Compare commits
10 Commits
c0deee05b1
...
de44fac9da
| Author | SHA1 | Date | |
|---|---|---|---|
| de44fac9da | |||
| db299df555 | |||
| fff97834e8 | |||
| 50184cce83 | |||
| 69599d109e | |||
| ff2e71dbb4 | |||
| c9d5bb4403 | |||
| cf6608d1b6 | |||
| 7c26299a03 | |||
| 1d5eaaee46 |
@ -108,9 +108,6 @@ vlan 101
|
||||
vlan 107
|
||||
name Syracuse_Community_Health_Cente
|
||||
description Syracuse Community Health Center
|
||||
vlan 114
|
||||
name mgmt-sh-noc
|
||||
description Aruba Management vlan114
|
||||
vlan 140
|
||||
name FortiWeb
|
||||
description FortiWeb
|
||||
@ -541,7 +538,7 @@ spanning-tree
|
||||
spanning-tree priority 2
|
||||
spanning-tree trap topology-change instance 0
|
||||
spanning-tree ignore-pvid-inconsistency
|
||||
spanning-tree vlan 3,5,6,10,12,18,20,21,30,35,40,45,48,50,70,72,99,101,107,114,140,150,151,164,168,172,175-179,200,203,230,252,254,302-310,313-316,320-325,327-330,333,334,336,337,340-342,344-349,351,353-357,360,366,386,402-410,413-416,420-425,427-430,433,434,436,437,440-442,444-449,451,453-457,460,466,486,500-509,511-519,525,699,811-813,995,999,1180,1202,1251,1254,1256,1261,1262,1811-1814,3000
|
||||
spanning-tree vlan 3,5,6,10,12,18,20,21,30,35,40,45,48,50,70,72,99,101,107,140,150,151,164,168,172,175-179,200,203,230,252,254,302-310,313-316,320-325,327-330,333,334,336,337,340-342,344-349,351,353-357,360,366,386,402-410,413-416,420-425,427-430,433,434,436,437,440-442,444-449,451,453-457,460,466,486,500-509,511-519,525,699,811-813,995,999,1180,1202,1251,1254,1256,1261,1262,1811-1814,3000
|
||||
spanning-tree vlan 3 priority 4
|
||||
spanning-tree vlan 5 priority 4
|
||||
spanning-tree vlan 6 priority 4
|
||||
@ -561,7 +558,6 @@ spanning-tree vlan 72 priority 4
|
||||
spanning-tree vlan 99 priority 4
|
||||
spanning-tree vlan 101 priority 4
|
||||
spanning-tree vlan 107 priority 4
|
||||
spanning-tree vlan 114 priority 4
|
||||
spanning-tree vlan 140 priority 4
|
||||
spanning-tree vlan 150 priority 4
|
||||
spanning-tree vlan 151 priority 4
|
||||
@ -1144,15 +1140,6 @@ interface vlan 107
|
||||
active-gateway ip mac 02:00:00:00:00:01
|
||||
active-gateway ip 10.1.107.1
|
||||
ip ospf 1 area 0.0.0.0
|
||||
interface vlan 114
|
||||
description Access Control
|
||||
shutdown
|
||||
ip address 192.168.114.2/24
|
||||
active-gateway ip mac 02:00:00:00:00:01
|
||||
active-gateway ip 192.168.114.1
|
||||
ip helper-address 10.1.40.20
|
||||
ip helper-address 10.21.48.20
|
||||
ip ospf 1 area 0.0.0.0
|
||||
interface vlan 140
|
||||
description FortiWeb
|
||||
ip address 10.1.140.2/24
|
||||
|
||||
@ -107,9 +107,6 @@ vlan 101
|
||||
vlan 107
|
||||
name Syracuse_Community_Health_Cente
|
||||
description Syracuse Community Health Center
|
||||
vlan 114
|
||||
name mgmt-sh-noc
|
||||
description Aruba Management vlan114
|
||||
vlan 140
|
||||
name FortiWeb
|
||||
description FortiWeb
|
||||
@ -542,7 +539,7 @@ spanning-tree
|
||||
spanning-tree priority 2
|
||||
spanning-tree trap topology-change instance 0
|
||||
