This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Wireless
- ExtremeWireless (WiNG)
- Test wlan that will uses eap ms-chapv2 self-contr...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Test wlan that will uses eap ms-chapv2 self-controller to authenticate
Test wlan that will uses eap ms-chapv2 self-controller to authenticate
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
06-13-2017 12:40 PM
I have created on onboard Radius and role based firewall, ( sort of )
so this is what I have done so far,
from the CLI
#conf
# radius-server-policy RADIUS
# commit write
#radius-group Guest
#guest
#..
radius-group Corp
#..
radius-user-pool CORP-USER
User UKROI password #976301234 group corp
#commit write
#profile rfs7000 default-rfs7000
#use radius-server--policy RADIUS
#commit write
# role-policy RBFW
#user-role Guest precedence 1
#assign vlan 999
#ssid contains Guest
#..
#user-role Corp precedence 2
#assign vlan 1000
#group exact Corp
#commit write
#aaa-policy INTERNAL-AAA
#authentication server 1 onboard-controller
I have created a wlan and assigned the aaa-policy INTERNAL_AAA
then in the ap profile under settings I have added the RBFW in the wireless client role policy
The problem I have
I only have two prodution vlan's so I can not put the AAA server to these, but I need to get to a server on the main VLAN
I can see the Dot1x wlan that is part of the test, If I use my mobile phone and try to connect it prompts for a usernsme and a password as it should, I then put thses details is
select the ms-chapv2, then you have an option about certificate he I select none
then under the username it show anonymous
then drop to password enter this
then it shows connecting then gives up.
Now I think its due to the fact that Vlan 999 & 1000 do not have any dhcp server to give the device and IP
So can I setup a dhcp server on the RFS7k ( wing 5.8.5 ) that will only dish out addresses on the dot1x wlan ? then route off to our main vlan to attach to atest server
Lot of information and questions - but any help appreciated
so this is what I have done so far,
from the CLI
#conf
# radius-server-policy RADIUS
# commit write
#radius-group Guest
#guest
#..
radius-group Corp
#..
radius-user-pool CORP-USER
User UKROI password #976301234 group corp
#commit write
#profile rfs7000 default-rfs7000
#use radius-server--policy RADIUS
#commit write
# role-policy RBFW
#user-role Guest precedence 1
#assign vlan 999
#ssid contains Guest
#..
#user-role Corp precedence 2
#assign vlan 1000
#group exact Corp
#commit write
#aaa-policy INTERNAL-AAA
#authentication server 1 onboard-controller
I have created a wlan and assigned the aaa-policy INTERNAL_AAA
then in the ap profile under settings I have added the RBFW in the wireless client role policy
The problem I have
I only have two prodution vlan's so I can not put the AAA server to these, but I need to get to a server on the main VLAN
I can see the Dot1x wlan that is part of the test, If I use my mobile phone and try to connect it prompts for a usernsme and a password as it should, I then put thses details is
select the ms-chapv2, then you have an option about certificate he I select none
then under the username it show anonymous
then drop to password enter this
then it shows connecting then gives up.
Now I think its due to the fact that Vlan 999 & 1000 do not have any dhcp server to give the device and IP
So can I setup a dhcp server on the RFS7k ( wing 5.8.5 ) that will only dish out addresses on the dot1x wlan ? then route off to our main vlan to attach to atest server
Lot of information and questions - but any help appreciated
24 REPLIES 24
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-05-2017 05:51 AM
Ok, So I have to compy the cert to our LDAP server ? or just create it on the RFS ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-04-2017 05:37 PM
You can't NOT use certificates. EAP-PEAP-MS-CHAPv2 stipulates at a minimum that you must have server-side certificates on the RADIUS server.
If you want to use an external LDAP that's fine, but the RADIUS server still needs a certificate.
Similarly, if you used an external RADIUS server, it would need to have a certificate.
If you want to use an external LDAP that's fine, but the RADIUS server still needs a certificate.
Similarly, if you used an external RADIUS server, it would need to have a certificate.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-04-2017 09:26 AM
So am I correct in thinking I need to use an external LDAP server with the Radius-onboard the RFS7k ?
