config user nac-policy

Configure NAC policy matching pattern to identify matching NAC devices.

Description: Configure NAC policy matching pattern to identify matching NAC devices.

edit <name>

set description {string}

set category [device|firewall-user|...]

set status [enable|disable]

set mac {mac-address}

set hw-vendor {string}

set type {string}

set family {string}

set os {string}

set hw-version {string}

set sw-version {string}

set host {string}

set user {string}

set src {string}

set user-group {string}

set ems-tag {string}

set switch-fortilink {string}

set switch-scope <switch-id1>, <switch-id2>, ...

set switch-auto-auth [global|disable|...]

set switch-port-policy {string}

set switch-mac-policy {string}

end

config user nac-policy

Parameter name

Description

Type

Size

description

Description for the NAC policy matching pattern.

string

Maximum length: 63

category

Category of NAC policy.

option

Option	Description
device	Device category.
firewall-user	Firewall user category.
ems-tag	EMS Tag category.

status

Enable/disable NAC policy.

option

Option	Description
enable	Enable NAC policy.
disable	Disable NAC policy.

mac

NAC policy matching MAC address.

mac-address

Not Specified

hw-vendor

NAC policy matching hardware vendor.

string

Maximum length: 15

type

NAC policy matching type.

string

Maximum length: 15

family

NAC policy matching family.

string

Maximum length: 31

NAC policy matching operating system.

string

Maximum length: 31

hw-version

NAC policy matching hardware version.

string

Maximum length: 15

sw-version

NAC policy matching software version.

string

Maximum length: 15

host

NAC policy matching host.

string

Maximum length: 64

user

NAC policy matching user.

string

Maximum length: 64

src

NAC policy matching source.

string

Maximum length: 15

user-group

NAC policy matching user group.

string

Maximum length: 35

ems-tag

NAC policy matching EMS tag.

string

Maximum length: 79

switch-fortilink

FortiLink interface for which this NAC policy belongs to.

string

Maximum length: 15

switch-scope `<switch-id>`

List of managed FortiSwitches on which NAC policy can be applied.<br>Managed FortiSwitch name from available options.

string

Maximum length: 79

switch-auto-auth

NAC device auto authorization when discovered and nac-policy matched.

option

Option	Description
global	Follows global auto-auth configuration under nac-settings.
disable	Disable NAC device auto authorization.
enable	Enable NAC device auto authorization.

switch-port-policy

switch-port-policy to be applied on the matched NAC policy.

string

Maximum length: 63

switch-mac-policy

switch-mac-policy to be applied on the matched NAC policy.

string

Maximum length: 63

config user nac-policy

Configure NAC policy matching pattern to identify matching NAC devices.

config user nac-policy

Description: Configure NAC policy matching pattern to identify matching NAC devices.

edit <name>

set description {string}

set category [device|firewall-user|...]

set status [enable|disable]

set mac {mac-address}

set hw-vendor {string}

set type {string}

set family {string}

set os {string}

set hw-version {string}

set sw-version {string}

set host {string}

set user {string}

set src {string}

set user-group {string}

set ems-tag {string}

set switch-fortilink {string}

set switch-scope <switch-id1>, <switch-id2>, ...

set switch-auto-auth [global|disable|...]

set switch-port-policy {string}

set switch-mac-policy {string}

end

config user nac-policy

Parameter name

Description

Type

Size

description

Description for the NAC policy matching pattern.

string

Maximum length: 63

category

Category of NAC policy.

option

Option	Description
device	Device category.
firewall-user	Firewall user category.
ems-tag	EMS Tag category.

status

Enable/disable NAC policy.

option

Option	Description
enable	Enable NAC policy.
disable	Disable NAC policy.

mac

NAC policy matching MAC address.

mac-address

Not Specified

hw-vendor

NAC policy matching hardware vendor.

string

Maximum length: 15

type

NAC policy matching type.

string

Maximum length: 15

family

NAC policy matching family.

string

Maximum length: 31

NAC policy matching operating system.

string

Maximum length: 31

hw-version

NAC policy matching hardware version.

string

Maximum length: 15

sw-version

NAC policy matching software version.

string

Maximum length: 15

host

NAC policy matching host.

string

Maximum length: 64

user

NAC policy matching user.

string

Maximum length: 64

src

NAC policy matching source.

string

Maximum length: 15

user-group

NAC policy matching user group.

string

Maximum length: 35

ems-tag

NAC policy matching EMS tag.

string

Maximum length: 79

switch-fortilink

FortiLink interface for which this NAC policy belongs to.

string

Maximum length: 15

switch-scope `<switch-id>`

List of managed FortiSwitches on which NAC policy can be applied.<br>Managed FortiSwitch name from available options.

string

Maximum length: 79

switch-auto-auth

NAC device auto authorization when discovered and nac-policy matched.

option

Option	Description
global	Follows global auto-auth configuration under nac-settings.
disable	Disable NAC device auto authorization.
enable	Enable NAC device auto authorization.

switch-port-policy

switch-port-policy to be applied on the matched NAC policy.

string

Maximum length: 63

switch-mac-policy

switch-mac-policy to be applied on the matched NAC policy.

string

Maximum length: 63

CLI Reference

config user nac-policy

config user nac-policy

config user nac-policy

config user nac-policy

config user nac-policy