The information you need to configure the system to use a RADIUS server includes:
- The RADIUS server’s domain name or IP address
- The RADIUS server’s shared secret key
The default port for RADIUS traffic is 1812. Some RADIUS servers use port 1645. You can configure the FortiSwitch unit to use port 1645:
config system global
set radius-port 1645
To configure RADIUS authentication with the GUI:
- Go to System > Authentication > RADIUS and click Add Server.
- Enter the following information.
Enter a name to identify the RADIUS server on the FortiSwitch unit.
Primary Server Address
Enter the IPv4 address of the RADIUS server.
Primary Server Secret
Enter the server secret key, such as radiusSecret. This key can be a maximum of 16 characters long.
This value must match the secret on the RADIUS primary server.
Secondary Server Address
Optionally enter the IPv4 address of the secondary RADIUS server.
Secondary Server Secret
Optionally, enter the secondary server secret key, such as radiusSecret2. This key can be a maximum of 16 characters long.
This value must match the secret on the RADIUS secondary server.
If you know the RADIUS server uses a specific authentication protocol, select that protocol from the dropdown list. Otherwise, select Use Default Authentication Scheme. The default authentication scheme will usually work.
NAS IP/Called Station ID
Enter the IP address to be used as an attribute in RADIUS access requests.
The NAS IP address is a RADIUS setting or IP address of the FortiSwitch interface used to talk to the RADIUS server, if not configured.
The Called Station ID is the same value as the NAS IP address but in text format.
Include in Every User Group
When this option is enabled, this RADIUS server is automatically included in all user groups. This option is useful if all users will be authenticating with the remote RADIUS server.
- Click Test Connectivity to check if the RADIUS server address is valid.
- Click Test User Credentials, enter the user name and password for the RADIUS server, and then click Test to check if the user name and password are valid.
- Click Add.
To configure the FortiSwitch unit for RADIUS authentication, see 802.1x authentication.