Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor


Hi all,

I'm trying to understand if it is possible to authenticate non-802.1X compliant devices (e.g. printers) via LDAP.

I've deployed FAC VM and MAB is possible only with local users and groups. It is correct?


Thanks for your help.

Sebastiano Bertoli



hope you found out.

But just in case .. 


1. set your devices with their MAC addresses to Authentication > User Management > MAC Deices

2. set those individual MAC Devices into group Authentication > User Management > User Groups > Create New > set Type = MAC and select your devices from step (1)

3. let's say we are on 6.1 version where the Authentication > RADIUS Service is split between Clients and Policies, so set up new policy for your network with Authentication Type set to 'MAC authentication bypass (MAB)'.

Then in Identity Source > Authorized Groups you should be able to choose group created in step (2)

4. finish policy creation, and I would move it above other policies to sort of exempt those MAC address defined devices from further authentication attempts.


More can be found in Admin guides when you click the (?) icon in top right corner of FAC GUI.

For example:

Tomas Stribrny - NASDAQ:FTNT - Fortinet stuff - TAC L3 Escalations engineer