Configure Eduroam
Step 1: Service Provider (SP) Configuration
The Service Provider receives the initial request for access from the student.
In order to setup a FortiNAC as a Service Provider, follow the steps below:
-
Enable Roaming Guest. This setting identifies the local domain, and allows the authentication request of users from the other domain to be forwarded to the FLR.
-
Go to Setting > Authentication > Roaming Guest.
-
Configure Eduroam FLR Pool Type: Failsafe or Load Balance. Note: If you have multiple FLR’s, you can choose either Failsafe or Load Balance.
-
Configure Eduroam IdP Server Configuration: Select DefaultConfig. Note: In general, pick DefaultConfig to support both local users and roaming users.
-
In Local Domain, click Add to add local domain name.
-
-
-
Configure Federation Level RADIUS Servers (FLRs)
-
Go to Network > Service Connectors > Create New > RADIUS.
-
Provide FLR Server info
-
Name: Name of FLR server
-
IP address: IP address of FLR server
-
RADIUS Secret: Needs to match the RADIUS secret of the FLR
-
Server Type: Authentication
-
Port: Default port 1812
-
Eduroam FLR: Select Primary, if you have one FLR.
-
-
-
Configure Guest Access on FortiSwitch ports . Enable Roaming Guest Interfaces in Port Group Membership.
-
Go to Network > Inventory > [FortiSwitch port client connects to].
-
Right Click and select Group Membership.
-
Enable Roaming Guest Interfaces.
-
Repeat the previous steps for all clients connected to the port.
-
-
Configure Port Properties on FortiSwitch ports. Enable Dot1x Auto Registration.
-
Go to Network > Inventory > [FortiSwitch port client connects to].
-
Right Click and select Port Properties
-
Set Dot1x Auto Registration to On.
-
Repeat the previous steps for all clients connected to the port.
-
-
Configure ForiGate VDOM setting: provide RADIUS configuration and Logical Network Configuration.
-
Go to Network > Inventory > [FortiGate Device] > Virtualized Device tab.
-
Select root, click on Model Configuration.
-
Verify RADIUS Configuration
-
RADIUS secret: Matches the RADIUS secret of the FortiGate.
-
Source IP Address: FortiGate IP address.
-
Server Configuration: DefaultConfig as default.
-
-
Verify Logical Network Configuration
-
Make sure Roaming Guest network is added, with Network Access as VLAN13.
-
-