spanning-tree ignore-pvid-inconsistency
|
||||
spanning-tree vlan 3,5,6,10,12,18,20,21,30,35,40,45,48,50,70,72,99,101,107,114,140,150,151,164,168,172,175-179,200,203,230,252,254,302-310,313-316,320-325,327-330,333,334,336,337,340-342,344-349,351,353-357,360,366,386,402-410,413-416,420-425,427-430,433,434,436,437,440-442,444-449,451,453-457,460,466,486,500-509,511-519,525,699,811-814,995,999,1180,1202,1251,1254,1256,1261,1262,1811-1814,3000
|
||||
spanning-tree vlan 3,5,6,10,12,18,20,21,30,35,40,45,48,50,70,72,99,101,107,140,150,151,164,168,172,175-179,200,203,230,252,254,302-310,313-316,320-325,327-330,333,334,336,337,340-342,344-349,351,353-357,360,366,386,402-410,413-416,420-425,427-430,433,434,436,437,440-442,444-449,451,453-457,460,466,486,500-509,511-519,525,699,811-814,995,999,1180,1202,1251,1254,1256,1261,1262,1811-1814,3000
|
||||
spanning-tree vlan 3 priority 4
|
||||
spanning-tree vlan 5 priority 4
|
||||
spanning-tree vlan 6 priority 4
|
||||
@ -562,7 +559,6 @@ spanning-tree vlan 72 priority 4
|
||||
spanning-tree vlan 99 priority 4
|
||||
spanning-tree vlan 101 priority 4
|
||||
spanning-tree vlan 107 priority 4
|
||||
spanning-tree vlan 114 priority 4
|
||||
spanning-tree vlan 140 priority 4
|
||||
spanning-tree vlan 150 priority 4
|
||||
spanning-tree vlan 151 priority 4
|
||||
@ -1124,15 +1120,6 @@ interface vlan 107
|
||||
active-gateway ip mac 02:00:00:00:00:01
|
||||
active-gateway ip 10.1.107.1
|
||||
ip ospf 1 area 0.0.0.0
|
||||
interface vlan 114
|
||||
description Access Control
|
||||
shutdown
|
||||
ip address 192.168.114.3/24
|
||||
active-gateway ip mac 02:00:00:00:00:01
|
||||
active-gateway ip 192.168.114.1
|
||||
ip helper-address 10.1.40.20
|
||||
ip helper-address 10.21.48.20
|
||||
ip ospf 1 area 0.0.0.0
|
||||
interface vlan 140
|
||||
description FortiWeb
|
||||
ip address 10.1.140.3/24
|
||||
|
||||
@ -106,9 +106,6 @@ vlan 72
|
||||
vlan 99
|
||||
name CT_ITTech
|
||||
description CT_ITTech
|
||||
vlan 101
|
||||
name mgmt-ct-noc
|
||||
description Aruba Management vlan
|
||||
vlan 107
|
||||
name Syracuse_Community_Health_Cente
|
||||
description Syracuse Community Health Center
|
||||
@ -540,7 +537,7 @@ spanning-tree
|
||||
spanning-tree priority 2
|
||||
spanning-tree trap topology-change instance 0
|
||||
spanning-tree ignore-pvid-inconsistency
|
||||
spanning-tree vlan 3,5,6,10,12,18,20,21,30,35,40,45,48,50,70,72,99,101,107,114,140,150,151,164,168,172,175-179,200,203,230,252,254,302-310,313-316,320-325,327-330,333,334,336,337,340-342,344-349,351,353-357,360,366,386,402-410,413-416,420-425,427-430,433,434,436,437,440-442,444-449,451,453-457,460,466,486,500-509,521-529,531-539,699,811,812,995,999,1202,1251,1254,1256,1261,1262,1811,1812,2180,2999,3000
|
||||
spanning-tree vlan 3,5,6,10,12,18,20,21,30,35,40,45,48,50,70,72,99,107,114,140,150,151,164,168,172,175-179,200,203,230,252,254,302-310,313-316,320-325,327-330,333,334,336,337,340-342,344-349,351,353-357,360,366,386,402-410,413-416,420-425,427-430,433,434,436,437,440-442,444-449,451,453-457,460,466,486,500-509,521-529,531-539,699,811,812,995,999,1202,1251,1254,1256,1261,1262,1811,1812,2180,2999,3000
