Extreme Access Control is capable of doing NTLMv2, however MsCHAPv2 authentication requires NTLMv1 in order to hash the password correctly.
Per the Extreme EAC help files:
These protocols do not work if the active directory domain server is set to only allow NTLMv2 authentication because these protocols do not use NTLMv2 and the hash passed to NAC Manager is rejected by the active directory server. Allowing only NTLMv2 authentication only works if NAC Manager proxies the 802.1x request to Microsoft IAS/NPS. Microsoft IAS/NPS allows this lower level of authentication because it is in a TLS session, which Microsoft believes makes it as secure as NTLMv2
As of 8.1.3 and 8.2.3 Extreme Control Engines now support AD environments that have lanman security level set to "NTLMV2" only.
The Extreme Control Appliance will flag itself as a server that requires NTLMv1, the protocol used will still be NTLMv1, but Microsoft will allow the communication even though "NTLMv2 Only" is set.