diff --git a/configs/wlc/wlc-b.cfg b/configs/wlc/wlc-b.cfg
index 1854a46..e5bf639 100644
--- a/configs/wlc/wlc-b.cfg
+++ b/configs/wlc/wlc-b.cfg
@@ -113,10 +113,10 @@ time-range periodic night-hours
     Weekday 18:01 to 23:59 
     Weekday 00:00 to 07:59 
 !
-ip access-list session apprf-scsd_vr-sacl 
-!
 ip access-list session apprf-switch-logon-sacl 
 !
+ip access-list session apprf-scsd_vr-sacl 
+!
 ip access-list session svp-acl 
     any any svc-svp permit queue high 
     user host 224.0.1.116 any permit 
@@ -266,19 +266,19 @@ ip access-list session stateful-dot1x
     any any svc-dns permit 
     any any svc-dhcp permit 
 !
-ip access-list session SCSD_VR 
-!
 ip access-list session cplogout 
     user alias controller svc-https dst-nat 8081 
 !
+ip access-list session SCSD_VR 
+!
 ip access-list session scsd-dns-10 
     any network 10.0.0.0 255.0.0.0 udp 53 permit 
 !
+ip access-list session apprf-visitor_byod-sacl 
+!
 ip access-list session SCSD_VR_Headset 
 Description: "Virtual Reality Headsets"
 !
-ip access-list session apprf-visitor_byod-sacl 
-!
 ip access-list session wificalling-acl 
     any any tcp 443 permit 
 !
@@ -364,9 +364,6 @@ ip access-list session v6-ap-acl
 ip access-list session wificalling-block 
     any alias wificalling-block any deny 
 !
-ip access-list session SCSD-IoT 
-    any host 10.1.31.14 any permit 
-!
 ip access-list session apprf-default-via-role-sacl 
 !
 ip access-list session v6-allowall 
@@ -377,6 +374,9 @@ ip access-list session apprf-default-iap-user-role-sacl
 ip access-list session v6-icmp-acl 
     ipv6 any any svc-v6-icmp permit 
 !
+ip access-list session SCSD-IoT 
+    any host 10.1.31.14 any permit 
+!
 ip access-list session validuser 
     network 127.0.0.0 255.0.0.0 any any deny 
     network 169.254.0.0 255.255.0.0 any any deny 
@@ -475,11 +475,6 @@ ip access-list session deny_internal_byod
     any network 192.168.0.0 255.255.0.0 any deny 
     any any any permit 
 !
-ip access-list session SCAD_Deny_Internal 
-    any network 192.168.0.0 255.255.0.0 any deny 
-    any network 10.0.0.0 255.0.0.0 any deny 
-    any network 172.16.0.0 255.240.0.0 any deny 
-!
 ip access-list session captiveportalbridge 
     user alias localip svc-https dual-nat pool localip 8081 
     user any svc-http dual-nat pool localip 8080 
@@ -514,6 +509,11 @@ ip access-list session control
     any any svc-natt permit 
     any any tcp 6633 permit 
 !
+ip access-list session SCAD_Deny_Internal 
+    any network 192.168.0.0 255.255.0.0 any deny 
+    any network 10.0.0.0 255.0.0.0 any deny 
+    any network 172.16.0.0 255.240.0.0 any deny 
+!
 ip access-list session apprf-student_byod-sacl 
 !
 ip access-list session apprf-staff_scsd-sacl