Skip to main content
doncacciatoconsuting
doncacciatoconsuting
Explorer II
February 14, 2025
Question

FNAC-F v7.2.8 not sending COA after policy match

  • February 14, 2025
  • 2 replies
  • 724 views

I am hitting the correct NAC policy which should send a COA to my Fortigate Wifi controller to change the vlan. Logical Network portion working correctly. PCAPs on gate and NAC not showing any traffic being initiated.

 

Other policies are properly sending the COA. Are there any known bugs with 7.2?

 

Here is the final lines from the Policy Details debug log.

Looking up LogicalNetworkConfiguration for LogicalNetwork prod-wifi
Using SSID Name:root:corp_wifi, id: 439
Returning LogicalNetworkConfiguration: AccessConfiguration
- Task ID:[null]
- Network:[prod-wifi]
- Access Value:[VLAN_230]
- Access Action:[2]
- Alias:[false]
- Send Groups To Firewall:[false]
- RadiusAttributeGroupId:[1]
- Version:[11]
- Tags: []
- Firewall Groups: []

Don

2 replies

Anthony_E
Staff
Anthony_E
Staff
February 17, 2025

Hello Don,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Best Regards
ndumaj
Staff
ndumaj
Staff
February 17, 2025

Hello @doncacciatoconsuting ,

Enable the debugs:
exec enter-shell

nacdebug -name PolicyHelper true
nacdebug -name RadiusAccess true

nacdebug -name RadiusManager true

Device -ip <IPaddress> -setAttr -name DEBUG -value "ForwardingInterface TelnetServer" <-------- replace <IPaddress> with  FGT IP
Reproduce the issue.
Search for "RadiusServer sendDisconnect" or "RadiusServer radiusCoA" sent for the FGT-FAP device if it is initiated any.


Does the host get the proper vlan if you manually do disconnect and connect to the network?

BR

    Terms & ConditionsAccessibility statement