Based on the information shown in the exhibit which two scenarios are likely to cause this issue?

Refer to the exhibit.

Examine the FortiManager configuration and FortiGate CLI output shown in the exhibit

An administrator is testing the NAC feature The test device is connected to a managed FortiSwitch device {S224EPTF19"537)onpOrt2

After applying the NAC policy on port2 and generating traffic on the test device the test device is not matching the NAC policy therefore the test device remains m the onboarding VLAN

Based on the information shown in the exhibit which two scenarios are likely to cause this issue? (Choose two.)
A . Management communication between FortiGate and FortiSwitch is down
B . The MAC address configured on the NAC policy is incorrect
C . The device operating system detected by FortiGate is not Linux
D . Device detection is not enabled on VLAN 4089

Answer: B, D

Explanation:

From the exhibit, which shows the FortiManager configuration and FortiGate CLI output related to a Network Access Control (NAC) test, the two scenarios that are likely causing the issue where the test device is not matching the NAC policy and remains in the onboarding VLAN could be:

If the MAC address in the NAC policy does not match the MAC address of the test device, the policy would not be applied correctly, and the device would not be moved to the appropriate VLAN as intended.

For the NAC policy to apply correctly, device detection needs to be enabled on the VLAN to which the device is connected. If it’s not enabled on VLAN 4089, where the device is currently located, the NAC policy won’t be able to identify the device and apply the correct policy.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments