! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname cnac3550 ! enable secret 5 $1$cdxQ$ClOjOGQFKIJOQApPufS2W. enable password nacnac06 ! username admin privilege 15 secret 5 $1$A6PW$5Oq9dm1UispKvBK7u5Y2T/ aaa new-model aaa authentication login default local aaa authentication eou default group radius aaa authorization exec default local if-authenticated aaa authorization network default group radius aaa accounting network default start-stop group radius ! aaa session-id common ip subnet-zero ip admission name AVERT eapoudp ip admission name NAC eapoudp ip admission name NAC-L2-IP eapoudp ! ip dhcp snooping vlan 1000 ip dhcp snooping ip device tracking vtp mode transparent ! ! ! ! ! eou timeout hold-period 60 eou timeout status-query 60 eou timeout revalidation 60 eou logging no file verify auto ! spanning-tree mode pvst spanning-tree extend system-id no spanning-tree vlan 1-1000 ! vlan internal allocation policy ascending vlan dot1q tag native ! vlan 10 name Success ! vlan 11 name NAC-Fail ! vlan 1000 name Core ! ! interface FastEthernet0/1 description Uplink switchport trunk encapsulation dot1q switchport mode trunk ip dhcp snooping trust ! interface FastEthernet0/2 description core switchport access vlan 1000 switchport mode access ! interface FastEthernet0/3 description core switchport access vlan 1000 switchport mode access ! interface FastEthernet0/4 description core switchport access vlan 1000 switchport mode access ! interface FastEthernet0/5 switchport access vlan 1000 switchport mode access ! interface FastEthernet0/6 switchport access vlan 1000 switchport mode access ! interface FastEthernet0/7 switchport access vlan 1000 switchport mode access ! interface FastEthernet0/8 switchport access vlan 1000 switchport mode access ! interface FastEthernet0/9 switchport access vlan 10 switchport mode access ip access-group interface_acl in ip admission NAC-L2-IP ! interface FastEthernet0/10 switchport access vlan 10 switchport mode access ip access-group interface_acl in ip admission NAC-L2-IP ! interface FastEthernet0/11 switchport access vlan 10 switchport mode access ip access-group interface_acl in ip admission NAC-L2-IP ! interface FastEthernet0/12 switchport access vlan 10 switchport mode access ip access-group interface_acl in ip admission NAC-L2-IP ! interface FastEthernet0/13 switchport access vlan 11 switchport mode access ! interface FastEthernet0/14 switchport access vlan 11 switchport mode access ! interface FastEthernet0/15 switchport access vlan 11 switchport mode access ! interface FastEthernet0/16 switchport access vlan 11 switchport mode access ! interface FastEthernet0/17 switchport access vlan 10 switchport mode access ip access-group interface_acl in ip admission NAC-L2-IP ! interface FastEthernet0/18 switchport mode dynamic desirable ! interface FastEthernet0/19 switchport mode dynamic desirable ! interface FastEthernet0/20 switchport mode dynamic desirable ! interface FastEthernet0/21 switchport mode dynamic desirable ! interface FastEthernet0/22 switchport mode dynamic desirable ! interface FastEthernet0/23 switchport mode dynamic desirable ! interface FastEthernet0/24 switchport mode dynamic desirable ! interface FastEthernet0/25 switchport mode dynamic desirable ! interface FastEthernet0/26 switchport mode dynamic desirable ! interface FastEthernet0/27 switchport mode dynamic desirable ! interface FastEthernet0/28 switchport mode dynamic desirable ! interface FastEthernet0/29 switchport mode dynamic desirable ! interface FastEthernet0/30 switchport mode dynamic desirable ! interface FastEthernet0/31 switchport mode dynamic desirable ! interface FastEthernet0/32 switchport mode dynamic desirable ! interface FastEthernet0/33 switchport mode dynamic desirable ! interface FastEthernet0/34 switchport mode dynamic desirable ! interface FastEthernet0/35 switchport mode dynamic desirable ! interface FastEthernet0/36 switchport mode dynamic desirable ! interface FastEthernet0/37 switchport mode dynamic desirable ! interface FastEthernet0/38 switchport mode dynamic desirable ! interface FastEthernet0/39 switchport mode dynamic desirable ! interface FastEthernet0/40 switchport mode dynamic desirable ! interface FastEthernet0/41 switchport mode dynamic desirable ! interface FastEthernet0/42 switchport mode dynamic desirable ! interface FastEthernet0/43 switchport mode dynamic desirable ! interface FastEthernet0/44 switchport mode dynamic desirable ! interface FastEthernet0/45 switchport mode dynamic desirable ! interface FastEthernet0/46 switchport mode dynamic desirable ! interface FastEthernet0/47 switchport mode dynamic desirable ! interface FastEthernet0/48 switchport mode dynamic desirable ! interface GigabitEthernet0/1 switchport mode dynamic desirable ! interface GigabitEthernet0/2 switchport mode dynamic desirable ! interface Vlan1 no ip address ! interface Vlan1000 description Core ip address 45.200.1.42 255.255.255.0 ! ip default-gateway 45.200.1.3 ip classless ip http server ip http secure-server ! ip radius source-interface FastEthernet0/1 ! ip access-list extended interface_acl permit udp any any eq 21862 remark Allow DHCP permit udp any eq bootpc any eq bootps remark Allow DNS permit udp any any eq domain remark Allow HTTP access to update server permit tcp any host 45.200.7.2 eq www permit tcp any host 45.200.1.43 eq www remark Allow ICMP for test purposes permit icmp any any remark Implicit Deny deny ip any any ! radius-server attribute 8 include-in-access-req radius-server host 45.200.1.70 auth-port 1645 acct-port 1646 radius-server source-ports 1645-1646 radius-server key nacnac06 radius-server vsa send authentication ! control-plane ! ! line con 0 line vty 0 4 password nacnac06 line vty 5 15 password nacnac06 ! end