FortiAP 231F not connecting to FG

efernandes · ‎05-30-2024

I am having an issue with FAP 231F, they are showing offline/disconnected. They are connected to a FortiSwitch and have VLAN for AP assigned to them. They are not attaining an IP from the FG as well, the DHCP server is working fine as there are other devices on the FG.
Fortigate has been rebooted multiple times, FortiAPs have been factory reset. FSW have been rebooted.
They have all the setting recommended by Fortinet.
FortiGate Version 6.4.15

FSW 7.4.2

Troubleshooting:
-------------------------------WTP 12----------------------------
WTP vd : root
vfid : 0
id : FP231FTF2309E48T
uuid : 3616ddf2-1eba-51ef-9777-531c42d0d742
mgmt_vlanid : 0
region code :
regcode status : valid
refcnt : 2 own(1) wtpprof(1)
apcfg status : N/A,N/A cfg_ac=0.0.0.0:0 val_ac=0.0.0.0:0 cmds T 0 P 0 U 0 I 0 M 0
apcfg cmd details:
plain_ctl : disabled
deleted : no
image-dl(wtp,rst): yes,no
admin : enable
cfg-wtp-profile : FAP231F-default
override-profile : disabled
oper-wtp-profile : FAP231F-default
wtp-mode : remote
cfg-apcfg-prof :
oper-apcfg-pro :
bonjour-profile :
wtp-group :
name : FP231FTF2309E48T
location :
led-blink : disabled
led-state : enabled
led-schedules :
poe-mode : auto
poe-mode-oper : invalid
ext-info-enable : enabled
ip-frag-prevent : TCP_MSS
tun-mtu : 0,0
split-tunneling-acl-path : local
split-tunneling-local-ap-subnet : disabled
active sw ver :
local IPv4 addr : 0.0.0.0
board mac : 00:00:00:00:00:00
join_time : N/A
mesh-uplink : ethernet
mesh hop count : 0
parent wtp id :
connection state : Disconnected
image download progress: 0
last failure : 0 -- N/A
last failure param:
last failure time: N/A
station info : 0/0
geo : World (0)
LAN :
rId : 3
cnt : 2
port 1 : mode offline(0)
port 2 : mode offline(0)
LLDP : enabled (total 0)
SNMP : enabled
Radio 1 : AP
country name : NA
country code : N/A
drma_manual_mode : ncf
radio_type : 11AX
channel list : 1 6 11
darrp : disabled
airtime fairness : disabled
bss color : 0
txpower : high 20 low 10 tgt -70 (calc 0 oper 0 dBm)
beacon_intv : 100
rts_threshold : 2346
frag_threshold : 2346
ap scan : disable
ap scan passive : disabled
sensor mode : disabled
ARRP profile : ---
WIDS profile : ---
wlan 0 : wlan1
wlan 1 : wlan2
wlan 2 : wlan3
max vaps : 8
base bssid : 00:00:00:00:00:00
oper chan : 0
noise_floor : 0
chutil : enabled
oper chutil time : N/A
oper chutil data : N/A
station info : 0/0
Radio 2 : AP
country name : NA
country code : N/A
drma_manual_mode : ncf
radio_type : 11AX_5G
channel list : 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 ...
darrp : disabled
airtime fairness : disabled
bss color : 0
txpower : high 20 low 10 tgt -70 (calc 0 oper 0 dBm)
beacon_intv : 100
rts_threshold : 2346
frag_threshold : 2346
ap scan : disable
ap scan passive : disabled
sensor mode : disabled
ARRP profile : ---
WIDS profile : ---
wlan 0 : wlan1
wlan 1 : wlan2
wlan 2 : wlan3
max vaps : 8
base bssid : 00:00:00:00:00:00
oper chan : 0
noise_floor : 0
chutil : enabled
oper chutil time : N/A
oper chutil data : N/A
station info : 0/0
Radio 3 : Monitor
ap scan passive: disabled
sensor mode : disabled
auto suppress : disabled
fgscan rptintv : 15
spectrum analysis: scan only
ARRP profile : ---
WIDS profile : ---
Radio 4 : Virtual Lan AP
max vaps : 0
base bssid : 00:00:00:00:00:00
station info : 0/0
Radio 5 : Not Exist
WAN/LAN stats :
uplink status :
-------------------------------Total 12 WTPs----------------------------

ARP:

Address Age(min) Hardware Addr Interface
169.254.1.6 0 74:78:a6:d8:ca:06 fortilink
192.168.211.1 0 e8:1c:ba:bd:e1:05 vlan211
10.106.21.1 0 e8:1c:ba:bd:e1:05 port3
169.254.1.3 0 74:78:a6:d8:c9:70 fortilink
169.254.1.5 0 74:78:a6:d8:cb:50 fortilink
10.192.197.170 0 76:1d:0e:78:27:b3 vlan57
192.168.216.1 0 e8:1c:ba:bd:e1:05 vlan216
10.187.197.164 0 f2:21:13:5d:09:11 vlan52
192.168.210.1 0 e8:1c:ba:bd:e1:05 vlan210
169.254.1.2 0 74:78:a6:d8:ca:42 fortilink
169.254.1.4 0 74:78:a6:d8:ca:f6 fortilink

Ap vlan

edit "vlan200fsw"
set vdom "root"
set ip 192.168.200.1 255.255.255.0
set allowaccess ping ssh snmp fgfm fabric
set alias "AP NMS LAN"
set device-identification enable
set role lan
set snmp-index 151
set auto-auth-extension-device enable
set interface "fortilink"
set vlanid 200

DHCP:
edit 17
set lease-time 3600
set dns-service default
set default-gateway 192.168.200.1
set netmask 255.255.255.0
set interface "vlan200fsw"
config ip-range
edit 1
set start-ip 192.168.200.2
set end-ip 192.168.200.254
next

I read on another post, that the AP firmware may need to be upgraded or downgraded. I am open to that process but I havent found any procedure online to do the upgrade from AP console. please let me know if anyone has this process or any other suggestions for this issue.

efernandes · ‎05-31-2024

Are you suggesting turning off Wifi 6 for the APs to connect to the FG?.
Our issue is with the AP not connecting to the FG and not the users

hbac · ‎05-31-2024

Hi @efernandes,

What is the firmware version of FortiAP? If FortiAP is connected to a FortiSwitch port, if the native VLAN of that switch port "vlan200fsw"? Can you check 'show system ntp'?

Regards,

efernandes · ‎06-02-2024

yes the native vlan is set to 200,

edit "port1"
set native-vlan 200
set allowed-vlans 30,50,101,4093
set untagged-vlans 4093
set dhcp-snooping trusted
set snmp-index 1

config system ntp
set ntpsync enable
set server-mode enable
set interface "fortilink" "vlan57" "vlan200fsw"

hbac · ‎06-03-2024

@efernandes.,

Can you login to FortiAP and collect the output of this command "cfg -s"?

Regards,

efernandes · ‎06-13-2024

Hello, Sorry I've been away. But this issue turned out to be a weird physical port connection which would erratically work. The device has been replaced and the issue has been resolved.