Troubleshooting Tip: Inability to set PoE status on a FortiSwitch port from the Switch Controller with NAC mode enabled
| Description | This article describes the behavior of the FortiGate firewall, where the PoE status cannot be set from the Switch Controller when NAC mode is enabled. |
| Scope | FortiGate. |
| Solution | When attempting to enable the PoE status on a FortiSwitch port from the Switch Controller while NAC mode is enabled, it can be impossible to change the PoE port status. Executing the command directly on the switch is successful; however, when the same action is performed from WiFi & Switch Controller → FortiSwitch Ports, the client cannot control the PoE capability.
FGT1 # config switch-controller managed-switch Command fail. Return code -61
This behavior is expected on the firewall. When NAC mode is enabled, the PoE status is always enabled to ensure that NAC dynamic behavior is not disrupted. The client can manually reset PoE using the following command:
execute switch-controller switch-action poe reset <switch-id> <port>
NAC can also reset PoE on a port when a NAC policy is matched to a device using the following commands:
FortiGate(vdom1)# config switch-controller mac-policy FortiGate(mac-policy)# edit mac1 FortiGate(mac1)# set poe-reset ? disable Disable POE reset of a switch port where this mac-policy is applied. enable Enable POE reset of a switch port where this mac-policy is applied. FortiGate(mac1)# end |