Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Cisco Meraki MR Access Points Integration

    Home FortiNAC-F 7.6.0 Cisco Meraki MR Access Points Integration
    7.6.0
    7.6.0
    7.4.0
    7.2.0

    Debugging

    Debugging

    (FNC-CA) FortiNAC Commands

    Use the following KB article to gather the appropriate logs using the debugs below.

    Gather logs for debugging and troubleshooting

    Note: Debugs disable automatically upon restart of FortiNAC control and management processes.

    Function

    Syntax

    Log File

    FortiNAC

    Server

    (Proxy

    RADIUS)

    nacdebug –name RadiusManager true

    /bsc/logs/output.master

    FortiNAC Server

    (Local RADIUS)*

    nacdebug –name RadiusAccess true

    /bsc/logs/output.master

    RADIUS Service

    (Local RADIUS)

    radiusd -X -l /var/log/radius/radius.log

    Stop logging: Ctrl-C

    /var/log/radius/radius.log

    L2 related activity

    nacdebug –name BridgeManager true

    /bsc/logs/output.master

    Vendor specific debugging

    nacdebug –name Meraki true

    /bsc/logs/output.master

    Disable debug

    nacdebug –name <debug name> false

    N/A

    *Logging for a given MAC Address:
    nacdebug -logger 'yams.RadiusAccess.RadiusAccessEngine.00:11:22:33:44:55' -level FINEST

    Disable:

    nacdebug -logger 'yams.RadiusAccess.RadiusAccessEngine.00:11:22:33:44:55'

    Other Tools

    Send a RADIUS Disconnect:

    SendCoA -ip <devip> -mac <clientmac> -dis

    Example:

    SendCoA -ip 10.1.0.25 -mac 00:1B:77:11:CE:2F -dis

    (FNC-CAX) Commands

    Use the following KB article to gather the appropriate logs using the debugs below.

    Gather logs for debugging and troubleshooting

    Note: Debugs disable automatically upon restart of FortiNAC control and management processes.

    Function

    Syntax

    Log File

    FortiNAC

    Server

    (Proxy

    RADIUS)

    diagnose debug plugin enable RadiusManager

    /bsc/logs/output.master

    FortiNAC Server

    (Local RADIUS)*

    diagnose debug plugin enable Radius Access

    /bsc/logs/output.master

    L2 related activity

    diagnose debug plugin enable BridgeManager

    /bsc/logs/output.master

    Vendor specific debug

    diagnose debug plugin enable Meraki

    /bsc/logs/output.master

    Disable debug

    diagnose debug plugin disable <plugin name>

    N/A

    Note: If not using VLANs, will always return policy value “NativePolicy” in RADIUS response. Otherwise, a VLAN value is returned.

    *Enables logging for a given MAC Address:
    diagnose debug logger set finest 'yams.RadiusAccess.RadiusAccessEngine.00:11:22:33:44:55'

    To disable:
    diagnose debug logger unset 'yams.RadiusAccess.RadiusAccessEngine.00:11:22:33:44:55'

    Other Tools

    Send a RADIUS Disconnect:

    execute enter-shell

    SendCoA -ip <devip> -mac <clientmac> -dis

    Example:

    SendCoA -ip 10.1.0.25 -mac 00:1B:77:11:CE:2F -dis

    Previous
    Next

    Debugging

    Debugging

    (FNC-CA) FortiNAC Commands

    Use the following KB article to gather the appropriate logs using the debugs below.

    Gather logs for debugging and troubleshooting

    Note: Debugs disable automatically upon restart of FortiNAC control and management processes.

    Function

    Syntax

    Log File

    FortiNAC

    Server

    (Proxy

    RADIUS)

    nacdebug –name RadiusManager true

    /bsc/logs/output.master

    FortiNAC Server

    (Local RADIUS)*

    nacdebug –name RadiusAccess true

    /bsc/logs/output.master

    RADIUS Service

    (Local RADIUS)

    radiusd -X -l /var/log/radius/radius.log

    Stop logging: Ctrl-C

    /var/log/radius/radius.log

    L2 related activity

    nacdebug –name BridgeManager true

    /bsc/logs/output.master

    Vendor specific debugging

    nacdebug –name Meraki true

    /bsc/logs/output.master

    Disable debug

    nacdebug –name <debug name> false

    N/A

    *Logging for a given MAC Address:
    nacdebug -logger 'yams.RadiusAccess.RadiusAccessEngine.00:11:22:33:44:55' -level FINEST

    Disable:

    nacdebug -logger 'yams.RadiusAccess.RadiusAccessEngine.00:11:22:33:44:55'

    Other Tools

    Send a RADIUS Disconnect:

    SendCoA -ip <devip> -mac <clientmac> -dis

    Example:

    SendCoA -ip 10.1.0.25 -mac 00:1B:77:11:CE:2F -dis

    (FNC-CAX) Commands

    Use the following KB article to gather the appropriate logs using the debugs below.

    Gather logs for debugging and troubleshooting

    Note: Debugs disable automatically upon restart of FortiNAC control and management processes.

    Function

    Syntax

    Log File

    FortiNAC

    Server

    (Proxy

    RADIUS)

    diagnose debug plugin enable RadiusManager

    /bsc/logs/output.master

    FortiNAC Server

    (Local RADIUS)*

    diagnose debug plugin enable Radius Access

    /bsc/logs/output.master

    L2 related activity

    diagnose debug plugin enable BridgeManager

    /bsc/logs/output.master

    Vendor specific debug

    diagnose debug plugin enable Meraki

    /bsc/logs/output.master

    Disable debug

    diagnose debug plugin disable <plugin name>

    N/A

    Note: If not using VLANs, will always return policy value “NativePolicy” in RADIUS response. Otherwise, a VLAN value is returned.

    *Enables logging for a given MAC Address:
    diagnose debug logger set finest 'yams.RadiusAccess.RadiusAccessEngine.00:11:22:33:44:55'

    To disable:
    diagnose debug logger unset 'yams.RadiusAccess.RadiusAccessEngine.00:11:22:33:44:55'

    Other Tools

    Send a RADIUS Disconnect:

    execute enter-shell

    SendCoA -ip <devip> -mac <clientmac> -dis

    Example:

    SendCoA -ip 10.1.0.25 -mac 00:1B:77:11:CE:2F -dis

    Previous
    Next