version 6.2 hostname "company-controller-1" clock timezone 0 location "Company Schwandorf" controller config 83 ip cp-redirect-address 192.168.2.10 ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0 ip access-list eth validuserethacl permit any ! netservice svc-netbios-dgm udp 138 netservice svc-snmp-trap udp 162 netservice svc-pcoip2-tcp tcp 4172 netservice svc-syslog udp 514 netservice svc-l2tp udp 1701 netservice svc-ike udp 500 netservice svc-https tcp 443 netservice svc-smb-tcp tcp 445 netservice svc-dhcp udp 67 68 alg dhcp netservice svc-citrix tcp 2598 netservice svc-pptp tcp 1723 netservice svc-ica tcp 1494 netservice svc-sccp tcp 2000 alg sccp netservice svc-telnet tcp 23 netservice svc-sec-papi udp 8209 netservice svc-lpd tcp 515 netservice svc-netbios-ssn tcp 139 netservice svc-sip-tcp tcp 5060 netservice svc-kerberos udp 88 netservice svc-tftp udp 69 alg tftp netservice svc-http-proxy3 tcp 8888 netservice svc-noe udp 32512 alg noe netservice svc-cfgm-tcp tcp 8211 netservice svc-adp udp 8200 netservice svc-pop3 tcp 110 netservice svc-pcoip-tcp tcp 50002 netservice svc-pcoip-udp udp 50002 netservice svc-rtsp tcp 554 alg rtsp netservice svc-msrpc-tcp tcp 135 139 netservice svc-dns udp 53 alg dns netservice vnc tcp 5900 5905 netservice svc-h323-udp udp 1718 1719 netservice svc-h323-tcp tcp 1720 netservice svc-vocera udp 5002 alg vocera netservice svc-http tcp 80 netservice svc-http-proxy2 tcp 8080 netservice svc-sip-udp udp 5060 netservice svc-nterm tcp 1026 1028 netservice svc-noe-oxo udp 5000 alg noe netservice svc-papi udp 8211 netservice svc-natt udp 4500 netservice svc-ftp tcp 21 alg ftp netservice svc-microsoft-ds tcp 445 netservice svc-svp 119 alg svp netservice svc-smtp tcp 25 netservice svc-gre 47 netservice web tcp list "80 443" netservice svc-netbios-ns udp 137 netservice svc-sips tcp 5061 alg sips netservice svc-smb-udp udp 445 netservice svc-ipp-tcp tcp 631 netservice svc-esp 50 netservice svc-v6-dhcp udp 546 547 netservice svc-snmp udp 161 netservice svc-bootp udp 67 69 netservice svc-pcoip2-udp udp 4172 netservice svc-msrpc-udp udp 135 139 netservice svc-ntp udp 123 netservice svc-icmp 1 netservice svc-ipp-udp udp 631 netservice svc-ssh tcp 22 netservice svc-v6-icmp 58 netservice svc-http-proxy1 tcp 3128 netservice svc-vmware-rdp tcp 3389 netdestination company_RAP_home_tunneled_subnets network 192.168.25.0 255.255.255.0 ! netdestination test network 192.168.25.0 255.255.255.0 ! netdestination internal-network description "lan" network 192.168.25.0 255.255.255.0 network 192.168.1.0 255.255.255.0 ! netexthdr default ! time-range night-hours periodic weekday 18:01 to 23:59 weekday 00:00 to 07:59 ! time-range weekend periodic weekend 00:00 to 23:59 ! time-range working-hours periodic weekday 08:00 to 18:00 ! ip access-list session v6-icmp-acl ipv6 any any svc-v6-icmp permit ! ip access-list session control any any svc-papi permit any any svc-sec-papi permit user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-cfgm-tcp permit any any svc-adp permit any any svc-tftp permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session allow-diskservices any any svc-netbios-dgm permit any any svc-netbios-ssn permit any any svc-microsoft-ds permit any any svc-netbios-ns permit ! ip access-list session Clearpass-web-ACL user host 192.168.1.228 svc-http permit user host 192.168.1.228 svc-https permit user host 192.168.88.225 svc-https permit user host 192.168.88.225 svc-http permit ! ip