FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
This article describes how to handle an issue where FortiNAC does not use the correct VLAN switching mode for Arista switch.
Scope
8.x, 9.x, 7.x.
Solution
FortiNAC has the ability to change Arista switch port VLANs using either switchport access vlan or switchport trunk native. FortiNAC will detect trunk port status from the device and add an attribute to indicate if a port is a trunk port to the port model on the device. This attribute is then used during VLAN changes to determine whether to apply the switchport trunk native command (for trunk ports) or the switchport access vlan command.
If switchport access vlan exists on the port, NAC will assume it is an access port. To ensure NAC uses switchport trunk native remove any switchport access vlan command from the switch port running configuration, and do a Read VLAN from the model configuration of the switch in the FortiNAC inventory.
If at any point the switch configuration is changed manually, FortiNAC may not accurately reflect the current VLAN mode for the port, since Read VLAN is not done automatically.
