I currently try to achieve following use-case: Using my Fortigate, Fortiswitch and FortiAP, I want to assign VLAN based on MAC addresses of clients. Means in detail: All unknown devices should be automatically moved to a specific VLAN and known devices based on their MAC address to a different VLAN. Using NAC I can assign a SINGLE MAC to accomplish this but I don't get how I use a BATCH of MAC address to create a single NAC policy? It would be crazy to assign for every single MAC address a unique NAC rule? Can someone help me with this?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I think there is no different option from NAC policies. If you want to use a Mac-based dynamic VLAN, you should do this.
But I think you can use CLI configuration to create batch NAC policies. For example;
config user nac-policy
edit "nacpolicy-John"
set mac "xx:xx:xx:xx:xx:xx"
set switch-fortilink "fortilink"
set switch-mac-policy "nacpolicy-Vlan100"
next
edit "nacpolicy-Alice"
set mac "xx:xx:xx:xx:xx:xx"
set switch-fortilink "fortilink"
set switch-mac-policy "nacpolicy-Vlan100"
next
end
But if it is possible, you can use username and password authentication for users. You can authenticate a user with their username and password. Also if you use this, you can use the user group in the NAC policy. In this way, you can handle all users with two policies. In my opinion, this is the best option for dynamic VLAN mapping.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.