Fortinet black logo

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

Support 802.1X on virtual switch for certain NP6 platforms

802.1X is supported under the hardware switch interface on the following NP6 platforms: FG-30xE, FG-40xE, and FG-110xE.

Example

In this example, port3 and port4 are part of a hardware switch interface. The hardware switch acts as a virtual switch so that devices can connect directly to these ports and perform 802.1X authentication on the port.

Prerequisites:
  1. Configure a RADIUS server (see RADIUS servers).
  2. Define a user group named test to use the remote RADIUS server and for 802.1X authentication (see User definition and groups).
  3. Configure a hardware switch (named 18188) with port3 and port4 as the members (see Hardware switch).
  4. Configure a firewall policy that allows traffic from the 18188 hardware switch to go to the internet.
  5. Enable 802.1X authentication on the client devices.
To configure 802.1X authentication on a hardware switch in the GUI:
  1. Go to Network > Interfaces and edit the hardware switch.
  2. In the Network section, enable Security mode and select 802.1X.
  3. Click the + to add the User group.

  4. Click OK.
To configure 802.1X authentication on a hardware switch in the CLI:
  1. Configure the virtual hardware switch interfaces:
    config system virtual-switch
        edit "18188"
            set physical-switch "sw0"
            config port
                edit "port3"
                next
                edit "port4"
                next
            end
        next
    end
  2. Configure 802.1X authentication:
    config system interface
        edit "18188"
            set vdom "vdom1"
            set ip 1.1.1.1 255.255.255.0
            set allowaccess ping https ssh snmp fgfm ftm
            set type hard-switch
            set security-mode 802.1X
            set security-groups "test"
            set device-identification enable
            set lldp-transmission enable
            set role lan
            set snmp-index 52
        next
    end
To verify the that the 802.1X authentication was successful:
  1. Get a client connected to port3 to authenticate to access the internet.
  2. In FortiOS, verify the 802.1X authentication port status:
    # diagnose sys 802-1x status
    
    Virtual switch '18188' (default mode) 802.1x member status:
      port3: Link up, 802.1X state: authorized
      port4: Link up, 802.1X state: unauthorized

Support 802.1X on virtual switch for certain NP6 platforms

802.1X is supported under the hardware switch interface on the following NP6 platforms: FG-30xE, FG-40xE, and FG-110xE.

Example

In this example, port3 and port4 are part of a hardware switch interface. The hardware switch acts as a virtual switch so that devices can connect directly to these ports and perform 802.1X authentication on the port.

Prerequisites:
  1. Configure a RADIUS server (see RADIUS servers).
  2. Define a user group named test to use the remote RADIUS server and for 802.1X authentication (see User definition and groups).
  3. Configure a hardware switch (named 18188) with port3 and port4 as the members (see Hardware switch).
  4. Configure a firewall policy that allows traffic from the 18188 hardware switch to go to the internet.
  5. Enable 802.1X authentication on the client devices.
To configure 802.1X authentication on a hardware switch in the GUI:
  1. Go to Network > Interfaces and edit the hardware switch.
  2. In the Network section, enable Security mode and select 802.1X.
  3. Click the + to add the User group.

  4. Click OK.
To configure 802.1X authentication on a hardware switch in the CLI:
  1. Configure the virtual hardware switch interfaces:
    config system virtual-switch
        edit "18188"
            set physical-switch "sw0"
            config port
                edit "port3"
                next
                edit "port4"
                next
            end
        next
    end
  2. Configure 802.1X authentication:
    config system interface
        edit "18188"
            set vdom "vdom1"
            set ip 1.1.1.1 255.255.255.0
            set allowaccess ping https ssh snmp fgfm ftm
            set type hard-switch
            set security-mode 802.1X
            set security-groups "test"
            set device-identification enable
            set lldp-transmission enable
            set role lan
            set snmp-index 52
        next
    end
To verify the that the 802.1X authentication was successful:
  1. Get a client connected to port3 to authenticate to access the internet.
  2. In FortiOS, verify the 802.1X authentication port status:
    # diagnose sys 802-1x status
    
    Virtual switch '18188' (default mode) 802.1x member status:
      port3: Link up, 802.1X state: authorized
      port4: Link up, 802.1X state: unauthorized