ExtremeSwitching (Other)

 View Only
  • 1.  ERS4900 Enhanced Secure Mode & RADIUS

    Posted 02-24-2022 11:29
    Has anyone gotten this to work? I've enabled enhanced secure mode, configured 2 radius servers, set cli password telnet radius. However, when I go to login it says authentication failed, but on the Windows server it shows audit success. Wireshark also sees the radius accept message. We have other Extreme/Avaya switches (VSP & ERS) and we can login to anything not running in enhanced secure mode. Is there some additional attribute we need to send back to the switch?

  • 2.  RE: ERS4900 Enhanced Secure Mode & RADIUS
    Best Answer

    Posted 03-03-2022 09:37
    After a lot of digging I finally have the answer. There is an additional RADIUS attribute that needs to be sent back to the switch. The NAS-Filter-Rule attribute was the key. We had to edit C:\Windows\System32\ias\dnary (XML file) to add the attribute to the list in NPS. Added this bit of code:


    After rebooting the server I was then able to add this attribute to a network policy in NPS.