Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rcpdkc
Contributor II

Created on ‎03-19-2024 02:21 AM

Fortinac-F WPA2 Enterprise

I have a WPA2 Enterprise network. Fortinac connects to the network by authenticating the user from the active directory with radius. But I want to make this role based. I want those in role A to get IP from vlan A and those in role B to get IP from vlan B. How can I do it?

Labels:
675
0 Kudos
1 Solution
rcpdkc
Contributor II
In response to ebilcari

Created on ‎03-19-2024 03:27 PM

I found that the problem is caused by the dynamic vlan feature of the SSID, thanks for your help.

View solution in original post

605
4 REPLIES 4
AEK
SuperUser
SuperUser

Created on ‎03-19-2024 03:40 AM

If you mean role A and role B are AD groups, you can do as follows:

  1. In User Host Profile, create a profile A with lets say users in AD group A, and create profile B with users in AD group B
  2. In Network Access, assign Net-A to UHP A, and Net-B to UHPB
  3. Then in device model config add the new logical networks Net-A with access value VLAN-A, and Net-B with access value VLAN-B.
AEK
AEK
657
0 Kudos
rcpdkc
Contributor II
In response to AEK

Created on ‎03-19-2024 03:50 AM Edited on ‎03-19-2024 03:52 AM

I do it this way, but when the user connects to the network, it comes out of the default ip range.

653
0 Kudos
ebilcari
Staff
Staff
In response to rcpdkc

Created on ‎03-19-2024 05:48 AM

Firstly you have to verify if the host are matching the right network access policy. FNAC has a handy feature that allows to test the policy directly from GUI (no need to test on the end host after every configuration change):

policy-hit.PNG

From here you can check the policy that is currently hitting and the VLAN that should be sent to NAS. If the right VLAN is shown in the policy check, than you can continue troubleshooting the RADIUS or the SSID configuration in the WLC.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
637
0 Kudos
rcpdkc
Contributor II
In response to ebilcari

Created on ‎03-19-2024 03:27 PM

I found that the problem is caused by the dynamic vlan feature of the SSID, thanks for your help.

606
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.