NAC filter-id: null when doing switch management access

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
  • (Edited)
Currently have NAC configured to proxy network access for computer authentication using eap-tls and also switch management access to FreeRadius.

Computer authorisation is being done by querying host name to a valid entry in LDAP.

Switch authorisation is being done by querying username and password to kerberos.

Each works in the that a radius Accept is being returned to the switch in each case. The problem I have is that NAC is reporting the filter-id as null when doing switch management login.

So my question is, can NAC, just as you can do with a typical profile, change / add the filter id radius attribute to include "Enterasys:mgmt=su" instead of having to configure it somehow in FreeRadius.

Many thanks in advance.

Note: In NAC when editing the switch I have the "Gateway RADIUS Attributes to send  = Extreme Policy"
Photo of Martin Flammia

Martin Flammia

  • 6,006 Points 5k badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Mike Thomas

Mike Thomas, Employee - GTAC - NMS

  • 7,590 Points 5k badge 2x thumb
Official Response
Yes it can. Please review the following article. In the policy mappings applied for specific users you can add this in. Note the bottom of the last pic (current today) under management attributes.
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-NAC-for-custom-radius-att...

Below is the default administrator profile that may be able to be used, or for a reference.