Reset Search



Allowing management access to Avaya switches via NAC / access control setup

« Go Back


TitleAllowing management access to Avaya switches via NAC / access control setup
To allow access to a Avaya switch to login to the Extreme Networks Access Control Appliance.
  • Avaya
  • NAC
  • Access Control
Currently, with the release of 8.1.2.X there is no specific switch setting specific for Avaya switch/routers. Although some work with the default "Extreme Policy"

Setting up the switch settings to add in a "Radius Attributes to send" to a specific group.

Click on Control Tab->Access Control->Select Access Control Appliance
Select a Switch, Click Edit
Add a new Radius attributes to send

User-added image

Name, and add in the following.


Sample below:
User-added image

The Passport-Access-Priority is the variable of concern, the rest is added from the default "Extreme Policy"
Now we must alter the assigned policy that is assigned, so it adds the Passport-Access-Priority value

Click on Control->Click on Access Control->Configuration->Click on Profiles->Select Profile that you use for management access to switches
Select the Accept Policy and modify (using gear symbol, or Manage Policy Roles)

User-added image

Switch to advanced mode

User-added image

Add in the Custom 1 value to 6 (which is full read/write/admin access)

Here are the other values:
0=no access
1=Read Only
2,4,5 = Not used
6=Read, Write Administative

User-added image

For Legacy ERS devices (such as the 5520) also scroll down to the Management section and set the Access to User Defined.  
Mgmt Service Type set to 6 (RW) or 7 (RO):

User-added image

Additional notes
To see if the user is hitting the correct rule change to the Alarm and Events > Events.  Set the Type to All.  Attempt the management login again.  Look for the management login event.  Check to see if NAC is matching the right rule and assigning the proper policy logic that gleans out the attributes in question.  The event might not show the rule but it should show the NAC Profile etc that is associated to the rule hit.

A trace can also be taken to see what RADIUS attributes are being sent back to the switch.

Initial steps for setup can be found at:  How to configure NAC to handle Management Access from Switches

Necessary RADIUS command for VOSS devices: 
config terminal
radius server host key used-by cli enable
radius reachability mode status-server (optional)
radius enable




Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255