Fortinet black logo

Cisco Meraki Wired Integration

Home FortiNAC-F 7.2.0 Cisco Meraki Wired Integration
7.2.0
7.4.0
7.2.0

Requirements

Requirements

FortiNAC

  • FortiNAC has internet access to https://dashboard.meraki.com/.

Meraki MS

  • Supported Firmware Version: Meraki firmware that supports RADIUS CoA.

  • SNMP community or account (Read/write access)

  • Account for API access

    • Visibility only: System read access

    • Control: System read/write access

RADIUS Server (802.1x Proxy Mode Configurations)

  • The encryption method for user names and passwords passed between FortiNAC and the RADIUS server must be set to PAP. This affects the following accounts or user names and passwords created on the RADIUS server:

    • The validation account created for communication with FortiNAC and entered in the RADIUS Server Profile configuration.

    • Network users that access the network via the captive portal and are authenticated through RADIUS.

Network

  • Do not use asymmetric routing between your device and the FortiNAC server. RADIUS requests and responses between the FortiNAC server and the wireless device must travel through the same interface on the FortiNAC server.

  • Important: FortiNAC's capacity for processing RADIUS requests is approximately 60 requests per second. Capacity is affected by the use of other features in the program such as the Persistent Agent or MAC Notification Traps. Any requests that are not immediately processed are placed in queue. After 5 seconds any unprocessed requests are discarded.

    If FortiNAC is going to be installed in an environment where it is expected to receive more than 60 RADIUS requests per second, an additional FortiNAC appliance may be required to handle the load.

Previous
Next

Requirements

FortiNAC

  • FortiNAC has internet access to https://dashboard.meraki.com/.

Meraki MS

  • Supported Firmware Version: Meraki firmware that supports RADIUS CoA.

  • SNMP community or account (Read/write access)

  • Account for API access

    • Visibility only: System read access

    • Control: System read/write access

RADIUS Server (802.1x Proxy Mode Configurations)

  • The encryption method for user names and passwords passed between FortiNAC and the RADIUS server must be set to PAP. This affects the following accounts or user names and passwords created on the RADIUS server:

    • The validation account created for communication with FortiNAC and entered in the RADIUS Server Profile configuration.

    • Network users that access the network via the captive portal and are authenticated through RADIUS.

Network

  • Do not use asymmetric routing between your device and the FortiNAC server. RADIUS requests and responses between the FortiNAC server and the wireless device must travel through the same interface on the FortiNAC server.

  • Important: FortiNAC's capacity for processing RADIUS requests is approximately 60 requests per second. Capacity is affected by the use of other features in the program such as the Persistent Agent or MAC Notification Traps. Any requests that are not immediately processed are placed in queue. After 5 seconds any unprocessed requests are discarded.

    If FortiNAC is going to be installed in an environment where it is expected to receive more than 60 RADIUS requests per second, an additional FortiNAC appliance may be required to handle the load.

Previous
Next