object-group service airtune port-range 8099 exit object-group service dhcp_client port-range 68 exit object-group service dhcp_server port-range 67 exit object-group service dns port-range 53 exit object-group service netconf port-range 830 exit object-group service ntp port-range 123 exit object-group service radius_auth port-range 1812-1813 exit object-group service sa port-range 8043-8044 exit object-group service ssh port-range 22 exit object-group service web port-range 443 exit object-group network nat ip prefix 10.10.10.0/24 exit object-group network wnam_servers ip address-range 172.16.130.5 exit object-group url defaultserv url http://172.16.130.5 exit syslog max-files 3 syslog file-size 512 syslog file tmpsys:syslog/default severity info exit radius-server local nas ap key ascii-text encrypted 8BBA02608F1D49FF4E300D network 172.16.130.0/24 exit nas local key ascii-text encrypted 8CB5107EA7005AFF network 127.0.0.1/32 exit domain default exit virtual-server default proxy-mode nas-ip-address 172.16.130.101 upstream-server radius_wnam host 172.16.130.5 server-type all key ascii-text encrypted 8BBA02608F1D49FF4E300D exit enable exit enable exit username techsupport password encrypted $6$dtk72pr11kcPbw3g$Di.XMHf.Gv7VF6Pzms70CYq8sUoms0WTVNl/fbU7QyR9NcdbomkifG1v3s98E1YyRbMKOO1vPYHOM3M4fgFlg. exit username eltex password encrypted $6$h.wAR8Q/XZtEfvzG$Q.EMKEstKSsTPbkHHlZvr5T0BukwoIISEN2Mg5L8o/YgameDjlSWV0r.gh7MGbHbGdu2X1CmaG1Q6tEfCc6gw/ privilege 15 exit radius-server host 127.0.0.1 key ascii-text encrypted 8CB5107EA7005AFF exit radius-server host 172.16.130.5 key ascii-text encrypted 8BBA02608F1D49FF4E300D source-address 172.16.130.101 exit aaa radius-profile bras_radius radius-server host 172.16.130.5 exit aaa radius-profile default_radius radius-server host 127.0.0.1 exit das-server das key ascii-text encrypted 8BBA02608F1D49FF4E300D port 3799 clients object-group wnam_servers exit aaa das-profile bras_das das-server das exit tech-support login enable boot host auto-config boot host auto-update vlan 10 force-up exit no spanning-tree domain lookup enable security zone trusted exit security zone untrusted exit security zone users exit security zone dmz exit ip access-list extended BYPASS rule 1 action permit match protocol udp match source-port 68 match destination-port 67 enable exit rule 2 action permit match protocol udp match destination-port 53 enable exit exit ip access-list extended INTERNET rule 1 action permit enable exit rule 10 action permit enable exit exit ip access-list extended WELCOME rule 10 action permit match protocol tcp match destination-port 443 enable exit rule 30 action permit match protocol tcp match destination-port 80 enable exit exit subscriber-control aaa das-profile bras_das aaa sessions-radius-profile bras_radius aaa services-radius-profile bras_radius nas-ip-address 172.16.130.101 session mac-authentication bypass-traffic-acl BYPASS default-service class-map BYPASS filter-name local defaultserv filter-action permit default-action redirect http://172.16.130.5/cp/eltexwlc session-timeout 600 exit enable exit bridge 1 vlan 1 security-zone untrusted ip firewall disable ip address 172.16.130.101/24 no spanning-tree enable exit bridge 10 vlan 10 security-zone users ip firewall disable ip address 10.10.10.1/24 service-subscriber-control object-group nat location USER protected-ports local enable exit interface gigabitethernet 1/0/1 mode switchport switchport mode trunk switchport trunk native-vlan 1 switchport trunk allowed vlan add 10 exit interface gigabitethernet 1/0/2 service-subscriber-control any exit interface gigabitethernet 1/0/3 mode switchport exit interface gigabitethernet 1/0/4 mode switchport exit interface tengigabitethernet 1/0/1 