version 6.3.1.0-4.0.0
syslocation XXX
virtual-controller-country XX
virtual-controller-key XXXXX
name "Instant AP"
virtual-controller-ip 192.168.30.50
virtual-controller-vlan 30 255.255.255.0 192.168.30.1
terminal-access
ntp-server 192.168.50.3
clock timezone XXXX
clock summer-time CEST recurring last sunday march 00:00 last sunday october 03:00
rf-band all
allow-new-aps
allowed-ap XX
allowed-ap XX
allowed-ap XX
allowed-ap XX
allowed-ap XX
allowed-ap XX
allowed-ap XX
allowed-ap XX
snmp-server community XXXX
snmp-server host XX version 2c public inform
arm
wide-bands 5ghz
min-tx-power 18
max-tx-power 127
band-steering-mode prefer-5ghz
air-time-fairness-mode fair-access
client-aware
scanning
ip dhcp pool
subnet 192.168.80.0
subnet-mask 255.255.255.0
dns-server 192.168.50.3
domain-name internal.local
lease-time 720
syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless
user gast XXXX portal
user testgast XXXX portal
user XX XXXX radius
user XX XXXX radius
user XX XXXX radius
user XX XXXX radius
mgmt-user XX XXXX
wlan access-rule default_wired_port_profile
index 0
rule any any match any any any permit
wlan access-rule InternalUser
index 1
rule any any match any any any permit
wlan access-rule guestUser
index 2
rule 192.168.50.3 255.255.255.255 match udp 53 53 permit
rule 192.168.80.0 255.255.255.0 match any any any permit
rule 192.168.30.1 255.255.255.255 match any any any permit
rule 192.168.0.0 255.255.0.0 match any any any deny
rule 172.16.0.0 255.240.0.0 match any any any deny
rule 10.0.0.0 255.0.0.0 match any any any deny
rule any any match any any any permit
wlan access-rule wired-instant
index 3
rule 192.168.30.51 255.255.255.255 match tcp 80 80 permit
rule 192.168.30.51 255.255.255.255 match tcp 4343 4343 permit
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit
wlan ssid-profile InternalUser
enable
index 0
type employee
essid InternalUser
wpa-passphrase XXXX
opmode wpa-psk-tkip,wpa2-psk-aes
max-authentication-failures 0
vlan 70
auth-server InternalServer
rf-band all
captive-portal disable
mac-authentication
hide-ssid
dtim-period 1
inactivity-timeout 1000
broadcast-filter none
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
wlan ssid-profile guestUser
enable
index 1
type guest
essid guestUser
opmode opensystem
max-authentication-failures 0
vlan guest
auth-server InternalServer
rf-band all
captive-portal internal
dtim-period 1
inactivity-timeout 1000
broadcast-filter none
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
auth-survivability cache-time-out 24
wlan captive-portal
background-color 16750848
banner-color 3368703
decoded-texts terms
redirect-url "
http://www.company.tld"" banner-text "COMPANY"
terms-of-use "57;69;6c;6c;6b;6f;6d;6d;65;6e;20;7a;75;6d;20;56;65;72;6c;61;2d;50;68;61;72;6d;20;47;e4;73;74;65;20;57;4c;41;4e;2e;"
use-policy "XXXX"
authenticated
wlan external-captive-portal
server localhost
port 80
url "/"
auth-text "Authenticated"
wlan walled-garden
white-list "^https?://([A-Za-z0-9.-]*\.)?COMPANY\.TLD/?"
blacklist-time 3600
auth-failure-blacklist-time 3600
ids classification
ids
wireless-containment none
ip dhcp InternalUser
server-type Local,L3
server-vlan 70
subnet 192.168.70.0
subnet-mask 255.255.255.0
exclude-address 192.168.70.1
lease-time 28800
dns-server 192.168.50.3
domain-name internal.local
alg
sccp-disable
sip-disable
ua-disable
vocera-disable
wired-port-profile default_wired_port_profile
switchport-mode access
allowed-vlan all
native-vlan 30
shutdown
access-rule-name default_wired_port_profile
speed auto
duplex full
no poe
type employee
auth-server InternalServer
captive-portal disable
no dot1x
wired-port-profile wired-instant
switchport-mode access
allowed-vlan all
native-vlan guest
no shutdown
access-rule-name wired-instant
speed auto
duplex auto
no poe
type guest
captive-portal disable
no dot1x
enet0-port-profile default_wired_port_profile
uplink
preemption
enforce none
failover-internet-pkt-lost-cnt 10
failover-internet-pkt-send-freq 30
failover-vpn-timeout 180
airgroup
disable
airgroupservice airplay
disable
description AirPlay
airgroupservice airprint
disable
description AirPrint