Configuring 802.1X

Configuring 802.1X

The following is the section of the running configuration for the FortiWLC controller that specifies the configuration for 802.1x. The relevant settings are in bold.

This shows an 802.1X-enabled SSID, MERU-1X.

essid MERU-1X security-profile 802-1X tunnel-type radius-only vlan name "" gre name "" virtual-cell-type per-station-bssid countermeasure dataplane tunneled ssid MERU-1X ap-discovery join-ess ap-discovery join-virtual-ap publish-essid beacon dtim-period 1 beacon period 100 supported-tx-rates 802.11b 1 supported-tx-rates 802.11b 2 supported-tx-rates 802.11b 5.5 supported-tx-rates 802.11b 11 supported-tx-rates 802.11a 6 supported-tx-rates 802.11a 9 supported-tx-rates 802.11a 12 supported-tx-rates 802.11a 18 supported-tx-rates 802.11a 24 supported-tx-rates 802.11a 36 supported-tx-rates 802.11a 48 supported-tx-rates 802.11a 54 supported-tx-rates 802.11an 6 supported-tx-rates 802.11an 9 supported-tx-rates 802.11an 12 supported-tx-rates 802.11an 18 supported-tx-rates 802.11an 24 supported-tx-rates 802.11an 36 supported-tx-rates 802.11an 48 supported-tx-rates 802.11an 54 supported-tx-rates 802.11an-mcs 0 supported-tx-rates 802.11an-mcs 1 supported-tx-rates 802.11an-mcs 2 supported-tx-rates 802.11an-mcs 3 supported-tx-rates 802.11an-mcs 4 supported-tx-rates 802.11an-mcs 5 supported-tx-rates 802.11an-mcs 6 supported-tx-rates 802.11an-mcs 7 supported-tx-rates 802.11an-mcs 8 supported-tx-rates 802.11an-mcs 9 supported-tx-rates 802.11an-mcs 10 supported-tx-rates 802.11an-mcs 11 supported-tx-rates 802.11an-mcs 12 supported-tx-rates 802.11an-mcs 13 supported-tx-rates 802.11an-mcs 14 supported-tx-rates 802.11an-mcs 15 supported-tx-rates 802.11g 6 supported-tx-rates 802.11g 9 supported-tx-rates 802.11g 12 supported-tx-rates 802.11g 18 supported-tx-rates 802.11g 24 supported-tx-rates 802.11g 36 supported-tx-rates 802.11g 48 supported-tx-rates 802.11g 54 supported-tx-rates 802.11bg 1 supported-tx-rates 802.11bg 2 supported-tx-rates 802.11bg 5.5 supported-tx-rates 802.11bg 11 supported-tx-rates 802.11bg 6 supported-tx-rates 802.11bg 9 supported-tx-rates 802.11bg 12 supported-tx-rates 802.11bg 18 supported-tx-rates 802.11bg 24 supported-tx-rates 802.11bg 36 supported-tx-rates 802.11bg 48 supported-tx-rates 802.11bg 54 supported-tx-rates 802.11bgn 1 supported-tx-rates 802.11bgn 2 supported-tx-rates 802.11bgn 5.5 supported-tx-rates 802.11bgn 11 supported-tx-rates 802.11bgn 6 supported-tx-rates 802.11bgn 9 supported-tx-rates 802.11bgn 12 supported-tx-rates 802.11bgn 18 supported-tx-rates 802.11bgn 24 supported-tx-rates 802.11bgn 36 supported-tx-rates 802.11bgn 48 supported-tx-rates 802.11bgn 54 supported-tx-rates 802.11bgn-mcs 0 supported-tx-rates 802.11bgn-mcs 1 supported-tx-rates 802.11bgn-mcs 2 supported-tx-rates 802.11bgn-mcs 3 supported-tx-rates 802.11bgn-mcs 4 supported-tx-rates 802.11bgn-mcs 5 supported-tx-rates 802.11bgn-mcs 6 supported-tx-rates 802.11bgn-mcs 7 supported-tx-rates 802.11bgn-mcs 8 supported-tx-rates 802 .11bgn-mcs 9 supported-tx-rates 802 .11bgn-mcs 10 supported-tx-rates 802 .11bgn-mcs 11 supported-tx-rates 802 .11bgn-mcs 12 supported-tx-rates 802 .11bgn-mcs 13 supported-tx-rates 802 .11bgn-mcs 14 supported-tx-rates 802 .11bgn-mcs 15 base-tx-rates 802.11b 11 base-tx-rates 802.11a 6 base-tx-rates 802.11a 12 base-tx-rates 802.11a 24 base-tx-rates 802.11an 6 base-tx-rates 802.11an 12 base-tx-rates 802.11an 24 base-tx-rates 802.11g 6 base-tx-rates 802.11g 9 base-tx-rates 802.11g 12 base-tx-rates 802.11g 18 base-tx-rates 802.11g 24 base-tx-rates 802.11g 36 base-tx-rates 802.11g 48 base-tx-rates 802.11g 54 base-tx-rates 802.11bg 11 base-tx-rates 802.11bg n 11 accounting interim-interval 3600 accounting primary-radius "" accounting secondary-radius "" no multicast-enable no silent-client-enable no wmm-support ess-ap 1 1 calls-per-bss 0 exit exit security-profile 802-1X key-rotation disabled allowed-l2-modes wpa captive-portal disabled captive-portal-passthru 0.0.0.0 0.0.0.0 encryption-modes tkip psk key "" firewall-capability none firewall-filter-id "" security-logging off static-wep key "" static-wep key-index 1 reauth macfiltering rekey period 0 group-rekey interval 0 8021x-network-initiation radius-server primary qa245 radius-server secondary "" auth-supplicant-timeout 30 auth-server-timeout 30 auth-max-request 4 pae-max-reauth 4 pae-txperiod 30 no kddi no captive-portal no shared-authentication no rekey period no fast-handoff exit radius-profile qa245 description "" ip-address 192.168.5.245 key abc123 port 1812 mac-delimiter colon password-type shared-secret exit

