FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mp2
Staff
Staff
Description
This article describes how to verify whether FortiAP received MPSK configuration of the local-bridge SSID with Local standalone enabled.

Related documents.

FortiAP CLI Commands:
http://docs.fortinet.com/document/fortiap/6.2.0/fortiwifi-and-fortiap-configuration-guide/65088/fort...
MPSK-group configuration from FortiGate:
https://docs.fortinet.com/document/fortigate/6.4.2/administration-guide/997400/mpsk-groups

Solution
Once the mpsk local-bridge SSID with local-standalone is created on the fortigate and added to the FortiAP.
The FortiAPis receiving the MPSK ssid configuration like mpsk key, concurrent client count etc.

To verify whether the FortiAP received the MPSK configuration, follow the below steps.
From the FortiAP CLI (enable SSH on WTP-profile).

By direct SSH to the FortiAP or SSH from the FortiGate as below.

FGT# exec ssh admin@xxx.xxx.xxx.xxx         <----- xxx IP address of the FortiAP.
FortiAP-W2 # h_diag mpsk-info
SSID config (001/002): SSID(mpsk-xxx) VAP(wlan16) refcnt(1)
        Password name (001/001): test, simple00000
            mac-binding: 00:00:00:00:00:00
            sta cnt(0) type (0) max sta cnt(unlimited)
            vlan_type(0) vlan_id(0) schedule_cnt(1)
            schedules     :SMTWTFS 00:00->00:00,
            PMK: cxxxxxxxxxx0b8ff9bf2f79c37de84
SSID config (002/002): SSID(mpsk-xxx) VAP(wlan03) refcnt(1)
        Password name (001/001): test, simple00000
            mac-binding: 00:00:00:00:00:00
            sta cnt(0) type (0) max sta cnt(unlimited)
            vlan_type(0) vlan_id(0) schedule_cnt(1)
            schedules     :SMTWTFS 00:00->00:00,
            PMK: cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb8ff9bf2f79c37de84
MPSK information will be pushed to FortiAP only for the local-bridge SSID with local-standalone enabled.
Hence this output will be available only those FortiAP which has this SSID mapped.

For Local-bridge SSID with standalone enabled but MPSK disabled, then the same output will look as below.
FortiAP # h_diag mpsk-info
SSID config (001/002): SSID(ssid) VAP(wlan16) refcnt(1)
        MPSK is disabled on this SSID.
SSID config (002/002): SSID(ssid) VAP(wlan03) refcnt(1)
        MPSK is disabled on this SSID.

Contributors