Troubleshooting Tip: Devices not registering using vendor OUI based device profiling rules
Description
This articles describes how to troubleshoot Device profiling rules and resolve issues where the devices are not registering using the Vendor OUI method.
Scope
FortiNAC.
Solution
To troubleshoot device profiling rules enable the following debugs in FortiNAC cli:
- CLI commands in FortiNAC running on CentOS
logs
nacdebug -name ActiveFingerprint true
tf output.nessus | grep 80:5E:C0:D6:6E:06 <------ Replace with MAC address being profiled.
- CLI commands in FortiNAC-F (NACOS)
diagnose debug plugin enable ActiveFingerprint
diagnose tail -F output.nessus | grep 80:5E:C0:D6:6E:06<------ Replace with MAC address being profiled.
After the debugs are enabled test the device profiling on the Adapter view on FortiNAC GUI.
Go to User & Hosts -> Adapters.
Right-click the Adapter that the profiling rule will be tested and select "Test Device Profiling Rule". Select the specific rule that will be tested upon the adapter.
 
Figure 1. Test Device profiling rule in Adapters view.
Once the Devic profiling entry is selected the CLI output will show the following:
yams.ActiveFingerprint FINER :: 2024-06-19 12:36:41:383 :: #86 :: performScan() rule = TEST_Rule_Vendor mac = 80:5E:C0:D6:6E:06 method = OUIMethod
yams.dpc.OUIMethod FINER :: 2024-06-19 12:36:41:384 :: #86 :: type by mac: 80:5E:C0 = 0
yams.ActiveFingerprint FINER :: 2024-06-19 12:36:41:385 :: #86 :: performScan() rule = TEST_Rule_Vendor mac = 80:5E:C0:D6:6E:06 method = OUIMethod fingerprint = Fingerprint [dbid=null, source=Vendor OUI, physAddress=80:5E:C0:D6:6E:06, ipAddress=192.168.60.4, hostName=null, entityTag=null, os=null, createTime=null, lastHeardTime=null, attributes={OUI=80:5E:C0, VENDOR=YEALINK(XIAMEN) NETWORK TECHNOLOGY CO.,LTD.]
yams.ActiveFingerprint FINER :: 2024-06-19 12:36:41:385 :: #86 :: performScan(TEST_Rule_Vendor) Method (OUIMethod) matches data collected
yams.dpc.OUIMethod FINER :: 2024-06-19 12:36:41:384 :: #86 :: type by mac: 80:5E:C0 = 0
yams.ActiveFingerprint FINER :: 2024-06-19 12:36:41:385 :: #86 :: performScan() rule = TEST_Rule_Vendor mac = 80:5E:C0:D6:6E:06 method = OUIMethod fingerprint = Fingerprint [dbid=null, source=Vendor OUI, physAddress=80:5E:C0:D6:6E:06, ipAddress=192.168.60.4, hostName=null, entityTag=null, os=null, createTime=null, lastHeardTime=null, attributes={OUI=80:5E:C0, VENDOR=YEALINK(XIAMEN) NETWORK TECHNOLOGY CO.,LTD.]
yams.ActiveFingerprint FINER :: 2024-06-19 12:36:41:385 :: #86 :: performScan(TEST_Rule_Vendor) Method (OUIMethod) matches data collected
It is important to make sure that Vendor OUI method rules are ranked on top as outlined in the "Device Profiler Configuration" guide at page 7 "Profiling Prioritization"
Related Documentation:
Related Articles:
Troubleshooting Tip: Troubleshooting a rogue not matching any device profiles