Fortinet black logo

Mist Wireless Integration

Home FortiNAC-F 7.2.0 Mist Wireless Integration
7.2.0
7.4.0
7.2.0

How it Works

How it Works

Visibility

FortiNAC learns where endpoints are connected on the network using the following methods:

  • RADIUS communication

  • L2 Polling (MAC address table read)

  • L3 Polling (ARP cache read)

Control

FortiNAC provisions an endpoint’s network access by managing VLAN assignments based on the Mist’s model configuration or an applicable network access policy and the host state of the device. The VLAN configuration is modified using the appropriate method based upon the vendor and model (see chart below).

Device Support Methods

Endpoint Connectivity Notification

Reading MAC Address Tables

(L2 Poll)

Reading IP Tables

(L3 Poll)

Reading VLANs

VLAN Assignment

De-auth

RADIUS (802.1x or MAC-auth)**

API*

API*

API*

RADIUS**

RADIUS** Disconnect

(UDP 3799)

*API communication is between FortiNAC and Mist cloud controller. See Requirements for supported domains.

**RADIUS communication is between FortiNAC and Mist Access Point.

For more information regarding wireless integrations with FortiNAC, refer to the Wireless Integration Overview reference manual in the Fortinet Document Library.

Endpoint Connectivity Notification

  • FortiNAC learns of endpoints connecting from the network using RADIUS (MAC Authentication or 802.1x).

  • When an endpoint disconnects, the status will change to “offline” upon the next L2 poll.

Previous
Next

How it Works

Visibility

FortiNAC learns where endpoints are connected on the network using the following methods:

  • RADIUS communication

  • L2 Polling (MAC address table read)

  • L3 Polling (ARP cache read)

Control

FortiNAC provisions an endpoint’s network access by managing VLAN assignments based on the Mist’s model configuration or an applicable network access policy and the host state of the device. The VLAN configuration is modified using the appropriate method based upon the vendor and model (see chart below).

Device Support Methods

Endpoint Connectivity Notification

Reading MAC Address Tables

(L2 Poll)

Reading IP Tables

(L3 Poll)

Reading VLANs

VLAN Assignment

De-auth

RADIUS (802.1x or MAC-auth)**

API*

API*

API*

RADIUS**

RADIUS** Disconnect

(UDP 3799)

*API communication is between FortiNAC and Mist cloud controller. See Requirements for supported domains.

**RADIUS communication is between FortiNAC and Mist Access Point.

For more information regarding wireless integrations with FortiNAC, refer to the Wireless Integration Overview reference manual in the Fortinet Document Library.

Endpoint Connectivity Notification

  • FortiNAC learns of endpoints connecting from the network using RADIUS (MAC Authentication or 802.1x).

  • When an endpoint disconnects, the status will change to “offline” upon the next L2 poll.

Previous
Next