Hi JoseAlberto,
I've been using Microsoft RADIUS to access my ERS8600's for over 10 years now (2003, 2008, 2012 2012R2) without any issues.
Here is what you require to configure on ERS8600:
- Enable RADIUS globally on ERS8600
- Configure RADIUS server(s) on ERS8600, enabled and with the correct shared key
Then on MS NPS:
- Add the specific device as a RADIUS client with the corresponding shared secret
- You can create a connection request policy. It is is not required but it eases distinction of policies
- Create a network policy and have a condition of friendly name or nas IP-address of the ERS8600 added
- Also have the specific user group added of which you, as an ERS8600 admin, are member of.
- In the constraint tab, add Microsoft: Protected EAP as a EAP method.
- Enable MSCHAPv2 (EAP-MSCHAPv2). If this does not work add the less secure PAP/SPAP methods
- Then in settings, add a VSA with vendor radius standard and a value of 6 (RWA).
- Edit the VSA and enter vendor code 1584. Select yes it conform (RADIUS RFC)
- click configure attribute and use value 192 for Vendor-assigned attribute, atrribute format decimal and attribute value 6 (RWA).
Apply the config to NPS and you should have a working setup.
Be aware! Unfortunately EDM does not recognize the atribute value returned by RADIUS, resulting in an Always RWA ccess regardless the value being set (even RO)! I've addressed a feature request at Avaya last year, but I assume it will take a long time to get this added within EDM.