環境
| 機器 | バージョン |
|---|---|
| Aruba3200 | 6.4.4.20 |
| juniperEX4300 | 13.2X51-D26.2 |
| httpd | Windows Server 2019 |
| named | CentOS 8.5.2111 |
構成イメージ図
WEBサーバ構築
以下を参照。httpサーバ構築まで。
DNSサーバ構築
以下を参照。正引きゾーンファイルにweb.test.co.jpを名前解決出来るように設定すればOK。
Web認証構築
(RD_WS_A0102) #no paging
(RD_WS_A0102) #
(RD_WS_A0102) #show running-config
Building Configuration...
version 6.4
enable secret "******"
telnet cli
hostname "RD_WS_A0102"
clock timezone JST 9
banner motd #
"****************************************"
"Hostname : RD_WS_A0102"
"P/N : Aruba6000"
"S/N : A00012860"
"SC S/N : FE0000113"
"OS Version : 6.4.2.4"
"OS Image : ArubaOS_MMC_6.4.2.4_48122"
"****************************************"
#
!
location "TP-RD-ServerRoom"
controller config 89
crypto-local pki ServerCert guest guest.tp-aruba.sysmex.co.jp.p12
ip cp-redirect-address 10.180.198.69
ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0
ip access-list eth 200
permit any
!
ip access-list eth validuserethacl
permit any
!
netservice svc-snmp-trap udp 162
netservice svc-netbios-dgm udp 138
netservice svc-pcoip2-tcp tcp 4172
netservice svc-smb-tcp tcp 445
netservice svc-ike udp 500
netservice svc-l2tp udp 1701
netservice svc-syslog udp 514
netservice svc-citrix tcp 2598
netservice svc-dhcp udp 67 68 alg dhcp
netservice svc-https tcp 443
netservice svc-pptp tcp 1723
netservice svc-ica tcp 1494
netservice svc-telnet tcp 23
netservice svc-sccp tcp 2000 alg sccp
netservice svc-sec-papi udp 8209
netservice svc-web tcp list "80 443"
netservice svc-tftp udp 69 alg tftp
netservice svc-kerberos udp 88
netservice svc-sip-tcp tcp 5060
netservice svc-netbios-ssn tcp 139
netservice svc-lpd tcp 515
netservice svc-pop3 tcp 110
netservice svc-adp udp 8200
netservice svc-cfgm-tcp tcp 8211
netservice svc-noe udp 32512 alg noe
netservice svc-http-proxy3 tcp 8888
netservice svc-pcoip-tcp tcp 50002
netservice svc-pcoip-udp udp 50002
netservice svc-msrpc-tcp tcp 135 139
netservice svc-rtsp tcp 554 alg rtsp
netservice svc-dns udp 53 alg dns
netservice svc-vocera udp 5002 alg vocera
netservice svc-h323-tcp tcp 1720
netservice svc-h323-udp udp 1718 1719
netservice vnc tcp 5900 5905
netservice svc-http tcp 80
netservice svc-nterm tcp 1026 1028
netservice svc-sip-udp udp 5060
netservice svc-http-proxy2 tcp 8080
netservice svc-noe-oxo udp 5000 alg noe
netservice svc-papi udp 8211
netservice svc-ftp tcp 21 alg ftp
netservice svc-natt udp 4500
netservice svc-svp 119 alg svp
netservice svc-microsoft-ds tcp 445
netservice svc-gre 47
netservice svc-smtp tcp 25
netservice svc-smb-udp udp 445
netservice svc-sips tcp 5061 alg sips
netservice svc-netbios-ns udp 137
netservice svc-esp 50
netservice svc-ipp-tcp tcp 631
netservice svc-http-sysmex-proxy1 tcp 7080
netservice svc-bootp udp 67 69
netservice svc-snmp udp 161
netservice svc-v6-dhcp udp 546 547
netservice svc-pcoip2-udp udp 4172
netservice svc-icmp 1
netservice svc-ntp udp 123
netservice svc-msrpc-udp udp 135 139
netservice svc-ssh tcp 22
netservice svc-ipp-udp udp 631
netservice svc-http-proxy1 tcp 3128
netservice svc-v6-icmp 58
netservice svc-vmware-rdp tcp 3389
netdestination6 ipv6-reserved-range
invert
network 2000::/3
!
netexthdr default
!
time-range night-hours periodic
weekday 18:01 to 23:59
weekday 00:00 to 07:59
!
time-range weekend periodic
weekend 00:00 to 23:59
!
time-range working-hours periodic
weekday 08:00 to 18:00
!
ip access-list session allow-diskservices
any any svc-netbios-dgm permit
any any svc-netbios-ssn permit
any any svc-microsoft-ds permit
any any svc-netbios-ns permit
!
ip access-list session control
any any svc-papi permit
any any svc-sec-papi permit
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-cfgm-tcp permit
any any svc-adp permit
any any svc-tftp permit
any any svc-dhcp permit
any any svc-natt permit
!
ip access-list session v6-icmp-acl
ipv6 any any svc-v6-icmp permit
!
ip access-list session apprf-thermo-mak-ok-sacl
!
ip access-list session validuser
network 127.0.0.0 255.0.0.0 any any deny
network 169.254.0.0 255.255.0.0 any any deny
network 224.0.0.0 240.0.0.0 any any deny
host 255.255.255.255 any any deny
network 240.0.0.0 240.0.0.0 any any deny
any any any permit
ipv6 host fe80:: any any deny
ipv6 network fc00::/7 any any permit
ipv6 network fe80::/64 any any permit
ipv6 alias ipv6-reserved-range any any deny
ipv6 any any any permit
!
ip access-list session vocera-acl
any any svc-vocera permit queue high
!
ip access-list session v6-https-acl
ipv6 any any svc-https permit
!
ip access-list session apprf-tablet-cp-ok-sacl
!
ip access-list session vmware-acl
any any svc-vmware-rdp permit tos 46 dot1p-priority 6
any any svc-pcoip-tcp permit tos 46 dot1p-priority 6
any any svc-pcoip-udp permit tos 46 dot1p-priority 6
any any svc-pcoip2-tcp permit tos 46 dot1p-priority 6
any any svc-pcoip2-udp permit tos 46 dot1p-priority 6
!
ip access-list session v6-control
ipv6 user any udp 547 deny
ipv6 any any svc-v6-icmp permit
ipv6 any any svc-dns permit
ipv6 any any svc-papi permit
ipv6 any any svc-sec-papi permit
ipv6 any any svc-cfgm-tcp permit
ipv6 any any svc-adp permit
ipv6 any any svc-tftp permit
ipv6 any any svc-dhcp permit
ipv6 any any svc-natt permit
!
ip access-list session icmp-acl
any any svc-icmp permit
!
ip access-list session apprf-default-vpn-role-sacl
!
ip access-list session captiveportal-tablet
user host 172.20.0.153 svc-https permit
user host 172.21.103.31 svc-http permit
user host 172.21.103.31 svc-https permit
user host 172.21.131.84 svc-http permit
user host 172.21.131.84 svc-https permit
user alias controller svc-https dst-nat 8081
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
user any svc-http-proxy1 dst-nat 8088
user any svc-http-proxy2 dst-nat 8088
user any svc-http-proxy3 dst-nat 8088
user any svc-http-sysmex-proxy1 dst-nat 8088
user host 172.20.0.153 svc-http permit
!
