Appendix C: Example Security Configuration

The following are example security configurations, which include the TACACS+, snmp-acl (including VPN IP range) and NAC configurations. For details about how to use security configurations, see Staging a Switch for Automated Deployment in AmpCon.

# TACACS+ configurations
set system aaa tacacs-plus disable false
set system aaa tacacs-plus key 12345678
set system aaa tacacs-plus server-ip 10.10.51.42
set system login user test authentication plain-text-password xxxxxx                            
set system login user test class super-user


# SNMP ACL configurations
set system snmp-acl network 192.168.1.0/24 
set system snmp-acl network 10.8.0.0/24


# NAC configurations
# Provide the RADIUS server connection information
set protocols dot1x aaa radius authentication server-ip <Radius server IP> shared-key "<Key>"
# Configure the access profile
set protocols dot1x aaa radius nas-ip <switch management IP>
# Configure a RADIUS dynamic authorization client from which the switch accepts the Change of Authorization (CoA) messages.
set protocols dot1x aaa radius dynamic-author client <Radius server IP> shared-key "<key>"
# Configure Server Priority
set protocols dot1x aaa radius authentication server-ip <Radius server IP> priority [1|2]
set protocols dot1x server-fail-vlan-id <vlan-id of guest or fallback, say: 20>

This is just an illustration. Please ensure the CLIs you use are compatible with the version of PicOS being used.