FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
This article describes how to allow FortiNAC to detect the endpoint location if the VLANs are not terminated on the Wireless Controller (WLC- SSID Bridge-mode).
Scope
FortiNAC, SSID in Bridge-Mode.
Solution
The design is as follows:
SSID is in Bridge mode, and VLANs are terminated between FortiAP and 3rd party switches.
Only the management VLAN is configured on FortiGate to manage the FortiAP.
VLANs production and registration VLANs are terminated between the FortiAP, Edge switches, and Core switch.
The host is successfully registered through the captive portal after connecting to the SSID.
However NAC is unable to detect the location of the client after registration.
Create registration and production VLANs on FortiGate and administratively shut them down.
'Right-click' the WLC in the FortiNAC network Inventory and 'Resync Interfaces' to sync the latest config changes made on FortiGate.
Edit the SSID configuration on FortiNAC and instead of inheriting the configuration from the model configuration use customized RADIUS settings for the SSID.
FortiNAC is now able to detect the Location of the host upon initial connection.
After the registration, FortiNAC properly sends the disconnect-request the authorize the device to be placed in the production VLAN.
