NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
This article describes key troubleshooting points to follow when a Registered Host connects to a switch port, and the port VLAN configuration does not change to provide the appropriate network access.
Scope
FortiNAC.
Solution
Confirm the following:
VLANs are already created on the switch.
Ports are member of the Forced Registration group.
If using Network Access Policies:
Host is matching the correct policy:
Navigate to Hosts -> Host View.
Search for host in quick filter.
Right-click and select Policy Details.
Network Access Policy is configured for the appropriate VLAN.
Ports are in the Role-Based Access group:
Right-click on port under Ports tab (switch model selected in Topology)
Select Group Membership.
If Network Access Policies are not being used, the Default VLAN should be configured.
If the same Default VLAN value is used for the entire switch, the Default field in the Model Configuration should be populated with the appropriate VLAN.
If using different Default VLANs depending upon the port, the Ports tab of the switch model should reflect the correct Default VLAN for that port. This can be set by right-clicking and selecting Port Properties.
Credentials Network Sentry uses to access the switch are correct. Under the Credentials tab of the switch model, select Validate Credentials.
The port is not a member of the Access Point Management Group.
Port does not display in Topology Port View as an Uplink.