|
||||
spanning-tree vlan 3 priority 5
|
||||
spanning-tree vlan 5 priority 5
|
||||
spanning-tree vlan 6 priority 5
|
||||
@ -558,7 +555,6 @@ spanning-tree vlan 50 priority 5
|
||||
spanning-tree vlan 70 priority 5
|
||||
spanning-tree vlan 72 priority 5
|
||||
spanning-tree vlan 99 priority 5
|
||||
spanning-tree vlan 101 priority 5
|
||||
spanning-tree vlan 107 priority 5
|
||||
spanning-tree vlan 114 priority 5
|
||||
spanning-tree vlan 140 priority 5
|
||||
@ -802,7 +798,7 @@ interface lag 248 multi-chassis
|
||||
no shutdown
|
||||
no routing
|
||||
vlan trunk native 699 tag
|
||||
vlan trunk allowed 1,3,5-6,10,12,18,21,30,35,40,45,48,50,70,72,99,101,107,114,140,150-151,164,172,175-179,200,203,230,252,254,302-304,306-310,313-316,320-325,328-330,333-334,336-337,340-342,344-345,347-349,351,353-357,360,386,402-404,406-410,413-416,420-425,427-430,433-434,436-437,440-442,444-445,447-449,451,453-457,460,486,500-509,525,699,995,999,2999-3000
|
||||
vlan trunk allowed 1,3,5-6,10,12,18,21,30,35,40,45,48,50,70,72,99,107,114,140,150-151,164,172,175-179,200,203,230,252,254,302-304,306-310,313-316,320-325,328-330,333-334,336-337,340-342,344-345,347-349,351,353-357,360,386,402-404,406-410,413-416,420-425,427-430,433-434,436-437,440-442,444-445,447-449,451,453-457,460,486,500-509,525,699,995,999,2999-3000
|
||||
lacp mode active
|
||||
interface lag 249 multi-chassis
|
||||
description iLo-a LAG
|
||||
@ -823,7 +819,7 @@ interface lag 253 multi-chassis
|
||||
no shutdown
|
||||
no routing
|
||||
vlan trunk native 699
|
||||
vlan trunk allowed 35,101,164,2999
|
||||
vlan trunk allowed 35,164,2999
|
||||
lacp mode active
|
||||
interface lag 255 multi-chassis
|
||||
description DCI Lag
|
||||
|
||||
@ -104,9 +104,6 @@ vlan 72
|
||||
vlan 99
|
||||
name CT_ITTech
|
||||
description CT_ITTech
|
||||
vlan 101
|
||||
name mgmt-ct-noc
|
||||
description Aruba Management vlan
|
||||
vlan 107
|
||||
name Syracuse_Community_Health_Cente
|
||||
description Syracuse Community Health Center
|
||||
@ -538,7 +535,7 @@ spanning-tree
|
||||
spanning-tree priority 2
|
||||
spanning-tree trap topology-change instance 0
|
||||
spanning-tree ignore-pvid-inconsistency
|
||||
spanning-tree vlan 3,5,6,10,12,18,20,21,30,35,40,45,48,50,70,72,99,101,107,114,140,150,151,164,168,172,175-179,200,203,230,252,254,302-310,313-316,320-325,327-330,333,334,336,337,340-342,344-349,351,353-357,360,366,386,402-410,413-416,420-425,427-430,433,434,436,437,440-442,444-449,451,453-457,460,466,486,500-509,521-529,531-539,699,811,812,995,999,1202,1251,1254,1256,1261,1262,1811,1812,2180,2999,3000
|
||||
spanning-tree vlan 3,5,6,10,12,18,20,21,30,35,40,45,48,50,70,72,99,107,114,140,150,151,164,168,172,175-179,200,203,230,252,254,302-310,313-316,320-325,327-330,333,334,336,337,340-342,344-349,351,353-357,360,366,386,402-410,413-416,420-425,427-430,433,434,436,437,440-442,444-449,451,453-457,460,466,486,500-509,521-529,531-539,699,811,812,995,999,1202,1251,1254,1256,1261,1262,1811,1812,2180,2999,3000
