(JVLArubaCtrl) #show config netdestination SecureACS host 192.168.84.170 host 10.12.100.210 ! netdestination DomainControllers host 192.168.1.1 host 192.168.1.2 ! netexthdr default ! time-range night-hours periodic weekday 18:01 to 23:59 weekday 00:00 to 07:59 ! time-range weekend periodic weekend 00:00 to 23:59 ! time-range working-hours periodic weekday 08:00 to 18:00 ! time-range Guest_Access periodic weekday 00:00 to 06:59 weekday 19:01 to 23:59 weekend 00:00 to 23:59 ! time-range night-hours periodic weekday 18:01 to 23:59 weekday 00:00 to 07:59 ! time-range weekend periodic weekend 00:00 to 23:59 ! time-range working-hours periodic weekday 08:00 to 18:00 ! time-range Guest_Access periodic weekday 00:00 to 06:59 weekday 19:01 to 23:59 weekend 00:00 to 23:59 ! ip access-list session v6-icmp-acl ipv6 any any svc-v6-icmp permit ! ip access-list session control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-papi permit any any svc-sec-papi permit any any svc-cfgm-tcp permit any any svc-adp permit any any svc-tftp permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session allow-diskservices any any svc-netbios-dgm permit any any svc-netbios-ssn permit any any svc-microsoft-ds permit any any svc-netbios-ns permit ! ip access-list session RAP_Access any alias DomainControllers svc-dns permit any alias DomainControllers svc-icmp permit any alias DomainControllers any permit ! ip access-list session validuser network 169.254.0.0 255.255.0.0 any any deny any any any permit ipv6 any any any permit ! ip access-list session v6-https-acl ipv6 any any svc-https permit ! ip access-list session vocera-acl any any svc-vocera permit queue high ! ip access-list session vmware-acl ! ip access-list session icmp-acl any any svc-icmp permit ! ip access-list session v6-dhcp-acl ipv6 any any svc-v6-dhcp permit ! ip access-list session captiveportal user alias controller svc-https dst-nat 8081 user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 user any svc-http-proxy1 dst-nat 8088 user any svc-http-proxy2 dst-nat 8088 user any svc-http-proxy3 dst-nat 8088 ! ip access-list session v6-dns-acl ipv6 any any svc-dns permit ! ip access-list session allowall any any any permit ipv6 any any any permit ! ip access-list session SecureACS any alias SecureACS any permit ! ip access-list session https-acl any any svc-https permit ! ip access-list session sip-acl any any svc-sip-udp permit queue high any any svc-sip-tcp permit queue high ! ip access-list session citrix-acl ! ip access-list session ra-guard ipv6 user any icmpv6 rtr-adv deny ! ip access-list session dns-acl any any svc-dns permit ! ip access-list session v6-allowall ipv6 any any any permit ! ip access-list session tftp-acl any any svc-tftp permit ! ip access-list session skinny-acl any any svc-sccp permit queue high ! ip access-list session srcnat user any any src-nat ! ip access-list session vpnlogon user any svc-ike permit user any svc-esp permit any any svc-l2tp permit any any svc-pptp permit any any svc-gre permit ! ip access-list session logon-control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session allow-printservices any any svc-lpd permit any any svc-ipp-tcp permit any any svc-ipp-udp permit ! ip access-list session cplogout user alias controller svc-https dst-nat 8081 ! ip access-list session v6-http-acl ipv6 any any svc-http permit ! ip access-list session http-acl any any svc-http permit ! ip access-list session dhcp-acl any any svc-dhcp permit ! ip access-list session captiveportal6 ipv6 user alias controller6 svc-https captive ipv6 user any svc-http captive ipv6 user any svc-https captive ipv6 user any svc-http-proxy1 captive ipv6 user any svc-http-proxy2 captive ipv6 user