If I log into my 4740's web GUI, can it display my current WAP license limit?
Planning to add more WAP's but I want to ensure I have enough licenses to do so. Is there a way to view this information inside the wireless controller?
OAW 4704 License limit?
Re: OAW 4704 License limit?
Going to Configuration -> Licenses
There you can see your current installed Licenses and your actual used Licences.
AFAIK a 4704 supports a maximum of 128 Campus APs and 512 Remote APs.
There you can see your current installed Licenses and your actual used Licences.
AFAIK a 4704 supports a maximum of 128 Campus APs and 512 Remote APs.
-
Adérito Maria
- Member
- Posts: 7
- Joined: 18 Mar 2015 08:09
- Location: Angola
- Contact:
Ominiaccess wireless controller 4010
How can i install the license in Ominiaccess wireless controller 4010 (with the OAW AP103)
here are the configuration
# (MUTUYAKEVELA) #show running-config
Building Configuration...
version 6.4
enable secret "******"
enable bypass
telnet cli
loginsession timeout 0
hostname "MUTUYAKEVELA"
clock timezone PST -8
!
masterip 192.168.20.254 ipsec ******
location "Building1.floor1"
controller config 0
ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0
ip access-list eth validuserethacl
permit any
!
netservice svc-ipp-tcp tcp 631
netservice svc-dhcp udp 67 68 alg dhcp
netservice svc-citrix tcp 2598
netservice svc-tftp udp 69 alg tftp
netservice svc-netbios-ssn tcp 139
netservice svc-pcoip-udp udp 50002
netservice svc-papi udp 8211
netservice svc-natt udp 4500
netservice svc-ica tcp 1494
netservice web tcp list "80 443"
netservice svc-smtp tcp 25
netservice svc-msrpc-udp udp 135 139
netservice svc-msrpc-tcp tcp 135 139
netservice svc-syslog udp 514
netservice svc-microsoft-ds tcp 445
netservice svc-lpd tcp 515
netservice svc-cfgm-tcp tcp 8211
netservice svc-http-proxy2 tcp 8080
netservice vnc tcp 5900 5905
netservice svc-telnet tcp 23
netservice svc-bootp udp 67 69
netservice svc-sccp tcp 2000 alg sccp
netservice svc-h323-udp udp 1718 1719
netservice svc-http tcp 80
netservice svc-ipp-udp udp 631
netservice svc-vmware-rdp tcp 3389
netservice svc-esp 50
netservice svc-vocera udp 5002 alg vocera
netservice svc-noe-oxo udp 5000 alg noe
netservice svc-http-proxy1 tcp 3128
netservice svc-sec-papi udp 8209
netservice svc-gre 47
netservice svc-rtsp tcp 554 alg rtsp
netservice svc-l2tp udp 1701
netservice svc-svp 119 alg svp
netservice svc-snmp udp 161
netservice svc-pptp tcp 1723
netservice svc-sip-tcp tcp 5060
netservice svc-icmp 1
netservice svc-smb-tcp tcp 445
netservice svc-ssh tcp 22
netservice svc-v6-icmp 58
netservice svc-pcoip2-tcp tcp 4172
netservice svc-pop3 tcp 110
netservice svc-ntp udp 123
netservice svc-h323-tcp tcp 1720
netservice svc-adp udp 8200
netservice svc-netbios-ns udp 137
netservice svc-v6-dhcp udp 546 547
netservice svc-dns udp 53 alg dns
netservice svc-kerberos udp 88
netservice svc-sip-udp udp 5060
netservice svc-http-proxy3 tcp 8888
netservice svc-netbios-dgm udp 138
netservice svc-sips tcp 5061 alg sips
netservice svc-snmp-trap udp 162
netservice svc-ike udp 500
netservice svc-nterm tcp 1026 1028
netservice svc-noe udp 32512 alg noe
netservice svc-pcoip-tcp tcp 50002
netservice svc-pcoip2-udp udp 4172
netservice svc-ftp tcp 21 alg ftp
netservice svc-smb-udp udp 445
netservice svc-https tcp 443
netexthdr default
!
time-range working-hours periodic
weekday 08:00 to 18:00
!
time-range night-hours periodic
weekday 18:01 to 23:59
weekday 00:00 to 07:59
!
time-range weekend periodic
weekend 00:00 to 23:59
!
ip access-list session svp-acl
!
ip access-list session apprf-stateful-dot1x-sacl
!
ip access-list session logon-control
!
ip access-list session ap-uplink-acl
!
ip access-list session vocera-acl
!
ip access-list session icmp-acl
!
ip access-list session http-acl
!
ip access-list session v6-logon-control
!
ip access-list session v6-http-acl
!
ip access-list session sip-acl
!
ip access-list session tftp-acl
!
ip access-list session citrix-acl
!
ip access-list session vmware-acl
!
ip access-list session srcnat
!
ip access-list session ra-guard
!
ip access-list session global-sacl
!
ip access-list session v6-dhcp-acl
!
ip access-list session cplogout
!
ip access-list session allow-diskservices
!
ip access-list session v6-control
!
ip access-list session vpnlogon
!
ip access-list session apprf-guest-sacl
!
ip access-list session v6-ap-acl
!
ip access-list session v6-icmp-acl
!
ip access-list session v6-allowall
!
