Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
chami
New Contributor

Created on ‎09-27-2024 12:00 PM

Radius Authentication with Dynamic VLAN Assignment

I have a question regarding Radius Server with Dynamic Vlan Assignment for SSD profiles. 

Basically I would like to have Dynamic VLAN Assignment and VLAN pooling enabled. I am running 7.4.5 code version and whenever I enable Dynamic VLAN Assignment, it disabled the VLAN pooling. I did find a documentation that it is possible 7.4.1 version came that both dynamic vlan assignment and vlan pooling is possible, reference: 

https://docs.fortinet.com/document/fortigate/7.4.0/new-features/924614/support-dynamic-vlan-assignme...

However; this is not working in code 7.4.5 code version. I would really like to have this feature that support vlan pooling with Radius because this setting in Cisco called RADIUS Server Overwrite interface, Meru called Radius With VLAN Pooling, allows us to have restricted access and unrestricted access at the same time based on the Network Policy server rules. This makes it easier to have users in groups tied to authentication where if a user is not allowed, will still have restricted access and allowed to have unrestricted access where server send a tag or called vlan id back to the controller to designate user in to a specific vlan. 

I would like this as a feature request if any engineer see this if this is not possible or if it is possible, how to achieve it. 

 

Thank You. 

 

Labels:
453
0 Kudos
2 Solutions
scitlak
Staff
Staff

Created on ‎10-01-2024 07:44 AM

Hi,

 

According to the referred guide/method by you at the beginning of the conversation, you do not need to enable this option.

Please look at my config.
01.10.2024_16.33.42_REC.png

 01.10.2024_16.34.03_REC.png

 

01.10.2024_16.34.39_REC.png

 

 

01.10.2024_16.32.48_REC.png

 

However, if you would like to use "VLAN assignment by FortiAP group" or "VLAN assignment by VLAN pool", you will need it. Please look at the below docs.
https://docs.fortinet.com/document/fortiap/7.6.0/fortiwifi-and-fortiap-configuration-guide/153336/vl...
https://docs.fortinet.com/document/fortiap/7.6.0/fortiwifi-and-fortiap-configuration-guide/84238/vla...


 

View solution in original post

86
0 Kudos
ebilcari
Staff
Staff
In response to chami

Created on ‎10-01-2024 08:56 AM

Just by having 'Dynamic VLAN assignment' enabled is enough to move hosts to the desired VLANs based on the policies in the RADIUS server. All the necessary host grouping is done through the RADIUS server policies. VLAN pooling is some basic technique to share the hosts in different VLANs just randomly to distribute the load.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

138
14 REPLIES 14
chami
New Contributor
In response to chami

Created on ‎09-30-2024 09:59 AM

When I enable Radius Server slider in the GUI and enable dynamic vlan assignment, it says vlan pooling is not available when dynamic vlan assignment is enable.

We need both dynamic vlan assignment and vlan pooling at the same time. 7.4.5 documentation says it is possible but when you actually try to enable dynamic vlan assignment, it disabled vlan pooling. If you do that in GUI, you will see it slider gets turned off.

186
0 Kudos
chami
New Contributor
In response to chami

Created on ‎09-30-2024 01:36 PM

Configuration.jpgDynamic VLAN Assignment.jpg

 

How does this configuration work and assign vlans dynamically to the users without vlan pooling enabled as you can see in the GUI? Can you please clarify? 

120
0 Kudos
pminarik
Staff
Staff
In response to chami

Created on ‎10-01-2024 07:54 AM

The original document makes no claims of this being configurable in the GUI.
As far as I can tell, this is a CLI-only situation, and you need to configure this in the CLI.

[ corrections always welcome ]
72
0 Kudos
scitlak
Staff
Staff

Created on ‎10-01-2024 07:44 AM

Hi,

 

According to the referred guide/method by you at the beginning of the conversation, you do not need to enable this option.

Please look at my config.
01.10.2024_16.33.42_REC.png

 01.10.2024_16.34.03_REC.png

 

01.10.2024_16.34.39_REC.png

 

 

01.10.2024_16.32.48_REC.png

 

However, if you would like to use "VLAN assignment by FortiAP group" or "VLAN assignment by VLAN pool", you will need it. Please look at the below docs.
https://docs.fortinet.com/document/fortiap/7.6.0/fortiwifi-and-fortiap-configuration-guide/153336/vl...
https://docs.fortinet.com/document/fortiap/7.6.0/fortiwifi-and-fortiap-configuration-guide/84238/vla...


 

87
0 Kudos
chami
New Contributor

Created on ‎10-02-2024 11:22 PM

Thank You. It is clear. 

29
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.