Hi All,
I am in need of some expert advise on this after exhausting Forti TAC support.
Details:
FW: 7.2.4
AP: 7.0 Build 0031 (latest).
H/W: U231F
Problem: The AP's are all using the same channels and because of that when users are roaming they get disconnected and I have to either reboot them or put them into a different AP profile and limit the channels they can use so that each AP uses different channels - this is particularly for 5Ghz.
I don't understand why even with RRP - Enabled and DFC channels selected the APs are selecting the same channel and I can confirm the AP signals are overlapping so why is the AP not smart enough to move the AP's to different channels?
Can someone please guide me on what am I missing here and Forti-TAC's suggestion is to create an individual profile for each AP and enable RRP but limit the channels or make sure they don't overlap.
Your help is much appreciated.
Wireless Controller, #firewal
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Graham,
Thank you very much for your assistance and the command that you shared.
I was able to prove from that command that the DARRP was not working at all because it had no values on the RSSI and Inteferences.
Its all fixed now with the help of an engineering version Forti OS.
Thanks again for all your help.
How many APs do you have?
What is your DARRP profile look like?
What is your AP Profile look like?
How are you confirming the APs can hear each other? They need to hear each other for DARRP to be effective.
Created on 05-11-2023 05:20 PM Edited on 05-11-2023 05:22 PM
Hi Graham,
This particular site has below setup:
a) 3 APS
b) The DARRP profile has the standard settings except the DFS and weather enabled.
c) On the AP Profile:
AP Handoff is unchecked, RRP enabled, Transmit Power set to Percent and at 100%, Monitor Channel utilization enabled, Channel width set to 40Mhz.
We can confirm the AP's can hear each other because we did see it via the Wi-Fi analyzer and at any time this 2 AP's are on the same channel it cannot do roaming.
OK first of all yes maybe something is wrong with DARRP if your APs are all on the same channel. However, you almost certainly do not want your APs broadcasting a 100% power and this is most likely the primary cause of your client issues.
You need to understand that an AP transmits at a much higher power than almost every device out there.
The best thing to do is set your AP using dBm and set it between 10-15dBm considering the fact that most mobile phones transmit at 10dBm and laptops at 15dBm (maximum).
there's no point having your AP yelling at 23dBm and having your devices hear it but not be able to speak to it. Just because your devices see a good signal doesn't mean your AP sees one from them.
Likewise, an AP transmitting at such high power will cause a device to think it has no reason to roam.
Best practice is to reduce transmission power of the AP. Next up if you really want to is limit the data rates so clients will only connect at a set minimum data rate as this prevents devices holding on to an AP with low data transmission rates. Forces them off to look for a better AP.
This all assumes you have a valid and complete site survey for your environment and you are sure you have proper penetration for your APs.
Next on to your DARRP stuff, are you using a Wi-Fi analyzer on a laptop? Just because a laptop can see/hear two APs doesn't mean the two APs can hear each other....
Hi Graham,
It was on auto and we are just tweaking around to see if the DARRP actually works. I can switch it back to that value. We used a 3rd party tool to run the scan for us and they have confirmed that it overlaps. I had been in touch with the TAC and he has recommended to creating a new DARRP profile and changing the timer of the DARRP scan to 8 hours instead of the 24 hours current value.
The reason I am also confident that the AP's would be able to reach each other is based on the distance they are located.
What dBm range were you using for Auto Power settings? Again you don't want the upper range to be too high. Going above 15 is generally not a good idea. I would even go lower than 15 if you can.
And please you do need to understand that just because a wi-fi scanner can hear two APs does not mean the two APs can hear each other.This diagram shows you that a device (red box) can hear two APs but the two APs cannot hear each other.
Can you give more details about the 3rd party tool and how it was used to determine the cell sizes?
You can glean much more interesting and useful data directly from the FortiGate. Please issue this command and feel free to post the output somewhere or attach here:
diagnose wireless-controller wlac -c darrp dbg 1
Auto Power Settings = 10-14
The output shows that based on the calculations it is choosing the same channels. I am starting to think that this may be an AP fault too because roamingg from AP3 ---> AP1 there are no drops and a smooth transition. Roaming from AP1 --> AP2, there is drops and unable to reconnect (TAC says channel). I have tried providing a static channel to the AP2 yet it has failures.
Created on 05-15-2023 08:29 AM Edited on 05-15-2023 08:29 AM
Here's a thought. With only three APs why don't you disable RRP completely? Just set channel 1, 6 and 11 accordingly and set your power to something like 10 (these APs looks very close together).
Really looking forward for some help as the AP's are performing terribly on the following:
a) Roaming
b) Darrp (according To TAC).
I am also getting the following errors on the particular AP-02:
Association denied because AP unable to handle additional associated stations.
Wireless client authenticates through OKC failed with no match
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.