Skip to main content
Lelle68
Lelle68
New Member
November 16, 2023
Question

Radius setup

  • November 16, 2023
  • 2 replies
  • 1217 views

Hello,

 

I have inherit a Fortgate setup with Fortinet firewalls, switches, AP and EMS

Fortigate software version is 7.2.5

I'm trying to setup 802.1x radius authentication, I have configured radius server and is able to connect and do a test authentication.

So that client and secret is working

I have also created a radius group and added that group to a 802.1x port policy.

When I try to authenticate (win11) I get a login prompt but it fails to authenticate and I don't see any traffic coming to the Radius server.

Have created a firewall rule that permit radius from any to radius server.

What I also see is that the switches that are on Fortilink interface got AutoIP (169.254.x.x), does that matter here?

 

/Lennart

2 replies

hbac
Staff
hbac
Staff
November 16, 2023

Hi @Lelle68,

 

Are you trying to setup RADIUS authentication for Wifi users? You can run the following debugs and try to connect again: 

 

# diagnose debug res 

# diagnose debug application fnbamd 255

# diagnose debug console timestamp enable

# diagnose debug enable

 

Regards, 

ebilcari
Staff
ebilcari
Staff
November 17, 2023

Keep in mind that even though the FSW is managed by FGT the RADIUS requests are sourced by the SW itself. Only the RADIUS configuration are done/pushed from FGT to the FSW. The FSW need to have an IP that can be routed in order to reach the server and the RADIUS server should have the FSW IP configured as a RADIUS client in order to accept its requests.

Kindly take a look at this guide that covers the configuration when FNAC is the RADIUS server, the configuration should be very similar.

Emirjon
Terms & ConditionsAccessibility statement