begin
!
# ***** NON-DEFAULT CONFIGURATION *****
!
!
!
#  SLOT   TYPE
#  ___    ________________
!
#   1     7H4382-49
#   2     7G4270-12
#   3     
!
!
# ip
set ip address 45.200.1.83 mask 255.255.255.0
set ip route default 45.200.1.1
!
# arp
!
# authentication
!
# banner
!
# cdp
!
# cep
!
# ciscodp
!
# cli
!
# console
!
# cos port-config
!
# cos port-resource
!
# cos reference
!
# cos settings
!
# cos state
!
# dot1x
set dot1x enable
set dot1x auth-config authcontrolled-portcontrol forced-auth fe.1.2
set dot1x auth-config authcontrolled-portcontrol forced-auth fe.1.3
set dot1x auth-config authcontrolled-portcontrol forced-auth fe.1.4
set dot1x auth-config authcontrolled-portcontrol forced-auth fe.1.7
set dot1x auth-config authcontrolled-portcontrol forced-auth fe.1.8
set dot1x auth-config authcontrolled-portcontrol forced-auth fe.1.9
set dot1x auth-config authcontrolled-portcontrol forced-auth fe.1.10
set dot1x auth-config authcontrolled-portcontrol forced-auth fe.1.11
set dot1x auth-config authcontrolled-portcontrol forced-auth fe.1.12
set dot1x auth-config authcontrolled-portcontrol forced-auth fe.1.47
set dot1x auth-config authcontrolled-portcontrol forced-auth fe.1.48
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.1.1
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.1.2
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.1.3
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.1.4
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.1.5
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.1.6
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.2.1
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.2.2
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.2.3
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.2.4
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.2.5
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.2.6
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.2.7
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.2.8
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.2.9
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.2.10
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.2.11
set dot1x auth-config authcontrolled-portcontrol forced-auth ge.2.12
!
# flowlimit
!
# forcelinkdown
!
# garp
!
# gvrp
!
# history
!
# igmp
!
# inlinepower
!
# lacp
!
# length
!
# license
!
# line-editor
!
# linkflap
!
# logging
!
# logout
!
# mac
!
# macauthentication
!
# maclock
!
# mgmt-auth-notify
!
# movedaddrtrap
!
# mtu
!
# multiauth
set multiauth port mode force-auth fe.1.47
set multiauth port mode force-auth fe.1.48
set multiauth port mode force-auth ge.1.1
set multiauth port mode force-auth ge.1.2
set multiauth port mode force-auth ge.1.3
set multiauth port mode force-auth ge.1.4
set multiauth port mode force-auth ge.1.5
set multiauth port mode force-auth ge.1.6
set multiauth port mode force-auth ge.2.1
set multiauth port mode force-auth ge.2.2
set multiauth port mode force-auth ge.2.3
set multiauth port mode force-auth ge.2.4
set multiauth port mode force-auth ge.2.5
set multiauth port mode force-auth ge.2.6
set multiauth port mode force-auth ge.2.7
set multiauth port mode force-auth ge.2.8
set multiauth port mode force-auth ge.2.9
set multiauth port mode force-auth ge.2.10
set multiauth port mode force-auth ge.2.11
set multiauth port mode force-auth ge.2.12
!
# newaddrtrap
!
# nodealias
!
# physical
!
# policy
set policy profile 1 name Quarantine pvid-status enable pvid 21 cos-status enable cos 1
set policy profile 2 name "Enterprise Access" pvid-status enable pvid 20
set policy rule 1 ipxtype 1 mask 8 drop
set policy rule 1 udpdestportIP 53 mask 16 forward
set policy rule 1 udpdestportIP 67 mask 16 forward
set policy rule 1 tcpdestportIP 80 mask 16 forward
set policy rule 1 tcpdestportIP 443 mask 16 forward
set policy rule 1 tcpdestportIP 1723 mask 16 forward
set policy rule 1 ipproto 6 mask 8 drop
set policy rule 1 ipproto 17 mask 8 drop
set policy rule 1 ether 0xbad mask 16 drop
set policy rule 1 ether 0x6003 mask 16 drop
set policy rule 1 ether 0x8035 mask 16 drop
set policy rule 1 ether 0x809b mask 16 drop
set policy rule 1 ether 0x80f3 mask 16 drop
set policy rule 1 ether 0x8137 mask 16 drop
set policy rule 1 ether 0x8138 mask 16 drop
set policy rule 1 llcDsapSsap 04-04-00-0000 mask 40 drop
set policy rule 1 llcDsapSsap e0-e0-00-0000 mask 40 drop
set policy rule 1 llcDsapSsap f0-f0-00-0000 mask 40 drop
set policy rule 2 ipxtype 1 mask 8 drop
set policy rule 2 udpsourceportIP 53 mask 16 drop
set policy rule 2 udpsourceportIP 67 mask 16 drop
set policy rule 2 udpsourceportIP 69 mask 16 drop
set policy rule 2 udpsourceportIP 161 mask 16 drop
