(ldswlc02) #show running-config Building Configuration... version 6.5 enable secret "******" enable bypass hostname "ldswlc02" clock timezone PST -5 location "Datacenter Chacarilla" controller config 14 crypto-local pki ServerCert Cert wifiinstant.pem ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0 ip access-list geolocation global-geolocation-acl ! ip access-list eth validuserethacl permit any ! netservice svc-ipp-tcp tcp 631 netservice svc-dhcp udp 67 68 alg dhcp netservice svc-citrix tcp 2598 netservice svc-tftp udp 69 alg tftp netservice svc-netbios-ssn tcp 139 netservice svc-pcoip-udp udp 50002 netservice svc-papi udp 8211 netservice svc-natt udp 4500 netservice svc-ica tcp 1494 netservice svc-smtp tcp 25 netservice svc-msrpc-udp udp 135 139 netservice svc-msrpc-tcp tcp 135 139 netservice svc-syslog udp 514 netservice svc-microsoft-ds tcp 445 netservice svc-lpd tcp 515 netservice svc-cfgm-tcp tcp 8211 netservice svc-http-proxy2 tcp 8080 netservice vnc tcp 5900 5905 netservice svc-telnet tcp 23 netservice svc-bootp udp 67 69 netservice svc-sccp tcp 2000 alg sccp netservice svc-h323-udp udp 1718 1719 netservice svc-web tcp list "80 443" netservice svc-http tcp 80 netservice svc-ipp-udp udp 631 netservice svc-vmware-rdp tcp 3389 netservice svc-esp 50 netservice svc-vocera udp 5002 alg vocera netservice svc-noe-oxo udp 5000 alg noe netservice svc-http-proxy1 tcp 3128 --More-- (q) quit (u) pageup (/) search (n) repeat netservice svc-sec-papi udp 8209 netservice svc-gre 47 netservice svc-rtsp tcp 554 alg rtsp netservice svc-l2tp udp 1701 netservice svc-svp 119 alg svp netservice svc-snmp udp 161 netservice svc-pptp tcp 1723 netservice svc-sip-tcp tcp 5060 netservice svc-icmp 1 netservice svc-smb-tcp tcp 445 netservice svc-ssh tcp 22 netservice svc-v6-icmp 58 netservice svc-pcoip2-tcp tcp 4172 netservice svc-pop3 tcp 110 netservice svc-ntp udp 123 netservice svc-h323-tcp tcp 1720 netservice svc-adp udp 8200 netservice svc-netbios-ns udp 137 netservice svc-v6-dhcp udp 546 547 netservice svc-dns udp 53 alg dns netservice svc-kerberos udp 88 netservice svc-sip-udp udp 5060 netservice svc-http-proxy3 tcp 8888 netservice svc-netbios-dgm udp 138 netservice svc-sips tcp 5061 alg sips netservice svc-snmp-trap udp 162 netservice svc-ike udp 500 netservice svc-nterm tcp 1026 1028 netservice svc-noe udp 32512 alg noe netservice svc-pcoip-tcp tcp 50002 netservice svc-pcoip2-udp udp 4172 netservice svc-ftp tcp 21 alg ftp netservice svc-smb-udp udp 445 netservice svc-https tcp 443 netdestination wificalling-block name pub.3gppnetwork.org name vowifi.com ! netexthdr default ! time-range working-hours periodic weekday 08:00 to 18:00 ! time-range night-hours periodic weekday 18:01 to 23:59 --More-- (q) quit (u) pageup (/) search (n) repeat weekday 00:00 to 07:59 ! time-range weekend periodic weekend 00:00 to 23:59 ! ip access-list session svp-acl any any svc-svp permit queue high user host 224.0.1.116 any permit ! ip access-list session apprf-stateful-dot1x-sacl ! ip access-list session apprf-voice-sacl ! ip access-list session apprf-default-vpn-role-sacl ! ip access-list session logon-control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit any network 169.254.0.0 255.255.0.0 any deny any network 240.0.0.0 240.0.0.0 any deny ! ip access-list session apprf-ldsguestls-cp_prof-sacl ! ip access-list session ap-uplink-acl any any udp 68 permit any any svc-icmp permit any host 224.0.0.251 udp 5353 permit ! ip access-list session vocera-acl any any svc-vocera permit queue high ! ip access-list session icmp-acl any any svc-icmp permit ! ip access-list session http-acl any any svc-http permit ! ip access-list session v6-logon-control ipv6 user any udp 546 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-v6-dhcp permit ipv6 any any svc-dns permit --More-- (q) quit (u) pageup (/) search (n) repeat ipv6 any network fc00::/7 any permit ipv6 any network fe80::/64 any permit ! ip access-list session v6-http-acl ipv6 any any svc-http permit ! ip access-list session apprf-test-cp-sacl ! ip access-list session sip-acl any any svc-sip-udp permit queue high any any svc-sip-tcp permit queue high ! ip access-list session tftp-acl any any svc-tftp permit ! ip access-list session citrix-acl any any svc-citrix permit tos 46 dot1p-priority 6 any any svc-ica permit tos 46 dot1p-priority 6 ! ip access-list session vmware-acl any any svc-vmware-rdp permit tos 46 dot1p-priority 6 any any svc-pcoip-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip-udp permit tos 46 dot1p-priority 6 any any svc-pcoip2-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip2-udp permit tos 46 dot1p-priority 6 ! ip access-list session srcnat user any any src-nat ! ip access-list session ra-guard ipv6 user any icmpv6 rtr-adv deny ! ip access-list session apprf-ldsguesttls-cp_local-sacl ! ip access-list session global-sacl ! ip access-list session apprf-ldsguestls-cp_prof2-sacl ! ip