FortiWLC – RADIUS Authentication Attributes

RADIUS Authentication Attributes
Attributes for 802.1X

The RADIUS 802.1X message attributes are:

MESSAGE: Access-Request

ATTRIBUTES:

  • User-Name(1)
  • NAS-IP-Adress(4)
  • NAS-Port(5)
  • Called-Station-Id(30) = <mac of Controller>:<ssid string>
  • Calling-Station-Id(31)
  • Framed-MTU(12)
  • NAS-Port-Type(61) = Wireless-802.11(19)
  • Connect-Info(77)
  • Message-Authenticator(80)

OPTIONAL ATTRIBUTES (depends on EAP type):

  • EAP-Message(79)
  • State(24)

OPTIONAL ATTRIBUTES (depends on RADIUS based User Management)

  • Service-Type(6) = Value:Login(1)
  • User-Password(2) = Value:<password string>

MESSAGE: Access-Accept

ATTRIBUTES:

  • Framed-Protocol(7) = PPP(1)
  • Service-Type(6) = Framed-User(2)
  • Class(25)
  • Message-Authenticator(80)

OPTIONAL ATTRIBUTES (depends on EAP type):

  • EAP-Message(79)
  • OPTIONAL ATTRIBUTES (required for RADIUS-assigned VLAN):
  • Tunnel-Medium-Type(65) = 802(6)
  • Tunnel-Type(64) = VLAN(13)
  • Tunnel-Private-Group-Id (81) = <the VLAN ID>

OPTIONAL ATTRIBUTES (depends on RADIUS based User Management)

  • Filter-Id(11) = Value:<Privilege Level>:<1-15>

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos