Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Defining a wireless network interface (SSID)<br />
Configuring a WiFi LAN<br />
4. In Primary Server Secret, enter the shared secret used to access the server.<br />
5. Optionally, enter the information for a secondary or backup RADIUS server.<br />
6. Select OK.<br />
To configure the FortiGate unit to access the RADIUS server - CLI<br />
config user radius<br />
edit exampleRADIUS<br />
set auth-type auto<br />
set server 10.11.102.100<br />
set secret aoewmntiasf<br />
end<br />
To configure WPA-Enterprise security - web-based manager<br />
1. Go to WiFi & Switch Controller > SSIDand edit your SSID entry.<br />
2. In Security Mode, select WPA2 Enterprise.<br />
3. In Authentication, do one of the following:<br />
• If you will use a RADIUS server for authentication, select RADIUS Server and then select the RADIUS server.<br />
• If you will use a local user group for authentication, select Local and then select the user group(s) permitted to<br />
use the wireless network.<br />
4. Select OK.<br />
To configure WPA-Enterprise security - CLI<br />
config wireless-controller vap<br />
edit example_wlan<br />
set security wpa2-enterprise<br />
set auth radius<br />
set radius-server exampleRADIUS<br />
end<br />
Captive Portal security<br />
Captive Portal security provides an access point that initially appears open. The wireless client can connect to the<br />
AP with no security credentials. The AP responds to the client’s first HTTP request with a web page requesting<br />
user name and password. Until the user enters valid credentials, no communication beyond the AP is permitted.<br />
The captive portal can be hosted on the FortiGate unit, or externally. For details see<br />
Configuring WiFi captive portal security - FortiGate captive portal on page 40<br />
Configuring WiFi captive portal security - external server on page 41<br />
For general information about captive portals, see the Captive Portal chapter of the Authentication Guide.<br />
Adding a MAC filter<br />
On each SSID, you can create a MAC address filter list to either permit or exclude a list of clients identified by<br />
their MAC addresses.<br />
38 <strong>Deploying</strong> <strong>Wireless</strong> <strong>Networks</strong> for <strong>FortiOS</strong> 5.4<br />
Fortinet Technologies Inc.