FG-5KD3915xxxxxx # config user radius
FG-5KD3915xxxxxx (radius) # edit RadiusRsso
FG-5KD3915xxxxxx (RadiusRsso) # show
config user radius
edit "RadiusRsso"
set rsso enable
set rsso-secret ENC Vx0Ejb2KhG9RAaiiyI45B
set rsso-context-timeout 0
set rsso-flush-ip-session enable
next
end
FG-5KD3915xxxxxx (RadiusRsso) # set rsso-ep-one-ip-only disable
FG-5KD3915xxxxxx (RadiusRsso) # end
FG-5KD3915xxxxxx # ui config version changed
config change start
0: update vd root
server config 0 del
filled server 'RadiusRsso' for vdom 'root'
server config 0 add OK
if=mgmt1 interface is up to date (listen enabled)
config change done
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:
** no entries **
FG-5KD3915xxxxxx # Received radius accounting eventvd 0:root Add/Update auth logon for IP 10.134.9.210 for user 33471995587
DB 0 insert [ep='33471995587' pg='Group0' ip='10.134.9.210/32'] success
FG-5KD3915xxxxxx #
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:
"index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
1,1481293102,00:00:00,"10.134.9.210""33471995587","allow","no log","Group0",1,No
FG-5KD3915xxxxxx # Received radius accounting eventvd 0:root Add/Update auth logon for IP 10.134.9.209 for user 33471995587
DB 0 insert [ep='33471995587' pg='Group0' ip='10.134.9.209/32'] success
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:
"index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
1,1481293102,00:00:00,"10.134.9.210""33471995587","allow","no log","Group0",2,No
2,1481293151,00:00:00,"10.134.9.209""33471995587","allow","no log","Group0",2,No
FG-5KD3915xxxxxx # Received radius accounting eventvd 0:root Remove auth logon for IP 10.134.9.209 for user 33471995587
vd 0:root Add/Update auth logon for IP 10.134.9.209 for user 33471995589
DB 0 insert [ep='33471995589' pg='Group0' ip='10.134.9.209/32'] success
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:
"index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
1,1481293102,00:00:00,"10.134.9.210""33471995587","allow","no log","Group0",1,No
2,1481293176,00:00:00,"10.134.9.209""33471995589","allow","no log","Group0",1,No
FG-5KD3915xxxxxx # show user radius RadiusRsso
config user radius
edit "RadiusRsso"
set rsso enable
set rsso-secret ENC xfaj553lzDOhcHYL5sUynSN
set rsso-context-timeout 0
set rsso-flush-ip-session enable
next
end
FG-5KD3915xxxxxx # config user radius
FG-5KD3915xxxxxx (radius) # edit RadiusRsso
FG-5KD3915xxxxxx (RadiusRsso) # get
name : RadiusRsso
timeout : 5
radius-coa : disable
h3c-compatibility : disable
username-case-sensitive: disable
class :
password-renewal : disable
rsso : enable
rsso-radius-server-port: 1813
rsso-radius-response: disable
rsso-validate-request-secret: disable
rsso-secret : *
rsso-endpoint-attribute: Calling-Station-Id
rsso-endpoint-block-attribute:
sso-attribute : Class
sso-attribute-key :
sso-attribute-value-override: enable
rsso-context-timeout: 0
rsso-log-period : 0
rsso-log-flags : protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other
rsso-flush-ip-session: enable
rsso-ep-one-ip-only : disable
FG-5KD3915xxxxxx (RadiusRsso) # set rsso-ep-one-ip-only enable
FG-5KD3915xxxxxx (RadiusRsso) # end
FG-5KD3915xxxxxx # ui config version changed
endconfig change start
0: update vd root
server config 0 del
filled server 'RadiusRsso' for vdom 'root'
server config 0 add OK
if=mgmt1 interface is up to date (listen enabled)
vd 0:root Add/Update auth logon for IP 10.134.9.210 for user 33471995587
vd 0:root Add/Update auth logon for IP 10.134.9.209 for user 33471995589
config change done
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:
"index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
1,1481293102,00:00:00,"10.134.9.210""33471995587","allow","no log","Group0",1,No
2,1481293176,00:00:00,"10.134.9.209""33471995589","allow","no log","Group0",1,No
FG-5KD3915xxxxxx # Received radius accounting eventvd 0:root Remove auth logon for IP 10.134.9.209 for user 33471995589
vd 0:root Add/Update auth logon for IP 10.134.9.208 for user 33471995589
DB 0 insert [ep='33471995589' pg='Group0' ip='10.134.9.208/32'] success
FG-5KD3915xxxxxx # diagnose test application radiusd 33
RADIUS server database [vd root]:
"index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile"
1,1481293102,00:00:00,"10.134.9.210""33471995587","allow","no log","Group0",1,No
2,1481293276,00:00:00,"10.134.9.208""33471995589 ","allow","no log","Group0",1,No
3,1481293176,00:00:00,"10.134.9.209""","n/a","n/a","",0,Yes
FG-5KD3915 xxxxxx # Received radius accounting eventvd 0:root Remove auth logon for IP 10.134.9.208 for user 33471995589 vd 0:root Add/Update auth logon for IP 10.134.9.207 for user 33471995589 DB 0 insert [ep='33471995589' pg='Group0' ip='10.134.9.207/32'] success
FG-5KD3915xxxxxx # diagnose test application radiusd 33 RADIUS server database [vd root]: "index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile" 1,1481293102,00:00:00,"10.134.9.210""33471995587","allow","no log","Group0",1,No 2,1481293349,00:00:00,"10.134.9.207""33471995589","allow","no log","Group0",1,No 3,1481293176,00:00:00,"10.134.9.209""","n/a","n/a"," ",0,Yes 4,1481293276,00:00:00,"10.134.9.208""","n/a","n/a"," ",0,Yes
FG-5KD3915 xxxxxx # Received radius accounting eventvd 0:root Add/Update auth logon for IP 10.134.9.208 for user 33471995588 DB 0 insert [ep='33471995588' pg='Group0' ip='10.134.9.208/32'] success
FG-5KD3915xxxxxx # diagnose test application radiusd 33 RADIUS server database [vd root]: "index","start time","time left","ip","endpoint","block status","log status","profile group","ref count","use default profile" 1,1481293102,00:00:00,"10.134.9.210""33471995587","allow","no log","Group0",1,No 2,1481293349,00:00:00,"10.134.9.207""33471995589","allow","no log","Group0",1,No 3,1481293393,00:00:00,"10.134.9.208""33471995588","allow","no log","Group0",1,No 4,1481293176,00:00:00,"10.134.9.209""","n/a","n/a"," ",0,Yes
Related Articles
Technical Note: RSSO maximum time connection and authentication timers
Technical Note: Custom FortiGate IPS signature to block Interim Radius packets
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.