diff --git a/configs/wlc/wlc-b.cfg b/configs/wlc/wlc-b.cfg index 94b6ba6..e39997f 100644 --- a/configs/wlc/wlc-b.cfg +++ b/configs/wlc/wlc-b.cfg @@ -9,12 +9,9 @@ conductorip 10.1.35.33 ipsec ****** interface vlan 35 location "Building1.floor1" controller config 680 crypto-local pki ServerCert scsd_full_wc3 StarCert-Ex03_26_fullchain.pfx -crypto-local pki ServerCert scsd_full_wc_2025 Star-Exp042025-fullchain.pfx crypto-local pki ServerCert scsd_full_wc_2026 StarCert-Ex03_26_fullchain.pfx crypto-local pki ServerCert scsd_wc3_2026 StarCert-Expire03202026.pfx -crypto-local pki ServerCert scsd_wc_2025 StartCert-Expire042025.pfx crypto-local pki ServerCert scsd_wc_2026 StarCert-Expire03202026.pfx -crypto-local pki ServerCert scsd_wc_full_2025 Star-Exp042025-fullchain.pfx crypto-local pki PublicCert master-ssh-pub-cert master-ssh-pub-cert ip nat pool localip 0.0.0.0 0.0.0.0 ip nat pool dynamic-srcnat 0.0.0.0 0.0.0.0 @@ -1229,6 +1226,10 @@ interface vlan 304 ip address 10.4.112.8 255.255.240.0 ! +interface vlan 305 + ip address 10.5.112.8 255.255.240.0 +! + interface vlan 306 ip address 10.6.112.8 255.255.240.0 ! @@ -1385,6 +1386,10 @@ interface vlan 360 ip address 10.60.112.8 255.255.240.0 ! +interface vlan 366 + ip address 10.66.112.8 255.255.240.0 +! + interface vlan 386 ip address 10.86.112.8 255.255.240.0 ! @@ -1401,6 +1406,10 @@ interface vlan 404 ip address 10.4.128.8 255.255.240.0 ! +interface vlan 405 + ip address 10.5.128.8 255.255.240.0 +! + interface vlan 406 ip address 10.6.128.8 255.255.240.0 ! @@ -1557,6 +1566,10 @@ interface vlan 460 ip address 10.60.128.8 255.255.240.0 ! +interface vlan 466 + ip address 10.66.128.8 255.255.240.0 +! + interface vlan 486 ip address 10.86.128.8 255.255.240.0 ! @@ -1567,22 +1580,6 @@ interface vlan 1024 ip nat inside ! -interface vlan 366 - ip address 10.66.112.8 255.255.240.0 -! - -interface vlan 466 - ip address 10.66.128.8 255.255.240.0 -! - -interface vlan 305 - ip address 10.5.112.8 255.255.240.0 -! - -interface vlan 405 - ip address 10.5.128.8 255.255.240.0 -! - ! uplink health-check ! @@ -1712,17 +1709,6 @@ crypto dynamic-map default-dynamicmap 10000 crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap -crypto-local ipsec-map default-ha-ipsecmap10.1.35.14 9999 - version v2 - set ikev2-policy 10015 - peer-ip 10.1.35.14 - src-net 10.1.35.12 255.255.255.255 - dst-net 10.1.35.14 255.255.255.255 - set transform-set "default-ha-transform" - factory-cert-auth - trusted -! - crypto-local ipsec-map default-ha-ipsecmap10.1.35.11 9999 version v2 set ikev2-policy 10015 @@ -1735,6 +1721,17 @@ crypto-local ipsec-map default-ha-ipsecmap10.1.35.11 9999 trusted ! +crypto-local ipsec-map default-ha-ipsecmap10.1.35.14 9999 + version v2 + set ikev2-policy 10015 + peer-ip 10.1.35.14 + src-net 10.1.35.12 255.255.255.255 + dst-net 10.1.35.14 255.255.255.255 + set transform-set "default-ha-transform" + factory-cert-auth + trusted +! + crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-mschapv2