!
! Last configuration change at <config omitted>
! NVRAM config last updated at <config omitted>
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname <hostname>
!
boot-start-marker
boot-end-marker

<config omitted>

aaa new-model
!
!
aaa group server radius <radius group>
 server name <radiusservername>
!
aaa group server tacacs+ <rtacacs+ group>
 server name <tacacs server name>
!
aaa authentication login AAA group <rtacacs+ group> local
aaa authentication enable default enable
aaa authentication dot1x default group <radius group>
aaa authorization config-commands
aaa authorization exec default local 
aaa authorization exec AAA group <rtacacs+ group> local 
aaa authorization commands 0 AAA group <rtacacs+ group> local if-authenticated 
aaa authorization commands 1 AAA group <rtacacs+ group> local if-authenticated 
aaa authorization commands 15 AAA group <rtacacs+ group> local if-authenticated 
aaa authorization network default group <radius group> 
aaa authorization auth-proxy default group <radius group> 
aaa accounting update periodic 20
aaa accounting dot1x default start-stop group <radius group>
aaa accounting commands 0 default start-stop group <rtacacs+ group>
aaa accounting commands 1 default start-stop group <rtacacs+ group>
aaa accounting commands 15 default start-stop group <rtacacs+ group>
!
!
!
!
!
aaa server radius dynamic-author
 client <ISE IP address> server-key 7 <omitted>
!
aaa session-id common
clock timezone EST -5 0
clock summer-time EDT recurring
switch 1 provision ws-c2960x-24pd-l
!
!
!
!
!
!
ip dhcp snooping vlan 12
no ip dhcp snooping information option
ip domain-name <omitted>
!
!
!
!
!
!
!
!
dot1x system-auth-control
dot1x logging verbose
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
! 
!
!
!
!
!
!
!
!
interface FastEthernet0
 no ip address
 shutdown
!
---------------------<omitted>-----------------------------------------------------
!
interface GigabitEthernet1/0/22
 description <description>
 switchport mode access
 switchport nonegotiate
 switchport voice vlan 12
 authentication event fail action next-method
 authentication event server dead action authorize 
 authentication event server dead action authorize voice
 authentication host-mode multi-auth
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication violation restrict
 mab
 dot1x pae authenticator
 dot1x timeout tx-period 10
 storm-control broadcast level 10.00
 storm-control multicast level 10.00
!
---------------------<omitted>-----------------------------------------------------
!
interface Vlan1
 no ip address
 shutdown
!
interface <omitted>
 ip address <omitted>
!
ip default-gateway <omitted>
!
no ip http server
no ip http secure-server
ip ssh version 2
ip ssh server algorithm mac hmac-sha1 hmac-sha2-256 hmac-sha2-512
ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr
ip ssh server algorithm kex diffie-hellman-group14-sha1
ip ssh client algorithm mac hmac-sha1 hmac-sha2-256 hmac-sha2-512
ip ssh client algorithm encryption aes256-ctr aes192-ctr aes128-ctr
ip ssh client algorithm kex diffie-hellman-group14-sha1
ip tacacs source-interface Vlan13
!
ip radius source-interface Vlan13 
logging trap critical
logging host <syslog server>
access-list 50 permit <scanning server>
!
!
snmp-server engineID local <omitted>
snmp-server group <omitted> v3 auth access <omitted>
tacacs server <tacacs server name>
 address ipv4 <ISE IP address>
 key 7 <omitted>
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 30 tries 3
radius-server deadtime 30
!
radius server <radius server name>
 address ipv4 <ISE IP address> auth-port 1645 acct-port 1646
 key 7 <omitted>
!
banner motd C
****************************************************************
********                 !!!WARNING!!!                  ********
****************************************************************
*                                                              *
*  Unauthorized access or use of this system is NOT permitted  *
*       and is strictly prohibited by security policies,       *
*             regulations, state and federal laws.             *
*     UNAUTHORIZED USERS ARE SUBJECT TO CRIMINAL AND CIVIL     *
*     PENALTIES AS WELL AS COMPANY-INITIATED DISCIPLINARY      *
*                        PROCEEDINGS!                          *
*       Access to this eqipment is monitored and logged!       *
*         These logs may be used as evidence in court.         *
*                                                              *
****************************************************************



!
line con 0
 logging synchronous
line vty 0 4
 exec-timeout 30 0
 authorization exec AAA
 login authentication AAA
 length 0
 transport input ssh
line vty 5 15
 transport input ssh
!
ntp server <server1>
ntp server <server2>
!
end