version 6.4 enable secret "******" hostname "Aruba7010" clock timezone GMT 7 controller config 55 ip cp-redirect-address 10.0.17.6 ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0 ip access-list eth validuserethacl permit any ! netservice svc-dhcp udp 67 68 alg dhcp netservice svc-ipp-tcp tcp 631 netservice svc-citrix tcp 2598 netservice svc-cups tcp 515 netservice svc-tftp udp 69 alg ztftp netservice svc-netbios-ssn tcp 139 netservice svc-pcoip-udp udp 50002 netservice svc-lpd-tcp tcp 631 netservice svc-papi udp 8211 netservice svc-natt udp 4500 netservice svc-ica tcp 1494 netservice svc-smtp tcp 25 netservice svc-msrpc-udp udp 135 139 netservice svc-msrpc-tcp tcp 135 139 netservice svc-syslog udp 514 netservice svc-microsoft-ds tcp 445 netservice svc-lpd tcp 515 netservice lkpp tcp 6666 6669 netservice svc-cfgm-tcp tcp 8211 netservice svc-http-proxy2 tcp 8080 netservice vnc tcp 5900 5905 netservice svc-4343 tcp 4343 netservice svc-lpd-udp udp 631 netservice svc-http tcp 80 netservice svc-telnet tcp 23 netservice svc-bootp udp 67 69 netservice svc-sccp tcp 2000 alg sccp netservice svc-h323-udp udp 1718 1719 netservice svc-web tcp list "80 443" netservice svc-ipp-udp udp 631 netservice svc-vmware-rdp tcp 3389 netservice tcp_17 tcp 17 netservice svc-esp 50 netservice svc-vocera udp 5002 alg vocera netservice svc-noe-oxo udp 5000 alg noe netservice svc-http-proxy1 tcp 3128 netservice svc-sec-papi udp 8209 netservice svc-gre 47 netservice svc-rtsp tcp 554 alg rtsp netservice svc-l2tp udp 1701 netservice svc-svp 119 alg svp netservice svc-snmp udp 161 netservice svc-pptp tcp 1723 netservice svc-sip-tcp tcp 5060 netservice svc-icmp 1 netservice svc-smb-tcp tcp 445 netservice svc-ssh tcp 22 netservice svc-v6-icmp 58 netservice svc-pcoip2-tcp tcp 4172 netservice svc-pop3 tcp 110 netservice svc-ntp udp 123 netservice svc-h323-tcp tcp 1720 netservice svc-adp udp 8200 netservice svc-netbios-ns udp 137 netservice svc-https(443) tcp 443 netservice svc-dns udp 53 alg dns netservice svc-v6-dhcp udp 546 547 netservice svc-kerberos udp 88 netservice svc-sip-udp udp 5060 netservice svc-http-proxy3 tcp 8888 netservice svc-netbios-dgm udp 138 netservice svc-sips tcp 5061 alg sips netservice svc-snmp-trap udp 162 netservice svc-ike udp 500 netservice svc-nterm tcp 1026 1028 netservice svc-noe udp 32512 alg noe netservice svc-pcoip-tcp tcp 50002 netservice svc-pcoip2-udp udp 4172 netservice svc-http-accl tcp 88 netservice svc-https tcp 443 netservice svc-ftp tcp 21 alg ftp netservice svc-smb-udp udp 445 netservice esp 50 netdestination Box_Server host 10.0.11.5 ! netdestination ip_pbx network 10.88.88.0 255.255.255.0 ! netdestination k/l_setneg network 192.168.1.0 255.255.255.0 ! netdestination UserPentes host 10.0.20.13 host 10.0.20.14 host 10.0.20.15 host 10.0.20.16 host 10.0.20.17 ! netdestination dhcp_server host 10.0.15.1 host 10.0.15.6 host 10.0.16.1 host 10.0.16.6 host 10.0.17.1 host 10.0.17.6 host 10.0.2.1 host 10.0.2.6 ! netdestination HostAdminForPentes host 10.0.2.139 host 10.0.2.151 host 10.0.2.90 host 10.0.2.103 host 10.0.2.221 ! netdestination internal_server network 10.0.11.0 255.255.255.0 ! netdestination6 ipv6-reserved-range invert network 2000::/3 ! netdestination dns_server host 192.168.10.3 ! netdestination network_devices network 10.0.4.0 255.255.255.0 network 10.0.13.0 255.255.255.0 network 10.0.1.0 255.255.255.0 network 10.0.2.0 255.255.255.0 ! netdestination printer network 10.0.15.0 255.255.255.0 ! netdestination k/l_all_1 network 10.0.7.0 255.255.255.0 network 10.1.1.0 255.255.255.0 network 10.1.2.12 255.255.255.252 network 10.1.3.0 255.255.255.0 network 10.1.242.0 255.255.255.0 network 10.2.0.0 255.255.0.0 network 10.2.1.0 255.255.255.0 network 10.3.0.0 255.255.0.0 network 10.4.1.0 255.255.255.0 network 10.5.1.0 255.255.255.0 network 10.8.2.0 255.255.255.0 network 10.9.1.0 255.255.255.0 network 10.10.1.0 255.255.255.252 network 10.11.1.0 255.255.255.0 network 10.12.1.0 255.255.255.0 network 10.13.1.0 255.255.255.0 network 10.14.1.0 255.255.255.0 network 10.14.17.0 255.255.255.0 network 10.15.1.0 255.255.255.0 network 10.16.1.0 255.255.255.0 network 10.17.1.0 255.255.255.0 network 10.18.1.0 255.255.255.0 network 10.18.2.0 255.255.255.0 network 10.18.3.0 255.255.255.0 network 10.18.5.0 255.255.255.0 network 10.18.6.0 255.255.255.0 network 10.18.7.0 255.255.255.0 network 10.18.8.0 255.255.255.0 network 10.18.9.0 255.255.255.0 network 10.18.10.0 255.255.255.252 network 10.18.12.0 255.255.255.0 network 10.18.13.0 255.255.255.0 network 10.18.15.0 255.255.255.0 network 10.18.16.0 255.255.255.0 network 10.19.0.0 255.255.0.0 network 10.19.1.0 255.255.255.0 network 10.19.3.0 255.255.255.0 network 10.19.100.0 255.255.255.0 network 10.20.1.0 255.255.255.0 network 10.21.1.0 255.255.255.0 network 10.22.1.0 255.255.255.0 network 10.23.1.0 255.255.255.0 network 10.24.1.0 255.255.255.0 network 10.26.1.0 255.255.255.0 network 10.27.1.0 255.255.255.0 network 10.28.1.0 255.255.255.0 network 10.29.1.0 255.255.255.0 network 10.30.1.0 255.255.255.0 network 10.31.1.0 255.255.255.0 network 10.32.1.0 255.255.255.0 network 10.32.2.0 255.255.255.252 network 10.33.1.0 255.255.255.0 network 10.34.1.0 255.255.255.0 network 10.36.1.0 255.255.255.0 network 10.37.1.0 255.255.255.0 network 10.38.1.0 255.255.255.0 network 10.39.1.0 255.255.255.0 network 10.44.1.0 255.255.255.0 network 10.50.2.0 255.255.255.0 network 10.50.3.0 255.255.255.0 network 10.50.5.0 255.255.255.252 network 10.50.6.0 255.255.255.0 network 10.50.7.0 255.255.255.0 network 10.50.8.0 255.255.255.252 network 10.50.9.0 255.255.255.252 network 10.50.10.0 255.255.255.252 network 10.50.11.0 255.255.255.252 network 10.50.12.0 255.255.255.252 network 10.50.13.0 255.255.255.252 network 10.50.14.0 255.255.255.252 network 10.50.15.0 255.255.255.248 network 10.50.15.0 255.255.255.252 network 10.50.15.4 255.255.255.252 network 10.50.16.0 255.255.255.252 network 10.50.17.0 255.255.255.252 network 10.50.18.0 255.255.255.252 network 10.50.19.0 255.255.255.252 