|
||||
spanning-tree vlan 3 priority 5
|
||||
spanning-tree vlan 5 priority 5
|
||||
spanning-tree vlan 6 priority 5
|
||||
@ -556,7 +553,6 @@ spanning-tree vlan 50 priority 5
|
||||
spanning-tree vlan 70 priority 5
|
||||
spanning-tree vlan 72 priority 5
|
||||
spanning-tree vlan 99 priority 5
|
||||
spanning-tree vlan 101 priority 5
|
||||
spanning-tree vlan 107 priority 5
|
||||
spanning-tree vlan 114 priority 5
|
||||
spanning-tree vlan 140 priority 5
|
||||
@ -801,7 +797,7 @@ interface lag 248 multi-chassis
|
||||
no shutdown
|
||||
no routing
|
||||
vlan trunk native 699 tag
|
||||
vlan trunk allowed 1,3,5-6,10,12,18,21,30,35,40,45,48,50,70,72,99,101,107,114,140,150-151,164,172,175-179,200,203,230,252,254,302-304,306-310,313-316,320-325,328-330,333-334,336-337,340-342,344-345,347-349,351,353-357,360,386,402-404,406-410,413-416,420-425,427-430,433-434,436-437,440-442,444-445,447-449,451,453-457,460,486,500-509,525,699,995,999,2999-3000
|
||||
vlan trunk allowed 1,3,5-6,10,12,18,21,30,35,40,45,48,50,70,72,99,107,114,140,150-151,164,172,175-179,200,203,230,252,254,302-304,306-310,313-316,320-325,328-330,333-334,336-337,340-342,344-345,347-349,351,353-357,360,386,402-404,406-410,413-416,420-425,427-430,433-434,436-437,440-442,444-445,447-449,451,453-457,460,486,500-509,525,699,995,999,2999-3000
|
||||
lacp mode active
|
||||
interface lag 249 multi-chassis
|
||||
description iLo-a LAG
|
||||
@ -822,7 +818,7 @@ interface lag 253 multi-chassis
|
||||
no shutdown
|
||||
no routing
|
||||
vlan trunk native 699
|
||||
vlan trunk allowed 35,101,164,2999
|
||||
vlan trunk allowed 35,164,2999
|
||||
lacp mode active
|
||||
interface lag 255 multi-chassis
|
||||
description DCI Lag
|
||||
@ -1035,8 +1031,8 @@ interface vlan 107
|
||||
ip ospf 1 area 0.0.0.0
|
||||
interface vlan 114
|
||||
description Shea Noc mgmt
|
||||
ip address 192.168.114.254/24
|
||||
active-gateway ip mac 02:00:00:00:00:01
|
||||
ip address 192.168.114.253/24
|
||||
active-gateway ip mac 02:00:00:00:22:01
|
||||
active-gateway ip 192.168.114.1
|
||||
ip helper-address 10.1.40.20
|
||||
ip helper-address 10.21.48.20
|
||||
|
||||
@ -934,8 +934,10 @@ interface 1/1/19
|
||||
vlan trunk allowed 529
|
||||
interface 1/1/20
|
||||
description aruba-wlc-a_0/0/2
|
||||
no shutdown
|
||||
lag 20
|
||||
interface 1/1/21
|
||||
no shutdown
|
||||
lag 21
|
||||
interface 1/1/32
|
||||
description Uplink LAG shea-noc-6300-sw1
|
||||
|
||||
@ -921,9 +921,11 @@ interface 1/1/19
|
||||
vlan trunk allowed 539
|
||||
interface 1/1/20
|
||||
description aruba-wlc-a_0/0/3
|
||||
no shutdown
|
||||
lag 20
|
||||
interface 1/1/21
|
||||
description aruba-wlc-b_0/0/3
|
||||
no shutdown
|
||||
lag 21
|
||||
interface 1/1/32
|
||||
description Uplink LAG shea-noc-6300-sw2
|
||||
|
||||
@ -113,10 +113,10 @@ time-range periodic night-hours
|
||||
Weekday 18:01 to 23:59
|
||||
Weekday 00:00 to 07:59
|
||||
!
