Created on
09-03-2024
09:37 AM
Edited on
04-13-2025
10:03 PM
By
Jean-Philippe_P
Description | This article describes how to modify a MAC format that is sent to the RADIUS server when authenticating with a MAC-Authentication setup. |
Scope | FortiSwitch authenticates clients with MAB on FortiSwitch v7.4.1 and above. |
Solution |
By default, when authenticating on Fortiswitch with MAB, the MAC address is going to be sent to RADIUS in the format xx-xx-xx-xx-xx-xx (lowercase):
To change the way FortiSwitches send MAC addresses of end devices to the RADIUS server, use the following commands:
config switch global config port-security set mac-username-delimiter [ hyphen / single-hyphen / colon / none } set mac-password-delimiter [ hyphen / single-hyphen / colon / none ] set mac-case [ uppercase / *lowercase ] end end
In this example, the MAC format is going to change from xx-xx-xx-xx-xx-xx to XX:XX:XX:XX:XX:XX.
config switch global config port-security set mac-case uppercase set mac-password-delimiter colon set mac-username-delimiter colon end end
The caller station ID can be modified in the same way that the MAC format with the following commands:
config switch global
If this change is needed in a FortiLink environment, try a custom command. This is an example:
config switch-controller custom-command edit macformat set command "config switch global %0a config port-security %0a set mac-calling-station-delimiter colon %0 set mac-called-station-delimiter colon %0a end %0a end %0a" end
Then, apply globally. This is a global example:
config switch-controller global next end end |