From 14a10c1de87800be3b1e43c49473608a83a0caf3 Mon Sep 17 00:00:00 2001 From: John Poland Date: Mon, 7 Apr 2025 20:08:20 -0400 Subject: [PATCH] wlc/wlc-a.cfg Mon Apr 7 08:08:20 PM EDT 2025 --- configs/wlc/wlc-a.cfg | 3925 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 3925 insertions(+) create mode 100644 configs/wlc/wlc-a.cfg diff --git a/configs/wlc/wlc-a.cfg b/configs/wlc/wlc-a.cfg new file mode 100644 index 0000000..8e7bcba --- /dev/null +++ b/configs/wlc/wlc-a.cfg @@ -0,0 +1,3925 @@ +show running + Building Configuration... + +version 8.10 +hostname "noc-aruba-wlc-a" +clock timezone America/New_York -04 0 +! +conductorip 10.1.35.33 ipsec ****** interface vlan 35 +location "Building1.floor1" +controller config 625 +crypto-local pki ServerCert scsd_full_wc3 StarCert-Ex03_26_fullchain.pfx +crypto-local pki ServerCert scsd_full_wc_2025 Star-Exp042025-fullchain.pfx +crypto-local pki ServerCert scsd_full_wc_2026 StarCert-Ex03_26_fullchain.pfx +crypto-local pki ServerCert scsd_wc3_2026 StarCert-Expire03202026.pfx +crypto-local pki ServerCert scsd_wc_2025 StartCert-Expire042025.pfx +crypto-local pki ServerCert scsd_wc_2026 StarCert-Expire03202026.pfx +crypto-local pki ServerCert scsd_wc_full_2025 Star-Exp042025-fullchain.pfx +crypto-local pki PublicCert master-ssh-pub-cert master-ssh-pub-cert +ip nat pool localip 0.0.0.0 0.0.0.0 +ip nat pool dynamic-srcnat 0.0.0.0 0.0.0.0 +ip access-list geolocation global-geolocation-acl +! +ip access-list eth validuserethacl + permit any +! +netservice svc-dhcp udp 67 68 ALG dhcp +netservice svc-ipp-tcp tcp 631 +netservice svc-citrix tcp 2598 +netservice svc-pcoip-udp udp 50002 +netservice svc-tftp udp 69 ALG tftp +netservice svc-netbios-ssn tcp 139 +netservice svc-papi udp 8211 +netservice svc-natt udp 4500 +netservice svc-ica tcp 1494 +netservice svc-facetime-tcp tcp 5223 ALG facetime +netservice svc-msrpc-udp udp 135 139 +netservice svc-lpd tcp 515 +netservice svc-msrpc-tcp tcp 135 139 +netservice svc-microsoft-ds tcp 445 +netservice svc-smtp tcp 25 +netservice svc-syslog udp 514 +netservice svc-http-proxy2 tcp 8080 +netservice svc-cfgm-tcp tcp 8211 +netservice vnc tcp 5900 5905 +netservice svc-telnet tcp 23 +netservice svc-http tcp 80 +netservice svc-h323-udp udp 1718 1719 ALG h323 +netservice svc-bootp udp 67 69 +netservice svc-web tcp list "80 443" +netservice svc-sccp tcp 2000 ALG sccp +netservice svc-ipp-udp udp 631 +netservice svc-vmware-rdp tcp 3389 +netservice svc-vocera udp 5002 ALG vocera +netservice svc-esp 50 +netservice svc-noe-oxo udp 5000 ALG noe +netservice svc-http-proxy1 tcp 3128 +netservice svc-sec-papi udp 8209 +netservice svc-gre 47 +netservice svc-rtsp tcp 554 ALG rtsp +netservice svc-l2tp udp 1701 +netservice svc-svp 119 ALG svp +netservice svc-sip-tcp tcp 5060 ALG sip +netservice svc-snmp udp 161 +netservice svc-pptp tcp 1723 +netservice svc-icmp 1 +netservice svc-smb-tcp tcp 445 +netservice svc-pcoip2-tcp tcp 4172 +netservice svc-ssh tcp 22 +netservice svc-v6-icmp 58 +netservice svc-h323-tcp tcp 1720 ALG h323 +netservice svc-ntp udp 123 +netservice svc-pop3 tcp 110 +netservice svc-adp udp 8200 +netservice svc-netbios-ns udp 137 +netservice svc-dns udp 53 ALG dns +netservice svc-v6-dhcp udp 546 547 +netservice svc-netbios-dgm udp 138 +netservice svc-http-proxy3 tcp 8888 +netservice svc-sip-udp udp 5060 ALG sip +netservice svc-kerberos udp 88 +netservice svc-sips tcp 5061 ALG sips +netservice svc-nterm tcp 1026 1028 +netservice svc-snmp-trap udp 162 +netservice svc-pcoip2-udp udp 4172 +netservice svc-pcoip-tcp tcp 50002 +netservice svc-ike udp 500 +netservice svc-noe udp 32512 ALG noe +netservice svc-ftp tcp 21 ALG ftp +netservice svc-https tcp 443 +netservice svc-smb-udp udp 445 +netdestination6 ipv6-reserved-range + invert + network 2000::/3 +! +netdestination scsd_vendor_cppm_prof + name visitor.scsd.us + name noc-cp-a.scsd.us + name noc-cp-b.scsd.us +! +netdestination vendor_cppm_prof + name visitor.scsd.us +! +netdestination wificalling-block + name pub.3gppnetwork.org + name vowifi.com +! +netdestination captiveportal_cppm_prof + name visitor.scsd.us +! +netexthdr default +! +time-range periodic working-hours + Weekday 08:00 to 18:00 +! +time-range periodic night-hours + Weekday 18:01 to 23:59 + Weekday 00:00 to 07:59 +! +ip access-list session apprf-switch-logon-sacl +! +ip access-list session svp-acl + any any svc-svp permit queue high + user host 224.0.1.116 any permit +! +ip access-list session apprf-stateful-dot1x-sacl +! +ip access-list session apprf-voice-sacl +! +ip access-list session logon-control + user any udp 68 deny + any any svc-icmp permit + any any svc-dns permit + any any svc-dhcp permit + any any svc-natt permit + any network 169.254.0.0 255.255.0.0 any deny + any network 240.0.0.0 240.0.0.0 any deny +! +ip access-list session apprf-default-vpn-role-sacl +! +ip access-list session apprf-deny_internal_byod-sacl +! +ip access-list session ap-uplink-acl + any any udp 68 permit + any any svc-icmp permit + any host 224.0.0.251 udp 5353 permit + ipv6 any any udp 546 permit + ipv6 any any svc-v6-icmp permit + ipv6 any host ff02::fb udp 5353 permit +! +ip access-list session visitor_wireless_printers + any any any permit +! +ip access-list session icmp-acl + any any svc-icmp permit +! +ip access-list session v6-logon-control + ipv6 user any udp 546 deny + ipv6 any any svc-v6-icmp permit + ipv6 any any svc-v6-dhcp permit + ipv6 any any svc-dns permit + ipv6 any network fc00::/7 any permit + ipv6 any network fe80::/64 any permit + ipv6 any alias ipv6-reserved-range any deny +! +ip access-list session http-acl + any any svc-http permit +! +ip access-list session vocera-acl + any any svc-vocera permit queue high +! +ip access-list session v6-http-acl + ipv6 any any svc-http permit +! +ip access-list session apprf-machine_scsd-sacl +! +ip access-list session staff_byod + any network 192.168.0.0 255.255.0.0 any deny + any any tcp 3389 deny + any any any permit +! +ip access-list session sip-acl + any any svc-sip-udp permit queue high + any any svc-sip-tcp permit queue high +! +ip access-list session citrix-acl + any any svc-citrix permit tos 46 dot1p-priority 6 + any any svc-ica permit tos 46 dot1p-priority 6 +! +ip access-list session it_staff_scsd + any any any permit +! +ip access-list session vmware-acl + any any svc-vmware-rdp permit tos 46 dot1p-priority 6 + any any svc-pcoip-tcp permit tos 46 dot1p-priority 6 + any any svc-pcoip-udp permit tos 46 dot1p-priority 6 + any any svc-pcoip2-tcp permit tos 46 dot1p-priority 6 + any any svc-pcoip2-udp permit tos 46 dot1p-priority 6 +! +ip access-list session tftp-acl + any any svc-tftp permit +! +ip access-list session student_scsd + any network 192.168.0.0 255.255.0.0 any deny + any network 10.0.0.0 255.0.0.0 tcp 22 23 deny + any any tcp 3389 deny + any any any permit +! +ip access-list session ra-guard + ipv6 user any icmpv6 rtr-adv deny +! +ip access-list session apprf-time_clock-sacl +! +ip access-list session student_byod + any any udp 53 permit + any any udp 67 68 permit + any any tcp 80 permit + any any tcp 443 permit + any network 10.100.0.0 255.255.0.0 any permit + any any any deny +! +ip access-list session voip-applications-acl + any any app alg-skype4b-audio permit + any any app alg-skype4b-video permit + any any app alg-skype4b-desktop-sharing permit + any any app alg-skype4b-app-sharing permit + any any app alg-sip-audio permit + any any app alg-sip-video permit + any any app alg-sccp permit + any any app alg-vocera permit + any any app alg-noe permit + any any app alg-h323 permit + any any app alg-jabber-audio permit + any any app alg-jabber-video permit + any any app alg-jabber-desktop-sharing permit + any any app alg-facetime permit + any any app alg-wifi-calling permit + any any app alg-webrtc-audio permit + any any app alg-webrtc-video permit + any any app alg-teams-audio permit + any any app alg-teams-video permit + any any app alg-rtp permit +! +ip access-list session srcnat + user any any src-nat +! +ip access-list session apprf-visitor_wireless_printers-sacl +! +ip access-list session global-sacl +! +ip access-list session v6-dhcp-acl + ipv6 any any svc-v6-dhcp permit +! +ip access-list session jabber-acl + any any tcp 5222 permit + any any tcp 8443 permit +! +ip access-list session wan-uplink-protect-acl + any any sys-svc-dhcp permit + ipv6 any any sys-svc-v6-dhcp permit + any any sys-svc-esp permit + any any sys-svc-natt permit + any any sys-svc-ike permit + any any sys-svc-icmp permit + ipv6 any any sys-svc-icmp6 permit +! +ip access-list session stateful-dot1x + any any svc-dns permit + any any svc-dhcp permit +! +ip access-list session cplogout + user alias controller svc-https dst-nat 8081 +! +ip access-list session scsd-dns-10 + any network 10.0.0.0 255.0.0.0 udp 53 permit +! +ip access-list session apprf-visitor_byod-sacl +! +ip access-list session wificalling-acl + any any tcp 443 permit +! +ip access-list session apprf-authenticated-sacl +! +ip access-list session apprf-logon-sacl +! +ip access-list session staff_scsd + any network 192.168.0.0 255.255.0.0 any deny + any network 10.0.0.0 255.0.0.0 tcp 22 23 deny + any any any permit +! +ip access-list session apprf-guest-logon-sacl +! +ip access-list session vpnlogon + user any svc-ike permit + user any svc-esp permit + any any svc-l2tp permit + any any svc-pptp permit + any any svc-gre permit +! +ip access-list session allow-diskservices + any any svc-netbios-dgm permit + any any svc-netbios-ssn permit + any any svc-microsoft-ds permit + any any svc-netbios-ns permit +! +ip access-list session v6-control + ipv6 user any udp 546 deny + ipv6 any any svc-v6-icmp permit + ipv6 any any svc-dns permit + ipv6 any any svc-papi permit + ipv6 any any svc-sec-papi permit + ipv6 any any svc-cfgm-tcp permit + ipv6 any any svc-adp permit + ipv6 any any svc-tftp permit + ipv6 any any svc-v6-dhcp permit + ipv6 any any svc-natt permit + ipv6 any any svc-dhcp permit +! +ip access-list session apprf-staff_byod-sacl +! +ip access-list session apprf-vendor-guest-logon-sacl +! +ip access-list session apprf-sys-switch-role-sacl +! +ip access-list session machine_scsd + any host 10.1.48.120 any permit + any host 10.1.40.10 any permit + any host 10.1.9.102 any permit + any host 10.21.48.242 any permit + any host 10.21.48.243 any permit + any host 10.1.48.200 any permit + any host 10.1.48.71 any permit + any any udp 67 68 permit +! +ip access-list session apprf-guest-sacl +! +ip access-list session visitor_byod + any network 192.168.0.0 255.255.0.0 any deny + any any udp 53 permit + any any udp 67 68 permit + any network 10.100.0.0 255.254.0.0 any permit + any network 10.1.9.0 255.255.255.0 tcp 80 permit + any network 10.0.0.0 255.0.0.0 any deny + any any any permit +! +ip access-list session v6-ap-acl + ipv6 any any svc-gre permit + ipv6 any any svc-syslog permit + ipv6 any user svc-snmp permit + ipv6 user any svc-snmp-trap permit + ipv6 user any svc-ntp permit + ipv6 user any svc-ftp permit +! +ip access-list session wificalling-block + any alias wificalling-block any deny +! +ip access-list session apprf-default-via-role-sacl +! +ip access-list session v6-allowall + ipv6 any any any permit +! +ip access-list session apprf-default-iap-user-role-sacl +! +ip access-list session v6-icmp-acl + ipv6 any any svc-v6-icmp permit +! +ip access-list session validuser + network 127.0.0.0 255.0.0.0 any any deny + network 169.254.0.0 255.255.0.0 any any deny + network 224.0.0.0 240.0.0.0 any any deny + host 255.255.255.255 any any deny + network 240.0.0.0 240.0.0.0 any any deny + any any any permit + ipv6 host fe80:: any any deny + ipv6 network fc00::/7 any any permit + ipv6 network fe80::/64 any any permit + ipv6 alias ipv6-reserved-range any any deny + ipv6 any any any permit +! +ip access-list session v6-dns-acl + ipv6 any any svc-dns permit +! +ip access-list session skype4b-acl + any any svc-sips permit + any any svc-https permit +! +ip access-list session captiveportal + user alias controller svc-https dst-nat 8081 + user any svc-http dst-nat 8080 + user any svc-https dst-nat 8081 + user any svc-http-proxy1 dst-nat 8088 + user any svc-http-proxy2 dst-nat 8088 + user any svc-http-proxy3 dst-nat 8088 +! +ip access-list session h323-acl + any any svc-h323-tcp permit queue high + any any svc-h323-udp permit queue high +! +ip access-list session allowall + any any any permit + ipv6 any any any permit +! +ip access-list session v6-https-acl + ipv6 any any svc-https permit +! +ip access-list session apprf-sys-ap-role-sacl +! +ip access-list session scsd_test-guest-logon +! +ip access-list session logon-control-bridge + user any udp 68 deny + any any svc-icmp src-nat + any any svc-dns src-nat + any any svc-dhcp permit + any network 169.254.0.0 255.255.0.0 any deny + any network 240.0.0.0 240.0.0.0 any deny +! +ip access-list session dhcp-acl + any any svc-dhcp permit +! +ip access-list session facetime-acl + any any svc-facetime-tcp permit queue high + any any udp 3478 3497 permit + any any udp 16384 16387 permit + any any udp 16393 16402 permit +! +ip access-list session allow-printservices + any any svc-lpd permit + any any svc-ipp-tcp permit + any any svc-ipp-udp permit +! +ip access-list session apprf-it_staff_scsd-sacl +! +ip access-list session skinny-acl + any any svc-sccp permit queue high +! +ip access-list session https-acl + any any svc-https permit +! +ip access-list session apprf-student_scsd-sacl +! +ip access-list session ap-acl + any any svc-gre permit + any any svc-syslog permit + any user svc-snmp permit + user any svc-snmp-trap permit + user any svc-ntp permit + user any svc-ftp permit + user any svc-telnet deny +! +ip access-list session apprf-ap-role-sacl +! +ip access-list session deny_internal_byod + any any udp 53 permit + any any udp 67 68 permit + any network 10.1.40.0 255.255.255.0 tcp 443 permit + any network 10.1.40.0 255.255.255.0 tcp 80 permit + any network 10.251.1.0 255.255.255.224 any permit + any network 10.0.0.0 255.0.0.0 any deny + any any any permit + any network 192.168.0.0 255.255.0.0 any deny +! +ip access-list session captiveportalbridge + user alias localip svc-https dual-nat pool localip 8081 + user any svc-http dual-nat pool localip 8080 + user any svc-https dual-nat pool localip 8081 + user any svc-http-proxy1 dual-nat pool localip 8088 + user any svc-http-proxy2 dual-nat pool localip 8088 + user any svc-http-proxy3 dual-nat pool localip 8088 +! +ip access-list session captiveportal6 + ipv6 user alias controller6 svc-https captive + ipv6 user any svc-http captive + ipv6 user any svc-https captive + ipv6 user any svc-http-proxy1 captive + ipv6 user any svc-http-proxy2 captive + ipv6 user any svc-http-proxy3 captive +! +ip access-list session time_clock + any host 10.1.40.15 any permit + any host 10.1.1.1 udp 123 permit + any host 10.1.1.2 udp 123 permit +! +ip access-list session control + user any udp 68 deny + any any svc-icmp permit + any any svc-dns permit + any any svc-papi permit + any any svc-sec-papi permit + any any svc-cfgm-tcp permit + any any svc-adp permit + any any svc-tftp permit + any any svc-dhcp permit + any any svc-natt permit + any any tcp 6633 permit +! +ip access-list session apprf-student_byod-sacl +! +ip access-list session apprf-staff_scsd-sacl +! +ip access-list session apprf-scsd_test_role-sacl +! +ip access-list session noe-acl + any any svc-noe permit queue high +! +ip access-list session dns-acl + any any svc-dns permit +! +ip access-list session apprf-scsd_vendor-guest-logon-sacl +! +ip access-list route master-boc-traffic +! +ip access-list route uplink-lb-cfg-racl +! +vpn-dialer default-dialer + ike authentication pre-share ****** +! +user-role default-via-role + access-list session global-sacl + access-list session apprf-default-via-role-sacl + access-list session allowall + access-list session v6-allowall +! +user-role sys-switch-role +! +user-role ap-role + no openflow-enable + access-list session ra-guard + access-list session control + access-list session ap-acl + access-list session v6-control + access-list session v6-ap-acl +! +user-role VISITOR_WIRELESS_PRINTERS + access-list session global-sacl + access-list session apprf-visitor_wireless_printers-sacl + access-list session visitor_wireless_printers +! +user-role switch-logon +! +user-role Staff_BYOD + access-list session global-sacl + access-list session apprf-staff_byod-sacl +! +user-role IT_Staff_SCSD + access-list session global-sacl + access-list session apprf-it_staff_scsd-sacl + access-list session it_staff_scsd +! +user-role Vendor-guest-logon + captive-portal "Vendor_cppm_prof" + access-list session global-sacl + access-list session apprf-vendor-guest-logon-sacl + access-list session logon-control + access-list session captiveportal + access-list session v6-logon-control + access-list session captiveportal6 +! +user-role Student_SCSD + access-list session global-sacl + access-list session apprf-student_scsd-sacl + access-list session student_scsd +! +user-role Student_BYOD + access-list session global-sacl + access-list session apprf-student_byod-sacl + access-list session student_byod +! +user-role sys-ap-role + no openflow-enable +! +user-role stateful-dot1x + access-list session global-sacl + access-list session apprf-stateful-dot1x-sacl +! +user-role guest-logon + captive-portal "default" + access-list session ra-guard + access-list session logon-control + access-list session captiveportal + access-list session v6-logon-control + access-list session captiveportal6 +! +user-role SCSD_Vendor-guest-logon + captive-portal "SCSD_Vendor_cppm_prof" + access-list session global-sacl + access-list session apprf-scsd_vendor-guest-logon-sacl + access-list session logon-control + access-list session captiveportal + access-list session v6-logon-control + access-list session captiveportal6 +! +user-role voice + access-list session global-sacl + access-list session apprf-voice-sacl + access-list session ra-guard + access-list session sip-acl + access-list session noe-acl + access-list session svp-acl + access-list session vocera-acl + access-list session skinny-acl + access-list session h323-acl + access-list session dhcp-acl + access-list session tftp-acl + access-list session dns-acl + access-list session icmp-acl + access-list session http-acl + access-list session https-acl + access-list session skype4b-acl + access-list session facetime-acl + access-list session jabber-acl + access-list session wificalling-acl + access-list session voip-applications-acl +! +user-role Staff_SCSD + access-list session global-sacl + access-list session apprf-staff_scsd-sacl + access-list session staff_scsd +! +user-role default-vpn-role + access-list session global-sacl + access-list session apprf-default-vpn-role-sacl + access-list session ra-guard + access-list session allowall + access-list session v6-allowall +! +user-role SCSD_Test_role + captive-portal "SCSD_Vendor_cppm_prof-test" + access-list session global-sacl + access-list session apprf-scsd_test_role-sacl + access-list session logon-control + access-list session captiveportal +! +user-role Machine_SCSD + access-list session global-sacl + access-list session apprf-machine_scsd-sacl + access-list session machine_scsd +! +user-role logon + access-list session ra-guard + access-list session logon-control + access-list session captiveportal + access-list session vpnlogon + access-list session v6-logon-control + access-list session captiveportal6 +! +user-role Visitor_BYOD + vlan 100 + access-list session global-sacl + access-list session apprf-visitor_byod-sacl + access-list session visitor_byod +! +user-role authenticated + access-list session global-sacl + access-list session apprf-authenticated-sacl + access-list session ra-guard + access-list session allowall + access-list session v6-allowall +! +user-role DENY_INTERNAL_BYOD + access-list session global-sacl + access-list session apprf-deny_internal_byod-sacl + access-list session deny_internal_byod +! +user-role Time_Clock + access-list session global-sacl + access-list session apprf-time_clock-sacl + access-list session scsd-dns-10 + access-list session dhcp-acl + access-list session time_clock +! +user-role denyall +! +user-role guest + vlan 100 + access-list session global-sacl + access-list session apprf-guest-sacl + access-list session ra-guard + access-list session http-acl + access-list session https-acl + access-list session dhcp-acl + access-list session icmp-acl + access-list session dns-acl + access-list session v6-http-acl + access-list session v6-https-acl + access-list session v6-dhcp-acl + access-list session v6-icmp-acl + access-list session v6-dns-acl +! +user-role default-iap-user-role + access-list session allowall +! +! +aaa tacacs-accounting + + +controller-ip vlan 35 +kernel coredump +no kernel printk +interface mgmt + shutdown +! + +vlan 1 +! +vlan 10 +! +vlan 35 +! +vlan 100 +! +vlan 160 +! +vlan 164 +! +vlan 302 +! +vlan 303 +! +vlan 304 +! +vlan 306 +! +vlan 307 +! +vlan 308 +! +vlan 309 +! +vlan 310 +! +vlan 313 +! +vlan 314 +! +vlan 315 +! +vlan 316 +! +vlan 320 +! +vlan 321 +! +vlan 322 +! +vlan 323 +! +vlan 324 +! +vlan 325 +! +vlan 327 +! +vlan 328 +! +vlan 329 +! +vlan 330 +! +vlan 333 +! +vlan 334 +! +vlan 336 +! +vlan 337 +! +vlan 340 +! +vlan 341 +! +vlan 342 +! +vlan 344 +! +vlan 345 +! +vlan 346 +! +vlan 347 +! +vlan 348 +! +vlan 349 +! +vlan 351 +! +vlan 353 +! +vlan 354 +! +vlan 355 +! +vlan 356 +! +vlan 357 +! +vlan 360 +! +vlan 366 +! +vlan 386 +! +vlan 402 +! +vlan 403 +! +vlan 404 +! +vlan 406 +! +vlan 407 +! +vlan 408 +! +vlan 409 +! +vlan 410 +! +vlan 413 +! +vlan 414 +! +vlan 415 +! +vlan 416 +! +vlan 420 +! +vlan 421 +! +vlan 422 +! +vlan 423 +! +vlan 424 +! +vlan 425 +! +vlan 427 +! +vlan 428 +! +vlan 429 +! +vlan 430 +! +vlan 433 +! +vlan 434 +! +vlan 436 +! +vlan 437 +! +vlan 440 +! +vlan 441 +! +vlan 442 +! +vlan 444 +! +vlan 445 +! +vlan 446 +! +vlan 447 +! +vlan 448 +! +vlan 449 +! +vlan 451 +! +vlan 453 +! +vlan 454 +! +vlan 455 +! +vlan 456 +! +vlan 457 +! +vlan 460 +! +vlan 466 +! +vlan 486 +! +vlan 1024 +! + +vlan-name CaptivePortal +vlan CaptivePortal 1024 +vlan-name Intune +vlan Intune 164 +vlan-name Secure-02-ITC +vlan Secure-02-ITC 302 +vlan-name Secure-03-Fowler +vlan Secure-03-Fowler 303 +vlan-name Secure-04-Nottingham +vlan Secure-04-Nottingham 304 +vlan-name Secure-06-Henninger +vlan Secure-06-Henninger 306 +vlan-name Secure-07-Corcoran +vlan Secure-07-Corcoran 307 +vlan-name Secure-08-Clary +vlan Secure-08-Clary 308 +vlan-name Secure-09-Grant +vlan Secure-09-Grant 309 +vlan-name Secure-10-Levy +vlan Secure-10-Levy 310 +vlan-name Secure-13-Lincoln +vlan Secure-13-Lincoln 313 +vlan-name Secure-14-Shea +vlan Secure-14-Shea 314 +vlan-name Secure-15-HWSmith +vlan Secure-15-HWSmith 315 +vlan-name Secure-16-Bellevue +vlan Secure-16-Bellevue 316 +vlan-name Secure-20-DrKing +vlan Secure-20-DrKing 320 +vlan-name Secure-21-Brighton +vlan Secure-21-Brighton 321 +vlan-name Secure-22-Delaware +vlan Secure-22-Delaware 322 +vlan-name Secure-23-Elmwood +vlan Secure-23-Elmwood 323 +vlan-name Secure-24-Franklin +vlan Secure-24-Franklin 324 +vlan-name Secure-25-Frazer +vlan Secure-25-Frazer 325 +vlan-name Secure-27-Elmcrest +vlan Secure-27-Elmcrest 327 +vlan-name Secure-28-Latin +vlan Secure-28-Latin 328 +vlan-name Secure-29-Huntington +vlan Secure-29-Huntington 329 +vlan-name Secure-30-SalemHyde +vlan Secure-30-SalemHyde 330 +vlan-name Secure-33-Lemoyne +vlan Secure-33-Lemoyne 333 +vlan-name Secure-34-Weeks +vlan Secure-34-Weeks 334 +vlan-name Secure-36-McKinley +vlan Secure-36-McKinley 336 +vlan-name Secure-37-Meachem +vlan Secure-37-Meachem 337 +vlan-name Secure-40-Porter +vlan Secure-40-Porter 340 +vlan-name Secure-41-Bova +vlan Secure-41-Bova 341 +vlan-name Secure-42-Roberts +vlan Secure-42-Roberts 342 +vlan-name Secure-44-Seymore +vlan Secure-44-Seymore 344 +vlan-name Secure-45-EdSmith +vlan Secure-45-EdSmith 345 +vlan-name Secure-46-Brighton466 +vlan Secure-46-Brighton466 346 +vlan-name Secure-47-ELMS +vlan Secure-47-ELMS 347 +vlan-name Secure-48-Beard +vlan Secure-48-Beard 348 +vlan-name Secure-49-VanDuyn +vlan Secure-49-VanDuyn 349 +vlan-name Secure-51-Webster +vlan Secure-51-Webster 351 +vlan-name Secure-53-Blodgett +vlan Secure-53-Blodgett 353 +vlan-name Secure-54-JVC +vlan Secure-54-JVC 354 +vlan-name Secure-55-CO +vlan Secure-55-CO 355 +vlan-name Secure-56-SSC +vlan Secure-56-SSC 356 +vlan-name Secure-57-Transportation +vlan Secure-57-Transportation 357 +vlan-name Secure-60-RockWest +vlan Secure-60-RockWest 360 +vlan-name Secure-66-ENL +vlan Secure-66-ENL 366 +vlan-name Secure-86-StLucy +vlan Secure-86-StLucy 386 +vlan-name Vendor-02-ITC +vlan Vendor-02-ITC 402 +vlan-name Vendor-03-Fowler +vlan Vendor-03-Fowler 403 +vlan-name Vendor-04-Nottingham +vlan Vendor-04-Nottingham 404 +vlan-name Vendor-06-Henninger +vlan Vendor-06-Henninger 406 +vlan-name Vendor-07-Corcoran +vlan Vendor-07-Corcoran 407 +vlan-name Vendor-08-Clary +vlan Vendor-08-Clary 408 +vlan-name Vendor-09-Grant +vlan Vendor-09-Grant 409 +vlan-name Vendor-10-Levy +vlan Vendor-10-Levy 410 +vlan-name Vendor-13-Lincoln +vlan Vendor-13-Lincoln 413 +vlan-name Vendor-14-Shea +vlan Vendor-14-Shea 414 +vlan-name Vendor-15-HWSmith +vlan Vendor-15-HWSmith 415 +vlan-name Vendor-16-Bellevue +vlan Vendor-16-Bellevue 416 +vlan-name Vendor-20-DrKing +vlan Vendor-20-DrKing 420 +vlan-name Vendor-21-Brighton +vlan Vendor-21-Brighton 421 +vlan-name Vendor-22-Delaware +vlan Vendor-22-Delaware 422 +vlan-name Vendor-23-Elmwood +vlan Vendor-23-Elmwood 423 +vlan-name Vendor-24-Franklin +vlan Vendor-24-Franklin 424 +vlan-name Vendor-25-Frazer +vlan Vendor-25-Frazer 425 +vlan-name Vendor-27-Elmcrest +vlan Vendor-27-Elmcrest 427 +vlan-name Vendor-28-Latin +vlan Vendor-28-Latin 428 +vlan-name Vendor-29-Huntington +vlan Vendor-29-Huntington 429 +vlan-name Vendor-30-SalemHyde +vlan Vendor-30-SalemHyde 430 +vlan-name Vendor-33-Lemoyne +vlan Vendor-33-Lemoyne 433 +vlan-name Vendor-34-Weeks +vlan Vendor-34-Weeks 434 +vlan-name Vendor-36-McKinley +vlan Vendor-36-McKinley 436 +vlan-name Vendor-37-Meachem +vlan Vendor-37-Meachem 437 +vlan-name Vendor-40-Porter +vlan Vendor-40-Porter 440 +vlan-name Vendor-41-Bova +vlan Vendor-41-Bova 441 +vlan-name Vendor-42-Roberts +vlan Vendor-42-Roberts 442 +vlan-name Vendor-44-Seymore +vlan Vendor-44-Seymore 444 +vlan-name Vendor-45-EdSmith +vlan Vendor-45-EdSmith 445 +vlan-name Vendor-46-Brighton466 +vlan Vendor-46-Brighton466 446 +vlan-name Vendor-47-ELMS +vlan Vendor-47-ELMS 447 +vlan-name Vendor-48-Beard +vlan Vendor-48-Beard 448 +vlan-name Vendor-49-VanDuyn +vlan Vendor-49-VanDuyn 449 +vlan-name Vendor-51-Webster +vlan Vendor-51-Webster 451 +vlan-name Vendor-53-Blodgett +vlan Vendor-53-Blodgett 453 +vlan-name Vendor-54-JVC +vlan Vendor-54-JVC 454 +vlan-name Vendor-55-CO +vlan Vendor-55-CO 455 +vlan-name Vendor-56-SSC +vlan Vendor-56-SSC 456 +vlan-name Vendor-57-Transportation +vlan Vendor-57-Transportation 457 +vlan-name Vendor-60-RockWest +vlan Vendor-60-RockWest 460 +vlan-name Vendor-66-ENL +vlan Vendor-66-ENL 466 +vlan-name Vendor-86-StLucy +vlan Vendor-86-StLucy 486 +vlan-name VLAN10 +vlan VLAN10 10 +vlan-name VLAN100 +vlan VLAN100 100 +vlan-name VLAN160 +vlan VLAN160 160 + + +interface gigabitethernet 0/0/0 + no poe + switchport mode access + switchport access vlan 1 + switchport trunk allowed vlan 1-4094 +! + +interface gigabitethernet 0/0/1 + trusted + trusted vlan 1-4094 + no poe + switchport mode trunk + switchport trunk native vlan 35 + switchport trunk allowed vlan 1-4094 +! + +interface gigabitethernet 0/0/2 + description "GE0/0/2" + trusted + trusted vlan 1-4094 + no poe + switchport mode trunk + switchport trunk native vlan 1 + switchport trunk allowed vlan 1-4094 + lacp group 0 mode active +! + +interface gigabitethernet 0/0/3 + description "GE0/0/3" + trusted + trusted vlan 1-4094 + no poe + switchport mode trunk + switchport trunk native vlan 1 + switchport trunk allowed vlan 1-4094 + lacp group 0 mode active + lldp transmit + lldp receive +! + +interface gigabitethernet 0/0/4 + no poe + switchport mode access + switchport access vlan 1 + switchport trunk allowed vlan 1-4094 +! + +interface gigabitethernet 0/0/5 + no poe + switchport mode access + switchport access vlan 1 + switchport trunk allowed vlan 1-4094 +! + +interface port-channel 0 + trusted + trusted vlan 1-4094 + switchport mode trunk + switchport trunk native vlan 1 + switchport trunk allowed vlan 1-4094 +! + +interface port-channel 1 + switchport mode access + switchport access vlan 1 + switchport trunk allowed vlan 1-4094 +! + +interface port-channel 2 + switchport mode access + switchport access vlan 1 + switchport trunk allowed vlan 1-4094 +! + +interface port-channel 3 + switchport mode access + switchport access vlan 1 + switchport trunk allowed vlan 1-4094 +! + +interface port-channel 4 + switchport mode access + switchport access vlan 1 + switchport trunk allowed vlan 1-4094 +! + +interface port-channel 5 + switchport mode access + switchport access vlan 1 + switchport trunk allowed vlan 1-4094 +! + +interface port-channel 6 + switchport mode access + switchport access vlan 1 + switchport trunk allowed vlan 1-4094 +! + +interface port-channel 7 + switchport mode access + switchport access vlan 1 + switchport trunk allowed vlan 1-4094 +! + +interface vlan 35 + ip address 10.1.35.11 255.255.255.0 +! + +interface vlan 1 +! + +interface vlan 100 + ip address 10.100.0.4 255.254.0.0 +! + +interface vlan 164 + ip address 10.164.0.4 255.254.0.0 +! + +interface vlan 302 + ip address 10.2.112.4 255.255.240.0 +! + +interface vlan 303 + ip address 10.3.112.4 255.255.240.0 +! + +interface vlan 304 + ip address 10.4.112.4 255.255.240.0 +! + +interface vlan 306 + ip address 10.6.112.4 255.255.240.0 +! + +interface vlan 307 + ip address 10.7.112.4 255.255.240.0 +! + +interface vlan 308 + ip address 10.8.112.4 255.255.240.0 +! + +interface vlan 309 + ip address 10.9.112.4 255.255.240.0 +! + +interface vlan 310 + ip address 10.10.112.4 255.255.240.0 +! + +interface vlan 313 + ip address 10.13.112.4 255.255.240.0 +! + +interface vlan 314 + ip address 10.14.112.4 255.255.240.0 +! + +interface vlan 315 + ip address 10.15.112.4 255.255.240.0 +! + +interface vlan 316 + ip address 10.16.112.4 255.255.240.0 +! + +interface vlan 320 + ip address 10.20.112.4 255.255.240.0 +! + +interface vlan 321 + ip address 10.21.112.4 255.255.240.0 +! + +interface vlan 322 + ip address 10.22.112.4 255.255.240.0 +! + +interface vlan 323 + ip address 10.23.112.4 255.255.240.0 +! + +interface vlan 324 + ip address 10.24.112.4 255.255.240.0 +! + +interface vlan 325 + ip address 10.25.112.4 255.255.240.0 +! + +interface vlan 327 + ip address 10.27.112.4 255.255.240.0 +! + +interface vlan 328 + ip address 10.28.112.4 255.255.240.0 +! + +interface vlan 329 + ip address 10.29.112.4 255.255.240.0 +! + +interface vlan 330 + ip address 10.30.112.4 255.255.240.0 +! + +interface vlan 333 + ip address 10.33.112.4 255.255.240.0 +! + +interface vlan 334 + ip address 10.34.112.4 255.255.240.0 +! + +interface vlan 336 + ip address 10.36.112.4 255.255.240.0 +! + +interface vlan 337 + ip address 10.37.112.4 255.255.240.0 +! + +interface vlan 340 + ip address 10.40.112.4 255.255.240.0 +! + +interface vlan 341 + ip address 10.41.112.4 255.255.240.0 +! + +interface vlan 342 + ip address 10.42.112.4 255.255.240.0 +! + +interface vlan 344 + ip address 10.44.112.4 255.255.240.0 +! + +interface vlan 345 + ip address 10.45.112.4 255.255.240.0 +! + +interface vlan 346 + ip address 10.46.112.4 255.255.240.0 +! + +interface vlan 347 + ip address 10.47.112.4 255.255.240.0 +! + +interface vlan 348 + ip address 10.48.112.4 255.255.240.0 +! + +interface vlan 349 + ip address 10.49.112.4 255.255.240.0 +! + +interface vlan 351 + ip address 10.51.112.4 255.255.240.0 +! + +interface vlan 353 + ip address 10.53.112.4 255.255.240.0 +! + +interface vlan 354 + ip address 10.54.112.4 255.255.240.0 +! + +interface vlan 355 + ip address 10.55.112.4 255.255.240.0 +! + +interface vlan 356 + ip address 10.56.112.4 255.255.240.0 +! + +interface vlan 357 + ip address 10.57.112.4 255.255.240.0 +! + +interface vlan 360 + ip address 10.60.112.4 255.255.240.0 +! + +interface vlan 386 + ip address 10.86.112.4 255.255.240.0 +! + +interface vlan 402 + ip address 10.2.128.4 255.255.240.0 +! + +interface vlan 403 + ip address 10.3.128.4 255.255.240.0 +! + +interface vlan 404 + ip address 10.4.128.4 255.255.240.0 +! + +interface vlan 406 + ip address 10.6.128.4 255.255.240.0 +! + +interface vlan 407 + ip address 10.7.128.4 255.255.240.0 +! + +interface vlan 408 + ip address 10.8.128.4 255.255.240.0 +! + +interface vlan 409 + ip address 10.9.128.4 255.255.240.0 +! + +interface vlan 410 + ip address 10.10.128.4 255.255.240.0 +! + +interface vlan 413 + ip address 10.13.128.4 255.255.240.0 +! + +interface vlan 414 + ip address 10.14.128.4 255.255.240.0 +! + +interface vlan 415 + ip address 10.15.128.4 255.255.240.0 +! + +interface vlan 416 + ip address 10.16.128.4 255.255.240.0 +! + +interface vlan 420 + ip address 10.20.128.4 255.255.240.0 +! + +interface vlan 421 + ip address 10.21.128.4 255.255.240.0 +! + +interface vlan 422 + ip address 10.22.128.4 255.255.240.0 +! + +interface vlan 423 + ip address 10.23.128.4 255.255.240.0 +! + +interface vlan 424 + ip address 10.24.128.4 255.255.240.0 +! + +interface vlan 425 + ip address 10.25.128.4 255.255.240.0 +! + +interface vlan 427 + ip address 10.27.128.4 255.255.240.0 +! + +interface vlan 428 + ip address 10.28.128.4 255.255.240.0 +! + +interface vlan 429 + ip address 10.29.128.4 255.255.240.0 +! + +interface vlan 430 + ip address 10.30.128.4 255.255.240.0 +! + +interface vlan 433 + ip address 10.33.128.4 255.255.240.0 +! + +interface vlan 434 + ip address 10.34.128.4 255.255.240.0 +! + +interface vlan 436 + ip address 10.36.128.4 255.255.240.0 +! + +interface vlan 437 + ip address 10.37.128.4 255.255.240.0 +! + +interface vlan 440 + ip address 10.40.128.4 255.255.240.0 +! + +interface vlan 441 + ip address 10.41.128.4 255.255.240.0 +! + +interface vlan 442 + ip address 10.42.128.4 255.255.240.0 +! + +interface vlan 444 + ip address 10.44.128.4 255.255.240.0 +! + +interface vlan 445 + ip address 10.45.128.4 255.255.240.0 +! + +interface vlan 446 + ip address 10.46.128.4 255.255.240.0 +! + +interface vlan 447 + ip address 10.47.128.4 255.255.240.0 +! + +interface vlan 448 + ip address 10.48.128.4 255.255.240.0 +! + +interface vlan 449 + ip address 10.49.128.4 255.255.240.0 +! + +interface vlan 451 + ip address 10.51.128.4 255.255.240.0 +! + +interface vlan 453 + ip address 10.53.128.4 255.255.240.0 +! + +interface vlan 454 + ip address 10.54.128.4 255.255.240.0 +! + +interface vlan 455 + ip address 10.55.128.4 255.255.240.0 +! + +interface vlan 456 + ip address 10.56.128.4 255.255.240.0 +! + +interface vlan 457 + ip address 10.57.128.4 255.255.240.0 +! + +interface vlan 460 + ip address 10.60.128.4 255.255.240.0 +! + +interface vlan 486 + ip address 10.86.128.4 255.255.240.0 +! + +interface vlan 1024 + ip address 172.17.0.1 255.255.252.0 + no suppress-arp + ip nat inside +! + +interface vlan 366 + ip address 10.66.112.4 255.255.240.0 +! + +interface vlan 466 + ip address 10.66.128.4 255.255.240.0 +! + +! +uplink health-check +! +ip default-gateway 10.1.35.1 +ip nexthop-list load-balance-gateways +! +ip nexthop-list load-balance-ipsecs +! +ip nexthop-list pan-gp-ipsec-map-list +! +ip nexthop-list traditional-ipsecs +! + +crypto isakmp policy 20 + encryption AES256 + authentication pre-share +! + +crypto isakmp policy 10001 + authentication pre-share +! + +crypto isakmp policy 10002 + encryption AES256 + authentication rsa-sig +! + +crypto isakmp policy 10003 + encryption AES256 + authentication pre-share +! + +crypto isakmp policy 10004 + version v2 + encryption AES256 + authentication rsa-sig +! + +crypto isakmp policy 10005 + encryption AES256 + authentication pre-share +! + +crypto isakmp policy 10006 + version v2 + encryption AES128 + authentication rsa-sig +! + +crypto isakmp policy 10007 + version v2 + encryption AES128 + authentication pre-share +! + +crypto isakmp policy 10008 + version v2 + encryption AES128 + hash sha2-256-128 + group 19 + authentication ecdsa-256 + prf PRF-HMAC-SHA256 +! + +crypto isakmp policy 10009 + version v2 + encryption AES256 + hash sha2-384-192 + group 20 + authentication ecdsa-384 + prf PRF-HMAC-SHA384 +! + +crypto isakmp policy 10012 + version v2 + encryption AES256 + authentication rsa-sig +! + +crypto isakmp policy 10013 + encryption AES256 + authentication pre-share +! + +crypto isakmp policy 10014 + version v2 + encryption AES256 + hash sha2-256-128 + group 14 + authentication pre-share + prf PRF-HMAC-SHA256 +! + +crypto isakmp policy 10015 + version v2 + encryption AES128 + hash sha2-256-128 + group 14 + authentication rsa-sig + prf PRF-HMAC-SHA256 +! + +crypto ipsec transform-set default-ha-transform esp-3des esp-sha-hmac +crypto ipsec transform-set default-boc-bm-transform esp-aes256 esp-sha-hmac +crypto ipsec transform-set default-1st-ikev2-transform esp-aes256 esp-sha-hmac +crypto ipsec transform-set default-3rd-ikev2-transform esp-aes128 esp-sha-hmac +crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac +crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac +crypto dynamic-map default-rap-ipsecmap 10001 + version v2 + set transform-set "default-gcm256" "default-gcm128" "default-rap-transform" +! + +crypto dynamic-map default-rap-ipsecmap-gcm 10001 + version v2 + set transform-set "default-gcm256" "default-gcm128" +! + +crypto dynamic-map default-rap-ipsecmap-aes 10001 + version v2 + set transform-set "default-rap-transform" +! + +crypto dynamic-map default-dynamicmap 10000 + set transform-set "default-transform" "default-aes" +! + +crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap +crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap +crypto-local ipsec-map default-ha-ipsecmap10.1.35.12 9999 + version v2 + set ikev2-policy 10015 + peer-ip 10.1.35.12 + src-net 10.1.35.11 255.255.255.255 + dst-net 10.1.35.12 255.255.255.255 + set transform-set "default-ha-transform" + factory-cert-auth + trusted +! + +crypto-local ipsec-map default-ha-ipsecmap10.1.35.14 9999 + version v2 + set ikev2-policy 10015 + peer-ip 10.1.35.14 + src-net 10.1.35.11 255.255.255.255 + dst-net 10.1.35.14 255.255.255.255 + set transform-set "default-ha-transform" + factory-cert-auth + trusted +! + +crypto isakmp eap-passthrough eap-tls +crypto isakmp eap-passthrough eap-peap +crypto isakmp eap-passthrough eap-mschapv2 + +vpdn group l2tp +! + +ip dhcp pool vlan_1024 + default-router 172.17.0.1 + dns-server 10.1.40.10 + network 172.17.0.0 255.255.252.0 + authoritative +! +ip dynamic-dns interval 900 +service dhcp + + + + + + +snmp-server community "mickey03" +vpdn group pptp +! + +tunneled-node-address 0.0.0.0 +ap-crash-transfer + +adp discovery enable +adp igmp-join enable +adp igmp-vlan-id 0 + +ap flush-r1-on-new-r0 disable +amon msg-buffer-size 1264 +amon udp 0 +mgmt-server primary-server 10.1.35.10 profile default-amp transport udp +mgmt-server primary-server conductor profile default-controller transport udp + + + +ssh mgmt-auth public-key +ssh mgmt-auth username/password +mgmt-user admin root ******************** +mgmt-user ssh-pubkey client-cert master-ssh-pub-cert seamless-logon read-only +mgmt-user ssh-pubkey client-cert master-ssh-pub-cert seamless-logon-w standard + +ntp + +ntp server 10.1.203.21 +ntp server 10.1.40.10 + + +no database synchronize +ip mobile domain default +! +ip mobile domain default +! + +ip igmp +! + +ipv6 mld +! + +firewall + prohibit-ip-spoofing + allow-tri-session + attack-rate grat-arp 50 drop + session-idle-timeout 16 + cp-bandwidth-contract untrusted-ucast 9765 + cp-bandwidth-contract untrusted-mcast 3906 + cp-bandwidth-contract trusted-ucast 65535 + cp-bandwidth-contract trusted-mcast 3906 + cp-bandwidth-contract route 976 + cp-bandwidth-contract sessmirr 976 + cp-bandwidth-contract vrrp 512 + cp-bandwidth-contract arp-traffic 3906 + cp-bandwidth-contract l2-other 1953 + cp-bandwidth-contract auth 976 + cp-bandwidth-contract ippkt-err 128 + amsdu + dpi +wireless-bridge-aging + session-tunnel-fib + optimize-dad-frames + deny-needfrag-df-ipsec +! +ipv6 firewall + ext-hdr-parse-len 100 + dpi-classif-cache 0 +! +! + +! +cp-bandwidth-contract cpbwc-ipv4-wms-lo pps 48000 +cp-bandwidth-contract cpbwc-ipv6-wms-lo pps 48000 +cp-bandwidth-contract cpbwc-ipv4-arm pps 48000 +cp-bandwidth-contract cpbwc-ipv6-amp pps 96000 +cp-bandwidth-contract cpbwc-ipv6-arm pps 48000 +cp-bandwidth-contract cpbwc-ipv4-amp pps 96000 + +! +firewall cp + ipv4 permit any proto 6 ports 9190 9190 + ipv6 deny any proto 0 ports 0 65535 + ipv6 permit any proto 6 ports 9190 9190 + ipv6 permit any proto 6 ports 15260 15260 +! +ip domain lookup +! +ip name-server 10.1.48.95 +ip name-server 10.21.48.10 +ip name-server 10.1.40.10 +! +country US +change-config-node / +aaa rfc-3576-server "10.1.40.116" +! +aaa rfc-3576-server "10.1.40.117" +! +aaa authentication mac "default" +! +aaa authentication dot1x "Aruba100_dot1_aut" +! +aaa authentication dot1x "default" +! +aaa authentication dot1x "default-psk" +! +aaa authentication dot1x "Intune_dot1_aut" +! +aaa authentication dot1x "LemoyneTest_dot1_aut" +! +aaa authentication dot1x "SCSD_Secure_dot1_aut" +! +aaa authentication via global-config +! +scheduler-profile "default" + queue-weights q0 0 q1 0 q2 0 q3 0 + priority-map q0 "6 7" q1 "4 5" q2 "2 3" q3 "0 1" +! +aaa authentication-server radius "NOC-CP-A" + host "10.1.40.116" + key *redacted* + timeout 10 +! +aaa authentication-server radius "NOC-CP-B" + host "10.1.40.117" + key *redacted* + timeout 10 +! +aaa server-group "CaptivePortal_dot1_svg" + auth-server NOC-CP-B position 1 + auth-server NOC-CP-A position 2 +! +aaa server-group "default" + auth-server Internal position 1 + set role condition role value-of +! +aaa server-group "internal" + auth-server Internal position 1 + set role condition Role value-of +! +aaa server-group "SCSD_Secure_dot1_svg" + auth-server NOC-CP-B position 1 + auth-server NOC-CP-A position 2 +! +aaa server-group "SCSD_Vendor_dot1_svg" + auth-server NOC-CP-A position 1 + auth-server NOC-CP-B position 2 +! +aaa server-group "Vendor_dot1_svg" + auth-server NOC-CP-A position 1 + auth-server NOC-CP-B position 2 +! +aaa profile "Aruba100_aaa_prof" + initial-role "authenticated" + authentication-dot1x "Aruba100_dot1_aut" +! +aaa profile "default" +! +aaa profile "default-dot1x" + authentication-dot1x "default" + dot1x-default-role "authenticated" +! +aaa profile "default-dot1x-psk" + authentication-dot1x "default-psk" +! +aaa profile "default-iap-aaa-profile" + initial-role "default-iap-user-role" + no wired-to-wireless-roam + no devtype-classification +! +aaa profile "default-mac-auth" + authentication-mac "default" + mac-default-role "authenticated" +! +aaa profile "default-open" +! +aaa profile "default-tunneled-user" + initial-role "guest" + no wired-to-wireless-roam +! +aaa profile "default-xml-api" +! +aaa profile "Intune_aaa_prof" + initial-role "authenticated" + authentication-dot1x "Intune_dot1_aut" +! +aaa profile "LemoyneTest_aaa_prof" + initial-role "authenticated" + authentication-dot1x "LemoyneTest_dot1_aut" +! +aaa profile "NoAuthAAAProfile" +! +aaa profile "SCSD_Secure_aaa_prof" + authentication-dot1x "SCSD_Secure_dot1_aut" + dot1x-default-role "stateful-dot1x" + dot1x-server-group "SCSD_Secure_dot1_svg" + radius-accounting "SCSD_Secure_dot1_svg" + enforce-dhcp +! +aaa profile "SCSD_Test_AAA" + initial-role "SCSD_Test_role" + authentication-mac "default" + mac-default-role "SCSD_Test_role" + mac-server-group "SCSD_Vendor_dot1_svg" + rfc-3576-server "10.1.40.116" + rfc-3576-server "10.1.40.117" +! +aaa profile "SCSD_Vendor_aaa_prof" + initial-role "SCSD_Vendor-guest-logon" + authentication-mac "default" + mac-default-role "SCSD_Vendor-guest-logon" + mac-server-group "SCSD_Vendor_dot1_svg" + l2-auth-fail-through + radius-accounting "SCSD_Vendor_dot1_svg" + radius-interim-accounting + rfc-3576-server "10.1.40.116" + rfc-3576-server "10.1.40.117" + enforce-dhcp +! +aaa profile "Vendor_aaa_prof" + initial-role "Vendor-guest-logon" + mac-default-role "Vendor-guest-logon" +! +aaa authentication captive-portal "default" +! +aaa authentication captive-portal "SCSD_Vendor_cppm_prof" + server-group "SCSD_Vendor_dot1_svg" + redirect-pause 1 + no logout-popup-window + login-page "https://visitor.scsd.us/guest/scsd_aruba_guest_login.php" + welcome-page "https://visitor.scsd.us/guest/scsd_welcome.php" + no enable-welcome-page + switchip-in-redirection-url + allow-list "scsd_vendor_cppm_prof" + redirect-url "https://visitor.scsd.us/guest/scsd_welcome.php" +! +aaa authentication captive-portal "SCSD_Vendor_cppm_prof-test" + server-group "SCSD_Vendor_dot1_svg" + login-page "https://visitor.scsd.us/guest/scsd_aruba_guest_login.php" + welcome-page "https://visitor.scsd.us/guest/scsd_welcome.php" + allow-list "scsd_vendor_cppm_prof" +! +aaa authentication captive-portal "Vendor_cppm_prof" + default-role "Vendor-guest-logon" + default-guest-role "Visitor_BYOD" + server-group "internal" + allow-list "vendor_cppm_prof" + redirect-url "http://www.syracusecityschools.com/" +! +aaa authentication wispr "default" +! +aaa authentication vpn "default" +! +aaa authentication vpn "default-cap" + default-role "sys-ap-role" + server-group "internal" +! +aaa authentication vpn "default-hp-switch" +! +aaa authentication vpn "default-iap" +! +aaa authentication vpn "default-rap" +! +aaa authentication mgmt +! +aaa authentication stateful-ntlm "default" +! +aaa authentication stateful-kerberos "default" +! +aaa authentication stateful-dot1x +! +aaa authentication via auth-profile "default" +! +aaa authentication wired +! +aaa authentication via connection-profile "default" +! +aaa authentication via web-auth "default" +! +web-server profile + cipher-suite ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA + captive-portal-cert "scsd_full_wc_2026" +! +guest-access-email + smtp-server 10.1.40.7 +! +aaa password-policy mgmt +! +control-plane-security + auto-cert-prov +! +ids management-profile +! +ids wms-general-profile +! +ids wms-local-system-profile +! +ids ap-rule-matching +! +valid-network-oui-profile +! +traceoptions +! +activate +! +file syncing profile +! +ucc skype4b +! +ucc teams +! +ucc webrtc +! +ucc custom-sip +! +ucc rtpa-config +! +ucc jabber +! +ucc sip +! +ucc h323 +! +ucc vocera +! +ucc sccp +! +ucc noe +! +ucc facetime +! +ucc ich +! +ucc session-idle-timeout +! +ucc wificalling +! +lc-cluster group-profile "Cluster1" + controller 10.1.35.11 priority 128 mcast-vlan 0 vrrp-ip 0.0.0.0 vrrp-vlan 0 group 1 rap-public-ip 0.0.0.0 + controller 10.1.35.12 priority 128 mcast-vlan 0 vrrp-ip 0.0.0.0 vrrp-vlan 0 group 1 rap-public-ip 0.0.0.0 + controller 10.1.35.14 priority 128 mcast-vlan 0 vrrp-ip 0.0.0.0 vrrp-vlan 0 group 1 rap-public-ip 0.0.0.0 + active-client-rebalance-threshold 50 + standby-client-rebalance-threshold 75 +! +upgrade-profile + serverip 10.1.7.110 + username "tmarris" + password *redacted* + protocol ftp + filepath "." +! +license-pool-profile-root +! +papi-security +! +est profile "default" +! +aruba-central +! +wlan sae-profile +! +ifmap cppm +! +pan profile "default" +! +pan-options +! +websocket clearpass +! +pan active-profile +! +openflow-profile + controller-ip "conductorip" 6633 + bind-vlan 1-4094 +! +dump-auto-uploading-profile "default" +! +ap regulatory-domain-profile "APG49VanDuyn-Outdoors_rdp_ui" + country-code US + valid-11g-channel 1 + valid-11g-channel 6 + valid-11g-channel 11 + valid-11a-channel 36 + valid-11a-channel 40 + valid-11a-channel 44 + valid-11a-channel 48 + valid-11a-channel 149 + valid-11a-channel 153 + valid-11a-channel 157 + valid-11a-channel 161 + valid-11a-channel 165 + valid-11g-40mhz-channel-pair 1-5 + valid-11g-40mhz-channel-pair 7-11 + valid-11a-40mhz-channel-pair 36-40 + valid-11a-40mhz-channel-pair 44-48 + valid-11a-40mhz-channel-pair 149-153 + valid-11a-40mhz-channel-pair 157-161 + valid-11a-80mhz-channel-group 36-48 + valid-11a-80mhz-channel-group 149-161 + valid-11a-160mhz-channel-group 36-64 +! +ap regulatory-domain-profile "APG51Webster_rdp_ui" + country-code US + valid-11g-channel 1 + valid-11g-channel 6 + valid-11g-channel 11 + valid-11a-channel 36 + valid-11a-channel 40 + valid-11a-channel 44 + valid-11a-channel 48 + valid-11a-channel 149 + valid-11a-channel 153 + valid-11a-channel 157 + valid-11a-channel 161 + valid-11a-channel 165 + valid-11g-40mhz-channel-pair 1-5 + valid-11g-40mhz-channel-pair 7-11 + valid-11a-40mhz-channel-pair 36-40 + valid-11a-40mhz-channel-pair 44-48 + valid-11a-40mhz-channel-pair 149-153 + valid-11a-40mhz-channel-pair 157-161 + valid-11a-80mhz-channel-group 36-48 + valid-11a-80mhz-channel-group 149-161 + valid-11a-160mhz-channel-group 36-64 +! +ap regulatory-domain-profile "default" + country-code US + valid-11g-channel 1 + valid-11g-channel 6 + valid-11g-channel 11 + valid-11a-channel 36 + valid-11a-channel 40 + valid-11a-channel 44 + valid-11a-channel 48 + valid-11a-channel 149 + valid-11a-channel 153 + valid-11a-channel 157 + valid-11a-channel 161 + valid-11a-channel 165 + valid-11g-40mhz-channel-pair 1-5 + valid-11g-40mhz-channel-pair 7-11 + valid-11a-40mhz-channel-pair 36-40 + valid-11a-40mhz-channel-pair 44-48 + valid-11a-40mhz-channel-pair 149-153 + valid-11a-40mhz-channel-pair 157-161 + valid-11a-80mhz-channel-group 36-48 + valid-11a-80mhz-channel-group 149-161 + valid-11a-160mhz-channel-group 36-64 +! +ap regulatory-domain-profile "default_rdp_ui" + country-code US + valid-11g-channel 1 + valid-11g-channel 6 + valid-11g-channel 11 + valid-11a-channel 36 + valid-11a-channel 40 + valid-11a-channel 44 + valid-11a-channel 48 + valid-11a-channel 149 + valid-11a-channel 153 + valid-11a-channel 157 + valid-11a-channel 161 + valid-11a-channel 165 + valid-11g-40mhz-channel-pair 1-5 + valid-11g-40mhz-channel-pair 7-11 + valid-11a-40mhz-channel-pair 36-40 + valid-11a-40mhz-channel-pair 44-48 + valid-11a-40mhz-channel-pair 149-153 + valid-11a-40mhz-channel-pair 157-161 + valid-11a-160mhz-channel-group 36-64 +! +ap regulatory-domain-profile "SCSD_rdp" + country-code US + valid-11g-channel 1 + valid-11g-channel 6 + valid-11g-channel 11 + valid-11a-channel 36 + valid-11a-channel 40 + valid-11a-channel 44 + valid-11a-channel 48 + valid-11a-channel 52 + valid-11a-channel 56 + valid-11a-channel 60 + valid-11a-channel 64 + valid-11a-channel 100 + valid-11a-channel 104 + valid-11a-channel 108 + valid-11a-channel 112 + valid-11a-channel 116 + valid-11a-channel 120 + valid-11a-channel 124 + valid-11a-channel 128 + valid-11a-channel 132 + valid-11a-channel 136 + valid-11a-channel 140 + valid-11a-channel 144 + valid-11a-channel 149 + valid-11a-channel 153 + valid-11a-channel 157 + valid-11a-channel 161 + valid-11a-channel 165 + valid-11g-40mhz-channel-pair 1-5 + valid-11g-40mhz-channel-pair 7-11 + valid-11a-40mhz-channel-pair 36-40 + valid-11a-40mhz-channel-pair 44-48 + valid-11a-40mhz-channel-pair 52-56 + valid-11a-40mhz-channel-pair 60-64 + valid-11a-40mhz-channel-pair 100-104 + valid-11a-40mhz-channel-pair 108-112 + valid-11a-40mhz-channel-pair 116-120 + valid-11a-40mhz-channel-pair 124-128 + valid-11a-40mhz-channel-pair 132-136 + valid-11a-40mhz-channel-pair 140-144 + valid-11a-40mhz-channel-pair 149-153 + valid-11a-40mhz-channel-pair 157-161 + valid-11a-80mhz-channel-group 36-48 + valid-11a-80mhz-channel-group 149-161 + valid-11a-160mhz-channel-group 36-64 +! +ap wired-ap-profile "default" +! +ap wired-ap-profile "NoAuthWiredAp" + wired-ap-enable +! +ap enet-link-profile "default" +! +ap mesh-ht-ssid-profile "default" +! +ap lldp med-network-policy-profile "default" +! +ap mesh-cluster-profile "default" +! +ap mesh-accesslist-profile "default" +! +ap wifi-uplink-profile "default" +! +ap multizone-profile "default" +! +ap usb-acl-prof "default" +! +dump-collection-profile "default" +! +ap lldp profile "default" +! +ap mesh-radio-profile "default" +! +ap usb-profile "default" +! +ap system-profile "default" + ipm-enable + ipm-power-reduction-step-prio ipm-step disable_usb priority 1 + ipm-power-reduction-step-prio ipm-step disable_alt_eth priority 2 + ipm-power-reduction-step-prio ipm-step radio_2ghz_power_3dB priority 3 + ipm-power-reduction-step-prio ipm-step radio_5ghz_power_3dB priority 4 + ap-console- password *redacted* +! +ap system-profile "NoAuthApSystem" + ap-console- password *redacted* +! +ap wired-port-profile "default" +! +ap wired-port-profile "NoAuthWiredPort" + wired-ap-profile "NoAuthWiredAp" + aaa-profile "NoAuthAAAProfile" +! +ap wired-port-profile "shutdown" + shutdown +! +gps service-profile "default" +! +ids general-profile "default" +! +ids rate-thresholds-profile "default" +! +ids rate-thresholds-profile "probe-request-response-thresholds" + channel-inc-time 30 + channel-threshold 350 + node-time-interval 10 + node-threshold 250 +! +ids signature-profile "AirJack" + frame-type beacon ssid AirJack +! +ids signature-profile "ASLEAP" + frame-type beacon ssid asleap +! +ids signature-profile "Deauth-Broadcast-From-Valid-AP" + frame-type deauth + dst-mac ff:ff:ff:ff:ff:ff + src-mac valid-ap + bssid valid-ap +! +ids signature-profile "default" +! +ids signature-profile "Disassoc-Broadcast" + frame-type disassoc + dst-mac ff:ff:ff:ff:ff:ff +! +ids signature-profile "Disassoc-Broadcast-From-Valid-AP" + frame-type disassoc + dst-mac ff:ff:ff:ff:ff:ff + src-mac valid-ap + bssid valid-ap +! +ids signature-profile "Netstumbler Generic" + payload 0x00601d 3 + payload 0x0001 6 +! +ids signature-profile "Netstumbler Version 3.3.0x" + payload 0x00601d 3 + payload 0x000102 12 +! +ids signature-profile "Null-Probe-Response" + frame-type probe-response ssid-length 0 +! +ids signature-profile "Wellenreiter" + frame-type probe-request ssid this_is_used_for_wellenreiter +! +ids impersonation-profile "default" +! +ids unauthorized-device-profile "default" +! +ids signature-matching-profile "default" + signature "Disassoc-Broadcast" +! +ids dos-profile "default" +! +ids profile "default" +! +rf dot11-60GHz-radio-profile "default" +! +wlan 6ghz-rrm-ie-profile "default" +! +rf arm-profile "arm-maintain" + no scanning +! +rf arm-profile "arm-scan" +! +rf arm-profile "default-6ghz" + 160MHz-support Auto + min-tx-power 12 + max-tx-power 18 +! +rf arm-profile "default-a" +! +rf arm-profile "default-g" +! +rf ht-radio-profile "default-6ghz" +! +rf ht-radio-profile "default-a" +! +rf ht-radio-profile "default-g" +! +rf spectrum-profile "default-6ghz" +! +rf spectrum-profile "default-a" +! +rf spectrum-profile "default-g" +! +rf optimization-profile "default" +! +rf event-thresholds-profile "default" +! +rf am-scan-profile "APG49VanDuyn-Outdoors_radio_a_ui_amscan_a_ui" +! +rf am-scan-profile "APG49VanDuyn-Outdoors_radio_g_ui_amscan_g_ui" +! +rf am-scan-profile "APG51Webster_radio_a_ui_amscan_a_ui" +! +rf am-scan-profile "APG51Webster_radio_g_ui_amscan_g_ui" +! +rf am-scan-profile "default" +! +rf am-scan-profile "default_radio_a_ui_amscan_a_ui" +! +rf am-scan-profile "default_radio_g_ui_amscan_g_ui" +! +rf am-scan-profile "rp-377-a_amscan_a_ui" +! +rf am-scan-profile "rp-377-g_amscan_g_ui" +! +rf dot11a-radio-profile "APG49VanDuyn-Outdoors_radio_a_ui" + am-scan-profile "APG49VanDuyn-Outdoors_radio_a_ui_amscan_a_ui" + max-channel-bandwidth 40MHz + eirp-min 30 + eirp-max 36 +! +rf dot11a-radio-profile "APG51Webster_radio_a_ui" + am-scan-profile "APG51Webster_radio_a_ui_amscan_a_ui" + max-channel-bandwidth 40MHz +! +rf dot11a-radio-profile "default" + max-channel-bandwidth 40MHz +! +rf dot11a-radio-profile "default_radio_a_ui" + am-scan-profile "default_radio_a_ui_amscan_a_ui" + max-channel-bandwidth 40MHz +! +rf dot11a-radio-profile "rp-377-a" + am-scan-profile "rp-377-a_amscan_a_ui" + max-channel-bandwidth 20MHz + eirp-min 30 + eirp-max 36 +! +rf dot11a-radio-profile "rp-maintain-a" + arm-profile "arm-maintain" +! +rf dot11a-radio-profile "rp-monitor-a" + mode am-mode +! +rf dot11a-radio-profile "rp-scan-a" + arm-profile "arm-scan" +! +rf dot11g-radio-profile "APG49VanDuyn-Outdoors_radio_g_ui" + am-scan-profile "APG49VanDuyn-Outdoors_radio_g_ui_amscan_g_ui" + eirp-min 28 + eirp-max 34 +! +rf dot11g-radio-profile "APG51Webster_radio_g_ui" + am-scan-profile "APG51Webster_radio_g_ui_amscan_g_ui" +! +rf dot11g-radio-profile "default" +! +rf dot11g-radio-profile "default_radio_g_ui" + am-scan-profile "default_radio_g_ui_amscan_g_ui" +! +rf dot11g-radio-profile "rp-377-g" + am-scan-profile "rp-377-g_amscan_g_ui" + eirp-min 28 + eirp-max 34 +! +rf dot11g-radio-profile "rp-maintain-g" + arm-profile "arm-maintain" +! +rf dot11g-radio-profile "rp-monitor-g" + mode am-mode +! +rf dot11g-radio-profile "rp-scan-g" + arm-profile "arm-scan" +! +rf dot11-6GHz-radio-profile "default" +! +wlan rrm-ie-profile "default" +! +wlan bcn-rpt-req-profile "default" +! +wlan dot11r-profile "default" +! +wlan tsm-req-profile "default" +! +wlan ht-ssid-profile "default" +! +wlan he-ssid-profile "default" + no high-efficiency-enable +! +wlan hotspot anqp-venue-name-profile "default" +! +wlan hotspot anqp-nwk-auth-profile "default" +! +wlan hotspot anqp-roam-cons-profile "default" +! +wlan hotspot anqp-nai-realm-profile "default" +! +wlan hotspot anqp-3gpp-nwk-profile "default" +! +wlan hotspot h2qp-operator-friendly-name-profile "default" +! +wlan hotspot h2qp-wan-metrics-profile "default" +! +wlan hotspot h2qp-conn-capability-profile "default" +! +wlan hotspot h2qp-op-cl-profile "default" +! +wlan hotspot h2qp-osu-prov-list-profile "default" +! +wlan hotspot anqp-ip-addr-avail-profile "default" +! +wlan hotspot anqp-domain-name-profile "default" +! +wlan edca-parameters-profile station "default" +! +wlan edca-parameters-profile ap "default" +! +wlan mu-edca-parameters-profile "default" +! +wlan dot11k-profile "default" +! +wlan ssid-profile "Aruba100_ssid_prof" + essid "Aruba100" + wpa-passphrase *redacted* + opmode wpa2-psk-aes +! +wlan ssid-profile "default" +! +wlan ssid-profile "Intune_ssid_prof" + essid "Intune" + wpa-passphrase *redacted* + opmode wpa2-psk-aes + a-basic-rates 24 + a-tx-rates 36 48 54 + g-basic-rates 12 + g-tx-rates 12 18 24 36 48 54 + hide-ssid +! +wlan ssid-profile "SCSD_Secure_ssid_prof" + essid "SCSD_Secure" + opmode wpa2-aes + a-basic-rates 24 + a-tx-rates 24 36 48 54 + g-basic-rates 12 18 + g-tx-rates 12 18 24 36 48 54 +! +wlan ssid-profile "SCSD_Secure_ssid_profile-Outdoors" + essid "SCSD_Secure" + opmode wpa2-aes + a-basic-rates 24 + a-tx-rates 12 18 24 36 48 54 + g-basic-rates 12 18 + g-tx-rates 12 18 24 36 48 54 +! +wlan ssid-profile "SCSD_Test" + essid "SCSD_Test" + hide-ssid +! +wlan ssid-profile "SCSD_Vendor_ssid_prof" + essid "SCSD_Vendor" +! +wlan ssid-profile "SCSD_Vendor_ssid_prof-Outdoors" + essid "SCSD_Vendor" +! +wlan ssid-profile "Vendor_ssid_prof" + essid "Vendor" +! +wlan hotspot advertisement-profile "default" +! +wlan hotspot hs2-profile "default" +! +wlan virtual-ap "APG02-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 302 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG02-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 402 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG03-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 303 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG03-SCSD_Secure-Outdoors" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 303 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_profile-Outdoors" + band-steering +! +wlan virtual-ap "APG03-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 403 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" +! +wlan virtual-ap "APG03-SCSD_Vendor-Outdoors" + vlan 403 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof-Outdoors" +! +wlan virtual-ap "APG04-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 304 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG04-SCSD_Secure-Outdoors" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 304 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_profile-Outdoors" + band-steering +! +wlan virtual-ap "APG04-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 404 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG04-SCSD_Vendor-Outdoors" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 404 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof-Outdoors" + band-steering +! +wlan virtual-ap "APG06-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 306 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG06-SCSD_Secure-Outdoors" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 306 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_profile-Outdoors" + band-steering +! +wlan virtual-ap "APG06-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 406 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG06-SCSD_Vendor-Outdoors" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 406 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof-Outdoors" + band-steering +! +wlan virtual-ap "APG07-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 307 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG07-SCSD_Secure-Outdoors" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 307 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_profile-Outdoors" + band-steering +! +wlan virtual-ap "APG07-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 407 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG07-SCSD_Vendor-Outdoors" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 407 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof-Outdoors" + band-steering +! +wlan virtual-ap "APG08-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 308 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG08-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 408 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG09-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 309 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG09-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 409 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG10-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 310 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG10-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 410 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG13-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 313 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG13-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 413 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG14-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 314 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG14-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 414 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG15-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 315 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG15-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 415 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG16-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 316 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG16-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 416 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG20-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 320 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG20-SCSD_Secure-Outdoors" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 320 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_profile-Outdoors" + band-steering +! +wlan virtual-ap "APG20-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 420 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG20-SCSD_Vendor-Outdoors" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 420 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof-Outdoors" + band-steering +! +wlan virtual-ap "APG21-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 321 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG21-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 421 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG22-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 322 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG22-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 422 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG23-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 323 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG23-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 423 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG24-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 324 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG24-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 424 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG25-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 325 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG25-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 425 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG27-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 327 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG27-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 427 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG28-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 328 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG28-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 428 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG29-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 329 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG29-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 429 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG30-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 330 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG30-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 430 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG33-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 333 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG33-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 433 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" +! +wlan virtual-ap "APG34-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 334 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG34-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 434 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" +! +wlan virtual-ap "APG36-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 336 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG36-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 436 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG37-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 337 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG37-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 437 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG40-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 340 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG40-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 440 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG41-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 341 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG41-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 441 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG42-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 342 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG42-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 442 