FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
avalle_FTNT
Staff
Staff

Description
This article explains how to troubleshoot FortiWifi client connections using the client MAC address

For more in-depth Wifi trouble shooting use the following link
Fortinet 5.4 Docs  > Chapter 12 - FortiWiFi and FortiAP Configuration Guide > Troubleshooting Home >...
Scope
FortAP Wifi Troubleshooting

Solution
These commands can help to verify connection issues in a wireless environment:

diagnose debug reset

- Verify if there is a parameter configured:

diagnose wireless-controller wlac sta_filter

- To delete filters:

diagnose wireless-controller wlac sta_filter clear

- Add MAC client filter:

diagnose wireless-controller wlac sta_filter <MAC> <verbose>
diagnose wireless-controller wlac sta_filter 2c:4d:54:bd:5d:56 255
diagnose debug enable

Example:

83689.180 2c:4d:54:bd:5d:56 <ih> IEEE 802.11 mgmt::assoc_req <== 2c:4d:54:bd:5d:56 ws (0-192.168.1.111:5246) vap WiFi rId 0 wId 0 90:6c:ac:39:20:25 <---- SSID
83689.181 2c:4d:54:bd:5d:56 cw_sta_load_chk ws (0-192.168.1.111:5246) rId 0 wId 0 sta 2c:4d:54:bd:5d:56 <------------- client MAC
83689.181 2c:4d:54:bd:5d:56 cw_sta_balancing: ws (0-192.168.1.111:5246) 2c:4d:54:bd:5d:56 enters balancing, rId 0, wId 0, fho 0, apho 0, 5G 0, sta_cnt 0, sta_th 30
83689.181 2c:4d:54:bd:5d:56 cw_sta_balancing: ws (0-192.168.1.111:5246) 2c:4d:54:bd:5d:56 exits balancing, no need
83689.182 2c:4d:54:bd:5d:56 <ih> IEEE 802.11 mgmt::assoc_resp ==> 2c:4d:54:bd:5d:56 ws (0-192.168.1.111:5246) vap WiFi rId 0 wId 0 90:6c:ac:39:20:25
83689.183 2c:4d:54:bd:5d:56 <dc> STA add 2c:4d:54:bd:5d:56 vap WiFi ws (0-192.168.1.111:5246) rId 0 wId 0 bssid 90:6c:ac:39:20:25 NON-AUTH   band 0x8 mimo 1*0
83689.183 2c:4d:54:bd:5d:56 <cc> STA_CFG_REQ(174) sta 2c:4d:54:bd:5d:56 add ==> ws (0-192.168.1.111:5246) rId 0 wId 0
83690.187 2c:4d:54:bd:5d:56 <cc> STA add 2c:4d:54:bd:5d:56 vap WiFi ws (0-192.168.1.111:5246) rId 0 wId 0 90:6c:ac:39:20:25 sec WPA2 PERSONAL auth 0 <---- Authentication type
83690.188 2c:4d:54:bd:5d:56 cwAcStaRbtAdd: I2C_STA_ADD insert sta 2c:4d:54:bd:5d:56 192.168.1.111/0/0/1
83690.193 2c:4d:54:bd:5d:56 <cc> STA_CFG_RESP(174) 2c:4d:54:bd:5d:56 <== ws (0-192.168.1.111:5246) rc 0 (Success)
24220.194 2c:4d:54:bd:5d:56 <eh>     send 1/4 msg of 4-Way Handshake
24220.194 2c:4d:54:bd:5d:56 <eh>     send IEEE 802.1X ver=2 type=3 (EAPOL_KEY) data len=95 replay cnt 1
24220.194 2c:4d:54:bd:5d:56 <eh> IEEE 802.1X (EAPOL 99B) ==> 2c:4d:54:bd:5d:56 ws (0-192.168.1.111:5246) rId 0 wId 0 90:6c:ac:39:20:25
24220.310 2c:4d:54:bd:5d:56 <eh> IEEE 802.1X (EAPOL 121B) <== 2c:4d:54:bd:5d:56 ws (0-192.168.1.111:5246) rId 0 wId 0 90:6c:ac:39:20:25
24220.310 2c:4d:54:bd:5d:56 <eh>     recv IEEE 802.1X ver=1 type=3 (EAPOL_KEY) data len=117
24220.311 2c:4d:54:bd:5d:56 <eh>     recv EAPOL-Key 2/4 Pairwise replay cnt 1
24220.311 2c:4d:54:bd:5d:56 <eh>     send 3/4 msg of 4-Way Handshake
24220.312 2c:4d:54:bd:5d:56 <eh>     send IEEE 802.1X ver=2 type=3 (EAPOL_KEY) data len=151 replay cnt 2
24220.312 2c:4d:54:bd:5d:56 <eh> IEEE 802.1X (EAPOL 155B) ==> 2c:4d:54:bd:5d:56 ws (0-192.168.1.111:5246) rId 0 wId 0 90:6c:ac:39:20:25
24220.318 2c:4d:54:bd:5d:56 <eh> IEEE 802.1X (EAPOL 99B) <== 2c:4d:54:bd:5d:56 ws (0-192.168.1.111:5246) rId 0 wId 0 90:6c:ac:39:20:25
24220.319 2c:4d:54:bd:5d:56 <eh>     recv IEEE 802.1X ver=1 type=3 (EAPOL_KEY) data len=95
24220.319 2c:4d:54:bd:5d:56 <eh>     recv EAPOL-Key 4/4 Pairwise replay cnt 2
83690.321 2c:4d:54:bd:5d:56 <dc> STA chg 2c:4d:54:bd:5d:56 vap WiFi ws (0-192.168.1.111:5246) rId 0 wId 0 bssid 90:6c:ac:39:20:25 AUTH
83690.321 2c:4d:54:bd:5d:56 <cc> STA chg 2c:4d:54:bd:5d:56 vap WiFi ws (0-192.168.1.111:5246) rId 0 wId 0 90:6c:ac:39:20:25 sec WPA2 PERSONAL auth 1 ******
83690.322 2c:4d:54:bd:5d:56 <cc> STA_CFG_REQ(175) sta 2c:4d:54:bd:5d:56 add key (len=16) ==> ws (0-192.168.1.111:5246) rId 0 wId 0
83690.325 2c:4d:54:bd:5d:56 <cc> STA_CFG_RESP(175) 2c:4d:54:bd:5d:56 <== ws (0-192.168.1.111:5246) rc 0 (Success)
24220.326 2c:4d:54:bd:5d:56 <eh>     ***pairwise key handshake completed*** (RSN)


Contributors