ip access-list session validuser
network 127.0.0.0 255.0.0.0 any any deny
network 169.254.0.0 255.255.0.0 any any deny
network 224.0.0.0 240.0.0.0 any any deny
host 255.255.255.255 any any deny
network 240.0.0.0 240.0.0.0 any any deny
any any any permit
ipv6 host fe80:: any any deny
ipv6 network fc00::/7 any any permit
ipv6 network fe80::/64 any any permit
ipv6 alias ipv6-reserved-range any any deny
ipv6 any any any permit
!
ip access-list session captiveportal
!
ip access-list session v6-dns-acl
!
ip access-list session allowall
!
ip access-list session h323-acl
!
ip access-list session dhcp-acl
!
ip access-list session v6-https-acl
!
ip access-list session allow-printservices
!
ip access-list session skinny-acl
!
ip access-list session https-acl
!
ip access-list session ap-acl
!
ip access-list session control
!
ip access-list session captiveportal6
!
ip access-list session noe-acl
!
ip access-list session dns-acl
!
vpn-dialer default-dialer
ike authentication PRE-SHARE ******
!
dot1x high-watermark 70
dot1x low-watermark 66
user-role ap-role
!
user-role stateful-dot1x
access-list session global-sacl
access-list session apprf-stateful-dot1x-sacl
!
user-role guest-logon
!
user-role logon
!
user-role cpbase
!
user-role denyall
!
user-role guest
access-list session global-sacl
access-list session apprf-guest-sacl
!
!
controller-ip vlan 20
no kernel coredump
interface mgmt
!
dialer group evdo_us
init-string ATQ0V1E0
dial-string ATDT#777
!
dialer group gsm_us
init-string AT+CGDCONT=1,"IP","ISP.CINGULAR"
dial-string ATD*99#
!
dialer group gsm_asia
init-string AT+CGDCONT=1,"IP","internet"
dial-string ATD*99***1#
!
dialer group vivo_br
init-string AT+CGDCONT=1,"IP","zap.vivo.com.br"
dial-string ATD*99#
!
vlan 10 "DADOS"
vlan 20 "APs"
vlan 30 "RELÓGIOS"
spanning-tree mode rapid-pvst
spanning-tree vlan 1
!
spanning-tree vlan 10
!
spanning-tree vlan 20
!
spanning-tree vlan 30
!
interface gigabitethernet 0/0/0
description "GE0/0/0"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/1
description "GE0/0/1"
trusted
trusted vlan 1-4094
jumbo
!
interface gigabitethernet 0/0/2
description "GE0/0/2"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/3
description "GE0/0/3"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/4
description "GE0/0/4"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/5
description "GE0/0/5"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/6
description "GE0/0/6"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/7
description "GE0/0/7"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/8
description "GE0/0/8"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/9
description "GE0/0/9"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/10
description "GE0/0/10"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/11
description "GE0/0/11"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/12
description "GE0/0/12"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/13
description "GE0/0/13"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/14
description "GE0/0/14"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/15
description "GE0/0/15"
trusted
trusted vlan 1-4094
jumbo
switchport access vlan 20
!
interface gigabitethernet 0/0/16
description "GE0/0/16"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/17
description "GE0/0/17"
trusted
trusted vlan 1-4094
!
interface vlan 20
ip address 192.168.20.1 255.255.255.0
!
interface vlan 1
ipv6 address 2001::1/64
!
interface vlan 10
ip address 192.168.10.2 255.255.255.0
!
interface vlan 30
ip address 192.168.30.2 255.255.255.0
!
ip default-gateway 192.168.20.254
uplink disable
crypto isakmp policy 20
encryption aes256
!
crypto isakmp policy 10001
!
crypto isakmp policy 10002
encryption aes256
authentication rsa-sig
!
crypto isakmp policy 10003
encryption aes256
!
crypto isakmp policy 10004
version v2
encryption aes256
authentication rsa-sig
!
crypto isakmp policy 10005
encryption aes256
!
crypto isakmp policy 10006
version v2
encryption aes128
authentication rsa-sig
!
crypto isakmp policy 10007
version v2
encryption aes128
!
crypto isakmp policy 10008
version v2
encryption aes128
hash sha2-256-128
group 19
authentication ecdsa-256
prf prf-hmac-sha256
!
crypto isakmp policy 10009
version v2
encryption aes256
hash sha2-384-192
group 20
authentication ecdsa-384
prf prf-hmac-sha384
!
crypto ipsec transform-set default-ha-transform esp-3des esp-sha-hmac
crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac
crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac
crypto dynamic-map default-rap-ipsecmap 10001
version v2
set transform-set "default-gcm256" "default-gcm128" "default-rap-transform"
!
crypto dynamic-map default-dynamicmap 10000
set transform-set "default-transform" "default-aes"
!
crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap
crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap
crypto isakmp eap-passthrough eap-tls
crypto isakmp eap-passthrough eap-peap
crypto isakmp eap-passthrough eap-mschapv2
vpdn group l2tp
!
!
syslocation "LUANDA"
syscontact "MUTUYAKEVELA"
vpdn group pptp
!
tunneled-node-address 0.0.0.0
adp discovery enable
adp igmp-join enable
adp igmp-vlan 0
ap ap-blacklist-time 3600
ap flush-r1-on-new-r0 disable
no ssh mgmt-auth public-key
ssh mgmt-auth username/password
mgmt-user admin root f88f84a0010f845c67dbeeddd7fa0eec5d5a7dc5efe6d72840
no database synchronize
ip mobile domain default
!
!
!
airgroup mdns "disable"
!
airgroup dlna "disable"
!
airgroup location-discovery "enable"
!
!
airgroup active-wireless-discovery "disable"
!
airgroupservice "airplay"
id "_airplay._tcp"
id "_raop._tcp"
id "_appletv-v2._tcp"
description "AirPlay"
!
airgroupservice "airprint"
id "_ipp._tcp"
id "_pdl-datastream._tcp"
id "_printer._tcp"
id "_scanner._tcp"
id "_universal._sub._ipp._tcp"
id "_universal._sub._ipps._tcp"
id "_printer._sub._http._tcp"
id "_http._tcp"
id "_http-alt._tcp"
id "_ipp-tls._tcp"
id "_fax-ipp._tcp"
id "_riousbprint._tcp"
id "_cups._sub._ipp._tcp"
id "_cups._sub._fax-ipp._tcp"
id "_ica-networking._tcp"
id "_ptp._tcp"
id "_canon-bjnp1._tcp"
id "_ipps._tcp"
id "_ica-networking2._tcp"
description "AirPrint"
!
airgroupservice "itunes"
id "_home-sharing._tcp"
id "_apple-mobdev._tcp"
id "_daap._tcp"
id "_dacp._tcp"
description "iTunes"
!
airgroupservice "remotemgmt"
id "_ssh._tcp"
id "_sftp-ssh._tcp"
id "_ftp._tcp"
id "_telnet._tcp"
id "_rfb._tcp"
id "_net-assistant._tcp"
description "Remote management"
!
airgroupservice "sharing"
id "_odisk._tcp"
id "_afpovertcp._tcp"
id "_xgrid._tcp"
description "Sharing"
!
airgroupservice "chat"
id "_presence._tcp"
description "Chat"
!
airgroupservice "googlecast"
id "_googlecast._tcp"
description "GoogleCast supported by Chromecast etc"
!
airgroupservice "DIAL"
id "urn:dial-multiscreen-org:service:dial:1"
id "urn:dial-multiscreen-org:device:dial:1"
description "DIAL supported by Chromecast, FireTV, Roku etc"
!
airgroupservice "DLNA Media"
id "urn:schemas-upnp-org:device:MediaServer:1"
id "urn:schemas-upnp-org:device:MediaServer:2"
id "urn:schemas-upnp-org:device:MediaServer:3"
id "urn:schemas-upnp-org:device:MediaServer:4"
id "urn:schemas-upnp-org:device:MediaRenderer:1"
id "urn:schemas-upnp-org:device:MediaRenderer:2"
id "urn:schemas-upnp-org:device:MediaRenderer:3"
id "urn:schemas-upnp-org:device:MediaPlayer:1"
description "Media"
!
airgroupservice "DLNA Print"
id "urn:schemas-upnp-org:device:Printer:1"
id "urn:schemas-upnp-org:service:PrintBasic:1"
id "urn:schemas-upnp-org:service:PrintEnhanced:1"
description "Print"
!
airgroupservice "allowall"
description "Remaining-Services"
!
airgroup service "airplay" enable
!
airgroup service "airprint" enable
!
airgroup service "itunes" disable
!
airgroup service "remotemgmt" disable
!
airgroup service "sharing" disable
!
airgroup service "chat" disable
!
airgroup service "googlecast" disable
!
airgroup service "DIAL" enable
!
airgroup service "DLNA Media" disable
!
airgroup service "DLNA Print" disable
!
airgroup service "allowall" disable
!
ip igmp
!
ipv6 mld
!
no firewall attack-rate cp 1024
firewall enable ICE-STUN based firewall traversal
firewall attack-rate grat-arp 50 drop
firewall jumbo mtu 9000
ipv6 enable
ipv6 firewall ext-hdr-parse-len 100
!
!
firewall cp
ipv6 permit any proto 17 ports 49170 49200
!
ip domain lookup
!
country PT
aaa authentication mac "default"
!
aaa authentication dot1x "default"
!
aaa server-group "default"
auth-server Internal
set role condition role value-of
!
aaa profile "default"
!
aaa authentication captive-portal "default"
!
aaa authentication wispr "default"
!
aaa authentication vpn "default"
!
aaa authentication vpn "default-rap"
!
aaa authentication mgmt
!
aaa authentication stateful-ntlm "default"
!
aaa authentication stateful-kerberos "default"
!
aaa authentication stateful-dot1x
!
aaa authentication wired
!
web-server profile
session-timeout 3600
!
guest-access-email
!
aaa password-policy mgmt
!
control-plane-security
!
ids wms-general-profile
!
ids wms-local-system-profile
!
valid-network-oui-profile
!
upgrade-profile
!
license profile
!
activate-service-whitelist
!
file syncing profile
!
ifmap cppm
!
pan profile "default"
!
pan active-profile
!
lcd-menu
!
ap system-profile "default"
!
ap regulatory-domain-profile "default"
country-code PT
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 52
valid-11a-channel 56
valid-11a-channel 60
valid-11a-channel 64
valid-11a-channel 100
valid-11a-channel 104
valid-11a-channel 108
valid-11a-channel 112
valid-11a-channel 116
valid-11a-channel 120
valid-11a-channel 124
valid-11a-channel 128
valid-11a-channel 132
valid-11a-channel 136
valid-11a-channel 140
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 52-56
valid-11a-40mhz-channel-pair 60-64
valid-11a-40mhz-channel-pair 100-104
valid-11a-40mhz-channel-pair 108-112
valid-11a-40mhz-channel-pair 116-120
valid-11a-40mhz-channel-pair 124-128
valid-11a-40mhz-channel-pair 132-136
valid-11a-80mhz-channel-group 36-48
valid-11a-80mhz-channel-group 52-64
valid-11a-80mhz-channel-group 100-112
valid-11a-80mhz-channel-group 116-128
!
