! ! Last configuration change at 12:53:18 PST Wed Apr 9 2008 by admin ! NVRAM config last updated at 13:41:47 PST Wed Apr 9 2008 by admin ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname cisco3750-left ! boot-start-marker boot-end-marker ! enable secret 5 $1$n.2d$G2ps9jGnhTk67CLUzfhjE1 ! username admin secret 5 $1$rKNb$DewmxItT04.gzP4OvPtKE. username jim privilege 15 secret 5 $1$hSNd$onZqebI3a2pJ6v2th8cKS0 aaa new-model ! ! aaa authentication login default local aaa authentication dot1x default group radius aaa authorization network default group radius aaa accounting dot1x default start-stop group radius ! ! ! aaa session-id common clock timezone PST -8 switch 1 provision ws-c3750g-24ps system mtu routing 1500 ip subnet-zero ip domain-name nac.ilabs.interop.net ip name-server 45.200.1.2 ! ip dhcp snooping vlan 1-1000 ip dhcp-server 45.200.1.2 ! ! ! dot1x system-auth-control dot1x critical recovery delay 5000 dot1x critical eapol ! ! ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! ! ! interface GigabitEthernet1/0/1 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/2 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/3 description NAC-L2-802.1x switchport mode access dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/4 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/5 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/6 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/7 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/8 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/9 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/10 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/11 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/12 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/13 description NAC-L2-802.1x switchport mode access switchport voice detect cisco-phone dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 no cdp enable spanning-tree portfast ! interface GigabitEthernet1/0/14 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/15 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/16 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/17 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/18 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/19 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/20 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/21 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/22 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/23 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/24 description Uplink switchport access vlan 1000 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,30,40,1000 switchport mode trunk ! interface GigabitEthernet1/0/25 ! interface GigabitEthernet1/0/26 ! interface GigabitEthernet1/0/27 ! interface GigabitEthernet1/0/28 ! interface Vlan1 no ip address ! interface Vlan20 description Employees VLAN ip dhcp relay information trusted no ip address ! interface Vlan30 description Devices VLAN no ip address ! interface Vlan40 description Guests VLAN no ip address ! interface Vlan1000 ip address 45.200.1.43 255.255.255.0 ! ip default-gateway 45.200.1.1 ip classless ip http server no ip http secure-server ! ! ip radius source-interface Vlan1 logging 45.200.1.2 access-list 120 remark Healthy Employees access-list 120 permit icmp any any access-list 120 permit udp any any eq bootpc access-list 120 permit udp any any eq bootps access-list 120 permit udp any host 45.20.1.2 eq domain access-list 120 permit ip any host 45.200.1.19 access-list 120 permit ip any host 45.200.1.20 access-list 120 permit ip any host 45.200.1.21 access-list 121 remark Quarantine Employees access-list 121 permit icmp any any access-list 121 permit udp any any eq bootpc access-list 121 permit udp any any eq bootps access-list 121 permit udp any host 45.20.1.2 eq domain access-list 121 permit ip any host 45.200.1.19 snmp-server user beacon beacon v1 snmp-server user beacon beacon v2c snmp-server user public public v1 snmp-server user public public v2c snmp-server community public RO snmp-server user public public v1 snmp-server user public public v2c snmp-server enable traps snmp linkdown linkup snmp-server enable traps license snmp-server enable traps stpx root-inconsistency loop-inconsistency snmp-server enable traps mac-notification change move threshold snmp-server host 45.200.1.75 beacon mac-notification snmp radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 25 access-request include radius-server host 45.200.1.74 auth-port 1812 acct-port 1813 test username admin key nacnac08 radius-server vsa send authentication ! control-plane ! ! line con 0 line vty 0 4 exec-timeout 0 0 password 44beers4all line vty 5 15 ! ntp clock-period 36029027 ntp server 45.200.1.2 end