#!/usr/bin/clish
#260
#270
#1.
26.x
#01/05/2024
#11:54:29
hostname WLC-1
object-group service airtune
port-range 8099
exit
object-group service dhcp_client
port-range 68
exit
object-group service dhcp_server
port-range 67
exit
object-group service dns
port-range 53
exit
object-group service netconf
port-range 830
exit
object-group service ntp
port-range 123
exit
object-group service radius_auth
port-range 1812
exit
object-group service sa
port-range 8043-8044
exit
object-group service ssh
port-range 22
exit
object-group service sync
port-range 873
exit
object-group service softgre_controller
port-range 1337
exit
syslog max-files 3
syslog file-size 512
syslog file tmpsys:syslog/default
severity info
exit
radius-server local
nas ap
key ascii-text encrypted 8CB5107EA7005AFF
network 30.x
#2024-11-22
#05:32:21
hostname WLC-1 object-group service airtune
port-range 8099
exit
object-group service dhcp_client
port-range 68
exit
object-group service dhcp_server
port-range 67
exit
object-group service dns
port-range 53
exit
object-group service netconf
port-range 830
exit
object-group service ntp
port-range 123
exit
object-group service radius_auth
port-range 1812
exit
object-group service sa
port-range 8043-8044
exit
object-group service ssh
port-range 22
exit
object-group service sync
port-range 873
exit
object-group service softgre_controller
port-range 1337
exit syslog max-files 3
syslog file-size 512
syslog file tmpsys:syslog/default
severity info
exit radius-server local
nas ap
key ascii-text encrypted 8CB5107EA7005AFF
network 192.168.1.0/24
exit
nas local
key
exit
nas local
key ascii-text
encrypted 8CB5107EA7005AFF
network
127.0.0.1/32
exit
domain default
user test
password
exit
domain default
user test
password ascii-text
encrypted CDE65039E5591FA3
exit
exit
exit
exit
virtual-server
default
enable
exit
enable
exit
enable
exit
enable
exit
radius-server
host 127.0.0.1
key
ascii-text encrypted 8CB5107EA7005AFF
exit
aaa
radius-profile default_radius
radius-server
host 127.0.0.1
exit
boot host auto-config
boot
host auto-update
vlan 3
force-up
exit
vlan
2449
force-up
exit
vlan
2
exit
no spanning-tree
domain lookup enable
security zone trusted
exit
security
zone untrusted
exit
security
zone users
exit
bridge 1
vlan
2449
security-zone
trusted
ip
address 192.168.1.2/24
vrrp
id 1
vrrp
ip 192.168.1.1/32
vrrp
priority 120
vrrp
group 1
vrrp
preempt disable
vrrp
timers garp refresh 60
vrrp
no
vrrp
no spanning-tree
enable
exit
bridge
2
vlan
2
security-zone
untrusted
ip
address dhcp
no
spanning-tree
enable
exit
bridge
3
vlan
3
mtu
1458
security-zone
users
ip
address 192.168.2.2/24
vrrp
id 3
vrrp
ip 192.168.2.1/32
vrrp
priority 120
vrrp
group 1
vrrp
preempt disable
vrrp
timers garp refresh 60
vrrp
no
vrrp
no spanning-tree
enable
exit
interface gigabitethernet 1/0/1
mode
switchport
switchport
access vlan 2
exit
interface
gigabitethernet 1/0/2
mode
switchport
switchport
mode trunk
switchport
trunk allowed vlan add 3,2449
exit
interface
gigabitethernet 1/0/3
mode
switchport
exit
interface
gigabitethernet 1/0/4
mode
switchport
exit
interface
tengigabitethernet 1/0/1
mode
switchport
switchport
access vlan 2
exit
interface
tengigabitethernet 1/0/2
mode switchport
exit
tunnel softgre 1
mode data
local address
mode switchport
exit
tunnel softgre 1
mode data
local address 192.168.1.1
default-profile
enable
exit
ip failover
local-address
192.168.1.2
remote-address
192.168.1.3
vrrp-group
1
exit
security zone-pair trusted self
rule
10
action
permit
match
protocol tcp
match
destination-port object-group ssh
enable
exit
rule 11
action permit
match protocol vrrp
enable
exit
rule 12
action permit
match protocol tcp
match destination-port object-group softgre_controller
enable
exit
rule 13
action permit
match protocol tcp
match destination-port object-group sync
enable
exit
rule 20
action permit
match protocol icmp
enable
exit
rule 30
action permit
match protocol udp
match source-port object-group dhcp_client
match destination-port object-group dhcp_server
enable
exit
rule 40
action permit
match protocol udp
match destination-port object-group ntp
enable
exit
rule 50
action permit
match protocol tcp
match destination-port object-group dns
enable
exit
rule 60
action permit
match protocol udp
match destination-port object-group dns
enable
exit
rule 70
action permit
match protocol tcp
match destination-port object-group netconf
enable
exit
rule 80
action permit
match protocol tcp
match destination-port object-group sa
enable
exit
rule 90
action permit
match protocol udp
match destination-port object-group radius_auth
enable
exit
rule 100
action permit
match protocol gre
enable
exit
rule 110
action permit
match protocol tcp
match destination-port object-group airtune
enable
exit
exit
security zone-pair trusted trusted
rule 1
action permit
enable
exit
exit
security zone-pair trusted untrusted
rule 1
action permit
enable
exit
exit
security zone-pair untrusted self
