Fortinet black logo

FortiWLC Integration

Home FortiNAC-F 7.2.0 FortiWLC Integration
7.2.0
7.4.0
7.2.0

Overview

Overview

Before integrating a device with FortiNAC set the device up on your network and ensure that it is working correctly. Take into account the VLANs you will need for Production and Isolation. Confirm that hosts can connect to the device and access the network. When the device is running on your network, then begin the integration process with FortiNAC.

Use a browser to log into the FortiWLC controller. Make sure the following items are configured.

Note

When configuring security strings on network devices or names for items within the configuration, it is recommended that you use only letters, numbers and hyphens (-). Other characters may prevent FortiNAC from communicating with the device, such as #. Some device manufacturers prohibit the use of special characters.

When integrating the FortiWLC device with FortiNAC you can use three authentication methods, 802.1x, MAC Authentication and Internal Captive Portal. If you are configuring multiple SSIDs on the FortiWLC controller you can use a different method for each SSID, subject to the limitations above for SSID management. This document provides general configuration instructions for each one. The SNMP and CLI Prompt configuration sections below are required for any FortiWLC FortiNAC integration.

SNMP

SNMP must be enabled and configured on the FortiWLC controller to allow FortiNAC to discover and manage the device. Both SNMPv1 or SNMPv3 are supported. If not using SNMPv3, enable both SNMPv1 and SNMPV2C in the controller. Enable SNMP by adding the FortiNAC appliance IP address as a client.

Note: SNMP is not started by default on the WLC.

Use the following command in the WLC to enable SNMP:

SNMP start

Use the following command in the WLC to verify SNMP is running:

SNMP Status

Default CLI Prompt Requirements

FortiNAC must be able to communicate effectively with the device in order to read the session table to determine which hosts are connected and to disassociate or disconnect a host when necessary. To accomplish these tasks FortiNAC uses the device’s command line interface. FortiNAC expects to see prompts that end as follows:

Prompt Type

Characters Required

User Login

#

Prompt must end with this character or FortiNAC will not be able to communicate with the device.

Previous
Next

Overview

Before integrating a device with FortiNAC set the device up on your network and ensure that it is working correctly. Take into account the VLANs you will need for Production and Isolation. Confirm that hosts can connect to the device and access the network. When the device is running on your network, then begin the integration process with FortiNAC.

Use a browser to log into the FortiWLC controller. Make sure the following items are configured.

Note

When configuring security strings on network devices or names for items within the configuration, it is recommended that you use only letters, numbers and hyphens (-). Other characters may prevent FortiNAC from communicating with the device, such as #. Some device manufacturers prohibit the use of special characters.

When integrating the FortiWLC device with FortiNAC you can use three authentication methods, 802.1x, MAC Authentication and Internal Captive Portal. If you are configuring multiple SSIDs on the FortiWLC controller you can use a different method for each SSID, subject to the limitations above for SSID management. This document provides general configuration instructions for each one. The SNMP and CLI Prompt configuration sections below are required for any FortiWLC FortiNAC integration.

SNMP

SNMP must be enabled and configured on the FortiWLC controller to allow FortiNAC to discover and manage the device. Both SNMPv1 or SNMPv3 are supported. If not using SNMPv3, enable both SNMPv1 and SNMPV2C in the controller. Enable SNMP by adding the FortiNAC appliance IP address as a client.

Note: SNMP is not started by default on the WLC.

Use the following command in the WLC to enable SNMP:

SNMP start

Use the following command in the WLC to verify SNMP is running:

SNMP Status

Default CLI Prompt Requirements

FortiNAC must be able to communicate effectively with the device in order to read the session table to determine which hosts are connected and to disassociate or disconnect a host when necessary. To accomplish these tasks FortiNAC uses the device’s command line interface. FortiNAC expects to see prompts that end as follows:

Prompt Type

Characters Required

User Login

#

Prompt must end with this character or FortiNAC will not be able to communicate with the device.

Previous
Next