Fortinet black logo

Administration Guide

Network device roles

Copy Link
Copy Doc ID 5bf21617-1bf0-11ec-8c53-00505692583a:446007
Download PDF

Network device roles

Network Devices that request network services are provided with those services based on the role assigned to the device and the connection location. Network device roles allow you to map Device Roles and connection locations to network access configurations for connecting devices. These roles apply only to hosts managed in Inventory, such as a printer, and devices.

A role can have more than one mapping to provide different results when a device with the selected role connects to a different port or device group. For example, you could map Role A to a group of ports in the Accounting Group and place connecting printers with Role A in VLAN 10. You could also map Role A to a group of ports in the Lobby Group and place connecting printers with Role A in VLAN 20. Because roles can have more than one mapping, FortiNAC must determine which mapping is appropriate for each connecting device. When a device connects each mapping is evaluated starting with Rank 1 and working down the list until a match is found. The first match found is used.

To view network device roles, go to Policy & Objects > Network Device Roles.

Settings

Field

Definition

Rank Buttons

Moves the selected device role up or down in the list. Connecting devices, roles and connection location combinations are compared to mappings in order by rank.

Set Rank Button

Allows you to type a different rank number for a selected device role and immediately move the device role to that position. In an environment with a large number of device roles, this process is faster than using the up and down Rank buttons.

Role

Name of the role to which this mapping applies. If Any is displayed, this indicates that the role is not being used as a selection requirement for this mapping. When set to Any, the role field is a match for all roles.

CLI

CLI configuration that will be applied. CLI configurations are applied to the port where the device connects. See CLI configuration.

Location

One or more groups of devices or ports where the device must be connected in order for this mapping to apply. If Any is displayed, this indicates that the field has been left blank when configuring the mapping and that location is not being used as a selection requirement for this mapping. When set to Any, the location field is a match for all locations.

Access Value

Name or number of the network access identifier where the device will be placed based on its role, such as VLAN ID, VLAN Name or Aruba Role.

Note

User specified note field. This field may contain notes regarding the conversion of roles from a previous version of FortiNAC.

Last Modified By

User name of the last user to modify the mapping. SYSTEM indicates that the mapping was modified by FortiNAC itself during an upgrade.

Last Modified Date

Date and time of the last modification to this mapping.

Right click options

Export

Exports data to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.

Copy

Copy the selected mapping to create a new record.

Delete

Deletes the selected mapping.

Modify

Opens the Modify Network Device Role window for the selected mapping.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Audit Logs.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Network device roles

Network Devices that request network services are provided with those services based on the role assigned to the device and the connection location. Network device roles allow you to map Device Roles and connection locations to network access configurations for connecting devices. These roles apply only to hosts managed in Inventory, such as a printer, and devices.

A role can have more than one mapping to provide different results when a device with the selected role connects to a different port or device group. For example, you could map Role A to a group of ports in the Accounting Group and place connecting printers with Role A in VLAN 10. You could also map Role A to a group of ports in the Lobby Group and place connecting printers with Role A in VLAN 20. Because roles can have more than one mapping, FortiNAC must determine which mapping is appropriate for each connecting device. When a device connects each mapping is evaluated starting with Rank 1 and working down the list until a match is found. The first match found is used.

To view network device roles, go to Policy & Objects > Network Device Roles.

Settings

Field

Definition

Rank Buttons

Moves the selected device role up or down in the list. Connecting devices, roles and connection location combinations are compared to mappings in order by rank.

Set Rank Button

Allows you to type a different rank number for a selected device role and immediately move the device role to that position. In an environment with a large number of device roles, this process is faster than using the up and down Rank buttons.

Role

Name of the role to which this mapping applies. If Any is displayed, this indicates that the role is not being used as a selection requirement for this mapping. When set to Any, the role field is a match for all roles.

CLI

CLI configuration that will be applied. CLI configurations are applied to the port where the device connects. See CLI configuration.

Location

One or more groups of devices or ports where the device must be connected in order for this mapping to apply. If Any is displayed, this indicates that the field has been left blank when configuring the mapping and that location is not being used as a selection requirement for this mapping. When set to Any, the location field is a match for all locations.

Access Value

Name or number of the network access identifier where the device will be placed based on its role, such as VLAN ID, VLAN Name or Aruba Role.

Note

User specified note field. This field may contain notes regarding the conversion of roles from a previous version of FortiNAC.

Last Modified By

User name of the last user to modify the mapping. SYSTEM indicates that the mapping was modified by FortiNAC itself during an upgrade.

Last Modified Date

Date and time of the last modification to this mapping.

Right click options

Export

Exports data to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.

Copy

Copy the selected mapping to create a new record.

Delete

Deletes the selected mapping.

Modify

Opens the Modify Network Device Role window for the selected mapping.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Audit Logs.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.