Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
CBI-msuss
New Contributor

802.1x dynamic vlan assignment in fortilink

I'm trying to use 802.1x to assign users a vlan. I've looked in the FortiGate documentation and I'm able to find methods of doing this in a standalone fortiswitch. My organization is using a fortigate/fortilink to manager our switches and I'm able to see a method of using 802.1x to grant general authorization but not dynamic vlan. 

 


Gate Model: FortiGate 600F

Gate Version: 7.0.12

Switch Model: 448E

Switch Version: 7.4.0

2 REPLIES 2
anignan
Staff
Staff

Hi @CBI-msuss ,

 

Yes radius aware VLAN is working on FSW you just need to send the correct attribute and FSW will override the current native vlan.

REF: https://docs.fortinet.com/document/fortiswitch/7.2.5/administration-guide/110505/dynamic-vlan-assign...

Abdel

ebilcari
Staff
Staff

FGT/FSW in FortiLink mode can be configured for dynamic VLAN assignment via RADIUS.
You have to create an apply a Security Policy at the switch port level, like shown below:

secpolicy.PNG

Just keep in mind that even though the RADIUS configuration are done through FGT the RADIUS requests are originated from the FSW. Make sure the switch can reach the RADIUS server and the server has the SW IP configured as RADIUS client.

You can refer to this guide that shows the steps when FortiNAC is used as RADIUS server.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors