Technical Tip: Host connection not detected on secure ports
Description
This article describes although the Polling tab for a switch in Topology shows L2 Polling is successful, the Ports View does not display hosts that are currently connected to certain ports. This can occur if the affected ports have the Secure Ports feature enabled.
Scope
FortiNAC.
Solution
The Secure Port feature only allows communication for certain MAC addresses. This is typically done using static MAC Address entries.
Example of switch output when the Secure Ports feature is not enabled:
0008.e3ff.fd90 DYNAMIC
0009.0f09.0017 DYNAMIC
000a.f779.e3fe DYNAMIC
Example when Secure Ports is enabled:
0008.e3ff.fd90 STATIC
0009.0f09.0017 STATIC
000a.f779.e3fe STATIC
By default, static MAC Addresses are not read from the MAC Address table of a switch. Hosts connected to ports configured for Secure Port will not be detected unless the additional configuration is completed.
- In the Administration UI, navigate to: (8.x) Network Devices -> Topology.
(9.x) Network Devices -> Inventory. - 'Right-click' on the switch model and select Model Configuration.
- Place a checkmark in the box for Secure Ports is enabled for ports on this device(s).
- Select Apply.
- Select the Polling tab and next to L2 (Hosts) Polling, select Poll Now.
The MAC address information should be updated properly.
For some Switches "Secure Ports is enabled for ports on this device(s)." may not be present under the device Model Configuration. In that case, this option can be enabled by using the below CLI commands.
Device -ip <SW-IPaddress> -setAttr -name ForwardTableStatic -value true
Related article:
Technical Tip: Port in Topology View displays a green link light