Technical Tip: Meru Wireless Hosts Not Matching Location Based Policies
Description
This article discusses an issue where Hosts are not being assigned the correct VLAN when connecting to Meru wireless. VLAN assignment is done using location-based policies.
Scope
FortiNAC, Network Sentry v8.0.3 and below.
Solution
For wireless connections using these types of policies, Network Sentry attempts to match based on SSID. It is required that SSIDs have unique names for proper policy matching. Fortigate/Meru devices have the option to assign SSIDs to unique ESSID profiles. This is done when utilizing features such as Meru Load Balancing. In this scenario, multiple ESS Profiles with the same SSID name are used, and therefore, can cause inconsistent results with location-based policies.
Solution: Version 8.0.4 of Network Sentry added the ability to use ESS Profile Names instead of SSIDs with FortiGate/Meru, providing the additional granularity needed for location-based policy resolution in such environments. If using the ESSID is desired, an attribute needs to be configured. Contact Support for assistance and reference Technote 'Convert Existing SSIDs to ESS Profile Values for Fortigate/Meru Devices'" or Solution 2059.