This article describes the behavior where the host's IP address does not update after a VLAN change when connected to a FortiSwitch managed by FortiNAC. Affects hosts authenticating via RADIUS.
The following is observed when FortiNAC changes a VLAN:
1) FortiNAC sends the CoA packet to the FortiSwitch and the FortiSwitch acknowledges the CoA request.
2) The end station requests authentication and FortiNAC responds, providing the new VLAN.
Result: FortiSwitch shows that the host is assigned to the new VLAN, however, the host maintains its old IP address.
|Scope||FortiNAC version 8.8 and greater|
Configure FortiNAC to include the custom attribute Fortinet-Host-Port-AVPair action=bounce-port in the RADIUS response in order for the host to request a new IP address.
Once the property below is set, FortiNAC will include the attribute when responding to any FortiSwitch.
1) Upgrade to version 9.4.2.
2) Login to the appliance CLI as root and enable the global property:
To disable this property, run the command:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.