Ethernet 802.1X configuration – Fortinet FortiSwitch
In this topic, you will learn how to configure Fortinet FortiSwitch switches to work together with Portnox™ Cloud and 802.1X RADIUS authentication for wired Ethernet connections.
Important: This guide provides general instructions for integrating Portnox Cloud with specific
third-party devices. While we aim to provide helpful examples for commonly used models, configurations may vary across
manufacturers, models, and environments. As a result, we cannot guarantee that these steps will work in every
scenario. For questions or issues related to RADIUS setup – which is an industry standard and not specific to
Portnox – or device-specific settings and troubleshooting, we recommend consulting the device manufacturer’s documentation
and contacting their support team. While Portnox Support is happy to assist where possible, please note that detailed
configuration of third-party devices is typically best handled by the manufacturer.
FortiSwitchOS 7.2.8 (console)
In this section, you will learn how to configure Fortinet FortiSwitch 7.2.8 switches using the console to work together with Portnox™ Cloud and 802.1X RADIUS authentication for Ethernet connections.
Warning: This configuration was developed on the basis of the official FortiSwitchOS 7.2.8 administration guide. Please refer to the official
Fortinet documentation for any further information.
Important: All values in this configuration are examples. Make sure to adjust the configuration to your
individual RADIUS server addresses, ports, and keys, as well as device interfaces, limits, serial numbers, and VLANs by
replacing the values that are presented as underlined italics.
-
Define the Portnox Cloud RADIUS servers.
-
Create a user group that includes both Portnox Cloud RADIUS servers.
config user group edit "Portnox Cloud RADIUS group" set member "Portnox Cloud RADIUS US" "Portnox Cloud RADIUS EU" end end
-
Configure port security based on the group that you just created.
config switch interface edit "port1" set allowed-vlans 1 config port-security set port-security-mode 802.1X end set security-groups "Portnox Cloud RADIUS group" end end
- Optional:
Configure the multi-host or multi-domain mode.
- For multi-host mode:
config switch-controller managed-switch edit S548DF3Z00012345 config ports edit port1 set security-mode 802.1X set dot1x-ports-mode multi-host set nac lan-segment 30 next end next end
- For multi-domain mode:
config switch-controller managed-switch edit S548DF3Z00012345 config ports edit port1 set security-mode 802.1X set dot1x-ports-mode multi-domain set voice-vlan 30 set nac lan-segment 20 next end next end
- For multi-host mode: