Dear All
We have deployed FortiNAC 7.6 latest version and using it for 802.1X authentication using Cisco switches and AD authentication through WinBind, authentication was working well for some customers but its not stable , now we are facing that cisco showing authentication successful but on FortiNAC its showing "unauthenticated" and remain in Isolation/authentication VLAN means VLAN change is not happening , this product is strange sometimes becomes very slow. We are using Peap MSCHAPv2 with user authentication
please suggest
Solved! Go to Solution.
There is a common misconception regarding the Authentication policy and status of the host (red A). This authentication can be treated as a second layer of authentication through the portal or Persistent Agent which is not required when the host is already authenticating with RADIUS. If this is the case make sure to not enforce Authentication because is not required.
Hi Tariq
If Cisco switch said it is authenticated then the RADIUS response was ok. Try confirm in RADIUS debug logs if the response was positive and if RADIUS has sent the right destination VLAN to the switch in the response.
Also what do you exactly mean by it works well for some customers but is not stable? If you mean it is intermittent then one of the possibilities is a network issue, I mean you may try to check with sniffer (tcpdump on NAC) if the RADIUS queries are always reaching the NAC server and the responses are reaching the switch.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.