ip access-list session acl-captiveportal-collabo
user host 172.20.0.153 svc-http permit
user host 172.20.0.153 svc-https permit
user host 172.21.103.31 svc-http permit
user host 172.21.103.31 svc-https permit
user host 172.21.131.84 svc-http permit
user host 172.21.131.84 svc-https permit
user host 172.21.157.20 svc-dns permit
user alias controller svc-https dst-nat 8081
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
user any svc-http-proxy1 dst-nat 8088
user any svc-http-proxy2 dst-nat 8088
user any svc-http-proxy3 dst-nat 8088
user any svc-http-sysmex-proxy1 dst-nat 8088
!
ip access-list session apprf-authenticated-sacl
!
ip access-list session apprf-stateful-dot1x-sacl
!
ip access-list session captiveportal
user alias controller svc-https dst-nat 8081
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
user any svc-http-proxy1 dst-nat 8088
user any svc-http-proxy2 dst-nat 8088
user any svc-http-proxy3 dst-nat 8088
!
ip access-list session v6-dhcp-acl
ipv6 any any svc-v6-dhcp permit
!
ip access-list session apprf-guest-cp-ok-sacl
!
ip access-list session allowall
any any any permit
ipv6 any any any permit
!
ip access-list session v6-dns-acl
ipv6 any any svc-dns permit
!
ip access-list session apprf-tablet-cp-logon-sacl
!
ip access-list session apprf-voice-sacl
!
ip access-list session skype4b-acl
any any svc-sips permit queue high
!
ip access-list session captiveportal-guest
user alias controller svc-https dst-nat 8081
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
user any svc-http-proxy1 dst-nat 8088
user any svc-http-proxy2 dst-nat 8088
user any svc-http-proxy3 dst-nat 8088
user any svc-http-sysmex-proxy1 dst-nat 8088
!
ip access-list session sip-acl
any any svc-sip-udp permit queue high
any any svc-sip-tcp permit queue high
!
ip access-list session https-acl
any any svc-https permit
!
ip access-list session WriteList
any host 10.180.198.69 any route
!
ip access-list session dns-acl
any any svc-dns permit
!
ip access-list session ra-guard
ipv6 user any icmpv6 rtr-adv deny
!
ip access-list session citrix-acl
any any svc-citrix permit tos 46 dot1p-priority 6
any any svc-ica permit tos 46 dot1p-priority 6
!
ip access-list session apprf-tablet-tls-ok-sacl
!
ip access-list session allow-printservices
any any svc-lpd permit
any any svc-ipp-tcp permit
any any svc-ipp-udp permit
!
ip access-list session logon-control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
any network 169.254.0.0 255.255.0.0 any deny
any network 240.0.0.0 240.0.0.0 any deny
!
ip access-list session vpnlogon
user any svc-ike permit
user any svc-esp permit
any any svc-l2tp permit
any any svc-pptp permit
any any svc-gre permit
!
ip access-list session srcnat
user any any src-nat
!
ip access-list session skinny-acl
any any svc-sccp permit queue high
!
ip access-list session tftp-acl
any any svc-tftp permit
!
ip access-list session v6-allowall
ipv6 any any any permit
!
ip access-list session apprf-collabo-cp-logon-sacl
!
ip access-list session cplogout
user alias controller svc-https dst-nat 8081
!
ip access-list session apprf-mac-ng-sacl
!
ip access-list session captiveportal6
ipv6 user alias controller6 svc-https captive
ipv6 user any svc-http captive
ipv6 user any svc-https captive
ipv6 user any svc-http-proxy1 captive
ipv6 user any svc-http-proxy2 captive
ipv6 user any svc-http-proxy3 captive
!
ip access-list session dhcp-acl
any any svc-dhcp permit
!
ip access-list session http-acl
any any svc-http permit
!
ip access-list session v6-http-acl
ipv6 any any svc-http permit
!
ip access-list session apprf-default-via-role-sacl
!
ip access-list session apprf-visitor-psk-ok-sacl
!
ip access-list session apprf-pc-peap-ok-sacl
!
ip access-list session no-auth
!
ip access-list session apprf-guest-sacl
!
ip access-list session ap-uplink-acl
any any udp 68 permit
any any svc-icmp permit
any host 224.0.0.251 udp 5353 permit
!
ip access-list session ap-acl
any any svc-gre permit
any any svc-syslog permit
any user svc-snmp permit
user any svc-snmp-trap permit
user any svc-ntp permit
user alias controller svc-ftp permit
!
ip access-list session svp-acl
any any svc-svp permit queue high
user host 224.0.1.116 any permit
!
ip access-list session noe-acl
any any svc-noe permit queue high
!
ip access-list session acl-mac-ng
any any any deny
!
ip access-list session apprf-guest-cp-logon-sacl
!
ip access-list session global-sacl
!
ip access-list session v6-ap-acl
ipv6 any any svc-gre permit
ipv6 any any svc-syslog permit
ipv6 any user svc-snmp permit
ipv6 user any svc-snmp-trap permit
ipv6 user any svc-ntp permit
ipv6 user alias controller6 svc-ftp permit
!
ip access-list session thermo-allow
any any svc-dhcp permit
user host 172.21.209.61 any permit
!
ip access-list session apprf-collabo-cp-ok-sacl
!
ip access-list session h323-acl
any any svc-h323-tcp permit queue high
any any svc-h323-udp permit queue high
!
ip access-list session v6-logon-control
ipv6 user any udp 68 deny
ipv6 any any svc-v6-icmp permit
ipv6 any any svc-v6-dhcp permit
ipv6 any any svc-dns permit
ipv6 any network fc00::/7 any permit
ipv6 any network fe80::/64 any permit
ipv6 any alias ipv6-reserved-range any deny
!
vpn-dialer default-dialer
ike authentication PRE-SHARE ******
!
dot1x high-watermark 450
dot1x low-watermark 427
user-role ap-role
access-list session control
access-list session ap-acl
access-list session v6-control
access-list session v6-ap-acl
!
user-role guest-cp-logon
captive-portal "cp-GUEST"
access-list session global-sacl
access-list session apprf-guest-cp-logon-sacl
access-list session logon-control
access-list session captiveportal-guest
!
user-role guest-cp-ok
access-list session global-sacl
access-list session apprf-guest-cp-ok-sacl
access-list session allowall
!
user-role default-vpn-role
access-list session global-sacl
access-list session apprf-default-vpn-role-sacl
access-list session allowall
access-list session v6-allowall
!
user-role collabo-cp-logon
captive-portal "cp-Collabo-GUEST-Sub"
access-list session global-sacl
access-list session apprf-collabo-cp-logon-sacl
access-list session logon-control
access-list session acl-captiveportal-collabo
!
user-role thermo-mak-ok
access-list session global-sacl
access-list session apprf-thermo-mak-ok-sacl
access-list session thermo-allow
!
user-role tablet-cp-logon
captive-portal "cp-Tablet"
access-list session global-sacl
access-list session apprf-tablet-cp-logon-sacl
access-list session logon-control
access-list session captiveportal-tablet
!
