FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nathan_h
Staff
Staff
Article Id 274294
Description

 

This article describes how to troubleshoot wireless authentication. FortiGate as a Wireless Controller and FortiAP as the Access Point.

A Radius Server is configured for remote authentication with a group.

 

Scope

 

FortiGate.

 

Solution

 

Configuration.

 

From GUI:

 

Radius Server.png

 

Group.png

  

SSID.png

From CLI:

 

config user radius
     edit "Radius_Server"
          set server "192.168.1.115"
          set secret <secret>
     next
end

 

config user group
     edit "RAD_Group"
          set member "Radius_Server"
          config match
               edit 1
                    set server-name "Radius_Server"
                    set group-name "AD_Group"
               next
          end
     next
end

 

config wireless-controller vap
     edit "Wifi_Tunnel"
          set ssid "fgt-wifi"
          set security wpa2-only-enterprise
          set auth usergroup
          set usergroup "RAD_Group"
          set schedule "always"
     next
end

 

Troubleshooting commands:

 

diag debug reset

diag debug disable

diag debug console timestamp enable

diag debug app fnbamd -1

diagnose wireless-controller wlac sta_filter clear
diagnose wireless-controller wlac sta_filter xx:xx:xx:xx:xx:xx 255 <----- Change xx:xx:xx:xx:xx:xx to the user MAC address.

diag debug enable

 

