admin/scsd-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
scsd-configs/configs/wlc/wlc-a.cfg

3926 lines
97 KiB
INI
Raw Blame History

show running
Building Configuration...
version 8.10
hostname "noc-aruba-wlc-a"
clock timezone America/New_York -04 0
!
conductorip 10.1.35.33 ipsec ****** interface vlan 35
location "Building1.floor1"
controller config 625
crypto-local pki ServerCert scsd_full_wc3 StarCert-Ex03_26_fullchain.pfx
crypto-local pki ServerCert scsd_full_wc_2025 Star-Exp042025-fullchain.pfx
crypto-local pki ServerCert scsd_full_wc_2026 StarCert-Ex03_26_fullchain.pfx
crypto-local pki ServerCert scsd_wc3_2026 StarCert-Expire03202026.pfx
crypto-local pki ServerCert scsd_wc_2025 StartCert-Expire042025.pfx
crypto-local pki ServerCert scsd_wc_2026 StarCert-Expire03202026.pfx
crypto-local pki ServerCert scsd_wc_full_2025 Star-Exp042025-fullchain.pfx
crypto-local pki PublicCert master-ssh-pub-cert master-ssh-pub-cert
ip nat pool localip 0.0.0.0 0.0.0.0
ip nat pool dynamic-srcnat 0.0.0.0 0.0.0.0
ip access-list geolocation global-geolocation-acl
!
ip access-list eth validuserethacl
permit any
!
netservice svc-dhcp udp 67 68 ALG dhcp
netservice svc-ipp-tcp tcp 631
netservice svc-citrix tcp 2598
netservice svc-pcoip-udp udp 50002
netservice svc-tftp udp 69 ALG tftp
netservice svc-netbios-ssn tcp 139
netservice svc-papi udp 8211
netservice svc-natt udp 4500
netservice svc-ica tcp 1494
netservice svc-facetime-tcp tcp 5223 ALG facetime
netservice svc-msrpc-udp udp 135 139
netservice svc-lpd tcp 515
netservice svc-msrpc-tcp tcp 135 139
netservice svc-microsoft-ds tcp 445
netservice svc-smtp tcp 25
netservice svc-syslog udp 514
netservice svc-http-proxy2 tcp 8080
netservice svc-cfgm-tcp tcp 8211
netservice vnc tcp 5900 5905
netservice svc-telnet tcp 23
netservice svc-http tcp 80
netservice svc-h323-udp udp 1718 1719 ALG h323
netservice svc-bootp udp 67 69
netservice svc-web tcp list "80 443"
netservice svc-sccp tcp 2000 ALG sccp
netservice svc-ipp-udp udp 631
netservice svc-vmware-rdp tcp 3389
netservice svc-vocera udp 5002 ALG vocera
netservice svc-esp 50
netservice svc-noe-oxo udp 5000 ALG noe
netservice svc-http-proxy1 tcp 3128
netservice svc-sec-papi udp 8209
netservice svc-gre 47
netservice svc-rtsp tcp 554 ALG rtsp
netservice svc-l2tp udp 1701
netservice svc-svp 119 ALG svp
netservice svc-sip-tcp tcp 5060 ALG sip
netservice svc-snmp udp 161
netservice svc-pptp tcp 1723
netservice svc-icmp 1
netservice svc-smb-tcp tcp 445
netservice svc-pcoip2-tcp tcp 4172
netservice svc-ssh tcp 22
netservice svc-v6-icmp 58
netservice svc-h323-tcp tcp 1720 ALG h323
netservice svc-ntp udp 123
netservice svc-pop3 tcp 110
netservice svc-adp udp 8200
netservice svc-netbios-ns udp 137
netservice svc-dns udp 53 ALG dns
netservice svc-v6-dhcp udp 546 547
netservice svc-netbios-dgm udp 138
netservice svc-http-proxy3 tcp 8888
netservice svc-sip-udp udp 5060 ALG sip
netservice svc-kerberos udp 88
netservice svc-sips tcp 5061 ALG sips
netservice svc-nterm tcp 1026 1028
netservice svc-snmp-trap udp 162
netservice svc-pcoip2-udp udp 4172
netservice svc-pcoip-tcp tcp 50002
netservice svc-ike udp 500
netservice svc-noe udp 32512 ALG noe
netservice svc-ftp tcp 21 ALG ftp
netservice svc-https tcp 443
netservice svc-smb-udp udp 445
netdestination6 ipv6-reserved-range
invert
network 2000::/3
!
netdestination scsd_vendor_cppm_prof
name visitor.scsd.us
name noc-cp-a.scsd.us
name noc-cp-b.scsd.us
!
netdestination vendor_cppm_prof
name visitor.scsd.us
!
netdestination wificalling-block
name pub.3gppnetwork.org
name vowifi.com
!
netdestination captiveportal_cppm_prof
name visitor.scsd.us
!
netexthdr default
!
time-range periodic working-hours
Weekday 08:00 to 18:00
!
time-range periodic night-hours
Weekday 18:01 to 23:59
Weekday 00:00 to 07:59
!
ip access-list session apprf-switch-logon-sacl
!
ip access-list session svp-acl
any any svc-svp permit queue high
user host 224.0.1.116 any permit
!
ip access-list session apprf-stateful-dot1x-sacl
!
ip access-list session apprf-voice-sacl
!
ip access-list session logon-control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
any network 169.254.0.0 255.255.0.0 any deny
any network 240.0.0.0 240.0.0.0 any deny
!
ip access-list session apprf-default-vpn-role-sacl
!
ip access-list session apprf-deny_internal_byod-sacl
!
ip access-list session ap-uplink-acl
any any udp 68 permit
any any svc-icmp permit
any host 224.0.0.251 udp 5353 permit
ipv6 any any udp 546 permit
ipv6 any any svc-v6-icmp permit
ipv6 any host ff02::fb udp 5353 permit
!
ip access-list session visitor_wireless_printers
any any any permit
!
ip access-list session icmp-acl
any any svc-icmp permit
!
ip access-list session v6-logon-control
ipv6 user any udp 546 deny
ipv6 any any svc-v6-icmp permit
ipv6 any any svc-v6-dhcp permit
ipv6 any any svc-dns permit
ipv6 any network fc00::/7 any permit
ipv6 any network fe80::/64 any permit
ipv6 any alias ipv6-reserved-range any deny
!
ip access-list session http-acl
any any svc-http permit
!
ip access-list session vocera-acl
any any svc-vocera permit queue high
!
ip access-list session v6-http-acl
ipv6 any any svc-http permit
!
ip access-list session apprf-machine_scsd-sacl
!
ip access-list session staff_byod
any network 192.168.0.0 255.255.0.0 any deny
any any tcp 3389 deny
any any any permit
!
ip access-list session sip-acl
any any svc-sip-udp permit queue high
any any svc-sip-tcp permit queue high
!
ip access-list session citrix-acl
any any svc-citrix permit tos 46 dot1p-priority 6
any any svc-ica permit tos 46 dot1p-priority 6
!
ip access-list session it_staff_scsd
any any any permit
!
ip access-list session vmware-acl
any any svc-vmware-rdp permit tos 46 dot1p-priority 6
any any svc-pcoip-tcp permit tos 46 dot1p-priority 6
any any svc-pcoip-udp permit tos 46 dot1p-priority 6
any any svc-pcoip2-tcp permit tos 46 dot1p-priority 6
any any svc-pcoip2-udp permit tos 46 dot1p-priority 6
!
ip access-list session tftp-acl
any any svc-tftp permit
!
ip access-list session student_scsd
any network 192.168.0.0 255.255.0.0 any deny
any network 10.0.0.0 255.0.0.0 tcp 22 23 deny
any any tcp 3389 deny
any any any permit
!
ip access-list session ra-guard
ipv6 user any icmpv6 rtr-adv deny
!
ip access-list session apprf-time_clock-sacl
!
ip access-list session student_byod
any any udp 53 permit
any any udp 67 68 permit
any any tcp 80 permit
any any tcp 443 permit
any network 10.100.0.0 255.255.0.0 any permit
any any any deny
!
ip access-list session voip-applications-acl
any any app alg-skype4b-audio permit
any any app alg-skype4b-video permit
any any app alg-skype4b-desktop-sharing permit
any any app alg-skype4b-app-sharing permit
any any app alg-sip-audio permit
any any app alg-sip-video permit
any any app alg-sccp permit
any any app alg-vocera permit
any any app alg-noe permit
any any app alg-h323 permit
any any app alg-jabber-audio permit
any any app alg-jabber-video permit
any any app alg-jabber-desktop-sharing permit
any any app alg-facetime permit
any any app alg-wifi-calling permit
any any app alg-webrtc-audio permit
any any app alg-webrtc-video permit
any any app alg-teams-audio permit
any any app alg-teams-video permit
any any app alg-rtp permit
!
ip access-list session srcnat
user any any src-nat
!
ip access-list session apprf-visitor_wireless_printers-sacl
!
ip access-list session global-sacl
!
ip access-list session v6-dhcp-acl
ipv6 any any svc-v6-dhcp permit
!
ip access-list session jabber-acl
any any tcp 5222 permit
any any tcp 8443 permit
!
ip access-list session wan-uplink-protect-acl
any any sys-svc-dhcp permit
ipv6 any any sys-svc-v6-dhcp permit
any any sys-svc-esp permit
any any sys-svc-natt permit
any any sys-svc-ike permit
any any sys-svc-icmp permit
ipv6 any any sys-svc-icmp6 permit
!
ip access-list session stateful-dot1x
any any svc-dns permit
any any svc-dhcp permit
!
ip access-list session cplogout
user alias controller svc-https dst-nat 8081
!
ip access-list session scsd-dns-10
any network 10.0.0.0 255.0.0.0 udp 53 permit
!
ip access-list session apprf-visitor_byod-sacl
!
ip access-list session wificalling-acl
any any tcp 443 permit
!
ip access-list session apprf-authenticated-sacl
!
ip access-list session apprf-logon-sacl
!
ip access-list session staff_scsd
any network 192.168.0.0 255.255.0.0 any deny
any network 10.0.0.0 255.0.0.0 tcp 22 23 deny
any any any permit
!
ip access-list session apprf-guest-logon-sacl
!
ip access-list session vpnlogon
user any svc-ike permit
user any svc-esp permit
any any svc-l2tp permit
any any svc-pptp permit
any any svc-gre permit
!
ip access-list session allow-diskservices
any any svc-netbios-dgm permit
any any svc-netbios-ssn permit
any any svc-microsoft-ds permit
any any svc-netbios-ns permit
!
ip access-list session v6-control
ipv6 user any udp 546 deny
ipv6 any any svc-v6-icmp permit
ipv6 any any svc-dns permit
ipv6 any any svc-papi permit
ipv6 any any svc-sec-papi permit
ipv6 any any svc-cfgm-tcp permit
ipv6 any any svc-adp permit
ipv6 any any svc-tftp permit
ipv6 any any svc-v6-dhcp permit
ipv6 any any svc-natt permit
ipv6 any any svc-dhcp permit
!
ip access-list session apprf-staff_byod-sacl
!
ip access-list session apprf-vendor-guest-logon-sacl
!
ip access-list session apprf-sys-switch-role-sacl
!
ip access-list session machine_scsd
any host 10.1.48.120 any permit
any host 10.1.40.10 any permit
any host 10.1.9.102 any permit
any host 10.21.48.242 any permit
any host 10.21.48.243 any permit
any host 10.1.48.200 any permit
any host 10.1.48.71 any permit
any any udp 67 68 permit
!
ip access-list session apprf-guest-sacl
!
ip access-list session visitor_byod
any network 192.168.0.0 255.255.0.0 any deny
any any udp 53 permit
any any udp 67 68 permit
any network 10.100.0.0 255.254.0.0 any permit
any network 10.1.9.0 255.255.255.0 tcp 80 permit
any network 10.0.0.0 255.0.0.0 any deny
any any any permit
!
