Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Philgre
New Contributor

Control message maximum retransmission limit reached

Hello, I have a connection problem with FortiAP. In random ways, FortiAP this disconnect from the Controller. I do not have consistency with this problem. Access point model.Switch model, firmware version of the switches. The FortiAp 221B, 321C, 321B. 221E do it all randomly. I have as version of micro-software FP221B-v5.4-build0371 FP221E-v6.0-build0051 FP321C-v6.0-build0027 FP320B-v5.4-build0371 Hello, I have a connection problem with FortiAP. In random ways, FortiAP this disconnect from the Controller. I do not have consistency with this problem. Access point model.Switch model, firmware version of the switches. The FortiAp 221B, 321C, 321B. 221E do it all in random ways. I have as version of micro-software FP221B-v5.4-build0371 FP221E-v6.0-build0051 FP321C-v6.0-build0027 FP320B-v5.4-build0371 With the command: diagnose wireless-controller wlac -c wtp I have this message: last failure: 8 - Control message maximum retransmission limit reached Does anyone have an idea to fix this problem?
3 REPLIES 3
Dave_Hall
Honored Contributor

Assuming a fgt device is controlling these APs, have you confirmed the AP firmware is compatible with the fgt device's own firmware?  (And I assume these APs are already authorized on the fgt.)

 

Do these APs have valid routable IPs and are able to easily locate the wifi controller? 

 

Have you enabled CAPWAP on the Interface that they are communicating with the wfi controller?

 

Once these APs obtain an IP address (or statically assigned IPs) there are 3 main methods for them to locate the controller - broadcast/multicast, static assigned, DHCP option 138, DNS.  

 

If these APs disconnect from the wifi controller, do they still have their IP addresses and are they pingable and/or are you able to connect to them via web browser.   Logging/connecting to them directly will provide you an overview of what's happening in terms in terms of contacting the wifi controller.

 

Before sending these APs out into the field, I usually like to setup some default info for them to easily locate the wifi controller. 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Philgre

Hi Dave, Thank you for your reply! The Fortigate controlling access points is at version 5.6.7. I had the same problem with version 5.6.6. Yes, I authorized the APs and I activated the CAPWAP protocol on the interface. The installation is not really new. I have been with Fortinet since 2012. The FortiAP 221B models have not had a new version of firmware for a while now. I configured the static IP addresses in each AP. I found yesterday the parameters you mention either the value: AC_DISCOVERY_TYPE and the value: AC_IPADDR_1. I am doing a test on some AP with these new parameters to see if the connection is more stable between the AP and the fortigate. Before, I had as precedent, AC_DISCOVERY_TYPE = 0. Started having stability problems with either AP again (I added last July 20 new AP, I'm at 140 AP in total) or when I made the update of the micro-software day of Fortigate to version 5.6.5. The loss of communication lasts only a few minutes the time spent with the controller restarts. What I see in the switches is not a breakdown with the vlan or a problem of poe.
Philgre

Hello Dave,

Can you give me some examples of the parameters you set in FortiAP?

 

To answer your questions, When an access point loses its connection with the Fortigate, I can not join it with a ping. I see in the switch that the port is always "Up" and that the poe is powered. Looks like the deamon crashes in the FortiAP. What command can I do if I succeed in logging into a FortiAp that is crashing ?

 

Thank you for answering me. Your help is appreciated.

Labels
Top Kudoed Authors