FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
This article describes a troubleshooting scenario where a client with a spoofed MAC address is granted network access on the same switch port, despite not having the Persistent Agent installed.
Scope
FortiNAC, FortiNAC-F.
Solution
Issue Summary: In this scenario, two PCs are involved:
PC 1 has the Persistent Agent installed.
PC 2 does not have the Persistent Agent installed.
Both devices use the same MAC address.
When PC 1 (with the Persistent Agent) is disconnected and PC 2 (without the agent) is connected to the same switch port (GigabitEthernet0/0/x), PC 2 is still granted network access. Furthermore, FortiNAC logs incorrectly show 'Persistent Agent Communication Resumed' for PC 2.
Resolution: To address this issue, configure the switch to use MAC notification traps instead of relying on SNMP port link-up/down traps. This allows FortiNAC to accurately detect MAC address changes on the port and prevent unauthorized access.
