Troubleshooting Tip: Not switching VLANs on wired switch to production network
Description
This article describes key troubleshooting points to follow when a Registered Host connects to a switch port, and the port VLAN configuration does not change to provide the appropriate network access.
Scope
FortiNAC.
Solution
Confirm the following:
- VLANs are already created on the switch.
- Ports are member of the Forced Registration group.
- If using Network Access Policies:
- Host is matching the correct policy:
- Navigate to Hosts -> Host View.
- Search for host in quick filter.
- Right-click and select Policy Details.
- Network Access Policy is configured for the appropriate VLAN.
- Ports are in the Role-Based Access group:
- Right-click on port under Ports tab (switch model selected in Topology)
- Select Group Membership.
- If Network Access Policies are not being used, the Default VLAN should be configured.
- If the same Default VLAN value is used for the entire switch, the Default field in the Model Configuration should be populated with the appropriate VLAN.
- If using different Default VLANs depending upon the port, the Ports tab of the switch model should reflect the correct Default VLAN for that port. This can be set by right-clicking and selecting Port Properties.
- Credentials Network Sentry uses to access the switch are correct. Under the Credentials tab of the switch model, select Validate Credentials.
- The port is not a member of the Access Point Management Group.
- Port does not display in Topology Port View as an Uplink.
- The host shows as online in Host or Adapter View.
Related articles: