Help
FortiAP
FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
GusZ
Staff
Staff

Created on ‎11-14-2024 05:17 AM

Article Id 357709

Technical Tip: FortiAP keeps randomly disconnecting and rebooting after FortiGate (acting as wireless controller) upgrade

Description This article describes a possible cause associated with disconnecting and rebooting FortiAP units and its solution.
Scope FortiAP and FortiGate units acting as wireless controllers upgraded from FortiOS 6.2.1 and older to FortiOS 6.2.2 and newer.
Solution

When a FortiGate unit acting as a wireless controller is upgraded from FortiOS 6.2.1 or older to FortiOS 6.2.2 or newer, the associated FortiAP units might start to randomly disconnect and eventually reboot. By doing so, log entries with action "ap-leave" and reason "AP fsm stuck" or "AP DTLS peer disconnected" will appear, as shown in the examples below:


type="event" subtype="wireless" level="notice" action="ap-leave" msg="AP <AP_NAME> left." logdesc="Physical AP leave" sn="<AP_SERIAL_NUMBER>" ip=<IP_ADDRESS> reason="AP fsm stuck" profile="<WTP_PROFILE_NAME>"

 

And/or:

 

type="event" subtype="wireless" level="notice" action="ap-leave" msg="AP <AP_NAME> left." logdesc="Physical AP leave" sn="<AP_SERIAL_NUMBER>" ip=<IP_ADDRESS> reason="AP DTLS peer disconnected" profile="<WTP_PROFILE_NAME>"


This issue might be caused by the LLDP (Link Layer Discovery Protocol) being disabled in the FortiAP profile definition. Other than facilitating the discovery and troubleshooting of FortiAP units within the Fortinet Security Fabric, LLDP is needed for a stable FortiAP environment.

 

Starting with FortiOS 6.2.2 and above, newly created FortiAP profiles will enable LLDP by default. However, FortiAP profiles created while running FortiOS 6.2.1 or older versions will have LLDP disabled. When upgrading to FortiOS 6.2.2 or above, the LLDP will continue to be disabled, as shown below:


config wireless-controller wtp-profile
    edit <WTP_PROFILE_NAME>
        set lldp disable <-- After upgrading to FortiOS 6.2.2 or above.


To solve the issue with disconnecting, and rebooting FortiAPs, LLDP has to be enabled. Therefore, it is necessary to manually enable LLDP as shown below:


config wireless-controller wtp-profile
    edit <WTP_PROFILE_NAME>
        set lldp enable <-- When running FortiOS 6.2.2 or above, 'unset lldp' will have the same effect as 'enable' is now the default option.

 

Related documents:

FortiOS 7.6.0 CLI Reference - config wireless-controller wtp-profile
FortiWiFi and FortiAP 7.6.0 Configuration Guide - CAPWAP bandwidth formula
Technical Tip: FortiAP-F series reboots unexpectedly
Troubleshooting Tip: FortiAP reboots constantly (PoE not being negotiated correctly by Cisco Switch)
1836
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.