Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Apply a host based configuration via the model configuration

Host-based CLI configurations modify ACLs stored on the switch or router. CLI configurations that modify IP address ACLs can only be used on Layer 3 devices.

or removes IP addresses from a corresponding ACL based on the host state. When the host connects, the FortiNAC software determines whether or not they need to be sent to registration, authentication, remediation or remain in a dead end. When the host has satisfied the requirements of its state and is ready to be put on the production network, the state change triggers the undo portion of the CLI configuration updates the ACL again. This allows the host onto the production network.

  1. Select Network Devices > Topology.
  2. Right-click on the device and then click Model Configuration.
  3. In General, enter the User Name and Password for CLI access to the device.
  4. In Protocol, select the communication protocol for this device.
  5. In Network Access, select Read VLANs to populate the VLAN drop-downs. Set the VLANs used for each host state. Note that you should not fill in the Default field if ports on this device have different default VLAN settings. Default VLANs should be set in Network Access/VLANs. If all ports on the device use the same default VLAN you can set it here.
  6. In the CLI Configurations section, select the type - Host Based. Host based configurations control host access through the use of an ACL stored on the device and referenced in the CLI configuration.

  7. Select a CLI configuration for the host states you wish to affect. If you select a CLI configuration you must set a corresponding VLAN.

    Note

    Right-click the device and select the Applied ACLs menu option to view or clear applied ACL settings. The Applied ACL menu option is available after a Host Based Configuration is applied. You may need to refresh the Topology.

  8. If you are using a RADIUS server for authentication, the default servers are displayed and do not need to be modified. If this device should use a different RADIUS server for authentication, select it from the drop-down list and enter the matching RADIUS Secret.
  9. Click Apply to save your changes.

View/clear applied ACL settings

If you have applied host based CLI configurations, you may want to see and/or remove changes to the ACL on the device. This option is accessed via the Applied ACL window.

  1. Select Network Devices > Topology.
  2. Expand the Container holding the device.
  3. Right-click on the device. Select the device name and then click Applied ACLs.

    Note

    The Applied ACL menu option is available after a Host Based Configuration is applied. You may need to refresh the Topology.

    The Applied ACLs window opens, displaying the name, MAC address, IP address, CLI, and Host for each Applied ACL.

  4. Select the ACL(s) you wish to delete, and then click Delete. If there is an Undo configuration, it will be run.
  5. Click Close to exit.

Apply a host based configuration via the model configuration

Host-based CLI configurations modify ACLs stored on the switch or router. CLI configurations that modify IP address ACLs can only be used on Layer 3 devices.

or removes IP addresses from a corresponding ACL based on the host state. When the host connects, the FortiNAC software determines whether or not they need to be sent to registration, authentication, remediation or remain in a dead end. When the host has satisfied the requirements of its state and is ready to be put on the production network, the state change triggers the undo portion of the CLI configuration updates the ACL again. This allows the host onto the production network.

  1. Select Network Devices > Topology.
  2. Right-click on the device and then click Model Configuration.
  3. In General, enter the User Name and Password for CLI access to the device.
  4. In Protocol, select the communication protocol for this device.
  5. In Network Access, select Read VLANs to populate the VLAN drop-downs. Set the VLANs used for each host state. Note that you should not fill in the Default field if ports on this device have different default VLAN settings. Default VLANs should be set in Network Access/VLANs. If all ports on the device use the same default VLAN you can set it here.
  6. In the CLI Configurations section, select the type - Host Based. Host based configurations control host access through the use of an ACL stored on the device and referenced in the CLI configuration.

  7. Select a CLI configuration for the host states you wish to affect. If you select a CLI configuration you must set a corresponding VLAN.

    Note

    Right-click the device and select the Applied ACLs menu option to view or clear applied ACL settings. The Applied ACL menu option is available after a Host Based Configuration is applied. You may need to refresh the Topology.

  8. If you are using a RADIUS server for authentication, the default servers are displayed and do not need to be modified. If this device should use a different RADIUS server for authentication, select it from the drop-down list and enter the matching RADIUS Secret.
  9. Click Apply to save your changes.

View/clear applied ACL settings

If you have applied host based CLI configurations, you may want to see and/or remove changes to the ACL on the device. This option is accessed via the Applied ACL window.

  1. Select Network Devices > Topology.
  2. Expand the Container holding the device.
  3. Right-click on the device. Select the device name and then click Applied ACLs.

    Note

    The Applied ACL menu option is available after a Host Based Configuration is applied. You may need to refresh the Topology.

    The Applied ACLs window opens, displaying the name, MAC address, IP address, CLI, and Host for each Applied ACL.

  4. Select the ACL(s) you wish to delete, and then click Delete. If there is an Undo configuration, it will be run.
  5. Click Close to exit.