Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
isgandar
New Contributor

Created on ‎10-23-2024 04:44 AM

Fortinac Rolbased vlan mapping issue

My Fortiswitches connect Fortigate with fortilink and I add my fortigate to FortiNAC when I plug new pc to fortswitch port it set to register vlan but when i login with active directory user it not maping to role based vlan 

Labels:
524
0 Kudos
8 REPLIES 8
ebilcari
Staff
Staff

Created on ‎10-23-2024 05:36 AM Edited on ‎10-23-2024 05:37 AM

Is the host successfully registered in FNAC and which method is used to register the host? Is the 'Registered To' field showing the user in Hosts details?

host-reg.PNG

If you want to use Roles, it need to be configured to match with an LDAP group and than match that in a network access policy.

roles.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
502
isgandar
New Contributor
In response to ebilcari

Created on ‎11-04-2024 04:20 AM

I configured it but dont work yet. I configure  wireless radius authentication it works user based access but LAN LDAP role based access didnt work

325
0 Kudos
ebilcari
Staff
Staff
In response to isgandar

Created on ‎11-04-2024 05:05 AM

Are you using RADIUS authentication also for wired hosts, how are the host registered? Does the host have the 'Registered To' field completed and is the host moved to the Group?

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
308
isgandar
New Contributor
In response to ebilcari

Created on ‎11-05-2024 12:00 AM

I dont use RADIUS authentication for wired connection I use RADIUS auth for only wireless connection. I use wired connection LDAP authentication

285
0 Kudos
isgandar
New Contributor
In response to ebilcari

Created on ‎11-06-2024 03:21 AM

I see the l2 pool failed error on fortiswitch bu fortigate fw l2 poll succed, can it affect this? 

268
0 Kudos
ebilcari
Staff
Staff
In response to isgandar

Created on ‎11-06-2024 06:54 AM

When the FSW is managed from the FGT, FNAC will query only the FGT (L2/L3 polling), there is no need to enable L2 polling directly in the switch. More details are shown in the Integration guide.

In case of RADIUS authentication for wired users, FSW will act as the NAS but this is not the case for your setup.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
251
ndumaj
Staff
Staff
In response to isgandar

Created on ‎11-06-2024 08:07 AM

Hello @isgandar 

As Emirjon asked above:
Is the host successfully registered in FNAC and which method is used to register the host? Is the 'Registered To' field showing the user in Hosts details? --> If the host is not associated with a "Registered To" user, then the group cannot be matched and the role cannot be assigned.

Sx11 suggestion would also be a solution.
Follow the steps in this article: https://community.fortinet.com/t5/FortiNAC-F/Technical-Tip-Assign-Roles-based-on-User-LDAP-Directory...

BR

- Happy to help, hit like and accept the solution -
246
0 Kudos
Hatibi
Staff
Staff

Created on ‎11-01-2024 07:40 AM

I would suggest to you to assing roles based on the Directory attributes of the user in LDAP instead of Directory group membership.

 

Follow the steps in this article: https://community.fortinet.com/t5/FortiNAC-F/Technical-Tip-Assign-Roles-based-on-User-LDAP-Directory...

371
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.