- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiAP
- FortiClient
- FortiADC
- FortiAnalyzer
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiExtender
- FortiEDR
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiProxy
- FortiPortal
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiAP 220B unable to discover Controller
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiAP 220B unable to discover Controller
i am using 310B as wirless controller and 221c, 221B and 220B as clients. Connected to wirless controller from remote site in tunnel mode.
i have only one 220B forti AP and it is unable to connect to wireless controller. it behaves very strange. I have configure through GUI and CLi as well. The AP is connected over ipsec VPN.
FAP22B3U10005888 # factoryreset This operation will reset the system to factory default! Do you want to continue? (y/n)y FG300B3908600454 # execute telnet 172.23.3.110 FAP22B3U10005888 login: admin BusyBox v1.15.0 (2014-09-16 17:39:37 PDT) built-in shell (ash) Enter 'help' for a list of built-in commands. FAP22B3U10005888 # cfg -s BAUD_RATE:=9600 ADMIN_TIMEOUT:=5 ADDR_MODE:=DHCP AP_IPADDR:=192.168.1.2 AP_NETMASK:=255.255.255.0 IPGW:=192.168.1.1 AP_MODE:=0 DNS_SERVER:=208.91.112.53 STP_MODE:=0 AP_MGMT_VLAN_ID:=0 TELNET_ALLOW:=0 HTTP_ALLOW:=1 DDNS_ENABLE:=0 AC_DISCOVERY_TYPE:=0 AC_IPADDR_1:=192.168.1.1 AC_HOSTNAME_1:=_capwap-control._udp.example.com AC_DISCOVERY_MC_ADDR:=224.0.1.140 AC_DISCOVERY_DHCP_OPTION_CODE:=138 AC_CTL_PORT:=5246 AC_DATA_CHAN_SEC:=2 MESH_AP_TYPE:=0 MESH_MAX_HOPS:=4 MESH_SCORE_HOP_WEIGHT:=50 MESH_SCORE_CHAN_WEIGHT:=1 MESH_SCORE_RATE_WEIGHT:=1 MESH_SCORE_BAND_WEIGHT:=100 MESH_SCORE_RSSI_WEIGHT:=100 FAP22B3U10005888 # fap-get-status Version: FortiAP-220B v5.2,build216,140916 (GA) Serial-Number: FAP22B3U10005888 BIOS version: 04000008 Regcode: ALL Base MAC: 00:09:0f:e8:81:d0 Hostname: FAP22B3U10005888 Branch point: 216 Release Version Information: GA FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : SULKING wtp-ip-addr : 172.23.3.110 ac-ip-addr : 0.0.0.0:0,0 base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: clear-text ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 # FAP22B3U10005888 # cfg -a AC_IPADDR_1=172.22.250.5 FAP22B3U10005888 # cfg -c restarting wtp daemon ... FAP22B3U10005888 # FAP22B3U10005888 # FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : DISCOVERY wtp-ip-addr : 172.23.3.110 ac-ip-addr : 172.22.250.5:5246,5247 base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: dtls-enabled ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : AC_IP_DISCOVER wtp-ip-addr : 172.23.3.110 ac-ip-addr : 0.0.0.0:0,0 -----After sometime Controller IP addres change back to 0.0.0.0/0. base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: dtls-enabled ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 # FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : DISCOVERY wtp-ip-addr : 172.23.3.110 ac-ip-addr : 224.0.1.140:5246,0 base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: dtls-enabled ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : IDLE wtp-ip-addr : 172.23.3.110 ac-ip-addr : 0.0.0.0:0,0 base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: clear-text ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : DISCOVERY wtp-ip-addr : 172.23.3.110 ac-ip-addr : 255.255.255.255:5246,0 -----Now change to broadcast address.... base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: clear-text ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : DISCOVERY wtp-ip-addr : 172.23.3.110 ac-ip-addr : 255.255.255.255:5246,0 base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: clear-text ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : SULKING wtp-ip-addr : 172.23.3.110 ac-ip-addr : 0.0.0.0:0,0 base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: clear-text ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 # cw_diag -c wtp-cfg WTP Configuration name : FAP22B3U10005888 loc : N/A ap mode : thin AP radio cnt : 2 echo-interval : 30 discovery-interval : 5 report-interval : 30 idle-timeout : 300 statistics-interval : 120 fsm-state : SULKING wtp-ip-addr : 172.23.3.110 ac-ip-addr : 0.0.0.0:0,0 base-mac : 00:09:0f:e8:81:d0 bulk data seq num : -1 ap-mgmt-vlanid : 0 data-channel-security: clear-text ip-frag-prevent : disabled LAN port cnt : 0 FAP22B3U10005888 #
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see you setting a static IP on the 220B, but do not see the netmask or gateway being set - after that first reset. I assume you want something like...
