Created on
09-03-2024
09:37 AM
Edited on
04-13-2025
10:03 PM
By
Jean-Philippe_P
Description | This article describes how to modify a MAC format that is sent to the RADIUS server when authenticating with a MAC-Authentication setup. |
Scope | FortiSwitch authenticates clients with MAB on FortiSwitch v7.4.1 and above. |
Solution |
By default, when authenticating on Fortiswitch with MAB, the MAC address is going to be sent to RADIUS in the format xx-xx-xx-xx-xx-xx (lowercase):
To change the way FortiSwitches send MAC addresses of end devices to the RADIUS server, use the following commands:
config switch global config port-security set mac-username-delimiter [ hyphen / single-hyphen / colon / none } set mac-password-delimiter [ hyphen / single-hyphen / colon / none ] set mac-case [ uppercase / *lowercase ] end end
In this example, the MAC format is going to change from xx-xx-xx-xx-xx-xx to XX:XX:XX:XX:XX:XX.
config switch global config port-security set mac-case uppercase set mac-password-delimiter colon set mac-username-delimiter colon end end
The caller station ID can be modified in the same way that the MAC format with the following commands:
config switch global
If this change is needed in a FortiLink environment, try a custom command. This is an example:
config switch-controller custom-command edit macformat set command "config switch global %0a config port-security %0a set mac-calling-station-delimiter colon %0 set mac-called-station-delimiter colon %0a end %0a end %0a" end
Then, apply globally. This is a global example:
config switch-controller global next end end |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.