From b59e22bae5e41586b1561e1a616bbdafbf78545f Mon Sep 17 00:00:00 2001 From: John Poland Date: Mon, 22 Sep 2025 17:07:23 -0400 Subject: [PATCH] wlc/wlc-a.cfg Mon Sep 22 05:07:23 PM EDT 2025 --- configs/wlc/wlc-a.cfg | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/configs/wlc/wlc-a.cfg b/configs/wlc/wlc-a.cfg index 58e0d75..7ddec30 100644 --- a/configs/wlc/wlc-a.cfg +++ b/configs/wlc/wlc-a.cfg @@ -7,7 +7,7 @@ clock timezone America/New_York -04 0 ! conductorip 10.1.35.33 ipsec ****** interface vlan 35 location "Building1.floor1" -controller config 672 +controller config 679 crypto-local pki ServerCert scsd_full_wc3 StarCert-Ex03_26_fullchain.pfx crypto-local pki ServerCert scsd_full_wc_2026 StarCert-Ex03_26_fullchain.pfx crypto-local pki ServerCert scsd_wc3_2026 StarCert-Expire03202026.pfx @@ -455,8 +455,11 @@ ip access-list session deny_internal_byod any network 10.1.40.0 255.255.255.0 tcp 80 permit any network 10.251.1.0 255.255.255.224 any permit any network 10.0.0.0 255.0.0.0 any deny - any any any permit any network 192.168.0.0 255.255.0.0 any deny + any any any permit +! +ip access-list session guest + host 10.48.120.112 any any permit ! ip access-list session captiveportalbridge user alias localip svc-https dual-nat pool localip 8081 @@ -684,6 +687,8 @@ user-role guest access-list session v6-dhcp-acl access-list session v6-icmp-acl access-list session v6-dns-acl + access-list session allowall + access-list session deny_internal_byod ! user-role default-iap-user-role access-list session allowall @@ -3668,6 +3673,7 @@ ap-group "APG48Beard" virtual-ap "Intune" virtual-ap "APG48-SCSD_Secure" virtual-ap "APG48-SCSD_Vendor" + virtual-ap "SCSD_IoT" ! ap-group "APG49VanDuyn" virtual-ap "Intune"