config user nac-policy
Configure NAC policy matching pattern to identify matching NAC devices.
config user nac-policy
Description: Configure NAC policy matching pattern to identify matching NAC devices.
edit <name>
set category [device|firewall-user|...]
set description {string}
set ems-tag {string}
set family {string}
set host {string}
set hw-vendor {string}
set hw-version {string}
set mac {string}
set name {string}
set os {string}
set src {string}
set status [enable|disable]
set sw-version {string}
set switch-auto-auth [global|disable|...]
set switch-fortilink {string}
set switch-mac-policy {string}
set switch-port-policy {string}
set switch-scope <switch-id1>, <switch-id2>, ...
set type {string}
set user {string}
set user-group {string}
next
end
config user nac-policy
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
category |
Category of NAC policy. |
option |
- |
device |
||||||||
|
|
|
|||||||||||
|
description |
Description for the NAC policy matching pattern. |
string |
Not Specified |
|
||||||||
|
ems-tag |
NAC policy matching EMS tag. |
string |
Not Specified |
|
||||||||
|
family |
NAC policy matching family. |
string |
Not Specified |
|
||||||||
|
host |
NAC policy matching host. |
string |
Not Specified |
|
||||||||
|
hw-vendor |
NAC policy matching hardware vendor. |
string |
Not Specified |
|
||||||||
|
hw-version |
NAC policy matching hardware version. |
string |
Not Specified |
|
||||||||
|
mac |
NAC policy matching MAC address. |
string |
Not Specified |
|
||||||||
|
name |
NAC policy name. |
string |
Not Specified |
|
||||||||
|
os |
NAC policy matching operating system. |
string |
Not Specified |
|
||||||||
|
src |
NAC policy matching source. |
string |
Not Specified |
|
||||||||
|
status |
Enable/disable NAC policy. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
sw-version |
NAC policy matching software version. |
string |
Not Specified |
|
||||||||
|
switch-auto-auth * |
NAC device auto authorization when discovered and nac-policy matched. |
option |
- |
global |
||||||||
|
|
|
|||||||||||
|
switch-fortilink * |
FortiLink interface for which this NAC policy belongs to. |
string |
Not Specified |
|
||||||||
|
switch-mac-policy * |
switch-mac-policy to be applied on the matched NAC policy. |
string |
Not Specified |
|
||||||||
|
switch-port-policy * |
switch-port-policy to be applied on the matched NAC policy. |
string |
Not Specified |
|
||||||||
|
switch-scope |
List of managed FortiSwitches on which NAC policy can be applied. Managed FortiSwitch name from available options. |
string |
Maximum length: 79 |
|
||||||||
|
type |
NAC policy matching type. |
string |
Not Specified |
|
||||||||
|
user |
NAC policy matching user. |
string |
Not Specified |
|
||||||||
|
user-group |
NAC policy matching user group. |
string |
Not Specified |
|
||||||||
* This parameter may not exist in some models.