Hello Community,
I'm reaching you for a weird issue we are experiencing at the moment.
We're running a cluster of 100EF with FortiSwitches and FortiAP.
Access to the Corp network has to be authenticated via Radius.
I'm having an issue with some laptops (different models, OS (10/11), network card) I can't tackle the source issue.
So a random group of laptops have this issue when they're connected over cable/Wifi, they have a slow speed 100kpbs worst case, 3Mbps best case.
Radius authentication is ok, everything looks fine except the network speed is very low.
Even on the guest Wifi, they're slow (AD login/pwd portal). But on non Corp network (home/hostspot) they're fast...
Even better, I change one digit in the mac@ and they get full speed.
I don't know where to look at anymore, drivers have been upgraded, similar network card are not giving this issue.
Laptops connected to the same AP or cable are not giving this issue.
The fact I change the mac@ is "solving" the issue is triggering me. Ok laptop get a new dhcp lease and everything, still have to be ok with Radius auth.
We have other remote sites with the same infrastruture, never had a similar issue reported.
If you guys have some cli commands that would help me understand what is going on or similar problem and resolution ?
Thank you already :)
Hello
Check the following:
Hello,
Thanks for your answer :)
What has been checked so far:
-Traffic shaping, only one policy which is disabled and not applied to this interface
-ip conflict, DHCP is managed by the Fortigate itself, no duplicated ip, checked the arp table and also no duplicated mac address
-device detection enable / disabled on the interface, no behavior change
-Same behavior when changing user
-DHCP reservation, no effect
-Firewall cluster reboot, AP reboot, switches no yet rebooted
-Changing IP but keeping "bad" mac address, slow speed
-Laptop: upgrade driver of the wlan card, os update, bios update, runs fine out of corp network
-mac address pass-through setting in bios, option disabled
-Same behavior on different floors (so different switches and APs)
It was reported at the beginning only over docking stations, slow speed symptoms. Group of laptops having slow speed over docking stations were fine over Wifi.
Workaround found after testing was disabling mac address passthrough in bios options.
Somehow later, same issue was reported on Wifi too. For this group of slow Wifi, slow speed also over docking station. To be tested with RJ45 dongle if same slow symptoms.
I would like to point at a Windows / driver / whatever issue... But the fact that changing the mac address solves the issue makes me think about something happening on the FortiGate/Switches ?
YoupiD.
You need to eliminate possible causes:
- disable RADIUS auth. does it make a diff?
- connect problematic device to another non-problematic devices dock/rj45 plug/wifi access point. does it make a diff?
- create a FW policy for a problematic device (src mac in policy) and disable all profiles (keep it simple) and disable NPU offloading. does it make a diff?
It doesn't sound like a FGT issue but do the above (and anything else you can think of) to start ruling things out....
Hi all,
Sorry for the late answer, we just finished troubleshooting.
We noticed the slow Wifi was over some AP, not the whole Wifi network.
We copied the AP profile, changed a random setting and pushed to a problematic identified AP.
Problem is gone with the new AP profile...
We found were is the issue, but I still don't know what is the issue :D
It sounds like a very strange issue you're experiencing. One thing you could try is checking the network settings on the laptops that are experiencing slow speeds. Perhaps there is something in the network settings that is causing this issue.
You could also try checking the network logs on the FortiSwitches and FortiAP to see if there are any errors or anomalies that could be causing the slow speed.
Have you tried reaching out to the manufacturer of the laptops to see if they have any insight into this issue? They may have seen this issue before and have a solution.
In terms of CLI commands, you could try running a ping or traceroute command to see if there are any issues with the network connectivity. Additionally, you could run a speedtest from the laptops to see what kind of speeds they are getting.
I hope this helps, and good luck in resolving this issue!
I need help with a strange issue we're facing. We have a cluster of FortiSwitches and FortiAPs, and some laptops (various models, OS 10/11, network cards) are experiencing slow speeds (100kbps to 3Mbps) when connected via cable or Wi-Fi. Radius authentication is working fine, but the network speed remains low. Surprisingly, changing one digit in the MAC address of these laptops restores full speed. We've updated drivers and tested similar network cards, but the problem persists. Other laptops on the same access points or cables are unaffected, and our other sites don't have this issue. Any advice or CLI commands to investigate would be appreciated. Thanks!
Sure, here's a brief response:
It sounds like you are experiencing an unusual issue with your FortiSwitches and FortiAPs where some laptops are experiencing slow network speeds, but changing one digit in the MAC address restores full speed. Here are a few things you can try to investigate and resolve the issue:
1. Check network configuration: Verify that the network configuration on the affected laptops is correct, including IP address, subnet mask, gateway, and DNS settings. Ensure that there are no conflicts or misconfigurations that could be causing the slow network speeds.
2. Check network card settings: Ensure that the network card settings on the affected laptops are correct, including speed and duplex settings. Verify that the network card drivers are up to date.
3. Check FortiSwitch and FortiAP configuration: Verify that the FortiSwitches and FortiAPs are configured correctly, and that there are no issues with the access points or cables.
4. Test with a different laptop: Try testing with a different laptop to see if the issue persists. This can help determine if the issue is specific to the affected laptops or if it is a broader network issue.
5. Contact Fortinet support: If the issue persists, it may be necessary to contact Fortinet support for further assistance.
Had the same problem, turns out i have 2 internet providers (WAN1,WAN2) , and one of them was failing, i just unplugged it, and done!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.