network 10.50.20.0 255.255.255.252 network 10.50.21.0 255.255.255.252 network 10.50.22.0 255.255.255.252 network 10.50.23.0 255.255.255.252 network 10.50.24.0 255.255.255.252 network 10.50.25.0 255.255.255.252 network 10.50.26.0 255.255.255.252 network 10.50.27.0 255.255.255.252 network 10.50.28.0 255.255.255.252 network 10.50.29.0 255.255.255.252 network 10.50.30.0 255.255.255.252 network 10.50.31.0 255.255.255.252 network 10.50.32.0 255.255.255.252 network 10.50.34.0 255.255.255.252 network 10.50.35.0 255.255.255.252 network 10.50.37.0 255.255.255.252 network 10.50.39.0 255.255.255.252 network 10.50.40.0 255.255.255.252 network 10.50.41.0 255.255.255.252 network 10.50.42.0 255.255.255.252 network 10.50.44.0 255.255.255.252 network 10.50.45.0 255.255.255.252 network 10.50.48.0 255.255.255.252 network 10.50.49.0 255.255.255.252 network 10.50.50.0 255.255.255.252 ! netdestination NTMC network 172.31.21.116 255.255.255.252 network 10.45.42.0 255.255.255.0 ! netdestination balebale network 10.0.0.0 255.0.0.0 ! netdestination email_server host 203.130.196.126 host 192.168.10.25 host 192.168.10.26 host 192.168.10.27 host 192.168.10.31 ! netdestination vicon network 10.175.1.0 255.255.255.0 ! netdestination dmz_2 network 192.168.9.0 255.255.255.0 ! netdestination coin_server network 10.0.11.0 255.255.255.0 ! netdestination server_farm network 10.0.3.0 255.255.255.0 ! netdestination k/l_all_2 network 10.51.1.0 255.255.255.0 network 10.51.4.0 255.255.255.0 network 10.51.9.0 255.255.255.252 network 10.51.33.0 255.255.255.0 network 10.51.47.0 255.255.255.248 network 10.100.4.0 255.255.255.0 network 10.100.10.0 255.255.255.0 network 10.100.12.0 255.255.255.0 network 10.100.91.0 255.255.255.0 network 10.100.92.0 255.255.255.0 network 10.100.117.0 255.255.255.0 network 10.100.157.0 255.255.255.0 network 10.110.2.8 255.255.255.252 network 10.200.13.0 255.255.255.0 network 118.98.132.0 255.255.255.0 network 118.98.233.0 255.255.255.0 network 118.98.233.128 255.255.255.224 network 172.16.0.0 255.255.252.0 network 172.16.10.0 255.255.254.0 network 172.16.100.0 255.255.255.0 network 172.16.100.240 255.255.255.248 network 172.17.89.84 255.255.255.252 network 172.17.225.0 255.255.255.252 network 172.20.0.0 255.255.0.0 network 172.20.107.0 255.255.255.0 network 172.84.0.0 255.255.255.0 network 172.168.0.0 255.255.255.0 network 192.168.0.136 255.255.255.248 network 192.168.2.0 255.255.255.0 network 192.168.3.0 255.255.255.0 network 192.168.5.0 255.255.255.0 network 192.168.17.0 255.255.255.0 network 192.168.50.0 255.255.255.0 network 192.168.53.0 255.255.255.0 network 192.168.63.0 255.255.255.0 network 192.168.73.0 255.255.255.0 network 192.168.74.0 255.255.255.0 network 192.168.90.0 255.255.255.0 network 192.168.100.0 255.255.255.0 network 192.168.110.0 255.255.255.0 network 192.169.2.40 255.255.255.252 network 202.89.116.216 255.255.255.252 ! netdestination UserVOD host 10.0.20.3 host 10.0.20.4 host 10.0.20.5 host 10.0.20.10 host 10.0.20.11 host 10.0.20.25 ! netdestination dmz network 192.168.9.0 255.255.255.0 network 192.168.10.0 255.255.255.0 ! netdestination guest/tamu ! netexthdr default ! time-range working-hours periodic weekday 08:00 to 18:00 ! time-range night-hours periodic weekday 18:01 to 23:59 weekday 00:00 to 07:59 ! time-range weekend periodic weekend 00:00 to 23:59 ! ip access-list session apprf-ukp4-admin-role-sacl ! ip access-list session svp-acl any any svc-svp permit queue high user host 224.0.1.116 any permit ! ip access-list session apprf-stateful-dot1x-sacl ! ip access-list session logon-control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit any network 169.254.0.0 255.255.0.0 any deny any network 240.0.0.0 240.0.0.0 any deny ! ip access-list session apprf-default-vpn-role-sacl ! ip access-list session apprf-voice-sacl ! ip access-list session ap-uplink-acl any any udp 68 permit any any svc-icmp permit any host 224.0.0.251 udp 5353 permit ! ip access-list session vocera-acl any any svc-vocera permit queue high ! ip access-list session icmp-acl any any svc-icmp permit ! ip access-list session http-acl any any svc-http permit ! ip access-list session v6-logon-control ipv6 user any udp 68 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-v6-dhcp permit ipv6 any any svc-dns permit ipv6 any network fc00::/7 any permit ipv6 any network fe80::/64 any permit ipv6 any alias ipv6-reserved-range any deny ! ip access-list session v6-http-acl ipv6 any any svc-http permit ! ip access-list session apprf-ukp4-prof-role-sacl ! ip access-list session sip-acl any any svc-sip-udp permit queue high any any svc-sip-tcp permit queue high ! ip access-list session tftp-acl any any svc-tftp permit ! ip access-list session citrix-acl any any svc-citrix permit tos 46 dot1p-priority 6 any any svc-ica permit tos 46 dot1p-priority 6 ! ip access-list session vmware-acl any any svc-vmware-rdp permit tos 46 dot1p-priority 6 any any svc-pcoip-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip-udp permit tos 46 dot1p-priority 6 any any svc-pcoip2-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip2-udp permit tos 46 dot1p-priority 6 ! ip access-list session srcnat user any any src-nat ! ip access-list session ra-guard ipv6 user any icmpv6 rtr-adv deny ! ip access-list session global-sacl ! ip access-list session v6-dhcp-acl ipv6 any any svc-v6-dhcp permit ! ip access-list session ukp4-vlankhusus-policy any any svc-icmp permit log alias UserPentes alias HostAdminForPentes tcp 0 65535 permit log any network 10.0.1.0 255.255.255.0 any deny log alias UserPentes network 10.0.1.0 255.255.255.0 any permit log alias UserPentes host 10.0.2.151 any permit log alias UserPentes network 10.0.3.0 255.255.255.0 any permit log alias UserPentes network 10.175.1.0 255.255.255.0 any permit log alias UserPentes network 10.88.88.0 255.255.255.0 any permit log alias UserPentes network 10.177.1.0 255.255.255.0 any permit log alias UserPentes network 10.0.4.4 255.255.255.252 any permit log alias UserPentes network 