FortiNAC with Huawei AC6508 WLC

AEK · ‎01-11-2024

Hello

We integrated Huawei AC6508 WLC with FortiNAC, using local RADIUS, but we facing some issue.

When we set Default Attribute Group to RFC_VLAN we notice in RADIUS logs that FortiNAC sends the right response to the WLC, however the WLC still asks the user to authenticate, like it the WLC didn't recognize the RADIUS response
When we set Default Attribute Group to None we notice that the WLC put the authenticated user in the default service VLAN, so it works

So I guess the that the predefined RFC_VLAN Attribute Group is not the good one to use with our WLC.

In the FortiNAC document "Huawei Controller Wireless Integration" guide they mentioned to leave the value "None" optionally, but in our case we need to include the target VLAN in the RADIUS response.

Any idea on what should be the attributes of the right Attribute Group to use?

AEK

AEK · ‎05-11-2025

Hi Bosch

What do you see in WLC logs? Does it recognize the RADIUS response? Or does't still request user to authenticate?

AEK

Bosch · ‎05-13-2025

Hello AEK,

The WLC received the radius attributes, and the user not able to connect!

May 08 2025 17:26:42.150.637+01:00 AC6508 RDS/7/DEBUG:Slot=0,Vcpu=4;

[RDS(Evt):] Receive a packet(IP:FORTINAC-IP,Port:1812,Code:authentication accept,ID:83,Template:fortinac )

May 08 2025 17:26:42.150.638+01:00 AC6508 RDS/7/DEBUG:Slot=0,Vcpu=4;

RADIUS Received a Packet.

May 08 2025 17:26:42.150.639+01:00 AC6508 RDS/7/DEBUG:Slot=0,Vcpu=4;

Template name: fortinac

Server Template: 1

Server IP : FORTINAC-IP

Server Port : 1812

Client IP : WLC-IP

vrf : 0

Protocol: Standard

Code : 2

Len : 267

ID : 83

[MS-MPPE-Recv-Key ] [52] [e0 c8 3d 43 2c 39 58 9d 19 8b 14 5f fa db 06 f9 a0 55 d7 d3 c6 31 77 87 59 14 03 38 87 7f 8d e5 69 a6 9f f4 a4 c4 ff 1a 55 87 d0 3a 35 e3 a9 5e ca 45 ]

[MS-MPPE-Send-Key ] [52] [ee 1e 7b 2f d3 3b 9f 91 b8 ba 64 51 a4 ab 89 70 d3 19 ac 95 b8 62 75 09 03 1f 7d 00 46 e4 ff bc 52 48 08 7d 9c a1 62 22 be da ce 98 37 0b b8 a3 f0 b5 ]

[EAP-Message ] [6 ] [03 d5 00 04 ]

[Message-Authenticator ] [18] [00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ]

[Framed-MTU ] [6 ] [1190]

[MS-MPPE-Send-Key ] [36] [f1 ea 65 45 f7 a3 4a 82 3c 6b 08 c0 15 67 9d 4e e2 b0 c6 18 39 d1 1f 18 3a 11 d9 be ce 82 6c c5 89 d2 ]

May 08 2025 17:26:42.150.640+01:00 AC6508 RDS/7/DEBUG:Slot=0,Vcpu=4;

[MS-MPPE-Recv-Key ] [36] [fe 6d 8a 84 ba ef ae 9c fa 85 f7 76 15 69 c4 59 4f 7a 14 f3 71 5d 85 e7 1a 76 18 55 28 71 ff e5 93 6c ]

[Tunnel-Type ] [6 ] [13]

[Tunnel-Private-Group-ID ] [5 ] [102]

[Tunnel-Medium-Type ] [6 ] [6]

May 08 2025 17:26:42.150.641+01:00 AC6508 RDS/7/DEBUG:Slot=0,Vcpu=4;

[RDS(Evt):] Supported attr.

May 08 2025 17:26:42.150.642+01:00 AC6508 RDS/7/DEBUG:Slot=0,Vcpu=4;

[RDS(Evt):] Supported attr.

May 08 2025 17:26:42.150.643+01:00 AC6508 RDS/7/DEBUG:Slot=0,Vcpu=4;Attr not support in this packet.

(Framed-MTU(12)).

May 08 2025 17:26:42.150.644+01:00 AC6508 RDS/7/DEBUG:Slot=0,Vcpu=4;

[RDS(Evt):] Supported attr.

May 08 2025 17:26:42.150.645+01:00 AC6508 RDS/7/DEBUG:Slot=0,Vcpu=4;

[RDS(Evt):] Supported attr.

May 08 2025 17:26:42.150.646+01:00 AC6508 RDS/7/DEBUG:Slot=0,Vcpu=4;

[RDS(Evt):] Send a msg(Auth accept)

Security Engineer

FortiNAC with Huawei AC6508 WLC

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website