Help
FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
khoffman
Staff
Staff

Created on ‎03-31-2024 11:07 PM Edited on ‎04-18-2024 09:12 AM

Article Id 307389

Troubleshooting Tip: Unable to complete L2 polling due to a locked device model

Description This article describes how to resolve device model issues that have a:'locked' state. 

symptoms include: Unable to complete L2 Polling. The device model will appear as normal in the inventory view and can validate credentials but failed to complete L2 polling without any errors seen in the event logs. 
Scope FortiNAC-F 7.x.
Solution
  1. Login to the FortiNAC-F CLI using an admin account .
  2. Enter the shell, type: 


execute enter-shell

 

  1. Use the device command to view the device model within the database, type: 

    device -ip <IP-Address-of-Switch> 

 

Example:

 

device -ip 10.12.240.51

 

  1. Review the output and check the 'state'. The output will look similar to the following: 


************************* MS120-RDC1-1 *************************
Landscape = 52229547607 00:0C:29:1F:A6:57
Pollable = true, Poll interval = 10 Minutes
Type = merakiSwitch
Group = 1.3.6.1.4.1.29671
MAC = null
Protocol = SnmpV1
Description = Meraki MS120-8LP Cloud Managed PoE Switch
IP = 10.12.240.51
State = Locked
Status = Established
DBID = 9137
Attribute Count = 31
Name = CLI_CREDENTIALS value = CLICredentials
User Name:[XXX-XXX-XXX]
Password:[***]
Enable Password:[***]
SessionType:[SSH2]
Name = SnmpVersion value = 1 length = 1
Name = FirmwareVersion value = merakiMS length = 8
Name = ImageType value = merakiSwitch length = 12
Name = L2_ENABLED value = true length = 4
Name = L2_POLL_DURATION value = 3600 length = 4
Name = L2_MIN_POLL_DURATION value = 300 length = 3
Name = 1.3.6.1.2.1.1.3.0 value = 40 days, 10:54:44.10 length = 20
Name = NetworkId value = L_627126248111344933 length = 20
Name = L2_LAST_POLL value = Fri Mar 29 11:06:53 EDT 2024 length = 28
Name = L2_LAST_SUCCESSFUL_POLL value = null
Name = userDefinedOID value = false length = 5
Name = RadiusAttributeGroupId value = 8 length = 1
Name = AuthenticationRadiusAttributeGroupId value = null
Name = Dot1xAutoRegister value = false length = 5
Name = DumbAction value = 0 length = 1
Name = RadiusSecret *****
Name = VlanFormat value = manual length = 6
Name = UnRegAction value = 0 length = 1
Name = VoiceVlanID value = null
Name = AuthVlanID value = null
Name = RadiusEnabled value = true length = 4
Name = RadiusMode value = Local length = 5
Name = QuarantineAction value = 0 length = 1
Name = AuthAction value = 2 length = 1
Name = ForwardTableStatic value = false length = 5
Name = UnRegVlanID value = 1234 length = 4
Name = DefaultVlanID value = 123 length = 3
Name = QuarantineVlanID value = null
Name = DumbVlanID value = null
Name = SNMPV3_USER_CONTEXT value = *********************************************************************

 

  1. Correct the device model locked type: 


RunClient SetDeviceAttrs.class -ip <device-IP> -set -state 1


Example: 

 

RunClient SetDeviceAttrs.class -ip 10.12.240.51- set -state 1

 

  1. Validate that the device is now showing as 'Active' using the device command. Example output below: 

 

device -ip 10.12.240.51

************************* MS120-RDC1-1 *************************
Landscape = 52229547607 00:0C:29:1F:A6:57
Pollable = true, Poll interval = 10 Minutes
Type = merakiSwitch
Group = 1.3.6.1.4.1.29671
MAC = null
Protocol = SnmpV1
Description = Meraki MS120-8LP Cloud Managed PoE Switch
IP = 10.12.240.51
State = Active
Status = Established
DBID = 9137
Attribute Count = 31
Name = CLI_CREDENTIALS value = CLICredentials
User Name:[XXX-XXXX-XXXX]
Password:[***]
Enable Password:[***]
SessionType:[SSH2]
Name = SnmpVersion value = 1 length = 1
Name = FirmwareVersion value = merakiMS length = 8
Name = ImageType value = merakiSwitch length = 12
Name = L2_ENABLED value = true length = 4
Name = L2_POLL_DURATION value = 3600 length = 4
Name = L2_MIN_POLL_DURATION value = 300 length = 3
Name = 1.3.6.1.2.1.1.3.0 value = 40 days, 10:54:44.10 length = 20
Name = NetworkId value = L_627126248111344933 length = 20
Name = L2_LAST_POLL value = Fri Mar 29 11:06:53 EDT 2024 length = 28
Name = L2_LAST_SUCCESSFUL_POLL value = Fri Jul 21 11:41:53 EDT 2023 length = 28
Name = userDefinedOID value = false length = 5
Name = RadiusAttributeGroupId value = 8 length = 1
Name = AuthenticationRadiusAttributeGroupId value = null
Name = Dot1xAutoRegister value = false length = 5
Name = DumbAction value = 0 length = 1
Name = RadiusSecret *****
Name = VlanFormat value = manual length = 6
Name = UnRegAction value = 0 length = 1
Name = VoiceVlanID value = null
Name = AuthVlanID value = null
Name = RadiusEnabled value = true length = 4
Name = RadiusMode value = Local length = 5
Name = QuarantineAction value = 0 length = 1
Name = AuthAction value = 2 length = 1
Name = ForwardTableStatic value = false length = 5
Name = UnRegVlanID value = 1234 length = 4
Name = DefaultVlanID value = 123 length = 3
Name = QuarantineVlanID value = null
Name = DumbVlanID value = null
Name = SNMPV3_USER_CONTEXT value = *********************************************************************

 

  1. From the FortiNAC GUI, 'Right-click' on the device in the inventory view and Resync Interfaces
  2. Right-click on the device in the inventory view and select poll for L2 (Hosts) info'.

 

85
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.