Skip to main content
bmeta
Staff & Editor
bmeta
Staff & Editor
April 14, 2021

Troubleshooting Tip: VLAN changes on FortiNAC CLI

  • April 14, 2021
  • 0 replies
  • 2356 views

Description

 

This article describes how to troubleshoot VLAN change on the remote unit using FortiNAC CLI.

 

Scope

 

FortiNAC.

Solution

 

In this example there are addresses:

 

FortiNAC - 192.168.186.141
Switch - 192.168.186.146

 

Connect to FortiNAC using two SSH terminals. Open Terminal A and Terminal B.

Run the below commands in each terminal.

Terminal A.

 

FortiNAC FNVMCA
root@fnac:/root
> DumpBridgePerformance -ip 192.168.186.146 true
Enabling

FortiNAC FNVMCA
root@fnac:/root
> nacdebug -name IPAddressToMac true

Setting IPAddressToMac debug to true:

FortiNAC FNVMCA
root@fnac:/root
> nacdebug -name SnmpV1 true

Setting SnmpV1 debug to true:

 

FortiNAC FNVMCA
root@fnac:/root
> UpdateClients -ip 192.168.186.146
Updating the following devices.
SW1.domain.local 192.168.186.146
Done updating the clients.

Terminal B.

VLAN before the change:

 

FortiNAC FNVMCA
root@fnac:/bsc/logs
> tail -F output.master
.....
yams.BridgeManager INFO :: 2021-04-09 11:51:36:899 :: ********************192.168.186.146-SW1.domain.local********************
2021-04-09 11:51:36:894
        PollThread-poll1
        Remediation VLAN Switching enabled = true
        MAC Filtering enabled = false
        Don't Allow Rogues = false
        Member of PHYSICAL_ADDRESS_FILTERING = false
        Persistent Agent Vlan Delay = 0
        SW1.domain.local Gi1/3    
                Remediation VLAN 111
                Dead End VLAN 112
                Authentication VLAN
                Registration VLAN 110
                Default VLAN 1     
                Current VLAN 1     


Change VLAN first and run UpdateClients -ip 192.168.186.146 (same as step 4 in Terminal A).
VLAN after the change:

 

.....
yams.BridgeManager INFO :: 2021-04-09 11:59:38:064 :: ********************192.168.186.146-SW1.domain.local********************
2021-04-09 11:59:38:053
PollThread-trap2
Remediation VLAN Switching enabled = true
MAC Filtering enabled = false
Don't Allow Rogues = false
Member of PHYSICAL_ADDRESS_FILTERING = false
Persistent Agent Vlan Delay = 0
SW1.domain.local Gi1/3     
Remediation VLAN 111
Dead End VLAN 112
Authentication VLAN
Registration VLAN 110
Default VLAN 1
Current VLAN 5 

 

Disable all debug after troubleshooting:

 

> DumpBridgePerformance -ip x.x.x.x
Disabling debug .....

> nacdebug -name IPAddressToMac
Setting IPAddressToMac debug to false

> nacdebug -name SnmpV1
Setting SnmpV1 debug to false

 

Crosscheck which debug is still enabled - these do not automatically disable:


> nacdebug -true


If there is any output, then use the following disable debug command:


> nacdebug -name <Debug_Name> false

Anyway, all enabled debugs are disabled after Fortinac restart.

    Terms & ConditionsAccessibility statement