9.2.3.3. Allied Telesis

9.2.3.3.1. X230

Firmware: AW+ Version 5.3.1

Administration Portal > ON CMDB > Network Devices Brand/Model: Allied Telesis/Generic

9.2.3.3.1.1. Radius Global Configuration

Define the RADIUS servers to be used for authentications and their format:

awplus(config)#radius-server host <Radius_Server_IP> key <Radius_Shared_Key>
awplus(config)#aaa authentication dot1x default group radius
awplus(config)#dot1x eap forward

Interface configuration:

awplus#configure terminal
awplus(config)#interface port <port-number>

Note: for port range use #interface <initport-endport>

awplus(config-if)#dot1x port-control auto
awplus(config-if)#auth host-mode multi-supplicant
awplus(config-if)#auth max-supplicant 2
awplus(config-if)#auth-mac enable
awplus(config-if)#auth critical //the interface becomes force-authorized in case all Radius servers become unavailable.
awplus(config-if)#snmp trap link-status enterprise
awplus(config-if)#spanning-tree edgeport

9.2.3.3.1.2. SNMP Traps Basic Configuration

We will configure the SNMP feature to enable the communication between OpenNAC Core and the network device to extract information like version, port type, location, toggle port, etc.

To perform the policy reevaluation through SNMP, it will be necessary to activate this functionality and define the keys of the reading and writing communities:

In case we want to use SNMP for visibility, we need to enable SNMP on the switch.

Setup SNMP v2c configuration

awplus(config)#snmp-server community <ReadCommunity> ro
awplus(config)#snmp-server community <WriteCommunity> rw
awplus(config)#snmp-server host <IP-openNAC> traps version 2c <WriteCommunity>

Setup SNMP v3 configuration

SNMP v3 can be configured with 3 different modes:

Auth: This method provides only authentication based on the HMAC-MD5 or HMAC-SHA algorithms and no encryption.

awplus(config)#snmp-server group opennac auth read <ReadCommunity> write <WriteCommunity>
awplus(config)#snmp-server user <User-name> <Group-name> auth [md5|sha] <preSharedKeyAuth>

Noauth: No authentication and no encryption

awplus(config)#snmp-server group opennac noauth read <ReadCommunity> write <WriteCommunity>
awplus(config)#snmp-server user <User-name> <Group-name>

Priv: This method provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. In addition to authentication, provides DES and AES encryption. “preSharedKeyAuth” is the keyword to authenticate, and “preSharedKeyPriv” as the encryption keyword.

awplus(config)#snmp-server group opennac priv read <ReadCommunity> write <WriteCommunity>
awplus(config)#snmp-server user <User-name> <Group-name> auth [md5|sha] <preSharedKeyAuth> priv [aes|des] <preSharedKeyPriv>