user-role visitor-psk-ok
access-list session global-sacl
access-list session apprf-visitor-psk-ok-sacl
access-list session allowall
access-list session v6-allowall
!
user-role voice
access-list session global-sacl
access-list session apprf-voice-sacl
access-list session sip-acl
access-list session noe-acl
access-list session svp-acl
access-list session vocera-acl
access-list session skinny-acl
access-list session h323-acl
access-list session dhcp-acl
access-list session tftp-acl
access-list session dns-acl
access-list session icmp-acl
!
user-role tablet-cp-ok
access-list session global-sacl
access-list session apprf-tablet-cp-ok-sacl
access-list session logon-control
access-list session captiveportal-tablet
!
user-role default-via-role
access-list session global-sacl
access-list session apprf-default-via-role-sacl
access-list session allowall
!
user-role mac-ng
access-list session global-sacl
access-list session apprf-mac-ng-sacl
access-list session acl-mac-ng
!
user-role guest-logon
captive-portal "default"
access-list session logon-control
access-list session captiveportal
access-list session v6-logon-control
access-list session captiveportal6
!
user-role guest
access-list session global-sacl
access-list session apprf-guest-sacl
access-list session http-acl
access-list session https-acl
access-list session dhcp-acl
access-list session icmp-acl
access-list session dns-acl
access-list session v6-http-acl
access-list session v6-https-acl
access-list session v6-dhcp-acl
access-list session v6-icmp-acl
access-list session v6-dns-acl
!
user-role stateful-dot1x
access-list session global-sacl
access-list session apprf-stateful-dot1x-sacl
!
# 認証時に適用されるRole
user-role authenticated
access-list session global-sacl
access-list session apprf-authenticated-sacl
access-list session allowall
access-list session v6-allowall
!
user-role collabo-cp-ok
access-list session global-sacl
access-list session apprf-collabo-cp-ok-sacl
access-list session allowall
!
user-role tablet-tls-ok
access-list session global-sacl
access-list session apprf-tablet-tls-ok-sacl
access-list session allowall
!
user-role default-iap-user-role
access-list session allowall
!
# 未認証ユーザに適用されるRole
user-role logon
reauthentication-interval 3
captive-portal "default"
access-list session logon-control
access-list session captiveportal
access-list session vpnlogon
access-list session v6-logon-control
access-list session captiveportal6
access-list session global-sacl
!
user-role pc-peap-ok
access-list session global-sacl
access-list session apprf-pc-peap-ok-sacl
access-list session allowall
!
!
no kernel coredump
interface mgmt
shutdown
!
interface loopback
ip address 172.21.191.8
!
dialer group evdo_us
init-string ATQ0V1E0
dial-string ATDT#777
!
dialer group gsm_us
init-string AT+CGDCONT=1,"IP","ISP.CINGULAR"
dial-string ATD*99#
!
dialer group gsm_asia
init-string AT+CGDCONT=1,"IP","internet"
dial-string ATD*99***1#
!
dialer group vivo_br
init-string AT+CGDCONT=1,"IP","zap.vivo.com.br"
dial-string ATD*99#
!
vlan 10
vlan 20
no spanning-tree
# 管理VLANを紐付け
interface gigabitethernet 1/0
description "GE1/0"
trusted
trusted vlan 1-4094
switchport access vlan 10
!
# 認証に使用するVLAN20をTrunkとして設定。
アップリンク側のポートなので、Vlan20を許可に設定している。
interface gigabitethernet 1/1
description "GE1/1"
trusted
trusted vlan 2-4094
switchport access vlan 20
switchport trunk allowed vlan 1,20
!
# 認証に使用するVLAN20をTrunkとして設定。
ダウンリンク側のポートなので、Vlan20を不許可に設定している。
interface gigabitethernet 1/2
description "/*** RD_CS0101 Te1/1/4 ***/"
trusted
trusted vlan 1-19,21-4094
switchport access vlan 20
switchport trunk allowed vlan 1,20
!
interface gigabitethernet 1/3
description "/*** RD_CS0101 Te2/1/4 ***/"
trusted
trusted vlan 1-4094
switchport mode trunk
switchport trunk allowed vlan 191,244,248
!
interface port-channel 0
shutdown
trusted vlan 1-4094
!
interface port-channel 1
add gigabitethernet 1/3
trusted
trusted vlan 1-4094
switchport mode trunk
switchport access vlan 156
switchport trunk allowed vlan 156-157,190-191,244,248,1183
!
interface vlan 1
shutdown
!
interface vlan 20
ip address 10.0.0.100 255.255.255.0
!
interface vlan 10
ip address 10.180.198.149 255.255.255.0
!
!
!
ip default-gateway 10.180.198.254
uplink disable
crypto isakmp policy 20
encryption aes256
!
crypto isakmp policy 10001
!
crypto isakmp policy 10002
encryption aes256
authentication rsa-sig
!
crypto isakmp policy 10003
encryption aes256
!
crypto isakmp policy 10004
version v2
encryption aes256
authentication rsa-sig
!
crypto isakmp policy 10005
encryption aes256
!
crypto isakmp policy 10006
version v2
encryption aes128
authentication rsa-sig
!
crypto isakmp policy 10007
version v2
encryption aes128
!
crypto isakmp policy 10008
version v2
encryption aes128
hash sha2-256-128
group 19
authentication ecdsa-256
prf prf-hmac-sha256
!
crypto isakmp policy 10009
version v2
encryption aes256
hash sha2-384-192
group 20
authentication ecdsa-384
prf prf-hmac-sha384
!
crypto isakmp policy 10012
version v2
encryption aes256
authentication rsa-sig
!
crypto isakmp policy 10013
encryption aes256
!
crypto ipsec transform-set default-ha-transform esp-3des esp-sha-hmac
crypto ipsec transform-set default-boc-bm-transform esp-aes256 esp-sha-hmac
crypto ipsec transform-set default-1st-ikev2-transform esp-aes256 esp-sha-hmac
crypto ipsec transform-set default-3rd-ikev2-transform esp-aes128 esp-sha-hmac
crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac
crypto dynamic-map default-rap-ipsecmap 10001
version v2
set transform-set "default-gcm256" "default-gcm128" "default-rap-transform"
!
crypto dynamic-map default-dynamicmap 10000
set transform-set "default-transform" "default-aes"
!
crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap
crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap
crypto isakmp eap-passthrough eap-tls
crypto isakmp eap-passthrough eap-peap
crypto isakmp eap-passthrough eap-mschapv2
vpdn group l2tp
!
!
snmp-server community "sysmex"
vpdn group pptp
!
tunneled-node-address 0.0.0.0
adp discovery enable
adp igmp-join enable
adp igmp-vlan 0
voice rtcp-inactivity disable
voice alg-based-cac enable
voice sip-midcall-req-timeout disable
ap ap-blacklist-time 3600
ap flush-r1-on-new-r0 disable
amon msg-buffer-size 32768
stm mon-update-queue 21120
no ssh mgmt-auth public-key
ssh mgmt-auth username/password
mgmt-user admin root 1b0c8d6201d80dbcfcf8a59562111d46a744cdc885de3ac9b7
ntp server 192.168.21.20
no database synchronize
ip mobile domain default
!
!
!
airgroup mdns "disable"
!
airgroup dlna "disable"
!
airgroup location-discovery "enable"
!
!
airgroup active-wireless-discovery "disable"
!
airgroupservice "airplay"
id "_airplay._tcp"
id "_raop._tcp"
id "_appletv-v2._tcp"
description "AirPlay"
!
airgroupservice "airprint"
id "_ipp._tcp"
id "_pdl-datastream._tcp"
id "_printer._tcp"
id "_scanner._tcp"
id "_http._tcp"
id "_http-alt._tcp"
id "_ipp-tls._tcp"
id "_fax-ipp._tcp"
id "_riousbprint._tcp"
id "_ica-networking._tcp"
id "_ptp._tcp"
id "_canon-bjnp1._tcp"
id "_ipps._tcp"
id "_ica-networking2._tcp"
id "_universal._sub._ipp._tcp"
id "_universal._sub._ipps._tcp"
id "_printer._sub._http._tcp"
id "_cups._sub._ipp._tcp"
id "_cups._sub._fax-ipp._tcp"
description "AirPrint"
!
airgroupservice "itunes"
id "_home-sharing._tcp"
id "_apple-mobdev._tcp"
id "_daap._tcp"
id "_dacp._tcp"
description "iTunes"
!
airgroupservice "remotemgmt"
id "_ssh._tcp"
id "_sftp-ssh._tcp"
id "_ftp._tcp"
id "_telnet._tcp"
id "_rfb._tcp"
id "_net-assistant._tcp"
description "Remote management"
!
airgroupservice "sharing"
id "_odisk._tcp"
id "_afpovertcp._tcp"
id "_xgrid._tcp"
description "Sharing"
!
airgroupservice "chat"
id "_presence._tcp"
description "Chat"
!
airgroupservice "googlecast"
id "_googlecast._tcp"
description "GoogleCast supported by Chromecast etc"
!
airgroupservice "AmazonTV"
id "_amzn-wplay._tcp"
description "Amazon fire tv"
!
airgroupservice "DIAL"
id "urn:dial-multiscreen-org:service:dial:1"
id "urn:dial-multiscreen-org:device:dial:1"
description "DIAL supported by Chromecast, FireTV, Roku etc"
!
airgroupservice "DLNA Media"
id "urn:schemas-upnp-org:device:MediaServer:1"
id "urn:schemas-upnp-org:device:MediaServer:2"
id "urn:schemas-upnp-org:device:MediaServer:3"
id "urn:schemas-upnp-org:device:MediaServer:4"
id "urn:schemas-upnp-org:device:MediaRenderer:1"
id "urn:schemas-upnp-org:device:MediaRenderer:2"
id "urn:schemas-upnp-org:device:MediaRenderer:3"
id "urn:schemas-upnp-org:device:MediaPlayer:1"
description "Media"
!
airgroupservice "DLNA Print"
id "urn:schemas-upnp-org:device:Printer:1"
id "urn:schemas-upnp-org:service:PrintBasic:1"
id "urn:schemas-upnp-org:service:PrintEnhanced:1"
description "Print"
!
airgroupservice "allowall"
description "Remaining-Services"
!
airgroup service "airplay" enable
!
airgroup service "airprint" enable
!
airgroup service "itunes" disable
!
airgroup service "remotemgmt" disable
!
airgroup service "sharing" disable
!
airgroup service "chat" disable
!
airgroup service "googlecast" disable
!
airgroup service "AmazonTV" disable
!
airgroup service "DIAL" enable
!
airgroup service "DLNA Media" disable
!
airgroup service "DLNA Print" disable
!
airgroup service "allowall" disable
!
ip igmp
!
ipv6 mld
!
firewall attack-rate grat-arp 50 drop
ipv6 firewall ext-hdr-parse-len 100
!
!
firewall cp
packet-capture-defaults controlpath other
!
ip domain lookup
!
country JP3
aaa rfc-3576-server "172.20.0.152"
key 43ad34e1291c0246fac942f30f00d08526d33f1962eed8c491448f8476438500d41fbcf898bd4360322bbff148f04a1fab639a6983ffae3b20a7b801c9ca623f
!
aaa rfc-3576-server "172.20.0.153"
key 519b31fe256f961742e0c80e133e94ffe9996a503ef7bfff8e0b89a6fb2841e3342706d6f050ead4c625923536f754e56ec9a41e5e30ecb5c6bfd60aa9cadeb3
!
aaa rfc-3576-server "172.21.103.31"
key ba767454313e069f48c41cabd6ea4c0a7af8635f455125b5ef82eaf722a452b9892ba0b0843a7928bd0b7733ec941e1288185e1c2658b6e71481557e63a97fec
!
aaa rfc-3576-server "172.21.131.84"
key 631d6d139fd4315b24553ed02fa23bab04c1e2bedcefd3129e569d74a54f78aea3f988e2e0107f37eb4bfe3be06077cd8fd8b97eb619c2ee65dbb96b16025f18
!
aaa authentication mac "auth-MAC"
delimiter colon
case upper
!
aaa authentication mac "auth-MAC-CPPM"
!
aaa authentication mac "auth-Sysmex_RD_thermo-MAC"
!
aaa authentication mac "auth-TPRD06LAB-thermo-MAC"
!
aaa authentication mac "default"
!
aaa authentication dot1x "auth-PEAP"
reauthentication
!
aaa authentication dot1x "auth-TLS"
reauthentication
!
aaa authentication dot1x "default"
!
aaa authentication-server radius "SCPACS01"
host "172.21.131.83"
key 381416688800b9559e0ef5f74de70ce84b655c820f5fdc2b3d1418bb045b4b4e7e6a9690fbc8b0d1301a4acb9b800c0f1bd7225a5c5ce09d54ff4aae34075a3d
retransmit 2
!
aaa authentication-server radius "SCPACS02"
host "172.20.0.151"
key f349e349e4c637671aafcd0e5719cc09982b498748d2ffba0a0310030f8e90e4bd2aaeed8265be97f34c19779bcacd966c2bb0a989037bfb3734284bc329a4b3
retransmit 2
!
aaa authentication-server radius "SCPACS03"
host "172.21.103.30"
key 8c3a90bf2aff733806745df063992ad632619164cdc595f46d64a5a14ab80b9686a50abad3ce021650a4187b8adae4420404243b97be1b3ad0f8968c9a5d77ae
retransmit 2
!
aaa authentication-server radius "SCPACS04"
host "172.18.79.104"
key e2a45315317fd381ed21c30b66c566603a246740e01f40152dda6eb481de1b058f5cabc99fe703398a38b7114a56be224886ac415d90ed9177308ceae1e5181e
retransmit 2
!
aaa authentication-server radius "SCPAMIGO01"
host "172.21.128.23"
key 920b7b8c55dd62456741f56f2d9ab33ded48572fa5939515cb124a167b4f212c48d65f1e3f22918c8ca88ce4d9506a66c94cd527f7141ac2a328616c2f90d8ac
retransmit 2
!
aaa authentication-server radius "SCPAMIGO02"
host "172.20.0.152"
key 0d40a2c540d68cbbce1b59b87aa310926d9af94f36e965a8d395687f98139d5ceb595d3eeae0be0e79d3a54e8b2ba1bb31eaccb887528c88e68e71086db9d21e
retransmit 2
!
aaa authentication-server radius "SCPAMIGO03"
host "172.21.103.31"
key d5b639b02e081bf25dcfc2c7655d24755d506bc4b77bc4d35b1e70eb6eaa3eb5480f64ff5750f5ce1e4491e8abc18953e8816962ef2c539051f04822b2a6dfbf
retransmit 2
!
aaa authentication-server radius "SCPCPass01"
host "172.21.131.84"
key 891f697cb52b246a16133d016f527ec9737eec01182025083ccd67fe716e141ca1f785461fbc287398a12b083ede5093f65430b790ab68b85d5a68c61b178e0f
retransmit 2
!
aaa authentication-server radius "SCPCPass02"
host "172.20.0.153"
key 88f1374a121de0f87c3168989d977258da2c33b36e9be64fbb7f6dc51e48bd1ef72270022e2702f85c6b5e2dc9117e7fdaa508e819dfcdfb996c7aee81e031d3
retransmit 2
!
aaa authentication-server radius "SCPCPass03"
host "172.21.103.31"
key 8e56d36ce2f0e797ae9a495b0db3792d07e1b4d0285be0066f647f2187a9c138c0d19f925abcac49170b626cd443ebe260363af00052b298212530c0cae0c90a
retransmit 2
!
# Radiusサーバを使わずに内部DBにユーザー名とパスワードを設定して認証時に参照するように設定。
aaa server-group "default"
auth-server Internal
set role condition User-Name equals "motoyama" set-value logon
set role condition Password equals "z5h3692" set-value logon
set role condition role value-of
!
aaa server-group "local"
auth-server Internal
!
aaa server-group "svg-PC-PEAP"
auth-server SCPACS01
auth-server SCPACS03
!
aaa server-group "svg-Tablet-CPPM"
auth-server SCPCPass01
auth-server SCPCPass03
!
aaa server-group "svg-Tablet-TLS"
auth-server SCPAMIGO02
!
aaa profile "aaa-Collabo-GUEST-CP"
initial-role "collabo-cp-logon"
authentication-dot1x "default"
!
aaa profile "aaa-GUEST-CP"
initial-role "guest-cp-logon"
authentication-dot1x "default"
!
aaa profile "aaa-PC-PEAP"
authentication-dot1x "auth-PEAP"
dot1x-default-role "pc-peap-ok"
dot1x-server-group "svg-PC-PEAP"
!
aaa profile "aaa-Sysmex_RD_thermo"
initial-role "mac-ng"
authentication-mac "auth-Sysmex_RD_thermo-MAC"
mac-default-role "thermo-mak-ok"
mac-server-group "local"
authentication-dot1x "default"
!
aaa profile "aaa-Tablet-CP"
initial-role "mac-ng"
authentication-mac "auth-MAC-CPPM"
mac-default-role "tablet-cp-logon"
mac-server-group "svg-Tablet-CPPM"
authentication-dot1x "default"
!
aaa profile "aaa-Tablet-TLS"
authentication-mac "auth-MAC"
mac-default-role "tablet-cp-logon"
mac-server-group "svg-Tablet-TLS"
authentication-dot1x "auth-TLS"
dot1x-default-role "tablet-tls-ok"
dot1x-server-group "svg-Tablet-TLS"
radius-accounting "svg-Tablet-TLS"
radius-interim-accounting
rfc-3576-server "172.20.0.152"
!
aaa profile "aaa-Tablet-TLS-CPPM"
authentication-mac "auth-MAC-CPPM"
mac-default-role "tablet-cp-logon"
mac-server-group "svg-Tablet-CPPM"
authentication-dot1x "auth-TLS"
dot1x-default-role "tablet-tls-ok"
dot1x-server-group "svg-Tablet-CPPM"
radius-accounting "svg-Tablet-CPPM"
radius-interim-accounting
rfc-3576-server "172.20.0.153"
rfc-3576-server "172.21.103.31"
rfc-3576-server "172.21.131.84"
!
aaa profile "aaa-TPRD06LAB-thermo"
initial-role "mac-ng"
authentication-mac "auth-TPRD06LAB-thermo-MAC"
mac-default-role "thermo-mak-ok"
mac-server-group "local"
authentication-dot1x "default"
!
aaa profile "aaa-Visitor-PSK"
initial-role "visitor-psk-ok"
authentication-dot1x "default"
!
aaa profile "aaa-WEB"
authentication-dot1x "default"
!
aaa profile "default"
!
aaa authentication captive-portal "auth-cp"
default-role "logon"
!
aaa authentication captive-portal "cp-Collabo-GUEST-Pub"
default-role "collabo-cp-ok"
server-group "svg-Tablet-CPPM"
!
aaa authentication captive-portal "cp-Collabo-GUEST-Sub"
default-role "collabo-cp-ok"
server-group "svg-Tablet-CPPM"
!
#
aaa authentication captive-portal "cp-GUEST"
default-role "guest-cp-ok"
server-group "local"
!
aaa authentication captive-portal "cp-Tablet"
default-role "tablet-cp-ok"
login-page "http://tablet.aruba.sysmex.co.jp/guest/landing.php/welcome.php"
!
# 認証に成功したユーザに割当てられるDefault Roleに「authenticated」を選択。
参照するサーバーは内部DBを指定。
aaa authentication captive-portal "default"
default-role "authenticated"
server-group "local"
!
aaa authentication wispr "default"
!
aaa authentication vpn "default"
!
aaa authentication vpn "default-rap"
!
aaa authentication mgmt
server-group "internal"
!
aaa authentication stateful-ntlm "default"
!
aaa authentication stateful-kerberos "default"
!
aaa authentication stateful-dot1x
!
aaa authentication wired
!
web-server profile
switch-cert "guest"
captive-portal-cert "guest"
!
guest-access-email
!
voice logging
!
voice dialplan-profile "default"
!
app skype4b traffic-control "default"
!
voice real-time-config
!
voice sip
!
aaa password-policy mgmt
!
control-plane-security
no cpsec-enable
!
ids management-profile
!
ids wms-general-profile
poll-retries 3
!
ids wms-local-system-profile
!
ids ap-rule-matching
!
valid-network-oui-profile
!
upgrade-profile
!
license profile
!
activate-service-whitelist
!
file syncing profile
!
papi-security
!
ifmap cppm
!
pan profile "default"
!
pan-options
!
pan active-profile
!
ap system-profile "aps-Local-Boot"
lms-ip 172.21.191.8
bkup-lms-ip 172.21.191.7
lms-preemption
shell-passwd 72db0e4b66462251c852869d80b49d44dccf7034814ac50b
bkup-passwords 2992bb389cc0e3d3ddbbcd2119d1772ff201615c40d4d5c2
!
ap system-profile "aps-Master-Boot"
lms-ip 172.21.191.7
bkup-lms-ip 172.21.191.8
lms-preemption
shell-passwd d2e827d1c99ccfc7d690904bb717b838da2d80fdfa394a90
bkup-passwords befca1fdc8332cad3c0609fa5be07e1cb8ff785018d4d46b
!
