! ! Last configuration change at 13:06:05 PST Wed Apr 9 2008 by admin ! NVRAM config last updated at 13:42:30 PST Wed Apr 9 2008 by admin ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname cisco3750-right ! boot-start-marker boot-end-marker ! enable secret 5 $1$JMWj$96Xd1kJcD/n/GJwDgh5n.. ! username admin secret 5 $1$ROFp$CX2lPuiSXfs.1VI3bB8dS/ username jim privilege 15 secret 5 $1$hSNd$onZqebI3a2pJ6v2th8cKS0 aaa new-model ! ! aaa authentication login default local aaa authentication dot1x default group radius aaa authorization network default group radius aaa accounting dot1x default start-stop group radius ! ! ! aaa session-id common clock timezone PST -8 switch 1 provision ws-c3750g-24ps system mtu routing 1500 ip subnet-zero ip domain-name nac.ilabs.interop.net ip name-server 45.200.1.2 ! ip dhcp snooping vlan 1-1000 ip dhcp-server 45.200.1.2 ! ! ! dot1x system-auth-control dot1x critical recovery delay 5000 dot1x critical eapol ! ! ! ! ! spanning-tree mode pvst spanning-tree extend system-id eou logging ! vlan internal allocation policy ascending ! ! ! ! interface GigabitEthernet1/0/1 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/2 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/3 description NAC-L2-802.1x switchport mode access dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/4 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/5 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/6 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/7 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/8 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/9 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/10 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/11 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/12 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/13 description NAC-L2-802.1x switchport mode access dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/14 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/15 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/16 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/17 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/18 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/19 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/20 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/21 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/22 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/23 description NAC-L2-802.1x switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x timeout tx-period 5 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/24 description Uplink switchport access vlan 1000 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,30,40,1000 switchport mode trunk ! interface GigabitEthernet1/0/25 ! interface GigabitEthernet1/0/26 ! interface GigabitEthernet1/0/27 ! interface GigabitEthernet1/0/28 ! interface Vlan1 no ip address ! interface Vlan20 description Employees VLAN ip dhcp relay information trusted no ip address ! interface Vlan30 description Devices VLAN no ip address ! interface Vlan40 description Guests VLAN no ip address ! interface Vlan1000 ip address 45.200.1.44 255.255.255.0 ! ip default-gateway 45.200.1.1 ip classless ip http server no ip http secure-server ! ! ip radius source-interface Vlan1 logging 45.200.1.2 access-list 120 remark Healthy Employees access-list 120 permit icmp any any access-list 120 permit udp any any eq bootpc access-list 120 permit udp any any eq bootps access-list 120 permit udp any host 45.20.1.2 eq domain access-list 120 permit ip any host 45.200.1.19 access-list 120 permit ip any host 45.200.1.20 access-list 120 permit ip any host 45.200.1.21 access-list 121 remark Quarantine Employees access-list 121 permit icmp any any access-list 121 permit udp any any eq bootpc access-list 121 permit udp any any eq bootps access-list 121 permit udp any host 45.20.1.2 eq domain access-list 121 permit ip any host 45.200.1.19 snmp-server user beacon beacon v1 snmp-server user beacon beacon v2c snmp-server user public public v1 snmp-server user public public v2c snmp-server community public RO snmp-server user public public v1 snmp-server user public public v2c snmp-server enable traps snmp linkdown linkup snmp-server enable traps license snmp-server enable traps stpx root-inconsistency loop-inconsistency snmp-server enable traps mac-notification change move threshold snmp-server host 45.200.1.75 beacon mac-notification snmp radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 25 access-request include radius-server host 45.200.1.74 auth-port 1812 acct-port 1813 test username admin key nacnac08 radius-server vsa send authentication ! control-plane ! ! line con 0 line vty 0 4 exec-timeout 0 0 password 44beers4all line vty 5 15 ! ntp clock-period 36029352 ntp server 45.200.1.2 end