version 5.0 enable secret "******" hostname "Aruba650UKP4" clock timezone PST 7 location "Building1.floor1" mms config 0 controller config 6256 crypto-local pki TrustedCA BundleCADigiCert bundleCA.crt crypto-local pki TrustedCA ROOTCA UKP4RootCA.pem crypto-local pki TrustedCA SERVERCA UKP4ServerCA.pem crypto-local pki TrustedCA StartIntermediate sub.class1.server.ca.pem crypto-local pki TrustedCA StartRootCA ca.pem crypto-local pki TrustedCA Thawte SSL_CA_Bundle.pem crypto-local pki ServerCert ArubaDigiCert star_ksp_go_id.crt ip cp-redirect-address 10.0.17.6 ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0 ip access-list eth validuserethacl permit any ! netservice svc-netbios-dgm udp 138 netservice svc-snmp-trap udp 162 netservice svc-syslog udp 514 netservice svc-l2tp udp 1701 netservice svc-ike udp 500 netservice svc-smb-tcp tcp 445 netservice svc-dhcp udp 67 68 alg dhcp netservice svc-https tcp 443 netservice lkpp tcp 6666 6669 netservice svc-pptp tcp 1723 netservice svc-sec-papi udp 8209 netservice svc-sccp tcp 2000 alg sccp netservice svc-http-accl tcp 88 netservice svc-telnet tcp 23 netservice esp 50 netservice svc-netbios-ssn tcp 139 netservice svc-sip-tcp tcp 5060 netservice svc-kerberos udp 88 netservice svc-tftp udp 69 alg tftp netservice svc-http-proxy3 tcp 8888 netservice svc-noe udp 32512 alg noe netservice svc-cfgm-tcp tcp 8211 netservice svc-adp udp 8200 netservice svc-pop3 tcp 110 netservice svc-lpd-tcp tcp 631 netservice tcp_17 tcp 17 netservice svc-rtsp tcp 554 alg rtsp netservice svc-msrpc-tcp tcp 135 139 netservice svc-dns udp 53 alg dns netservice svc-h323-udp udp 1718 1719 netservice svc-h323-tcp tcp 1720 netservice svc-vocera udp 5002 alg vocera netservice svc-http tcp 80 netservice svc-http-proxy2 tcp 8080 netservice svc-sip-udp udp 5060 netservice svc-nterm tcp 1026 1028 netservice svc-noe-oxo udp 5000 alg noe netservice svc-papi udp 8211 netservice svc-natt udp 4500 netservice svc-ftp tcp 21 alg ftp netservice svc-microsoft-ds tcp 445 netservice svc-svp 119 alg svp netservice svc-smtp tcp 25 netservice svc-gre 47 netservice svc-netbios-ns udp 137 netservice svc-sips tcp 5061 alg sips netservice svc-smb-udp udp 445 netservice svc-cups tcp 515 netservice svc-esp 50netservice svc-v6-dhcp udp 546 547 netservice svc-snmp udp 161 netservice svc-bootp udp 67 69 netservice svc-https(443) tcp 443 netservice svc-msrpc-udp udp 135 139 netservice svc-ntp udp 123 netservice svc-icmp 1 netservice svc-4343 tcp 4343 netservice svc-ssh tcp 22 netservice svc-lpd-udp udp 631 netservice svc-v6-icmp 58 netservice svc-http-proxy1 tcp 3128 netdestination UserPentes host 10.0.20.13 host 10.0.20.14 host 10.0.20.15 host 10.0.20.16 host 10.0.20.17 ! netdestination dns_server host 192.168.10.3 ! netdestination dhcp_server host 10.0.15.1 host 10.0.15.6 host 10.0.16.1 host 10.0.16.6 host 10.0.17.1 host 10.0.17.6 host 10.0.2.1 host 10.0.2.6 ! netdestination UserVOD host 10.0.20.3 host 10.0.20.4 host 10.0.20.5 host 10.0.20.10 host 10.0.20.11 host 10.0.20.25 ! netdestination k/l_all_1 network 10.0.7.0 255.255.255.0 network 10.1.1.0 255.255.255.0 network 10.1.2.12 255.255.255.252 network 10.1.3.0 255.255.255.0 network 10.1.242.0 255.255.255.0 network 10.2.0.0 255.255.0.0 network 10.2.1.0 255.255.255.0 network 10.3.0.0 255.255.0.0 network 10.4.1.0 255.255.255.0 network 10.5.1.0 255.255.255.0 network 10.8.2.0 255.255.255.0 network 10.9.1.0 255.255.255.0 network 10.10.1.0 255.255.255.252 network 10.11.1.0 255.255.255.0 network 10.12.1.0 255.255.255.0 network 10.13.1.0 255.255.255.0 network 10.14.1.0 255.255.255.0 network 10.14.17.0 255.255.255.0 network 10.15.1.0 255.255.255.0 network 10.16.1.0 255.255.255.0 network 10.17.1.0 255.255.255.0 network 10.18.1.0 255.255.255.0 network 10.18.2.0 255.255.255.0 network 10.18.3.0 255.255.255.0 network 10.18.5.0 255.255.255.0 network 10.18.6.0 255.255.255.0 network 10.18.7.0 255.255.255.0 network 10.18.8.0 255.255.255.0 network 10.18.9.0 255.255.255.0 network 10.18.10.0 255.255.255.252 network 10.18.12.0 255.255.255.0 network 10.18.13.0 255.255.255.0 network 10.18.15.0 255.255.255.0 network 10.18.16.0 255.255.255.0 network 10.19.0.0 255.255.0.0 network 10.19.1.0 255.255.255.0 network 10.19.3.0 255.255.255.0 network 10.19.100.0 255.255.255.0 network 10.20.1.0 255.255.255.0 network 10.21.1.0 255.255.255.0 network 10.22.1.0 255.255.255.0 network 10.23.1.0 255.255.255.0 network 10.24.1.0 255.255.255.0 network 10.26.1.0 255.255.255.0 network 