Fortinet black logo

Administration Guide

Isolate unknown devices

Copy Link
Copy Doc ID 1ce38eeb-8119-11eb-9995-00505692583a:143037
Download PDF

Isolate unknown devices

When any device connects to the network FortiNAC checks to see if it is registered or not. Registered devices are allowed to access the production network. Unregistered or unknown devices are placed in an isolation VLAN. There is some configuration required to isolate unknown devices.

VLANs

Make sure that you have at least one isolation VLAN where unknown devices can be placed until they are registered. Typically this is called the Registration VLAN. The condition for being placed in the Registration VLAN is that the device be unknown.

VLANs should also be configured on each switch or controller. VLANs should be read from the switches and included in the model configuration for each switch. See Network access/VLANs and Model configuration.

Forced registration group

Ports that will be used to access your network should be placed in the Forced Registration Group. Placing ports in the Forced Registration Group, indicates to FortiNAC that unregistered devices connecting on those ports must be placed in the Registration VLAN to be isolated until the device is registered. For instructions on placing ports in this group

Isolate unknown devices

When any device connects to the network FortiNAC checks to see if it is registered or not. Registered devices are allowed to access the production network. Unregistered or unknown devices are placed in an isolation VLAN. There is some configuration required to isolate unknown devices.

VLANs

Make sure that you have at least one isolation VLAN where unknown devices can be placed until they are registered. Typically this is called the Registration VLAN. The condition for being placed in the Registration VLAN is that the device be unknown.

VLANs should also be configured on each switch or controller. VLANs should be read from the switches and included in the model configuration for each switch. See Network access/VLANs and Model configuration.

Forced registration group

Ports that will be used to access your network should be placed in the Forced Registration Group. Placing ports in the Forced Registration Group, indicates to FortiNAC that unregistered devices connecting on those ports must be placed in the Registration VLAN to be isolated until the device is registered. For instructions on placing ports in this group