Fortinet black logo

New Features

7.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Support 802.1X on virtual switch for certain NP6 platforms

Support 802.1X on virtual switch for certain NP6 platforms

802.1X is supported under the hardware switch interface on the following NP6 platforms: FG-30xE, FG-40xE, and FG-110xE.

Example

In this example, port3 and port4 are part of a hardware switch interface. The hardware switch acts as a virtual switch so that devices can connect directly to these ports and perform 802.1X authentication on the port.

Prerequisites:
  1. Configure a RADIUS server (see RADIUS servers).
  2. Define a user group named test to use the remote RADIUS server and for 802.1X authentication (see User definition and groups).
  3. Configure a hardware switch (named 18188) with port3 and port4 as the members (see Hardware switch).
  4. Configure a firewall policy that allows traffic from the 18188 hardware switch to go to the internet.
  5. Enable 802.1X authentication on the client devices.
To configure 802.1X authentication on a hardware switch in the GUI:
  1. Go to Network > Interfaces and edit the hardware switch.
  2. In the Network section, enable Security mode and select 802.1X.
  3. Click the + to add the User group.

  4. Click OK.
To configure 802.1X authentication on a hardware switch in the CLI:
  1. Configure the virtual hardware switch interfaces:
    config system virtual-switch
    edit "18188"
        set physical-switch "sw0"
        config port
            edit "port3"
            next
            edit "port4"
            next
        end
    next
end
  2. Configure 802.1X authentication:
    config system interface
    edit "18188"
        set vdom "vdom1"
        set ip 1.1.1.1 255.255.255.0
        set allowaccess ping https ssh snmp fgfm ftm
        set type hard-switch
        set security-mode 802.1X
        set security-groups "test"
        set device-identification enable
        set lldp-transmission enable
        set role lan
        set snmp-index 52
    next
end
To verify the that the 802.1X authentication was successful:
  1. Get a client connected to port3 to authenticate to access the internet.
  2. In FortiOS, verify the 802.1X authentication port status:
    # diagnose sys 802-1x status

Virtual switch '18188' (default mode) 802.1x member status:
  port3: Link up, 802.1X state: authorized
  port4: Link up, 802.1X state: unauthorized
Previous
Next

Support 802.1X on virtual switch for certain NP6 platforms

802.1X is supported under the hardware switch interface on the following NP6 platforms: FG-30xE, FG-40xE, and FG-110xE.

Example

In this example, port3 and port4 are part of a hardware switch interface. The hardware switch acts as a virtual switch so that devices can connect directly to these ports and perform 802.1X authentication on the port.

Prerequisites:
  1. Configure a RADIUS server (see RADIUS servers).
  2. Define a user group named test to use the remote RADIUS server and for 802.1X authentication (see User definition and groups).
  3. Configure a hardware switch (named 18188) with port3 and port4 as the members (see Hardware switch).
  4. Configure a firewall policy that allows traffic from the 18188 hardware switch to go to the internet.
  5. Enable 802.1X authentication on the client devices.
To configure 802.1X authentication on a hardware switch in the GUI:
  1. Go to Network > Interfaces and edit the hardware switch.
  2. In the Network section, enable Security mode and select 802.1X.
  3. Click the + to add the User group.

  4. Click OK.
To configure 802.1X authentication on a hardware switch in the CLI:
  1. Configure the virtual hardware switch interfaces:
    config system virtual-switch
    edit "18188"
        set physical-switch "sw0"
        config port
            edit "port3"
            next
            edit "port4"
            next
        end
    next
end
  2. Configure 802.1X authentication:
    config system interface
    edit "18188"
        set vdom "vdom1"
        set ip 1.1.1.1 255.255.255.0
        set allowaccess ping https ssh snmp fgfm ftm
        set type hard-switch
        set security-mode 802.1X
        set security-groups "test"
        set device-identification enable
        set lldp-transmission enable
        set role lan
        set snmp-index 52
    next
end
To verify the that the 802.1X authentication was successful:
  1. Get a client connected to port3 to authenticate to access the internet.
  2. In FortiOS, verify the 802.1X authentication port status:
    # diagnose sys 802-1x status

Virtual switch '18188' (default mode) 802.1x member status:
  port3: Link up, 802.1X state: authorized
  port4: Link up, 802.1X state: unauthorized
Previous
Next