10.0.4.0 255.255.255.252 any permit log alias UserPentes host 172.31.17.2 any permit log alias UserPentes host 172.31.18.2 any permit log alias UserPentes host 10.0.11.4 any permit log any network 10.0.15.0 255.255.255.0 any deny log any network 10.0.2.0 255.255.255.0 any deny log any network 10.0.16.0 255.255.255.0 any deny log alias UserPentes host 10.0.5.1 any permit log any network 10.0.18.0 255.255.255.0 any deny log any any svc-http permit log any any svc-https permit log any any svc-dns permit log any network 192.168.9.0 255.255.255.0 any permit log any network 192.168.10.0 255.255.255.0 any permit log any network 10.0.3.0 255.255.255.0 any permit log alias UserVOD host 10.88.88.5 any permit log any any any deny log ! ip access-list session ukp4-admin-policy any any any permit ! ip access-list session cplogout user alias controller svc-https dst-nat 8081 ! ip access-list session apprf-ukp4-staff-role-sacl ! ip access-list session apprf-authenticated-sacl ! ip access-list session apprf-ukp4-vlankhusus-role-sacl ! ip access-list session ukp4-adminbaru-policy any any any permit log ! ip access-list session ukp4-satelite-policynew any host 10.0.3.3 any permit log any network 10.0.16.0 255.255.255.0 any deny log any any svc-dns permit any alias coin_server any permit any any any deny log any alias dns_server any permit log any any svc-http permit any any svc-https permit any any svc-icmp permit any any svc-dhcp permit any alias internal_server any permit any alias dmz any permit any alias dmz_2 any permit any alias email_server any permit any alias dns_server svc-dns permit any network 173.20.10.0 255.255.255.252 any permit any network 172.31.18.0 255.255.255.240 any permit any any svc-pop3 permit any any svc-smtp permit any any tcp 993 permit any any tcp 995 permit any any tcp 465 permit any any tcp 143 permit any network 10.0.15.0 255.255.255.0 any permit any any udp 4500 permit any any tcp 5100 permit any any tcp 5222 5223 permit any any udp 19305 19309 permit any any tcp 19305 19309 permit any network 10.0.1.0 255.255.255.0 any deny any alias network_devices any deny any network 10.0.2.0 255.255.255.0 any deny send-deny-response queue high ! ip access-list session apprf-ukp4-satelite-role-sacl ! ip access-list session allow-diskservices any any svc-netbios-dgm permit any any svc-netbios-ssn permit any any svc-microsoft-ds permit any any svc-netbios-ns permit ! ip access-list session v6-control ipv6 user any udp 547 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-dns permit ipv6 any any svc-papi permit ipv6 any any svc-sec-papi permit ipv6 any any svc-cfgm-tcp permit ipv6 any any svc-adp permit ipv6 any any svc-tftp permit ipv6 any any svc-dhcp permit ipv6 any any svc-natt permit ! ip access-list session vpnlogon user any svc-ike permit user any svc-esp permit any any svc-l2tp permit any any svc-pptp permit any any svc-gre permit ! ip access-list session ukp4-staff-policy host 10.0.15.131 host 10.0.2.247 any permit log any network 10.0.2.0 255.255.255.0 any deny log any network 10.0.1.0 255.255.255.0 any deny log any network 10.0.16.0 255.255.255.0 any deny log any network 10.0.20.0 255.255.255.0 any deny log any network 10.0.18.0 255.255.255.0 any deny log any host 10.0.3.3 any permit any host 192.168.10.250 any permit log any any svc-icmp permit any alias k/l_all_1 any deny any alias network_devices any deny any alias k/l_all_2 any deny any alias dns_server svc-dns permit any alias coin_server any permit any alias Box_Server any permit log any alias k/l_setneg any permit any host 10.0.3.19 any permit any any svc-http permit any alias dhcp_server svc-dhcp permit any any svc-https permit any alias email_server svc-smtp permit any alias email_server svc-pop3 permit any alias email_server any permit any alias printer any permit any any svc-dhcp permit any network 192.168.9.0 255.255.255.0 any permit any host 10.0.15.195 any permit any network 10.0.3.0 255.255.255.0 any permit log any host 10.0.17.63 any permit log any host 192.168.10.251 any permit log any host 103.28.106.184 any permit log host 10.0.15.91 host 10.0.11.2 any deny host 10.0.15.93 host 10.0.11.2 any deny ! ip access-list session apprf-guest-sacl ! ip access-list session v6-ap-acl ipv6 any any svc-gre permit ipv6 any any svc-syslog permit ipv6 any user svc-snmp permit ipv6 user any svc-snmp-trap permit ipv6 user any svc-ntp permit ipv6 user any svc-ftp permit ! ip access-list session dynamic-session-acl any any any src-nat pool dynamic-srcnat ! ip access-list session v6-icmp-acl ipv6 any any svc-v6-icmp permit ! ip access-list session v6-allowall ipv6 any any any permit ! ip access-list session apprf-default-via-role-sacl ! ip access-list session ukp4-newprof-policynew any alias k/l_all_2 any permit any network 192.168.9.0 255.255.255.0 any permit any alias k/l_all_1 any permit any any svc-http permit any any svc-https permit any any svc-dhcp permit any any svc-icmp permit any alias dhcp_server any permit any alias internal_server any permit any alias server_farm any permit any alias dmz any permit any alias email_server any permit any alias dns_server any permit any alias ip_pbx any permit any alias NTMC any permit any network 173.20.10.0 255.255.255.252 any permit any network 172.31.18.0 255.255.255.240 any permit any any svc-pop3 permit any any svc-smtp permit any any tcp 465 permit any any tcp 993 permit any any tcp 995 permit any any tcp 143 permit any any tcp 5100 permit any any udp 4500 permit any any udp 500 permit any network 10.0.15.0 255.255.255.0 any permit any any tcp 5222 5223 permit any any tcp 19305 19309 permit any any udp 19305 19309 permit any network 10.0.1.0 255.255.255.0 any deny ! ip access-list session ukp4-prof-policy any alias k/l_all_1 any permit any alias k/l_all_2 any permit any alias k/l_setneg any permit any any svc-http permit any any svc-https permit any any svc-icmp permit any any svc-dhcp permit any alias internal_server any permit any alias server_farm any permit any alias dmz any