Technical Tip: Logs that needs to be collected if the Hardware Vendor information for the client device is not listed under the NAC policies on the Firewall

To gain a basic understanding of how NAC policies work and to learn how to configure them, refer to the links provided below:

• FortiAP: configuring-wireless-nac-support 
• FortiLink: fortiswitch-network-access-control 
• FortiAP: How-to-configure-NAC-Policies-for-WLAN 

To classify the devices based on the Vendor MAC OUI (Organizationally Unique Identifier), select the 'Hardware vendor' option and select the required Vendor from the dropdown list as shown below:

If the vendor information for the client device is missing under this list, perform the steps shown below:

• Login into the FortiGate CLI: 

USFL-TPAT11ZE-MDF-FW1 (global) # diagnose autoupdate versions | grep -A 7 "Mac Addr"
Mac Address Database
---------
Version: 1.00143
Contract Expiry Date: Wed Mar 17 2021
Last Updated using manual update on Tue Dec 6 09:00:00 2022
Last Update Attempt: Tue Jan 28 11:43:13 2025
Result: Updates Installed

USFL-TPAT11ZE-MDF-FW1 (global) # diagnose vendor-mac match 70:4c:a5:4e:77:5d 18
Vendor MAC: 16(Fortinet), matched num: 1

Here, "18" represents the wildcard bits used to match the first three octets of the MAC address, which signify the OUI.

• Perform an OUI lookup against FortiGuard using the following URL: https://www.fortiguard.com/services/dds 

Take a screenshot of the OUI lookup results and upload it, along with the CLI outputs mentioned above, to TAC support to request an update of the vendor information for the client device in the MAC Address Database.