ExtremeSwitching (VSP)

Expand all | Collapse all

NAC - VSP/ERS switch management using LDAP credentials

  • 1.  NAC - VSP/ERS switch management using LDAP credentials

    Posted 06-11-2018 12:07
    I am trying to use NAC to allow switch management access (SSH/Telnet/Web) for an LDAP group.
    Currently the VSP/ERS switches have been added to XMC NAC and I am able to backup configs, use scripts, etc. I am also able to assign VLANs to the ports via LDAP authentication.
    Does anyone have instructions on how to configure NAC Policy to send the correct values to the VSP/ERS switches to allow management access?


  • 2.  RE: NAC - VSP/ERS switch management using LDAP credentials

    Posted 06-11-2018 12:37
    Hello James,

    Give this article a shot:

    https://gtacknowledge.extremenetworks.com/articles/How_To/allowing-mangement-access-to-Avaya-switche...

    :edit: you'll need to create a rule with an LDAP user group criteria, but this article details the AVP that should work for management login :edit:

    Thanks
    -Ryan


  • 3.  RE: NAC - VSP/ERS switch management using LDAP credentials

    Posted 06-11-2018 12:42
    Hi,
    I guess the RADIUS server has to send back the RADIUS Attribute "Filter-ID" with the following information (for Enterasys switches):
    Enterasys:version=1:mgmt=su:[/code]Detailed information may be availabe if you search for "filter-id" in the knowledge base (i.e.:
    https://gtacknowledge.extremenetworks.com/articles/Q_A/What-filter-id-is-required-for-administrative...

    Hope this will be helpful.
    Regards,
    Axel


  • 4.  RE: NAC - VSP/ERS switch management using LDAP credentials

    Posted 06-11-2018 12:37
    Ryan,
    Thank you. This is what I was looking for.
    Is there a way we can append an article to add the VSP/ERS RADIUS commands?


  • 5.  RE: NAC - VSP/ERS switch management using LDAP credentials

    Posted 06-11-2018 12:37
    Hello James,

    It can be appended, do you have a working configuration I can use to add content to the article?

    Thanks
    -Ryan


  • 6.  RE: NAC - VSP/ERS switch management using LDAP credentials

    Posted 06-11-2018 12:37
    Yes, Below are the commands for VSP8284 v7.0.
    enable
    config terminal
    radius server host