Fortinet black logo

Eduroam Cookbook

Home FortiNAC-F 7.4.0 Eduroam Cookbook
7.4.0
7.4.0

Configure Eduroam

Configure Eduroam

Step 1: Service Provider (SP) Configuration

The Service Provider receives the initial request for access from the student.

In order to setup a FortiNAC as a Service Provider, follow the steps below:

  1. Enable Roaming Guest. This setting identifies the local domain, and allows the authentication request of users from the other domain to be forwarded to the FLR.

    1. Go to Setting > Authentication > Roaming Guest.

      1. Configure Eduroam FLR Pool Type: Failsafe or Load Balance. Note: If you have multiple FLR’s, you can choose either Failsafe or Load Balance.

      2. Configure Eduroam IdP Server Configuration: Select DefaultConfig. Note: In general, pick DefaultConfig to support both local users and roaming users.

      3. In Local Domain, click Add to add local domain name.

  2. Configure Federation Level RADIUS Servers (FLRs)

    1. Go to Network > Service Connectors > Create New > RADIUS.

    2. Provide FLR Server info

      1. Name: Name of FLR server

      2. IP address: IP address of FLR server

      3. RADIUS Secret: Needs to match the RADIUS secret of the FLR

      4. Server Type: Authentication

      5. Port: Default port 1812

      6. Eduroam FLR: Select Primary, if you have one FLR.

  3. Configure Guest Access on FortiSwitch ports . Enable Roaming Guest Interfaces in Port Group Membership.

    1. Go to Network > Inventory > [FortiSwitch port client connects to].

    2. Right Click and select Group Membership.

    3. Enable Roaming Guest Interfaces.

    4. Repeat the previous steps for all clients connected to the port.

  4. Configure Port Properties on FortiSwitch ports. Enable Dot1x Auto Registration.

    1. Go to Network > Inventory > [FortiSwitch port client connects to].

    2. Right Click and select Port Properties

    3. Set Dot1x Auto Registration to On.

    4. Repeat the previous steps for all clients connected to the port.

  5. Configure ForiGate VDOM setting: provide RADIUS configuration and Logical Network Configuration.

    1. Go to Network > Inventory > [FortiGate Device] > Virtualized Device tab.

    2. Select root, click on Model Configuration.

    3. Verify RADIUS Configuration

      1. RADIUS secret: Matches the RADIUS secret of the FortiGate.

      2. Source IP Address: FortiGate IP address.

      3. Server Configuration: DefaultConfig as default.

    4. Verify Logical Network Configuration

      1. Make sure Roaming Guest network is added, with Network Access as VLAN13.

Previous
Next

Configure Eduroam

Step 1: Service Provider (SP) Configuration

The Service Provider receives the initial request for access from the student.

In order to setup a FortiNAC as a Service Provider, follow the steps below:

  1. Enable Roaming Guest. This setting identifies the local domain, and allows the authentication request of users from the other domain to be forwarded to the FLR.

    1. Go to Setting > Authentication > Roaming Guest.

      1. Configure Eduroam FLR Pool Type: Failsafe or Load Balance. Note: If you have multiple FLR’s, you can choose either Failsafe or Load Balance.

      2. Configure Eduroam IdP Server Configuration: Select DefaultConfig. Note: In general, pick DefaultConfig to support both local users and roaming users.

      3. In Local Domain, click Add to add local domain name.

  2. Configure Federation Level RADIUS Servers (FLRs)

    1. Go to Network > Service Connectors > Create New > RADIUS.

    2. Provide FLR Server info

      1. Name: Name of FLR server

      2. IP address: IP address of FLR server

      3. RADIUS Secret: Needs to match the RADIUS secret of the FLR

      4. Server Type: Authentication

      5. Port: Default port 1812

      6. Eduroam FLR: Select Primary, if you have one FLR.

  3. Configure Guest Access on FortiSwitch ports . Enable Roaming Guest Interfaces in Port Group Membership.

    1. Go to Network > Inventory > [FortiSwitch port client connects to].

    2. Right Click and select Group Membership.

    3. Enable Roaming Guest Interfaces.

    4. Repeat the previous steps for all clients connected to the port.

  4. Configure Port Properties on FortiSwitch ports. Enable Dot1x Auto Registration.

    1. Go to Network > Inventory > [FortiSwitch port client connects to].

    2. Right Click and select Port Properties

    3. Set Dot1x Auto Registration to On.

    4. Repeat the previous steps for all clients connected to the port.

  5. Configure ForiGate VDOM setting: provide RADIUS configuration and Logical Network Configuration.

    1. Go to Network > Inventory > [FortiGate Device] > Virtualized Device tab.

    2. Select root, click on Model Configuration.

    3. Verify RADIUS Configuration

      1. RADIUS secret: Matches the RADIUS secret of the FortiGate.

      2. Source IP Address: FortiGate IP address.

      3. Server Configuration: DefaultConfig as default.

    4. Verify Logical Network Configuration

      1. Make sure Roaming Guest network is added, with Network Access as VLAN13.

Previous
Next