Automation of network provisioning with VLAN segmentation
With the device profiling rules defined, we can move to configuring VLAN Segmentation for the endpoints. First, we will attempt to identify and automate the registration process in order to categorize devices in the environment. We will also configure the VLAN ID to assign to each device type.
Creating the Network Access Policy for IP Cameras
-
Create the User/Host Profiles
In the FortiNAC Management Interface go to Policy & Objects and click on User/Host Profiles. Click Add, and follow these steps:
1. Name: IP Camera Profile
2. In the Who/What by Attribute, click Add.
3. On the Filter screen, click on tab Host and check theDevice Type.
4. In the scroll-down menu of the device types, select Camera and click OK.
5. Click OK to save the User/host profile.
-
Create the Network Access Configuration
Click Network Access under the Policy & Objects menu. Then click Configurations, then click Add. Follow the steps below:
1. Name: IP Camera Config
2. Logical Network: IP Camera
3. Click OK to save the configuration.
-
Create the Network Access Policies
After completing the access configuration, configure the access policies. Click Network Access under the Policy & Objects menu, and click on Policies:
1. Click Add.
2. Check the Enabled box.
3. Name: IP Camera Policy
4. User/Host Profile: IP Camera Profile
5. Network Access Configuration: IP Camera Config
6. Click on OK to save the network access policy.
The Network Access Policies are defined and now the FortiNAC will automate the VLAN assignment for IP Cameras when they are connected in the network.
Creating the Network Access Policy for PLC Devices
-
Create the User/Host Profiles
In the FortiNAC Management Interface, go to Policy & Objects and click User/Host Profiles and follow the next steps below:
1. Click Add and follow the steps:
2. Name: PLC
3. In the Who/What by Group, click Select.
4. Mark “PLC Device Group” and move to the side of “Selected Groups” and click OK.
5. Click OK to save the User/host profile.
-
Create the Network Access Configuration
After to complete the prior step, click Network Access under the Policy & Objects menu. Click Configurations and follow the steps below:
1. Click Add and fill the screen:
2. Name: PLC Configuration
3. Logical Network: PLC
4. Click “OK” to save the configuration.
-
Create the Network Access Policies
After completing the access configuration, configure the access policies. Click Network Access under the Policy & Objects menu, and click on Policies:
1. Click Add.
2. Check the Enabled box.
3. Name: PLC Policy
4. User/Host Profile: PLC Profile
5. Network Access Configuration: PLC Configuration
6. Click OK to save the network access policy.