Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
khoffman
Staff
Staff

Created on ‎05-01-2024 10:36 PM Edited on ‎05-03-2024 05:34 AM By Moderator

Article Id 312577

Troubleshooting Tip: Debugs to enable for troubleshooting network device integrations

Description This article describes how to enable and disable debug attributes for a single network device. 
Enabling this debug attribute on a network device can provide verbose output for SSH, SNMP, and API queries made by FortiNAC to a network device as well as the response from the network device. This debug is helpful when troubleshooting L2 Polling, L3 Polling, Reading VLAN's, and VLAN switching issues. 
When enabled, additional debug output is printed to /bsc/logs/output.master log file. 
Scope FortiNAC-F v7.2 and 7.4.
Solution

CLI method: 

  1. Login to the FortiNAC-F CLI.
  2. Enter shell. Type: 

 

execute enter-shell 

 

  1. Enable the debug attribute for a single network device using the following syntax: 


device -ip <ip-address-of-device> -setAttr -name DEBUG -value "TelnetServer ForwardingInterface"


Example: 


execute enter-shell
~$ device -ip 10.12.243.3 -setAttr -name DEBUG -value "TelnetServer ForwardingInterface"
************************* switchName *************************
Landscape = 52235316203 00:0C:29:77:AB:EB
Pollable = true, Poll interval = 10 Minutes
Type = ciscoSGSwitch
Group = 1.3.6.1.4.1.9
MAC = null
Protocol = SnmpV1
Description = 8-Port 10/100 PoE Managed Switch
IP = 10.12.243.3
Role = NAC-Default
State = Active
Status = Established
DBID = 160
Attribute Count = 17
Name = CLI_CREDENTIALS value = CLICredentials
User Name:[fortinet]
Password:[***]
Enable Password:[***]
SessionType:[SSH2]
Name = FirmwareVersion value = CiscoSGSwitch length = 13
Name = sgType value = null
Name = ImageType value = ciscoSGSwitch length = 13
Name = SnmpVersion value = 1 length = 1
Name = userDefinedOID value = false length = 5
Name = L2_ENABLED value = true length = 4
Name = L2_POLL_DURATION value = 3600 length = 4
Name = L2_MIN_POLL_DURATION value = 300 length = 3
Name = 1.3.6.1.2.1.1.3.0 value = 38 days, 14:50:06.00 length = 20
Name = L2_LAST_POLL value = Wed May 01 15:42:53 EDT 2024 length = 28
Name = L2_LAST_SUCCESSFUL_POLL value = Wed May 01 15:42:53 EDT 2024 length = 28
Name = VlanSwitchingEnable value = true length = 4
Name = PhysicalAddressFilteringEnabled value = false length = 5
Name = EnablePASwitchingOptimization value = false length = 5
Name = UsesSNMP value = false length = 5
Name = DEBUG value = TelnetServer ForwardingInterface length = 32
Community Strings: *****
*****************************************************************

 

  1. Disable the debug attribute using the following syntax:

device -ip <ip-address-of-device> -delAttr -name DEBUG


Example: 


device -ip 10.12.243.3 -delAttr -name DEBUG
************************* switchName *************************
Landscape = 52235316203 00:0C:29:77:AB:EB
Pollable = true, Poll interval = 10 Minutes
Type = ciscoSGSwitch
Group = 1.3.6.1.4.1.9
MAC = null
Protocol = SnmpV1
Description = 8-Port 10/100 PoE Managed Switch
IP = 10.12.243.3
Role = NAC-Default
State = Active
Status = Established
DBID = 160
Attribute Count = 16
Name = CLI_CREDENTIALS value = CLICredentials
User Name:[fortinet]
Password:[***]
Enable Password:[***]
SessionType:[SSH2]
Name = FirmwareVersion value = CiscoSGSwitch length = 13
Name = sgType value = null
Name = ImageType value = ciscoSGSwitch length = 13
Name = SnmpVersion value = 1 length = 1
Name = userDefinedOID value = false length = 5
Name = L2_ENABLED value = true length = 4
Name = L2_POLL_DURATION value = 3600 length = 4
Name = L2_MIN_POLL_DURATION value = 300 length = 3
Name = 1.3.6.1.2.1.1.3.0 value = 38 days, 14:50:06.00 length = 20
Name = L2_LAST_POLL value = Wed May 01 15:42:53 EDT 2024 length = 28
Name = L2_LAST_SUCCESSFUL_POLL value = Wed May 01 15:42:53 EDT 2024 length = 28
Name = VlanSwitchingEnable value = true length = 4
Name = PhysicalAddressFilteringEnabled value = false length = 5
Name = EnablePASwitchingOptimization value = false length = 5
Name = UsesSNMP value = false length = 5
Community Strings: *****
*****************************************************************

 

GUI Method (FortiNAC-F version 7.4.0 and later):

  1. In the FortiNAC admin UI, navigate to Network -> Inventory
  2. Select the network device from the container tree.
  3. In the elements tab, select the check box for 'Enable Device Debug'.
  4. Select 'save'.

 

devicedebug.PNG
  1. When troubleshooting is complete, In the elements tab, deselect the check box for 'Enable Device Debug'.
  2. Select 'save'.


Related article: 
Technical Tip: How to get a debug log report from FortiNAC
82
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.