! ! Last configuration change at 22:26:47 UTC Mon Aug 7 2006 by admin ! NVRAM config last updated at 21:46:33 UTC Mon Aug 7 2006 by admin ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname cnac-7206 ! boot-start-marker boot system flash disk0:7200-advsecurityk9-mz.124-9.T.bin boot system flash c7200-advsecurityk9-mz.124-9.T.bin boot-end-marker ! enable secret 5 $1$7nR9$GhxgQ03fD8bPhWkhlbLzC/ ! aaa new-model ! ! aaa authentication login default local aaa authentication dot1x default group radius aaa authentication eou default group radius aaa authorization exec default local if-authenticated aaa authorization network default group radius aaa accounting network default start-stop group radius ! aaa session-id common ! resource policy ! ip cef ! ! ip admission name NAC_Demo eapoudp inactivity-time 60 ! ! no ip domain lookup ! ! ! ! eou allow clientless eou timeout status-query 60 eou timeout revalidation 60 eou logging username admin privilege 15 secret 5 $1$q43R$DH3WAD0m5.dIWhONcRwYH/ ! ! controller T1 1/0 framing esf linecode b8zs ! controller T1 1/1 framing esf linecode b8zs ! controller T1 1/2 framing esf linecode b8zs ! controller T1 1/3 framing esf linecode b8zs ! controller T1 1/4 framing esf linecode b8zs ! controller T1 1/5 framing esf linecode b8zs ! controller T1 1/6 framing esf linecode b8zs ! controller T1 1/7 framing esf linecode b8zs ! controller T3 3/0 ! ! ! ! ! interface FastEthernet0/0 ip address 45.200.1.40 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 45.200.16.1 255.255.255.252 ip access-group NAC_Interface_ACL in ip admission NAC_Demo duplex auto speed auto ! interface FastEthernet2/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet2/1 no ip address shutdown duplex auto speed auto ! ip default-gateway 45.200.1.1 ip route 0.0.0.0 0.0.0.0 45.200.1.1 ip route 45.200.15.0 255.255.255.0 45.200.16.2 ip http server no ip http secure-server ! ! ! ip access-list extended DUMMY permit ip any any ip access-list extended NAC_Interface_ACL permit udp any any eq 21862 remark DHCP permit udp any eq bootpc any eq bootps remark DNS permit udp any host 45.200.1.2 eq domain remark WWW permit tcp any host 45.200.7.2 eq www remark cnac-genericSW permit icmp any host 45.200.15.1 permit icmp host 45.200.15.1 any permit ip any host 45.200.15.1 permit ip host 45.200.15.1 any permit ip any 45.200.16.0 0.0.0.255 permit ip 45.200.16.0 0.0.0.255 any remark Altiris permit ip any host 45.200.1.46 remark LANDesk permit tcp any host 45.200.1.43 permit tcp any host 45.200.1.44 remark Qualys permit ip any host 45.200.1.47 remark Trend permit ip any host 45.200.7.16 permit ip any host 45.200.7.192 remark Log deny ip any any log ip access-list extended NAC_URL_Redir_ACL deny tcp any host 45.200.1.46 deny tcp any host 45.200.1.47 deny tcp any host 45.200.7.2 deny tcp any host 45.200.7.16 permit ip any any ! logging alarm informational ! ! ! ! radius-server attribute 8 include-in-access-req radius-server host 45.200.1.70 auth-port 1645 acct-port 1646 radius-server key nit44nac radius-server vsa send authentication ! control-plane ! ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 privilege level 15 password nacnac06 line vty 5 15 privilege level 15 password nacnac06 ! ! end