This article describes how to troubleshoot wireless authentication. FortiGate as a Wireless Controller and FortiAP as the Access Point.
A Radius Server is configured for remote authentication with a group.
FortiGate.
Configuration.
From GUI:
From CLI:
config user radius
edit "Radius_Server"
set server "192.168.1.115"
set secret <secret>
next
end
config user group
edit "RAD_Group"
set member "Radius_Server"
config match
edit 1
set server-name "Radius_Server"
set group-name "AD_Group"
next
end
next
end
config wireless-controller vap
edit "Wifi_Tunnel"
set ssid "fgt-wifi"
set security wpa2-only-enterprise
set auth usergroup
set usergroup "RAD_Group"
set schedule "always"
next
end
Troubleshooting commands:
diag debug reset
diag debug disable
diag debug console timestamp enable
diag debug app fnbamd -1
diagnose wireless-controller wlac sta_filter clear
diagnose wireless-controller wlac sta_filter xx:xx:xx:xx:xx:xx 255 <----- Change xx:xx:xx:xx:xx:xx to the user MAC address.
diag debug enable
2023-09-18 11:20:52 73569.894 48:f1:7f:a8:17:7c <ih> IEEE 802.11 mgmt::assoc_req <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) vap Wifi_Tunnel rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 73569.894 48:f1:7f:a8:17:7c <ih> 48:f1:7f:a8:17:7c sta = 0x9eece80, sta->flags = 0x00000001, auth_alg = 0, hapd->splitMac: 1
2023-09-18 11:20:52 73569.894 48:f1:7f:a8:17:7c cw_sta_load_chk ws (0-192.168.10.2:5246) rId 1 wId 0 sta 48:f1:7f:a8:17:7c
2023-09-18 11:20:52 73569.894 48:f1:7f:a8:17:7c cw_sta_balancing: ws (0-192.168.10.2:5246) 48:f1:7f:a8:17:7c enters balancing, rId 1, wId 0, fho 0, apho 0, 5G 1, sta_cnt 0, sta_th 55
2023-09-18 11:20:52 73569.894 48:f1:7f:a8:17:7c cw_sta_balancing: ws (0-192.168.10.2:5246) 48:f1:7f:a8:17:7c exits balancing, no need
2023-09-18 11:20:52 73569.894 48:f1:7f:a8:17:7c <ih> IEEE 802.11 mgmt::assoc_resp ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) vap Wifi_Tunnel rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 73569.894 48:f1:7f:a8:17:7c <ih> IEEE 802.11 mgmt::assoc_resp ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) vap Wifi_Tunnel rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 73569.895 48:f1:7f:a8:17:7c <dc> STA add 48:f1:7f:a8:17:7c vap Wifi_Tunnel ws (0-192.168.10.2:5246) rId 1 wId 0 bssid 84:39:8f:ce:5a:80 NON-AUTH band 0x10 mimo 2*2
2023-09-18 11:20:52 73569.896 48:f1:7f:a8:17:7c <cc> STA_CFG_REQ(123) sta 48:f1:7f:a8:17:7c add ==> ws (0-192.168.10.2:5246) rId 1 wId 0
2023-09-18 11:20:52 73569.896 48:f1:7f:a8:17:7c <cc> STA add 48:f1:7f:a8:17:7c vap Wifi_Tunnel ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80 sec WPA2 USERGROUP auth 0
2023-09-18 11:20:52 73569.896 48:f1:7f:a8:17:7c cwAcStaRbtAdd: I2C_STA_ADD insert sta 48:f1:7f:a8:17:7c 192.168.10.2/1/0/1
2023-09-18 11:20:52 61252.897 48:f1:7f:a8:17:7c <eh> ***48:f1:7f:a8:17:7c AUTH_PAE DISCONNECTED***
2023-09-18 11:20:52 61252.897 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=10
2023-09-18 11:20:52 61252.897 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 14B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 73569.902 48:f1:7f:a8:17:7c <cc> STA_CFG_RESP(123) 48:f1:7f:a8:17:7c <== ws (0-192.168.10.2:5246) rc 0 (Success)
2023-09-18 11:20:52 61252.960 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 5B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 61252.960 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=1 (EAPOL_START) data len=0
2023-09-18 11:20:52 61252.967 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 18B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 61252.968 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=0 (EAP_PACKET) data len=14
2023-09-18 11:20:52 61252.968 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) ==> RADIUS Server code=1 (Access-Request) id=62 len=296
2023-09-18 11:20:52 61252.969 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) <== RADIUS Server code=11 (Access-Challenge) id=62 len=79
