Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
Hawada1
Staff
Staff

Created on ‎10-24-2022 03:12 AM

Article Id 227627

Technical Tip: FortiNAC Guest users are rejected because to User-Password Attribute is not Send by Cisco Wireless Controller

Description This article describes how to allow Cisco's wireless controller to send the User-Password attribute in the RADIUS Access-Request packet.
Scope FortiNAC.
Solution

Cisco WLC might sometimes not send the User-Password Attribute in the RADIUS Access-Request packet if a wrong RADIUS compatibility Mode is selected.

From the RADIUS logs, it is noticed that the NAS device (Cisco WLC) was not sending the User-Password attribute after a user is connected to the SSID.


Wed Sep 1 13:21:18 2022 : Auth: (36) Login incorrect

(rest:You set 'Auth-Type = REST' for a request that does not contain a User-Password attribute!):[112233445566] (from client 10.10.10.41 port 13 cli 11-22-33-44-55-66)

 

On the Cisco WLC, select the Security tab -> MAC Filtering and make sure the RADIUS compatibility Mode is 'Cisco ACS'.


Hawada1_0-1666538695630.png


In the MAC Filtering window, choose the type of RADIUS server under RADIUS Compatibility Mode to be 'Cisco ACS' (this mode will include User-Password AVP in the RADIUS Access-Request with MAC Authentication password as Client's MAC address).
212
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.