Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Lelle68
New Contributor

Radius setup

Hello,

 

I have inherit a Fortgate setup with Fortinet firewalls, switches, AP and EMS

Fortigate software version is 7.2.5

I'm trying to setup 802.1x radius authentication, I have configured radius server and is able to connect and do a test authentication.

So that client and secret is working

I have also created a radius group and added that group to a 802.1x port policy.

When I try to authenticate (win11) I get a login prompt but it fails to authenticate and I don't see any traffic coming to the Radius server.

Have created a firewall rule that permit radius from any to radius server.

What I also see is that the switches that are on Fortilink interface got AutoIP (169.254.x.x), does that matter here?

 

/Lennart

2 REPLIES 2
hbac
Staff
Staff

Hi @Lelle68,

 

Are you trying to setup RADIUS authentication for Wifi users? You can run the following debugs and try to connect again: 

 

# diagnose debug res 

# diagnose debug application fnbamd 255

# diagnose debug console timestamp enable

# diagnose debug enable

 

Regards, 

ebilcari
Staff
Staff

Keep in mind that even though the FSW is managed by FGT the RADIUS requests are sourced by the SW itself. Only the RADIUS configuration are done/pushed from FGT to the FSW. The FSW need to have an IP that can be routed in order to reach the server and the RADIUS server should have the FSW IP configured as a RADIUS client in order to accept its requests.

Kindly take a look at this guide that covers the configuration when FNAC is the RADIUS server, the configuration should be very similar.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors