For requirements of this document the following network infrastructure values have been assumed:
- NACVIEW IP server address: NACVIEW_SERV
- IP switch address: SW_IP
- RADIUS communication key: RADIUS_KEY
- Name of the configuration file (.cfg. format): CONF_FILE
- Switch management interface: VLAN-interfaceX
- SNMP v2c password: SNMP_SECRET
- SNMP v3 passwords: SNMP_AUTH, SNMP_PRIV
- SNMP user: SNMP_USER
- SNMP group: SNMP_GROUP
[Quidway]system-view
[Quidway]radius scheme nacview_radius
[Quidway-radius-nacview-radius]primary authentication NACVIEW_SERV key RADIUS_KEY
[Quidway-radius-nacview-radius]primary accounitng NACVIEW_SERV key RADIUS_KEY
[Quidway-radius-nacview-radius]user-name-format withpout-domain
[Quidway-radius-nacview-radius]server-type huawei
[Quidway-radius-nacview-radius]nas-ip SW_IP
[Quidway-radius-nacview-radius]accounting-on enable
[Quidway-radius-nacview-radius]quit
[Quidway]radius trap authentication-server-down
[Quidway]radius trap accounting-server-down
[Quidway]domain system
[Quidway-isp-system]authentication lan-access radius-scheme nacview_radius
[Quidway-isp-system]accounting lan-access radius-scheme nacview_radius
[Quidway-isp-system]vlan-assigment-mode string
[Quidway]dot1x
[Quidway]dot1x authentication-method eap
[Quidway]dot1x quiet-period
[Quidway]dot1x timer tx-period 45
[Quidway]dot1x timer supp-timeout 45
[Quidway]dot1x timer handshake-period 45
After the global configuration has been set up, you need to activate authorization on all individual ports:
[Quidway]dot1x interface Ethernet 1/0/1
[Quidway]mac-authentication
[Quidway]mac-authentication timer offline-detect 60
After the global configuration has been set up, you need to activate authorization on all individual ports:
[Quidway]mac-uthentication interface Ethernet 1/0/2
Remark: authorization ports must be set to access mode. Additionally, the switch must have a properly configured VLAN to which users will be directed after the authorization.
[Quidway]snmp-agent
[Quidway]snmp-agent trap enable
[Quidway]snmp-agent sys-info version v3
[Quidway]snmp-agent mib-view included nacview_view 1
[Quidway]snmp-agent group v3 SNMP_GROUP privacy write-view nacview_view notify-view nacview_view
[Quidway]snmp-agent usm-user v3 SNMP_USER SNMP_GROUP authentication-mode sha SNMP_AUTH privacy-mode des56 SNMP_PRIV
[Quidway]snmp-agent target-host trap address udp-domain NACVIEW_SERV params securityname SNMP_USER v3 privacy
[Quidway]snmp-agent
[Quidway]snmp-agent trap enable
[Quidway]snmp-agent sys-info version v2c
[Quidway]snmp-agent mib-view included nacview_view 1
[Quidway]snmp-agent community write SNMP_SECRET mib-view nacview_view
[Quidway]snmp-agent target-host trap address udp-domain NACVIEW_SERV params securityname SNMP_SECRET v2c
[Quidway]system-view
[Quidway]loghost source VLAN-interfaceX
[Quidway]info-center loghost NACVIEW_SERV
Displaying current configuration: [Quidway]display current-configuration
Displaying saved configuration: [Quidway]display saved-confgiguration
Saving current configuration on the TFTP server in the CONF_FILE file: [Quidway]backup unit 1 current-configuration to NACVIEW_SERV CONF_FILE
Downloading configuration from the TFTP server in the CONF_FILE file to the switch startup configuration: [Quidway]restore uni 1 startup-configuration from NACVIEW_SERV CONF_FILE
Saving the configuration file (CONF_FILE) on the TFTP server: [Quidway]tftp NACVIEW_SERV put CONF_FILE
Downloading the configuration file (CONF_FILE) from the TFTP server: [Quidway]tftp NACVIEW_SERV get CONF_FILE