(FNC-CAX-xx) Configure RADIUS Communication Access
FortiNAC-OS appliances (FNC-CAX-xx) only. Ensure FortiNAC is configured to allow RADIUS communication over port1. If High Availability configuration, the following must be done on both appliances.
-
Log in as
admin
to the CLI and type:show system interface port1
-
Confirm the command set allowaccess includes the option applicable to the RADIUS Server type used.
Proxy RADIUS: Both radius and radius-acct
Example:
set allowaccess https-adminui ssh ping radius radius-acct snmp nac-ipc
Local RADIUS: Both radius-local and radius-acct
Example:
set allowaccess https-adminui ssh ping radius-local radius-acct snmp nac-ipc
-
If the options need to be added, copy the existing set allowaccess line command to buffer. Important: Ensure all protocols listed are copied (depending upon what’s currently configured, this command may be multiple lines in length).
-
Modify the access list. Type:
config system interface port1
<Paste set allowaccess command copied to buffer> <option1> <option2>
end
Example:
config system interface port1
set allowaccess https-adminui ssh ping snmp nac-ipc
radius-local radius-acct
end
-
Review the entry to confirm the protocols were added. Type:
show system interface port1
-
Exit the CLI. Type:
exit