access-list session validuser network 169.254.0.0 255.255.0.0 any any deny any any any permit ipv6 host fe80:: any any deny ipv6 any any any permit ! ip access-list session v6-https-acl ipv6 any any svc-https permit ! ip access-list session vocera-acl any any svc-vocera permit queue high ! ip access-list session vmware-acl any any svc-vmware-rdp permit tos 46 dot1p-priority 6 any any svc-pcoip-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip-udp permit tos 46 dot1p-priority 6 any any svc-pcoip2-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip2-udp permit tos 46 dot1p-priority 6 ! ip access-list session v6-control ipv6 any any svc-papi permit ipv6 any any svc-sec-papi permit ipv6 user any udp 547 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-dns permit ipv6 any any svc-cfgm-tcp permit ipv6 any any svc-adp permit ipv6 any any svc-tftp permit ipv6 any any svc-dhcp permit ipv6 any any svc-natt permit ! ip access-list session icmp-acl any any svc-icmp permit ! ip access-list session v6-dhcp-acl ipv6 any any svc-v6-dhcp permit ! ip access-list session captiveportal user alias controller svc-https dst-nat 8081 user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 user any svc-http-proxy1 dst-nat 8088 user any svc-http-proxy2 dst-nat 8088 user any svc-http-proxy3 dst-nat 8088 ! ip access-list session v6-dns-acl ipv6 any any svc-dns permit ! ip access-list session allowall any any any permit ipv6 any any any permit ! ip access-list session https-acl any any svc-https permit ! ip access-list session sip-acl any any svc-sip-udp permit queue high any any svc-sip-tcp permit queue high ! ip access-list session ra-guard ipv6 user any icmpv6 rtr-adv deny ! ip access-list session dns-acl any any svc-dns permit ! ip access-list session citrix-acl any any svc-citrix permit tos 46 dot1p-priority 6 any any svc-ica permit tos 46 dot1p-priority 6 ! ip access-list session split-tunnel1 any any svc-dhcp permit user alias test any permit alias test user any permit user any any route src-nat ! ip access-list session CP6-web-ACL user host 192.168.88.225 svc-http permit user host 192.168.88.225 svc-https permit ! ip access-list session v6-allowall ipv6 any any any permit ! ip access-list session tftp-acl any any svc-tftp permit ! ip access-list session skinny-acl any any svc-sccp permit queue high ! ip access-list session srcnat user any any src-nat ! ip access-list session vpnlogon user any svc-ike permit user any svc-esp permit any any svc-l2tp permit any any svc-pptp permit any any svc-gre permit ! ip access-list session logon-control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session allow-printservices any any svc-lpd permit any any svc-ipp-tcp permit any any svc-ipp-udp permit ! ip access-list session cplogout user alias controller svc-https dst-nat 8081 ! ip access-list session RemoteAP-Access any any svc-l2tp permit any any svc-gre permit any any svc-papi permit any alias mswitch svc-tftp permit any alias mswitch svc-ftp permit ! ip access-list session iaprole any host 192.168.2.10 any src-nat any any any permit ! ip access-list session v6-http-acl ipv6 any any svc-http permit ! ip access-list session http-acl any any svc-http permit ! ip access-list session dhcp-acl any any svc-dhcp permit ! ip access-list session captiveportal6 ipv6 user alias controller6 svc-https captive ipv6 user any svc-http captive ipv6 user any svc-https captive ipv6 user any svc-http-proxy1 captive ipv6 user any svc-http-proxy2 