Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎01-24-2020 10:40 AM

Article Id 198033

Technical Note: Unable to access the production network after registration

Description
Endpoint is successfully registered through the Captive Portal and the browser message indicates their network configuration is being changed. 

or

Endpoint is successfully registered via some other method (e.g. Persistent Agent or manually). 

However, after several minutes, they are still unable to access the production network.  Symptoms may include the IP address not changing from the registration IP to the appropriate production IP when it is supposed to.


Solution
In the Administration UI, verify the value assigned:
Wired:  Navigate to Network Devices > Topology. Review the Current VLAN value under the Ports tab for the affected switch port.
Wireless:  Navigate to Hosts > Adapter View and review the Access Value for the affected MAC address


Current VLAN/Access Value is correct:  Review the switch/controller/Access Point configuration. 
Switch/controller/Access Point configuration is correct:  The system changed the VLAN/role correctly and the issue is network related.
Switch/controller/Access Point configuration is incorrect:  The configuration changed failed.  This could be due to a communication failure between the system and the switch/controller/Access Point.
  • Validate credentials in Model Configuration.  If failing SNMP or CLI credentials, refer to related KB article below.
  • Wired: To further troubleshoot VLAN on switch not changing, see related KB article below.
  • Wireless: For details on troubleshooting wireless clients not connecting, see related KB article below.



Current VLAN/Access Value is the isolation VLAN:  Troubleshoot why the VLAN/role is not changing to the production network.
Wired:  For steps to troubleshooting VLAN switching on wired devices, see related KB article below. 

Wireless:  Have the client disconnect from the wireless and reconnect.. 
Client is able to access the proper network upon reconnect: The client is not getting disconnected automatically when host registers.  Verify the system and the wireless controller/Access Point are configured correctly.  Refer to the appropriate integration guide in the Fortinet Document Library for details.

Client is unable to access the proper network upon reconnect: 
  • Verify the Host record matches the correct Network Access Policy.  For troubleshooting policies, see related KB article below.
  • If matching the correct policy, a tcpdump or further troubleshooting using debugging may be required to confirm the RADIUS exchange between the system, the controller/Access Point and RADIUS server (if 802.1x).  For details on troubleshooting wireless clients not connecting, see related KB article below.


Related Articles

Technical Note: Not switching VLANs on wired switch to production network

Technical Note: Port changes in Port View but VLAN does not change in switch

Technical Note: Unable to switch VLANs on Aruba wireless ArubaOS 6.5

Technical Note: Host Not Automatically Switching VLANs on Ruckus SmartDirector

Troubleshooting Tip: RADIUS wired and wireless clients not connecting

Technical Tip: Troubleshooting policies

Technical Note: Troubleshooting CLI credential failure

Technical Note: Troubleshooting SNMP communication issues

Labels:
696
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.