Assign untagged VLANs to a managed FortiSwitch port (410828)

Assign untagged VLANs to a managed FortiSwitch port (410828)

Use the following commands to assign untagged VLANs to a managed FortiSwitch port:

config switch-controller managed-switch edit <managed-switch> config ports edit <port> set untagged-vlans <VLAN-name>

next

end

next

end

View, create, and assign multiple 802.1X policy definitions (408389 and 403901)

Previously, you could create one 802.1X policy for all managed FortiSwitches in a virtual domain. Now, you can create multiple 802.1X policies and assign a different 802.1X policy to each managed FortiSwitch port.

View security policies for managed FortiSwitches

You can view security policies for managed FortiSwitches in two places:

  • Go to WiFi & Switch Controller > FortiSwitch Security Policies.
  • Go to WiFi & Switch Controller > FortiSwitch Ports and click the + next to a FortiSwitch. The security policy for each port is listed in the Security Policy column.

Create and assign multiple 802.1X policy definitions for managed FortiSwitches

Previously, you could create one 802.1X policy for all managed FortiSwitches in a virtual domain. Now, you can create multiple 802.1X policies and assign a different 802.1X policy to each managed FortiSwitch port.

To create an 802.1X security policy:

  1. Go to WiFi & Switch Controller > FortiSwitch Security Policies.
  2. Click Create New.
  3. Enter a name for the new FortiSwitch security policy.
  4. For the security mode, select Port-based or MAC-based.
  5. Click + to select which user groups will have access.
  6. Enable or disable guest VLANs on this interface to allow restricted access for some users.
  7. Enter the number of seconds for authentication delay for guest VLANs. The range is 60-900 seconds.
  8. Enable or disable authentication fail VLAN on this interface to allow restricted access for users who fail to access the guest VLAN.
  9. Enable or disable MAC authentication bypass (MAB) on this interface.
  10. Enable or disable EAP pass-through mode on this interface.
  11. Enable or disable whether the session timeout for the RADIUS server will overwrite the local timeout.
  12. Click OK.

To apply an 802.1X security policy to a managed FortiSwitch port:

  1. Go to WiFi & Switch Controller > FortiSwitch Ports.
  2. Click the + next to a FortiSwitch.
  3. In the Security Policy column for a port, click + to select a security policy.
  4. Click OK to apply the security policy to that port.

Override 802.1X settings

To override the 802.1X settings for a virtual domain:

  1. Go to WiFi & Switch Controller > Managed FortiSwitch.
  2. Click on a FortiSwitch faceplate and click Edit.
  3. In the Edit Managed FortiSwitch page, move the Override 802-1X settings slider to the right.
  4. In the Reauthentication Interval field, enter the number of minutes before reauthentication is required. The maximum interval is 1,440 minutes. Setting the value to 0 minutes disables reauthentication.
  5. In the Max Reauthentication Attempts field, enter the maximum times that reauthentication is attempted. The maximum number of attempts is 15. Setting the value to 0 disables reauthentication.
  6. Select Deauthenticate or None for the link down action. Selecting Deauthenticate sets the interface to unauthenticated when a link is down, and reauthentication is needed. Selecting None means that the interface does not need to be reauthenticated when a link is down.
  7. Click OK.
This entry was posted in FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.