1.5 - Switch Configuration

In this video, I'll go over the switch configuration of my switch in the lab and make sure that ISE is getting information from the switch. 

Final Switch Configuration:

version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service compress-config
!
hostname Sw02
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging monitor informational
enable secret ISEc0ld
!
username admin privilege 15 secret ISEc0ld
aaa new-model
!
!
!
aaa group server radius ise-group
 server name ise
!
aaa authentication dot1x default group ise-group
aaa authorization exec vty local
aaa authorization network default group ise-group
aaa authorization network auth-list group ise-group
aaa authorization auth-proxy default group ise-group
aaa accounting update periodic 2440
aaa accounting auth-proxy default start-stop group ise-group
aaa accounting dot1x default start-stop group ise-group
aaa accounting system default start-stop group ise-group
!
!
!
!
!
aaa server radius dynamic-author
 client 10.1.100.21 server-key ISEc0ld
 server-key ISEc0ld
 auth-type any
!
aaa session-id common
switch 1 provision ws-c3650-24ts
device-sensor accounting
device-sensor notify all-changes
!
!
!
!
!
ip routing
no ip cef optimize neighbor resolution
!
ip domain-name securitydemo.net
ip name-server 10.1.100.40
ip dhcp snooping
ip dhcp snooping vlam 100
no ip dhcp snooping information option
!
!
ip device tracking probe auto-source override
ip device tracking probe delay 10
qos queue-softmax-multiplier 100
vtp domain securitydemo
vtp mode transparent
authentication mac-move permit
epm logging
!

captive-portal-bypass
!
crypto pki trustpoint TP-self-signed-2003983477
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2003983477
 revocation-check none
 rsakeypair TP-self-signed-2003983477
!
!
dot1x system-auth-control
diagnostic bootup level minimal
!
fallback profile Webauth
 ip access-group Webauth in
 ip admission Webauth
!
spanning-tree mode pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
!
redundancy
 mode sso
!
!
!
vlan 100
 name DATA
lldp run
cdp run
!
ip ftp source-interface Vlan100
ip tftp source-interface Vlan100
!
class-map match-any non-client-nrt-class
!
policy-map port_child_policy
 class non-client-nrt-class
  bandwidth remaining ratio 10
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 no ip address
 negotiation auto
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
 description TO-SW01
 switchport mode trunk
!
interface GigabitEthernet1/0/4
 description TO-SW01
 switchport mode trunk
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/14
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/15
 switchport access vlan 100
 switchport mode access
 ip access-group ACL-DEFAULT in
 authentication event fail action next-method
 authentication event server dead action reinitialize vlan 100
 authentication event server dead action authorize voice
 authentication event server alive action reinitialize
 authentication host-mode multi-auth
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 authentication timer inactivity server
 authentication violation restrict
 mab
 snmp trap mac-notification change added
 snmp trap mac-notification change removed
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/16
 switchport access vlan 100
 switchport mode access
 ip access-group ACL-DEFAULT in
 authentication event fail action next-method
 authentication event server dead action reinitialize vlan 100
 authentication event server dead action authorize voice
 authentication event server alive action reinitialize
 authentication host-mode multi-auth
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 authentication timer inactivity server
 authentication violation restrict
 mab
 snmp trap mac-notification change added
 snmp trap mac-notification change removed
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/17
 switchport access vlan 100
 switchport mode access
 ip access-group ACL-DEFAULT in
 authentication event fail action next-method
 authentication event server dead action reinitialize vlan 100
 authentication event server dead action authorize voice
 authentication event server alive action reinitialize
 authentication host-mode multi-auth
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 authentication timer inactivity server
 authentication violation restrict
 mab
 snmp trap mac-notification change added
 snmp trap mac-notification change removed
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/18
 switchport access vlan 100
 switchport mode access
 ip access-group ACL-DEFAULT in
 authentication event fail action next-method
 authentication event server dead action reinitialize vlan 100
 authentication event server dead action authorize voice
 authentication event server alive action reinitialize
 authentication host-mode multi-auth
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 authentication timer inactivity server
 authentication violation restrict
 mab
 snmp trap mac-notification change added
 snmp trap mac-notification change removed
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/19
  switchport access vlan 100
 switchport mode access
 ip access-group ACL-DEFAULT in
 authentication event fail action next-method
 authentication event server dead action reinitialize vlan 100
 authentication event server dead action authorize voice
 authentication event server alive action reinitialize
 authentication host-mode multi-auth
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 authentication timer inactivity server
 authentication violation restrict
 mab
 snmp trap mac-notification change added
 snmp trap mac-notification change removed
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/20
 switchport access vlan 100
 switchport mode access
 ip access-group ACL-DEFAULT in
 authentication event fail action next-method
 authentication event server dead action reinitialize vlan 100
 authentication event server dead action authorize voice
 authentication event server alive action reinitialize
 authentication host-mode multi-auth
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 authentication timer inactivity server
 authentication violation restrict
 mab
 snmp trap mac-notification change added
 snmp trap mac-notification change removed
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/21
 switchport access vlan 100
 switchport mode access
 ip access-group ACL-DEFAULT in
 authentication event fail action next-method
 authentication event server dead action reinitialize vlan 100
 authentication event server dead action authorize voice
 authentication event server alive action reinitialize
 authentication host-mode multi-auth
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 authentication timer inactivity server
 authentication violation restrict
 mab
 snmp trap mac-notification change added
 snmp trap mac-notification change removed
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/22
  switchport access vlan 100
 switchport mode access
 ip access-group ACL-DEFAULT in
 authentication event fail action next-method
 authentication event server dead action reinitialize vlan 100
 authentication event server dead action authorize voice
 authentication event server alive action reinitialize
 authentication host-mode multi-auth
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 authentication timer inactivity server
 authentication violation restrict
 mab
 snmp trap mac-notification change added
 snmp trap mac-notification change removed
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/23
 switchport access vlan 100
 switchport mode access
 ip access-group ACL-DEFAULT in
 authentication event fail action next-method
 authentication event server dead action reinitialize vlan 100
 authentication event server dead action authorize voice
 authentication event server alive action reinitialize
 authentication host-mode multi-auth
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 authentication timer inactivity server
 authentication violation restrict
 mab
 snmp trap mac-notification change added
 snmp trap mac-notification change removed
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/24
 switchport access vlan 100
 switchport mode access
 ip access-group ACL-DEFAULT in
 authentication event fail action next-method
 authentication event server dead action reinitialize vlan 100
 authentication event server dead action authorize voice
 authentication event server alive action reinitialize
 authentication host-mode multi-auth
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 authentication timer inactivity server
 authentication violation restrict
 mab
 snmp trap mac-notification change added
 snmp trap mac-notification change removed
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan100
 ip address 10.1.100.76 255.255.255.0
 ip helper-address 10.1.100.21
!
ip default-gateway 10.1.100.254
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http secure-active-session-modules none
ip http active-session-modules none
ip route 0.0.0.0 0.0.0.0 10.1.100.254
ip ssh authentication-retries 2
ip ssh version 2
!
ip access-list extended ACL-DEFAULT
 permit udp any eq bootpc any eq bootps
 permit udp any any eq domain
 permit icmp any any
 permit udp any any eq tftp
 permit ip any host 10.1.100.40
 permit ip any host 10.1.100.21
 deny   ip any any

