! ! Last configuration change at 19:20:03 PST Tue Aug 8 2006 by administrator ! NVRAM config last updated at 19:20:11 PST Tue Aug 8 2006 by administrator ! version 12.2 no service pad service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption ! hostname nac-cisco ! enable secret 5 $1$He/E$0Hfay7ggY6cWfHd8O5EUW. enable password 7 09424F0A170414425D ! username nac privilege 15 password 7 06080E22424F0A4953 username jms privilege 15 password 7 011D0F100F5F080E22 username administrator privilege 15 password 7 121704141C0A0F547C username root privilege 15 password 7 0505070C2F4D4D594F username cisco privilege 15 password 7 1040081A0B16115B5A aaa new-model aaa authentication login default local aaa authentication dot1x default group radius aaa authorization exec default local if-authenticated aaa authorization network default group radius ! aaa session-id common clock timezone PST -8 clock summer-time PST recurring errdisable recovery cause udld errdisable recovery cause bpduguard errdisable recovery cause security-violation errdisable recovery cause channel-misconfig errdisable recovery cause link-flap errdisable recovery cause loopback errdisable recovery interval 30 ip subnet-zero ip domain-name nac.ilabs.interop.net ip name-server 45.200.1.2 ! vtp mode transparent ! no setup express ! crypto pki trustpoint TP-self-signed-3187757952 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3187757952 revocation-check none rsakeypair TP-self-signed-3187757952 ! ! crypto ca certificate chain TP-self-signed-3187757952 certificate self-signed 01 308202B7 30820220 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 61312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33313837 37353739 3532312E 302C0609 2A864886 F70D0109 02161F6E 61632D63 6973636F 2E6E6163 2E696C61 62732E69 6E746572 6F702E6E 6574301E 170D3933 30333031 30303131 34345A17 0D323030 31303130 30303030 305A3061 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31383737 35373935 32312E30 2C06092A 864886F7 0D010902 161F6E61 632D6369 73636F2E 6E61632E 696C6162 732E696E 7465726F 702E6E65 7430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100A6D5 F8142721 93DC5A1B 0394BA7C C8DD5084 7931962E E9AB1964 654830FC A054202F 60212EC9 918432B4 7BE4E812 72A8CFA2 A80EEB92 03E44EDF CBF2E214 AB344B95 B7257BD4 E950845B 247C1A52 BB4F34CD B7B8FA4D CA9EB340 A4BF1403 5E8DF967 C8DB2B31 5210429C BDED8794 21D6C86E 46CFEE0F F9B8C1BF A0E0DFC6 F2530203 010001A3 7F307D30 0F060355 1D130101 FF040530 030101FF 302A0603 551D1104 23302182 1F6E6163 2D636973 636F2E6E 61632E69 6C616273 2E696E74 65726F70 2E6E6574 301F0603 551D2304 18301680 1434AF37 B4E8503A A8750132 F2335150 043E0713 77301D06 03551D0E 04160414 34AF37B4 E8503AA8 750132F2 33515004 3E071377 300D0609 2A864886 F70D0101 04050003 81810072 0ED26CED 223AA0C3 B0E13CAC 10B6AA44 7745F147 3546699C E0CA0087 9C5C1AC1 6DAD1F83 0B83FDB0 D52A4B51 B9A77368 106425DA 683CACE6 93EF439D 3C050107 7D961ED1 5AD0EA84 177A8B7D 589E968D CD016223 50016954 ECD0BD0C C86DC606 8F4132B7 16C114EB AB38F443 8942BA33 410C5C93 A9A2C724 2FFDADB1 00009A quit ! ! eou allow clientless eou timeout hold-period 60 eou timeout status-query 60 eou timeout revalidation 60 eou logging dot1x system-auth-control no file verify auto ! spanning-tree mode pvst spanning-tree extend system-id no spanning-tree vlan 1-1000 ! vlan internal allocation policy ascending vlan dot1q tag native ! vlan 30 name TCG30 ! vlan 31 name TCG31 ! vlan 32 name TCG32 ! vlan 33 name TCG33 ! vlan 1000 name Backbone ! ! interface FastEthernet0/1 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/2 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/3 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/4 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/5 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/6 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/7 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/8 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/9 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/10 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/11 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/12 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/13 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/14 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/15 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/16 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/17 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/18 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/19 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/20 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/21 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/22 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/23 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/24 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/25 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/26 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/27 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/28 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/29 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/30 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/31 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/32 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/33 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/34 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/35 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/36 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/37 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/38 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/39 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/40 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/41 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/42 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/43 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/44 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/45 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/46 description 802.1X Ports for Access switchport mode access dot1x pae authenticator dot1x port-control auto dot1x timeout reauth-period 300 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 dot1x reauthentication dot1x guest-vlan 33 spanning-tree portfast ! interface FastEthernet0/47 description Hard-Wired test port switchport access vlan 33 switchport mode access spanning-tree portfast ! interface FastEthernet0/48 description Uplink to Core switchport trunk encapsulation dot1q switchport trunk allowed vlan 30-33,1000 switchport mode trunk spanning-tree portfast trunk ! interface GigabitEthernet0/1 switchport mode dynamic desirable shutdown ! interface GigabitEthernet0/2 switchport mode dynamic desirable shutdown ! interface Vlan1 no ip address shutdown ! interface Vlan30 no ip address ! interface Vlan31 no ip address ! interface Vlan32 no ip address ! interface Vlan33 no ip address ! interface Vlan1000 description Backbone/Management VLAN ip address 45.200.1.50 255.255.255.0 ! ip default-gateway 45.200.1.1 ip classless ip http server ip http secure-server ! ! logging 45.200.1.2 snmp-server location Interop iLabs NAC TCG snmp-server contact Interop iLabs NAC TCG jms radius-server host 45.200.1.55 auth-port 1645 acct-port 1646 key 7 1040081A0B16115B5A radius-server source-ports 1645-1646 ! control-plane ! ! line con 0 line vty 0 4 transport input telnet ssh escape-character 3 line vty 5 15 transport input telnet ssh escape-character 3 ! ntp clock-period 17179995 ntp server 45.200.1.2 prefer end