Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Baptiste
Contributor II

Cluster A/P and wifi controler HA for Forti AP

Hi,

I'm currently running an A/P cluster with 2 x 100D, on v6.0.6.

SSID are setup on tunnel mode.

 

If I reboot active FGT, all FortiAP are seen offline for 10/15 minutes

 

I found this doc for a fast failover for integrated Wifi controler 

https://docs.fortinet.com/document/fortiap/6.2.0/fortiwifi-and-fortiap-cookbook/204163/1-1-fast-fail...

But in a cluster, there's just a single shared interface with capwap enable.

I know I can add a dedicated inerface on each FGT : is it a good way to enable resiliency for wifi controler ?

 

Thanks !

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
4 REPLIES 4
Toshi_Esumi
Esteemed Contributor III

I was skeptical about your outcome so I tested the same with our office 60Es in HA A-P cluster with four FAPs. After swapping over, I could get connected to one of tunnel mode SSIDs within 2-3 min (internet path took that long to recover) and confirmed all of them are "online" (took me another minute or two to get on the GUI since our RADIUS servers are not local). Definitely much less than 10-15 min.

Is your HA operation normal? Are they in sync (What's in "get sys ha status")? I suspect something is wrong with HA.

Baptiste

Thanks for your hint.

There is some errors when slave become master, it's "out of sync"...

Reboot slave, everything came back (ha sync, FAP online).

 

I change HA to A-A, there's no more error on sync if I reboot a device.

But my FAP are still connected to old "master" (Discovered AC point tothe device that have been rebooted)

 

I remember I did theses tuning :

https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD40970&sliceId=...

# config wireless-controller global # set max-retransmit 3 <<<< default - please input integer value (0-64) ---> increase to 25 # config wireless-controller timers # set echo-interval <1-255> ---> increase to 100 # end

 

This can be the reason why it may takes more time to switch to the new master... ???

 

 

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
Toshi_Esumi
Esteemed Contributor III

The adjustment is not a problem itself. Instead you have a problem causing the FGT having hard time communicating with FAPs. You need to find & fix that problem(s). Maybe on the cable that might be aggregated, or have multiple APs with mesh (no wire) with long distance, or else.

ac1
Contributor II

Make sure the FortiGate interface has the correct settings in the advanced settings to set the wireless controller:

 

interface.png

 

Clearly it must be the gateway of the FortiAP subnet. Alternatively, these steps are required on the DHCP Server:

Campus WLAN Deployment Guide | FortiAP / FortiWiFi 7.0.0 | Fortinet Documentation Library

 

ac1

Labels
Top Kudoed Authors