Category Archives: Administration Guides

FortiWLC – Syslog Messages

Syslog Messages

This Appendix provides a brief listing of all Syslog messages currently implemented in FortiWLC (SD).

Controller Management

Event	System Log Example	Description	Action
CONTROLLER REBOOT	Oct 13 11:11:32 172.18.37.201 ALARM: 1255432836l \| system \| notice \| NOT \| Controller administrative reboot requested	A controller reboot is requested.

Event

System Log Example

Description

Action

CONTROLLER BOOT

PROCESS

START

502

Oct 13 11:12:55 172.18.37.201 syslog: syslogd startup succeeded

Oct 13 11:12:55 172.18.37.201 syslog: klogd startup succeeded

Oct 13 11:12:58 172.18.37.201 sysctl: net.ipv4.ip_forward = 1

Oct 13 11:12:58 172.18.37.201 sysctl: net.ipv4.conf.default.rp_filter = 1

Oct 13 11:12:58 172.18.37.201 sysctl: kernel.sysrq = 0

Oct 13 11:12:58 172.18.37.201 sysctl: kernel.core_uses_pid = 1

Oct 13 11:12:58 172.18.37.201 network: Setting network parameters: succeeded

Oct 13 11:12:58 172.18.37.201 network: Bringing up loopback interface: succeeded

Oct 13 11:12:58 172.18.37.201 crond: crond startup succeeded

Oct 13 11:12:58 172.18.37.201 sshd: succeeded

Oct 13 11:12:58 172.18.37.201 sshd[303]: Server listening on 0.0.0.0 port 22.

Oct 13 11:12:58 172.18.37.201 network: Bringing up interface eth0: succeeded

Oct 13 11:12:59 172.18.37.201 xinetd: xinetd startup succeeded

Oct 13 11:12:59 172.18.37.201 root: Start WLAN Services …

Oct 13 11:13:01 172.18.37.201 meru: /etc/init.d/ceflog: / opt/meru/var/run/running-db/ceflog.conf: No such file or directory

Oct 13 11:13:01 172.18.37.201 meru: Setting up swapspace version 0, size = 43446272 bytes

Oct 13 11:13:01 172.18.37.201 meru: Using /lib/modules/

2.4.18-3-meruenabled/kernel/drivers/dump/dump.o

Oct 13 11:13:01 172.18.37.201 meru: Kernel data gathering phase complete

Oct 13 11:13:05 172.18.37.201 meru: Warning: loading / opt/meru/kernel/ipt_vlan_routing.mod will taint the kernel: non-GPL license – Proprietary

Oct 13 11:13:37 172.18.37.201 meru: Process RemoteUpgrade did not come up. Will retry again

Oct 13 11:13:37 172.18.37.201 root: Controller Up on Tue

Controller boot sequence showing different processes and WLAN services getting started.

ntroller Management

Event

System Log Example

Description

Action

CONTROLLER SHUTDOWN

PROCESS

STOP

Controller Managem

Oct 13 11:11:33 172.18.37.201 root: Stop WLAN Services

…

Oct 13 11:11:33 172.18.37.201 meru: icrd stopped.

Oct 13 11:11:33 172.18.37.201 meru: RIos stopped.

Oct 13 11:11:37 172.18.37.201 meru: discovery stopped.

Oct 13 11:11:37 172.18.37.201 meru: WncDhcpRelay stopped.

Oct 13 11:11:37 172.18.37.201 meru: nmsagent stopped.

Oct 13 11:11:38 172.18.37.201 meru: melfd stopped.

Oct 13 11:11:38 172.18.37.201 meru: igmp-snoop-daemon stopped.

Oct 13 11:11:44 172.18.37.201 meru: dfsd stopped.

Oct 13 11:11:45 172.18.37.201 meru: aeroscoutd stopped.

Oct 13 11:11:45 172.18.37.201 meru: snmp stopped. Oct 13 11:11:46 172.18.37.201 meru: cmdd stopped.

Oct 13 11:11:47 172.18.37.201 meru: rfsmgr stopped.

Oct 13 11:11:49 172.18.37.201 meru: wncclid stopped.

Oct 13 11:11:50 172.18.37.201 meru: sipfd stopped.

Oct 13 11:11:51 172.18.37.201 meru: rulefd stopped.

Oct 13 11:11:52 172.18.37.201 meru: watchdog stopped.

Oct 13 11:11:52 172.18.37.201 meru: oct_watchdog stopped.

Oct 13 11:11:52 172.18.37.201 meru: h323fd stopped.

Oct 13 11:11:53 172.18.37.201 meru: sccpfd stopped.

Oct 13 11:11:54 172.18.37.201 meru: coordinator stopped.

Oct 13 11:11:54 172.18.37.201 meru: security-mm stopped.

Oct 13 11:11:56 172.18.37.201 meru: hostapd stopped.

Oct 13 11:11:57 172.18.37.201 meru: rogueapd stopped.

Oct 13 11:11:58 172.18.37.201 meru: xems stopped.

Oct 13 11:11:58 172.18.37.201 meru: apache stopped.

Oct 13 11:12:01 172.18.37.201 meru: xclid stopped.

Oct 13 11:12:07 172.18.37.201 meru: wncagent stopped.

^entOct 13 11:12:07 172.18.37.201 meru: Removed VLAN –

:vlan133:-

Oct 13 11:12:08 172.18.37.201 meru: vlan stopped.

Controller shutdown sequence, showing different processes and WLAN ser-

vices getting stopped.

503

Event

System Log Example

Description

Action

Oct 13 11:12:15 172.18.37.201 meru:

Oct 13 11:12:18 172.18.37.201 root: WLAN Services stopped

Oct 13 11:12:18 172.18.37.201 rc: Stopping meru: succeeded

Oct 13 11:12:18 172.18.37.201 sshd[317]: Received signal 15; terminating.

Oct 13 11:12:18 172.18.37.201 sshd: sshd -TERM succeeded

Oct 13 11:12:18 172.18.37.201 xinetd: xinetd shutdown succeeded

Oct 13 11:12:18 172.18.37.201 crond: crond shutdown succeeded

Oct 13 11:12:19 172.18.37.201 syslog: klogd shutdown succeeded

Event

System Log Example

Description

Action

SSH LOGIN SESSION

Oct 13 11:13:58 172.18.37.201 sshd[4874]: PAM

_pam_init_handlers: no default config /etc/pam.d/other

Oct 13 11:14:00 172.18.37.201 sshd[4874]: PAM

_pam_init_handlers: no default config /etc/pam.d/other

Oct 13 11:14:00 172.18.37.201 sshd[4874]: Accepted password for admin from 172.18.37.12 port 1891 ssh2

Oct 13 11:14:00 172.18.37.201 sshd(pam_unix)[4876]: session opened for user admin by (uid=0)

Oct 13 11:14:00 172.18.37.201 PAM-env[4876]: Unable to open config file: No such file or directory

Oct 13 11:14:00 172.18.37.201 sshd[4876]: lastlog_perform_login: Couldn’t stat /var/log/lastlog: No such file or directory

Oct 13 11:14:00 172.18.37.201 sshd[4876]: lastlog_openseek: /var/log/lastlog is not a file or directory!

Apr 09 12:00:22 172.18.49.14 — admin[19814]: LOGIN ON pts/3 BY admin FROM xp.merunetworks.com

Apr 09 15:23:07 172.18.37.203 sshd(pam_unix)[23750]:

session closed for user admin

Apr 09 15:07:53 172.18.37.203 su(pam_unix)[28060]:

session opened for user root by admin(uid=0)

Apr 09 15:08:09 172.18.37.203 su(pam_unix)[28060]: session closed for user root

Apr 09 17:48:48 172.18.37.203 sshd[28588]: Received disconnect from 172.18.37.15: 11: Disconnect requested by Windows SSH Client.