ip access-list session v6-ap-acl
ipv6 any any svc-gre permit
ipv6 any any svc-syslog permit
ipv6 any user svc-snmp permit
ipv6 user any svc-snmp-trap permit
ipv6 user any svc-ntp permit
ipv6 user any svc-ftp permit
!
ip access-list session wificalling-block
any alias wificalling-block any deny
!
ip access-list session apprf-default-via-role-sacl
!
ip access-list session v6-allowall
ipv6 any any any permit
!
ip access-list session apprf-default-iap-user-role-sacl
!
ip access-list session v6-icmp-acl
ipv6 any any svc-v6-icmp permit
!
ip access-list session validuser
network 127.0.0.0 255.0.0.0 any any deny
network 169.254.0.0 255.255.0.0 any any deny
network 224.0.0.0 240.0.0.0 any any deny
host 255.255.255.255 any any deny
network 240.0.0.0 240.0.0.0 any any deny
any any any permit
ipv6 host fe80:: any any deny
ipv6 network fc00::/7 any any permit
ipv6 network fe80::/64 any any permit
ipv6 alias ipv6-reserved-range any any deny
ipv6 any any any permit
!
ip access-list session v6-dns-acl
ipv6 any any svc-dns permit
!
ip access-list session skype4b-acl
any any svc-sips permit
any any svc-https permit
!
ip access-list session captiveportal
user alias controller svc-https dst-nat 8081
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
user any svc-http-proxy1 dst-nat 8088
user any svc-http-proxy2 dst-nat 8088
user any svc-http-proxy3 dst-nat 8088
!
ip access-list session h323-acl
any any svc-h323-tcp permit queue high
any any svc-h323-udp permit queue high
!
ip access-list session allowall
any any any permit
ipv6 any any any permit
!
ip access-list session v6-https-acl
ipv6 any any svc-https permit
!
ip access-list session apprf-sys-ap-role-sacl
!
ip access-list session scsd_test-guest-logon
!
ip access-list session logon-control-bridge
user any udp 68 deny
any any svc-icmp src-nat
any any svc-dns src-nat
any any svc-dhcp permit
any network 169.254.0.0 255.255.0.0 any deny
any network 240.0.0.0 240.0.0.0 any deny
!
ip access-list session dhcp-acl
any any svc-dhcp permit
!
ip access-list session facetime-acl
any any svc-facetime-tcp permit queue high
any any udp 3478 3497 permit
any any udp 16384 16387 permit
any any udp 16393 16402 permit
!
ip access-list session allow-printservices
any any svc-lpd permit
any any svc-ipp-tcp permit
any any svc-ipp-udp permit
!
ip access-list session apprf-it_staff_scsd-sacl
!
ip access-list session skinny-acl
any any svc-sccp permit queue high
!
ip access-list session https-acl
any any svc-https permit
!
ip access-list session apprf-student_scsd-sacl
!
ip access-list session ap-acl
any any svc-gre permit
any any svc-syslog permit
any user svc-snmp permit
user any svc-snmp-trap permit
user any svc-ntp permit
user any svc-ftp permit
user any svc-telnet deny
!
ip access-list session apprf-ap-role-sacl
!
ip access-list session deny_internal_byod
any any udp 53 permit
any any udp 67 68 permit
any network 10.1.40.0 255.255.255.0 tcp 443 permit
any network 10.1.40.0 255.255.255.0 tcp 80 permit
any network 10.251.1.0 255.255.255.224 any permit
any network 10.0.0.0 255.0.0.0 any deny
any any any permit
any network 192.168.0.0 255.255.0.0 any deny
!
ip access-list session captiveportalbridge
user alias localip svc-https dual-nat pool localip 8081
user any svc-http dual-nat pool localip 8080
user any svc-https dual-nat pool localip 8081
user any svc-http-proxy1 dual-nat pool localip 8088
user any svc-http-proxy2 dual-nat pool localip 8088
user any svc-http-proxy3 dual-nat pool localip 8088
!
ip access-list session captiveportal6
ipv6 user alias controller6 svc-https captive
ipv6 user any svc-http captive
ipv6 user any svc-https captive
ipv6 user any svc-http-proxy1 captive
ipv6 user any svc-http-proxy2 captive
ipv6 user any svc-http-proxy3 captive
!
ip access-list session time_clock
any host 10.1.40.15 any permit
any host 10.1.1.1 udp 123 permit
any host 10.1.1.2 udp 123 permit
!
ip access-list session control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-papi permit
any any svc-sec-papi permit
any any svc-cfgm-tcp permit
any any svc-adp permit
any any svc-tftp permit
any any svc-dhcp permit
any any svc-natt permit
any any tcp 6633 permit
!
ip access-list session apprf-student_byod-sacl
!
ip access-list session apprf-staff_scsd-sacl
!
ip access-list session apprf-scsd_test_role-sacl
!
ip access-list session noe-acl
any any svc-noe permit queue high
!
ip access-list session dns-acl
any any svc-dns permit
!
ip access-list session apprf-scsd_vendor-guest-logon-sacl
!
ip access-list route master-boc-traffic
!
ip access-list route uplink-lb-cfg-racl
!
vpn-dialer default-dialer
ike authentication pre-share ******
!
user-role default-via-role
access-list session global-sacl
access-list session apprf-default-via-role-sacl
access-list session allowall
access-list session v6-allowall
!
user-role sys-switch-role
!
user-role ap-role
no openflow-enable
access-list session ra-guard
access-list session control
access-list session ap-acl
access-list session v6-control
access-list session v6-ap-acl
!
user-role VISITOR_WIRELESS_PRINTERS
access-list session global-sacl
access-list session apprf-visitor_wireless_printers-sacl
access-list session visitor_wireless_printers
!
user-role switch-logon
!
user-role Staff_BYOD
access-list session global-sacl
access-list session apprf-staff_byod-sacl
!
user-role IT_Staff_SCSD
access-list session global-sacl
access-list session apprf-it_staff_scsd-sacl
access-list session it_staff_scsd
!
user-role Vendor-guest-logon
captive-portal "Vendor_cppm_prof"
access-list session global-sacl
access-list session apprf-vendor-guest-logon-sacl
access-list session logon-control
access-list session captiveportal
access-list session v6-logon-control
access-list session captiveportal6
!
user-role Student_SCSD
access-list session global-sacl
access-list session apprf-student_scsd-sacl
access-list session student_scsd
!
user-role Student_BYOD
access-list session global-sacl
access-list session apprf-student_byod-sacl
access-list session student_byod
!
user-role sys-ap-role
no openflow-enable
!
user-role stateful-dot1x
access-list session global-sacl
access-list session apprf-stateful-dot1x-sacl
!
user-role guest-logon
captive-portal "default"
access-list session ra-guard
access-list session logon-control
access-list session captiveportal
access-list session v6-logon-control
access-list session captiveportal6
!
user-role SCSD_Vendor-guest-logon
captive-portal "SCSD_Vendor_cppm_prof"
access-list session global-sacl
access-list session apprf-scsd_vendor-guest-logon-sacl
access-list session logon-control
access-list session captiveportal
access-list session v6-logon-control
access-list session captiveportal6
!
user-role voice
access-list session global-sacl
access-list session apprf-voice-sacl
access-list session ra-guard
access-list session sip-acl
access-list session noe-acl
access-list session svp-acl
access-list session vocera-acl
access-list session skinny-acl
access-list session h323-acl
access-list session dhcp-acl
access-list session tftp-acl
access-list session dns-acl
access-list session icmp-acl
access-list session http-acl
access-list session https-acl
access-list session skype4b-acl
access-list session facetime-acl
access-list session jabber-acl
access-list session wificalling-acl
access-list session voip-applications-acl
!
user-role Staff_SCSD
access-list session global-sacl
access-list session apprf-staff_scsd-sacl
access-list session staff_scsd
!
user-role default-vpn-role
access-list session global-sacl
access-list session apprf-default-vpn-role-sacl
access-list session ra-guard
access-list session allowall
access-list session v6-allowall
!
user-role SCSD_Test_role
captive-portal "SCSD_Vendor_cppm_prof-test"
access-list session global-sacl
access-list session apprf-scsd_test_role-sacl
access-list session logon-control
access-list session captiveportal
!
user-role Machine_SCSD
access-list session global-sacl
access-list session apprf-machine_scsd-sacl
access-list session machine_scsd
!
user-role logon
access-list session ra-guard
access-list session logon-control
access-list session captiveportal
access-list session vpnlogon
access-list session v6-logon-control
access-list session captiveportal6
!
user-role Visitor_BYOD
vlan 100
access-list session global-sacl
access-list session apprf-visitor_byod-sacl
access-list session visitor_byod
!
user-role authenticated
access-list session global-sacl
access-list session apprf-authenticated-sacl
access-list session ra-guard
access-list session allowall
access-list session v6-allowall
!
user-role DENY_INTERNAL_BYOD
access-list session global-sacl
access-list session apprf-deny_internal_byod-sacl
access-list session deny_internal_byod
!
user-role Time_Clock
access-list session global-sacl
access-list session apprf-time_clock-sacl
access-list session scsd-dns-10
access-list session dhcp-acl
access-list session time_clock
!
user-role denyall
!
user-role guest
vlan 100
access-list session global-sacl
access-list session apprf-guest-sacl
access-list session ra-guard
access-list session http-acl
access-list session https-acl
access-list session dhcp-acl
access-list session icmp-acl
access-list session dns-acl
access-list session v6-http-acl
access-list session v6-https-acl
access-list session v6-dhcp-acl
access-list session v6-icmp-acl
access-list session v6-dns-acl
!
user-role default-iap-user-role
access-list session allowall
!
!
aaa tacacs-accounting
controller-ip vlan 35
kernel coredump
no kernel printk
interface mgmt
shutdown
!
vlan 1
!
vlan 10
!
vlan 35
!
vlan 100
!
vlan 160
!
vlan 164
!
vlan 302
!
vlan 303
!
vlan 304
!
vlan 306
!
vlan 307
!
vlan 308
!
vlan 309
!
vlan 310
!
vlan 313
!
vlan 314
!
vlan 315
!
vlan 316
!
vlan 320
!
vlan 321
!
vlan 322
!
vlan 323
!
vlan 324
!
vlan 325
!
vlan 327
!
vlan 328
!
vlan 329
!
vlan 330
!
vlan 333
!
vlan 334
!
vlan 336
!
vlan 337
!
vlan 340
!
vlan 341
!
vlan 342
!
vlan 344
!
vlan 345
!
vlan 346
!
vlan 347
!
vlan 348
!
vlan 349
!
vlan 351
!
vlan 353
!
vlan 354
!
vlan 355
!
vlan 356
!
vlan 357
!
vlan 360
!
vlan 366
!
vlan 386
!
vlan 402
!
vlan 403
!
vlan 404
!
vlan 406
!
vlan 407
!
vlan 408
!
vlan 409
!
vlan 410
!
vlan 413
!
vlan 414
!
vlan 415
!
vlan 416
!
vlan 420
!
vlan 421
!
vlan 422
!
vlan 423
!
vlan 424
!
vlan 425
!
vlan 427
!
vlan 428
!
vlan 429
!
vlan 430
!
vlan 433
!
vlan 434
!
vlan 436
!
vlan 437
!
vlan 440
!
vlan 441
!
vlan 442
!
vlan 444
!
vlan 445
!
vlan 446
!
vlan 447
!
vlan 448
!
vlan 449
!
vlan 451
!
vlan 453
!
vlan 454
!
vlan 455
!
vlan 456
!
vlan 457
!
vlan 460
!
vlan 466
!
vlan 486
!
vlan 1024
!