2023-09-18 11:20:52 61252.969 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=33
2023-09-18 11:20:52 61252.969 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 37B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 61252.971 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 10B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 61252.972 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=0 (EAP_PACKET) data len=6
2023-09-18 11:20:52 61252.972 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) ==> RADIUS Server code=1 (Access-Request) id=63 len=294
2023-09-18 11:20:52 61252.972 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) <== RADIUS Server code=11 (Access-Challenge) id=63 len=52
2023-09-18 11:20:52 61252.973 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=6
2023-09-18 11:20:52 61252.973 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 10B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 61252.976 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 327B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 61252.976 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=0 (EAP_PACKET) data len=323
2023-09-18 11:20:52 61252.976 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) ==> RADIUS Server code=1 (Access-Request) id=64 len=613
2023-09-18 11:20:53 61253.040 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) <== RADIUS Server code=11 (Access-Challenge) id=64 len=1459
2023-09-18 11:20:53 61253.040 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=1403
2023-09-18 11:20:53 61253.040 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 1407B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.045 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 10B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.046 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=0 (EAP_PACKET) data len=6
2023-09-18 11:20:53 61253.046 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) ==> RADIUS Server code=1 (Access-Request) id=65 len=294
2023-09-18 11:20:53 61253.046 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) <== RADIUS Server code=11 (Access-Challenge) id=65 len=1459
2023-09-18 11:20:53 61253.047 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=1403
2023-09-18 11:20:53 61253.047 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 1407B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.051 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 10B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.051 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=0 (EAP_PACKET) data len=6
2023-09-18 11:20:53 61253.052 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) ==> RADIUS Server code=1 (Access-Request) id=66 len=294
2023-09-18 11:20:53 61253.052 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) <== RADIUS Server code=11 (Access-Challenge) id=66 len=1459
2023-09-18 11:20:53 61253.052 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=1403
2023-09-18 11:20:53 61253.052 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 1407B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.057 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 10B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.057 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=0 (EAP_PACKET) data len=6
2023-09-18 11:20:53 61253.058 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) ==> RADIUS Server code=1 (Access-Request) id=67 len=294
2023-09-18 11:20:53 61253.058 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) <== RADIUS Server code=11 (Access-Challenge) id=67 len=762
2023-09-18 11:20:53 61253.058 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=712
2023-09-18 11:20:53 61253.058 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 716B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.068 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 140B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.068 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=0 (EAP_PACKET) data len=136
2023-09-18 11:20:53 61253.068 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) ==> RADIUS Server code=1 (Access-Request) id=68 len=424
2023-09-18 11:20:53 61253.070 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) <== RADIUS Server code=11 (Access-Challenge) id=68 len=278
2023-09-18 11:20:53 61253.070 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=232
2023-09-18 11:20:53 61253.070 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 236B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.082 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 75B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.082 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=0 (EAP_PACKET) data len=71
2023-09-18 11:20:53 61253.082 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) ==> RADIUS Server code=1 (Access-Request) id=69 len=359
2023-09-18 11:20:53 [1906] handle_req-Rcvd auth req 304268715 for nathan in RAD_Group opt=00000100 prot=0
2023-09-18 11:20:53 [466] __compose_group_list_from_req-Group 'RAD_Group', type 1
2023-09-18 11:20:53 [616] fnbamd_pop3_start-nathan
2023-09-18 11:20:53 [587] __fnbamd_cfg_get_radius_list_by_group-Loading RADIUS server 'Radius_Server' for usergroup 'RAD_Group' (4)
2023-09-18 11:20:53 [342] fnbamd_create_radius_socket-Opened radius socket 12
2023-09-18 11:20:53 [342] fnbamd_create_radius_socket-Opened radius socket 13
2023-09-18 11:20:53 [1394] fnbamd_radius_auth_send-Compose RADIUS request
2023-09-18 11:20:53 [1351] fnbamd_rad_dns_cb-192.168.1.115->192.168.1.115
2023-09-18 11:20:53 [1323] __fnbamd_rad_send-Sent radius req to server 'Radius_Server': fd=12, IP=192.168.1.115(192.168.1.115:1812) code=1 id=9 len=124 user="nathan" using PAP
2023-09-18 11:20:53 [319] radius_server_auth-Timer of rad 'Radius_Server' is added
2023-09-18 11:20:53 [754] auth_tac_plus_start-Didn't find tac_plus servers (0)
2023-09-18 11:20:53 [1034] __fnbamd_cfg_get_ldap_list_by_group-
2023-09-18 11:20:53 [1150] fnbamd_cfg_get_ldap_list-Total ldap servers to try: 0
2023-09-18 11:20:53 [491] ldap_start-Didn't find ldap servers
2023-09-18 11:20:53 [633] create_auth_session-Total 1 server(s) to try
2023-09-18 11:20:53 [1360] fnbamd_auth_handle_radius_result-Timer of rad 'Radius_Server' is deleted
2023-09-18 11:20:53 [1802] fnbamd_radius_auth_validate_pkt-RADIUS resp code 2
2023-09-18 11:20:53 [320] extract_success_vsas-FORTINET attr, type 1, val AD_Group
2023-09-18 11:20:53 [1385] fnbamd_auth_handle_radius_result-->Result for radius svr 'Radius_Server' 192.168.1.115(1) is 0
2023-09-18 11:20:53 [266] find_matched_usr_grps-Skipped group matching
2023-09-18 11:20:53 [216] fnbamd_comm_send_result-Sending result 0 (nid 0) for req 304268715, len=2203
2023-09-18 11:20:53 [789] destroy_auth_session-delete session 304268715
2023-09-18 11:20:56 61256.138 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) <== RADIUS Server code=2 (Access-Accept) id=69 len=258
2023-09-18 11:20:56 61256.138 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=4
2023-09-18 11:20:56 61256.138 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 8B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:56 61256.139 48:f1:7f:a8:17:7c <eh> send 1/4 msg of 4-Way Handshake
2023-09-18 11:20:56 61256.139 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=3 (EAPOL_KEY) data len=117 replay cnt 1
2023-09-18 11:20:56 61256.139 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 121B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:56 61256.150 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 123B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:56 61256.150 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=3 (EAPOL_KEY) data len=119
2023-09-18 11:20:56 61256.151 48:f1:7f:a8:17:7c <eh> recv EAPOL-Key 2/4 Pairwise replay cnt 1
2023-09-18 11:20:56 61256.151 48:f1:7f:a8:17:7c <eh> send 3/4 msg of 4-Way Handshake
