i am using 310B as wirless controller and 221c, 221B and 220B as clients. Connected to wirless controller from remote site in tunnel mode.
i have only one 220B forti AP and it is unable to connect to wireless controller. it behaves very strange. I have configure through GUI and CLi as well. The AP is connected over ipsec VPN.
FAP22B3U10005888 # factoryreset This operation will reset the system to factory default! Do you want to continue? (y/n)y FG300B3908600454 # execute telnet 172.23.3.110 FAP22B3U10005888 login: admin BusyBox v1.15.0 (2014-09-16 17:39:37 PDT) built-in shell (ash) Enter 'help' for a list of built-in commands. FAP22B3U10005888 # cfg -s BAUD_RATE:=9600 ADMIN_TIMEOUT:=5 ADDR_MODE:=DHCP AP_IPADDR:=192.168.1.2 AP_NETMASK:=255.255.255.0 IPGW:=192.168.1.1 AP_MODE:=0 DNS_SERVER:=208.91.112.53 STP_MODE:=0 AP_MGMT_VLAN_ID:=0 TELNET_ALLOW:=0 HTTP_ALLOW:=1 DDNS_ENABLE:=0 AC_DISCOVERY_TYPE:=0 AC_IPADDR_1:=192.168.1.1 AC_HOSTNAME_1:=_capwap-control._udp.example.com AC_DISCOVERY_MC_ADDR:=224.0.1.140 AC_DISCOVERY_DHCP_OPTION_CODE:=138 AC_CTL_PORT:=5246 AC_DATA_CHAN_SEC:=2 MESH_AP_TYPE:=0 MESH_MAX_HOPS:=4 MESH_SCORE_HOP_WEIGHT:=50 MESH_SCORE_CHAN_WEIGHT:=1 MESH_SCORE_RATE_WEIGHT:=1 MESH_SCORE_BAND_WEIGHT:=100 MESH_SCORE_RSSI_WEIGHT:=100 FAP22B3U10005888 # fap-get-status Version: FortiAP-220B v5.2,build216,140916 (GA) Serial-Number: FAP22B3U10005888 BIOS version: 04000008 Regcode: ALL Base MAC: 00:09:0f:e8:81:d0 Hostname: FAP22B3U10005888 Branch point: 216 Release Version Information: GA FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : SULKING wtp-ip-addr : 172.23.3.110 ac-ip-addr : 0.0.0.0:0,0 base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: clear-text ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 # FAP22B3U10005888 # cfg -a AC_IPADDR_1=172.22.250.5 FAP22B3U10005888 # cfg -c restarting wtp daemon ... FAP22B3U10005888 # FAP22B3U10005888 # FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : DISCOVERY wtp-ip-addr : 172.23.3.110 ac-ip-addr : 172.22.250.5:5246,5247 base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: dtls-enabled ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : AC_IP_DISCOVER wtp-ip-addr : 172.23.3.110 ac-ip-addr : 0.0.0.0:0,0 -----After sometime Controller IP addres change back to 0.0.0.0/0. base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: dtls-enabled ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 # FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : DISCOVERY wtp-ip-addr : 172.23.3.110 ac-ip-addr : 224.0.1.140:5246,0 base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: dtls-enabled ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : IDLE wtp-ip-addr : 172.23.3.110 ac-ip-addr : 0.0.0.0:0,0 base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: clear-text ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : DISCOVERY wtp-ip-addr : 172.23.3.110 ac-ip-addr : 255.255.255.255:5246,0 -----Now change to broadcast address.... base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: clear-text ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : DISCOVERY wtp-ip-addr : 172.23.3.110 ac-ip-addr : 255.255.255.255:5246,0 base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: clear-text ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : SULKING wtp-ip-addr : 172.23.3.110 ac-ip-addr : 0.0.0.0:0,0 base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: clear-text ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : SULKING wtp-ip-addr : 172.23.3.110 ac-ip-addr : 0.0.0.0:0,0 base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: clear-text ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 #
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I see you setting a static IP on the 220B, but do not see the netmask or gateway being set - after that first reset. I assume you want something like...
ADDR_MODE=STATIC
AP_IPADDR=172.23.3.110
AP_NETMASK=255.255.255.0
IPGW=172.23.3.1
AC_IPADDR_1=172.22.250.5
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
the same problem here...
I hate it...
frequently the SULKING status is annoying....
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
When the AP should be connecting to a remote controller then discovery should be set to static.... you are seeing the above because it's still set to auto so it goes through all the discovery methods.
#cfg -a AC_DISCOVERY_TYPE=1
#cfg -c
Just want to add that the default auto modes are broadcast, multicast and DHCP option 138. Since this is an ipsec VPN tunnel connection, I think only DHCP option 138 or static settings are applicable here. So if option 138 is not set up on the DHCP server, then static settings are needed.
I'm going to assume you have made sure that the 220B's firmware is compatible with the Fortigate's own firmware.
May not apply in this case, but one thing I have noticed while troubleshooting two AP connections earlier today is the default factory IP (192.168.1.2) assigned to the APs can cause problems if you are connecting them to a subnet with an device using that same IP. You would think the APs would grab IP leases from the DHCP server, but didn't happen in this case -- the DHCP server itself was located at that same IP (192.168.1.2).
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
hello, everyone..
yesterday I have directly connected to the FortiGate with FortiAPs...
FAP220B x1, FAP221B x1 <=>FortiGate
220B: 5.0, b0075
221B: 5.2.1, b212
sometimes, the FGT can not get the FAP220B connection and lose it...
in that case, FAP220B always shows the annonying SULKING status...
I need to wait a long time and do power-down/up this FAP
MAYBE it possibly get back to RUN status...maybe...
I don't understand what's happen??
FAP220B config: default
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1557 | |
1033 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.