Help
FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
akanibek
Staff
Staff

Created on ‎03-30-2025 10:19 PM Edited on ‎03-30-2025 10:20 PM By Community Manager

Article Id 385404

Technical Tip: FortiNAC-F v7.2.X replaces a radius disconnect message with a ‘bounce-port’ VSA attribute

Description

This article describes how to change a 'radius disconnect message' to a 'bounce-port' VSA radius attribute in radius-accept messages.
Scope FortiNAC-F v7.2.X
Solution

V7.2.X contains a global option that can change the message from a disconnect to a CoA, but attributes are not user-configurable (no option to configure additional RFC5176 Radius attributes).

 

The global option will instruct the code to create a system-defined CoA request. To configure the global option, execute these commands in the CLI of FortiNAC-F:

 

execute enter-shell

globaloptiontool -name radiusServer.use.coa.for.disconnect -set true 

 

PCAP file before applying the global option:

 

output.master debugs:

 

attributes = 1f 13 63 63 2d 39 36 2d 65 35 2d 64 36 2d 36 63 2d 33 37
yams.RadiusManager INFO :: 2025-03-13 08:31:48:017 :: #315 :: RadiusServer sending CoA request for packet id 6e to 10.10.150.7
yams.RadiusManager INFO :: 2025-03-13 08:31:48:017 :: #315 :: CoA packet:
Radius Packet:
Type = Disconnect Request
Identifier = 110
Packet Attributes
31 (Calling-Station-Id) [0] = cc-96-e5-d6-6c-37


PCAP packet details:


RADIUS Protocol
Code: Disconnect-Request (40)
Packet identifier: 0x62 (98)
Length: 39
Authenticator: 8f172712b622dc958d144aa9362f5af0
Attribute Value Pairs
AVP: t=Calling-Station-Id(31) l=19 val=cc-96-e5-d6-6c-37
Type: 31
Length: 19
Calling-Station-Id: cc-96-e5-d6-6c-37

 

 

After applying the global option:

 

PCAP radius packet details:

 

RADIUS Protocol
Code: CoA-Request (43)
Packet identifier: 0x2f (47)
Length: 65
Authenticator: bbd646d328e7766dbf56d78fab95bbd8
Attribute Value Pairs
AVP: t=Calling-Station-Id(31) l=19 val=54-05-DB-6C-0B-AA
Type: 31
Length: 19
Calling-Station-Id: 54-05-DB-6C-0B-AA
AVP: t=Vendor-Specific(26) l=26 vnd=Fortinet, Inc.(12356)
Type: 26
Length: 26
Vendor ID: Fortinet, Inc. (12356)
VSA: t=Fortinet-Host-Port-AVPair(42) l=20 val=action=bounce-port
Type: 42
Length: 20
Fortinet-Host-Port-AVPair: action=bounce-port
144
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.