Fortinet black logo

New Features

Home FortiGate / FortiOS 6.4.0 New Features

Add a RADIUS timeout VLAN to a security policy 6.4.3

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID de1e129a-0283-11ea-8977-00505692583a:926795
Download PDF

Add a RADIUS timeout VLAN to a security policy 6.4.3

When an 802.1x authentication request to a RADIUS server times out, the FortiSwitch port can be assigned to the timeout VLAN specified in the security policy.

Example

In this example, a 802.1x security policy has been applied on port6 of the managed FortiSwitch. The PC tries to authenticate to the RADIUS server, but the server is not available. After 10 seconds, the authentication times out, and the PC is put into the timeout VLAN vlan22.

To configure the security policy:
config switch-controller security-policy 802-1X
    edit "auth-timeout"
        set user-group "1X_RADIUS_GROUP"
        set mac-auth-bypass disable
        set open-auth disable
        set eap-passthru enable
        set eap-auto-untagged-vlans enable
        set guest-vlan disable
        set auth-fail-vlan disable
        set framevid-apply enable
        set radius-timeout-overwrite disable
        set authserver-timeout-vlan enable
        set authserver-timeout-period 10
        set authserver-timeout-vlanid "vlan22"
    next
end
Previous
Next

Add a RADIUS timeout VLAN to a security policy 6.4.3

When an 802.1x authentication request to a RADIUS server times out, the FortiSwitch port can be assigned to the timeout VLAN specified in the security policy.

Example

In this example, a 802.1x security policy has been applied on port6 of the managed FortiSwitch. The PC tries to authenticate to the RADIUS server, but the server is not available. After 10 seconds, the authentication times out, and the PC is put into the timeout VLAN vlan22.

To configure the security policy:
config switch-controller security-policy 802-1X
    edit "auth-timeout"
        set user-group "1X_RADIUS_GROUP"
        set mac-auth-bypass disable
        set open-auth disable
        set eap-passthru enable
        set eap-auto-untagged-vlans enable
        set guest-vlan disable
        set auth-fail-vlan disable
        set framevid-apply enable
        set radius-timeout-overwrite disable
        set authserver-timeout-vlan enable
        set authserver-timeout-period 10
        set authserver-timeout-vlanid "vlan22"
    next
end
Previous
Next