By default, Management Center assumes that the Blue Coat VSA is in use. If there is a need to use other than Bluecoat VSA, either or both role membership and group membership attribute in Administration > Settings > RADIUS needs to be defined with Vendor's VSA.
Management Center running supported version
Using Packeteer-AVPair (Packeteer's VSA)
If radius server return an Access-Accept response, the expectation is a Packeteer-AVPair VSA and value (network-admin) are included.
The Role values can be predefined in Management Center GUI > Administration > Roles with proper permission
When inputting the value, we highly suggest to type it manually (case sensitive). Avoid a copy/paste from any graphical interfaces as this could present extra characters or similar clipboard anomalies.
Radius client such as Management Center do not send VSA.
Your own radius server logs or packet capture should be able to confirm what attributes and values are being sent in radius response.