Skip to main content
isgandar
isgandar
New Member
October 23, 2024
Question

Fortinac Rolbased vlan mapping issue

  • October 23, 2024
  • 2 replies
  • 2049 views

My Fortiswitches connect Fortigate with fortilink and I add my fortigate to FortiNAC when I plug new pc to fortswitch port it set to register vlan but when i login with active directory user it not maping to role based vlan 

2 replies

ebilcari
Staff
ebilcari
Staff
October 23, 2024

Is the host successfully registered in FNAC and which method is used to register the host? Is the 'Registered To' field showing the user in Hosts details?

host-reg.PNG

 

If you want to use Roles, it need to be configured to match with an LDAP group and than match that in a network access policy.

roles.PNG

Emirjon
    isgandar
    isgandarAuthor
    New Member
    November 4, 2024

    I configured it but dont work yet. I configure  wireless radius authentication it works user based access but LAN LDAP role based access didnt work

    ebilcari
    Staff
    ebilcari
    Staff
    November 4, 2024

    Are you using RADIUS authentication also for wired hosts, how are the host registered? Does the host have the 'Registered To' field completed and is the host moved to the Group?

    Emirjon
      Hatibi
      Staff & Editor
      Hatibi
      Staff & Editor
      November 1, 2024

      I would suggest to you to assing roles based on the Directory attributes of the user in LDAP instead of Directory group membership.

       

      Follow the steps in this article: https://community.fortinet.com/t5/FortiNAC-F/Technical-Tip-Assign-Roles-based-on-User-LDAP-Directory/ta-p/342393

        Terms & ConditionsAccessibility statement