AAA issue with version 12

yogesh1 · ‎03-22-2018

Dear Team,

we are implementing aaa on our cisco environment and able to do it on cisco switch with version 15 by below template.

aaa new-model
!
!
aaa group server radius AUTH_RADIUS
server name AUTH_RADIUS
exit
!
aaa authentication login AUTH_RADIUS local group AUTH_RADIUS
aaa authorization exec AUTH_RADIUS local group AUTH_RADIUS
aaa accounting delay-start
aaa accounting exec default start-stop group AUTH_RADIUS
!
!
!
!
!
!
aaa session-id common
clock timezone UTC 0 5

!

radius server AUTH_RADIUS
address ipv4 10.85.0.0 auth-port 1645 acct-port 1646
key cisco1234
exit

!
!
!
!
line con 0
password cisco
login
exit
!

line vty 0 4
login authentication AUTH_RADIUS
transport input ssh
line vty 5 15
transport input ssh
!

end

But on cisco version 12 we are not able to run same template because above template is not running directly we are getting error can you please suggest changes what we need to do in template to run the same commands.

eg : server name ?? this command id not working in ver 12 its not getting name its getting radius server ip.

Deepak Kumar · ‎03-22-2018

Hi,

There are many changes in version 12 and 15 for Radius configuration.

Try with below sample commands,

username XXXXX privilege 15 secret <Type your password> ! this is a local account, in case of radius, fail then you can log in to the switch.

!
aaa new-model
!
aaa authentication login CISCO group radius local

!

radius-server host 10.10.X.X auth-port 1812 acct-port 1813 key <Key> ! X.X = Radius server IP.

!

line vty 0 4
login authentication CISCO
transport input telnet ssh

!

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

yogesh1 · ‎03-22-2018

Dear Deepak,

I have enable aaa by port 1645,1646 on version 15 so its recommended to change port to 1812 acct-port 1813

Deepak Kumar · ‎03-23-2018

Hi,

It's not recommended. If your radius configured with ports 1645,1646 then keep it.

For your kind information that Windows server 2012/2008 can work on both ports. You need to check your host firewall configuration only.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

yogesh1 · ‎03-24-2018

Dear Deepak,

radius-server host 10.10.X.X auth-port 1812 acct-port 1813 key <Key> ! X.X = Radius server IP.

radius-server host we have to give radius server ip ?

or after entering the shared key = then again we have to pass radius server ip ?

can you please explain me the command .

Deepak Kumar · ‎03-24-2018

Hi, Sorry for some typo. You have to give radius server IP after "radius-server host" Regards, Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

yogesh1 · ‎03-24-2018

Dear Deepak,

Now I am able to authenticate to radius through internally but when I try my domain id for login its given me access denied error please find the commands below.

H4-SW02#sh run | in aaa
aaa new-model
aaa group server radius AUTH_RADIUS
aaa authentication login AUTH_RADIUS local group AUTH_RADIUS
aaa authorization exec AUTH_RADIUS local group AUTH_RADIUS
aaa accounting delay-start
aaa accounting exec default start-stop group AUTH_RADIUS
aaa session-id common
H4-SW02#radius-server host 10.85.28.33 auth-port 1645 acct-port 1645 key 7 05080F1C22431F5B4A
!
control-plane

H4-SW02#
H4-SW02#
H4-SW02#
H4-SW02#test aaa group radius yogesh.negi pana@123 new-code
User successfully authenticated

H4-SW02#test aaa group radius server 10.85.28.33 yogesh.negi pana@123 legacy
Attempting authentication test to server-group radius using radius
User was successfully authenticated.

H4-SW02#
H4-SW02#

I think I forget to call radius group please suggest.??

Deepak Kumar · ‎03-24-2018

Hi,

As per configuration, your radius group is: AUTH_RADIUS

Share a debug output for more details.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

yogesh1 · ‎03-24-2018

Dear Deepak ,

Please find the sh run of switch and also let me know which debugging I need to start for this.

H4-SW02#
H4-SW02#sh run
H4-SW02#sh running-config
Building configuration...

