CommScope RUCKUS Community Forums

Justin,

well if it is MTU related then as you mentioned that other single AP which is working ok should also NOT connect which is on the same physical site as other disconnected AP's and use the same route and firewall.

Symptom for MTU related issue is that AP will connect and will get disconnected right after provisioning, Same cycle will repeat. I assume that in your case AP's are just disconnected. Is this is what is happening in your case?

I'm a TSE and got a similar ticket which we got to the bottom of. Version 9.8.0.0.373
firmware has a DNS recursion bit bug (ER-1672), that may prevent new APs from
discovering the Zonedirector solely by DNS. The bug fix will be incorporated as
soon as possible.

The workaround in the meantime, is to employ DHCP option 43 with your ZD's IP
address translated by a tool like this link:

http://shimi.net/services/opt43/

Otherwise, you should also be able to SSH into the remote APs and issue the
'set director ip a.b.c.d' command with your ZD's IP address, then 'reboot' and
the APs should find their way to your ZoneDirector.

If DNS only discovery isn't the problem, then back to the VPN/MTU ideas.

I know what the problem most likely is as we have experienced this exact issue multiple times. When your site-to-site tunnel blips because of a connection issue, the traffic from the AP to the ZoneDirector then automatically tries to route out your WAN connection instead of going across the tunnel connection. Once that session is active, even after the tunnel comes back up it will continue to try to send that traffic out the WAN interface instead of pushing it back through the tunnel. If you do a diag sys session clear on your Fortigate, it will clear that session and it will send it back out the active tunnel.