Configuring 802.1X

The following is the section of the running configuration for the FortiWLC controller that specifies the configuration for 802.1x. The relevant settings are in bold.

This shows an 802.1X-enabled SSID, MERU-1X.

essid MERU-1X
security-profile 802-1X
tunnel-type radius-only
vlan name ""
gre name ""
virtual-cell-type per-station-bssid
countermeasure
dataplane tunneled
ssid MERU-1X
ap-discovery join-ess
ap-discovery join-virtual-ap
publish-essid
beacon dtim-period 1
beacon period 100
supported-tx-rates 802.11b 1
supported-tx-rates 802.11b 2
supported-tx-rates 802.11b 5.5
supported-tx-rates 802.11b 11
supported-tx-rates 802.11a 6
supported-tx-rates 802.11a 9
supported-tx-rates 802.11a 12
supported-tx-rates 802.11a 18

supported-tx-rates 802.11a 24

supported-tx-rates 802.11a 36

supported-tx-rates 802.11a 48

supported-tx-rates 802.11a 54

supported-tx-rates 802.11an 6

supported-tx-rates 802.11an 9

supported-tx-rates 802.11an 12

supported-tx-rates 802.11an 18
supported-tx-rates 802.11an 24
supported-tx-rates 802.11an 36

supported-tx-rates 802.11an 48

supported-tx-rates 802.11an 54

supported-tx-rates 802.11an-mcs 0

supported-tx-rates 802.11an-mcs 1

supported-tx-rates 802.11an-mcs 2

supported-tx-rates 802.11an-mcs 3

supported-tx-rates 802.11an-mcs 4

supported-tx-rates 802.11an-mcs 5

supported-tx-rates 802.11an-mcs 6

supported-tx-rates 802.11an-mcs 7

supported-tx-rates 802.11an-mcs 8

supported-tx-rates 802.11an-mcs 9

supported-tx-rates 802.11an-mcs 10

supported-tx-rates 802.11an-mcs 11

supported-tx-rates 802.11an-mcs 12

supported-tx-rates 802.11an-mcs 13

supported-tx-rates 802.11an-mcs 14

supported-tx-rates 802.11an-mcs 15

supported-tx-rates 802.11g 6

supported-tx-rates 802.11g 9

supported-tx-rates 802.11g 12

supported-tx-rates 802.11g 18

supported-tx-rates 802.11g 24

supported-tx-rates 802.11g 36
supported-tx-rates 802.11g 48

supported-tx-rates 802.11g 54

supported-tx-rates 802.11bg 1

supported-tx-rates 802.11bg 2

supported-tx-rates 802.11bg 5.5

supported-tx-rates 802.11bg 11

supported-tx-rates 802.11bg 6

supported-tx-rates 802.11bg 9

supported-tx-rates 802.11bg 12

supported-tx-rates 802.11bg 18

supported-tx-rates 802.11bg 24

supported-tx-rates 802.11bg 36

supported-tx-rates 802.11bg 48

supported-tx-rates 802.11bg 54

supported-tx-rates 802.11bgn 1

supported-tx-rates 802.11bgn 2

