! ! Last configuration change at 18:20:44 PST Mon May 21 2007 by admin ! NVRAM config last updated at 18:20:57 PST Mon May 21 2007 by admin ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname cisco3750-sw2 ! enable secret 5 $1$8Kxb$/mZqJjc/vrZpMR/8y3B/a. ! username admin secret 5 $1$PWPv$IZkDHpPk.LBGdRef71pvq/ aaa new-model aaa authentication login default local aaa authentication dot1x default group radius aaa authentication eou default group radius aaa authorization network default group radius aaa authorization auth-proxy default group radius aaa accounting dot1x default start-stop group radius ! aaa session-id common clock timezone PST -8 switch 1 provision ws-c3750g-24ps system mtu routing 1500 ip subnet-zero ip domain-name nac.ilabs.interop.net ip name-server 45.200.1.2 ip admission name NAC-L2-IP eapoudp ip admission name NAC-L2-IP-Bypass eapoudp bypass ! ip dhcp snooping vlan 1-1000 ip dhcp-server 45.200.1.2 ip device tracking ! ! crypto pki trustpoint TP-self-signed-107042048 subject-name cn=IOS-Self-Signed-Certificate-107042048 revocation-check none rsakeypair TP-self-signed-107042048 ! ! crypto pki certificate chain TP-self-signed-107042048 certificate self-signed 01 308202C3 3082022C A0030201 02020101 300D0609 2A864886 F70D0101 04050030 64312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31303730 34323034 38313230 3006092A 864886F7 0D010902 16236369 73636F33 3735302D 7377322E 6E61632E 696C6162 732E696E 7465726F 702E6E65 74301E17 0D303730 35313931 39353734 315A170D 32303031 30313030 30303030 5A306431 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3130 37303432 30343831 32303006 092A8648 86F70D01 09021623 63697363 6F333735 302D7377 322E6E61 632E696C 6162732E 696E7465 726F702E 6E657430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 A422A9B3 80888C46 B1BA0601 781CE258 A8B523F1 4D5BB1DE 16CB919E A2ED8B9A 89C799AB 5182A21E 36BE214F 2E225454 264F3BA0 5A1DD6F9 AABFB3EE 8288DD14 E8272544 B26E7630 A32475FC 8AF2B2B4 BFA0ED4D 32C0218A 89137501 55A79A79 3212C26A 148083D1 2C4FC673 AA61F297 FBDAF685 D11F6D69 F986D208 C69C0EDB 02030100 01A38184 30818130 0F060355 1D130101 FF040530 030101FF 302E0603 551D1104 27302582 23636973 636F3337 35302D73 77322E6E 61632E69 6C616273 2E696E74 65726F70 2E6E6574 301F0603 551D2304 18301680 14AE76E2 67B58115 4F678152 250096B1 B6F6516B 52301D06 03551D0E 04160414 AE76E267 B581154F 67815225 0096B1B6 F6516B52 300D0609 2A864886 F70D0101 04050003 81810036 5CE1933C 362AF46E 0FD79BC2 6E86FED2 2B72B848 67A27211 B3C0E69D 5FB2E0B9 6F6A9E8D 25DEF9A8 B09C79C5 E7785F6C 6EF7B671 FF7766AC E29A0044 7FCBE2C3 AB652AF4 9ABD1CD5 A2D6EA85 D8928C1A BC0EB9F2 8B29D6CB CB94B453 0F23D041 CF3A83A0 FEBEBEB1 B79EDE97 8BE0A951 4BD95E54 E625EB84 1C59ACCC BECA92 quit ! ! eou allow clientless eou timeout hold-period 3600 eou timeout status-query 10 eou timeout revalidation 3600 eou logging identity profile eapoudp device authorize mac-address 0000.1111.2222 policy NAC_Agentless_Host device authorize type cisco ip phone policy NAC_Agentless_Host device authorize ip-address 1.2.3.4 policy NAC_Agentless_Host identity policy NAC_Agentless_Host access-group nac_permit_acl dot1x system-auth-control no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! interface GigabitEthernet1/0/1 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/2 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/3 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/4 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/5 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/6 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/7 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/8 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/9 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/10 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/11 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/12 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/13 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/14 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/15 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/16 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/17 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/18 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/19 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/20 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/21 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/22 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/23 description NAC-L2-802.1x switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet1/0/24 description Uplink switchport access vlan 1000 switchport trunk encapsulation dot1q switchport trunk allowed vlan 11-16,1000 switchport mode trunk ! interface GigabitEthernet1/0/25 ! interface GigabitEthernet1/0/26 ! interface GigabitEthernet1/0/27 ! interface GigabitEthernet1/0/28 ! interface Vlan1 no ip address shutdown ! interface Vlan11 no ip address ! interface Vlan12 no ip address ! interface Vlan13 no ip address ! interface Vlan14 no ip address ! interface Vlan15 no ip address ! interface Vlan16 no ip address ! interface Vlan1000 description Management VLAN ip address 45.200.1.44 255.255.255.0 ! ip default-gateway 45.200.1.1 ip classless no ip http server no ip http secure-server ! ip radius source-interface Vlan1000 ! ip access-list extended nac_default_acl permit udp any any eq 21862 permit udp any eq bootpc any eq bootps permit udp any any eq domain permit udp any any eq ntp permit icmp any any remark Allow host to Trend AV Server permit ip any host 45.200.1.76 remark Allow host to Remediation Server permit tcp any host 45.200.3.10 eq www deny ip any any log ip access-list extended nac_guest_acl remark Internet only, not Interop.net deny ip any 45.200.0.0 0.0.255.255 log permit ip any any log ip access-list extended nac_permit_acl remark Allow all permit ip any any log remark Allow all ip access-list extended nac_url_redir_acl deny tcp any host 45.200.1.76 eq www deny tcp any host 45.200.3.10 eq www permit tcp any any eq www ! snmp-server community public RO snmp-server enable traps snmp linkdown linkup snmp-server enable traps mac-notification snmp-server enable traps license snmp-server enable traps stpx root-inconsistency loop-inconsistency snmp-server host 45.200.1.75 beacon mac-notification snmp radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 25 include-in-access-req radius-server host 45.200.1.74 auth-port 1812 acct-port 1813 key nit44nac radius-server source-ports 1645-1646 radius-server vsa send authentication ! control-plane ! ! line con 0 line vty 0 4 exec-timeout 0 0 password nit44nac line vty 5 15 ! ntp clock-period 36029215 ntp server 45.200.1.2 end