FortiNAC-F 7.2.5, New core switch, Contact Lost issues

nkuhl30 · ‎08-03-2024

We replaced our core switch (HP 8212zl) with an Aruba CX 6405 back in June. We hired a consultant to reconfigure the config to be compatible with the new CX OS. Ever since then, FortiNAC is intermittently reporting Contact Lost events for our Aruba Controllers and Aruba APs. The controllers and the APs are on the same VLAN, and there are no ACLs or firewalls in-between VLAN 1 (new core) and VLAN 40 (wireless network).

There are zero port errors on the core and it's not an STP issue. The contact lost events only occur with the wireless controllers and APs, and not with our other edge switches or servers.

If we check the Aruba wireless side of things, none of the controllers or APs lose network connectivity. There's just a brief/random comms issue when FortiNAC reaches out to poll via ICMP.

Does anyone have any ideas? Fortinet support is claiming it's a network issue and not on their end. I could really use some help.

Thank you.

ndumaj · ‎08-08-2024

Hi,
Set the MTU on the "interface", then the VLAN interface can be set up to that same value.

Configuring MTU for Vlans may mismatch with the MTU set for the ports.

BR

- Happy to help, hit like and accept the solution -

nkuhl30 · ‎08-08-2024

Thanks. So FortiNAC is a VM on a shared interface, VLAN 1. The WLCs are on VLAN 40. Do I set the MTU on the FortiNAC interface and also VLAN 40 of the WLCs? Sorry for all of the questions. I've never had to mess with MTUs before.

AEK · ‎08-08-2024

Since we are still in troubleshooting phase I'd set it as it was before on HP core (check your old HP config).

AEK

nkuhl30 · ‎08-08-2024

Thanks AEK. We didn't have an MTU set on the old core; it was just set at default. However, the default MTU of HP Procurve switches is 1522. The newer Aruba CX switches have a default MTU of 1500.

ndumaj · ‎08-08-2024

Might be interesting to increase the MTU on the interface.

BR

- Happy to help, hit like and accept the solution -

nkuhl30 · ‎08-08-2024

Ok so bump up the MTU on the interface that FortiNAC is connected to on the core and that’s it?

ebilcari · ‎08-08-2024

Packet fragmentation is not always bad :) and also the SNMP should be friendly and use it for large queries (GETBULK). As long as there are no packet drops it should not be an issue. I think you should investigate why the Aruba drops and not respond to ICMP traffic (most probably when it's busy).

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

nkuhl30 · ‎12-01-2024

Updating this since it's still an issue for us. Has anyone else run into a similar situation with FortiNAC and Aruba controllers intermittently losing contact via ping and/or SNMP?

AEK · ‎12-01-2024

Any interesting logs on Aruba when the issue occurs?
Is the Aruba IP still accessible via SSH/HTTPS when the issue occurs?

AEK

sjoshi · ‎12-01-2024

It seems like the intermittent contact lost events for your Aruba controllers and APs in FortiNAC could be related to the network configuration or communication settings. Here are some steps you can take to troubleshoot and potentially resolve the issue: 1. **Verify Network Configuration**: - Double-check the network configuration settings on the Aruba controllers and APs to ensure they are correctly configured and there are no issues with VLAN settings or network connectivity. 2. **Check ICMP Settings**: - Confirm that ICMP (ping) requests are allowed between FortiNAC and the Aruba controllers/APs. Ensure there are no firewall rules blocking ICMP traffic that could be causing intermittent communication issues. 3. **Review FortiNAC Polling Settings**: - Check the polling settings in FortiNAC to ensure they are correctly configured for the Aruba controllers and APs. Verify the polling frequency and timeout settings to see if adjustments are needed.

Let us know if this helps.
Salon Raj Joshi

FortiNAC-F 7.2.5, New core switch, Contact Lost issues

Nominate a Forum Post for Knowledge Article Creation