10.27.1.0 255.255.255.0 network 10.28.1.0 255.255.255.0 network 10.29.1.0 255.255.255.0 network 10.30.1.0 255.255.255.0 network 10.31.1.0 255.255.255.0 network 10.32.1.0 255.255.255.0 network 10.32.2.0 255.255.255.252 network 10.33.1.0 255.255.255.0 network 10.34.1.0 255.255.255.0 network 10.36.1.0 255.255.255.0 network 10.37.1.0 255.255.255.0 network 10.38.1.0 255.255.255.0 network 10.39.1.0 255.255.255.0 network 10.44.1.0 255.255.255.0 network 10.50.2.0 255.255.255.0 network 10.50.3.0 255.255.255.0 network 10.50.5.0 255.255.255.252 network 10.50.6.0 255.255.255.0 network 10.50.7.0 255.255.255.0 network 10.50.8.0 255.255.255.252 network 10.50.9.0 255.255.255.252 network 10.50.10.0 255.255.255.252 network 10.50.11.0 255.255.255.252 network 10.50.12.0 255.255.255.252 network 10.50.13.0 255.255.255.252 network 10.50.14.0 255.255.255.252 network 10.50.15.0 255.255.255.248 network 10.50.15.0 255.255.255.252 network 10.50.15.4 255.255.255.252 network 10.50.16.0 255.255.255.252 network 10.50.17.0 255.255.255.252 network 10.50.18.0 255.255.255.252 network 10.50.19.0 255.255.255.252 network 10.50.20.0 255.255.255.252 network 10.50.21.0 255.255.255.252 network 10.50.22.0 255.255.255.252 network 10.50.23.0 255.255.255.252 network 10.50.24.0 255.255.255.252 network 10.50.25.0 255.255.255.252 network 10.50.26.0 255.255.255.252 network 10.50.27.0 255.255.255.252 network 10.50.28.0 255.255.255.252 network 10.50.29.0 255.255.255.252 network 10.50.30.0 255.255.255.252 network 10.50.31.0 255.255.255.252 network 10.50.32.0 255.255.255.252 network 10.50.34.0 255.255.255.252 network 10.50.35.0 255.255.255.252 network 10.50.37.0 255.255.255.252 network 10.50.39.0 255.255.255.252 network 10.50.40.0 255.255.255.252 network 10.50.41.0 255.255.255.252 network 10.50.42.0 255.255.255.252 network 10.50.44.0 255.255.255.252 network 10.50.45.0 255.255.255.252 network 10.50.48.0 255.255.255.252 network 10.50.49.0 255.255.255.252 network 10.50.50.0 255.255.255.252 ! netdestination printer network 10.0.15.0 255.255.255.0 ! netdestination email_server host 203.130.196.126 host 192.168.10.25 host 192.168.10.26 host 192.168.10.27 host 192.168.10.31 ! netdestination Box_Server host 10.0.11.5 ! netdestination k/l_setneg network 192.168.1.0 255.255.255.0 ! netdestination HostAdminForPentes host 10.0.2.139 host 10.0.2.151 host 10.0.2.90 host 10.0.2.103 host 10.0.2.221 ! netdestination server_farm network 10.0.3.0 255.255.255.0 ! netdestination NTMC network 172.31.21.116 255.255.255.252 network 10.45.42.0 255.255.255.0 ! netdestination vicon network 10.175.1.0 255.255.255.0 ! netdestination dmz network 192.168.9.0 255.255.255.0 network 192.168.10.0 255.255.255.0 ! netdestination dmz_2 network 192.168.9.0 255.255.255.0 ! netdestination coin_server network 10.0.11.0 255.255.255.0 ! netdestination guets/tamu ! netdestination internal_server network 10.0.11.0 255.255.255.0 ! netdestination balebale network 10.0.0.0 255.0.0.0 ! netdestination k/l_all_2 network 10.51.1.0 255.255.255.0 network 10.51.4.0 255.255.255.0 network 10.51.9.0 255.255.255.252 network 10.51.33.0 255.255.255.0 network 10.51.47.0 255.255.255.248 network 10.100.4.0 255.255.255.0 network 10.100.10.0 255.255.255.0 network 10.100.12.0 255.255.255.0 network 10.100.91.0 255.255.255.0 network 10.100.92.0 255.255.255.0 network 10.100.117.0 255.255.255.0 network 10.100.157.0 255.255.255.0 network 10.110.2.8 255.255.255.252 network 10.200.13.0 255.255.255.0 network 118.98.132.0 255.255.255.0 network 118.98.233.0 255.255.255.0 network 118.98.233.128 255.255.255.224 network 172.16.0.0 255.255.252.0 network 172.16.10.0 255.255.254.0 network 172.16.100.0 255.255.255.0 network 172.16.100.240 255.255.255.248 network 172.17.89.84 255.255.255.252 network 172.17.225.0 255.255.255.252 network 172.20.0.0 255.255.0.0 network 172.20.107.0 255.255.255.0 network 172.84.0.0 255.255.255.0 network 172.168.0.0 255.255.255.0 network 192.168.0.136 255.255.255.248 network 192.168.2.0 255.255.255.0 network 192.168.3.0 255.255.255.0 network 192.168.5.0 255.255.255.0 network 192.168.17.0 255.255.255.0 network 192.168.50.0 255.255.255.0 network 192.168.53.0 255.255.255.0 network 192.168.63.0 255.255.255.0 network 192.168.73.0 255.255.255.0 network 192.168.74.0 255.255.255.0 network 192.168.90.0 255.255.255.0 network 192.168.100.0 255.255.255.0 network 192.168.110.0 255.255.255.0 network 192.169.2.40 255.255.255.252 network 202.89.116.216 255.255.255.252 ! netdestination ip_pbx network 