RADIUS attributes sent in RADIUS accounting message
RADIUS Attributes
Authentication Method | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
Web |
X |
X |
X |
X |
|||
XAuth of IPsec (without DHCP) |
X |
X |
X |
X |
|||
XAuth of IPsec (with DHCP) |
X |
X |
X |
X |
X |
||
PPTP/L2TP (in PPP) |
X |
X |
X |
X |
X |
X |
X |
SSL-VPN |
X |
X |
X |
X |
X |
Vendor–specific attributes
Vendor specific attributes (VSA) are the method RADIUS servers and client companies use to extend the basic functionality of RADIUS. Some major vendors, such as Microsoft, have published their VSAs, however many do not.
In order to support vendor-specific attributes (VSA), the RADIUS server requires a dictionary to define which VSAs to support. This dictionary is typically supplied by the client or server vendor.
The Fortinet RADIUS vendor ID is 12356.
The FortiGate unit RADIUS VSA dictionary is supplied by Fortinet and is available through the Fortinet Knowledge Base (http://kb.forticare.com) or through Technical Support. Fortinet’s dictionary for FortiOS 4.0 and up is configured this way:
##
Fortinet’s VSA’s
#
VENDOR fortinet 12356
BEGIN-VENDOR fortinet
ATTRIBUTE Fortinet-Group-Name 1 string ATTRIBUTE Fortinet-Client-IP-Address 2 ipaddr ATTRIBUTE Fortinet-Vdom-Name 3 string
ATTRIBUTE Fortinet-Client-IPv6-Address 4 octets ATTRIBUTE Fortinet-Interface-Name 5 string ATTRIBUTE Fortinet-Access-Profile 6 string
#
# Integer Translations
#
END-VENDOR Fortinet
Note that using the Fortinet-Vdom-Name, users can be tied to a specific VDOM on the FortiGate unit. See the documentation provided with your RADIUS server for configuration details.