diff --git a/configs/wlc/wlc-a.cfg b/configs/wlc/wlc-a.cfg index c31728f..84254e3 100644 --- a/configs/wlc/wlc-a.cfg +++ b/configs/wlc/wlc-a.cfg @@ -9,12 +9,9 @@ conductorip 10.1.35.33 ipsec ****** interface vlan 35 location "Building1.floor1" controller config 670 crypto-local pki ServerCert scsd_full_wc3 StarCert-Ex03_26_fullchain.pfx -crypto-local pki ServerCert scsd_full_wc_2025 Star-Exp042025-fullchain.pfx crypto-local pki ServerCert scsd_full_wc_2026 StarCert-Ex03_26_fullchain.pfx crypto-local pki ServerCert scsd_wc3_2026 StarCert-Expire03202026.pfx -crypto-local pki ServerCert scsd_wc_2025 StartCert-Expire042025.pfx crypto-local pki ServerCert scsd_wc_2026 StarCert-Expire03202026.pfx -crypto-local pki ServerCert scsd_wc_full_2025 Star-Exp042025-fullchain.pfx crypto-local pki PublicCert master-ssh-pub-cert master-ssh-pub-cert ip nat pool localip 0.0.0.0 0.0.0.0 ip nat pool dynamic-srcnat 0.0.0.0 0.0.0.0 @@ -333,6 +330,8 @@ ip access-list session machine_scsd ! ip access-list session apprf-guest-sacl ! +ip access-list session apprf-denyall-sacl +! ip access-list session visitor_byod any network 192.168.0.0 255.255.0.0 any deny any any udp 53 permit @@ -1218,6 +1217,10 @@ interface vlan 304 ip address 10.4.112.7 255.255.240.0 ! +interface vlan 305 + ip address 10.5.112.7 255.255.240.0 +! + interface vlan 306 ip address 10.6.112.7 255.255.240.0 ! @@ -1374,6 +1377,10 @@ interface vlan 360 ip address 10.60.112.7 255.255.240.0 ! +interface vlan 366 + ip address 10.66.112.7 255.255.240.0 +! + interface vlan 386 ip address 10.86.112.7 255.255.240.0 ! @@ -1390,6 +1397,10 @@ interface vlan 404 ip address 10.4.128.7 255.255.240.0 ! +interface vlan 405 + ip address 10.5.128.7 255.255.240.0 +! + interface vlan 406 ip address 10.6.128.7 255.255.240.0 ! @@ -1546,6 +1557,10 @@ interface vlan 460 ip address 10.60.128.7 255.255.240.0 ! +interface vlan 466 + ip address 10.66.128.7 255.255.240.0 +! + interface vlan 486 ip address 10.86.128.7 255.255.240.0 ! @@ -1556,22 +1571,6 @@ interface vlan 1024 ip nat inside ! -interface vlan 366 - ip address 10.66.112.7 255.255.240.0 -! - -interface vlan 466 - ip address 10.66.128.7 255.255.240.0 -! - -interface vlan 305 - ip address 10.5.112.7 255.255.240.0 -! - -interface vlan 405 - ip address 10.5.128.7 255.255.240.0 -! - ! uplink health-check ! @@ -1701,17 +1700,6 @@ crypto dynamic-map default-dynamicmap 10000 crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap -crypto-local ipsec-map default-ha-ipsecmap10.1.35.12 9999 - version v2 - set ikev2-policy 10015 - peer-ip 10.1.35.12 - src-net 10.1.35.11 255.255.255.255 - dst-net 10.1.35.12 255.255.255.255 - set transform-set "default-ha-transform" - factory-cert-auth - trusted -! - crypto-local ipsec-map default-ha-ipsecmap10.1.35.14 9999 version v2 set ikev2-policy 10015 @@ -1723,6 +1711,17 @@ crypto-local ipsec-map default-ha-ipsecmap10.1.35.14 9999 trusted ! +crypto-local ipsec-map default-ha-ipsecmap10.1.35.12 9999 + version v2 + set ikev2-policy 10015 + peer-ip 10.1.35.12 + src-net 10.1.35.11 255.255.255.255 + dst-net 10.1.35.12 255.255.255.255 + set transform-set "default-ha-transform" + factory-cert-auth + trusted +! + crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-mschapv2