ap wired-ap-profile "default"
!
ap enet-link-profile "default"
!
ap mesh-ht-ssid-profile "default"
!
ap lldp med-network-policy-profile "default"
!
ap mesh-cluster-profile "default"
!
ap lldp profile "default"
!
ap mesh-radio-profile "default"
!
ap wired-port-profile "default"
!
ids general-profile "default"
!
ids unauthorized-device-profile "default"
!
ids profile "default"
!
rf arm-profile "arm-maintain"
assignment maintain
no scanning
!
rf arm-profile "arm-scan"
!
rf arm-profile "default"
!
rf optimization-profile "default"
!
rf event-thresholds-profile "default"
!
rf am-scan-profile "default"
!
rf dot11a-radio-profile "default"
!
rf dot11a-radio-profile "rp-maintain-a"
arm-profile "arm-maintain"
!
rf dot11a-radio-profile "rp-monitor-a"
mode am-mode
!
rf dot11a-radio-profile "rp-scan-a"
arm-profile "arm-scan"
!
rf dot11g-radio-profile "default"
!
rf dot11g-radio-profile "rp-maintain-g"
arm-profile "arm-maintain"
!
rf dot11g-radio-profile "rp-monitor-g"
mode am-mode
!
rf dot11g-radio-profile "rp-scan-g"
arm-profile "arm-scan"
!
wlan handover-trigger-profile "default"
!
wlan rrm-ie-profile "default"
!
wlan bcn-rpt-req-profile "default"
!
wlan dot11r-profile "default"
!
wlan tsm-req-profile "default"
!
wlan ht-ssid-profile "default"
!
wlan hotspot anqp-venue-name-profile "default"
!
wlan hotspot anqp-nwk-auth-profile "default"
!
wlan hotspot anqp-roam-cons-profile "default"
!
wlan hotspot anqp-nai-realm-profile "default"
!
wlan hotspot anqp-3gpp-nwk-profile "default"
!
wlan hotspot h2qp-operator-friendly-name-profile "default"
!
wlan hotspot h2qp-wan-metrics-profile "default"
!
wlan hotspot h2qp-conn-capability-profile "default"
!
wlan hotspot h2qp-op-cl-profile "default"
!
wlan hotspot anqp-ip-addr-avail-profile "default"
!
wlan hotspot anqp-domain-name-profile "default"
!
wlan dot11k-profile "default"
!
wlan ssid-profile "default"
!
wlan hotspot advertisement-profile "default"
!
wlan hotspot hs2-profile "default"
!
wlan virtual-ap "default"
!
ap provisioning-profile "default"
!
rf arm-rf-domain-profile
arm-rf-domain-key "c667268b629aee67f372d3d48237b537"
!
ap-lacp-striping-ip
!
ap-group "default"
!
airgroup cppm-server aaa
!
logging level warnings security subcat ids
logging level warnings security subcat ids-ap
snmp-server enable trap
snmp-server trap source 0.0.0.0
snmp-server trap disable wlsxAdhocNetwork
snmp-server trap disable wlsxAdhocNetworkBridgeDetectedAP
snmp-server trap disable wlsxAdhocNetworkBridgeDetectedSta
snmp-server trap disable wlsxAdhocUsingValidSSID
snmp-server trap disable wlsxAuthMaxAclEntries
snmp-server trap disable wlsxAuthMaxBWContracts
snmp-server trap disable wlsxAuthMaxUserEntries
snmp-server trap disable wlsxAuthServerIsUp
snmp-server trap disable wlsxAuthServerReqTimedOut
snmp-server trap disable wlsxAuthServerTimedOut
snmp-server trap disable wlsxChannelChanged
snmp-server trap disable wlsxCoverageHoleDetected
snmp-server trap disable wlsxDBCommunicationFailure
snmp-server trap disable wlsxDisconnectStationAttack
snmp-server trap disable wlsxESIServerDown
snmp-server trap disable wlsxESIServerUp
snmp-server trap disable wlsxFanFailure
snmp-server trap disable wlsxFanTrayInserted
snmp-server trap disable wlsxFanTrayRemoved
snmp-server trap disable wlsxGBICInserted
snmp-server trap disable wlsxIpSpoofingDetected
snmp-server trap disable wlsxLCInserted
snmp-server trap disable wlsxLCRemoved
snmp-server trap disable wlsxLicenseExpiry
snmp-server trap disable wlsxLowMemory
snmp-server trap disable wlsxLowOnFlashSpace
snmp-server trap disable wlsxOutOfRangeTemperature
snmp-server trap disable wlsxOutOfRangeVoltage
snmp-server trap disable wlsxPowerSupplyFailure
snmp-server trap disable wlsxPowerSupplyMissing
snmp-server trap disable wlsxProcessDied
snmp-server trap disable wlsxProcessExceedsMemoryLimits
snmp-server trap disable wlsxSCInserted
snmp-server trap disable wlsxSignatureMatch
snmp-server trap disable wlsxStaUnAssociatedFromUnsecureAP
snmp-server trap disable wlsxStationAddedToBlackList
snmp-server trap disable wlsxStationRemovedFromBlackList
snmp-server trap disable wlsxSwitchIPChanged
snmp-server trap disable wlsxSwitchRoleChange
snmp-server trap disable wlsxUserAuthenticationFailed
snmp-server trap disable wlsxUserEntryAuthenticated
snmp-server trap disable wlsxUserEntryChanged
snmp-server trap disable wlsxUserEntryCreated
snmp-server trap disable wlsxUserEntryDeAuthenticated
snmp-server trap disable wlsxUserEntryDeleted
snmp-server trap disable wlsxVrrpStateChange
process monitor log
end
#
here are the configuration
# (MUTUYAKEVELA) #show running-config
Building Configuration...
version 6.4
enable secret "******"
enable bypass
telnet cli
loginsession timeout 0
hostname "MUTUYAKEVELA"
clock timezone PST -8
!
masterip 192.168.20.254 ipsec ******
location "Building1.floor1"
controller config 0
ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0
ip access-list eth validuserethacl
permit any
!
netservice svc-ipp-tcp tcp 631
netservice svc-dhcp udp 67 68 alg dhcp
netservice svc-citrix tcp 2598
netservice svc-tftp udp 69 alg tftp
netservice svc-netbios-ssn tcp 139
netservice svc-pcoip-udp udp 50002
netservice svc-papi udp 8211
netservice svc-natt udp 4500
netservice svc-ica tcp 1494
netservice web tcp list "80 443"
netservice svc-smtp tcp 25
netservice svc-msrpc-udp udp 135 139
netservice svc-msrpc-tcp tcp 135 139
netservice svc-syslog udp 514
netservice svc-microsoft-ds tcp 445
netservice svc-lpd tcp 515
netservice svc-cfgm-tcp tcp 8211
netservice svc-http-proxy2 tcp 8080
netservice vnc tcp 5900 5905
netservice svc-telnet tcp 23
netservice svc-bootp udp 67 69
netservice svc-sccp tcp 2000 alg sccp
netservice svc-h323-udp udp 1718 1719
netservice svc-http tcp 80
netservice svc-ipp-udp udp 631
netservice svc-vmware-rdp tcp 3389
netservice svc-esp 50
netservice svc-vocera udp 5002 alg vocera
netservice svc-noe-oxo udp 5000 alg noe
netservice svc-http-proxy1 tcp 3128
netservice svc-sec-papi udp 8209
netservice svc-gre 47
netservice svc-rtsp tcp 554 alg rtsp
netservice svc-l2tp udp 1701
netservice svc-svp 119 alg svp
netservice svc-snmp udp 161
netservice svc-pptp tcp 1723
netservice svc-sip-tcp tcp 5060
netservice svc-icmp 1
netservice svc-smb-tcp tcp 445
netservice svc-ssh tcp 22
netservice svc-v6-icmp 58
netservice svc-pcoip2-tcp tcp 4172
netservice svc-pop3 tcp 110
netservice svc-ntp udp 123
netservice svc-h323-tcp tcp 1720
netservice svc-adp udp 8200
netservice svc-netbios-ns udp 137
netservice svc-v6-dhcp udp 546 547
netservice svc-dns udp 53 alg dns
netservice svc-kerberos udp 88
netservice svc-sip-udp udp 5060
netservice svc-http-proxy3 tcp 8888
netservice svc-netbios-dgm udp 138
netservice svc-sips tcp 5061 alg sips
netservice svc-snmp-trap udp 162
netservice svc-ike udp 500
netservice svc-nterm tcp 1026 1028
netservice svc-noe udp 32512 alg noe
netservice svc-pcoip-tcp tcp 50002
netservice svc-pcoip2-udp udp 4172
netservice svc-ftp tcp 21 alg ftp
netservice svc-smb-udp udp 445
netservice svc-https tcp 443
netexthdr default
!
time-range working-hours periodic
weekday 08:00 to 18:00
!
time-range night-hours periodic
weekday 18:01 to 23:59
weekday 00:00 to 07:59
!
time-range weekend periodic
weekend 00:00 to 23:59
!
ip access-list session svp-acl
!
ip access-list session apprf-stateful-dot1x-sacl
!
ip access-list session logon-control
!
ip access-list session ap-uplink-acl
!
ip access-list session vocera-acl
!
ip access-list session icmp-acl
!
ip access-list session http-acl
!
ip access-list session v6-logon-control
!
ip access-list session v6-http-acl
!
ip access-list session sip-acl
!
ip access-list session tftp-acl
!
ip access-list session citrix-acl
!
ip access-list session vmware-acl
!
ip access-list session srcnat
!
ip access-list session ra-guard
!
ip access-list session global-sacl
!
ip access-list session v6-dhcp-acl
!
ip access-list session cplogout
!
ip access-list session allow-diskservices
!
ip access-list session v6-control
!
ip access-list session vpnlogon
!
ip access-list session apprf-guest-sacl
!
ip access-list session v6-ap-acl
!
ip access-list session v6-icmp-acl
!
ip access-list session v6-allowall
!
ip access-list session validuser
network 127.0.0.0 255.0.0.0 any any deny
network 169.254.0.0 255.255.0.0 any any deny
network 224.0.0.0 240.0.0.0 any any deny
host 255.255.255.255 any any deny
network 240.0.0.0 240.0.0.0 any any deny
any any any permit
ipv6 host fe80:: any any deny
ipv6 network fc00::/7 any any permit
ipv6 network fe80::/64 any any permit
ipv6 alias ipv6-reserved-range any any deny
ipv6 any any any permit
!
ip access-list session captiveportal
!
ip access-list session v6-dns-acl
!
ip access-list session allowall
!