A controller user logged in, using an SSH connection.

WEB ADMIN LOGIN

Oct 13 11:15:07 172.18.37.201 xems: 1255433051l | security | info | WAU | Controller Access User

admin@172.18.37.12 login to controller at time Tue Oct 13 11:24:11 2009 is OK

Admin logged in to controller GUI.

Event	System Log Example	Description	Action
NTP SERVER NOT ACCESSIBLE	Apr 12 18:01:10 172.18.49.14 root: NTP server time.windows.com did not respond.	NTP server is not accessible.	Check to see if NTP server is down, or verify that the NTP server is correctly configured on the controller. If the configuration is wrong, use the “Setup” command to correct the configuration.
User Management: RADIUS request sent	Mar 29 13:43:40 172.18.86.229 SecurityMM: 1269866620l \| security \| info \| RBAC \| Sending RADIUS Access-Request message for user : pat	For RADIUS- based controller user management, RADIUS access request is being sent to RADIUS server.
User Management: Group ID not available	Mar 29 13:46:32 172.18.86.229 xems: 1269866791l \| security \| info \| RBAC \| Group Id not available for Group Num 700 and User Id pat	Group ID configured for controller user is not available.	Create group with this group ID, or change the group ID for this user.
User Management: RADIUS Success	Mar 29 13:49:18 172.18.86.229 SecurityMM: 1269866959l \| security \| info \| RBAC \| RADIUS Access succeed for user <pat>	For RADIUS- based controller user management, RADIUS authentication succeeded.
User Management: Group Number received from RADIUS	Mar 29 13:49:18 172.18.86.229 SecurityMM: 1269866959l \| security \| info \| RBAC \| Group Num <700> received from RADIUS server for user <pat>	RADIUS server returned group number for user logged in.

Event	System Log Example	Description	Action
User Management: User Login Success	Mar 29 13:49:18 172.18.86.229 xems: 1269866959l \| security \| info \| WAU \| Controller Access User pat@172.18.45.17 login to controller at time Mon Mar 29 18:19:19 2010 is OK	Controller user logged in.
User Management: RADIUS Failure	Mar 29 13:50:42 172.18.86.229 SecurityMM: 1269867043l \| security \| info \| RBAC \| RADIUS Access failed for user <local1234>	RADIUS authentication for controller user failed.
User Management: User Login Failure	Mar 29 13:50:43 172.18.86.229 xems: 1269867043l \| security \| info \| WAU \| Controller Access User local1234@172.18.45.17 login to controller at time Mon Mar 29 18:20:43 2010 is FAILED	Controller user login failed.
DUAL ETHERNET	info NOT 10/08/2009 00:12:42 <00:90:0b:0a:81:b0> 1st interface link up.	Controller’s first interface link is up.
DUAL ETHERNET	info NOT 10/08/2009 00:16:14 <00:90:0b:0a:81:b0> 1st interface link down.	Controller’s first interface link is down.
DUAL ETHERNET	info NOT 10/08/2009 00:25:55 <00:90:0b:0a:81:af> 2nd interface link up.	Controller’s second interface link is up.
DUAL ETHERNET	info NOT 10/08/2009 00:26:16 <00:90:0b:0a:81:af> 2nd interface link down.	Controller’s second interface link is down.
DUAL ETHERNET	info NOT 10/08/2009 00:25:56 <00:90:0b:0a:81:af> switch to 2nd interface done.	Controller is configured in redundant mode for dual Ethernet. The first interface went down, so the second interface has taken over.

Event

System Log Example

Description

Action

DUAL ETHERNET

info NOT 10/08/2009 00:26:19 <00:90:0b:0a:81:af> switch to 1st interface done.

Controller is configured in redundant mode for dual Ethernet. The second interface

went down, so

the first interface has taken over.

DUAL ETHER-

NET: STANDALONE MODE

EXAMPLE

info NOT 10/08/2009 00:12:42 <00:90:0b:0a:81:b0> 1st interface link up.

info NOT 10/08/2009 00:16:14 <00:90:0b:0a:81:b0> 1st interface link down.

Sequence

shown when the controller is configured in standalone mode, and the first interface goes down.

If first interface link down message is seen,

check the con-

nectivity to first interface.

Event

System Log Example

Description

Action

DUAL ETHER-

NET: REDUN-

DANT MODE

EXAMPLE

info NOT 10/08/2009 00:24:26 <00:90:0b:0a:81:af> 1st interface link up.

info NOT 10/08/2009 00:25:52 <00:90:0b:0a:81:af> 1st interface link down.

info NOT 10/08/2009 00:25:55 <00:90:0b:0a:81:af> 2nd interface link up.

info NOT 10/08/2009 00:25:56 <00:90:0b:0a:81:af> switch to 2nd interface done.

info NOT 10/08/2009 00:26:16 <00:90:0b:0a:81:af> 2nd interface link down.

info NOT 10/08/2009 00:26:19 <00:90:0b:0a:81:af> 1st interface link up.

info NOT 10/08/2009 00:26:19 <00:90:0b:0a:81:af> switch to 1st interface done.

Sequence

shown when the controller is configured in redundant mode. When the first interface goes down, and the second interface takes over.

Check the connectivity on the interface that has gone down.

DUAL ETHER-

NET: ACTIVE

MODE EXAM-

PLE

info NOT 10/08/2009 00:37:29 <00:90:0b:0a:81:b0> 1st interface link up.

info NOT 10/08/2009 00:37:29 <00:90:0b:0a:81:af> 2nd interface link up.

info NOT 10/08/2009 00:38:34 <00:90:0b:0a:81:af> 2nd interface link down.

info NOT 10/08/2009 00:38:39 <00:90:0b:0a:81:b0> 1st interface link down.

info NOT 10/08/2009 00:38:43 <00:90:0b:0a:81:b0> 1st interface link up.

info NOT 10/08/2009 00:38:45 <00:90:0b:0a:81:af> 2nd interface link up.

Sequence

shown when the controller is configured in active mode.

Check the connectivity on the interface that has gone down.

