Step 3: Configure RADIUS in FortiNAC
Configure the appropriate RADIUS server option. Proxy and Local modes can be configured in FortiNAC on a per-device basis.
-
Proxy
-
Authentication: FortiNAC processes RADIUS MAC but proxies 802.1x EAP authentication to a customer-owned (external) RADIUS server.
-
Accounting: FortiNAC proxies accounting traffic to a customer-owned (external) RADIUS server.
-
For more information on this option, see Proxy in the Administration Guide.
-
-
Local
-
Authentication: FortiNAC’s Local RADIUS Server processes RADIUS MAC and 802.1x EAP authentication without the need to proxy to an external RADIUS server.
-
Accounting: The Local RADIUS server does not provide accounting. If accounting is required, FortiNAC can be configured to proxy Accounting traffic to an external RADIUS server.
-
Attribute Groups: Create an Attribute Group named “ExtremeCloud” or “Aerohive” using the chart below.
Attributes
Response Values
Tunnel-Medium-Type
IPv4
Tunnel-Type
GRE
Tunnel-Private-Group-Id
%ACCESS_VALUE%
-
Example:
Reference
https://docslib.org/doc/358947/aerohive-configuration-guide-radius-authentication-2
For more information on this option, see Local RADIUS Server in the Administration Guide.