Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎06-04-2020 06:11 AM Edited on ‎04-12-2024 09:11 AM By Moderator

Article Id 198687

Troubleshooting Tip: API errors in Mist integrations

Description

 

This article describes the troubleshooting measures to take when API errors are seen in Mist integrations.


Scope


FortiNAC 8.8 and above.

Solution

 

When API failures occur, any of the following functions may not be working properly:
  • L2/L3 Polling.
  • Resync Interfaces.
  • VLAN reads.
 
Logs report API request failures and/or empty sets.

The above can occur if the appliance is unable to connect to the Mist cloud controller's API.
 
  1. Verify that the CLI credentials under Network Devices - >Topology - > Model Configuration match those set in the device itself.
    User Name = <SiteID>
    Password = <APIkey>

    Note: The Validate Credentials button does not work at this time for Mist integrations.  This will be addressed in a future release.

    For details regarding where to locate the site ID, refer to the Mist Wireless Device Integration reference manual in the Fortinet Document Library.

  2. Attempt to access Mist's API manually from outside of the appliance using the same credentials set in Model Configuration. 
 
curl --location --request GET "https://api.mist.com/api/v1/orgs/SITE-ID/inventory" --header "authorization: Token API_Token" --header "content-type: application/json"

 

As shown in the example below, the API Token does not have permission to list the Site Inventory. In cases like this, first fix the API Token permission issue.

 

mist_api.png

 
Debugging:
 
If additional troubleshooting is required, enable debugging and log the session attempt.  Contact Support if assistance is needed.
 
  1. In the Control Server CLI, run the following command:

nacdebug -name MistAP true

 

  1. Send debug output to a separate text file.

    Option 1: Enable session logging in terminal emulation application (such as PuTTY) and enter the following command:

cd /bsc/logs
tail -F output.master

 

 

Option 2: Send output to a file in the /bsc/logs directory. Enter the following command:
 
cd /bsc/logs
tail -F output.master | tee CLIDebug.out
 
  1. Reproduce the failure in the Administration UI.

  2. Once the failure has been reported, press Ctrl+C to stop the tail process.

  3. Disable debugging:

nacdebug -name MistAP false
  1. Open a support ticket and provide the following information:
  • The log file (if CLIDebug.out was created, the file can be downloaded to a computer using SCP).
  • A screen capture of the device's Element tab:
    • 8.x: Network Devices -> Topology.
    • 9.x: Network -> Inventory.
  • A screen capture of the software version:
    • 8.x:  Help -> About.
    • 9.x: Select the user icon in the upper-right corner.
Labels:
403
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.