version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco_Lab_3750
!
boot-start-marker
boot-end-marker
!
enable password password
!
username admin privilege 15 password 0 password
username test-radius privilege 0 password 0 BadPass123
!
!
aaa new-model
!
!
aaa group server radius NAC
server 192.168.1.26 auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication enable default enable none
aaa authentication dot1x default group NAC
aaa authorization network default group NAC
aaa accounting update periodic 5
aaa accounting dot1x default start-stop group NAC
!
!
aaa server radius dynamic-author
server-key ETS_TAG_SHARED_SECRET
auth-type any
!
aaa session-id common
clock timezone CST -6
clock summer-time CDT recurring
switch 4 provision ws-c3750g-24ps
system mtu routing 1500
authentication mac-move permit
authentication critical recovery delay 1000
no ip domain-lookup
!
!
ip dhcp snooping vlan 1,20
ip dhcp snooping
ip device tracking
!
epm logging
!
crypto pki trustpoint TP-self-signed-3361366272
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3361366272
revocation-check none
rsakeypair TP-self-signed-3361366272
!
!
crypto pki certificate chain TP-self-signed-3361366272
certificate self-signed 01
quit
dot1x system-auth-control
dot1x critical eapol
!
!
!
!
spanning-tree mode mst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
lldp run
!
!
!
!
interface range GigabitEthernet4/0/1-23
switchport mode access
authentication control-direction in
authentication event fail action next-method
authentication event server dead action authorize vlan 3
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout tx-period 2
spanning-tree portfast
!
interface GigabitEthernet4/0/24
description “Uplink”
switchport trunk encapsulation dot1q
switchport mode trunk
ip dhcp snooping trust
!
interface GigabitEthernet4/0/25
!
interface GigabitEthernet4/0/26
!
interface GigabitEthernet4/0/27
!
interface GigabitEthernet4/0/28
!
interface Vlan1
ip address 192.168.1.33 255.255.255.0
!
interface Vlan20
ip address 192.168.20.2 255.255.255.0
!
ip default-gateway 192.168.1.1
ip classless
ip http server
ip http secure-server
!
!
ip radius source-interface Vlan1
ip sla enable reaction-alerts
!
snmp-server group V3Group v3 auth read V3Read write V3Write
snmp-server view V3Read iso included
snmp-server view V3Write iso included
snmp-server user snmpuser V3Group v3 auth md5 snmpauthcred priv des snmpprivcred
radius-server attribute nas-port format c
radius-server dead-criteria time 30 tries 3
radius-server host 192.168.1.26 auth-port 1812 acct-port 1813 test username test-radius key ETS_TAG_SHARED_SECRET
radius-server vsa send accounting
radius-server vsa send authentication
!
!
line con 0
line vty 0 4
password password
logging synchronous
line vty 5 15
password password
logging synchronous
!
ntp clock-period 36029358
ntp server 192.168.1.20
end