Technical Tip: Options for devices unable to be modeled in Inventory

FortiKoala · ‎10-01-2018

Description

This article describes the steps to take when adding a network device to the Inventory, it appears with a question mark (?) icon. Discovered devices displaying a '?' icon indicate the currently running version does not have a mapping for that device's System OID (device is not supported). Device mappings are used to manage the device by performing functions such as L2/L3 Polling, Reading, and Switching VLANs. These functions are required for the device to be managed.

Scope

FortiNAC, FortiNAC-F.

Solution

Option 1: Map as a Generic SNMP Device.

This option is sufficient for L3 devices that are modeled only to collect L3 information and will not be placed under enforcement.

For instructions, see the related KB article below.

If ports will be enforced, this is not a recommended option.

See options 2 and 3.

Option 2: Map Using an Existing Device Mapping.

When a device is mapped to an existing System OID, the CLI commands and SNMP OIDs used for the existing model are used for performing the same functions on the new device.

Mapping to existing System OIDs can sometimes result in incorrect modeling. For example, FortiNAC will fail to perform an L2 poll and gain visibility on connected endpoints. To select the most accurate mapping check the Device model/type in the Description section when the device is added. Then apply the mapping by looking for a similar model in the model list.

In this example a Huawei Switch is mapped to a System OID 1.3.6.1.4.1.2011.2.23.1111 and L2 polling is failing.

Initially check in FortiNAC CLI what the description shows about the model:

FortiNAC (Centos):

logs

Device -ip 10.10.10.1

************************* huaweitest *************************
Landscape = 345050119075 00:50:56:XX:XX:XX
Pollable = true, Poll interval = 10 Minutes
Type = 1.3.6.1.4.1.2011.2.23.1111
Group = 1.3.6.1.4.1.2011
MAC = null
Protocol = SnmpV1
Description = Huawei YunShan OS
Version 1.22.0.1 (S5700 V600R022C01SPC500)
Copyright (C) 2021-2022 Huawei Technologies Co., Ltd.
HUAWEI CloudEngine S5735-L-V2
IP = 10.10.10.1
Role = NAC-Default
State = Active
Status = Established

FortiNAC-F (NACOS)

naclab1 # diagnose network device display ip 10.10.10.1

************************* huaweitest *************************
Landscape = 345050119075 00:50:56:XX:XX:XX
Pollable = true, Poll interval = 10 Minutes
Type = 1.3.6.1.4.1.2011.2.23.1111
Group = 1.3.6.1.4.1.2011
MAC = null
Protocol = SnmpV1
Description = Huawei YunShan OS
Version 1.22.0.1 (S5700 V600R022C01SPC500)
Copyright (C) 2021-2022 Huawei Technologies Co., Ltd.
HUAWEI CloudEngine S5735-L-V2
IP = 10.10.10.1
Role = NAC-Default
State = Active
Status = Established

From the output check the version HUAWEI CloudEngine S5735-L-V2.

'Right-click' the Huawei device in Inventory View and select 'Set Device Mapping'.

Figure 1. Looking for Device Model in the mapping menu.

Once the device model is selected select ok and apply the change.

After that right-click the device model and apply the following:

Resync Interfaces ---> FortiNAC will update port/VLAN/SSID information in its modeling
Poll for L2 (Hosts) info ---> FortiNAC will read the MAC address table from the switch.

For instructions, see the related KB article below.

Option 3: Request Device Support .

If support for this device was not already included in a later version, open a feature request to add support.

For details on the required information to supply, see related KB article below.

Technical Tip: Information to provide when requesting device support

Related Articles:

Technical Tip: Unable to model device in GUI

Technical Tip: Determining device support