FortiWLC – RADIUS Authentication Attributes

RADIUS Authentication Attributes
Attributes for 802.1X

The RADIUS 802.1X message attributes are:

MESSAGE: Access-Request

ATTRIBUTES:

  • User-Name(1)
  • NAS-IP-Adress(4)
  • NAS-Port(5)
  • Called-Station-Id(30) = <mac of Controller>:<ssid string>
  • Calling-Station-Id(31)
  • Framed-MTU(12)
  • NAS-Port-Type(61) = Wireless-802.11(19)
  • Connect-Info(77)
  • Message-Authenticator(80)

OPTIONAL ATTRIBUTES (depends on EAP type):

  • EAP-Message(79)
  • State(24)

OPTIONAL ATTRIBUTES (depends on RADIUS based User Management)

  • Service-Type(6) = Value:Login(1)
  • User-Password(2) = Value:<password string>

MESSAGE: Access-Accept

ATTRIBUTES:

  • Framed-Protocol(7) = PPP(1)
  • Service-Type(6) = Framed-User(2)
  • Class(25)
  • Message-Authenticator(80)

OPTIONAL ATTRIBUTES (depends on EAP type):

  • EAP-Message(79)
  • OPTIONAL ATTRIBUTES (required for RADIUS-assigned VLAN):
  • Tunnel-Medium-Type(65) = 802(6)
  • Tunnel-Type(64) = VLAN(13)
  • Tunnel-Private-Group-Id (81) = <the VLAN ID>

OPTIONAL ATTRIBUTES (depends on RADIUS based User Management)

  • Filter-Id(11) = Value:<Privilege Level>:<1-15>

Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.