How to configure NAC to send outbound radius attributes for dhcp snooping, bpdu filtering, slpp guard

  • 19 May 2020
  • 1 reply

What configuratoin is required to setup NAC to send outbound radius attributes for configuring ERS4900 with FA radius attributes like:

dhcp snooping

bpdu filtering

slpp guard

IP-Source Guard

All this should be possible in combination with NAC and ERS 4900.

Thanks in advance

1 reply

Userlevel 6

Hi Sacha,


Whatever is supported on ERS 4900 as RADIUS attributes (see here: and, they can be configured under selected Policy Mapping in EAC configuration:


On the other hand, when adding ERS to EAC engine Switches list (authenticators), you have to specify what RADIUS attributes are to be send back if an authenticating end-system is connected to this particular switch:


For BOSS I see ready sets of RADIUS Attributes, e.g. “Extreme BOSS Fabric Attach”. It looks lke that:


So in the Policy Mapping, VLAN ID should be set and ‘Custom 1’ field shall contain I-SID number.


It will work the same for other switches and vendors. If some attribute sets are not there (like you would like to mix few attributes from different sets), you can create a new set on your own. If particular proprietary attributes are not defined (like I saw for WiNG), you can define just %CUSTOM1% and inside a Policy Mapping put entire attribute and value pair.


If you need more guidance let us know.


Hope that helps,