Technical Tip: Troubleshooting location based Network Access policies
Description
This article describes the following symptoms:
- The registered host not getting an IP address from the correct production network.
- The host does not match the correct network access policy. This can be validated in Hosts > Host View. (Right click on host record and select Policy Details. Host must be online for accurate results).
- The host is assigned the default VLAN (this occurs when host does not match any network access policy).
One of the most common reasons why hosts do not match a location based network access policy is
because the switch/port/SSID/AP has not been added to the location group in the user host profile.
Scope
FortiNAC.
Solution
Add the switch/port/SSID/AP to the location group:
- Navigate to Policy > Policy Configuration.
- Select Network Access.
- Select the Network Access Policy and click Modify.
- Select the Modify icon for the User/Host profile (pencil and paper).
- Next to the Where (Location): field, click the Select... button.
- If the appropriate location group is already under Selected Groups, click on the group and click Modify Group and add the switch/port/SSID/AP.
- Select OK to save changes.
Review Policy Details in Host View to validate the host matches the policy.
Related article: