From 4a3117c1a2d00aad93fc4923ffc4cc519df1901e Mon Sep 17 00:00:00 2001 From: John Poland Date: Mon, 29 Sep 2025 17:07:21 -0400 Subject: [PATCH] wlc/wlc-b.cfg Mon Sep 29 05:07:20 PM EDT 2025 --- configs/wlc/wlc-b.cfg | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/configs/wlc/wlc-b.cfg b/configs/wlc/wlc-b.cfg index 7efdd80..15c0670 100644 --- a/configs/wlc/wlc-b.cfg +++ b/configs/wlc/wlc-b.cfg @@ -7,7 +7,7 @@ clock timezone America/New_York -04 0 ! conductorip 10.1.35.33 ipsec ****** interface vlan 35 location "Building1.floor1" -controller config 680 +controller config 685 crypto-local pki ServerCert scsd_full_wc3 StarCert-Ex03_26_fullchain.pfx crypto-local pki ServerCert scsd_full_wc_2026 StarCert-Ex03_26_fullchain.pfx crypto-local pki ServerCert scsd_wc3_2026 StarCert-Expire03202026.pfx @@ -277,6 +277,11 @@ ip access-list session wificalling-acl ! ip access-list session apprf-authenticated-sacl ! +ip access-list session SCSD_Deny-Internal + any network 172.16.0.0 255.240.0.0 any deny + any network 10.0.0.0 255.0.0.0 any deny + any network 192.168.0.0 255.255.0.0 any deny +! ip access-list session apprf-logon-sacl ! ip access-list session staff_scsd @@ -352,6 +357,8 @@ ip access-list session v6-ap-acl ip access-list session wificalling-block any alias wificalling-block any deny ! +ip access-list session SCSD-IoT +! ip access-list session apprf-default-via-role-sacl ! ip access-list session v6-allowall @@ -446,6 +453,8 @@ ip access-list session ap-acl user any svc-ftp permit user any svc-telnet deny ! +ip access-list session apprf-scsd-iot-sacl +! ip access-list session apprf-ap-role-sacl ! ip access-list session deny_internal_byod @@ -651,6 +660,15 @@ user-role Visitor_BYOD access-list session apprf-visitor_byod-sacl access-list session visitor_byod ! +user-role SCSD-IoT + access-list session global-sacl + access-list session apprf-scsd-iot-sacl + access-list session dhcp-acl + access-list session SCSD-IoT + access-list session dns-acl + access-list session SCSD_Deny-Internal + access-list session allowall +! user-role authenticated access-list session global-sacl access-list session apprf-authenticated-sacl @@ -1963,7 +1981,7 @@ aaa profile "LemoyneTest_aaa_prof" aaa profile "NoAuthAAAProfile" ! aaa profile "SCSD_IoT_aaa_prof" - initial-role "authenticated" + initial-role "SCSD-IoT" authentication-dot1x "SCSD_IoT_dot1_aut" ! aaa profile "SCSD_Secure_aaa_prof" @@ -3334,7 +3352,7 @@ wlan virtual-ap "IoT" ! wlan virtual-ap "SCSD_IoT" aaa-profile "SCSD_IoT_aaa_prof" - vlan 307 + vlan 30 ssid-profile "SCSD_IoT_ssid_prof" ! wlan virtual-ap "SCSD_Secure"