NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
A user disconnects the network cable from a client computer and connects it to his laptop. Because the port is open and unsecured, he can continue surfing the network with the NAC appliance unaware that a client switch has occurred.
DATE: 5/13/2015
VERSION: All
PLATFORM: All
SOLUTION DETAILS
To prevent other clients from using a port, the port should be secured to allow only the current MAC address to communicate on that port. If any other MAC address (i.e., another client) tries to communicate through the port, port security disables the port.
This solution describes how to configure secure ports.
NOTE: For Cisco switches, best practices include configuring the switch to send an SNMP trap to the NAC appliance to indicate that the port has been disabled for security reasons.
PROCEDURE
Navigate to Network Devices -> Topology
Right click on the Switch you wish to enable Port Security on
Check the checkbox for Secure Ports is enabled for this device(s)