AP System

Event		System Log Example		Description		Action
AP Down		Mar 21 12:56:51 172.18.65.202 ALARM: 1206084411l \| system \| info \| ALR \| AP DOWN CRITICAL Access Point Pat-AP300 (2) at time Fri Mar 21 07:26:51 2008		This message is generated when the controller detects an AP Down event. An AP Down event can be reported for many reasons: AP upgrading Power failure Network failure, AP not accessible. AP crash		If an AP crash is occurring due to an unknown issue, contact Customer Support.
AP Up		Mar 21 12:57:20 172.18.65.202 ALARM: 1206084440l \| system \| info \| ALR \| AP UP Access Point Pat-AP300 (2) is up at time Fri Mar 21 07:27:20 2008		This message is generated when the controller detects an AP Up event.
AP Software Version Mismatch		Mar 21 15:19:05 172.18.65.202 ALARM: 1206092945l \| system \| info \| ALR \| AP SOFTWARE VERSION MISMATCH CRITICAL AP Pat-AP300 (2) – Software Version Mismatch : AP version is 3.4.SR3m-10 and Controller version is 3.6-40		This message is generated when the AP software version does not match the controller software version.		If Auto-APUpgrade is enabled, the controller will automatically upgrade AP software to the same version. Otherwise, manually upgrade the AP to the version same as the controller.
	Event		System Log Example		Description		Action
	AP Upgrade		Apr 09 12:41:18 172.18.37.203 ALARM: 1270817859l \| system \| notice \| NOT \| Software version of AP 4 is being changed from 4.0-86 to 4.0-89		The AP software is being upgraded.
	Boot Image Version Mismatch		Apr 28 14:03:35 172.18.65.202 ALARM: 1209371615l \| system \| info \| ALR \| AP BOOTIMAGE VERSION MISMATCH CRITICAL BootImage_Version_MisMatch_for_AP1		This message is generated when the AP has an incompatible boot image.
	Boot Image Match		Apr 28 14:03:51 172.18.65.202 ALARM: 1209371631l \| system \| info \| ALR \| AP BOOTIMAGE VERSION MISMATCH CLEAR BootImage_Version_Match_for_AP1		The message is generated when the AP’s incompatible boot image has been replaced by a compatible boot image.
	AP Neighbor Loss		Apr 28 14:01:12 172.18.65.202 ALARM: 1209371472l \| system \| info \| ALR \| AP NEIGHBOR LOSS CRITICAL Neighbor_Loss_for_AP1		This message is generated when an AP has lost its neighbor AP.
	AP Neighbor Loss Cleared		Apr 28 14:01:18 172.18.65.202 ALARM: 1209371478l \| system \| info \| ALR \| AP NEIGHBOR LOSS CLEAR Neighbor_Loss_for_AP1		This message is generated when then the AP Neighbor loss alarm is cleared.
	Hardware Diagnostics Error		Mar 21 13:49:53 172.18.65.202 ALARM: 1206087593l \| system \| info \| ALR \| AP HARDWARE DIAGNOSTIC ERROR CRITICAL HardwareDiagnostics		This message is generated when an AP has an incompatible FPGA version.
	Hardware Diagnostics Error Cleared		Mar 21 13:49:47 172.18.65.202 ALARM: 1206087587l \| system \| info \| ALR \| AP HARDWARE DIAGNOSTIC ERROR CLEAR HardwareDiagnostics		This message is generated when an AP’s incompatible FPGA version is replaced with a compatible version.

AP System

Event		System Log Example		Description		Action
Handoff Fail		Apr 28 14:02:04 172.18.65.202 ALARM: 1209371524l \| system \| info \| ALR \| HAND OFF FAIL CRITICAL Hand- Off_Fail_for_AP1		This message is generated when handoff fails.
Handoff Fail Cleared		Apr 28 14:02:21 172.18.65.202 ALARM: 1209371541l \| system \| info \| ALR \| HAND OFF FAIL CLEAR HandOff_- Fail_Cleared_for_AP1		This message is generated when the handoff fail alarm is cleared.
Resource Threshold Exceeded		Mar 21 13:56:27 172.18.65.202 ALARM: 1206087987l \| system \| info \| ALR \| RESOURCE THRESHOLD EXCEED CRITICAL ResourceThreshold		This message is generated when the resource (CPU & Mem- ory) threshold is exceeded.
Resource Threshold Exceed Cleared		Mar 21 13:57:17 172.18.65.202 ALARM: 1206088037l \| system \| info \| ALR \| RESOURCE THRESHOLD EXCEED CLEAR ResourceThreshold		This message is generated when the resource threshold exceed alarm is cleared.
System Failure		Mar 21 14:18:29 172.18.65.202 ALARM: 1206089309l \| system \| info \| ALR \| SYSTEM FAILURE CRITICAL SystemFailure		This message is generated when the system.
System Failure Cleared		Mar 21 14:19:04 172.18.65.202 ALARM: 1206089344l \| system \| info \| ALR \| SYSTEM FAILURE CLEAR SystemFailure		This message is generated when the system failure alarm is cleared.
Watchdog Failure		Mar 21 14:27:28 172.18.65.202 ALARM: 1206089848l \| system \| info \| ALR \| WATCHDOG FAILURE CRITICAL WatchDog_Failure		This message is generated when the Watchdog process is terminated.
Watchdog Failure Cleared		Mar 21 14:27:59 172.18.65.202 ALARM: 1206089879l \| system \| info \| ALR \| WATCHDOG FAILURE CLEAR WatchDog_Failure		This message is generated when the Watchdog process resumes.
	Event		System Log Example		Description		Action
	Certificate Error		Mar 21 15:04:10 172.18.65.202 ALARM: 1206092050l \| system \| info \| ALR \| CERTIFICATE ERROR CRITICAL Certificare_Error		This message is generated when a certificate error occurs.
	Certificate Error Cleared		Mar 21 15:04:38 172.18.65.202 ALARM: 1206092078l \| system \| info \| ALR \| CERTIFICATE ERROR CLEAR Certificate_Error		This message is generated when the certificate error alarm is cleared.
	AP Init Failure		Apr 28 12:55:58 172.18.65.202 ALARM: 1209367557l \| system \| info \| ALR \| AP INIT FAILURE CRITICAL Init_Failure_for_AP1		This message is generated when an AP initialization fails.
	AP Init Failure Cleared		Apr 28 12:55:45 172.18.65.202 ALARM: 1209367545l \| system \| info \| ALR \| AP INIT FAILURE CLEAR Init_Failure_for_AP1		This message is generated when the AP initialization failure alarm is cleared.
	AP Radio Card Failure		Apr 28 13:01:00 172.18.65.202 ALARM: 1209367860l \| system \| info \| ALR \| AP RADIO CARD FAILURE CRITICAL Radio_Card_Failure_for_AP1		This message is generated when an AP radio card stops working.
	AP Radio Card Failure Cleared		Apr 28 13:01:08 172.18.65.202 ALARM: 1209367868l \| system \| info \| ALR \| AP RADIO CARD FAILURE CLEAR Radio_Card_Failure_for_AP1		This message is generated when an AP radio card failure alarm is cleared.
	Primary RADIUS Server Restored		Mar 21 15:50:53 172.18.65.202 ALARM: 1206094852l \| system \| info \| ALR \| PRIMARY RADIUS SERVER RESTORED CRITICAL RADIUS_Server_Restored		This message is generated when the primary RADIUS server that was down is restored.

AP System

Event	System Log Example	Description	Action
RADAR Detected	Mar 21 15:12:08 172.18.65.202 ALARM: 1206092528l \| system \| info \| ALR \| RADAR DETECTED CRITICAL Radar Detected	This message is generated when DFS Manager detects RADAR.
MIC Counter Measure Activation	Apr 28 13:57:36 172.18.65.202 ALARM: 1209371256l \| system \| info \| ALR \| MIC COUNTERMEASURE ACTIVATION CRITICAL MIC_CounterMeasure_Activation_for_AP1	This message is generated when there are two subsequent MIC failures.
AP MIC Failure	Apr 28 13:13:12 172.18.65.202 ALARM: 1209368592l \| system \| info \| ALR \| AP MIC FAILURE CRITICAL MIC_- Failure_for_AP1	This message is generated when there is a MIC failure.

802.11

Event

System Log Example

Description

Action

Station Unassociated

Apr 09 13:25:28 172.18.37.203 coordinator: Wireless

Associations, Unassociated for STA 00:1f:3b:6c:62:e7 in

BSSID 00:0c:e6:56:dd:3b ESS 4088clear AP_ID 1 at

Time Fri Apr 9 13:41:49 2010

802.11 station disassociation.

