Good afternoon - I could really use some insight and/or next steps to troubleshoot an AP on my outdoor home network. I have 2x FortiAP 222C-A devices. One works and one used to work. The one that used to work (backyard) seems to have stopped working around the time of a power failure. Unfortunately the UPS also failed and so the Netgear POE switch that powers all the FortiAPs switched off and the Fortiwifi 60D swiched off as well. Everything came up just fine except for that backyard FortiAP.
I do not any longer have the POE injector which was packaged with this one, because when I re-sold another FortiAP I needed to package that one with a POE so that the buyer would be able to use it... I unfortunately also do now know the part number of unique identifier I'd need to find a new one. I'd like to have that POE injector, because it has a reset button which I could use to reset the backyard FortiAP.
For reference, here is the quickstart guide linked to by Fortinet support, and that is the only manual I find: the https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/fd17eff2-1eab-11e9-b6f6-f8bc12...
I did try to use this article to reset, but since the backyard FortiAP has not completely initialized it has no IP address, so this approach will not work: https://community.fortinet.com/t5/FortiAP/How-to-factory-reset-a-FortiAP-which-does-not-have-a-reset...
Here is what I know:
1. The power light is on solid, the LAN light is usually solid green with brief flashes off to indicate LAN activity. This is a good sign.
2. The radio lights are off.
3. The Fortiwifi 60D indicates it is offline (The Backyard FortiAP is registered, but it is offline)
4. The fortiwifi 60D does not show it having received an IP address in the DHCP settings as it has in the past when the backyard FortiAP was working correctly. I can tell this by the VCI name not appearing, and by sorting the mac addresses to see that no other mac addresses beginning with 90:6c:ac as the other FortiAPs do.
I continued to troubleshoot here, but I will paste that in my replies.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Next, I thought, “How can I get this FortiAP to talk to me?” I can’t necessarily get the ARPs I would need from wifi while it’s talking hardwired through another switch (PPPoE) on the way to the Fortiwifi…
So I used a POE injector (non Fortinet / no reset button) and was able to see ARP packets using my Mac… Note that I did not need to change my network configuration because this was layer 2 networking:
sudo tcpdump -i en6
14:22:16.879084 ARP, Request who-has 10.0.1.1 tell 10.0.1.202, length 46
Aha!
So I was wrong - this did not stop working so recently. It happened back when I was juggling the networks to satisfy a condition I never planned for - We had to move our of our house for repairs and in the temporary place there was AT&T instead of Google Fiber. They have a requirement to hold on to these 10. addresses on the public side of the modem/router. So I had to change the IPs of the devices I took with me, and consequently do the same thing for my home network (change from 10.0.1.1/24 on LAN to 192.168.1.1/24).. Apparently, everything changed except for that one FortiAP and now it’s an orphan:
But when I go to visit the web interface, I see that though I believe I have the right uername/password, I’m not allowed to log in that way. My hope then is that the Fortiwifi can still do so…
So then I need to have a valid 10.0.1.1/24 network on that lan without disrupting 192.168.1.1. This is a home network and I’m Ok with that.
I found this article: https://community.fortinet.com/t5/Support-Forum/How-to-have-multiple-subnets-in-1-lan-port/m-p/20162...
This worked, and I did need to do the changes recommended at the command line (Fortiwifi 60D v 6.0.9). In my situation I believe I can add only one from the GUI, which I do.
I end up with the following:
And under Managed FortiAPs - success!:
I next will try to see if I can get some clients to join and also to change the IP address Backyard gets so that I can have them on the same subnet. I have no need for an additional subnets on the same physical network without VLANs.
Status from the previous reply to which I was not able to attach the screenshot.
OK, I did get a client to join the backyard AP after I added one of the SSIDs to the 5Ghz radio. The iPhone I was using was preferring the further away 5GHz to the nearer 2.4GHz.
The last thing I need to resolve is how to administer the Backyard FortiAP 222C-A so that I can set it to DHCP its IP address. I do not seem to be able to ssh to it (connection refused) or via web, a put "admin" for user and password as blank or as "admin" and the top banner displays for a split second then drops back to the login. Any ideas for how to resolve this? Do I need to get the POE injector with the reset button? If so what is the model or SKU so that I can find it? Any other tips?
Has clients now as can be seen below.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.