Authentication
Authentication groups together options to configure the connection to authenticate using a Google account, to configure an LDAP directory to authenticate users, to configure RADIUS servers to authenticate users, and to configure a list of local domains for your local network users.
Enabling authentication allows the Administrator to determine whether or not hosts connecting to the network will be forced to authenticate. Hosts can be forced to reauthenticate after a specified period of time.
Once a host is registered the host connecting via a wired connection may or may not have to authenticate depending on what port is being used. Hosts connecting via a wireless connection will be forced to authenticate if an authentication VLAN has been established. See Wireless integration for more information.
Switches used in the forced authentication process must have a value entered for the authentication VLAN in the model configuration. The ports on these switches must be added to the forced authentication group. See Groups for details on adding ports to a group.
Options
Option |
Definition |
---|---|
LDAP |
Use LDAP to configure the connection to one or more authentication directories. Data from the directory populates the FortiNAC database with demographic data for registered users. See Directories. |
Roaming Guests |
Use roaming guests to configure a list of local domains for your local network users. Users who connect and attempt to authenticate with a fully qualified domain name that is not on this list are treated as roaming guests. Applies only to wireless 802.1x connections. See Roaming guests. |