RADIUS logs show the following error when a RADIUS Access-Request is received by FortiNAC:

Ready to process requests
Ignoring request to auth address * port 1812 from unknown client X.X.X.X port 63149 proto udp

This issue might happen due to the following possible reasons.

1. The FortiGate Firewall policy is using NAT on RADIUS traffic towards FortiNAC. NAT should be disabled.
2. The source IP address of the RADIUS Access-Request is different from that specified in the Element Tab in the modeled device in FortiNAC. This can happen when Network devices do not have static IPs and there is no DHCP reservation set. FortiNAC will keep the initial IP entry when the Device was added. To solve the problem, update the Element IP in the Device model in Network -> Inventory. The configuration on the network device should have a static and Unique IP for Management. Alternatively use DHCP reservation so the device always gets a reserved IP address.

Figure 1. Validation of Element IP matching the source address of RADIUS Access-request

3. FortiNAC database contains a duplicate entry with the same IP. This duplicate entry will cause FortiNAC to ignore the RADIUS Access requests.

To check if there are duplicate entries, enter in the FortiNAC shell:

diagnose network device display ip <ip_address> 

Alternatively, the following command can be used:

execute enter-shell

device -ip <ip_address>

To delete an entry, use the following command from the NAC-OS shell:

diagnose network device delete device ip x.x.x.x

In addition to the IP address, the device output can also be printed based on the following parameters:

• mac <mac> 
• dbid <dbid> 
• device-name <device-name> 
• group <group> 
• container-name <container-name> 
• class-id <class-id> 
• attribute-name <attribute-name> 
• all

4. FortiNAC does not have entries in its bsc.nas database table for the respective device.

Validate if an entry exists by checking in db-shell by replacing X.X.X.X with the device IP:

execute db-shell

MariaDB [bsc]> select * from bsc.nas where nasname='X.X.X.X';

If there are no records for the IP, FortiNAC will ignore the RADIUS requests.

This issue might happen due to an incomplete FortiNAC migration or a power loss that causes database corruption or data loss.

To resolve, reapply the Radius Configuration for multiple devices who share same radius secret and configuration by using the GUI.

Go to Network -> Inventory and select the top Container. Select the list of devices and 'right-click them.

Select 'Set Model Configuration'. Apply the configuration by adding the 'Detail Configuration' tab as in Figure 2 below:

Figure 2. Reapply the Radius Configuration for multiple devices.

Make sure the RADIUS secret is correct and enable all necessary RADIUS configuration settings as per Figure 2.

Finally, validate in db-shell if the entries are populated in bsc.nas table:

execute db-shell

MariaDB [bsc]> select * from bsc.nas;

Related document:

Configure FortiNAC RADIUS Server for Device Integration