Fortinet Version 3.2.0 Manual

A SERVICE OF

next previous

802.1x Authentication

This chapter contains information about how to use IEEE 802.1x authentication on Fortinet switches.

About 802.1x

FortiSwitch supports IEEE 802.1x authentication to control network access. FortiSwitch implements port-based

and MAC-based access.

A supplicant connected to a port on the switch must be authenticated by a Radius/diameter server in order to gain

access to the network. The supplicant and the authentication server communicate via the switch using EAP

protocol.

With port-based authentication, any user on the authenticated port will have access to the network.

With MAC-based authentication, the switch saves the MAC address of the supplicant's device. The switch limits

network access to devices that have successfully been authenticated.

Authenticating with a RADIUS server

Using the CLI:

1. Creating a RADIUS user group:

config user radius

edit <name>

set server <address>

end

end

2. Creating a user group:

config user group

edit <name>

set member <list>

config match

edit 1

set group-name <name>

set server-name <name>

end

end

end

end

3. Configuring the switch interface for port-based 802.1x

config switch interface

edit <interface>

set security-mode 802.1X

set security-groups <name>

49 FortiSwitchOS-3.2.0