ip access-list session h323-acl
!
ip access-list session dhcp-acl
!
ip access-list session v6-https-acl
!
ip access-list session allow-printservices
!
ip access-list session skinny-acl
!
ip access-list session https-acl
!
ip access-list session ap-acl
!
ip access-list session control
!
ip access-list session captiveportal6
!
ip access-list session noe-acl
!
ip access-list session dns-acl
!
vpn-dialer default-dialer
ike authentication PRE-SHARE ******
!
dot1x high-watermark 70
dot1x low-watermark 66
user-role ap-role
!
user-role stateful-dot1x
access-list session global-sacl
access-list session apprf-stateful-dot1x-sacl
!
user-role guest-logon
!
user-role logon
!
user-role cpbase
!
user-role denyall
!
user-role guest
access-list session global-sacl
access-list session apprf-guest-sacl
!
!
controller-ip vlan 20
no kernel coredump
interface mgmt
!
dialer group evdo_us
init-string ATQ0V1E0
dial-string ATDT#777
!
dialer group gsm_us
init-string AT+CGDCONT=1,"IP","ISP.CINGULAR"
dial-string ATD*99#
!
dialer group gsm_asia
init-string AT+CGDCONT=1,"IP","internet"
dial-string ATD*99***1#
!
dialer group vivo_br
init-string AT+CGDCONT=1,"IP","zap.vivo.com.br"
dial-string ATD*99#
!
vlan 10 "DADOS"
vlan 20 "APs"
vlan 30 "RELÓGIOS"
spanning-tree mode rapid-pvst
spanning-tree vlan 1
!
spanning-tree vlan 10
!
spanning-tree vlan 20
!
spanning-tree vlan 30
!
interface gigabitethernet 0/0/0
description "GE0/0/0"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/1
description "GE0/0/1"
trusted
trusted vlan 1-4094
jumbo
!
interface gigabitethernet 0/0/2
description "GE0/0/2"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/3
description "GE0/0/3"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/4
description "GE0/0/4"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/5
description "GE0/0/5"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/6
description "GE0/0/6"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/7
description "GE0/0/7"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/8
description "GE0/0/8"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/9
description "GE0/0/9"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/10
description "GE0/0/10"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/11
description "GE0/0/11"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/12
description "GE0/0/12"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/13
description "GE0/0/13"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/14
description "GE0/0/14"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/15
description "GE0/0/15"
trusted
trusted vlan 1-4094
jumbo
switchport access vlan 20
!
interface gigabitethernet 0/0/16
description "GE0/0/16"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/17
description "GE0/0/17"
trusted
trusted vlan 1-4094
!
interface vlan 20
ip address 192.168.20.1 255.255.255.0
!
interface vlan 1
ipv6 address 2001::1/64
!
interface vlan 10
ip address 192.168.10.2 255.255.255.0
!
interface vlan 30
ip address 192.168.30.2 255.255.255.0
!
ip default-gateway 192.168.20.254
uplink disable
crypto isakmp policy 20
encryption aes256
!
crypto isakmp policy 10001
!
crypto isakmp policy 10002
encryption aes256
authentication rsa-sig
!
crypto isakmp policy 10003
encryption aes256
!
crypto isakmp policy 10004
version v2
encryption aes256
authentication rsa-sig
!
crypto isakmp policy 10005
encryption aes256
!
crypto isakmp policy 10006
version v2
encryption aes128
authentication rsa-sig
!
crypto isakmp policy 10007
version v2
encryption aes128
!
crypto isakmp policy 10008
version v2
encryption aes128
hash sha2-256-128
group 19
authentication ecdsa-256
prf prf-hmac-sha256
!
crypto isakmp policy 10009
version v2
encryption aes256
hash sha2-384-192
group 20
authentication ecdsa-384
prf prf-hmac-sha384
!
crypto ipsec transform-set default-ha-transform esp-3des esp-sha-hmac
crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac
crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac
crypto dynamic-map default-rap-ipsecmap 10001
version v2
set transform-set "default-gcm256" "default-gcm128" "default-rap-transform"
!
crypto dynamic-map default-dynamicmap 10000
set transform-set "default-transform" "default-aes"
!
crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap
crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap
crypto isakmp eap-passthrough eap-tls
crypto isakmp eap-passthrough eap-peap
crypto isakmp eap-passthrough eap-mschapv2
vpdn group l2tp
!
!
syslocation "LUANDA"
syscontact "MUTUYAKEVELA"
vpdn group pptp
!
tunneled-node-address 0.0.0.0
adp discovery enable
adp igmp-join enable
adp igmp-vlan 0
ap ap-blacklist-time 3600
ap flush-r1-on-new-r0 disable
no ssh mgmt-auth public-key
ssh mgmt-auth username/password
mgmt-user admin root f88f84a0010f845c67dbeeddd7fa0eec5d5a7dc5efe6d72840
no database synchronize
ip mobile domain default
!
!
!
airgroup mdns "disable"
!
airgroup dlna "disable"
!
airgroup location-discovery "enable"
!