mode switchport exit interface tengigabitethernet 1/0/2 mode switchport exit tunnel softgre 1 mode data local address 172.16.130.101 default-profile enable exit security zone-pair trusted self rule 10 action permit match protocol tcp match destination-port ssh enable exit rule 20 action permit match protocol icmp enable exit rule 30 action permit match protocol udp match source-port dhcp_client match destination-port dhcp_server enable exit rule 40 action permit match protocol udp match destination-port ntp enable exit rule 50 action permit match protocol tcp match destination-port dns enable exit rule 60 action permit match protocol udp match destination-port dns enable exit rule 70 action permit match protocol tcp match destination-port netconf enable exit rule 80 action permit match protocol tcp match destination-port sa enable exit rule 90 action permit match protocol udp match destination-port radius_auth enable exit rule 100 action permit match protocol gre enable exit rule 110 action permit match protocol tcp match destination-port airtune enable exit rule 120 action permit match protocol tcp match destination-port web enable exit exit security zone-pair trusted trusted rule 1 action permit enable exit exit security zone-pair trusted untrusted rule 1 action permit enable exit exit security zone-pair untrusted self rule 1 action permit match protocol udp match source-port dhcp_server match destination-port dhcp_client enable exit rule 2 action permit match protocol tcp match destination-port ssh enable exit rule 20 action permit match protocol tcp match destination-port web enable exit rule 90 action permit match protocol udp match destination-port radius_auth enable exit rule 91 action permit match protocol udp exit exit security zone-pair users self rule 10 action permit match protocol icmp enable exit rule 20 action permit match protocol udp match source-port dhcp_client match destination-port dhcp_server enable exit rule 30 action permit match protocol tcp match destination-port dns enable exit rule 40 action permit match protocol udp match destination-port dns enable exit exit security zone-pair users untrusted rule 1 action permit enable exit exit security passwords default-expired nat source ruleset factory to zone untrusted rule 10 description "replace 'source ip' by outgoing interface ip address" match source-address nat action source-nat interface enable exit exit ruleset wnam to default rule 10 action source-nat interface enable exit rule 20 action source-nat interface enable exit exit exit ip dhcp-server ip dhcp-server pool ap-pool network 192.168.1.0/24 address-range 192.168.1.2-192.168.1.254 default-router 192.168.1.1 dns-server 192.168.1.1 option 42 ip-address 192.168.1.1 vendor-specific suboption 12 ascii-text "192.168.1.1" suboption 15 ascii-text "https://192.168.1.1:8043" exit exit ip dhcp-server pool users-pool network 10.10.10.0/24 address-range 10.10.10.10-10.10.10.100 default-router 10.10.10.1 dns-server 172.16.130.1,93.180.6.130 exit ip route 0.0.0.0/0 172.16.130.1 softgre-controller nas-ip-address 127.0.0.1 data-tunnel configuration wlc aaa radius-profile default_radius keepalive-disable service-vlan add 10 enable exit wlc outside-address 172.16.130.101 service-activator aps join auto password private-crt-key ascii-text encrypted 8CB5107EA7005AFF exit airtune enable exit ap 68:13:e2:02:6c:c0 ap-model WEP-3ax ap-location default-location exit ap-location default-location description default-location mode tunnel ap-profile default-ap airtune-profile default_airtune board-profile WEP-1L default_wep-1l_profile board-profile WEP-200L default_wep-200l_profile board-profile WEP-2L default_wep-2l_profile board-profile WEP-30L default_wep-30l_profile