Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    8.0.0
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config switch-controller 802-1X-settings

    config switch-controller 802-1X-settings

    Configure global 802.1X settings.

    config switch-controller 802-1X-settings
    Description: Configure global 802.1X settings.
    set allow-mac-move [disable|enable]
    set link-down-auth [set-unauth|no-action]
    set mab-entry-as [static|dynamic]
    set mab-reauth [disable|enable]
    set mac-called-station-delimiter [colon|hyphen|...]
    set mac-calling-station-delimiter [colon|hyphen|...]
    set mac-case [lowercase|uppercase]
    set mac-password-delimiter [colon|hyphen|...]
    set mac-username-delimiter [colon|hyphen|...]
    set max-reauth-attempt {integer}
    set reauth-period {integer}
    set tx-period {integer}
end

    config switch-controller 802-1X-settings

    Parameter

    Description

    Type

    Size

    Default

    allow-mac-move *

    Enable/disable MAC move (default = enable).

    option

    -

    enable

    Option

    Description

    disable

    Disable MAC move.

    enable

    Enable MAC move.

    link-down-auth

    Interface-reauthentication state to set if a link is down.

    option

    -

    set-unauth

    Option

    Description

    set-unauth

    Interface set to unauth when down. Reauthentication is needed.

    no-action

    Interface reauthentication is not needed.

    mab-entry-as *

    Configure MAB MAC entry as static or dynamic (default = static).

    option

    -

    static

    Option

    Description

    static

    MAB MAC entry as static.

    dynamic

    MAB MAC entry as dynamic.

    mab-reauth

    Enable/disable MAB re-authentication.

    option

    -

    disable

    Option

    Description

    disable

    Disable MAB re-authentication.

    enable

    Enable MAB re-authentication.

    mac-called-station-delimiter

    MAC called station delimiter (default = hyphen).

    option

    -

    hyphen

    Option

    Description

    colon

    Use colon as delimiter for called station.

    hyphen

    Use hyphen as delimiter for called station.

    none

    No delimiter for called station.

    single-hyphen

    Use single hyphen as delimiter for called station.

    mac-calling-station-delimiter

    MAC calling station delimiter (default = hyphen).

    option

    -

    hyphen

    Option

    Description

    colon

    Use colon as delimiter for calling station.

    hyphen

    Use hyphen as delimiter for calling station.

    none

    No delimiter for calling station.

    single-hyphen

    Use single hyphen as delimiter for calling station.

    mac-case

    MAC case (default = lowercase).

    option

    -

    lowercase

    Option

    Description

    lowercase

    Use lowercase MAC.

    uppercase

    Use uppercase MAC.

    mac-password-delimiter

    MAC authentication password delimiter (default = hyphen).

    option

    -

    hyphen

    Option

    Description

    colon

    Use colon as delimiter for MAC auth password.

    hyphen

    Use hyphen as delimiter for MAC auth password.

    none

    No delimiter for MAC auth password.

    single-hyphen

    Use single hyphen as delimiter for MAC auth password.

    mac-username-delimiter

    MAC authentication username delimiter (default = hyphen).

    option

    -

    hyphen

    Option

    Description

    colon

    Use colon as delimiter for MAC auth username.

    hyphen

    Use hyphen as delimiter for MAC auth username.

    none

    No delimiter for MAC auth username.

    single-hyphen

    Use single hyphen as delimiter for MAC auth username.

    max-reauth-attempt

    Maximum number of authentication attempts (0 - 15, default = 3).

    integer

    Minimum value: 0 Maximum value: 15

    3

    reauth-period

    Period of time to allow for reauthentication (1 - 1440 sec, default = 60, 0 = disable reauthentication).

    integer

    Minimum value: 0 Maximum value: 1440

    60

    tx-period

    802.1X Tx period (seconds, default=30).

    integer

    Minimum value: 12 Maximum value: 60

    30

    * This parameter may not exist in some models.

