Help
FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
cmaheu
Staff
Staff

Created on ‎04-16-2025 12:36 PM Edited on ‎08-19-2025 11:09 PM By Community Manager

Article Id 387933

Troubleshooting Tip: Cisco 9300 managed by Meraki Cloud display as '?'

Description

This article describes the behavior where a Cisco C9300 switch displays as a '?' in Inventory when managed by the Meraki Cloud, as well as how to resolve this discrepancy.
Scope

FortiNAC-F 7.x.
Solution

When the C9300 is installed with Meraki firmware, the switch's system OID changes. The new system OID may not be recognized by FortiNAC. To resolve this issue, run through the following procedure:

  1. Navigate to Network -> Inventory.
  2. Right-click the device model in the tree and select Set Device Mapping.
  3. Select the Model this OID from an existing device.
  4. Select one of the Cisco C9300 Device Models from the list. If none are present, select a Meraki Switch (models start with MS, such as Meraki MS125-24).
  5. Select OK
  6. Add the switch to the L3 group by right-clicking on it
  7. Enable the following CLI debugs in a logged SSH session and provide the output to FortiNAC TAC:

 

nacdebug -name Meraki true
nacedbug -name merakiSwitch true
device -ip <ip_address> -setATTR -name DEBUG -value 'TelnetServer ForwardingInterface'

 

  1. Change the URI associated with the switch:

 

execute enter-shell

device -ip <ip_address> -setAttr -name URIHost -value api.meraki.com

device -ip <ip_address> -setAttr -name ForceInitialize -value true

 

  1. Run the API call from FortiNAC's underlying Linux host to Cisco Meraki, replacing the switch serial number and the Meraki API token with the appropriate value:

 

curl -H 'X-Cisco-Meraki-API-Key: <meraki_API_key>' \
-H 'Content-Type: application/json' \
'https://api.meraki.com/api/v1/devices/<switch_serial_number>/switch/ports>' | sed 's/[,{]/\n&/g'

 

  1. In the FortiNAC GUI, go back to Network -> Inventory, right-click on the switch, and select Resync Interfaces
  2. Collect additional debug logs as specified by the following KB article: Technical Tip: How to get a debug log report from FortiNAC-CA or FortiNAC-Manager
  3. Disable the debug commands from Steps 7 and 8 by removing the 'true' keyword at the end of the nacdebug commands.
  4. If necessary, open a FortiNAC-F support ticket and upload the SSH debug logs obtained from the above procedure (including those specified by the linked KB article) as well as the IP address and hostname of the device.

 

For additional details on Cisco Meraki integrations, see Cisco Meraki Wired Integration in the Fortinet Document Library.
399
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.