Step 8: Enable Enforcement
To place SSIDs under FortiNAC’s control, assign VLANs and enable enforcement for the various host states. This can be done in two ways
-
Per Device Model – Applies to all SSIDs belonging to that model, unless there is a custom configuration applied to the SSID.
-
Per SSID – Applies to the specific SSID. Can use configuration set in the model as well as custom configurations specific to the SSID.
Important:
-
Always validate behavior on a test SSID first.
-
The RADIUS Secret used must be exactly the same on the wireless device, on the RADIUS server and in the FortiNAC software under RADIUS Settings and Model Configuration.
-
Under Network > Inventory select the device model and click Model Configuration.
-
Fill in the fields as appropriate for the below sections. For details on each option see Model configuration in the Administration Guide.
-
RADIUS
If RADIUS Mode = Local: Set Attribute Group to the group previously configured (ExtremeCloud or Aerohive)
-
Detail Configuration - Wireless AP Preferred Container
-
-
Click Save.
-
Click the Read VLANs or Read Roles button. This does the following:
-
Populates the drop-down lists for the different connection states, such as Registration. Data in the drop-down lists represents the roles or VLANs created on the device.
-
Discovers the Access Points managed by the WLC and places them in the Preferred Container field.
-
-
Set the Access Enforcement and Access Value for each Logical Network.
If configuring a specific SSID, see SSID configuration in the Administration Guide.
Click Save.