From b0483a49e52fdfb4d963a0cd84fbcc9fbe643096 Mon Sep 17 00:00:00 2001
From: John Poland <jdpoland@gmail.com>
Date: Wed, 2 Apr 2025 10:08:58 -0400
Subject: [PATCH] wlc/wlc-mm.cfg Wed Apr  2 10:08:58 AM EDT 2025

---
 configs/wlc/wlc-mm.cfg | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/configs/wlc/wlc-mm.cfg b/configs/wlc/wlc-mm.cfg
index ea20195..adc33de 100644
--- a/configs/wlc/wlc-mm.cfg
+++ b/configs/wlc/wlc-mm.cfg
@@ -6,9 +6,11 @@ hostname "noc-aruba-mm"
 clock timezone America/New_York -04 0 
 !
 location "Building1.floor1" 
-controller config 621
+controller config 625
 crypto-local pki ServerCert scsd_wc2_full_2025 Star-Exp042025-fullchain.pfx 
+crypto-local pki ServerCert scsd_wc2_full_2026 StarCert-Ex03_26_fullchain.pfx 
 crypto-local pki ServerCert scsd_wildcard_2025 StartCert-Expire042025.pfx 
+crypto-local pki ServerCert scsd_wildcard_2026 StarCert-Ex03_26_fullchain.pfx 
 crypto-local pki PublicCert master-ssh-pub-cert master-ssh-pub-cert 
 ip nat pool dynamic-srcnat 0.0.0.0 0.0.0.0 
 ip nat pool localip 0.0.0.0 0.0.0.0 
@@ -731,9 +733,9 @@ crypto dynamic-map default-dynamicmap 10000
 
 crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap 
 crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap 
-localip 10.1.35.14  ipsec *redacted* 
-localip 10.1.35.11  ipsec *redacted* 
-localip 10.1.35.12  ipsec *redacted* 
+localip 10.1.35.14  ipsec *redacted*
+localip 10.1.35.11  ipsec *redacted*
+localip 10.1.35.12  ipsec *redacted*
 crypto isakmp eap-passthrough eap-tls 
 crypto isakmp eap-passthrough eap-peap 
 crypto isakmp eap-passthrough eap-mschapv2 
@@ -839,12 +841,12 @@ aaa authentication dot1x "default-psk"
 !
 aaa authentication-server tacacs "ClearPass A" 
     host "10.1.40.116" 
-     key *redacted* 
+     key *redacted*
     session-authorization 
 !
 aaa authentication-server tacacs "ClearPass B" 
     host "10.1.40.117" 
-     key *redacted* 
+     key *redacted*
     session-authorization 
 !
 aaa authentication via global-config 
@@ -925,7 +927,7 @@ aaa authentication via web-auth "default"
 !
 web-server profile 
     cipher-suite ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA 
-    switch-cert "scsd_wc2_full_2025" 
+    switch-cert "scsd_wc2_full_2026" 
 !
 guest-access-email 
 !
@@ -1063,10 +1065,10 @@ ap mesh-radio-profile "default"
 ap usb-profile "default" 
 !
 ap system-profile "default" 
-     ap-console-password *redacted* 
+     ap-console-password *redacted*
 !
 ap system-profile "NoAuthApSystem" 
-     ap-console-password *redacted* 
+     ap-console-password *redacted*
 !
 ap wired-port-profile "default" 
 !
@@ -1552,7 +1554,7 @@ ale-configuration
 !
 conductor-redundancy 
     conductor-vrrp 35 
-    peer-ip-address 10.1.35.23  ipsec *redacted* 
+    peer-ip-address 10.1.35.23  ipsec *redacted*
 !
 vrrp 35 
     priority 200