Configure FortiNAC (Link Mode)

RADIUS

FortiNAC can be configured to authenticate RADIUS using external RADIUS server(s), the built-in local RADIUS server or a combination of both. There are two RADIUS Authentication modes available for determining how RADIUS requests are processed:

Proxy
- Authentication: FortiNAC processes RADIUS MAC but proxies 802.1x EAP authentication to a customer-owned (external) RADIUS server.
- Accounting: FortiNAC proxies accounting traffic to a customer-owned (external) RADIUS server.
- For more information on this option, see Proxy in the Administration Guide.
Local
- Authentication: FortiNAC’s Local RADIUS Server processes RADIUS MAC and 802.1x EAP authentication without the need to proxy to an external RADIUS server.
- Accounting: The Local RADIUS server does not provide accounting. If accounting is required, FortiNAC can be configured to proxy Accounting traffic to an external RADIUS server.
- For more information on this option, see Local Servers in the Administration Guide.

Configure FortiNAC (Link Mode)

RADIUS

Proxy

Authentication: FortiNAC processes RADIUS MAC but proxies 802.1x EAP authentication to a customer-owned (external) RADIUS server.
Accounting: FortiNAC proxies accounting traffic to a customer-owned (external) RADIUS server.
For more information on this option, see Proxy in the Administration Guide.

Local

Authentication: FortiNAC’s Local RADIUS Server processes RADIUS MAC and 802.1x EAP authentication without the need to proxy to an external RADIUS server.
Accounting: The Local RADIUS server does not provide accounting. If accounting is required, FortiNAC can be configured to proxy Accounting traffic to an external RADIUS server.
For more information on this option, see Local Servers in the Administration Guide.

FortiSwitch Integration

Configure FortiNAC (Link Mode)

Configure FortiNAC (Link Mode)

RADIUS

Configure FortiNAC (Link Mode)

RADIUS