Chapter 3 Authentication for FortiOS 5.0 : Authentication servers : RADIUS servers : Microsoft RADIUS servers : RADIUS attribute value pairs
  
RADIUS attribute value pairs
RADIUS packets include a set of attribute value pairs (AVP) to identify information about the user, their location and other information. The FortiGate unit sends the following RADIUS attributes.
Table 18: FortiOS supported RADIUS attributes
RADIUS Attribute
Name
Description
AVP type
1
Acct-Session-ID
Unique number assigned to each start and stop record to make it easy to match them, and to eliminate duplicate records.
44
2
username
Name of the user being authenticated
1
3
NAS-Identifier
Identifier or IP address of the Network Access Server (NAS) that is requesting authentication. In this case, the NAS is the FortiGate unit.
32
4
Framed-IP-Address
Address to be configured for the user.
8
5
Fortinet-VSA
See “Vendor-specific attributes”
26
6
Acct-Input-Octets
Number of octets received from the port over the course of this service being provided.
Used to charge the user for the amount of traffic they used.
42
7
Acct-Output-Octets
Number of octets sent to the port while delivering this service.
Used to charge the user for the amount of traffic they used.
43
 
Table 19 describes the supported authentication events and the RADIUS attributes that are sent in the RADIUS accounting message.
Table 19: RADIUS attributes sent in RADIUS accounting message
 
RADIUS Attributes
Authentication Method
1
2
3
4
5
6
7
Web
a
a
a
 
a
 
 
XAuth of IPsec (without DHCP)
a
a
a
 
a
 
 
XAuth of IPsec (with DHCP)
a
a
a
a
a
 
 
PPTP/L2TP (in PPP)
a
a
a
a
a
a
a
SSL-VPN
a
a
a
 
a