=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.07.02 11:05:31 =~=~=~=~=~=~=~=~=~=~=~= Building Configuration... version 5.0 ! ip access-list session control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-papi permit any any svc-sec-papi permit any any svc-cfgm-tcp permit any any svc-adp permit any any svc-tftp permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session allow-diskservices any any svc-netbios-dgm permit any any svc-netbios-ssn permit any any svc-microsoft-ds permit any any svc-netbios-ns permit ! ip access-list session validuser any any any permit any any any permit ! ip access-list session vocera-acl any any svc-vocera permit queue high ! ip access-list session icmp-acl any any svc-icmp permit ! ip access-list session RAP-Policy any any svc-papi permit any any svc-gre permit any any svc-l2tp permit any alias mswitch svc-tftp permit any alias mswitch svc-ftp permit ! ip access-list session Controller-protection any host 10.0.5.10 any deny log any any any permit ! ip access-list session captiveportal user alias controller svc-https dst-nat 8081 user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 user any svc-http-proxy1 dst-nat 8088 user any svc-http-proxy2 dst-nat 8088 user any svc-http-proxy3 dst-nat 8088 ! ip access-list session allowall any any any permit ! ip access-list session https-acl any any svc-https permit ! ip access-list session sip-acl any any svc-sip-udp permit queue high any any svc-sip-tcp permit queue high ! ip access-list session dns-acl any any svc-dns permit ! ip access-list session Comodo_CA network 10.0.5.0 255.255.255.0 host 199.66.201.169 any permit network 10.0.5.0 255.255.255.0 host 178.255.83.1 any permit network 10.0.5.0 255.255.255.0 host 91.209.196.169 any permit network 10.0.5.0 255.255.255.0 host 199.66.201.169 svc-http permit network 10.0.5.0 255.255.255.0 host 178.255.83.1 svc-http permit network 10.0.5.0 255.255.255.0 host 91.209.196.169 svc-http permit network 10.0.5.0 255.255.255.0 host 72.167.18.237 svc-http permit network 10.0.5.0 255.255.255.0 host 72.167.239.239 svc-http permit network 10.0.5.0 255.255.255.0 host 72.167.239.238 svc-http permit network 10.0.5.0 255.255.255.0 host 72.167.239.237 svc-http permit network 10.0.5.0 255.255.255.0 host 72.167.239.236 svc-http permit ! ip access-list session tftp-acl any any svc-tftp permit ! ip access-list session skinny-acl any any svc-sccp permit queue high ! ip access-list session srcnat user any any src-nat ! ip access-list session vpnlogon user any svc-ike permit user any svc-esp permit any any svc-l2tp permit any any svc-pptp permit any any svc-gre permit ! ip access-list session logon-control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session allow-printservices any any svc-cups permit any any svc-lpd-tcp permit any any svc-lpd-udp permit ! ip access-list session cplogout user alias controller svc-https dst-nat 8081 ! ip access-list session http-acl any any svc-http permit ! ip access-list session dhcp-acl any any svc-dhcp permit ! ip access-list session ap-uplink-acl any any udp 68 permit any any svc-icmp permit any host 224.0.0.251 udp 5353 permit ! ip access-list session dynamic-session-acl any any any src-nat pool dynamic-srcnat ! ip access-list session noe-acl any any svc-noe permit queue high ! ip access-list session svp-acl any any svc-svp permit queue high user host 224.0.1.116 any permit ! ip access-list session ap-acl any any svc-gre permit any any svc-syslog permit any user svc-snmp permit user any svc-http permit user any svc-http-accl permit user any svc-smb-tcp permit user any svc-msrpc-tcp permit user any svc-snmp-trap permit user any svc-ntp permit user alias controller svc-ftp permit ! ip access-list session h323-acl any any svc-h323-tcp permit queue high any any svc-h323-udp permit queue high ! ipv6 access-list session v6-icmp-acl any any svc-v6-icmp permit ! ipv6 access-list session v6-https-acl any any svc-https permit ! ipv6 access-list session v6-dhcp-acl any any svc-v6-dhcp permit ! ipv6 access-list session v6-dns-acl any any svc-dns permit ! ipv6 access-list