For this test I dont want to use certficates
For this test I dont want to use certficates
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-01-2017 02:51 PM
Phil,
I don't see any mention of trustpoints in your config, so I'm guessing you didn't do any certificate setup as part of the Radius setup.
EAP-anything requires a radius server-side certificate in order to function. It cannot use the default built-in trustpoint.
I found this video to be very informative, although the presenter is setting up EAP-TLS, EAP-PEAP is similar, and you should be able to derive the correct config from there.
https://www.youtube.com/watch?v=-f0R9tNwRX4
I don't see any mention of trustpoints in your config, so I'm guessing you didn't do any certificate setup as part of the Radius setup.
EAP-anything requires a radius server-side certificate in order to function. It cannot use the default built-in trustpoint.
I found this video to be very informative, although the presenter is setting up EAP-TLS, EAP-PEAP is similar, and you should be able to derive the correct config from there.
https://www.youtube.com/watch?v=-f0R9tNwRX4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-01-2017 05:22 AM
Hi Andrew
here is the running config, Its not pretty ( have have removed some IP and other info )
I wnat to set this on only one AP, for the test
!
! Configuration of RFS7000 version 5.8.5.0-016R
!
!
version 2.5
!
!
client-identity Android-X
dhcp 1 message-type request option 55 exact hexstring 012103060f1c333a3b
dhcp 2 message-type request option 60 exact ascii dhcpcd-5.5.6
dhcp-match-message-type request
!
client-identity Motorola-Android
dhcp 1 message-type request option 55 starts-with hexstring 012103060f1c2c333a3b
dhcp-match-message-type request
!
client-identity Windows-10
dhcp 1 message-type request option 55 exact hexstring 01002710792c78
dhcp 5 message-type request option 60 exact ascii "MSFT 5.0"
dhcp-match-message-type request
!
client-identity iPhone-iPad
dhcp 4 message-type request option 55 exact hexstring 017903060f77fc
dhcp 10 message-type request option 55 exact hexstring 0103060f77fc
dhcp 1 message-type request option-codes exact hexstring 3537393d32330c
dhcp 2 message-type request option-codes exact hexstring 3537393d32360c
dhcp 3 message-type request option-codes exact hexstring 3537393d3233
dhcp 6 message-type request option-codes exact hexstring 3537393d330c
dhcp-match-message-type request
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
permit ip any 224.0.0.0/4 rule-precedence 21 rule-description "Allow IP multicast for Chromecast and Apple TV Boxes to work"
permit ip any host 255.255.255.255 rule-precedence 22 rule-description "allow IP local broadcast for Chromecast and Apple TV Boxes to work"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
permit proto 254 any any rule-precedence 101 rule-description Sip traffic
permit tcp any eq 5061 any rule-precedence 102 rule-description sip traffic
permit ip any xxx.245.xx.0/21 rule-precedence 103 rule-description RC Network
permit ip any xxx.23.xxx.0/22 rule-precedence 104 rule-description RC Network
permit ip any xxx.255.xxx.0/22 rule-precedence 106 rule-description RC Network
permit ip any xxx.68.xxx.0/22 rule-precedence 107 rule-description RC Network
permit tcp any range 8008 8009 any range 8008 8009 rule-precedence 108
permit udp any eq 53 any rule-precedence 110
permit udp any eq 1900 any rule-precedence 111
permit tcp any xxx.236.xxx.128/2x eq https rule-precedence 113
permit tcp any xxx.241.xxx.192/2x eq https rule-precedence 114
permit tcp any xxx.246.xxx.128/2x eq https rule-precedence 115
permit tcp any xxx.207.xxx.192/2x eq https rule-precedence 116
permit tcp any xxx.58.xxx.160/2x eq https rule-precedence 117
permit tcp any xxx.11.xxx.96/2x eq https rule-precedence 118
permit tcp any xxx.153.xxx.160/2x eq https rule-precedence 119
permit tcp any xxx.249.xxx.128/2x eq https rule-precedence 121
permit tcp any xxx.22xxx.112/2x eq https rule-precedence 122
permit tcp any 54.175.63.64/26 eq https rule-precedence 123
permit tcp any 54.93.127.192/26 eq https rule-precedence 124
permit tcp any xxx.209.xxx.64/2x eq https rule-precedence 125
permit tcp any xxx.241.xxx.64/2x eq https rule-precedence 126
permit tcp any xxx.219.xxx.192/2x eq https rule-precedence 127
permit tcp any xxx.4.xxx.128/2x eq https rule-precedence 128
permit tcp any xxx.233.xxx.192/2x eq https rule-precedence 129
permit tcp any xxx.219.xxx.64/2x eq https rule-precedence 130
permit tcp any xxx.175.xxx.192/2x eq https rule-precedence 131
permit tcp any xxx.250.xxx.0/2x eq https rule-precedence 132
permit tcp any xxx.171.xxx.192/2x eq https rule-precedence 133
permit tcp any xxx.93.xxx.192/x eq https rule-precedence 134
permit udp any range 5060 5061 any range 5060 5061 rule-precedence 135
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
deny host 00-1F-3B-26-02-A5 host 00-1F-3B-26-02-A5 rule-precedence 30
!
