802.1x dynamic vlan assignment in fortilink

CBI-msuss · ‎12-15-2023

I'm trying to use 802.1x to assign users a vlan. I've looked in the FortiGate documentation and I'm able to find methods of doing this in a standalone fortiswitch. My organization is using a fortigate/fortilink to manager our switches and I'm able to see a method of using 802.1x to grant general authorization but not dynamic vlan.

Gate Model: FortiGate 600F

Gate Version: 7.0.12

Switch Model: 448E

Switch Version: 7.4.0

anignan · ‎12-15-2023

Hi @CBI-msuss ,

Yes radius aware VLAN is working on FSW you just need to send the correct attribute and FSW will override the current native vlan.

REF: https://docs.fortinet.com/document/fortiswitch/7.2.5/administration-guide/110505/dynamic-vlan-assign...

Abdel

ebilcari · ‎12-15-2023

FGT/FSW in FortiLink mode can be configured for dynamic VLAN assignment via RADIUS.
You have to create an apply a Security Policy at the switch port level, like shown below:

Just keep in mind that even though the RADIUS configuration are done through FGT the RADIUS requests are originated from the FSW. Make sure the switch can reach the RADIUS server and the server has the SW IP configured as RADIUS client.

You can refer to this guide that shows the steps when FortiNAC is used as RADIUS server.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

802.1x dynamic vlan assignment in fortilink

Nominate a Forum Post for Knowledge Article Creation