Fortinet black logo

FortiWLC Integration

Home FortiNAC 8.3.0 FortiWLC Integration

Ignore Endpoints Connected to a VLAN

8.3.0
9.4.0
9.2.0
9.1.0
8.8.0
8.7.0
8.6.0
8.5.0
8.3.0
Copy Link
Copy Doc ID 8f3deb76-200d-11e9-b6f6-f8bc1258b856:494461
Download PDF

Ignore Endpoints Connected to a VLAN

Configure FortiNAC to ignore endpoints connected to a specific VLAN such that they are not managed nor detected. This is done by configuring the wireless port representing the VLAN in the Ports view of the Administration UI as an uplink.

At this time, the configuration must be done via the FortiNAC CLI. Contact Support if assistance is required.

Set Uplink Using Wireless Port Database ID

  1. In the Administration UI, find the desired port/VLAN under the Ports tab of the WLC (Network Devices > Topology). Note the value in the Label column.
  2. Leave the browser open, and SSH to the FortiNAC CLI as root.
  3. Collect the DBID of the wireless port
    1. Type
      DumpPorts –ip '<WLC IP address>' -all | grep -i "Label = <Label column value>" -a3
    2. Locate the line containing the wireless port DBID.

      Example:

      port[12] suffix = 11722 Descrip = WLC-Corp VLAN myVLAN attribute
      count = 14
      DBID = 4556 Port Type = 53 <---- DBID of wireless port
      Name = WLC-Corp
      Label = myVLAN
      <...>
  4. Configure the port mode to "Always an Uplink" using the DBID value collected in previous step. Type
    SetPortUplinkMode -mode always -dbid <DBID value>
  5. Confirm in the UI the Status column of Ports tab that the interface icon changed to an uplink.

Example: It is desired not to manage nor view clients connected to VLAN “Guest” on the WLC.

  1. Under the Ports tab, the desired interface Label is “Guest”.
  2. CLI example:
    > dumpports –ip '10.20.30.40' -all | grep -i "Label = Guest" -a4
    port[12] suffix = 11722 Descrip = WLC-Corp VLAN Guest attribute
    count = 14
    DBID = 4556 Port Type = 53
    Name = WLC-Corp
    Label = Guest
    <...>
    > SetPortUplinkMode -mode always -dbid 4556
    Guest set to always

The Guest port now displays as an uplink in the Ports tab.

Clear Uplink

  1. In the Administration UI, note the value in the "Label" column of the wireless port in the Ports view to be modified.
  2. Login to FortiNAC CLI as root.
  3. Collect the DBID of the wireless port
    1. Type
      DumpPorts –ip '<WLC IP address>' -all | grep -i "Label = <Label column value>" -a3
    2. Locate the wireless port representing the VLAN.
  4. Clear the port mode using the DBID value collected in previous step. Type
    SetPortUplinkMode -mode clear -dbid <DBID value>

    Example:

    SetPortUplinkMode -mode always -dbid 4556

The uplink icon is removed from the Ports tab for that port.

Previous
Next

Ignore Endpoints Connected to a VLAN

Configure FortiNAC to ignore endpoints connected to a specific VLAN such that they are not managed nor detected. This is done by configuring the wireless port representing the VLAN in the Ports view of the Administration UI as an uplink.

At this time, the configuration must be done via the FortiNAC CLI. Contact Support if assistance is required.

Set Uplink Using Wireless Port Database ID

  1. In the Administration UI, find the desired port/VLAN under the Ports tab of the WLC (Network Devices > Topology). Note the value in the Label column.
  2. Leave the browser open, and SSH to the FortiNAC CLI as root.
  3. Collect the DBID of the wireless port
    1. Type
      DumpPorts –ip '<WLC IP address>' -all | grep -i "Label = <Label column value>" -a3
    2. Locate the line containing the wireless port DBID.

      Example:

      port[12] suffix = 11722 Descrip = WLC-Corp VLAN myVLAN attribute
      count = 14
      DBID = 4556 Port Type = 53 <---- DBID of wireless port
      Name = WLC-Corp
      Label = myVLAN
      <...>
  4. Configure the port mode to "Always an Uplink" using the DBID value collected in previous step. Type
    SetPortUplinkMode -mode always -dbid <DBID value>
  5. Confirm in the UI the Status column of Ports tab that the interface icon changed to an uplink.

Example: It is desired not to manage nor view clients connected to VLAN “Guest” on the WLC.

  1. Under the Ports tab, the desired interface Label is “Guest”.
  2. CLI example:
    > dumpports –ip '10.20.30.40' -all | grep -i "Label = Guest" -a4
    port[12] suffix = 11722 Descrip = WLC-Corp VLAN Guest attribute
    count = 14
    DBID = 4556 Port Type = 53
    Name = WLC-Corp
    Label = Guest
    <...>
    > SetPortUplinkMode -mode always -dbid 4556
    Guest set to always

The Guest port now displays as an uplink in the Ports tab.

Clear Uplink

  1. In the Administration UI, note the value in the "Label" column of the wireless port in the Ports view to be modified.
  2. Login to FortiNAC CLI as root.
  3. Collect the DBID of the wireless port
    1. Type
      DumpPorts –ip '<WLC IP address>' -all | grep -i "Label = <Label column value>" -a3
    2. Locate the wireless port representing the VLAN.
  4. Clear the port mode using the DBID value collected in previous step. Type
    SetPortUplinkMode -mode clear -dbid <DBID value>

    Example:

    SetPortUplinkMode -mode always -dbid 4556

The uplink icon is removed from the Ports tab for that port.

Previous
Next