Ethernet 802.1X configuration – Fortinet FortiSwitch

In this topic, you will learn how to configure Fortinet FortiSwitch switches to work together with Portnox™ Cloud and 802.1X RADIUS authentication for wired Ethernet connections.

Important: This guide provides general instructions for integrating Portnox Cloud with specific third-party devices. While we aim to provide helpful examples for commonly used models, configurations may vary across manufacturers, models, and environments. As a result, we cannot guarantee that these steps will work in every scenario. For questions or issues related to RADIUS setup – which is an industry standard and not specific to Portnox – or device-specific settings and troubleshooting, we recommend consulting the device manufacturer’s documentation and contacting their support team. While Portnox Support is happy to assist where possible, please note that detailed configuration of third-party devices is typically best handled by the manufacturer.

FortiSwitchOS 7.2.8 (console)

In this section, you will learn how to configure Fortinet FortiSwitch 7.2.8 switches using the console to work together with Portnox™ Cloud and 802.1X RADIUS authentication for Ethernet connections.

Warning: This configuration was developed on the basis of the official FortiSwitchOS 7.2.8 administration guide. Please refer to the official Fortinet documentation for any further information.
Important: All values in this configuration are examples. Make sure to adjust the configuration to your individual RADIUS server addresses, ports, and keys, as well as device interfaces, limits, serial numbers, and VLANs by replacing the values that are presented as underlined italics.
  1. Define the Portnox Cloud RADIUS servers.
    1. Define the Portnox Cloud US RADIUS server for authentication and accounting. 
      config user radius
  edit "Portnox Cloud RADIUS US"
    set addr-mode ipv4                               
    set server 20.119.69.248
    set radius-port 10322
    set secret rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1
    set auth-type auto
    config acct-server
      edit 1
        set status enable
        set server 20.119.69.248
        set secret rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1
        set port 10323
      next
    end
  next
end
    2. Define the Portnox Cloud EU RADIUS server for authentication and accounting. 
      config user radius
  edit "Portnox Cloud RADIUS EU"
    set addr-mode ipv4                               
    set server 52.232.122.157
    set radius-port 10476
    set secret fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt
    set auth-type auto
    config acct-server
      edit 2
        set status enable
        set server 52.232.122.157
        set secret fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt
        set port 10477
      next
    end
  next
end
  2. Create a user group that includes both Portnox Cloud RADIUS servers. 
    config user group
  edit "Portnox Cloud RADIUS group"
    set member "Portnox Cloud RADIUS US" "Portnox Cloud RADIUS EU"
  end
end
  3. Configure port security based on the group that you just created. 
    config switch interface
  edit "port1"
    set allowed-vlans 1
    config port-security
      set port-security-mode 802.1X
    end
    set security-groups "Portnox Cloud RADIUS group"
  end
end
  4. Optional: Configure the multi-host or multi-domain mode.
    • For multi-host mode: 
      config switch-controller managed-switch
  edit S548DF3Z00012345
    config ports
      edit port1
        set security-mode 802.1X
        set dot1x-ports-mode multi-host
        set nac lan-segment 30
      next
    end
  next
end
    • For multi-domain mode: 
      config switch-controller managed-switch
  edit S548DF3Z00012345
    config ports
      edit port1
        set security-mode 802.1X
        set dot1x-ports-mode multi-domain
        set voice-vlan 30
        set nac lan-segment 20
      next
    end
  next
end