ip snmp-access-list Mic_HQ
permit host xxx.17.1xx.xxx
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
storm-control multicast log warnings
ip-mac conflict log-and-drop log-level debugging
no ipv6 firewall enable
no stateful-packet-inspection-l2
!
role-policy RBFW
user-role Guest precedence 1
assign vlan 1
ssid contains RKOI
user-role Corp precedence 2
assign vlan 1
group exact Corp
!
!
mint-policy global-default
!
meshpoint-qos-policy default
accelerated-multicast autodetect classification voice
!
wlan-qos-policy default
classification normal
classification non-unicast normal
qos trust dscp
qos trust wmm
!
radio-qos-policy default
no admission-control implicit-tspec
admission-control voice
admission-control video
admission-control video max-airtime-percent 15
accelerated-multicast max-streams 60
!
aaa-policy INTERNAL-AAA
authentication server 1 onboard controller
!
association-acl-policy Mic_Ban
deny 4C-0B-BE-04-F1-04 4C-0B-BE-04-F1-04 precedence 1
!
wlan 1
description Guest
ssid HOTSPOT
vlan 10
bridging-mode tunnel
encryption-type tkip-ccmp
authentication-type none
no answer-broadcast-probes
radio-resource-measurement
no radio-resource-measurement channel-report
fast-bss-transition
wpa-wpa2 psk 0 6hbZ5r5sYJ
wpa-wpa2 handshake timeout 200 300 400 500
wpa-wpa2 handshake attempts 5
use ip-access-list out BROADCAST-MULTICAST-CONTROL
use mac-access-list out PERMIT-ARP-AND-IPv4
!
wlan 2
description Microlise WLAN
ssid WLANBG
vlan 1
bridging-mode tunnel
encryption-type tkip-ccmp
authentication-type none
no answer-broadcast-probes
fast-bss-transition
wpa-wpa2 psk 0 xxxxxxxxxx
wpa-wpa2 handshake timeout 200 300 400 500
wpa-wpa2 handshake attempts 5
accounting syslog host xxx.17.154.xx port 514 proxy-mode through-controller
data-rates 2.4GHz gn
data-rates 5GHz an
ip arp trust
ip dhcp trust
use ip-access-list out BROADCAST-MULTICAST-CONTROL
use mac-access-list out PERMIT-ARP-AND-IPv4
!
wlan 3
description ICT Test
ssid DOMTEST
vlan 10
bridging-mode tunnel
encryption-type tkip-ccmp
authentication-type none
no answer-broadcast-probes
radio-resource-measurement
fast-bss-transition
wpa-wpa2 psk 0 Dxuxles1x
wpa-wpa2 handshake timeout 200 300 400 500
wpa-wpa2 handshake attempts 5
wing-extensions ft-over-ds-aggregate
no client-load-balancing allow-single-band-clients 5ghz
!
wlan 4
description Company Mobile Phone
ssid VoipT
vlan 10
bridging-mode tunnel
encryption-type tkip-ccmp
authentication-type none
no answer-broadcast-probes
radio-resource-measurement
fast-bss-transition
wpa-wpa2 psk 0 Un1fyxxx
wpa-wpa2 handshake timeout 200 300 400 500
wpa-wpa2 handshake attempts 5
data-rates 2.4GHz gn
data-rates 5GHz an
use ip-access-list out BROADCAST-MULTICAST-CONTROL
use mac-access-list out PERMIT-ARP-AND-IPv4
!
