¶ HPE 1920
¶ Configuration of connection with RADIUS server
After logging into the switch, from the menu on the left select Authentication and then choose RADIUS. Click the Add button.
Complete the name of the RADIUS server group (Scheme Name). Set Server Type to Extended and Username Format to Without domain name.
Expand the advanced options by clicking on Advanced. Complete the displayed fields: Authentication Key, Confirm Authentication Key, Accounting Key. In the Confirm Accounting Key field, enter the RADIUS password set in NACVIEW. In the RADIUS Packet Source IP, enter the switch IP. Select the Send accounting-on packets option. The rest of the settings can remain unchanged.
Click on Add. First, complete the form for the Primary Authentication server type. Fill in the IP Address field with the IP address of the NACVIEW server, and enter 1812 in the Port field. Confirm with the Apply button. Repeat for the Primary Accounting server type, but this time enter this number: 1813 in the Port field. Then confirm with the Apply button.
¶ Configuration of authorization
¶ AAA Protocol
After you have logged in to the switch, select Authentication from the menu on the left, and then: AAA. There are tabs at the top, so go to the one called Authentication. In the displayed form, select the LAN-access AuthN option and then choose your RADIUS servers group for it as in the image below.
Repeat this action in the Authorization tab (LAN-access AuthZ option) and Accounting tab (LAN-access Accounting option).
¶ 802.1x protocol
After logging in to the switch, from the menu on the left, select Authentication and then 802.1X. Select Enable 802.1X. As the Authentication Method, select EAP. The rest of the settings leave unchanged. Then confirm with the Apply button.
Under Ports With 802.1X Enabled, click: Add. Then from the drop-down list select the port on which authorization needs be enabled. In the Port Control field you can choose the following options: MAC Based or Port Based. The first option authorizes each device separately, distinguishing them by MAC address. On the other hand, Port Based authorizes only the first device present on the port, and each subsequent device automatically gains access as long as the first one is present on the port.
In this form you also need to check the Enable Re-Authentication and then confirm your changes with the Apply button.
¶ MAB
After logging in to the switch, from the menu on the left, choose Authentication and then: MAC Authentication. Select the Enable MAC Authentication option, and then select CHAP as Authentication Method.
In the Authentication Information Format field, select MAC with hypen. The rest of the settings leave unchanged. Then confirm with the Apply button.
Under Ports With 802.1X Enabled, click Add. Afterwards, from the drop-down list, choose the port on which authorization needs to be enabled. Confirm with the Apply button.
¶ SNMP
¶ SNMP v3 (recommended version)
After you have logged in to the switch, from the menu on the left, select Device and then SNMP. Complete the Contact and Location fields. In the SNMP Version field, select v3. Confirm these changes with the Apply button.
There are tabs above the form. Go to the one called Group, then click Add. Complete the group name and authorization level and confirm with the Apply button.
Now go to your User tab and click the Add button. Enter the username, specify the security level and choose the previously created group. In the Authentication Mode field, select SHA, and in the Privacy Mode field, select 3DES. Confirm the changes with the Apply button.
¶ SNMP v2v (version not recommended - ensuring the minimal safety level)
After logging in to the switch, from the menu on the left, select Device and then SNMP. Complete the Contact and Location fields. In the SNMP Version field, select the v2c option. Confirm the changes with the Apply button.
There are tabs above the form. Go to the one called Community and then click Add. Complete the Community Name field and confirm with the Apply button.
¶ System logs redirection to NACVIEW server
After logging into the switch, from the menu on the left, select Device and then Syslog. From the tabs above the form, choose the one called Loghost. In the Loghost IP/Domain field, enter the NACVIEW IP address and confirm with the Apply button.
