cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
configure & troubleshoot anyconnect

Brocade 7450 NAD Config [PDF]

836
Views
2
Helpful
0
Comments

Working Brocade ICX 7450 wired configuration.  This configuration was used to validate CWA guest flow using the native URL redirection capabilities (static URL redirect) and RADIUS Accounting support for MAC authentication in 08.0.60 release.

See the ISE Third-Party NAD Profiles document for additional NAD configurations and profiles.

!

global-stp

!

!

captive-portal brocade

  virtual-ip cisco-ise.englab.brocade.com

  virtual-port 8443

  login-page /portal/g?p=KlbpxpAoRlQx1U8XG8WdvbwmwV

!

vlan 1 name DEFAULT-VLAN by port

spanning-tree priority 65535

!

vlan 103 by port

tagged ethe 1/1/40

router-interface ve 103

!

vlan 1000 name v1000.unused.ports by port

tagged ethe 1/1/40

untagged ethe 1/1/2

router-interface ve 1000

spanning-tree priority 65535

webauth

  captive-portal profile brocade

  attempt-max-num 3

  cycle-time 15

  reauth-time 86500

  authenticated-mac-age-time 15

  block duration 10

  auth-mode captive-portal

  trust-port ethernet 1/1/2

  enable

!

vlan 3150 name v3150.02.army-bueku-usr-tr by port

tagged ethe 1/1/40

!

authentication

auth-default-vlan 3150

re-authentication

mac-authentication enable

mac-authentication enable ethe 1/1/13

!

aaa authentication dot1x default radius

aaa authorization coa enable

aaa accounting mac-auth default start-stop radius

boot sys fl sec

console timeout 10

enable acl-per-port-per-vlan

hostname 7450-U33

no ip dhcp-client auto-update enable

ip dhcp-server enable

no ip dhcp-server mgmt

!

ip dhcp-server pool test

dhcp-default-router 103.1.1.1

domain-name brocade.com

excluded-address 103.1.1.1

lease 1 0 0

network 103.0.0.0 255.0.0.0

tftp-server 10.20.64.12

deploy

!

!

ip dhcp-server pool net-10

dhcp-default-router 10.20.64.53

domain-name brocade.com

excluded-address 10.20.64.0 10.20.64.13

excluded-address 10.20.64.15 10.20.64.127

lease 1 0 0

network 10.20.64.0 255.255.255.128

tftp-server 10.20.64.12

deploy

!

ip dns domain-list swa.ds.army.mil

ip dns server-address 10.31.2.10

ip route 10.0.0.0/8 10.20.64.1

!

no telnet server

radius-client coa host 10.21.240.48 key 2 $VSFAUyEtLQ==

radius-server host 10.21.240.48 auth-port 1645 acct-port

1646 default key 2 $VSFAUyEtLQ== dot1x mac-auth web-auth

radius-server timeout 2

!

web-management https

hitless-failover enable

!

interface ethernet 1/1/13

spanning-tree 802-1w admin-edge-port

broadcast limit 49152

!

interface ve 103

ip address 103.1.1.1 255.0.0.0

!

interface ve 1000

ip address 10.20.64.53 255.255.255.128

!

end