Extreme VSA

  • 0
  • 1
  • Question
  • Updated 4 years ago
  • Answered
Is there a list of all Extreme VSA's that I can pass back to our switches from our NPS server. Currently we just pass back a vlan that machines should be dropped into. I would like to see if there is anything else we could do. (run ACL on the port, run UPM script,...)
Thanks
Photo of bw447

bw447

  • 916 Points 500 badge 2x thumb

Posted 5 years ago

  • 0
  • 1
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hey bw447 I will check the list of VA AS and post later. You can launch a UPM profile with user login trigger which doesn't need a VSA.
Photo of Sumit Tokle

Sumit Tokle, Alum

  • 5,738 Points 5k badge 2x thumb

Extreme: Netlogin-Extended-VLAN 211 String

Extreme: Netlogin-VLAN-Name 203 String

Extreme: Netlogin-VLAN-ID 209 Integer

Extreme: Netlogin-URL 204 String

Extreme: Netlogin-URL-Desc 205 String

Extreme: Netlogin-Only 206 Integer...


@ paul, If possible, can you share UPM script?

Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb
The complete list is:
VENDOR Extreme 1916
ATTRIBUTE Extreme-CLI-Authorization 201 integer
ATTRIBUTE Extreme-Shell-Command 202 string
ATTRIBUTE Extreme-Netlogin-Vlan 203 string
ATTRIBUTE Extreme-Netlogin-Url 204 string
ATTRIBUTE Extreme-Netlogin-Url-Desc 205 string
ATTRIBUTE Extreme-Netlogin-Only 206 integer
ATTRIBUTE Extreme-User-Location 208 string
ATTRIBUTE Extreme-Netlogin-Vlan-Tag 209 integer
ATTRIBUTE Extreme-Netlogin-Extended-Vlan 211 string
ATTRIBUTE Extreme-Security-Profile 212 string
VALUE Extreme-CLI-Authorization Disabled 0
VALUE Extreme-CLI-Authorization Enabled 1
VALUE Extreme-Netlogin-Only Disabled 0
VALUE Extreme-Netlogin-Only Enabled 1


For a detailed explanation of each one of these, please refer to EXOS Concepts guide.

Regards, Daniel

Photo of bw447

bw447

  • 916 Points 500 badge 2x thumb
Thanks for the info @Paul, @Daniel
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Good morning bw447 I am traveling today so I may not be able to do the UPM until later. The concepts guide is pretty detailed on how it works. Give it a look and if you have questions let us know.

P
Photo of Sumit Tokle

Sumit Tokle, Alum

  • 5,738 Points 5k badge 2x thumb
Does TACACS+ VSA are the same as that of Radius server on Extreme device?
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb
Sumit,

VSAs exist only in RADIUS. TACACS+ has AV (Attribute-Value) pairs, that would be the equivalent to VSAs in RADIUS.

Most VSAs in EXOS are related to Network Login, which requires RADIUS and does not support TACACS+.

So, NO, VSAs are only for RADIUS.

Regards, Daniel
Photo of Gilmour, Scott

Gilmour, Scott

  • 60 Points
Hi,
Is there a way to get the Extreme VSA's onto the Windows 2008 Server R2 so they are permanent in NPS?  It appears the only way to enter the VSA's is per policy rather than the Attributes list.  I am looking for a way to select them from the attributes list on a per policy need basis. 
Thanks
Scott
(Edited)