This is my actual configuration:
version 6.3.1.0-4.0.0
virtual-controller-country IT
virtual-controller-key ***
name VC_***
virtual-controller-ip 10.1.0.1
syslog-server 10.1.3.210
terminal-access
ntp-server 10.1.1.92
clock timezone Rome 01 00
rf-band all
dynamic-radius-proxy
allowed-ap d8:c7:c8:c7:05:65
allowed-ap 24:de:c6:cd:b8:0f
allowed-ap d8:c7:c8:c7:05:16
allowed-ap d8:c7:c8:c7:02:31
allowed-ap d8:c7:c8:c7:04:eb
snmp-server community 5c460d55a9ec418abe009c213b60feb9
arm
wide-bands 5ghz
80mhz-support
min-tx-power 18
max-tx-power 127
band-steering-mode prefer-5ghz
air-time-fairness-mode preferred-access
client-aware
scanning
rf dot11g-radio-profile
spectrum-monitor
dot11h
rf dot11a-radio-profile
spectrum-monitor
dot11h
syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless
mgmt-user admin ***
wlan access-rule default_wired_port_profile
index 0
rule any any match any any any permit
wlan access-rule wired-instant
index 1
rule 10.1.0.33 255.255.255.255 match tcp 80 80 permit
rule 10.1.0.33 255.255.255.255 match tcp 4343 4343 permit
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit
wlan access-rule AGUFFCOMM
index 2
rule any any match any any any permit
wlan access-rule AGPROD
index 3
rule any any match any any any permit
wlan access-rule AG-Guest
index 4
rule any any match any any any permit
wlan ssid-profile AGUFFCOMM
enable
index 0
type employee
essid AGUFFCOMM
opmode wpa2-aes
max-authentication-failures 0
vlan 3
auth-server srvradius01
auth-server SRVPRI02
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 1000
broadcast-filter none
radius-reauth-interval 240
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
wlan ssid-profile AGPROD
enable
index 1
type employee
essid AGPROD
wep-key *** 1
opmode static-wep
max-authentication-failures 0
vlan 4
auth-server InternalServer
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 1000
broadcast-filter none
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
wlan ssid-profile AG-Guest
enable
index 2
type employee
essid AG-Guest
wpa-passphrase ***
opmode wpa2-psk-aes
max-authentication-failures 0
vlan 9
auth-server InternalServer
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 1000
broadcast-filter none
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
auth-survivability cache-time-out 24
wlan auth-server SRVPRI02
ip 10.1.1.71
port 1812
acctport 1813
key ***
wlan auth-server srvradius01
ip 10.1.1.117
port 1812
acctport 1813
key ***
wlan external-captive-portal
server localhost
port 80
url "/"
auth-text "Authenticated"
auto-whitelist-disable
https
blacklist-time 3600
auth-failure-blacklist-time 3600
ids classification
ids
wireless-containment none
ip dhcp AGUFFCOMM
server-type Centralized,L3
server-vlan 3
vlan-ip 10.36.1.241 mask 255.255.255.0
dhcp-server 10.36.1.99
wired-port-profile wired-instant
switchport-mode access
allowed-vlan all
native-vlan guest
no shutdown
access-rule-name wired-instant
speed auto
duplex auto
no poe
type guest
captive-portal disable
no dot1x
wired-port-profile default_wired_port_profile
switchport-mode trunk
allowed-vlan all
native-vlan 1
shutdown
access-rule-name default_wired_port_profile
speed auto
duplex full
no poe
type employee
captive-portal disable
no dot1x
enet0-port-profile default_wired_port_profile
uplink
preemption
enforce none
failover-internet-pkt-lost-cnt 10
failover-internet-pkt-send-freq 30
failover-vpn-timeout 180
airgroup
disable
airgroupservice airplay
disable
description AirPlay
airgroupservice airprint
disable
description AirPrint