Hello.
I am playing with the Radius attribute setup in FortiNAC (9.4.1) and probably missing logic behind these settings.
What I would like to achieve is a solution that FortiNAC returns to the switch a specific value of Service-Type attribute when the admin user do login to the CLI of the switch.
FortiNAC internal Radius works for this type of authentication for example with the FortiSwitch. But FSW does not need to get in the Accept message any specific attribute.
I have created a new attribute in the Radius config and assigned this attribute to the switch as its default Radius attribute but in the pcap I do not see any attribute to be sent back to the test switch in the accept message.
Could you please help me to figure out what is the correct way how to configure the new Radius attribute? FAC or MS NPS works with authentication realms that contain some kind of conditions to be used and action that should be taken. Is this anyhow similar to attribute creation in FortiNAC and how exactly works parameter %ACCESS_VALUE%? Thank you very much.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 12-08-2022 06:12 AM
Hello Adam
The way i see it is :
1-Copy the RFC VLAN attribute
2-Edit that one , and give it another name For exmaple TestAttrbGrp
3-In the attribute editor window from the left side pick the Service type attribute and add it to the right side with RFC vlan , Fill its value with the one you need
4-Apply this TestAttrbGrp to the model configuration tab in the attribute group drop down menu
Hello Edvin,
thank you for your answer.
The approach you described is valid. The root cost of my issue with no attribute to be sent back to the client seems to be the fact that the FNAC Radius server requires to get NAS-Identifier and Calling-Station-Id attributes in the Radius request to send any attribute back to the Radius client. When those attributes are received all works fine.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.