! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname cnac-ciscoap ! enable secret 5 $1$ae7D$f8DGkAoDDztgQB6hInFSm/ enable password 7 151C0A0F0A2B28747E ! ip subnet-zero ip domain name nac.ilabs.interop.net ! ! aaa new-model ! ! aaa group server radius rad_eap ! aaa group server radius rad_mac ! aaa group server radius rad_acct ! aaa group server radius rad_admin ! aaa group server tacacs+ tac_admin ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa group server radius rad_eap1 server 45.200.1.70 auth-port 1645 acct-port 1646 ! aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authentication login eap_methods1 group rad_eap1 aaa authorization exec default local aaa accounting network acct_methods start-stop group rad_acct aaa session-id common dot11 vlan-name Guest vlan 13 dot11 vlan-name Management vlan 1000 dot11 vlan-name Quarantine vlan 11 dot11 vlan-name Success vlan 12 ! dot11 ssid ilabs-cnac-cisco vlan 13 authentication open eap eap_methods1 guest-mode ! ! ! username oss privilege 15 password 7 097C0F050A0B12004A username admin privilege 15 password 7 110718061913085C52 ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache shutdown ! encryption mode ciphers tkip ! encryption vlan 11 mode ciphers tkip wep128 ! encryption vlan 12 mode ciphers tkip wep128 speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 power local 20 no power client local power client 20 channel 2427 station-role root dot1x reauth-period server bridge-group 1 bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio0.11 encapsulation dot1Q 11 no ip route-cache bridge-group 11 bridge-group 11 subscriber-loop-control bridge-group 11 block-unknown-source no bridge-group 11 source-learning no bridge-group 11 unicast-flooding bridge-group 11 spanning-disabled ! interface Dot11Radio0.12 encapsulation dot1Q 12 no ip route-cache bridge-group 12 bridge-group 12 subscriber-loop-control bridge-group 12 block-unknown-source no bridge-group 12 source-learning no bridge-group 12 unicast-flooding bridge-group 12 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache ! encryption mode ciphers tkip ! encryption vlan 11 mode ciphers tkip wep128 ! encryption vlan 12 mode ciphers tkip wep128 ! encryption vlan 13 mode ciphers tkip wep128 ! ssid ilabs-cnac-cisco ! speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 station-role root dot1x reauth-period server bridge-group 1 bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio1.11 encapsulation dot1Q 11 no ip route-cache bridge-group 11 bridge-group 11 subscriber-loop-control bridge-group 11 block-unknown-source no bridge-group 11 source-learning no bridge-group 11 unicast-flooding bridge-group 11 spanning-disabled ! interface Dot11Radio1.12 encapsulation dot1Q 12 no ip route-cache bridge-group 12 bridge-group 12 subscriber-loop-control bridge-group 12 block-unknown-source no bridge-group 12 source-learning no bridge-group 12 unicast-flooding bridge-group 12 spanning-disabled ! interface Dot11Radio1.13 encapsulation dot1Q 13 no ip route-cache bridge-group 13 bridge-group 13 subscriber-loop-control bridge-group 13 block-unknown-source no bridge-group 13 source-learning no bridge-group 13 unicast-flooding bridge-group 13 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 99 no bridge-group 99 source-learning hold-queue 160 in ! interface FastEthernet0.11 encapsulation dot1Q 11 no ip route-cache bridge-group 11 no bridge-group 11 source-learning bridge-group 11 spanning-disabled ! interface FastEthernet0.12 encapsulation dot1Q 12 no ip route-cache bridge-group 12 no bridge-group 12 source-learning bridge-group 12 spanning-disabled ! interface FastEthernet0.13 encapsulation dot1Q 13 no ip route-cache bridge-group 13 no bridge-group 13 source-learning bridge-group 13 spanning-disabled ! interface FastEthernet0.1000 encapsulation dot1Q 1000 no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 45.200.1.41 255.255.255.0 no ip route-cache ! ip default-gateway 45.200.1.1 ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source-interface BVI1 ! radius-server attribute 32 include-in-access-req format %h radius-server host 45.200.1.70 auth-port 1645 acct-port 1646 key 7 06080635181A071806 radius-server vsa send accounting ! control-plane ! bridge 1 route ip ! ! ! line con 0 line vty 5 15 ! end