Getting Started
Getting Started
1.0 Introduction
The Securolytics Access Control feature uses 802.1x to help manage devices connected to the network.
2.0 Sample Configurations
2.1 Cisco Switch
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cisco-WS-C3560
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxx
!
username xxxxxxxxxx xxxxxxxxxx 0 xxxxxxxxxx
!
!
aaa new-model
!
!
aaa group server radius securolytics_nac
server 192.168.100.2 auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication dot1x default group securolytics_nac
aaa authorization network default group securolytics_nac
!
!
aaa server radius dynamic-author
client 192.168.100.2 server-key xxxxxxxxxx
port 3799
!
aaa session-id common
system mtu routing 1500
ip domain-name securolytics.io
!
!
ip device tracking
!
!
crypto pki trustpoint TP-self-signed-799079808
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-799079808
revocation-check none
rsakeypair TP-self-signed-799079808
!
!
crypto pki certificate chain TP-self-signed-799079808
certificate self-signed 01
308202B2 3082021B A0030201 02020101 300D0609 2A864886 F70D0101 04050030
5F312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37393930 37393830 38312D30 2B06092A 864886F7 0D010902
161E4369 73636F2D 57532D43 33353630 2E736563 75726F6C 79746963 732E696F
301E170D 39333033 30313030 30313233 5A170D32 30303130 31303030 3030305A
305F312E 302C0603 55040313 25494F53 2D53656C 662D5369 676E6564 2D436572
74696669 63617465 2D373939 30373938 3038312D 302B0609 2A864886 F70D0109
02161E43 6973636F 2D57532D 43333536 302E7365 6375726F 6C797469 63732E69
6F30819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100BC8D
32C9A160 43646236 504AF462 CAF9C2F1 CE0E9CB3 973A57A2 3615509E A197FECB
6F07372E 37A97981 5C839B81 762156AF EEAF949E F146CC66 243F9F80 28CFFE4C
E14E2CD3 67D33E66 5B86D10F D373137A 1D296FE1 274DB456 D0763613 3DA1C2DE
63691D54 EC785B19 3781B1C1 0FF6D698 EF148204 1DF53B55 E9B55CA8 E7630203
010001A3 7E307C30 0F060355 1D130101 FF040530 030101FF 30290603 551D1104
22302082 1E436973 636F2D57 532D4333 3536302E 73656375 726F6C79 74696373
2E696F30 1F060355 1D230418 30168014 79459F96 1ADD4A93 D2BDAE75 C3E593A4
8CB0BEE4 301D0603 551D0E04 16041479 459F961A DD4A93D2 BDAE75C3 E593A48C
B0BEE430 0D06092A 864886F7 0D010104 05000381 81008530 4F246A82 52559D11
22B635DF 526AB04A DD5CB1E9 361FD626 779861C8 256B0FCB 3685C4F5 AE03C448
87CF5A1F 0D26D770 FEC81F55 A5CD3180 FA3C9B08 F3770E6D EB64E9CF B6E0CA3C
24D98EBD AD7C182B 79FD0A4D CF9A0AF4 70539AE7 F950A469 E5FCB5DF 9FB1CD49
FCB8283C 152D124E 0FDE5BAE B9A7E98B D736B1DD 381D
quit
dot1x system-auth-control
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
switchport mode access
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 7200
authentication violation replace
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout tx-period 5
!
interface Vlan1
ip address 192.168.100.5 255.255.255.0
no ip route-cache
no ip mroute-cache
!
ip default-gateway 192.168.100.1
ip classless
ip http server
ip http secure-server
!
!
!
!
snmp-server community xxxxxxxxxx RO
snmp-server community xxxxxxxxxx RW
radius-server host 192.168.100.2 auth-port 1812 acct-port 1813 timeout 10 key xxxxxxxxxx
radius-server vsa send authentication
!
vstack
!
line con 0
logging synchronous
line vty 0 4
password xxxxxxxxxx
transport input ssh
line vty 5 15
!
ntp clock-period 36028713
ntp server 216.239.35.8
end