Fortinac-F WPA2 Enterprise

rcpdkc · ‎03-19-2024

I have a WPA2 Enterprise network. Fortinac connects to the network by authenticating the user from the active directory with radius. But I want to make this role based. I want those in role A to get IP from vlan A and those in role B to get IP from vlan B. How can I do it?

rcpdkc · ‎03-19-2024

I found that the problem is caused by the dynamic vlan feature of the SSID, thanks for your help.

View solution in original post

AEK · ‎03-19-2024

If you mean role A and role B are AD groups, you can do as follows:

In User Host Profile, create a profile A with lets say users in AD group A, and create profile B with users in AD group B
In Network Access, assign Net-A to UHP A, and Net-B to UHPB
Then in device model config add the new logical networks Net-A with access value VLAN-A, and Net-B with access value VLAN-B.

AEK

rcpdkc · ‎03-19-2024

I do it this way, but when the user connects to the network, it comes out of the default ip range.

ebilcari · ‎03-19-2024

Firstly you have to verify if the host are matching the right network access policy. FNAC has a handy feature that allows to test the policy directly from GUI (no need to test on the end host after every configuration change):

From here you can check the policy that is currently hitting and the VLAN that should be sent to NAS. If the right VLAN is shown in the policy check, than you can continue troubleshooting the RADIUS or the SSID configuration in the WLC.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

rcpdkc · ‎03-19-2024

I found that the problem is caused by the dynamic vlan feature of the SSID, thanks for your help.