|
||||
ip access-list session apprf-scsd_vr-sacl
|
||||
!
|
||||
ip access-list session apprf-switch-logon-sacl
|
||||
!
|
||||
ip access-list session apprf-scsd_vr-sacl
|
||||
!
|
||||
ip access-list session svp-acl
|
||||
any any svc-svp permit queue high
|
||||
user host 224.0.1.116 any permit
|
||||
@ -266,19 +266,19 @@ ip access-list session stateful-dot1x
|
||||
any any svc-dns permit
|
||||
any any svc-dhcp permit
|
||||
!
|
||||
ip access-list session SCSD_VR
|
||||
!
|
||||
ip access-list session cplogout
|
||||
user alias controller svc-https dst-nat 8081
|
||||
!
|
||||
ip access-list session SCSD_VR
|
||||
!
|
||||
ip access-list session scsd-dns-10
|
||||
any network 10.0.0.0 255.0.0.0 udp 53 permit
|
||||
!
|
||||
ip access-list session apprf-visitor_byod-sacl
|
||||
!
|
||||
ip access-list session SCSD_VR_Headset
|
||||
Description: "Virtual Reality Headsets"
|
||||
!
|
||||
ip access-list session apprf-visitor_byod-sacl
|
||||
!
|
||||
ip access-list session wificalling-acl
|
||||
any any tcp 443 permit
|
||||
!
|
||||
@ -364,9 +364,6 @@ ip access-list session v6-ap-acl
|
||||
ip access-list session wificalling-block
|
||||
any alias wificalling-block any deny
|
||||
!
|
||||
ip access-list session SCSD-IoT
|
||||
any host 10.1.31.14 any permit
|
||||
!
|
||||
ip access-list session apprf-default-via-role-sacl
|
||||
!
|
||||
ip access-list session v6-allowall
|
||||
@ -377,6 +374,9 @@ ip access-list session apprf-default-iap-user-role-sacl
|
||||
ip access-list session v6-icmp-acl
|
||||
ipv6 any any svc-v6-icmp permit
|
||||
!
|
||||
ip access-list session SCSD-IoT
|
||||
any host 10.1.31.14 any permit
|
||||
!
|
||||
ip access-list session validuser
|
||||
network 127.0.0.0 255.0.0.0 any any deny
|
||||
network 169.254.0.0 255.255.0.0 any any deny
|
||||
@ -475,11 +475,6 @@ ip access-list session deny_internal_byod
|
||||
any network 192.168.0.0 255.255.0.0 any deny
|
||||
any any any permit
|
||||
!
|
||||
ip access-list session SCAD_Deny_Internal
|
||||
any network 192.168.0.0 255.255.0.0 any deny
|
||||
any network 10.0.0.0 255.0.0.0 any deny
|
||||
any network 172.16.0.0 255.240.0.0 any deny
|
||||
!
|
||||
ip access-list session captiveportalbridge
|
||||
user alias localip svc-https dual-nat pool localip 8081
|
||||
user any svc-http dual-nat pool localip 8080
|
||||
@ -514,6 +509,11 @@ ip access-list session control
|
||||
any any svc-natt permit
|
||||
any any tcp 6633 permit
|
||||
!
|
||||
ip access-list session SCAD_Deny_Internal
|
||||
any network 192.168.0.0 255.255.0.0 any deny
|
||||
any network 10.0.0.0 255.0.0.0 any deny
|
||||
any network 172.16.0.0 255.240.0.0 any deny
|
||||
!
|
||||
ip access-list session apprf-student_byod-sacl
|
||||
!
|
||||
ip access-list session apprf-staff_scsd-sacl
|
||||
|
||||
@ -113,10 +113,10 @@ time-range periodic night-hours
|
||||
Weekday 18:01 to 23:59
|
||||
Weekday 00:00 to 07:59
|
||||
!
|
||||
ip access-list session apprf-scsd_vr-sacl
|
||||
!