wlan Group-1-DOT1X
description PEAP-TEST
shutdown
ssid RKOI
vlan 1
bridging-mode tunnel
encryption-type ccmp
authentication-type eap
radio-resource-measurement
fast-bss-transition
use aaa-policy INTERNAL-AAA
registration device-OTP group-name tesco expiry-time 4320
service monitor aaa-server
!
meshpoint link
meshid link
beacon-format mesh-point
control-vlan 1
allowed-vlans 1-4094
neighbor inactivity-timeout 60
security-mode none
wpa2 psk 0 hellomoto
no root
!
smart-rf-policy Wood2
channel-width 5GHz auto
channel-width 2.4GHz auto
!
radius-group Corp
policy ssid RKOI
!
radius-group Guest
guest
!
radius-group Test-eap
policy vlan 1
policy ssid RKOI
!
radius-user-pool-policy CORP-USER
user John password 0 doe group Corp
!
radius-user-pool-policy Test-eap
user DT-355856050632419 password 0 Pa55w0rd group Corp Test-eap
!
radius-server-policy RADIUS
use radius-user-pool-policy Test-eap
no ldap-group-verification
!
!
management-policy default
no telnet
no http server
https server
no ftp
ssh
user admin password 1 ab38cb210d7336ec17bcad7b2d0d7fa644e98f9fcd32c691c5ac1875f5858854 role superuser access all
allowed-location MHQ locations MHQ
snmp-server manager v1
snmp-server manager v2
no snmp-server manager v3
snmp-server community 0 public ro ip-snmp-access-list Mic_HQ
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
snmp-server enable traps
snmp-server host xxx.xx.146.1x v2c 161 community 0 public
t5 snmp-server community public ro 192.168.0.1
t5 snmp-server community private rw 192.168.0.1
!
event-system-policy Mesh
event mesh meshpoint-loop-prevent-on email off
event mesh meshpoint-eap-server-timeout email off
event mesh mp-rescan email off
event mesh mesh-link-down email on
event mesh mpr-chan-change email off
event mesh meshpoint-eap-failed email off
event mesh meshpoint-root-change email off
event mesh meshpoint-down email off
event mesh meshpoint-eap-success email off
event mesh meshpoint-eap-client-timeout email off
event mesh meshpoint-up email off
event mesh meshpoint-path-change email off
event mesh meshpoint-loop-prevent-off email off
event mesh mp-chan-change email off
event mesh mesh-link-up email on
!
ex3500-management-policy default
snmp-server community public ro
snmp-server community private rw
snmp-server notify-filter 1 remote 127.0.0.1
snmp-server view defaultview 1 included
!
ex3500-qos-class-map-policy default
!
ex3500-qos-policy-map default
!
l2tpv3 policy default
!
profile rfs7000 default-rfs7000
autoinstall configuration
autoinstall firmware
use radius-server-policy RADIUS
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface me1
interface ge1
interface ge2
interface ge3
interface ge4
interface pppoe1
use firewall-policy default
use role-policy RBFW
cluster member ip 172.xxx.146.105 level 1
cluster member ip 172.xxx.146.106 level 1
cluster member vlan 1
logging on
logging syslog debugging
logging host 1xx.xxx.154.4x
no logging forward
no lldp run
service pm sys-restart
router ospf
!
profile ap7532 AP7532_De
dscp-mapping 46 priority 7
autoinstall configuration
autoinstall firmware
led flash-pattern
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
interface radio2
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
logging on
no lldp run
service pm sys-restart
router ospf
traffic-shape total-bandwidth 20 Mbps
traffic-shape enable
!