vlan-name CaptivePortal
vlan CaptivePortal 1024
vlan-name Intune
vlan Intune 164
vlan-name Secure-02-ITC
vlan Secure-02-ITC 302
vlan-name Secure-03-Fowler
vlan Secure-03-Fowler 303
vlan-name Secure-04-Nottingham
vlan Secure-04-Nottingham 304
vlan-name Secure-06-Henninger
vlan Secure-06-Henninger 306
vlan-name Secure-07-Corcoran
vlan Secure-07-Corcoran 307
vlan-name Secure-08-Clary
vlan Secure-08-Clary 308
vlan-name Secure-09-Grant
vlan Secure-09-Grant 309
vlan-name Secure-10-Levy
vlan Secure-10-Levy 310
vlan-name Secure-13-Lincoln
vlan Secure-13-Lincoln 313
vlan-name Secure-14-Shea
vlan Secure-14-Shea 314
vlan-name Secure-15-HWSmith
vlan Secure-15-HWSmith 315
vlan-name Secure-16-Bellevue
vlan Secure-16-Bellevue 316
vlan-name Secure-20-DrKing
vlan Secure-20-DrKing 320
vlan-name Secure-21-Brighton
vlan Secure-21-Brighton 321
vlan-name Secure-22-Delaware
vlan Secure-22-Delaware 322
vlan-name Secure-23-Elmwood
vlan Secure-23-Elmwood 323
vlan-name Secure-24-Franklin
vlan Secure-24-Franklin 324
vlan-name Secure-25-Frazer
vlan Secure-25-Frazer 325
vlan-name Secure-27-Elmcrest
vlan Secure-27-Elmcrest 327
vlan-name Secure-28-Latin
vlan Secure-28-Latin 328
vlan-name Secure-29-Huntington
vlan Secure-29-Huntington 329
vlan-name Secure-30-SalemHyde
vlan Secure-30-SalemHyde 330
vlan-name Secure-33-Lemoyne
vlan Secure-33-Lemoyne 333
vlan-name Secure-34-Weeks
vlan Secure-34-Weeks 334
vlan-name Secure-36-McKinley
vlan Secure-36-McKinley 336
vlan-name Secure-37-Meachem
vlan Secure-37-Meachem 337
vlan-name Secure-40-Porter
vlan Secure-40-Porter 340
vlan-name Secure-41-Bova
vlan Secure-41-Bova 341
vlan-name Secure-42-Roberts
vlan Secure-42-Roberts 342
vlan-name Secure-44-Seymore
vlan Secure-44-Seymore 344
vlan-name Secure-45-EdSmith
vlan Secure-45-EdSmith 345
vlan-name Secure-46-Brighton466
vlan Secure-46-Brighton466 346
vlan-name Secure-47-ELMS
vlan Secure-47-ELMS 347
vlan-name Secure-48-Beard
vlan Secure-48-Beard 348
vlan-name Secure-49-VanDuyn
vlan Secure-49-VanDuyn 349
vlan-name Secure-51-Webster
vlan Secure-51-Webster 351
vlan-name Secure-53-Blodgett
vlan Secure-53-Blodgett 353
vlan-name Secure-54-JVC
vlan Secure-54-JVC 354
vlan-name Secure-55-CO
vlan Secure-55-CO 355
vlan-name Secure-56-SSC
vlan Secure-56-SSC 356
vlan-name Secure-57-Transportation
vlan Secure-57-Transportation 357
vlan-name Secure-60-RockWest
vlan Secure-60-RockWest 360
vlan-name Secure-66-ENL
vlan Secure-66-ENL 366
vlan-name Secure-86-StLucy
vlan Secure-86-StLucy 386
vlan-name Vendor-02-ITC
vlan Vendor-02-ITC 402
vlan-name Vendor-03-Fowler
vlan Vendor-03-Fowler 403
vlan-name Vendor-04-Nottingham
vlan Vendor-04-Nottingham 404
vlan-name Vendor-06-Henninger
vlan Vendor-06-Henninger 406
vlan-name Vendor-07-Corcoran
vlan Vendor-07-Corcoran 407
vlan-name Vendor-08-Clary
vlan Vendor-08-Clary 408
vlan-name Vendor-09-Grant
vlan Vendor-09-Grant 409
vlan-name Vendor-10-Levy
vlan Vendor-10-Levy 410
vlan-name Vendor-13-Lincoln
vlan Vendor-13-Lincoln 413
vlan-name Vendor-14-Shea
vlan Vendor-14-Shea 414
vlan-name Vendor-15-HWSmith
vlan Vendor-15-HWSmith 415
vlan-name Vendor-16-Bellevue
vlan Vendor-16-Bellevue 416
vlan-name Vendor-20-DrKing
vlan Vendor-20-DrKing 420
vlan-name Vendor-21-Brighton
vlan Vendor-21-Brighton 421
vlan-name Vendor-22-Delaware
vlan Vendor-22-Delaware 422
vlan-name Vendor-23-Elmwood
vlan Vendor-23-Elmwood 423
vlan-name Vendor-24-Franklin
vlan Vendor-24-Franklin 424
vlan-name Vendor-25-Frazer
vlan Vendor-25-Frazer 425
vlan-name Vendor-27-Elmcrest
vlan Vendor-27-Elmcrest 427
vlan-name Vendor-28-Latin
vlan Vendor-28-Latin 428
vlan-name Vendor-29-Huntington
vlan Vendor-29-Huntington 429
vlan-name Vendor-30-SalemHyde
vlan Vendor-30-SalemHyde 430
vlan-name Vendor-33-Lemoyne
vlan Vendor-33-Lemoyne 433
vlan-name Vendor-34-Weeks
vlan Vendor-34-Weeks 434
vlan-name Vendor-36-McKinley
vlan Vendor-36-McKinley 436
vlan-name Vendor-37-Meachem
vlan Vendor-37-Meachem 437
vlan-name Vendor-40-Porter
vlan Vendor-40-Porter 440
vlan-name Vendor-41-Bova
vlan Vendor-41-Bova 441
vlan-name Vendor-42-Roberts
vlan Vendor-42-Roberts 442
vlan-name Vendor-44-Seymore
vlan Vendor-44-Seymore 444
vlan-name Vendor-45-EdSmith
vlan Vendor-45-EdSmith 445
vlan-name Vendor-46-Brighton466
vlan Vendor-46-Brighton466 446
vlan-name Vendor-47-ELMS
vlan Vendor-47-ELMS 447
vlan-name Vendor-48-Beard
vlan Vendor-48-Beard 448
vlan-name Vendor-49-VanDuyn
vlan Vendor-49-VanDuyn 449
vlan-name Vendor-51-Webster
vlan Vendor-51-Webster 451
vlan-name Vendor-53-Blodgett
vlan Vendor-53-Blodgett 453
vlan-name Vendor-54-JVC
vlan Vendor-54-JVC 454
vlan-name Vendor-55-CO
vlan Vendor-55-CO 455
vlan-name Vendor-56-SSC
vlan Vendor-56-SSC 456
vlan-name Vendor-57-Transportation
vlan Vendor-57-Transportation 457
vlan-name Vendor-60-RockWest
vlan Vendor-60-RockWest 460
vlan-name Vendor-66-ENL
vlan Vendor-66-ENL 466
vlan-name Vendor-86-StLucy
vlan Vendor-86-StLucy 486
vlan-name VLAN10
vlan VLAN10 10
vlan-name VLAN100
vlan VLAN100 100
vlan-name VLAN160
vlan VLAN160 160
interface gigabitethernet 0/0/0
no poe
switchport mode access
switchport access vlan 1
switchport trunk allowed vlan 1-4094
!
interface gigabitethernet 0/0/1
trusted
trusted vlan 1-4094
no poe
switchport mode trunk
switchport trunk native vlan 35
switchport trunk allowed vlan 1-4094
!
interface gigabitethernet 0/0/2
description "GE0/0/2"
trusted
trusted vlan 1-4094
no poe
switchport mode trunk
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
lacp group 0 mode active
!
interface gigabitethernet 0/0/3
description "GE0/0/3"
trusted
trusted vlan 1-4094
no poe
switchport mode trunk
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
lacp group 0 mode active
lldp transmit
lldp receive
!
interface gigabitethernet 0/0/4
no poe
switchport mode access
switchport access vlan 1
switchport trunk allowed vlan 1-4094
!
interface gigabitethernet 0/0/5
no poe
switchport mode access
switchport access vlan 1
switchport trunk allowed vlan 1-4094
!
interface port-channel 0
trusted
trusted vlan 1-4094
switchport mode trunk
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
!
interface port-channel 1
switchport mode access
switchport access vlan 1
switchport trunk allowed vlan 1-4094
!
interface port-channel 2
switchport mode access
switchport access vlan 1
switchport trunk allowed vlan 1-4094
!
interface port-channel 3
switchport mode access
switchport access vlan 1
switchport trunk allowed vlan 1-4094
!
interface port-channel 4
switchport mode access
switchport access vlan 1
switchport trunk allowed vlan 1-4094
!
interface port-channel 5
switchport mode access
switchport access vlan 1
switchport trunk allowed vlan 1-4094
!
interface port-channel 6
switchport mode access
switchport access vlan 1
switchport trunk allowed vlan 1-4094
!
interface port-channel 7
switchport mode access
switchport access vlan 1
switchport trunk allowed vlan 1-4094
!
interface vlan 35
ip address 10.1.35.11 255.255.255.0
!
interface vlan 1
!
interface vlan 100
ip address 10.100.0.4 255.254.0.0
!
interface vlan 164
ip address 10.164.0.4 255.254.0.0
!
interface vlan 302
ip address 10.2.112.4 255.255.240.0
!
interface vlan 303
ip address 10.3.112.4 255.255.240.0
!
interface vlan 304
ip address 10.4.112.4 255.255.240.0
!
interface vlan 306
ip address 10.6.112.4 255.255.240.0
!
interface vlan 307
ip address 10.7.112.4 255.255.240.0
!
interface vlan 308
ip address 10.8.112.4 255.255.240.0
!
interface vlan 309
ip address 10.9.112.4 255.255.240.0
!
interface vlan 310
ip address 10.10.112.4 255.255.240.0
!
interface vlan 313
ip address 10.13.112.4 255.255.240.0
!
interface vlan 314
ip address 10.14.112.4 255.255.240.0
!
interface vlan 315
ip address 10.15.112.4 255.255.240.0
!
interface vlan 316
ip address 10.16.112.4 255.255.240.0
!
interface vlan 320
ip address 10.20.112.4 255.255.240.0
!
interface vlan 321
ip address 10.21.112.4 255.255.240.0
!
interface vlan 322
ip address 10.22.112.4 255.255.240.0
!
interface vlan 323
ip address 10.23.112.4 255.255.240.0
!
interface vlan 324
ip address 10.24.112.4 255.255.240.0
!
interface vlan 325
ip address 10.25.112.4 255.255.240.0
!
interface vlan 327
ip address 10.27.112.4 255.255.240.0
!
interface vlan 328
ip address 10.28.112.4 255.255.240.0
!
interface vlan 329
ip address 10.29.112.4 255.255.240.0
!
interface vlan 330
ip address 10.30.112.4 255.255.240.0
!
interface vlan 333
ip address 10.33.112.4 255.255.240.0
!
interface vlan 334
ip address 10.34.112.4 255.255.240.0
!
interface vlan 336
ip address 10.36.112.4 255.255.240.0
!
interface vlan 337
ip address 10.37.112.4 255.255.240.0
!
interface vlan 340
ip address 10.40.112.4 255.255.240.0
!
interface vlan 341
ip address 10.41.112.4 255.255.240.0
!
interface vlan 342
ip address 10.42.112.4 255.255.240.0
!
interface vlan 344
ip address 10.44.112.4 255.255.240.0
!
interface vlan 345
ip address 10.45.112.4 255.255.240.0
!
