FortiOS 7.0.11 (Fortigate 201F HA A-P, SD-WAN with dual WAN)
FortiAP 7.0.6
SSID1: Bridge mode, get IP from Windows DHCP Server.
SSID2: Tunnel mode, get IP from tunnel interface.
SSID3: Tunnel mode, get IP from tunnel interface.
After I completed the configuration, 3 SSID connect normally and can access the internet. But when I switch/disconnect, forgot SSID and reconnect those 3 SSID several times, my laptop PC can not get the IP address from tunnel mode SSIDs, but my Android phone keeps normal. Bridge mode SSID is normal in laptop PC and Android phone.
I have no idea why this happens. But After I downgrade the AP firmware to 7.0.4, the issue seems clear. 7.05 not test.
Is this the AP 7.0.6 version bug? or my configuration error?
Thanks and regards,
Gavin
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
For SSIDs in tunnel mode I suppose you have configured FGT to be the DHCP server. Is the subnet and the pool large enough to handle all the users that connects on that SSID?
DHCP leases can be checked from GUI or via cli: execute dhcp lease-list
In my opinion the AP is not playing a crucial role for the DHCP in this scenario. If this is an open SSID where many users connect you can try to increase the subnet or lower the Lease time (~3600 s).
If you want further details you can try enabling the debug for DHCP in FGT:
diag debug application dhcps -1
diag debug enable
Created on 04-26-2023 07:58 PM Edited on 05-16-2023 11:03 PM
Thanks for the reply.
The tunnel mode SSID interface is the DHCP server and gateway, and the pool is more than 200 IP, but in my test only 6 devices connect to the SSID.
In some tests, my devices can get the IP address, but I can not ping the gateway, so can not access the internet.
Thank you.
Gavin
I see, so it looks like the problem is related to the communication and not the DHCP functions itself. I found a reported issue "Wi-Fi clients would randomly get disconnected when FortiAP was sending statistics data to the FortiGate" that is going to be fixed on 7.0.7.
If the APs are under support you can open a TAC case to follow up. Otherwise if the setup is stable on 7.0.4 you can use this version until 7.0.7 will be published.
Created on 05-01-2023 06:50 PM Edited on 05-01-2023 06:55 PM
Thanks for the update.
The end-user using 7.0.4, and it seems to work fine.
So they will keep this version at this moment.
Thank you again.
Gavin
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.