profile ap7532 Mic_7532
dscp-mapping 46 priority 7
ip default-gateway xxx.xxx.xxx.xxx
autoinstall configuration
autoinstall firmware
led flash-pattern
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
data-rates gn
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 4 primary
antenna-mode 3x3
antenna-diversity
interface radio2
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 4 primary
interface ge1
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1,10
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
ntp server xxx.xxx.144.1xx prefer version 3
ntp server xxx.xxx.144.xxx version 3
use role-policy RBFW
logging on
no cdp run
no lldp run
service pm sys-restart
router ospf
traffic-shape total-bandwidth 20 Mbps
traffic-shape enable
!
profile ap7532 default-ap7532
dscp-mapping 46 priority 7
autoinstall configuration
autoinstall firmware
led flash-pattern
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
interface radio2
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
ntp server xxx.xxx.144.1xx prefer version 3
ntp server xxx.xxx.144.1xx version 3
logging on
no cdp run
no lldp run
service pm sys-restart
router ospf
traffic-shape total-bandwidth 20 Mbps
traffic-shape enable
!
profile ap7532 mic-mesh
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
placement outdoor
interface radio2
placement outdoor
meshpoint link bss 1
non-unicast tx-rate lowest-basic
no dynamic-chain-selection
interface ge1
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1-4094
interface pppoe1
use event-system-policy Mesh
use firewall-policy default
email-notification host dom02 sender WifiBridge@microlise.com port 25
email-notification recipient support@microlise.com
no cdp run
service pm sys-restart
router ospf
!
profile ap7532 wood_2
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface pppoe1
use firewall-policy default
use role-policy RBFW
no cdp run
no lldp run
service pm sys-restart
router ospf
!
profile ap71xx Mic71xxx
ip default-gateway xxx.xxx.144.xxx
autoinstall configuration
autoinstall firmware
device-upgrade persist-images
load-balancing balance-ap-loads
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface radio1
data-rates custom basic-5.5 basic-11 basic-12 basic-18 basic-24 basic-36 basic-48 basic-54 basic-mcs-1s mcs-2s
rate-selection opportunistic
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
wlan 4 bss 4 primary
preamble-short
no dynamic-chain-selection
no adaptivity recovery
interface radio2
data-rates custom basic-12 basic-18 basic-24 basic-36 basic-48 basic-54 basic-mcs-1s mcs-2s
rate-selection opportunistic
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
wlan 4 bss 4 primary
no dynamic-chain-selection
no adaptivity recovery
interface radio3
shutdown
interface ge1
interface ge2
shutdown
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface wwan1
interface pppoe1
use firewall-policy default
ntp server xxx.xxx.144.150 prefer version 3
ntp server xxx.xxx.144.151 version 3
logging on
no lldp run
no auto-learn staging-config
service pm sys-restart
traffic-shape enable
!
profile ap71xx default-ap71xx
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface radio1
interface radio2
interface radio3
interface ge1
interface ge2
interface wwan1
interface pppoe1
use firewall-policy default
service pm sys-restart
!
profile ap650 default-ap650
ip default-gateway xxx.xxx.144.xxx
autoinstall configuration
autoinstall firmware
no device-upgrade auto
load-balancing balance-ap-loads
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
power 20
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
wlan 4 bss 4 primary
interface radio2
power 20
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
logging on
service pm sys-restart
!
rf-domain Wood_2
location ML_HQ
timezone Europe/London
country-code gb
use smart-rf-policy Wood2
!
rf-domain default
no country-code
!
rfs7000 00-15-70-38-0A-F9
use profile default-rfs7000
use rf-domain Wood_2
hostname rfs7000-Backup
layout-coordinates 145.5 212.5
no mint mlcp ipv6
no mint tunnel-across-extended-vlan
no spanning-tree mst enable bridge-forward
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
spanning-tree mst region RFS_ML
spanning-tree mst revision 2
ip name-server xxx.xxx.144.1xx
ip name-server xxx.xxx.144.xxx
ip domain-name l.local
area "Mez Floor"
ip default-gateway xxx.xxx.144.xxx
interface ge1
speed 1000
duplex full
interface vlan1
ip address xxx.xxx.xxx.106/2x
interface vlan10
ip address dhcp
cluster name M_HQ_Cluster
cluster mode standby
cluster member vlan 1
cluster master-priority 100
cluster handle-stp
cluster force-configured-state
!