interface vlan 346
ip address 10.46.112.4 255.255.240.0
!
interface vlan 347
ip address 10.47.112.4 255.255.240.0
!
interface vlan 348
ip address 10.48.112.4 255.255.240.0
!
interface vlan 349
ip address 10.49.112.4 255.255.240.0
!
interface vlan 351
ip address 10.51.112.4 255.255.240.0
!
interface vlan 353
ip address 10.53.112.4 255.255.240.0
!
interface vlan 354
ip address 10.54.112.4 255.255.240.0
!
interface vlan 355
ip address 10.55.112.4 255.255.240.0
!
interface vlan 356
ip address 10.56.112.4 255.255.240.0
!
interface vlan 357
ip address 10.57.112.4 255.255.240.0
!
interface vlan 360
ip address 10.60.112.4 255.255.240.0
!
interface vlan 386
ip address 10.86.112.4 255.255.240.0
!
interface vlan 402
ip address 10.2.128.4 255.255.240.0
!
interface vlan 403
ip address 10.3.128.4 255.255.240.0
!
interface vlan 404
ip address 10.4.128.4 255.255.240.0
!
interface vlan 406
ip address 10.6.128.4 255.255.240.0
!
interface vlan 407
ip address 10.7.128.4 255.255.240.0
!
interface vlan 408
ip address 10.8.128.4 255.255.240.0
!
interface vlan 409
ip address 10.9.128.4 255.255.240.0
!
interface vlan 410
ip address 10.10.128.4 255.255.240.0
!
interface vlan 413
ip address 10.13.128.4 255.255.240.0
!
interface vlan 414
ip address 10.14.128.4 255.255.240.0
!
interface vlan 415
ip address 10.15.128.4 255.255.240.0
!
interface vlan 416
ip address 10.16.128.4 255.255.240.0
!
interface vlan 420
ip address 10.20.128.4 255.255.240.0
!
interface vlan 421
ip address 10.21.128.4 255.255.240.0
!
interface vlan 422
ip address 10.22.128.4 255.255.240.0
!
interface vlan 423
ip address 10.23.128.4 255.255.240.0
!
interface vlan 424
ip address 10.24.128.4 255.255.240.0
!
interface vlan 425
ip address 10.25.128.4 255.255.240.0
!
interface vlan 427
ip address 10.27.128.4 255.255.240.0
!
interface vlan 428
ip address 10.28.128.4 255.255.240.0
!
interface vlan 429
ip address 10.29.128.4 255.255.240.0
!
interface vlan 430
ip address 10.30.128.4 255.255.240.0
!
interface vlan 433
ip address 10.33.128.4 255.255.240.0
!
interface vlan 434
ip address 10.34.128.4 255.255.240.0
!
interface vlan 436
ip address 10.36.128.4 255.255.240.0
!
interface vlan 437
ip address 10.37.128.4 255.255.240.0
!
interface vlan 440
ip address 10.40.128.4 255.255.240.0
!
interface vlan 441
ip address 10.41.128.4 255.255.240.0
!
interface vlan 442
ip address 10.42.128.4 255.255.240.0
!
interface vlan 444
ip address 10.44.128.4 255.255.240.0
!
interface vlan 445
ip address 10.45.128.4 255.255.240.0
!
interface vlan 446
ip address 10.46.128.4 255.255.240.0
!
interface vlan 447
ip address 10.47.128.4 255.255.240.0
!
interface vlan 448
ip address 10.48.128.4 255.255.240.0
!
interface vlan 449
ip address 10.49.128.4 255.255.240.0
!
interface vlan 451
ip address 10.51.128.4 255.255.240.0
!
interface vlan 453
ip address 10.53.128.4 255.255.240.0
!
interface vlan 454
ip address 10.54.128.4 255.255.240.0
!
interface vlan 455
ip address 10.55.128.4 255.255.240.0
!
interface vlan 456
ip address 10.56.128.4 255.255.240.0
!
interface vlan 457
ip address 10.57.128.4 255.255.240.0
!
interface vlan 460
ip address 10.60.128.4 255.255.240.0
!
interface vlan 486
ip address 10.86.128.4 255.255.240.0
!
interface vlan 1024
ip address 172.17.0.1 255.255.252.0
no suppress-arp
ip nat inside
!
interface vlan 366
ip address 10.66.112.4 255.255.240.0
!
interface vlan 466
ip address 10.66.128.4 255.255.240.0
!
!
uplink health-check
!
ip default-gateway 10.1.35.1
ip nexthop-list load-balance-gateways
!
ip nexthop-list load-balance-ipsecs
!
ip nexthop-list pan-gp-ipsec-map-list
!
ip nexthop-list traditional-ipsecs
!
crypto isakmp policy 20
encryption AES256
authentication pre-share
!
crypto isakmp policy 10001
authentication pre-share
!
crypto isakmp policy 10002
encryption AES256
authentication rsa-sig
!
crypto isakmp policy 10003
encryption AES256
authentication pre-share
!
crypto isakmp policy 10004
version v2
encryption AES256
authentication rsa-sig
!
crypto isakmp policy 10005
encryption AES256
authentication pre-share
!
crypto isakmp policy 10006
version v2
encryption AES128
authentication rsa-sig
!
crypto isakmp policy 10007
version v2
encryption AES128
authentication pre-share
!
crypto isakmp policy 10008
version v2
encryption AES128
hash sha2-256-128
group 19
authentication ecdsa-256
prf PRF-HMAC-SHA256
!
crypto isakmp policy 10009
version v2
encryption AES256
hash sha2-384-192
group 20
authentication ecdsa-384
prf PRF-HMAC-SHA384
!
crypto isakmp policy 10012
version v2
encryption AES256
authentication rsa-sig
!
crypto isakmp policy 10013
encryption AES256
authentication pre-share
!
crypto isakmp policy 10014
version v2
encryption AES256
hash sha2-256-128
group 14
authentication pre-share
prf PRF-HMAC-SHA256
!
crypto isakmp policy 10015
version v2
encryption AES128
hash sha2-256-128
group 14
authentication rsa-sig
prf PRF-HMAC-SHA256
!
crypto ipsec transform-set default-ha-transform esp-3des esp-sha-hmac
crypto ipsec transform-set default-boc-bm-transform esp-aes256 esp-sha-hmac
crypto ipsec transform-set default-1st-ikev2-transform esp-aes256 esp-sha-hmac
crypto ipsec transform-set default-3rd-ikev2-transform esp-aes128 esp-sha-hmac
crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac
crypto dynamic-map default-rap-ipsecmap 10001
version v2
set transform-set "default-gcm256" "default-gcm128" "default-rap-transform"
!
crypto dynamic-map default-rap-ipsecmap-gcm 10001
version v2
set transform-set "default-gcm256" "default-gcm128"
!
crypto dynamic-map default-rap-ipsecmap-aes 10001
version v2
set transform-set "default-rap-transform"
!
crypto dynamic-map default-dynamicmap 10000
set transform-set "default-transform" "default-aes"
!
crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap
crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap
crypto-local ipsec-map default-ha-ipsecmap10.1.35.12 9999
version v2
set ikev2-policy 10015
peer-ip 10.1.35.12
src-net 10.1.35.11 255.255.255.255
dst-net 10.1.35.12 255.255.255.255
set transform-set "default-ha-transform"
factory-cert-auth
trusted
!
crypto-local ipsec-map default-ha-ipsecmap10.1.35.14 9999
version v2
set ikev2-policy 10015
peer-ip 10.1.35.14
src-net 10.1.35.11 255.255.255.255
dst-net 10.1.35.14 255.255.255.255
set transform-set "default-ha-transform"
factory-cert-auth
trusted
!
crypto isakmp eap-passthrough eap-tls
crypto isakmp eap-passthrough eap-peap
crypto isakmp eap-passthrough eap-mschapv2
vpdn group l2tp
!
ip dhcp pool vlan_1024
default-router 172.17.0.1
dns-server 10.1.40.10
network 172.17.0.0 255.255.252.0
authoritative
!
ip dynamic-dns interval 900
service dhcp
snmp-server community "mickey03"
vpdn group pptp
!
tunneled-node-address 0.0.0.0
ap-crash-transfer
adp discovery enable
adp igmp-join enable
adp igmp-vlan-id 0
ap flush-r1-on-new-r0 disable
amon msg-buffer-size 1264
amon udp 0
mgmt-server primary-server 10.1.35.10 profile default-amp transport udp
mgmt-server primary-server conductor profile default-controller transport udp
ssh mgmt-auth public-key
ssh mgmt-auth username/password
mgmt-user admin root ********************
mgmt-user ssh-pubkey client-cert master-ssh-pub-cert seamless-logon read-only
mgmt-user ssh-pubkey client-cert master-ssh-pub-cert seamless-logon-w standard
ntp
ntp server 10.1.203.21
ntp server 10.1.40.10
no database synchronize
ip mobile domain default
!
ip mobile domain default
!
ip igmp
!
ipv6 mld
!
firewall
prohibit-ip-spoofing
allow-tri-session
attack-rate grat-arp 50 drop
session-idle-timeout 16
cp-bandwidth-contract untrusted-ucast 9765
cp-bandwidth-contract untrusted-mcast 3906
cp-bandwidth-contract trusted-ucast 65535
cp-bandwidth-contract trusted-mcast 3906
cp-bandwidth-contract route 976
cp-bandwidth-contract sessmirr 976
cp-bandwidth-contract vrrp 512
cp-bandwidth-contract arp-traffic 3906
cp-bandwidth-contract l2-other 1953
cp-bandwidth-contract auth 976
cp-bandwidth-contract ippkt-err 128
amsdu
dpi
wireless-bridge-aging
session-tunnel-fib
optimize-dad-frames
deny-needfrag-df-ipsec
!
ipv6 firewall
ext-hdr-parse-len 100
dpi-classif-cache 0
!
!
!
cp-bandwidth-contract cpbwc-ipv4-wms-lo pps 48000
cp-bandwidth-contract cpbwc-ipv6-wms-lo pps 48000
cp-bandwidth-contract cpbwc-ipv4-arm pps 48000
cp-bandwidth-contract cpbwc-ipv6-amp pps 96000
cp-bandwidth-contract cpbwc-ipv6-arm pps 48000
cp-bandwidth-contract cpbwc-ipv4-amp pps 96000
!
firewall cp
ipv4 permit any proto 6 ports 9190 9190
ipv6 deny any proto 0 ports 0 65535
ipv6 permit any proto 6 ports 9190 9190
ipv6 permit any proto 6 ports 15260 15260
!
ip domain lookup
!
ip name-server 10.1.48.95
ip name-server 10.21.48.10
ip name-server 10.1.40.10
!
country US
change-config-node /
aaa rfc-3576-server "10.1.40.116"
!
aaa rfc-3576-server "10.1.40.117"
!
aaa authentication mac "default"
!
aaa authentication dot1x "Aruba100_dot1_aut"
!
aaa authentication dot1x "default"
!
aaa authentication dot1x "default-psk"
!
aaa authentication dot1x "Intune_dot1_aut"
!
aaa authentication dot1x "LemoyneTest_dot1_aut"
!
aaa authentication dot1x "SCSD_Secure_dot1_aut"
!
aaa authentication via global-config
!
scheduler-profile "default"
queue-weights q0 0 q1 0 q2 0 q3 0
priority-map q0 "6 7" q1 "4 5" q2 "2 3" q3 "0 1"
!
aaa authentication-server radius "NOC-CP-A"
host "10.1.40.116"
key *redacted*
timeout 10
!
aaa authentication-server radius "NOC-CP-B"
host "10.1.40.117"
key *redacted*
timeout 10
!
aaa server-group "CaptivePortal_dot1_svg"
auth-server NOC-CP-B position 1
auth-server NOC-CP-A position 2
!