captive ipv6 user any svc-http-proxy3 captive ! ip access-list session company_RAP_home_firewall user alias company_RAP_home_tunneled_subnets any permit user any any route src-nat ! ip access-list session split-tunnel any any svc-dhcp permit ! ip access-list session ap-uplink-acl any any udp 68 permit any any svc-icmp permit any host 224.0.0.251 udp 5353 permit ! ip access-list session dynamic-session-acl any any any src-nat pool dynamic-srcnat ! ip access-list session noe-acl any any svc-noe permit queue high ! ip access-list session svp-acl any any svc-svp permit queue high user host 224.0.1.116 any permit ! ip access-list session ap-acl any any svc-gre permit any any svc-syslog permit any user svc-snmp permit user any svc-snmp-trap permit user any svc-ntp permit user alias controller svc-ftp permit ! ip access-list session v6-ap-acl ipv6 any any svc-gre permit ipv6 any any svc-syslog permit ipv6 any user svc-snmp permit ipv6 user any svc-snmp-trap permit ipv6 user any svc-ntp permit ipv6 user alias controller6 svc-ftp permit ! ip access-list session v6-logon-control ipv6 user any udp 68 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-v6-dhcp permit ipv6 any any svc-dns permit ! ip access-list session h323-acl any any svc-h323-tcp permit queue high any any svc-h323-udp permit queue high ! vpn-dialer default-dialer ike authentication PRE-SHARE f482f09483bcc03d43c797041b9112d7de6be7886eeb8b4a ! user-role company_allow_all access-list session allowall ! user-role ap-role access-list session control access-list session ap-acl access-list session v6-control access-list session v6-ap-acl ! user-role RemoteAP access-list session RemoteAP-Access ! user-role Company-GAST-guest-logon captive-portal "Company-GAST-cp_prof" access-list session logon-control access-list session captiveportal ! user-role default-vpn-role access-list session allowall access-list session v6-allowall ! user-role sysadmin access-list session allowall ! user-role voice access-list session sip-acl access-list session noe-acl access-list session svp-acl access-list session vocera-acl access-list session skinny-acl access-list session h323-acl access-list session dhcp-acl access-list session tftp-acl access-list session dns-acl access-list session icmp-acl ! user-role default-via-role access-list session allowall ! user-role Clearpass-onboard captive-portal "Clearpass-onboard" access-list session CP6-web-ACL access-list session logon-control access-list session captiveportal ! user-role Company-GAST-logon access-list session logon-control access-list session captiveportal access-list session vpnlogon ! user-role iaprole access-list session iaprole ! user-role guest-logon captive-portal "default" access-list session logon-control access-list session captiveportal access-list session v6-logon-control access-list session captiveportal6 ! user-role guest access-list session http-acl access-list session https-acl access-list session dhcp-acl access-list session icmp-acl access-list session dns-acl access-list session v6-http-acl access-list session v6-https-acl access-list session v6-dhcp-acl access-list session v6-icmp-acl access-list session v6-dns-acl ! user-role stateful-dot1x ! user-role authenticated access-list session allowall access-list session v6-allowall ! user-role company_RAP_home_default_role access-list session company_RAP_home_firewall ! user-role rap-test access-list session split-tunnel1 ! user-role Clearpass-Login