This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ERS Management Login Via ExtremeControl

ERS Management Login Via ExtremeControl

Go to solution
Anonymous
Not applicable

‎02-28-2020 09:42 AM

Hi,

Currently followed this article in configuring management access for ERS switches:

https://extremeportal.force.com/ExtrArticleDetail?an=000082104

Believe the important step is to make sure the “Passport-Access-Priority” attribute is set. The packet capture below from NAC shows it is sending back the RADIUS accept with the attribute set to 6:

 

ddcd128df20b4e2bac2a0d86914b88aa_eb0fadfe-72aa-4c5d-b1d8-23ce8f1680f5.png

 

I created my own custom RADIUS attribute as was previous using the ‘RFC 3580 - VLAN ID” and could not see one that used the same values plus the one the article talked about. There is one pre-canned ones that come close but was not exactly the same:

 

ddcd128df20b4e2bac2a0d86914b88aa_bed28c7c-b45e-4339-a52e-0c132720bf99.png

 

The other thing that is slightly different is the article mentions setting it to “Management Login”, but I need to do RFC 3580 VLAN ID for 802.1x authentication, so have it set as per below:

 

ddcd128df20b4e2bac2a0d86914b88aa_e1ca960b-2adc-4775-a6f7-6e2a89c4d54a.png

 

ddcd128df20b4e2bac2a0d86914b88aa_9506c9fa-1096-420a-9972-20e1db625baf.png

My question is though, if I’m sending what seems to be the correct RADIUS attribute with a RADIUS accept, why is the switch not letting my login?

The switch is an ERS 3626GTS

Version: 6.3.0.33

Many thanks in advance

 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Ryan_Yacobucci
Extreme Employee

‎02-29-2020 06:23 PM

Hey Martin,

 

Try sending Service-Type=6 and let me know if that fixes it.

 

Thanks

-Ryan

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
Miguel-Angel_RO
Valued Contributor II

‎03-19-2020 09:39 AM

Just for info, the passport attribute is for ERS8600 (running VOSS), the ERS running BOSS uses Service Type attribute.

Mig

0 Kudos

Go to solution
Ryan_Yacobucci
Extreme Employee

‎02-29-2020 07:48 PM

Hey Martin,

 

To be honest I’m not sure. I’ve seen some ERS switches require Service-Type instead. 

 

I’m thinking maybe the passport access priority might control read-write vs read-only in some version of ERS? We would need to investigate further to provide an official answer.

 

Thanks

-Ryan

0 Kudos

Go to solution
Anonymous
Not applicable

‎02-29-2020 07:36 PM

Hi Ryan,

Thanks for getting back. That did work!

Need to do a little bit of a play, but assume as the article specifically mentions the passport attribute its needed as well?

Cheers,

Martin

0 Kudos

Go to solution
Ryan_Yacobucci
Extreme Employee

‎02-29-2020 06:23 PM

Hey Martin,

 

Try sending Service-Type=6 and let me know if that fixes it.

 

Thanks

-Ryan

0 Kudos
GTM-P2G8KFN