Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiSASE Sovereign
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Re: FortiNAC Integrate with cisco WLC
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiNAC Integrate with cisco WLC
Dear all,
We configured the SNMPv3 in Cisco WLC and it's connected with FortiNAC successfully. Also configured user account with highest privilege for CLI settings. We avoided special characters in the password as well. While validating the credentials getting below error message, anyone experienced this issues.
SNMP connect succeeded.However device failed to connect using CLI credentials.Device either does not support a CLI or credentials are invalid.
Any suggestions,
Labels:
- Labels:
-
FortiNAC
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Siva
What is the WLC model?
Try it with the default WLC's admin user, just to check the behavior.
Also try connect from FNAC's CLI to the WLC and see if it works fine.
Also, did you change the default CLI prompt of your WLC? E.g. replaced the default "$", or ">" or any other by a custom sign/string?
AEK
AEK
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear AEK,
What is the WLC model? / Cisco Catalyst 9800-40 Wireless Controller
Try it with the default WLC's admin user, just to check the behavior./ Tried no luck
Also try connect from FNAC's CLI to the WLC and see if it works fine. / From FNAC CLI is working
Also, did you change the default CLI prompt of your WLC? E.g. replaced the default "$", or ">" or any other by a custom sign/string? / No, we are using the default one.
While we checking the logs, FNAC can able to connect but getting error while executing the command for Mac table. Find the below log message for your ref.
yams INFO :: 2025-11-13 13:33:20:528 :: #1017 :: SSH2: Authentication to 10.x.x.x succeeded
10.x.x.x
yams INFO :: 2025-11-13 13:33:32:741 :: #1017 :: TelnetSession.waitfor() ip = 10.x.x.x num bytes = 159
yams.TelnetServer INFO :: 2025-11-13 13:33:32:741 :: #1017 :: Warning: failed to execute CLI commands for IT-9800-WLC01 at 10.x.x.x.
Any suggestions / inputs ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Siva
From the same logs try find which command it is running, then run the same on your WLC to double check if the command is correct or wrong.
AEK
AEK
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Other things to check..
The WLC firmware version must be supported. For the supported versions you can check on the FNAC doc for integrating this WLC.
Also make sure you didn't forget the enable password on FNAC credentials for your WLC, in case it is configured on WLC.
AEK
AEK
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Tek,
We couldn't find the commands which is trying to execute, Find the below detailed logs. here 10.x.x.x is WLC
org.apache.sshd.common.io.nio2.Nio2ServiceFactory FINE :: 2025-11-13 13:57:59:335 :: #3600 :: close(org.apache.sshd.common.io.nio2.Nio2ServiceFactory@c4c172c)[Immediately] closed
org.apache.sshd.common.util.closeable.SequentialCloseable FINEST :: 2025-11-13 13:57:59:335 :: #3600 :: doClose(org.apache.sshd.common.util.closeable.SequentialCloseable$1@62cff9d9) closing [DefaultCloseFuture[id=SshClient[6c432324]][value=null]] immediately=true
org.apache.sshd.common.util.closeable.SequentialCloseable FINE :: 2025-11-13 13:57:59:335 :: #3600 :: doClose(org.apache.sshd.common.util.closeable.SequentialCloseable$1@62cff9d9) signal close complete immediately=true
org.apache.sshd.client.SshClient FINE :: 2025-11-13 13:57:59:335 :: #3600 :: close(SshClient[6c432324])[Immediately] closed
yams INFO :: 2025-11-13 13:57:59:817 :: #1017 :: TelnetSession.waitfor() ip = 10.x.x.x. num bytes = 159
yams.TelnetServer INFO :: 2025-11-13 13:57:59:817 :: #1017 :: Warning: failed to execute CLI commands for MDF1-IT-9800-WLC01 at 10.x.x.x.
