Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Apply a port based configuration via the model configuration

When hosts connect to the network, the (Undefined variable: User_Guide.ProductFamily) software determines the host’s state. Based on that state the host may be sent to Registration, Quarantine, Authentication, Dead End or the production network. The configuration of the device to which the host has connected controls the host’s network access.

Use the Model Configuration window of your (Undefined variable: User_Guide.ProductFamily) software to set just a VLAN for each host state, a VLAN and a CLI configuration for any of those states or nothing. If you set a CLI configuration for a state, you must also set a VLAN for that state even if it is just the production VLAN. When both a VLAN and a CLI configuration are set for a particular host state, they can work in conjunction with each other. For example, if Authentication is set to VLAN 10 and a CLI configuration is also applied, that configuration might reduce bandwidth while the user is in the Authentication VLAN.

Note

CLI configurations will not be applied if there is no VLAN selected in the Network Access section of the Model Configuration.

This option is used when you would like to apply a CLI configuration to hosts who do not match a Network Access Policy. Typically these hosts would not have a policy because they have not registered or been authenticated and the (Undefined variable: User_Guide.ProductFamily) software does not know who they are.

  1. Select Network Devices > Topology.
  2. Right-click on the device and then click Model Configuration.
  3. In the General section, enter the User Name and Password for CLI access to the device.
  4. In the Protocol section, select the communication protocol for this device.
  5. In the Network Access section, if there is a Read VLANs button, click it to populate drop-downs for each host state. Select the VLANs used for each host state. Note that you should not fill in the Default field if ports on this device have different default VLAN settings. Default VLANs should be set on the Network Access/VLANS window. If all ports on the device use the same Default VLAN you can set it here.
  6. In the CLI Configurations section, select the type as Port based. Port based configurations affect the port directly.

  7. Select a CLI Configuration for the host states you wish to affect. If you select a CLI configuration you must set a corresponding VLAN.
  8. If you are using a RADIUS server for authentication, the default servers are displayed and do not need to be modified. If this device should use a different RADIUS server for authentication, select it from the drop-down list and enter the matching RADIUS Secret.
  9. Click Apply to save your changes.

Apply a port based configuration via the model configuration

When hosts connect to the network, the (Undefined variable: User_Guide.ProductFamily) software determines the host’s state. Based on that state the host may be sent to Registration, Quarantine, Authentication, Dead End or the production network. The configuration of the device to which the host has connected controls the host’s network access.

Use the Model Configuration window of your (Undefined variable: User_Guide.ProductFamily) software to set just a VLAN for each host state, a VLAN and a CLI configuration for any of those states or nothing. If you set a CLI configuration for a state, you must also set a VLAN for that state even if it is just the production VLAN. When both a VLAN and a CLI configuration are set for a particular host state, they can work in conjunction with each other. For example, if Authentication is set to VLAN 10 and a CLI configuration is also applied, that configuration might reduce bandwidth while the user is in the Authentication VLAN.

Note

CLI configurations will not be applied if there is no VLAN selected in the Network Access section of the Model Configuration.

This option is used when you would like to apply a CLI configuration to hosts who do not match a Network Access Policy. Typically these hosts would not have a policy because they have not registered or been authenticated and the (Undefined variable: User_Guide.ProductFamily) software does not know who they are.

  1. Select Network Devices > Topology.
  2. Right-click on the device and then click Model Configuration.
  3. In the General section, enter the User Name and Password for CLI access to the device.
  4. In the Protocol section, select the communication protocol for this device.
  5. In the Network Access section, if there is a Read VLANs button, click it to populate drop-downs for each host state. Select the VLANs used for each host state. Note that you should not fill in the Default field if ports on this device have different default VLAN settings. Default VLANs should be set on the Network Access/VLANS window. If all ports on the device use the same Default VLAN you can set it here.
  6. In the CLI Configurations section, select the type as Port based. Port based configurations affect the port directly.

  7. Select a CLI Configuration for the host states you wish to affect. If you select a CLI configuration you must set a corresponding VLAN.
  8. If you are using a RADIUS server for authentication, the default servers are displayed and do not need to be modified. If this device should use a different RADIUS server for authentication, select it from the drop-down list and enter the matching RADIUS Secret.
  9. Click Apply to save your changes.