RAP-GMV-Authenticated-BUC 66 Up: No Limit,Dn: No Limit split-tunnel-buc/ User RAP-GMV-Authenticated-GER 73 Up: No Limit,Dn: No Limit split-tunnel-GER/ User RAP-GMV-Authenticated-TLS 82 Up: No Limit,Dn: No Limit split-tunnel-tls/ User RAP-GMV-Authenticated-WAR 68 Up: No Limit,Dn: No Limit split-tunnel-war/ User RAP-GMV-Authenticated-ZAR 78 Up: No Limit,Dn: No Limit split-tunnel-zar/ User RAP-GMV-gsis 81 Up: No Limit,Dn: No Limit sysAdmin-Access/ User RAP-GMV-guest 64 Up: No Limit,Dn: No Limit split-tunnel-ext/ User RAP-GMV-sisguardias 83 Up: No Limit,Dn: No Limit sisguardias/ User RAP-GMVMPLS-Authenticated 72 Up: No Limit,Dn: No Limit split-tunnel-MPLS/,Redes-proyecto-BCN/ User RAP-gmvguest-logon 79 Up: No Limit,Dn: No Limit logon-control/,captiveportal/ User RAP-gmvstaff-logon 74 Up: No Limit,Dn: No Limit logon-control/,captiveportal/ User RemoteAP 86 Up: No Limit,Dn: No Limit remote-AP-access/ User ap-role 4 Up: No Limit,Dn: No Limit ra-guard/,control/,ap-acl/,v6-control/,v6-ap-acl/ System authenticated 80 Up: No Limit,Dn: No Limit ra-guard/,allowall/,v6-allowall/ User default-via-role 77 Up: No Limit,Dn: No Limit allowall/ User default-vpn-role 69 Up: No Limit,Dn: No Limit ra-guard/,allowall/,v6-allowall/ User gmvguest-guest 76 Up: No Limit,Dn: No Limit Internet-guest/ User gmvguest-guest-logon 70 Up: No Limit,Dn: No Limit logon-control/,captiveportal/ User gmvstaff-guest 67 Up: No Limit,Dn: No Limit Internet-staff/ User gmvstaff-guest-logon 65 Up: No Limit,Dn: No Limit logon-control/,captiveportal/ User gsmart 88 Up: No Limit,Dn: No Limit AllowedMACS/,allowall/ User gsmart_to_inet 90 Up: No Limit,Dn: No Limit Internet-staff/ User guest 3 Up: No Limit,Dn: No Limit ra-guard/,http-acl/,https-acl/,dhcp-acl/,icmp-acl/,dns-acl/,v6-http-acl/,v6-https-acl/,v6-dhcp-acl/,v6-icmp-acl/,v6-dns-acl/ User guest-logon 6 Up: No Limit,Dn: No Limit ra-guard/,logon-control/,captiveportal/,v6-logon-control/,captiveportal6/ User logon 1 Up: No Limit,Dn: No Limit ra-guard/,logon-control/,captiveportal/,vpnlogon/,v6-logon-control/,captiveportal6/ User stateful-dot1x 5 Up: No Limit,Dn: No Limit System sys-ap-role 7 Up: No Limit,Dn: No Limit sys-control/,sys-ap-acl/ System (not editable) voice 75 Up: No Limit,Dn: No Limit ra-guard/,sip-acl/,noe-acl/,svp-acl/,vocera-acl/,skinny-acl/,h323-acl/,dhcp-acl/,tftp-acl/,dns-acl/,icmp-acl/ User Total Roles:28 ********************************* User Role ACL Hits ------------------ Role Policy Src Dst Service Action Dest/Opcode New Hits Total Hits Index Ipv4/Ipv6 ---- ------ --- --- ------- ------ ----------- -------- ---------- ----- --------- logon logon-control any any svc-icmp permit 311 645 8645 ipv4 logon logon-control any any svc-dns permit 6 106 8646 ipv4 logon logon-control any any svc-dhcp permit 29 59 8647 ipv4 logon logon-control any any svc-natt permit 0 14 8648 ipv4 logon captiveportal user controller svc-https dst-nat 8081 0 8 8651 ipv4 logon captiveportal user any svc-http dst-nat 8080 1 25 8652 ipv4 logon captiveportal user any svc-https dst-nat 8081 0 27 8653 ipv4 logon any any 0 deny 6180 11481 8675 ipv6 sys-ap-role sys-control any any sys-svc-icmp permit 506 2033 8532 ipv4 sys-ap-role sys-control any any sys-svc-papi permit 4026183 11926738 8534 ipv4 sys-ap-role sys-control any any sys-svc-sec-papi permit 1226556 3593642 8535 ipv4 sys-ap-role sys-control any any sys-svc-natt permit 576413 1567130 8540 ipv4 sys-ap-role sys-ap-acl any any sys-svc-gre permit 160 420 8541 ipv4 sys-ap-role sys-ap-acl any any sys-svc-syslog permit 6990 20719 8542 ipv4 sys-ap-role sys-ap-acl user