locked
PLease send confiuration if possible RRS feed

  • Question

  • Configuration of Switch. on this conf Client  become limited in both cases compliant and noncompliant

    5500>display current-configuration
    #
     private-group-id mode standard
    #
     local-server nas-ip 127.0.0.1 key sec
    #
     domain default enable contoso
    #
     igmp-snooping enable
    #
     dot1x
     dot1x authentication-method eap
    #
     undo password-control aging enable
     undo password-control length enable
     password-control login-attempt 3 exceed lock-time 360
    #
    radius scheme system
    radius scheme radius1
     primary authentication 150.150.0.3 (IP Add of NAP server)
     accounting optional
     key authentication sec
     timer response-timeout 5
     retry 5
     user-name-format without-domain
    #
    domain splant.gov.pk
     scheme radius-scheme radius1
    domain system
    #
    local-user admin
     service-type ssh telnet terminal
     level 3
    local-user manager
     service-type ssh telnet terminal
     level 2
    local-user monitor
     service-type ssh telnet terminal
     level 1
    #
    acl number 4999
     rule 0 deny dest 0000-0000-0000 ffff-ffff-ffff
    #
    vlan 1
     description DEFAULT_VLAN
     igmp- snooping enable

    interface Vlan-interface1
     ip address 150.152.0.1 255.255.0.0
    IP add of the Switch for VLAN1 for server only


    #
    vlan 2
     description NONCOMPLIANT_VLAN

    interface Vlan-interface1
     ip address 181.1.1.1 255.255.0.0 (for DHCP Scop)

    #
    vlan 3
     description COMPLIANT_VLAN (for DHCP Scop)
    #
    interface Vlan-interface1
     ip address 181.2.1.1 255.255.0.0
    #
    interface Aux1/0/0
    #
    interface Ethernet1/0/1
     stp edged-port enable
     broadcast-suppression PPS 3000
     priority trust
     packet-filter inbound link-group 4999 rule 0
     dot1x port-method portbased

     Dot1x

    [...]

    interface Ethernet1/0/1
     stp edged-port enable
     broadcast-suppression PPS 3000
     priority trust
     packet-filter inbound link-group 4999 rule 0
     dot1x port-method portbased
     dot1x

    [...]

    interface GigabitEthernet1/0/25
     dot1x port-method portbased
    #
    interface GigabitEthernet1/0/26
     dot1x port-method portbased
    #
    interface GigabitEthernet1/0/27
     shutdown
     dot1x port-method portbased
    #
    interface GigabitEthernet1/0/28
     shutdown
     dot1x port-method portbased
    #
     sysname 4500
     undo xrn-fabric authentication-mode
    #
    interface NULL0
    #
     snmp-agent
     snmp-agent local-engineid 8000002B001AC12D89C06877
     snmp-agent community read public
     snmp-agent community write private
     snmp-agent sys-info version all
    #
    user-interface aux 0 7
     authentication-mode scheme
    user-interface vty 0 4
     authentication-mode scheme

    ==============================

     

     

     

     

     

     

    Wednesday, January 25, 2012 7:02 AM

Answers