ap system-profile "default"
shell-passwd 35234af517990b38569d17367bf28ef535e91682f9e85c9d
bkup-passwords 3024d03fa7a1821852e4d6a837bbcc79ea61fae18e0397e3
!
ap regulatory-domain-profile "aprd-11ch-W56-dis"
country-code JP3
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 52
valid-11a-channel 56
valid-11a-channel 60
valid-11a-channel 64
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 52-56
valid-11a-40mhz-channel-pair 60-64
!
ap regulatory-domain-profile "aprd-1ch-W56-dis"
country-code JP3
valid-11g-channel 1
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 52
valid-11a-channel 56
valid-11a-channel 60
valid-11a-channel 64
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 52-56
valid-11a-40mhz-channel-pair 60-64
!
ap regulatory-domain-profile "aprd-6ch-W56-dis"
country-code JP3
valid-11g-channel 6
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 52
valid-11a-channel 56
valid-11a-channel 60
valid-11a-channel 64
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 52-56
valid-11a-40mhz-channel-pair 60-64
!
ap regulatory-domain-profile "aprd-W56-dis"
country-code JP3
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 52
valid-11a-channel 56
valid-11a-channel 60
valid-11a-channel 64
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 52-56
valid-11a-40mhz-channel-pair 60-64
valid-11a-80mhz-channel-group 36-48
valid-11a-80mhz-channel-group 52-64
!
ap regulatory-domain-profile "default"
country-code JP3
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 52
valid-11a-channel 56
valid-11a-channel 60
valid-11a-channel 64
valid-11a-channel 100
valid-11a-channel 104
valid-11a-channel 108
valid-11a-channel 112
valid-11a-channel 116
valid-11a-channel 120
valid-11a-channel 124
valid-11a-channel 128
valid-11a-channel 132
valid-11a-channel 136
valid-11a-channel 140
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 52-56
valid-11a-40mhz-channel-pair 60-64
valid-11a-40mhz-channel-pair 100-104
valid-11a-40mhz-channel-pair 108-112
valid-11a-40mhz-channel-pair 116-120
valid-11a-40mhz-channel-pair 124-128
valid-11a-40mhz-channel-pair 132-136
!
ap wired-ap-profile "default"
!
ap enet-link-profile "default"
!
ap mesh-ht-ssid-profile "default"
!
ap lldp med-network-policy-profile "default"
!
ap mesh-cluster-profile "default"
!
ap lldp profile "default"
!
ap mesh-radio-profile "default"
!
ap wired-port-profile "default"
aaa-profile "default"
!
ids general-profile "default"
!
ids rate-thresholds-profile "default"
!
ids signature-profile "default"
!
ids impersonation-profile "default"
!
ids unauthorized-device-profile "default"
!
ids signature-matching-profile "default"
signature "Deauth-Broadcast"
signature "Disassoc-Broadcast"
!
ids dos-profile "default"
!
ids profile "default"
!
rf arm-profile "arm-maintain"
assignment maintain
no scanning
!
rf arm-profile "arm-scan"
!
rf arm-profile "arm-Tx-EIRP-12"
max-tx-power 12
min-tx-power 12
!
rf arm-profile "arm-Tx-EIRP-15"
max-tx-power 15
min-tx-power 15
!
rf arm-profile "arm-Tx-EIRP-6"
max-tx-power 6
min-tx-power 6
!
rf arm-profile "arm-Tx-EIRP-9"
max-tx-power 9
!
rf arm-profile "arm-Tx-EIRP-MAX"
min-tx-power 127
!
rf arm-profile "default-a"
max-tx-power 18
min-tx-power 12
!
rf arm-profile "default-g"
max-tx-power 9
min-tx-power 6
free-channel-index 40
!
rf optimization-profile "default"
!
rf event-thresholds-profile "default"
!
rf am-scan-profile "default"
!
rf dot11a-radio-profile "11a-dis"
no radio-enable
!
rf dot11a-radio-profile "11a-n-Tx-EIRP-12"
arm-profile "arm-Tx-EIRP-12"
!
rf dot11a-radio-profile "11a-n-Tx-EIRP-15"
arm-profile "arm-Tx-EIRP-15"
!
rf dot11a-radio-profile "11a-n-Tx-EIRP-6"
arm-profile "arm-Tx-EIRP-6"
!
rf dot11a-radio-profile "11a-n-Tx-EIRP-9"
arm-profile "arm-Tx-EIRP-9"
!
rf dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
arm-profile "arm-Tx-EIRP-MAX"
!
rf dot11a-radio-profile "default"
!
rf dot11a-radio-profile "rp-maintain-a"
arm-profile "arm-maintain"
!
rf dot11a-radio-profile "rp-monitor-a"
mode am-mode
!
rf dot11a-radio-profile "rp-scan-a"
arm-profile "arm-scan"
!
rf dot11g-radio-profile "11g-dis"
no radio-enable
!
rf dot11g-radio-profile "11g-n-Tx-EIRP-12"
arm-profile "arm-Tx-EIRP-12"
!
rf dot11g-radio-profile "11g-n-Tx-EIRP-15"
arm-profile "arm-Tx-EIRP-15"
!
rf dot11g-radio-profile "11g-n-Tx-EIRP-6"
arm-profile "arm-Tx-EIRP-6"
!
rf dot11g-radio-profile "11g-n-Tx-EIRP-9"
arm-profile "arm-Tx-EIRP-9"
!
rf dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
arm-profile "arm-Tx-EIRP-MAX"
!
rf dot11g-radio-profile "default"
!
rf dot11g-radio-profile "rp-maintain-g"
arm-profile "arm-maintain"
!
rf dot11g-radio-profile "rp-monitor-g"
mode am-mode
!
rf dot11g-radio-profile "rp-scan-g"
arm-profile "arm-scan"
!
wlan handover-trigger-profile "default"
!
wlan rrm-ie-profile "default"
!
wlan bcn-rpt-req-profile "default"
!
wlan dot11r-profile "default"
!
wlan tsm-req-profile "default"
!
wlan voip-cac-profile "default"
!
wlan ht-ssid-profile "default"
!
wlan hotspot anqp-venue-name-profile "default"
!
wlan hotspot anqp-nwk-auth-profile "default"
!
wlan hotspot anqp-roam-cons-profile "default"
!
wlan hotspot anqp-nai-realm-profile "default"
!
wlan hotspot anqp-3gpp-nwk-profile "default"
!
wlan hotspot h2qp-operator-friendly-name-profile "default"
!
wlan hotspot h2qp-wan-metrics-profile "default"
!
wlan hotspot h2qp-conn-capability-profile "default"
!
wlan hotspot h2qp-op-cl-profile "default"
!
wlan hotspot anqp-ip-addr-avail-profile "default"
!
wlan hotspot anqp-domain-name-profile "default"
!
wlan edca-parameters-profile station "default"
!
wlan edca-parameters-profile ap "default"
!
wlan dot11k-profile "default"
!
wlan ssid-profile "default"
wmm-vo-dscp "56"
wmm-vi-dscp "40"
wmm-be-dscp "24"
wmm-bk-dscp "8"
!