board-profile WEP-3ax default_wep-3ax_profile board-profile WOP-20L default_wop-20l_profile board-profile WOP-2L default_wop-2l_profile board-profile WOP-30L default_wop-30l_profile ssid-profile default-ssid ssid-profile eltex-bras-open exit airtune-profile default_airtune exit ssid-profile default-ssid description default-ssid ssid eltex-test radius-profile default-radius vlan-id 10 security-mode WPA2_1X key-wpa ascii-text encrypted CDE65039E5591FA3 802.11kv band 2g band 5g enable exit ssid-profile eltex-bras-open ssid eltex-bras-open vlan-id 10 802.11kv band 2g band 5g enable exit board-profile default_wep-1l_profile ap-model WEP-1L radio wlan0 band 2g work-mode bgn autochannel channel 1 use-limit-channels bandwidth 20 tx-power 16 limit-channels 1,11,6 exit radio wlan1 band 5g work-mode ac autochannel channel 36 use-limit-channels bandwidth 20 tx-power 19 limit-channels 36,40,44,48 exit exit board-profile default_wep-200l_profile ap-model WEP-200L radio wlan0 band 2g work-mode bgn autochannel channel 1 use-limit-channels bandwidth 20 tx-power 16 limit-channels 1,11,6 exit radio wlan1 band 5g work-mode ac autochannel channel 36 use-limit-channels bandwidth 20 tx-power 19 limit-channels 36,40,44,48 exit exit board-profile default_wep-2l_profile ap-model WEP-2L radio wlan0 band 2g work-mode bgn autochannel channel 1 use-limit-channels bandwidth 20 tx-power 16 limit-channels 1,11,6 exit radio wlan1 band 5g work-mode ac autochannel channel 36 use-limit-channels bandwidth 20 tx-power 19 limit-channels 36,40,44,48 exit exit board-profile default_wep-30l_profile ap-model WEP-30L radio wlan0 band 2g work-mode bgn autochannel channel 1 use-limit-channels bandwidth 20 tx-power 16 limit-channels 1,11,6 exit radio wlan1 band 5g work-mode anacax autochannel channel 36 use-limit-channels bandwidth 20 tx-power 19 limit-channels 36,40,44,48 exit exit board-profile default_wep-3ax_profile ap-model WEP-3ax radio wlan0 band 2g work-mode bgn autochannel channel 1 use-limit-channels bandwidth 20 tx-power 16 limit-channels 1,11,6 exit radio wlan1 band 5g work-mode anacax autochannel channel 36 use-limit-channels bandwidth 20 tx-power 19 limit-channels 36,40,44,48 exit exit board-profile default_wop-20l_profile ap-model WOP-20L radio wlan0 band 2g work-mode bgn autochannel channel 1 use-limit-channels bandwidth 20 tx-power 16 limit-channels 1,11,6 exit radio wlan1 band 5g work-mode ac autochannel channel 36 use-limit-channels bandwidth 20 tx-power 19 limit-channels 36,40,44,48 exit exit board-profile default_wop-2l_profile ap-model WOP-2L radio wlan0 band 2g work-mode bgn autochannel channel 1 use-limit-channels bandwidth 20 tx-power 16 limit-channels 1,11,6 exit radio wlan1 band 5g work-mode ac autochannel channel 36 use-limit-channels bandwidth 20 tx-power 19 limit-channels 36,40,44,48 exit exit board-profile default_wop-30l_profile ap-model WOP-30L radio wlan0 band 2g work-mode bgn autochannel channel 1 use-limit-channels bandwidth 20 tx-power 16 limit-channels 1,11,6 exit radio wlan1 band 5g work-mode anacax autochannel channel 36 use-limit-channels bandwidth 20 tx-power 19 limit-channels 36,40,44,48 exit exit ap-profile default-ap password ascii-text encrypted 8CB5107EA7005AFF exit radius-profile default-radius auth-address 172.16.130.101 auth-password ascii-text encrypted 8BBA02608F1D49FF4E300D auth-acct-id-send acct-enable acct-address 172.16.130.101 acct-password ascii-text encrypted 8BBA02608F1D49FF4E300D acct-periodic acct-interval 300 domain default exit ip-pool default-ip-pool description default-ip-pool ap-location default-location exit enable exit ip ssh server clock timezone gmt +3 ntp enable ntp server 93.180.6.130 prefer exit ntp server 10.208.144.5 exit ip http server ip https server