Dear team, our office has an issue with the Secure corporate WiFi in one of the Access points.
It appeared right after a power outage.
So basically anyone who tries to connect gets APIPA.
Mind that the Guest which is Running Fine - WPA Personal.
Here are some screen shots of the logs -
The AP is connected to a Switch which has proper config on the interface, in-fact the rest of the AP's are on the same switch and have the same config on the interface and they are all working fine.
*Two weeks ago I have encountered the same issue in a different office with the same FortiAP model and Firmware - Mind that firmware update did not fix it.
Also pointing out that the DHCP scope has plenty of free IP addresses
Where is the DHCP server configured? Are these DHCP requests from a host in a working or a non working SSID?
If by 'Secure corporate WiFi' you mean another SSID that is doing dynamic VLAN assignment via RADIUS, make sure that the hosts are authenticated and are residing in the desired VLAN.
1. DHCP is configured on Fortigate.
2. This SSID is fully active, its a WPA Enterprise based on credentials not a certificate.
3. All of the other configurations are fine - I know that for a fact since there are 3 other FortiAP's who are working flawlessly, as mentioned before the interface in the switch that this FAP is connected to is configured the same as the rest AP's.
P.S - its not the first time I am encountering this Issue as mentioned above
There are some cases when the authentication is not successful or the applied dynamic VLAN is different from what is expected. The authentication status and the applied VLAN can be checked with the command:
diagnose wireless-controller wlac -c sta
Have you isolated the problem being related only to DHCP? How was the issue solved in the past, rebooting the AP?
Hey, it is not an auth issue since I can see on the RADIUS server that the auth is successful.
I have tried rebooting and even upgrading the Firmware but it did not help.
I can clearly see that they do connect to the network but are getting APIPA, they are even seen as a client under the AP's diagnostics but they have APIPA IP which is strange.
If dynamic VLAN is configured, even though the authentication is successful the RADIUS response may not contain the expected attributes or (VLAN name/ID). You can check with the above command one of the test host (usually the hosts will appear only for a few seconds and disconnect if there is no network available). Have you tried to connect a host with a static IP configured from that subnet?
Is the affected SSID configured in tunnel or bridge mode? What is the exact firmware of the AP?
Hey, I'll give it a try and I'll update you with the results
Hello @MartinDf121
Did you try?
Waiting for your result?
BR
Hey, I haven't had the chance yet, I'll try it on Sunday and I'll update you.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.