Technical Tip: FortiAuthenticator radius profile assignment based on Radius 'called-station-ID'

Description

This article describes how to add specific RADIUS attributes for incoming RADIUS requests from the same RADIUS client but through different interfaces/SSIDs.

Scope

FortiAuthenticator. 

Solution

When a user connects to an interface/SSID called '802.1x' the Called-Station-ID will show in the following format:

'08-5B-0E-XX-XX-XX:802.1x'

 

 

Add the following RADIUS Attribute in the dedicated RADIUS policy for that particular RADIUS Client:

 

 

 

 

Connecting on a different SSID to capture the called station-ID:

 

 

Add another new RADIUS Attribute  for Second interface/SSID CA-5B-0E-XX-XX-XX:fortinet9 in the same RADIUS policy as the following:

 

 

Verify successful RADIUS authentication logs in FortiAuthenticator: