FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff
Article Id 190868
Description
Even though the VLAN fails to change on a Cisco switch, a port change event is generated and updates Topology port view with the new VLAN ID.  

VLANs on Cisco switches are changed via CLI.  If the switch is using TAC ACS for authentication, and certain commands are denied permission, it is possible for Port Changes to generate. 

For example, SSH login completes but "command authorization failure" is returned when certain commands are executed.  The CLI still returned values that allows the system to continue the VLAN switching process and not error out.  If the SSH session had been cut short, CLI login was unsuccessful, or if the CLI had returned characters different from what was expected, an event indicating VLAN switch failure would have been generated.

Solution
Ensure TAC ACS allows all commands to be executed once successful login has completed.



Contributors