any sys-svc-ftp permit 0 7 8549 ipv4 sys-ap-role any any 0 deny 6 529 8551 ipv6 gmvstaff-guest-logon logon-control any any svc-icmp permit 934 1780 8560 ipv4 gmvstaff-guest-logon logon-control any any svc-dns permit 108543 269502 8561 ipv4 gmvstaff-guest-logon logon-control any any svc-dhcp permit 12388 30910 8562 ipv4 gmvstaff-guest-logon logon-control any 240.0.0.0 240.0.0.0 any deny 129 380 8565 ipv4 gmvstaff-guest-logon captiveportal user controller svc-https dst-nat 8081 24937 163276 8566 ipv4 gmvstaff-guest-logon captiveportal user any svc-http dst-nat 8080 41456 263998 8567 ipv4 gmvstaff-guest-logon captiveportal user any svc-https dst-nat 8081 39150 228698 8568 ipv4 gmvstaff-guest-logon captiveportal user any svc-http-proxy1 dst-nat 8088 0 2 8569 ipv4 gmvstaff-guest-logon captiveportal user any svc-http-proxy2 dst-nat 8088 59 169 8570 ipv4 gmvstaff-guest-logon any any 0 deny 205149 462387 8572 ipv6 gmvstaff-guest Internet-staff user Private Networks any deny 257 257 13023 ipv4 gmvstaff-guest Internet-staff user Private Networks any deny 13988 13988 13024 ipv4 gmvstaff-guest Internet-staff user Private Networks any deny 94823 94823 13025 ipv4 gmvstaff-guest Internet-staff user any any permit 473010 473010 13026 ipv4 gmvstaff-guest any any 0 deny 20745 20745 13027 ipv6 gmvguest-guest-logon logon-control any any svc-icmp permit 1712 2102 8574 ipv4 gmvguest-guest-logon logon-control any any svc-dns permit 180205 363651 8575 ipv4 gmvguest-guest-logon logon-control any any svc-dhcp permit 11032 22223 8576 ipv4 gmvguest-guest-logon logon-control any any svc-natt permit 26 26 8577 ipv4 gmvguest-guest-logon logon-control any 240.0.0.0 240.0.0.0 any deny 1007 1741 8579 ipv4 gmvguest-guest-logon captiveportal user controller svc-https dst-nat 8081 41244 100029 8580 ipv4 gmvguest-guest-logon captiveportal user any svc-http dst-nat 8080 148798 206937 8581 ipv4 gmvguest-guest-logon captiveportal user any svc-https dst-nat 8081 103851 183073 8582 ipv4 gmvguest-guest-logon captiveportal user any svc-http-proxy1 dst-nat 8088 0 13 8583 ipv4 gmvguest-guest-logon captiveportal user any svc-http-proxy2 dst-nat 8088 1166 5267 8584 ipv4 gmvguest-guest-logon any any 0 deny 213254 322321 8586 ipv6 gmvguest-guest Internet-guest user Private Networks any deny 5674 8470 8367 ipv4 gmvguest-guest Internet-guest user Private Networks any deny 4922 67618 8368 ipv4 gmvguest-guest Internet-guest user Private Networks any deny 80131 200199 8369 ipv4 gmvguest-guest Internet-guest user any any permit 1113633 1906018 8370 ipv4 gmvguest-guest any any 0 deny 12254 17501 8371 ipv6 authenticated allowall any any any permit 4487397 9880778 8468 ipv4 gsmart allowall any any any permit 18730 18730 15203 ipv4 gsmart AllowedMACS 5c:f3:70:00:00:a3 00:00:00:00:00:00 permit 608 608 15206 ipv4 gsmart AllowedMACS 40:30:04:84:8c:44 00:00:00:00:00:00 permit 1413 1413 15207 ipv4 gsmart AllowedMACS cc:fa:00:a6:cd:29 00:00:00:00:00:00 permit 136 136 15208 ipv4 gsmart AllowedMACS any deny 82 82 15209 ipv4 gsmart_to_inet Internet-staff user Private Networks any deny 60 60 15212 ipv4 gsmart_to_inet Internet-staff user Private Networks any deny 6 6 15213 ipv4 gsmart_to_inet Internet-staff user any any permit 5766 5766 15214 ipv4 gsmart_to_inet any any 0 deny 483 483 15215 ipv6 ********************************************************** p access-list session control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-papi permit any any svc-sec-papi permit any any svc-cfgm-tcp permit any any svc-adp permit any any svc-tftp permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session