Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff

Created on ‎09-28-2018 03:31 AM Edited on ‎05-18-2022 12:14 PM By Anonymous

Article Id 196810

Technical Note: Troubleshooting CLI credential failure

Description
Clicking the Validate Credentials button in Model Configuration results in the following message:

SNMP connect succeeded.  However, the device failed to connect using CLI credentials.
The device either does not support a CLI or credentials are invalid.

 


Scope
Version: 8.x, 9.x.

Solution
1)  Verify the Protocol Type in the switch's Model Configuration is set appropriately (Telnet, SSH1 or SSH2).  For example, if the Type is set to Telnet, ensure Telnet is enabled on the switch.   

2)  Verify the CLI credentials in the Model Configuration match those set in the switch itself. Note the following:

  • The user account must have the appropriate permissions configured on the device.
  • If no enable password is configured in the switch for that user account (example: level 15 accounts), the Enable Password field in the Model Configuration must be left blank. 
  • Arista switches can be configured to require typing 'enable' to enter enable mode, but no password is needed. For such configurations, populate the Enable Password field with the # character (requires version 8.7.2 or higher).  For more details, see the related KB article below. 
3)  If able to access the appliance CLI, attempt to access the switch using the same credentials and Protocol Type set in Model Configuration.  If not possible, use another device in the same subnet as the Control Server.  Type
 
ssh <userid>@<device IP address>
telnet <device IP address>


If connection attempt results in a "connection refused" message, the port may be getting blocked somewhere on the network or the function is disabled in the switch.

 
If the connection attempt succeeds and the switch is modelled using SNMP v3, the switch may not be responding to SNMP queries for the sysDescription OID (1.3.6.1.2.1.1.1.0).  For more details, see the related KB article below.
 
Debug
If behavior persists, further debugging may be required.  Contact Support for assistance.
 
Open a support ticket and provide the following information:
  • Problem description.
  • Screen capture of the device's Element tab in 
    • Version 8.x:  Network Devices > Topology
    • Version 9.x:  Network > Inventory
  • Screen capture of FortiNAC Engine Version
    • Version 8.x:  Help > About
    • Version 9.x:  Drill down on username in the upper right-hand corner.

Related Articles

Technical Note: CLI credential failure for Arista switches

Technical Note: CLI access fails due to SNMP v3 permissions

Technical Tip: Issues using '#' character in CLI banner

Technical Note: Configure SSH keys

Technical Note: CLI failures to Avaya switches with no login banner

Labels:
6078
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.