aaa server-group "default"
auth-server Internal position 1
set role condition role value-of
!
aaa server-group "internal"
auth-server Internal position 1
set role condition Role value-of
!
aaa server-group "SCSD_Secure_dot1_svg"
auth-server NOC-CP-B position 1
auth-server NOC-CP-A position 2
!
aaa server-group "SCSD_Vendor_dot1_svg"
auth-server NOC-CP-A position 1
auth-server NOC-CP-B position 2
!
aaa server-group "Vendor_dot1_svg"
auth-server NOC-CP-A position 1
auth-server NOC-CP-B position 2
!
aaa profile "Aruba100_aaa_prof"
initial-role "authenticated"
authentication-dot1x "Aruba100_dot1_aut"
!
aaa profile "default"
!
aaa profile "default-dot1x"
authentication-dot1x "default"
dot1x-default-role "authenticated"
!
aaa profile "default-dot1x-psk"
authentication-dot1x "default-psk"
!
aaa profile "default-iap-aaa-profile"
initial-role "default-iap-user-role"
no wired-to-wireless-roam
no devtype-classification
!
aaa profile "default-mac-auth"
authentication-mac "default"
mac-default-role "authenticated"
!
aaa profile "default-open"
!
aaa profile "default-tunneled-user"
initial-role "guest"
no wired-to-wireless-roam
!
aaa profile "default-xml-api"
!
aaa profile "Intune_aaa_prof"
initial-role "authenticated"
authentication-dot1x "Intune_dot1_aut"
!
aaa profile "LemoyneTest_aaa_prof"
initial-role "authenticated"
authentication-dot1x "LemoyneTest_dot1_aut"
!
aaa profile "NoAuthAAAProfile"
!
aaa profile "SCSD_Secure_aaa_prof"
authentication-dot1x "SCSD_Secure_dot1_aut"
dot1x-default-role "stateful-dot1x"
dot1x-server-group "SCSD_Secure_dot1_svg"
radius-accounting "SCSD_Secure_dot1_svg"
enforce-dhcp
!
aaa profile "SCSD_Test_AAA"
initial-role "SCSD_Test_role"
authentication-mac "default"
mac-default-role "SCSD_Test_role"
mac-server-group "SCSD_Vendor_dot1_svg"
rfc-3576-server "10.1.40.116"
rfc-3576-server "10.1.40.117"
!
aaa profile "SCSD_Vendor_aaa_prof"
initial-role "SCSD_Vendor-guest-logon"
authentication-mac "default"
mac-default-role "SCSD_Vendor-guest-logon"
mac-server-group "SCSD_Vendor_dot1_svg"
l2-auth-fail-through
radius-accounting "SCSD_Vendor_dot1_svg"
radius-interim-accounting
rfc-3576-server "10.1.40.116"
rfc-3576-server "10.1.40.117"
enforce-dhcp
!
aaa profile "Vendor_aaa_prof"
initial-role "Vendor-guest-logon"
mac-default-role "Vendor-guest-logon"
!
aaa authentication captive-portal "default"
!
aaa authentication captive-portal "SCSD_Vendor_cppm_prof"
server-group "SCSD_Vendor_dot1_svg"
redirect-pause 1
no logout-popup-window
login-page "https://visitor.scsd.us/guest/scsd_aruba_guest_login.php"
welcome-page "https://visitor.scsd.us/guest/scsd_welcome.php"
no enable-welcome-page
switchip-in-redirection-url
allow-list "scsd_vendor_cppm_prof"
redirect-url "https://visitor.scsd.us/guest/scsd_welcome.php"
!
aaa authentication captive-portal "SCSD_Vendor_cppm_prof-test"
server-group "SCSD_Vendor_dot1_svg"
login-page "https://visitor.scsd.us/guest/scsd_aruba_guest_login.php"
welcome-page "https://visitor.scsd.us/guest/scsd_welcome.php"
allow-list "scsd_vendor_cppm_prof"
!
aaa authentication captive-portal "Vendor_cppm_prof"
default-role "Vendor-guest-logon"
default-guest-role "Visitor_BYOD"
server-group "internal"
allow-list "vendor_cppm_prof"
redirect-url "http://www.syracusecityschools.com/"
!
aaa authentication wispr "default"
!
aaa authentication vpn "default"
!
aaa authentication vpn "default-cap"
default-role "sys-ap-role"
server-group "internal"
!
aaa authentication vpn "default-hp-switch"
!
aaa authentication vpn "default-iap"
!
aaa authentication vpn "default-rap"
!
aaa authentication mgmt
!
aaa authentication stateful-ntlm "default"
!
aaa authentication stateful-kerberos "default"
!
aaa authentication stateful-dot1x
!
aaa authentication via auth-profile "default"
!
aaa authentication wired
!
aaa authentication via connection-profile "default"
!
aaa authentication via web-auth "default"
!
web-server profile
cipher-suite ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA
captive-portal-cert "scsd_full_wc_2026"
!
guest-access-email
smtp-server 10.1.40.7
!
aaa password-policy mgmt
!
control-plane-security
auto-cert-prov
!
ids management-profile
!
ids wms-general-profile
!
ids wms-local-system-profile
!
ids ap-rule-matching
!
valid-network-oui-profile
!
traceoptions
!
activate
!
file syncing profile
!
ucc skype4b
!
ucc teams
!
ucc webrtc
!
ucc custom-sip
!
ucc rtpa-config
!
ucc jabber
!
ucc sip
!
ucc h323
!
ucc vocera
!
ucc sccp
!
ucc noe
!
ucc facetime
!
ucc ich
!
ucc session-idle-timeout
!
ucc wificalling
!
lc-cluster group-profile "Cluster1"
controller 10.1.35.11 priority 128 mcast-vlan 0 vrrp-ip 0.0.0.0 vrrp-vlan 0 group 1 rap-public-ip 0.0.0.0
controller 10.1.35.12 priority 128 mcast-vlan 0 vrrp-ip 0.0.0.0 vrrp-vlan 0 group 1 rap-public-ip 0.0.0.0
controller 10.1.35.14 priority 128 mcast-vlan 0 vrrp-ip 0.0.0.0 vrrp-vlan 0 group 1 rap-public-ip 0.0.0.0
active-client-rebalance-threshold 50
standby-client-rebalance-threshold 75
!
upgrade-profile
serverip 10.1.7.110
username "tmarris"
password 885a0b3d7620205fc3de6f5f42a891e8
protocol ftp
filepath "."
!
license-pool-profile-root
!
papi-security
!
est profile "default"
!
aruba-central
!
wlan sae-profile
!
ifmap cppm
!
pan profile "default"
!
pan-options
!
websocket clearpass
!
pan active-profile
!
openflow-profile
controller-ip "conductorip" 6633
bind-vlan 1-4094
!
dump-auto-uploading-profile "default"
!
ap regulatory-domain-profile "APG49VanDuyn-Outdoors_rdp_ui"
country-code US
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 149
valid-11a-channel 153
valid-11a-channel 157
valid-11a-channel 161
valid-11a-channel 165
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 149-153
valid-11a-40mhz-channel-pair 157-161
valid-11a-80mhz-channel-group 36-48
valid-11a-80mhz-channel-group 149-161
valid-11a-160mhz-channel-group 36-64
!
ap regulatory-domain-profile "APG51Webster_rdp_ui"
country-code US
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 149
valid-11a-channel 153
valid-11a-channel 157
valid-11a-channel 161
valid-11a-channel 165
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 149-153
valid-11a-40mhz-channel-pair 157-161
valid-11a-80mhz-channel-group 36-48
valid-11a-80mhz-channel-group 149-161
valid-11a-160mhz-channel-group 36-64
!
ap regulatory-domain-profile "default"
country-code US
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 149
valid-11a-channel 153
valid-11a-channel 157
valid-11a-channel 161
valid-11a-channel 165
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 149-153
valid-11a-40mhz-channel-pair 157-161
valid-11a-80mhz-channel-group 36-48
valid-11a-80mhz-channel-group 149-161
valid-11a-160mhz-channel-group 36-64
!
ap regulatory-domain-profile "default_rdp_ui"
country-code US
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 149
valid-11a-channel 153
valid-11a-channel 157
valid-11a-channel 161
valid-11a-channel 165
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 149-153
valid-11a-40mhz-channel-pair 157-161
valid-11a-160mhz-channel-group 36-64
!
ap regulatory-domain-profile "SCSD_rdp"
country-code US
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 52
valid-11a-channel 56
valid-11a-channel 60
valid-11a-channel 64
valid-11a-channel 100
valid-11a-channel 104
valid-11a-channel 108
valid-11a-channel 112
valid-11a-channel 116
valid-11a-channel 120
valid-11a-channel 124
valid-11a-channel 128
valid-11a-channel 132
valid-11a-channel 136
valid-11a-channel 140
valid-11a-channel 144
valid-11a-channel 149
valid-11a-channel 153
valid-11a-channel 157
valid-11a-channel 161
valid-11a-channel 165
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 52-56
valid-11a-40mhz-channel-pair 60-64
valid-11a-40mhz-channel-pair 100-104
valid-11a-40mhz-channel-pair 108-112
valid-11a-40mhz-channel-pair 116-120
valid-11a-40mhz-channel-pair 124-128
valid-11a-40mhz-channel-pair 132-136
valid-11a-40mhz-channel-pair 140-144
valid-11a-40mhz-channel-pair 149-153
valid-11a-40mhz-channel-pair 157-161
valid-11a-80mhz-channel-group 36-48
valid-11a-80mhz-channel-group 149-161
valid-11a-160mhz-channel-group 36-64
!
ap wired-ap-profile "default"
!
ap wired-ap-profile "NoAuthWiredAp"
wired-ap-enable
!
ap enet-link-profile "default"
!
ap mesh-ht-ssid-profile "default"
!
ap lldp med-network-policy-profile "default"
!
ap mesh-cluster-profile "default"
!
ap mesh-accesslist-profile "default"
!
ap wifi-uplink-profile "default"
!
ap multizone-profile "default"
!
ap usb-acl-prof "default"
!
dump-collection-profile "default"
!
ap lldp profile "default"
!
ap mesh-radio-profile "default"
!
ap usb-profile "default"
!
ap system-profile "default"
ipm-enable
ipm-power-reduction-step-prio ipm-step disable_usb priority 1
ipm-power-reduction-step-prio ipm-step disable_alt_eth priority 2
ipm-power-reduction-step-prio ipm-step radio_2ghz_power_3dB priority 3
ipm-power-reduction-step-prio ipm-step radio_5ghz_power_3dB priority 4
ap-console-password *redacted*
!
ap system-profile "NoAuthApSystem"
ap-console-password *redacted*
!
ap wired-port-profile "default"
!
ap wired-port-profile "NoAuthWiredPort"
wired-ap-profile "NoAuthWiredAp"
aaa-profile "NoAuthAAAProfile"
!
ap wired-port-profile "shutdown"
shutdown
!
gps service-profile "default"
!
ids general-profile "default"
!
ids rate-thresholds-profile "default"
!
ids rate-thresholds-profile "probe-request-response-thresholds"
channel-inc-time 30
channel-threshold 350
node-time-interval 10
node-threshold 250
!
ids signature-profile "AirJack"
frame-type beacon ssid AirJack
!
ids signature-profile "ASLEAP"
frame-type beacon ssid asleap
!
ids signature-profile "Deauth-Broadcast-From-Valid-AP"
frame-type deauth
dst-mac ff:ff:ff:ff:ff:ff
src-mac valid-ap
bssid valid-ap
!
ids signature-profile "default"
!
ids signature-profile "Disassoc-Broadcast"
frame-type disassoc
dst-mac ff:ff:ff:ff:ff:ff
!
