Troubleshooting Tip: Unauthorized Client with spoofed MAC address gains network access without Persistent Agent
| Description | This article describes a troubleshooting scenario where a client with a spoofed MAC address is granted network access on the same switch port, despite not having the Persistent Agent installed. |
| Scope | FortiNAC, FortiNAC-F. |
| Solution | Issue Summary:
When PC 1 (with the Persistent Agent) is disconnected and PC 2 (without the agent) is connected to the same switch port (GigabitEthernet0/0/x), PC 2 is still granted network access. Furthermore, FortiNAC logs incorrectly show 'Persistent Agent Communication Resumed' for PC 2. Resolution: To address this issue, configure the switch to use MAC notification traps instead of relying on SNMP port link-up/down traps. This allows FortiNAC to accurately detect MAC address changes on the port and prevent unauthorized access. |