2023-09-18 11:20:52 73569.894 48:f1:7f:a8:17:7c <ih> IEEE 802.11 mgmt::assoc_req <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) vap Wifi_Tunnel rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 73569.894 48:f1:7f:a8:17:7c <ih> 48:f1:7f:a8:17:7c sta = 0x9eece80, sta->flags = 0x00000001, auth_alg = 0, hapd->splitMac: 1
2023-09-18 11:20:52 73569.894 48:f1:7f:a8:17:7c cw_sta_load_chk ws (0-192.168.10.2:5246) rId 1 wId 0 sta 48:f1:7f:a8:17:7c
2023-09-18 11:20:52 73569.894 48:f1:7f:a8:17:7c cw_sta_balancing: ws (0-192.168.10.2:5246) 48:f1:7f:a8:17:7c enters balancing, rId 1, wId 0, fho 0, apho 0, 5G 1, sta_cnt 0, sta_th 55
2023-09-18 11:20:52 73569.894 48:f1:7f:a8:17:7c cw_sta_balancing: ws (0-192.168.10.2:5246) 48:f1:7f:a8:17:7c exits balancing, no need
2023-09-18 11:20:52 73569.894 48:f1:7f:a8:17:7c <ih> IEEE 802.11 mgmt::assoc_resp ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) vap Wifi_Tunnel rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 73569.894 48:f1:7f:a8:17:7c <ih> IEEE 802.11 mgmt::assoc_resp ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) vap Wifi_Tunnel rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 73569.895 48:f1:7f:a8:17:7c <dc> STA add 48:f1:7f:a8:17:7c vap Wifi_Tunnel ws (0-192.168.10.2:5246) rId 1 wId 0 bssid 84:39:8f:ce:5a:80 NON-AUTH band 0x10 mimo 2*2
2023-09-18 11:20:52 73569.896 48:f1:7f:a8:17:7c <cc> STA_CFG_REQ(123) sta 48:f1:7f:a8:17:7c add ==> ws (0-192.168.10.2:5246) rId 1 wId 0
2023-09-18 11:20:52 73569.896 48:f1:7f:a8:17:7c <cc> STA add 48:f1:7f:a8:17:7c vap Wifi_Tunnel ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80 sec WPA2 USERGROUP auth 0
2023-09-18 11:20:52 73569.896 48:f1:7f:a8:17:7c cwAcStaRbtAdd: I2C_STA_ADD insert sta 48:f1:7f:a8:17:7c 192.168.10.2/1/0/1
2023-09-18 11:20:52 61252.897 48:f1:7f:a8:17:7c <eh> ***48:f1:7f:a8:17:7c AUTH_PAE DISCONNECTED***
2023-09-18 11:20:52 61252.897 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=10
2023-09-18 11:20:52 61252.897 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 14B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 73569.902 48:f1:7f:a8:17:7c <cc> STA_CFG_RESP(123) 48:f1:7f:a8:17:7c <== ws (0-192.168.10.2:5246) rc 0 (Success)
2023-09-18 11:20:52 61252.960 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 5B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 61252.960 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=1 (EAPOL_START) data len=0
2023-09-18 11:20:52 61252.967 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 18B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 61252.968 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=0 (EAP_PACKET) data len=14
2023-09-18 11:20:52 61252.968 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) ==> RADIUS Server code=1 (Access-Request) id=62 len=296
2023-09-18 11:20:52 61252.969 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) <== RADIUS Server code=11 (Access-Challenge) id=62 len=79
2023-09-18 11:20:52 61252.969 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=33
2023-09-18 11:20:52 61252.969 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 37B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 61252.971 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 10B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 61252.972 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=0 (EAP_PACKET) data len=6
2023-09-18 11:20:52 61252.972 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) ==> RADIUS Server code=1 (Access-Request) id=63 len=294
2023-09-18 11:20:52 61252.972 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) <== RADIUS Server code=11 (Access-Challenge) id=63 len=52
2023-09-18 11:20:52 61252.973 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=6
2023-09-18 11:20:52 61252.973 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 10B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 61252.976 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 327B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:52 61252.976 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=0 (EAP_PACKET) data len=323
2023-09-18 11:20:52 61252.976 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) ==> RADIUS Server code=1 (Access-Request) id=64 len=613
2023-09-18 11:20:53 61253.040 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) <== RADIUS Server code=11 (Access-Challenge) id=64 len=1459
2023-09-18 11:20:53 61253.040 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=1403
2023-09-18 11:20:53 61253.040 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 1407B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.045 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 10B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.046 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=0 (EAP_PACKET) data len=6
2023-09-18 11:20:53 61253.046 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) ==> RADIUS Server code=1 (Access-Request) id=65 len=294
