Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
williasthomas192004
New Contributor III

NAC

FortiNAC self-registration Guest Management with wireless dynamic Vlan management .

During the registration process without doing nothing . I got a native vlan ip.

In NAC's Network>Inventory>Device>Virtualized Devices>root I haven't add native Vlan id .

 

What is the fault ?

 

Screenshot 2025-05-28 113030.pngScreenshot 2025-05-28 113116.pngScreenshot 2025-05-28 113206.png

1 Solution
ebilcari

Using a bridged SSID will be similar as long as the VLAN is allowed in the switchport where the AP is connected. The IP configurations shown in the example for the VLANs under the SSID, need to be configured in a similar way to normal VLANs in the FSW.

 

There is no need to create policies for isolation, based on the host state FNAC will push the configured VLANs as long as the Enforcement is enabled in the SSID.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

3 REPLIES 3
ebilcari
Staff
Staff

When an unregistered host (Rogue) connects, FNAC will try to isolate it in the registration network which in this case should be VLAN 201. If the SSID in FGT doesn't have this VLAN configured it may leave the host in the default subnet after the Access-Accept. You can also check this article for more information related to this scenario: Technical Tip: A simple deployment including FortiGate/FortiAP (self-registered guest)

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
williasthomas192004

Isolation with FortiNAC

FortiNAC uses isolation VLANs to restrict network access for unregistered or unknown devices, placing them in an isolation VLAN until they are registered or authenticated

Is that right? How figure out for isolation.
In your setup u create a vlan under wirelss interface with virtual lan with a tunnel mode.
My setup is create a vlan under fortilink swith and run bridge mode.

For Isolation Do I need to create a policy , and how  .Could you pls guide to me? Thanks!

ebilcari

Using a bridged SSID will be similar as long as the VLAN is allowed in the switchport where the AP is connected. The IP configurations shown in the example for the VLANs under the SSID, need to be configured in a similar way to normal VLANs in the FSW.

 

There is no need to create policies for isolation, based on the host state FNAC will push the configured VLANs as long as the Enforcement is enabled in the SSID.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors