Helpful ReplyHot!FAP speed limit at 220Mbps

Page: 12 > Showing page 1 of 2
Author
Auderas
New Member
  • Total Posts : 15
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/12/31 12:39:44
  • Status: offline
2019/12/31 13:05:40 (permalink)
0

FAP speed limit at 220Mbps

I have posted this question to r/Fortinet and to spiceworks, and so far no one has an answer for me.
 
First, I should state that I am a huge fan of Fortinet. We manage and recommend many of their products. Their firewalls are miles better in value and features than any I have seen. 
The APs though.... 
 
To summarize, all APs we have in production max out at around 220Mbps to the end clients (maybe 60 APs at different clients). I haven't tested the 421 series, but all others (regardless of model or release date) offer the exact same throughput. 
 
We have had 4 tickets open with support for APs that simply cannot produce bandwidths to the specifications of the devices. I have gone through the support calls, and even brought out an exact same spec AP from another manufacturer (6 antenna wave 2, 802.11ac max speed 1.3 Gbps release date 2012) to compare to their FAP321C. They cant help. It's maddening. They go through the checklist, and we see no improvement. I see a million different forum posts that are similar, and never reach any answer. 
 
  • I am NOT looking to debug it. I have support for that, plus I've spend about 10 hours doing it, so I've probably tried what you want to suggest.
  • I AM looking to see if anyone out there is getting more than 220Mbps to a wireless client. If anyone can, I would love to hear from you. Then the we can sort out firmware version and config. I HOPE i am wrong, but so far I have found no one who can get past that 220Mbps speed limit.
#1
wanglei_FTNT
Silver Member
  • Total Posts : 74
  • Scores: 15
  • Reward points: 0
  • Joined: 2015/07/20 10:10:18
  • Status: offline
Re: FAP speed limit at 220Mbps 2019/12/31 14:31:56 (permalink)
0
Hi, 
 
Was 220Mbps the throughput you got from wireless client using test tool such as iperf or Phy rate(link speed) you observed on client?
 
If it's throughput from wireless client (  I assume it was), please check the VAP mode.  There are two modes as far as how the data packets are processed. 
 
1) Tunnel mode: all packets from clients are tunneled over to controller for further processing
2) Bridge mode: all packets from clients are locally bridged/switched. <---recommended mode unless you really need to process all your wireless data traffic at one location
 
If mode 1) is used, it's possible that you can see 200-300Mbps throughput especially on some low end AP products. If DTLS or IPsec is used for data channel encryption, this number would be even lower due to CPU cycles used by encryption/decryption. 
 
Hope this helps,
 
 
#2
Auderas
New Member
  • Total Posts : 15
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/12/31 12:39:44
  • Status: offline
Re: FAP speed limit at 220Mbps 2019/12/31 18:47:23 (permalink)
0
As I said before, I'm not really looking to debug it. Just asking if anyone is able to confirm more than 220Mbps through one of the following models: 221C 221E 321C
 
Are you able to achieve higher speeds?
 
But to answer your questions:
Yes, we have used iperf, also fast.com, speedtest.net, and a network file transfer. We are in bridge mode, and with Ruckus, Aruba, and an old apple airstation all with specs identical to the models listed above we were able to see speeds damn near spec. With the FAPs we see 220Mbps in perfect conditions with all models. It seems like some sort of hard limit in the firmware. I have spent 10 hours including with fortinet support debugging this, so I have tried just about everything. I really just want to know if ANYONE can get faster than that. If people can, than I can continue spending time debugging. But until then, I'm starting to think this is a limit, and I have to fall on my sword. I have reccomended FAPs to many clients and currently manage about 60 of them. I recently encouraged a client to upgrade to the 321C for their new gigabit wan. They were getting 220Mbps on the 221Cs (even though their spec was over 800Mbps) and had then shell out big $ for it. Now I look like an idiot, and I could lose their business.
#3
wanglei_FTNT
Silver Member
  • Total Posts : 74
  • Scores: 15
  • Reward points: 0
  • Joined: 2015/07/20 10:10:18
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/02 09:00:30 (permalink)
0
I can assure you that there is no hard limit of 220Mbps.  Internally we see much higher than that.  As far as why you only consistently see 220Mbps, it could be relate to your WAN speed if you test it with public servers. 
#4
James_G
Gold Member
  • Total Posts : 247
  • Scores: 11
  • Reward points: 0
  • Joined: 2016/02/28 02:55:47
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/02 09:10:05 (permalink)
0
If you plug a physical cable / laptop into the same switch as the AP, do you get any faster result?
 
Change 1 thing at a time
#5
tanr
Platinum Member
  • Total Posts : 803
  • Scores: 36
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/02 10:51:19 (permalink)
0
IIRC I’ve gotten much faster speeds on 320C 221C, and 221E, with FAPs in bridge mode. If you’re already using bridge mode then something else is going on and you need to give us more config and version information to be able to help.

