In this example, you use a RADIUS server to authenticate your WiFi clients.
The RADIUS server is a FortiAuthenticator (v4.00-build0008) that is used authenticate users who belong to the employees user group.
Go to Authentication > User Management > Local Users and create a user account.
User Role settings are available after you click OK.
Create additional user accounts as needed, one for each employee.
Go to Authentication > User Management > User Groups and create the local user group “employees” on the FortiAuthenticator.
Go to Authentication > RADIUS Service > Clients and create a client account.
Enable all of the EAP types.
Go to User & Device > RADIUS Servers and add the FortiAuthenticator as a RADIUS server.
Go to WiFi Controller > SSID and define your wireless network.
Set up DHCP for your clients.
Configure WPA2 Enterprise security that uses the RADIUS server.
Go to Network > Interfaces and configure a dedicated interface for the FortiAP.
Connect the FortiAP unit. Go to WiFi Controller > Managed FortiAPs.
When the FortiAP is listed, select and authorize it.
Go to WiFi Controller > FortiAP Profiles and edit the profile.
This example used a FortiAP-221C, so the FAP221C-default profile applies.
For each radio:
- Enable Radio Resource Provision.
- Select your SSID.
Go to Policy & Objects > IPv4 Policy and add a policy that allows WiFi users to access the Internet.
Connect to the example-staff network and browse Internet sites.
Go to Monitor > Client Monitor to see that clients connect and authenticate.