Fortinet black logo

Administration Guide

RADIUS

Copy Link
Copy Doc ID 962fb21b-9bd3-11eb-b70b-00505692583a:296000
Download PDF

RADIUS

The information you need to configure the system to use a RADIUS server includes:

  • The RADIUS server’s domain name or IP address
  • The RADIUS server’s shared secret key

The default port for RADIUS traffic is 1812. Some RADIUS servers use port 1645. You can configure the FortiSwitch unit to use port 1645:

config system global

set radius-port 1645

end

To configure RADIUS authentication with the GUI:
  1. Go to System > Authentication > RADIUS and select Add Server.


  2. Enter the following information and select Add.

Field

Description

Name

Enter a name to identify the RADIUS server on the FortiSwitch unit.

Primary Server Address

Enter the domain name (such as fgt.example.com) or the IP address of the RADIUS server.

Primary Server Secret

Enter the server secret key, such as radiusSecret. This key can be a maximum of 16 characters long.

This value must match the secret on the RADIUS primary server.

Secondary Server Name/IP

Optionally enter the domain name (such as fgt.example.com) or the IP address of the secondary RADIUS server.

Secondary Server Secret

Optionally, enter the secondary server secret key, such as radiusSecret2. This key can be a maximum of 16 characters long.

This value must match the secret on the RADIUS secondary server.

Authentication Scheme

If you know the RADIUS server uses a specific authentication protocol, select Specify Authentication Protocol and select the protocol from the list. Otherwise, select Use Default Authentication Scheme. The default authentication scheme will usually work.

NAS IP/Called Station ID

Enter the IP address to be used as an attribute in RADIUS access requests.

The NAS IP address is a RADIUS setting or IP address of the FortiSwitch interface used to talk to the RADIUS server, if not configured.

The Called Station ID is the same value as the NAS IP address but in text format.

Include in every User Group

When this option is enabled, this RADIUS server is automatically included in all user groups. This option is useful if all users will be authenticating with the remote RADIUS server.

To configure the FortiSwitch unit for RADIUS authentication, see 802.1x authentication.

RADIUS

The information you need to configure the system to use a RADIUS server includes:

  • The RADIUS server’s domain name or IP address
  • The RADIUS server’s shared secret key

The default port for RADIUS traffic is 1812. Some RADIUS servers use port 1645. You can configure the FortiSwitch unit to use port 1645:

config system global

set radius-port 1645

end

To configure RADIUS authentication with the GUI:
  1. Go to System > Authentication > RADIUS and select Add Server.


  2. Enter the following information and select Add.

Field

Description

Name

Enter a name to identify the RADIUS server on the FortiSwitch unit.

Primary Server Address

Enter the domain name (such as fgt.example.com) or the IP address of the RADIUS server.

Primary Server Secret

Enter the server secret key, such as radiusSecret. This key can be a maximum of 16 characters long.

This value must match the secret on the RADIUS primary server.

Secondary Server Name/IP

Optionally enter the domain name (such as fgt.example.com) or the IP address of the secondary RADIUS server.

Secondary Server Secret

Optionally, enter the secondary server secret key, such as radiusSecret2. This key can be a maximum of 16 characters long.

This value must match the secret on the RADIUS secondary server.

Authentication Scheme

If you know the RADIUS server uses a specific authentication protocol, select Specify Authentication Protocol and select the protocol from the list. Otherwise, select Use Default Authentication Scheme. The default authentication scheme will usually work.

NAS IP/Called Station ID

Enter the IP address to be used as an attribute in RADIUS access requests.

The NAS IP address is a RADIUS setting or IP address of the FortiSwitch interface used to talk to the RADIUS server, if not configured.

The Called Station ID is the same value as the NAS IP address but in text format.

Include in every User Group

When this option is enabled, this RADIUS server is automatically included in all user groups. This option is useful if all users will be authenticating with the remote RADIUS server.

To configure the FortiSwitch unit for RADIUS authentication, see 802.1x authentication.