Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
woytech
New Contributor

Created on ‎12-10-2025 05:13 AM

FortiSwitch not sending authentication requests to External RADIUS

Hello, 

I am trying to configure 802.1x authentication on FortiSwitch 148F (firmware 7.6.4) connected to a Fortigate-80F (firmware 7.4.9) using FortiLink but it looks like the FortiSwitch doesn't send any authentication requests to a FreeRADIUS server.

 

I created a firewall policy using CLI as fortilink is not available in GUI, selected "fortilink" interface as source and enabled NAT, policy is also set to allow traffic.

I configured RADIUS server on FortiGate, created User Group with RADIUS as a mameber and FortiGate is able to connect to a RADIUS server. Unfortunately when I assign security policy to a FortiSwitch port, the client is not authenticated because FortiSwitch does not send any packets.

I thought maybe there is a problem with 802.1x supplicant, so I enabled MAB and still no packets going to RADIUS.

 

I tried to run sniffer in CLI and it doesn't capture any packets.

Diagnosed NTP and Fortigate and FortiSwitch say NTP is reachable. 

 

I tested sync status and there are no errors

FortiSwitch sync.png

 

This is a FortiLink diagram, I've tested all FortiSwitches and none of them works.

FortiLink Diagram.png

 

This is a firewall policy with FortiLink as source interface.

firewall fortilink policy.png

 

Is there anything I forgot to configure? 

Maybe there is something wrong with a FortiLink configuration? I didn't configure FortiLink, it has been configured by somebody else before me. 

 

Best,

woytech 

Labels:
138
0 Kudos
1 Solution
woytech
New Contributor
In response to AEK

Created on ‎12-15-2025 01:24 PM

Hello, 

Thanks for your reply, I checked the link and this is exactly how I configured FortiSwitch so I didn't know what was wrong. 

 

Finally I managed to solve the issue, it was a routing problem on the FortiSwitch.

I didn't have access to the switch using SSH, so I had to execute "custom-command" from FortiGate and found something strange that 192.168.1.0/24 is directly connected: 

 

FortiGate-80F # execute switch-controller custom-command routing-table 148F-POE-3 
VRF default:
S>*  0.0.0.0/0 [5/0] via 10.255.1.1, internal, weight 1, 3d00h01m
C>*  10.255.1.0/24 is directly connected, internal, 01w3d00h
L>*  10.255.1.2/32 is directly connected, internal, 01w3d00h
C>*  192.168.1.0/24 is directly connected, internal, 01w3d00h
L>*  192.168.1.254/32 is directly connected, internal, 01w3d00h

 

After more diagnosis it turned out, that the person that has configured switch in the past, decided to add secondary IP and it broke access to anything in the 192.168.1.0/24 subnet. I know that this subnet should be avoided but it's not my infrastructure.

 

config system interface
    edit "internal"
        set mode dhcp
		...
        set secondary-IP enable
		...
        config secondaryip
            edit 1
                set ip 192.168.1.254 255.255.255.0

 

I disabled secondary IP using "custom-command" and FortiSwitch finally was able to access RADIUS server, so yeah, my configuration was correct ;)

View solution in original post

43
4 REPLIES 4
Jean-Philippe_P
Community Manager
Community Manager

Created on ‎12-14-2025 12:25 PM

Hello woytech, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

Regards,
Jean-Philippe - Fortinet Community Team
76
0 Kudos
Jean-Philippe_P
Community Manager
Community Manager

Created on ‎12-14-2025 10:59 PM

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

Regards,
Jean-Philippe - Fortinet Community Team
64
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎12-14-2025 11:33 PM

Hi Woy

Did you follow this config guide?

Configure and troubleshoot 802.1x authent... - Fortinet Community https://community.fortinet.com/t5/FortiSwitch/Troubleshooting-Tip-Configure-and-troubleshoot-802-1x/...

It also contains good troubleshooting steps. Can you try follow them?

AEK
AEK
58
woytech
New Contributor
In response to AEK

Created on ‎12-15-2025 01:24 PM

Hello, 

Thanks for your reply, I checked the link and this is exactly how I configured FortiSwitch so I didn't know what was wrong. 

 

Finally I managed to solve the issue, it was a routing problem on the FortiSwitch.

I didn't have access to the switch using SSH, so I had to execute "custom-command" from FortiGate and found something strange that 192.168.1.0/24 is directly connected: 

 

FortiGate-80F # execute switch-controller custom-command routing-table 148F-POE-3 
VRF default:
S>*  0.0.0.0/0 [5/0] via 10.255.1.1, internal, weight 1, 3d00h01m
C>*  10.255.1.0/24 is directly connected, internal, 01w3d00h
L>*  10.255.1.2/32 is directly connected, internal, 01w3d00h
C>*  192.168.1.0/24 is directly connected, internal, 01w3d00h
L>*  192.168.1.254/32 is directly connected, internal, 01w3d00h

 

After more diagnosis it turned out, that the person that has configured switch in the past, decided to add secondary IP and it broke access to anything in the 192.168.1.0/24 subnet. I know that this subnet should be avoided but it's not my infrastructure.

 

config system interface
    edit "internal"
        set mode dhcp
		...
        set secondary-IP enable
		...
        config secondaryip
            edit 1
                set ip 192.168.1.254 255.255.255.0

 

I disabled secondary IP using "custom-command" and FortiSwitch finally was able to access RADIUS server, so yeah, my configuration was correct ;)

44
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.