Skip to main content
mrodryguez
mrodryguez
New Member
December 31, 2017
Question

Endpoint gets IP but doesn’t work

  • December 31, 2017
  • 2 replies
  • 12535 views
I have a scenario with a Fortigate 500d as Wireless Controller working with FortiAP 223c. I have a profile with 20MHz for 2,4GHz and 80MHz for 5GHz. More than 50% of the clients work fine, but some gets an IP, but can’t even ping its gateway. Some is working well, but suddenly stops navigating. In my tests, most os the endpoints with this problem was linux and iPhone, but sometimes it happens also with Wiindows. I have the same SSID for 2 and 5 frequencies. Can someone please help me!?!?

    2 replies

    Sidewaysguy
    Sidewaysguy
    New Member
    December 31, 2017

    Hi there,

     

    Can you post the details of the wireless profile that you are using?

     

    Cheers,

     

    Sidewaysguy

    mrodryguez
    mrodryguezAuthor
    New Member
    December 31, 2017

    Sidewaysguy, 

     

    Thanks for your fast reply! Follow below as your request:

     

    Radio 1 mode -> Access Point radio resource provision -> enable client load balancing -> Frequency Handoff band -> 2.4 n/g channel width -> 20MHz short guard interval -> enable channels -> 1,6,11 tx power control -> manual 100% ssids -> manual no location based services

    ****************************************

    Radio 2 mode -> Access Point radio resource provision -> enable client load balancing -> Frequency Handoff band -> 5 ac/n/a channel width -> 80MHz short guard interval -> enable channels -> 36,40,44,48,149,153,157,161 tx power control -> manual 100% ssids -> manual no location based services

    ****************************************

    AP configuration

    Radio 1

    WTP mode -> normal

    Band -> 2.4 n

    channel -> 6

    tx power control -> auto

    Radio 2

    Band -> 5 ac/n

    channel -> 149,153,157.161

    tx power control -> auto

    I have 2 SSIDs that is used in both frequencies. One for corporate and other for guest. Corporate as bridge, with wpa2 enterprise and radius. Guest as tunnel, with wpa personal and fortigate as dhcp server. I don't have problems with Corporate, only with guest.

     

    Thanks in advance!

     

    Marcelo

     

     

    Sidewaysguy
    Sidewaysguy
    New Member
    December 31, 2017

    Hey Marcelo,

     

    I'm not sure what the physical coverage is like, but i'm wondering if tx power range may be too low on the bottom end?  In the WiFi Health Monitor, do you see the devices connected but just not passing traffic?  Can you ping them from the firewall?  Also which firmware are you on for the Fortigate and APs?

     

    Cheers,

     

    Sidewaysguy

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    January 2, 2018

    It's very difficult to pin-point the cause if it comes to seemingly random wifi drops. That's why we opened a TT with TAC to get some help. In our case, we have multiple vendor environment within our office and many other rogue APs in our building. Turned out to be another vendor AP's WIPS feature, which I was tesing, was deauthenticating some specific client devices from connecting to FortiAP's SSID. The devices connect to external public SSIDs as well, which caused to be labelled as "misbehaving authorized clients". Your case sounds different but I just wanted to mention about a possibility.

    mrodryguez
    mrodryguezAuthor
    New Member
    January 4, 2018

    Hi Toshi and Sideway, hope you are doing well!

     

    My fortigate firmware is v5.6.3 build1547 (GA). I can't ping the devices from firewall and i can see the device at health monitor, with no traffic.

     

    I understood the moment the problem happens for my device(iphone) and i will investigate if it is similar for others employees having the same problem. In my case, i noticed that when i go outside the room as i have the AP, it moves from 5G to 2,4G and looses connectivity. I can see at the health monitor that the device goes from  channel 36 to 11. As i told you, i have the same name "ssid" for both frequencies and i can't understand why iphone can treat it. The next test that i will do is reduce the beacon time and client iddle time,, in order client can stay more time without roaming the connection. What do you think?

     

    Thanks in advance!

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    January 4, 2018

    If you're suspecting signal reception, you need to use an analyzing tool (I use Acrylic on win10 laptop) to see what kind of signal level the client is getting at those spots while you roam around. FortiGate/AP can tell you only AP side of reception level. That's only a half of the connection. Depending on the area size and obstacles in the area, you might need to add more APs. 5GHz radio can be weakened easily by walls, doors, windows, pillars, and ducts on the ceiling, etc. than 2.4GHz, while 2.4GHz is more crowded by neighbors due to smaller number of channels than 5GHz.

    Terms & ConditionsAccessibility statement