Ethernet 802.1X configuration – Fortinet FortiSwitch

In this topic, you will learn how to configure Fortinet FortiSwitch switches to work together with Portnox™ Cloud and 802.1X RADIUS authentication for Ethernet connections.

FortiSwitchOS 7.2.8 (console)

In this section, you will learn how to configure Fortinet FortiSwitch 7.2.8 switches using the console to work together with Portnox™ Cloud and 802.1X RADIUS authentication for Ethernet connections.

Warning: This configuration was developed on the basis of the official FortiSwitchOS 7.2.8 administration guide. Please refer to the official Fortinet documentation for any further information.
Important: All values in this configuration are examples. Make sure to adjust the configuration to your individual RADIUS server addresses, ports, and keys, as well as device interfaces, limits, and VLANs by replacing the values that are presented as underlined italics.
  1. Define the Portnox Cloud RADIUS servers.
    1. Define the Portnox Cloud US RADIUS server for authentication and accounting. 
      config user radius
  edit "Portnox Cloud RADIUS US"
    set addr-mode ipv4                               
    set server 20.119.69.248
    set radius-port 10322
    set secret rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1
    set auth-type auto
    config acct-server
      edit 1
        set status enable
        set server 20.119.69.248
        set secret rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1
        set port 10323
      next
    end
  next
end
    2. Define the Portnox Cloud EU RADIUS server for authentication and accounting. 
      config user radius
  edit "Portnox Cloud RADIUS EU"
    set addr-mode ipv4                               
    set server 52.232.122.157
    set radius-port 10476
    set secret fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt
    set auth-type auto
    config acct-server
      edit 2
        set status enable
        set server 52.232.122.157
        set secret fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt
        set port 10477
      next
    end
  next
end
  2. Create a user group that includes both Portnox Cloud RADIUS servers. 
    config user group
  edit "Portnox Cloud RADIUS group"
    set member "Portnox Cloud RADIUS US" "Portnox Cloud RADIUS EU"
  end
end
  3. Configure port security based on the group that you just created. 
    config switch interface
  edit "port1"
    set allowed-vlans 1
    config port-security
      set port-security-mode 802.1X
    end
    set security-groups "Portnox Cloud RADIUS group"
  end
end