Fortinet black logo

FortiSwitch Integration

Home FortiNAC-F 7.2.0 FortiSwitch Integration
7.2.0
7.4.0
7.2.0

RADIUS Authentication

RADIUS Authentication

Sends notifications to FortiNAC for endpoints connecting to downstream devices that are themselves connected to the FortiSwitch such as hubs or IP Phones (as well as directly connecting to the switch).

  • MAC-based Authentication: Endpoints are authenticated based on the MAC address. This requires no configuration on the endpoint.

  • 802.1x Authentication: Endpoints are authenticated based on user information. This requires supplicant configuration on the endpoint.

Multi-Access: it is possible to assign unique VLANs to each endpoint connecting to a single port. Since each endpoint is managed independently, this configuration allows for greater flexibility and security.

Note the following:

  • FortiNAC does not control the Guest and Auth-Fail VLANs. Endpoints placed in those VLANs may not be managed.

  • Link traps can be used in conjunction with RADIUS Authentication if desired.

802.1x RADIUS Server Requirements

  • The encryption method for user names and passwords passed between FortiNAC and the RADIUS server must be set to PAP on the FortiSwitch. This affects the validation account created for communication with FortiNAC and entered in the RADIUS Server Profile configuration.

Network Requirements

  • Do not use asymmetric routing between the FortiSwitch and the FortiNAC server. RADIUS requests and responses between the FortiNAC server and the FortiSwitch must travel through the same interface on the FortiNAC server.

Previous
Next

RADIUS Authentication

Sends notifications to FortiNAC for endpoints connecting to downstream devices that are themselves connected to the FortiSwitch such as hubs or IP Phones (as well as directly connecting to the switch).

  • MAC-based Authentication: Endpoints are authenticated based on the MAC address. This requires no configuration on the endpoint.

  • 802.1x Authentication: Endpoints are authenticated based on user information. This requires supplicant configuration on the endpoint.

Multi-Access: it is possible to assign unique VLANs to each endpoint connecting to a single port. Since each endpoint is managed independently, this configuration allows for greater flexibility and security.

Note the following:

  • FortiNAC does not control the Guest and Auth-Fail VLANs. Endpoints placed in those VLANs may not be managed.

  • Link traps can be used in conjunction with RADIUS Authentication if desired.

802.1x RADIUS Server Requirements

  • The encryption method for user names and passwords passed between FortiNAC and the RADIUS server must be set to PAP on the FortiSwitch. This affects the validation account created for communication with FortiNAC and entered in the RADIUS Server Profile configuration.

Network Requirements

  • Do not use asymmetric routing between the FortiSwitch and the FortiNAC server. RADIUS requests and responses between the FortiNAC server and the FortiSwitch must travel through the same interface on the FortiNAC server.

Previous
Next