ip access-list extended GUEST-REDIRECT
 deny   udp any any eq domain
 deny   icmp any any
 deny   udp any eq bootpc any eq bootps
 deny   tcp any any eq 8443
 deny   tcp any any eq 8905
 deny   ip any any
!
ip radius source-interface Vlan100
ip sla enable reaction-alerts
logging trap debugging
logging origin-id ip
logging source-interface Vlan100
logging monitor informational
logging host 10.1.100.21 transport udp port 20514
!
snmp-server community ISEc0ld RO
snmp-server trap-source Vlan100
snmp-server source-interface informs Vlan100
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps mac-notification change move threshold
snmp-server host 10.1.100.21 ISEc0ld
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server attribute 31 mac format ietf upper-case
radius-server attribute 31 send nas-port-detail
radius-server dead-criteria time 5 tries 3
radius-server deadtime 30
!
radius server ise
 address ipv4 10.1.100.21 auth-port 1812 acct-port 1813
 key ISEc0ld
!
Device-sensor filter-list dhcp list TLV-DHCP
option name host-name
option name requested-address
option name parameter-request-list
option name class-identifier
option name client-identifier
device-sensor filter-spec dhcp include list TLV-DHCP
!
device-sensor filter-list cdp list TLV-CDP
tlv name device-name
tlv name address-type
tlv name capabilities-type
tlv name platform-type
device-sensor filter-spec cdp include list TLV-CDP
!
device-sensor filter-list lldp list TLV-LLDP
tlv name system-name
tlv name system-description
device-sensor filter-spec lldp include list TLV-LLDP
!
!
ip device tracking probe auto-source override
ip device tracking probe delay 10
device-sensor accounting
device-sensor notify all-changes
ip device tracking probe delay 10
ip device tracking
!
epm access-control open
!
mac address-table notification change interval 1
No macro auto monitor
access-session template monitor

!
!
!
!
line con 0
 stopbits 1
line aux 0
line vty 5 15
!
ntp source Vlan100
ntp server 10.1.100.40
wsma agent exec
 profile httplistener
 profile httpslistener
!
wsma agent config
 profile httplistener
 profile httpslistener
!
wsma agent filesys
 profile httplistener
 profile httpslistener
!
wsma agent notify
 profile httplistener
 profile httpslistener
!
!
wsma profile listener httplistener
 transport http
!
wsma profile listener httpslistener
 transport https
mac address-table notification change
mac address-table notification mac-move
!
ap group default-group
end