This article describes troubleshooting steps to use when FortiNAC is either receiving delayed Syslog messaging (or none at all) when hosts are connecting to a FortiSwitch in Link mode.
|Scope||FortiNAC version: 6.x, 7.x, 8.x, 9.x,|
1) Confirm UDP 514 is not being blocked in the network.
2) Review FortiGate and FortiSwitch configurations to verify Syslog messages are configured properly.
FortiGate updates the MAC cache table with this information.
The mac-cache table on the firewall refresh its entries every x seconds, where x= data-sync-interval value.
Enter the following commands in the FortiGate CLI to view this interval value (default value is 60):
4) In FortiNAC CLI, start tcpdump to verify receipt of the syslog messaging. Type:
5) In the FortiGate GUI, confirm whether or not events are generating. Navigate to Log & Report -> Events.
6) Connect the host to the FortiSwitch.
7) Wait the number of seconds as defined by the data-sync-interval.
8 ) In FortiGate CLI, view the cache to verify if the MAC entry was added appropriately. Type:
# diag switch-controller mac-cache show
9) Confirm whether or not the FortiGate logs show 'MAC add' events for the host.
10) In the appliance CLI, verify if tcpdump shows the syslog message received.
11) Disconnect the host from the FortiSwitch.
13) View the cache to verify if the MAC entry was removed appropriately:
14) Confirm whether or not the FortiGate logs show 'MAC delete' events for the host.
15) In the appliance CLI, verify if tcpdump shows the syslog message received.
- Description of the issue.
- Troubleshooting steps taken.
- FortiOS version.
- FortiGate configuration.
If syslog is being sent by the FortiGate, confirm FortiNAC is receiving the messaging.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.