If these are dense installations or have tons of users your problems may be more noise/power/channel related which means site surveys or MetaGeek analysis.
#6
Auderas
New Member
  • Total Posts : 15
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/12/31 12:39:44
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/04 07:34:47 (permalink)
0
Yes, I am getting 1Gbps over lan. We are in bridge mode. For those of you getting over 220Mbps, can you let me know what firmware version?
 
We are having the EXACT same problem at 4 clients, with at total of 11 sites. THis includes a site in the middle of nowhere with 0 interference. 
 
Any I would be happy to relay one of our configs. Do you need a variable export?
#7
James_G
Gold Member
  • Total Posts : 247
  • Scores: 11
  • Reward points: 0
  • Joined: 2016/02/28 02:55:47
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/04 07:41:07 (permalink)
0
Have you tried different client devices?

And can you confirm channels used and bandwidth?
#8
James_G
Gold Member
  • Total Posts : 247
  • Scores: 11
  • Reward points: 0
  • Joined: 2016/02/28 02:55:47
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/04 07:48:37 (permalink)
0
What I'm thinking is all your kit 802.11ac (WiFi 5) compatable and are you using 80mhz channels in 5ghz WiFi?
#9
Auderas
New Member
  • Total Posts : 15
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/12/31 12:39:44
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/04 07:52:00 (permalink)
0
export BAUD_RATE=9600
export WTP_NAME=FP221CXXXXXXXXXXXX
export FIRMWARE_UPGRADE=0
export LOGIN_PASSWD_ENC="XXXXXXXXXXXXXX-"
export ADMIN_TIMEOUT=5
export WANLAN_MODE="WAN-ONLY"
export ADDR_MODE=DHCP
export AP_IPADDR="192.168.1.2"
export AP_NETMASK="255.255.255.0"
export IPGW="192.168.1.1"
export AP_MODE=0
export DNS_SERVER="208.91.112.53"
export STP_MODE=0
export AP_MGMT_VLAN_ID=0
export ALLOW_TELNET=2
export ALLOW_HTTP=2
export ALLOW_HTTPS=2
export ALLOW_SSH=2
export DDNS_ENABLE=0
export AC_DISCOVERY_TYPE=7
export AC_IPADDR_1="192.168.1.1"
export AC_IPADDR_2=
export AC_IPADDR_3=
export AC_HOSTNAME_1="_capwap-control._udp.example.com"
export AC_HOSTNAME_2=
export AC_HOSTNAME_3=
export AC_DISCOVERY_MC_ADDR="224.0.1.140"
export AC_DISCOVERY_DHCP_OPTION_CODE=138
export AC_DISCOVERY_FCLD_APCTRL=
export AC_DISCOVERY_FCLD_ID="XXXXXXXXXXXXXX"
export AC_DISCOVERY_FCLD_PASSWD_ENC=XXXXXXXXXXXXXXXXXXXXXXXXXX
export AC_CTL_PORT=5246
export AP_DATA_CHAN_SEC="clear,ipsec,dtls"
export MESH_AP_TYPE=0
export MESH_MAX_HOPS=4
export MESH_SCORE_HOP_WEIGHT=50
export MESH_SCORE_CHAN_WEIGHT=1
export MESH_SCORE_RATE_WEIGHT=1
export MESH_SCORE_BAND_WEIGHT=100
export MESH_SCORE_RSSI_WEIGHT=100
export LED_STATE=2
 
#10
James_G
Gold Member
  • Total Posts : 247
  • Scores: 11
  • Reward points: 0
  • Joined: 2016/02/28 02:55:47
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/04 08:06:49 (permalink)
0
Can you share fortiap profile on the managing fortigate
Show the config under:
config wireless-controller wtp-profile
#11
Auderas
New Member
  • Total Posts : 15
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/12/31 12:39:44
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/04 08:07:01 (permalink)
0
Yes, as I have mentioned before, I have spent hours and hours on this, with fortinet support. We have tested all channel widths, and set channels manually. We have also tested this at a location that we can confirm has no interference.
 
TO recap, for anyone who is skimming the previous conversation, Ruckus, Aruba and Apple airstation, all with the same specs/gen all connect at close to spec (875Mbps or 1Gbps depending on the model). The FAP (three different models 221C 221E 321C, 4 different businesses, 11 different physical locations) all max out at 220Mbps. We do you forticloud for AP control, but each are in bridge mode.
 
#12
Auderas
New Member
  • Total Posts : 15
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/12/31 12:39:44
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/04 08:08:12 (permalink)
0
James_G
Can you share fortiap profile on the managing fortigate
Show the config under:
config wireless-controller wtp-profile



 
We use forticloud management. I can test it with fortigate management today, but I was told that in bridge mode it wouldnt matter.
 
