Working Brocade ICX 7450 wired configuration. This configuration was used to validate CWA guest flow using the native URL redirection capabilities (static URL redirect) and RADIUS Accounting support for MAC authentication in 08.0.60 release.
See the ISE Third-Party NAD Profiles document for additional NAD configurations and profiles.
!
global-stp
!
!
captive-portal brocade
virtual-ip cisco-ise.englab.brocade.com
virtual-port 8443
login-page /portal/g?p=KlbpxpAoRlQx1U8XG8WdvbwmwV
!
vlan 1 name DEFAULT-VLAN by port
spanning-tree priority 65535
!
vlan 103 by port
tagged ethe 1/1/40
router-interface ve 103
!
vlan 1000 name v1000.unused.ports by port
tagged ethe 1/1/40
untagged ethe 1/1/2
router-interface ve 1000
spanning-tree priority 65535
webauth
captive-portal profile brocade
attempt-max-num 3
cycle-time 15
reauth-time 86500
authenticated-mac-age-time 15
block duration 10
auth-mode captive-portal
trust-port ethernet 1/1/2
enable
!
vlan 3150 name v3150.02.army-bueku-usr-tr by port
tagged ethe 1/1/40
!
authentication
auth-default-vlan 3150
re-authentication
mac-authentication enable
mac-authentication enable ethe 1/1/13
!
aaa authentication dot1x default radius
aaa authorization coa enable
aaa accounting mac-auth default start-stop radius
boot sys fl sec
console timeout 10
enable acl-per-port-per-vlan
hostname 7450-U33
no ip dhcp-client auto-update enable
ip dhcp-server enable
no ip dhcp-server mgmt
!
ip dhcp-server pool test
dhcp-default-router 103.1.1.1
domain-name brocade.com
excluded-address 103.1.1.1
lease 1 0 0
network 103.0.0.0 255.0.0.0
tftp-server 10.20.64.12
deploy
!
!
ip dhcp-server pool net-10
dhcp-default-router 10.20.64.53
domain-name brocade.com
excluded-address 10.20.64.0 10.20.64.13
excluded-address 10.20.64.15 10.20.64.127
lease 1 0 0
network 10.20.64.0 255.255.255.128
tftp-server 10.20.64.12
deploy
!
ip dns domain-list swa.ds.army.mil
ip dns server-address 10.31.2.10
ip route 10.0.0.0/8 10.20.64.1
!
no telnet server
radius-client coa host 10.21.240.48 key 2 $VSFAUyEtLQ==
radius-server host 10.21.240.48 auth-port 1645 acct-port
1646 default key 2 $VSFAUyEtLQ== dot1x mac-auth web-auth
radius-server timeout 2
!
web-management https
hitless-failover enable
!
interface ethernet 1/1/13
spanning-tree 802-1w admin-edge-port
broadcast limit 49152
!
interface ve 103
ip address 103.1.1.1 255.0.0.0
!
interface ve 1000
ip address 10.20.64.53 255.255.255.128
!
end