10.88.88.0 255.255.255.0 ! netdestination network_devices network 10.0.4.0 255.255.255.0 network 10.0.13.0 255.255.255.0 network 10.0.1.0 255.255.255.0 network 10.0.2.0 255.255.255.0 ! ip access-list session ukp4-vlankhusus-policy any any svc-icmp permit log alias UserPentes alias HostAdminForPentes tcp 0 65535 permit log any network 10.0.1.0 255.255.255.0 any deny log alias UserPentes network 10.0.1.0 255.255.255.0 any permit log alias UserPentes host 10.0.2.151 any permit log alias UserPentes network 10.0.3.0 255.255.255.0 any permit log alias UserPentes network 10.175.1.0 255.255.255.0 any permit log alias UserPentes network 10.88.88.0 255.255.255.0 any permit log alias UserPentes network 10.177.1.0 255.255.255.0 any permit log alias UserPentes network 10.0.4.4 255.255.255.252 any permit log alias UserPentes network 10.0.4.0 255.255.255.252 any permit log alias UserPentes host 172.31.17.2 any permit log alias UserPentes host 172.31.18.2 any permit log alias UserPentes host 10.0.11.4 any permit log any network 10.0.15.0 255.255.255.0 any deny log any network 10.0.2.0 255.255.255.0 any deny log any network 10.0.16.0 255.255.255.0 any deny log alias UserPentes host 10.0.5.1 any permit log any network 10.0.18.0 255.255.255.0 any deny log any any svc-http permit log any any svc-https permit log any any svc-dns permit log any network 192.168.9.0 255.255.255.0 any permit log any network 192.168.10.0 255.255.255.0 any permit log any network 10.0.3.0 255.255.255.0 any permit log alias UserVOD host 10.88.88.5 any permit log any any any deny log ! ip access-list session v6-icmp-acl ! ip access-list session control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-papi permit any any svc-sec-papi permit any any svc-cfgm-tcp permit any any svc-adp permit any any svc-tftp permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session allow-diskservices any any svc-netbios-dgm permit any any svc-netbios-ssn permit any any svc-microsoft-ds permit any any svc-netbios-ns permit ! ip access-list session validuser network 169.254.0.0 255.255.0.0 any any deny any any any permit ! ip access-list session v6-https-acl ! ip access-list session vocera-acl any any svc-vocera permit queue high ! ip access-list session icmp-acl any any svc-icmp permit ! ip access-list session ukp4-guest-prelogon-policy any network 10.0.1.0 255.255.255.0 any deny log any network 10.0.2.0 255.255.255.0 any deny log any any svc-dhcp permit any any svc-dns permit any host 10.0.17.63 svc-netbios-dgm permit any any any deny ! ip access-list session ukp4-newprof-policynew any alias k/l_all_2 any permit any network 192.168.9.0 255.255.255.0 any permit any alias k/l_all_1 any permit any any svc-http permit any any svc-https permit any any svc-dhcp permit any any svc-icmp permit any alias dhcp_server any permit any alias internal_server any permit any alias server_farm any permit any alias dmz any permit any alias email_server any permit any alias dns_server any permit any alias ip_pbx any permit any alias NTMC any permit any network 173.20.10.0 255.255.255.252 any permit any network 172.31.18.0 255.255.255.240 any permit any any svc-pop3 permit any any svc-smtp permit any any tcp 465 permit any any tcp 993 permit any any tcp 995 permit any any tcp 143 permit any any tcp 5100 permit any any udp 4500 permit any any udp 500 permit any network 10.0.15.0 255.255.255.0 any permit any any tcp 5222 5223 permit any any tcp 19305 19309 permit any any udp 19305 19309 permit any network 10.0.1.0 255.255.255.0 any deny ! ip access-list session ukp4-adminbaru-policy any any any permit log ! ip access-list session v6-dhcp-acl ! ip access-list session captiveportal user alias controller svc-https dst-nat 8081 user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 user any svc-http-proxy1 dst-nat 8088 user any svc-http-proxy2 dst-nat 8088 user any svc-http-proxy3 dst-nat 8088 ! ip access-list session ukp4-satelite-policy any alias email_server any permit log any alias dmz any permit any host 10.0.3.3 any permit log any network 10.0.2.0 255.255.255.0 any deny log any network 10.0.15.0 255.255.255.0 any deny log any network 10.0.1.0 255.255.255.0 any deny log any network 10.0.16.0 255.255.255.0 any deny log any network 10.0.20.0 255.255.255.0 any deny log any any svc-icmp permit any any svc-dhcp permit any any svc-dns permit any any svc-http permit any any svc-https permit any alias coin_server any permit any alias dmz_2 any permit any alias dns_server any permit log any alias dhcp_server svc-dhcp permit any host 118.97.100.60 tcp 22 permit log any network 10.0.18.0 255.255.255.0 any permit log any host 192.168.10.250 any permit log any host 192.168.10.251 any permit log any any tcp 993 995 permit log any any tcp 587 permit log any any tcp 465 permit log any any tcp 25 permit log any host 173.194.126.85 any permit log any host 103.28.106.184 any permit log ! ip access-list session v6-dns-acl ! ip access-list session allowall any any any permit ! ip access-list session Ukp4-Lantai2-Policy any network 10.0.15.0 255.255.255.0 any permit log any host 10.0.16.249 any permit log any host 10.0.16.250 any permit log any host 10.0.16.102 any permit log any host 10.0.18.254 any permit log any network 10.0.1.0 255.255.255.0 any deny send-deny-response log any network 10.0.2.0 255.255.255.0 any deny log any network 10.0.20.0 255.255.255.0 any deny log any network 10.0.18.0 255.255.255.0 any deny log any any svc-http permit log any any svc-smtp permit log any any svc-https permit log any any svc-dhcp permit log any any svc-pop3 permit log any any svc-icmp permit log any any tcp 993 995 permit log any any tcp 465 permit log any any tcp 143 permit log any any tcp 19305 19309 permit any any tcp 5100 permit log any any udp 4500 permit log any any tcp 5222 5223 permit log any any udp 19305 19309 permit log any alias internal_server any permit log any alias k/l_all_1 any permit log any alias k/l_all_2 any permit log any host 10.31.1.10 any permit any alias server_farm any permit log any alias k/l_setneg any permit log any alias dmz any permit log any alias ip_pbx any permit log any alias dmz_2 any permit log any alias email_server any permit log any alias dns_server any permit log any alias NTMC any permit log any network 173.20.10.0 255.255.255.252 any permit log any network 172.31.18.0 255.255.255.240 any permit log any host 130.88.250.157 any permit log any any tcp 1935 permit log any network 10.175.1.0 255.255.255.0 any permit log any alias Box_Server any permit log ! ip access-list session https-acl any any svc-https permit ! ip access-list session sip-acl any any svc-sip-udp permit queue high any any svc-sip-tcp permit queue high ! ip access-list session dns-acl any any svc-dns permit ! ip access-list session ra-guard ! ip access-list session v6-allowall ! ip access-list session tftp-acl any any svc-tftp permit ! ip access-list session skinny-acl any any svc-sccp permit queue high ! ip access-list session srcnat user any any src-nat ! ip access-list session vpnlogon user any svc-ike permit user any svc-esp permit any any svc-l2tp permit any any svc-pptp permit any any svc-gre permit ! ip access-list session logon-control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session allow-printservices any any svc-cups permit any any svc-lpd-tcp permit any any svc-lpd-udp permit ! ip access-list session ukp4-staff-policy host 10.0.15.131 host 10.0.2.247 any permit log any network 10.0.2.0 255.255.255.0 any deny log any network 10.0.1.0 255.255.255.0 any deny log any network 10.0.16.0 255.255.255.0 any deny log any network 10.0.20.0 255.255.255.0 any deny log any network 10.0.18.0 255.255.255.0 any deny log any host 10.0.3.3 any permit any host 192.168.10.250 any permit log any any svc-icmp permit any alias k/l_all_1 any deny any alias network_devices any deny any alias k/l_all_2 any deny any alias dns_server svc-dns permit any alias coin_server any permit any alias Box_Server any permit log any alias k/l_setneg any permit any host 10.0.3.19 any permit any any svc-http permit any alias dhcp_server svc-dhcp permit any any svc-https permit any alias email_server svc-smtp permit any alias email_server svc-pop3 permit any alias email_server any permit any alias printer any permit any any svc-dhcp permit any network 192.168.9.0 255.255.255.0 any permit any host 10.0.15.195 any permit any network 10.0.3.0 255.255.255.0 any permit log any host 10.0.17.63 any permit log any host 192.168.10.251 any permit log any host 103.28.106.184 any permit log host 10.0.15.91 host 10.0.11.2 any deny host 10.0.15.93 host 10.0.11.2 any deny ! ip access-list session cplogout user alias controller svc-https dst-nat 8081 ! ip access-list session ukp4-prof-policy any alias k/l_all_1 any permit any alias k/l_all_2 any permit any alias k/l_setneg any permit any any svc-http permit any any svc-https permit any any svc-icmp permit any any svc-dhcp permit