Fortinet white logo
Fortinet white logo

CLI Reference

config user nac-policy

config user nac-policy

Configure NAC policy matching pattern to identify matching NAC devices.

config user nac-policy
    Description: Configure NAC policy matching pattern to identify matching NAC devices.
    edit <name>
        set category [device|firewall-user|...]
        set description {string}
        set ems-tag {string}
        set family {string}
        set firewall-address {string}
        set host {string}
        set hw-vendor {string}
        set hw-version {string}
        set mac {string}
        set name {string}
        set os {string}
        set src {string}
        set ssid-policy {string}
        set status [enable|disable]
        set sw-version {string}
        set switch-fortilink {string}
        set switch-group <name1>, <name2>, ...
        set switch-mac-policy {string}
        set type {string}
        set user {string}
        set user-group {string}
    next
end

config user nac-policy

Parameter

Description

Type

Size

Default

category

Category of NAC policy.

option

-

device

Option

Description

device

Device category.

firewall-user

Firewall user category.

ems-tag

EMS Tag category.

description

Description for the NAC policy matching pattern.

string

Not Specified

ems-tag

NAC policy matching EMS tag.

string

Not Specified

family

NAC policy matching family.

string

Not Specified

firewall-address *

Dynamic firewall address to associate MAC which match this policy.

string

Not Specified

host

NAC policy matching host.

string

Not Specified

hw-vendor

NAC policy matching hardware vendor.

string

Not Specified

hw-version

NAC policy matching hardware version.

string

Not Specified

mac

NAC policy matching MAC address.

string

Not Specified

name

NAC policy name.

string

Not Specified

os

NAC policy matching operating system.

string

Not Specified

src

NAC policy matching source.

string

Not Specified

ssid-policy

SSID policy to be applied on the matched NAC policy.

string

Not Specified

status

Enable/disable NAC policy.

option

-

enable

Option

Description

enable

Enable NAC policy.

disable

Disable NAC policy.

sw-version

NAC policy matching software version.

string

Not Specified

switch-fortilink *

FortiLink interface for which this NAC policy belongs to.

string

Not Specified

switch-group <name> *

List of managed FortiSwitch groups on which NAC policy can be applied.

Managed FortiSwitch group name from available options.

string

Maximum length: 79

switch-mac-policy *

Switch MAC policy action to be applied on the matched NAC policy.

string

Not Specified

type

NAC policy matching type.

string

Not Specified

user

NAC policy matching user.

string

Not Specified

user-group

NAC policy matching user group.

string

Not Specified

* This parameter may not exist in some models.

config user nac-policy

config user nac-policy

Configure NAC policy matching pattern to identify matching NAC devices.

config user nac-policy
    Description: Configure NAC policy matching pattern to identify matching NAC devices.
    edit <name>
        set category [device|firewall-user|...]
        set description {string}
        set ems-tag {string}
        set family {string}
        set firewall-address {string}
        set host {string}
        set hw-vendor {string}
        set hw-version {string}
        set mac {string}
        set name {string}
        set os {string}
        set src {string}
        set ssid-policy {string}
        set status [enable|disable]
        set sw-version {string}
        set switch-fortilink {string}
        set switch-group <name1>, <name2>, ...
        set switch-mac-policy {string}
        set type {string}
        set user {string}
        set user-group {string}
    next
end

config user nac-policy

Parameter

Description

Type

Size

Default

category

Category of NAC policy.

option

-

device

Option

Description

device

Device category.

firewall-user

Firewall user category.

ems-tag

EMS Tag category.

description

Description for the NAC policy matching pattern.

string

Not Specified

ems-tag

NAC policy matching EMS tag.

string

Not Specified

family

NAC policy matching family.

string

Not Specified

firewall-address *

Dynamic firewall address to associate MAC which match this policy.

string

Not Specified

host

NAC policy matching host.

string

Not Specified

hw-vendor

NAC policy matching hardware vendor.

string

Not Specified

hw-version

NAC policy matching hardware version.

string

Not Specified

mac

NAC policy matching MAC address.

string

Not Specified

name

NAC policy name.

string

Not Specified

os

NAC policy matching operating system.

string

Not Specified

src

NAC policy matching source.

string

Not Specified

ssid-policy

SSID policy to be applied on the matched NAC policy.

string

Not Specified

status

Enable/disable NAC policy.

option

-

enable

Option

Description

enable

Enable NAC policy.

disable

Disable NAC policy.

sw-version

NAC policy matching software version.

string

Not Specified

switch-fortilink *

FortiLink interface for which this NAC policy belongs to.

string

Not Specified

switch-group <name> *

List of managed FortiSwitch groups on which NAC policy can be applied.

Managed FortiSwitch group name from available options.

string

Maximum length: 79

switch-mac-policy *

Switch MAC policy action to be applied on the matched NAC policy.

string

Not Specified

type

NAC policy matching type.

string

Not Specified

user

NAC policy matching user.

string

Not Specified

user-group

NAC policy matching user group.

string

Not Specified

* This parameter may not exist in some models.