yams INFO :: 2025-11-13 13:57:59:818 :: #148788 :: 10.x.x.x. Connection Closed
org.apache.sshd.client.channel.ChannelShell FINE :: 2025-11-13 13:57:59:817 :: #1017 :: close(ChannelShell[id=0, recipient=3]-ClientSessionImpl[netadmin@/10.x.x.x.:22]) Closing gracefully
org.apache.sshd.client.channel.ChannelShell FINE :: 2025-11-13 13:57:59:818 :: #1017 :: close(ChannelShell[id=0, recipient=3]-ClientSessionImpl[netadmin@/10.x.x.x.:22]) no EOF sent
org.apache.sshd.client.channel.ChannelShell FINEST :: 2025-11-13 13:57:59:818 :: #1017 :: signalChannelClosed(ChannelShell[id=0, recipient=3]-ClientSessionImpl[netadmin@/10.x.x.x.:22])[signalChannelClosed]
org.apache.sshd.common.channel.LocalWindow FINE :: 2025-11-13 13:57:59:818 :: #1017 :: Closing LocalWindow[client](ChannelShell[id=0, recipient=3]-ClientSessionImpl[netadmin@/10.x.x.x.:22])
org.apache.sshd.common.channel.RemoteWindow FINE :: 2025-11-13 13:57:59:818 :: #1017 :: Closing RemoteWindow[client](ChannelShell[id=0, recipient=3]-ClientSessionImpl[netadmin@/10.x.x.x.:22])
org.apache.sshd.common.util.closeable.SequentialCloseable FINEST :: 2025-11-13 13:57:59:819 :: #1017 :: doClose(org.apache.sshd.common.util.closeable.SequentialCloseable$1@7178c760) closing SequentialCloseable[DefaultCloseFuture[id=Builder][value=null]] immediately=false
org.apache.sshd.common.util.closeable.SequentialCloseable FINEST :: 2025-11-13 13:57:59:819 :: #1017 :: doClose(org.apache.sshd.common.util.closeable.SequentialCloseable$1@26ca709) closing FuturesCloseable[DefaultCloseFuture[id=ChannelShell[id=0, recipient=-1]-ClientSessionImpl[netadmin@/10.x.x.x.:22]][value=null]] immediately=false
org.apache.sshd.common.util.closeable.FuturesCloseable FINEST :: 2025-11-13 13:57:59:819 :: #1017 :: doClose(false) future pending: 2
org.apache.sshd.common.util.closeable.FuturesCloseable FINEST :: 2025-11-13 13:57:59:819 :: #1017 :: doClose(false) complete pending: 1
org.apache.sshd.common.util.closeable.FuturesCloseable FINEST :: 2025-11-13 13:57:59:819 :: #1017 :: doClose(false) complete pending: 0
org.apache.sshd.common.util.closeable.SequentialCloseable FINEST :: 2025-11-13 13:57:59:819 :: #1017 :: doClose(org.apache.sshd.common.util.closeable.SequentialCloseable$1@26ca709) closing [DefaultCloseFuture[id=ChannelShell[id=0, recipient=3]-ClientSessionImpl[netadmin@/10.x.x.x.:22]][value=null]] immediately=false
org.apache.sshd.client.channel.ChannelShell FINEST :: 2025-11-13 13:57:59:820 :: #1017 :: close(ChannelOutputStream[ChannelShell[id=0, recipient=3]-ClientSessionImpl[netadmin@/10.x.x.x.:22]] SSH_MSG_CHANNEL_DATA) closing
org.apache.sshd.client.channel.ChannelShell FINE :: 2025-11-13 13:57:59:820 :: #1017 :: sendEof(ChannelShell[id=0, recipient=3]-ClientSessionImpl[netadmin@/10.x.x.x.:22]) SSH_MSG_CHANNEL_EOF (state=Graceful)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try using this command, and it should show what we are looking for.
exec enter-shell
device -ip 10.x.x.x -setAttr -name DEBUG -value "TelnetServer ForwardingInterface"
tail -f /bsc/campusMgr/master_loader/logs/output.master | grep ":: write = "
AEK
AEK
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear AEK,
Find the below CLI output,
fnacvm-01:~$ device -ip 10.x.x.x -setAttr -name DEBUG -value "TelnetSer ver ForwardingInterface"
************************* IT-9800-WLC01 *************************
Landscape = 345051318706 00:50:56:A9:49:B2
Pollable = true, Poll interval = 10 Minutes
Type = GenericSNMPSwitch
Group = 1.3.6.1.4.1.9
MAC = null
Protocol = SnmpV1
Description = Cisco IOS Software [Cupertino], C9800 Software (C9800_IOSXE-K9), V ersion 17.9.4a, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2023 by Cisco Systems, Inc.
Compiled Fri 20-Oct-23 10:31 by mcpre
IP = 10.x.x.x.
