Hello, You are correct for the PF steps but you are missing few steps for the switch configuration.
https://www.packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_portsecurity_for_ios_12_246se_or_greater <https://www.packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_portsecurity_for_ios_12_246se_or_greater> Is there any particular reason why you would want to use Port security over RADIUS authentication ? Thanks, Ludovic Zammit [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca <https://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Apr 10, 2021, at 6:36 AM, doppino--- via PacketFence-users > <[email protected]> wrote: > > Hello PacketFence Users/Experts, > could someone explain me all the needed steps to correctly configure PF and a > cisco switch for use only SNMP for vlan access management ? Could I reach it > without 802.1x ? > > here the steps I understood: > > > 0 - Enable the packetfence-snmptrapd.service (it's disabled by default) > 1 - Policies and Access Control --> Switches -- > Add switch > 2 - Set Switch IP Address, model and so on > 3 - Set deauthentication Method= SNMP > 4 - Set Role primary role "Role by VLAN ID" and all various different vlan > numbers > 5 - Set SNMP version 2c, Community Read NACSNMPREAD, Community Write > NACSNMPWRITE, Community Trap NACPUBLIC > > > On the cisco switch: > Access-list 10 permit host PF-management_IP > snmp-server community NACSNMPREAD RO 10 > snmp-server community NACSNMPWRITE RW 10 > snmp-server enable traps mac-notification change move threshold > snmp-server enable traps vlan-membership > > thanks > D. > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