Station Associated

Apr 09 14:05:04 172.18.37.203 coordinator: Wireless

Associations, Associated for STA 00:1f:3b:6c:62:e7 in

BSSID 00:0c:e6:56:dd:3b ESS 4088clear AP_ID 1 at Time Fri Apr 9 14:21:25 2010

Mar 22 13:23:34 172.18.65.202 ALARM: 1206127090l | system | info | ALR | Station Info Update : MacAddress :

00:40:96:ae:20:7a, UserName : pat, AP-Id : 1, AP-Name : AP-1, BSSID : 00:0c:e6:8f:01:01, ESSID : pat, Ip-Type : dynamic dhcp, Ip-Address : 172.18.65.11, L2mode : clear, L3-mode : clear, Vlan-Name : VLAN-111, Vlan-Tag : 111

Apr 06 11:59:24 172.18.65.202 ALARM: 1270535364l | system | info | ALR | Station Disconnected : MacAddress :

00:40:96:ae:20:7a

802.11 station association.

Station connection.

Station disconnected.

802.11

Security System

Event	System Log Example	Description	Action
RADIUS ACCESS REQUEST	Mar 29 13:14:06 172.18.98.221 RADIUSInfo: RADIUS Access-Request Message sent for Client (00:1e:37:0e:98:3e).	RADIUS request message has been sent to RADIUS server.
RADIUS ACCESS ACCEPT	Mar 29 13:14:06 172.18.98.221 RADIUSInfo: RADIUS Access-Accept message received for Client (00:1e:37:0e:98:3e).	RADIUS server responded with Access-Accept message for RADIUS request (success scenario).
802.1X RADIUS ACCESS REQUEST	Apr 09 15:05:58 172.18.37.203 ALARM: 1270826539l \| system \| info \| ALR \| 802.1x Authentication Attempt INFO RADIUS Access Attempt by station with MAC address 00:1f:3b:6c:62:e7 and user is NULL , AP Id: <1>	As part of 802.1X authentication, RADIUS request message has been sent to RADIUS server from controller.
802.1X RADIUS ACCESS REJECT WITH BAD USER- NAME	Apr 13 19:48:23 172.18.48.151 ALARM: 1271169441l \| system \| info \| ALR \| 802.1X AUTHENTICATION FAILURE INFO Access Request rejected for User: <harsh>, NAS IP: <172.18.48.151>, SSID: <wpa2h>, Calling Station ID: <00:1f:3b:83:21:13>, Called Station ID: <00:90:0b:0a:82:48>, Authentication Type: <802.1X>, Reason: <Bad Username or Password>, AP Id: <1>	As part of 802.1X authentication, RADIUS server has responded with Access-Reject message, with the reason “Username or password is not correct.” (Failure scenario).	Check for correct username or password.

Security System

Event	System Log Example	Description	Action
RADIUS SWI- TCHOVER FAILURE	Apr 09 15:07:54 172.18.37.203 ALARM: 1270826655l \| system \| info \| ALR \| RADIUS SERVER SWITCHOVER FAILED MAJOR Primary RADIUS Server <172.18.1.3> failed. No valid Secondary RADIUS Server present. Switchover FAILED for Profile <4089wpa2>	During RADIUS authentication, primary RADIUS server was not accessible, and secondary RADIUS server is not configured.	Check for connectivity to primary RADIUS server from controller. If another RADIUS server is available, configure it as secondary server.
ACCOUNTING RADIUS SWI- TCHOVER	Mar 22 16:38:19 172.18.65.202 ALARM: 1206061018l \| system \| info \| ALR \| ACCOUNT RADIUS SERVER SWITCHOVER MAJOR Accounting RADIUS Server switches over from Primary <1.1.1.1> to Secondary <2.2.2.2> for Profile <WPA2>	For accounting, primary RADIUS server is not accessible, and switchover to secondary RADIUS server is attempted.	Check for connectivity between primary RADIUS server and controller.
ACCOUNTING RADIUS SWI- TCHOVER FAILURE	Mar 22 16:41:51 172.18.65.202 ALARM: 1206061230l \| system \| info \| ALR \| ACCOUNT RADIUS SERVER SWITCHOVER FAILED MAJOR Primary Accounting RADIUS Server <1.1.1.1> failed. No valid Secondary Accounting RADIUS Server present. Switchover FAILED for Profile <WPA2>	For accounting, primary RADIUS server is not accessible, and switchover secondary RADIUS server is not configured.	Check for connectivity to primary RADIUS server from controller. If another RADIUS server is available, configure it as secondary server.
MAC FILTERING: RADIUS SWITCHOVER	Mar 21 16:38:57 172.18.65.202 ALARM: 1206097736l \| system \| info \| ALR \| RADIUS SERVER SWITCHOVER MAJOR RADIUS Server switched over from Primary < 1.1.1.1 > to Secondary < 172.18.1.7 > for Mac Filtering	For MAC filtering, primary RADIUS server is not accessible, and switchover to secondary RADIUS is attempted.	Check for connectivity between configured primary RADIUS server and controller.

Security System

Captive Portal

Event	System Log Example	Description	Action
Captive Portal Login Request	Mar 29 14:11:53 172.18.98.221 xems: 1269867812l \| security \| info \| CAP \| Captive Portal User(pat@172.18.98.41) login Request Received.	Login request for Captive Portal User has been received.
Captive Portal: RADIUS Login Success	Mar 29 14:11:53 172.18.98.221 SecurityMM: 1269867812l \| security \| info \| CAP \| pat@172.18.98.41 StationMac[00:1b:77:af:dc:6e] RADIUS User logged in OK	Captive Portal RADIUS user has successfully logged in.
Captive Portal: Redirection	Mar 29 13:39:16 172.18.86.229 xems: 1269866356l \| security \| info \| CAP \| Captive Portal User(172.18.86.14) Redirected. Sending login (https://secsol:8081/vpn/loginformWebAuth.html)	Complete Captive Portal login.

Captive Portal

Event

System Log Example

Description

Action

Captive Portal:

Mar 22 13:23:47 172.18.65.202 httpd: 1206127103l | 802.mobility | info | CAP | 172.18.111.11:8080 1 http:// www.google.com/webhp?complete=1&hl=en

Mar 22 13:23:47 172.18.65.202 xems: 1206127103l | 802.mobility | info | RED | 172.18.111.11:8080 1

Mar 22 13:23:47 172.18.65.202 xems: 1206127103l | 802.mobility | info | RED | 172.18.111.11:8080 2

Mar 22 13:23:47 172.18.65.202 httpd: 1206127103l | 802.mobility | info | CAP | 172.18.111.11:8080 2

Mar 22 13:23:49 172.18.65.202 httpd: 1206127105l |

802.mobility | info | CAP | 172.18.111.11:8081 1 http:// 172.18.111.211:8081/vpn/loginformWebAuth.html

Mar 22 13:23:49 172.18.65.202 xems: 1206127105l | 802.mobility | info | CNT | 172.18.111.11:8081 1

Mar 22 13:23:49 172.18.65.202 xems: 1206127105l | 802.mobility | info | CNT | 172.18.111.11:8081 2

Mar 22 13:23:49 172.18.65.202 httpd: 1206127105l | 802.mobility | info | CAP | 172.18.111.11:8081 2

Mar 22 13:23:49 172.18.65.202 httpd: 1206127105l |

802.mobility | info | CAP | 172.18.111.11:8081 1 http://

172.18.111.211:8081/vpn/Images.vpn/newlogo.gif

Mar 22 13:23:49 172.18.65.202 xems: 1206127105l | 802.mobility | info | CNT | 172.18.111.11:8081 1