captive-portal "Aruba_admin" access-list session Clearpass-web-ACL access-list session logon-control access-list session captiveportal ! user-role logon captive-portal "NoAuthCPProfile" access-list session logon-control access-list session captiveportal access-list session vpnlogon access-list session v6-logon-control access-list session captiveportal6 ! ! controller-ip vlan 25 interface mgmt shutdown ! dialer group evdo_us init-string ATQ0V1E0 dial-string ATDT#777 ! dialer group gsm_us init-string AT+CGDCONT=1,"IP","ISP.CINGULAR" dial-string ATD*99# ! dialer group gsm_asia init-string AT+CGDCONT=1,"IP","internet" dial-string ATD*99***1# ! dialer group vivo_br init-string AT+CGDCONT=1,"IP","zap.vivo.com.br" dial-string ATD*99# ! vlan 25 vlan 30 vlan 88 vlan 999 vlan 1000 interface gigabitethernet 1/0 description "GE1/0" trusted trusted vlan 1-4094 switchport access vlan 999 ! interface gigabitethernet 1/1 description "GE1/1" trusted trusted vlan 1-4094 switchport access vlan 25 ! interface gigabitethernet 1/2 description "GE1/2" trusted trusted vlan 1-4094 switchport access vlan 25 ! interface gigabitethernet 1/3 description "GE1/3" trusted trusted vlan 1-4094 switchport access vlan 1000 ! interface gigabitethernet 1/4 description "GE1/4" trusted trusted vlan 1-4094 switchport access vlan 25 ! interface gigabitethernet 1/5 description "GE1/5" trusted trusted vlan 1-4094 switchport mode trunk switchport access vlan 25 switchport trunk allowed vlan 25,30,88 ! interface gigabitethernet 1/6 description "GE1/6" trusted trusted vlan 1-4094 switchport access vlan 25 ! interface gigabitethernet 1/7 description "GE1/7" trusted trusted vlan 1-4094 ! interface vlan 25 ip address 192.168.2.10 255.255.255.0 operstate up description "Management-VLAN" ! interface vlan 1 ip address 10.10.10.200 255.255.255.0 ! interface vlan 30 operstate up ! interface vlan 88 ip address 192.168.88.253 255.255.255.0 ! interface vlan 999 ip address 10.0.0.200 255.255.255.0 ! interface vlan 1000 ip address pppoe ip pppoe-username feste-ip12/3TBDBKUL5EII@t-online-com.de ip pppoe-password e8e188d5a087c2978b79e675a1223bb8dc63cbd8e8087f6d ip pppoe-service-name T-Business ! ip default-gateway 10.10.10.254 ip default-gateway 192.168.25.254 ip route 10.0.1.0 255.255.255.0 10.0.0.254 no uplink wired vlan 1 uplink disable ap mesh-recovery-profile cluster RecoveryOGR19ImDKIIqI+Lb wpa-hexkey ec559f91cc4fcacdae426a77f320c045639264205b040ac5255445bda1c8f167680618d9d8933ec03e3047f00c20f8aa53eacce5fda97fb8e8f088df8890507ad98c30193d4ab9a0469c48ad5cf77c8b crypto isakmp policy 1 ! crypto isakmp policy 20 encryption aes256 ! crypto isakmp key "c171e5f2800f68048634ee510a281311c684cd1afc1ef387" address 0.0.0.0 netmask 0.0.0.0 crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac crypto dynamic-map default-dynamicmap 10000 set transform-set "default-transform" "default-aes" ! crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-mschapv2 ip local pool "RAP_IP_Pool" 192.168.25.220 192.168.25.230 vpdn group l2tp client configuration dns 192.168.1.1 192.168.1.13 ! ! snmp-server community "aruba" snmp-server community "public" vpdn group pptp ! tunneled-node-address 0.0.0.0 adp discovery enable adp igmp-join enable adp igmp-vlan 0 voice rtcp-inactivity disable voice alg-based-cac enable voice sip-midcall-req-timeout disable ap ap-blacklist-time 3600 mgmt-user admin root 78c0f77a01f93e211bbdedfae91a55f994efe3775cbc5e6e34 mgmt-user gast guest-provisioning