permit any alias dmz_2 any permit any alias email_server any permit any alias dns_server svc-dns permit any alias ip_pbx any permit any alias NTMC any permit any network 173.20.10.0 255.255.255.252 any permit any network 172.31.18.0 255.255.255.240 any permit any host 10.0.16.249 any permit any host 10.0.16.250 any permit any any svc-pop3 permit any any svc-smtp permit any any tcp 993 permit any any tcp 995 permit any any tcp 465 permit any any tcp 143 permit any network 10.0.15.0 255.255.255.0 any permit any any udp 4500 permit any any tcp 5100 permit any any tcp 5222 5223 permit any any udp 19305 19309 permit any any tcp 19305 19309 permit any network 10.0.1.0 255.255.255.0 any deny any alias network_devices any deny any network 10.0.2.0 255.255.255.0 any deny send-deny-response queue high ! ip access-list session validuser network 127.0.0.0 255.0.0.0 any any deny network 169.254.0.0 255.255.0.0 any any deny network 224.0.0.0 240.0.0.0 any any deny host 255.255.255.255 any any deny network 240.0.0.0 240.0.0.0 any any deny any any any permit ipv6 host fe80:: any any deny ipv6 network fc00::/7 any any permit ipv6 network fe80::/64 any any permit ipv6 any any any permit ! ip access-list session captiveportal user alias controller svc-https dst-nat 8081 user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 user any svc-http-proxy1 dst-nat 8088 user any svc-http-proxy2 dst-nat 8088 user any svc-http-proxy3 dst-nat 8088 ! ip access-list session v6-dns-acl ipv6 any any svc-dns permit ! ip access-list session ukp4-newprof-policy any alias k/l_all_1 any permit any alias k/l_all_2 any permit any any svc-http permit any any svc-https permit any alias internal_server any permit any alias server_farm any permit any alias dmz any permit any alias dmz_2 any permit any alias email_server any permit any alias dns_server any permit any host 10.0.16.249 any permit any host 10.0.16.250 any permit any alias ip_pbx any permit any alias NTMC any permit any network 173.20.10.0 255.255.255.252 any permit any network 172.31.18.0 255.255.255.240 any permit any any svc-pop3 permit any any svc-smtp permit any any tcp 993 permit any any tcp 995 permit any any tcp 465 permit any any tcp 143 permit any any tcp 5100 permit any any udp 4500 permit any any udp 500 permit ! ip access-list session apprf-cpbase-sacl ! ip access-list session allowall any any any permit ipv6 any any any permit ! ip access-list session h323-acl any any svc-h323-tcp permit queue high any any svc-h323-udp permit queue high ! ip access-list session dhcp-acl any any svc-dhcp permit ! ip access-list session v6-https-acl ipv6 any any svc-https permit ! ip access-list session ukp4-guest-postlogon-policy any network 10.0.1.0 255.255.255.0 any deny log any host 10.0.19.2 any deny log any network 192.168.10.0 255.255.255.0 any permit any network 192.168.9.0 255.255.255.0 any permit any network 192.168.9.0 255.255.255.0 svc-https permit any network 192.168.10.0 255.255.255.0 svc-http permit any network 192.168.10.0 255.255.255.0 svc-https permit any any svc-dhcp permit any any svc-dns permit any any svc-http permit any any svc-https permit any any tcp 993 995 permit any any tcp 25 permit any any tcp 465 permit any network 10.0.3.0 255.255.255.0 any permit log any host 91.190.218.46 any permit log any host 202.152.49.236 any permit log any any any deny log ! ip access-list session allow-printservices any any svc-lpd permit any any svc-ipp-tcp permit any any svc-ipp-udp permit any any svc-cups permit any any svc-lpd-tcp permit any any svc-lpd-udp permit ! ip access-list session apprf-ukp4-vlanujicoba-policy-sacl ! ip access-list session skinny-acl any any svc-sccp permit queue high ! ip access-list session https-acl any any svc-https permit ! ip access-list session apprf-ukp4-guest-prelogon-role-sacl ! ip access-list session ap-acl any any svc-gre permit any any svc-syslog permit any user svc-snmp permit user any svc-snmp-trap permit user any svc-ntp permit user any svc-ftp permit user any svc-http permit user any svc-http-accl permit user any svc-smb-tcp permit user any svc-msrpc-tcp permit user alias controller svc-ftp permit ! ip access-list session ukp4-guest-prelogon-policy any network 10.0.1.0 255.255.255.0 any deny log any network 10.0.2.0 255.255.255.0 any deny log any any svc-dhcp permit any any svc-dns permit any host 10.0.17.63 svc-netbios-dgm permit any any any deny ! ip access-list session Ukp4-Lantai2-Policy any network 10.0.15.0 255.255.255.0 any permit log any host 10.0.16.249 any permit log any host 10.0.16.250 any permit log any host 10.0.16.102 any permit log any host 10.0.18.254 any permit log any network 10.0.1.0 255.255.255.0 any deny send-deny-response log any network 10.0.2.0 255.255.255.0 any deny log any network 10.0.20.0 255.255.255.0 any deny log any network 10.0.18.0 255.255.255.0 any deny log any any svc-http permit log any any svc-smtp permit log any any svc-https permit log any any svc-dhcp permit log any any svc-pop3 permit log any any svc-icmp permit log any any tcp 993 995 permit log any any tcp 465 permit log any any tcp 143 permit log any any tcp 19305 19309 permit any any tcp 5100 permit log any any udp 4500 permit log any any tcp 5222 5223 permit log any any udp 19305 19309 permit log any alias internal_server any permit log any alias k/l_all_1 any permit log any alias k/l_all_2 any permit log any host 10.31.1.10 any permit any alias server_farm any permit log any alias k/l_setneg any permit log any alias dmz any permit log any alias ip_pbx any permit log any alias dmz_2 any permit log any alias email_server any permit log any alias dns_server any permit log any alias NTMC any permit log any network 173.20.10.0 255.255.255.252 any permit log any network 172.31.18.0 255.255.255.240 any permit log any host 130.88.250.157 any permit log any any tcp 1935 permit log any network 10.175.1.0 255.255.255.0 any permit log any alias Box_Server any permit log ! ip access-list session VLANUJICOBA any any svc-http permit any