Current configuration : 7685 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname H4-SW02
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Gqv1$AITYsSd3Hyv0rnVpgvZl1.
!
username panasonicindia privilege 15 secret 5 $1$x.M2$U6tuZAjMv7QfvMhrXT96z1
aaa new-model
!
!
aaa group server radius AUTH_RADIUS
server 10.85.28.33 auth-port 1645 acct-port 1646
!
aaa authentication login AUTH_RADIUS local group AUTH_RADIUS
aaa authorization exec AUTH_RADIUS local group AUTH_RADIUS
aaa accounting delay-start
aaa accounting exec default start-stop group AUTH_RADIUS
!
!
!
aaa session-id common
system mtu routing 1500
ip subnet-zero
!
!
!
crypto pki trustpoint TP-self-signed-2137832704
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2137832704
revocation-check none
rsakeypair TP-self-signed-2137832704
!
!
crypto pki certificate chain TP-self-signed-2137832704
certificate self-signed 01
30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32313337 38333237 3034301E 170D3933 30333031 30303030
34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31333738
33323730 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100ECE8 6072A122 D6B6BECB DC994E5D AEA5E414 AD517685 911A779C 6F29292E
C6C37243 532AA0C1 C76F6BD0 EC1FF223 CFCA37BE 8901B86A 5E709002 DD59E457
DBAC6BF9 2380D0AA 6F1550E2 C7101788 8F6224BD 930BA076 AC4B8657 5C2BD277
07A151EB 6D9E9AFB BDC5A999 5846C4A7 B4871C8D 35E33769 E209F9B3 8683815E
4B450203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
551D1104 0C300A82 0848342D 53573032 2E301F06 03551D23 04183016 80146003
7BC2F7F3 CB35DB38 FFA3CFFF 616D59E7 CD43301D 0603551D 0E041604 1460037B
C2F7F3CB 35DB38FF A3CFFF61 6D59E7CD 43300D06 092A8648 86F70D01 01040500
03818100 032E1A31 387E423F 95A46386 0ADFB001 82F178F3 CB329D35 2356E746
1B92ECB2 D50F6768 7D971C15 F25DE5AE 8F696C9B 4CFF7F22 7E71D905 746C4E60
139E6EE1 54548DBE E9304802 17982E63 7632B355 1D56FE23 760C6A3E 2F5D58C2
61275E4B 3E09657C B64F8BA7 9EA7FEBB FA65438B EC3F05DB BD7643BD CA461FBC F9A20E02
quit
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/15
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/21
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/22
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/23
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/24
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/25
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/26
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/27
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/28
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/29
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/30
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/31
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/32
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/33
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/34
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/35
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/36
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/37
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/38
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/39
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/40
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/41
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/42
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/43
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/44
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/45
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/46
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/47
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/48
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/1
speed 100
duplex full
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan10
ip address 10.85.45.52 255.255.255.0
no ip route-cache
!
ip default-gateway 10.85.64.2
ip http server
ip http secure-server
snmp-server community public RO
radius-server host 10.85.28.33 auth-port 1645 acct-port 1645 key 7 05080F1C22431F5B4A
!
control-plane
!
banner login ^CCCC
WARNING: This system is for the use of authorized ADMINISTRATOR only.

Individuals trying to connect to the network devices without authorization are
subject to having all their reactivity on this network domain monitored and
recorded by log server.

Anyone connected to the terminal expressly consents to such monitoring and is
advised that if such monitoring reveals possible conduct of criminal activity,
network monitoring tools may provide the evidence of such activity to the
Network Administrator.

Unauthorized access is a violation of law and may lead to criminal action.
^C
banner motd ^CCCC
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

WARNING:

Unauthorized a^C
!
line con 0
password 7 104D000A0618
line vty 0 4
exec-timeout 5 0
login authentication AUTH_RADIUS
transport input all
line vty 5 15
exec-timeout 5 0
transport input all
!
end

H4-SW02#
H4-SW02#
H4-SW02#
H4-SW02#

Deepak Kumar · ‎03-24-2018

Hi,

Please provide output:

debug aaa authentication

debug radius authentication

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

yogesh1 · ‎04-12-2018

Hi Deepak,

Thanks for help that issue has been resolved for switch version 15 or 12.

But now I am facing one more issue that we have core switch of 3850 & with below version.

