question

joaomanoelc avatar image
0 Votes"
joaomanoelc asked joaomanoelc answered

Reason Code 49 The RADIUS request did not match with FortiSwitch 248D

I have a RADIUS with WinServer 2016 and I will use the RADIUS Client FortiSwitch 248D for 802.1X network authentication

when configuring the FortiSwitch as RADIUS Client a log is generated in the NPS with access denied.



Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
Security ID: NULL SID
Account Name: radius1
Account Domain: -
Fully Qualified Account Name: -

Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: 192.168.15.241
Calling Station Identifier: -

NAS:
NAS IPv4 Address: 192.168.15.241
NAS IPv6 Address: -
NAS Identifier: Fortinet
NAS Port-Type: Ethernet
NAS Port: -

RADIUS Client:
Client Friendly Name: Fortinet
Client IP Address: 192.168.15.241

Authentication Details:
Connection Request Policy Name: -
Network Policy Name: -
Authentication Provider: -
Authentication Server: Lab-radius.apps-gjc.com.br
Authentication Type: -
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 49
Reason: The RADIUS request did not match any configured connection request policy (CRP).


97964-network-policies-ethernet.png
97965-conection-request-policies-ethernet.png


windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered SunnyQi-MSFT edited

Hi,

Thanks for posting in Q&A platform.

May I know when did you encounter this error? When configured the FortiSwitch 248D as a RADIUS client? If you have configured the FortiSwitch 248D as a RADIUS client in the following option first?

98106-image.png

Please kindly understand that FortiSwitch 248D is a third party product that we're not familiar with, I would suggest you could contact FortiSwitch support for further troubleshooting.

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


image.png (41.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

joaomanoelc avatar image
0 Votes"
joaomanoelc answered

the switch was added as a RADIUS Client as seen in the image.

the same procedure was done for a WiFi TP-link and it worked without problems.

when configuring FortiSwitch with the IP and secret password of the RADIUS Server, the validation is done successfully, but immediately afterwards, if you do another test to validate the configuration, it is returned as invalid.
98255-radius-client-fortiswitch.png


98239-edit-radius-server-fortiswitch-248d.png



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.