For requirements of this document the following network infrastructure values have been assumed:
- NACVIEW IP server address: NACVIEW_SERV
- IP switch address: SW_IP
- Switch name: SW_NAME
- RADIUS communication key: RADIUS_KEY
- Configuration file name: CONF_FILE
- Redirection address after authentication: REDIRECT_URL
- SNMP v2c password: SNMP_SECRET
- SNMP v3 password: SNMP_AUTH, SNMP_PRIV
- SNMP user: SNMP_USER
- SNMP group: SNMP_GROUP
radius-server host NACVIEW_SERV key RADIUS_KEY
aaa authentication port-access eap-radius
aaa accounting network start-stop radius
aaa port-access authenticator active
aaa port-access authenticator ethernet 1
aaa port-access authenticator ethernet 1 control auto
aaa port-access authenticator ethernet 1 client-limit 2
aaa port-access mac-based addr-format multi-colon
aaa port-access mac-based ethernet 2
aaa port-access mac-based ethernet 2 reauth-period 60
aaa port-access authenticator ethernet 3
aaa port-access authenticator ethernet 3 control auto
aaa port-access authenticator ethernet 3 client-limit 2
aaa port-access mac-based ethernet 3
aaa port-access mac-based ethernet 3 reauth-period 60
aaa port-access web-based ethernet 4
aaa port-access web-based ethernet 4 redirect-url REDIRECT_URL
aaa port-access web-based ethernet 4 client-limit 2commit
snmpv3 enable
SNMPv3 Initialization process.
Creating user 'initial'
Authentication Protocol: MD5
Enter authentication password: ******
Privacy protocol is DES
Enter privacy password: ******
User 'initial' has been created
Would you like to create a user that uses SHA? [y/n] 'n'
User creation is done. SNMPv3 is now functional.
Would you like to restrict SNMPv1 and SNMPv2c messages to have read only
access (you can set this later by the command 'snmpv3 restricted-access')? [y/n] 'y'
snmpv3 only
snmpv3 user SNMP_USER auth sha SNMP_AUTH priv SNMP_PRIV
snmpv3 group operatorauth user SNMP_USER sec-model ver3
no snmpv3 user initial
no snmp-server community public
snmp-server community SNMP_SECRET manager unrestricted
snmp-server enable
snmp-server enable traps authentication
snmp-server host NACVIEW_SERV all SNMP_SECRET
Remark: for the correct display of logs in the NACVIEW system, it is crucial to set the correct system time and date.
logging NACVIEW_SERV
Display current configuration: show running-config
Display saved configuration: show config
Check whether the saved and current configurations differ: show config status
Download current configuration to the TFTP server: copy running-config tftp NACVIEW_SERV CONF_FILE unix