Fortinet black logo

Administration Guide

Sending multiple RADIUS attribute values in a single RADIUS Access-Request

Sending multiple RADIUS attribute values in a single RADIUS Access-Request

A managed FortiSwitch can be configured to send multiple RADIUS attribute values in a single RADIUS Access-Request. This option is configured per RADIUS user, and is set to none by default.

The available service type options are:

login User should be connected to a host.
framed User use Framed Protocol.
callback-login User disconnected and called back.
callback-framed User disconnected and called back, then a Framed Protocol.
outbound User granted access to outgoing devices.
administrative User granted access to the administrative unsigned interface.
nas-prompt User provided a command prompt on the NAS.
authenticate-only Authentication requested, and no authentication information needs to be returned.
callback-nas-prompt User disconnected and called back, then provided a command prompt.
call-check Used by the NAS in an Access-Request packet, Access-Accept to answer the call.
callback-administrative User disconnected and called back, granted access to the admin unsigned interface.
To configure a managed FortiSwitch to the RADIUS attributes login, framed, and authenticate-only all at the same time:
config user radius
    edit "Radius_Server"
        set switch-controller-service-type login framed authenticate-only
        ....
    next
end

Sending multiple RADIUS attribute values in a single RADIUS Access-Request

A managed FortiSwitch can be configured to send multiple RADIUS attribute values in a single RADIUS Access-Request. This option is configured per RADIUS user, and is set to none by default.

The available service type options are:

login User should be connected to a host.
framed User use Framed Protocol.
callback-login User disconnected and called back.
callback-framed User disconnected and called back, then a Framed Protocol.
outbound User granted access to outgoing devices.
administrative User granted access to the administrative unsigned interface.
nas-prompt User provided a command prompt on the NAS.
authenticate-only Authentication requested, and no authentication information needs to be returned.
callback-nas-prompt User disconnected and called back, then provided a command prompt.
call-check Used by the NAS in an Access-Request packet, Access-Accept to answer the call.
callback-administrative User disconnected and called back, granted access to the admin unsigned interface.
To configure a managed FortiSwitch to the RADIUS attributes login, framed, and authenticate-only all at the same time:
config user radius
    edit "Radius_Server"
        set switch-controller-service-type login framed authenticate-only
        ....
    next
end