ids signature-profile "Disassoc-Broadcast-From-Valid-AP"
frame-type disassoc
dst-mac ff:ff:ff:ff:ff:ff
src-mac valid-ap
bssid valid-ap
!
ids signature-profile "Netstumbler Generic"
payload 0x00601d 3
payload 0x0001 6
!
ids signature-profile "Netstumbler Version 3.3.0x"
payload 0x00601d 3
payload 0x000102 12
!
ids signature-profile "Null-Probe-Response"
frame-type probe-response ssid-length 0
!
ids signature-profile "Wellenreiter"
frame-type probe-request ssid this_is_used_for_wellenreiter
!
ids impersonation-profile "default"
!
ids unauthorized-device-profile "default"
!
ids signature-matching-profile "default"
signature "Disassoc-Broadcast"
!
ids dos-profile "default"
!
ids profile "default"
!
rf dot11-60GHz-radio-profile "default"
!
wlan 6ghz-rrm-ie-profile "default"
!
rf arm-profile "arm-maintain"
no scanning
!
rf arm-profile "arm-scan"
!
rf arm-profile "default-6ghz"
160MHz-support Auto
min-tx-power 12
max-tx-power 18
!
rf arm-profile "default-a"
!
rf arm-profile "default-g"
!
rf ht-radio-profile "default-6ghz"
!
rf ht-radio-profile "default-a"
!
rf ht-radio-profile "default-g"
!
rf spectrum-profile "default-6ghz"
!
rf spectrum-profile "default-a"
!
rf spectrum-profile "default-g"
!
rf optimization-profile "default"
!
rf event-thresholds-profile "default"
!
rf am-scan-profile "APG49VanDuyn-Outdoors_radio_a_ui_amscan_a_ui"
!
rf am-scan-profile "APG49VanDuyn-Outdoors_radio_g_ui_amscan_g_ui"
!
rf am-scan-profile "APG51Webster_radio_a_ui_amscan_a_ui"
!
rf am-scan-profile "APG51Webster_radio_g_ui_amscan_g_ui"
!
rf am-scan-profile "default"
!
rf am-scan-profile "default_radio_a_ui_amscan_a_ui"
!
rf am-scan-profile "default_radio_g_ui_amscan_g_ui"
!
rf am-scan-profile "rp-377-a_amscan_a_ui"
!
rf am-scan-profile "rp-377-g_amscan_g_ui"
!
rf dot11a-radio-profile "APG49VanDuyn-Outdoors_radio_a_ui"
am-scan-profile "APG49VanDuyn-Outdoors_radio_a_ui_amscan_a_ui"
max-channel-bandwidth 40MHz
eirp-min 30
eirp-max 36
!
rf dot11a-radio-profile "APG51Webster_radio_a_ui"
am-scan-profile "APG51Webster_radio_a_ui_amscan_a_ui"
max-channel-bandwidth 40MHz
!
rf dot11a-radio-profile "default"
max-channel-bandwidth 40MHz
!
rf dot11a-radio-profile "default_radio_a_ui"
am-scan-profile "default_radio_a_ui_amscan_a_ui"
max-channel-bandwidth 40MHz
!
rf dot11a-radio-profile "rp-377-a"
am-scan-profile "rp-377-a_amscan_a_ui"
max-channel-bandwidth 20MHz
eirp-min 30
eirp-max 36
!
rf dot11a-radio-profile "rp-maintain-a"
arm-profile "arm-maintain"
!
rf dot11a-radio-profile "rp-monitor-a"
mode am-mode
!
rf dot11a-radio-profile "rp-scan-a"
arm-profile "arm-scan"
!
rf dot11g-radio-profile "APG49VanDuyn-Outdoors_radio_g_ui"
am-scan-profile "APG49VanDuyn-Outdoors_radio_g_ui_amscan_g_ui"
eirp-min 28
eirp-max 34
!
rf dot11g-radio-profile "APG51Webster_radio_g_ui"
am-scan-profile "APG51Webster_radio_g_ui_amscan_g_ui"
!
rf dot11g-radio-profile "default"
!
rf dot11g-radio-profile "default_radio_g_ui"
am-scan-profile "default_radio_g_ui_amscan_g_ui"
!
rf dot11g-radio-profile "rp-377-g"
am-scan-profile "rp-377-g_amscan_g_ui"
eirp-min 28
eirp-max 34
!
rf dot11g-radio-profile "rp-maintain-g"
arm-profile "arm-maintain"
!
rf dot11g-radio-profile "rp-monitor-g"
mode am-mode
!
rf dot11g-radio-profile "rp-scan-g"
arm-profile "arm-scan"
!
rf dot11-6GHz-radio-profile "default"
!
wlan rrm-ie-profile "default"
!
wlan bcn-rpt-req-profile "default"
!
wlan dot11r-profile "default"
!
wlan tsm-req-profile "default"
!
wlan ht-ssid-profile "default"
!
wlan he-ssid-profile "default"
no high-efficiency-enable
!
wlan hotspot anqp-venue-name-profile "default"
!
wlan hotspot anqp-nwk-auth-profile "default"
!
wlan hotspot anqp-roam-cons-profile "default"
!
wlan hotspot anqp-nai-realm-profile "default"
!
wlan hotspot anqp-3gpp-nwk-profile "default"
!
wlan hotspot h2qp-operator-friendly-name-profile "default"
!
wlan hotspot h2qp-wan-metrics-profile "default"
!
wlan hotspot h2qp-conn-capability-profile "default"
!
wlan hotspot h2qp-op-cl-profile "default"
!
wlan hotspot h2qp-osu-prov-list-profile "default"
!
wlan hotspot anqp-ip-addr-avail-profile "default"
!
wlan hotspot anqp-domain-name-profile "default"
!
wlan edca-parameters-profile station "default"
!
wlan edca-parameters-profile ap "default"
!
wlan mu-edca-parameters-profile "default"
!
wlan dot11k-profile "default"
!
wlan ssid-profile "Aruba100_ssid_prof"
essid "Aruba100"
wpa-passphrase 4ccd53a9107930187e2769226a863369f156a29aed7af704
opmode wpa2-psk-aes
!
wlan ssid-profile "default"
!
wlan ssid-profile "Intune_ssid_prof"
essid "Intune"
wpa-passphrase efa949f3c477859e18db229435dd306ce33e354dc158f28d
opmode wpa2-psk-aes
a-basic-rates 24
a-tx-rates 36 48 54
g-basic-rates 12
g-tx-rates 12 18 24 36 48 54
hide-ssid
!
wlan ssid-profile "SCSD_Secure_ssid_prof"
essid "SCSD_Secure"
opmode wpa2-aes
a-basic-rates 24
a-tx-rates 24 36 48 54
g-basic-rates 12 18
g-tx-rates 12 18 24 36 48 54
!
wlan ssid-profile "SCSD_Secure_ssid_profile-Outdoors"
essid "SCSD_Secure"
opmode wpa2-aes
a-basic-rates 24
a-tx-rates 12 18 24 36 48 54
g-basic-rates 12 18
g-tx-rates 12 18 24 36 48 54
!
wlan ssid-profile "SCSD_Test"
essid "SCSD_Test"
hide-ssid
!
wlan ssid-profile "SCSD_Vendor_ssid_prof"
essid "SCSD_Vendor"
!
wlan ssid-profile "SCSD_Vendor_ssid_prof-Outdoors"
essid "SCSD_Vendor"
!
wlan ssid-profile "Vendor_ssid_prof"
essid "Vendor"
!
wlan hotspot advertisement-profile "default"
!
wlan hotspot hs2-profile "default"
!
wlan virtual-ap "APG02-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 302
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG02-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 402
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG03-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 303
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG03-SCSD_Secure-Outdoors"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 303
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_profile-Outdoors"
band-steering
!
wlan virtual-ap "APG03-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 403
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
!
wlan virtual-ap "APG03-SCSD_Vendor-Outdoors"
vlan 403
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof-Outdoors"
!
wlan virtual-ap "APG04-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 304
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG04-SCSD_Secure-Outdoors"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 304
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_profile-Outdoors"
band-steering
!
wlan virtual-ap "APG04-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 404
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG04-SCSD_Vendor-Outdoors"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 404
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof-Outdoors"
band-steering
!
wlan virtual-ap "APG06-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 306
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG06-SCSD_Secure-Outdoors"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 306
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_profile-Outdoors"
band-steering
!
wlan virtual-ap "APG06-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 406
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG06-SCSD_Vendor-Outdoors"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 406
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof-Outdoors"
band-steering
!
wlan virtual-ap "APG07-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 307
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG07-SCSD_Secure-Outdoors"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 307
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_profile-Outdoors"
band-steering
!
wlan virtual-ap "APG07-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 407
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG07-SCSD_Vendor-Outdoors"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 407
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof-Outdoors"
band-steering
!
wlan virtual-ap "APG08-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 308
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG08-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 408
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG09-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 309
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG09-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 409
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG10-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 310
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG10-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 410
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG13-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 313
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG13-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 413
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG14-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 314
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG14-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 414
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG15-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 315
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG15-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 415
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG16-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 316
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG16-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 416
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG20-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 320
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG20-SCSD_Secure-Outdoors"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 320
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_profile-Outdoors"
band-steering
!
wlan virtual-ap "APG20-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 420
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG20-SCSD_Vendor-Outdoors"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 420
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof-Outdoors"
band-steering
!
wlan virtual-ap "APG21-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 321
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG21-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 421
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG22-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 322
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG22-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 422
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG23-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 323
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG23-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 423
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG24-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 324
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG24-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 424
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG25-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 325
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG25-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 425
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG27-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 327
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG27-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 427
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG28-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 328
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG28-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 428
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG29-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 329
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG29-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 429
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG30-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 330
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG30-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 430
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG33-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 333
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG33-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 433
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
!
wlan virtual-ap "APG34-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 334
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG34-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 434
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
!
wlan virtual-ap "APG36-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 336
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG36-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 436
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG37-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 337
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG37-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 437
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG40-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 340
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG40-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 440
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG41-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 341
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG41-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 441
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG42-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 342
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG42-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 442
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG44-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 344
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG44-SCSD_Secure-Outdoor"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 344
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_profile-Outdoors"
!
wlan virtual-ap "APG44-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 444
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
!
wlan virtual-ap "APG44-SCSD_Vendor-Outdoor"
vlan 444
!
wlan virtual-ap "APG45-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 345
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG45-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 445
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG46-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 346
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG46-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 446
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG47-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 347
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG47-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 447
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG48-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 348
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG48-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 448
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG49-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 349
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG49-SCSD_Secure-Outdoors"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 349
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_profile-Outdoors"
band-steering
!
wlan virtual-ap "APG49-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 449
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG49-SCSD_Vendor-Outdoors"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 449
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof-Outdoors"
band-steering
!
wlan virtual-ap "APG51-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 351
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG51-SCSD_Secure-Outdoors"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 351
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_profile-Outdoors"
band-steering
!
wlan virtual-ap "APG51-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 451
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG51-SCSD_Vendor-Outdoors"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 451
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof-Outdoors"
band-steering
!
wlan virtual-ap "APG53-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 353
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG53-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 453
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG54-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 354
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG54-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 454
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG55-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 355
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG55-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 455
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG56-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 356
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG56-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 456
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG57-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 357
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG57-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 457
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG60-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 360
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG60-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 460
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG66-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 366
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG66-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 466
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "APG86-SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 386
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
band-steering
!
wlan virtual-ap "APG86-SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 486
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
band-steering
!
wlan virtual-ap "Aruba100"
aaa-profile "Aruba100_aaa_prof"
vlan 433
forward-mode decrypt-tunnel
ssid-profile "Aruba100_ssid_prof"
!
wlan virtual-ap "default"
!
wlan virtual-ap "Intune"
aaa-profile "Intune_aaa_prof"
vlan Intune
forward-mode decrypt-tunnel
ssid-profile "Intune_ssid_prof"
!