any alias internal_server any permit any alias server_farm any permit any alias dmz any permit any alias dmz_2 any permit any alias email_server any permit any alias dns_server svc-dns permit any alias ip_pbx any permit any alias NTMC any permit any network 173.20.10.0 255.255.255.252 any permit any network 172.31.18.0 255.255.255.240 any permit any host 10.0.16.249 any permit any host 10.0.16.250 any permit any any svc-pop3 permit any any svc-smtp permit any any tcp 993 permit any any tcp 995 permit any any tcp 465 permit any any tcp 143 permit any network 10.0.15.0 255.255.255.0 any permit any any udp 4500 permit any any tcp 5100 permit any any tcp 5222 5223 permit any any udp 19305 19309 permit any any tcp 19305 19309 permit any network 10.0.1.0 255.255.255.0 any deny any alias network_devices any deny any network 10.0.2.0 255.255.255.0 any deny send-deny-response queue high ! ip access-list session ukp4-newprof-policy any alias k/l_all_1 any permit any alias k/l_all_2 any permit any any svc-http permit any any svc-https permit any alias internal_server any permit any alias server_farm any permit any alias dmz any permit any alias dmz_2 any permit any alias email_server any permit any alias dns_server any permit any host 10.0.16.249 any permit any host 10.0.16.250 any permit any alias ip_pbx any permit any alias NTMC any permit any network 173.20.10.0 255.255.255.252 any permit any network 172.31.18.0 255.255.255.240 any permit any any svc-pop3 permit any any svc-smtp permit any any tcp 993 permit any any tcp 995 permit any any tcp 465 permit any any tcp 143 permit any any tcp 5100 permit any any udp 4500 permit any any udp 500 permit ! ip access-list session ukp4-guest-postlogon-policy any network 10.0.1.0 255.255.255.0 any deny log any host 10.0.19.2 any deny log any network 192.168.10.0 255.255.255.0 any permit any network 192.168.9.0 255.255.255.0 any permit any network 192.168.9.0 255.255.255.0 svc-https permit any network 192.168.10.0 255.255.255.0 svc-http permit any network 192.168.10.0 255.255.255.0 svc-https permit any any svc-dhcp permit any any svc-dns permit any any svc-http permit any any svc-https permit any any tcp 993 995 permit any any tcp 25 permit any any tcp 465 permit any network 10.0.3.0 255.255.255.0 any permit log any host 91.190.218.46 any permit log any host 202.152.49.236 any permit log any any any deny log ! ip access-list session ukp4-admin-policy any any any permit ! ip access-list session captiveportal6 ! ip access-list session v6-http-acl ! ip access-list session http-acl any any svc-http permit ! ip access-list session dhcp-acl any any svc-dhcp permit ! ip access-list session ukp4-satelite-policynew any host 10.0.3.3 any permit log any network 10.0.16.0 255.255.255.0 any deny log any any svc-dns permit any alias coin_server any permit any any any deny log any alias dns_server any permit log any any svc-http permit any any svc-https permit any any svc-icmp permit any any svc-dhcp permit any alias internal_server any permit any alias dmz any permit any alias dmz_2 any permit any alias email_server any permit any alias dns_server svc-dns permit any network 173.20.10.0 255.255.255.252 any permit any network 172.31.18.0 255.255.255.240 any permit any any svc-pop3 permit any any svc-smtp permit any any tcp 993 permit any any tcp 995 permit any any tcp 465 permit any any tcp 143 permit any network 10.0.15.0 255.255.255.0 any permit any any udp 4500 permit any any tcp 5100 permit any any tcp 5222 5223 permit any any udp 19305 19309 permit any any tcp 19305 19309 permit any network 10.0.1.0 255.255.255.0 any deny any alias network_devices any deny any network 10.0.2.0 255.255.255.0 any deny send-deny-response queue high ! ip access-list session ap-uplink-acl any any udp 68 permit any any svc-icmp permit any host 224.0.0.251 udp 5353 permit ! ip access-list session VLANUJICOBA any any svc-http permit any any svc-https permit any any svc-dns permit log any network 192.168.10.0 255.255.255.0 any permit any network 192.168.9.0 255.255.255.0 any permit log any network 10.0.3.0 255.255.255.0 any permit log any network 10.0.11.0 255.255.255.0 any permit log any host 10.88.88.5 any permit log any network 10.88.88.0 255.255.255.0 any deny log any any svc-icmp permit log any any tcp 8443 permit ! ip access-list session dynamic-session-acl any any any src-nat pool dynamic-srcnat ! ip access-list session noe-acl any any svc-noe permit queue high ! ip access-list