    Previous
    Next

    config switch-controller 802-1X-settings

    config switch-controller 802-1X-settings

    Configure global 802.1X settings.

    config switch-controller 802-1X-settings
    Description: Configure global 802.1X settings.
    set allow-mac-move [disable|enable]
    set link-down-auth [set-unauth|no-action]
    set mab-entry-as [static|dynamic]
    set mab-reauth [disable|enable]
    set mac-called-station-delimiter [colon|hyphen|...]
    set mac-calling-station-delimiter [colon|hyphen|...]
    set mac-case [lowercase|uppercase]
    set mac-password-delimiter [colon|hyphen|...]
    set mac-username-delimiter [colon|hyphen|...]
    set max-reauth-attempt {integer}
    set reauth-period {integer}
    set tx-period {integer}
end

    config switch-controller 802-1X-settings

    Parameter

    Description

    Type

    Size

    Default

    allow-mac-move *

    Enable/disable MAC move (default = enable).

    option

    -

    enable

    Option

    Description

    disable

    Disable MAC move.

    enable

    Enable MAC move.

    link-down-auth

    Interface-reauthentication state to set if a link is down.

    option

    -

    set-unauth

    Option

    Description

    set-unauth

    Interface set to unauth when down. Reauthentication is needed.

    no-action

    Interface reauthentication is not needed.

    mab-entry-as *

    Configure MAB MAC entry as static or dynamic (default = static).

    option

    -

    static

    Option

    Description

    static

    MAB MAC entry as static.

    dynamic

    MAB MAC entry as dynamic.

    mab-reauth

    Enable/disable MAB re-authentication.

    option

    -

    disable

    Option

    Description

    disable

    Disable MAB re-authentication.

    enable

    Enable MAB re-authentication.

    mac-called-station-delimiter

    MAC called station delimiter (default = hyphen).

    option

    -

    hyphen

    Option

    Description

    colon

    Use colon as delimiter for called station.

    hyphen

    Use hyphen as delimiter for called station.

    none

    No delimiter for called station.

    single-hyphen

    Use single hyphen as delimiter for called station.

    mac-calling-station-delimiter

    MAC calling station delimiter (default = hyphen).

    option

    -

    hyphen

    Option

    Description

    colon

    Use colon as delimiter for calling station.

    hyphen

    Use hyphen as delimiter for calling station.

    none

    No delimiter for calling station.

    single-hyphen

    Use single hyphen as delimiter for calling station.

    mac-case

    MAC case (default = lowercase).

    option

    -

    lowercase

    Option

    Description

    lowercase

    Use lowercase MAC.

    uppercase

    Use uppercase MAC.

    mac-password-delimiter

    MAC authentication password delimiter (default = hyphen).

    option

    -

    hyphen

    Option

    Description

    colon

    Use colon as delimiter for MAC auth password.

    hyphen

    Use hyphen as delimiter for MAC auth password.

    none

    No delimiter for MAC auth password.

    single-hyphen

    Use single hyphen as delimiter for MAC auth password.

    mac-username-delimiter

    MAC authentication username delimiter (default = hyphen).

    option

    -

    hyphen

    Option

    Description

    colon

    Use colon as delimiter for MAC auth username.

    hyphen

    Use hyphen as delimiter for MAC auth username.

    none

    No delimiter for MAC auth username.

    single-hyphen

    Use single hyphen as delimiter for MAC auth username.

    max-reauth-attempt

    Maximum number of authentication attempts (0 - 15, default = 3).

    integer

    Minimum value: 0 Maximum value: 15

    3

    reauth-period

    Period of time to allow for reauthentication (1 - 1440 sec, default = 60, 0 = disable reauthentication).

    integer

    Minimum value: 0 Maximum value: 1440

    60

    tx-period

    802.1X Tx period (seconds, default=30).

    integer

    Minimum value: 12 Maximum value: 60

    30

    * This parameter may not exist in some models.

    Previous
    Next