Fortinet white logo
Fortinet white logo
7.4.0

Configure RADIUS Attribute

Configure RADIUS Attribute

Disconnect messages and COA messages contain RADIUS attributes. Some attributes may contain host information, and some attributes tell the NAS what to do.

Suppose the FortiSwitch is the NAS. For Disconnect message, the following attribute is required:

  • Calling-Station-Id: This attribute contains the MAC address of the host to be disconnected. Use %AUTH% variable here to get the host MAC address from RADIUS authentication messages.

For COA message, the attribute(s) below are required:

  • Calling-Station-Id: This attribute contains the MAC address of the host. Use %AUTH% variable here to get the host MAC address from RADIUS authentication messages.

  • Fortinet-Host-Port-AVPair: This attribute tells the FortiSwitch what to do with the host. Possible values include:

    • action=bounce-port: FortiSwitch closes the port for 10 seconds then reopens it.

    • action=reauth-port: FortiSwitch reauthenticates the host on the port immediately.

Configure RADIUS Attribute

Configure RADIUS Attribute

Disconnect messages and COA messages contain RADIUS attributes. Some attributes may contain host information, and some attributes tell the NAS what to do.

Suppose the FortiSwitch is the NAS. For Disconnect message, the following attribute is required:

  • Calling-Station-Id: This attribute contains the MAC address of the host to be disconnected. Use %AUTH% variable here to get the host MAC address from RADIUS authentication messages.

For COA message, the attribute(s) below are required:

  • Calling-Station-Id: This attribute contains the MAC address of the host. Use %AUTH% variable here to get the host MAC address from RADIUS authentication messages.

  • Fortinet-Host-Port-AVPair: This attribute tells the FortiSwitch what to do with the host. Possible values include:

    • action=bounce-port: FortiSwitch closes the port for 10 seconds then reopens it.

    • action=reauth-port: FortiSwitch reauthenticates the host on the port immediately.