any svc-http-proxy3 captive ! ip access-list session ap-uplink-acl any any udp 68 permit any any svc-icmp permit any host 224.0.0.251 udp 5353 permit ! ip access-list session View_Connection any host 10.12.1.30 svc-pcoip-tcp permit any host 10.12.1.30 svc-pcoip-udp permit any host 10.12.1.30 svc-pcoip2-udp permit any host 10.12.1.30 tcp 4172 permit any host 10.12.1.30 svc-https permit any network 10.12.7.0 255.255.255.0 svc-pcoip2-tcp permit any network 10.12.7.0 255.255.255.0 svc-pcoip2-udp permit any network 10.12.7.0 255.255.255.0 svc-pcoip-udp permit ! ip access-list session noe-acl any any svc-noe permit queue high ! ip access-list session svp-acl any any svc-svp permit queue high user host 224.0.1.116 any permit ! ip access-list session ap-acl any any svc-gre permit any any svc-syslog permit any user svc-snmp permit user any svc-snmp-trap permit user any svc-ntp permit user alias controller svc-ftp permit ! ip access-list session v6-logon-control ipv6 user any udp 68 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-v6-dhcp permit ipv6 any any svc-dns permit ! ip access-list session h323-acl any any svc-h323-tcp permit queue high any any svc-h323-udp permit queue high ! aaa derivation-rules user test ! user-role ap-role access-list session control access-list session ap-acl ! user-role denyall ! user-role default-vpn-role pool l2tp VIA_Pool access-list session allowall access-list session v6-allowall ! user-role cpbase ! user-role voice access-list session sip-acl access-list session noe-acl access-list session svp-acl access-list session vocera-acl access-list session skinny-acl access-list session h323-acl access-list session dhcp-acl access-list session tftp-acl access-list session dns-acl access-list session icmp-acl ! user-role default-via-role pool l2tp VIA_Pool access-list session allowall ! user-role guest-logon captive-portal "default" access-list session logon-control access-list session captiveportal access-list session v6-logon-control access-list session captiveportal6 ! user-role guest access-list session http-acl access-list session https-acl access-list session dhcp-acl access-list session icmp-acl access-list session dns-acl access-list session v6-http-acl access-list session v6-https-acl access-list session v6-dhcp-acl access-list session v6-icmp-acl access-list session v6-dns-acl ! user-role stateful-dot1x ! user-role authenticated access-list session allowall access-list session v6-allowall ! user-role VIA_User_Role vlan 848 pool l2tp VIA_Pool via "default" access-list session allowall ! user-role logon access-list session logon-control access-list session captiveportal access-list session vpnlogon access-list session v6-logon-control access-list session captiveportal6 ! user-role RAP_UserRole vlan 848 access-list session View_Connection access-list session RAP_Access access-list session SecureACS ! ! controller-ip vlan 205 interface mgmt shutdown ! interface loopback ip address 10.12.205.6 ! dialer group evdo_us init-string ATQ0V1E0 dial-string ATDT#777 ! dialer group gsm_us init-string AT+CGDCONT=1,"IP","ISP.CINGULAR" dial-string ATD*99# ! dialer group gsm_asia init-string AT+CGDCONT=1,"IP","internet" dial-string ATD*99***1# ! dialer group vivo_br init-string AT+CGDCONT=1,"IP","zap.vivo.com.br" dial-string ATD*99# ! ip local pool "RAP Pool" 1.1.1.5 1.1.1.50 ip local pool "VIA_Pool" 10.15.149.150 10.15.149.200 vpdn group l2tp client configuration dns 192.168.1.1 192.168.1.2 client configuration wins 192.168.1.1 192.168.1.2 ! ip dhcp excluded-address 1.1.1.1 1.1.1.10 ip dhcp pool Guest_Pool default-router 1.1.1.1 dns-server 4.2.2.2 8.8.8.8 lease 0 8 0 0 network 1.1.1.0 255.255.255.0 authoritative ! service dhcp ! tunneled-node-address 0.0.0.0 adp discovery enable adp igmp-join enable adp igmp-vlan 0 no firewall attack-rate cp 1024 ! firewall cp ! firewall cp packet-capture-defaults tcp disable udp disable sysmsg disable other disable ! ip domain lookup ! country US aaa authentication mac "default" ! aaa authentication dot1x "default" ! aaa authentication dot1x "dot1x_prof-chy23" termination enable termination eap-type eap-peap termination inner-eap-type eap-gtc ! aaa authentication dot1x "dot1x_prof-lwh25" ! aaa authentication dot1x "dot1x_prof-wmu85" ! aaa authentication dot1x "HSC_EMP_8021x_AuthProf" ca-cert "GoDaddyBundle" server-cert "ra.e-hps.com" ! aaa authentication dot1x "VIA_802.1X_Auth" machine-authentication machine-default-role "VIA_User_Role" ! ! aaa server-group "default" auth-server Internal set role condition role value-of ! aaa server-group "JVL-Radius-AuthGroup" auth-server hpsjvltacacs auth-server hpsjvltacacs02 ! aaa server-group "RAP_WLAN_srvgrp-lgt35" auth-server hpsjvltacacs auth-server hpsjvltacacs02 ! aaa authentication via connection-profile "default" server addr "ra.e-hps.com" internal-ip 10.12.130.75 desc "Remote Access" position 0 auth-profile "default" position 0 tunnel address 10.12.205.0 netmask 255.255.255.0 tunnel address 192.168.1.0 netmask 255.255.254.0 ikev2-policy "10004" ike-policy "20" no windows-credentials ikev2-proto no validate-server-cert ! aaa authentication via web-auth "default" auth-profile "default" position 0 ! aaa authentication via global-config ssl-fallback-enable ! aaa profile "default" ! aaa profile "Default-guest" initial-role "guest-logon" ! aaa profile "JVL-Radius-Profile" authentication-dot1x "HSC_EMP_8021x_AuthProf" dot1x-default-role "authenticated" dot1x-server-group "JVL-Radius-AuthGroup" radius-accounting "JVL-Radius-AuthGroup" radius-interim-accounting ! aaa profile "RAP_WLAN-aaa_prof" authentication-dot1x "HSC_EMP_8021x_AuthProf" dot1x-default-role "RAP_UserRole" dot1x-server-group "JVL-Radius-AuthGroup" radius-accounting "JVL-Radius-AuthGroup" ! aaa profile "VIA_AAA" authentication-dot1x "VIA_802.1X_Auth" dot1x-server-group "JVL-Radius-AuthGroup" radius-accounting "JVL-Radius-AuthGroup" ! aaa authentication captive-portal "default" redirect-pause 2 no logout-popup-window no enable-welcome-page ! aaa authentication wispr "default" server-group "JVL-Radius-AuthGroup" ! aaa authentication vpn "default" default-role "VIA_User_Role" server-group "JVL-Radius-AuthGroup" ! aaa authentication vpn "default-rap" ! aaa authentication mgmt ! aaa authentication stateful-ntlm "default" ! aaa authentication stateful-kerberos "default" ! aaa authentication stateful-dot1x ! aaa authentication via auth-profile "default" server-group "JVL-Radius-AuthGroup" ! aaa authentication via auth-profile "VIA_Auth_Profile" default-role "VIA_User_Role" server-group "JVL-Radius-AuthGroup" ! aaa authentication wired ! web-server ! papi-security ! voice logging ! voice dialplan-profile "default" ! voice real-time-config ! voice sip ! aaa password-policy mgmt ! control-plane-security auto-cert-prov ! ids management-profile ! ids ap-rule-matching ! valid-network-oui-profile ! ap system-profile "default" ! ap regulatory-domain-profile "default" country-code US valid-11g-channel 1 valid-11g-channel 6 valid-11g-channel 11 valid-11a-channel 36 valid-11a-channel 40 valid-11a-channel 44 valid-11a-channel 48 valid-11a-channel 149 valid-11a-channel 153 valid-11a-channel 157 valid-11a-channel 161 valid-11a-channel 165 valid-11g-40mhz-channel-pair 1-5 valid-11g-40mhz-channel-pair 7-11 valid-11a-40mhz-channel-pair 36-40 valid-11a-40mhz-channel-pair 44-48 valid-11a-40mhz-channel-pair 52-56 valid-11a-40mhz-channel-pair 60-64 valid-11a-40mhz-channel-pair 