Microsoft NPS server VSA configuration for Extreme-CLIAuthorization

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
I'm trying to configure management access to our new extreme 8810s via a microsoft NPS server (running on 2012 R2, but the NPS portion hasn't changed since 2008). 

I've defined a policy tied to a windows group and the authentication works, but my user had RO access only.

To fix this I've defined a VSA with Vendor Code 1916, set the attribute to "Yes It Conforms", Vendor-Assigned Attribute number is 201, Attribute format is Decimal, Attribute value is set to 1.

This should allow my switch adminstrator login to have RW access to the switch, but I'm still getting RO access only.

Here is a screencap of my settings:

Does anyone have additional documentation or experience getting this VSA to work with the microsoft NPS?  So far research hasn't turned up any working examples.
Photo of Ron Prague

Ron Prague

  • 742 Points 500 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 51,458 Points 50k badge 2x thumb
Official Response
I've tried that 2 weeks ago successful in my lab so below my notes with screenshots.

Looks like our screenshots look identical so I think the only thing is missing on your site is to set the Service-Type to Administrative.
I run into the same issue and took me a while to find the error.