I'm struggling to bring a FortiAP -221c access point to an online status. It's currently authorized but the status is offline. I'm able to ping the AP, access the configuration via Telnet and/or SSH. I'm unable to configure via HTTP/HTTPS. Below are details of the current configuration. Any advise? Thanks.
FortiWiFi 90D Host Name: FWF90D Operation Mode: NAT Firmware Version: v5.4.7,build1167 (GA) FortiAP Status
Version: FortiAP-221C v5.4,build0371,171102 (GA) BIOS version: 04000003 System Part-Number: P15285-01 Regcode: A Base MAC: 70:4c:a5:28:e0:b0 Hostname: FP221C Branch point: 371 Release Version Information: GA cfg -s
BAUD_RATE:=9600 ADMIN_TIMEOUT:=5 WANLAN_MODE:=WAN-ONLY ADDR_MODE:=STATIC AP_IPADDR:=192.168.10.7 AP_NETMASK:=255.255.255.0 IPGW:=192.168.10.254 AP_MODE:=0 DNS_SERVER:=192.168.10.13 STP_MODE:=0 AP_MGMT_VLAN_ID:=0 ALLOW_TELNET:=2 ALLOW_HTTP:=2 ALLOW_HTTPS:=2 ALLOW_SSH:=2 DDNS_ENABLE:=0 AC_DISCOVERY_TYPE:=0 AC_IPADDR_1:=192.168.10.254 AC_IPADDR_2:= AC_IPADDR_3:= AC_HOSTNAME_1:=_capwap-control._udp.example.com AC_HOSTNAME_2:= AC_HOSTNAME_3:= AC_DISCOVERY_MC_ADDR:=224.0.1.140 AC_DISCOVERY_DHCP_OPTION_CODE:=138 AC_DISCOVERY_FCLD_APCTRL:= AC_DISCOVERY_FCLD_ID:= AC_DISCOVERY_FCLD_PASSWD_ENC:= AC_CTL_PORT:=5246 AP_DATA_CHAN_SEC:=clear,ipsec,dtls MESH_AP_TYPE:=0 MESH_MAX_HOPS:=4 MESH_SCORE_HOP_WEIGHT:=50 MESH_SCORE_CHAN_WEIGHT:=1 MESH_SCORE_RATE_WEIGHT:=1 MESH_SCORE_BAND_WEIGHT:=100 MESH_SCORE_RSSI_WEIGHT:=100 LED_STATE:=2
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
GUI access (HTTPS) is controlled by:
ALLOW_HTTPS=?
Where ? means...
0 - https disable 1 - https enable 2 - controlled by AC (default) But I think by default you should be able to connect to the GUI on HTTP until it establishing a connection to the wifi controller. E.g. the first 3-5 mins (or so) after a cold/warm boot.
The only times I seen something like this is it is when the AP is/was located on a network switch nested some 2-3 ptp links down from the fgt router and there may have been a vlan involved.
The other time is when the fgt has reached the hardware max limit for controlling APs devices. For example, my little 30E can only control 2 x APs.
If VLANs are not involved, I suggest try connecting the AP directly to a port (assuming the same subnet as your static IP settings) on the fgt and reboot it.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Try changing ALLOW_HTTPS to 1 (for testing only). Then see if you can log into the GUI. Try using an alternate browser.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Based on the screenshots everything looks right. Since it appears you can both access the fgt and AP directly by IP, I assume there is no VLAN involved, therefor I suggest you making sure you checked CAPWAP on the interface that the AP is connected to.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.