FortiWLC – Configure a RADIUS Server for Captive Portal Authentication

Configure a RADIUS Server for Captive Portal Authentication

Configure a RADIUS Server with Web UI for Captive Portal Authentication

You can, for authentication purposes, set up the identity and secret for the RADIUS server. This takes precedence over any configured User IDs but if RADIUS accounting fails over, the local authentication guest user IDs are used. To do this, follow these steps:

  1. Click Configuration > Security > RADIUS to access the RADIUS Profile Table.
  2. Click Add.
  3. Provide the RADIUS server information.
  4. Save the configuration by clicking OK.
  5. Enable a security profile for use with a Captive Portal login page by clicking Configuration > Security > RADIUS > Add.
  6. Provide the required information, such as the name of the RADIUS profile. L2MODE must be clear to use Captive Portal. Set the Captive Portal to WebAuth and adjust any other parameters as required.

The identity and secret are now configured.

Configure a RADIUS Server with CLI for Captive Portal Authentication

The CLI command ssl-server captive-portal authentication-type configures the controller to use either local authentication, RADIUS authentication, or both. If both is selected, local authentication is tried first; if that doesn’t work, RADIUS authentication is attempted.

Controller(config)# ssl‐server captive‐portal authentication‐type ? local                  Set Authentication Type to local. local‐radius           Set Authentication Type to Local and RADIUS. radius                 Set Authentication Type to RADIUS.

The following example configures an authentication RADIUS profile named radius-auth-pri.

/* RADIUS PROFILE FOR AUTHENTICATION */ default# configure terminal

default(config)# radius‐profile radius‐auth‐pri default(config‐radius)# ip‐address 172.27.172.3 default(config‐radius)# key sept20002 default(config‐radius)# mac‐delimiter hyphen default(config‐radius)# password‐type shared‐secret default(config‐radius)# port 1812 default(config‐radius)# end

Configure a RADIUS Server for Captive Portal Authentication

default#

default# sh radius‐profile radius‐auth‐pri

RADIUS Profile Table

RADIUS Profile Name   : radius‐auth‐pri

Description           :

RADIUS IP             : 172.27.172.3

RADIUS Secret         : *****

RADIUS Port           : 1812

MAC Address Delimiter : hyphen

Password Type         : shared‐secret

The following example configures a security RADIUS profile named radius-auth-sec.

default# configure terminal default(config)# radius‐profile radius‐auth‐sec default(config‐radius)# ip‐address 172.27.172.4 default(config‐radius)# key sept20002 default(config‐radius)# mac‐delimiter hyphen default(config‐radius)# password‐type shared‐secret default(config‐radius)# port 1812 default(config‐radius)# end default#

default# sh radius‐profile radius‐auth‐sec

RADIUS Profile Table

RADIUS Profile Name   : radius‐auth‐pri

Description           :

RADIUS IP             : 172.27.172.4

RADIUS Secret         : *****

RADIUS Port           : 1812

MAC Address Delimiter : hyphen Password Type         : shared‐secret

This entry was posted in Administration Guides, FortiWLC on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.