Configuration of Switch. on this conf Client become limited in both cases compliant and noncompliant
5500>display current-configuration
#
private-group-id mode standard
#
local-server nas-ip 127.0.0.1 key sec
#
domain default enable contoso
#
igmp-snooping enable
#
dot1x
dot1x authentication-method eap
#
undo password-control aging enable
undo password-control length enable
password-control login-attempt 3 exceed lock-time 360
#
radius scheme system
radius scheme radius1
primary authentication 150.150.0.3 (IP Add of NAP server)
accounting optional
key authentication sec
timer response-timeout 5
retry 5
user-name-format without-domain
#
domain splant.gov.pk
scheme radius-scheme radius1
domain system
#
local-user admin
service-type ssh telnet terminal
level 3
local-user manager
service-type ssh telnet terminal
level 2
local-user monitor
service-type ssh telnet terminal
level 1
#
acl number 4999
rule 0 deny dest 0000-0000-0000 ffff-ffff-ffff
#
vlan 1
description DEFAULT_VLAN
igmp- snooping enable
interface Vlan-interface1
ip address 150.152.0.1 255.255.0.0 IP add of the Switch for VLAN1 for server only
#
vlan 2
description NONCOMPLIANT_VLAN
interface Vlan-interface1
ip address 181.1.1.1 255.255.0.0 (for DHCP Scop)
#
vlan 3
description COMPLIANT_VLAN (for DHCP Scop)
#
interface Vlan-interface1
ip address 181.2.1.1 255.255.0.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
stp edged-port enable
broadcast-suppression PPS 3000
priority trust
packet-filter inbound link-group 4999 rule 0
dot1x port-method portbased
Dot1x
[...]
interface Ethernet1/0/1
stp edged-port enable
broadcast-suppression PPS 3000
priority trust
packet-filter inbound link-group 4999 rule 0
dot1x port-method portbased
dot1x
[...]
interface GigabitEthernet1/0/25
dot1x port-method portbased
#
interface GigabitEthernet1/0/26
dot1x port-method portbased
#
interface GigabitEthernet1/0/27
shutdown
dot1x port-method portbased
#
interface GigabitEthernet1/0/28
shutdown
dot1x port-method portbased
#
sysname 4500
undo xrn-fabric authentication-mode
#
interface NULL0
#
snmp-agent
snmp-agent local-engineid 8000002B001AC12D89C06877
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all
#
user-interface aux 0 7
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
==============================

