Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Nascimento
New Contributor II

Created on ‎11-07-2023 01:54 PM Edited on ‎11-07-2023 01:59 PM

Can I keep ETH0 (FortiNAC Mgnt) and ETH1 (FortiNAC Services) in the same VLAN for "L3 network type"?

I want to implement a simple FortiNAC deployment and place the ETH0 (FortiNAC Mgnt) and ETH1 (FortiNAC Service) interfaces in the same VLAN for a "L3 network type". It seems to me that there will be no problem but I want to know if anyone here has done something like this and if it is working. I plan to use this table of IP Address:

MGMT10.47.0.60/24
CAPTIVE REGISTRATION10.47.0.61/24
CAPTIVE REMEDIATION10.47.0.62/24
CAPTIVE DEAD END10.47.0.63/24

Is there anyone here who can point to a document describing this? I will be very grateful if there are contributions. 

JSN
JSN
Labels:
1083
0 Kudos
1 Solution
dbu
Staff
Staff

Created on ‎11-07-2023 03:07 PM

Hi @Nascimento ,

 

Here is a very nice guide, have a look as it might help:
https://community.fortinet.com/t5/FortiNAC/Technical-Tip-An-example-of-a-simple-network-deployment-o...

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

1071
0 Kudos
2 REPLIES 2
dbu
Staff
Staff

Created on ‎11-07-2023 03:07 PM

Hi @Nascimento ,

 

Here is a very nice guide, have a look as it might help:
https://community.fortinet.com/t5/FortiNAC/Technical-Tip-An-example-of-a-simple-network-deployment-o...

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
1072
0 Kudos
ebilcari
Staff
Staff

Created on ‎11-08-2023 04:41 AM

The short answer is NO, it will mess up the routing table since you can have only one default route, most probably using eth0. To add, the eth1 interface and their sub-interfaces will also serve DHCP and DNS services that will complicate it even more. Not to consider also the security concern that mixes management traffic with isolated/non compliant user's traffic.

> route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default   gw.eb.eu  0.0.0.0   UG    0    0    0   eth0

 If you have a physical appliance of FNAC you can try the L2 deployment if you place FNAC directly in the LAN segment and choose to span the VLAN from access ports to eth1 interface of FNAC.
If you are using a VM than the L3 topology with two separate subnets is needed.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
1048
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.