session svp-acl any any svc-svp permit queue high user host 224.0.1.116 any permit ! ip access-list session ap-acl any any svc-gre permit any any svc-syslog permit any user svc-snmp permit user any svc-http permit user any svc-http-accl permit user any svc-smb-tcp permit user any svc-msrpc-tcp permit user any svc-snmp-trap permit user any svc-ntp permit user alias controller svc-ftp permit ! ip access-list session v6-logon-control ! ip access-list session h323-acl any any svc-h323-tcp permit queue high any any svc-h323-udp permit queue high ! vpn-dialer default-dialer ike authentication PRE-SHARE ****** ! user-role ukp4-vlanujicoba-policy vlan 118 session-acl VLANUJICOBA ! user-role ukp4-vlankhusus-role vlan 117 session-acl ukp4-vlankhusus-policy ! user-role ap-role session-acl control session-acl ap-acl ! user-role denyall ! user-role ukp4-guest-postlogon-role session-acl ukp4-guest-postlogon-policy session-acl cplogout ! user-role default-vpn-role session-acl allowall session-acl v6-allowall ! user-role cpbase ! user-role ukp4-prof-role vlan 114 session-acl Ukp4-Lantai2-Policy ! user-role voice session-acl sip-acl session-acl noe-acl session-acl svp-acl session-acl vocera-acl session-acl skinny-acl session-acl h323-acl session-acl dhcp-acl session-acl tftp-acl session-acl dns-acl session-acl icmp-acl ! user-role default-via-role session-acl allowall session-acl v6-allowall ! user-role ukp4-admin-role vlan 100 session-acl ukp4-adminbaru-policy ! user-role ukp4-guest-prelogon-role vlan 115 captive-portal "ukp4-captive-portal" session-acl captiveportal session-acl ukp4-guest-prelogon-policy ! user-role guest-logon captive-portal "default" session-acl logon-control session-acl captiveportal session-acl v6-logon-control session-acl captiveportal6 ! user-role guest session-acl http-acl session-acl https-acl session-acl dhcp-acl session-acl icmp-acl session-acl dns-acl session-acl v6-http-acl session-acl v6-https-acl session-acl v6-dhcp-acl session-acl v6-icmp-acl session-acl v6-dns-acl ! user-role stateful-dot1x ! user-role authenticated session-acl allowall session-acl v6-allowall ! user-role logon session-acl logon-control session-acl captiveportal session-acl vpnlogon session-acl v6-logon-control session-acl captiveportal6 ! user-role ukp4-staff-role vlan 113 session-acl ukp4-staff-policy ! user-role ukp4-satelite-role vlan 116 session-acl ukp4-satelite-policy ! ! aaa timers idle-timeout 1800 seconds interface mgmt shutdown ! dialer group evdo_us init-string ATQ0V1E0 dial-string ATDT#777 ! dialer group gsm_us init-string AT+CGDCONT=1,"IP","ISP.CINGULAR" dial-string ATD*99# ! dialer group vivo_br init-string AT+CGDCONT=1,"IP","zap.vivo.com.br" dial-string ATD*99# ! dialer group gsm_asia init-string AT+CGDCONT=1,"IP","internet" dial-string ATD*99***1# ! vlan 10 vlan 100 vlan 113 vlan 114 vlan 115 vlan 116 vlan 117 vlan 118 interface gigabitethernet 1/0 description "GE1/0" shutdown trusted trusted vlan 1-4094 ! interface gigabitethernet 1/1 description "GE1/1" shutdown trusted trusted vlan 1-4094 ! interface gigabitethernet 1/2 description "GE1/2" shutdown trusted trusted vlan 1-4094 ! interface gigabitethernet 1/3 description "GE1/3" shutdown trusted trusted vlan 1-4094 ! interface gigabitethernet 1/4 description "GE1/4" trusted trusted vlan 1-4094 switchport mode trunk switchport trunk allowed vlan 1-4094 ! interface gigabitethernet 1/5 description "GE1/5" trusted trusted vlan 1-4094 switchport mode trunk switchport trunk allowed vlan 1-4094 ! interface gigabitethernet 1/6 description "GE1/6" shutdown trusted trusted vlan 1-4094 ! interface gigabitethernet 1/7 description "GE1/7" shutdown trusted trusted vlan 1-4094 ! interface vlan 1 ip address 10.0.1.6 255.255.255.0 ! interface vlan 10 ip address 10.0.14.6 255.255.255.0 shutdown ! interface vlan 114 ip address 10.0.16.6 255.255.255.0 ! interface vlan 115 ip address 10.0.17.6 255.255.255.0 ! interface vlan 113 ip address 10.0.15.6 255.255.255.0 ! interface vlan 100 ! interface vlan 116 ip address 10.0.18.6 255.255.255.0 ! interface vlan 117 ip address 10.0.20.6 255.255.255.0 ! interface vlan 118 ip address 10.0.21.6 255.255.255.0 ! ip default-gateway 10.0.1.1 uplink disable ap mesh-recovery-profile cluster Recovery6qLUDx4/ybvWVhCD wpa-hexkey 2470bec98815d1aa66d1dec664e471767667006dea4145c541b53c0d6d0e7ffc2b4dc37dcf744676699c06f3b514d9f6752c2916d62f5090be895b80007c26fd473ac13c1fa095e3fb3f36ef1f12364b wms general poll-interval 60000 general poll-retries 3 general ap-ageout-interval 30 general sta-ageout-interval 30 general learn-ap disable general persistent-known-interfering enable general propagate-wired-macs enable general stat-update enable general collect-stats disable ! crypto isakmp policy 20 encryption aes256 ! crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac crypto dynamic-map default-dynamicmap 10000 set transform-set default-transform default-aes ! vpdn group l2tp ! ip dhcp excluded-address 10.0.17.63 ip dhcp pool ukp4-guest default-router 10.0.17.1 dns-server 192.168.10.250 192.168.10.251 domain-name ukp.go.id network 10.0.17.0 255.255.255.0 authoritative ! service dhcp ip dhcp default-pool private ! syslocation "Binagraha UKP4" syscontact "admin@ukp.go.id" snmp-server user "wirelesscontroller" auth-prot sha ****** vpdn group pptp ! mux-address 0.0.0.0 adp discovery enable adp igmp-join enable adp igmp-vlan 0 voip prioritization disable voip rtcp-inactivity disable voip sip-midcall-req-timeout disable ssh mgmt-auth username/password mgmt-user admin root 4730a67e0151997293cb41f1e01412a097cfd893dd4addb933 mgmt-user alexs2 root 540b063701da9aeffd8fc212a04b125759865baeb5f42abc98 mgmt-user recon root 79ba131701943c3e3a88c5d0753b56e9c192a70a24a9e771f5 ntp server 10.0.1.1 no database synchronize database synchronize rf-plan-data ip mobile domain default ! ip igmp ! no firewall attack-rate cp 1024 ! firewall cp ! firewall cp no acceleration cifs caching no acceleration cifs chattiness no acceleration cifs read-ahead no acceleration cifs write-behind no acceleration http authentication no acceleration http caching no acceleration http deduplication no acceleration http post no acceleration http sharepoint no acceleration mapi aggregation no acceleration mapi caching no acceleration mapi prefetching ! packet-capture-defaults tcp disable udp disable sysmsg disable other disable ! ip domain lookup ! country ID aaa authentication mac "default" ! aaa authentication dot1x "default" --More-- (q) quit (u) pageup (/) search (n) repeat ! aaa authentication dot1x "ukp4-staff-dot1x" termination enable termination eap-type eap-peap termination inner-eap-type eap-mschapv2 ! aaa authentication-server radius "local-radius" ! aaa authentication-server radius "ukp4-ias" host 10.0.3.99 key da0b63897188dddc668c1deb1fe511144e1c8b29aa8a7833 ! aaa authentication-server radius "ukp4-nps" host 10.0.3.26 key e716bb9638c25ab506d8bf1f820ca8f2 ! aaa authentication-server radius "ukp4-radius" host 10.0.3.30 key 1f3a0ef68e6e148fb3948cd8b6617a74 ! aaa authentication-server ldap "LDAP-UKP4" host 10.0.3.27 admin-dn "cn=Directory Manager" admin-passwd a3e7502ad1dc73cb86bf7768fb123866faf55743ebc44dfc allow-cleartext authport 9700 base-dn "dc=ukp,dc=go,dc=id" filter "(Object class=*)" key-attribute "uid" ! aaa authentication-server ldap "test" ! aaa server-group "default" auth-server Internal set role condition role value-of ! aaa server-group "LDAP-UKP4" auth-server LDAP-UKP4 set role condition Filter-Id equals "ADMIN" set-value ukp4-admin-role set role condition Filter-Id equals "STAFF" set-value ukp4-staff-role set role condition Filter-Id equals "PROF" set-value ukp4-prof-role ! aaa server-group "radius-acc-internal" auth-server local-radius set role condition Filter-Id equals "ADMIN" set-value ukp4-admin-role set role condition Role value-of ! aaa server-group "ukp4-IAS" auth-server ukp4-ias set role condition Filter-Id equals "ADMIN" set-value ukp4-admin-role set role condition Filter-Id equals "STAFF" set-value ukp4-staff-role set role condition Filter-Id equals "PROF" set-value ukp4-prof-role set role condition Filter-Id equals "SATELITE" set-value ukp4-satelite-role set role condition Filter-Id equals "VLANKHUSUS" set-value ukp4-vlankhusus-role set role condition Filter-Id equals "VLANUJICOBA" set-value ukp4-vlanujicoba-policy ! aaa server-group "ukp4-nps" auth-server ukp4-nps set role condition Filter-Id equals "ADMIN" set-value ukp4-admin-role ! aaa server-group "ukp4-radius" auth-server ukp4-radius set role condition Filter-Id equals "ADMIN" set-value ukp4-admin-role set role condition Filter-Id equals "STAFF" set-value ukp4-staff-role set role condition Filter-Id equals "PROF" set-value ukp4-prof-role ! aaa authentication via connection-profile "default" --More-- (q) quit (u) pageup (/) search (n) repeat ! aaa authentication via web-auth "default" ! aaa authentication via global-config ! aaa profile "aaa-test-internaldb" authentication-dot1x "ukp4-staff-dot1x" dot1x-default-role "authenticated" dot1x-server-group "internal" radius-accounting "radius-acc-internal" ! aaa profile "aaa-ukp4-guest" initial-role "ukp4-guest-prelogon-role" ! aaa profile "aaa-ukp4-staff" authentication-dot1x "ukp4-staff-dot1x" dot1x-default-role "ukp4-admin-role" dot1x-server-group "ukp4-IAS" ! aaa profile "default" ! aaa authentication captive-portal "default" ! aaa authentication captive-portal "ksp" server-group "internal" ! aaa authentication captive-portal "ukp4-captive-portal" default-role "ukp4-guest-postlogon-role" server-group "internal" ! aaa authentication wispr "default" ! aaa authentication vpn "default" ! aaa authentication vpn "default-rap" ! aaa authentication mgmt server-group "ukp4-IAS" ! aaa authentication stateful-ntlm "default" ! aaa authentication stateful-kerberos "default" ! aaa authentication stateful-dot1x ! aaa authentication via auth-profile "default" ! aaa authentication wired ! web-server ssl-protocol tlsv1 switch-cert "ArubaDigiCert" captive-portal-cert "ArubaDigiCert" ! papi-security ! guest-access-email ! control-plane-security ! voice dialplan-profile "default" ! voice sip ! aaa password-policy mgmt ! ap system-profile "default" ! ap regulatory-domain-profile "default" country-code SG valid-11g-channel 1 valid-11g-channel 6 valid-11g-channel 11 valid-11a-channel 36 valid-11a-channel 40 valid-11a-channel 44 valid-11a-channel 48 valid-11a-channel 52 valid-11a-channel 56 valid-11a-channel 60 valid-11a-channel 64 valid-11a-channel 149 valid-11a-channel 153 valid-11a-channel 157 valid-11a-channel 161 valid-11a-channel 165 valid-11g-40mhz-channel-pair 1-5 valid-11g-40mhz-channel-pair 7-11 valid-11a-40mhz-channel-pair 36-40 valid-11a-40mhz-channel-pair 44-48 valid-11a-40mhz-channel-pair 52-56 valid-11a-40mhz-channel-pair 60-64 valid-11a-40mhz-channel-pair 149-153 valid-11a-40mhz-channel-pair 157-161 ! ap wired-ap-profile "default" ! ap enet-link-profile "default" ! ap mesh-ht-ssid-profile "default" ! ap mesh-cluster-profile "default" ! ap wired-port-profile "default" ! ap mesh-radio-profile "default" ! ids general-profile "default" ! ids rate-thresholds-profile "default" ! ids signature-profile "default" ! ids impersonation-profile "default" ! ids unauthorized-device-profile "default" ! ids signature-matching-profile "default" signature "Deauth-Broadcast" signature "Disassoc-Broadcast" ! ids dos-profile "default" ! 5.0.3.3 and 6.4.2.12 ids profile "default" ! rf arm-profile "default" ! rf optimization-profile "default" ! rf event-thresholds-profile "default" ! rf dot11a-radio-profile "default" ! rf dot11g-radio-profile "default" ! wlan dot11k-profile "default" ! wlan voip-cac-profile "default" ! wlan ht-ssid-profile "default" ! valid-network-oui-profile ! wlan edca-parameters-profile station "default" ! wlan edca-parameters-profile ap "default" ! wlan ssid-profile "default" ! wlan ssid-profile "saman_1" essid "SAMAN_1" opmode wpa2-aes ! wlan ssid-profile "saman_2" essid "SAMAN_2" opmode wpa2-aes ! wlan ssid-profile "test_internal" opmode wpa2-aes ! wlan ssid-profile "ukp4-guest" essid "BERANDA" ! wlan ssid-profile "ukp4-staff" essid "SAMAN_1" opmode wpa2-aes ! wlan virtual-ap "default" ! wlan virtual-ap "internalAP" aaa-profile "aaa-test-internaldb" ssid-profile "test_internal" vlan 113,116 ! wlan virtual-ap "SAMAN_1" aaa-profile "aaa-ukp4-staff" ssid-profile "saman_2" vlan 113,116 ! wlan virtual-ap "SAMAN_2" aaa-profile "aaa-ukp4-staff" ssid-profile "saman_1" vlan 113,116 ! wlan virtual-ap "ukp4-guest" aaa-profile "aaa-ukp4-guest" ssid-profile "ukp4-guest" vlan 115 ! wlan virtual-ap "ukp4-staff" aaa-profile "aaa-ukp4-staff" ssid-profile "ukp4-staff" vlan 114 ! wlan virtual-ap "UKP4-staff2" aaa-profile "aaa-ukp4-staff" ssid-profile "ukp4-staff" ! ap provisioning-profile "default" ! ap-group "default" virtual-ap "default" ! ap-group "ukp4-ap" virtual-ap "ukp4-guest" virtual-ap "SAMAN_1" virtual-ap "SAMAN_2" ! logging level debugging network logging level debugging security subcat aaa logging level debugging security process authmgr subcat all logging level debugging security subcat dot1x logging level debugging security process authmgr subcat packet-trace logging level debugging user logging level debugging user subcat dot1x snmp-server enable trap process monitor log network-printer max-jobs 500 network-printer max-clients-per-host 10 network-printer max-clients 10 end