access-list session v6-dhcp-acl ipv6 any any svc-v6-dhcp permit ! ip access-list session apprf-test123-sacl ! ip access-list session cplogout user alias controller svc-https dst-nat 8081 --More-- (q) quit (u) pageup (/) search (n) repeat ! ip access-list session apprf-authenticated-sacl ! ip access-list session wificalling-acl any any tcp 443 permit ! ip access-list session allow-diskservices any any svc-netbios-dgm permit any any svc-netbios-ssn permit any any svc-microsoft-ds permit any any svc-netbios-ns permit ! ip access-list session v6-control ipv6 user any udp 546 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-dns permit ipv6 any any svc-papi permit ipv6 any any svc-sec-papi permit ipv6 any any svc-cfgm-tcp permit ipv6 any any svc-adp permit ipv6 any any svc-tftp permit ipv6 any any svc-dhcp permit ipv6 any any svc-natt permit ! ip access-list session vpnlogon user any svc-ike permit user any svc-esp permit any any svc-l2tp permit any any svc-pptp permit any any svc-gre permit ! ip access-list session apprf-guest-sacl ! ip access-list session wificalling-block any alias wificalling-block any deny ! ip access-list session v6-ap-acl ipv6 any any svc-gre permit ipv6 any any svc-syslog permit ipv6 any user svc-snmp permit ipv6 user any svc-snmp-trap permit ipv6 user any svc-ntp permit ipv6 user any svc-ftp permit ! ip access-list session apprf-default-via-role-sacl --More-- (q) quit (u) pageup (/) search (n) repeat ! ip access-list session v6-icmp-acl ipv6 any any svc-v6-icmp permit ! ip access-list session v6-allowall ipv6 any any any permit ! ip access-list session validuser network 127.0.0.0 255.0.0.0 any any deny network 169.254.0.0 255.255.0.0 any any deny network 224.0.0.0 240.0.0.0 any any deny host 255.255.255.255 any any deny network 240.0.0.0 240.0.0.0 any any deny any any any permit ipv6 host fe80:: any any deny ipv6 network fc00::/7 any any permit ipv6 network fe80::/64 any any permit ipv6 any any any permit ! ip access-list session ldsguestls-cp_prof_new ipv6 user alias controller6 svc-http captive any any any permit user alias controller svc-http dst-nat 8080 ipv6 user any svc-https captive ipv6 user any svc-http captive ipv6 any any svc-v6-icmp permit ipv6 any any svc-v6-dhcp permit user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 any any svc-dns permit any any svc-dhcp permit ! ip access-list session captiveportal user alias controller svc-https dst-nat 8081 user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 user any svc-http-proxy1 dst-nat 8088 user any svc-http-proxy2 dst-nat 8088 user any svc-http-proxy3 dst-nat 8088 ! ip access-list session v6-dns-acl ipv6 any any svc-dns permit ! ip access-list session allowall any any any permit --More-- (q) quit (u) pageup (/) search (n) repeat ipv6 any any any permit ! ip access-list session h323-acl any any svc-h323-tcp permit queue high any any svc-h323-udp permit queue high ! ip access-list session dhcp-acl any any svc-dhcp permit ! ip access-list session v6-https-acl ipv6 any any svc-https permit ! ip access-list session apprf-cpbase-sacl ! ip access-list session apprf-ldsguestls-cp_prof_new-sacl ! ip access-list session allow-printservices any any svc-lpd permit any any svc-ipp-tcp permit any any svc-ipp-udp permit ! ip access-list session skinny-acl any any svc-sccp permit queue high ! ip access-list session https-acl any any svc-https permit ! ip access-list session ap-acl any any svc-gre permit any any svc-syslog permit any user svc-snmp permit user any svc-snmp-trap permit user any svc-ntp permit user any svc-ftp permit ! ip access-list session test123 any any any permit ! ip access-list session control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-papi permit any any svc-sec-papi permit any any svc-cfgm-tcp permit --More-- (q) quit (u) pageup (/) search (n) repeat any any svc-adp permit any any svc-tftp permit any any svc-dhcp permit any any svc-natt permit any any tcp 6633 permit ! ip access-list session captiveportal6 ipv6 user alias controller6 svc-https captive ipv6 user any svc-http captive ipv6 user any svc-https captive ipv6 user any svc-http-proxy1 captive ipv6 user any svc-http-proxy2 captive ipv6 user any svc-http-proxy3 captive ! ip access-list session noe-acl any any svc-noe permit queue high ! ip access-list session dns-acl any any svc-dns permit ! vpn-dialer default-dialer ike authentication PRE-SHARE ****** ! user-role default-via-role access-list session global-sacl access-list session apprf-default-via-role-sacl access-list session allowall ! user-role ldsguesttls-cp_local captive-portal "ldsguesttls-cp_local" access-list session global-sacl access-list session apprf-ldsguesttls-cp_local-sacl ! user-role ap-role access-list session ra-guard access-list session control access-list session ap-acl access-list session v6-control access-list session v6-ap-acl ! user-role test-cp captive-portal "test-cp" access-list session global-sacl