rule 1
action permit
match protocol udp
match source-port object-group dhcp_server
match destination-port object-group dhcp_client
enable
exit
exit
security zone-pair users self
rule 10
action permit
match protocol icmp
enable
exit
rule 11
action permit
match protocol vrrp
enable
exit
rule 20
action permit
match protocol udp
match source-port object-group dhcp_client
match destination-port object-group dhcp_server
enable
exit
rule 30
action permit
match protocol tcp
match destination-port object-group dns
enable
exit
rule 40
action permit
match protocol udp
match destination-port object-group dns
enable
exit
exit
security zone-pair users untrusted
rule 1
action permit
enable
exit
exit
security passwords default-expired
nat source
ruleset factory
to zone untrusted
rule 10
description "replace 'source ip' by outgoing interface ip address"
action source-nat interface
enable
exit
exit
exit
ip dhcp-server
ip dhcp-server pool ap-pool
network ssh
enable
exit
rule 11
action permit
match protocol vrrp
enable
exit
rule 12
action permit
match protocol tcp
match destination-port object-group softgre_controller
enable
exit
rule 13
action permit
match protocol tcp
match destination-port object-group sync
enable
exit
rule 20
action permit
match protocol icmp
enable
exit
rule 30
action permit
match protocol udp
match source-port object-group dhcp_client
match destination-port object-group dhcp_server
enable
exit
rule 40
action permit
match protocol udp
match destination-port object-group ntp
enable
exit
rule 50
action permit
match protocol tcp
match destination-port object-group dns
enable
exit
rule 60
action permit
match protocol udp
match destination-port object-group dns
enable
exit
rule 70
action permit
match protocol tcp
match destination-port object-group netconf
enable
exit
rule 80
action permit
match protocol tcp
match destination-port object-group sa
enable
exit
rule 90
action permit
match protocol udp
match destination-port object-group radius_auth
enable
exit
rule 100
action permit
match protocol gre
enable
exit
rule 110
action permit
match protocol tcp
match destination-port object-group airtune
enable
exit
exit
security zone-pair trusted trusted
rule 1
action permit
enable
exit
exit
security zone-pair trusted untrusted
rule 1
action permit
enable
exit
exit
security zone-pair untrusted self
rule 1
action permit
match protocol udp
match source-port object-group dhcp_server
match destination-port object-group dhcp_client
enable
exit
exit
security zone-pair users self
rule 10
action permit
match protocol icmp
enable
exit
rule 11
action permit
match protocol vrrp
enable
exit
rule 20
action permit
match protocol udp
match source-port object-group dhcp_client
match destination-port object-group dhcp_server
enable
exit
rule 30
action permit
match protocol tcp
match destination-port object-group dns
enable
exit
rule 40
action permit
match protocol udp
match destination-port object-group dns
enable
exit
exit
security zone-pair users untrusted
rule 1
action permit
enable
exit
exit security passwords default-expired nat source
ruleset factory
to zone untrusted
rule 10
description "replace 'source ip' by outgoing interface ip address"
action source-nat interface
enable
exit
exit
exit ip dhcp-server
ip dhcp-server pool ap-pool
network 192.168.1.0/24
address-range
192.168.1.4-192.168.1.254
default-router
192.168.1.1
dns-server
192.168.1.1
option
42 ip-address 192.168.1.1
vendor-specific
suboption
12 ascii-text "192.168.1.1"
suboption
15 ascii-text "https://192.168.1.1:8043"
exit
exit
ip
dhcp-server pool users-pool
network
192.168.2.0/24
address-range
192.168.2.4-192.168.2.254
default-router
192.168.2.1
dns-server
192.168.2.1
exit
ip
dhcp-server failover
mode
active-standby
enable
exit
softgre-controller
nas-ip-address
127.0.0.1
failover
failover
data-tunnel
configuration wlc
aaa
radius-profile default_radius
keepalive-disable
service-vlan
add 3
enable
exit
wlc
wlc
outside-address 192.168.1.1
service-activator
aps
join auto
exit
airtune
enable
exit
failover
exit
airtune
enable
exit
failover
ap-location
default-location
description
description "default-location
mode tunnel
"
mode tunnel
ap-profile default-ap
ssid-profile
default-ssid
exit
exit
ssid-profile
default-ssid
description
description "default-ssid
ssid "
ssid "default-ssid
"
radius-profile default-radius
vlan-id
3
security-mode
WPA2_1X
802.11kv
band
2g
band
5g
enable
exit
enable
exit
ap-profile
default-ap
password
ascii-text encrypted 8CB5107EA7005AFF
exit
exit
radius-profile
default-radius
auth-address
192.168.1.1
auth-password
ascii-text encrypted 8CB5107EA7005AFF
domain
default
exit
exit
ip-pool
default-ip-pool
description
description "default-ip-pool
"
ap-location default-location
exit
enable
exit
ip ssh server
ntp enable
ntp server
exit
enable
exit
ip ssh server ntp enable
ntp server 100.110.0.65
exit
crypto-sync
crypto-sync
remote-delete
enable
exit
| 