diff --git a/configs/wlc/wlc-b.cfg b/configs/wlc/wlc-b.cfg index a5c399f..79ee244 100644 --- a/configs/wlc/wlc-b.cfg +++ b/configs/wlc/wlc-b.cfg @@ -7,7 +7,7 @@ clock timezone America/New_York -04 0 ! conductorip 10.1.35.33 ipsec ****** interface vlan 35 location "Building1.floor1" -controller config 688 +controller config 693 crypto-local pki ServerCert scsd_full_wc3 StarCert-Ex03_26_fullchain.pfx crypto-local pki ServerCert scsd_full_wc_2026 StarCert-Ex03_26_fullchain.pfx crypto-local pki ServerCert scsd_wc3_2026 StarCert-Expire03202026.pfx @@ -113,6 +113,8 @@ time-range periodic night-hours Weekday 18:01 to 23:59 Weekday 00:00 to 07:59 ! +ip access-list session apprf-scsd_vr-sacl +! ip access-list session apprf-switch-logon-sacl ! ip access-list session svp-acl @@ -264,12 +266,17 @@ ip access-list session stateful-dot1x any any svc-dns permit any any svc-dhcp permit ! +ip access-list session SCSD_VR +! ip access-list session cplogout user alias controller svc-https dst-nat 8081 ! ip access-list session scsd-dns-10 any network 10.0.0.0 255.0.0.0 udp 53 permit ! +ip access-list session SCSD_VR_Headset +Description: "Virtual Reality Headsets" +! ip access-list session apprf-visitor_byod-sacl ! ip access-list session wificalling-acl @@ -467,6 +474,11 @@ ip access-list session deny_internal_byod any network 192.168.0.0 255.255.0.0 any deny any any any permit ! +ip access-list session SCAD_Deny_Internal + any network 192.168.0.0 255.255.0.0 any deny + any network 10.0.0.0 255.0.0.0 any deny + any network 172.16.0.0 255.240.0.0 any deny +! ip access-list session captiveportalbridge user alias localip svc-https dual-nat pool localip 8081 user any svc-http dual-nat pool localip 8080 @@ -591,6 +603,15 @@ user-role guest-logon access-list session v6-logon-control access-list session captiveportal6 ! +user-role SCSD_VR + access-list session global-sacl + access-list session apprf-scsd_vr-sacl + access-list session SCSD_VR + access-list session dhcp-acl + access-list session dns-acl + access-list session SCAD_Deny_Internal + access-list session allowall +! user-role SCSD_Vendor-guest-logon captive-portal "SCSD_Vendor_cppm_prof" access-list session global-sacl @@ -1970,9 +1991,13 @@ aaa profile "Intune_aaa_prof" ! aaa profile "IoT_aaa_prof" authentication-mac "IoT" + mac-server-group "IoT_dot1_svg" authentication-dot1x "IoT_dot1_aut" dot1x-default-role "guest-logon" dot1x-server-group "IoT_dot1_svg" + radius-accounting "IoT_dot1_svg" + radius-interim-accounting + rfc-3576-server "10.1.40.116" ! aaa profile "LemoyneTest_aaa_prof" initial-role "authenticated"