supported-tx-rates 802.11bgn 5.5

supported-tx-rates 802.11bgn 11

supported-tx-rates 802.11bgn 6

supported-tx-rates 802.11bgn 9

supported-tx-rates 802.11bgn 12

supported-tx-rates 802.11bgn 18

supported-tx-rates 802.11bgn 24

supported-tx-rates 802.11bgn 36

supported-tx-rates 802.11bgn 48

supported-tx-rates 802.11bgn 54
supported-tx-rates 802.11bgn-mcs 0

supported-tx-rates 802.11bgn-mcs 1

supported-tx-rates 802.11bgn-mcs 2

supported-tx-rates 802.11bgn-mcs 3

supported-tx-rates 802.11bgn-mcs 4

supported-tx-rates 802.11bgn-mcs 5

supported-tx-rates 802.11bgn-mcs 6

supported-tx-rates 802.11bgn-mcs 7
supported-tx-rates 802.11bgn-mcs 8
supported-tx-rates 802 .11bgn-mcs 9

supported-tx-rates 802 .11bgn-mcs 10

supported-tx-rates 802 .11bgn-mcs 11

supported-tx-rates 802 .11bgn-mcs 12

supported-tx-rates 802 .11bgn-mcs 13

supported-tx-rates 802 .11bgn-mcs 14

supported-tx-rates 802 .11bgn-mcs 15

base-tx-rates 802.11b 11

base-tx-rates 802.11a 6

base-tx-rates 802.11a 12

base-tx-rates 802.11a 24

base-tx-rates 802.11an 6

base-tx-rates 802.11an 12

base-tx-rates 802.11an 24

base-tx-rates 802.11g 6

base-tx-rates 802.11g 9

base-tx-rates 802.11g 12

base-tx-rates 802.11g 18

base-tx-rates 802.11g 24

base-tx-rates 802.11g 36

base-tx-rates 802.11g 48

base-tx-rates 802.11g 54

base-tx-rates 802.11bg 11

base-tx-rates 802.11bg n 11

accounting interim-interval 3600

accounting primary-radius ""

accounting secondary-radius ""

no multicast-enable

no silent-client-enable

no wmm-support

ess-ap 1 1

calls-per-bss 0

exit

exit

security-profile 802-1X
key-rotation disabled

allowed-l2-modes wpa
captive-portal disabled

captive-portal-passthru 0.0.0.0 0.0.0.0
encryption-modes tkip
psk key ""

firewall-capability none

firewall-filter-id ""

security-logging off

static-wep key ""

static-wep key-index 1
reauth
macfiltering
rekey period 0
group-rekey interval 0
8021x-network-initiation
radius-server primary qa245
radius-server secondary ""

auth-supplicant-timeout 30

auth-server-timeout 30

auth-max-request 4
pae-max-reauth 4

pae-txperiod 30

no kddi

no captive-portal

no shared-authentication

no rekey period


no fast-handoff

exit

radius-profile qa245
description ""

ip-address 192.168.5.245
key abc123

port 1812
mac-delimiter colon
password-type shared-secret

exit

FortiWLC Integration

Configuring 802.1X

Configuring 802.1X