2023-09-18 11:20:53 61253.046 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) <== RADIUS Server code=11 (Access-Challenge) id=65 len=1459
2023-09-18 11:20:53 61253.047 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=1403
2023-09-18 11:20:53 61253.047 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 1407B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.051 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 10B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.051 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=0 (EAP_PACKET) data len=6
2023-09-18 11:20:53 61253.052 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) ==> RADIUS Server code=1 (Access-Request) id=66 len=294
2023-09-18 11:20:53 61253.052 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) <== RADIUS Server code=11 (Access-Challenge) id=66 len=1459
2023-09-18 11:20:53 61253.052 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=1403
2023-09-18 11:20:53 61253.052 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 1407B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.057 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 10B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.057 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=0 (EAP_PACKET) data len=6
2023-09-18 11:20:53 61253.058 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) ==> RADIUS Server code=1 (Access-Request) id=67 len=294
2023-09-18 11:20:53 61253.058 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) <== RADIUS Server code=11 (Access-Challenge) id=67 len=762
2023-09-18 11:20:53 61253.058 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=712
2023-09-18 11:20:53 61253.058 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 716B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.068 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 140B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.068 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=0 (EAP_PACKET) data len=136
2023-09-18 11:20:53 61253.068 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) ==> RADIUS Server code=1 (Access-Request) id=68 len=424
2023-09-18 11:20:53 61253.070 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) <== RADIUS Server code=11 (Access-Challenge) id=68 len=278
2023-09-18 11:20:53 61253.070 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=232
2023-09-18 11:20:53 61253.070 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 236B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.082 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 75B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:53 61253.082 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=0 (EAP_PACKET) data len=71
2023-09-18 11:20:53 61253.082 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) ==> RADIUS Server code=1 (Access-Request) id=69 len=359
2023-09-18 11:20:53 [1906] handle_req-Rcvd auth req 304268715 for nathan in RAD_Group opt=00000100 prot=0
2023-09-18 11:20:53 [466] __compose_group_list_from_req-Group 'RAD_Group', type 1
2023-09-18 11:20:53 [616] fnbamd_pop3_start-nathan
2023-09-18 11:20:53 [587] __fnbamd_cfg_get_radius_list_by_group-Loading RADIUS server 'Radius_Server' for usergroup 'RAD_Group' (4)
2023-09-18 11:20:53 [342] fnbamd_create_radius_socket-Opened radius socket 12
2023-09-18 11:20:53 [342] fnbamd_create_radius_socket-Opened radius socket 13
2023-09-18 11:20:53 [1394] fnbamd_radius_auth_send-Compose RADIUS request
2023-09-18 11:20:53 [1351] fnbamd_rad_dns_cb-192.168.1.115->192.168.1.115
2023-09-18 11:20:53 [1323] __fnbamd_rad_send-Sent radius req to server 'Radius_Server': fd=12, IP=192.168.1.115(192.168.1.115:1812) code=1 id=9 len=124 user="nathan" using PAP
2023-09-18 11:20:53 [319] radius_server_auth-Timer of rad 'Radius_Server' is added
2023-09-18 11:20:53 [754] auth_tac_plus_start-Didn't find tac_plus servers (0)
2023-09-18 11:20:53 [1034] __fnbamd_cfg_get_ldap_list_by_group-
2023-09-18 11:20:53 [1150] fnbamd_cfg_get_ldap_list-Total ldap servers to try: 0
2023-09-18 11:20:53 [491] ldap_start-Didn't find ldap servers
2023-09-18 11:20:53 [633] create_auth_session-Total 1 server(s) to try
2023-09-18 11:20:53 [1360] fnbamd_auth_handle_radius_result-Timer of rad 'Radius_Server' is deleted
2023-09-18 11:20:53 [1802] fnbamd_radius_auth_validate_pkt-RADIUS resp code 2
2023-09-18 11:20:53 [320] extract_success_vsas-FORTINET attr, type 1, val AD_Group
2023-09-18 11:20:53 [1385] fnbamd_auth_handle_radius_result-->Result for radius svr 'Radius_Server' 192.168.1.115(1) is 0
2023-09-18 11:20:53 [266] find_matched_usr_grps-Skipped group matching
2023-09-18 11:20:53 [216] fnbamd_comm_send_result-Sending result 0 (nid 0) for req 304268715, len=2203
2023-09-18 11:20:53 [789] destroy_auth_session-delete session 304268715
2023-09-18 11:20:56 61256.138 48:f1:7f:a8:17:7c <eh> RADIUS message (type=0) <== RADIUS Server code=2 (Access-Accept) id=69 len=258
