Hello all,
Maybe someone could advise me on 802.1x implementation with FAC and Microsoft LDAP. All the cookbooks basically show FAC as the only authentication server and demonstrates VLAN attribute assignment per-user (which is a total nonsense, when you have hundreds of users). So, what is the correct workflow here? As per my imagination, brief steps should be as following:
1. Microsoft NPS must be configured with policies assigning user groups a Tunnel-Type "VLAN" attribute along with Tunnel-PVT-Group-ID "vlan_number".
2. Remote LDAP user group must configured on FAC with added RADIUS attribute Tunnel-Type "VLAN".
3. Remote user sync rule must be configured based on created user group, with users being automatically assigned to it.
4. Add network device as a RADIUS client.
5. Configure network device for authentication using FAC and enabling 802.1x on ports.
Could someone confirm, that this is the correct thinking? Thanks in advance!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.