Software revision YB.16.11.0006
For requirements of this document the following network infrastructure values have been assumed:
- NACVIEW IP server address: NACVIEW_SERV
- RADIUS communication key: RADIUS_KEY
- Tacacs communication key: TACACS_KEY
- SNMP v2c password: SNMP_SECRET
- SNMP v3 password: SNMP_AUTH, SNMP_PRIV
- SNMP user: SNMP_USER
radius-server host NACVIEW_SERV key RADIUS_KEY
aaa authentication port-access eap-radius
aaa accounting network start-stop radius
aaa port-access authenticator active
aaa authentication login privilege-mode
tacacs-server host NACVIEW_SERV key TACACS_KEY
aaa authentication ssh login tacacs local
aaa authorization commands tacacs
aaa accounting exec start-stop tacacs
aaa port-access authenticator ethernet 1
aaa port-access authenticator ethernet 1 control auto
aaa port-access authenticator ethernet 1 client-limit 2
aaa port-access mac-based ethernet 2
aaa port-access mac-based ethernet 2 reauth-period 60
aaa port-access mac-based addr-format multi-colon
aaa port-access authenticator ethernet 1
aaa port-access authenticator ethernet 1 control auto
aaa port-access authenticator ethernet 1 client-limit 2
aaa port-access mac-based ethernet 2
aaa port-access mac-based ethernet 2 reauth-period 60
aaa port-access mac-based addr-format multi-colon
no snmp-server community public
snmp-server community SNMP_SECRET manager unrestricted
snmp-server enable
snmp-server enable traps authentication
snmp-server host NACVIEW_SERV all SNMP_SECRET
snmpv3 enable
SNMPv3 Initialization process.
Creating user 'initial'
Authentication Protocol: MD5
Enter authentication password: ******
Privacy protocol is DES
Enter privacy password: ******
User 'initial' has been created
Would you like to create a user that uses SHA? [y/n] 'n'
User creation is done. SNMPv3 is now functional.
Would you like to restrict SNMPv1 and SNMPv2c messages to have read only
access (you can set this later by the command 'snmpv3 restricted-access')? [y/n] 'y'
snmpv3 only
snmpv3 user SNMP_USER auth sha SNMP_AUTH priv SNMP_PRIV
snmpv3 group operatorauth user SNMP_USER sec-model ver3
no snmpv3 user initial
logging NACVIEW_SERV
Syslog redirection works only if date and time on the switch is correct.