Wireless Troubleshooting¶
Wi-Fi problems split into a few categories. Use the diagnostic commands below to narrow down quickly.
Symptom Map¶
| Symptom | First check | Likely cause |
|---|---|---|
| AP not coming online | get wireless-controller wtp |
Discovery / CAPWAP issue |
| AP online, no SSID broadcasting | AP Profile config | SSID not attached to radio |
| Client can't connect | Auth logs | Wrong PSK / RADIUS issue |
| Connects but no internet | Firewall policy | Missing wireless → WAN policy |
| Slow throughput | RF environment | Interference / channel overlap |
| Frequent drops | PoE / power | Underpower or RF roaming issues |
| Some devices won't see SSID | Band selection | Device only sees 2.4 / 5 / 6 GHz |
Core Commands¶
# AP status:
get wireless-controller wtp
diagnose wireless-controller wlac -c wtp
# SSID broadcast status per AP:
diagnose wireless-controller wlac -c vap-status
# Connected clients:
diagnose wireless-controller wlac -c sta
diagnose wireless-controller wlac -c sta-detail <mac>
# Live RSSI / signal:
diagnose wireless-controller wlac -c sta-quality
# Live RF scan:
diagnose wireless-controller wlac -c scan
# AP system log (CAPWAP, radio events):
diagnose wireless-controller wlsmgr-dump
Specific Scenarios¶
AP won't come online¶
# Verify CAPWAP reachability from AP's network to FortiGate:
# (From a host on AP's VLAN)
nc -vu <fortigate-ip> 5246
# On FortiGate:
diagnose wireless-controller wlsmgr-dump
Check the AP's discovered status. Restart AP physically (unplug PoE for 10s) if stuck.
Client connects then disconnects immediately¶
Most common: PSK mismatch or PMF mismatch (older clients with required PMF).
diagnose wireless-controller wlac -c sta | grep -i <client-mac>
Lower PMF requirement to "Capable" instead of "Required" for older clients.
Slow throughput¶
# Channel and width:
diagnose wireless-controller wlac -c radio <ap-serial> <radio-num>
# Neighboring AP scan:
diagnose wireless-controller wlac -c scan
Common causes: - Channel overlap with neighbors (run a 24-hour spectrum scan, pick clean channels). - 80 MHz width in 5 GHz with many neighbors (drop to 40 MHz). - 2.4 GHz with too many APs in same area (consider 5 GHz only for new SSIDs).
Inconsistent coverage¶
- AP placement (concrete walls block 5 GHz heavily).
- TX power too high (clients connect from far but throughput poor — better to lower power and add another AP).