Mar 22 13:23:49 172.18.65.202 xems: 1206127105l | 802.mobility | info | CNT | 172.18.111.11:8081 2

Mar 22 13:23:49 172.18.65.202 httpd: 1206127105l | 802.mobility | info | CAP | 172.18.111.11:8081 2

Mar 22 13:23:49 172.18.65.202 httpd: 1206127105l |

802.mobility | info | CAP | 172.18.111.11:8081 1 http:// 172.18.111.211:8081/favicon.ico

Mar 22 13:23:49 172.18.65.202 httpd: 1206127105l | 802.mobility | info | CAP | 172.18.111.11:8081 2

Mar 22 13:23:49 172.18.65.202 httpd: 1206127105l | 802.mobility | info | CAP | 172.18.111.11:8081 1 http://172.18.111.211:8081/favicon.ico

Mar 22 13:23:49 172.18.65.202 httpd: 1206127105l |

802.mobility | info | CAP | 172.18.111.11:8081 2

Captive Portal

Event

System Log Example

Description

Action

Mar 22 13:23:55 172.18.65.202 httpd: 1206127110l |

802.mobility | info | CAP | 172.18.111.11:8081 1 http:// 172.18.111.211:8081/vpn/loginUser

Mar 22 13:23:55 172.18.65.202 xems: 1206127110l | 802.mobility | info | LOG | 172.18.111.11:8081 1

Mar 22 13:23:55 172.18.65.202 xems: 1206127110l | security | info | CAP | ramesh@172.18.111.11 logged in OK

Mar 22 13:23:55 172.18.65.202 xems: 1206127110l | 802.mobility | info | LOG | 172.18.111.11:8081 2

Mar 22 13:23:55 172.18.65.202 httpd: 1206127110l |

802.mobility | info | CAP | 172.18.111.11:8081 2

Captive Portal

QoS

Event	System Log Example	Description	Action
QoS: Action Drop	Apr 13 18:14:23 172.18.117.217 kernel: 1271193480 \| system \| info \| ALR \| Network Traffic, Flow of Traffic MAC: 00:40:96:ad:49:b0->MAC: 00:90:0b:0a:81:ae src_ip:172.18.117.27-> dst_ip:69.147.125.65:[dst_port:0], rule id: 23, action: Drop. AP MAC Address : 00:0c:e6:05:c5:14	This message is generated when packets match the QoS rule based on the configured parameters Packets are dropped.
QoS: Action Forward	Apr 13 18:21:54 172.18.117.217 kernel: 1271193932 \| system \| info \| ALR \| Network Traffic, Flow of Traffic MAC: 00:14:a8:59:c8:80->MAC: 00:90:0b:0a:81:ae src_ip:172.18.117.1-> dst_ip:172.18.117.217:[dst_port:0], rule id: 23, action: Forward. AP MAC Address : 00:00:00:00:00:00	This message is generated when packets match the QoS rule based on the configured parameters. The packets that match the configured QoS rules are forwarded for further processing.
QoS: Action Capture	Apr 13 18:30:47 172.18.117.217 kernel: 1271194465 \| system \| info \| ALR \| Network Traffic, Flow of Traffic MAC: 00:40:96:ad:49:b0->MAC: 00:90:0b:0a:81:ae src_ip:172.18.117.27-> dst_ip:172.18.122.122:[dst_port:5060], rule id: 3, action: Capture. AP MAC Address : 00:0c:e6:07:5d:71	This message is generated when packets match the QoS rule based on the configured parameters. The packets are captured and sent to respective Flow Detector for further processing.

QoS

Event	System Log Example	Description	Action
CAC Per BSSID > CAC Per AP	info ALR 05/04/2010 13:39:20 CAC LIMIT REACHED MAJOR CAC/Global Bssid Limit Reached (1): call Rejected for STA [00:03:2a:00:d8:55] on AP [00:0c:e6:07:5d:7e] in BSSID [00:0c:e6:de:a2:ef]	This message is generated when the CAC limit is reached (based on BSSID). Calls will not go through.
CAC Per AP > CAC Per BSSID	info ALR 05/04/2010 14:42:39 CAC LIMIT REACHED MAJOR CAC/AP Limit Reached (1): call Rejected for STA [00:03:2a:00:d8:55] on AP [00:0c:e6:07:5d:7e]	This message is generated when the CAC limit is reached (based on AP). Calls will not go through.
CAC Per AP = CAC Per BSSID	info ALR 05/04/2010 15:03:22 CAC LIMIT REACHED MAJOR CAC/AP Limit Reached (1): call Rejected for STA [00:03:2a:00:d8:55] on AP [00:0c:e6:07:5d:7e]	This message is generated when the CAC limit is reached (based on AP=BSSID). Calls will not go through.
CAC PER Interference	info ALR 05/04/2010 15:09:01 CAC LIMIT REACHED MAJOR CAC/Interference Limit Reached (1): call Rejected for STA [00:03:2a:00:d8:55] on AP [00:0c:e6:07:5d:7e]	This message is generated when the CAC limit is reached (based on CAC per interference region). Calls will not go through.

QoS

Rogue AP

Event	System Log Example	Description	Action
ROGUE AP DETECTED	Oct 13 11:11:31 172.18.37.201 ALARM: 1255432835l \| system \| info \| ALR \| ROGUE AP DETECTED CRITICAL CONTROLLER (1:13) ROGUE AP DETECTED. AP mac=00:1f:28:57:fa:b7 bss=00:1f:28:57:fa:b7 cch= 6 ess=Integral by AP AP-204 (204)	A rogue AP has been detected.
ROGUE AP REMOVED	Mar 29 13:12:43 172.18.86.229 ALARM: 1269864763l \| system \| info \| ALR \| ROGUE AP REMOVED CONTROLLER (1:24490) ROGUE AP DETECTED. AP mac=00:12:f2:00:17:63 bss=00:12:f2:00:17:63 cch=161 ess=rogue-35	A rogue AP has been removed.

Licensing

Event	System Log Example	Description	Action
LICENSE EXPIRE WARN- ING	Mar 22 15:27:42 172.18.65.202 ALARM: 1205970893l \| system \| notice \| NOT \| controller license expires in 1 day	Notification that license expires in one day.	Install a license for the software.
LICENSE EXPIRE WARN- ING	Mar 22 15:33:46 172.18.65.202 ALARM: 1205971257l \| system \| notice \| NOT \| controller license expires tonight at midnight.	Notification that license expires by midnight.	Install a license for the software.
LICENSE EXPIRED	Mar 22 15:42:17 172.18.65.202 ALARM: 1206057655l \| system \| info \| ALR \| SOFTWARE LICENSE EXPIRED MAJOR controller license has already expired.	License has expired.	Install a license for the software.
LICENSE EXPIRED ALARM CLEAR	Mar 22 15:52:23 172.18.65.202 ALARM: 1206058262l \| system \| info \| ALR \| SOFTWARE LICENSE EXPIRED CLEAR controller	License alarm cleared.