session v6-allowall any any any permit ! ipv6 access-list session v6-http-acl any any svc-http permit ! ipv6 access-list session v6-logon-control user any udp 68 deny any any svc-v6-icmp permit any any svc-v6-dhcp permit any any svc-dns permit ! vpn-dialer default-dialer ike authentication PRE-SHARE ****** ! aaa bandwidth-contract 512k-Downstream kbits 512 aaa bandwidth-contract 512k-Upstream kbits 512 user-role ap-role session-acl control session-acl ap-acl ! user-role denyall ! user-role default-vpn-role session-acl allowall ipv6 session-acl v6-allowall ! user-role cpbase ! user-role voice session-acl sip-acl session-acl noe-acl session-acl svp-acl session-acl vocera-acl session-acl skinny-acl session-acl h323-acl session-acl dhcp-acl session-acl tftp-acl session-acl dns-acl session-acl icmp-acl ! user-role default-via-role session-acl allowall ipv6 session-acl v6-allowall ! user-role RAP-Role session-acl RAP-Policy ! user-role guest-logon captive-portal "default" session-acl logon-control session-acl captiveportal ! user-role guest session-acl http-acl session-acl https-acl session-acl dhcp-acl session-acl icmp-acl session-acl dns-acl ipv6 session-acl v6-http-acl ipv6 session-acl v6-https-acl ipv6 session-acl v6-dhcp-acl ipv6 session-acl v6-icmp-acl ipv6 session-acl v6-dns-acl ! user-role stateful-dot1x ! user-role Corp_Internal vlan 4 session-acl allowall ! user-role authenticated vlan 6 session-acl allowall ipv6 session-acl v6-allowall ! user-role Corp_guest vlan 6 session-acl http-acl session-acl https-acl session-acl icmp-acl session-acl dhcp-acl session-acl dns-acl session-acl allowall ! user-role Captive_User bw-contract 512k-Upstream per-user upstream bw-contract 512k-Downstream per-user downstream vlan 5 captive-portal "Equity_Guest" session-acl captiveportal session-acl logon-control session-acl Comodo_CA ! user-role logon session-acl logon-control session-acl captiveportal session-acl vpnlogon ipv6 session-acl v6-logon-control ! ! aaa timers idle-timeout 15300 seconds interface mgmt shutdown ! dialer group evdo_us init-string ATQ0V1E0 dial-string ATDT#777 ! dialer group gsm_us init-string AT+CGDCONT=1,"IP","ISP.CINGULAR" dial-string ATD*99# ! dialer group vivo_br init-string AT+CGDCONT=1,"IP","zap.vivo.com.br" dial-string ATD*99# ! vlan 2 vlan 3 vlan 4 vlan 5 vlan 6 vlan 100 interface fastethernet 1/0 description "FE1/0" shutdown trusted trusted vlan 1-4094 ! interface fastethernet 1/1 description "FE1/1" trusted trusted vlan 1-6,100 switchport mode trunk switchport access vlan 2 switchport trunk allowed vlan 1-4094 ! interface fastethernet 1/2 description "FE1/2" shutdown trusted trusted vlan 1-4094 ! interface fastethernet 1/3 description "FE1/3" shutdown trusted trusted vlan 1-4094 ! interface fastethernet 1/4 description "FE1/4" shutdown trusted trusted vlan 1-4094 ! interface fastethernet 1/5 description "FE1/5" shutdown trusted trusted vlan 1-4094 ! interface fastethernet 1/6 description "FE1/6" shutdown trusted trusted vlan 1-4094 ! interface fastethernet 1/7 description "FE1/7" shutdown trusted trusted vlan 1-4094 ! interface gigabitethernet 1/8 description "GE1/8" shutdown trusted trusted vlan 1-4094 ! interface vlan 1 ip address 10.0.1.10 255.255.255.0 ip helper-address 10.0.1.1 ! interface vlan 2 ! interface vlan 5 ip address 10.0.5.10 255.255.255.0 ip helper-address 10.0.5.1 ! interface vlan 4 ! interface vlan 3 ! interface vlan 6 ip address 10.0.6.5 255.255.255.0 ! ip default-gateway 10.0.1.1 ip default-gateway 192.168.0.0 uplink disable ap mesh-recovery-profile cluster RecoverybB8BvYiOZ1vbiQXD wpa-hexkey 08f655fe4c76a3263736e74f4955fde4b334a46a37ad 08c06dfda9ac8722a689600d8081f7c49355e68823cce71b9e69b2ed52c65689579dbb6c4e8308fe8682f35c8a8ef931927753235fc5b7f02 dcd wms general poll-interval 60000 general poll-retries 3 general ap-ageout-interval 10 general sta-ageout-interval 3 general learn-ap disable general persistent-known-interfering enable general propagate-wired-macs enable general stat-update enable general collect-stats disable ! crypto isakmp policy 20 encryption aes256 ! crypto isakmp key "******" address 0.0.0.0 netmask 0.0.0.0 crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac crypto dynamic-map default-dynamicmap 10000 set transform-set default-transform default-aes ! ip local pool "RAP_Pool" 192.168.2.50 192.168.2.60 vpdn group l2tp ! ip dhcp default-pool private ! vpdn group pptp ! mux-address 0.0.0.0 adp discovery enable adp igmp-join enable adp igmp-vlan 0 voip prioritization disable voip rtcp-inactivity disable voip sip-midcall-req-timeout disable ssh mgmt-auth username/password mgmt-user admin root f881638d0104f2ae8dfa9f9f2554c6fd53c42a93a1061fe3ec mgmt-user kmcintosh root 2ba3b02501bbe0812bc3e3d250f61d7c56856dcca22618e056 mgmt-user lobbyadmin guest-provisioning fa3c38170102b49e6246e709827476278a929622368988f4f9 ntp server 68.180.151.96 no database synchronize database synchronize rf-plan-data ip mobile domain default ! ip igmp ! no firewall attack-rate cp 1024 ! firewall cp ! firewall cp no acceleration cifs caching no acceleration cifs chattiness no acceleration cifs read-ahead no acceleration cifs write-behind no acceleration http authentication no acceleration http caching no acceleration http deduplication no acceleration http post no acceleration http sharepoint no acceleration mapi aggregation no acceleration mapi caching no acceleration mapi prefetching ! packet-capture-defaults tcp disable udp disable sysmsg disable other disable ! ip domain lookup ! country US aaa authentication mac "default" ! aaa authentication dot1x "Corp_peap" max-authentication-failures 5 reauthentication termination enable termination eap-type eap-peap termination inner-eap-type eap-mschapv2 ! aaa authentication dot1x "default" ! aaa authentication dot1x "default-psk" termination enable ! aaa server-group "default" auth-server Internal set role condition role value-of ! aaa authentication via connection-profile "default" ! aaa authentication via web-auth "default" ! aaa authentication via global-config ! aaa profile "Captive-portal" initial-role "Captive_User" no wired-to-wireless-roam ! aaa profile "Corp-dot1x" mac-default-role "logon" authentication-dot1x "Corp_peap" dot1x-default-role "authenticated" dot1x-server-group "internal" no wired-to-wireless-roam ! aaa profile "Corp-psk" initial-role "authenticated" dot1x-default-role "authenticated" no wired-to-wireless-roam ! aaa profile "default" ! aaa profile "Equity_Real_Estate-aaa_prof" initial-role "authenticated" ! aaa authentication captive-portal "default" ! aaa authentication captive-portal "Equity_Guest" default-role "Captive_User" server-group "internal" max-authentication-failures 5 login-page "/upload/custom/Equity_Guest/Equity_Guest.html" show-acceptable-use-policy ! aaa authentication wispr "default" ! aaa authentication vpn "default" ! aaa authentication vpn "default-rap" server-group "internal" ! aaa authentication mgmt ! aaa authentication stateful-ntlm "default" ! aaa authentication stateful-kerberos "default" ! aaa authentication stateful-dot1x ! aaa authentication via auth-profile "default" ! aaa authentication wired ! web-server ! papi-security ! guest-access-email ! control-plane-security ! voice dialplan-profile "default" ! voice sip ! aaa password-policy mgmt ! ap system-profile "apsys_prof-gsl67" ! ap system-profile "default" rap-local-network-access ! ap system-profile "Equity-Rap-AP" telnet rap-dhcp-server-id 10.10.10.1 rap-dhcp-default-router 10.10.10.1 rap-dhcp-dns-server 75.75.75.75 rap-dhcp-dns-server 198.60.22.2 rap-dhcp-pool-start 10.10.1.11 rap-dhcp-pool-end 10.10.1.50 rap-dhcp-lease 1 rap-local-network-access ! ap regulatory-domain-profile "default" country-code US valid-11g-channel 1 valid-11g-channel 6 valid-11g-channel 11 valid-11a-channel 36 valid-11a-channel 40 valid-11a-channel 44 valid-11a-channel 48 valid-11a-channel 149 valid-11a-channel 153 valid-11a-channel 157 valid-11a-channel 161 valid-11a-channel 165 valid-11g-40mhz-channel-pair 1-5 valid-11g-40mhz-channel-pair 7-11 valid-11a-40mhz-channel-pair 36-40 valid-11a-40mhz-channel-pair 44-48 valid-11a-40mhz-channel-pair 149-153 valid-11a-40mhz-channel-pair 157-161 ! ap wired-ap-profile "default" ! ap enet-link-profile "default" ! ap mesh-ht-ssid-profile "default" ! ap mesh-cluster-profile "default" ! ap wired-port-profile "default" ! ap mesh-radio-profile "default" ! ids general-profile "default" ! ids rate-thresholds-profile "default" ! ids signature-profile "default" ! ids impersonation-profile "Corp-IDS-impersonation" protect-ap-impersonation detect-sequence-anomaly ! ids impersonation-profile "default" ! ids unauthorized-device-profile "Corp-IDS-unauthorized" protect-adhoc-network no detect-wireless-bridge allow-well-known-mac hsrp detect-bad-wep detect-misconfigured-ap protect-misconfigured-ap protect-ssid valid-and-protected-ssid "Equity_Corp" valid-and-protected-ssid "Equity_Guest" valid-and-protected-ssid "Equity_Tenant" ! ids unauthorized-device-profile "default" ! ids signature-matching-profile "default" ! ids dos-profile "Corp-IDS-DOS" detect-disconnect-sta spoofed-deauth-blacklist detect-ap-flood ! ids dos-profile "default" ! ids profile "Corp-IDS" signature-matching-profile "factory-default-signatures" dos-profile "Corp-IDS-DOS" impersonation-profile "Corp-IDS-impersonation" unauthorized-device-profile "Corp-IDS-unauthorized" ! ids profile "default" ! rf arm-profile "Corp-ARM" assignment multi-band rogue-ap-aware active-scan ! rf arm-profile "default" ! rf optimization-profile "default" ! rf event-thresholds-profile "default" ! rf dot11a-radio-profile "Corp-802.11a" spectrum-load-balancing arm-profile "Corp-ARM" ! rf dot11a-radio-profile "Corp-AP-monitor.a" mode am-mode ! rf dot11a-radio-profile "default" ! rf dot11g-radio-profile "Corp-801.11g" spectrum-load-balancing arm-profile "Corp-ARM" ! rf dot11g-radio-profile "Corp-AP-monitor.g" mode am-mode ! rf dot11g-radio-profile "default" ! wlan dot11k-profile "default" ! wlan voip-cac-profile "default" ! wlan ht-ssid-profile "default" ! wlan ht-ssid-profile "Equity_Real_Estate-htssid_prof" ! valid-network-oui-profile ! wlan edca-parameters-profile station "default" ! wlan edca-parameters-profile ap "default" ! wlan ssid-profile "Corp" essid "Equity_Corp" opmode wpa2-aes deny-bcast ! wlan ssid-profile "Corp_Guest" essid "Equity_Guest" ageout 86400 deny-bcast ! wlan ssid-profile "Corp_Tenant" essid "Equity_Tenant" ageout 86400 ! wlan ssid-profile "default" essid "default" wpa-passphrase 3b042eb97612dc9095554c10e66ea3d2e788d765dcb0464f ! wlan ssid-profile "Equity_Real_Estate-ssid_prof" essid "testwifi" ht-ssid-profile "Equity_Real_Estate-htssid_prof" ! wlan ssid-profile "Remote-AP" essid "Equity_rap" opmode wpa2-psk-aes wpa-passphrase 3b1ce133e4169b8d145112c61cdf29775b1e77c35a617b89 ! wlan virtual-ap "Corp" aaa-profile "Corp-dot1x" ssid-profile "Corp" dos-prevention band-steering ! wlan virtual-ap "Corp_Guest" aaa-profile "Captive-portal" ssid-profile "Corp_Guest" deny-time-range "After-Hours" dos-prevention band-steering ! wlan virtual-ap "Corp_Tenant" aaa-profile "Captive-portal" ssid-profile "Corp_Tenant" dos-prevention band-steering ! wlan virtual-ap "default" ! wlan virtual-ap "Equity_Real_Estate-vap_prof" aaa-profile "Equity_Real_Estate-aaa_prof" ssid-profile "Equity_Real_Estate-ssid_prof" ! wlan virtual-ap "Remote-AP" aaa-profile "default-dot1x-psk" ssid-profile "Remote-AP" forward-mode bridge dos-prevention rap-operation always band-steering ! ap provisioning-profile "default" ! ap provisioning-profile "Remote-ap" remote-ap master set "rap.equity-usa.com" ! ap-group "Corp" virtual-ap "Corp" virtual-ap "Corp_Guest" virtual-ap "Corp_Tenant" virtual-ap "Equity_Real_Estate-vap_prof" dot11a-radio-profile "Corp-802.11a" dot11g-radio-profile "Corp-801.11g" ids-profile "Corp-IDS" ! ap-group "default" virtual-ap "default" ! ap-group "Remote-AP" virtual-ap "Remote-AP" dot11a-radio-profile "Corp-802.11a" dot11g-radio-profile "Corp-801.11g" ap-system-profile "Equity-Rap-AP" ids-profile "Corp-IDS" provisioning-profile "Remote-ap" ! ap-name "Equity_60_01" dot11a-radio-profile "Corp-AP-monitor.a" dot11g-radio-profile "Corp-AP-monitor.g" ! ap-name "Equity_60_02" dot11a-radio-profile "Corp-AP-monitor.a" dot11g-radio-profile "Corp-AP-monitor.g" !