Assign untagged VLANs to a managed FortiSwitch port (410828)
Use the following commands to assign untagged VLANs to a managed FortiSwitch port:
config switch-controller managed-switch edit <managed-switch> config ports edit <port> set untagged-vlans <VLAN-name>
next
end
next
end
View, create, and assign multiple 802.1X policy definitions (408389 and 403901)
Previously, you could create one 802.1X policy for all managed FortiSwitches in a virtual domain. Now, you can create multiple 802.1X policies and assign a different 802.1X policy to each managed FortiSwitch port.
View security policies for managed FortiSwitches
You can view security policies for managed FortiSwitches in two places:
- Go to WiFi & Switch Controller > FortiSwitch Security Policies.
- Go to WiFi & Switch Controller > FortiSwitch Ports and click the + next to a FortiSwitch. The security policy for each port is listed in the Security Policy column.
Create and assign multiple 802.1X policy definitions for managed FortiSwitches
Previously, you could create one 802.1X policy for all managed FortiSwitches in a virtual domain. Now, you can create multiple 802.1X policies and assign a different 802.1X policy to each managed FortiSwitch port.
To create an 802.1X security policy:
- Go to WiFi & Switch Controller > FortiSwitch Security Policies.
- Click Create New.
- Enter a name for the new FortiSwitch security policy.
- For the security mode, select Port-based or MAC-based.
- Click + to select which user groups will have access.
- Enable or disable guest VLANs on this interface to allow restricted access for some users.
- Enter the number of seconds for authentication delay for guest VLANs. The range is 60-900 seconds.
- Enable or disable authentication fail VLAN on this interface to allow restricted access for users who fail to access the guest VLAN.
- Enable or disable MAC authentication bypass (MAB) on this interface.
- Enable or disable EAP pass-through mode on this interface.
- Enable or disable whether the session timeout for the RADIUS server will overwrite the local timeout.
- Click OK.
To apply an 802.1X security policy to a managed FortiSwitch port:
- Go to WiFi & Switch Controller > FortiSwitch Ports.
- Click the + next to a FortiSwitch.
- In the Security Policy column for a port, click + to select a security policy.
- Click OK to apply the security policy to that port.
Override 802.1X settings
To override the 802.1X settings for a virtual domain:
- Go to WiFi & Switch Controller > Managed FortiSwitch.
- Click on a FortiSwitch faceplate and click Edit.
- In the Edit Managed FortiSwitch page, move the Override 802-1X settings slider to the right.
- In the Reauthentication Interval field, enter the number of minutes before reauthentication is required. The maximum interval is 1,440 minutes. Setting the value to 0 minutes disables reauthentication.
- In the Max Reauthentication Attempts field, enter the maximum times that reauthentication is attempted. The maximum number of attempts is 15. Setting the value to 0 disables reauthentication.
- Select Deauthenticate or None for the link down action. Selecting Deauthenticate sets the interface to unauthenticated when a link is down, and reauthentication is needed. Selecting None means that the interface does not need to be reauthenticated when a link is down.
- Click OK.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!