https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-vsp-ers-switch-management-using-ldap-credentials/m-p/8777#M358 Hi,<BR /> I guess the RADIUS server has to send back the RADIUS Attribute "Filter-ID" with the following information (for Enterasys switches):<BR /> Enterasys:version=1:mgmt=su:Detailed information may be availabe if you search for "filter-id" in the knowledge base (i.e.:<BR /> <A href="https://gtacknowledge.extremenetworks.com/articles/Q_A/What-filter-id-is-required-for-administrative-login/?q=filter-id&amp;#38;l=en_US&amp;#38;fs=Search&amp;#38;pn=1" target="_blank" rel="nofollow noreferrer noopener">https://gtacknowledge.extremenetworks.com/articles/Q_A/What-filter-id-is-required-for-administrative...</A><BR /> <BR /> Hope this will be helpful.<BR /> Regards,<BR /> Axel<BR /> Mon, 11 Jun 2018 19:42:00 GMT ar1 2018-06-11T19:42:00Z https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-vsp-ers-switch-management-using-ldap-credentials/m-p/8772#M353 I am trying to use NAC to allow switch management access (SSH/Telnet/Web) for an LDAP group. <BR /> Currently the VSP/ERS switches have been added to XMC NAC and I am able to backup configs, use scripts, etc. I am also able to assign VLANs to the ports via LDAP authentication.<BR /> Does anyone have instructions on how to configure NAC Policy to send the correct values to the VSP/ERS switches to allow management access? Mon, 11 Jun 2018 19:07:00 GMT https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-vsp-ers-switch-management-using-ldap-credentials/m-p/8772#M353 Jay6 2018-06-11T19:07:00Z https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-vsp-ers-switch-management-using-ldap-credentials/m-p/8773#M354 Hello James,<BR /> <BR /> Give this article a shot: <BR /> <BR /> <A href="https://gtacknowledge.extremenetworks.com/articles/How_To/allowing-mangement-access-to-Avaya-switches-via-NAC-access-control-setup" target="_blank" rel="nofollow noreferrer noopener">https://gtacknowledge.extremenetworks.com/articles/How_To/allowing-mangement-access-to-Avaya-switche...</A><BR /> <BR /> :edit: you'll need to create a rule with an LDAP user group criteria, but this article details the AVP that should work for management login :edit:<BR /> <BR /> Thanks<BR /> -Ryan Mon, 11 Jun 2018 19:37:00 GMT https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-vsp-ers-switch-management-using-ldap-credentials/m-p/8773#M354 Ryan_Yacobucci 2018-06-11T19:37:00Z https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-vsp-ers-switch-management-using-ldap-credentials/m-p/8774#M355 Ryan,<BR /> Thank you. This is what I was looking for.<BR /> Is there a way we can append an article to add the VSP/ERS RADIUS commands? Mon, 11 Jun 2018 19:37:00 GMT https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-vsp-ers-switch-management-using-ldap-credentials/m-p/8774#M355 Jay6 2018-06-11T19:37:00Z https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-vsp-ers-switch-management-using-ldap-credentials/m-p/8775#M356 Hello James,<BR /> <BR /> It can be appended, do you have a working configuration I can use to add content to the article?<BR /> <BR /> Thanks<BR /> -Ryan Mon, 11 Jun 2018 19:37:00 GMT https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-vsp-ers-switch-management-using-ldap-credentials/m-p/8775#M356 Ryan_Yacobucci 2018-06-11T19:37:00Z https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-vsp-ers-switch-management-using-ldap-credentials/m-p/8776#M357 Yes, Below are the commands for VSP8284 v7.0.<BR /> enable<BR /> config terminal<BR /> radius server host <NAC ip=""> key <SHARED secret=""> used-by cli enable<BR /> (optional) radius reachability mode status-server<BR /> radius enable<BR /> <BR /></SHARED></NAC> Mon, 11 Jun 2018 19:37:00 GMT https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-vsp-ers-switch-management-using-ldap-credentials/m-p/8776#M357 Jay6 2018-06-11T19:37:00Z https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-vsp-ers-switch-management-using-ldap-credentials/m-p/8777#M358 Hi,<BR /> I guess the RADIUS server has to send back the RADIUS Attribute "Filter-ID" with the following information (for Enterasys switches):<BR /> Enterasys:version=1:mgmt=su:Detailed information may be availabe if you search for "filter-id" in the knowledge base (i.e.:<BR /> <A href="https://gtacknowledge.extremenetworks.com/articles/Q_A/What-filter-id-is-required-for-administrative-login/?q=filter-id&amp;#38;l=en_US&amp;#38;fs=Search&amp;#38;pn=1" target="_blank" rel="nofollow noreferrer noopener">https://gtacknowledge.extremenetworks.com/articles/Q_A/What-filter-id-is-required-for-administrative...</A><BR /> <BR /> Hope this will be helpful.<BR /> Regards,<BR /> Axel<BR /> Mon, 11 Jun 2018 19:42:00 GMT https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-vsp-ers-switch-management-using-ldap-credentials/m-p/8777#M358 ar1 2018-06-11T19:42:00Z