Fortigate + Fortiswitch + Fortiap, wired and wireless NAC work fine on their own. But how to configure nac for bridge ssid configure for a vlan created under Fortilink. Briefly there is Vlan 10 under fortilink. When I apply Fortiswtich port nac mode, wired users are successfully logging in and getting ip. How do I apply this to wireless users. How do I ensure that both wired and wireless users get ip from the same network and are included in the same vlan.
Are there steps on how to do it via gui
I don't find the exact config via GUI, but you can translate the provided CLI commands to GUI operations.
Besides, it is good to learn how to configure via CLI, since many configurations are done via CLI only.
friends, no one has understood the issue. NAC works successfully with the vlans configured under the Fortilink interface. If you want to publish a single SSID and include wireless users in these same vlans. Under the created bride ssıd interface, you recreate the vlan id information you created under the fortilink interface to be the same. For example, let's say there are wired onboarding vlan 10, vlan 20, vlan 30 on the fortilink interface and their gateway information dhcp information is configured. In the same way, it should be created with the same id under wifi ssid, but network information should not be entered. only the trunk connection should be created with fortilink by entering the vlan id of interest.
Were you able to get any solution for what you are trying to accomplish here? I'm trying to do the same thing - one SSID and it will automatically assign VLANs to devices (based on NAC policy MAC address) and use bridge mode to wired vlans.
Hi Ut_Ut. Have you validated that?
From Fortiswitch, Nac policy is working, but from SSID perspective, you needed to recreate the same Vlan IDs to NAC policy work? Or are you just asking about how to have it working? I Have tried to test NAc policy from SSID in tunnel mode, and it works fine, but when try to migrate that to Bridge mode, does not work. I think we have the same doubt.
To use the nac policy in bridge mode, it is sufficient to create an ssid and enter the vlan id information of the network that you will bridge from any subnet definition.
After your last message, I have tested recreating VLAN ID under SSID interface, and tested NAC policy with SSID in bridge mode again, and it worked fine for me (7.2.11). Before, with only VLAN ID on trunk interface only (under hardware switch), it was not available to use in NAC Policy. Now I have the same VLAN ID created under Trunk interface, and SSID interface.
In my specific case, trunk interface is not a Fortilink interface. I don´t have Fortiswitch between Fortigate and FortiAP.
User | Count |
---|---|
2677 | |
1412 | |
810 | |
703 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.