FortiNAC 802.1X Authentication VLAN change/unauthenticated

Khurramtariq · ‎12-13-2024

Dear All

We have deployed FortiNAC 7.6 latest version and using it for 802.1X authentication using Cisco switches and AD authentication through WinBind, authentication was working well for some customers but its not stable , now we are facing that cisco showing authentication successful but on FortiNAC its showing "unauthenticated" and remain in Isolation/authentication VLAN means VLAN change is not happening , this product is strange sometimes becomes very slow. We are using Peap MSCHAPv2 with user authentication

please suggest

ebilcari · ‎12-13-2024

There is a common misconception regarding the Authentication policy and status of the host (red A). This authentication can be treated as a second layer of authentication through the portal or Persistent Agent which is not required when the host is already authenticating with RADIUS. If this is the case make sure to not enforce Authentication because is not required.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

AEK · ‎12-13-2024

Hi Tariq

If Cisco switch said it is authenticated then the RADIUS response was ok. Try confirm in RADIUS debug logs if the response was positive and if RADIUS has sent the right destination VLAN to the switch in the response.

Also what do you exactly mean by it works well for some customers but is not stable? If you mean it is intermittent then one of the possibilities is a network issue, I mean you may try to check with sniffer (tcpdump on NAC) if the RADIUS queries are always reaching the NAC server and the responses are reaching the switch.

AEK

FortiNAC 802.1X Authentication VLAN change/unauthenticated

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website