Hi,

thanks a lot for your answer. This command is at system level I see!

on some switches, it says command deprecated - use access-seesion instead.

Thanks a lot.

@Desco the command "authentication mac-move permit" is only relevant when moving to another switchport on the same switch, not a different switch in another building as per your scenario. FYI, that command is depreciated depending on whether you are running IBNS 1.0 or 2.0 configuration.

Does VLAN 76 actually exist on the switch the endpoint is connecting to?

What is the output of "show authentication-session interface x/y/z detail"?

Does ClearPass actually authenticate/authorise the endpoint correctly and return the correct settings (VLAN)?

@Rob Ingram, Hi, I have only one 48 ports switch in this remote location.

All vlans are configured on the switch and all desktop computers are moving, as they should, to vlan 76.

Clear Pass does work properly as well, because the first authentication is valid.

The problem is on the switch.

I did add the command "authentication mac-move permit" when possible. I will wait for the tests.

On 2 same model switches with the same version of IOSXE, I can or cannot use the command "authentication mac-move permit"

On that switch, when I use "authentication display config-mode" I get "Current configuration mode is legacy".

What is the best to have the same way of working?

Thanks.

@Desco As mentioned before, mac-move is relevant when moving interfaces on the same switch, and does not apply when moving to a different switch on a different site.

Please provide is the output of "show authentication-session interface x/y/z detail" when a endpoint is connected and does not get an IP address.

Is RADIUS accounting configured?

Please provide your relevant switch configuration of the non-working switch.

Is it only this switch that is the problem or does the same issue occur on other switches?

Please provide screenshots of the "output" tab in clearpass access tracker event for this endpoint when it is authenticated.

Hi,

here is the config file.

I do not have laptop user every day on site, so I cannot provide ClearPass info today.

version 17.9
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging console emergencies
aaa new-model
!
!
aaa group server radius
server-private
ip radius source-interface Vlan1
!
aaa group server radius
server
server-private
!
aaa authentication login default group
aaa authentication login console group
aaa authentication enable default none
aaa authentication dot1x default group
aaa authorization console
aaa authorization exec default group
aaa authorization network default group
aaa accounting dot1x default start-stop group
!
!
aaa server radius dynamic-author
client
port 3799
auth-type all
!
aaa session-id common
!
!
!
boot system switch all flash:packages.conf
switch 1 provision c9200l-48p-4g
!
!
!
!
!
ip host
ip name-server
ip domain name
!
ip dhcp pool webuidhcp
!
!
!
login on-success log
ipv6 unicast-routing
vtp mode transparent
vtp version 1
!
!
!
!
!
authentication mac-move permit
!
table-map AutoQos-4.0-Trust-Dscp-Table
default copy
!
!
crypto pki trustpoint TP-self-signed-1617971597
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1617971597
revocation-check none
rsakeypair TP-self-signed-1617971597
!
crypto pki trustpoint SLA-TrustPoint
enrollment terminal
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-1617971597
certificate self-signed 01 nvram:IOS-Self-Sig#2.cer
crypto pki certificate chain SLA-TrustPoint
certificate ca 01 nvram:CiscoLicensi#1CA.cer
!
crypto pki certificate pool
cabundle nvram:ios_core.p7b
!
license boot level network-essentials addon dna-essentials
license smart transport callhome
dot1x system-auth-control
archive
path
write-memory
time-period 43833
memory free low-watermark processor 9899
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
!
!
!
!
!
redundancy
mode sso
crypto engine compliance shield disable
!
!
!
!
!
transceiver type all
monitoring
!
vlan 5
name
!
vlan 10
name
!
vlan 76
name
!
vlan 80
name
!
vlan 82
name
!
vlan 100
name
!
vlan 140
name
!
vlan 160
name
!
vlan 161
name
!
vlan 162
name
!
vlan 163
name
!
vlan 254
name
!
vlan 255
name
!
vlan 996
name
!
vlan 998
name
!
lldp run
!
class-map match-any system-cpp-police-ewlc-control
description EWLC Control
class-map match-any AutoQos-4.0-Output-Multimedia-Conf-Queue
match dscp af41 af42 af43
match cos 4
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
class-map match-any AutoQos-4.0-Output-Bulk-Data-Queue
match dscp af11 af12 af13
match cos 1
class-map match-any system-cpp-default
description EWLC data, Inter FED Traffic
class-map match-any system-cpp-police-sys-data
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
class-map match-any AutoQos-4.0-Output-Priority-Queue
match dscp cs4 cs5 ef
match cos 5
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any AutoQos-4.0-Output-Multimedia-Strm-Queue
match dscp af31 af32 af33
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-high-rate-app
description High Rate Applications
class-map match-any system-cpp-police-multicast
description MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual OOB
class-map match-any dscp-cos
description dscp 46 to cos 6
match dscp ef
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any AutoQos-4.0-Output-Trans-Data-Queue
match dscp af21 af22 af23
match cos 2
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-ios-routing
description L2 control, Topology control, Routing control, Low Latency
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
class-map match-any AutoQos-4.0-Output-Scavenger-Queue
match dscp cs1
class-map match-any system-cpp-police-ios-feature
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
class-map match-any AutoQos-4.0-Output-Control-Mgmt-Queue
match dscp cs2 cs3 cs6 cs7
match cos 3
!
policy-map AutoQos-4.0-Output-Policy
class AutoQos-4.0-Output-Priority-Queue
priority level 1 percent 30
class AutoQos-4.0-Output-Control-Mgmt-Queue
bandwidth remaining percent 10
queue-limit dscp cs2 percent 80
queue-limit dscp cs3 percent 90
queue-limit dscp cs6 percent 100
queue-limit dscp cs7 percent 100
queue-buffers ratio 10
class AutoQos-4.0-Output-Multimedia-Conf-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class AutoQos-4.0-Output-Trans-Data-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class AutoQos-4.0-Output-Bulk-Data-Queue
bandwidth remaining percent 4
queue-buffers ratio 10
class AutoQos-4.0-Output-Scavenger-Queue
bandwidth remaining percent 1
queue-buffers ratio 10
class AutoQos-4.0-Output-Multimedia-Strm-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class class-default
bandwidth remaining percent 25
queue-buffers ratio 25
policy-map system-cpp-policy
policy-map Mitel-Dscp-Policy
class dscp-cos
set cos 6
policy-map AutoQos-4.0-Trust-Dscp-Input-Policy
class dscp-cos
set cos 6
class class-default
set dscp dscp table AutoQos-4.0-Trust-Dscp-Table
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
!
interface GigabitEthernet1/0/1
description
switchport trunk allowed vlan 1,5,10,76,80,82,140,160-163,254,255
switchport mode trunk
auto qos trust dscp
spanning-tree portfast disable
spanning-tree bpduguard disable
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/2
description
switchport trunk allowed vlan 1,5,10,76,80,82,140,160-163,254,255
switchport mode trunk
auto qos trust dscp
spanning-tree portfast disable
spanning-tree bpduguard disable
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/3
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/4
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/5
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/6
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/7
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/8
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/9
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/10
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/11
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/12
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/13
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/14
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/15
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/16
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/17
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/18
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/19
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/20
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/21
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/22
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/23
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/24
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/25
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/26
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/27
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/28
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/29
description IP PHONE-COMPUTER
switchport access vlan 161
switchport mode access
switchport voice vlan 10
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/30
description NAS
switchport mode access
auto qos trust dscp
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/31
description NAS
switchport mode access
auto qos trust dscp
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/32
description CAMERAS
switchport mode access
auto qos trust dscp
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/33
description CAMERAS
switchport mode access
auto qos trust dscp
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/34
description CAMERAS
switchport mode access
auto qos trust dscp
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/35
description CAMERAS
switchport mode access
auto qos trust dscp
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/36
description CAMERAS
switchport mode access
auto qos trust dscp
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/37
description CAMERAS
switchport mode access
auto qos trust dscp
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/38
description CAMERAS
switchport mode access
auto qos trust dscp
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/39
description
switchport access vlan 161
switchport mode access
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority mab dot1x
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/40
description
switchport access vlan 161
switchport mode access
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority mab dot1x
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/41
description
switchport access vlan 161
switchport mode access
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority mab dot1x
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/42
description Printer
switchport access vlan 161
switchport mode access
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/43
description Printer
switchport access vlan 161
switchport mode access
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/44
description Printer
switchport access vlan 161
switchport mode access
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 15
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/45
description
switchport access vlan 10
switchport mode access
auto qos trust dscp
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/46
description
switchport access vlan 10
switchport mode access
auto qos trust dscp
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/47
description
switchport access vlan 10
switchport mode access
auto qos trust dscp
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/48
description
switchport access vlan 10
switchport mode access
auto qos trust dscp
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/1/1
shutdown
!
interface GigabitEthernet1/1/2
shutdown
!
interface GigabitEthernet1/1/3
shutdown
!
interface GigabitEthernet1/1/4
shutdown
!
interface Vlan1
ip address
!
ip default-gateway
no ip http server
ip http authentication aaa
ip http secure-server
ip http client source-interface Vlan1
ip forward-protocol nd
ip ssh maxstartups 2
ip ssh version 2
!
!
ip access-list standard 99
10 permit
!
!
!
!
control-plane
service-policy input system-cpp-policy
!
banner login 
##############################################################
# #
# !!! Warning !!! #
# You are now connected to a private computer system. #
# If you are not an authorized user, disconnect immediately. #
# #
##############################################################


!
line con 0
exec-timeout 5 0
stopbits 1
line aux 0
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
ntp source Vlan1
ntp server
ntp server
!
!
!
!
!
!
pnp profile pnp_cco_profile
transport https ipv4 52.203.231.173 port 443
!
end