wlan virtual-ap "SCSD_Secure"
aaa-profile "SCSD_Secure_aaa_prof"
vlan 160
forward-mode decrypt-tunnel
ssid-profile "SCSD_Secure_ssid_prof"
!
wlan virtual-ap "SCSD_Test_VAP"
aaa-profile "SCSD_Test_AAA"
vlan 403
ssid-profile "SCSD_Test"
!
wlan virtual-ap "SCSD_Vendor"
aaa-profile "SCSD_Vendor_aaa_prof"
vlan 100
forward-mode decrypt-tunnel
ssid-profile "SCSD_Vendor_ssid_prof"
!
wlan virtual-ap "Vendor"
aaa-profile "Vendor_aaa_prof"
no vap-enable
vlan Vendor-33-Lemoyne
forward-mode decrypt-tunnel
ssid-profile "Vendor_ssid_prof"
!
mgmt-server profile "default-acp"
stats-enable
tag-enable
sessions-enable
monitored-info-enable
monitored-info-del-enable
monitored-info-snapshot-enable
wids-event-info-enable
misc-enable
location-enable
uccmonitoring-enable
airgroupinfo-enable
wan-state
!
mgmt-server profile "default-ale"
stats-enable
tag-enable
sessions-enable
misc-enable
location-enable
uccmonitoring-enable
!
mgmt-server profile "default-amp"
stats-enable
tag-enable
sessions-enable
monitored-info-enable
user-visibility-enable
misc-enable
location-enable
ap-stats
!
mgmt-server profile "default-controller"
stats-enable
tag-enable
sessions-enable
user-visibility-enable
misc-enable
location-enable
uccmonitoring-enable
airgroupinfo-enable
wan-state
ap-stats
!
mgmt-server profile "default-niara"
no generic-amon-enable
sessions-enable
no inline-dhcp-stats
no inline-ap-stats
no inline-auth-stats
no inline-dns-stats
!
ap authorization-profile "default"
ap-authorization-group "NoAuthApGroup"
!
ap provisioning-profile "default"
!
rf arm-rf-domain-profile
!
ap am-filter-profile "default"
!
ap spectrum local-override
!
airmatch profile
!
ap-lacp-striping-ip
!
ap general-profile
!
ap deploy-profile
!
airslice-profile "default"
!
ap provisioning-rules
!
ap-group "APG02ITC"
virtual-ap "Intune"
virtual-ap "APG02-SCSD_Secure"
virtual-ap "APG02-SCSD_Vendor"
!
ap-group "APG03Fowler"
virtual-ap "Intune"
virtual-ap "APG03-SCSD_Secure"
virtual-ap "APG03-SCSD_Vendor"
virtual-ap "SCSD_Test_VAP"
!
ap-group "APG03Fowler-Outdoors"
virtual-ap "APG03-SCSD_Secure-Outdoors"
virtual-ap "APG03-SCSD_Vendor-Outdoors"
dot11a-radio-profile "rp-377-a"
dot11g-radio-profile "rp-377-g"
regulatory-domain-profile "SCSD_rdp"
!
ap-group "APG04Nottingham"
virtual-ap "Intune"
virtual-ap "APG04-SCSD_Secure"
virtual-ap "APG04-SCSD_Vendor"
!
ap-group "APG04Nottingham-Outdoors"
virtual-ap "APG04-SCSD_Secure-Outdoors"
virtual-ap "APG04-SCSD_Vendor-Outdoors"
dot11a-radio-profile "rp-377-a"
dot11g-radio-profile "rp-377-g"
regulatory-domain-profile "SCSD_rdp"
!
ap-group "APG06Henninger"
virtual-ap "Intune"
virtual-ap "APG06-SCSD_Secure"
virtual-ap "APG06-SCSD_Vendor"
!
ap-group "APG06Henninger-Outdoors"
dot11a-radio-profile "rp-377-a"
dot11g-radio-profile "rp-377-g"
regulatory-domain-profile "SCSD_rdp"
!
ap-group "APG07Corcoran"
virtual-ap "Intune"
virtual-ap "APG07-SCSD_Secure"
virtual-ap "APG07-SCSD_Vendor"
!
ap-group "APG07Corcoran-Outdoors"
virtual-ap "APG07-SCSD_Secure-Outdoors"
virtual-ap "APG07-SCSD_Vendor-Outdoors"
dot11a-radio-profile "rp-377-a"
dot11g-radio-profile "rp-377-g"
regulatory-domain-profile "SCSD_rdp"
!
ap-group "APG08Clary"
virtual-ap "Intune"
virtual-ap "APG08-SCSD_Secure"
virtual-ap "APG08-SCSD_Vendor"
!
ap-group "APG09Grant"
virtual-ap "Intune"
virtual-ap "APG09-SCSD_Secure"
virtual-ap "APG09-SCSD_Vendor"
!
ap-group "APG10Levy"
virtual-ap "Intune"
virtual-ap "APG10-SCSD_Secure"
virtual-ap "APG10-SCSD_Vendor"
!
ap-group "APG13Lincoln"
virtual-ap "Intune"
virtual-ap "APG13-SCSD_Secure"
virtual-ap "APG13-SCSD_Vendor"
!
ap-group "APG14Shea"
virtual-ap "Intune"
virtual-ap "APG14-SCSD_Secure"
virtual-ap "APG14-SCSD_Vendor"
!
ap-group "APG15HWSmith"
virtual-ap "Intune"
virtual-ap "APG15-SCSD_Secure"
virtual-ap "APG15-SCSD_Vendor"
!
ap-group "APG16Bellevue"
virtual-ap "Intune"
virtual-ap "APG16-SCSD_Secure"
virtual-ap "APG16-SCSD_Vendor"
!
ap-group "APG20Dr_King-Outdoors"
virtual-ap "APG20-SCSD_Secure-Outdoors"
virtual-ap "APG20-SCSD_Vendor-Outdoors"
dot11a-radio-profile "rp-377-a"
dot11g-radio-profile "rp-377-g"
regulatory-domain-profile "SCSD_rdp"
!
ap-group "APG20DrKing"
virtual-ap "Intune"
virtual-ap "APG20-SCSD_Secure"
virtual-ap "APG20-SCSD_Vendor"
!
ap-group "APG21Brighton"
virtual-ap "Intune"
virtual-ap "APG21-SCSD_Secure"
virtual-ap "APG21-SCSD_Vendor"
!
ap-group "APG22Delaware"
virtual-ap "Intune"
virtual-ap "APG22-SCSD_Secure"
virtual-ap "APG22-SCSD_Vendor"
!
ap-group "APG23Elmwood"
virtual-ap "Intune"
virtual-ap "APG23-SCSD_Secure"
virtual-ap "APG23-SCSD_Vendor"
!
ap-group "APG24Franklin"
virtual-ap "Intune"
virtual-ap "APG24-SCSD_Secure"
virtual-ap "APG24-SCSD_Vendor"
!
ap-group "APG25Frazer"
virtual-ap "Intune"
virtual-ap "APG25-SCSD_Secure"
virtual-ap "APG25-SCSD_Vendor"
!
ap-group "APG27Elmcrest"
virtual-ap "Intune"
virtual-ap "APG27-SCSD_Secure"
virtual-ap "APG27-SCSD_Vendor"
!
ap-group "APG28Latin"
virtual-ap "Intune"
virtual-ap "APG28-SCSD_Secure"
virtual-ap "APG28-SCSD_Vendor"
!
ap-group "APG29Huntington"
virtual-ap "Intune"
virtual-ap "APG29-SCSD_Secure"
virtual-ap "APG29-SCSD_Vendor"
!
ap-group "APG30SalemHyde"
virtual-ap "Intune"
virtual-ap "APG30-SCSD_Secure"
virtual-ap "APG30-SCSD_Vendor"
!
ap-group "APG33Lemoyne"
virtual-ap "APG33-SCSD_Secure"
virtual-ap "Intune"
virtual-ap "APG33-SCSD_Vendor"
dot11a-radio-profile "default_radio_a_ui"
dot11g-radio-profile "default_radio_g_ui"
!
ap-group "APG34Weeks"
virtual-ap "APG34-SCSD_Secure"
virtual-ap "APG34-SCSD_Vendor"
virtual-ap "Intune"
!
ap-group "APG36McKinley"
virtual-ap "Intune"
virtual-ap "APG36-SCSD_Secure"
virtual-ap "APG36-SCSD_Vendor"
!
ap-group "APG37Meachem"
virtual-ap "Intune"
virtual-ap "APG37-SCSD_Secure"
virtual-ap "APG37-SCSD_Vendor"
!
ap-group "APG40Porter"
virtual-ap "Intune"
virtual-ap "APG40-SCSD_Secure"
virtual-ap "APG40-SCSD_Vendor"
!
ap-group "APG41Bova"
virtual-ap "Intune"
virtual-ap "APG41-SCSD_Secure"
virtual-ap "APG41-SCSD_Vendor"
!
ap-group "APG42Roberts"
virtual-ap "Intune"
virtual-ap "APG42-SCSD_Secure"
virtual-ap "APG42-SCSD_Vendor"
!
ap-group "APG44Seymore"
virtual-ap "APG44-SCSD_Secure"
virtual-ap "Intune"
virtual-ap "APG44-SCSD_Vendor"
!
ap-group "APG44Seymour-Outdoors"
virtual-ap "APG44-SCSD_Secure-Outdoor"
virtual-ap "APG44-SCSD_Vendor-Outdoor"
dot11a-radio-profile "rp-377-a"
dot11g-radio-profile "rp-377-g"
regulatory-domain-profile "SCSD_rdp"
!
ap-group "APG45EdSmith"
virtual-ap "Intune"
virtual-ap "APG45-SCSD_Secure"
virtual-ap "APG45-SCSD_Vendor"
!
ap-group "APG46Brighton466"
virtual-ap "Intune"
virtual-ap "APG46-SCSD_Secure"
virtual-ap "APG46-SCSD_Vendor"
!
ap-group "APG47ELMS"
virtual-ap "Intune"
virtual-ap "APG47-SCSD_Secure"
virtual-ap "APG47-SCSD_Vendor"
!
ap-group "APG48Beard"
virtual-ap "Intune"
virtual-ap "APG48-SCSD_Secure"
virtual-ap "APG48-SCSD_Vendor"
!
ap-group "APG49VanDuyn"
virtual-ap "Intune"
virtual-ap "APG49-SCSD_Secure"
virtual-ap "APG49-SCSD_Vendor"
!
ap-group "APG49VanDuyn-Outdoors"
virtual-ap "APG49-SCSD_Vendor-Outdoors"
virtual-ap "APG49-SCSD_Secure-Outdoors"
dot11a-radio-profile "APG49VanDuyn-Outdoors_radio_a_ui"
dot11g-radio-profile "APG49VanDuyn-Outdoors_radio_g_ui"
regulatory-domain-profile "APG49VanDuyn-Outdoors_rdp_ui"
!
ap-group "APG51Webster"
virtual-ap "Intune"
virtual-ap "APG51-SCSD_Secure"
virtual-ap "APG51-SCSD_Vendor"
dot11a-radio-profile "APG51Webster_radio_a_ui"
dot11g-radio-profile "APG51Webster_radio_g_ui"
regulatory-domain-profile "APG51Webster_rdp_ui"
!
ap-group "APG51Webster-Outdoors"
virtual-ap "APG51-SCSD_Secure-Outdoors"
virtual-ap "APG51-SCSD_Vendor-Outdoors"
dot11a-radio-profile "rp-377-a"
dot11g-radio-profile "rp-377-g"
regulatory-domain-profile "SCSD_rdp"
!
ap-group "APG53Blodgett"
virtual-ap "Intune"
virtual-ap "APG53-SCSD_Secure"
virtual-ap "APG53-SCSD_Vendor"
!