wlan ssid-profile "ssid-Collabo-GUEST-CP"
essid "Sysmex_OpenLab"
opmode wpa-psk-aes wpa2-psk-aes
hide-ssid
deny-bcast
wpa-passphrase d2479c2aa74bb688650c2c2fc681d19289ba30922a0c1f9c
!
wlan ssid-profile "ssid-GUEST-CP"
essid "Sysmex_WLAN_guest%Area"
opmode wpa-psk-aes wpa2-psk-aes
wmm-vo-dscp "56"
wmm-vi-dscp "40"
wmm-be-dscp "24"
wmm-bk-dscp "8"
hide-ssid
deny-bcast
wpa-passphrase b6a975dae6d93f75d33faca4f5386e926ad5df69509e40fd
!
wlan ssid-profile "ssid-PC-PEAP"
essid "Sysmex_W%LAN_com%Area"
opmode wpa-aes wpa2-aes
wmm-vo-dscp "56"
wmm-vi-dscp "40"
wmm-be-dscp "24"
wmm-bk-dscp "8"
hide-ssid
deny-bcast
!
wlan ssid-profile "ssid-RDA06LAB-thermo-MAC"
essid "Sysmex_RD_6FLAB_thermo"
opmode wpa2-psk-aes
hide-ssid
deny-bcast
wpa-passphrase 17a73a19b9e569f9db435d310ae69575e0f4002e41605a10
!
wlan ssid-profile "ssid-Sysmex_RD_thermo"
essid "Sysmex_RD_thermo"
opmode wpa2-psk-aes
hide-ssid
deny-bcast
wpa-passphrase b3c9fdc445f3765cfa934c3e0bd6ac485cc630c261a5bbfb9573353193fb3896399620bd70f0967bed797a6274d81591243364414b946ee70018eee803c2f90b
!
wlan ssid-profile "ssid-Tablet-CP"
essid "Sysmex_tablet"
opmode wpa-psk-aes wpa2-psk-aes
wmm-vo-dscp "56"
wmm-vi-dscp "40"
wmm-be-dscp "24"
wmm-bk-dscp "8"
hide-ssid
deny-bcast
wpa-passphrase effea972e8a4d732778299787ba442e9b7edac3e789ea684e3f27638ad6388ff2cb66db6a4a903f10e2628290cb216d392421154c0264b10bdac4f67ae675a0d
!
wlan ssid-profile "ssid-Tablet-TLS"
essid "Sysmex_WLAN_tablet%Area"
opmode wpa-aes wpa2-aes
wmm-vo-dscp "56"
wmm-vi-dscp "40"
wmm-be-dscp "24"
wmm-bk-dscp "8"
hide-ssid
deny-bcast
!
wlan ssid-profile "ssid-Tablet-TLS-CPPM"
essid "Sysmex_WLAN_tab%Area"
opmode wpa-aes wpa2-aes
wmm-vo-dscp "56"
wmm-vi-dscp "40"
wmm-be-dscp "24"
wmm-bk-dscp "8"
hide-ssid
deny-bcast
!
wlan ssid-profile "ssid-Visitor-PSK"
essid "SCP-Guest"
opmode wpa-psk-aes wpa2-psk-aes
wpa-passphrase 7e32ac1fe18ed729a9b43f3507467a65ae3d086a31c109a7
!
wlan ssid-profile "ssid-WEB"
essid "WEB"
opmode wpa2-psk-aes
wmm-vo-dscp "56"
wmm-vi-dscp "40"
wmm-be-dscp "24"
wmm-bk-dscp "8"
wpa-passphrase ed88e576d4911e97904d3aec7b6c2cd162ea31e6da07ade1
!
wlan hotspot advertisement-profile "default"
!
wlan hotspot hs2-profile "default"
!
wlan virtual-ap "default"
!
wlan virtual-ap "vap-Collabo-GUEST-CP"
aaa-profile "aaa-Collabo-GUEST-CP"
ssid-profile "ssid-Collabo-GUEST-CP"
vlan 157
!
wlan virtual-ap "vap-GUEST-CP"
aaa-profile "aaa-GUEST-CP"
ssid-profile "ssid-GUEST-CP"
vlan 244
!
wlan virtual-ap "vap-PC-PEAP"
aaa-profile "aaa-PC-PEAP"
ssid-profile "ssid-PC-PEAP"
vlan 244
!
wlan virtual-ap "vap-Sysmex_RD_thermo-MAC"
aaa-profile "aaa-Sysmex_RD_thermo"
ssid-profile "ssid-Sysmex_RD_thermo"
vlan 190
!
wlan virtual-ap "vap-Tablet-CP"
aaa-profile "aaa-Tablet-CP"
ssid-profile "ssid-Tablet-CP"
vlan 248
!
wlan virtual-ap "vap-Tablet-TLS"
aaa-profile "aaa-Tablet-TLS"
ssid-profile "ssid-Tablet-TLS"
vlan 248
!
wlan virtual-ap "vap-Tablet-TLS-CPPM"
aaa-profile "aaa-Tablet-TLS-CPPM"
ssid-profile "ssid-Tablet-TLS-CPPM"
vlan 248
!
wlan virtual-ap "vap-thermo-MAC"
aaa-profile "aaa-TPRD06LAB-thermo"
ssid-profile "ssid-RDA06LAB-thermo-MAC"
vlan 156
!
wlan virtual-ap "vap-Visitor-PSK"
aaa-profile "aaa-Visitor-PSK"
ssid-profile "ssid-Visitor-PSK"
vlan 1183
!
wlan virtual-ap "vap-WEB"
aaa-profile "aaa-WEB"
ssid-profile "ssid-WEB"
vlan 248
!
ap provisioning-profile "default"
!
rf arm-rf-domain-profile
arm-rf-domain-key "a70e4c33acfa0ec2c058e76d0531bd28"
!
ap spectrum local-override
!
ap-lacp-striping-ip
!
ap general-profile
!
