Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

Configure integrated NAC settings for FortiSwitch.

  config switch-controller nac-settings
      Description: Configure integrated NAC settings for FortiSwitch.
      edit <name>
          set mode [local|global]
          set inactive-timer {integer}
          set onboarding-vlan {string}
          set auto-auth [disable|enable]
          set bounce-nac-port [disable|enable]
          set link-down-flush [disable|enable]
      next
  end

config switch-controller nac-settings

Parameter Name Description Type Size
mode Set NAC mode to be used on the FortiSwitch ports.
local: Local mode in which managed FortiSwitch port local settings is used.
global: Global mode which enables NAC on all the managed FortiSwitch ports.
option -
inactive-timer Time interval(minutes, 0 = no expiry) to be included in the inactive NAC devices expiry calculation (mac age-out + inactive-time + periodic scan interval). integer Minimum value: 0 Maximum value: 1440
onboarding-vlan Default NAC Onboarding VLAN when NAC devices are discovered. string Maximum length: 15
auto-auth Enable/disable NAC device auto authorization when discovered and nac-policy matched.
disable: Disable NAC device auto authorization.
enable: Enable NAC device auto authorization.
option -
bounce-nac-port Enable/disable bouncing (administratively bring the link down, up) of a switch port when NAC mode is configured on the port. Helps to re-initiate the DHCP process for a device.
disable: Disable bouncing (administratively bring the link down, up) of a switch port when NAC mode is configured.
enable: Enable bouncing (administratively bring the link down, up) of a switch port when NAC mode is configured.
option -
link-down-flush Clear NAC devices on switch ports on link down event.
disable: Disable clearing NAC devices on a switch port when link down event happens.
enable: Enable clearing NAC devices on a switch port when link down event happens.
option -

Configure integrated NAC settings for FortiSwitch.

  config switch-controller nac-settings
      Description: Configure integrated NAC settings for FortiSwitch.
      edit <name>
          set mode [local|global]
          set inactive-timer {integer}
          set onboarding-vlan {string}
          set auto-auth [disable|enable]
          set bounce-nac-port [disable|enable]
          set link-down-flush [disable|enable]
      next
  end

config switch-controller nac-settings

Parameter Name Description Type Size
mode Set NAC mode to be used on the FortiSwitch ports.
local: Local mode in which managed FortiSwitch port local settings is used.
global: Global mode which enables NAC on all the managed FortiSwitch ports.
option -
inactive-timer Time interval(minutes, 0 = no expiry) to be included in the inactive NAC devices expiry calculation (mac age-out + inactive-time + periodic scan interval). integer Minimum value: 0 Maximum value: 1440
onboarding-vlan Default NAC Onboarding VLAN when NAC devices are discovered. string Maximum length: 15
auto-auth Enable/disable NAC device auto authorization when discovered and nac-policy matched.
disable: Disable NAC device auto authorization.
enable: Enable NAC device auto authorization.
option -
bounce-nac-port Enable/disable bouncing (administratively bring the link down, up) of a switch port when NAC mode is configured on the port. Helps to re-initiate the DHCP process for a device.
disable: Disable bouncing (administratively bring the link down, up) of a switch port when NAC mode is configured.
enable: Enable bouncing (administratively bring the link down, up) of a switch port when NAC mode is configured.
option -
link-down-flush Clear NAC devices on switch ports on link down event.
disable: Disable clearing NAC devices on a switch port when link down event happens.
enable: Enable clearing NAC devices on a switch port when link down event happens.
option -