Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎12-07-2018 10:54 AM Edited on ‎09-10-2025 09:59 PM By Moderator

Article Id 198602

Technical Tip: VLAN assignment issues with AerohiveNG

Description

 

This article describes the behavior where AerohiveNG clients are not moved to the appropriate VLAN.  Instead, they are moved to the SSID's default VLAN.

By default, FortiNAC includes the Tunnel-Private-Group-Id RADIUS attribute within the RADIUS response to assign the appropriate network access. The Tunnel-PrivateGroup-Id value is a specific User Profile ID created within Aerohive.   

AerohiveNG changed its operation such that it expects to receive a Filter-Id as opposed to a Tunnel-Private-Group-Id. This change prevents Aerohive from assigning the VLAN specified by FortiNAC and sets the SSID's Default VLAN instead.

 
Scope
 
FortiNAC versions 9.x & F 7.x.


Solution

 

Option 1: FortiNAC versions F7.2 and above: Configure FortiNAC to return Attribute Group "RFC_Role" (which contains Filter-Id). See Model Configuration in the Administration Guide. 

 

Option 2Configure AeroHiveNG to use the Tunnel-Private-Group-Id information.  Refer to the VLANs/Profiles section of the reference manual Aerohive Wireless Access Points Integration Guide in the Document Library.

Labels:
1424
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.