Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

JohnKram
New Contributor

Created on ‎08-27-2019 09:46 AM

Disable 11B Data Rates

I have a FortiGate 60E with a single Access Point 221B.  I'm trying to perform a test to determine if a certain product supports a set of data rates or not.  To this end, I would like to disable the 802.11B data rates 1, 2, 5.5, and 11 Mbits/sec.  

I understand there's a way to do this using the CLI, and after logging into the FortiGate unit I clicked on the icon to open up a CLI interface.  I then typed in the following:

config wireless-controller vap
edit <vap_name>
set rates-11bg 12-basic 18 24 36 48 54
end

This seemed to take, and I was able to verify it with the show command.  However, it seems the unit still responds on the 11B data rates.  I then tried the following using the CLI, also to no avail:

config wireless-controller wtp-profile
edit <name>
config radio-1
set powersave-optimize no-11b-rate
end

Would anybody have any ideas what I'm likely fundamentally missing here?!  Is a reboot required?!  Is there some type of "Apply" button to have these changes take effect that I'm missing?!  Or is my licensing somehow insufficient?!  I'm at a loss to explain why the commands take and the settings persist, yet don't seem to actually take effect.  

Any insights are greatly appreciated!
Labels:
1360
0 Kudos
1 Solution
jbattam_FTNT
Staff
Staff
In response to JohnKram

Created on ‎08-29-2019 03:43 PM

Hi John,

As per your config, you have 11Mbps enabled, set-rates-11bg is 11Mbps, which is a B rate. OFDM starts at 6Mbps, then 12,18,24 etc. Not 11.

config wireless-controller vap
edit <vap_name>
set rates-11bg 12-basic 18 24 36 48 54
end

It appears you're making changes at just the SSID level. Hence if you have multiple SSID's configured the easiest way to make this change is at the radio level.
As Chris has said enabling g/n mode at the radio level should work. This is generally set in the AP <wtp-profile>. Please see example below for the radio-2 config set in the FAP-221B profile using.

FortiGate# config wireless-controller -profile
FortiGate(-profile) # edit FAP-221B
FortiGate(FAP-221B) # show
config wireless-controller -profile
edit "FAP-221B"
set handoff-sta-thresh 30
set https ssh
config radio-1
set band 802.11n-5G
set channel "36"
end
config radio-2
set band 802.11n,g-only
set channel "1"
end
next
end

Please try this. I would also suggest deleting and recreating your SSID <vap> just in case the changes made to the basic rates override the radio profile.

Kind Regards,
JB

------------------------------
John Battam
CSE - Wireless APAC
Fortinet
Sydney | Australia
CWNE #327
------------------------------
John Battam
Principal CSE - Wireless/IAM International Region
Fortinet
Sydney | Australia
CWNE #327

View solution in original post

1335
0 Kudos
4 REPLIES 4
ChriHins
Staff
Staff

Created on ‎08-27-2019 12:19 PM

Hi John,
   What version of FortiOS are you running?

   You will additionally need to change the VAP-profile to be n-only (or n/g) if you want to prevent 11b rates from operating.
1335
0 Kudos
JohnKram
New Contributor
In response to ChriHins

Created on ‎08-29-2019 07:25 AM

Thanks much for this.  I tried it with g only, n-only, and n/g but to no avail.  
It's also odd in that all these settings I've tried to change seem to "take" but don't seem to ever get "applied."

The FortiOS version is 5.4.
1335
0 Kudos
ChriHins
Staff
Staff
In response to JohnKram

Created on ‎08-29-2019 02:07 PM

Thanks John.

I'm assuming that you're using a packet sniffer / wireshark to verify that the beacons are still going out at 1Mbps?  If you're continuing to have issues, please direct send me your contact info and I can ask someone to reach out to debug with you directly.
1335
0 Kudos
jbattam_FTNT
Staff
Staff
In response to JohnKram

Created on ‎08-29-2019 03:43 PM

Hi John,

As per your config, you have 11Mbps enabled, set-rates-11bg is 11Mbps, which is a B rate. OFDM starts at 6Mbps, then 12,18,24 etc. Not 11.

config wireless-controller vap
edit <vap_name>
set rates-11bg 12-basic 18 24 36 48 54
end

It appears you're making changes at just the SSID level. Hence if you have multiple SSID's configured the easiest way to make this change is at the radio level.
As Chris has said enabling g/n mode at the radio level should work. This is generally set in the AP <wtp-profile>. Please see example below for the radio-2 config set in the FAP-221B profile using.

FortiGate# config wireless-controller -profile
FortiGate(-profile) # edit FAP-221B
FortiGate(FAP-221B) # show
config wireless-controller -profile
edit "FAP-221B"
set handoff-sta-thresh 30
set https ssh
config radio-1
set band 802.11n-5G
set channel "36"
end
config radio-2
set band 802.11n,g-only
set channel "1"
end
next
end

Please try this. I would also suggest deleting and recreating your SSID <vap> just in case the changes made to the basic rates override the radio profile.

Kind Regards,
JB

------------------------------
John Battam
CSE - Wireless APAC
Fortinet
Sydney | Australia
CWNE #327
------------------------------
John Battam
Principal CSE - Wireless/IAM International Region
Fortinet
Sydney | Australia
CWNE #327
1336
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.