2023-09-18 11:20:56 61256.151 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=3 (EAPOL_KEY) data len=151 replay cnt 2
2023-09-18 11:20:56 61256.151 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 155B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:56 61256.154 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 99B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:56 61256.154 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=3 (EAPOL_KEY) data len=95
2023-09-18 11:20:56 61256.154 48:f1:7f:a8:17:7c <eh> recv EAPOL-Key 4/4 Pairwise replay cnt 2
2023-09-18 11:20:56 73573.155 48:f1:7f:a8:17:7c <dc> STA chg 48:f1:7f:a8:17:7c vap Wifi_Tunnel ws (0-192.168.10.2:5246) rId 1 wId 0 bssid 84:39:8f:ce:5a:80 AUTH
2023-09-18 11:20:56 73573.155 48:f1:7f:a8:17:7c <cc> STA chg 48:f1:7f:a8:17:7c vap Wifi_Tunnel ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80 sec WPA2 USERGROUP auth 1 ******
2023-09-18 11:20:56 73573.156 48:f1:7f:a8:17:7c <cc> STA_CFG_REQ(124) sta 48:f1:7f:a8:17:7c add key (len=16) ==> ws (0-192.168.10.2:5246) rId 1 wId 0
2023-09-18 11:20:56 73573.161 48:f1:7f:a8:17:7c <cc> STA_CFG_RESP(124) 48:f1:7f:a8:17:7c <== ws (0-192.168.10.2:5246) rc 0 (Success)
61256.161 48:f1:7f:a8:17:7c <eh> ***pairwise key handshake completed*** (RSN)
2023-09-18 11:20:56 73573.178 48:f1:7f:a8:17:7c <dc> DHCP Request server 0.0.0.0 <== host NATHAN-PC mac 48:f1:7f:a8:17:7c ip 192.168.168.102 xId d45adfee
2023-09-18 11:20:56 73573.179 48:f1:7f:a8:17:7c <dc> DHCP Ack server 192.168.168.1 ==> host mac 48:f1:7f:a8:17:7c ip 192.168.168.102 mask 255.255.255.0 gw 192.168.168.1 xId d45adfee
2023-09-18 11:20:56 73573.185 48:f1:7f:a8:17:7c cwAcAddWSSO mac 48:f1:7f:a8:17:7c ip 192.168.168.102 usr 'nathan' grp 'RAD_Group' authed 1
2023-09-18 11:20:56 73573.185 48:f1:7f:a8:17:7c cwAcAddWSSO add_auth_logon vf 0 ip 192.168.168.102 user 'nathan' group' RAD_Group' usr 0x9ef38e8 grp_num 1
2023-09-18 11:20:56 73573.187 48:f1:7f:a8:17:7c <dc> STA chg 48:f1:7f:a8:17:7c vap Wifi_Tunnel ws (0-192.168.10.2:5246) rId 1 wId 0 bssid 84:39:8f:ce:5a:80 os info: Windows
2023-09-18 11:20:56 73573.447 48:f1:7f:a8:17:7c cwAcAddWSSO mac 48:f1:7f:a8:17:7c ip 192.168.168.102 usr 'nathan' grp 'RAD_Group' authed 1
2023-09-18 11:20:56 73573.448 48:f1:7f:a8:17:7c cwAcAddWSSO add_auth_logon vf 0 ip 192.168.168.102 user 'nathan' group' RAD_Group' usr 0x9ef38e8 grp_num 1
2023-09-18 11:20:56 73573.449 48:f1:7f:a8:17:7c cwAcAddWSSO add_auth_logon vf 0 ip fe80::651a:af83:a163:ab68 user 'nathan' group ' RAD_Group' usr 0x9ef38e8 grp_num 1
2023-09-18 11:20:57 73574.444 48:f1:7f:a8:17:7c <dc> ND-NA 48:f1:7f:a8:17:7c ==> 33:33:00:00:00:01 for fe80::651a:af83:a163:ab68 48:f1:7f:a8:17:7c
2023-09-18 11:20:57 73574.445 48:f1:7f:a8:17:7c cwAcAddWSSO mac 48:f1:7f:a8:17:7c ip 192.168.168.102 usr 'nathan' grp 'RAD_Group' authed 1
2023-09-18 11:20:57 73574.445 48:f1:7f:a8:17:7c cwAcAddWSSO add_auth_logon vf 0 ip 192.168.168.102 user 'nathan' group' RAD_Group' usr 0x9ef38e8 grp_num 1
2023-09-18 11:20:57 73574.446 48:f1:7f:a8:17:7c cwAcAddWSSO add_auth_logon vf 0 ip fe80::651a:af83:a163:ab68 user 'nathan' group ' RAD_Group' usr 0x9ef38e8 grp_num 1
FGT-NAT # diag firewall auth list
192.168.168.102, nathan
type: wsso, id: 0, duration: 26, idled: 26
expire: 274, allow-idle: 300
flag(110): radius wsso
server: Radius_Server
packets: in 1 out 1, bytes: in 194 out 76
group_id: 4
group_name: RAD_Group
----- 1 listed, 0 filtered ------
FGT-NAT # diagnose wireless-controller wlac -c sta
-------------------------------STA 1----------------------------
STA mac : 48:f1:7f:a8:17:7c
authed : yes
wtp : 0-192.168.10.2:5246
rId : 1
aId : 1
wId : 0
bssid : 84:39:8f:ce:5a:80
cap : 1511
VLAN tag : 0000 (0)
ACL deny cnt : 0
802.11kvr : 11k_capable 11v_capable
Os Info : Windows
-------------------------------Total 1 STAs----------------------------
Radius Packet Capture:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.