Description
This article describes how to verify whether FortiAP received the MPSK configuration of the local-bridge SSID with Local standalone enabled.
Scope
FortiGate, FortiAP.
Solution
Once the MPSK local-bridge SSID with local-standalone is created on the FortiGate and added to the FortiAP. The FortiAPis receives the MPSK SSID configuration like MPSK key, concurrent client count, etc.
To verify whether the FortiAP received the MPSK configuration, follow the below steps.
From the FortiAP CLI (enable SSH on WTP-profile).
By direct SSH to the FortiAP or SSH from the FortiGate as below.
FGT# exec ssh admin@xxx.xxx.xxx.xxx <----- xxx IP address of the FortiAP.
FortiAP-W2 # h_diag mpsk-info
SSID config (001/002): SSID(mpsk-xxx) VAP(wlan16) refcnt(1)
Password name (001/001): test, simple00000
mac-binding: 00:00:00:00:00:00
sta cnt(0) type (0) max sta cnt(unlimited)
vlan_type(0) vlan_id(0) schedule_cnt(1)
schedules :SMTWTFS 00:00->00:00,
PMK: cxxxxxxxxxx0b8ff9bf2f79c37de84
SSID config (002/002): SSID(mpsk-xxx) VAP(wlan03) refcnt(1)
Password name (001/001): test, simple00000
mac-binding: 00:00:00:00:00:00
sta cnt(0) type (0) max sta cnt(unlimited)
vlan_type(0) vlan_id(0) schedule_cnt(1)
schedules :SMTWTFS 00:00->00:00,
PMK: cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb8ff9bf2f79c37de84
MPSK information will be pushed to FortiAP only for the local-bridge SSID with local-standalone enabled. Hence this output will be available only to those FortiAP which has this SSID mapped.
For Local-bridge SSID with standalone enabled but MPSK disabled, then the same output will look as below.
FortiAP # h_diag mpsk-info
SSID config (001/002): SSID(ssid) VAP(wlan16) refcnt(1)
MPSK is disabled on this SSID.
SSID config (002/002): SSID(ssid) VAP(wlan03) refcnt(1)
MPSK is disabled on this SSID.
Related documents.
