# Configuration "nvgen'd" at 2008-4-09 10:36:29 # Image 7.0.0.4.0 # Model MX-8 # Last change occurred at 2008-4-09 09:25:43 set trace radius level 7 set trace authorization level 7 set ip dns server 45.200.1.2 PRIMARY set ip dns domain nac.ilabs.interop.net set ip dns enable set ip route default 45.200.1.1 1 set log buffer enable severity debug set dot1x quiet-period 0 set system name MX-8 set system ip-address 45.200.1.56 set system countrycode US set timezone PST -8 0 set service-profile ilabs-nac-trpz ssid-name ilabs-nac-trpz set service-profile ilabs-nac-trpz cipher-ccmp enable set service-profile ilabs-nac-trpz rsn-ie enable set service-profile ilabs-nac-trpz attr vlan-name VLAN20 set service-profile ilabs-nac-trpz-guest ssid-name ilabs-nac-trpz-guest set service-profile ilabs-nac-trpz-guest auth-fallthru last-resort set service-profile ilabs-nac-trpz-guest cipher-tkip enable set service-profile ilabs-nac-trpz-guest wpa-ie enable set service-profile ilabs-nac-trpz-guest psk-encrypted 0351590e550e731b4d0f1c06154a090d52737a777f31377044571007560208090a575c524d445c0e0e0b5600505f5e56510800064a02560358030b27181d0f1800 set service-profile ilabs-nac-trpz-guest auth-psk enable set service-profile ilabs-nac-trpz-guest auth-dot1x disable set service-profile ilabs-nac-trpz-guest attr vlan-name VLAN40 set service-profile ilabs-nac-trpz-portal ssid-name ilabs-nac-trpz-portal set service-profile ilabs-nac-trpz-portal ssid-type clear set service-profile ilabs-nac-trpz-portal auth-fallthru web-portal set service-profile ilabs-nac-trpz-portal web-portal-acl portalacl set service-profile ilabs-nac-trpz-portal attr vlan-name VLAN20 set radius client system-ip set radius server radiator-proxy address 45.200.1.74 timeout 5 retransmit 3 deadtime 0 encrypted-key 04550a0501204f1e51 set radius server smartpass address 45.200.1.60 encrypted-key 011d0707550a055f79 set radius server test address 45.200.1.164 encrypted-key 011d0707550a055f79 set server group radiator members radiator-proxy set server group smartpass-grp members smartpass set server group test-grp members test set radius dac test-rfc3576 address 45.200.1.164 replay-protect disable encrypted-key 09424f0a1704144253 set radius dac smartpass-rfc3576 address 45.200.1.60 replay-protect disable encrypted-key 09424f0a1704144253 set enablepass password ca3b82b92bef74a74fd06d5b7ac2a02c543f set accounting dot1x ssid ilabs-nac-trpz ** start-stop smartpass-grp set accounting web ssid ilabs-nac-trpz-portal ** start-stop smartpass-grp set authentication web ssid ilabs-nac-trpz-portal ** smartpass-grp set authentication dot1x ssid ilabs-nac-trpz ** pass-through radiator set authorization dynamic ssid ilabs-nac-trpz smartpass-rfc3576 test-rfc3576 set authorization dynamic ssid ilabs-nac-trpz-portal test-rfc3576 set user admin password encrypted 135143100e0916397f25243f set radio-profile default auto-tune channel-config disable set radio-profile default rf-scanning mode passive set radio-profile default rf-scanning channel-scope operating set radio-profile default service-profile ilabs-nac-trpz set radio-profile default service-profile ilabs-nac-trpz-guest set radio-profile default service-profile ilabs-nac-trpz-portal set snoop cisco-nic src-mac eq 00:40:96:a8:f5:b9 direction eq receive observer 45.200.1.59 snap-length 80 set snoop cisco-nic mode enable set snoop tablet-nic src-mac eq 00:1b:9e:56:4a:4a direction eq receive observer 45.200.1.59 snap-length 80 set snoop tablet-nic mode enable set ap 1 serial-id 0773000968 model MP-422 set ap 1 name TRPZ-AP1 set ap 1 radio 1 mode disable tx-power 5 set ap 1 radio 2 channel 40 set ap 1 radio 2 snoop cisco-nic set ap 1 radio 2 snoop tablet-nic set ap 2 serial-id 0773001038 model MP-422 set ap 2 name TRPZ-AP2 set ap 2 radio 1 mode disable tx-power 5 set ap 2 radio 2 channel 40 mode enable set ap 2 radio 2 snoop tablet-nic set ap 2 radio 2 snoop cisco-nic set ip telnet server enable set port poe 1 enable set port poe 2 enable set port 7 name Uplink-UNTAGGED set port 8 name Tagged-UPLINK set vlan 1 port 3 set vlan 1 port 4 set vlan 1 port 5 set vlan 1 port 6 set vlan 1 port 7 set vlan 1 port 8 tag 1000 set vlan 1 port 1 set vlan 1 port 2 set vlan 20 name VLAN20 set vlan 20 port 8 tag 20 set vlan 30 name VLAN30 set vlan 30 port 8 tag 30 set vlan 40 name VLAN40 set vlan 40 port 8 tag 40 set interface 1 ip 45.200.1.56 255.255.255.0 set interface 20 ip 45.200.20.56 255.255.255.0 set interface 20 ip dhcp-server disable start 192.168.1.1 stop 192.168.1.254 set interface 30 ip 45.200.30.56 255.255.255.0 set interface 30 ip dhcp-server disable start 192.168.1.1 stop 192.168.1.254 set security acl name Guest permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 53 set security acl name Guest permit udp 0.0.0.0 255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67 set security acl name Guest permit icmp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 commit security acl Guest set security acl name Employee permit udp 0.0.0.0 255.255.255.255 45.200.1.2 0.0.0.0 eq 53 set security acl name Employee permit udp 0.0.0.0 255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67 set security acl name Employee permit icmp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 set security acl name Employee permit ip 0.0.0.0 255.255.255.255 45.200.1.19 0.0.0.0 set security acl name Employee permit ip 0.0.0.0 255.255.255.255 45.200.1.20 0.0.0.0 set security acl name Employee permit ip 0.0.0.0 255.255.255.255 45.200.1.21 0.0.0.0 set security acl name Employee permit ip 0.0.0.0 255.255.255.255 45.200.1.78 0.0.0.0 commit security acl Employee set security acl name Remediation permit udp 0.0.0.0 255.255.255.255 45.200.1.2 0.0.0.0 eq 53 set security acl name Remediation permit udp 0.0.0.0 255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67 set security acl name Remediation permit ip 0.0.0.0 255.255.255.255 45.200.1.19 0.0.0.0 set security acl name Remediation permit ip 0.0.0.0 255.255.255.255 45.200.1.78 0.0.0.0 commit security acl Remediation set security acl name portalacl permit udp 0.0.0.0 255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67 set security acl name portalacl deny 0.0.0.0 255.255.255.255 capture commit security acl portalacl set security acl name deny-all deny 0.0.0.0 255.255.255.255 commit security acl deny-all set ntp enable set ntp server 45.200.1.2