Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
OTC
New Contributor

FortiAP-221C Status is offline

I'm struggling to bring a FortiAP -221c access point to an online status.  It's currently authorized but the status is offline.  I'm able to ping the AP, access the configuration via Telnet and/or SSH.  I'm unable to configure via HTTP/HTTPS.  Below are details of the current configuration.  Any advise?  Thanks.

 

FortiWiFi 90D Host Name: FWF90D Operation Mode:    NAT Firmware Version: v5.4.7,build1167 (GA) FortiAP Status

 

Version: FortiAP-221C v5.4,build0371,171102 (GA)                                     BIOS version: 04000003                                                              System Part-Number: P15285-01                                                       Regcode: A                                                                          Base MAC: 70:4c:a5:28:e0:b0                                                         Hostname: FP221C                                                         Branch point: 371                                                                   Release Version Information: GA                                                    cfg -s                                                          

 

BAUD_RATE:=9600                                                                     ADMIN_TIMEOUT:=5                                                                    WANLAN_MODE:=WAN-ONLY                                                               ADDR_MODE:=STATIC                                                                   AP_IPADDR:=192.168.10.7                                                             AP_NETMASK:=255.255.255.0                                                           IPGW:=192.168.10.254                                                                AP_MODE:=0                                                                          DNS_SERVER:=192.168.10.13                                                           STP_MODE:=0                                                                         AP_MGMT_VLAN_ID:=0                                                                  ALLOW_TELNET:=2                                                                     ALLOW_HTTP:=2                                                                       ALLOW_HTTPS:=2                                                                      ALLOW_SSH:=2                                                                        DDNS_ENABLE:=0                                                                      AC_DISCOVERY_TYPE:=0                                                                AC_IPADDR_1:=192.168.10.254                                                         AC_IPADDR_2:=                                                                       AC_IPADDR_3:=                                                                       AC_HOSTNAME_1:=_capwap-control._udp.example.com                                     AC_HOSTNAME_2:=                                                                     AC_HOSTNAME_3:=                                                                     AC_DISCOVERY_MC_ADDR:=224.0.1.140                                                   AC_DISCOVERY_DHCP_OPTION_CODE:=138                                                  AC_DISCOVERY_FCLD_APCTRL:=                                                          AC_DISCOVERY_FCLD_ID:=                                                              AC_DISCOVERY_FCLD_PASSWD_ENC:=                                                      AC_CTL_PORT:=5246                                                                   AP_DATA_CHAN_SEC:=clear,ipsec,dtls                                                  MESH_AP_TYPE:=0                                                                     MESH_MAX_HOPS:=4                                                                   MESH_SCORE_HOP_WEIGHT:=50                                                           MESH_SCORE_CHAN_WEIGHT:=1                                                           MESH_SCORE_RATE_WEIGHT:=1                                                           MESH_SCORE_BAND_WEIGHT:=100                                                         MESH_SCORE_RSSI_WEIGHT:=100                                                         LED_STATE:=2                            

8 REPLIES 8
Dave_Hall
Honored Contributor

GUI access (HTTPS) is controlled by:

 

ALLOW_HTTPS=?

 

Where ? means...

 

0 - https disable 1 - https enable 2 - controlled by AC (default) But I think by default you should be able to connect to the GUI on HTTP until it establishing a connection to the wifi controller. E.g. the first 3-5 mins (or so) after a cold/warm boot.

 

The only times I seen something like this is it is when the AP is/was located on a network switch nested some 2-3 ptp links down from the fgt router and there may have been a vlan involved. 

 

The other time is when the fgt has reached the hardware max limit for controlling APs devices.   For example, my little 30E can only control 2 x APs.

 

If VLANs are not involved, I suggest try connecting the AP directly to a port (assuming the same subnet as your static IP settings) on the fgt and reboot it.   

 

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
OTC
New Contributor

Thanks for your help...I can access the GUI via a browser.  The GUI presents the login page...after entering the username/password (admin/null), the FAP221 console flashes and the login page is presented again.  Suggestions?

  

Dave_Hall
Honored Contributor

Try changing ALLOW_HTTPS to 1 (for testing only).  Then see if you can log into the GUI.  Try using an alternate browser. 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
OTC
New Contributor

Your suggestion to change the browser helped...Using Internet Exployer, I can access the FAP221 control panels.  Now the question is why doesn't the FAP221 connect to the Firewall controller.

 

Below are screenshots of the firewall and ac controllers:

 

Suggestions?

 

 

 

OTC
New Contributor

AP control panel:

OTC
New Contributor

AP Control panel #2:

 

OTC
New Contributor

AP control panel #3:

 

Dave_Hall
Honored Contributor

Based on the screenshots everything looks right.  Since it appears you can both access the fgt and AP directly by IP, I assume there is no VLAN involved, therefor I suggest you making sure you checked CAPWAP on the interface that the AP is connected to.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Labels
Top Kudoed Authors