Role = NAC-Default
State = Active
Status = Established
DBID = 3313
Attribute Count = 54
Name = SNMPV3_USER_CONTEXT value = **** Name = CLI_CREDENTIALS value = C LICredentials
User Name:[netadmin]
Password:[***]
Enable Password:[***]
SessionType:[SSH2]
Name = userDefinedOID value = false length = 5
Name = FirmwareVersion value = Airespace.IOSXE length = 15
Name = AirespaceVersion value = 17.9 length = 4
Name = Weight value = 10 length = 2
Name = L3_ENABLED value = true
Name = L3_POLL_DURATION value = 600
Name = L3_POLL_PRIORITY value = 1
Name = L3_LAST_POLL value = Fri Nov 14 10:29:56 AST 2025 length = 28
Name = L3_LAST_SUCCESSFUL_POLL value = Fri Nov 14 10:29:56 AST 2025 leng th = 28
Name = RadiusServerConfigId value = 1 length = 1
Name = ClearMethod value = radius length = 6
Name = RadiusAttributeGroupId value = 1 length = 1
Name = GuestRadiusAttributeGroupId value = null
Name = DefaultRadiusAttributeGroupId value = null
Name = RegistrationRadiusAttributeGroupId value = null
Name = RemediationRadiusAttributeGroupId value = null
Name = AuthenticationRadiusAttributeGroupId value = null
Name = Dead EndRadiusAttributeGroupId value = null
Name = GuestAction value = 1 length = 1
Name = DumbAction value = 0 length = 1
Name = RadiusSecret *****
Name = UnRegAction value = 0 length = 1
Name = AuthVlanIDWireless value = length = 0
Name = DefaultVlanIDWireless value = 609 length = 3
Name = RadiusMode value = Local length = 5
Name = QuarantineAction value = 0 length = 1
Name = UnRegVlanIDWireless value = length = 0
Name = GuestVlanID value = length = 0
Name = AuthAction value = 1 length = 1
Name = DumbVlanID value = length = 0
Name = DefaultVlanID value = 609 length = 3
Name = Dot1xAutoRegister value = false length = 5
Name = QuarantineVlanIDWireless value = length = 0
Name = DefaultAction value = 2 length = 1
Name = VlanFormat value = id length = 2
Name = DumbVlanIDWireless value = length = 0
Name = QuarantineVlanID value = length = 0
Name = UnRegVlanID value = length = 0
Name = AuthVlanID value = length = 0
Name = ACLSwitchingEnable value = false length = 5
Name = RadiusEnabled value = true length = 4
Name = L2_ENABLED value = true length = 4
Name = L2_POLL_DURATION value = 3600 length = 4
Name = L2_LAST_POLL value = Tue Nov 11 14:35:47 AST 2025 length = 28
Name = VlanSwitchingEnable value = true length = 4
Name = PhysicalAddressFilteringEnabled value = false length = 5
Name = EnablePASwitchingOptimization value = false length = 5
Name = UsesSNMP value = false length = 5
Name = ImageType value = GenericSNMPSwitch length = 17
Name = SnmpVersion value = 1 length = 1
Name = MultiKnownHostEntries value = true length = 4
Name = DEBUG value = TelnetServer ForwardingInterface length = 32
*****************************************************************
fnacvm-01:~$ tail -f /bsc/campusMgr/master_loader/logs/output.master | grep ":: write = "
yams INFO :: 2025-11-14 10:32:12:506 :: #132917 :: write = ***************
yams INFO :: 2025-11-14 10:32:18:065 :: #3601 :: write = terminal length 0
yams INFO :: 2025-11-14 10:32:18:081 :: #3599 :: write = terminal length 0
yams INFO :: 2025-11-14 10:32:30:067 :: #132917 :: write = ***************
yams INFO :: 2025-11-14 10:32:47:631 :: #132917 :: write = ***************
yams INFO :: 2025-11-14 10:33:27:187 :: #3600 :: write = terminal length 0
yams INFO :: 2025-11-14 10:33:58:069 :: #3600 :: write = terminal length 0
yams INFO :: 2025-11-14 10:35:01:466 :: #3599 :: write = terminal length 0
yams INFO :: 2025-11-14 10:35:14:502 :: #973 :: write = ***************
yams INFO :: 2025-11-14 10:35:32:083 :: #973 :: write = ***************
yams INFO :: 2025-11-14 10:37:59:904 :: #99 :: write = enable
yams INFO :: 2025-11-14 10:37:59:921 :: #99 :: write = ***************
yams INFO :: 2025-11-14 10:37:59:947 :: #99 :: write = terminal length 0
yams INFO :: 2025-11-14 10:38:11:139 :: #3599 :: write = terminal length 0
^C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Siva
Here it should show every commend entered in the WLC shell.
I guess you replaced some commands by "****". Do you see any wrong command in the output?
The issue should be: either a wrong command has been entered (less probable), or an unexpected output has been returned by the WLC.
