
Building configuration...

Current configuration : 5596 bytes
!
! Last configuration change at 13:43:18 moscow Sun Sep 27 2020 by anton
! NVRAM config last updated at 14:46:09 moscow Sun Sep 27 2020 by anton
!
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname wlc1
!
boot-start-marker
boot-end-marker
!
!
enable password ***
!
aaa new-model
aaa local authentication default authorization default
!
!!
aaa authentication enable default enable
aaa authentication dot1x cwa-authorization group radius
aaa authorization network cwa-authorization group radius 
aaa accounting update periodic 5
aaa accounting identity cwa-accounting start-stop group radius
!
!
aaa attribute list wlan_lobby_access
!
!
!
!
aaa server radius dynamic-author
 client 172.16.130.5 server-key wnam_radius
 client 172.16.131.5 server-key wnam_radius
!
aaa session-id common
clock timezone moscow 0 0
clock calendar-valid
vtp mode off
!
!
!
!
!
!         
!
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
! 
! 
! 
! 
!
!
parameter-map type webauth global
 virtual-ip ipv4 192.0.2.1
!
access-session mac-move deny
no device-tracking logging theft
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
crypto pki server WLC_CA
 database archive pkcs12 password 7 08225F71000D041B0B5A
 issuer-name O=Cisco Virtual Wireless LAN Controller, CN=CA-vWLC_WLC
 grant auto
 hash sha1
 lifetime certificate 3652
 lifetime ca-certificate 3652
!
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
!
crypto pki trustpoint TP-self-signed-105031338
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-105031338
 revocation-check none
 rsakeypair TP-self-signed-105031338
!
crypto pki trustpoint WLC_CA
 revocation-check crl
 rsakeypair WLC_CA
!         
crypto pki trustpoint WLC_WLC_TP
 enrollment url http://10.241.144.97:80
 serial-number
 password 7 0508153028584F050054
 subject-name O=Cisco Virtual Wireless LAN Controller, CN=WLC_WLC_TP
 revocation-check crl
 rsakeypair WLC_WLC_TP
 eku request server-auth client-auth 
!
!
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
crypto pki certificate chain TP-self-signed-105031338
 certificate self-signed 01
crypto pki certificate chain WLC_CA
 certificate ca 01
crypto pki certificate chain WLC_WLC_TP
 certificate 02
 certificate ca 01
!
!
!
!
!
!
!
!
license udi pid C9800-CL-K9 sn 99B5YQBGXJA
service-template webauth-global-inactive
 inactivity-timer 3600 
service-template DEFAULT_LINKSEC_POLICY_MUST_SECURE
 linksec policy must-secure
service-template DEFAULT_LINKSEC_POLICY_SHOULD_SECURE
 linksec policy should-secure
service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
 voice vlan
service-template DEFAULT_CRITICAL_DATA_TEMPLATE
device classifier
diagnostic bootup level minimal
memory free low-watermark processor 71962
!
!
username anton privilege 15 password 0 ***
!
redundancy
 mode sso
!
!
!
!
!
!
!
vlan configuration 100,305
vlan internal allocation policy ascending
!
vlan 100
 name VLAN100
!
vlan 305
 name VLAN305
!
!
class-map match-any AVC-Reanchor-Class
 match protocol cisco-jabber-audio
 match protocol cisco-jabber-video
 match protocol webex-media
 match protocol webex-app-sharing
 match protocol webex-control
 match protocol webex-meeting
 match protocol wifi-calling
! 
!
!
!
!
!
!
!
!
!
!
!
!
!
! 
! 
!
!
interface GigabitEthernet1
 no switchport
 ip address 93.180.6.168 255.255.255.128
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 switchport trunk allowed vlan 100,305
 switchport mode trunk
 negotiation auto
 no mop enabled
 no mop sysid
!
interface Vlan1
 no ip address
 no mop enabled
 no mop sysid
!
interface Vlan100
 ip address dhcp hostname wlc1.lab
 no mop enabled
 no mop sysid
!
interface Vlan305
 ip address 10.241.144.97 255.255.255.192
 no mop enabled
 no mop sysid
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 93.180.6.129
ip route 0.0.0.0 0.0.0.0 10.241.144.65
!
ip access-list extended wnam_acl_xe
 1 deny   udp any any eq domain
 2 deny   udp any eq domain any
 3 deny   ip any host 172.16.131.5
 4 deny   ip host 172.16.131.5 any
 5 permit ip any any
!
!
!
!
radius-server attribute wireless accounting mac-delimiter colon
radius-server attribute wireless accounting username-delimiter colon
radius-server attribute wireless accounting username-case upper
radius-server attribute wireless accounting call-station-id ap-macaddress-ssid
radius-server attribute wireless accounting callStationIdCase upper
radius-server attribute wireless authentication callStationIdCase upper
radius-server attribute wireless authentication mac-delimiter colon
radius-server attribute wireless authentication call-station-id ap-macaddress-ssid
!
radius server wnam
 address ipv4 172.16.131.5 auth-port 1812 acct-port 1813
 timeout 1
 retransmit 2
 key wnam_radius
!
!
control-plane
!
!
!
!
!
!
line con 0
 stopbits 1
line vty 0 4
 transport input all
line vty 5 15
 transport input ssh
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
ntp server 93.180.6.130
!
!
!
!
!
!
end

wlc1#