!
airgroup active-wireless-discovery "disable"
!
airgroupservice "airplay"
id "_airplay._tcp"
id "_raop._tcp"
id "_appletv-v2._tcp"
description "AirPlay"
!
airgroupservice "airprint"
id "_ipp._tcp"
id "_pdl-datastream._tcp"
id "_printer._tcp"
id "_scanner._tcp"
id "_universal._sub._ipp._tcp"
id "_universal._sub._ipps._tcp"
id "_printer._sub._http._tcp"
id "_http._tcp"
id "_http-alt._tcp"
id "_ipp-tls._tcp"
id "_fax-ipp._tcp"
id "_riousbprint._tcp"
id "_cups._sub._ipp._tcp"
id "_cups._sub._fax-ipp._tcp"
id "_ica-networking._tcp"
id "_ptp._tcp"
id "_canon-bjnp1._tcp"
id "_ipps._tcp"
id "_ica-networking2._tcp"
description "AirPrint"
!
airgroupservice "itunes"
id "_home-sharing._tcp"
id "_apple-mobdev._tcp"
id "_daap._tcp"
id "_dacp._tcp"
description "iTunes"
!
airgroupservice "remotemgmt"
id "_ssh._tcp"
id "_sftp-ssh._tcp"
id "_ftp._tcp"
id "_telnet._tcp"
id "_rfb._tcp"
id "_net-assistant._tcp"
description "Remote management"
!
airgroupservice "sharing"
id "_odisk._tcp"
id "_afpovertcp._tcp"
id "_xgrid._tcp"
description "Sharing"
!
airgroupservice "chat"
id "_presence._tcp"
description "Chat"
!
airgroupservice "googlecast"
id "_googlecast._tcp"
description "GoogleCast supported by Chromecast etc"
!
airgroupservice "DIAL"
id "urn:dial-multiscreen-org:service:dial:1"
id "urn:dial-multiscreen-org:device:dial:1"
description "DIAL supported by Chromecast, FireTV, Roku etc"
!
airgroupservice "DLNA Media"
id "urn:schemas-upnp-org:device:MediaServer:1"
id "urn:schemas-upnp-org:device:MediaServer:2"
id "urn:schemas-upnp-org:device:MediaServer:3"
id "urn:schemas-upnp-org:device:MediaServer:4"
id "urn:schemas-upnp-org:device:MediaRenderer:1"
id "urn:schemas-upnp-org:device:MediaRenderer:2"
id "urn:schemas-upnp-org:device:MediaRenderer:3"
id "urn:schemas-upnp-org:device:MediaPlayer:1"
description "Media"
!
airgroupservice "DLNA Print"
id "urn:schemas-upnp-org:device:Printer:1"
id "urn:schemas-upnp-org:service:PrintBasic:1"
id "urn:schemas-upnp-org:service:PrintEnhanced:1"
description "Print"
!
airgroupservice "allowall"
description "Remaining-Services"
!
airgroup service "airplay" enable
!
airgroup service "airprint" enable
!
airgroup service "itunes" disable
!
airgroup service "remotemgmt" disable
!
airgroup service "sharing" disable
!
airgroup service "chat" disable
!
airgroup service "googlecast" disable
!
airgroup service "DIAL" enable
!
airgroup service "DLNA Media" disable
!
airgroup service "DLNA Print" disable
!
airgroup service "allowall" disable
!
ip igmp
!
ipv6 mld
!
no firewall attack-rate cp 1024
firewall enable ICE-STUN based firewall traversal
firewall attack-rate grat-arp 50 drop
firewall jumbo mtu 9000
ipv6 enable
ipv6 firewall ext-hdr-parse-len 100
!
!
firewall cp
ipv6 permit any proto 17 ports 49170 49200
!
ip domain lookup
!
country PT
aaa authentication mac "default"
!
aaa authentication dot1x "default"
!
aaa server-group "default"
auth-server Internal
set role condition role value-of
!
aaa profile "default"
!
aaa authentication captive-portal "default"
!
aaa authentication wispr "default"
!
aaa authentication vpn "default"
!
aaa authentication vpn "default-rap"
!
aaa authentication mgmt
!
aaa authentication stateful-ntlm "default"
!
aaa authentication stateful-kerberos "default"
!
aaa authentication stateful-dot1x
!
aaa authentication wired
!
web-server profile
session-timeout 3600
!
guest-access-email
!
aaa password-policy mgmt
!
control-plane-security
!
ids wms-general-profile
!
ids wms-local-system-profile
!
valid-network-oui-profile
!
upgrade-profile
!
license profile
!
activate-service-whitelist
!
file syncing profile
!
ifmap cppm
!
pan profile "default"
!
pan active-profile
!
lcd-menu
!
ap system-profile "default"
!
ap regulatory-domain-profile "default"
country-code PT
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 52
valid-11a-channel 56
valid-11a-channel 60
valid-11a-channel 64
valid-11a-channel 100
valid-11a-channel 104
valid-11a-channel 108
valid-11a-channel 112
valid-11a-channel 116
valid-11a-channel 120
valid-11a-channel 124
valid-11a-channel 128
valid-11a-channel 132
valid-11a-channel 136
valid-11a-channel 140
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 52-56
valid-11a-40mhz-channel-pair 60-64
valid-11a-40mhz-channel-pair 100-104
valid-11a-40mhz-channel-pair 108-112
valid-11a-40mhz-channel-pair 116-120
valid-11a-40mhz-channel-pair 124-128
valid-11a-40mhz-channel-pair 132-136
valid-11a-80mhz-channel-group 36-48
valid-11a-80mhz-channel-group 52-64
valid-11a-80mhz-channel-group 100-112
valid-11a-80mhz-channel-group 116-128
!
ap wired-ap-profile "default"
!
ap enet-link-profile "default"
!
ap mesh-ht-ssid-profile "default"
!
ap lldp med-network-policy-profile "default"
!
