wlc/wlc-a.cfg Mon Sep 15 07:06:37 AM EDT 2025

2025-09-15 07:06:37 -04:00 · 2025-09-15 07:06:37 -04:00 · ceafd05af0
commit ceafd05af0
parent 26ac88d593
1 changed files with 29 additions and 30 deletions
--- a/configs/wlc/wlc-a.cfg
+++ b/configs/wlc/wlc-a.cfg
@ -9,12 +9,9 @@ conductorip 10.1.35.33 ipsec ****** interface vlan 35
 location "Building1.floor1" 
 controller config 670
 crypto-local pki ServerCert scsd_full_wc3 StarCert-Ex03_26_fullchain.pfx 
-crypto-local pki ServerCert scsd_full_wc_2025 Star-Exp042025-fullchain.pfx 
 crypto-local pki ServerCert scsd_full_wc_2026 StarCert-Ex03_26_fullchain.pfx 
 crypto-local pki ServerCert scsd_wc3_2026 StarCert-Expire03202026.pfx 
-crypto-local pki ServerCert scsd_wc_2025 StartCert-Expire042025.pfx 
 crypto-local pki ServerCert scsd_wc_2026 StarCert-Expire03202026.pfx 
-crypto-local pki ServerCert scsd_wc_full_2025 Star-Exp042025-fullchain.pfx 
 crypto-local pki PublicCert master-ssh-pub-cert master-ssh-pub-cert 
 ip nat pool localip 0.0.0.0 0.0.0.0 
 ip nat pool dynamic-srcnat 0.0.0.0 0.0.0.0 
@ -333,6 +330,8 @@ ip access-list session machine_scsd
 !
 ip access-list session apprf-guest-sacl 
 !
+ip access-list session apprf-denyall-sacl 
+!
 ip access-list session visitor_byod 
    any network 192.168.0.0 255.255.0.0 any deny 
    any any udp 53 permit 
@ -1218,6 +1217,10 @@ interface vlan 304
    ip address 10.4.112.7 255.255.240.0 
 !

+interface vlan 305 
+    ip address 10.5.112.7 255.255.240.0 
+!
+
 interface vlan 306 
    ip address 10.6.112.7 255.255.240.0 
 !
@ -1374,6 +1377,10 @@ interface vlan 360
    ip address 10.60.112.7 255.255.240.0 
 !

+interface vlan 366 
+    ip address 10.66.112.7 255.255.240.0 
+!
+
 interface vlan 386 
    ip address 10.86.112.7 255.255.240.0 
 !
@ -1390,6 +1397,10 @@ interface vlan 404
    ip address 10.4.128.7 255.255.240.0 
 !

+interface vlan 405 
+    ip address 10.5.128.7 255.255.240.0 
+!
+
 interface vlan 406 
    ip address 10.6.128.7 255.255.240.0 
 !
@ -1546,6 +1557,10 @@ interface vlan 460
    ip address 10.60.128.7 255.255.240.0 
 !

+interface vlan 466 
+    ip address 10.66.128.7 255.255.240.0 
+!
+
 interface vlan 486 
    ip address 10.86.128.7 255.255.240.0 
 !
@ -1556,22 +1571,6 @@ interface vlan 1024
    ip nat inside 
 !

-interface vlan 366 
-    ip address 10.66.112.7 255.255.240.0 
-!
-
-interface vlan 466 
-    ip address 10.66.128.7 255.255.240.0 
-!
-
-interface vlan 305 
-    ip address 10.5.112.7 255.255.240.0 
-!
-
-interface vlan 405 
-    ip address 10.5.128.7 255.255.240.0 
-!
-
 !
 uplink health-check 
 !
@ -1701,17 +1700,6 @@ crypto dynamic-map default-dynamicmap 10000

 crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap 
 crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap 
-crypto-local ipsec-map default-ha-ipsecmap10.1.35.12 9999
-    version v2
-    set ikev2-policy 10015
-    peer-ip 10.1.35.12
-    src-net 10.1.35.11 255.255.255.255
-    dst-net 10.1.35.12 255.255.255.255
-    set transform-set "default-ha-transform" 
-    factory-cert-auth
-    trusted
-!
-
 crypto-local ipsec-map default-ha-ipsecmap10.1.35.14 9999
    version v2
    set ikev2-policy 10015
@ -1723,6 +1711,17 @@ crypto-local ipsec-map default-ha-ipsecmap10.1.35.14 9999
    trusted
 !

+crypto-local ipsec-map default-ha-ipsecmap10.1.35.12 9999
+    version v2
+    set ikev2-policy 10015
+    peer-ip 10.1.35.12
+    src-net 10.1.35.11 255.255.255.255
+    dst-net 10.1.35.12 255.255.255.255
+    set transform-set "default-ha-transform" 
+    factory-cert-auth
+    trusted
+!
+
 crypto isakmp eap-passthrough eap-tls 
 crypto isakmp eap-passthrough eap-peap 
 crypto isakmp eap-passthrough eap-mschapv2