ap-group "apg-CMA02"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
ap-system-profile "aps-Master-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-COA01"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-9"
dot11g-radio-profile "11g-n-Tx-EIRP-9"
ap-system-profile "aps-Local-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-COA02"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-9"
dot11g-radio-profile "11g-n-Tx-EIRP-9"
ap-system-profile "aps-Local-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-COA03"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
ap-system-profile "aps-Local-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-RDA01"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
ap-system-profile "aps-Master-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-RDA02"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-6"
dot11g-radio-profile "11g-n-Tx-EIRP-6"
ap-system-profile "aps-Master-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-RDA04"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-6"
dot11g-radio-profile "11g-n-Tx-EIRP-6"
ap-system-profile "aps-Master-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-RDA05"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-6"
dot11g-radio-profile "11g-n-Tx-EIRP-6"
ap-system-profile "aps-Master-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-RDA06"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-6"
dot11g-radio-profile "11g-n-Tx-EIRP-6"
ap-system-profile "aps-Master-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-RDA06LAB-thermo"
virtual-ap "vap-thermo-MAC"
dot11a-radio-profile "11a-n-Tx-EIRP-12"
dot11g-radio-profile "11g-n-Tx-EIRP-12"
ap-system-profile "aps-Master-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-RDA07"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-12"
dot11g-radio-profile "11g-n-Tx-EIRP-12"
ap-system-profile "aps-Master-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-RDA08"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-12"
dot11g-radio-profile "11g-n-Tx-EIRP-12"
ap-system-profile "aps-Master-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-RDA09"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-6"
dot11g-radio-profile "11g-n-Tx-EIRP-6"
ap-system-profile "aps-Master-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-RDA10"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
ap-system-profile "aps-Master-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-RDALAB-thermo"
virtual-ap "vap-Sysmex_RD_thermo-MAC"
dot11a-radio-profile "11a-n-Tx-EIRP-6"
dot11g-radio-profile "11g-n-Tx-EIRP-6"
ap-system-profile "aps-Master-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-WCA01"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-15"
dot11g-radio-profile "11g-n-Tx-EIRP-15"
ap-system-profile "aps-Local-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-WCA02"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
ap-system-profile "aps-Local-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-WCA03"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-12"
dot11g-radio-profile "11g-n-Tx-EIRP-12"
ap-system-profile "aps-Local-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-WCA04"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
ap-system-profile "aps-Local-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "apg-WCA05"
virtual-ap "vap-PC-PEAP"
virtual-ap "vap-Tablet-TLS"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-GUEST-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
virtual-ap "vap-Collabo-GUEST-CP"
virtual-ap "vap-Visitor-PSK"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
ap-system-profile "aps-Local-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-group "default"
!
ap-name "CO_AP_A0104"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
!
ap-name "CO_AP_A0105"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
!
ap-name "CO_AP_A0106"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
!
ap-name "CO_AP_A0203"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
!
ap-name "CO_AP_A0206"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
!
ap-name "RD_AP_A0103"
dot11a-radio-profile "11a-n-Tx-EIRP-6"
dot11g-radio-profile "11g-n-Tx-EIRP-6"
regulatory-domain-profile "aprd-1ch-W56-dis"
!
ap-name "RD_AP_A0104"
dot11a-radio-profile "11a-n-Tx-EIRP-6"
dot11g-radio-profile "11g-dis"
regulatory-domain-profile "aprd-W56-dis"
!
ap-name "RD_AP_A0105"
dot11a-radio-profile "11a-n-Tx-EIRP-6"
dot11g-radio-profile "11g-n-Tx-EIRP-6"
regulatory-domain-profile "aprd-6ch-W56-dis"
!
ap-name "RD_AP_A0106"
dot11a-radio-profile "11a-n-Tx-EIRP-6"
dot11g-radio-profile "11g-n-Tx-EIRP-6"
regulatory-domain-profile "aprd-11ch-W56-dis"
!
ap-name "RD_AP_A0204"
dot11a-radio-profile "11a-n-Tx-EIRP-9"
dot11g-radio-profile "11g-n-Tx-EIRP-9"
!
ap-name "RD_AP_A0705"
dot11a-radio-profile "11a-n-Tx-EIRP-9"
dot11g-radio-profile "11g-n-Tx-EIRP-9"
!
ap-name "RD_AP_A0706"
dot11a-radio-profile "11a-n-Tx-EIRP-9"
dot11g-radio-profile "11g-n-Tx-EIRP-9"
!
ap-name "RD_APTEST"
virtual-ap "vap-Tablet-CP"
virtual-ap "vap-Tablet-TLS-CPPM"
dot11a-radio-profile "11a-n-Tx-EIRP-6"
dot11g-radio-profile "11g-n-Tx-EIRP-6"
ap-system-profile "aps-Master-Boot"
regulatory-domain-profile "aprd-W56-dis"
!
ap-name "WC_AP_A0104"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
!
ap-name "WC_AP_A0105"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
!
ap-name "WC_AP_A0106"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
!
ap-name "WC_AP_A0107"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
!
ap-name "WC_AP_A0108"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
!
ap-name "WC_AP_A0109"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
!
ap-name "WC_AP_A0110"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
!
ap-name "WC_AP_A0111"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
!
ap-name "WC_AP_A0305"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
!
ap-name "WC_AP_A0306"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
!
ap-name "WC_AP_A0307"
dot11a-radio-profile "11a-n-Tx-EIRP-MAX"
dot11g-radio-profile "11g-n-Tx-EIRP-MAX"
!
airgroup cppm-server aaa
!
logging level warnings security subcat ids
logging level warnings security subcat ids-ap
snmp-server enable trap
snmp-server trap source 0.0.0.0
snmp-server trap disable wlsxAdhocNetwork
snmp-server trap disable wlsxAdhocNetworkBridgeDetectedAP
snmp-server trap disable wlsxAdhocNetworkBridgeDetectedSta
snmp-server trap disable wlsxAdhocUsingValidSSID
snmp-server trap disable wlsxAuthMaxAclEntries
snmp-server trap disable wlsxAuthMaxBWContracts
snmp-server trap disable wlsxAuthMaxUserEntries
snmp-server trap disable wlsxAuthServerIsUp
snmp-server trap disable wlsxAuthServerReqTimedOut
snmp-server trap disable wlsxAuthServerTimedOut
snmp-server trap disable wlsxChannelChanged
snmp-server trap disable wlsxCoverageHoleDetected
snmp-server trap disable wlsxDBCommunicationFailure
snmp-server trap disable wlsxDisconnectStationAttack
snmp-server trap disable wlsxESIServerDown
snmp-server trap disable wlsxESIServerUp
snmp-server trap disable wlsxFanFailure
snmp-server trap disable wlsxFanTrayInserted
snmp-server trap disable wlsxFanTrayRemoved
snmp-server trap disable wlsxGBICInserted
snmp-server trap disable wlsxIpSpoofingDetected
snmp-server trap disable wlsxLCInserted
snmp-server trap disable wlsxLCRemoved
snmp-server trap disable wlsxLicenseExpiry
snmp-server trap disable wlsxLowMemory
snmp-server trap disable wlsxLowOnFlashSpace
snmp-server trap disable wlsxOutOfRangeTemperature
snmp-server trap disable wlsxOutOfRangeVoltage
snmp-server trap disable wlsxPowerSupplyFailure
snmp-server trap disable wlsxPowerSupplyMissing
snmp-server trap disable wlsxProcessDied
snmp-server trap disable wlsxProcessExceedsMemoryLimits
snmp-server trap disable wlsxSCInserted
snmp-server trap disable wlsxSignatureMatch
snmp-server trap disable wlsxStaUnAssociatedFromUnsecureAP
snmp-server trap disable wlsxStationAddedToBlackList
snmp-server trap disable wlsxStationRemovedFromBlackList
snmp-server trap disable wlsxSwitchIPChanged
snmp-server trap disable wlsxSwitchRoleChange
snmp-server trap disable wlsxUserAuthenticationFailed
snmp-server trap disable wlsxUserEntryAuthenticated
snmp-server trap disable wlsxUserEntryChanged
snmp-server trap disable wlsxUserEntryCreated
snmp-server trap disable wlsxUserEntryDeAuthenticated
snmp-server trap disable wlsxUserEntryDeleted
snmp-server trap disable wlsxVrrpStateChange
firewall-visibility
process monitor log
ip probe default
mode Ping
frequency 10
retries 3
burst-size 5
!
end
(RD_WS_A0102) #