! ! Last configuration change at 16:49:00 PST Wed May 23 2007 by admin ! NVRAM config last updated at 16:49:04 PST Wed May 23 2007 by admin ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname cisco3560-sw ! enable secret 5 $1$DDsJ$.GcbykUBaz9gPIG8UOrxZ/ ! username admin secret 5 $1$lzTo$C4CtDWpUG5H2Hh04IU9Jo0 aaa new-model aaa authentication login default local aaa authentication dot1x default group radius aaa authentication eou default group radius aaa authorization network default group radius aaa authorization auth-proxy default group radius aaa accounting dot1x default start-stop group radius ! aaa session-id common clock timezone PST -8 system mtu routing 1500 ip subnet-zero ip routing ip domain-name nac.ilabs.interop.net ip name-server 45.200.1.2 ip admission name NAC-L2-IP eapoudp ip admission name NAC-L2-IP-Bypass eapoudp bypass ! ip dhcp snooping vlan 1-1000 ip dhcp-server 45.200.1.2 ip device tracking ! ! ! ! ! eou allow clientless eou timeout hold-period 3600 eou timeout status-query 10 eou timeout revalidation 3600 eou logging identity profile eapoudp device authorize mac-address 0000.1111.2222 policy NAC_Agentless_Host device authorize type cisco ip phone policy NAC_Agentless_Host device authorize ip-address 1.2.3.4 policy NAC_Agentless_Host identity policy NAC_Agentless_Host access-group nac_permit_acl dot1x system-auth-control no file verify auto ! spanning-tree mode pvst spanning-tree extend system-id no spanning-tree vlan 11-16,1000 ! vlan internal allocation policy ascending ! ! interface GigabitEthernet0/1 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/2 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/3 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/4 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/5 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/6 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/7 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/8 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/9 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/10 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/11 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/12 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/13 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/14 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/15 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/16 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/17 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/18 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/19 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/20 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/21 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/22 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/23 description NAC-L2-802.1x switchport access vlan 15 switchport mode access switchport voice vlan 14 snmp trap mac-notification added snmp trap mac-notification removed dot1x mac-auth-bypass dot1x critical dot1x critical recovery action reinitialize dot1x pae authenticator dot1x port-control auto dot1x host-mode multi-host dot1x timeout server-timeout 10 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x max-req 3 dot1x max-reauth-req 3 dot1x reauthentication dot1x guest-vlan 15 dot1x auth-fail vlan 15 dot1x critical vlan 15 spanning-tree portfast ! interface GigabitEthernet0/24 switchport trunk encapsulation dot1q switchport trunk allowed vlan 11-19,1000 switchport mode trunk ! interface GigabitEthernet0/25 ! interface GigabitEthernet0/26 ! interface GigabitEthernet0/27 ! interface GigabitEthernet0/28 ! interface Vlan1 no ip address shutdown ! interface Vlan11 no ip address ! interface Vlan12 no ip address ! interface Vlan13 no ip address ! interface Vlan14 no ip address ! interface Vlan15 no ip address ! interface Vlan16 no ip address ! interface Vlan17 no ip address ! interface Vlan18 no ip address ! interface Vlan1000 ip address 45.200.1.45 255.255.255.0 ! ip default-gateway 45.200.1.1 ip classless ip route 0.0.0.0 0.0.0.0 45.200.1.1 ip http server no ip http secure-server ! ip radius source-interface Vlan1000 ! ip access-list extended nac_default_acl permit udp any any eq 21862 permit udp any eq bootpc any eq bootps permit udp any any eq domain permit udp any any eq ntp permit icmp any any remark Allow host to Trend AV Server permit ip any host 45.200.1.76 remark Allow host to Remediation Server permit tcp any host 45.200.3.10 eq www deny ip any any log ip access-list extended nac_guest_acl remark Internet only, not Interop.net deny ip any 45.200.0.0 0.0.255.255 log permit ip any any log ip access-list extended nac_permit_acl remark Allow all permit ip any any log ip access-list extended nac_url_redir_acl deny tcp any host 45.200.1.76 eq www deny tcp any host 45.200.3.10 eq www permit tcp any any eq www ! snmp-server community public RO snmp-server enable traps snmp linkdown linkup snmp-server enable traps mac-notification snmp-server enable traps stpx root-inconsistency loop-inconsistency snmp-server host 45.200.1.75 beacon mac-notification snmp radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 25 include-in-access-req radius-server host 45.200.1.74 auth-port 1812 acct-port 1813 key nit44nac radius-server source-ports 1645-1646 radius-server key nit44nac radius-server vsa send authentication ! control-plane ! ! line con 0 line vty 0 4 exec-timeout 0 0 password nit44nac line vty 5 15 ! ntp clock-period 36028962 ntp server 45.200.1.2 end