Configuring Agile Multiband Operation | FortiWiFi and FortiAP Configuration Guide (2024)

The Wi-Fi Alliance Agile Multiband Operation (MBO) feature enables better use of Wi-Fi network resources in roaming decisions and improves overall performance. This allows the FortiGate to push the MBO configuration to managed APs, which adds the MBO information element to the beacon and probe response for 802.11ax.

config wireless-controller vap edit <name> set mbo {enable | disable} set gas-comeback-delay <integer> set gas-fragmentation-limit <integer> set mbo-cell-data-conn-pref {excluded | prefer-not | prefer-use} nextend

mbo {enable \| disable}	Enable/disable Multiband Operation (default = disable).
gas-comeback-delay <integer>	GAS comeback delay in milliseconds (100 - 10000, default = 500, 0 = special).
gas-fragmentation-limit <integer>	GAS fragmentation limit (512 - 4096, default = 1024).
mbo-cell-data-conn-pref {excluded \| prefer-not \| prefer-use}	MBO cell data connection preference: excluded: Wi-Fi Agile Multiband AP does not want the Wi-Fi Agile Multiband STA to use the cellular data connection. prefer-not: Wi-Fi Agile Multiband AP prefers that the Wi-Fi Agile Multiband STA should not use cellular data connection. prefer-use: Wi-Fi Agile Multiband AP prefers that the Wi-Fi Agile Multiband STA should use cellular data connection.

To configure MBO for an 802.11ax FortiAP:

Configure MBO on the VAP:

config wireless-controller vap edit "MBO-Test" set max-clients 15 set ssid "MBO-Test-01" set pmf enable set pmf-assoc-comeback-timeout 8 set mbo enable set gas-comeback-delay 0 set gas-fragmentation-limit 2048 set mbo-cell-data-conn-pref prefer-use set passphrase <somepassword> set schedule "always" set target-wake-time disable set igmp-snooping enable unset broadcast-suppression set mu-mimo disable set quarantine disable set dhcp-option82-insertion enable set qos-profile "test" nextend

Enable the VAP on a WTP profile:

config wireless-controller wtp-profile edit "FAP234F-default" set ble-profile "new" set wan-port-mode wan-lan config lan set port-mode bridge-to-ssid set port-ssid "16sep" end set handoff-sta-thresh 55 set ip-fragment-preventing tcp-mss-adjust icmp-unreachable set allowaccess https ssh snmp set poe-mode high set frequency-handoff enable set ap-handoff enable config radio-1 set band 802.11ax set short-guard-interval enable set auto-power-level enable set auto-power-high 21 set auto-power-low 1 set darrp enable set vap-all manual set vaps "MBO-Test" set channel "1" "6" "11" end config radio-2 set band 802.11ax-5G set short-guard-interval enable set auto-power-level enable set auto-power-low 1 set darrp enable set vap-all manual set vaps "MBO-Test" set channel "36" "40" "44" "48" "149" "153" "157" "161" "165" end config radio-3 set mode monitor set wids-profile "default" end config lbs set station-locate enable end nextend

Verify the MBO settings are pushed to the FortiAP:

# diagnose debug application wpad 25521176.239 Received data - hexdump(len=153): 13 02 00 00 00 00 00 00 00 00 00 00 B0 01 A5 C0 ................ 7E 14 01 00 04 D5 90 E9 F4 E0 46 50 34 33 31 46 ~.........FP431F 54 46 32 30 30 30 30 30 31 35 00 00 00 00 00 00 TF20000015...... 80 18 39 91 FF 7F 00 00 00 E2 C2 90 07 E0 32 AC ..9...........2. FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 78 BF E1 15 00 00 00 00 ........x....... 00 00 01 00 31 00 00 00 D0 00 3C 00 04 D5 90 E9 ....1.....<..... F4 E0 A0 51 0B 4A 84 F4 FF FF FF FF FF FF A0 03 ...Q.J.......... 04 0A 00 6C 02 00 00 10 00 00 01 02 00 10 01 DD ...l............ DD 06 00 50 6F 9A 12 01 02 ...Po....21176.239 HOSTAPD: <0>192.165.1.176:5246<1-0> entering state RUNmgmt::action: GAS: GAS Initial Request from a0:51:0b:4a:84:f4 (dialog token 0)ANQP: 1 Info IDs requested in Query listANQP: Unsupported WFA vendor type 18ANQP: Locally generated ANQP responses - hexdump(len=0):ANQP: Initial response (no comeback)21176.239 Sending data - hexdump(len=141): 0C 03 00 00 00 00 00 00 00 00 00 00 B0 01 A5 C0 ................ 7E 14 01 00 04 D5 90 E9 F4 D0 00 00 00 00 00 00 ~............... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

