Fortinet black logo

Cookbook

Configuring the 3rd-party switch

Copy Link
Copy Doc ID 53d09085-7746-11e9-81a4-00505692583a:311040
Download PDF

Configuring the 3rd-party switch

The switch configuration provided below is intended for demonstration only. Your switch configuration is likely to differ significantly.

set system services dhcp pool 10.1.2.0/24 address-range low 10.1.2.220

set system services dhcp pool 10.1.2.0/24 address-range high 10.1.2.230

set system services dhcp pool 10.1.2.0/24 domain-name fortiad.net

set system services dhcp pool 10.1.2.0/24 name-server 10.1.2.122

set system services dhcp pool 10.1.2.0/24 router 10.1.2.1

set system services dhcp pool 10.1.2.0/24 server-identifier 10.1.2.27

set interfaces ge-0/0/0 unit 0 family ethernet-switching #no vlan assigned to printer port, this will be allocated based on Group attributes

set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members engineering #interface used to communicate with FortiAuthenticator

set interfaces vlan unit 10 family inet address 10.1.2.27/24

set protocols dot1x authenticator authentication-profile-name profile1

set protocols dot1x authenticator interface ge-0/0/0.0 mac-radius restrict #forces mac address as username over RADIUS

set access radius-server 10.1.2.29 secret "$9$kmfzIRSlvLhSLNVYZGk.Pf39"

set access profile profile1 authentication-order radius

set access profile profile1 radius authentication-server 10.1.2.29

set vlans engineering vlan-id 10

set vlans engineering l3-interface vlan.10

No configuration is required on the endpoint.

Configuring the 3rd-party switch

The switch configuration provided below is intended for demonstration only. Your switch configuration is likely to differ significantly.

set system services dhcp pool 10.1.2.0/24 address-range low 10.1.2.220

set system services dhcp pool 10.1.2.0/24 address-range high 10.1.2.230

set system services dhcp pool 10.1.2.0/24 domain-name fortiad.net

set system services dhcp pool 10.1.2.0/24 name-server 10.1.2.122

set system services dhcp pool 10.1.2.0/24 router 10.1.2.1

set system services dhcp pool 10.1.2.0/24 server-identifier 10.1.2.27

set interfaces ge-0/0/0 unit 0 family ethernet-switching #no vlan assigned to printer port, this will be allocated based on Group attributes

set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members engineering #interface used to communicate with FortiAuthenticator

set interfaces vlan unit 10 family inet address 10.1.2.27/24

set protocols dot1x authenticator authentication-profile-name profile1

set protocols dot1x authenticator interface ge-0/0/0.0 mac-radius restrict #forces mac address as username over RADIUS

set access radius-server 10.1.2.29 secret "$9$kmfzIRSlvLhSLNVYZGk.Pf39"

set access profile profile1 authentication-order radius

set access profile profile1 radius authentication-server 10.1.2.29

set vlans engineering vlan-id 10

set vlans engineering l3-interface vlan.10

No configuration is required on the endpoint.