| Description | This article describes how to use FortiAuthenticator as a radius server for MAC-based authentication. |
| Scope | FortiAuthenticator, FortiGate. |
| Solution |
Specific remote users using wireless can authenticate using their MAC from their devices like mobile phones, PC, tablets, etc.
Step 1. Configuration on FortiGate.
Configure FortiAuthenticator as Radius Server on FortiGate: User&Authentication -> Radius Server -> Create New. After that, select creation test connectivity.
To configure SSID test on FortiGate, go to Wireless & Switch Controller -> SSID -> Create New. Then specify the Name, the Security Mode, and the Pre-shared Key. Enable MAC Address Filtering and select FAC as the Radius server.
It is supposed that the policy is created to allow access between FortiAuthenticator and FortiGate.
Step 2. Configuration on FortiAuthenticator.
It will create some test MAC Addresses on FortiAuthenticator: Authentication -> User Management -> MAC Devices -> Create new and specify the Mac Addresses of the devices.
Create a new user group on FortiAuthenticator: User Management -> User Group -> Create New -> Select option MAC and move all MAC addresses on the right side.
Add FortiGate as Client on FortiAuthenticator: Authentication -> Radius Service -> Clients -> Create New.
Create a new Radius Policy for MAC authentication: Authentication -> Radius Service -> Policies -> Create New.
Create a Policy Name, select FortiGate, leave Radius Attribute Criteria empty, and on Authentication Type select MAC Authentication Bypass (MAB).
On Identity Source, select the Authorized Groups created before, on Radius Response do not change anything, select Update and exit.
Test it to connect with the SSID, it will be then possible to authenticate successfully, this can be verified on the Radius Debug Logs.
|
