Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

RADIUS Attribute Groups

This functionality is available for device models configured for Local RADIUS Authentication mode.

Allows administrators to control the RADIUS attributes FortiNAC returns in an Access-Accept.

  • Build groups from a large collection of known RADIUS attributes, both standard and vendor-specific. Custom attributes can also be created.
  • Can be configured at device level and logical network level scope for both simple and complex deployments
  • Returned attributes are a combination of device and logical network level groups. The more granular logical network attributes take precedence

RADIUS Attribute Groups are configured in the Local RADIUS Server view. Once the Attribute Groups are defined, they can be deployed to the network via Model Configuration and SSID configuration views. RADIUS Attribute Groups can also be modified for multiple devices and SSIDs simultaneously.

  • SSIDs: See Modify multiple SSIDs for instructions
  • Model Configuration: See below for instructions

Deploy Attribute Groups in Bulk – Model Configuration

Note The values set through this method may not apply to all selected devices equally. For example, four devices are selected, but only two devices have the Logical Network “Aruba” configured. Any modifications made in this view for the “Aruba” Logical Network will only apply to those devices with “Aruba” configured.

  1. Click Network Devices > Topology.
  2. Select the container where the devices are located.
  3. In the Devices view, use Ctrl-click or Shift-click to select the devices to modify.
  4. Right-click the devices and click Set Model Configuration.

Apply Default Attribute Group

  1. From the top drill down menu, select Detail Configuration.
  2. Click the Enable RADIUS checkbox.
  3. Click Enable Local.
  4. Click the Default RADIUS Attribute Group checkbox. The associated drill down menu will appear.
  5. From the drill down, select the desired RADIUS Attribute Group.
  6. Click OK to save changes or proceed to define additional RADIUS Attribute Groups.

Apply Additional RADIUS Attribute Groups to Logical Networks

  1. From the top drill down, select the desired Logical Network to modify.
  2. Click Additional Attribute Group checkbox. The associated drill down menu will appear.
  3. From the drill down, select the desired RADIUS Attribute Group.
  4. Repeat steps 10-12 to add and modify additional Logical Networks as needed.
  5. Click OK to save changes.

RADIUS Attribute Groups

This functionality is available for device models configured for Local RADIUS Authentication mode.

Allows administrators to control the RADIUS attributes FortiNAC returns in an Access-Accept.

  • Build groups from a large collection of known RADIUS attributes, both standard and vendor-specific. Custom attributes can also be created.
  • Can be configured at device level and logical network level scope for both simple and complex deployments
  • Returned attributes are a combination of device and logical network level groups. The more granular logical network attributes take precedence

RADIUS Attribute Groups are configured in the Local RADIUS Server view. Once the Attribute Groups are defined, they can be deployed to the network via Model Configuration and SSID configuration views. RADIUS Attribute Groups can also be modified for multiple devices and SSIDs simultaneously.

  • SSIDs: See Modify multiple SSIDs for instructions
  • Model Configuration: See below for instructions

Deploy Attribute Groups in Bulk – Model Configuration

Note The values set through this method may not apply to all selected devices equally. For example, four devices are selected, but only two devices have the Logical Network “Aruba” configured. Any modifications made in this view for the “Aruba” Logical Network will only apply to those devices with “Aruba” configured.

  1. Click Network Devices > Topology.
  2. Select the container where the devices are located.
  3. In the Devices view, use Ctrl-click or Shift-click to select the devices to modify.
  4. Right-click the devices and click Set Model Configuration.

Apply Default Attribute Group

  1. From the top drill down menu, select Detail Configuration.
  2. Click the Enable RADIUS checkbox.
  3. Click Enable Local.
  4. Click the Default RADIUS Attribute Group checkbox. The associated drill down menu will appear.
  5. From the drill down, select the desired RADIUS Attribute Group.
  6. Click OK to save changes or proceed to define additional RADIUS Attribute Groups.

Apply Additional RADIUS Attribute Groups to Logical Networks

  1. From the top drill down, select the desired Logical Network to modify.
  2. Click Additional Attribute Group checkbox. The associated drill down menu will appear.
  3. From the drill down, select the desired RADIUS Attribute Group.
  4. Repeat steps 10-12 to add and modify additional Logical Networks as needed.
  5. Click OK to save changes.