cancel
Showing results for 
Search instead for 
Did you mean: 

Microsoft NPS server VSA configuration for Extreme-CLIAuthorization

Microsoft NPS server VSA configuration for Extreme-CLIAuthorization

Ron_Prague
New Contributor II
I'm trying to configure management access to our new extreme 8810s via a microsoft NPS server (running on 2012 R2, but the NPS portion hasn't changed since 2008).

I've defined a policy tied to a windows group and the authentication works, but my user had RO access only.

To fix this I've defined a VSA with Vendor Code 1916, set the attribute to "Yes It Conforms", Vendor-Assigned Attribute number is 201, Attribute format is Decimal, Attribute value is set to 1.

This should allow my switch adminstrator login to have RW access to the switch, but I'm still getting RO access only.

Here is a screencap of my settings: http://imgur.com/VCswKOg

Does anyone have additional documentation or experience getting this VSA to work with the microsoft NPS? So far research hasn't turned up any working examples.

6 REPLIES 6

Christoph
Contributor
If you don't use any RADIUS proxy, than pap is sufficient for management login. Your credentials are secured by the RADIUS shared secret. So, there is no need for challenge handshake protocols.

Kind regrards
Christoph

Hi Christoph,

Thanks for your information.

Shooter_Chiang
New Contributor II
Hi sir,

What Authentication Method support ?
NPS -> don't work in mschapv2 /mschap / chap,only work in pap.
Extreme Switch mgmt-access only support pap ?

Thanks

Ron_Prague
New Contributor II
Thank you my friend, that fixed the issue, just adding that field under standard worked.

I've been pulling my hair out over this  Ran a wireshark trace, found that everything was being sent to the switch etc.

Hopefully Extreme can update their documentation, its a little scant for Radius. Can't wait to start working on 802.1x next week 
GTM-P2G8KFN