Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

RADIUS

Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized access, authorization and accounting management for people or computers to connect and use a network service. A RADIUS server enables external authentication for users connected to FortiNAC-managed network devices. This type of server is often used in a wireless environment.

FortiNAC uses RADIUS authentication to external RADIUS servers for several purposes including:

  • Authenticating users attaching to managed network devices using 802.1x.
  • Authenticating VPN users.
  • Authenticating users accessing FortiNAC's own captive portal process.
  • Authenticating administrators logging onto the FortiNAC system.

FortiNAC works with all the known RADIUS server products, including FreeRADIUS, Steel Belted RADIUS, Microsoft IAS, Cisco ACS, and RADIATOR. To support these uses, RADIUS server profiles must be created in FortiNAC, which can then be assigned as the authentication method for the FortiNAC system or a specific device.

You can create an unlimited number of RADIUS server profiles. Several configuration options are available:

  • System-wide: Default primary and secondary profiles assigned at the system level are used for both captive portal and administrator authentication.
  • In an 802.1x environment:

    • Profiles can be assigned for each individual device.
    • Profiles can be assigned for individual SSIDs.
    • Profiles can be mapped to domains. User names contain a domain name prefix of the user logging onto the network.
    • Profiles can be mapped to a blank domain which would encompass any authenticating user who does not have a domain name prefix as part of his user name.

RADIUS

Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized access, authorization and accounting management for people or computers to connect and use a network service. A RADIUS server enables external authentication for users connected to FortiNAC-managed network devices. This type of server is often used in a wireless environment.

FortiNAC uses RADIUS authentication to external RADIUS servers for several purposes including:

  • Authenticating users attaching to managed network devices using 802.1x.
  • Authenticating VPN users.
  • Authenticating users accessing FortiNAC's own captive portal process.
  • Authenticating administrators logging onto the FortiNAC system.

FortiNAC works with all the known RADIUS server products, including FreeRADIUS, Steel Belted RADIUS, Microsoft IAS, Cisco ACS, and RADIATOR. To support these uses, RADIUS server profiles must be created in FortiNAC, which can then be assigned as the authentication method for the FortiNAC system or a specific device.

You can create an unlimited number of RADIUS server profiles. Several configuration options are available:

  • System-wide: Default primary and secondary profiles assigned at the system level are used for both captive portal and administrator authentication.
  • In an 802.1x environment:

    • Profiles can be assigned for each individual device.
    • Profiles can be assigned for individual SSIDs.
    • Profiles can be mapped to domains. User names contain a domain name prefix of the user logging onto the network.
    • Profiles can be mapped to a blank domain which would encompass any authenticating user who does not have a domain name prefix as part of his user name.