admin/scsd-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wlc/wlc-mm.cfg Wed Apr 2 10:08:58 AM EDT 2025

Browse Source
This commit is contained in:
John Poland 2025-04-02 10:08:58 -04:00
parent 8d9f00978d
commit b0483a49e5
1 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
configs/wlc/wlc-mm.cfg
View File

@ -6,9 +6,11 @@ hostname "noc-aruba-mm"
clock timezone America/New_York -04 0 clock timezone America/New_York -04 0
! !
location "Building1.floor1" location "Building1.floor1"
controller config 621 controller config 625
crypto-local pki ServerCert scsd_wc2_full_2025 Star-Exp042025-fullchain.pfx crypto-local pki ServerCert scsd_wc2_full_2025 Star-Exp042025-fullchain.pfx
crypto-local pki ServerCert scsd_wc2_full_2026 StarCert-Ex03_26_fullchain.pfx
crypto-local pki ServerCert scsd_wildcard_2025 StartCert-Expire042025.pfx crypto-local pki ServerCert scsd_wildcard_2025 StartCert-Expire042025.pfx
crypto-local pki ServerCert scsd_wildcard_2026 StarCert-Ex03_26_fullchain.pfx
crypto-local pki PublicCert master-ssh-pub-cert master-ssh-pub-cert crypto-local pki PublicCert master-ssh-pub-cert master-ssh-pub-cert
ip nat pool dynamic-srcnat 0.0.0.0 0.0.0.0 ip nat pool dynamic-srcnat 0.0.0.0 0.0.0.0
ip nat pool localip 0.0.0.0 0.0.0.0 ip nat pool localip 0.0.0.0 0.0.0.0
@ -731,9 +733,9 @@ crypto dynamic-map default-dynamicmap 10000
crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap
crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap
localip 10.1.35.14 ipsec *redacted* localip 10.1.35.14 ipsec *redacted*
localip 10.1.35.11 ipsec *redacted* localip 10.1.35.11 ipsec *redacted*
localip 10.1.35.12 ipsec *redacted* localip 10.1.35.12 ipsec *redacted*
crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-tls
crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-peap
crypto isakmp eap-passthrough eap-mschapv2 crypto isakmp eap-passthrough eap-mschapv2
@ -839,12 +841,12 @@ aaa authentication dot1x "default-psk"
! !
aaa authentication-server tacacs "ClearPass A" aaa authentication-server tacacs "ClearPass A"
host "10.1.40.116" host "10.1.40.116"
key *redacted* key *redacted*
session-authorization session-authorization
! !
aaa authentication-server tacacs "ClearPass B" aaa authentication-server tacacs "ClearPass B"
host "10.1.40.117" host "10.1.40.117"
key *redacted* key *redacted*
session-authorization session-authorization
! !
aaa authentication via global-config aaa authentication via global-config
@ -925,7 +927,7 @@ aaa authentication via web-auth "default"
! !
web-server profile web-server profile
cipher-suite ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA cipher-suite ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA
switch-cert "scsd_wc2_full_2025" switch-cert "scsd_wc2_full_2026"
! !
guest-access-email guest-access-email
! !
@ -1063,10 +1065,10 @@ ap mesh-radio-profile "default"
ap usb-profile "default" ap usb-profile "default"
! !
ap system-profile "default" ap system-profile "default"
ap-console-password *redacted* ap-console-password *redacted*
! !
ap system-profile "NoAuthApSystem" ap system-profile "NoAuthApSystem"
ap-console-password *redacted* ap-console-password *redacted*
! !
ap wired-port-profile "default" ap wired-port-profile "default"
! !
@ -1552,7 +1554,7 @@ ale-configuration
! !
conductor-redundancy conductor-redundancy
conductor-vrrp 35 conductor-vrrp 35
peer-ip-address 10.1.35.23 ipsec *redacted* peer-ip-address 10.1.35.23 ipsec *redacted*
! !
vrrp 35 vrrp 35
priority 200 priority 200