Fortinet black logo

Cisco Meraki Wired Integration

Home FortiNAC-F 7.2.0 Cisco Meraki Wired Integration
7.2.0
7.4.0
7.2.0

Meraki MS Switch

Meraki MS Switch

How it Works

Registered host network access is provisioned through VLAN assignment based on FortiNAC Network Access Policies. Unregistered (rogue) host network access is provisioned based upon the Access Values configured within FortiNAC’s device model for the Meraki MS. Meraki integration with FortiNAC is designed around RADIUS authentication and disconnection. This requires the creation of at least one Access Policy within the switch in order to define the RADIUS settings that will apply to connecting hosts. Access policies must then be applied to every port that FortiNAC is intended to manage.

When a host connects to the Meraki switch, a RADIUS Access Request is sent to FortiNAC. A RADIUS response is returned with the appropriate VLAN based upon the matching Network Access Policy or Model Configuration Access Value. When FortiNAC needs to change a host's network posture, it disconnects the client using RADIUS (RFC 5176) causing a new authentication in which a new VLAN is assigned.

Device Support Methods

Endpoint Connectivity Notification

Reading MAC Address Tables

(L2 Poll)

Reading IP Tables

(L3 Poll)

Reading VLANs/Resync Interfaces

Switching VLANs

De-auth

MS Switch

RADIUS (802.1x or MAC-auth)

SNMP

REST API*

API*

RADIUS

API*

RADIUS Disconnect

(CoA)

* FortiNAC makes API requests to the cloud (https://dashboard.meraki.com/) and not to the switch directly. A tcpdump using the switch IP Address alone will not show these API requests.

Previous
Next

Meraki MS Switch

How it Works

Registered host network access is provisioned through VLAN assignment based on FortiNAC Network Access Policies. Unregistered (rogue) host network access is provisioned based upon the Access Values configured within FortiNAC’s device model for the Meraki MS. Meraki integration with FortiNAC is designed around RADIUS authentication and disconnection. This requires the creation of at least one Access Policy within the switch in order to define the RADIUS settings that will apply to connecting hosts. Access policies must then be applied to every port that FortiNAC is intended to manage.

When a host connects to the Meraki switch, a RADIUS Access Request is sent to FortiNAC. A RADIUS response is returned with the appropriate VLAN based upon the matching Network Access Policy or Model Configuration Access Value. When FortiNAC needs to change a host's network posture, it disconnects the client using RADIUS (RFC 5176) causing a new authentication in which a new VLAN is assigned.

Device Support Methods

Endpoint Connectivity Notification

Reading MAC Address Tables

(L2 Poll)

Reading IP Tables

(L3 Poll)

Reading VLANs/Resync Interfaces

Switching VLANs

De-auth

MS Switch

RADIUS (802.1x or MAC-auth)

SNMP

REST API*

API*

RADIUS

API*

RADIUS Disconnect

(CoA)

* FortiNAC makes API requests to the cloud (https://dashboard.meraki.com/) and not to the switch directly. A tcpdump using the switch IP Address alone will not show these API requests.

Previous
Next