Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff

Created on ‎09-28-2018 04:24 AM Edited on ‎12-08-2024 10:06 PM By Staff

Article Id 197521

Technical Tip: Inconsistent Policy Assignment Moving Between Aerohive Networks

Description

 

This article describes an issue when Aerohive wireless clients move between APs using different networks, Network Sentry does not consistently assign the correct network access policy and causing the wrong VLAN to be assigned. Network Access Policy Host/User Profile is configured to match certain APs in the adapter location of the 'Who/What by Attribute' setting. 


Scope

 

FortiNAC.


Solution

 

Network Sentry processes the adapter location after the assignment of the network access policy.  Therefore, the adapter information will not be accurate at the time the system is trying to match a Network Access policy.

 

The solution would be to assign the network access policies based on the port group instead of adapter location.

 

  1. Create (port) groups that include the appropriate SSID for all the APs that are members of that particular location.
  2. Add this group to the 'Where (Location)' section of the User/Host Profile.
  3. Remove the Host location attribute of the User/Host profile.
Labels:
829
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.