Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Nascimento
New Contributor II

Cisco wireless with FortiAuthenticator for MAC Authentication - MAB - does not deliver IP from dhcp

Hello!

I have a simple WiFi for legacy devices working well with Cisco WLC, Cisco AP's and SSD with static WPA password.

Today I started to integrade this WiFi with FortiAuthenticator for MAC Authentication - MAB. But i am having problems.

The problem is that the authentication is working well, but the DHCP server is not delivering IP when on this mode.

When I just break this integration from Cisco Wireless and FortiAuthenticator, this returns to deliver IP from dhcp.

Has anyone here already implemented one of these?

JSN
JSN
1 Solution
Nascimento
New Contributor II

Hello,  Thanks for reply. But I saw that the problem is just a delay in the first connection to start with a new IP, but after the first connection, the next connections works fine. I convinced that I don't think more that this is a problem by FortiAuthenticator, and I'll try to wipe this infra. I will put the DHCP for this case in a best position in my network design.

JSN

View solution in original post

JSN
2 REPLIES 2
AEK
Honored Contributor

Hello

If you agree this should just meen that the client is not being properly assigned to the VLAN.

  • Check in your AP GUI if the client is properly assigned to the right VLAN
  • If not then check of the RADIUS response has the format expected by AP. Indeed the authentication can work even if VLAN/profile assignment os wrong
  • In your AP try set default SSD VLAN if not already done
  • If VLAN assignment is dynamic and there are many target VLANs for the SSD, then as far as I remember you need to sed some related WiFi ACLs

Hope it helps

AEK
AEK
Nascimento
New Contributor II

Hello,  Thanks for reply. But I saw that the problem is just a delay in the first connection to start with a new IP, but after the first connection, the next connections works fine. I convinced that I don't think more that this is a problem by FortiAuthenticator, and I'll try to wipe this infra. I will put the DHCP for this case in a best position in my network design.

JSN
JSN
Labels
Top Kudoed Authors