Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff

Created on ‎09-28-2018 07:17 AM

Article Id 195550

Technical Note: Network Access Policy for Wireless Not Putting Host on Expected VLAN

Description
Network Access Policy for Wireless Not Putting Host on Expected VLAN

Solution

Issue:  Wireless client not being placed on the excpected VLAN, even though the correct Network Access Policy is matching, and RADIUS debug shows the proper VLAN being returned by Network Sentry.

Example:
RadiusServer accepting client 80-00-0b-bb-f1-10 for device 10.12.0.8 and policy 53 ptime=0:0:4:4:4:25

When Network Sentry returns a specific VLAN for the host that was "accepted," the controller will not put that host on that VLAN unless AAA-Override is enabled. This configuration is per SSID.

Solution:  Enable the AAA-Override setting on the wireless controller for the SSID.

Labels:
306
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.