On the FortiAP, verify the MBO settings are pushed from the FortiGate:

# vcfg-------------------------------VAP Configuration 1----------------------------Radio Id 0 WLAN Id 0 MBO-Test-01 ADMIN_UP(INTF_UP) init_done 0.0.0.0/0.0.0.0 unknown (-1) vlanid=0, intf=wlan00, vap=0x12b8018, bssid=e0:23:ff:b2:18:70 11ax high-efficiency=enabled target-wake-time=disabled bss-color=0 partial=enabled mesh backhaul=disabled local_auth=disabled standalone=disabled nat_mode=disabled local_bridging=disabled split_tunnel=disabled intra_ssid_priv=disabled mcast_enhance=disabled igmp_snooping=enabled mac_auth=disabled fail_through_mode=disabled sta_info=0/0 mac=local, tunnel=8023, cap=8ce0, qos=disabled prob_resp_suppress=disabled rx sop=disabled sticky client remove=disabled mu mimo=disabled ldpc_config=rxtx dhcp_option43_insertion=enabled dhcp_option82_insertion=enabled, dhcp_option82_circuit_id=disable, dhcp_option82_remote_id=disable access_control_list=disabled bc_suppression= auth=WPA2, PSK, AES WPA keyIdx=4, keyLen=16, keyStatus=1, gTsc=000000000000 key=dee8be7d 3675eda2 7123f695 1d740319 pmf=required okc=disabled, dynamic_vlan=disabled, extern_roaming=disabled voice_ent(802.11kv)=disabled, fast_bss_trans(802.11r)=disabled mbo=enabled airfairness weight: 20% schedules=SMTWTFS 00:00->00:00, ratelimit(Kbps): ul=100 dl=0 ul_user=0 dl_user=0 burst=disabled-------------------------------VAP Configuration 2----------------------------Radio Id 1 WLAN Id 0 MBO-Test-01 ADMIN_UP(INTF_UP) init_done 0.0.0.0/0.0.0.0 unknown (-1) vlanid=0, intf=wlan10, vap=0x12b8860, bssid=e0:23:ff:b2:18:78 11ax high-efficiency=enabled target-wake-time=disabled bss-color=0 partial=enabled mesh backhaul=disabled local_auth=disabled standalone=disabled nat_mode=disabled local_bridging=disabled split_tunnel=disabled intra_ssid_priv=disabled mcast_enhance=disabled igmp_snooping=enabled mac_auth=disabled fail_through_mode=disabled sta_info=0/0 mac=local, tunnel=8023, cap=8ce0, qos=disabled prob_resp_suppress=disabled rx sop=disabled sticky client remove=disabled mu mimo=disabled ldpc_config=rxtx dhcp_option43_insertion=enabled dhcp_option82_insertion=enabled, dhcp_option82_circuit_id=disable, dhcp_option82_remote_id=disable access_control_list=disabled bc_suppression= auth=WPA2, PSK, AES WPA keyIdx=4, keyLen=16, keyStatus=1, gTsc=000000000000 key=6042ccb8 66c18743 18cdb5d0 12f9c0fc pmf=required okc=disabled, dynamic_vlan=disabled, extern_roaming=disabled voice_ent(802.11kv)=disabled, fast_bss_trans(802.11r)=disabled mbo=enabled airfairness weight: 20% schedules=SMTWTFS 00:00->00:00, ratelimit(Kbps): ul=100 dl=0 ul_user=0 dl_user=0 burst=disabled-------------------------------Total 2 VAP Configurations----------------------------

Verify the beacon frames in the packet captures: