show running-config Building Configuration... version 6.1 enable secret "******" hostname "OAW-4704" clock timezone PST -8 location "Building1.floor1" controller config 562 crypto-local pki ServerCert all-cer oaw_shoumeisho crypto-local pki ServerCert captive-portal-musen musen2_newcert.pem crypto-local pki ServerCert nichidai musen2_newcert.pem crypto-local pki ServerCert oaw-cert server.crt crypto-local pki ServerCert ser-chu-key ser-chu-key crypto-local pki PublicCert ca-pub nii-odca2.crt ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0 ip access-list eth validuserethacl permit any ! netservice svc-pcoip2-tcp tcp 4172 netservice svc-snmp-trap udp 162 netservice svc-netbios-dgm udp 138 netservice svc-citrix tcp 2598 netservice svc-dhcp udp 67 68 alg dhcp netservice svc-smb-tcp tcp 445 netservice svc-https tcp 443 netservice svc-ike udp 500 netservice svc-l2tp udp 1701 netservice svc-syslog udp 514 netservice svc-ica tcp 1494 netservice svc-pptp tcp 1723 netservice svc-telnet tcp 23 netservice svc-http-accl tcp 88 netservice svc-sccp tcp 2000 alg sccp netservice svc-sec-papi udp 8209 netservice svc-tftp udp 69 alg tftp netservice svc-kerberos udp 88 netservice svc-sip-tcp tcp 5060 netservice svc-netbios-ssn tcp 139 netservice svc-pcoip-udp udp 50002 netservice svc-pcoip-tcp tcp 50002 netservice svc-pop3 tcp 110 netservice svc-adp udp 8200 netservice svc-cfgm-tcp tcp 8211 netservice svc-noe udp 32512 alg noe netservice svc-http-proxy3 tcp 8888 netservice svc-lpd-tcp tcp 631 netservice svc-dns udp 53 alg dns netservice svc-msrpc-tcp tcp 135 139 netservice svc-rtsp tcp 554 alg rtsp netservice svc-http tcp 80 netservice svc-vocera udp 5002 alg vocera netservice svc-h323-tcp tcp 1720 netservice svc-h323-udp udp 1718 1719 netservice svc-nterm tcp 1026 1028 netservice svc-sip-udp udp 5060 netservice svc-http-proxy2 tcp 8080 netservice svc-papi udp 8211 netservice svc-noe-oxo udp 5000 alg noe netservice svc-ftp tcp 21 alg ftp netservice svc-natt udp 4500 netservice svc-svp 119 alg svp netservice svc-microsoft-ds tcp 445 netservice svc-gre 47 netservice svc-smtp tcp 25 netservice svc-smb-udp udp 445 netservice svc-sips tcp 5061 alg sips netservice svc-netbios-ns udp 137 netservice svc-esp 50 netservice svc-cups tcp 515 netservice svc-pcoip2-udp udp 4172 netservice svc-bootp udp 67 69 netservice svc-snmp udp 161 netservice svc-v6-dhcp udp 546 547 netservice svc-icmp 1 netservice svc-ntp udp 123 netservice svc-msrpc-udp udp 135 139 netservice svc-ssh tcp 22 netservice svc-http-proxy1 tcp 3128 netservice svc-v6-icmp 58 netservice svc-lpd-udp udp 631 netservice svc-vmware-rdp tcp 3389 netexthdr default ! time-range night-hours periodic weekday 18:01 to 23:59 weekday 00:00 to 07:59 ! time-range weekend periodic weekend 00:00 to 23:59 ! time-range working-hours periodic weekday 08:00 to 18:00 ! time-range night-hours periodic weekday 18:01 to 23:59 weekday 00:00 to 07:59 ! time-range weekend periodic weekend 00:00 to 23:59 ! time-range working-hours periodic weekday 08:00 to 18:00 ! ip access-list session allow-diskservices any any svc-netbios-dgm permit any any svc-netbios-ssn permit any any svc-microsoft-ds permit any any svc-netbios-ns permit ! ip access-list session control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-papi permit any any svc-sec-papi permit any any svc-cfgm-tcp permit any any svc-adp permit any any svc-tftp permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session v6-icmp-acl any any svc-v6-icmp permit ! ip access-list session validuser network 169.254.0.0 255.255.0.0 any any deny any any any permit ipv6 any any any permit ! ip access-list session vocera-acl any any svc-vocera permit queue high ! ip access-list session v6-https-acl any any svc-https permit ! ip access-list session vmware-acl any any svc-vmware-rdp permit tos 46 dot1p-priority 6 any any svc-pcoip-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip-udp permit tos 46 dot1p-priority 6 any any svc-pcoip2-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip2-udp permit tos 46 dot1p-priority 6 ! ip access-list session icmp-acl any any svc-icmp permit ! ip access-list session portal-use any host 192.168.4.73 any permit any host 192.168.4.8 any permit any host 192.168.4.45 udp 123 permit any host 172.16.128.9 any permit ! ip access-list session captiveportal user alias controller svc-https dst-nat 8081 user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 user any svc-http-proxy1 dst-nat 8088 user any svc-http-proxy2 dst-nat 8088 user any svc-http-proxy3 dst-nat 8088 ! ip access-list session v6-dhcp-acl any any svc-v6-dhcp permit ! ip access-list session allowall any any any permit ! ip access-list session v6-dns-acl any any svc-dns permit ! ip access-list session sip-acl any any svc-sip-udp permit queue high any any svc-sip-tcp permit queue high ! ip access-list session https-acl any any svc-https permit ! ip access-list session ra-guard ipv6 user any icmpv6 rtr-adv deny ! ip access-list session citrix-acl any any svc-citrix permit tos 46 dot1p-priority 6 any any svc-ica permit tos 46 dot1p-priority 6 ! ip access-list session dns-acl any any svc-dns permit ! ip access-list session toshokan-client host 172.16.103.23 any svc-http deny host 172.16.103.23 any svc-https deny host 172.16.103.20 any svc-http deny host 172.16.103.20 any svc-https deny host 172.16.103.21 any svc-http deny host 172.16.103.21 any svc-https permit host 172.16.96.185 any svc-http deny host 172.16.96.185 any svc-https permit ! ip access-list session allow-printservices any any svc-cups permit any any svc-lpd-tcp permit any any svc-lpd-udp permit ! ip access-list session logon-control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session vpnlogon user any svc-ike permit user any svc-esp permit any any svc-l2tp permit any any svc-pptp permit any any svc-gre permit ! ip access-list session srcnat user any any src-nat ! ip access-list session skinny-acl any any svc-sccp permit queue high ! ip access-list session tftp-acl any any svc-tftp permit ! ip access-list session v6-allowall any any any permit ! ip access-list session cplogout user alias controller svc-https dst-nat 8081 ! ip access-list session dhcp-acl any any svc-dhcp permit ! ip access-list session http-acl any any svc-http permit ! ip access-list session v6-http-acl any any svc-http permit ! ip access-list session captiveportal6 ! ip access-list session ad-use any host 133.43.235.2 any permit any host 133.43.235.3 any permit ! ip access-list session syunkai_use network 172.16.128.0 255.255.192.0 host 172.16.128.9 any permit host 172.16.128.9 network 172.168.128.0 255.255.192.0 any permit ! ip access-list session ap-uplink-acl any any udp 68 permit any any svc-icmp permit any host 224.0.0.251 udp 5353 permit ! ip access-list session virus_use any host 192.168.4.117 any permit ! ip access-list session ap-acl any any svc-gre permit any any svc-syslog permit any user svc-snmp permit user any svc-http permit user any svc-http-accl permit user any svc-smb-tcp permit user any svc-msrpc-tcp permit user any svc-snmp-trap permit user any svc-ntp permit user alias controller svc-ftp permit ! ip access-list session svp-acl any any svc-svp permit queue high user host 224.0.1.116 any permit ! ip access-list session noe-acl any any svc-noe permit queue high ! ip access-list session opac any host 133.43.227.114 svc-https permit ! ip access-list session h323-acl any any svc-h323-tcp permit queue high any any svc-h323-udp permit queue high ! ip access-list session v6-logon-control user any udp 68 deny any any svc-v6-icmp permit any any svc-v6-dhcp permit any any svc-dns permit ! vpn-dialer default-dialer ike authentication PRE-SHARE ****** ! user-role ap-role access-list session control access-list session ap-acl ! user-role