Rogue AP

N+1 Redundancy

Event	System Log Example	Description	Action
MASTER CONTROLLER DOWN	Apr 19 14:24:26 172.18.253.203 nplus1_Slave: ALERT: Master Controller has timed out: Regression1 172.18.253.201	Slave detects that master controller is not reachable. Slave moves to active state.	Diagnose the master controller.
PASSIVE TO ACTIVE SLAVE STATE TRANSITION	Apr 19 14:24:26 172.18.253.203 nplus1_Slave: Slave State: Passive->Active	Passive slave in transition to becoming active slave.
ACTIVE SLAVE	May 15 16:07:49 172.18.32.201 nplus1_Slave: Slave State: Active	Slave in active state.
ACTIVE TO PASSIVE SLAVE TRANSITION	May 15 16:07:59 172.18.32.201 nplus1_Slave: Slave State: Active->Passive	Slave detected that master controller is reachable, so slave becomes passive again.
ACTIVE TO PASSIVE SLAVE TRANSITION	Apr 19 14:40:21 172.18.253.203 nplus1_Slave: NOTICE: Active Slave Controller (Regression1 172.18.253.201) -> Passive Slave (RegressionSlave 172.18.253.203)	Slave detected that master controller is reachable, so slave becomes passive again.
PASSIVE SLAVE	Apr 19 14:40:21 172.18.253.203 nplus1_Slave: Slave State: Passive	Slave in passive state.
MASTER CON- TROLLER DOWN ALARM	May 15 16:07:49 172.18.32.201 ALARM: 1210847902l \| system \| info \| ALR \| MASTER CONTROLER DOWN INFO	Master controller down alarm.

N+1 Redundancy

Event

System Log Example

Description

Action

MASTER CONTROLLER UP

ALARM

May 15 16:07:59 172.18.32.201 ALARM: 1210847912l | system | info | ALR | MASTER CONTROLER UP INFO

Master controller up alarm.

SLAVE CONFIG

SYNC

Apr 19 14:51:07 172.18.253.201 sshd[7465]: PAM

_pam_init_handlers: no default config /etc/pam.d/other

Apr 19 14:51:07 172.18.253.201 sshd[7465]: PAM

_pam_init_handlers: no default config /etc/pam.d/other

Apr 19 14:51:07 172.18.253.201 sshd[7465]: Accepted publickey for root from 172.18.253.203 port 34674 ssh2

Apr 19 14:51:07 172.18.253.201 PAM-env[7465]: Unable to open config file: No such file or directory

SSH system log messages are shown while slave is syncing certain configuration files with the master controller using scp.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

FortiWLC – Events

Leave a reply

Events

Events are similar to alarms in that they indicate that a specific action has taken place. However, while alarms typically require some form of user intervention to resolve the problem, events simply provide an indication that a change has been made. As such, this tab provides a reference to actions on the system.

Figure 88: Events Table

The table below provides a brief description of the columns provided in the Events table. TABLE 36: Events Table Columns

Column	Description
Event Name	The name of the event triggered.
Severity	The severity level; can range from Information, Minor, Major, Critical.
Source	The type of device that triggered the event (controller, AP).
FDN	The name of the device that triggered the event.
Raised At	The date and time at which the event was triggered.
Detail	Detailed information regarding the event, including identifying device details.

Modifying Event Definitions

While FortiWLC (SD) provides a list of pre-configured events, users can also customize the events to the needs of their environment via the Events > Definition tab.

Events

Figure 89: Event Definitions

As shown above, each event has a predetermined severity level, trigger condition, and threshold, but these values can be modified by clicking the small pencil icon next to the desired alarm. This will pop up the Alarm Configuration window, as seen in Figure 87 on page 491. Figure 90: Editing an Event

Events

Use the drop-downs provided in the window to tailor the event to the deployment’s needs and click Save when finished. If desired, the user can click Reload Default to reset the event’s configuration to its original values.

The Threshold field’s units will vary depending on the event selected—for example, when modifying Alarm History Reaches Threshold, the Threshold is measured in percentage of overall alarm table history (and defaults to 90%). However, in an event such as RADIUS Server Switchover, no threshold is needed at all, as it is a binary alarm (i.e., it is triggered when the RADIUS server is switched—there is no percentage involved).

Events

FortiWLC – Alarms

Leave a reply

Alarms

When alarms are generated, the user has the option to either Acknowledge or Clear them by simply checking the box alongside the desired alarm and clicking the appropriate button towards the bottom of the window.

Clear—Moves the alarm from the Active Alarms table into the Alarm History table.
Acknowledge—Marks the alarm as acknowledged in the UserAcknowledged column.

As seen in the figure above, the Active Alarms table provides several columns, as described below.

489

TABLE 35: Active Alarm Columns

Column	Description
Alarm Name	The name of the alarm triggered.
Severity	The severity level; can range from Information, Minor, Major, Critical.
Source	The type of device that triggered the alarm (controller, AP).
FDN	The name of the device that triggered the alarm.
Raised At	The date and time at which the alarm was triggered.
Detail	Detailed information regarding the alarm, including identifying device details.
UserAcknowledged	Indicates whether the alarm has been flagged as Acknowledged.

Modifying Alarm Definitions

While FortiWLC (SD) provides a list of pre-configured alarms, users can also customize the alarms to the needs of their environment via the Alarms > Definition tab.

Figure 86: Alarm Definitions

As shown above, each alarm has a predetermined severity level, trigger condition, and threshold, but these values can be modified by clicking the small pencil icon next to the desired alarm. This will pop up the Alarm Configuration window, as seen in Figure 87 on page 491.

Figure 87: Editing an Alarm

Use the drop-downs provided in the window to tailor the alarm to the deployment’s needs and click Save when finished. If desired, the user can click Reload Default to reset the alarm’s configuration to its original values.

The Threshold field’s units will vary depending on the alarm selected—for example, when modifying AP Memory Usage High, the Threshold is measured in percentage of overall system memory (and defaults to 70%). However, in an alarm such as Link Down, no threshold is needed at all, as it is a binary alarm (i.e., it is triggered when a link to an AP goes down—there is no percentage involved).

List of Alarms

No.	Alarm	Severity	Source	Explanation
1.	Alarm link up	information	all controller models	Physical link on controller is up.
2.	Alarm link down	critical	all controller models	Physical link on the controller is down; check the connection.
3.	Alarm auth fail	information	controller models	An administrator failed to log in to the GUI due to an authentication failure.
4.	AP down	critical	all AP models	An AP is down. Possible reasons for this are an AP reboot, an AP crash, or an Ethernet cable from the controller may be down. Also the AP may have connected to another controller.
5.	Radio Failure	critical	all AP models	An alarm is generated when the Radio fails to turn operational during Initial bootup. This is occurred due to some Hardware issue on the AP Radio.
6.	Rogue AP detected	critical	all controller models	A rogue AP has been detected on the network. The message looks something like this: Rogue AP Detected Critical 06/04/2010 10:04:51 CONTROLLER (1:24194) ROGUE AP DETECTED. Station mac=0c:60:76:2d:fe:d9 bss=00:02:6f:3a:fd:89 by AP Ben-Cubei (18) See the chapter Rogue AP Detection and Mitigation.
7.	AP software version mismatch	critical	all AP models	The software version on the AP does not match the version on the controller. Automatic AP upgrade must have been turned off. Update the AP from the controller with either the CLI command upgrade ap same <ap id> force or upgrade ap same all force. You can also turn automatic upgrade back on by with the CLI command autoap-upgrade enable.
8.	AP init failure	major	all AP models	AP initialization failed.