access-list session apprf-test-cp-sacl ! --More-- (q) quit (u) pageup (/) search (n) repeat user-role sys-ap-role ! user-role stateful-dot1x access-list session global-sacl access-list session apprf-stateful-dot1x-sacl ! user-role guest-logon captive-portal "default" access-list session ra-guard access-list session logon-control access-list session captiveportal access-list session v6-logon-control access-list session captiveportal6 ! user-role ldsguestls-cp_prof captive-portal "ldsguestls-cp_prof" access-list session global-sacl access-list session apprf-ldsguestls-cp_prof-sacl ! user-role voice access-list session global-sacl access-list session apprf-voice-sacl access-list session ra-guard access-list session sip-acl access-list session noe-acl access-list session svp-acl access-list session vocera-acl access-list session skinny-acl access-list session h323-acl access-list session dhcp-acl access-list session tftp-acl access-list session dns-acl access-list session icmp-acl access-list session wificalling-acl ! user-role default-vpn-role access-list session global-sacl access-list session apprf-default-vpn-role-sacl access-list session ra-guard access-list session allowall access-list session v6-allowall ! user-role logon access-list session ra-guard access-list session logon-control --More-- (q) quit (u) pageup (/) search (n) repeat access-list session captiveportal access-list session vpnlogon access-list session v6-logon-control access-list session captiveportal6 ! user-role cpbase access-list session global-sacl access-list session apprf-cpbase-sacl ! user-role ldsguestls-cp_prof_new captive-portal "ldsguestls-cp_prof" access-list session global-sacl access-list session apprf-ldsguestls-cp_prof_new-sacl access-list session ldsguestls-cp_prof_new ! user-role ldsguestls-cp_prof2 captive-portal "ldsguestls-cp_prof" access-list session global-sacl access-list session apprf-ldsguestls-cp_prof2-sacl access-list session logon-control access-list session captiveportal ! user-role authenticated access-list session global-sacl access-list session apprf-authenticated-sacl access-list session ra-guard access-list session allowall access-list session v6-allowall ! user-role test123 access-list session global-sacl access-list session apprf-test123-sacl access-list session test123 ! user-role denyall ! user-role guest access-list session global-sacl access-list session apprf-guest-sacl access-list session allowall access-list session ra-guard access-list session http-acl access-list session https-acl access-list session dhcp-acl access-list session icmp-acl --More-- (q) quit (u) pageup (/) search (n) repeat access-list session dns-acl access-list session v6-http-acl access-list session v6-https-acl access-list session v6-dhcp-acl access-list session v6-icmp-acl access-list session v6-dns-acl ! user-role default-iap-user-role access-list session allowall ! ! aaa tacacs-accounting server-group TACACS-SVR-GROUP mode enable controller-ip vlan 54 no kernel coredump interface mgmt shutdown ! dialer group evdo_us init-string ATQ0V1E0 dial-string ATDT#777 ! dialer group gsm_us init-string AT+CGDCONT=1,"IP","ISP.CINGULAR" dial-string ATD*99# ! dialer group gsm_asia init-string AT+CGDCONT=1,"IP","internet" dial-string ATD*99***1# ! dialer group vivo_br init-string AT+CGDCONT=1,"IP","zap.vivo.com.br" dial-string ATD*99# ! vlan 8 vlan 21 vlan 35 vlan 54 --More-- (q) quit (u) pageup (/) search (n) repeat vlan 91 interface gigabitethernet 0/0/0 description "GE0/0/0" trusted trusted vlan 1-4094 switchport mode trunk switchport trunk native vlan 54 switchport trunk allowed vlan 8,21,33,35,54,91 ! interface gigabitethernet 0/0/1 description "GE0/0/1" trusted trusted vlan 1-4094 switchport access vlan 54 ! interface gigabitethernet 0/0/2 description "GE0/0/2" trusted trusted vlan 1-4094 switchport access vlan 100 no spanning-tree ! interface gigabitethernet 0/0/3 description "GE0/0/3" trusted trusted vlan 1-4094 switchport access vlan 54 ! interface gigabitethernet 0/0/4 description "GE0/0/4" trusted trusted vlan 1-4094 ! interface gigabitethernet 0/0/5 description "GE0/0/5" trusted trusted vlan 1-4094 ! --More-- (q) quit (u) pageup (/) search (n) repeat interface gigabitethernet 0/0/6 description "GE0/0/6" trusted trusted vlan 1-4094 ! interface gigabitethernet 0/0/7 description "GE0/0/7" trusted trusted vlan 1-4094 ! interface vlan 54 ip address 10.0.2.114 255.255.255.128 ip helper-address 10.100.0.75 ip helper-address 10.110.1.221 ip helper-address 10.0.2.80 operstate up ! interface vlan 1 ! interface vlan 8 ip address 10.113.0.180 255.255.254.0 ip helper-address 10.100.0.75 ip helper-address 10.110.1.221 ip helper-address 10.0.2.80 operstate up ! interface vlan 21 ip address 10.0.5.10 255.255.255.128 ip helper-address 10.100.0.75 ip helper-address 10.110.1.221 ip helper-address 10.0.2.80 operstate up ! interface vlan 35 ip address 10.113.2.7 255.255.255.0 ip