Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ut_Ut
New Contributor

Created on ‎08-28-2024 09:52 PM

How to configure bridgemode ap nac policy.

Fortigate + Fortiswitch + Fortiap, wired and wireless NAC work fine on their own. But how to configure nac for bridge ssid configure for a vlan created under Fortilink. Briefly there is Vlan 10 under fortilink. When I apply Fortiswtich port nac mode, wired users are successfully logging in and getting ip. How do I apply this to wireless users. How do I ensure that both wired and wireless users get ip from the same network and are included in the same vlan.

Labels:
1286
0 Kudos
8 REPLIES 8
AEK
SuperUser
SuperUser

Created on ‎08-29-2024 01:51 AM

Hope this helps:

https://community.fortinet.com/t5/FortiAP/Technical-Tip-How-to-configure-NAC-Policies-for-WLAN/ta-p/...

 

AEK
AEK
1258
Ut_Ut
New Contributor

Created on ‎08-29-2024 02:57 AM

Are there steps on how to do it via gui

1249
0 Kudos
AEK
SuperUser
SuperUser
In response to Ut_Ut

Created on ‎09-01-2024 10:48 AM

I don't find the exact config via GUI, but you can translate the provided CLI commands to GUI operations.

Besides, it is good to learn how to configure via CLI, since many configurations are done via CLI only.

AEK
AEK
1148
Ut_Ut
New Contributor

Created on ‎09-01-2024 02:56 AM

 

friends, no one has understood the issue. NAC works successfully with the vlans configured under the Fortilink interface. If you want to publish a single SSID and include wireless users in these same vlans. Under the created bride ssıd interface, you recreate the vlan id information you created under the fortilink interface to be the same. For example, let's say there are wired onboarding vlan 10, vlan 20, vlan 30 on the fortilink interface and their gateway information dhcp information is configured. In the same way, it should be created with the same id under wifi ssid, but network information should not be entered. only the trunk connection should be created with fortilink by entering the vlan id of interest.

 

1168
0 Kudos
rg_pimentel
New Contributor
In response to Ut_Ut

Created on ‎10-16-2024 07:02 AM

Were you able to get any solution for what you are trying to accomplish here? I'm trying to do the same thing - one SSID and it will automatically assign VLANs to devices (based on NAC policy MAC address) and use bridge mode to wired vlans.

843
0 Kudos
roberto_araujo
New Contributor II
In response to Ut_Ut

Created on ‎04-29-2025 06:38 AM

Hi Ut_Ut. Have you validated that?

 

From Fortiswitch, Nac policy is working, but from SSID perspective, you needed to recreate the same Vlan IDs to NAC policy work? Or are you just asking about how to have it working? I Have tried to test NAc policy from SSID in tunnel mode, and it works fine, but when try to migrate that to Bridge mode, does not work. I think we have the same doubt.

293
0 Kudos
Ut_Ut
New Contributor
In response to roberto_araujo

Created on ‎04-30-2025 05:30 AM

To use the nac policy in bridge mode, it is sufficient to create an ssid and enter the vlan id information of the network that you will bridge from any subnet definition.

268
0 Kudos
robertogoaraujo
New Contributor
In response to Ut_Ut

Created on ‎05-05-2025 05:14 AM

After your last message, I have tested recreating VLAN ID under SSID interface, and tested NAC policy with SSID in bridge mode again, and it worked fine for me (7.2.11). Before, with only VLAN ID on trunk interface only (under hardware switch), it was not available to use in NAC Policy. Now I have the same VLAN ID created under Trunk interface, and SSID interface.

 

In my specific case, trunk interface is not a Fortilink interface. I don´t have Fortiswitch between Fortigate and FortiAP.

 

nac policy FGT.png

235
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.