FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff
Article Id 192056

Description

Registration can fail with multiple adapters (for example an Agent registration) when one adapter is invalid.
 
Example:
A rogue host has two adapters.  One adapter has a MAC Address whose OUI is not listed in the vendor OUI list.  This could be due to one of the following:
  • Is not in the vendor OUI list under System -> Settings -> Identification- > Vendor OUIs.
  • Is a randomized MAC address (randomized MAC addresses are not in the vendor OUI table)
 
The host meets an endpoint compliance policy configured to scan using the dissolvable agent. Once the scan completes, host remains a rogue despite host information being populated. 
 

Two ‘Host Registration Success’ events are listed under events view for the host, but the host maintains the "Rogue" status and is not switched to the production network.

The following error is seen in output.master:

yams SEVERE :: 2020-05-14 06:26:15:383 :: java.lang.NullPointerException
yams SEVERE :: 2020-05-14 06:26:15:383 :: at com.bsc.plugin.dynamic.HostServer.updateEtherRelations(HostServer.java:3397)


Scope
Version: 8.6.4 and 8.7.2

Solution
Workaround: Disable valid MAC address check via the CLI.  Contact Support for assistance.

Solution: Addressed in versions 8.6.5 and 8.7.4.
 
Modify the property file as follows on both Primary and Secondary Servers:

1) Log into the CLI as root of the Control Server.
2) Using vi or another editor, modify /bsc/campusMgr/master_loader/.masterPropertyFile
3) Add the following lines.

FILE_NAME=./properties_plugin/devicemanager.properties
{
com.bsc.plugin.manager.DeviceManager.checkValidMAC=false
}

4) Save the changes to the file.
5) Restart processes.

shutdownCampusMgr
 

<wait 30 seconds>

 
startupCampusMgr

 

6) Create or modify current README file in /bsc/campusMgrUpdates to indicate these settings will need to be undone after upgrading to fixed version.
 
Example:
 
---------------------------------------------------------------------------
Ticket <FortiCare ticket number>  <Date> <support eng initials>
Mantis 0636170

Bypasses valid MAC address check as a workaround.  Fixed in 8.6.5 and 8.7.4.  

Added the following lines to /bsc/campusMgr/master_loader/.masterPropertyFile

FILE_NAME=./properties_plugin/devicemanager.properties
{
com.bsc.plugin.manager.DeviceManager.checkValidMAC=false
}


To re-enable MAC address check after upgrading to fixed version:
1. Delete the lines above from .masterPropertyFile
2. Restart processes
shutdownCampusMgr

<wait 30 seconds>

startupCampusMgr

-----------------------------------------------------------------------------

 

Contributors