helper-address 10.100.0.75 ip helper-address 10.110.1.221 ip helper-address 10.0.2.80 --More-- (q) quit (u) pageup (/) search (n) repeat operstate up ! interface vlan 91 operstate up ! ! ! ip default-gateway 10.0.2.1 no uplink wired vlan 1 uplink disable ip nexthop-list pan-gp-ipsec-map-list ! crypto isakmp policy 20 encryption aes256 ! crypto isakmp policy 10001 ! crypto isakmp policy 10002 encryption aes256 authentication rsa-sig ! crypto isakmp policy 10003 encryption aes256 ! crypto isakmp policy 10004 version v2 encryption aes256 authentication rsa-sig ! crypto isakmp policy 10005 encryption aes256 ! crypto isakmp policy 10006 version v2 encryption aes128 authentication rsa-sig --More-- (q) quit (u) pageup (/) search (n) repeat ! crypto isakmp policy 10007 version v2 encryption aes128 ! crypto isakmp policy 10008 version v2 encryption aes128 hash sha2-256-128 group 19 authentication ecdsa-256 prf prf-hmac-sha256 ! crypto isakmp policy 10009 version v2 encryption aes256 hash sha2-384-192 group 20 authentication ecdsa-384 prf prf-hmac-sha384 ! crypto isakmp policy 10012 version v2 encryption aes256 authentication rsa-sig ! crypto isakmp policy 10013 encryption aes256 ! crypto-local isakmp key "******" address 10.0.2.115 netmask 255.255.255.255 crypto ipsec transform-set default-ha-transform esp-3des esp-sha-hmac crypto ipsec transform-set default-boc-bm-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-1st-ikev2-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-3rd-ikev2-transform esp-aes128 esp-sha-hmac crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac crypto dynamic-map default-rap-ipsecmap 10001 version v2 set transform-set "default-gcm256" "default-gcm128" "default-rap-transform" --More-- (q) quit (u) pageup (/) search (n) repeat ! crypto dynamic-map default-dynamicmap 10000 set transform-set "default-transform" "default-aes" ! crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap crypto-local ipsec-map default-ha-ipsecmap10.0.2.115 9999 disable version v2 set ikev2-policy 10006 peer-ip 10.0.2.115 vlan 0 src-net 10.0.2.114 255.255.255.255 dst-net 10.0.2.115 255.255.255.255 set transform-set "default-ha-transform" pre-connect disable factory-cert-auth disable trusted enable uplink-failover disable ip-compression disable force-natt disable ! localip 10.0.2.115 ipsec 494b18a3cbc335ce8f7076ccb7aa4485dc45ee0521f5cc91 crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-mschapv2 vpdn group l2tp ! ! syslocation "Datacenter Chacarilla" syscontact "TI" snmp-server community "snmprolds" vpdn group pptp ! --More-- (q) quit (u) pageup (/) search (n) repeat tunneled-node-address 0.0.0.0 ap-crash-transfer adp discovery enable adp igmp-join enable adp igmp-vlan 0 voice rtcp-inactivity disable voice alg-based-cac enable voice sip-midcall-req-timeout disable ap ap-blacklist-time 3600 ap flush-r1-on-new-r0 disable amon msg-buffer-size 1400 mgmt-server type amp primary-server 10.0.2.94 profile default-amp stm mon-update-queue 28992 no ssh mgmt-auth public-key ssh mgmt-auth username/password mgmt-user admin root af38871b01b6103aa2bb8ced1722f4c85681226dbc59614224 ntp server 10.0.69.12 database synchronize period 5 ip mobile domain default ! ! ! airgroup mdns "enable" ! airgroup dlna "enable" ! airgroup location-discovery "enable" ! ! airgroup active-wireless-discovery "disable" ! airgroupservice "airplay" id "_airplay._tcp" id "_raop._tcp" id "_appletv-v2._tcp" description "AirPlay" --More-- (q) quit (u) pageup (/) search (n) repeat ! airgroupservice "airprint" id "_ipp._tcp" id "_pdl-datastream._tcp" id "_printer._tcp" id "_scanner._tcp" id "_http._tcp" id "_http-alt._tcp" id "_ipp-tls._tcp" id "_fax-ipp._tcp" id "_riousbprint._tcp" id "_ica-networking._tcp" id "_ptp._tcp" id "_canon-bjnp1._tcp" id "_ipps._tcp" id "_ica-networking2._tcp" description "AirPrint" ! airgroupservice "itunes" id "_home-sharing._tcp" id "_apple-mobdev._tcp" id "_daap._tcp" id "_dacp._tcp" description "iTunes" ! airgroupservice "remotemgmt" id "_ssh._tcp" id "_sftp-ssh._tcp" id "_ftp._tcp" id "_telnet._tcp" id "_rfb._tcp" id "_net-assistant._tcp" description "Remote management" ! airgroupservice "sharing" id "_odisk._tcp" id "_afpovertcp._tcp" id "_xgrid._tcp" description "Sharing" ! airgroupservice "chat" id "_presence._tcp" description "Chat" ! airgroupservice "googlecast" --More-- (q) quit (u) pageup (/) search (n) repeat id "_googlecast._tcp" description "GoogleCast supported by Chromecast etc" ! airgroupservice "AmazonTV" id "_amzn-wplay._tcp" description "Amazon fire tv" ! airgroupservice "DIAL" id "urn:dial-multiscreen-org:service:dial:1" id "urn:dial-multiscreen-org:device:dial:1" description "DIAL supported by Chromecast, FireTV, Roku etc" ! airgroupservice "DLNA Media" id "urn:schemas-upnp-org:device:MediaServer:1" id "urn:schemas-upnp-org:device:MediaServer:2" id "urn:schemas-upnp-org:device:MediaServer:3" id "urn:schemas-upnp-org:device:MediaServer:4" id "urn:schemas-upnp-org:device:MediaRenderer:1" id "urn:schemas-upnp-org:device:MediaRenderer:2" id "urn:schemas-upnp-org:device:MediaRenderer:3" id "urn:schemas-upnp-org:device:MediaPlayer:1" description "Media" ! airgroupservice "DLNA Print" id "urn:schemas-upnp-org:device:Printer:1" id "urn:schemas-upnp-org:service:PrintBasic:1" id "urn:schemas-upnp-org:service:PrintEnhanced:1" description "Print" ! airgroupservice "allowall" description "Remaining-Services" ! airgroup service "airplay" enable ! airgroup service "airprint" enable ! airgroup service "itunes" disable ! airgroup service "remotemgmt" disable ! airgroup service "sharing" disable ! airgroup service "chat" disable ! airgroup service "googlecast" disable --More-- (q) quit (u) pageup (/) search (n) repeat ! airgroup service "AmazonTV" disable ! airgroup service "DIAL" enable ! airgroup service "DLNA Media" disable ! airgroup service "DLNA Print" disable ! airgroup service "allowall" disable ! ip igmp ! ipv6 mld ! firewall attack-rate grat-arp 50 drop ipv6 firewall ext-hdr-parse-len 100 ! ! firewall cp ! ip domain lookup ! ip name-server 10.100.0.75 ip name-server 10.110.1.221 ! country PE aaa rfc-3576-server "10.0.2.80" key 25a13e6defc9cfc90df6a1608256eb45be985400d3e9ec6d ! aaa rfc-3576-server "123" ! aaa authentication mac "AuthMAC_BlackBerry" delimiter colon max-authentication-failures 3 ! aaa authentication mac "default" ! aaa authentication dot1x "802.1.X_LUZDELSUR" timer idrequest_period 10 --More-- (q) quit (u) pageup (/) search (n) repeat timer wpa-key-period 3000 timer wpa2-key-delay 120 reauthentication no opp-key-caching ! aaa authentication dot1x "802.1X_BALCKBERRY" ! aaa authentication dot1x "default" ! aaa authentication dot1x "dot1x_prof-nmu43" termination enable termination eap-type eap-peap termination inner-eap-type eap-mschapv2 ! aaa authentication-server tacacs "TACACS-CPPM" host "10.0.2.80" key f04aa42dbb1a76ab9e2c062f5b2c85afa32580ce484818fb session-authorization ! aaa authentication-server radius "Radius_LDS" host "10.0.2.80" key 40fa5aaec8200e6d9e50869fb37081f6450aa16614f0945b ! aaa server-group "_ldsguest_srvgrp-qbf11" auth-server Radius_LDS ! aaa server-group "default" auth-server Internal set role condition role value-of ! aaa server-group "ldsguestls_srvgrp-izw08" auth-server Radius_LDS ! aaa server-group "SrvGrp_RadiusLDS" auth-server Radius_LDS set role condition Filter-Id value-of ! aaa server-group "TACACS-SVR-GROUP" auth-server TACACS-CPPM set role condition Filter-Id value-of ! aaa server-group "Test_srvgrp-ila26" auth-server Internal ! aaa profile "AAA_BLACKBERRY" --More-- (q) quit (u) pageup (/) search (n) repeat initial-role "denyall" authentication-mac "default" mac-server-group "SrvGrp_RadiusLDS" authentication-dot1x "802.1X_BALCKBERRY" dot1x-server-group "SrvGrp_RadiusLDS" rfc-3576-server "10.0.2.80" ! aaa profile "AAA_INVITADOS" initial-role "guest-logon" authentication-mac "default" mac-server-group "SrvGrp_RadiusLDS" rfc-3576-server "10.0.2.80" ! aaa profile "AAA_LUZDELSUR" mac-default-role "authenticated" authentication-dot1x "802.1.X_LUZDELSUR" dot1x-default-role "authenticated" dot1x-server-group "SrvGrp_RadiusLDS" radius-accounting "SrvGrp_RadiusLDS" rfc-3576-server "10.0.2.80" ! aaa profile "default" ! aaa profile "ldsguestls-aaa_prof" initial-role "guest" authentication-mac "default" mac-server-group "ldsguestls_srvgrp-izw08" ! aaa profile "test" initial-role "guest" ! aaa authentication captive-portal "default" welcome-page "/upload/custom/default/Portal Login.html" ! aaa authentication captive-portal "ldsguestls-cp_prof" server-group "ldsguestls_srvgrp-izw08" redirect-pause 1 no logout-popup-window protocol-http welcome-page "http://www.google.com.pe" switchip-in-redirection-url redirect-url "http://www.google.com" ! aaa authentication captive-portal "ldsguesttls-cp_local" default-role "guest-logon" --More-- (q) quit (u) pageup (/) search (n) repeat redirect-pause 1 no logout-popup-window protocol-http welcome-page "http://www.google.com.pe" switchip-in-redirection-url ! aaa authentication captive-portal "test-cp" ! aaa authentication wispr "default" ! aaa authentication vpn "default" ! aaa authentication vpn "default-rap" ! aaa authentication mgmt default-role "no-access" server-group "TACACS-SVR-GROUP" enable ! aaa authentication stateful-ntlm "default" ! aaa authentication stateful-kerberos "default" ! aaa authentication stateful-dot1x ! aaa authentication wired ! web-server profile switch-cert "LDS2016" captive-portal-cert "Cert" ! guest-access-email ! voice logging ! voice dialplan-profile "default" ! app skype4b traffic-control "default" ! voice real-time-config ! voice wificalling ! voice facetime ! --More-- (q) quit (u) pageup (/) search (n) repeat voice sip ! aaa password-policy mgmt enable password-min-length 8 password-min-uppercase-characters 1 password-min-lowercase-characters 1 password-min-digit 1 