ADDR_MODE=STATIC
AP_IPADDR=172.23.3.110
AP_NETMASK=255.255.255.0
IPGW=172.23.3.1
AC_IPADDR_1=172.22.250.5
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the same problem here...
I hate it...
frequently the SULKING status is annoying....
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When the AP should be connecting to a remote controller then discovery should be set to static.... you are seeing the above because it's still set to auto so it goes through all the discovery methods.
#cfg -a AC_DISCOVERY_TYPE=1
#cfg -c
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just want to add that the default auto modes are broadcast, multicast and DHCP option 138. Since this is an ipsec VPN tunnel connection, I think only DHCP option 138 or static settings are applicable here. So if option 138 is not set up on the DHCP server, then static settings are needed.
I'm going to assume you have made sure that the 220B's firmware is compatible with the Fortigate's own firmware.
May not apply in this case, but one thing I have noticed while troubleshooting two AP connections earlier today is the default factory IP (192.168.1.2) assigned to the APs can cause problems if you are connecting them to a subnet with an device using that same IP. You would think the APs would grab IP leases from the DHCP server, but didn't happen in this case -- the DHCP server itself was located at that same IP (192.168.1.2).
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hello, everyone..
yesterday I have directly connected to the FortiGate with FortiAPs...
FAP220B x1, FAP221B x1 <=>FortiGate
220B: 5.0, b0075
221B: 5.2.1, b212
sometimes, the FGT can not get the FAP220B connection and lose it...
in that case, FAP220B always shows the annonying SULKING status...
I need to wait a long time and do power-down/up this FAP
MAYBE it possibly get back to RUN status...maybe...
I don't understand what's happen??
FAP220B config: default
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
Related Posts
- Wifi-Bridge with FortiWifi as controller in... 514 Views
- FortiAP 221E R2 channel "0" (radio... 507 Views
- FortiAP/Wifi Controller: Make Groups Useful! 197 Views
- AP-Fail 2429 Views
- FortiGate/FortiAp Rolling Upgrade does not work? 646 Views
Labels
-
fortigate
7,013 -
FortiClient
1,379 -
5.2
801 -
5.4
639 -
FortiManager
609 -
FortiAnalyzer
443 -
6.0
416 -
FortiAP
371 -
FortiSwitch
367 -
5.6
362 -
FortiClient EMS
285 -
FortiMail
273 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
171 -
6.4
128 -
FortiNAC
123 -
FortiGuard
112 -
IPsec
103 -
SSL-VPN
93 -
FortiGateCloud
92 -
FortiSIEM
92 -
FortiCloud Products
90 -
FortiToken
77 -
Customer Service
75 -
Wireless Controller
64 -
4.0MR3
64 -
FortiProxy
48 -
FortiADC
45 -
FortiEDR
43 -
SD-WAN
43 -
Fortivoice
43 -
FortiDNS
38 -
FortiExtender
36 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiAuthenticator
32 -
FortiSwitch v6.4
32 -
Firewall policy
31 -
VLAN
28 -
High Availability
28 -
FortiConnect
24 -
FortiWAN
23 -
FortiConverter
22 -
ZTNA
21 -
DNS
21 -
BGP
19 -
FortiGate v5.2
19 -
SAML
18 -
FortiPortal
18 -
Certificate
18 -
FortiSwitch v6.2
17 -
LDAP
17 -
VDOM
16 -
FortiMonitor
14 -
Authentication
14 -
FortiLink
14 -
Interface
14 -
FortiCASB
14 -
FortiDDoS
14 -
Logging
14 -
FortiGate v5.0
13 -
Fortigate Cloud
13 -
Routing
13 -
RADIUS
11 -
NAT
11 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
Application control
10 -
Web profile
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
RMA Information and Announcements
8 -
FortiBridge
8 -
WAN optimization
8 -
FortiGate v4.0 MR3
8 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Traffic shaping policy
6 -
FortiAP profile
6 -
Static route
6 -
IPS signature
5 -
Packet capture
5 -
Proxy policy
5 -
FortiAI
5 -
Automation
5 -
FortiCache
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
Antivirus profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
OSPF
4 -
Web rating
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
Fortinet Engage Partner Program
3 -
FortiCWP
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
FortiDB
3 -
Intrusion prevention
3 -
Protocol option
2 -
FortiInsight
2 -
NAC policy
2 -
System settings
2 -
Users
2 -
VoIP profile
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
4.0MR1
1 -
TACACS
1 -
Subscription Renewal Policy
1 -
Replacement messages
1 -
FortiNDR
1 -
Schedule
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
DLP sensor
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1032 | |
| 853 | |
| 500 | |
| 440 | |
| 146 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.