|
||||
ip access-list session apprf-switch-logon-sacl
|
||||
!
|
||||
ip access-list session apprf-scsd_vr-sacl
|
||||
!
|
||||
ip access-list session svp-acl
|
||||
any any svc-svp permit queue high
|
||||
user host 224.0.1.116 any permit
|
||||
@ -266,19 +266,19 @@ ip access-list session stateful-dot1x
|
||||
any any svc-dns permit
|
||||
any any svc-dhcp permit
|
||||
!
|
||||
ip access-list session SCSD_VR
|
||||
!
|
||||
ip access-list session cplogout
|
||||
user alias controller svc-https dst-nat 8081
|
||||
!
|
||||
ip access-list session SCSD_VR
|
||||
!
|
||||
ip access-list session scsd-dns-10
|
||||
any network 10.0.0.0 255.0.0.0 udp 53 permit
|
||||
!
|
||||
ip access-list session apprf-visitor_byod-sacl
|
||||
!
|
||||
ip access-list session SCSD_VR_Headset
|
||||
Description: "Virtual Reality Headsets"
|
||||
!
|
||||
ip access-list session apprf-visitor_byod-sacl
|
||||
!
|
||||
ip access-list session wificalling-acl
|
||||
any any tcp 443 permit
|
||||
!
|
||||
@ -364,9 +364,6 @@ ip access-list session v6-ap-acl
|
||||
ip access-list session wificalling-block
|
||||
any alias wificalling-block any deny
|
||||
!
|
||||
ip access-list session SCSD-IoT
|
||||
any host 10.1.31.14 any permit
|
||||
!
|
||||
ip access-list session apprf-default-via-role-sacl
|
||||
!
|
||||
ip access-list session v6-allowall
|
||||
@ -377,6 +374,9 @@ ip access-list session apprf-default-iap-user-role-sacl
|
||||
ip access-list session v6-icmp-acl
|
||||
ipv6 any any svc-v6-icmp permit
|
||||
!
|
||||
ip access-list session SCSD-IoT
|
||||
any host 10.1.31.14 any permit
|
||||
!
|
||||
ip access-list session validuser
|
||||
network 127.0.0.0 255.0.0.0 any any deny
|
||||
network 169.254.0.0 255.255.0.0 any any deny
|
||||
@ -475,11 +475,6 @@ ip access-list session deny_internal_byod
|
||||
any network 192.168.0.0 255.255.0.0 any deny
|
||||
any any any permit
|
||||
!
|
||||
ip access-list session SCAD_Deny_Internal
|
||||
any network 192.168.0.0 255.255.0.0 any deny
|
||||
any network 10.0.0.0 255.0.0.0 any deny
|
||||
any network 172.16.0.0 255.240.0.0 any deny
|
||||
!
|
||||
ip access-list session captiveportalbridge
|
||||
user alias localip svc-https dual-nat pool localip 8081
|
||||
user any svc-http dual-nat pool localip 8080
|
||||
@ -514,6 +509,11 @@ ip access-list session control
|
||||
any any svc-natt permit
|
||||
any any tcp 6633 permit
|
||||
!
|
||||
ip access-list session SCAD_Deny_Internal
|
||||
any network 192.168.0.0 255.255.0.0 any deny
|
||||
any network 10.0.0.0 255.0.0.0 any deny
|
||||
any network 172.16.0.0 255.240.0.0 any deny
|
||||
!
|
||||
ip access-list session apprf-student_byod-sacl
|
||||
!
|
||||
ip access-list session apprf-staff_scsd-sacl
|
||||
|
||||
@ -113,10 +113,10 @@ time-range periodic night-hours
|
||||
Weekday 18:01 to 23:59
|
||||
Weekday 00:00 to 07:59
|
||||
!
|
||||
ip access-list session apprf-scsd_vr-sacl
|
||||
!
|
||||
ip access-list session apprf-switch-logon-sacl
|
||||
!
|
||||
ip access-list session apprf-scsd_vr-sacl
|
||||
!
