Technical Tip: How to check why FortiAP got Offline from FortiGate

Description

This article describes how to check why FortiAP got offline from FortiGate.

Scope

FortiGate.

Solution

If the already connected FortiAP goes offline from the FortiGate, check the reason why the FortiAP became offline from FortiGate is necessary by using the below command.

diagnose  wireless-controller  wlac -c wtp

Example:

diagnose  wireless-controller  wlac -c wtp
-----------------------------WTP    1----------------------------
WTP vd               : root
    vfid             : 0
    id               : FP223E3X17-----2
    mgmt_vlanid      : 0
    region code      : A
    regcode status   : valid
    refcnt           : 2 own(1) wtpprof(1)
    plain_ctl        : disabled
    deleted          : no
    image-dl(wtp,rst): yes,no
    admin            : enable
    cfg-wtp-profile  : FAP223E-default
    override-profile : disabled
    oper-wtp-profile : FAP223E-default
    wtp-mode         : remote
    bonjour-profile  :
    wtp-group        :
    name             :
    location         :
    led-blink        : disabled
    led-state        : enabled
    led-schedules    :
    poe-mode         : auto
    poe-mode-oper    : invalid
    ext-info-enable  : disabled
    ip-frag-prevent  : TCP_MSS
    tun-mtu          : 1400,1400
    split-tunneling-acl-path         : local
    split-tunneling-local-ap-subnet  : disabled
    active sw ver    : FP223E-v6.2-build5468
    local IPv4 addr  : 10.10.10.4
    board mac        : 70:4c:a5:61:67:b8
    join_time        : Wed Sep 18 03:17:50 2019
    mesh-uplink      : ethernet
    mesh hop count   : 0
    parent wtp id    :
    connection state : Disconnected
    image download progress: 0
    last failure     : 20 -- ECHO REQ is missing                -----> Reason for the FortiAP offline.
    last failure param: N/A
    last failure time: Wed Oct  9 09:13:35 2019
    station info     : 0/0
    geo              : World (0)
  LLDP               : enabled (total 1)
    local port       : eth0
    chassis id       : mac 70:4c:a5:a1:93:9a
    sys name         : S248EFTF18000001
    sys description  : FortiSwitch-248E-FPOE v6.2.1,build0176,190620 (GA)
    capability       : Bridge Router
    port id          : port17
    port description : port17
    MAU oper type    : 1000BaseTFD - Four-pair Category 5 UTP, full duplex mode
    ip               : 169.254.1.4
    vlan id          : N/A
  Radio 1            : Disabled
  Radio 2            : Disabled
  Radio 3            : Not Exist
    WAN/LAN stats    : eth0 bytes rx 1159323682 tx 55567547 packets rx 2466090 tx 407714 dropped rx 608524 tx 0

According to the above example, the FortiAP went offline because of communication issues between FortiAP and FortiGate.

Collect the below output from the FortiAP CLI (Telnet or SSH) to get more information from the FortiAP perspective.

From FortiGate:

execute ssh <ap-ip>
cfg -s
fap-get-status
cw_diag uptime
cw_diag sys-performance
iwconfig
diag_debug_crashlog read
wcfg
rcfg
vcfg
kp
dmesg

• To make SSH or telnet access to the FortiAP, make sure that it is allowed in the FortiAP profile (Wifi & Switch Controller -> FortiAP Profiles, edit the 'respective profile' and allow 'SSH').