any svc-https permit any any svc-dns permit log any network 192.168.10.0 255.255.255.0 any permit any network 192.168.9.0 255.255.255.0 any permit log any network 10.0.3.0 255.255.255.0 any permit log any network 10.0.11.0 255.255.255.0 any permit log any host 10.88.88.5 any permit log any network 10.88.88.0 255.255.255.0 any deny log any any svc-icmp permit log any any tcp 8443 permit ! ip access-list session apprf-ukp4-guest-postlogon-role-sacl ! ip access-list session control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-papi permit any any svc-sec-papi permit any any svc-cfgm-tcp permit any any svc-adp permit any any svc-tftp permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session captiveportal6 ipv6 user alias controller6 svc-https captive ipv6 user any svc-http captive ipv6 user any svc-https captive ipv6 user any svc-http-proxy1 captive ipv6 user any svc-http-proxy2 captive ipv6 user any svc-http-proxy3 captive ! ip access-list session ukp4-satelite-policy any alias email_server any permit log any alias dmz any permit any host 10.0.3.3 any permit log any network 10.0.2.0 255.255.255.0 any deny log any network 10.0.15.0 255.255.255.0 any deny log any network 10.0.1.0 255.255.255.0 any deny log any network 10.0.16.0 255.255.255.0 any deny log any network 10.0.20.0 255.255.255.0 any deny log any any svc-icmp permit any any svc-dhcp permit any any svc-dns permit any any svc-http permit any any svc-https permit any alias coin_server any permit any alias dmz_2 any permit any alias dns_server any permit log any alias dhcp_server svc-dhcp permit any host 118.97.100.60 tcp 22 permit log any network 10.0.18.0 255.255.255.0 any permit log any host 192.168.10.250 any permit log any host 192.168.10.251 any permit log any any tcp 993 995 permit log any any tcp 587 permit log any any tcp 465 permit log any any tcp 25 permit log any host 173.194.126.85 any permit log any host 103.28.106.184 any permit log ! ip access-list session noe-acl any any svc-noe permit queue high ! ip access-list session dns-acl any any svc-dns permit ! ip access-list session apprf-ukp4-staff-policy-sacl ! vpn-dialer default-dialer ike authentication PRE-SHARE ****** ! user-role ukp4-guest-prelogon-role vlan 115 captive-portal "ukp4-captive-portal" access-list session global-sacl access-list session apprf-ukp4-guest-prelogon-role-sacl access-list session captiveportal access-list session ukp4-guest-prelogon-policy ! user-role default-via-role access-list session global-sacl access-list session apprf-default-via-role-sacl access-list session allowall access-list session v6-allowall ! user-role ukp4-prof-role vlan 114 access-list session global-sacl access-list session apprf-ukp4-prof-role-sacl access-list session Ukp4-Lantai2-Policy ! user-role ap-role access-list session ra-guard access-list session control access-list session ap-acl access-list session v6-control access-list session v6-ap-acl ! user-role ukp4-staff-role vlan 113 access-list session global-sacl access-list session apprf-ukp4-staff-role-sacl access-list session ukp4-staff-policy ! user-role ukp4-vlankhusus-role vlan 117 access-list session global-sacl access-list session apprf-ukp4-vlankhusus-role-sacl access-list session ukp4-vlankhusus-policy ! user-role stateful-dot1x access-list session global-sacl access-list session apprf-stateful-dot1x-sacl ! user-role guest-logon captive-portal "default" access-list session ra-guard access-list session logon-control access-list session captiveportal access-list session v6-logon-control access-list session captiveportal6 ! user-role ukp4-vlanujicoba-policy vlan 118 access-list session global-sacl access-list session apprf-ukp4-vlanujicoba-policy-sacl access-list session VLANUJICOBA ! user-role voice access-list session global-sacl access-list session apprf-voice-sacl access-list session ra-guard access-list session sip-acl access-list session noe-acl access-list session svp-acl access-list session vocera-acl access-list session skinny-acl access-list session h323-acl access-list session dhcp-acl access-list session tftp-acl access-list session dns-acl access-list session icmp-acl ! user-role default-vpn-role access-list session global-sacl access-list session apprf-default-vpn-role-sacl access-list session ra-guard access-list session allowall access-list session v6-allowall ! user-role ukp4-staff-policy vlan 113 access-list session global-sacl access-list session apprf-ukp4-staff-policy-sacl ! user-role ukp4-admin-role vlan 100 access-list session global-sacl access-list session apprf-ukp4-admin-role-sacl access-list session ukp4-adminbaru-policy ! user-role logon access-list session ra-guard access-list session logon-control access-list session captiveportal access-list session vpnlogon access-list session v6-logon-control access-list session captiveportal6 ! user-role cpbase access-list session global-sacl access-list session apprf-cpbase-sacl ! user-role authenticated access-list session global-sacl access-list session apprf-authenticated-sacl access-list session ra-guard access-list session allowall access-list session v6-allowall ! user-role ukp4-satelite-role vlan 116 access-list session global-sacl access-list session apprf-ukp4-satelite-role-sacl access-list session ukp4-satelite-policy ! user-role ukp4-guest-postlogon-role access-list session global-sacl access-list session apprf-ukp4-guest-postlogon-role-sacl access-list session ukp4-guest-postlogon-policy access-list session cplogout ! user-role denyall ! user-role guest access-list session global-sacl access-list session apprf-guest-sacl access-list session ra-guard access-list session http-acl access-list session https-acl access-list session dhcp-acl access-list session icmp-acl access-list session dns-acl access-list session v6-http-acl access-list session v6-https-acl access-list session v6-dhcp-acl access-list session v6-icmp-acl access-list session v6-dns-acl ! ! no kernel coredump interface mgmt ! dialer group evdo_us init-string