[FortiNAC] - EAP TEAP migration from Cisco ISE to FortiNAC

vasilisgogos · ‎03-31-2025

Hello,

I need some help with EAP chaining with TEAP for SSID configuration.

To my knowledge, Wifi Certification with machine Certification is doable, but how to integrate LDAP authentication of users to that?

At the moment, the authentication is passing through Cisco ISE, and it is checking both machine certification and the username/pass of the user.

Is there any way to combine them to FortiNAC-F 7.6 or 7.4 ?

Thank you in advance.

Senior Network Security Engineer

ebilcari · ‎03-31-2025

FNAC added support for EAP-TEAP in firmware branch 7.6 (What's New in FortiNAC F 7.6).

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

vasilisgogos · ‎03-31-2025

Hi Emirjon,

I couldn't find any example describing the above implementation.

I know that TEAP is supported on 7.6 , but how to combine the machine certificate with user/pass ?

Vasilis

Senior Network Security Engineer

ebilcari · ‎04-01-2025

Actually the section of TEAP configuration seems not published yet in the Admin guide. I will ask internally to update it. Configuring the RADIUS local server in FNAC should be straight forward, most of the configuration is done in the supplicant on the end hosts. For user/pass authentication to succeed, Winbind need to be configured.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

[FortiNAC] - EAP TEAP migration from Cisco ISE to FortiNAC

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website