Fortinet black logo

Administration Guide

Add role mappings

Copy Link
Copy Doc ID 2cb222d1-3405-11ea-9384-00505692583a:775389
Download PDF

Add role mappings

Network Device Role mappings tie roles to connection locations and network access options, such as VLANs.

Settings

Field

Definition

Role

If the checkbox is enabled, you can select an existing Role from the drop-down list for this mapping.

If the checkbox is not enabled, this mapping is not tied to a specific role, however the other criteria in the mapping, such as Location must match the connecting device or the mapping will not be used.

If you configure a mapping with no Role, you may want to make sure its Rank places it towards the bottom of the list of rankings. Device connections are compared to the mappings from the lowest (1) to the highest. The first match is used.

CLI

CLI configuration that will be applied. CLI configurations are applied to the device or port where the device connects. See CLI configuration for additional information.

Location

One or more groups of devices or ports where the device must be connected in order for this mapping to apply. If this field has been left blank, then location will not be used as a selection requirement for this mapping.

Access Value

Name or number of the network access identifier where thedevice will be placed based on its role, such as VLAN ID, VLAN Name or Aruba Role.

Note

User specified note field. This field may contain notes regarding the conversion of roles from a previous version of FortiNAC.

  1. Select Policy > Network Device Roles.
  2. Click Add.
  3. Click the Role check box to enable the role drop-down. If this is not enabled, this mapping can apply to any device that matches the other criteria in the mapping, such as Location. The word Any displays in the Role column on the network device roles view if this box is unchecked.
  4. Select a role from the drop-down list.
  5. To apply a CLI configuration to a device or port, click the CLI check box to enable it and select the CLI configuration from the drop-down list. This field is optional. For additional information on CLI configurations see CLI configuration.
  6. In the Access Value field, type the network access identifier for this mapping, such as a VLAN ID, VLAN Name, Aruba Role or for a VPN concentrator enter a group policy name.
  7. Click Select next to Location. Choose one or more device or port groups by clicking on the names in the All Groups column and clicking the right arrow to move them to the Selected Groups column. Click OK to continue.
  8. Click in the Note field to add any user defined information needed for this mapping.
  9. Click OK to save the mapping.

Add role mappings

Network Device Role mappings tie roles to connection locations and network access options, such as VLANs.

Settings

Field

Definition

Role

If the checkbox is enabled, you can select an existing Role from the drop-down list for this mapping.

If the checkbox is not enabled, this mapping is not tied to a specific role, however the other criteria in the mapping, such as Location must match the connecting device or the mapping will not be used.

If you configure a mapping with no Role, you may want to make sure its Rank places it towards the bottom of the list of rankings. Device connections are compared to the mappings from the lowest (1) to the highest. The first match is used.

CLI

CLI configuration that will be applied. CLI configurations are applied to the device or port where the device connects. See CLI configuration for additional information.

Location

One or more groups of devices or ports where the device must be connected in order for this mapping to apply. If this field has been left blank, then location will not be used as a selection requirement for this mapping.

Access Value

Name or number of the network access identifier where thedevice will be placed based on its role, such as VLAN ID, VLAN Name or Aruba Role.

Note

User specified note field. This field may contain notes regarding the conversion of roles from a previous version of FortiNAC.

  1. Select Policy > Network Device Roles.
  2. Click Add.
  3. Click the Role check box to enable the role drop-down. If this is not enabled, this mapping can apply to any device that matches the other criteria in the mapping, such as Location. The word Any displays in the Role column on the network device roles view if this box is unchecked.
  4. Select a role from the drop-down list.
  5. To apply a CLI configuration to a device or port, click the CLI check box to enable it and select the CLI configuration from the drop-down list. This field is optional. For additional information on CLI configurations see CLI configuration.
  6. In the Access Value field, type the network access identifier for this mapping, such as a VLAN ID, VLAN Name, Aruba Role or for a VPN concentrator enter a group policy name.
  7. Click Select next to Location. Choose one or more device or port groups by clicking on the names in the All Groups column and clicking the right arrow to move them to the Selected Groups column. Click OK to continue.
  8. Click in the Note field to add any user defined information needed for this mapping.
  9. Click OK to save the mapping.