labsw2#sh run Building configuration... Current configuration : 55949 bytes ! ! Last configuration change at 13:28:46 Denmark Wed Aug 3 2022 by kasperadmin ! NVRAM config last updated at 13:28:36 Denmark Wed Aug 3 2022 by kasperadmin ! version 16.12 no service pad service timestamps debug datetime msec service timestamps log datetime msec ! Call-home is enabled by Smart-Licensing. service call-home platform punt-keepalive disable-kernel-core ! hostname labsw2 ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! enable password xxxx ! aaa new-model ! ! aaa group server tacacs+ ISE-Tacacs server name ISE31 ! aaa group server radius ISE-Radius-group server name ISE31 ! aaa authentication login default local aaa authentication login ISE-T group ISE-Tacacs local aaa authentication login console local aaa authentication enable default group ISE-Tacacs enable aaa authorization config-commands aaa authorization exec ISE-T group ISE-Tacacs local if-authenticated aaa authorization commands 1 ISE-T group ISE-Tacacs local if-authenticated aaa authorization commands 15 ISE-T group ISE-Tacacs local if-authenticated aaa authorization network default group ISE-Radius-group aaa authorization auth-proxy default group ISE-Radius-group aaa accounting update periodic 1440 aaa accounting auth-proxy default start-stop group ISE-Radius-group aaa accounting dot1x default start-stop group ISE-Radius-group aaa accounting exec default start-stop group ISE-Tacacs aaa accounting commands 1 default start-stop group ISE-Tacacs aaa accounting commands 15 default start-stop group ISE-Tacacs aaa accounting system default start-stop group ISE-Radius-group ! ! ! ! ! aaa server radius dynamic-author client 192.168.3.120 server-key cisco123 auth-type any ! aaa session-id common clock timezone Denmark 1 0 clock summer-time Denmark recurring last Sun Mar 2:00 last Sun Oct 3:00 switch 1 provision ws-c3650-48pd ! ! ! ! call-home ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications. contact-email-addr sch-smart-licensing@cisco.com profile "CiscoTAC-1" active destination transport-method http Radius server group exit cmd no destination transport-method email ip routing ! ! ! ! ! ip name-server 192.168.2.82 8.8.8.8 ip domain name area51.local ! ! ! ip dhcp snooping vlan 2 login on-success log ! ! ! ! ! ! device-sensor filter-list lldp list TLV-LLDP tlv name system-name tlv name system-description ! device-sensor filter-list cdp list TLV-CDP tlv name device-name tlv name address-type tlv name capabilities-type tlv name platform-type ! device-sensor filter-list dhcp list TLV-DHCP option name host-name option name requested-address option name parameter-request-list option name class-identifier option name client-identifier device-sensor filter-spec dhcp include list TLV-DHCP device-sensor filter-spec lldp include list TLV-LLDP device-sensor filter-spec cdp include list TLV-CDP device-sensor accounting device-sensor notify all-changes epm logging authentication mac-move permit access-session template monitor access-session acl default passthrough no device-tracking logging theft device-tracking tracking auto-source fallback 192.168.2.251 255.255.255.0 override ! device-tracking policy DeviceTracking-TUNK-if-policy trusted-port device-role switch no protocol udp ! device-tracking policy DeviceTracking-client-if-policy limit address-count 10 destination-glean log-only no protocol udp tracking enable reachable-lifetime infinite ! ! crypto pki trustpoint SLA-TrustPoint enrollment pkcs12 revocation-check crl ! crypto pki trustpoint TP-self-signed-1131997015 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1131997015 revocation-check none rsakeypair TP-self-signed-1131997015 ! ! crypto pki certificate chain SLA-TrustPoint xxx quit crypto pki certificate chain TP-self-signed-1131997015 certificate self-signed 01 xxx quit ! ! dot1x system-auth-control dot1x critical eapol license boot level ipbasek9 ! ! diagnostic bootup level minimal ! spanning-tree mode rapid-pvst spanning-tree extend system-id memory free low-watermark processor 79475 ! username kasper privilege 15 password 0 xxxx ! redundancy mode sso ! ! ! ! ! transceiver type all monitoring vlan dot1q tag native lldp run ! ! class-map match-any system-cpp-police-topology-control description Topology control class-map match-any system-cpp-police-sw-forward description Sw forwarding, L2 LVX data, LOGGING class-map match-any system-cpp-default description EWLC control, EWLC data, Inter FED class-map match-any system-cpp-police-sys-data description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed class-map match-any system-cpp-police-punt-webauth description Punt Webauth class-map match-any system-cpp-police-l2lvx-control description L2 LVX control packets class-map match-any system-cpp-police-forus description Forus Address resolution and Forus traffic class-map match-any system-cpp-police-multicast-end-station description MCAST END STATION class-map match-any system-cpp-police-multicast description Transit Traffic and MCAST Data class-map match-any system-cpp-police-l2-control description L2 control class-map match-any system-cpp-police-dot1x-auth description DOT1X Auth class-map match-any system-cpp-police-data description ICMP redirect, ICMP_GEN and BROADCAST class-map match-any system-cpp-police-stackwise-virt-control description Stackwise Virtual class-map match-any non-client-nrt-class class-map match-any system-cpp-police-routing-control description Routing control and Low Latency class-map match-any system-cpp-police-protocol-snooping description Protocol snooping class-map match-any system-cpp-police-dhcp-snooping description DHCP snooping class-map match-any system-cpp-police-system-critical description System Critical and Gold Pkt ! policy-map system-cpp-policy ! ! ! ! ! ! ! ! ! ! ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf no ip address shutdown negotiation auto ! interface GigabitEthernet1/0/1 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/2 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/3 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/4 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/5 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/6 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/7 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/8 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/9 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/10 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/11 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/12 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/13 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/14 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/15 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/16 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/17 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/18 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/19 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/20 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/21 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/22 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/23 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/24 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/25 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/26 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/27 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/28 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/29 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/30 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/31 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/32 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/33 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/34 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/35 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/36 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/37 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/38 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/39 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/40 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/41 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/42 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/43 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/44 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/45 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/46 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/47 description Dot1x-Port switchport access vlan 2 switchport mode access device-tracking attach-policy DeviceTracking-client-if-policy ip access-group ACL-ALLOW-ALL in authentication event fail action next-method authentication event server dead action reinitialize vlan 2 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/48 description TRUNK switchport trunk native vlan 999 switchport mode trunk device-tracking attach-policy DeviceTracking-TUNK-if-policy speed 1000 duplex full storm-control multicast level 10.00 5.00 ip dhcp snooping trust ! interface GigabitEthernet1/1/1 ! interface GigabitEthernet1/1/2 ! interface TenGigabitEthernet1/1/3 ! interface TenGigabitEthernet1/1/4 ! interface Vlan1 no ip address ! interface Vlan2 ip address 192.168.2.251 255.255.255.0 ip helper-address 192.168.2.82 ip helper-address 192.168.3.120 ! router ospf 1 router-id 4.4.4.4 network 4.4.4.4 0.0.0.0 area 0 network 192.168.2.0 0.0.0.255 area 0 ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http secure-active-session-modules none ip http active-session-modules none ip ssh version 2 ! ip access-list extended ACL-ALLOW-ALL 10 permit ip any any ip access-list extended ACL-DEFAULT 10 permit udp any any eq bootps 20 permit udp any any eq domain 30 permit ip any host 192.168.2.82 40 permit icmp any any ip access-list extended GUEST-REDIRECT 10 deny udp any any eq domain 20 deny tcp any any eq domain 30 deny udp any eq bootpc any eq bootps 40 deny tcp any host 192.168.3.120 eq 8443 50 deny tcp any host 192.168.3.120 eq 8905 60 permit ip any any ! ip radius source-interface Vlan2 logging host 192.168.3.120 transport udp port 20514 ! ! snmp-server community public RO snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps mac-notification change move threshold tacacs server ISE31 address ipv4 192.168.3.120 key cisco123 ! radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 25 access-request include radius-server attribute 31 mac format ietf upper-case radius-server attribute 31 send nas-port-detail radius-server dead-criteria time 5 tries 3 radius-server deadtime 10 ! radius server ISE31 address ipv4 192.168.3.120 auth-port 1812 acct-port 1813 key cisco123 ! ! control-plane service-policy input system-cpp-policy ! ! line con 0 login authentication console terminal-type mon stopbits 1 line aux 0 stopbits 1 line vty 0 4 password xxxx logging synchronous login authentication ISE-T transport input all line vty 5 15 ! ntp server dk.pool.ntp.org ! mac address-table notification change ! ! ! ! ! end labsw2#