Switch Ports Model              SW Version        SW Image              Mode
------ ----- -----              ----------        ----------            ----
*    1 16    WS-C3850-12XS      03.07.04E         cat3k_caa-universalk9 INSTALL
     2 16    WS-C3850-12XS      03.07.04E         cat3k_caa-universalk9 INSTALL

So please find the below existing configuration & suggest changes.

PI-Core#
PI-Core#sh run
PI-Core#sh running-config
Building configuration...

Current configuration : 12931 bytes
!
! Last configuration change at 08:40:25 UTC Tue Mar 27 2018 by panasonicindia
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service compress-config
!
hostname PI-Core
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no logging console
enable secret 5 $1$4ENJ$Pt9HR7odQMHrCo58UK28W1
!
username panasonicindia privilege 15 secret 5 $1$VHPe$iCepdr5VRLEYmidkUU6ta1
aaa new-model
!
!
aaa group server radius AUTH_RADIUS
server name AUTH_RADIUS
!
aaa authentication login AUTH_RADIUS local group AUTH_RADIUS
aaa authorization exec AUTH_RADIUS local group AUTH_RADIUS
aaa accounting delay-start
aaa accounting exec default start-stop group AUTH_RADIUS
!
!
!
!
!
!
aaa session-id common
clock timezone UTC 0 5
switch 1 provision ws-c3850-12xs
switch 2 provision ws-c3850-12xs
!
!
!
!
!
coap http enable
!
!
!
!
!
!
ip routing
!
ip domain-name PANASONIC.COM
no ip dhcp conflict logging
ip dhcp excluded-address 10.85.45.1 10.85.45.5
ip dhcp excluded-address 10.85.67.1 10.85.67.5
ip dhcp excluded-address 10.85.64.100 10.85.64.104
ip dhcp excluded-address 10.85.64.1 10.85.64.60
ip dhcp excluded-address 10.85.42.1 10.85.42.20
ip dhcp excluded-address 10.85.41.1 10.85.41.50
ip dhcp excluded-address 137.40.35.1 137.40.35.70
ip dhcp excluded-address 10.85.41.213 10.85.41.225
ip dhcp excluded-address 10.85.67.105
ip dhcp excluded-address 10.85.67.200 10.85.67.205
ip dhcp excluded-address 10.85.40.1 10.85.40.80
ip dhcp excluded-address 10.85.67.226
ip dhcp excluded-address 10.85.64.218
ip dhcp excluded-address 137.40.35.161 137.40.35.162
ip dhcp excluded-address 10.85.40.106
ip dhcp excluded-address 10.85.41.108
ip dhcp excluded-address 137.40.35.102
ip dhcp excluded-address 10.85.41.62
ip dhcp excluded-address 10.85.67.6 10.85.67.7
ip dhcp excluded-address 10.85.67.16
ip dhcp excluded-address 10.85.65.117
ip dhcp excluded-address 10.85.65.251
ip dhcp excluded-address 10.85.89.1 10.85.89.50
ip dhcp excluded-address 10.85.64.237
ip dhcp excluded-address 137.40.35.180
no ip dhcp ping packets
!
ip dhcp pool LAN
network 10.85.67.0 255.255.255.0
default-router 10.85.67.2
dns-server 10.85.28.33 137.40.35.12 10.81.248.31
netbios-name-server 137.40.35.12 10.85.28.33
lease 0 8
!
ip dhcp pool 10.85.42.X
network 10.85.42.0 255.255.255.0
default-router 10.85.42.2
dns-server 10.85.28.33 137.40.35.12 10.81.248.31
netbios-name-server 137.40.35.12 10.85.28.33
lease 0 8
!
ip dhcp pool 10.85.41.X
network 10.85.41.0 255.255.255.0
default-router 10.85.41.1
dns-server 10.85.28.33 137.40.35.12 10.81.248.31
netbios-name-server 137.40.35.12 10.85.28.33
lease 0 8
!
ip dhcp pool 137.40.35.X
network 137.40.35.0 255.255.255.0
default-router 137.40.35.1
dns-server 10.85.28.33 137.40.35.12 10.81.248.31
netbios-name-server 137.40.35.12 10.85.28.33
lease 0 8
!
ip dhcp pool 11thfloor
network 10.85.40.0 255.255.255.0
default-router 10.85.40.1
dns-server 10.85.28.33 137.40.35.12 10.81.248.31
netbios-name-server 137.40.35.12 10.85.28.33
lease 0 8
!
ip dhcp pool WIRELESS
network 10.85.64.0 255.255.254.0
default-router 10.85.64.2
dns-server 10.85.28.33 137.40.35.12 10.81.248.31
netbios-name-server 137.40.35.12 10.85.28.33
lease 0 8
!
ip dhcp pool Mobility
