Hello Ruslan,
Apparently, it's still not much accurate - in Extreme within five years (when it was just EXOS) right now you have EXOS, EOS, VOSS, BOSS, NOS, SLX-OS, NetIron (?) and something minor for ISW or 200 series... But okay, with EXOS and EOS you would most likely work with Policy concept.
It is based on a different attributes, with EOS it is Filter-ID of a shape like: Enterasys:version=1:policy=[role] For EXOS though, as you can see in ONEPolicy chapter in EXOS User Guide (
https://documentation.extremenetworks.com/exos_22.5/EXOS_User_Guide_22_5.pdf), it is based on Filter-ID with just policy role name.
Those names need to match what's already configured on a switch and it contains most useful ACL-like stuff for a daily operation, briefly said (platform dependent for certain features).
Most likely you would configure Policy from Extreme Management Center (just click-out your security model, enforce and it's there on all your switches), but in case you want to do it by hand for some reason there is a nice example of an EXOS network with Policy in the User Guide.
If you are fine with EXOS ACL concept but it's too much hassle to translate your already created .pol files to Policy configuration, you can do some workaround. Vendor-Specific Attribute on RADIUS (see a full list in the guide or here:
http://www.extremenetworks.guru/exos-802-1x/, Extreme-Security-Profile is useful here), and a UPM profile (script) on EXOS.
Once your device authenticate on a port, a UPM profile will be triggered by device-authenticated event, so the port will be configured with dynamic ACLs with use of some variables (port number, MAC address, username etc.). Another UPM profile would wipe out the dynamic ACL from a port upon device-deauthenticated event.
Please let us know what direction you wish to follow so we can assist you further.
Hope that helps,
Tomasz