rfs7000 00-15-70-81-BE-8E
use profile default-rfs7000
use rf-domain Wood_2
hostname rfs7000-Primary
layout-coordinates 481.5 9.5
license AP baa10e1a4916c4f89b2c620c20ab86b72fd7aefe10c9d75c90cfe595682b28cc0cff4e7c66e1796b
timezone Europe/London
country-code gb
channel-list 2.4GHz 1,2,3,4,5,7,8,10,11,12,13,14
no mint mlcp ipv6
no mint tunnel-across-extended-vlan
ip igmp snooping
ip igmp snooping querier
no spanning-tree mst enable bridge-forward
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
spanning-tree mst region RFS_ML
spanning-tree mst revision 2
ip name-server xxx.xxx.144.1xx
ip name-server xxx.xxx.144.1xx
ip domain-name m.local
area "B4 SRm"
floor GF
ip default-gateway xxx.xxx.144.xxx
no use radius-server-policy
interface me1
ip address 10.10.10.10/24
interface ge1
speed 1000
duplex full
switchport mode trunk
switchport trunk native vlan 1
switchport trunk native tagged
switchport trunk allowed vlan 1,10-11
no ipv6 nd raguard
no ip arp trust
ip arp header-mismatch-validation
interface vlan1
description Ron
ip address xxx.xxx.146.1xx/20
use ip-access-list in BROADCAST-MULTICAST-CONTROL
interface vlan10
ip address dhcp
ip dhcp client request options all
ntp server xxx.xxx.144.1xx prefer version 3
ntp server xxx.xxx.144.1xx version 3
cluster name M_HQ_Cluster
cluster member vlan 1
cluster master-priority 200
cluster handle-stp
cluster force-configured-state
traffic-shape class 1 rate 70 Mbps
traffic-shape total-bandwidth 70 Mbps
traffic-shape enable
!
ap7532 84-24-8D-80-C3-AC
use profile Mic_7532
use rf-domain Wood_2
hostname ap7532-2-Delivery
area HR-Accounts-CEO
floor B4-First-Floor
interface radio1
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 3 primary
interface radio2
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 3 primary
interface ge1
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1,10
interface vlan1
ip address dhcp
!
ap7532 84-24-8D-80-C5-F4
use profile Mic_7532
use rf-domain Wood_2
hostname AP7532-ICT-B4a
location B4a-Sdesk
contact ICT
ip name-server xxx.xx.144.xx
ip name-server xxx.xx.144.xxx
ip domain-name m.local
ip default-gateway xxx.xxx.144.1.xxx
no ip default-gateway failover
interface radio1
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
wlan 4 bss 4 primary
no adaptivity recovery
interface radio2
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
wlan 4 bss 4 primary
antenna-mode 3x3
antenna-diversity
no adaptivity recovery
interface vlan1
ip address dhcp
ip address zeroconf secondary
!
ap7532 84-24-8D-80-C6-24
use profile Mic_7532
use rf-domain Wood_2
hostname AP7532-Reception-Landing
layout-coordinates -72.5 -198.5
area B4
floor First-floor-Theatre
interface radio1
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 4 primary
interface radio2
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 4 primary
!
ap7532 84-24-8D-82-BC-78
use profile mic-mesh
use rf-domain Wood_2
hostname ap7532-Remote-Bridge
layout-coordinates -179.5 -291.5
geo-coordinates 53.0151 -1.3156
ip igmp snooping
interface radio1
shutdown
power smart
no mesh
mesh psk 0 RUc6UnarePa&
interface radio2
power smart
no mesh
mesh psk 0 RUc6UnarePa&
antenna-gain 0.0
antenna-mode 3x3
antenna-diversity
interface vlan1
ip address 172.17.148.252/20
ip address zeroconf secondary
!
ap7532 84-24-8D-82-BC-F4
use profile Mic_7532
use rf-domain Wood_2
ap7532-82BCF4-eap
layout-coordinates 159.5 -1hostname86.5
area TBC
floor TBC
interface radio1
wlan Group-1-DOT1X bss 1 primary
interface radio2
wlan Group-1-DOT1X bss 1 primary
interface ge1
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1,10
interface vlan1
ip address dhcp
ip address zeroconf secondary
!