a58cd1cc01c9ff90bbd8466defb83bf667a0f699c177a2e801 ntp server 192.53.103.108 ntp server 192.53.103.104 iburst ntp server 192.168.1.1 no database synchronize database synchronize rf-plan-data ip mobile domain default ! ip igmp ! ipv6 mld ! no firewall attack-rate cp 1024 ipv6 firewall ext-hdr-parse-len 100 ! ! firewall cp packet-capture-defaults tcp disable udp disable interprocess disable sysmsg disable other disable ! ip domain lookup ! country DE aaa rfc-3576-server "192.168.1.228" key 717175da129a7389f1a2f631933c6bae4f8843d2efae9b0a ! aaa rfc-3576-server "192.168.88.225" key da1f7d2d6f84d2fbf52581b76ebca77069146a50813a5bdb ! aaa rfc-3576-server "192.168.88.253" ! aaa authentication mac "default" ! aaa authentication dot1x "default" no validate-pmkid ! aaa authentication dot1x "dot1x_prof-acq48" no validate-pmkid ! aaa authentication dot1x "dot1x_prof-ejs74" ! aaa authentication dot1x "dot1x_prof-emb90" termination enable termination eap-type eap-peap termination inner-eap-type eap-mschapv2 ! aaa authentication dot1x "dot1x_prof-pds01" termination enable termination eap-type eap-peap termination inner-eap-type eap-mschapv2 ! aaa authentication dot1x "dot1x_prof-tyd31" no validate-pmkid termination enable termination eap-type eap-peap termination inner-eap-type eap-mschapv2 ! aaa authentication-server radius "clearpass" host "192.168.88.225" key 1fc6e6dc0eef5f6865290e8b2f2cb26141ee47368a136e00 nas-ip 192.168.88.253 ! aaa authentication-server radius "clearpass-onboard" host "192.168.88.225" key 1c5a450a65eba948fce4a85a049b628b56e01e2e1dfcec79 nas-ip 192.168.88.253 ! aaa authentication-server radius "S01" host "192.168.1.1" key b743e3f7e6fcc6d00e7e4332e79554b88c2adba978aa3441 ! aaa server-group "Clearpass-Group" auth-server clearpass ! aaa server-group "Clearpass-Onboard" auth-server clearpass-onboard ! aaa server-group "default" auth-server Internal set role condition role value-of ! aaa server-group "NoAuthsrvGroup" auth-server S01 ! aaa server-group "rap-test-ssid_srvgrp-smn02" auth-server S01 ! aaa server-group "rap-test_srvgrp-sts74" auth-server S01 ! aaa server-group "Company-GAST_srvgrp-xqo36" auth-server Internal ! aaa server-group "Company-WLAN_srvgrp-icz46" auth-server S01 ! aaa server-group "Company_Radius_Server" auth-server S01 ! aaa server-group "voice_srvgrp-ygv97" auth-server S01 ! aaa authentication via connection-profile "default" ! aaa authentication via web-auth "default" ! aaa authentication via global-config ! aaa profile "802.1xSSID" authentication-mac "default" mac-server-group "Clearpass-Group" radius-accounting "Clearpass-Group" rfc-3576-server "192.168.1.228" rfc-3576-server "192.168.88.225" ! aaa profile "aaa_prof-hgd54" initial-role "company_allow_all" ! aaa profile "aaa_prof-jyf62" initial-role "RemoteAP" ! aaa profile "aaa_prof-xoo65" initial-role "company_RAP_home_default_role" ! aaa profile "Clearpass-Guest" initial-role "Clearpass-Login" authentication-mac "default" mac-server-group "Clearpass-Group" radius-accounting "Clearpass-Group" radius-interim-accounting rfc-3576-server "192.168.88.225" ! aaa profile "clearpass-onboard" initial-role "Clearpass-onboard" authentication-mac "default" mac-server-group "Clearpass-Onboard" radius-interim-accounting ! aaa profile "Clearpass-Profile" initial-role "Clearpass-Login" authentication-mac "default" mac-server-group "Clearpass-Group" dot1x-default-role "Clearpass-Login" radius-accounting "Clearpass-Group" radius-interim-accounting rfc-3576-server "192.168.1.228" rfc-3576-server "192.168.88.225" ! aaa profile "default" ! aaa profile "rap-test-aaa_prof" authentication-dot1x "dot1x_prof-ejs74" dot1x-default-role "company_allow_all" dot1x-server-group "rap-test_srvgrp-sts74" ! aaa profile "rap-test-ssid-aaa_prof" authentication-dot1x "dot1x_prof-emb90" dot1x-default-role "company_allow_all" dot1x-server-group "rap-test-ssid_srvgrp-smn02" ! aaa profile "Company-GAST-aaa_prof" initial-role "Company-GAST-guest-logon" ! aaa profile "Company-WLAN-aaa_prof" authentication-dot1x "dot1x_prof-acq48" dot1x-default-role "company_allow_all" dot1x-server-group "Company-WLAN_srvgrp-icz46" ! aaa profile "voice-aaa_prof" authentication-dot1x "dot1x_prof-pds01" dot1x-server-group "voice_srvgrp-ygv97" radius-accounting "voice_srvgrp-ygv97" ! aaa authentication captive-portal "Aruba_admin" server-group "Clearpass-Group" auth-protocol MSCHAPv2 login-page "http://192.168.88.225/guest/guest_register_1_login.php" ! aaa authentication captive-portal "Clearpass-onboard" server-group "Clearpass-Onboard" auth-protocol MSCHAPv2 login-page "https://192.168.88.225/guest/device_provisioning.php" ! aaa authentication captive-portal "Clearpass-onboard-cp_prof" server-group "Clearpass-Onboard" ! aaa authentication captive-portal "default" server-group "Company_Radius_Server" welcome-page "/upload/custom/default/Company-Welcome.htm" ! aaa authentication captive-portal "NoAuthCPProfile" server-group "NoAuthsrvGroup" welcome-page "/upload/custom/NoAuthCPProfile/Company-Welcome.htm" ! aaa authentication captive-portal "Company-GAST-cp_prof" server-group "Company-GAST_srvgrp-xqo36" login-page "/upload/custom/Company-GAST-cp_prof/Company-Gaesteportal3.htm" welcome-page "/upload/custom/Company-GAST-cp_prof/Company-Welcome.htm" ! aaa authentication wispr "default" ! aaa authentication vpn "default" default-role "company_allow_all" ! aaa authentication vpn "default-iap" default-role "iaprole" ! aaa authentication vpn "default-rap" ! aaa authentication mgmt ! aaa authentication stateful-ntlm "default" ! aaa authentication stateful-kerberos "default" ! aaa authentication stateful-dot1x ! aaa authentication via auth-profile "default" ! aaa authentication wired ! web-server ! guest-access-email smtp-server 192.168.1.1 ! voice logging ! voice dialplan-profile "default" ! voice real-time-config ! voice sip ! aaa password-policy mgmt ! control-plane-security no cpsec-enable ! ids management-profile ! ids wms-general-profile poll-retries 3 ! ids wms-local-system-profile ! ids ap-rule-matching ! valid-network-oui-profile ! qos-profile "default" ! policer-profile "default" ! ap system-profile "apsys_prof-lvf18" ! ap system-profile "apsys_prof-psh60" session-acl "allowall" dns-domain "company.local" lms-ip 87.xxx.xxx.xxx rap-local-network-access ! ap system-profile "default" telnet ! ap system-profile "company_RAP_AP_SYS_PROFILE" lms-ip 10.0.0.200 ! ap regulatory-domain-profile "default" country-code DE valid-11g-channel 1 valid-11g-channel 6 valid-11g-channel 11 valid-11a-channel 36 valid-11a-channel 40 valid-11a-channel 44 valid-11a-channel 48 valid-11a-channel 52 valid-11a-channel 56 valid-11a-channel 60 valid-11a-channel 64 valid-11a-channel 100 valid-11a-channel 104 valid-11a-channel 108 valid-11a-channel 112 valid-11a-channel 116 valid-11a-channel 120 valid-11a-channel 124 valid-11a-channel 128 valid-11a-channel 132 valid-11a-channel 136 valid-11a-channel 140 valid-11g-40mhz-channel-pair 1-5 