Switch Templates

Cisco Switches

service password-encryption

password encryption aes

aaa new-model

aaa group server tacacs+ ADMIN

server-private x.x.x.x timeout 2 key 7 0052451011482D0F0525435A2B0C144447

server-private y.y.y.y timeout 2 key 7 135341041E1F2223212027271737025443

aaa authentication login default group ADMIN local

aaa authorization config-commands

aaa authorization exec default group ADMIN local if-authenticated

aaa accounting exec default start-stop group ADMIN

aaa group server radius CPPM

server-private x.x.x.x auth-port 1812 acct-port 1813 key 7 13170F3A1B59271905017902

server-private y.y.y.y auth-port 1812 acct-port 1813 key 7 120B1D3F025E2F37040E7519

aaa authentication dot1x default group CPPM

aaa authorization network default group CPPM

aaa accounting update periodic 5

aaa accounting dot1x default start-stop group CPPM

aaa server radius dynamic-author

client x.x.x.x

client y.y.y.y

server-key 7 02141C731B532C12626B5828

port 3799

auth-type all

aaa session-id common

dot1x system-auth-control

radius-server attribute 32 include-in-access-req format %h

interface GigabitEthernet1/0/1

description Golden-Port-Conf

switchport mode access

authentication control-direction in

authentication host-mode multi-auth

authentication order dot1x mab

authentication priority dot1x mab

authentication port-control auto

authentication timer reauthenticate server

mab

dot1x pae authenticator

dot1x timeout tx-period 10

dot1x timeout supp-timeout 15

dot1x max-reauth-req 1

ip http server

ip http banner

ip http secure-server

ip access-list extended CPPM-REDIRECT

deny ip any host 192.168.29.236

deny ip any host 192.168.29.235

deny ip any host 192.168.29.234

permit tcp any any eq www

permit tcp any any eq 443

Aruba Switches:

radius-server host X.X.X.X key "KEY"

radius-server host X.X.X.X dyn-authorization

radius-server host X.X.X.X clearpass

radius-server cppm identity "dur_ro_admin"

tacacs-server host X.X.X.X key "cgpUyycvBuAVJrtZ3RWPbdT933"

ip client-tracker

ip client-tracker probe-delay 120

aaa accounting update periodic 5

aaa accounting network start-stop radius

aaa authorization user-role enable download

aaa port-access authenticator 1/1-1/44,1/46-1/48,2/1-2/6,2/8-2/19,2/21-2/32,2/34-2/42,2/44-2/48

aaa port-access authenticator 1/1 tx-period 5

aaa port-access authenticator 1/1 client-limit 3

aaa port-access mac-based 1/1-1/44,1/46-1/48,2/1-2/6,2/8-2/19,2/21-2/32,2/34-2/42,2/44-2/48

aaa port-access mac-based 1/1 addr-limit 10

aaa port-access 1/1 auth-order authenticator mac-based

aaa port-access 1/1 auth-priority authenticator mac-based

Page updated

Google Sites

Report abuse