Hi,
Currently followed this article in configuring management access for ERS switches:
https://extremeportal.force.com/ExtrArticleDetail?an=000082104
Believe the important step is to make sure the “Passport-Access-Priority” attribute is set. The packet capture below from NAC shows it is sending back the RADIUS accept with the attribute set to 6:
I created my own custom RADIUS attribute as was previous using the ‘RFC 3580 - VLAN ID” and could not see one that used the same values plus the one the article talked about. There is one pre-canned ones that come close but was not exactly the same:
The other thing that is slightly different is the article mentions setting it to “Management Login”, but I need to do RFC 3580 VLAN ID for 802.1x authentication, so have it set as per below:
My question is though, if I’m sending what seems to be the correct RADIUS attribute with a RADIUS accept, why is the switch not letting my login?
The switch is an ERS 3626GTS
Version: 6.3.0.33
Many thanks in advance
Hey Martin,
Try sending Service-Type=6 and let me know if that fixes it.
Thanks
-Ryan
Hi Ryan,
Thanks for getting back. That did work!
Need to do a little bit of a play, but assume as the article specifically mentions the passport attribute its needed as well?
Cheers,
Martin
To be honest I’m not sure. I’ve seen some ERS switches require Service-Type instead.
I’m thinking maybe the passport access priority might control read-write vs read-only in some version of ERS? We would need to investigate further to provide an official answer.
Just for info, the passport attribute is for ERS8600 (running VOSS), the ERS running BOSS uses Service Type attribute.
Mig
Contact Us:Sam PirokCommunity@extremenetworks.com
Terms of UsePrivacy and Cookies Policy