Hi,
Was wondering if it's possible to use Radius authentication on the Fortigate ports, and send back Dynamic VLANs from the Radius server?
I wan't to use the Fortigate ports as switched dot1x ports to authenticate different types of devices.
@JohnHogman
You have some options depending on the infrastructure you are building.
1. How to configure 802.1x on the FortiGate ... - Fortinet Community this is to create dot1x on fortigate ports
2. Port-based 802.1X authentication | FortiGate / FortiOS 6.2.16 | Fortinet Document Library this is to use Switch-Controller to manage switch ports if you have some FortiSwitch in infrastructure.
Check the first link because it seems more like what you are looking for.
Yes I have the dot1x and mac-auth working but it's the dynamic VLANs I don't get to work on the Fortigate interfaces.
To be clear, I'm not using Fortiswitch, Just the Fortigate.
Found some documentation about it but using the FortiGate in combination with a FortiSwitch or FortiAPs. See below:
Dynamic VLAN 'Name' Assignment from RADIUS Attribute
VLAN assignment by RADIUS | FortiAP / FortiWiFi 7.6.0
Yes that's all I've found too, but not much on using the hardware switch in Fortigate for dot1x and dynamic VLANs.
Okey, Do you know what to send back from the Radius server to get the dynamic VLANs to work?
I have dot1x and mac-auth working already.
User | Count |
---|---|
2428 | |
1303 | |
778 | |
556 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.