Fortinet white logo
Fortinet white logo

Administration Guide

Configuring global settings

Configuring global settings

To select which 802.1X certificate and certificate authority that the FortiSwitch unit uses, see SSL.

If a link goes down, you can select whether the impacted devices must reauthenticate. If reauthentication is unnecessary, select Do Not Require Re-Authentication. To revert all devices to the unauthenticated state and force each device to reauthenticate, select Require Re-Authentication.

MAB retries authentication before assigning a device to a guest VLAN for unauthorized users. MAB is disabled by default in the CLI.

The Re-Authentication Period (Minutes) field defines how often the device needs to reauthenticate (that is, if a session remains active beyond this number of minutes, the system requires the device to reauthenticate). Set the value to 0 to disable reauthentication. NOTE: For MAB authentication, the host entry is automatically re-authenticated after the re-authentication period. To clear the host entry, you need to clear the entry manually.

If 802.1X authentication fails, the Maximum Re-Authentication Attempts field caps the number of attempts that the system will initiate. Set the value to 0 to disable the reauthentication attempts.

Using the GUI:
  1. Go to Switch > Port Security.

  2. Select Require Reauthentication to revert all devices to the unauthenticated state if the link goes down or select Do Not Require Reauthentication if reauthentication is unnecessary if the link goes down.
  3. In the Re-Authentication Period (Minutes) field, enter the number of minutes before the system requires the device to reauthenticate.
  4. In the Maximum Re-Authentication Attempts field, enter the maximum number of times that the system tries to reauthorize the session.
  5. Select Update.
Using the CLI:

config switch global

config port-security

set link-down-auth {no-action | set-unauth}

set mab-reauth {enable | disable}

set max-reauth-attempt <0-15>

set reauth-period <0-1440>

end

NOTE: Changes to global settings only take effect when new 802.1X/MAB sessions are created.

Configuring global settings

Configuring global settings

To select which 802.1X certificate and certificate authority that the FortiSwitch unit uses, see SSL.

If a link goes down, you can select whether the impacted devices must reauthenticate. If reauthentication is unnecessary, select Do Not Require Re-Authentication. To revert all devices to the unauthenticated state and force each device to reauthenticate, select Require Re-Authentication.

MAB retries authentication before assigning a device to a guest VLAN for unauthorized users. MAB is disabled by default in the CLI.

The Re-Authentication Period (Minutes) field defines how often the device needs to reauthenticate (that is, if a session remains active beyond this number of minutes, the system requires the device to reauthenticate). Set the value to 0 to disable reauthentication. NOTE: For MAB authentication, the host entry is automatically re-authenticated after the re-authentication period. To clear the host entry, you need to clear the entry manually.

If 802.1X authentication fails, the Maximum Re-Authentication Attempts field caps the number of attempts that the system will initiate. Set the value to 0 to disable the reauthentication attempts.

Using the GUI:
  1. Go to Switch > Port Security.

  2. Select Require Reauthentication to revert all devices to the unauthenticated state if the link goes down or select Do Not Require Reauthentication if reauthentication is unnecessary if the link goes down.
  3. In the Re-Authentication Period (Minutes) field, enter the number of minutes before the system requires the device to reauthenticate.
  4. In the Maximum Re-Authentication Attempts field, enter the maximum number of times that the system tries to reauthorize the session.
  5. Select Update.
Using the CLI:

config switch global

config port-security

set link-down-auth {no-action | set-unauth}

set mab-reauth {enable | disable}

set max-reauth-attempt <0-15>

set reauth-period <0-1440>

end

NOTE: Changes to global settings only take effect when new 802.1X/MAB sessions are created.