! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname cisco3750-sw2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$JMWj$96Xd1kJcD/n/GJwDgh5n.. ! username admin secret 5 $1$ROFp$CX2lPuiSXfs.1VI3bB8dS/ username jim privilege 15 secret 5 $1$hSNd$onZqebI3a2pJ6v2th8cKS0 aaa new-model ! ! aaa authentication login default local aaa authentication dot1x default group radius aaa authorization network default group radius aaa accounting dot1x default start-stop group radius ! ! ! aaa session-id common clock timezone PST -8 switch 1 provision ws-c3750g-24ps system mtu routing 1500 ip subnet-zero ip domain-name nac.ilabs.interop.net ip name-server 45.200.1.2 ! ! ! ! dot1x system-auth-control dot1x critical recovery delay 5000 dot1x critical eapol ! ! ! ! ! spanning-tree mode pvst spanning-tree extend system-id eou logging ! vlan internal allocation policy ascending ! ! ! ! interface GigabitEthernet1/0/1 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/2 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/3 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/4 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/5 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/6 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/7 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/8 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/9 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/10 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/11 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/12 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/13 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/14 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/15 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/16 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/17 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/18 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/19 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/20 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/21 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/22 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/23 description NAC-L2-802.1x switchport access vlan 20 switchport mode access switchport voice vlan 30 dot1x mac-auth-bypass dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-domain dot1x timeout tx-period 20 dot1x reauthentication dot1x critical dot1x critical recovery action reinitialize dot1x auth-fail vlan 40 dot1x critical vlan 40 spanning-tree portfast ! interface GigabitEthernet1/0/24 description Uplink switchport access vlan 1000 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,30,40,1000 switchport mode trunk ! interface GigabitEthernet1/0/25 ! interface GigabitEthernet1/0/26 ! interface GigabitEthernet1/0/27 ! interface GigabitEthernet1/0/28 ! interface Vlan1 no ip address ! interface Vlan20 description Employees VLAN ip dhcp relay information trusted no ip address ! interface Vlan30 description Devices VLAN no ip address ! interface Vlan40 description Guests VLAN no ip address ! interface Vlan1000 ip address 45.200.1.44 255.255.255.0 ! ip default-gateway 45.200.1.1 ip classless ip http server no ip http secure-server ! ! ip access-list extended nac_employees_acl permit icmp any any permit udp any any eq bootpc permit udp any any eq bootps permit ip any host 45.200.1.19 permit ip any host 45.200.1.20 permit ip any host 45.200.1.21 deny ip any any ip access-list extended nac_guest_acl remark Internet only, not Interop.net deny ip any 45.200.0.0 0.0.255.255 log permit ip any any log ip access-list extended nac_permit_acl remark Allow all permit ip any any log ip access-list extended nac_remediation_acl permit icmp any any permit udp any host 45.200.1.2 eq domain permit udp any any eq bootpc permit udp any any eq bootps permit udp any host 45.200.1.19 deny ip any any ip access-list extended nac_url_redir_acl deny tcp any host 45.200.1.76 eq www deny tcp any host 45.200.3.10 eq www permit tcp any any eq www ! ip radius source-interface Vlan1 snmp-server user beacon beacon v1 snmp-server user beacon beacon v2c snmp-server user public public v1 snmp-server user public public v2c snmp-server community public RO snmp-server user public public v1 snmp-server user public public v2c snmp-server enable traps snmp linkdown linkup snmp-server enable traps license snmp-server enable traps stpx root-inconsistency loop-inconsistency snmp-server enable traps mac-notification change move threshold snmp-server host 45.200.1.75 beacon mac-notification snmp radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 25 access-request include radius-server host 45.200.1.71 auth-port 1812 acct-port 1813 test username admin key nacnac08 radius-server vsa send authentication ! control-plane ! ! line con 0 line vty 0 4 exec-timeout 0 0 password 44beers4all line vty 5 15 ! ntp clock-period 36029036 ntp server 45.200.1.2 end