Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
pksubramanian
Staff
Staff

Created on ‎11-08-2019 05:48 AM Edited on ‎07-15-2025 03:29 AM By Community Manager

Article Id 196684

Technical Tip: FortiAuthenticator radius profile assignment based on Radius 'called-station-ID'

Description

 

This article describes how to add specific RADIUS attributes for incoming RADIUS requests from the same RADIUS client but through different interfaces/SSIDs.

 

Scope

 

FortiAuthenticator. 

Solution

 

When a user connects to an interface/SSID called '802.1x' the Called-Station-ID will show in the following format:


'08-5B-0E-XX-XX-XX:802.1x'

 
 
Add the following RADIUS Attribute in the dedicated RADIUS policy for that particular RADIUS Client:
 
ssid_0.png

ssid.png
 
ssid_1.png
 
Connecting on a different SSID to capture the called station-ID:
 
 
Add another new RADIUS Attribute  for Second interface/SSID CA-5B-0E-XX-XX-XX:fortinet9 in the same RADIUS policy as the following:
 
ssid_3.png

Verify successful RADIUS authentication logs in FortiAuthenticator:
 

2220
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.