RADIUS Authentication Attributes
Attributes for 802.1X
The RADIUS 802.1X message attributes are:
MESSAGE: Access-Request
ATTRIBUTES:
- User-Name(1)
- NAS-IP-Adress(4)
- NAS-Port(5)
- Called-Station-Id(30) = <mac of Controller>:<ssid string>
- Calling-Station-Id(31)
- Framed-MTU(12)
- NAS-Port-Type(61) = Wireless-802.11(19)
- Connect-Info(77)
- Message-Authenticator(80)
OPTIONAL ATTRIBUTES (depends on EAP type):
- EAP-Message(79)
- State(24)
OPTIONAL ATTRIBUTES (depends on RADIUS based User Management)
- Service-Type(6) = Value:Login(1)
- User-Password(2) = Value:<password string>
MESSAGE: Access-Accept
ATTRIBUTES:
- Framed-Protocol(7) = PPP(1)
- Service-Type(6) = Framed-User(2)
- Class(25)
- Message-Authenticator(80)
OPTIONAL ATTRIBUTES (depends on EAP type):
- EAP-Message(79)
- OPTIONAL ATTRIBUTES (required for RADIUS-assigned VLAN):
- Tunnel-Medium-Type(65) = 802(6)
- Tunnel-Type(64) = VLAN(13)
- Tunnel-Private-Group-Id (81) = <the VLAN ID>
OPTIONAL ATTRIBUTES (depends on RADIUS based User Management)
- Filter-Id(11) = Value:<Privilege Level>:<1-15>
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!