When enforcement is applied by FortiNAC in wireless connections it is possible to use the Network -> Network Events in FortiNAC GUI to check the connection logs and the Logical Network/Access VLAN applied on each stage starting from Rogue entry creation to Host registration. This can assist administrators in verifying timestamps and control actions performed by FortiNAC.

Example. The user connects to the Guest SSID under FortiNAC control.

In this case, the user registers using the Guest Self Registration template and the following happens upon initial connection:

1. The user connects to SSID and FortiNAC receives a RADIUS MAC authentication request that it uses to learn the host and create the Rogue Entry. 
2. FortiNAC responds to NAS(WLC) with a Radius Accept-Accept containing the Isolation VLAN. (VLAN 181 in this example).
3. The Host gets DHCP and DNS configuration from FortiNAC. All HTTP requests are redirected to FortiNAC, which presents the Captive Portal for registration.
4. The user selects 'Guest Self Registration' and is prompted to accept an "Acceptable Usage Policy". After accepting it the user is provided by FortiNAC the credentials to login.
5. Once the user logs in, FortiNAC registers the host with the logged-in user and applies the matching Network Access policy that pushes the Logical configuration containing the VLAN value for the Guest network (VLAN 80 in this example).
6. FortiNAC sees a need for a VLAN change and sends a RADIUS CoA message request or Disconnect Message to de-authenticate the host from its current isolation state.
7. The NAS(WLC) responds with ACK to FortiNAC and at the same time reauthenticates or disconnects the user from the current Isolated authentication session.
8. The host reconnects automatically again, and the NAS (WLC) sends a new Access-Request to FortiNAC.
9. FortiNAC responds to NAS (WLC) with RADIUS Accept-Accept containing VLAN 80.
10. The host gets a new IP from the production DHCP server and has network access as per Firewall policies.

In Network Events, it is possible to verify the host/user network events for this example.

Figure 1. Checking events for Wireless connecting users and matching logical networks per host state.

To investigate it is helpful to add as Filter the Wireless Adapter MAC address in 'MAC Address'. This will only show connection logs for the specific host.

While expanding the drop-down '+' on the left it is possible to see the history of the Rogue entry created until registration to the Guest user.

The results provide information about the Logical Networks applied during each Host state and the Access Value 'Net ID' sent on each case with RADIUS Accept-Accept.

Using the FortiNAC CLI, it is possible to increase the verbosity and details provided by the Network Events view.

This can be helpful during troubleshooting.

To enable the feature, apply the following commands in FortiNAC CLI:

execute enter-shell

globaloptiontool -name networkSession.captureSnapshots -set true

The event will be generated in the output:

Warning: There is no known option with name: networkSession.captureSnapshots

New option added

Related Documentation:

• Network Events
• Port Changes