So I'd like to get some clarification please if what I believe I'm seeing is correct. I'm trying to configure RADIUS authentication with on a Cisco SG500X switch using the FortiAuthenticator for Radius. The "Small Business" Cisco switches don't have a full version of IOS running on them, but I have this working where a member of a Remote LDAP group on the FA logins into the switch SSH it will log them in with priv lvl 1. What I want is to boost this to priv lvl 15, and on a normal IOS switch you would return Cisco-Av-Pair = priv-lvl-15 Radius attribute.
I have attempted to configure this attribute, along with Service-Type = Administrative-User against my Remote LDAP group, but a packet capture shows that the FA is not sending the Radius attributes at all in its Access-Accept packet.
My question is, is this because the FA is looking for a Vendor-Specfic(26) of Cisco as opposed to CiscoSystems in the Access-Request packet? See AVP from Wireshark:
Code: Access-Accept (2)
Packet identifier: 0x92 (146)
[This is a response to a request in frame 15]
[Time from request: 0.007331000 seconds]
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.