ap-group "APG54JVC"
virtual-ap "Intune"
virtual-ap "APG54-SCSD_Secure"
virtual-ap "APG54-SCSD_Vendor"
!
ap-group "APG55CO"
virtual-ap "Intune"
virtual-ap "APG55-SCSD_Secure"
virtual-ap "APG55-SCSD_Vendor"
!
ap-group "APG56SSC"
virtual-ap "Intune"
virtual-ap "APG56-SCSD_Secure"
virtual-ap "APG56-SCSD_Vendor"
!
ap-group "APG57Transportation"
virtual-ap "Intune"
virtual-ap "APG57-SCSD_Secure"
virtual-ap "APG57-SCSD_Vendor"
!
ap-group "APG60RockWest"
virtual-ap "Intune"
virtual-ap "APG60-SCSD_Secure"
virtual-ap "APG60-SCSD_Vendor"
!
ap-group "APG66ENL"
virtual-ap "Intune"
virtual-ap "APG66-SCSD_Secure"
virtual-ap "APG66-SCSD_Vendor"
!
ap-group "APG86StLucy"
virtual-ap "Intune"
virtual-ap "APG86-SCSD_Secure"
virtual-ap "APG86-SCSD_Vendor"
!
ap-group "default"
virtual-ap "Aruba100"
virtual-ap "SCSD_Secure"
virtual-ap "Intune"
virtual-ap "SCSD_Vendor"
virtual-ap "Vendor"
dot11a-radio-profile "default_radio_a_ui"
dot11g-radio-profile "default_radio_g_ui"
regulatory-domain-profile "default_rdp_ui"
!
ap-group "NoAuthApGroup"
enet1-port-profile "NoAuthWiredPort"
enet2-port-profile "NoAuthWiredPort"
enet3-port-profile "NoAuthWiredPort"
enet4-port-profile "NoAuthWiredPort"
ap-system-profile "NoAuthApSystem"
!
airgroupprofile service "default-airplay"
id "_airplay._tcp"
id "_appletv-v2._tcp"
id "_raop._tcp"
description "AirPlay"
!
airgroupprofile service "default-airprint"
id "_canon-bjnp1._tcp"
id "_fax-ipp._tcp"
id "_http-alt._tcp"
id "_http._tcp"
id "_ica-networking._tcp"
id "_ica-networking2._tcp"
id "_ipp-tls._tcp"
id "_ipp._tcp"
id "_ipps._tcp"
id "_pdl-datastream._tcp"
id "_printer._tcp"
id "_ptp._tcp"
id "_riousbprint._tcp"
id "_universal._sub._ipp._tcp"
id "_universal._sub._ipps._tcp"
description "AirPrint"
!
airgroupprofile service "default-allowall"
description "Remaining-Services"
!
airgroupprofile service "default-amazontv"
id "_amzn-wplay._tcp"
description "Amazon fire tv"
!
airgroupprofile service "default-dial"
id "urn:dial-multiscreen-org:device:dial:1"
id "urn:dial-multiscreen-org:service:dial:1"
description "DIAL supported by Chromecast, FireTV, Roku etc"
!
airgroupprofile service "default-dlna-media"
id "urn:schemas-upnp-org:device:MediaPlayer:1"
id "urn:schemas-upnp-org:device:MediaRenderer:1"
id "urn:schemas-upnp-org:device:MediaRenderer:2"
id "urn:schemas-upnp-org:device:MediaRenderer:3"
id "urn:schemas-upnp-org:device:MediaServer:1"
id "urn:schemas-upnp-org:device:MediaServer:2"
id "urn:schemas-upnp-org:device:MediaServer:3"
id "urn:schemas-upnp-org:device:MediaServer:4"
id "urn:schemas-upnp-org:device:ZonePlayer:1"
id "urn:schemas-upnp-org:service:AVTransport:1"
id "urn:schemas-upnp-org:service:AlarmClock:1"
id "urn:schemas-upnp-org:service:ConnectionManager:1"
id "urn:schemas-upnp-org:service:ContentDirectory:1"
id "urn:schemas-upnp-org:service:DeviceProperties:1"
id "urn:schemas-upnp-org:service:GroupManagement:1"
id "urn:schemas-upnp-org:service:GroupRenderingControl:1"
id "urn:schemas-upnp-org:service:MusicServices:1"
id "urn:schemas-upnp-org:service:RenderingControl:1"
id "urn:schemas-upnp-org:service:SystemProperties:1"
id "urn:schemas-upnp-org:service:ZoneGroupTopology:1"
description "Media"
!
airgroupprofile service "default-dlna-print"
id "urn:schemas-upnp-org:device:Printer:1"
id "urn:schemas-upnp-org:service:PrintBasic:1"
id "urn:schemas-upnp-org:service:PrintEnhanced:1"
description "Print"
!
airgroupprofile service "default-googlecast"
id "_0F5096E8._sub._googlecast._tcp"
id "_17608BC8._sub._googlecast._tcp"
id "_233637DE._sub._googlecast._tcp"
id "_42B56469._sub._googlecast._tcp"
id "_668E5548._sub._googlecast._tcp"
id "_674A0243._sub._googlecast._tcp"
id "_85CDB22F._sub._googlecast._tcp"
id "_8DA7527D._sub._googlecast._tcp"
id "_8E6C866D._sub._googlecast._tcp"
id "_96084372._sub._googlecast._tcp"
id "_CA5E8412._sub._googlecast._tcp"
id "_CC1AD845._sub._googlecast._tcp"
id "_googlecast._tcp"
id "_googlezone._tcp"
description "GoogleCast supported by Chromecast etc"
!
airgroupprofile service "default-itunes"
id "_apple-mobdev._tcp"
id "_daap._tcp"
id "_dacp._tcp"
id "_home-sharing._tcp"
description "iTunes"
!
airgroupprofile service "default-remotemgmt"
id "_ftp._tcp"
id "_net-assistant._tcp"
id "_rfb._tcp"
id "_sftp-ssh._tcp"
id "_ssh._tcp"
id "_telnet._tcp"
description "Remote management"
!
airgroupprofile service "default-sharing"
id "_afpovertcp._tcp"
id "_odisk._tcp"
id "_xgrid._tcp"
description "Sharing"
!
airgroupprofile ipv6 "default"
!
airgroupprofile network "default"
!
airgroupprofile "default"
service "default-airplay"
service "default-airprint"
service "default-dial"
disallow-vlan type servers service ""
disallow-role "" type servers service ""
!
logging security subcat ids level warnings
logging security subcat ids-ap level warnings
snmp-server enable trap
snmp-server host 10.1.35.10 version 2c mickey03 udp-port 162
snmp-server trap source 0.0.0.0
snmp-server trap disable wlsxAPBROADCASTSTORM
snmp-server trap disable wlsxAPIPConflict
snmp-server trap disable wlsxAPLoopDetected
snmp-server trap disable wlsxAPPortDown
snmp-server trap disable wlsxAPPortUp
snmp-server trap disable wlsxAPUSBPLUGALARM
snmp-server trap disable wlsxAceUsageThreshold
snmp-server trap disable wlsxAdhocNetwork
snmp-server trap disable wlsxAdhocNetworkBridgeDetectedAP
snmp-server trap disable wlsxAdhocNetworkBridgeDetectedSta
snmp-server trap disable wlsxAdhocUsingValidSSID
snmp-server trap disable wlsxAuthMaxAclEntries
snmp-server trap disable wlsxAuthMaxBWContracts
snmp-server trap disable wlsxAuthMaxUserEntries
snmp-server trap disable wlsxAuthServerIsUp
snmp-server trap disable wlsxAuthServerReqTimedOut
snmp-server trap disable wlsxAuthServerTimedOut
snmp-server trap disable wlsxCLEARPASSSERVERINVALID
snmp-server trap disable wlsxChannelChanged
snmp-server trap disable wlsxClientPskAuthenticationFailed
snmp-server trap disable wlsxClientRejectedByMaxClientCount
snmp-server trap disable wlsxClusterVlanProbeStatus
snmp-server trap disable wlsxCoverageHoleDetected
snmp-server trap disable wlsxDBCommunicationFailure
snmp-server trap disable wlsxDisconnectStationAttack
snmp-server trap disable wlsxDot1xThresholdLimitHit
snmp-server trap disable wlsxDot1xTotalLimitHit
snmp-server trap disable wlsxESIServerDown
snmp-server trap disable wlsxESIServerUp
snmp-server trap disable wlsxFanAbsent
snmp-server trap disable wlsxFanFailure
snmp-server trap disable wlsxFanTrayInserted
snmp-server trap disable wlsxFanTrayRemoved
snmp-server trap disable wlsxFlash1SpaceOK
snmp-server trap disable wlsxGBICInserted
snmp-server trap disable wlsxGhostTunnelclientAttack
snmp-server trap disable wlsxGhostTunnelserverAttack
snmp-server trap disable wlsxHaFailoverRequestFromAp
snmp-server trap disable wlsxHaFailoverTrigger
snmp-server trap disable wlsxHaIntercontrollerHbtMiss
snmp-server trap disable wlsxHaStandbyConnectivityState
snmp-server trap disable wlsxHaStandbyIpSentFailed
snmp-server trap disable wlsxHaState
snmp-server trap disable wlsxIpSpoofingDetected
snmp-server trap disable wlsxLCInserted
snmp-server trap disable wlsxLCRemoved
snmp-server trap disable wlsxLicenseExpiry
snmp-server trap disable wlsxLowMemory
snmp-server trap disable wlsxLowOnFlash1Space
snmp-server trap disable wlsxLowOnFlashSpace
snmp-server trap disable wlsxNAceUsageThreshold
snmp-server trap disable wlsxNDot1xThresholdLimitHit
snmp-server trap disable wlsxNDot1xTotalLimitHit
snmp-server trap disable wlsxNFanAbsent
snmp-server trap disable wlsxNLowOnFlash1Space
snmp-server trap disable wlsxNSwitchIPv6Changed
snmp-server trap disable wlsxNWebCCLicenseEnforcement
snmp-server trap disable wlsxOutOfRangeTemperature
snmp-server trap disable wlsxOutOfRangeVoltage
snmp-server trap disable wlsxPhonyBSSIDDetected
snmp-server trap disable wlsxPowerSupplyFailure
snmp-server trap disable wlsxPowerSupplyMissing
snmp-server trap disable wlsxProcessDied
snmp-server trap disable wlsxProcessExceedsMemoryLimits
snmp-server trap disable wlsxSCInserted
snmp-server trap disable wlsxSignatureMatch
snmp-server trap disable wlsxStaUnAssociatedFromUnsecureAP
snmp-server trap disable wlsxSwitchIPChanged
snmp-server trap disable wlsxSwitchIPv6Changed
snmp-server trap disable wlsxSwitchRoleChange
snmp-server trap disable wlsxTHERMALSHUTDOWN
snmp-server trap disable wlsxUserAuthenticationFailed
snmp-server trap disable wlsxUserEntryAuthenticated
snmp-server trap disable wlsxUserEntryChanged
snmp-server trap disable wlsxUserEntryCreated
snmp-server trap disable wlsxUserEntryDeAuthenticated
snmp-server trap disable wlsxUserEntryDeleted
snmp-server trap disable wlsxVrrpStateChange
snmp-server trap disable wlsxWebCCLicenseEnforcement
firewall-visibility
process monitor log
process monitor log
lc-cluster group-membership "Cluster1"
lc-cluster exclude-vlan "1,1024"
ip probe default
mode ping
frequency 10
retries 3
burst-size 5
!
ip probe health-check
mode ping
frequency 10
retries 3
burst-size 5
!
ip probe data-vpnc
mode udp
frequency 10
retries 3
burst-size 5
jitter
!
end
Reference in New Issue View Git Blame Copy Permalink