M A
asked on
Manage wireless users in fortinet. Radius authenticated.
We have a request to control wireless clients user based (not IP based) using Fortinet. Below is the scenario.
We have IMC radius server. IMC is integrated with AD. I configured IMC in fortinet for authentication.
I can see all wired users info logged in fortinet but not wireless users.
How can I achieve this?
Thanks
MAS
We have IMC radius server. IMC is integrated with AD. I configured IMC in fortinet for authentication.
I can see all wired users info logged in fortinet but not wireless users.
How can I achieve this?
Thanks
MAS
ASKER
Thanks Arnold for your reply.
How do I check 802.11 (or 80.2.1x) enabled on wired/switches?
Do I have to check the same in wireless (accesspoint) or in switch as well.
I am not an expert in networking. As per my understanding wireless is 802.11.
How do I check 802.11 (or 80.2.1x) enabled on wired/switches?
Do I have to check the same in wireless (accesspoint) or in switch as well.
I am not an expert in networking. As per my understanding wireless is 802.11.
What do you use for the wireless access point, does it auto-allocates IPs when users connect to it?
802.1x is the mechanism by which a secondary authorization is needed after the connection is established, the MAC address of the device would be sent as a radius access-request which will mean you have to include that .....
What are you seeing from the wired clients the user/machine certificate?
802.1x is the mechanism by which a secondary authorization is needed after the connection is established, the MAC address of the device would be sent as a radius access-request which will mean you have to include that .....
What are you seeing from the wired clients the user/machine certificate?
ASKER
Wired user not using IMC (HP). only wireless user is using IMC.
We are using HP 870 controller and HP access points. WIreless access Point is HP 425WW.
This is the current settings. 802.1x is not enabled on accesspoints but enabled on controller. Please check below
These are access point screenshots.
.
HPIMC Screenshot.
We are using HP 870 controller and HP access points. WIreless access Point is HP 425WW.
This is the current settings. 802.1x is not enabled on accesspoints but enabled on controller. Please check below
These are access point screenshots.
.
HPIMC Screenshot.
The hpmc is a policy name that includes 802.1x
Look at the hpmc on how it processes the wifi device ip allocation.
Using the current setup and your info, wifi connected devices get an ip without secondary authorization.
If you can, reach out to hp support with what you have, and what you want and see what their suggestion would be.
Are all the wifi connected systems known to the AD IMC?
Look at the hpmc on how it processes the wifi device ip allocation.
Using the current setup and your info, wifi connected devices get an ip without secondary authorization.
If you can, reach out to hp support with what you have, and what you want and see what their suggestion would be.
Are all the wifi connected systems known to the AD IMC?
ASKER
-->Are all the wifi connected systems known to the IMC?
Yes.
Yes.
Do you have a single wifi device that you can test outside the production environment, i.e. instead of switching the 802.1x on and having all ...
test on a small scale or a distinct section to limit impact ....
The image you posted is two fold.
the first designates whether the WIFI access point will operate in 802.1x mode, not familiar with the HP device, as to what the port option means in the view where the 802.1x can be enabled.
The second item you posted is just a policy with the name that includes 802.1x i.e. will apply when 802.1x is enforced on the wifi.
once enabled the policy will be consulted to determine whether the connecting device is authorized...
test on a small scale or a distinct section to limit impact ....
The image you posted is two fold.
the first designates whether the WIFI access point will operate in 802.1x mode, not familiar with the HP device, as to what the port option means in the view where the 802.1x can be enabled.
The second item you posted is just a policy with the name that includes 802.1x i.e. will apply when 802.1x is enforced on the wifi.
once enabled the policy will be consulted to determine whether the connecting device is authorized...
See if the following link https://abouthpnetworking.com/2014/06/03/hp-unified-wireless-central-802-1x-configuration/
helps
Is the 870 the one to which all wired users connect?
helps
Is the 870 the one to which all wired users connect?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Fixed the issue. Many thanks to Arnold
http://cookbook.fortinet.com/wireless-802-1x-eap-tls-user-authentication/
understanding what and how your wireless environment operates .....hw components, etc.