (source wireless-controller.vap.name)" port1_mode: "offline" port1_ssid: "<your_own_value> (source wireless-controller.vap.name)" port2_mode: "offline" port2_ssid: "<your_own_value> (source wireless-controller.vap.name)" port3_mode: "offline" port3_ssid: "<your_own_value> (source wireless-controller.vap.name)" port4_mode: "offline" port4_ssid: "<your_own_value> (source wireless-controller.vap.name)" port5_mode: "offline" port5_ssid: "<your_own_value> (source wireless-controller.vap.name)" port6_mode: "offline" port6_ssid: "<your_own_value> (source wireless-controller.vap.name)" port7_mode: "offline" port7_ssid: "<your_own_value> (source wireless-controller.vap.name)" port8_mode: "offline" port8_ssid: "<your_own_value> (source wireless-controller.vap.name)" lbs: aeroscout: "enable" aeroscout_ap_mac: "bssid" aeroscout_mmu_report: "enable" aeroscout_mu: "enable" aeroscout_mu_factor: "43" aeroscout_mu_timeout: "44" aeroscout_server_ip: "<your_own_value>" aeroscout_server_port: "46" ekahau_blink_mode: "enable" ekahau_tag: "<your_own_value>" erc_server_ip: "<your_own_value>" erc_server_port: "50" fortipresence: "foreign" fortipresence_frequency: "52" fortipresence_port: "53" fortipresence_project: "<your_own_value>" fortipresence_rogue: "enable" fortipresence_secret: "<your_own_value>" fortipresence_server: "<your_own_value>" fortipresence_unassoc: "enable" station_locate: "enable" led_schedules: - name: "default_name_61 (source firewall.schedule.group.name firewall.schedule.recurring.name)" led_state: "enable" lldp: "enable" login_passwd: "<your_own_value>" login_passwd_change: "yes" max_clients: "66" name: "default_name_67" platform: type: "AP-11N" poe_mode: "auto" radio_1: amsdu: "enable" ap_handoff: "enable" ap_sniffer_addr: "<your_own_value>" ap_sniffer_bufsize: "75" ap_sniffer_chan: "76" ap_sniffer_ctl: "enable" ap_sniffer_data: "enable" ap_sniffer_mgmt_beacon: "enable" ap_sniffer_mgmt_other: "enable" ap_sniffer_mgmt_probe: "enable" auto_power_high: "82" auto_power_level: "enable" auto_power_low: "84" band: "802.11a" bandwidth_admission_control: "enable" bandwidth_capacity: "87" beacon_interval: "88" call_admission_control: "enable" call_capacity: "90" channel: - chan: "<your_own_value>" channel_bonding: "80MHz" channel_utilization: "enable" coexistence: "enable" darrp: "enable" dtim: "97" frag_threshold: "98" frequency_handoff: "enable" max_clients: "100" max_distance: "101" mode: "disabled" power_level: "103" powersave_optimize: "tim" protection_mode: "rtscts" radio_id: "106" rts_threshold: "107" short_guard_interval: "enable" spectrum_analysis: "enable" transmit_optimize: "disable" vap_all: "enable" vaps: - name: "default_name_113 (source wireless-controller.vap-group.name wireless-controller.vap.name)" wids_profile: "<your_own_value> (source wireless-controller.wids-profile.name)" radio_2: amsdu: "enable" ap_handoff: "enable" ap_sniffer_addr: "<your_own_value>" ap_sniffer_bufsize: "119" ap_sniffer_chan: "120" ap_sniffer_ctl: "enable" ap_sniffer_data: "enable" ap_sniffer_mgmt_beacon: "enable" ap_sniffer_mgmt_other: "enable" ap_sniffer_mgmt_probe: "enable" auto_power_high: "126" auto_power_level: "enable" auto_power_low: "128" band: "802.11a" bandwidth_admission_control: "enable" bandwidth_capacity: "131" beacon_interval: "132" call_admission_control: "enable" call_capacity: "134" channel: - chan: "<your_own_value>" channel_bonding: "80MHz" channel_utilization: "enable" coexistence: "enable" darrp: "enable" dtim: "141" frag_threshold: "142" frequency_handoff: "enable" max_clients: "144" max_distance: "145" mode: "disabled" power_level: "147" powersave_optimize: "tim" protection_mode: "rtscts" radio_id: "150" rts_threshold: "151" short_guard_interval: "enable" spectrum_analysis: "enable" transmit_optimize: "disable" vap_all: "enable" vaps: - name: "default_name_157 (source wireless-controller.vap-group.name wireless-controller.vap.name)" wids_profile: "<your_own_value> (source wireless-controller.wids-profile.name)" split_tunneling_acl: - dest_ip: "<your_own_value>" id: "161" split_tunneling_acl_local_ap_subnet: "enable" split_tunneling_acl_path: "tunnel" tun_mtu_downlink: "164" tun_mtu_uplink: "165" wan_port_mode: "wan-lan"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build string | always | Build number of the fortigate image Sample: 1547 |
http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
name string | always | Name of the table used to fulfill the request Sample: urlfilter |
path string | always | Path of the table used to fulfill the request Sample: webfilter |
revision string | always | Internal revision number Sample: 17.0.2.10658 |
serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
status string | always | Indication of the operation's result Sample: success |
vdom string | always | Virtual domain used Sample: root |
version string | always | Version of the FortiGate Sample: v5.6.3 |
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/fortinet/fortios/fortios_wireless_controller_wtp_profile_module.html