|
||||
ip access-list session svp-acl
|
||||
any any svc-svp permit queue high
|
||||
user host 224.0.1.116 any permit
|
||||
@ -266,19 +266,19 @@ ip access-list session stateful-dot1x
|
||||
any any svc-dns permit
|
||||
any any svc-dhcp permit
|
||||
!
|
||||
ip access-list session SCSD_VR
|
||||
!
|
||||
ip access-list session cplogout
|
||||
user alias controller svc-https dst-nat 8081
|
||||
!
|
||||
ip access-list session SCSD_VR
|
||||
!
|
||||
ip access-list session scsd-dns-10
|
||||
any network 10.0.0.0 255.0.0.0 udp 53 permit
|
||||
!
|
||||
ip access-list session apprf-visitor_byod-sacl
|
||||
!
|
||||
ip access-list session SCSD_VR_Headset
|
||||
Description: "Virtual Reality Headsets"
|
||||
!
|
||||
ip access-list session apprf-visitor_byod-sacl
|
||||
!
|
||||
ip access-list session wificalling-acl
|
||||
any any tcp 443 permit
|
||||
!
|
||||
@ -364,9 +364,6 @@ ip access-list session v6-ap-acl
|
||||
ip access-list session wificalling-block
|
||||
any alias wificalling-block any deny
|
||||
!
|
||||
ip access-list session SCSD-IoT
|
||||
any host 10.1.31.14 any permit
|
||||
!
|
||||
ip access-list session apprf-default-via-role-sacl
|
||||
!
|
||||
ip access-list session v6-allowall
|
||||
@ -377,6 +374,9 @@ ip access-list session apprf-default-iap-user-role-sacl
|
||||
ip access-list session v6-icmp-acl
|
||||
ipv6 any any svc-v6-icmp permit
|
||||
!
|
||||
ip access-list session SCSD-IoT
|
||||
any host 10.1.31.14 any permit
|
||||
!
|
||||
ip access-list session validuser
|
||||
network 127.0.0.0 255.0.0.0 any any deny
|
||||
network 169.254.0.0 255.255.0.0 any any deny
|
||||
@ -475,11 +475,6 @@ ip access-list session deny_internal_byod
|
||||
any network 192.168.0.0 255.255.0.0 any deny
|
||||
any any any permit
|
||||
!
|
||||
ip access-list session SCAD_Deny_Internal
|
||||
any network 192.168.0.0 255.255.0.0 any deny
|
||||
any network 10.0.0.0 255.0.0.0 any deny
|
||||
any network 172.16.0.0 255.240.0.0 any deny
|
||||
!
|
||||
ip access-list session captiveportalbridge
|
||||
user alias localip svc-https dual-nat pool localip 8081
|
||||
user any svc-http dual-nat pool localip 8080
|
||||
@ -514,6 +509,11 @@ ip access-list session control
|
||||
any any svc-natt permit
|
||||
any any tcp 6633 permit
|
||||
!
|
||||
ip access-list session SCAD_Deny_Internal
|
||||
any network 192.168.0.0 255.255.0.0 any deny
|
||||
any network 10.0.0.0 255.0.0.0 any deny
|
||||
any network 172.16.0.0 255.240.0.0 any deny
|
||||
!
|
||||
ip access-list session apprf-student_byod-sacl
|
||||
!
|
||||
ip access-list session apprf-staff_scsd-sacl
|
||||
|
||||
@ -7,9 +7,7 @@ clock timezone America/New_York -05 0
|
||||
!
|
||||
location "Building1.floor1"
|
||||
controller config 700
|
||||
crypto-local pki ServerCert scsd_wc2_full_2025 Star-Exp042025-fullchain.pfx
|
||||
crypto-local pki ServerCert scsd_wc2_full_2026 StarCert-Ex03_26_fullchain.pfx
|
||||
crypto-local pki ServerCert scsd_wildcard_2025 StartCert-Expire042025.pfx
|
||||
crypto-local pki ServerCert scsd_wildcard_2026 StarCert-Ex03_26_fullchain.pfx
|
||||
crypto-local pki PublicCert master-ssh-pub-cert master-ssh-pub-cert
|
||||
ip nat pool dynamic-srcnat 0.0.0.0 0.0.0.0
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user