Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎10-24-2019 06:32 AM Edited on ‎11-25-2021 01:57 AM By Community Manager

Article Id 195599

Technical Tip: Network device role issues upgrading to 8.6

Description

Upgrading to 8.6 disables previously existing "Network Device Roles" that assign an access value and/or CLI to devices in Topology based on role.  This is due to the database not handling the device role entries properly upon upgrade. 
 
Symptoms include:
  • Network Device Roles are missing
  • New network device role policies are unable to be created 
  • Devices provisioned network access based upon one of these Network Access Policies are moved to the default VLAN
 


Scope
Version:  8.5 and lower

Solution

Workaround:  Contact Support for assistance in clearing the behavior.
 
Solution:  Addressed in version 8.6.2
 
Upon upgrade, the existing network device roles are given an invalid ID of -1. 

Workaround:
In Control Server CLI, change the value of the existing rows with ID of -1 to be valid:
mysql bsc -e "update RoleMapping set RoleMapping.LOGICAL_NETWORK_ID = NULL where LOGICAL_NETWORK_ID < '0'"
 
This restores the roles and network device role policies. Upon the next L2 poll, affected hosts should be placed into the correct VLAN.
Labels:
277
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.