FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
This article describes the issue of printers disconnecting from the network when they enter sleep mode and the steps to troubleshoot and resolve the issue.
Scope
FortiNAC.
Solution
This issue happens when the Switch is being enforced with the 'Reset Forced Default' group membership.
Under this enforcement, when FortiNAC sees a host has disconnected from the Switchport, it changes the current VLAN to the specified Default VLAN of the port.
Printer models have different configurations related to Power Saving and Sleep mode. When the Printer enters Sleep mode, it will not generate traffic, and the switch will start the aging out of the MAC entry since it sees it as offline.
When the MAC entry in the switch is removed, FortiNAC detects that there is no host connected to that port (L2 polling schedule), and as a result, it changes the VLAN to default based on 'Reset Forced Default' group membership enforcement.
To prevent this from happening, the following options are possible:
Remove the 'Reset Forced Default' group membership on ports where Printers are connected.
Remove the sleep mode option from printers or extend idle time before sleep.
Use a monitoring system to ping the printer or trigger it to constantly generate traffic. This will cause the switch not to remove the entry from its MAC address table.
Use a custom script in FortiNAC to ping or query the Printer with other supported protocols. This will cause the switch to not remove the entry from its MAC address table. This article provides an example using a Python custom script: Technical Tip: Make use of Python scripts in FortiNAC Scheduler through Bash
