ExtremeCloud IQ- Site Engine & Extreme Management Center

 View Only

 ERS Management Login Via ExtremeControl

Jump to Best Answer
Martin Flammia's profile image
Martin Flammia posted 02-28-2020 09:42


Currently followed this article in configuring management access for ERS switches:


Believe the important step is to make sure the “Passport-Access-Priority” attribute is set. The packet capture below from NAC shows it is sending back the RADIUS accept with the attribute set to 6:



I created my own custom RADIUS attribute as was previous using the ‘RFC 3580 - VLAN ID” and could not see one that used the same values plus the one the article talked about. There is one pre-canned ones that come close but was not exactly the same:



The other thing that is slightly different is the article mentions setting it to “Management Login”, but I need to do RFC 3580 VLAN ID for 802.1x authentication, so have it set as per below:



My question is though, if I’m sending what seems to be the correct RADIUS attribute with a RADIUS accept, why is the switch not letting my login?

The switch is an ERS 3626GTS


Many thanks in advance


Ryan Yacobucci's profile image
Ryan Yacobucci Best Answer

Hey Martin,


Try sending Service-Type=6 and let me know if that fixes it.




Martin Flammia's profile image
Martin Flammia

Hi Ryan,

Thanks for getting back. That did work!

Need to do a little bit of a play, but assume as the article specifically mentions the passport attribute its needed as well?



Ryan Yacobucci's profile image
Ryan Yacobucci

Hey Martin,


To be honest I’m not sure. I’ve seen some ERS switches require Service-Type instead. 


I’m thinking maybe the passport access priority might control read-write vs read-only in some version of ERS? We would need to investigate further to provide an official answer.




Miguel-Angel RODRIGUEZ-GARCIA's profile image

Just for info, the passport attribute is for ERS8600 (running VOSS), the ERS running BOSS uses Service Type attribute.