allow-diskservices any any svc-netbios-dgm permit any any svc-netbios-ssn permit any any svc-microsoft-ds permit any any svc-netbios-ns permit ! ip access-list session split-tunnel-GER any any svc-dhcp permit user any svc-dns permit user any svc-ftp route src-nat user alias wpad svc-http route src-nat user alias "Proxy EXT" svc-http route src-nat user alias "Proxy EXT" svc-http-proxy2 route src-nat user network 192.168.250.0 255.255.255.0 any route src-nat user alias gmv-network-no-ger any permit alias gmv-network-no-ger user any permit user alias "Network GER" any route src-nat ! ip access-list session validuser network 169.254.0.0 255.255.0.0 any any deny network 127.0.0.0 255.0.0.0 any any deny network 224.0.0.0 240.0.0.0 any any deny host 255.255.255.255 any any deny network 240.0.0.0 240.0.0.0 any any deny any any any permit ipv6 host fe80:: any any deny ipv6 network fc00::/7 any any permit ipv6 network fe80::/64 any any permit ipv6 alias ipv6-reserved-range any any deny ipv6 any any any permit ! ip access-list session sysAdmin-Access host 10.10.102.1 alias Camaras svc-http permit ! ip access-list session v6-https-acl ipv6 any any svc-https permit ! ip access-list session vocera-acl any any svc-vocera permit queue high ! ip access-list session vmware-acl any any svc-vmware-rdp permit tos 46 dot1p-priority 6 any any svc-pcoip-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip-udp permit tos 46 dot1p-priority 6 any any svc-pcoip2-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip2-udp permit tos 46 dot1p-priority 6 ! ip access-list session split-tunnel-zar any any svc-dhcp permit user any svc-dns permit user any svc-ftp route src-nat user alias wpad svc-http route src-nat user alias "Proxy EXT" svc-http route src-nat user alias "Proxy EXT" svc-http-proxy2 route src-nat user network 192.168.250.0 255.255.255.0 any route src-nat user alias gmv-network-no-zar any permit alias gmv-network-no-zar user any permit user alias "Network ZAR" any route src-nat ! ip access-list session sisguardias any any any permit ! ip access-list session split-tunnel-tls any any svc-dhcp permit user any svc-dns permit user any svc-ftp route src-nat user alias wpad svc-http route src-nat user alias "Proxy EXT" svc-http route src-nat user alias "Proxy EXT" svc-http-proxy2 route src-nat user network 192.168.250.0 255.255.255.0 any route src-nat user alias gmv-network-no-tls any permit alias gmv-network-no-tls user any permit user alias "Network TLS" any route src-nat ! ip access-list session split-tunnel-MPLS any any svc-dhcp permit user any svc-dns permit user any svc-ftp route src-nat user host 195.219.143.254 svc-http route src-nat user alias "Proxy MPLS" svc-http route src-nat user alias "Proxy MPLS" svc-http-proxy2 route src-nat user alias gmv-network-from-MPLS any permit alias gmv-network-from-MPLS user any permit user network 172.22.128.0 255.255.128.0 any route src-nat user network 192.168.250.0 255.255.255.0 any route src-nat ! ip access-list session icmp-acl any any svc-icmp permit ! ip access-list session v6-control ipv6 user any udp 547 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-dns permit ipv6 any any svc-papi permit ipv6 any any svc-sec-papi permit ipv6 any any svc-cfgm-tcp permit ipv6 any any svc-adp permit ipv6 any any svc-tftp permit ipv6 any any svc-dhcp permit ipv6 any any svc-natt permit ! ip access-list session Internet-guest user alias "Private Networks" any deny user any any permit ! ip access-list session remote-AP-access any any svc-papi permit any any svc-gre