NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
This article describes that a missing attribute value may cause incorrect processing of RADIUS requests send from Meraki Cloud APs to FortiNAC.
Note:
Any Meraki APs added to FortiNAC inventory on versions 9.4.x or later will automatically set the FirmwareVersion attribute to the device model.
Scope
FortiNAC v9.4.1, 9.4.2, 9.4.3.
Solution
1) Determine if the Meraki APs are missing the FirmwareVersion attribute, from the FortiNAC CLI use the device tool to view existing attributes. From the CLI type:
device -ip x.x.x.x
Example:
device -ip 172.16.10.42
2) Review output for the following line:
Name = FirmwareVersion value = meraki length = 6
Example output:
device -ip 172.16.10.42 ************************* AP Meraki ************************* Landscape = 345051645654 00:50:56:AE:66:E6 Pollable = true, Poll interval = 10 Minutes Type = meraki Group = 1.3.6.1.4.1.29671 MAC = null Protocol = SnmpV1 Description = Meraki MR18 Cloud Managed AP IP = 172.16.10.42 State = Active Status = Established DBID = 696 Attribute Count = 19 Name = SNMPV3_USER_CONTEXT value = **** Name = CLI_CREDENTIALS value = CLICredentials User Name:[null] Password:[***] Enable Password:[***] SessionType:[SSH2] Name = userDefinedOID value = false length = 5 Name = SnmpVersion value = 1 length = 1 Name = ImageType value = meraki length = 6 Name = L2_ENABLED value = false length = 5 Name = L2_POLL_DURATION value = 600 length = 3 Name = L2_MIN_POLL_DURATION value = 300 length = 3 Name = RadiusServerConfigId value = 1 length = 1 Name = AdditionalVlans value = [FortiNAC_Isolation, FortiNAC_Production] length = 41 Name = RadiusSecret ***** Name = DefaultVlanID value = FortiNAC_Production length = 19 Name = GuestAction value = 1 length = 1 Name = GuestVlanID value = null Name = UnRegAction value = 2 length = 1 Name = UnRegVlanID value = FortiNAC_Isolation length = 18 Name = QuarantineAction value = 2 length = 1 Name = QuarantineVlanID value = FortiNAC_Isolation length = 18 Name = FirmwareVersion value = meraki length = 6 *****************************************************************
3) If the FirmwareVersion attribute is missing use the updateversion tool to set the FirmwareVersion attribute, from the CLI type (This will take some time to run):
