Fortinet white logo
Fortinet white logo

Administration Guide

Add or modify a configuration

Add or modify a configuration

Note

FortiNAC provides the proper login command sequence and final logout or exit commands. Do no include the login commands and logout or exit commands in the CLI.

  1. Select Network Devices > CLI Configuration.
  2. To create a new CLI configuration, click Add.
  3. To modify a CLI configuration, select it from the CLI configuration view and click Modify.
  4. Right-click in any of the three main text areas for a pop-up menu with editing options: Undo, Cut, Copy, Paste, Delete, and Select All. You can also use Ctrl+x, Ctrl+c, and Ctrl+v to cut, copy, and paste.
  5. Enter a name for the CLI configuration. This name displays in other parts of the software allowing you to choose and implement this configuration.
  6. If you plan to use MAC address in your CLI configuration, select the MAC Address Format that is recognized by the device to which you are applying this configuration.
  7. Click in the Commands To Set field and enter the CLI commands to be stored as a configuration.
  8. If you would like to reverse those commands when the port state or host state changes, go to the Commands To Undo field and enter the appropriate commands. Use Copy to copy commands from Commands To Set to Commands To Undo.

    Note

    In the event of a device failure or power cycle, changes made by CLI command sets to the device configuration could be lost. FortiNAC will not resend CLI command sets that were sent successfully. It is recommended that you include a command such as, write mem, in the creation of your CLI command sets to ensure that the most recent configuration is saved on the device.

  9. Enter a Description of the CLI configuration. This field is not required.
  10. Click OK to save.
Settings

Field

Definition

Name

Required. Assign a descriptive name to the CLI command set.

MAC address Format

If you choose to modify an ACL by adding or removing MAC addresses, you must select the MAC address format that is recognized by your device. If this format is incorrect, the device will not be able to interpret the MAC address information in the ACL.

Commands To Set

Required. Enter the commands that comprise the configuration. Following is an example:

config t
interface %port%
speed 10
duplex half
exit
exit

You can use shorthand if it is supported on your networking device.

The commands you enter in the CLI configuration window dynamically populate port/interface, VLAN IDs, IP addresses and MAC addresses based on your choice of CLI control mechanism.

Each variable in the CLI configuration is treated as a separate entity. You can use the variables any number of times or not at all, based on your choice of CLI commands.

%port%
%vlan%

%port% and %vlan% for the Commands to Set and Commands to Undo text areas simplify adding this substitution parameter.

%ip%

%ip% allows you to quickly add this parameter into the CLI configuration and can be used to add or remove IP addresses from an ACL. Can be used only on Layer 3 devices such as routers.

%mac%

%mac% allows you to quickly add this parameter into the CLI configuration and can be used to add or remove MAC addresses from an ACL. When you click this button it also inserts the MAC address format selected at the top of the window. Can be used only on Layer 2 devices.

Copy to Undo

Click this button to copy the commands from the Commands to Set pane to the Commands to Undo pane. Edit the commands in this pane to add a negate command.

Commands To Undo

Optional. This field allows you to reverse commands in the Commands To Set field. For example, if you change speed or duplex on a port for a host, you may need to return that configuration to its default setting when a different host connects.

Example:

config t

interface %port%

speed auto

duplex auto

exit

exit

CLI Description

Detailed description of the command set for reference and clarification.

Add or modify a configuration

Add or modify a configuration

Note

FortiNAC provides the proper login command sequence and final logout or exit commands. Do no include the login commands and logout or exit commands in the CLI.

  1. Select Network Devices > CLI Configuration.
  2. To create a new CLI configuration, click Add.
  3. To modify a CLI configuration, select it from the CLI configuration view and click Modify.
  4. Right-click in any of the three main text areas for a pop-up menu with editing options: Undo, Cut, Copy, Paste, Delete, and Select All. You can also use Ctrl+x, Ctrl+c, and Ctrl+v to cut, copy, and paste.
  5. Enter a name for the CLI configuration. This name displays in other parts of the software allowing you to choose and implement this configuration.
  6. If you plan to use MAC address in your CLI configuration, select the MAC Address Format that is recognized by the device to which you are applying this configuration.
  7. Click in the Commands To Set field and enter the CLI commands to be stored as a configuration.
  8. If you would like to reverse those commands when the port state or host state changes, go to the Commands To Undo field and enter the appropriate commands. Use Copy to copy commands from Commands To Set to Commands To Undo.

    Note

    In the event of a device failure or power cycle, changes made by CLI command sets to the device configuration could be lost. FortiNAC will not resend CLI command sets that were sent successfully. It is recommended that you include a command such as, write mem, in the creation of your CLI command sets to ensure that the most recent configuration is saved on the device.

  9. Enter a Description of the CLI configuration. This field is not required.
  10. Click OK to save.
Settings

Field

Definition

Name

Required. Assign a descriptive name to the CLI command set.

MAC address Format

If you choose to modify an ACL by adding or removing MAC addresses, you must select the MAC address format that is recognized by your device. If this format is incorrect, the device will not be able to interpret the MAC address information in the ACL.

Commands To Set

Required. Enter the commands that comprise the configuration. Following is an example:

config t
interface %port%
speed 10
duplex half
exit
exit

You can use shorthand if it is supported on your networking device.

The commands you enter in the CLI configuration window dynamically populate port/interface, VLAN IDs, IP addresses and MAC addresses based on your choice of CLI control mechanism.

Each variable in the CLI configuration is treated as a separate entity. You can use the variables any number of times or not at all, based on your choice of CLI commands.

%port%
%vlan%

%port% and %vlan% for the Commands to Set and Commands to Undo text areas simplify adding this substitution parameter.

%ip%

%ip% allows you to quickly add this parameter into the CLI configuration and can be used to add or remove IP addresses from an ACL. Can be used only on Layer 3 devices such as routers.

%mac%

%mac% allows you to quickly add this parameter into the CLI configuration and can be used to add or remove MAC addresses from an ACL. When you click this button it also inserts the MAC address format selected at the top of the window. Can be used only on Layer 2 devices.

Copy to Undo

Click this button to copy the commands from the Commands to Set pane to the Commands to Undo pane. Edit the commands in this pane to add a negate command.

Commands To Undo

Optional. This field allows you to reverse commands in the Commands To Set field. For example, if you change speed or duplex on a port for a host, you may need to return that configuration to its default setting when a different host connects.

Example:

config t

interface %port%

speed auto

duplex auto

exit

exit

CLI Description

Detailed description of the command set for reference and clarification.