API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 5th, 2013
141
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.59 KB | None | 0 0
raw download clone embed print report diff
  1. hostname "HOSTNAME"
  2.  
  3. # Protect against rogue DHCP
  4. dhcp-snooping
  5. no dhcp-snooping option 82
  6. no dhcp-snooping verify mac
  7. dhcp-snooping vlan 1-4094
  8.  
  9. trunk 47-48 trk1 lacp
  10. logging SYSLOGSERVER
  11. max-vlans 16
  12.  
  13. # AAA Servers
  14. radius-server host RADIUSSERVER1
  15. radius-server host RADIUSSERVER2
  16. radius-server key "RADIUSKEY"
  17.  
  18. # NTP so that messages to AAA are accurate
  19. timesync sntp
  20. sntp unicast
  21. sntp server priority 1 NTPSERVER1
  22. sntp server priority 2 NTPSERVER2
  23. time daylight-time-rule western-europe
  24.  
  25. no web-management
  26. ip default-gateway GATEWAY
  27.  
  28. # Specify which interface to trust
  29. interface Trk1
  30. dhcp-snooping trust
  31. exit
  32.  
  33. # Monitoring
  34. snmp-server community "ROCOMMUNITY" operator
  35. snmp-server community "RWCOMMUNITY" manager unrestricted
  36. snmp-server contact "CONTACT" location "LOCATION"
  37.  
  38. # Configuration for AAA, includes management logins and client login
  39. aaa accounting update periodic 10
  40. aaa accounting commands stop-only radius
  41. aaa accounting exec start-stop radius
  42. aaa accounting network start-stop radius
  43. aaa accounting system start-stop radius
  44. aaa authentication login privilege-mode
  45. aaa authentication console login radius local
  46. aaa authentication console enable radius local
  47. aaa authentication telnet login radius local
  48. aaa authentication telnet enable radius local
  49. aaa authentication ssh login radius local
  50. aaa authentication ssh enable radius local
  51.  
  52. # Use MAC based authentication
  53. aaa port-access mac-based 1-46
  54. aaa port-access mac-based 1-46 addr-limit 32
  55. aaa port-access mac-based 1-46 logoff-period 600
  56.  
  57. # Specify which VLAN to use if RADIUS is down or sends ACCESS-REJECT, our RADIUS ALWAYS sends ACCESS-ACCEPT and puts unknown clients on the unvalidated VLAN.
  58. aaa port-access mac-based 1-46 unauth-vid 200
  59. aaa port-access mac-based addr-format multi-colon
  60.  
  61. # Allow traffic from "default" VLAN to flow when client is unauthenticated (allows WOL)
  62. aaa port-access 1-46 controlled-direction in
  63.  
  64. # Stop the slow start and prevent STP TC's
  65. spanning-tree 1-46 admin-edge-port
  66.  
  67. vlan 1
  68. name "DEFAULT_VLAN"
  69. no untagged 1-48
  70. untagged Trk1
  71. no ip address
  72. exit
  73. vlan 10
  74. name "mgmt"
  75. tagged Trk1
  76. ip address IPADDRESS NETMASK
  77. exit
  78. vlan 100
  79. name "validated"
  80. tagged Trk1
  81. no ip address
  82. ip igmp
  83. exit
  84. vlan 200
  85. name "unvalidated"
  86. # "default" VLAN, this is the VLAN the port sits on when unauthenticated (allows WOL)
  87. untagged 1-48
  88. tagged Trk1
  89. no ip address
  90. ip igmp
  91. exit
  92. vlan 300
  93. name "suspended"
  94. tagged Trk1
  95. no ip address
  96. ip igmp
  97. exit
  98. no autorun
  99. password manager
  100. password operator
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!