set policy rule 2 udpsourceportIP 162 mask 16 drop
set policy rule 2 udpsourceportIP 520 mask 16 drop
set policy rule 2 udpsourceportIP 1433 mask 16 drop
set policy rule 2 udpsourceportIP 1434 mask 16 drop
set policy rule 2 udpsourceportIP 1812 mask 16 drop
set policy rule 2 udpsourceportIP 1813 mask 16 drop
set policy rule 2 udpdestportIP 69 mask 16 drop
set policy rule 2 udpdestportIP 161 mask 16 drop
set policy rule 2 udpdestportIP 162 mask 16 drop
set policy rule 2 udpdestportIP 1434 mask 16 drop
set policy rule 2 udpdestportIP 1900 mask 16 drop
set policy rule 2 tcpsourceportIP 0 mask 12 drop
set policy rule 2 tcpsourceportIP 16 mask 14 drop
set policy rule 2 tcpsourceportIP 20 mask 16 drop
set policy rule 2 tcpsourceportIP 21 mask 16 drop
set policy rule 2 tcpsourceportIP 22 mask 16 drop
set policy rule 2 tcpsourceportIP 23 mask 16 drop
set policy rule 2 tcpsourceportIP 25 mask 16 drop
set policy rule 2 tcpsourceportIP 53 mask 16 drop
set policy rule 2 tcpsourceportIP 80 mask 16 drop
set policy rule 2 tcpsourceportIP 135 mask 16 cos 2
set policy rule 2 tcpsourceportIP 137 mask 16 cos 2
set policy rule 2 tcpsourceportIP 139 mask 16 drop
set policy rule 2 tcpsourceportIP 443 mask 16 drop
set policy rule 2 tcpsourceportIP 1433 mask 16 drop
set policy rule 2 tcpsourceportIP 1434 mask 16 drop
set policy rule 2 tcpsourceportIP 4530 mask 16 drop
set policy rule 2 tcpsourceportIP 4531 mask 16 drop
set policy rule 2 tcpsourceportIP 4532 mask 16 drop
set policy rule 2 tcpsourceportIP 4533 mask 16 drop
set policy rule 2 tcpsourceportIP 5000 mask 16 drop
set policy rule 2 tcpsourceportIP 6346 mask 16 cos 2
set policy rule 2 tcpdestportIP 22 mask 16 drop
set policy rule 2 tcpdestportIP 23 mask 16 drop
set policy rule 2 tcpdestportIP 80 mask 16 cos 2
set policy rule 2 tcpdestportIP 137 mask 16 cos 2
set policy rule 2 tcpdestportIP 1434 mask 16 drop
set policy rule 2 tcpdestportIP 4530 mask 16 drop
set policy rule 2 tcpdestportIP 4531 mask 16 drop
set policy rule 2 tcpdestportIP 4532 mask 16 drop
set policy rule 2 tcpdestportIP 4533 mask 16 drop
set policy rule 2 iptos 176 mask 8 cos 6
set policy rule 2 ipproto 1 mask 8 cos 2 syslog enable
set policy rule 2 ipproto 89 mask 8 drop
set policy rule 2 ether 0xbad mask 16 drop
set policy rule 2 ether 0x6003 mask 16 drop
set policy rule 2 ether 0x8035 mask 16 drop
set policy rule 2 ether 0x809b mask 16 drop
set policy rule 2 ether 0x80f3 mask 16 drop
set policy rule 2 ether 0x8137 mask 16 drop
set policy rule 2 ether 0x8138 mask 16 drop
set policy rule 2 llcDsapSsap 04-04-00-0000 mask 40 drop
set policy rule 2 llcDsapSsap e0-e0-00-0000 mask 40 drop
set policy rule 2 llcDsapSsap f0-f0-00-0000 mask 40 drop
!
# port
set port ingress-filter fe.1.48 enable
set port vlan host.0.1 1000
set port vlan fe.1.47 1000
set port vlan fe.1.48 1000
!
# prompt
!
# pwa
!
# rad
!
# radius
set radius enable
set radius server 1 45.200.1.74 1812 :9c1c93623d0702ac176566f9c3bc1c79e5b01bca:
set radius realm network-access 1
set radius accounting server 1 45.200.1.74 1813 :4a50ee71d6ed7a26fee2ad63e793bd22b89b5f1f:
!
# rmon alarm
!
# rmon capture
!
# rmon channel
!
# rmon event
!
# rmon filter
!
# rmon history
!
# rmon host
!
# rmon matrix
!
# rmon stats
!
# rmon topN
!
# router
!
# smon
!
# snmp
set snmp access groupRO security-model v2c exact read All notify All
set snmp access groupRW security-model v2c exact read All write All
set snmp community private
set snmp community public
set snmp group groupRO user public security-model v2c
set snmp group groupRW user private security-model v2c
set snmp notify notify-enf tag tag-enf
set snmp targetaddr enf 45.200.1.83 param trapsv2 taglist tag-enf
set snmp targetparams trapsv2 user public security-model v2c message-processing v2c
set snmp view viewname All subtree 1
set snmp view viewname All subtree 0.0
!
# sntp
!
# spantree
set spantree stpmode none
!
# ssh
set ssh enabled
!
# summertime
!
# system
set system contact "Mark Townsend Cell 603.512.1649"
set system location "Interop iLabs NAC Demonstration"
set system name nap-enterasys-2
set system login admin super-user enable password :ddf7db5d4948dd16b0dc29cdf4353f90c7105c13:
!
# tacacs
!
# telnet
!
# timezone
!
# vlan
set vlan create 20-21,1000
set vlan name 20 Success
set vlan name 21 Quarantine
set vlan name 1000 Management
clear vlan egress 1 lag.0.1-48;host.0.1;fe.1.1-48;ge.1.1-6;ge.2.1-12
set vlan egress 1 fe.1.47 tagged
set vlan egress 20 fe.1.47-48 tagged
set vlan egress 21 fe.1.47-48 tagged
set vlan egress 1000 fe.1.48 tagged
set vlan egress 1000 host.0.1;fe.1.47 untagged
set vlan dynamicegress 1,20-21 enable
!
# webview
!
# width
!
end