Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Oct 5th, 2013  |  syntax: None  |  size: 2.59 KB  |  views: 65  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
This paste has a previous version, view the difference. Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. hostname "HOSTNAME"
  2.  
  3. # Protect against rogue DHCP
  4. dhcp-snooping
  5. no dhcp-snooping option 82
  6. no dhcp-snooping verify mac
  7. dhcp-snooping vlan 1-4094
  8.  
  9. trunk 47-48 trk1 lacp
  10. logging SYSLOGSERVER
  11. max-vlans 16
  12.  
  13. # AAA Servers
  14. radius-server host RADIUSSERVER1
  15. radius-server host RADIUSSERVER2
  16. radius-server key "RADIUSKEY"
  17.  
  18. # NTP so that messages to AAA are accurate
  19. timesync sntp
  20. sntp unicast
  21. sntp server priority 1 NTPSERVER1
  22. sntp server priority 2 NTPSERVER2
  23. time daylight-time-rule western-europe
  24.  
  25. no web-management
  26. ip default-gateway GATEWAY
  27.  
  28. # Specify which interface to trust
  29. interface Trk1
  30.    dhcp-snooping trust
  31.    exit
  32.    
  33. # Monitoring
  34. snmp-server community "ROCOMMUNITY" operator
  35. snmp-server community "RWCOMMUNITY" manager unrestricted
  36. snmp-server contact "CONTACT" location "LOCATION"
  37.  
  38. # Configuration for AAA, includes management logins and client login
  39. aaa accounting update periodic 10
  40. aaa accounting commands stop-only radius
  41. aaa accounting exec start-stop radius
  42. aaa accounting network start-stop radius
  43. aaa accounting system start-stop radius
  44. aaa authentication login privilege-mode
  45. aaa authentication console login radius local
  46. aaa authentication console enable radius local
  47. aaa authentication telnet login radius local
  48. aaa authentication telnet enable radius local
  49. aaa authentication ssh login radius local
  50. aaa authentication ssh enable radius local
  51.  
  52. # Use MAC based authentication
  53. aaa port-access mac-based 1-46
  54. aaa port-access mac-based 1-46 addr-limit 32
  55. aaa port-access mac-based 1-46 logoff-period 600
  56.  
  57. # Specify which VLAN to use if RADIUS is down or sends ACCESS-REJECT, our RADIUS ALWAYS sends ACCESS-ACCEPT and puts unknown clients on the unvalidated VLAN.
  58. aaa port-access mac-based 1-46 unauth-vid 200
  59. aaa port-access mac-based addr-format multi-colon
  60.  
  61. # Allow traffic from "default" VLAN to flow when client is unauthenticated (allows WOL)
  62. aaa port-access 1-46 controlled-direction in
  63.  
  64. # Stop the slow start and prevent STP TC's
  65. spanning-tree 1-46 admin-edge-port
  66.  
  67. vlan 1
  68.    name "DEFAULT_VLAN"
  69.    no untagged 1-48
  70.    untagged Trk1
  71.    no ip address
  72.    exit
  73. vlan 10
  74.    name "mgmt"
  75.    tagged Trk1
  76.    ip address IPADDRESS NETMASK
  77.    exit
  78. vlan 100
  79.    name "validated"
  80.    tagged Trk1
  81.    no ip address
  82.    ip igmp
  83.    exit
  84. vlan 200
  85.    name "unvalidated"
  86.    # "default" VLAN, this is the VLAN the port sits on when unauthenticated (allows WOL)
  87.    untagged 1-48
  88.    tagged Trk1
  89.    no ip address
  90.    ip igmp
  91.    exit
  92. vlan 300
  93.    name "suspended"
  94.    tagged Trk1
  95.    no ip address
  96.    ip igmp
  97.    exit
  98. no autorun
  99. password manager
  100. password operator
clone this paste RAW Paste Data