password-min-special-character 1 password-not-username password-lock-out 3 password-lock-out-time 30 ! control-plane-security no cpsec-enable ! ids management-profile ! ids wms-general-profile learn-system-wired-macs ! ids wms-local-system-profile ! ids ap-rule-matching ! valid-network-oui-profile ! upgrade-profile ! license profile centralized-licensing-enable ! activate-service-whitelist ! file syncing profile ! papi-security ! ha group-profile "MasterLocal" preemption state-sync pre-shared-key ce8fc9c40dac314785d7bb6f095d358c94ed48a983e3f8a3 heartbeat controller 10.0.2.114 role dual controller 10.0.2.115 role dual --More-- (q) quit (u) pageup (/) search (n) repeat ! ifmap cppm ! pan profile "default" ! pan-options ! pan active-profile ! lcd-menu ! openflow-profile ! aruba-central ! ap system-profile "default" ap-console-password cd69a1d94d5c31808aeec1d521ff3d5f95f24a6356db8e05 bkup-passwords 000f4bc562a3b9bfe305ac2bff7d3db60311c12360429e11 ! ap system-profile "SysChacarilla" lms-ip 10.0.2.114 bkup-lms-ip 10.0.2.115 lms-preemption ap-console-password b57886fc7bbde04bde6d7bef48073163ced93491fa013502 bkup-passwords 0fc0f04fe1784827c888e156aa2112e4d2415b5ad2da70b3 ! ap system-profile "SysSanIsidro" lms-ip 10.0.2.115 bkup-lms-ip 10.0.2.114 lms-preemption ap-console-password effc3e014d5a9003d365972be7f69ce7ea206630d12565f7 bkup-passwords 12980ea184597084bc394b907fb6e4a9454a203e66c770d1 ! ap regulatory-domain-profile "default" country-code CA valid-11g-channel 1 valid-11g-channel 6 valid-11g-channel 11 valid-11a-channel 36 valid-11a-channel 40 valid-11a-channel 44 valid-11a-channel 48 valid-11a-channel 52 valid-11a-channel 56 valid-11a-channel 60 --More-- (q) quit (u) pageup (/) search (n) repeat valid-11a-channel 64 valid-11a-channel 100 valid-11a-channel 104 valid-11a-channel 108 valid-11a-channel 112 valid-11a-channel 116 valid-11a-channel 132 valid-11a-channel 136 valid-11a-channel 140 valid-11a-channel 144 valid-11a-channel 149 valid-11a-channel 153 valid-11a-channel 157 valid-11a-channel 161 valid-11a-channel 165 valid-11g-40mhz-channel-pair 1-5 valid-11g-40mhz-channel-pair 7-11 valid-11a-40mhz-channel-pair 36-40 valid-11a-40mhz-channel-pair 44-48 valid-11a-40mhz-channel-pair 52-56 valid-11a-40mhz-channel-pair 60-64 valid-11a-40mhz-channel-pair 100-104 valid-11a-40mhz-channel-pair 108-112 valid-11a-40mhz-channel-pair 132-136 valid-11a-40mhz-channel-pair 140-144 valid-11a-40mhz-channel-pair 149-153 valid-11a-40mhz-channel-pair 157-161 valid-11a-80mhz-channel-group 36-48 valid-11a-80mhz-channel-group 52-64 valid-11a-80mhz-channel-group 100-112 valid-11a-80mhz-channel-group 132-144 valid-11a-80mhz-channel-group 149-161 valid-11a-160mhz-channel-group 36-64 ! ap wired-ap-profile "default" ! ap enet-link-profile "default" ! ap mesh-ht-ssid-profile "default" ! ap lldp med-network-policy-profile "default" ! ap mesh-cluster-profile "default" ! ap lldp profile "default" --More-- (q) quit (u) pageup (/) search (n) repeat ! ap mesh-radio-profile "default" ! ap wired-port-profile "default" ! ids general-profile "default" ! ids general-profile "Wip_LDS" wired-containment wireless-containment tarpit-non-valid-sta ! ids rate-thresholds-profile "default" ! ids signature-profile "default" ! ids impersonation-profile "default" ! ids impersonation-profile "Wip_LDS" detect-ap-impersonation protect-ap-impersonation detect-beacon-wrong-channel detect-hotspotter ! ids unauthorized-device-profile "default" ! ids unauthorized-device-profile "Wip_LDS" detect-ht-greenfield detect-adhoc-network protect-adhoc-network protect-adhoc-enhanced detect-invalid-mac-oui rogue-containment suspect-rogue-containment suspect-rogue-conf-level 80 no detect-unencrypted-valid-client detect-valid-ssid-misuse protect-ssid protect-windows-bridge detect-wireless-bridge detect-wireless-hosted-network protect-wireless-hosted-network ! ids signature-matching-profile "default" signature "Deauth-Broadcast" signature "Disassoc-Broadcast" --More-- (q) quit (u) pageup (/) search (n) repeat ! ids signature-matching-profile "Wip_LDS" signature "Deauth-Broadcast" signature "Deauth-Broadcast-From-Valid-AP" signature "Disassoc-Broadcast" signature "Disassoc-Broadcast-From-Valid-AP" ! ids dos-profile "default" ! ids dos-profile "Wip_LDS" detect-ht-40mhz-intolerance detect-ap-flood detect-client-flood detect-cts-rate-anomaly detect-invalid-address-combination detect-malformed-association-request detect-malformed-auth-frame detect-malformed-htie detect-malformed-large-duration detect-overflow-eapol-key detect-overflow-ie detect-rts-rate-anomaly ! ids profile "default" unauthorized-device-profile "Wip_LDS" ! ids profile "Wip_LDS" general-profile "Wip_LDS" signature-matching-profile "Wip_LDS" dos-profile "Wip_LDS" impersonation-profile "Wip_LDS" unauthorized-device-profile "Wip_LDS" ! rf arm-profile "arm-2.4ghz-office-hybrid-sparse-soft" max-tx-power 12 ideal-coverage-index 2 acceptable-coverage-index 2 free-channel-index 