## Last commit: 2020-09-15 15:05:23 EST by root version 15.1R6.7; system { host-name Test-802.1x-Switch; auto-snapshot; time-zone Australia/Sydney; root-authentication { } name-server { 192.168.0.6; 192.168.2.160; 192.168.2.161; } } } } services { ssh; telnet; web-management { http; } dhcp { traceoptions { file dhcp_logfile; level all; flag all; } } } syslog { user * { any emergency; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } ntp { boot-server 192.168.0.79; peer 192.168.0.79; server 192.168.0.79; } } chassis { alarm { management-ethernet { link-down ignore; } } } interfaces { ge-0/0/0 { description Uplink; unit 0 { family ethernet-switching { port-mode trunk; vlan { members all; } } } } ge-0/0/1 { unit 0 { family ethernet-switching { port-mode trunk; vlan { members SYD-voice-vlan; } native-vlan-id 2; } } } ge-0/0/2 { unit 0 { family ethernet-switching; } } ge-0/0/3 { unit 0 { family ethernet-switching; } } ge-0/0/4 { unit 0 { family ethernet-switching; } } ge-0/0/5 { unit 0 { family ethernet-switching; } } ge-0/0/6 { unit 0 { family ethernet-switching; } } ge-0/0/7 { unit 0 { family ethernet-switching; } } ge-0/0/8 { unit 0 { family ethernet-switching { port-mode access; vlan { members SYD-data-vlan; } } } } ge-0/0/9 { unit 0 { family ethernet-switching; } } ge-0/0/10 { unit 0 { family ethernet-switching { port-mode access; vlan { members SYD-voice-vlan; } } } } ge-0/0/11 { unit 0 { family ethernet-switching { port-mode access; vlan { members SYD-data-vlan; } } } } ge-0/0/12 { description "Dot1x VOICE port"; unit 0 { family ethernet-switching { port-mode access; vlan { members SYD-data-vlan; } } } } ge-0/0/13 { unit 0 { family ethernet-switching; } } ge-0/0/14 { unit 0 { family ethernet-switching { port-mode access; vlan { members SYD-data-vlan; } } } } ge-0/0/15 { unit 0 { family ethernet-switching; } } ge-0/0/16 { unit 0 { family ethernet-switching { vlan { members SYD-data-vlan; } } } } ge-0/0/17 { unit 0 { family ethernet-switching; } } ge-0/0/18 { unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ SYD-data-vlan SYD-voice-vlan ]; } native-vlan-id SYD-data-vlan; } } } ge-0/0/19 { unit 0 { family ethernet-switching { port-mode access; vlan { members SYD-data-vlan; } } } } ge-0/0/20 { unit 0 { family ethernet-switching; } } ge-0/0/21 { unit 0 { family ethernet-switching; } } ge-0/0/22 { unit 0 { family ethernet-switching; } } ge-0/0/23 { unit 0 { family ethernet-switching; } } } } me0 { unit 0 { family inet { dhcp { vendor-id Juniper-ex2200-24p-4g; } } } } vlan { unit 0 { family inet { dhcp { vendor-id Juniper-ex2200-24p-4g; } } } unit 2 { family inet { address 192.168.1.8/24; } } } } snmp { location " Sydney Office"; community public; trap-group space { version v2; targets { 192.168.2.50; } } } forwarding-options { helpers { bootp { server 192.168.1.200; } } } routing-options { static { route 0.0.0.0/0 next-hop 192.168.1.1; } } protocols { dot1x { traceoptions { file dot1x size 5m; flag dot1x-debug; flag eapol; } authenticator { authentication-profile-name Aruba-Test-Profile; interface { ge-0/0/11.0 { supplicant single; mac-radius; } ge-0/0/12.0 { supplicant multiple; mac-radius; } } } } igmp-snooping { vlan all; } rstp; lldp { interface all; } lldp-med { interface all; interface ge-0/0/12.0; } } firewall { family ethernet-switching { filter mac_auth_policy_1 { term Block_Internal { from { destination-address { 192.168.0.0/16; } } then discard; } term Allow_All { then accept; } } } } access { radius-server { 192.168.2.95 { port 3799; secret "$9$s22gJUjqTF/wYgJ"; ## SECRET-DATA source-address 192.168.1.8; } } profile Aruba-Test-Profile { authentication-order radius; radius { authentication-server 192.168.2.95; options { nas-identifier 192.168.2.95; } } accounting { order radius; } } } ethernet-switching-options { analyzer Test { input { ingress { interface ge-0/0/19.0; interface ge-0/0/11.0; } egress { interface ge-0/0/19.0; interface ge-0/0/11.0; } } output { interface { ge-0/0/15.0; } } } voip { interface ge-0/0/2.0 { vlan SYD-voice-vlan; } interface ge-0/0/19.0 { vlan SYD-voice-vlan; } interface ge-0/0/11.0 { vlan SYD-voice-vlan; } interface ge-0/0/12.0 { vlan SYD-voice-vlan; forwarding-class assured-forwarding; } } storm-control { interface all; } } vlans { ELAN-vlan { vlan-id 101; } HO-voice-vlan { vlan-id 100; } RoutedLink-vlan { vlan-id 110; } SLAN-vlan { vlan-id 105; } SYD-data-vlan { vlan-id 2; interface { ge-0/0/16.0; ge-0/0/19.0; } l3-interface vlan.2; } SYD-voice-vlan { vlan-id 99; } default { l3-interface vlan.0; } } poe { interface all; }