Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
kmody
Staff
Staff

Created on ‎04-03-2024 09:17 AM Edited on ‎05-17-2024 06:01 AM By Community Manager

Article Id 308224

Technical Tip: How to decrypt packets in Wireshark to check the Radius Secret (Expected vs Entered)

Description This article describes how to use Wireshark to make sure the radius secret entered in all places in FortiNAC is correct.
Scope FortiNAC version 9.1 and above.
Solution

In the FortiNAC CLI:

 

For CentOS-based FortiNAC versions:

 

  1. Run the following commands:

logs

 

tcpdump -nni any host <switch-ip/WLC> and (port 3799 or 1812 or 1645) -w CoA_Capture.pcap

 

  1. Generate radius traffic by attempting a connection.
  2. Export CoA_Capture.pcap with the same method as this article uses to extract grab-logs.

 

For NACOS v7.x:

  1. Follow the instructions in this article to get the PCAP file. Open the .pcap file in Wireshark. Go to Edit -> preferences -> protocols -> radius -> enter the radius secret in use.
  2. Expand the Radius protocol in the packet check for the Authenticator attribute.
  3. If there is no [incorrect] in front of the attribute, the radius secrets are correct in FortiNAC, the model config tab, and when 'right-clicking' model config.
573
Submit Article Idea
Comments
bhimgurung
Staff
Staff
‎05-28-2024 01:49 PM

Very helpful Thank you 

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.