Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sanderl
New Contributor III

Created on ‎02-03-2020 01:49 AM

FAP-221C - offline/disconnected

On a Fortigate 60E with v6.2.3 - build1066 I have 3 FAP-221C FortiAP's successfully "connected". Thus 3 AP's have a fortiprofile connected to them and are working and having clients etc.

 

Now when I want to connect a 4th FAP-221C I have issues. Whatever I tried I can't get this AP "connected". The AP has the latest FW 6.0 Build 0044. I upgraded it via CLI (via 192.168.1.2 etc). If connected that way I can login via SSH and via browser. I have done "factoryreset" and cfg -x the AP and it boots up via POE and via 12V (if I go to it via 192.168.1.2) etc.

 

But when connected to the same interface as the other 3 AP's, having an IP address, can ping from Fortigate, etc. It just does not get "connected"...

 

What can be wrong? the only thing different is that the 3 working APs are model "FAP-221C-E" and the problematic one is "FAP-221C-I"...

 

Please help me out :)

 

EDIT: Now after 1 hour... I see to great astonishment that the AP is sending out a "test123" SSID... just out of the blue despite the FAP has been factory defaulted multiple times via CLI and via the "paperclip... I can successfully connect to that test123 SSID and access my local network instantly without any password... and in the Fortigate everything is the same Ehm... What the heck?

10950
0 Kudos
11 REPLIES 11
tanr
Valued Contributor II

Created on ‎02-03-2020 07:57 AM

Sounds like the problematic one is set for a different region?

5431
0 Kudos
sanderl
New Contributor III
In response to tanr

Created on ‎02-03-2020 08:34 AM

Yes, seems. But how to set right?
5442
0 Kudos
Dave_Hall
Honored Contributor
In response to tanr

Created on ‎02-03-2020 08:43 AM

Log back into the AP's GUI and see if it has located the wifi controller (under AC Discovery Status). If not, make sure CAPWAP is checked on the interface that the AP is connecting through.  I would also manually configure one of the AC IP address entries to point to the Fortigate's IP address.

 

Can't comment on the test123 SSID, but while logged into the AP, check the Wireless Information tab.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
198 KB
5442
0 Kudos
tanr
Valued Contributor II
In response to Dave_Hall

Created on ‎02-03-2020 09:16 AM

I don't know if you can change the region on the FAP itself.  If you bought it recently I would just return it for one with the correct region.  You can see a list of regions from the FortiAP CLI with cw_diag -c all-countries, I think.

 

I think -E is Europe and -I is Israel.

5442
0 Kudos
sanderl
New Contributor III
In response to tanr

Created on ‎02-03-2020 11:13 AM

Dave, tanr, I was not ware of regions... yes I was aware of regions in terms of channels, frequencies etc. but i thought this was all manageable by AP profiles... seems not.

 

I have now selected "AC discovery type broadcast" and that gives me a "online" AP in fortigate. It seems like the AP has some sort of connection with foritapcloud??? And after 20 minutes or so configures its self with a test123 SSID on both 2.4 and 5 gs which is bridged (with no security!). My logic is that when I select broadcast it skips the forticloud (??).

 

Attached the "test123" ssid & the AP is now functional but only gives and error:

 

It all seems a bit strange to me.

 and why is it so frikkin hard to add a picture in this forum.

Preview file
131 KB
5442
0 Kudos
tanr
Valued Contributor II
In response to sanderl

Created on ‎02-03-2020 01:37 PM

Since it's for the wrong region you should really just return it and get one for the correct region if you can.

 

Regarding the FortiAP-Cloud, if you bought it used it might still be set up to be cloud controlled.  IIRC, you can add a FortiGate security policy to block it from WAN access, factory reset it, then when it realizes it can't access FortiCloud you can authorize it from the FortiGate and start to manage it.  Haven't had to do that myself so may be other issues there.

 

5442
0 Kudos
sanderl
New Contributor III
In response to tanr

Created on ‎02-04-2020 05:40 AM

Returning is not an option anymore. I purchased it already. It now works, but with a region mismatch (channel selection is set to correct country no no laws broken there). It seems there should be an option to "change" that I to an E in the AP, anyone aware of how to do this? I think tha hardware is universal as well as the firmware and it can be configured. The little stickers of the model numbers (221C-I 221C-E) on the AP are different than the rest.

5442
0 Kudos
Dave_Hall
Honored Contributor
In response to sanderl

Created on ‎02-04-2020 06:45 AM

Perhaps have a look at KB#FD35116 - there should be a 6.x version of the info but the commands in the KB should still work.

 

sanderl wrote:

[...] It now works, but with a region mismatch (channel selection is set to correct country no no laws broken there). It seems there should be an option to "change" that I to an E in the AP, anyone aware of how to do this? [...]

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
5442
0 Kudos
sanderl
New Contributor III
In response to Dave_Hall

Created on ‎02-04-2020 07:35 AM

Dave, that are settings for the controller, not the AP.

5442
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.