40 backoff-time 1800 error-rate-threshold 90 error-rate-wait-time 600 load-aware-scan-threshold 2500000 cm-band-g-max-signal 10 cm-band-a-min-signal 70 cm-steer-timeout 3 --More-- (q) quit (u) pageup (/) search (n) repeat cm-lb-snr-thresh 25 no cm-dot11v ! rf arm-profile "arm-5ghz-office-hybrid-sparse-soft" max-tx-power 18 min-tx-power 15 ideal-coverage-index 6 free-channel-index 40 backoff-time 1800 error-rate-threshold 90 error-rate-wait-time 600 load-aware-scan-threshold 2500000 cm-band-g-max-signal 10 cm-band-a-min-signal 70 cm-steer-timeout 3 cm-lb-snr-thresh 25 no cm-dot11v ! rf arm-profile "arm-maintain" assignment maintain no scanning ! rf arm-profile "arm-scan" ! rf arm-profile "default-a" max-tx-power 18 min-tx-power 12 ! rf arm-profile "default-g" max-tx-power 9 min-tx-power 6 free-channel-index 40 ! rf arm-profile "Test" 40MHz-allowed-bands All max-tx-power 21 min-tx-power 21 cm-sticky-snr-delta 25 ! rf arm-profile "test-arm" max-tx-power 15 min-tx-power 12 ! rf arm-profile "test_b" max-tx-power 24 --More-- (q) quit (u) pageup (/) search (n) repeat min-tx-power 6 no client-match ! rf ht-radio-profile "ht-radio-2.4ghz-office-hybrid-sparse-soft" ! rf ht-radio-profile "ht-radio-5ghz-office-hybrid-sparse-soft" ! rf optimization-profile "default" ! rf event-thresholds-profile "default" ! rf am-scan-profile "default" ! rf dot11a-radio-profile "default" ! rf dot11a-radio-profile "radio-5ghz-office-hybrid-sparse-soft" arm-profile "arm-5ghz-office-hybrid-sparse-soft" ht-radio-profile "ht-radio-5ghz-office-hybrid-sparse-soft" ! rf dot11a-radio-profile "rp-maintain-a" arm-profile "arm-maintain" ! rf dot11a-radio-profile "rp-monitor-a" mode am-mode ! rf dot11a-radio-profile "rp-scan-a" arm-profile "arm-scan" ! rf dot11a-radio-profile "test" arm-profile "Test" ! rf dot11a-radio-profile "test-a" arm-profile "test-arm" ht-radio-profile "ht-radio-5ghz-office-hybrid-sparse-soft" ! rf dot11g-radio-profile "default" ! rf dot11g-radio-profile "radio-2.4ghz-office-hybrid-sparse-soft" arm-profile "arm-2.4ghz-office-hybrid-sparse-soft" ht-radio-profile "ht-radio-2.4ghz-office-hybrid-sparse-soft" ! rf dot11g-radio-profile "rp-maintain-g" arm-profile "arm-maintain" ! rf dot11g-radio-profile "rp-monitor-g" --More-- (q) quit (u) pageup (/) search (n) repeat mode am-mode ! rf dot11g-radio-profile "rp-scan-g" arm-profile "arm-scan" ! rf dot11g-radio-profile "test2" arm-profile "Test" ! wlan handover-trigger-profile "default" ! wlan rrm-ie-profile "default" ! wlan bcn-rpt-req-profile "default" ! wlan dot11r-profile "default" ! wlan tsm-req-profile "default" ! wlan voip-cac-profile "default" ! wlan ht-ssid-profile "default" ! wlan ht-ssid-profile "ht-ssid-BK" ! wlan ht-ssid-profile "ldsguestLDS-htssid_prof" ! wlan ht-ssid-profile "ldsguestls-htssid_prof" ! wlan ht-ssid-profile "Test-htssid_prof" ! wlan hotspot anqp-venue-name-profile "default" ! wlan hotspot anqp-nwk-auth-profile "default" ! wlan hotspot anqp-roam-cons-profile "default" ! wlan hotspot anqp-nai-realm-profile "default" ! wlan hotspot anqp-3gpp-nwk-profile "default" ! wlan hotspot h2qp-operator-friendly-name-profile "default" ! wlan hotspot h2qp-wan-metrics-profile "default" ! wlan hotspot h2qp-conn-capability-profile "default" --More-- (q) quit (u) pageup (/) search (n) repeat ! wlan hotspot h2qp-op-cl-profile "default" ! wlan hotspot h2qp-osu-prov-list-profile "default" ! wlan hotspot anqp-ip-addr-avail-profile "default" ! wlan hotspot anqp-domain-name-profile "default" ! wlan edca-parameters-profile station "default" ! wlan edca-parameters-profile ap "default" ! wlan dot11k-profile "default" ! wlan ssid-profile "default" ! wlan ssid-profile "ldsguestls-ssid_prof" essid "ldsguest" ht-ssid-profile "ldsguestls-htssid_prof" ! wlan ssid-profile "SSID_BLACKBERRY-BK" essid "bblds" opmode wpa-psk-aes wpa2-psk-aes a-basic-rates 12 a-tx-rates 12 18 24 36 48 54 g-basic-rates 11 12 g-tx-rates 11 12 18 24 36 48 54 wpa-passphrase d7c4e5d5753e1aaf0b4b285fc6b3f3ac3a32cddec699e5f7 mcast-rate-opt ht-ssid-profile "ht-ssid-BK" g-beacon-rate 11 a-beacon-rate 12 ! wlan ssid-profile "SSID_INVITADOS-BK" essid "ldsguest" a-basic-rates 12 a-tx-rates 12 18 24 36 48 54 g-basic-rates 11 12 g-tx-rates 11 12 18 24 36 48 54 mcast-rate-opt ht-ssid-profile "ht-ssid-BK" g-beacon-rate 11 a-beacon-rate 12 ! --More-- (q) quit (u) pageup (/) search (n) repeat wlan ssid-profile "SSID_LUZDELSUR-BK" essid "luzdelsur" opmode wpa2-aes a-basic-rates 12 a-tx-rates 12 18 24 36 48 54 g-basic-rates 11 12 g-tx-rates 11 12 18 24 36 48 54 local-probe-req-thresh 23 wpa-passphrase e441da0b3c19cc33d29587d2ceab3d313a8541d65716f0ded8d0578f899c545c8a7320852db9eaf5b53ab2a3b257753ee7ea265d9ef3710c46d9aa3aa197a8dc mcast-rate-opt ht-ssid-profile "ht-ssid-BK" g-beacon-rate 11 a-beacon-rate 12 ! wlan ssid-profile "Test-ssid_prof" essid "test" a-basic-rates 12 24 a-tx-rates 12 24 36 48 54 g-basic-rates 12 24 g-tx-rates 12 24 36 48 54 ht-ssid-profile "Test-htssid_prof" g-beacon-rate 12 a-beacon-rate 12 ! wlan hotspot advertisement-profile "default" ! wlan hotspot hs2-profile "default" ! wlan virtual-ap "default" ! wlan virtual-ap "Test-vap_prof" ssid-profile "Test-ssid_prof" no vap-enable vlan 21 ! wlan virtual-ap "testssid" aaa-profile "test" ssid-profile "Test-ssid_prof" vlan 8 ! wlan virtual-ap "VAP_BLACKBERRY-BK" aaa-profile "AAA_BLACKBERRY" ssid-profile "SSID_BLACKBERRY-BK" vlan 35 broadcast-filter all --More-- (q) quit (u) pageup (/) search (n) repeat ! wlan virtual-ap "VAP_INVITADOS-BK" aaa-profile "AAA_INVITADOS" ssid-profile "SSID_INVITADOS-BK" vlan 21 dynamic-mcast-optimization dynamic-mcast-optimization-thresh 20 broadcast-filter all ! wlan virtual-ap "VAP_LUZDELSUR-BK" aaa-profile "AAA_LUZDELSUR" ssid-profile "SSID_LUZDELSUR-BK" vlan 8 dynamic-mcast-optimization dynamic-mcast-optimization-thresh 20 broadcast-filter all ! mgmt-server profile "default-amp" stats-enable tag-enable sessions-enable monitored-info-enable misc-enable location-enable ! ap provisioning-profile "default" ! rf arm-rf-domain-profile arm-rf-domain-key "3f5a50e12eda9af3aab58eb42bb377b4" ! ap spectrum local-override ! ap-lacp-striping-ip ! ap general-profile ! ap-group "default" ! ap-group "GRP_CHACARILLA" virtual-ap "VAP_LUZDELSUR-BK" virtual-ap "VAP_INVITADOS-BK" dot11a-radio-profile "radio-5ghz-office-hybrid-sparse-soft" dot11g-radio-profile "radio-2.4ghz-office-hybrid-sparse-soft" ap-system-profile "SysChacarilla" ! --More-- (q) quit (u) pageup (/) search (n) repeat ap-group "GRP_SANISIDRO" virtual-ap "VAP_LUZDELSUR-BK" virtual-ap "VAP_INVITADOS-BK" dot11a-radio-profile "radio-5ghz-office-hybrid-sparse-soft" dot11g-radio-profile "radio-2.4ghz-office-hybrid-sparse-soft" ap-system-profile "SysSanIsidro" ! ap-group "GRP_Test" virtual-ap "VAP_LUZDELSUR-BK" ! ap-name "_ACC0059" dot11a-radio-profile "test" dot11g-radio-profile "test2" ! ap-name "ACC0090" dot11g-radio-profile "test2" ! airgroup cppm-server aaa ! logging level informational security subcat aaa logging level warnings security subcat ids logging level warnings security subcat ids-ap logging level debugging user logging 10.0.2.94 logging level debugging user-debug 80:6c:1b:fe:b9:df logging level debugging user-debug 80:6c:1b:fd:fd:bd logging level debugging user-debug f8:28:19:6f:05:dd snmp-server enable trap snmp-server host 10.0.2.94 version 2c snmprolds udp-port 162 snmp-server trap source 0.0.0.0 snmp-server trap disable wlsxAdhocNetwork snmp-server trap disable wlsxAdhocNetworkBridgeDetectedAP snmp-server trap disable wlsxAdhocNetworkBridgeDetectedSta snmp-server trap disable wlsxAdhocUsingValidSSID snmp-server trap disable wlsxAuthMaxAclEntries snmp-server trap disable wlsxAuthMaxBWContracts snmp-server trap disable wlsxAuthMaxUserEntries snmp-server trap disable wlsxAuthServerIsUp snmp-server trap disable wlsxAuthServerReqTimedOut snmp-server trap disable wlsxAuthServerTimedOut snmp-server trap disable wlsxChannelChanged snmp-server trap disable wlsxCoverageHoleDetected snmp-server trap disable wlsxDBCommunicationFailure snmp-server trap disable wlsxDisconnectStationAttack --More-- (q) quit (u) pageup (/) search (n) repeat snmp-server trap disable wlsxESIServerDown snmp-server trap disable wlsxESIServerUp snmp-server trap disable wlsxFanFailure snmp-server trap disable wlsxFanTrayInserted snmp-server trap disable wlsxFanTrayRemoved snmp-server trap disable wlsxGBICInserted snmp-server trap disable wlsxIpSpoofingDetected snmp-server trap disable wlsxLCInserted snmp-server trap disable wlsxLCRemoved snmp-server trap disable wlsxLicenseExpiry snmp-server trap disable wlsxLowMemory snmp-server trap disable wlsxLowOnFlashSpace snmp-server trap disable wlsxOutOfRangeTemperature snmp-server trap disable wlsxOutOfRangeVoltage snmp-server trap disable wlsxPowerSupplyFailure snmp-server trap disable wlsxPowerSupplyMissing snmp-server trap disable wlsxProcessDied snmp-server trap disable wlsxProcessExceedsMemoryLimits snmp-server trap disable wlsxSCInserted snmp-server trap disable wlsxSignatureMatch snmp-server trap disable wlsxStaUnAssociatedFromUnsecureAP snmp-server trap disable wlsxStationAddedToBlackList snmp-server trap disable wlsxStationRemovedFromBlackList snmp-server trap disable wlsxSwitchIPChanged snmp-server trap disable wlsxSwitchRoleChange snmp-server trap disable wlsxUserAuthenticationFailed snmp-server trap disable wlsxUserEntryAuthenticated snmp-server trap disable wlsxUserEntryChanged snmp-server trap disable wlsxUserEntryCreated snmp-server trap disable wlsxUserEntryDeAuthenticated snmp-server trap disable wlsxUserEntryDeleted snmp-server trap disable wlsxVrrpStateChange process monitor log ha group-membership MasterLocal ip probe default mode Ping frequency 10 retries 3 burst-size 5 ! ip probe health-check mode Ping frequency 10 retries 3 --More-- (q) quit (u) pageup (/) search (n) repeat burst-size 5 ! activate periodic-sync enable end