When trying to change the 'Current VLAN' manually from port properties, users might get the following error: 

Failed to set current VLAN. Make sure you are using a correctly formatted VLAN ID

Figure 1. Error while attempting a manual VLAN change from FortiNAC GUI.

To resolve the issue, follow these steps:

1. Validate that SSH credentials are working for both CLI and SNMP.
2. Increase the SSH/CLI timeout in the Juniper Model configuration to 60 seconds or more. This is required because Juniper switches are known to take some time to commit changes to port settings.
3. Perform Resynch Interfaces and then perform an L2 poll on the Switch for FortiNAC to update its modeling and learn hosts.
4. In the Model configuration, enforce the Registration VLAN and set the access value. Add a logical network and access Value for the VLAN trying to be changed manually.
5. Verify that the SNMP or CLI account has write permissions on the Switch. The CLI account should have write permissions and no requirement for 'enable password'.
6. If necessary, create a new account with SNMP write/read and CLI write/read permissions and test again.
7. If VLAN switching based on Network access policies is not working, confirm that the port has membership in 'Role based Access' group in FortiNAC.

Related document:

Junper EX Switch xMACAuth Configuration

Visibility troubleshooting