EAP245 : some devices unstable
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
EAP245 : some devices unstable
Hi,
I have some troubles with my EAP infrastructure. On some devices, the connection is very unstable, they can't get connected. It happens very often on my main smartphone (2.4GHz only, Android P), on my daughter's smartphone (Android 7), on a Broadlink IR relay for instance. Lots of other devices I have are reliable most of the time.
My configuration is based on 2 EAP 245, one V3 with firmware 2.1.0 Build 20181107 Rel. 39421, and one V1 with firmware
1.4.0 Build 20180323 Rel. 32551. That should be the latest for both ?
They are controled by Omada Controller on a linux Ubuntu 18.04LTS VM, version 3.1.4. This should also be the latest available.
All is connected to a Fortinet 100D firewall that is DHCP server, the controller is in another VLAN than the EAP. Ports needed are opened : TCP/8088,
TCP/8043,
TCP/27002,
TCP/29811,
TCP/29812,
TCP/29813,
UDP/29810.
The WiFi configuration consists of 3 SSID, one "IOT" only 2.4GHz, one "Kids" and one "Main" those two are both 2.4 and 5GHz. Each SSID is assigned to a VLAN, handled by the Fortigate. The VLAN configuration seems fine as everything works once the device is connected. It also worked for years before with 2 Cisco AP. Problem happens with the 3 SSID. I have tried to check and uncheck most of the extended options (Airtime Fairness, Fast Roaming, Dual Band 11k report...) with no difference.
Symptoms seens from the Omada Controller are that devices failing appear as connected but with a bandwidth of 0.0, and they come and go often (a few seconds) :
From the Fortigate side, I can see the DHCPDISCOVER request arriving, and the firewall sending the DHCPOFFER. But using Wireshark on the WiFi network, I can see the DHCPDISCOVER request but not the DHCPOFFER. The Fortigate logs every error, so I can see devices not working (an interrupted DHCP request is considered an error) :
On the Android device, I get two kinds of errors :
- ASSOCIATION_REJECTED and then no DHCP request happens
- DHCP_FAIL
I would like to try a TCPDUMP or some sniffing on the EAP device (I can SSH to it), but even as admin, I'm not ROOT system-wise. But from the results I have there, I'm guessing the DHCPOFFER packet is sent out of the Fortigate but isn't forwarded by the EAP device.
I have tried with another Fortigate as DHCP server (replaced the 100D by a 110C, so connection is only 100Mbs not 1Gbs), I mostly get the ASSOCIATION_REJECTED error, not the DHCP errors.
So I guess the EAP is dropping some connections but cannot find out why ? Could it be a bug ? What can I trace ?
EDIT : of course, I have rebooted everything many times with no success.