Appendix C: Example Security Configuration
The following are example security configurations, which include the TACACS+, snmp-acl (including VPN IP range) and NAC configurations. For details about how to use security configurations, see Staging a Switch for Automated Deployment in AmpCon.
# TACACS+ configurations set system aaa tacacs-plus disable false set system aaa tacacs-plus key 12345678 set system aaa tacacs-plus server-ip 10.10.51.42 set system login user test authentication plain-text-password xxxxxx set system login user test class super-user # SNMP ACL configurations set system snmp-acl network 192.168.1.0/24 set system snmp-acl network 10.8.0.0/24 # NAC configurations # Provide the RADIUS server connection information set protocols dot1x aaa radius authentication server-ip <Radius server IP> shared-key "<Key>" # Configure the access profile set protocols dot1x aaa radius nas-ip <switch management IP> # Configure a RADIUS dynamic authorization client from which the switch accepts the Change of Authorization (CoA) messages. set protocols dot1x aaa radius dynamic-author client <Radius server IP> shared-key "<key>" # Configure Server Priority set protocols dot1x aaa radius authentication server-ip <Radius server IP> priority [1|2] set protocols dot1x server-fail-vlan-id <vlan-id of guest or fallback, say: 20>
This is just an illustration. Please ensure the CLIs you use are compatible with the version of PicOS being used.
Copyright © 2024 Pica8 Inc. All Rights Reserved.