Per the "Help" in NetSight / Extreme Management Center (*see the "note" in bold below):
This Help topic provides information on how to configure authentication using the Extreme Access Control engine RADIUS server to locally terminate 802.1X EAP authentication requests. There are three methods that can be used to do this, depending on the protocol that is used:
• LDAP Authentication - Uses a backend Active Directory server or LDAP server, and RADIUS server and client certificates (if required) to authenticate users.
• Local Authentication - Uses a local password repository, and RADIUS server and client certificates (if required) to authenticate users.
• RADIUS Certificates only - Uses only RADIUS server and client certificates to authenticate users (no password is required).
The following chart lists the protocols that are supported for local RADIUS termination, and shows whether the protocol uses RADIUS certificates and/or passwords to authenticate users. If passwords are required, you can then decide whether to use LDAP or local authentication for password verification. The chart also lists the hash types supported by each protocol for user password encryption. *Note that PEAP (TLS) is not supported for local RADIUS termination and is only supported in a proxy RADIUS configuration.