No reliable connection with hardware lan switch and bridged ssid

sanderl · ‎03-30-2023

Ok hold on, this is going to be hard to believe and to describe. I have troubleshooted a lot and cannot find out where the problem lies. Suddenly I had this vague problems, of sites not loading, DNS not resolving, etc. Maybe related to upgrading to 7.0.10 or 7.0.11. Maybe not.

What does not work (but had always worked like this - for years):

I have a (existing) hardware switch "lan" with an SSID bridged to that (no VLANs).
The IP address is on the lan switch and the SSID is bridged.
Created a new test policy, top placed any/any allow, no filtering, NAT to internet.
When I connect a mobile to this SSID and start roblox (don't ask - this is a prio 1 for days now) it does not load any game.

What does work:

I have created a (new) test vlan (99) with an IP address on it, and a test SSID bridged to that vlan (99), connected to the lan switch as my FortiAPs reside there.
Created a new test policy, under the top placed any/any allow, no filtering, NAT to internet.
When I connect a mobile to this SSID and start roblox it does load games.

EDIT: Roblox is "the" way of proving/testing above. As described a lot more is not working smoothly, but a refresh of the page will do. Roblox seems to be a lot more "picky" in the coneection stability.

Both "networks" are giving out the same DNS servers.

I have 6 VLANS connected via the lan hardware switch which all work(ed) well for years. Of which 3 have an IP adress on the VLAN interface and 3 are connected in a software switch with a port.

--> this can also be a separate topic because since this week I discovered the Fortigate does not allow me to select a VLAN anymore as a member of a softwareswitch (!), but this used to work and still works. Nothing to find in any release notes...

I cannot find any mentioning of any change in behavior. Also I have no active subscription on this device (81E) and thus cannot call support.

Is there anything I can do to (more) narrow down this issue?

sanderl · ‎04-13-2023

100% sure... same data as the traces

gfleming · ‎04-08-2023

Also can you explain how you are using VLANs on the HW switch today but you are not using a VLAN-capable downstream switch?

Cheers,
Graham

sanderl · ‎04-10-2023

I had just a "dumb" switch connected to the lan hw switch with vlan interfaces configured. vlan capable devices (tagging/untagging) just pick up the correct vlans via that switch.

gfleming · ‎04-07-2023

Can you also get the packet capture? That would be the most important thing to look at this point.

Cheers,
Graham

sanderl · ‎04-10-2023

Got the captures... but how do I attach those?

gfleming · ‎04-12-2023

What model FortiGate is this?

Have you confirmed you are not hitting any capacity limits? What does your CPU, Session COunt, Mem usage look like?

Cheers,
Graham

sanderl · ‎04-12-2023

Its an 81E (still is). No problem with new HW switch and other ssid. Its used in a small home setup.

So no... no limit hit I hope and cannot see.

Can you please re read the thread :grinning_face:

Mostly ~400-600 sessions

gfleming · ‎04-12-2023

So your problems have all been solved since moving to the new HW switch?

Cheers,
Graham

sanderl · ‎04-13-2023

No, I dit not move

gfleming · ‎04-13-2023

Can you show a screenshot of your 24-hour CPU graph on the FortiGate dashboard?

Cheers,
Graham

No reliable connection with hardware lan switch and bridged ssid

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website