Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config switch-controller nac-settings

Configure integrated NAC settings for FortiSwitch.

config switch-controller nac-settings

Description: Configure integrated NAC settings for FortiSwitch.

edit <name>

set mode [local|global]

set inactive-timer {integer}

set onboarding-vlan {string}

set auto-auth [disable|enable]

set bounce-nac-port [disable|enable]

set link-down-flush [disable|enable]

next

end

config switch-controller nac-settings

Parameter

Description

Type

Size

Default

mode

Set NAC mode to be used on the FortiSwitch ports.

option

-

local

 

Option

Description

local

Local mode in which managed FortiSwitch port local settings is used.

global

Global mode which enables NAC on all the managed FortiSwitch ports.

inactive-timer

Time interval(minutes, 0 = no expiry) to be included in the inactive NAC devices expiry calculation (mac age-out + inactive-time + periodic scan interval).

integer

Minimum value: 0 Maximum value: 1440

15

onboarding-vlan

Default NAC Onboarding VLAN when NAC devices are discovered.

string

Maximum length: 15

auto-auth

Enable/disable NAC device auto authorization when discovered and nac-policy matched.

option

-

enable

 

Option

Description

disable

Disable NAC device auto authorization.

enable

Enable NAC device auto authorization.

bounce-nac-port

Enable/disable bouncing (administratively bring the link down, up) of a switch port when NAC mode is configured on the port. Helps to re-initiate the DHCP process for a device.

option

-

enable

 

Option

Description

disable

Disable bouncing (administratively bring the link down, up) of a switch port when NAC mode is configured.

enable

Enable bouncing (administratively bring the link down, up) of a switch port when NAC mode is configured.

link-down-flush

Clear NAC devices on switch ports on link down event.

option

-

enable

 

Option

Description

disable

Disable clearing NAC devices on a switch port when link down event happens.

enable

Enable clearing NAC devices on a switch port when link down event happens.

config switch-controller nac-settings

Configure integrated NAC settings for FortiSwitch.

config switch-controller nac-settings

Description: Configure integrated NAC settings for FortiSwitch.

edit <name>

set mode [local|global]

set inactive-timer {integer}

set onboarding-vlan {string}

set auto-auth [disable|enable]

set bounce-nac-port [disable|enable]

set link-down-flush [disable|enable]

next

end

config switch-controller nac-settings

Parameter

Description

Type

Size

Default

mode

Set NAC mode to be used on the FortiSwitch ports.

option

-

local

 

Option

Description

local

Local mode in which managed FortiSwitch port local settings is used.

global

Global mode which enables NAC on all the managed FortiSwitch ports.

inactive-timer

Time interval(minutes, 0 = no expiry) to be included in the inactive NAC devices expiry calculation (mac age-out + inactive-time + periodic scan interval).

integer

Minimum value: 0 Maximum value: 1440

15

onboarding-vlan

Default NAC Onboarding VLAN when NAC devices are discovered.

string

Maximum length: 15

auto-auth

Enable/disable NAC device auto authorization when discovered and nac-policy matched.

option

-

enable

 

Option

Description

disable

Disable NAC device auto authorization.

enable

Enable NAC device auto authorization.

bounce-nac-port

Enable/disable bouncing (administratively bring the link down, up) of a switch port when NAC mode is configured on the port. Helps to re-initiate the DHCP process for a device.

option

-

enable

 

Option

Description

disable

Disable bouncing (administratively bring the link down, up) of a switch port when NAC mode is configured.

enable

Enable bouncing (administratively bring the link down, up) of a switch port when NAC mode is configured.

link-down-flush

Clear NAC devices on switch ports on link down event.

option

-

enable

 

Option

Description

disable

Disable clearing NAC devices on a switch port when link down event happens.

enable

Enable clearing NAC devices on a switch port when link down event happens.