FortiGate/FortiSwitch settings

To enable FortiGate/FortiSwitch to process Disconnect and COA messages, some additional configurations besides basic 802.1x configurations are required.

Enable RADIUS COA on FortiGate

In FortiGate CLI, enter these commands:

config user radius

edit “(name of the RADIUS server)”

set radius-coa enable

end

Enable RADIUS COA on FortiSwitch interface

In FortiSwitch CLI, enter the commands

config system interface

Show

This will let you see all interface settings. Typically, the output will look like

config system interface

edit "(interface name)"

set mode dhcp

set allowaccess ping https ssh

set type physical

set snmp-index 30

set defaultgw enable

Next

...

end

Then, enter these commands:

edit “(the interface connected to the FortiGate)”

And add radius-acct to the allowaccess list. For example, if current configuration shows

set allowaccess ping https ssh

Then enter

set allowaccess ping https ssh radius-acct

end