100-104 valid-11a-40mhz-channel-pair 108-112 valid-11a-40mhz-channel-pair 132-136 valid-11a-40mhz-channel-pair 149-153 valid-11a-40mhz-channel-pair 157-161 ! ap wired-ap-profile "default" wired-ap-enable switchport access vlan 205 trusted ! ap wired-ap-profile "RAP_DataWired" wired-ap-enable switchport access vlan 848 switchport trunk allowed vlan 848 trusted ! ap wired-ap-profile "RAP_VoiceWiredAP" wired-ap-enable switchport access vlan 748 switchport trunk allowed vlan 748 trusted ! ap enet-link-profile "default" ! ap enet-link-profile "EthernetIntLink_PoE" speed 100 duplex full poe ! ap mesh-ht-ssid-profile "default" ! ap mesh-cluster-profile "default" ! ap wired-port-profile "default" ! ap wired-port-profile "RAP_Voice" wired-ap-profile "RAP_VoiceWiredAP" enet-link-profile "EthernetIntLink_PoE" bridge-role "voice" ! ap wired-port-profile "RAP_WiredPort" wired-ap-profile "RAP_DataWired" bridge-role "RAP_UserRole" ! ap mesh-radio-profile "default" ! ids general-profile "default" ! ids rate-thresholds-profile "default" ! ids signature-profile "default" ! ids impersonation-profile "default" ! ids unauthorized-device-profile "default" ! ids signature-matching-profile "default" signature "Deauth-Broadcast" signature "Disassoc-Broadcast" ! ids dos-profile "default" ! ids profile "default" ! rf arm-profile "arm-maintain" assignment maintain no scanning ! rf arm-profile "arm-scan" ! rf arm-profile "default" ! rf optimization-profile "default" ! rf event-thresholds-profile "default" ! rf am-scan-profile "default" ! rf dot11a-radio-profile "default" ! rf dot11a-radio-profile "rp-maintain-a" arm-profile "arm-maintain" ! rf dot11a-radio-profile "rp-monitor-a" mode am-mode ! rf dot11a-radio-profile "rp-scan-a" arm-profile "arm-scan" ! rf dot11g-radio-profile "default" ! rf dot11g-radio-profile "rp-maintain-g" arm-profile "arm-maintain" ! rf dot11g-radio-profile "rp-monitor-g" mode am-mode ! rf dot11g-radio-profile "rp-scan-g" arm-profile "arm-scan" ! wlan dot11k-profile "default" ! wlan dot11k-profile "HSC_802.11K_Profile" dot11k-enable bcn-measurement-mode active-all-ch ! wlan voip-cac-profile "default" ! wlan ht-ssid-profile "default" ! wlan ht-ssid-profile "HSC-EMPL-htssid_prof" ! wlan ht-ssid-profile "HSC_EMPL-htssid_prof" ! wlan ht-ssid-profile "RAP_WLAN-htssid_prof" ! wlan wmm-traffic-management-profile "QoS_Phone" enable-shaping ! wlan edca-parameters-profile station "default" ! wlan edca-parameters-profile ap "default" ! wlan ssid-profile "default" ! wlan ssid-profile "HSC_EMPL-ssid_prof" essid "HSC_EMPL" opmode wpa2-aes ht-ssid-profile "HSC_EMPL-htssid_prof" ! wlan ssid-profile "HSC_Guest" essid "HSC_Guest" ! wlan ssid-profile "RAP_WLAN-ssid_prof" essid "RAP_WLAN" opmode wpa2-aes ht-ssid-profile "RAP_WLAN-htssid_prof" ! wlan virtual-ap "default" ! wlan virtual-ap "HSC_EMPL-vap_prof" allowed-band g aaa-profile "JVL-Radius-Profile" dot11k-profile "HSC_802.11K_Profile" ssid-profile "HSC_EMPL-ssid_prof" vlan 205 ! wlan virtual-ap "HSC_Guest" aaa-profile "Default-guest" ssid-profile "HSC_Guest" vlan 997 deny-time-range "Guest_Access" ! wlan virtual-ap "RAP_WLAN-vap_prof" aaa-profile "JVL-Radius-Profile" ssid-profile "RAP_WLAN-ssid_prof" vlan 848 auth-failure-blacklist-time 60 wmm-traffic-management-profile "QoS_Phone" ! wlan traffic-management-profile "QoS_TMP" ! ap provisioning-profile "default" ! ap provisioning-profile "RAP_ProvisionProfile" remote-ap ! ap spectrum local-override ! ap-group "default" ! ap-group "HSC" virtual-ap "HSC_EMPL-vap_prof" virtual-ap "HSC_Guest" ! ap-group "RAP_Group1" virtual-ap "RAP_WLAN-vap_prof" enet1-port-profile "RAP_WiredPort" enet2-port-profile "RAP_Voice" provisioning-profile "RAP_ProvisionProfile" ! end