For requirements of this document the following network infrastructure values have been assumed:
- NACVIEW IP server address: NACVIEW_SERV
- IP switch address: SW_IP
- RADIUS communication key: RADIUS_KEY
- Name of the RADIUS server configuration scheme: RADIUS_SCHEME
- Name of the configuration file (.cfg. format): CONF_FILE
- SWitch management interface: VLAN-interfaceX
- SNMP v2c password: SNMP_SECRET
- SNMP v3 passwords: SNMP_AUTH, SNMP_PRIV
- SNMP user: SNMP_USER
[4500G]radius scheme RADIUS_SCHEME
[4500G-radius-nacview_radius]key authentication RADIUS_KEY
[4500G-radius-nacview_radius]key accounting RADIUS_KEY
[4500G-radius-nacview_radius]primary authentication NACVIEW_SERV
[4500G-radius-nacview_radius]primary accounting NACVIEW_SERV
[4500G-radius-nacview_radius]user-name-format without-domain
[4500G-radius-nacview_radius]server type extended
[4500G-radius-nacview_radius]state active
[4500G-radius-nacview_radius]nas-ip SW_IP
[4500G-radius-nacview_radius]quit
[4500G]domain system
[4500G-isp-system]authentication lan-access radius-scheme RADIUS_SCHEME
[4500G-isp-system]accounting lan-access radius-scheme RADIUS_SCHEME
[4500G-isp-system]authorization lan-access radius-scheme RADIUS_SCHEME
[4500G-isp-system]access-limit disable
[4500G-isp-system]idle-cut disable
[4500G-isp-system]self-service-url disable
[4500G-isp-system]state active
[4500G-isp-system]quit
[4500G]radius trap authentication-server-down
[4500G]radius trap accounting-server-down
[4500G]dot1x
[4500G]dot1x quiet-period
[4500G]dot1x timer tx-period 45
[4500G]dot1x timer supp-timeout 45
[4500G]dot1x retry 10
[4500G]dot1x timer handshake-period 45
[4500G]dot1x authentication-method
After the global configuration has been set up, you need to activate authorization on all individual ports:
[4500G]dot1x interface GigabitEthernet 1/0/1
[4500G]mac-authentication
[4500G]mac-authentication interface GigabitEthernet 1/0/2
Remark: authorization ports must be set to access mode. In addition, the switch must have a properly configured VLAN to which users will be directed after the authorization.
[4500G]snmp-agent
[4500G]snmp-agent sys-info version v3
[4500G]snmp-agent trap enable
[4500G]snmp-agent group v3 SNMP_GROUP privacy notify-view ViewDefault
[4500G]snmp-agent group v3 SNMP_GROUP privacy read-view ViewDefault
[4500G]snmp-agent group v3 SNMP_GROUP privacy write-view ViewDefault
[4500G]snmp-agent usm-user v3 SNMP_USER SNMP_GROUP snmp authentication-mode sha SNMP_AUTH privacy-mode des56 SNMP_PRIV
[4500G]snmp-agent
[4500G]snmp-agent trap enable
[4500G]snmp-agent sys-info version v2c
[4500G]snmp-agent community write SNMP_SECRET
[4500G]snmp-agent target-host trap address udp-domain NACVIEW_SERV params securityname SNMP_SECRET v2c
For the correct display of logs in the NACVIEW system, it is crucial to set NTP service.
[4500G]info-center enable
[4500G]info-center loghost NACVIEW_SERV
[4500G]info-center loghost source VLAN-interfaceX
Uploading configuration file to the TFTP server: [4500G]tftp NACVIEW_SERV put back.cfg
Downloading configuration file from the TFTP server: [4500G]tftp NACVIEW_SERV get back.cfg
Uploading backup of the startup configuration to the TFTP server: [4500G]backup startup-configuration to NACVIEW_SERV CONF_FILE
Restoring the startup configuration copy from the TFTP server: [4500G]restore startup-configuration from NACVIEW_SERV CONF_FILE
Displaying current configuration: [4500G]display current-configuration
Displaying saved configuration: [4500G]display saved-configuration