- On the FortiAuthenticator, go to Authentication > RADIUS Service > Clients and register the FortiGate as a client.
- Next go to Authentication > User Management > Local Users and create local user accounts as needed.
- For each user, add the following RADIUS attributes which specify the VLAN information to be sent to the FortiGate.
Enable all EAP types, set Realm to local, and apply the employees user group.
The Tunnel-Private-Group-Id attribute specifies the VLAN ID.
In this example, jsmith is assigned VLAN 100 and twhite is assigned VLAN 200.