permit any alias controller svc-tftp permit any alias controller svc-ftp permit ! ip access-list session gxx-MPLS any any svc-dhcp permit user any svc-dns permit user any svc-ftp route src-nat user host 195.219.143.254 svc-http route src-nat user alias "Proxy MPLS" svc-http route src-nat user alias "Proxy MPLS" svc-http-proxy2 route src-nat user alias gmv-network-from-MPLS any permit alias gmv-network-from-MPLS user any permit ! ip access-list session split-tunnel-war any any svc-dhcp permit user any svc-dns permit user any svc-ftp route src-nat user alias wpad svc-http route src-nat user alias "Proxy EXT" svc-http route src-nat user alias "Proxy EXT" svc-http-proxy2 route src-nat user network 192.168.250.0 255.255.255.0 any route src-nat user alias gmv-network-no-war any permit alias gmv-network-no-war user any permit user alias "Network WAR" any route src-nat ! ip access-list session v6-dhcp-acl ipv6 any any svc-v6-dhcp permit ! ip access-list session captiveportal user alias controller svc-https dst-nat 8081 user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 user any svc-http-proxy1 dst-nat 8088 user any svc-http-proxy2 dst-nat 8088 user any svc-http-proxy3 dst-nat 8088 ! ip access-list session v6-dns-acl ipv6 any any svc-dns permit ! ip access-list session allowall any any any permit ipv6 any any any permit ! ip access-list session lync-acl any any svc-sips permit queue high ! ip access-list session https-acl any any svc-https permit ! ip access-list session sip-acl any any svc-sip-udp permit queue high any any svc-sip-tcp permit queue high ! ip access-list session citrix-acl any any svc-citrix permit tos 46 dot1p-priority 6 any any svc-ica permit tos 46 dot1p-priority 6 ! ip access-list session ra-guard ipv6 user any icmpv6 rtr-adv deny ! ip access-list session dns-acl any any svc-dns permit ! ip access-list session Deny any any any deny ! ip access-list session v6-allowall ipv6 any any any permit ! ip access-list session tftp-acl any any svc-tftp permit ! ip access-list session skinny-acl any any svc-sccp permit queue high ! ip access-list session srcnat user any any src-nat ! ip access-list session vpnlogon user any svc-ike permit user any svc-esp permit any any svc-l2tp permit any any svc-pptp permit any any svc-gre permit ! ip access-list session logon-control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit any network 169.254.0.0 255.255.0.0 any deny any network 240.0.0.0 240.0.0.0 any deny ! ip access-list session allow-printservices any any svc-lpd permit any any svc-ipp-tcp permit any any svc-ipp-udp permit ! ip access-list session cplogout user alias controller svc-https dst-nat 8081 ! ip access-list session Internet-staff user alias "Private Networks" any deny user any any permit ! ip access-list session v6-http-acl ipv6 any any svc-http permit ! ip access-list session http-acl any any svc-http permit ! ip access-list session dhcp-acl any any svc-dhcp permit ! ip access-list session captiveportal6 ipv6 user alias controller6 svc-https captive ipv6 user any svc-http captive ipv6 user any svc-https captive ipv6 user any svc-http-proxy1 captive ipv6 user any svc-http-proxy2 captive ipv6 user any svc-http-proxy3 captive ! ip access-list session split-tunnel-ext user any any route src-nat ! ip access-list session ap-uplink-acl any any udp 68 permit any any svc-icmp permit any host 224.0.0.251 udp 5353 permit ! ip access-list session ISAKMP user any udp 500 permit user any udp 4500 permit ! ip access-list session noe-acl any any svc-noe permit queue high ! ip access-list session