There is no alternative to the EPM. The RADIUS Server will return a Group Id attribute, as well as VLAN Id, and QoS level. (Note all of these attributes are optional. In this case if you are using UBP then you need the Group Id). On the EPM you would define the Group Id which would map to a set of filters that are applied to the edge switch.
Note that Nortel has a new solution called Secure Network Acess which authenticates and verifies the integrity of hosts before allowing them onto the network with requiring any special client on the host system. There is alot of details that I'm leaving out but you may want to ask Nortel about it since you are interested in this topic.