valid-11g-40mhz-channel-pair 7-11 valid-11a-40mhz-channel-pair 36-40 valid-11a-40mhz-channel-pair 44-48 valid-11a-40mhz-channel-pair 52-56 valid-11a-40mhz-channel-pair 60-64 valid-11a-40mhz-channel-pair 100-104 valid-11a-40mhz-channel-pair 108-112 valid-11a-40mhz-channel-pair 116-120 valid-11a-40mhz-channel-pair 124-128 valid-11a-40mhz-channel-pair 132-136 ! ap wired-ap-profile "default" ! ap wired-ap-profile "wap_prof-ila79" wired-ap-enable ! ap wired-ap-profile "wap_prof-jzh41" wired-ap-enable ! ap wired-ap-profile "wap_prof-lfs79" ! ap wired-ap-profile "wap_prof-nri06" wired-ap-enable ! ap wired-ap-profile "wap_prof-pcd94" wired-ap-enable ! ap wired-ap-profile "wap_prof-roi98" wired-ap-enable ! ap enet-link-profile "default" ! ap enet-link-profile "elink_prof-cmd56" ! ap enet-link-profile "elink_prof-eaw86" ! ap enet-link-profile "elink_prof-gck81" ! ap enet-link-profile "elink_prof-mtc03" ! ap enet-link-profile "elink_prof-ysa88" ! ap mesh-ht-ssid-profile "default" ! ap lldp med-network-policy-profile "default" ! ap mesh-cluster-profile "default" ! ap lldp profile "default" ! ap mesh-radio-profile "default" ! ap wired-port-profile "default" ! ap wired-port-profile "wport_prof-bfn19" wired-ap-profile "wap_prof-ila79" enet-link-profile "elink_prof-mtc03" aaa-profile "aaa_prof-jyf62" ! ap wired-port-profile "wport_prof-fvt38" wired-ap-profile "wap_prof-pcd94" enet-link-profile "elink_prof-gck81" aaa-profile "aaa_prof-hgd54" ! ap wired-port-profile "wport_prof-rsi15" wired-ap-profile "wap_prof-ila79" enet-link-profile "elink_prof-mtc03" aaa-profile "aaa_prof-jyf62" ! ap wired-port-profile "wport_prof-wts84" wired-ap-profile "wap_prof-jzh41" enet-link-profile "elink_prof-eaw86" aaa-profile "aaa_prof-xoo65" ! ids general-profile "default" ! ids rate-thresholds-profile "default" ! ids signature-profile "default" ! ids impersonation-profile "default" ! ids unauthorized-device-profile "default" ! ids signature-matching-profile "default" signature "Deauth-Broadcast" signature "Disassoc-Broadcast" ! ids dos-profile "default" ! ids profile "default" ! rf arm-profile "arm-maintain" assignment maintain no scanning ! rf arm-profile "arm-scan" ps-aware-scan ! rf arm-profile "default" ps-aware-scan ! rf optimization-profile "default" ! rf event-thresholds-profile "default" ! rf am-scan-profile "default" ! rf dot11a-radio-profile "default" ! rf dot11a-radio-profile "rp-maintain-a" arm-profile "arm-maintain" ! rf dot11a-radio-profile "rp-monitor-a" mode am-mode ! rf dot11a-radio-profile "rp-scan-a" arm-profile "arm-scan" ! rf dot11g-radio-profile "default" ! rf dot11g-radio-profile "rp-maintain-g" arm-profile "arm-maintain" ! rf dot11g-radio-profile "rp-monitor-g" mode am-mode ! rf dot11g-radio-profile "rp-scan-g" arm-profile "arm-scan" ! wlan handover-trigger-profile "default" ! wlan rrm-ie-profile "default" ! wlan bcn-rpt-req-profile "default" ! wlan tsm-req-profile "default" ! wlan voip-cac-profile "default" ! wlan voip-cac-profile "voice-ssid-prof" call-admission-control send-sip-100-trying wmm-tspec-enforcement ! wlan ht-ssid-profile "Clearpass-onboard" ! wlan ht-ssid-profile "default" ! wlan ht-ssid-profile "rap-test-htssid_prof" ! wlan ht-ssid-profile "rap-test-ssid-htssid_prof" ! wlan ht-ssid-profile "Company-GAST-htssid_prof" ! wlan ht-ssid-profile "Company-WLAN-htssid_prof" ! wlan ht-ssid-profile "voice-htssid_prof" ! wlan wmm-traffic-management-profile "WMM-Test" enable-shaping ! wlan edca-parameters-profile station "default" ! wlan edca-parameters-profile station "test" ! wlan edca-parameters-profile ap "default" ! wlan edca-parameters-profile ap "test" ! wlan dot11k-profile "default" ! wlan ssid-profile "default" essid "Clearpass-onboard" wmm-vo-dscp "56" wmm-vi-dscp "40" wmm-be-dscp "24" wmm-bk-dscp "8" ! wlan ssid-profile "Onboard" essid "Clearpass-onboard" wpa-passphrase 622ae2013d976aaaf5170127165335ea221c72c0f049957d ht-ssid-profile "Clearpass-onboard" ! wlan ssid-profile "rap-test-ssid-ssid_prof" essid "rap-test-ssid" opmode wpa2-aes ht-ssid-profile "rap-test-ssid-htssid_prof" ! wlan ssid-profile "rap-test-ssid_prof" essid "rap-test" opmode wpa2-aes ht-ssid-profile "rap-test-htssid_prof" ! wlan ssid-profile "Company-GAST-ssid_prof" essid "Company-GAST" wmm-vo-dscp "56" wmm-vi-dscp "40" wmm-be-dscp "24" wmm-bk-dscp "8" ht-ssid-profile "Company-GAST-htssid_prof" ! wlan ssid-profile "Company-WLAN-ssid_prof" essid "Company-WLAN" opmode wpa2-aes wmm-vo-dscp "56" wmm-vi-dscp "40" wmm-be-dscp "24" wmm-bk-dscp "8" ht-ssid-profile "Company-WLAN-htssid_prof" ! wlan ssid-profile "voice-ssid_prof" essid "voice" opmode wpa2-psk-aes wmm wmm-override-dscp-mapping wmm-vo-dscp "56" wmm-vi-dscp "40" wmm-be-dscp "24" wmm-bk-dscp "8" wpa-passphrase 56fd6fa723a3aca974e2c7cb955cafd6cedeb2e18eb184dd edca-parameters-profile station "test" edca-parameters-profile ap "test" ht-ssid-profile "voice-htssid_prof" advertise-ap-name ! wlan virtual-ap "Clearpass-onboard" aaa-profile "clearpass-onboard" ssid-profile "Onboard" vlan 88 ! wlan virtual-ap "default" ! wlan virtual-ap "rap-test-ssid-vap_prof" aaa-profile "rap-test-ssid-aaa_prof" ssid-profile "rap-test-ssid-ssid_prof" vlan 25 forward-mode split-tunnel ! wlan virtual-ap "rap-test-vap_prof" aaa-profile "Company-WLAN-aaa_prof" ssid-profile "rap-test-ssid_prof" vlan 25 ! wlan virtual-ap "rap-vap-profile" aaa-profile "Company-WLAN-aaa_prof" ssid-profile "Company-WLAN-ssid_prof" vlan 25 ! wlan virtual-ap "Company-GAST-vap_prof" aaa-profile "Clearpass-Guest" ssid-profile "Company-GAST-ssid_prof" vlan 88 ! wlan virtual-ap "Company-WLAN-vap_prof" aaa-profile "Company-WLAN-aaa_prof" ssid-profile "Company-WLAN-ssid_prof" vlan 30 band-steering ! wlan virtual-ap "voice-vap_prof" aaa-profile "voice-aaa_prof" ssid-profile "voice-ssid_prof" vlan 30 band-steering wmm-traffic-management-profile "WMM-Test" ! ap provisioning-profile "default" ! rf arm-rf-domain-profile arm-rf-domain-key "aef43d92c480f76f1b13cb6b9e873561" ! ap spectrum local-override ! ap-group "default" ! ap-group "company_RAP_home" virtual-ap "Company-GAST-vap_prof" virtual-ap "Company-WLAN-vap_prof" virtual-ap "rap-test-vap_prof" enet1-port-profile "wport_prof-fvt38" enet3-port-profile "wport_prof-wts84" ap-system-profile "company_RAP_AP_SYS_PROFILE" authorization-profile "default" ! ap-group "company_RAP_test" virtual-ap "rap-test-ssid-vap_prof" virtual-ap "Company-WLAN-vap_prof" virtual-ap "Company-GAST-vap_prof" virtual-ap "voice-vap_prof" enet3-port-profile "wport_prof-rsi15" ap-system-profile "apsys_prof-psh60" ! ap-group "company_WLAN_GROUP" virtual-ap "Company-WLAN-vap_prof" virtual-ap "Company-GAST-vap_prof" virtual-ap "Clearpass-onboard" virtual-ap "voice-vap_prof" ap-system-profile "apsys_prof-lvf18" ! logging level debugging security process authmgr logging level warnings security subcat ids logging level warnings security subcat ids-ap logging level debugging security subcat vpn snmp-server enable trap process monitor log end