No.	Alarm	Severity	Source	Explanation
9.	Software license expired	major	all controller models	Controller software license has expired. To obtain additional licenses, see www.merunetworks.com/ license.
10.	802.1X auth failure	major, minor, information	all controller models	RADIUS server authentication failed. To find out why, look at the RADIUS server log for the error message and also check the station log. If this happens only occasionally, you can ignore it. However, if this message appears repeatedly, the authentication failures could prevent a station from entering the network. In this case, check the RADIUS server to make sure the client and server have the same credentials.
11.	MIC failure AP	major	all controller models	The Michael MIC Authenticator Tx/Rx Keys provided in the Group Key Handshake are only used if the network is using TKIP to encrypt the data. A failure of the Michael MIC in a packet usually indicates that the WPA WPSK password is wrong.
12.	MIC countermeasure activation	major	all controller models	Two consecutive MIC failures have occurred (see above).
13.	RADIUS Server Switchover	major	all controller models	A switchover from the Primary Authentication RADIUS Server to the Secondary Authentication RADIUS Server occurred. When this message occurs, the Primary RADIUS server is configured but not reachable and the Secondary RADIUS server is both configured and reachable. This message is generated only for 802.1x switchover, not for Captive Portal switchover. An example looks like this: RADIUS Server Switchover Major 06/07/ 2010 14:09:57 RADIUS Server switches over from Primary <172.18.1.7> to Secondary <172.18.1.3> for Profile <wpa>

No.

Alarm

Severity

Source

Explanation

14.

RADIUS Server Switchover Failed

major

all controller

models

A switchover from the Primary Authentication

RADIUS Server to the Secondary Authentication RADIUS Server failed because the secondary server is not configured. When this message occurs, the Primary RADIUS server is configured but not reachable and the Secondary RADIUS server is not configured.

This message is generated only for 802.1x switchover failure, not for Captive Portal switchover failure.

An example looks like this:

RADIUS Server Switchover Failed Major 06/

07/2010 14:02:47 Primary RADIUS Server

<172.18.1.7> failed. No valid Secondary RADIUS

Server present. Switchover FAILED for Profile

<wpa> Alarms Table(1 entry)

15.

Restore Primary RADIUS Server

major

all controller

models

A switchover from the Secondary Authentication

RADIUS Server to the Primary Authentication RADIUS Server occurred. This alarm was generated while doing RADIUS fall back to the primary server after 15 minutes.

This message is generated only for 802.1x primary RADIUS restore, not for Captive Portal restore.

An example looks like this:

Restore Primary RADIUS Server Major 06/07/ 2010 15:54:10 Security Profile <wpa> restored back to the Primary RADIUS server <172.18.1.7>

No.	Alarm	Severity	Source	Explanation
16.	Acct RADIUS server switchover	major	all controller models	A switchover from either Accounting RADIUS Server (primary or secondary) to the other one occurred. This message is generated only for 802.1x switchover, not for Captive Portal switchover. An example when the primary to secondary switch occurred looks like this: Accounting RADIUS Server Switch Major 06/ 07/2010 14:39:00 Accounting RADIUS Server switches over from Primary <172.18.1.7> to Secondary <172.18.1.3> for Profile <wpa>
17.	Acct RADIUS server switchover failed	major	all controller models	An attempted switchover from one Accounting RADIUS Server to the other server failed.When this message occurs, the Primary Accounting RADIUS server is configured but not reachable and the Secondary Accounting RADIUS server is not configured. This message is generated only for 802.1x switchover failure, not for Captive Portal switchover fail lure. An example looks like this: Accounting RADIUS Server Switch Major 06/ 07/2010 14:22:26 Primary Accounting RADIUS Server <172.18.1.7> failed. No valid Secondary Accounting RADIUS Server present. Switchover FAILED for Profile <wpa>
18.	Master down	critical	all controller models	N+1 Master controller is down and no longer in control; the slave controller will now take over.
19.	Master up	critical	all controller models	N+1 Master controller is up and running; this controller will now take control away from the slave controller.
20.	CAC limit reached	major	all controller models	Admission control in ATM networks is known as Connection Admission Control (CAC) – this process determines which traffic is admitted into a network. If this message occurs, the maximum amount of traffic is now occurring on the network and no more can be added.

FortiWLC – Fault Management

Leave a reply

Fault Management

Alarm and event information can be found on the Monitor > Fault Management page. By default, the Active Alarms table is displayed, which indicates any alarms that have been recently triggered.

Figure 85: Fault Management Table

The Fault Management page provides information regarding two major types of events in FortiWLC (SD): Alarms and Events. Refer to their respective sections below for additional details.

FortiWLC – Troubleshooting

1 Reply

Troubleshooting

Where Do I Start?
Error Messages
System Logs
System Diagnostics
Capturing Packets
FTP Error Codes

Where Do I Start?

We recommend that you start troubleshooting as follows:

Web UI or CLI?	Problem Involves?	Strategy
Web UI	stations	View station log history by clicking Monitor > Diagnostics > Station
Web UI	radios	View radio log history by clicking Monitor > Diagnostics > Radio

Where Do I Start?

Web UI or CLI?

Problem Involves?

Strategy

CLI

stations

View station-log history with one of these commands:

station-log show-mac=<affected MAC address> station-log show (if the MAC is not known)

If the problem is reproducible/occurring continually, log your terminal session, enter the station-log interface and add the affected MAC address using the command station add <MAC>. If you DON’T know the MAC address, enter event all all to capture all events for all MAC addresses.

CLI

controller

View controller-log history with the command diagnostics-controller

If the problem is reproducible/occurring continually, log your terminal session, enter the station-log interface with the command station-log, and add the affected MAC address using the command station add <MAC>. If you DON’T know the MAC address, type event all all to capture all events for all MAC addresses.

Error Messages

The following are common error messages that may occur either at the controller or at an AP.

Error Messages

Message Text	Explanation
[07/20 13:02:11.122] 1m[35mWarning[0m WMAC: Wif(0):SetTsf() TSF[00000000:000006e3] -> [00000033:77491cfd]thr[0000 0000:03938700]	May be observed on the AP command line or in trace log output from an AP after a full diagnostics gather. The SetTsf() messages indicate that the AP has adjusted its TSF (TSF stands for Time Synchronization Function and is really the AP’s clock) forward by more than a certain threshold (the threshold is 5 seconds). The specific case above indicates that the AP has just booted up and adjusted its TSF value to its neighboring AP’s TSF value. You can tell that the AP just booted because its current TSF is a low value (i.e. 6e3 microseconds). During initialization, the AP will synchronize its TSF to the TSF of its neighbors whenever the neighbors support a BSSID in common with this AP. That is a requirement to support Virtual Cell.
[07/31 14:01:33.506] ***ERROR*** QOS: FlowMgr failed while processing flow request, reason= 5, srcMac[00:23:33:41:ed:27], dstMac[00:00:00:00:00:00].	May be observed in the controller’s CLI interface. This error occurs when there is an attempt to either set up or remove an AP flow on a station that has started a phone call. “reason=5” means the cited station is not assigned to the AP where the attempt to set up/ remove the flow was made. The presumed impact is that the stations (presumably phones) get lower than normal call quality since there are no QoS flows established on behalf of the MAC address.
Received non-local pkt on AP!	This message may be observed on the serial console of a controller or in the dmesg.txt output included with a controller’s diagnostics. This message indicates that a Ethernet type 0x4001 or UDP port 5000 packet (L2 and L3 COMM respectively) was received by the controller’s Ethernet, but was not actually destined for the controller’s MAC or IP address.

Pages: 1 2 3 4 5 6

FortiWLC – Configuring SNMP

Leave a reply

Configuring SNMP

The SNMP Agent offers the network administrator performance management and fault management features, with the collection of statistics as well as notification of unusual events via traps.

This information applies to all controller models and the following AP series:

AP400
AP1000

The Wireless LAN System SNMP Agent can inter-operate with 3^rd party Network Management Systems (NMS) such as HP OpenView, and present alarm and trap information to configured management stations.