network 10.85.89.0 255.255.255.0
default-router 10.85.89.1
dns-server 10.85.28.33 137.40.35.12 10.81.248.31
netbios-name-server 137.40.35.12 10.85.28.33
lease 0 8
!
!
qos queue-softmax-multiplier 100
!
crypto pki trustpoint TP-self-signed-2007993793
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2007993793
revocation-check none
rsakeypair TP-self-signed-2007993793
!
!
crypto pki certificate chain TP-self-signed-2007993793
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32303037 39393337 3933301E 170D3137 30363037 31303337
34325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30303739
39333739 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A338 422028C8 496DC624 1CFD5456 03DAC0CF 4CD88B85 0C5A1326 2ECD27A8
C2A4BA98 25806886 FF289381 5EF3EE60 15110B3F FFC66C2D 01A18EDA 58F57266
4AEC541F A6E64DC7 FDADE28F 60C7C832 D6C11504 C1944AB7 F9E46EF4 F6B172FA
92BEFDAF F863E9B3 46CA8A30 2BA9659C 89A17037 D3597870 B3648509 969D2416
5F5D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 144F2156 CCB20CB8 24FA9DF8 DD0A11FF E482704B A5301D06
03551D0E 04160414 4F2156CC B20CB824 FA9DF8DD 0A11FFE4 82704BA5 300D0609
2A864886 F70D0101 05050003 81810027 917A77D9 A9054234 22AEF1D1 3835D47B
800A4161 CD7B0484 F4903952 1FF7EF48 ACEAEC55 CA85F962 331473B5 AB4376D2
28DD230E 3E62D668 800AE8C5 B6B0C217 19C0E6A2 507D9B72 C030DF89 19D84916
2A5A3FF3 347862C0 87ABD0F6 0EC1A875 5C10EBAB DC557EDD 5434F520 53BECA95
D6FB9EA5 CD39C3A3 2995DC26 1F4F5F
quit
diagnostic bootup level minimal
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
hw-switch switch 1 logging onboard message level 3
hw-switch switch 2 logging onboard message level 3
!
redundancy
mode sso
!
!
!
class-map match-any non-client-nrt-class
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel9
switchport mode trunk
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface TenGigabitEthernet1/0/1
description "Connected With 12_Floor_HUB1"
switchport mode trunk
!
interface TenGigabitEthernet1/0/2
description "Connected With 12_Floor_HUB3"
switchport mode trunk
!
interface TenGigabitEthernet1/0/3
description "Connected With 12_Floor_HUB4"
switchport mode trunk
!
interface TenGigabitEthernet1/0/4
description "Connected With 12_Floor_HUB6"
switchport mode trunk
!
interface TenGigabitEthernet1/0/5
description "Connected With 11_Floor_HUB1"
switchport mode trunk
!
interface TenGigabitEthernet1/0/6
description "Connected With 11_Floor_HUB2"
switchport mode trunk
!
interface TenGigabitEthernet1/0/7
description "Connected With 11_Floor_HUB3"
switchport mode trunk
!
interface TenGigabitEthernet1/0/8
description ""Connected with HUB-9 11th floor""
switchport mode trunk
!
interface TenGigabitEthernet1/0/9
switchport mode trunk
channel-group 9 mode on
!
interface TenGigabitEthernet1/0/10
!
interface TenGigabitEthernet1/0/11
description ""uplink Cisco WLC_2504""
switchport mode trunk
!
interface TenGigabitEthernet1/0/12
description "Connected with MPLS(Primary)RTR-1"
switchport access vlan 80
switchport mode access
speed 100
duplex full
spanning-tree portfast
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface TenGigabitEthernet2/0/1
description "Connected With 12_Floor_HUB1"
switchport mode trunk
spanning-tree vlan 10 cost 200
!
interface TenGigabitEthernet2/0/2
description "Connected With 12_Floor_HUB3"
switchport mode trunk
!
interface TenGigabitEthernet2/0/3
description "Connected With 12_Floor_HUB4"
switchport mode trunk
!
interface TenGigabitEthernet2/0/4
description "Connected With 12_Floor_HUB6"
switchport mode trunk
!
interface TenGigabitEthernet2/0/5
description "Connected With 11_Floor_HUB1"
switchport mode trunk
!
interface TenGigabitEthernet2/0/6
description "Connected With 11_Floor_HUB2"
switchport mode trunk
!
interface TenGigabitEthernet2/0/7
description "Connected With 11_Floor_HUB3"
switchport mode trunk
!
interface TenGigabitEthernet2/0/8
description "" Connected with HUB-9 11th Floor""
switchport mode trunk
!
interface TenGigabitEthernet2/0/9
switchport mode trunk
channel-group 9 mode on
!
interface TenGigabitEthernet2/0/10
!
interface TenGigabitEthernet2/0/11
switchport access vlan 70
speed 100
!
interface TenGigabitEthernet2/0/12
description "Connected with MPLS(Secondary)RTR-2"
switchport access vlan 80
speed 100
duplex full
!
interface TenGigabitEthernet2/1/1
!
interface TenGigabitEthernet2/1/2
!
interface TenGigabitEthernet2/1/3
!
interface TenGigabitEthernet2/1/4
!
interface Vlan1
ip address 10.85.64.2 255.255.254.0
!
interface Vlan10
ip address 10.85.45.2 255.255.255.0
!
interface Vlan11
ip address 10.85.40.1 255.255.255.0
!
interface Vlan20
ip address 10.85.67.2 255.255.255.0
!
interface Vlan30
ip address 10.85.41.1 255.255.255.0
!
interface Vlan40
ip address 10.85.42.2 255.255.255.0
!
interface Vlan50
ip address 137.40.35.1 255.255.255.0
!
interface Vlan70
no ip address
ip helper-address 192.168.1.1
!
interface Vlan80
ip address 10.85.80.5 255.255.255.0
!
interface Vlan89
ip address 10.85.89.1 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.85.80.1
!
!
ip sla enable reaction-alerts
logging trap debugging
logging host 137.40.35.161
!
snmp-server community pana123 RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps transceiver all
snmp-server enable traps cpu threshold
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps flash insertion removal
snmp-server enable traps power-ethernet police
snmp-server enable traps energywise
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps license
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps stackwise
snmp-server enable traps port-security
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps vstack
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps ipsla
snmp-server enable traps errdisable
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server host 137.40.35.102 version 2c ro
snmp-server host 137.40.35.102 version 2c wr
!
radius server AUTH_RADIUS
address ipv4 10.85.28.33 auth-port 1645 acct-port 1646
key 7 0822455D0A16544541
!
!
!
banner login ^CXTCCC
WARNING: This system is for the use of authorized ADMINISTRATOR only.
Individuals trying to connect to the network devices without authorization are
subject to having all their reactivity on this network domain monitored and
recorded by log server.
Anyone connected to the terminal expressly consents to such monitoring and is
advised that if such monitoring reveals possible conduct of criminal activity,
network monitoring tools may provide the evidence of such activity to the
Network Administrator.
Unauthorized access is a violation of law and may lead to criminal action.
^C
banner motd ^CXTCCC
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
WARNING: $$$$

^C
!
line con 0
password 7 121A0C041104
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login authentication AUTH_RADIUS
transport input ssh
line vty 5 15
transport input ssh
!
ntp server 10.85.28.33
ntp server 137.40.35.12
wsma agent exec
profile httplistener
profile httpslistener
!
wsma agent config
profile httplistener
profile httpslistener
!
wsma agent filesys
profile httplistener
profile httpslistener
!
wsma agent notify
profile httplistener
profile httpslistener
!
!
wsma profile listener httplistener
transport http
!
wsma profile listener httpslistener
transport https
!
ap group default-group
end

PI-Core#
PI-Core#