Extreme VSA


Userlevel 2
Is there a list of all Extreme VSA's that I can pass back to our switches from our NPS server. Currently we just pass back a vlan that machines should be dropped into. I would like to see if there is anything else we could do. (run ACL on the port, run UPM script,...) Thanks

8 replies

Userlevel 6
Hey bw447 I will check the list of VA AS and post later. You can launch a UPM profile with user login trigger which doesn't need a VSA.
Userlevel 4
Extreme: Netlogin-Extended-VLAN 211 String

Extreme: Netlogin-VLAN-Name 203 String

Extreme: Netlogin-VLAN-ID 209 Integer

Extreme: Netlogin-URL 204 String



Extreme: Netlogin-URL-Desc 205 String

Extreme: Netlogin-Only 206 Integer...

@ paul, If possible, can you share UPM script?
Userlevel 6
The complete list is:
VENDOR Extreme 1916
ATTRIBUTE Extreme-CLI-Authorization 201 integer
ATTRIBUTE Extreme-Shell-Command 202 string
ATTRIBUTE Extreme-Netlogin-Vlan 203 string
ATTRIBUTE Extreme-Netlogin-Url 204 string
ATTRIBUTE Extreme-Netlogin-Url-Desc 205 string
ATTRIBUTE Extreme-Netlogin-Only 206 integer
ATTRIBUTE Extreme-User-Location 208 string
ATTRIBUTE Extreme-Netlogin-Vlan-Tag 209 integer
ATTRIBUTE Extreme-Netlogin-Extended-Vlan 211 string
ATTRIBUTE Extreme-Security-Profile 212 string
VALUE Extreme-CLI-Authorization Disabled 0
VALUE Extreme-CLI-Authorization Enabled 1
VALUE Extreme-Netlogin-Only Disabled 0
VALUE Extreme-Netlogin-Only Enabled 1

For a detailed explanation of each one of these, please refer to EXOS Concepts guide.

Regards, Daniel
Userlevel 2
dflouret wrote:

The complete list is:
VENDOR Extreme 1916
ATTRIBUTE Extreme-CLI-Authorization 201 integer
ATTRIBUTE Extreme-Shell-Command 202 string
ATTRIBUTE Extreme-Netlogin-Vlan 203 string
ATTRIBUTE Extreme-Netlogin-Url 204 string
ATTRIBUTE Extreme-Netlogin-Url-Desc 205 string
ATTRIBUTE Extreme-Netlogin-Only 206 integer
ATTRIBUTE Extreme-User-Location 208 string
ATTRIBUTE Extreme-Netlogin-Vlan-Tag 209 integer
ATTRIBUTE Extreme-Netlogin-Extended-Vlan 211 string
ATTRIBUTE Extreme-Security-Profile 212 string
VALUE Extreme-CLI-Authorization Disabled 0
VALUE Extreme-CLI-Authorization Enabled 1
VALUE Extreme-Netlogin-Only Disabled 0
VALUE Extreme-Netlogin-Only Enabled 1

For a detailed explanation of each one of these, please refer to EXOS Concepts guide.

Regards, Daniel

Thanks for the info@Paul,@Daniel
Userlevel 6
dflouret wrote:

The complete list is:
VENDOR Extreme 1916
ATTRIBUTE Extreme-CLI-Authorization 201 integer
ATTRIBUTE Extreme-Shell-Command 202 string
ATTRIBUTE Extreme-Netlogin-Vlan 203 string
ATTRIBUTE Extreme-Netlogin-Url 204 string
ATTRIBUTE Extreme-Netlogin-Url-Desc 205 string
ATTRIBUTE Extreme-Netlogin-Only 206 integer
ATTRIBUTE Extreme-User-Location 208 string
ATTRIBUTE Extreme-Netlogin-Vlan-Tag 209 integer
ATTRIBUTE Extreme-Netlogin-Extended-Vlan 211 string
ATTRIBUTE Extreme-Security-Profile 212 string
VALUE Extreme-CLI-Authorization Disabled 0
VALUE Extreme-CLI-Authorization Enabled 1
VALUE Extreme-Netlogin-Only Disabled 0
VALUE Extreme-Netlogin-Only Enabled 1

For a detailed explanation of each one of these, please refer to EXOS Concepts guide.

Regards, Daniel

Good morning bw447 I am traveling today so I may not be able to do the UPM until later. The concepts guide is pretty detailed on how it works. Give it a look and if you have questions let us know. P
Userlevel 4
Does TACACS+ VSA are the same as that of Radius server on Extreme device?
Userlevel 6
Sumit,

VSAs exist only in RADIUS. TACACS+ has AV (Attribute-Value) pairs, that would be the equivalent to VSAs in RADIUS.

Most VSAs in EXOS are related to Network Login, which requires RADIUS and does not support TACACS+.

So, NO, VSAs are only for RADIUS.

Regards, Daniel
Hi,
Is there a way to get the Extreme VSA's onto the Windows 2008 Server R2 so they are permanent in NPS? It appears the only way to enter the VSA's is per policy rather than the Attributes list. I am looking for a way to select them from the attributes list on a per policy need basis.
Thanks
Scott

Reply