Add RADIUS MAC delimiter options
In the wireless controller settings, options have been added to specify the delimiter used for various RADIUS attributes for RADIUS MAC authentication and accounting. The options are hyphen, single-hyphen, colon, or none.
config wireless-controller vap edit <name> set mac-username-delimiter {hyphen | single-hyphen | colon | none} set mac-password-delimiter {hyphen | single-hyphen | colon | none} set mac-calling-station-delimiter {hyphen | single-hyphen | colon | none} set mac-called-station-delimiter {hyphen | single-hyphen | colon | none} set mac-case MAC {uppercase | lowercase} next end
Example
In this example, a username (single-hypen, lowercase) and password (colon, lowercase) are configured on a FreeRADIUS server.
To configure RADIUS MAC delimiter options:
- Configure the VAP:
config wireless-controller vap edit "wifi" set ssid "starr-fgt4-1" set security wpa2-only-enterprise set mac-username-delimiter single-hyphen set mac-password-delimiter colon set mac-calling-station-delimiter none set mac-called-station-delimiter single-hyphen set mac-case lowercase set radius-mac-auth enable set radius-mac-auth-server "peap" set auth radius set radius-server "peap" next end
- On the FreeRADIUS server, configure a username (such as 1c872c-b7f64c), and a cleartext password (such as 1c:87:2c:b7:f6:4c).
- After the client passes RADIUS MAC authentication, verify the RADIUS server log. The FortiGate sent the username as
1c872c-b7f64c
and the password as1c:87:2c:b7:f6:4c:
Fri Mar 12 10:28:52 2021 : Auth: (0) Login OK: [1c872c-b7f64c/1c:87:2c:b7:f6:4c] (from client fwf port 0 cli 1c872cb7f64c)
- Once the client is connected, verify the accounting log on the accounting server. The FortiGate sent the called station ID as
906cac-c127d8:starr-fgt4-1
and the calling station ID as1c872cb7f64c
:Fri Mar 12 10:33:02 2021 Acct-Status-Type = Start Acct-Authentic = RADIUS User-Name = "tester" NAS-IP-Address = 0.0.0.0 NAS-Identifier = "127.0.0.1/15246-wifi" Called-Station-Id = "906cac-c127d8:starr-fgt4-1" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User NAS-Port = 1 Fortinet-SSID = "starr-fgt4-1" Fortinet-AP-Name = "FWF61E-WIFI0" Calling-Station-Id = "1c872cb7f64c" Connect-Info = "CONNECT 0/0Mbps(Tx/Rx) 11AC" Acct-Session-Id = "6048FE9800000064" Acct-Multi-Session-Id = "4AD14F4FCBBDDDFF" WLAN-Pairwise-Cipher = 1027076 WLAN-Group-Cipher = 1027076 WLAN-AKM-Suite = 1027073 Framed-IP-Address = 10.10.80.106 Fortinet-WirelessController-Device-MAC = 0x1c872cb7f64c Fortinet-WirelessController-WTP-ID = "FWF61E4Q00000000" Fortinet-WirelessController-Assoc-Time = "Mar 12 2021 10:32:59 PST" Event-Timestamp = "Mar 12 2021 10:33:02 PST" Acct-Delay-Time = 0 Acct-Unique-Session-Id = "51c531ce7fd0e92cbf4f3cf06f7ce372" Timestamp = 1615573982