ap7532 84-24-8D-82-BD-80
use profile Mic_7532
use rf-domain Wood_2
hostname ap7532-Reception
layout-coordinates 214.5 -155.5
area Reception-by-Lift
floor Ground-Floor
interface radio1
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 4 primary
interface radio2
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 4 primary
interface ge1
no cdp receive
no cdp transmit
no lldp receive
no lldp transmit
!
ap7532 84-24-8D-82-BF-18
use profile m-mesh
use rf-domain Wood_2
hostname ap7532-HQ-Bridge
layout-coordinates 258.5 -298.5
geo-coordinates xx.0137 -1.3146
bridge vlan 1
ip default-gateway xxx.xxx.144.1.xxx
interface radio1
shutdown
data-rates gn
placement outdoor
no mesh
antenna-gain 0.0
antenna-mode default
no antenna-diversity
interface radio2
power smart
no mesh
mesh psk 0 RUc6UnarePa&
antenna-gain 0.0
antenna-mode 3x3
antenna-diversity
interface vlan1
ip address xxx.17.xx.251/2x
ip address zeroconf secondary
meshpoint-device link
root
!
ap7532 84-24-8D-82-C7-88
use profile Mic_7532
use rf-domain Wood_2
hostname ap7532-1-Delivery
layout-coordinates x48.5 -201.5
area Delivery
floor B4-First-Floor-Kitchen-Sec-end
interface radio1
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 3 primary
interface radio2
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 3 primary
interface ge1
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1,10
no cdp receive
no cdp transmit
no lldp receive
no lldp transmit
!
ap71xx 00-15-70-EB-7C-A8
use profile Mic71xxx
use rf-domain Wood_2
hostname ap7131-7-PC01
layout-coordinates -396.5 -39.4
area "PortaCabin- Embedded Team"
floor B4a-GF
interface radio1
no shutdown
channel smart
power smart
data-rates default
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 5 primary
non-unicast tx-rate lowest-basic
no antenna-diversity
interface radio2
no shutdown
channel smart
power smart
data-rates an
wlan 1 bss 1 primary
wlan 2 bss 2 primar
here is the running config, Its not pretty ( have have removed some IP and other info )
I wnat to set this on only one AP, for the test
!
! Configuration of RFS7000 version 5.8.5.0-016R
!
!
version 2.5
!
!
client-identity Android-X
dhcp 1 message-type request option 55 exact hexstring 012103060f1c333a3b
dhcp 2 message-type request option 60 exact ascii dhcpcd-5.5.6
dhcp-match-message-type request
!
client-identity Motorola-Android
dhcp 1 message-type request option 55 starts-with hexstring 012103060f1c2c333a3b
dhcp-match-message-type request
!
client-identity Windows-10
dhcp 1 message-type request option 55 exact hexstring 01002710792c78
dhcp 5 message-type request option 60 exact ascii "MSFT 5.0"
dhcp-match-message-type request
!