svp-acl any any svc-svp permit queue high user host 224.0.1.116 any permit ! ip access-list session ap-acl any any svc-gre permit any any svc-syslog permit any user svc-snmp permit user any svc-snmp-trap permit user any svc-ntp permit user any svc-ftp permit ! ip access-list session ftp-acl any any svc-ftp permit ! ip access-list session Redes-proyecto-BCN user network 10.0.3.0 255.255.255.0 any route src-nat user network 10.0.4.0 255.255.255.0 any route src-nat ! ip access-list session v6-logon-control ipv6 user any udp 68 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-v6-dhcp permit ipv6 any any svc-dns permit ipv6 any network fc00::/7 any permit ipv6 any network fe80::/64 any permit ipv6 any alias ipv6-reserved-range any deny ! ip access-list session h323-acl any any svc-h323-tcp permit queue high any any svc-h323-udp permit queue high ! aaa derivation-rules user Gsmart set role condition macaddr equals "cc:fa:00:a6:cd:29" set-value gsmart_to_inet description "Nexus 5 CCMR" ! vpn-dialer default-dialer ike authentication PRE-SHARE ****** ! dot1x high-watermark 20 dot1x low-watermark 10 aaa bandwidth-contract upstream_guest mbits 2 aaa bandwidth-contract "PTM 10Mb" mbits 10 aaa bandwidth-contract downstream_guest mbits 2 user-role RAP-GMV-guest access-list session split-tunnel-ext ! user-role gmvstaff-guest-logon captive-portal "gmvstaff-cp_prof" access-list session logon-control access-list session captiveportal ! user-role ap-role access-list session ra-guard access-list session control access-list session ap-acl access-list session v6-control access-list session v6-ap-acl ! user-role gmvstaff-guest access-list session Internet-staff ! user-role default-vpn-role access-list session ra-guard access-list session allowall access-list session v6-allowall ! user-role gmvguest-guest-logon captive-portal "gmvguest-cp_prof" access-list session logon-control access-list session captiveportal ! user-role gsmart_to_inet vlan 56 access-list session Internet-staff ! user-role voice access-list session ra-guard access-list session sip-acl access-list session noe-acl access-list session svp-acl access-list session vocera-acl access-list session skinny-acl access-list session h323-acl access-list session dhcp-acl access-list session tftp-acl access-list session dns-acl access-list session icmp-acl ! user-role default-via-role access-list session allowall ! user-role gmvguest-guest access-list session Internet-guest ! user-role guest-logon captive-portal "default" access-list session ra-guard access-list session logon-control access-list session captiveportal access-list session v6-logon-control access-list session captiveportal6 ! user-role guest access-list session ra-guard access-list session http-acl access-list session https-acl access-list session dhcp-acl access-list session icmp-acl access-list session dns-acl access-list session v6-http-acl access-list session v6-https-acl access-list session v6-dhcp-acl access-list session v6-icmp-acl access-list session v6-dns-acl ! user-role gsmart access-list mac AllowedMACS access-list session allowall ! user-role RAP-GMV-Authenticated-ZAR access-list session split-tunnel-zar ! user-role stateful-dot1x ! user-role authenticated access-list session ra-guard access-list session allowall access-list session v6-allowall ! user-role logon access-list session ra-guard access-list session logon-control access-list session captiveportal access-list session vpnlogon access-list session v6-logon-control access-list session captiveportal6 ! ! aaa timers idle-timeout 3600 seconds