#13
tanr
Platinum Member
  • Total Posts : 803
  • Scores: 36
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/04 08:41:30 (permalink) ☄ Helpfulby Auderas 2020/01/04 19:03:38
0
FAP 221E with 6.0.5 firmware (FP221E-v6.0-build0066) gives 303 Mbps with other devices connected in an area with a lot of RF noise and multiple interfering channels from neighbors.
#14
James_G
Gold Member
  • Total Posts : 247
  • Scores: 11
  • Reward points: 0
  • Joined: 2016/02/28 02:55:47
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/04 09:22:04 (permalink)
0
I keep coming back to thinking 220mbps is about the limit for a 20mhz channel, can you use WiFi analyser to confirm channel bandwidth (I've got app on my Android phone)
#15
Auderas
New Member
  • Total Posts : 15
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/12/31 12:39:44
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/04 15:53:39 (permalink)
0
Yep, I use the same app. And yes, it's 80Mhz, you can see the width right there on the visualization. I like that thought process though!
post edited by Auderas - 2020/01/04 15:54:41
#16
Auderas
New Member
  • Total Posts : 15
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/12/31 12:39:44
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/04 19:40:36 (permalink)
0
Another clue perhaps: I switched management to the fortigate from forticloud. Still in bridge mode. Same speed. I then changed it from 80Mhz to 40Mhz and saw the max speed drop from 220 to about 160Mbps, and I get about 130Mbps at 20Mhz width. So I'm sure we really are using the 80Mhz channel width, but something else is slowing it down. Again, we get full speed from wired and from similar hardware from other manufacturers.
post edited by Auderas - 2020/01/04 19:42:12
#17
tanr
Platinum Member
  • Total Posts : 803
  • Scores: 36
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/05 12:06:21 (permalink) ☄ Helpfulby Auderas 2020/01/05 18:24:42
0
Can you post more details about your config to clarify?  Along with firmware version and screenshots, details like:
 
  • Have you set the radio power manually (auto can be way off)?
  • Do you have power saving enabled (powersave-optimize under conf wireless-controller wtp-profile)
  • Are you using WiFi data channel encryption (DTLS) for the AC data channel (perf hit)?
  • Spectrum analysis on a radio? 
  • Have you disabled low data rates (see rates-11ac-ss34 at https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-wireless/high-density-features.htm)
  • Using WIDS and if so with what enabled (ap-bgscan etc.)?
  • DARRP enabled?
  • Using DFS channels?
  • What broadcast suppression is enabled?
  • Are you using CAPWAP protected mgmt frames? 
 
 
 
#18
Auderas
New Member
  • Total Posts : 15
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/12/31 12:39:44
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/05 18:24:26 (permalink)
0
I have tried a million things, but if you have a config you want me to try I would SO appreciate it. As I said, we were mostly testing with forticloud management, which limited what we could change. Also, exporting our options was only possible with CLI at the AP rather than at the fortigate. 
 
I do have a few answers for you. 
 
We have used several firmwares, but all are now on 6.0 Build 0037
 
We have set power manually without any improvement
I have not set power-saving
I have used both DTLS and Plan text, no improvement
I have monitored the signal via a mobile app, but not anything with detailed reporting
I have disabled low data rates, no affect
Not sure about WIDS, is it set by default in forticloud?
Tested with and without radio resource provision
DFS channels are required to use 80Mhz Channel width
I have only tried DHCP broadcast suppression. I will try more
Protected Managment frames are required for 802.11ac. Are you saying there is a way to disable?
 
 
post edited by Auderas - 2020/01/05 18:27:37
#19
tanr
Platinum Member
  • Total Posts : 803
  • Scores: 36
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: FAP speed limit at 220Mbps 2020/01/06 07:45:22 (permalink) ☄ Helpfulby Auderas 2020/01/07 10:21:04
0
I'm managing FAPs from FortiGates, so you might not be able to change these settings.
 
I've have had both speed and connection issues with some devices when PMF was enabled in the past (mainly older iOS and Apple devices).  CLI lets you set it to disable or optional per SSID (config wireless-controller vap).  Don't know how you get to it with cloud management.
 
Regarding WIDS (https://docs.fortinet.com/document/fortigate/6.0.0/handbook/961129/wireless-intrusion-detection-system), I don't see it in the FortiCloud documentation, so don't know how it's handled for your case.  But some aspects of it, like scanning for rogue APs, could have perf hits, 
 
I'm assuming that you have spectrum analysis off (under radio config for the wtp-profile) or you would see even worse performance.
 
Have you tested with any non-FortiCloud managed FAPs?  Would be good to look at a default FAP 221E in bridge mode without cloud management to see if this might be a result of some setting on the cloud managed FAPs.
 
Hoping that somebody with more WiFi knowledge than me jumps in here...
#20
Page: 12 > Showing page 1 of 2
Jump to:
© 2020 APG vNext Commercial Version 5.5