Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Apply a CLI configuration using a network access policy

CLI configurations applied based on a network access policy are by default port-based not host based.

Network access policies use user/host profiles to match a host with a network access configuration. Network access configurations contain VLAN and/or CLI configuration information. Each user/host profile used to apply a CLI configuration should contain the group of devices or ports to which the host must be connected and the rules or filters that determine whether or not the network access configuration should apply to the connecting host. The groups of devices or ports should contain devices that can accept CLI configurations.

To provide more flexible control using network access policies you can apply a CLI configuration instead of just switching VLANs.

Refer to Network access policies to set policies for hosts, network devices and ports.

  1. Select Policy > Policy Configuration.
  2. Select Network Access.
  3. Click Add or select an existing Policy and click Modify.
  4. Click in the Name field and enter a name for this policy.
  5. Click the Add icon next to User/Host Profile. Only certain devices can accept CLI configurations. At minimum you must configure the Where (Location) field for the user/host profile to ensure that CLI configurations are applied only to devices that can accept them. The remainder of the user/host profile can be configured any way you wish. Click OK to save the profile. Connecting users/hosts must match this user/host profile to be assigned the network access configuration specified in the next step.
  6. Click the Add icon next to Network Access Configuration.
  7. Enter a name for the configuration.
  8. Mark the CLI configuration check box to enable it and select a CLI configuration from the drop-down list. Click OK to save the network access configuration. See Add or modify a configuration for additional information.
  9. The Note field is optional.
  10. Click OK to save your Policy.

Apply a CLI configuration using a network access policy

CLI configurations applied based on a network access policy are by default port-based not host based.

Network access policies use user/host profiles to match a host with a network access configuration. Network access configurations contain VLAN and/or CLI configuration information. Each user/host profile used to apply a CLI configuration should contain the group of devices or ports to which the host must be connected and the rules or filters that determine whether or not the network access configuration should apply to the connecting host. The groups of devices or ports should contain devices that can accept CLI configurations.

To provide more flexible control using network access policies you can apply a CLI configuration instead of just switching VLANs.

Refer to Network access policies to set policies for hosts, network devices and ports.

  1. Select Policy > Policy Configuration.
  2. Select Network Access.
  3. Click Add or select an existing Policy and click Modify.
  4. Click in the Name field and enter a name for this policy.
  5. Click the Add icon next to User/Host Profile. Only certain devices can accept CLI configurations. At minimum you must configure the Where (Location) field for the user/host profile to ensure that CLI configurations are applied only to devices that can accept them. The remainder of the user/host profile can be configured any way you wish. Click OK to save the profile. Connecting users/hosts must match this user/host profile to be assigned the network access configuration specified in the next step.
  6. Click the Add icon next to Network Access Configuration.
  7. Enter a name for the configuration.
  8. Mark the CLI configuration check box to enable it and select a CLI configuration from the drop-down list. Click OK to save the network access configuration. See Add or modify a configuration for additional information.
  9. The Note field is optional.
  10. Click OK to save your Policy.