FortiWLC – Local Admin Authentication

Local Admin Authentication

Local admin authentication takes place on the controller and uses the same three privilege levels as RADIUS and TACACS+, 15 (superuser), 10 (admin), and 1 (user). If administrators are using Local authentication, they cannot use RADIUS or TACACS+.

Configure an Admin for Local Authentication Mode With the CLI

Use these commands, new in release 4.1, to configure local administrators with the CLI:

  • authentication-mode global
  • authentication-type local
  • local-admin
  • password
  • privilege-level
  • show local admins

For command details, see the FortiWLC (SD) Command Reference.

Local Admin Authentication

CLI Example for Configuring a Local Admin

ramcntrl(0)# configure terminal ramcntrl(0)(config)# authentication‐mode global ramcntrl(0)(config‐auth‐mode)# authentication‐type local ramcntrl(0)(config‐auth‐mode)# exit ramcntrl(0)(config)# exit

ramcntrl(0)# sh authentication‐mode Administrative User Management

AuthenticationType           : local

Primary RADIUS IP Address    :

Primary RADIUS Port          : 1812

Primary RADIUS Secret Key    : *****

Secondary RADIUS IP Address  :

Secondary RADIUS Port        : 1812

Secondary RADIUS Secret Key  : *****

Primary TACACS+ IP Address   :

Primary TACACS+ Port         : 49

Primary TACACS+ Secret Key   : *****

Secondary TACACS+ IP Address :

Secondary TACACS+ Port       : 49 Secondary TACACS+ Secret Key : ***** ramcntrl(0)#

ramcntrl(0)(config)# local‐admin LocalUser ramcntrl(0)(config‐local‐admin)# privilege‐level 15 ramcntrl(0)(config‐local‐admin)# password LocalUser ramcntrl(0)(config‐local‐admin)# exit ramcntrl(0)(config)# exit ramcntrl(0)

Configure Local Authentication and Add an Admin with the Web UI

To configure Local authentication for admins and optionally add a local administrator, follow these steps:

  1. Click Configuration > User Management.
  2. Select the Local radio button at the top of the screen.

To actually add a local administrator, continue with Step 3.

  1. There are three tabs for admin authentication (see Figure 55), RADIUS, Tacacs+ and Local Admins. Click the Local Admin tab.
  2. Click Add. The Local Admins – Add window displays – see Figure 56.

Local Admin Authentication

Figure 56: Setting Local Authentication for Admins

  1. Provide the user name for a local administrator.
  2. Provide a password for that local administrator.
  3. Enter a privilege level, 15 (Superuser), 10 (Admin), or 1 (Operator); see the descriptions for each level below.
  4. Click OK.
This entry was posted in Administration Guides, FortiWLC on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.