FortiWLC – RADIUS Authentication Attributes

Leave a reply
RADIUS Authentication Attributes
Attributes for 802.1X

The RADIUS 802.1X message attributes are:

MESSAGE: Access-Request

ATTRIBUTES:

  • User-Name(1)
  • NAS-IP-Adress(4)
  • NAS-Port(5)
  • Called-Station-Id(30) = <mac of Controller>:<ssid string>
  • Calling-Station-Id(31)
  • Framed-MTU(12)
  • NAS-Port-Type(61) = Wireless-802.11(19)
  • Connect-Info(77)
  • Message-Authenticator(80)

OPTIONAL ATTRIBUTES (depends on EAP type):

  • EAP-Message(79)
  • State(24)

OPTIONAL ATTRIBUTES (depends on RADIUS based User Management)

  • Service-Type(6) = Value:Login(1)
  • User-Password(2) = Value:<password string>

MESSAGE: Access-Accept

ATTRIBUTES:

  • Framed-Protocol(7) = PPP(1)
  • Service-Type(6) = Framed-User(2)
  • Class(25)
  • Message-Authenticator(80)

OPTIONAL ATTRIBUTES (depends on EAP type):

  • EAP-Message(79)
  • OPTIONAL ATTRIBUTES (required for RADIUS-assigned VLAN):
  • Tunnel-Medium-Type(65) = 802(6)
  • Tunnel-Type(64) = VLAN(13)
  • Tunnel-Private-Group-Id (81) = <the VLAN ID>

OPTIONAL ATTRIBUTES (depends on RADIUS based User Management)

  • Filter-Id(11) = Value:<Privilege Level>:<1-15>
This entry was posted in Administration Guides, FortiWLC on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.