ap mesh-cluster-profile "default"
!
ap lldp profile "default"
!
ap mesh-radio-profile "default"
!
ap wired-port-profile "default"
!
ids general-profile "default"
!
ids unauthorized-device-profile "default"
!
ids profile "default"
!
rf arm-profile "arm-maintain"
assignment maintain
no scanning
!
rf arm-profile "arm-scan"
!
rf arm-profile "default"
!
rf optimization-profile "default"
!
rf event-thresholds-profile "default"
!
rf am-scan-profile "default"
!
rf dot11a-radio-profile "default"
!
rf dot11a-radio-profile "rp-maintain-a"
arm-profile "arm-maintain"
!
rf dot11a-radio-profile "rp-monitor-a"
mode am-mode
!
rf dot11a-radio-profile "rp-scan-a"
arm-profile "arm-scan"
!
rf dot11g-radio-profile "default"
!
rf dot11g-radio-profile "rp-maintain-g"
arm-profile "arm-maintain"
!
rf dot11g-radio-profile "rp-monitor-g"
mode am-mode
!
rf dot11g-radio-profile "rp-scan-g"
arm-profile "arm-scan"
!
wlan handover-trigger-profile "default"
!
wlan rrm-ie-profile "default"
!
wlan bcn-rpt-req-profile "default"
!
wlan dot11r-profile "default"
!
wlan tsm-req-profile "default"
!
wlan ht-ssid-profile "default"
!
wlan hotspot anqp-venue-name-profile "default"
!
wlan hotspot anqp-nwk-auth-profile "default"
!
wlan hotspot anqp-roam-cons-profile "default"
!
wlan hotspot anqp-nai-realm-profile "default"
!
wlan hotspot anqp-3gpp-nwk-profile "default"
!
wlan hotspot h2qp-operator-friendly-name-profile "default"
!
wlan hotspot h2qp-wan-metrics-profile "default"
!
wlan hotspot h2qp-conn-capability-profile "default"
!
wlan hotspot h2qp-op-cl-profile "default"
!
wlan hotspot anqp-ip-addr-avail-profile "default"
!
wlan hotspot anqp-domain-name-profile "default"
!
wlan dot11k-profile "default"
!
wlan ssid-profile "default"
!
wlan hotspot advertisement-profile "default"
!
wlan hotspot hs2-profile "default"
!
wlan virtual-ap "default"
!
ap provisioning-profile "default"
!
rf arm-rf-domain-profile
arm-rf-domain-key "c667268b629aee67f372d3d48237b537"
!
ap-lacp-striping-ip
!
ap-group "default"
!
airgroup cppm-server aaa
!
logging level warnings security subcat ids
logging level warnings security subcat ids-ap
snmp-server enable trap
snmp-server trap source 0.0.0.0
snmp-server trap disable wlsxAdhocNetwork
snmp-server trap disable wlsxAdhocNetworkBridgeDetectedAP
snmp-server trap disable wlsxAdhocNetworkBridgeDetectedSta
snmp-server trap disable wlsxAdhocUsingValidSSID
snmp-server trap disable wlsxAuthMaxAclEntries
snmp-server trap disable wlsxAuthMaxBWContracts
snmp-server trap disable wlsxAuthMaxUserEntries
snmp-server trap disable wlsxAuthServerIsUp
snmp-server trap disable wlsxAuthServerReqTimedOut
snmp-server trap disable wlsxAuthServerTimedOut
snmp-server trap disable wlsxChannelChanged
snmp-server trap disable wlsxCoverageHoleDetected
snmp-server trap disable wlsxDBCommunicationFailure
snmp-server trap disable wlsxDisconnectStationAttack
snmp-server trap disable wlsxESIServerDown
snmp-server trap disable wlsxESIServerUp
snmp-server trap disable wlsxFanFailure
snmp-server trap disable wlsxFanTrayInserted
snmp-server trap disable wlsxFanTrayRemoved
snmp-server trap disable wlsxGBICInserted
snmp-server trap disable wlsxIpSpoofingDetected
snmp-server trap disable wlsxLCInserted
snmp-server trap disable wlsxLCRemoved
snmp-server trap disable wlsxLicenseExpiry
snmp-server trap disable wlsxLowMemory
snmp-server trap disable wlsxLowOnFlashSpace
snmp-server trap disable wlsxOutOfRangeTemperature
snmp-server trap disable wlsxOutOfRangeVoltage
snmp-server trap disable wlsxPowerSupplyFailure
snmp-server trap disable wlsxPowerSupplyMissing
snmp-server trap disable wlsxProcessDied
snmp-server trap disable wlsxProcessExceedsMemoryLimits
snmp-server trap disable wlsxSCInserted
snmp-server trap disable wlsxSignatureMatch
snmp-server trap disable wlsxStaUnAssociatedFromUnsecureAP
snmp-server trap disable wlsxStationAddedToBlackList
snmp-server trap disable wlsxStationRemovedFromBlackList
snmp-server trap disable wlsxSwitchIPChanged
snmp-server trap disable wlsxSwitchRoleChange
snmp-server trap disable wlsxUserAuthenticationFailed
snmp-server trap disable wlsxUserEntryAuthenticated
snmp-server trap disable wlsxUserEntryChanged
snmp-server trap disable wlsxUserEntryCreated
snmp-server trap disable wlsxUserEntryDeAuthenticated
snmp-server trap disable wlsxUserEntryDeleted
snmp-server trap disable wlsxVrrpStateChange
process monitor log
end
#
