Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ralph_uy
New Contributor

Connected to AP but no internet connection

Hope someone can help me out with this issue. client are connected to the AP but no internet connection Icon on mobile showing with exclamation mark

Icon on computer showing yellow triangle

Issue is, it is connected for some time then suddenly lose internet connection and then after some time will be gain internet access again. or if you disconnect and connect again you will gain internet access again.

 

there is a DNS server installed on one of the site DC. main DC is in another country.

DNS setup is

DNS1: ISP DNS

DNS2: DNS server IP

 

i will be attaching full configuration.

 

Setup

AP1:

Radio 2.4: channel 1,11

Radio 5.0: channel 36

Frequency Hand off: disable

AP Hand off: disable

Darrp: disable

SSID: wifi1,guest1

 

AP2:

Radio 2.4: channel 6

Radio 5.0: channel 40,48

Frequency Hand off: disable

AP Hand off: disable

Darrp: disable

SSID: wifi2,guest2

 

AP3:

Radio 2.4: channel 1,11

Radio 5.0: channel 44

Frequency Hand off: disable

AP Hand off: disable

Darrp: disable

SSID: wifi1,guest1

 

21 REPLIES 21
Dave_Hall
Honored Contributor

Hi Ralph.

 

Are these APs being controlled by a Fortigate device or connected directly to the cloud?

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

ralph_uy

Yes connected to Fortigate 60E

Dave_Hall
Honored Contributor

Assuming the 60E is acting as a wifi controller:

 

Check the "Wifi & Switch Controller->Managed APs" to confirmed the 60E still shows the APs connected.  See if you can ping the AP's IP addresses.  

 

Have someone on site check the status of the LEDs (pic is from a U421EV PDF):

 

 

 

Check the Monitor->WiFi Client Monitor" to see if there are any clients connected or connecting.

Check for DHCP IP pool exhaustion. Check the DHCP monitor for any IP conflicts.

Perform ping/traceroute tests (both to/from the 60E).

 

 

 

ralph.uy@mondiamedia.com wrote:

Yes connected to Fortigate 60E

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

ralph_uy

*all AP is showing up on the fortigate *i can ping the AP from any Device and from the firewall.

*from AP cli, i can ping the firewall. but i cannot ping the device connected, though in the device there is still an IP address, but it seems like in actual it lose it's IP. as well as from the device i cannot ping the gateway and the AP.

 

*all AP is steady green and can ping google.

 

*i am not seeing any IP conflict.

 

*in wifi client monitor i cannot see the status if the device is connected or connecting. but it is shoing there with an IP address.

 

*Check for DHCP IP pool exhaustion: i don't know if there is a way to check this via logs on either AP/firewall. but currently, IP Pool is 250 and connected device most of the time is 50.

ralph_uy

BTW, the fortigate is acting as DHCP server and it has 3 VLAN configuration

on fortigate VLAN 30 is for wireless.

and SSID is on Bridge mode.

guest wifi is on tunnel mode.

do i need to do some configuration on the AP cli for vlan tagging?

Dave_Hall
Honored Contributor

Kinda hard to discern where the problem is without knowing if you are performing these troubleshooting steps during the times when these devices loose connection to the Internet.  

 

If the problem affects more than one device and happens at random times during the day, that would seem to indicate a connectivity issue, perhaps due to one of the following:

- physical cable connection issue somewhere from the AP, through cable/wall drop/patch panel/switch/fgt.

- failing network switch/duplex/speed mismatch/network loop.

- rogue DHCP server (e.g. router) plugged into the network somewhere or devices assigned static IPs.

- DHCP IP lease exhaustion (

 

If the problem is wifi/AP related, I would check to confirmed the firmware on the fgt and on the APs are compatible, the AP profile (and SSIDs) are correct.  Check rogue AP monitor and WiFi Health Monitor for possible interference. 

 

To help with troubleshooting, enable Device Detection on the internal/SSID interfaces and go into the "User & Devices->Device Inventory" page  - the online device info should in theory match the devices assigned IPs by the DHCP server (service). 

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

ralph_uy

# "if the problem affects more than one device and happens at random times during the day"

 it happens on all device at random occurence.

 

# "physical cable connection issue somewhere from the AP, through cable/wall drop/patch panel/switch/fgt."

to isolate the issue, i use a new cable connection, different port. tested working one without issue (previously used with other AP with no issue) same issue.

# "failing network switch/duplex/speed mismatch/network loop"

to isolate the issue, i directly connect it to FGT. internal 3 and created new subnet and created IPv4 policy to allow internet access. same issue.

 

# "rogue DHCP server (e.g. router) plugged into the network somewhere or devices assigned static IPs."

i created an IPv4 Policy to deny all traffic going to inter3 port where the wifi is connected and allow internet traffic to internal3 port.

 

# "DHCP IP lease exhaustion"

under internal3 port where the AP is now connected, has a new IP Pool range. and less than 10 device is connected.

 

 

#"To help with troubleshooting, enable Device Detection on the internal/SSID interfaces and go into the "User & Devices->Device Inventory" page  - the online device info should in theory match the devices assigned IPs by the DHCP server (service). "

=Device detection is enabled and on Device inventory and DHCP monitor it is showing the device online with correct IP.

 

ralph_uy

i isolated radio, seems like only 5.0ghz radio having the issue.

Fortichef

Hi ralph, We're experiencing the same problem with managed universal fortiaps by fortigate. Did you find a solution?