Extreme Networks

Jay6 · ‎06-11-2018

I am trying to use NAC to allow switch management access (SSH/Telnet/Web) for an LDAP group.
Currently the VSP/ERS switches have been added to XMC NAC and I am able to backup configs, use scripts, etc. I am also able to assign VLANs to the ports via LDAP authentication.
Does anyone have instructions on how to configure NAC Policy to send the correct values to the VSP/ERS switches to allow management access?

ar1 · ‎06-11-2018

Hi,
I guess the RADIUS server has to send back the RADIUS Attribute "Filter-ID" with the following information (for Enterasys switches):
Enterasys:version=1:mgmt=su:Detailed information may be availabe if you search for "filter-id" in the knowledge base (i.e.:
https://gtacknowledge.extremenetworks.com/articles/Q_A/What-filter-id-is-required-for-administrative...

Hope this will be helpful.
Regards,
Axel

Ryan_Yacobucci · ‎06-11-2018

Hello James,

Give this article a shot:

https://gtacknowledge.extremenetworks.com/articles/How_To/allowing-mangement-access-to-Avaya-switche...

:edit: you'll need to create a rule with an LDAP user group criteria, but this article details the AVP that should work for management login :edit:

Thanks
-Ryan

Jay6 · ‎06-11-2018

Yes, Below are the commands for VSP8284 v7.0.
enable
config terminal
radius server host key used-by cli enable
(optional) radius reachability mode status-server
radius enable

Ryan_Yacobucci · ‎06-11-2018

Hello James,

It can be appended, do you have a working configuration I can use to add content to the article?

Thanks
-Ryan

Extreme Networks

NAC - VSP/ERS switch management using LDAP credentials

NAC - VSP/ERS switch management using LDAP credentials