Showing results forย 
Search instead forย 
Did you mean:ย 

Microsoft NPS server VSA configuration for Extreme-CLIAuthorization

Microsoft NPS server VSA configuration for Extreme-CLIAuthorization

New Contributor II
I'm trying to configure management access to our new extreme 8810s via a microsoft NPS server (running on 2012 R2, but the NPS portion hasn't changed since 2008).

I've defined a policy tied to a windows group and the authentication works, but my user had RO access only.

To fix this I've defined a VSA with Vendor Code 1916, set the attribute to "Yes It Conforms", Vendor-Assigned Attribute number is 201, Attribute format is Decimal, Attribute value is set to 1.

This should allow my switch adminstrator login to have RW access to the switch, but I'm still getting RO access only.

Here is a screencap of my settings:

Does anyone have additional documentation or experience getting this VSA to work with the microsoft NPS? So far research hasn't turned up any working examples.


If you don't use any RADIUS proxy, than pap is sufficient for management login. Your credentials are secured by the RADIUS shared secret. So, there is no need for challenge handshake protocols.

Kind regrards

Hi Christoph,

Thanks for your information.

New Contributor II
Hi sir,

What Authentication Method support ?
NPS -> don't work in mschapv2 /mschap / chap,only work in pap.
Extreme Switch mgmt-access only support pap ?


New Contributor II
Thank you my friend, that fixed the issue, just adding that field under standard worked.

I've been pulling my hair out over this ๏˜› Ran a wireshark trace, found that everything was being sent to the switch etc.

Hopefully Extreme can update their documentation, its a little scant for Radius. Can't wait to start working on 802.1x next week ๏˜›