Reason Code 49 The RADIUS request did not match with FortiSwitch 248D

joaomanoelc 171 Reputation points
2021-05-19T17:34:08.913+00:00

I have a RADIUS with WinServer 2016 and I will use the RADIUS Client FortiSwitch 248D for 802.1X network authentication

when configuring the FortiSwitch as RADIUS Client a log is generated in the NPS with access denied.

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
Security ID: NULL SID
Account Name: radius1
Account Domain: -
Fully Qualified Account Name: -

Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: 192.168.15.241
Calling Station Identifier: -

NAS:
NAS IPv4 Address: 192.168.15.241
NAS IPv6 Address: -
NAS Identifier: Fortinet
NAS Port-Type: Ethernet
NAS Port: -

RADIUS Client:
Client Friendly Name: Fortinet
Client IP Address: 192.168.15.241

Authentication Details:
Connection Request Policy Name: -
Network Policy Name: -
Authentication Provider: -
Authentication Server: Lab-radius.apps-gjc.com.br
Authentication Type: -
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 49
Reason: The RADIUS request did not match any configured connection request policy (CRP).

97964-network-policies-ethernet.png
97965-conection-request-policies-ethernet.png

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
11,724 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Sunny Qi 10,941 Reputation points Microsoft Vendor
    2021-05-20T05:21:35.047+00:00

    Hi,

    Thanks for posting in Q&A platform.

    May I know when did you encounter this error? When configured the FortiSwitch 248D as a RADIUS client? If you have configured the FortiSwitch 248D as a RADIUS client in the following option first?

    98106-image.png

    Please kindly understand that FortiSwitch 248D is a third party product that we're not familiar with, I would suggest you could contact FortiSwitch support for further troubleshooting.

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. joaomanoelc 171 Reputation points
    2021-05-20T11:49:45.597+00:00

    the switch was added as a RADIUS Client as seen in the image.

    the same procedure was done for a WiFi TP-link and it worked without problems.

    when configuring FortiSwitch with the IP and secret password of the RADIUS Server, the validation is done successfully, but immediately afterwards, if you do another test to validate the configuration, it is returned as invalid.
    98255-radius-client-fortiswitch.png

    98239-edit-radius-server-fortiswitch-248d.png

    0 comments No comments