ATQ0V1E0 dial-string ATDT#777 ! dialer group gsm_us init-string AT+CGDCONT=1,"IP","ISP.CINGULAR" dial-string ATD*99# ! dialer group gsm_asia init-string AT+CGDCONT=1,"IP","internet" dial-string ATD*99***1# ! dialer group vivo_br init-string AT+CGDCONT=1,"IP","zap.vivo.com.br" dial-string ATD*99# ! vlan 10 vlan 100 vlan 113 vlan 114 vlan 115 vlan 116 vlan 117 vlan 118 interface gigabitethernet 0/0/0 description "GE0/0/0" trusted trusted vlan 1-4094 switchport mode trunk switchport trunk allowed vlan 1,10,100,113-118 ! interface gigabitethernet 0/0/1 description "GE0/0/1" trusted trusted vlan 1-4094 ! interface gigabitethernet 0/0/2 description "GE0/0/2" trusted trusted vlan 1-4094 ! interface gigabitethernet 0/0/3 description "GE0/0/3" trusted trusted vlan 1-4094 ! interface gigabitethernet 0/0/4 description "GE0/0/4" trusted trusted vlan 1-4094 switchport mode trunk ! interface gigabitethernet 0/0/5 description "GE0/0/5" trusted trusted vlan 1-4094 switchport mode trunk ! interface gigabitethernet 0/0/6 description "GE0/0/6" trusted trusted vlan 1-4094 ! interface gigabitethernet 0/0/7 description "GE0/0/7" trusted trusted vlan 1-4094 ! interface gigabitethernet 0/0/8 description "GE0/0/8" trusted trusted vlan 1-4094 ! interface gigabitethernet 0/0/9 description "GE0/0/9" trusted trusted vlan 1-4094 ! interface gigabitethernet 0/0/10 description "GE0/0/10" trusted trusted vlan 1-4094 ! interface gigabitethernet 0/0/11 description "GE0/0/11" trusted trusted vlan 1-4094 ! interface gigabitethernet 0/0/12 description "GE0/0/12" trusted trusted vlan 1-4094 ! interface gigabitethernet 0/0/13 description "GE0/0/13" trusted trusted vlan 1-4094 ! interface gigabitethernet 0/0/14 description "GE0/0/14" trusted trusted vlan 1-4094 ! interface gigabitethernet 0/0/15 description "GE0/0/15" trusted trusted vlan 1-4094 ! interface gigabitethernet 0/0/16 description "GE0/0/16" trusted trusted vlan 1-4094 ! interface gigabitethernet 0/0/17 description "GE0/0/17" trusted trusted vlan 1-4094 ! interface vlan 1 ip address 10.0.1.24 255.255.255.0 ! interface vlan 10 ip address 10.0.14.6 255.255.255.0 operstate up ! interface vlan 113 ip address 10.0.15.6 255.255.255.0 operstate up ! interface vlan 114 ip address 10.0.16.6 255.255.255.0 operstate up ! interface vlan 115 ip address 10.0.17.6 255.255.255.0 operstate up ! interface vlan 116 ip address 10.0.18.6 255.255.255.0 operstate up ! interface vlan 117 ip address 10.0.20.6 255.255.255.0 operstate up ! interface vlan 118 ip address 10.0.21.6 255.255.255.0 operstate up ! interface vlan 100 operstate up ! ! ip default-gateway 10.0.1.1 no uplink wired vlan 1 uplink disable ip nexthop-list pan-gp-ipsec-map-list ! crypto isakmp policy 20 encryption aes256 ! crypto isakmp policy 10001 ! crypto isakmp policy 10002 encryption aes256 authentication rsa-sig ! crypto isakmp policy 10003 encryption aes256 ! crypto isakmp policy 10004 version v2 encryption aes256 authentication rsa-sig ! crypto isakmp policy 10005 encryption aes256 ! crypto isakmp policy 10006 version v2 encryption aes128 authentication rsa-sig ! crypto isakmp policy 10007 version v2 encryption aes128 ! crypto isakmp policy 10008 version v2 encryption aes128 hash sha2-256-128 group 19 authentication ecdsa-256 prf prf-hmac-sha256 ! crypto isakmp policy 10009 version v2 encryption aes256 hash sha2-384-192 group 20 authentication ecdsa-384 prf prf-hmac-sha384 ! crypto isakmp policy 10012 version v2 encryption aes256 authentication rsa-sig ! crypto isakmp policy 10013 encryption aes256 ! crypto ipsec transform-set default-ha-transform esp-3des esp-sha-hmac crypto ipsec transform-set default-boc-bm-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-1st-ikev2-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-3rd-ikev2-transform esp-aes128 esp-sha-hmac crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac crypto dynamic-map default-rap-ipsecmap 10001 version v2 set transform-set "default-gcm256" "default-gcm128" "default-rap-transform" ! crypto dynamic-map default-dynamicmap 10000 set transform-set "default-transform" "default-aes" ! crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-mschapv2 vpdn group l2tp ! ip dhcp excluded-address 10.0.17.63 ip dhcp pool ukp4-guest default-router 10.0.17.1 dns-server 192.168.10.250 192.168.10.251 domain-name ukp.go.id network 10.0.17.0 255.255.255.0 authoritative ! service dhcp ! syslocation "Binagraha UKP4" syscontact "admin@ukp.go.id" vpdn group pptp ! tunneled-node-address 0.0.0.0 ap-crash-transfer adp discovery enable adp igmp-join enable adp igmp-vlan 0 voice rtcp-inactivity disable voice alg-based-cac enable voice sip-midcall-req-timeout disable ap ap-blacklist-time 3600 ap flush-r1-on-new-r0 disable amon msg-buffer-size 1400 no ssh mgmt-auth public-key ssh mgmt-auth username/password mgmt-user admin root ff9e3c90017aa88bba9f520a54eecc613779c619dc9e5202ed ntp server 10.0.1.1 no database synchronize ip mobile domain default ! ! ! airgroup mdns "disable" ! airgroup dlna "disable" ! airgroup location-discovery "enable" ! ! airgroup active-wireless-discovery "disable" ! airgroupservice "airplay" id "_airplay._tcp" id "_raop._tcp" id "_appletv-v2._tcp" description "AirPlay" ! airgroupservice "airprint" id "_ipp._tcp" id "_pdl-datastream._tcp" id "_printer._tcp" id "_scanner._tcp" id "_universal._sub._ipp._tcp" id "_universal._sub._ipps._tcp" id "_printer._sub._http._tcp" id "_http._tcp" id "_http-alt._tcp" id "_ipp-tls._tcp" id "_fax-ipp._tcp" id "_riousbprint._tcp" id "_cups._sub._ipp._tcp" id "_cups._sub._fax-ipp._tcp" id "_ica-networking._tcp" id "_ptp._tcp" id "_canon-bjnp1._tcp" id "_ipps._tcp" id "_ica-networking2._tcp" description "AirPrint" ! airgroupservice "itunes" id "_home-sharing._tcp" id "_apple-mobdev._tcp" id "_daap._tcp" id "_dacp._tcp" description "iTunes" ! airgroupservice "remotemgmt" id "_ssh._tcp" id "_sftp-ssh._tcp" id "_ftp._tcp" id "_telnet._tcp" id "_rfb._tcp" id "_net-assistant._tcp" description "Remote management" ! airgroupservice "sharing" id "_odisk._tcp" id "_afpovertcp._tcp" id "_xgrid._tcp" description "Sharing" ! airgroupservice "chat" id "_presence._tcp" description "Chat" ! airgroupservice "googlecast" id "_googlecast._tcp" description "GoogleCast supported by Chromecast etc" ! airgroupservice "AmazonTV" id "_amzn-wplay._tcp" description "Amazon fire tv" ! airgroupservice "DIAL" id "urn:dial-multiscreen-org:service:dial:1" id "urn:dial-multiscreen-org:device:dial:1" description "DIAL supported by Chromecast, FireTV, Roku etc" ! airgroupservice "DLNA Media" id "urn:schemas-upnp-org:device:MediaServer:1" id "urn:schemas-upnp-org:device:MediaServer:2" id "urn:schemas-upnp-org:device:MediaServer:3" id "urn:schemas-upnp-org:device:MediaServer:4" id "urn:schemas-upnp-org:device:MediaRenderer:1" id "urn:schemas-upnp-org:device:MediaRenderer:2" id "urn:schemas-upnp-org:device:MediaRenderer:3" id "urn:schemas-upnp-org:device:MediaPlayer:1" description "Media" ! airgroupservice "DLNA Print" id "urn:schemas-upnp-org:device:Printer:1" id "urn:schemas-upnp-org:service:PrintBasic:1" id "urn:schemas-upnp-org:service:PrintEnhanced:1" description "Print" ! airgroupservice "allowall" description "Remaining-Services" ! airgroup service "airplay" enable ! airgroup service "airprint" enable ! airgroup service "itunes" disable ! airgroup service "remotemgmt" disable ! airgroup service "sharing" disable ! airgroup service "chat" disable ! airgroup service "googlecast" disable ! airgroup service "AmazonTV" disable ! airgroup service "DIAL" enable ! airgroup service "DLNA Media" disable ! airgroup service "DLNA Print" disable ! airgroup service "allowall" disable ! ip igmp ! ipv6 mld ! no firewall attack-rate cp 1024 firewall enable ICE-STUN based firewall traversal firewall attack-rate grat-arp 50 drop firewall web-cc ipv6 firewall ext-hdr-parse-len 100 ! ! firewall cp ! ip domain lookup ! country SG aaa authentication mac "default" ! aaa authentication dot1x "default" ! aaa authentication dot1x "ukp4-staff-dot.x" termination enable termination eap-type eap-peap termination inner-eap-type eap-mschapv2 ! aaa authentication dot1x "ukp4-staff-dot1x" termination enable termination eap-type eap-peap termination inner-eap-type eap-mschapv2 ! aaa authentication-server radius "local_radius" host "127.0.0.1" key 8f09dead8e8594f676b8ac226f8477a70a7e63bffb2b03e3 ! aaa authentication-server radius "ukp4-ias" host "10.0.3.99" key e2ea7daae2c4be27dd74cde9e7ce9da9d987f586e1396cdb use-ip-for-calling-station ! aaa authentication-server ldap "LDAP-UKP4" host 10.0.3.27 admin-dn "cn=Directory Manager" admin-passwd a9145555f57c6c5b691b15eee4b92a71 allow-cleartext authport 9700 base-dn "dc=ukp,dc=go,dc=id" key-attribute "uid" ! aaa server-group "default" auth-server Internal set role condition role value-of ! aaa server-group "radius-acc-internal" auth-server local_radius set role condition Filter-Id equals "ADMIN" set-value ukp4-admin-role set role condition Role value-of ! aaa server-group "ukp4-ais" auth-server ukp4-ias ! aaa server-group "ukp4-IAS" auth-server ukp4-ias set role condition Filter-Id equals "ADMIN" set-value ukp4-admin-role set role condition Filter-Id equals "STAFF" set-value ukp4-staff-role set role condition Filter-Id equals "PROF" set-value ukp4-prof-role set role condition Filter-Id equals "SATELITE" set-value ukp4-satelite-role set role condition Filter-Id equals "VLANKHUSUS" set-value ukp4-vlankhusus-role set role condition Filter-Id equals "VLANUJICOBA" set-value ukp4-vlanujicoba-policy ! aaa server-group "ukp4-nps" set role condition Filter-Id equals "ADMIN" set-value ukp4-admin-role ! aaa server-group "ukp4-radius" set role condition Filter-Id equals "ADMIN" set-value ukp4-admin-role set role condition Filter-Id equals "STAFF" set-value ukp4-staff-role set role condition Filter-Id equals "PROF" set-value ukp4-prof-role ! aaa profile "aaa-test-internaldb" authentication-dot1x "ukp4-staff-dot1x" dot1x-default-role "authenticated" dot1x-server-group "internal" radius-accounting "radius-acc-internal" ! aaa profile "aaa-ukp4-guest" initial-role "ukp4-guest-prelogon-role" ! aaa profile "aaa-ukp4-staff" authentication-dot1x "ukp4-staff-dot1x" dot1x-default-role "ukp4-admin-role" dot1x-server-group "ukp4-IAS" ! aaa profile "default" ! aaa authentication captive-portal "default" welcome-page "/upload/custom/default/istana.jpg" ! aaa authentication captive-portal "ksp" server-group "internal" ! aaa authentication captive-portal "ukp4-captive-portal" default-role "ukp4-guest-postlogon-role" server-group "internal" ! aaa authentication wispr "default" ! aaa authentication vpn "default" ! aaa authentication vpn "default-rap" ! aaa authentication mgmt server-group "ukp4-IAS" ! aaa authentication stateful-ntlm "default" ! aaa authentication stateful-kerberos "default" ! aaa authentication stateful-dot1x ! aaa authentication wired ! web-server profile ! guest-access-email ! voice logging ! voice dialplan-profile "default" ! app lync traffic-control "default" ! voice real-time-config ! voice sip ! aaa password-policy mgmt ! control-plane-security no cpsec-enable ! ids wms-general-profile ! ids wms-local-system-profile ! valid-network-oui-profile ! upgrade-profile ! license profile ! activate-service-whitelist ! file syncing profile ! ifmap cppm ! pan profile "default" ! pan-options ! pan active-profile ! lcd-menu ! ip-flow-export-profile ! ap system-profile "default" bkup-passwords 2bfcfed725bc15629c49c7329a08f81347bbe9fc88aa5a65 ! ap regulatory-domain-profile "default" country-code SG valid-11g-channel 1 valid-11g-channel 6 valid-11g-channel 11 valid-11a-channel 149 valid-11a-channel 153 valid-11a-channel 157 valid-11a-channel 161 valid-11g-40mhz-channel-pair 1-5 valid-11g-40mhz-channel-pair 7-11 valid-11a-40mhz-channel-pair 149-153 valid-11a-40mhz-channel-pair 157-161 valid-11a-80mhz-channel-group 149-161 ! ap wired-ap-profile "default" ! ap enet-link-profile "default" ! ap mesh-ht-ssid-profile "default" ! ap lldp med-network-policy-profile "default" ! ap mesh-cluster-profile "default" ! ap lldp profile "default" ! ap mesh-radio-profile "default" ! ap wired-port-profile "default" ! ids general-profile "default" ! ids unauthorized-device-profile "default" ! ids profile "default" ! rf arm-profile "arm-maintain" assignment maintain no scanning ! rf arm-profile "arm-scan" ! rf arm-profile "default" max-tx-power 12 ! rf optimization-profile "default" ! rf event-thresholds-profile "default" ! rf am-scan-profile "default" ! rf dot11a-radio-profile "default" ! rf dot11a-radio-profile "KSP" ! rf dot11a-radio-profile "rp-maintain-a" arm-profile "arm-maintain" ! rf dot11a-radio-profile "rp-monitor-a" mode am-mode ! rf dot11a-radio-profile "rp-scan-a" arm-profile "arm-scan" ! rf dot11g-radio-profile "default" ! rf dot11g-radio-profile "rp-maintain-g" arm-profile "arm-maintain" ! rf dot11g-radio-profile "rp-monitor-g" mode am-mode ! rf dot11g-radio-profile "rp-scan-g" arm-profile "arm-scan" ! wlan handover-trigger-profile "default" ! wlan rrm-ie-profile "default" ! wlan bcn-rpt-req-profile "default" ! wlan dot11r-profile "default" ! wlan tsm-req-profile "default" ! wlan voip-cac-profile "default" ! wlan ht-ssid-profile "default" ! wlan hotspot anqp-venue-name-profile "default" ! wlan hotspot anqp-nwk-auth-profile "default" ! wlan hotspot anqp-roam-cons-profile "default" ! wlan hotspot anqp-nai-realm-profile "default" ! wlan hotspot anqp-3gpp-nwk-profile "default" ! wlan hotspot h2qp-operator-friendly-name-profile "default" ! wlan hotspot h2qp-wan-metrics-profile "default" ! wlan hotspot h2qp-conn-capability-profile "default" ! wlan hotspot h2qp-op-cl-profile "default" ! wlan hotspot anqp-ip-addr-avail-profile "default" ! wlan hotspot anqp-domain-name-profile "default" ! wlan edca-parameters-profile station "default" ! wlan edca-parameters-profile ap "default" ! wlan dot11k-profile "default" ! wlan ssid-profile "default" ! wlan ssid-profile "saman_1" essid "SAMAN_1" opmode wpa2-aes g-basic-rates 11 12 18 24 36 48 54 g-tx-rates 11 12 18 24 36 48 54 ! wlan ssid-profile "saman_2" essid "SAMAN_2" opmode wpa2-aes g-basic-rates 11 12 18 24 36 48 54 g-tx-rates 11 12 18 24 36 48 54 ! wlan ssid-profile "test_internal" essid "GUEST" ! wlan ssid-profile "ukp4-guest" essid "BERANDA" g-basic-rates 11 12 18 24 36 48 54 g-tx-rates 11 12 18 24 36 48 54 ! wlan ssid-profile "ukp4-staff" essid "SAMAN_1" opmode wpa2-aes ! wlan hotspot advertisement-profile "default" ! wlan hotspot hs2-profile "default" ! wlan virtual-ap "default" ! wlan virtual-ap "GUEST" aaa-profile "aaa-ukp4-guest" ssid-profile "test_internal" ! wlan virtual-ap "internalAP" aaa-profile "aaa-test-internaldb" ssid-profile "test_internal" vlan 113,116 ! wlan virtual-ap "SAMAN_1" aaa-profile "aaa-ukp4-staff" ssid-profile "saman_2" vlan 113,116 band-steering broadcast-filter all ! wlan virtual-ap "SAMAN_2" aaa-profile "aaa-ukp4-staff" ssid-profile "saman_1" vlan 113,116 band-steering broadcast-filter all ! wlan virtual-ap "ukp4-guest" aaa-profile "aaa-ukp4-guest" ssid-profile "ukp4-guest" vlan 115 band-steering broadcast-filter all ! wlan virtual-ap "ukp4-staff" aaa-profile "aaa-ukp4-staff" ssid-profile "ukp4-staff" vlan 114 ! wlan virtual-ap "UKP4-staff2" aaa-profile "aaa-ukp4-staff" ssid-profile "ukp4-staff" ! ap provisioning-profile "default" ! rf arm-rf-domain-profile arm-rf-domain-key "280e59cdf621d0282744b7c23840705a" ! ap-lacp-striping-ip ! ap general-profile ! ap-group "default" ! ap-group "ukp4-ap" virtual-ap "ukp4-guest" virtual-ap "SAMAN_2" virtual-ap "SAMAN_1" ! airgroup cppm-server aaa ! logging level warnings security subcat ids logging level warnings security subcat ids-ap snmp-server enable trap snmp-server trap source 0.0.0.0 snmp-server trap disable wlsxAdhocNetwork snmp-server trap disable wlsxAdhocNetworkBridgeDetectedAP snmp-server trap disable wlsxAdhocNetworkBridgeDetectedSta snmp-server trap disable wlsxAdhocUsingValidSSID snmp-server trap disable wlsxAuthMaxAclEntries snmp-server trap disable wlsxAuthMaxBWContracts snmp-server trap disable wlsxAuthMaxUserEntries snmp-server trap disable wlsxAuthServerIsUp snmp-server trap disable wlsxAuthServerReqTimedOut snmp-server trap disable wlsxAuthServerTimedOut snmp-server trap disable wlsxChannelChanged snmp-server trap disable wlsxCoverageHoleDetected snmp-server trap disable wlsxDBCommunicationFailure snmp-server trap disable wlsxDisconnectStationAttack snmp-server trap disable wlsxESIServerDown snmp-server trap disable wlsxESIServerUp snmp-server trap disable wlsxFanFailure snmp-server trap disable wlsxFanTrayInserted snmp-server trap disable wlsxFanTrayRemoved snmp-server trap disable wlsxGBICInserted snmp-server trap disable wlsxIpSpoofingDetected snmp-server trap disable wlsxLCInserted snmp-server trap disable wlsxLCRemoved snmp-server trap disable wlsxLicenseExpiry snmp-server trap disable wlsxLowMemory snmp-server trap disable wlsxLowOnFlashSpace snmp-server trap disable wlsxOutOfRangeTemperature snmp-server trap disable wlsxOutOfRangeVoltage snmp-server trap disable wlsxPowerSupplyFailure snmp-server trap disable wlsxPowerSupplyMissing snmp-server trap disable wlsxProcessDied snmp-server trap disable wlsxProcessExceedsMemoryLimits snmp-server trap disable wlsxSCInserted snmp-server trap disable wlsxSignatureMatch snmp-server trap disable wlsxStaUnAssociatedFromUnsecureAP snmp-server trap disable wlsxStationAddedToBlackList snmp-server trap disable wlsxStationRemovedFromBlackList snmp-server trap disable wlsxSwitchIPChanged snmp-server trap disable wlsxSwitchRoleChange snmp-server trap disable wlsxUserAuthenticationFailed snmp-server trap disable wlsxUserEntryAuthenticated snmp-server trap disable wlsxUserEntryChanged snmp-server trap disable wlsxUserEntryCreated snmp-server trap disable wlsxUserEntryDeAuthenticated snmp-server trap disable wlsxUserEntryDeleted snmp-server trap disable wlsxVrrpStateChange firewall-visibility process monitor log ip probe default mode Ping frequency 5 retries 3 burst-size 5 ! end