3Com 4500G🔗

Preliminary assumptions🔗

For requirements of this document  the following network infrastructure values have been assumed:

  • NACVIEW IP server address: NACVIEW_SERV

  • IP switch address: SW_IP

  • RADIUS communication key: RADIUS_KEY

  • Name of the RADIUS server configuration scheme: RADIUS_SCHEME

  • Name of the configuration file (.cfg. format): CONF_FILE

  • SWitch management interface: VLAN-interfaceX

  • SNMP v2c password: SNMP_SECRET

  • SNMP v3 passwords: SNMP_AUTH, SNMP_PRIV

  • SNMP user: SNMP_USER {.is-info}

Configuration of connection with RADIUS server🔗

[4500G]radius scheme RADIUS_SCHEME
[4500G-radius-nacview_radius]key authentication RADIUS_KEY
[4500G-radius-nacview_radius]key accounting RADIUS_KEY
[4500G-radius-nacview_radius]primary authentication NACVIEW_SERV
[4500G-radius-nacview_radius]primary accounting NACVIEW_SERV
[4500G-radius-nacview_radius]user-name-format without-domain
[4500G-radius-nacview_radius]server type extended
[4500G-radius-nacview_radius]state active
[4500G-radius-nacview_radius]nas-ip SW_IP
[4500G-radius-nacview_radius]quit
[4500G]domain system
[4500G-isp-system]authentication lan-access radius-scheme RADIUS_SCHEME
[4500G-isp-system]accounting lan-access radius-scheme RADIUS_SCHEME
[4500G-isp-system]authorization lan-access radius-scheme RADIUS_SCHEME 
[4500G-isp-system]access-limit disable
[4500G-isp-system]idle-cut disable
[4500G-isp-system]self-service-url disable
[4500G-isp-system]state active
[4500G-isp-system]quit
[4500G]radius trap authentication-server-down
[4500G]radius trap accounting-server-down

Configuration of authorization🔗

Global configuration - settings assignments to each port supporting 802.1x🔗

[4500G]dot1x
[4500G]dot1x quiet-period
[4500G]dot1x timer tx-period 45
[4500G]dot1x timer supp-timeout 45
[4500G]dot1x retry 10
[4500G]dot1x timer handshake-period 45
[4500G]dot1x authentication-method 

After the global configuration has been set up, you need to activate authorization on all individual ports:

[4500G]dot1x interface GigabitEthernet 1/0/1

MAC address authorization🔗

[4500G]mac-authentication
[4500G]mac-authentication interface GigabitEthernet 1/0/2

Remark: authorization ports must be set to access mode. In addition, the switch must have a properly configured VLAN to which users will be directed after  the authorization. {.is-info}

SNMP🔗

[4500G]snmp-agent
[4500G]snmp-agent sys-info version v3
[4500G]snmp-agent trap enable
[4500G]snmp-agent group v3 SNMP_GROUP privacy notify-view ViewDefault 
[4500G]snmp-agent group v3 SNMP_GROUP privacy read-view ViewDefault   
[4500G]snmp-agent group v3 SNMP_GROUP privacy write-view ViewDefault
[4500G]snmp-agent usm-user v3 SNMP_USER SNMP_GROUP snmp authentication-mode sha SNMP_AUTH privacy-mode des56 SNMP_PRIV
[4500G]snmp-agent
[4500G]snmp-agent trap enable
[4500G]snmp-agent sys-info version v2c 
[4500G]snmp-agent community write SNMP_SECRET
[4500G]snmp-agent target-host trap address udp-domain NACVIEW_SERV params securityname SNMP_SECRET v2c

System logs redirection to NACVIEW server🔗

For the correct display of logs in the NACVIEW system, it is crucial to set NTP service. {.is-info}

[4500G]info-center enable
[4500G]info-center loghost NACVIEW_SERV
[4500G]info-center loghost source VLAN-interfaceX

Auxiliary recommendations🔗

Uploading  configuration file to the TFTP server: [4500G]tftp NACVIEW_SERV put back.cfg

Downloading  configuration file from the TFTP server: [4500G]tftp NACVIEW_SERV get back.cfg

Uploading  backup of the startup configuration to the TFTP server: [4500G]backup startup-configuration to NACVIEW_SERV CONF_FILE

Restoring the startup configuration copy from the TFTP server: [4500G]restore startup-configuration from NACVIEW_SERV CONF_FILE

Displaying  current configuration: [4500G]display current-configuration

Displaying saved configuration:  [4500G]display saved-configuration