Fortinet black logo

CLI Reference

user nac-policy

Configure NAC policy matching pattern to identify matching NAC devices.

  config user nac-policy
      Description: Configure NAC policy matching pattern to identify matching NAC devices.
      edit <name>
          set description {string}
          set category [device|firewall-user|...]
          set status [enable|disable]
          set mac {mac-address}
          set hw-vendor {string}
          set type {string}
          set family {string}
          set os {string}
          set hw-version {string}
          set sw-version {string}
          set host {string}
          set user {string}
          set src {string}
          set user-group {string}
          set ems-tag {string}
          set switch-fortilink {string}
          set switch-scope <switch-id1>, <switch-id2>, ...
          set switch-auto-auth [global|disable|...]
          set switch-port-policy {string}
          set switch-mac-policy {string}
      next
  end

config user nac-policy

Parameter Name Description Type Size
description Description for the NAC policy matching pattern. string Maximum length: 63
category Category of NAC policy.
device: Device category.
firewall-user: Firewall user category.
ems-tag: EMS Tag category.
option -
status Enable/disable NAC policy.
enable: Enable NAC policy.
disable: Disable NAC policy.
option -
mac NAC policy matching MAC address. mac-address Not Specified
hw-vendor NAC policy matching hardware vendor. string Maximum length: 15
type NAC policy matching type. string Maximum length: 15
family NAC policy matching family. string Maximum length: 31
os NAC policy matching operating system. string Maximum length: 31
hw-version NAC policy matching hardware version. string Maximum length: 15
sw-version NAC policy matching software version. string Maximum length: 15
host NAC policy matching host. string Maximum length: 64
user NAC policy matching user. string Maximum length: 64
src NAC policy matching source. string Maximum length: 15
user-group NAC policy matching user group. string Maximum length: 35
ems-tag NAC policy matching EMS tag. string Maximum length: 79
switch-fortilink FortiLink interface for which this NAC policy belongs to. string Maximum length: 15
switch-scope <switch-id> List of managed FortiSwitches on which NAC policy can be applied.
Managed FortiSwitch name from available options.
string Maximum length: 79
switch-auto-auth NAC device auto authorization when discovered and nac-policy matched.
global: Follows global auto-auth configuration under nac-settings.
disable: Disable NAC device auto authorization.
enable: Enable NAC device auto authorization.
option -
switch-port-policy switch-port-policy to be applied on the matched NAC policy. string Maximum length: 63
switch-mac-policy switch-mac-policy to be applied on the matched NAC policy. string Maximum length: 63

Configure NAC policy matching pattern to identify matching NAC devices.

  config user nac-policy
      Description: Configure NAC policy matching pattern to identify matching NAC devices.
      edit <name>
          set description {string}
          set category [device|firewall-user|...]
          set status [enable|disable]
          set mac {mac-address}
          set hw-vendor {string}
          set type {string}
          set family {string}
          set os {string}
          set hw-version {string}
          set sw-version {string}
          set host {string}
          set user {string}
          set src {string}
          set user-group {string}
          set ems-tag {string}
          set switch-fortilink {string}
          set switch-scope <switch-id1>, <switch-id2>, ...
          set switch-auto-auth [global|disable|...]
          set switch-port-policy {string}
          set switch-mac-policy {string}
      next
  end

config user nac-policy

Parameter Name Description Type Size
description Description for the NAC policy matching pattern. string Maximum length: 63
category Category of NAC policy.
device: Device category.
firewall-user: Firewall user category.
ems-tag: EMS Tag category.
option -
status Enable/disable NAC policy.
enable: Enable NAC policy.
disable: Disable NAC policy.
option -
mac NAC policy matching MAC address. mac-address Not Specified
hw-vendor NAC policy matching hardware vendor. string Maximum length: 15
type NAC policy matching type. string Maximum length: 15
family NAC policy matching family. string Maximum length: 31
os NAC policy matching operating system. string Maximum length: 31
hw-version NAC policy matching hardware version. string Maximum length: 15
sw-version NAC policy matching software version. string Maximum length: 15
host NAC policy matching host. string Maximum length: 64
user NAC policy matching user. string Maximum length: 64
src NAC policy matching source. string Maximum length: 15
user-group NAC policy matching user group. string Maximum length: 35
ems-tag NAC policy matching EMS tag. string Maximum length: 79
switch-fortilink FortiLink interface for which this NAC policy belongs to. string Maximum length: 15
switch-scope <switch-id> List of managed FortiSwitches on which NAC policy can be applied.
Managed FortiSwitch name from available options.
string Maximum length: 79
switch-auto-auth NAC device auto authorization when discovered and nac-policy matched.
global: Follows global auto-auth configuration under nac-settings.
disable: Disable NAC device auto authorization.
enable: Enable NAC device auto authorization.
option -
switch-port-policy switch-port-policy to be applied on the matched NAC policy. string Maximum length: 63
switch-mac-policy switch-mac-policy to be applied on the matched NAC policy. string Maximum length: 63