MatudoSSID-guest-logon captive-portal "MatudoSSID-cp_prof" access-list session logon-control access-list session portal-use access-list session virus_use access-list session captiveportal ! user-role vlan30 vlan VLAN_30 captive-portal "MatudoSSID-cp_prof" access-list session logon-control access-list session portal-use access-list session virus_use access-list session ad-use access-list session opac access-list session captiveportal ! user-role vlan20 vlan VLAN_20 captive-portal "MatudoSSID-cp_prof" access-list session logon-control access-list session portal-use access-list session virus_use access-list session ad-use access-list session opac access-list session captiveportal ! user-role default-vpn-role access-list session v6-allowall access-list session allowall ! user-role authenticated_silent access-list session allowall access-list session v6-allowall ! user-role vlan10 vlan VLAN_10 captive-portal "MatudoSSID-cp_prof" access-list session logon-control access-list session portal-use access-list session virus_use access-list session ad-use access-list session opac access-list session captiveportal ! user-role v30_Silent vlan VLAN_30 access-list session allowall access-list session v6-allowall ! user-role vlan40 vlan VLAN_40 captive-portal "MatudoSSID-cp_prof" access-list session logon-control access-list session portal-use access-list session virus_use access-list session ad-use access-list session syunkai_use access-list session opac access-list session captiveportal ! user-role v20_Silent vlan VLAN_20 access-list session allowall access-list session v6-allowall ! user-role voice access-list session sip-acl access-list session noe-acl access-list session svp-acl access-list session vocera-acl access-list session skinny-acl access-list session h323-acl access-list session dhcp-acl access-list session tftp-acl access-list session dns-acl access-list session icmp-acl ! user-role default-via-role access-list session v6-allowall access-list session allowall ! user-role guest-logon captive-portal "default" access-list session v6-logon-control access-list session captiveportal6 access-list session logon-control access-list session captiveportal ! user-role guest access-list session v6-http-acl access-list session v6-https-acl access-list session v6-dhcp-acl access-list session v6-icmp-acl access-list session v6-dns-acl access-list session http-acl access-list session https-acl access-list session dhcp-acl access-list session icmp-acl access-list session dns-acl ! user-role stateful-dot1x ! user-role authenticated vlan VLAN_30 reauthentication-interval 720 access-list session v6-allowall access-list session allowall ! user-role v10_Silent vlan VLAN_10 access-list session allowall access-list session v6-allowall ! user-role logon reauthentication-interval 1 access-list session v6-logon-control access-list session captiveportal6 access-list session logon-control access-list session captiveportal access-list session vpnlogon ! user-role v40_Silent vlan VLAN_40 access-list session allowall access-list session v6-allowall ! ! aaa timers idle-timeout 15300 seconds aaa timers logon-lifetime 1 controller-ip vlan 50 interface mgmt shutdown ! interface loopback ip address 192.168.5.11 ! dialer group evdo_us init-string ATQ0V1E0 dial-string ATDT#777 ! dialer group gsm_us init-string AT+CGDCONT=1,"IP","ISP.CINGULAR" dial-string ATD*99# ! dialer group gsm_asia init-string AT+CGDCONT=1,"IP","internet" dial-string ATD*99***1# ! dialer group vivo_br init-string AT+CGDCONT=1,"IP","zap.vivo.com.br" dial-string ATD*99# ! vlan 10 "A-Seg" vlan 20 "B-Seg" vlan 30 "C-Seg" vlan 40 "D-Seg" vlan 50 vlan 100 vlan-name VLAN_10 vlan VLAN_10 10 vlan-name VLAN_20 vlan VLAN_20 20 vlan-name VLAN_30 vlan VLAN_30 30 vlan-name VLAN_40 vlan VLAN_40 40 interface gigabitethernet 1/0 description "GE1/0" trusted trusted vlan 1-4094 ! interface gigabitethernet 1/1 description "GE1/1" trusted trusted vlan 1-4094 ! interface gigabitethernet 1/2 description "GE1/2" trusted vlan 2-4094 switchport access vlan 100 ! interface gigabitethernet 1/3 description "GE1/3" trusted trusted vlan 1-4094 switchport access vlan 50 ! interface port-channel 1 add gigabitethernet 1/0 add gigabitethernet 1/1 trusted trusted vlan 1-4094 switchport mode trunk switchport trunk allowed vlan 10,20,30,40,50 ! interface vlan 50 ip address 192.168.5.10 255.255.255.0 no ip routing ! interface vlan 1 ! interface vlan 30 ip address 192.168.4.240 255.255.255.0 no ip routing ip helper-address 133.43.235.2 ip helper-address 133.43.235.3 ! interface vlan 10 ip address 172.16.95.240 255.255.224.0 no ip routing ip helper-address 133.43.235.2 ip helper-address 133.43.235.3 ! interface vlan 20 ip address 172.16.127.240 255.255.224.0 no ip routing ip helper-address 133.43.235.2 ip helper-address 133.43.235.3 ! interface vlan 40 ip address 172.16.191.240 255.255.192.0 no ip routing ip helper-address 133.43.235.2 ip helper-address 133.43.235.3 ! ip default-gateway 192.168.5.254 uplink disable ap mesh-recovery-profile cluster RecoveryHDwJYo/fpAT7ih+1 wpa-hexkey 2e95dbfd3f4c646561bb0d081c15106f64dba23bd58d8ffd6decaec8863bb18bd10ee9e06a7c46f4f4e42912196086ae9a7fbe2ea55fd45104bf972f0a891bc856fc9c0a6070a7b575764355e7fe531d crypto isakmp policy 20 encryption aes256 ! crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac crypto dynamic-map default-dynamicmap 10000 set transform-set "default-transform" "default-aes" ! crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-mschapv2 vpdn group l2tp ! ! syscontact "Matsudo" snmp-server community mascatread snmp-server community public vpdn group pptp ! tunneled-node-address 0.0.0.0 adp discovery enable adp igmp-join enable adp igmp-vlan 0 voice rtcp-inactivity disable voice sip-midcall-req-timeout disable ap ap-blacklist-time 3600 ssh mgmt-auth mgmt-user admin root aee0adf20150b4440bcd909ddf7b702ab306dafac907d7dc5d ntp server 192.168.4.45 no database synchronize database synchronize rf-plan-data ip mobile domain default ! ip igmp ! ipv6 mld ! no firewall attack-rate cp 1024 ipv6 firewall ext-hdr-parse-len 100 ! firewall cp ! firewall cp packet-capture-defaults tcp disable udp disable sysmsg disable other disable ! ip domain lookup ! country JP3 aaa authentication mac "default" case upper ! aaa authentication dot1x "default" ! aaa authentication-server radius "NS1" host "133.43.235.3" key bd557da717f3cbf7d9bc7d30400c2298 ! aaa authentication-server radius "NS2" host "133.43.235.2" key 3b3dff17b4ee48d4c08ef35ed5bbc99c ! aaa server-group "default" auth-server Internal set role condition role value-of ! aaa server-group "MatudoSSID" auth-server NS1 auth-server NS2 set role condition Filter-Id equals "20_Mac" set-value vlan20 set role condition Filter-Id equals "30_Mac" set-value vlan30 set role condition Filter-Id equals "40_Mac" set-value vlan40 set role condition Filter-Id equals "10_Mac" set-value vlan10 set role condition Filter-Id equals "10_Silent" set-value v10_Silent set role condition Filter-Id equals "20_Silent" set-value v20_Silent set role condition Filter-Id equals "30_Silent" set-value v30_Silent set role condition Filter-Id equals "40_Silent" set-value v40_Silent ! aaa profile "default" ! aaa profile "MatudoSSID-aaa_prof" authentication-mac "default" mac-default-role "MatudoSSID-guest-logon" mac-server-group "MatudoSSID" authentication-dot1x "default" ! aaa authentication captive-portal "default" default-role "vlan10" default-guest-role "vlan10" ! aaa authentication captive-portal "MatudoSSID-cp_prof" default-role "authenticated" server-group "MatudoSSID" redirect-pause 1 no logout-popup-window protocol-http logon-wait maximum-delay 3 login-page "http://portal.nc.mascat.nihon-u.ac.jp/" ! aaa authentication wispr "default" ! aaa authentication vpn "default" ! aaa authentication vpn "default-rap" ! aaa authentication mgmt ! aaa authentication stateful-ntlm "default" ! aaa authentication stateful-kerberos "default" ! aaa authentication stateful-dot1x ! aaa authentication wired profile "MatudoSSID-aaa_prof" ! web-server captive-portal-cert "ser-chu-key" ! papi-security ! guest-access-email ! voice logging ! voice dialplan-profile "default" ! voice real-time-config ! voice sip ! aaa password-policy mgmt ! control-plane-security no cpsec-enable ! ids wms-general-profile poll-retries 3 ! ids wms-local-system-profile ! valid-network-oui-profile ! ap system-profile "apsys_prof-mgt71" ! ap system-profile "default" ! ap regulatory-domain-profile "default" country-code JP3 valid-11g-channel 1 valid-11g-channel 6 valid-11g-channel 11 valid-11a-channel 36 valid-11a-channel 40 valid-11a-channel 44 valid-11a-channel 48 valid-11a-channel 52 valid-11a-channel 56 valid-11a-channel 60 valid-11a-channel 64 valid-11a-channel 100 valid-11a-channel 104 valid-11a-channel 108 valid-11a-channel 112 valid-11a-channel 116 valid-11a-channel 120 valid-11a-channel 124 valid-11a-channel 128 valid-11a-channel 132 valid-11a-channel 136 valid-11a-channel 140 valid-11g-40mhz-channel-pair 1-5 valid-11g-40mhz-channel-pair 2-6 valid-11g-40mhz-channel-pair 3-7 valid-11g-40mhz-channel-pair 4-8 valid-11g-40mhz-channel-pair 5-9 valid-11g-40mhz-channel-pair 6-10 valid-11g-40mhz-channel-pair 7-11 valid-11a-40mhz-channel-pair 100-104 valid-11a-40mhz-channel-pair 108-112 valid-11a-40mhz-channel-pair 116-120 valid-11a-40mhz-channel-pair 124-128 valid-11a-40mhz-channel-pair 132-136 ! ap wired-ap-profile "default" ! ap enet-link-profile "default" ! ap mesh-ht-ssid-profile "default" ! ap mesh-cluster-profile "default" ! ap wired-port-profile "default" ! ap mesh-radio-profile "default" ! ids general-profile "default" ! ids unauthorized-device-profile "default" ! ids profile "default" ! rf arm-profile "default" assignment multi-band 40MHz-allowed-bands All ! rf ht-radio-profile "default-a" 40MHz-intolerance ! rf optimization-profile "default" ! rf event-thresholds-profile "default" ! rf am-scan-profile "default" ! rf dot11a-radio-profile "default" ! rf dot11g-radio-profile "default" ! wlan dot11k-profile "default" ! wlan voip-cac-profile "default" ! wlan ht-ssid-profile "default" ! wlan ht-ssid-profile "MatudoSSID-htssid_prof" ! wlan edca-parameters-profile station "default" ! wlan edca-parameters-profile ap "default" ! wlan ssid-profile "default" ! wlan ssid-profile "MatudoSSID-ssid_prof" essid "mascat-w" opmode wpa2-psk-aes wpa2-psk-tkip wepkey1 54af4e869bbf5be4905965135ea9019f9eca5e24d4d97bfc wpa-passphrase c9358bd7a3e5021cd1f3026e4fc820f479fedb43f6e29d86 ht-ssid-profile "MatudoSSID-htssid_prof" ! wlan virtual-ap "default" ! wlan virtual-ap "MatudoSSID-vap_prof" aaa-profile "MatudoSSID-aaa_prof" ssid-profile "MatudoSSID-ssid_prof" vlan-mobility ! ap provisioning-profile "default" ! ap-group "default" virtual-ap "default" ! ap-group "Matudo-Gr" virtual-ap "MatudoSSID-vap_prof" ap-system-profile "apsys_prof-mgt71" ! logging level informational network logging level warnings security subcat ids logging level warnings security subcat ids-ap logging level informational system logging level informational system subcat messages logging level informational user logging level informational user subcat all logging level informational user subcat captive-portal logging level informational user subcat dot1x logging level informational user subcat radius logging level informational user subcat vpn logging 192.168.4.230 type user logging 192.168.4.230 type network logging 192.168.4.230 type security logging 192.168.4.230 type system snmp-server enable trap snmp-server host 133.43.235.2 version 1 public udp-port 162 snmp-server host 192.168.4.45 version 1 mascatread udp-port 162 snmp-server trap disable wlsxInterferingApDetected process monitor log end