Configuring global settings
To select which 802.1X certificate and certificate authority that the FortiSwitch unit uses, see SSL.
If a link goes down, you can select whether the impacted devices must reauthenticate. If reauthentication is unnecessary, select Do Not Require Re-Authentication. To revert all devices to the unauthenticated state and force each device to reauthenticate, select Require Re-Authentication.
MAB retries authentication before assigning a device to a guest VLAN for unauthorized users. MAB is disabled by default in the CLI.
The Re-Authentication Period (Minutes) field defines how often the device needs to reauthenticate (that is, if a session remains active beyond this number of minutes, the system requires the device to reauthenticate). Set the value to 0 to disable reauthentication. NOTE: For MAB authentication, the host entry is automatically re-authenticated after the re-authentication period. To clear the host entry, you need to clear the entry manually.
If 802.1X authentication fails, the Maximum Re-Authentication Attempts field caps the number of attempts that the system will initiate. Set the value to 0 to disable the reauthentication attempts.
Using the GUI:
- Go to Switch > Port Security.
- Select Require Reauthentication to revert all devices to the unauthenticated state if the link goes down or select Do Not Require Reauthentication if reauthentication is unnecessary if the link goes down.
- In the Re-Authentication Period (Minutes) field, enter the number of minutes before the system requires the device to reauthenticate.
- In the Maximum Re-Authentication Attempts field, enter the maximum number of times that the system tries to reauthorize the session.
- Select Update.
Using the CLI:
config switch global
config port-security
set link-down-auth {no-action | set-unauth}
set mab-reauth {enable | disable}
set max-reauth-attempt <0-15>
set reauth-period <0-1440>
end
NOTE: Changes to global settings only take effect when new 802.1X/MAB sessions are created.