Standalone Mode
FortiSwitches configured in standalone mode behave like typical network switches in FortiNAC. Management of endpoints connecting to the switches is accomplished using VLANs by assigning either ports or the endpoints themselves to VLANs according to their state within the FortiNAC system. As the state of an endpoint changes, its VLAN assignment is changed to reflect it.
FortiSwitch notifies FortiNAC of endpoint connectivity using either SNMP Traps or RADIUS. All other communication between FortiNAC and FortiSwitches occur using HTTPS (RESTful API). HTTPS access must be allowed on the FortiSwitch interface used to communicate to FortiNAC.
Device Support Methods (Standalone Mode)
Endpoint Connectivity Notification |
Reading MAC Address Tables (L2 Poll) |
Reading IP Tables (L3 Poll) |
Reading VLANs |
Switching VLANs |
De-auth |
SNMP MAC Notification Traps** SNMP Link Traps
|
SSH (TCP 22) REST API
|
SSH (TCP 22) REST API
|
REST API
|
REST API RADIUS
|
RADIUS Disconnect* |
*Some FortiSwitch models (such as the 1xxE) do not support RADIUS CoA and Disconnect. Refer to the list of supported features in the FortiSwitch Release Notes in the Fortinet Document Library for more details. FortiNAC must disconnect (de-auth) in order to change network access.
**Requires specific FortiNAC software and FortiOS firmware versions.Click on the appropriate link below to begin configuration: