Also, would you please take a look at my switch configuration, i'm using a
Cisco Catalyst 3560 (should i change SNMP to v3 ?)
Building configuration...
Current configuration : 6860 bytes
!
! Last configuration change at 00:46:26 UTC Sat Apr 2 2011 by admin
! NVRAM config last updated at 08:32:10 UTC Wed Mar 30 2011 by admin
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco3560
!
boot-start-marker
boot-end-marker
!
!
username admin privilege 15 password 0 letmein
aaa new-model
!
!
aaa group server radius packetfence
server 172.16.202.5 auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication dot1x default group packetfence
aaa authorization network default group packetfence
!
!
!
!
!
aaa server radius dynamic-author
client 172.16.202.5 server-key hola
port 3799
!
aaa session-id common
system mtu routing 1500
ip routing
ip dhcp excluded-address 172.16.202.5
ip dhcp excluded-address 172.16.202.10
ip dhcp excluded-address 172.16.202.1
ip dhcp excluded-address 172.16.207.10
ip dhcp excluded-address 172.16.215.10
ip dhcp excluded-address 172.16.202.20
!
ip dhcp pool Management
network 172.16.202.0 255.255.255.0
default-router 172.16.202.10
!
ip dhcp pool Normal
network 172.16.207.0 255.255.255.0
default-router 172.16.207.10
!
ip dhcp pool Isolation_2
network 172.16.215.0 255.255.255.0
default-router 172.16.215.10
!
!
ip dhcp snooping
ip device tracking
nmsp enable
udld enable
!
!
crypto pki trustpoint TP-self-signed-502563456
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-502563456
revocation-check none
rsakeypair TP-self-signed-502563456
!
!
crypto pki certificate chain TP-self-signed-502563456
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 35303235 36333435 36301E17 0D313130 33333030 34313430
385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3530 32353633
34353630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
9B877B6A B3540994 3390B69F E4045E2A FEB8A64E F69A5341 54318571 B772BF52
DCEFBD60 B038438C 809235E9 7E6ADFDE E1DF9012 E4ADB308 28A19C73 C3B4ADB9
3E41068B 23AF6917 766AF83A 64D560FF BAFDC283 4701EC9E EFAC4765 5557DFBF
11F00454 A4CB235F 7B9112DC C05EE7DE BA9C97A3 1F841160 974B584D 6714188B
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 1680149C 43526D88 DCC276A8 E7E69877 EB62A9D4 31816630 1D060355
1D0E0416 04149C43 526D88DC C276A8E7 E69877EB 62A9D431 8166300D 06092A86
4886F70D 01010505 00038181 0018B2C9 0C2368D8 6B8E3EA5 98F289A1 47FFDDD0
FEE0F622 03B3B3A7 6D036F5D B1152DCC 8E4DBC63 CD3CD5FF F157A227 5317CFEA
548641E0 7B26FE42 4146F730 9630D745 0E72059B 0D300D57 A877722A 5AA26BD6
597B4993 CA0D252C 214CB0A7 2C5C7675 2A638F1A 67422926 4103B2CF 05B88682
4CDBE1B2 16205DB9 0296D435 0F
quit
!
!
!
dot1x system-auth-control
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
shutdown
!
interface GigabitEthernet0/1
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport trunk allowed vlan 10,11
switchport mode trunk
!
interface GigabitEthernet0/3
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport trunk allowed vlan 2,7,10,11
switchport mode trunk
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
switchport mode access
authentication host-mode multi-domain
authentication order dot1x
authentication priority dot1x
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
dot1x pae authenticator
spanning-tree portfast
!
interface GigabitEthernet0/8
switchport mode access
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
mab
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
spanning-tree portfast
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
switchport access vlan 7
switchport mode access
authentication event fail action authorize vlan 15
authentication host-mode multi-host
authentication port-control auto
authentication periodic
dot1x pae authenticator
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet0/13
switchport access vlan 2
switchport mode access
authentication host-mode multi-domain
authentication order dot1x
authentication priority dot1x
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
dot1x pae authenticator
spanning-tree portfast
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface TenGigabitEthernet1/1
!
interface TenGigabitEthernet1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 172.16.202.10 255.255.255.0
!
interface Vlan7
ip address 172.16.207.10 255.255.255.0
!
interface Vlan10
ip address 172.16.210.10 255.255.255.0
!
interface Vlan11
ip address 172.16.211.10 255.255.255.0
!
interface Vlan15
ip address 172.16.215.10 255.255.255.0
!
interface Vlan99
ip address 172.16.220.10 255.255.255.0
!
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 172.16.202.5
!
ip access-list extended redirect
deny ip any host 172.16.202.5
permit tcp any any eq www
permit tcp any any eq 443
ip access-list extended registered
permit ip any any
!
!
snmp-server community public RO
snmp-server community private RW
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps mac-notification change move threshold
snmp-server host 172.16.202.5 version 2c public mac-notification snmp
!
radius-server host 172.16.202.5 key fcb
radius-server host 172.16.202.5 auth-port 1812 acct-port 1813 key hola
radius-server vsa send authentication
!
!
!
line con 0
line vty 5 15
!
end
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