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG44-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 344 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG44-SCSD_Secure-Outdoor" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 344 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_profile-Outdoors" +! +wlan virtual-ap "APG44-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 444 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" +! +wlan virtual-ap "APG44-SCSD_Vendor-Outdoor" + vlan 444 +! +wlan virtual-ap "APG45-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 345 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG45-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 445 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG46-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 346 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG46-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 446 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG47-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 347 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG47-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 447 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG48-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 348 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG48-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 448 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG49-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 349 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG49-SCSD_Secure-Outdoors" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 349 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_profile-Outdoors" + band-steering +! +wlan virtual-ap "APG49-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 449 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG49-SCSD_Vendor-Outdoors" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 449 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof-Outdoors" + band-steering +! +wlan virtual-ap "APG51-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 351 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG51-SCSD_Secure-Outdoors" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 351 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_profile-Outdoors" + band-steering +! +wlan virtual-ap "APG51-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 451 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG51-SCSD_Vendor-Outdoors" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 451 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof-Outdoors" + band-steering +! +wlan virtual-ap "APG53-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 353 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG53-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 453 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG54-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 354 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG54-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 454 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG55-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 355 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG55-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 455 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG56-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 356 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG56-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 456 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG57-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 357 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG57-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 457 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG60-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 360 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG60-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 460 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG66-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 366 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG66-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 466 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "APG86-SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 386 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" + band-steering +! +wlan virtual-ap "APG86-SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 486 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" + band-steering +! +wlan virtual-ap "Aruba100" + aaa-profile "Aruba100_aaa_prof" + vlan 433 + forward-mode decrypt-tunnel + ssid-profile "Aruba100_ssid_prof" +! +wlan virtual-ap "default" +! +wlan virtual-ap "Intune" + aaa-profile "Intune_aaa_prof" + vlan Intune + forward-mode decrypt-tunnel + ssid-profile "Intune_ssid_prof" +! +wlan virtual-ap "SCSD_Secure" + aaa-profile "SCSD_Secure_aaa_prof" + vlan 160 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Secure_ssid_prof" +! +wlan virtual-ap "SCSD_Test_VAP" + aaa-profile "SCSD_Test_AAA" + vlan 403 + ssid-profile "SCSD_Test" +! +wlan virtual-ap "SCSD_Vendor" + aaa-profile "SCSD_Vendor_aaa_prof" + vlan 100 + forward-mode decrypt-tunnel + ssid-profile "SCSD_Vendor_ssid_prof" +! +wlan virtual-ap "Vendor" + aaa-profile "Vendor_aaa_prof" + no vap-enable + vlan Vendor-33-Lemoyne + forward-mode decrypt-tunnel + ssid-profile "Vendor_ssid_prof" +! +mgmt-server profile "default-acp" + stats-enable + tag-enable + sessions-enable + monitored-info-enable + monitored-info-del-enable + monitored-info-snapshot-enable + wids-event-info-enable + misc-enable + location-enable + uccmonitoring-enable + airgroupinfo-enable + wan-state +! +mgmt-server profile "default-ale" + stats-enable + tag-enable + sessions-enable + misc-enable + location-enable + uccmonitoring-enable +! +mgmt-server profile "default-amp" + stats-enable + tag-enable + sessions-enable + monitored-info-enable + user-visibility-enable + misc-enable + location-enable + ap-stats +! +mgmt-server profile "default-controller" + stats-enable + tag-enable + sessions-enable + user-visibility-enable + misc-enable + location-enable + uccmonitoring-enable + airgroupinfo-enable + wan-state + ap-stats +! +mgmt-server profile "default-niara" + no generic-amon-enable + sessions-enable + no inline-dhcp-stats + no inline-ap-stats + no inline-auth-stats + no inline-dns-stats +! +ap authorization-profile "default" + ap-authorization-group "NoAuthApGroup" +! +ap provisioning-profile "default" +! +rf arm-rf-domain-profile +! +ap am-filter-profile "default" +! +ap spectrum local-override +! +airmatch profile +! +ap-lacp-striping-ip +! +ap general-profile +! +ap deploy-profile +! +airslice-profile "default" +! +ap provisioning-rules +! +ap-group "APG02ITC" + virtual-ap "Intune" + virtual-ap "APG02-SCSD_Secure" + virtual-ap "APG02-SCSD_Vendor" +! +ap-group "APG03Fowler" + virtual-ap "Intune" + virtual-ap "APG03-SCSD_Secure" + virtual-ap "APG03-SCSD_Vendor" + virtual-ap "SCSD_Test_VAP" +! +ap-group "APG03Fowler-Outdoors" + virtual-ap "APG03-SCSD_Secure-Outdoors" + virtual-ap "APG03-SCSD_Vendor-Outdoors" + dot11a-radio-profile "rp-377-a" + dot11g-radio-profile "rp-377-g" + regulatory-domain-profile "SCSD_rdp" +! +ap-group "APG04Nottingham" + virtual-ap "Intune" + virtual-ap "APG04-SCSD_Secure" + virtual-ap "APG04-SCSD_Vendor" +! +ap-group "APG04Nottingham-Outdoors" + virtual-ap "APG04-SCSD_Secure-Outdoors" + virtual-ap "APG04-SCSD_Vendor-Outdoors" + dot11a-radio-profile "rp-377-a" + dot11g-radio-profile "rp-377-g" + regulatory-domain-profile "SCSD_rdp" +! +ap-group "APG06Henninger" + virtual-ap "Intune" + virtual-ap "APG06-SCSD_Secure" + virtual-ap "APG06-SCSD_Vendor" +! +ap-group "APG06Henninger-Outdoors" + dot11a-radio-profile "rp-377-a" + dot11g-radio-profile "rp-377-g" + regulatory-domain-profile "SCSD_rdp" +! +ap-group "APG07Corcoran" + virtual-ap "Intune" + virtual-ap "APG07-SCSD_Secure" + virtual-ap "APG07-SCSD_Vendor" +! +ap-group "APG07Corcoran-Outdoors" + virtual-ap "APG07-SCSD_Secure-Outdoors" + virtual-ap "APG07-SCSD_Vendor-Outdoors" + dot11a-radio-profile "rp-377-a" + dot11g-radio-profile "rp-377-g" + regulatory-domain-profile "SCSD_rdp" +! +ap-group "APG08Clary" + virtual-ap "Intune" + virtual-ap "APG08-SCSD_Secure" + virtual-ap "APG08-SCSD_Vendor" +! +ap-group "APG09Grant" + virtual-ap "Intune" + virtual-ap "APG09-SCSD_Secure" + virtual-ap "APG09-SCSD_Vendor" +! +ap-group "APG10Levy" + virtual-ap "Intune" + virtual-ap "APG10-SCSD_Secure" + virtual-ap "APG10-SCSD_Vendor" +! +ap-group "APG13Lincoln" + virtual-ap "Intune" + virtual-ap "APG13-SCSD_Secure" + virtual-ap "APG13-SCSD_Vendor" +! +ap-group "APG14Shea" + virtual-ap "Intune" + virtual-ap "APG14-SCSD_Secure" + virtual-ap "APG14-SCSD_Vendor" +! +ap-group "APG15HWSmith" + virtual-ap "Intune" + virtual-ap "APG15-SCSD_Secure" + virtual-ap "APG15-SCSD_Vendor" +! +ap-group "APG16Bellevue" + virtual-ap "Intune" + virtual-ap "APG16-SCSD_Secure" + virtual-ap "APG16-SCSD_Vendor" +! +ap-group "APG20Dr_King-Outdoors" + virtual-ap "APG20-SCSD_Secure-Outdoors" + virtual-ap "APG20-SCSD_Vendor-Outdoors" + dot11a-radio-profile "rp-377-a" + dot11g-radio-profile "rp-377-g" + regulatory-domain-profile "SCSD_rdp" +! +ap-group "APG20DrKing" + virtual-ap "Intune" + virtual-ap "APG20-SCSD_Secure" + virtual-ap "APG20-SCSD_Vendor" +! +ap-group "APG21Brighton" + virtual-ap "Intune" + virtual-ap "APG21-SCSD_Secure" + virtual-ap "APG21-SCSD_Vendor" +! +ap-group "APG22Delaware" + virtual-ap "Intune" + virtual-ap "APG22-SCSD_Secure" + virtual-ap "APG22-SCSD_Vendor" +! +ap-group "APG23Elmwood" + virtual-ap "Intune" + virtual-ap "APG23-SCSD_Secure" + virtual-ap "APG23-SCSD_Vendor" +! +ap-group "APG24Franklin" + virtual-ap "Intune" + virtual-ap "APG24-SCSD_Secure" + virtual-ap "APG24-SCSD_Vendor" +! +ap-group "APG25Frazer" + virtual-ap "Intune" + virtual-ap "APG25-SCSD_Secure" + virtual-ap "APG25-SCSD_Vendor" +! +ap-group "APG27Elmcrest" + virtual-ap "Intune" + virtual-ap "APG27-SCSD_Secure" + virtual-ap "APG27-SCSD_Vendor" +! +ap-group "APG28Latin" + virtual-ap "Intune" + virtual-ap "APG28-SCSD_Secure" + virtual-ap "APG28-SCSD_Vendor" +! +ap-group "APG29Huntington" + virtual-ap "Intune" + virtual-ap "APG29-SCSD_Secure" + virtual-ap "APG29-SCSD_Vendor" +! +ap-group "APG30SalemHyde" + virtual-ap "Intune" + virtual-ap "APG30-SCSD_Secure" + virtual-ap "APG30-SCSD_Vendor" +! +ap-group "APG33Lemoyne" + virtual-ap "APG33-SCSD_Secure" + virtual-ap "Intune" + virtual-ap "APG33-SCSD_Vendor" + dot11a-radio-profile "default_radio_a_ui" + dot11g-radio-profile "default_radio_g_ui" +! +ap-group "APG34Weeks" + virtual-ap "APG34-SCSD_Secure" + virtual-ap "APG34-SCSD_Vendor" + virtual-ap "Intune" +! +ap-group "APG36McKinley" + virtual-ap "Intune" + virtual-ap "APG36-SCSD_Secure" + virtual-ap "APG36-SCSD_Vendor" +! +ap-group "APG37Meachem" + virtual-ap "Intune" + virtual-ap "APG37-SCSD_Secure" + virtual-ap "APG37-SCSD_Vendor" +! +ap-group "APG40Porter" + virtual-ap "Intune" + virtual-ap "APG40-SCSD_Secure" + virtual-ap "APG40-SCSD_Vendor" +! +ap-group "APG41Bova" + virtual-ap "Intune" + virtual-ap "APG41-SCSD_Secure" + virtual-ap "APG41-SCSD_Vendor" +! +ap-group "APG42Roberts" + virtual-ap "Intune" + virtual-ap "APG42-SCSD_Secure" + virtual-ap "APG42-SCSD_Vendor" +! +ap-group "APG44Seymore" + virtual-ap "APG44-SCSD_Secure" + virtual-ap "Intune" + virtual-ap "APG44-SCSD_Vendor" +! +ap-group "APG44Seymour-Outdoors" + virtual-ap "APG44-SCSD_Secure-Outdoor" + virtual-ap "APG44-SCSD_Vendor-Outdoor" + dot11a-radio-profile "rp-377-a" + dot11g-radio-profile "rp-377-g" + regulatory-domain-profile "SCSD_rdp" +! +ap-group "APG45EdSmith" + virtual-ap "Intune" + virtual-ap "APG45-SCSD_Secure" + virtual-ap "APG45-SCSD_Vendor" +! +ap-group "APG46Brighton466" + virtual-ap "Intune" + virtual-ap "APG46-SCSD_Secure" + virtual-ap "APG46-SCSD_Vendor" +! +ap-group "APG47ELMS" + virtual-ap "Intune" + virtual-ap "APG47-SCSD_Secure" + virtual-ap "APG47-SCSD_Vendor" +! +ap-group "APG48Beard" + virtual-ap "Intune" + virtual-ap "APG48-SCSD_Secure" + virtual-ap "APG48-SCSD_Vendor" +! +ap-group "APG49VanDuyn" + virtual-ap "Intune" + virtual-ap "APG49-SCSD_Secure" + virtual-ap "APG49-SCSD_Vendor" +! +ap-group "APG49VanDuyn-Outdoors" + virtual-ap "APG49-SCSD_Vendor-Outdoors" + virtual-ap "APG49-SCSD_Secure-Outdoors" + dot11a-radio-profile "APG49VanDuyn-Outdoors_radio_a_ui" + dot11g-radio-profile "APG49VanDuyn-Outdoors_radio_g_ui" + regulatory-domain-profile "APG49VanDuyn-Outdoors_rdp_ui" +! +ap-group "APG51Webster" + virtual-ap "Intune" + virtual-ap "APG51-SCSD_Secure" + virtual-ap "APG51-SCSD_Vendor" + dot11a-radio-profile "APG51Webster_radio_a_ui" + dot11g-radio-profile "APG51Webster_radio_g_ui" + regulatory-domain-profile "APG51Webster_rdp_ui" +! +ap-group "APG51Webster-Outdoors" + virtual-ap "APG51-SCSD_Secure-Outdoors" + virtual-ap "APG51-SCSD_Vendor-Outdoors" + dot11a-radio-profile "rp-377-a" + dot11g-radio-profile "rp-377-g" + regulatory-domain-profile "SCSD_rdp" +! +ap-group "APG53Blodgett" + virtual-ap "Intune" + virtual-ap "APG53-SCSD_Secure" + virtual-ap "APG53-SCSD_Vendor" +! +ap-group "APG54JVC" + virtual-ap "Intune" + virtual-ap "APG54-SCSD_Secure" + virtual-ap "APG54-SCSD_Vendor" +! +ap-group "APG55CO" + virtual-ap "Intune" + virtual-ap "APG55-SCSD_Secure" + virtual-ap "APG55-SCSD_Vendor" +! +ap-group "APG56SSC" + virtual-ap "Intune" + virtual-ap "APG56-SCSD_Secure" + virtual-ap "APG56-SCSD_Vendor" +! +ap-group "APG57Transportation" + virtual-ap "Intune" + virtual-ap "APG57-SCSD_Secure" + virtual-ap "APG57-SCSD_Vendor" +! +ap-group "APG60RockWest" + virtual-ap "Intune" + virtual-ap "APG60-SCSD_Secure" + virtual-ap "APG60-SCSD_Vendor" +! +ap-group "APG66ENL" + virtual-ap "Intune" + virtual-ap "APG66-SCSD_Secure" + virtual-ap "APG66-SCSD_Vendor" +! +ap-group "APG86StLucy" + virtual-ap "Intune" + virtual-ap "APG86-SCSD_Secure" + virtual-ap "APG86-SCSD_Vendor" +! +ap-group "default" + virtual-ap "Aruba100" + virtual-ap "SCSD_Secure" + virtual-ap "Intune" + virtual-ap "SCSD_Vendor" + virtual-ap "Vendor" + dot11a-radio-profile "default_radio_a_ui" + dot11g-radio-profile "default_radio_g_ui" + regulatory-domain-profile "default_rdp_ui" +! +ap-group "NoAuthApGroup" + enet1-port-profile "NoAuthWiredPort" + enet2-port-profile "NoAuthWiredPort" + enet3-port-profile "NoAuthWiredPort" + enet4-port-profile "NoAuthWiredPort" + ap-system-profile "NoAuthApSystem" +! +airgroupprofile service "default-airplay" + id "_airplay._tcp" + id "_appletv-v2._tcp" + id "_raop._tcp" + description "AirPlay" +! +airgroupprofile service "default-airprint" + id "_canon-bjnp1._tcp" + id "_fax-ipp._tcp" + id "_http-alt._tcp" + id "_http._tcp" + id "_ica-networking._tcp" + id "_ica-networking2._tcp" + id "_ipp-tls._tcp" + id "_ipp._tcp" + id "_ipps._tcp" + id "_pdl-datastream._tcp" + id "_printer._tcp" + id "_ptp._tcp" + id "_riousbprint._tcp" + id "_universal._sub._ipp._tcp" + id "_universal._sub._ipps._tcp" + description "AirPrint" +! +airgroupprofile service "default-allowall" + description "Remaining-Services" +! +airgroupprofile service "default-amazontv" + id "_amzn-wplay._tcp" + description "Amazon fire tv" +! +airgroupprofile service "default-dial" + id "urn:dial-multiscreen-org:device:dial:1" + id "urn:dial-multiscreen-org:service:dial:1" + description "DIAL supported by Chromecast, FireTV, Roku etc" +! +airgroupprofile service "default-dlna-media" + id "urn:schemas-upnp-org:device:MediaPlayer:1" + id "urn:schemas-upnp-org:device:MediaRenderer:1" + id "urn:schemas-upnp-org:device:MediaRenderer:2" + id "urn:schemas-upnp-org:device:MediaRenderer:3" + id "urn:schemas-upnp-org:device:MediaServer:1" + id "urn:schemas-upnp-org:device:MediaServer:2" + id "urn:schemas-upnp-org:device:MediaServer:3" + id "urn:schemas-upnp-org:device:MediaServer:4" + id "urn:schemas-upnp-org:device:ZonePlayer:1" + id "urn:schemas-upnp-org:service:AVTransport:1" + id "urn:schemas-upnp-org:service:AlarmClock:1" + id "urn:schemas-upnp-org:service:ConnectionManager:1" + id "urn:schemas-upnp-org:service:ContentDirectory:1" + id "urn:schemas-upnp-org:service:DeviceProperties:1" + id "urn:schemas-upnp-org:service:GroupManagement:1" + id "urn:schemas-upnp-org:service:GroupRenderingControl:1" + id "urn:schemas-upnp-org:service:MusicServices:1" + id "urn:schemas-upnp-org:service:RenderingControl:1" + id "urn:schemas-upnp-org:service:SystemProperties:1" + id "urn:schemas-upnp-org:service:ZoneGroupTopology:1" + description "Media" +! +airgroupprofile service "default-dlna-print" + id "urn:schemas-upnp-org:device:Printer:1" + id "urn:schemas-upnp-org:service:PrintBasic:1" + id "urn:schemas-upnp-org:service:PrintEnhanced:1" + description "Print" +! +airgroupprofile service "default-googlecast" + id "_0F5096E8._sub._googlecast._tcp" + id "_17608BC8._sub._googlecast._tcp" + id "_233637DE._sub._googlecast._tcp" + id "_42B56469._sub._googlecast._tcp" + id "_668E5548._sub._googlecast._tcp" + id "_674A0243._sub._googlecast._tcp" + id "_85CDB22F._sub._googlecast._tcp" + id "_8DA7527D._sub._googlecast._tcp" + id "_8E6C866D._sub._googlecast._tcp" + id "_96084372._sub._googlecast._tcp" + id "_CA5E8412._sub._googlecast._tcp" + id "_CC1AD845._sub._googlecast._tcp" + id "_googlecast._tcp" + id "_googlezone._tcp" + description "GoogleCast supported by Chromecast etc" +! +airgroupprofile service "default-itunes" + id "_apple-mobdev._tcp" + id "_daap._tcp" + id "_dacp._tcp" + id "_home-sharing._tcp" + description "iTunes" +! +airgroupprofile service "default-remotemgmt" + id "_ftp._tcp" + id "_net-assistant._tcp" + id "_rfb._tcp" + id "_sftp-ssh._tcp" + id "_ssh._tcp" + id "_telnet._tcp" + description "Remote management" +! +airgroupprofile service "default-sharing" + id "_afpovertcp._tcp" + id "_odisk._tcp" + id "_xgrid._tcp" + description "Sharing" +! +airgroupprofile ipv6 "default" +! +airgroupprofile network "default" +! +airgroupprofile "default" + service "default-airplay" + service "default-airprint" + service "default-dial" + disallow-vlan type servers service "" + disallow-role "" type servers service "" +! +logging security subcat ids level warnings +logging security subcat ids-ap level warnings + +snmp-server enable trap +snmp-server host 10.1.35.10 version 2c mickey03 udp-port 162 +snmp-server trap source 0.0.0.0 +snmp-server trap disable wlsxAPBROADCASTSTORM +snmp-server trap disable wlsxAPIPConflict +snmp-server trap disable wlsxAPLoopDetected +snmp-server trap disable wlsxAPPortDown +snmp-server trap disable wlsxAPPortUp +snmp-server trap disable wlsxAPUSBPLUGALARM +snmp-server trap disable wlsxAceUsageThreshold +snmp-server trap disable wlsxAdhocNetwork +snmp-server trap disable wlsxAdhocNetworkBridgeDetectedAP +snmp-server trap disable wlsxAdhocNetworkBridgeDetectedSta +snmp-server trap disable wlsxAdhocUsingValidSSID +snmp-server trap disable wlsxAuthMaxAclEntries +snmp-server trap disable wlsxAuthMaxBWContracts +snmp-server trap disable wlsxAuthMaxUserEntries +snmp-server trap disable wlsxAuthServerIsUp +snmp-server trap disable wlsxAuthServerReqTimedOut +snmp-server trap disable wlsxAuthServerTimedOut +snmp-server trap disable wlsxCLEARPASSSERVERINVALID +snmp-server trap disable wlsxChannelChanged +snmp-server trap disable wlsxClientPskAuthenticationFailed +snmp-server trap disable wlsxClientRejectedByMaxClientCount +snmp-server trap disable wlsxClusterVlanProbeStatus +snmp-server trap disable wlsxCoverageHoleDetected +snmp-server trap disable wlsxDBCommunicationFailure +snmp-server trap disable wlsxDisconnectStationAttack +snmp-server trap disable wlsxDot1xThresholdLimitHit +snmp-server trap disable wlsxDot1xTotalLimitHit +snmp-server trap disable wlsxESIServerDown +snmp-server trap disable wlsxESIServerUp +snmp-server trap disable wlsxFanAbsent +snmp-server trap disable wlsxFanFailure +snmp-server trap disable wlsxFanTrayInserted +snmp-server trap disable wlsxFanTrayRemoved +snmp-server trap disable wlsxFlash1SpaceOK +snmp-server trap disable wlsxGBICInserted +snmp-server trap disable wlsxGhostTunnelclientAttack +snmp-server trap disable wlsxGhostTunnelserverAttack +snmp-server trap disable wlsxHaFailoverRequestFromAp +snmp-server trap disable wlsxHaFailoverTrigger +snmp-server trap disable wlsxHaIntercontrollerHbtMiss +snmp-server trap disable wlsxHaStandbyConnectivityState +snmp-server trap disable wlsxHaStandbyIpSentFailed +snmp-server trap disable wlsxHaState +snmp-server trap disable wlsxIpSpoofingDetected +snmp-server trap disable wlsxLCInserted +snmp-server trap disable wlsxLCRemoved +snmp-server trap disable wlsxLicenseExpiry +snmp-server trap disable wlsxLowMemory +snmp-server trap disable wlsxLowOnFlash1Space +snmp-server trap disable wlsxLowOnFlashSpace +snmp-server trap disable wlsxNAceUsageThreshold +snmp-server trap disable wlsxNDot1xThresholdLimitHit +snmp-server trap disable wlsxNDot1xTotalLimitHit +snmp-server trap disable wlsxNFanAbsent +snmp-server trap disable wlsxNLowOnFlash1Space +snmp-server trap disable wlsxNSwitchIPv6Changed +snmp-server trap disable wlsxNWebCCLicenseEnforcement +snmp-server trap disable wlsxOutOfRangeTemperature +snmp-server trap disable wlsxOutOfRangeVoltage +snmp-server trap disable wlsxPhonyBSSIDDetected +snmp-server trap disable wlsxPowerSupplyFailure +snmp-server trap disable wlsxPowerSupplyMissing +snmp-server trap disable wlsxProcessDied +snmp-server trap disable wlsxProcessExceedsMemoryLimits +snmp-server trap disable wlsxSCInserted +snmp-server trap disable wlsxSignatureMatch +snmp-server trap disable wlsxStaUnAssociatedFromUnsecureAP +snmp-server trap disable wlsxSwitchIPChanged +snmp-server trap disable wlsxSwitchIPv6Changed +snmp-server trap disable wlsxSwitchRoleChange +snmp-server trap disable wlsxTHERMALSHUTDOWN +snmp-server trap disable wlsxUserAuthenticationFailed +snmp-server trap disable wlsxUserEntryAuthenticated +snmp-server trap disable wlsxUserEntryChanged +snmp-server trap disable wlsxUserEntryCreated +snmp-server trap disable wlsxUserEntryDeAuthenticated +snmp-server trap disable wlsxUserEntryDeleted +snmp-server trap disable wlsxVrrpStateChange +snmp-server trap disable wlsxWebCCLicenseEnforcement +firewall-visibility + +process monitor log + +process monitor log +lc-cluster group-membership "Cluster1" +lc-cluster exclude-vlan "1,1024" + +ip probe default + mode ping + frequency 10 + retries 3 + burst-size 5 +! +ip probe health-check + mode ping + frequency 10 + retries 3 + burst-size 5 +! +ip probe data-vpnc + mode udp + frequency 10 + retries 3 + burst-size 5 + jitter +! + + +end