3Com 4500G🔗
Preliminary assumptions🔗
For requirements of this document the following network infrastructure values have been assumed:
NACVIEW IP server address: NACVIEW_SERV
IP switch address: SW_IP
RADIUS communication key: RADIUS_KEY
Name of the RADIUS server configuration scheme: RADIUS_SCHEME
Name of the configuration file (.cfg. format): CONF_FILE
SWitch management interface: VLAN-interfaceX
SNMP v2c password: SNMP_SECRET
SNMP v3 passwords: SNMP_AUTH, SNMP_PRIV
SNMP user: SNMP_USER {.is-info}
Configuration of connection with RADIUS server🔗
[4500G]radius scheme RADIUS_SCHEME
[4500G-radius-nacview_radius]key authentication RADIUS_KEY
[4500G-radius-nacview_radius]key accounting RADIUS_KEY
[4500G-radius-nacview_radius]primary authentication NACVIEW_SERV
[4500G-radius-nacview_radius]primary accounting NACVIEW_SERV
[4500G-radius-nacview_radius]user-name-format without-domain
[4500G-radius-nacview_radius]server type extended
[4500G-radius-nacview_radius]state active
[4500G-radius-nacview_radius]nas-ip SW_IP
[4500G-radius-nacview_radius]quit
[4500G]domain system
[4500G-isp-system]authentication lan-access radius-scheme RADIUS_SCHEME
[4500G-isp-system]accounting lan-access radius-scheme RADIUS_SCHEME
[4500G-isp-system]authorization lan-access radius-scheme RADIUS_SCHEME
[4500G-isp-system]access-limit disable
[4500G-isp-system]idle-cut disable
[4500G-isp-system]self-service-url disable
[4500G-isp-system]state active
[4500G-isp-system]quit
[4500G]radius trap authentication-server-down
[4500G]radius trap accounting-server-down
Configuration of authorization🔗
Global configuration - settings assignments to each port supporting 802.1x🔗
[4500G]dot1x
[4500G]dot1x quiet-period
[4500G]dot1x timer tx-period 45
[4500G]dot1x timer supp-timeout 45
[4500G]dot1x retry 10
[4500G]dot1x timer handshake-period 45
[4500G]dot1x authentication-method
After the global configuration has been set up, you need to activate authorization on all individual ports:
[4500G]dot1x interface GigabitEthernet 1/0/1
MAC address authorization🔗
[4500G]mac-authentication
[4500G]mac-authentication interface GigabitEthernet 1/0/2
Remark: authorization ports must be set to access mode. In addition, the switch must have a properly configured VLAN to which users will be directed after the authorization. {.is-info}
SNMP🔗
SNMP v3 (recommended version)🔗
[4500G]snmp-agent
[4500G]snmp-agent sys-info version v3
[4500G]snmp-agent trap enable
[4500G]snmp-agent group v3 SNMP_GROUP privacy notify-view ViewDefault
[4500G]snmp-agent group v3 SNMP_GROUP privacy read-view ViewDefault
[4500G]snmp-agent group v3 SNMP_GROUP privacy write-view ViewDefault
[4500G]snmp-agent usm-user v3 SNMP_USER SNMP_GROUP snmp authentication-mode sha SNMP_AUTH privacy-mode des56 SNMP_PRIV
SNMP v2c (version not recommended - ensuring the minimal safety level)🔗
[4500G]snmp-agent
[4500G]snmp-agent trap enable
[4500G]snmp-agent sys-info version v2c
[4500G]snmp-agent community write SNMP_SECRET
[4500G]snmp-agent target-host trap address udp-domain NACVIEW_SERV params securityname SNMP_SECRET v2c
System logs redirection to NACVIEW server🔗
For the correct display of logs in the NACVIEW system, it is crucial to set NTP service. {.is-info}
[4500G]info-center enable
[4500G]info-center loghost NACVIEW_SERV
[4500G]info-center loghost source VLAN-interfaceX
Auxiliary recommendations🔗
Uploading configuration file to the TFTP server: [4500G]tftp NACVIEW_SERV put back.cfg
Downloading configuration file from the TFTP server: [4500G]tftp NACVIEW_SERV get back.cfg
Uploading backup of the startup configuration to the TFTP server: [4500G]backup startup-configuration to NACVIEW_SERV CONF_FILE
Restoring the startup configuration copy from the TFTP server: [4500G]restore startup-configuration from NACVIEW_SERV CONF_FILE
Displaying current configuration: [4500G]display current-configuration
Displaying saved configuration: [4500G]display saved-configuration