Fortinet black logo

Administration Guide

RADIUS

Copy Link
Copy Doc ID 0f66c6af-cee6-11eb-97f7-00505692583a:296000
Download PDF

RADIUS

The information you need to configure the system to use a RADIUS server includes:

  • The RADIUS server’s domain name or IP address
  • The RADIUS server’s shared secret key

The default port for RADIUS traffic is 1812. Some RADIUS servers use port 1645. You can configure the FortiSwitch unit to use port 1645:

config system global

set radius-port 1645

end

To configure RADIUS authentication with the GUI:
  1. Go to System > Authentication > RADIUS and click Add Server.


  2. Enter the following information.

    Field

    Description

    Name

    Enter a name to identify the RADIUS server on the FortiSwitch unit.

    Primary Server Address

    Enter the IPv4 address of the RADIUS server.

    Primary Server Secret

    Enter the server secret key, such as radiusSecret. This key can be a maximum of 16 characters long.

    This value must match the secret on the RADIUS primary server.

    Secondary Server Address

    Optionally enter the IPv4 address of the secondary RADIUS server.

    Secondary Server Secret

    Optionally, enter the secondary server secret key, such as radiusSecret2. This key can be a maximum of 16 characters long.

    This value must match the secret on the RADIUS secondary server.

    Authentication Scheme

    If you know the RADIUS server uses a specific authentication protocol, select that protocol from the dropdown list. Otherwise, select Use Default Authentication Scheme. The default authentication scheme will usually work.

    NAS IP/Called Station ID

    Enter the IP address to be used as an attribute in RADIUS access requests.

    The NAS IP address is a RADIUS setting or IP address of the FortiSwitch interface used to talk to the RADIUS server, if not configured.

    The Called Station ID is the same value as the NAS IP address but in text format.

    Include in Every User Group

    When this option is enabled, this RADIUS server is automatically included in all user groups. This option is useful if all users will be authenticating with the remote RADIUS server.

  3. Click Test Connectivity to check if the RADIUS server address is valid.
  4. Click Test User Credentials, enter the user name and password for the RADIUS server, and then click Test to check if the user name and password are valid.
  5. Click Add.

To configure the FortiSwitch unit for RADIUS authentication, see 802.1x authentication.

RADIUS

The information you need to configure the system to use a RADIUS server includes:

  • The RADIUS server’s domain name or IP address
  • The RADIUS server’s shared secret key

The default port for RADIUS traffic is 1812. Some RADIUS servers use port 1645. You can configure the FortiSwitch unit to use port 1645:

config system global

set radius-port 1645

end

To configure RADIUS authentication with the GUI:
  1. Go to System > Authentication > RADIUS and click Add Server.


  2. Enter the following information.

    Field

    Description

    Name

    Enter a name to identify the RADIUS server on the FortiSwitch unit.

    Primary Server Address

    Enter the IPv4 address of the RADIUS server.

    Primary Server Secret

    Enter the server secret key, such as radiusSecret. This key can be a maximum of 16 characters long.

    This value must match the secret on the RADIUS primary server.

    Secondary Server Address

    Optionally enter the IPv4 address of the secondary RADIUS server.

    Secondary Server Secret

    Optionally, enter the secondary server secret key, such as radiusSecret2. This key can be a maximum of 16 characters long.

    This value must match the secret on the RADIUS secondary server.

    Authentication Scheme

    If you know the RADIUS server uses a specific authentication protocol, select that protocol from the dropdown list. Otherwise, select Use Default Authentication Scheme. The default authentication scheme will usually work.

    NAS IP/Called Station ID

    Enter the IP address to be used as an attribute in RADIUS access requests.

    The NAS IP address is a RADIUS setting or IP address of the FortiSwitch interface used to talk to the RADIUS server, if not configured.

    The Called Station ID is the same value as the NAS IP address but in text format.

    Include in Every User Group

    When this option is enabled, this RADIUS server is automatically included in all user groups. This option is useful if all users will be authenticating with the remote RADIUS server.

  3. Click Test Connectivity to check if the RADIUS server address is valid.
  4. Click Test User Credentials, enter the user name and password for the RADIUS server, and then click Test to check if the user name and password are valid.
  5. Click Add.

To configure the FortiSwitch unit for RADIUS authentication, see 802.1x authentication.