Fortinet FortiWLC (SD) supports several versions of SNMP protocols. On Fortinet software, all versions (SNMPv1, SNMPv2c, and SNMPv3) of the Internet-Standard Management Framework share the same basic structure and components. Furthermore, all versions of the specifications of the Internet-Standard Management Framework follow the same architecture.

No	Feature	RFCs
1	SNMPv1	RFC-1155, RFC-1157
2	SNMPv2c	RFC-1901, RFC-1905, RFC-1906
3	SNMPv3	RFC-1905, RFC-1906, RFC-2571, RFC-2574, RFC-2575
4	MIB-II	RFC-1213
5	Fortinet Private MIB	Fortinet Wireless LAN Proprietary MIB

Note that Fortinet FortiWLC (SD) doesn’t support write operation through SNMP. You need to provision any required configuration through the CLI or Web UI.

445

Features

The following protocols are supported for the read function only (not write):

RFC-1214
SNMPv1/v2c/v3
Fortinet WLAN systems

SNMP Architecture

Figure 77: SNMP Network Management Architecture

The Wireless LAN System SNMP network management architecture follows the client-server architecture as illustrated in the diagram. The SNMP model of a managed network consists of the following elements:

One or more managed nodes. In the illustration, the controller is among the managed nodes in the SNMP-based managed network. The SNMP agent is resident in the managed node. It collects statistics from the access points and combines them before sending them to the SNMP manager via MIB variables. Configuration information set via SNMP is also propagated to the access points by the SNMP agent.
At least one management station containing management applications.
Management information in each managed node, that describes the configuration, state, statistics, and that controls the actions of the managed node.
A management protocol, which the managers and agents use to exchange management messages. In an SNMP managed network, the management protocol is SNMP (Simple Network Management Protocol). This defines the format and meaning of the messages

Features

communicated between the managers and agents. Fortinet Wireless LAN System provides support for traps, gets, and MIB walk functions only.

Neither read nor write privilege gives the SNMP manager access to the community strings. The controller can have an unlimited number of read and read/write community strings.

MIB Tables

The MIB tables supported by the Wireless LAN System SNMP implementation can be downloaded from the controller and then copied to an off-box location. The MIB Tables are also available on the Fortinet web site. A summary of the Wireless LAN System MIB Enterprise tables are:

mwstatistics.1 mwGlobalStatistics.1 * mwIf80211StatsTable.1 mwGlobalStatistics.2 * mwIfStatsTable.1 mwIfStatsEntry.1 mwGlobalStatistics.6 * mwStationStatsTable.1 mwStationStatsEntry.1 mwGlobalStatistics.7 * mwApStationStatsTable.1 mwApStationStatsEntry.1 mwGlobalStatistics.8 * mwCacApStatsTable.1 mwCacApStatsEntry.1 mwGlobalStatistics.9 * mwCacBssStatsTable.1 mwCacBssStatsEntry.1 mwStatistics.2 * mwTop10Statistics.1

mwTop10ApStationProblemTable.1 mwTop10ApStationProblemEntry.1 mwTop10Statistics.2 mwTop10ApStationRxtxTable.1 mwTop10ApStationRxtxEntry.1 mwTop10Statistics.3 mwTop10ApProblemTable.1 mwTop10ApProblemEntry.1 mwGlobalStatistics.4 mwTop10ApRxtxTable.1 mwTop10ApRxtxEntry.1 mwStatistics.1 mwPhoneTable.1 mwPhoneEntry.1 mwStatistics.2 mwPhoneCallTable.1 mwPhoneCallEntry.1 mwStatistics.3 mwStatusTable.1 mwStatusEntry.1

Global statistics use 64 bit counters in FortiWLC (SD) 4.0 and later

SNMP Architecture

Download the MIB Tables for Management Applications

If you are using a third-party SNMP-based Network Manager program, you will need to integrate the Fortinet Wireless LAN System proprietary MIB tables that allow the manager program to manage controllers and APs. The MIB tables are available in a compressed (zipped) file that can be copied from the controller to an off-box location.

To download the enterprise MIB Tables, contained in the file mibs.tar.gz, located in the images directory, use the following CLI commands:

controller# cd image controller# copy mibs.tar.gz off‐box_location

To download the enterprise MIB Tables using the Web UI, follow these steps:

Open a Web Browser(IE or Firefox), enter the system IP address (example: https:// 172.29.0.133) and then enter a user name and password (factory default user name/ password is admin/admin).
Click Configuration > Wired > SNMP > Download MIB Files.
When the download is done, you will see the file listed in the Downloads list.
Save the file mibs(x).tar.gz.

Pages: 1 2 3

FortiWLC – Enterprise Mesh Troubleshooting

Leave a reply

Enterprise Mesh Troubleshooting

Viewing Mesh Topology

The WebUI provides a Mesh Topology view to quickly assess the current mesh deployment. To access it, navigate to Configuration > Wireless > Mesh > [select mesh] > Mesh Topology.

Within the Mesh Topology tab, click the displayed mesh nodes to expand the tree and view connections between the various nodes.

Enterprise Mesh Troubleshooting

Problem-Solution Chart

Problem	Possible Cause & Solution
Wireless APs are not connecting to their designated parent AP.	Ensure that per-essid bridge is not enabled on wireless or gateway APs.
APs are picking up a configuration that I did not create	Your APs may have inherited an old configuration from a previously-used AP. Try resetting all APs to factory defaults with the CLI command reload ap id default (for one AP) or reload all default. Then, follow the setup directions in “Installing and Configuring an Enterprise Mesh System” *on page 435*.
APs are rebooting	A possibility could be bad channel conditions. Check the backhaul channel condition using a wireless sniffer.

Enterprise Mesh Troubleshooting

FortiWLC – Configuring VLAN in MESH

Leave a reply

Configuring VLAN in MESH

Mesh APs now supports VLAN trunking.

Before you enable VLAN trunking on a mesh network, follow the recommendations listed below:

Secondary redundancy network is not support and hence use mesh rediscovery to achieve redundancy.
The gateway AP in a VLAN mesh should use ESS and port profile in tunnel mode if the profiles contain VLAN tags.

Enabling VLAN Trunk

Using CLI

controller(15)# configure terminal controller(15)(config)# port‐profile vlantrunk controller(15)(config‐port‐profile)# enable controller(15)(config‐port‐profile)# vlantrunk enable controller(15)(config‐port‐profile)# multicast‐enable controller(15)(config‐port‐profile)# end controller(15)(config)# mesh vlantest controller(15)(config‐mesh)# admin‐mode enable controller(15)(config‐mesh)# psk key 12345678 controller(15)(config‐mesh)# meshvlantrunk enable controller(15)(config‐mesh)# end

Configuring VLAN in MESH

controller(15)# controller(15)# sh mesh‐profile

Name Description Admin Mode PlugNPlay Status VLAN Trunking St vlantrunk enable disable enable testvlan enable disable enable vlantest enable disable enable

Mesh Configuration(3) controller(15)# configure terminal controller(15)(config)# mesh‐profile vlantest controller(15)(config‐mesh)# mesh‐ap 65 controller(15)(config‐mesh‐mesh‐ap)# end controller(15)# controller(15)# sh port‐profile

Profile Name Enable/Disable VlanTrunk Dataplane Mode VLAN Name Security Profile Allow Multicast IPv6 Bridging

default enable enable bridged on off

vlantrunk enable enable bridged off off

Port Table(2)