2023-09-18 11:20:56 61256.138 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=4
2023-09-18 11:20:56 61256.138 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 8B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:56 61256.139 48:f1:7f:a8:17:7c <eh> send 1/4 msg of 4-Way Handshake
2023-09-18 11:20:56 61256.139 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=3 (EAPOL_KEY) data len=117 replay cnt 1
2023-09-18 11:20:56 61256.139 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 121B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:56 61256.150 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 123B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:56 61256.150 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=3 (EAPOL_KEY) data len=119
2023-09-18 11:20:56 61256.151 48:f1:7f:a8:17:7c <eh> recv EAPOL-Key 2/4 Pairwise replay cnt 1
2023-09-18 11:20:56 61256.151 48:f1:7f:a8:17:7c <eh> send 3/4 msg of 4-Way Handshake
2023-09-18 11:20:56 61256.151 48:f1:7f:a8:17:7c <eh> send IEEE 802.1X ver=2 type=3 (EAPOL_KEY) data len=151 replay cnt 2
2023-09-18 11:20:56 61256.151 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 155B) ==> 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:56 61256.154 48:f1:7f:a8:17:7c <eh> IEEE 802.1X (EAPOL 99B) <== 48:f1:7f:a8:17:7c ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80
2023-09-18 11:20:56 61256.154 48:f1:7f:a8:17:7c <eh> recv IEEE 802.1X ver=1 type=3 (EAPOL_KEY) data len=95
2023-09-18 11:20:56 61256.154 48:f1:7f:a8:17:7c <eh> recv EAPOL-Key 4/4 Pairwise replay cnt 2
2023-09-18 11:20:56 73573.155 48:f1:7f:a8:17:7c <dc> STA chg 48:f1:7f:a8:17:7c vap Wifi_Tunnel ws (0-192.168.10.2:5246) rId 1 wId 0 bssid 84:39:8f:ce:5a:80 AUTH
2023-09-18 11:20:56 73573.155 48:f1:7f:a8:17:7c <cc> STA chg 48:f1:7f:a8:17:7c vap Wifi_Tunnel ws (0-192.168.10.2:5246) rId 1 wId 0 84:39:8f:ce:5a:80 sec WPA2 USERGROUP auth 1 ******
2023-09-18 11:20:56 73573.156 48:f1:7f:a8:17:7c <cc> STA_CFG_REQ(124) sta 48:f1:7f:a8:17:7c add key (len=16) ==> ws (0-192.168.10.2:5246) rId 1 wId 0
2023-09-18 11:20:56 73573.161 48:f1:7f:a8:17:7c <cc> STA_CFG_RESP(124) 48:f1:7f:a8:17:7c <== ws (0-192.168.10.2:5246) rc 0 (Success)
61256.161 48:f1:7f:a8:17:7c <eh> ***pairwise key handshake completed*** (RSN)
2023-09-18 11:20:56 73573.178 48:f1:7f:a8:17:7c <dc> DHCP Request server 0.0.0.0 <== host NATHAN-PC mac 48:f1:7f:a8:17:7c ip 192.168.168.102 xId d45adfee
2023-09-18 11:20:56 73573.179 48:f1:7f:a8:17:7c <dc> DHCP Ack server 192.168.168.1 ==> host mac 48:f1:7f:a8:17:7c ip 192.168.168.102 mask 255.255.255.0 gw 192.168.168.1 xId d45adfee
2023-09-18 11:20:56 73573.185 48:f1:7f:a8:17:7c cwAcAddWSSO mac 48:f1:7f:a8:17:7c ip 192.168.168.102 usr 'nathan' grp 'RAD_Group' authed 1
2023-09-18 11:20:56 73573.185 48:f1:7f:a8:17:7c cwAcAddWSSO add_auth_logon vf 0 ip 192.168.168.102 user 'nathan' group' RAD_Group' usr 0x9ef38e8 grp_num 1
2023-09-18 11:20:56 73573.187 48:f1:7f:a8:17:7c <dc> STA chg 48:f1:7f:a8:17:7c vap Wifi_Tunnel ws (0-192.168.10.2:5246) rId 1 wId 0 bssid 84:39:8f:ce:5a:80 os info: Windows
2023-09-18 11:20:56 73573.447 48:f1:7f:a8:17:7c cwAcAddWSSO mac 48:f1:7f:a8:17:7c ip 192.168.168.102 usr 'nathan' grp 'RAD_Group' authed 1
2023-09-18 11:20:56 73573.448 48:f1:7f:a8:17:7c cwAcAddWSSO add_auth_logon vf 0 ip 192.168.168.102 user 'nathan' group' RAD_Group' usr 0x9ef38e8 grp_num 1
2023-09-18 11:20:56 73573.449 48:f1:7f:a8:17:7c cwAcAddWSSO add_auth_logon vf 0 ip fe80::651a:af83:a163:ab68 user 'nathan' group ' RAD_Group' usr 0x9ef38e8 grp_num 1
2023-09-18 11:20:57 73574.444 48:f1:7f:a8:17:7c <dc> ND-NA 48:f1:7f:a8:17:7c ==> 33:33:00:00:00:01 for fe80::651a:af83:a163:ab68 48:f1:7f:a8:17:7c
2023-09-18 11:20:57 73574.445 48:f1:7f:a8:17:7c cwAcAddWSSO mac 48:f1:7f:a8:17:7c ip 192.168.168.102 usr 'nathan' grp 'RAD_Group' authed 1
2023-09-18 11:20:57 73574.445 48:f1:7f:a8:17:7c cwAcAddWSSO add_auth_logon vf 0 ip 192.168.168.102 user 'nathan' group' RAD_Group' usr 0x9ef38e8 grp_num 1
2023-09-18 11:20:57 73574.446 48:f1:7f:a8:17:7c cwAcAddWSSO add_auth_logon vf 0 ip fe80::651a:af83:a163:ab68 user 'nathan' group ' RAD_Group' usr 0x9ef38e8 grp_num 1

 

FGT-NAT # diag firewall auth list

192.168.168.102, nathan
type: wsso, id: 0, duration: 26, idled: 26
expire: 274, allow-idle: 300
flag(110): radius wsso
server: Radius_Server
packets: in 1 out 1, bytes: in 194 out 76
group_id: 4
group_name: RAD_Group

----- 1 listed, 0 filtered ------


FGT-NAT # diagnose wireless-controller wlac -c sta
-------------------------------STA 1----------------------------
STA mac : 48:f1:7f:a8:17:7c
authed : yes
wtp : 0-192.168.10.2:5246
rId : 1
aId : 1
wId : 0
bssid : 84:39:8f:ce:5a:80
cap : 1511
VLAN tag : 0000 (0)
ACL deny cnt : 0
802.11kvr : 11k_capable 11v_capable
Os Info : Windows
-------------------------------Total 1 STAs----------------------------

 

Radius Packet Capture:

 

Packet capture.png

Contributors