Fortinet black logo

Network Device Modeling

Home FortiNAC-F 7.2.0 Network Device Modeling
7.2.0
7.4.0
7.2.0

Step 5:  Review Uplinks

Step 5: Review Uplinks

When devices are discovered in Inventory, switch ports are given a specific connection status depending upon the connected device(s). An uplink connection status indicates the port should not be controlled by FortiNAC. A common example is a switch port connecting to another switch. These ports will not be manipulated in any way, nor will they display endpoint connection information.

There are different types of uplinks. Each uplink type is triggered by different criteria. For a complete list of uplink types and how they are detected, see section Port uplink types of the Administration Guide.

The System Defined Uplink Count is the threshold value FortiNAC uses to convert a port to a Threshold Uplink. Identify ports in the network where FortiNAC has determined that the number of MAC addresses on the port exceeds the System Defined Uplink Count (default value = 20). Review these ports and verify whether or not these are legitimate uplinks.

Navigate to Network > Inventory.

  1. Filter on the Connection Status “Threshold Uplinks” under the Ports tab. This can be done at the top level or container level.

  2. Click Update to apply filter.

  3. Review the resulting port list and note the ports where uplinks are not expected. Multi-select the unknown ports, right-click and select Modify Properties.

  4. Click Note.

  5. Enter “Threshold” and click OK.

Switches with a mix of servers and access ports: Mark server ports as user defined uplinks if ports are physically secure and there is no interest in visibility of those servers.

For instructions see section Port properties of the Administration Guide.

Related KB Articles

Cisco WLC Port Channel not classified as Learned Uplink

Previous
Next

Step 5: Review Uplinks

When devices are discovered in Inventory, switch ports are given a specific connection status depending upon the connected device(s). An uplink connection status indicates the port should not be controlled by FortiNAC. A common example is a switch port connecting to another switch. These ports will not be manipulated in any way, nor will they display endpoint connection information.

There are different types of uplinks. Each uplink type is triggered by different criteria. For a complete list of uplink types and how they are detected, see section Port uplink types of the Administration Guide.

The System Defined Uplink Count is the threshold value FortiNAC uses to convert a port to a Threshold Uplink. Identify ports in the network where FortiNAC has determined that the number of MAC addresses on the port exceeds the System Defined Uplink Count (default value = 20). Review these ports and verify whether or not these are legitimate uplinks.

Navigate to Network > Inventory.

  1. Filter on the Connection Status “Threshold Uplinks” under the Ports tab. This can be done at the top level or container level.

  2. Click Update to apply filter.

  3. Review the resulting port list and note the ports where uplinks are not expected. Multi-select the unknown ports, right-click and select Modify Properties.

  4. Click Note.

  5. Enter “Threshold” and click OK.

Switches with a mix of servers and access ports: Mark server ports as user defined uplinks if ports are physically secure and there is no interest in visibility of those servers.

For instructions see section Port properties of the Administration Guide.

Related KB Articles

Cisco WLC Port Channel not classified as Learned Uplink

Previous
Next