You can use with the same command (without grep) to try find if there is anything wrong with the input/output.
AEK
AEK
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
By the way did you follow this guide?
AEK
AEK
Labels
-
FortiGate
10,941 -
FortiClient
2,246 -
FortiManager
919 -
FortiAnalyzer
699 -
5.2
687 -
5.4
638 -
FortiSwitch
605 -
FortiClient EMS
600 -
FortiAP
576 -
IPsec
466 -
6.0
416 -
SSL-VPN
402 -
FortiMail
386 -
5.6
362 -
FortiNAC
314 -
FortiWeb
262 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SD-WAN
212 -
FortiAuthenticator
192 -
FortiGuard
163 -
5.0
152 -
Firewall policy
152 -
FortiGate-VM
149 -
6.4
128 -
FortiCloud Products
122 -
FortiSIEM
115 -
FortiToken
115 -
FortiGateCloud
113 -
Wireless Controller
97 -
High Availability
94 -
Customer Service
90 -
Routing
83 -
SAML
82 -
ZTNA
81 -
FortiProxy
80 -
BGP
75 -
VLAN
75 -
Authentication
74 -
Fortivoice
73 -
DNS
73 -
Certificate
73 -
FortiEDR
71 -
FortiADC
70 -
RADIUS
67 -
LDAP
65 -
SSO
60 -
FortiLink
60 -
FortiSandbox
57 -
NAT
57 -
FortiExtender
53 -
Interface
51 -
Application control
51 -
VDOM
50 -
4.0MR3
49 -
Virtual IP
47 -
Logging
44 -
FortiDNS
43 -
SSL SSH inspection
42 -
Web profile
39 -
FortiGate v5.4
38 -
FortiSwitch v6.4
38 -
FortiPAM
38 -
FortiConnect
36 -
Automation
35 -
FortiWAN
32 -
FortiConverter
31 -
API
30 -
FortiGate v5.2
28 -
Fortigate Cloud
27 -
Traffic shaping
27 -
SSID
26 -
Static route
26 -
SNMP
25 -
System settings
24 -
FortiSwitch v6.2
23 -
FortiPortal
23 -
OSPF
22 -
WAN optimization
22 -
FortiMonitor
21 -
Web application firewall profile
21 -
Web rating
20 -
Security profile
19 -
IP address management - IPAM
19 -
FortiSOAR
18 -
FortiAP profile
18 -
FortiGate v5.0
16 -
FortiDDoS
16 -
Explicit proxy
16 -
Admin
15 -
IPS signature
15 -
Proxy policy
15 -
Intrusion prevention
15 -
FortiManager v4.0
14 -
FortiCASB
14 -
NAC policy
14 -
Users
14 -
FortiManager v5.0
13 -
DNS filter
13 -
Traffic shaping policy
13 -
FortiDeceptor
12 -
Fabric connector
12 -
Port policy
12 -
FortiBridge
11 -
FortiRecorder
11 -
Trunk
11 -
Traffic shaping profile
11 -
Authentication rule and scheme
11 -
FortiAnalyzer v5.0
10 -
FortiWeb v5.0
10 -
Fortinet Engage Partner Program
10 -
FortiGate v4.0 MR3
9 -
RMA Information and Announcements
9 -
Antivirus profile
9 -
FortiCache
8 -
FortiToken Cloud
8 -
Application signature
8 -
Vulnerability Management
8 -
4.0
7 -
4.0MR2
7 -
Packet capture
7 -
VoIP profile
7 -
FortiScan
6 -
FortiNDR
6 -
DoS policy
6 -
FortiCarrier
5 -
FortiTester
5 -
DLP profile
5 -
DLP sensor
5 -
Email filter profile
5 -
Protocol option
5 -
TACACS
5 -
Service
5 -
Cloud Management Security
5 -
3.6
4 -
FortiDirector
4 -
Internet service database
4 -
DLP Dictionary
4 -
Netflow
4 -
Replacement messages
4 -
SDN connector
4 -
Multicast routing
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiAI
3 -
Kerberos
3 -
File filter
3 -
Multicast policy
3 -
FortiEdge Cloud
3 -
FortiInsight
2 -
Video Filter
2 -
Schedule
2 -
ICAP profile
2 -
Zone
2 -
Lacework
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
FortiSASE
1 -
Virtual wire pair
1 -
FortiEdge
1 -
FortiAIOps
1
Top Kudoed Authors
| User | Count |
|---|---|
| 2808 | |
| 1427 | |
| 812 | |
| 764 | |
| 455 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.