client-identity iPhone-iPad
dhcp 4 message-type request option 55 exact hexstring 017903060f77fc
dhcp 10 message-type request option 55 exact hexstring 0103060f77fc
dhcp 1 message-type request option-codes exact hexstring 3537393d32330c
dhcp 2 message-type request option-codes exact hexstring 3537393d32360c
dhcp 3 message-type request option-codes exact hexstring 3537393d3233
dhcp 6 message-type request option-codes exact hexstring 3537393d330c
dhcp-match-message-type request
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
permit ip any 224.0.0.0/4 rule-precedence 21 rule-description "Allow IP multicast for Chromecast and Apple TV Boxes to work"
permit ip any host 255.255.255.255 rule-precedence 22 rule-description "allow IP local broadcast for Chromecast and Apple TV Boxes to work"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
permit proto 254 any any rule-precedence 101 rule-description Sip traffic
permit tcp any eq 5061 any rule-precedence 102 rule-description sip traffic
permit ip any xxx.245.xx.0/21 rule-precedence 103 rule-description RC Network
permit ip any xxx.23.xxx.0/22 rule-precedence 104 rule-description RC Network
permit ip any xxx.255.xxx.0/22 rule-precedence 106 rule-description RC Network
permit ip any xxx.68.xxx.0/22 rule-precedence 107 rule-description RC Network
permit tcp any range 8008 8009 any range 8008 8009 rule-precedence 108
permit udp any eq 53 any rule-precedence 110
permit udp any eq 1900 any rule-precedence 111
permit tcp any xxx.236.xxx.128/2x eq https rule-precedence 113
permit tcp any xxx.241.xxx.192/2x eq https rule-precedence 114
permit tcp any xxx.246.xxx.128/2x eq https rule-precedence 115
permit tcp any xxx.207.xxx.192/2x eq https rule-precedence 116
permit tcp any xxx.58.xxx.160/2x eq https rule-precedence 117
permit tcp any xxx.11.xxx.96/2x eq https rule-precedence 118
permit tcp any xxx.153.xxx.160/2x eq https rule-precedence 119
permit tcp any xxx.249.xxx.128/2x eq https rule-precedence 121
permit tcp any xxx.22xxx.112/2x eq https rule-precedence 122
permit tcp any 54.175.63.64/26 eq https rule-precedence 123
permit tcp any 54.93.127.192/26 eq https rule-precedence 124
permit tcp any xxx.209.xxx.64/2x eq https rule-precedence 125
permit tcp any xxx.241.xxx.64/2x eq https rule-precedence 126
permit tcp any xxx.219.xxx.192/2x eq https rule-precedence 127
permit tcp any xxx.4.xxx.128/2x eq https rule-precedence 128
permit tcp any xxx.233.xxx.192/2x eq https rule-precedence 129
permit tcp any xxx.219.xxx.64/2x eq https rule-precedence 130
permit tcp any xxx.175.xxx.192/2x eq https rule-precedence 131
permit tcp any xxx.250.xxx.0/2x eq https rule-precedence 132
permit tcp any xxx.171.xxx.192/2x eq https rule-precedence 133
permit tcp any xxx.93.xxx.192/x eq https rule-precedence 134
permit udp any range 5060 5061 any range 5060 5061 rule-precedence 135
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
deny host 00-1F-3B-26-02-A5 host 00-1F-3B-26-02-A5 rule-precedence 30
!
ip snmp-access-list Mic_HQ
permit host xxx.17.1xx.xxx
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
storm-control multicast log warnings
ip-mac conflict log-and-drop log-level debugging
no ipv6 firewall enable
no stateful-packet-inspection-l2
!
role-policy RBFW
user-role Guest precedence 1
assign vlan 1
ssid contains RKOI
user-role Corp precedence 2
assign vlan 1
group exact Corp
!
!
mint-policy global-default
!
meshpoint-qos-policy default
accelerated-multicast autodetect classification voice
!
wlan-qos-policy default
classification normal
classification non-unicast normal
qos trust dscp
qos trust wmm
!
radio-qos-policy default
no admission-control implicit-tspec
admission-control voice
admission-control video
admission-control video max-airtime-percent 15
accelerated-multicast max-streams 60
!
aaa-policy INTERNAL-AAA
authentication server 1 onboard controller
!
association-acl-policy Mic_Ban
deny 4C-0B-BE-04-F1-04 4C-0B-BE-04-F1-04 precedence 1
!
wlan 1
description Guest
ssid HOTSPOT
vlan 10
bridging-mode tunnel
encryption-type tkip-ccmp
authentication-type none
no answer-broadcast-probes
radio-resource-measurement
no radio-resource-measurement channel-report
fast-bss-transition
wpa-wpa2 psk 0 6hbZ5r5sYJ
wpa-wpa2 handshake timeout 200 300 400 500
wpa-wpa2 handshake attempts 5
use ip-access-list out BROADCAST-MULTICAST-CONTROL
use mac-access-list out PERMIT-ARP-AND-IPv4
!
wlan 2
description Microlise WLAN
ssid WLANBG
vlan 1
bridging-mode tunnel
encryption-type tkip-ccmp
authentication-type none
no answer-broadcast-probes
fast-bss-transition
wpa-wpa2 psk 0 xxxxxxxxxx
wpa-wpa2 handshake timeout 200 300 400 500
wpa-wpa2 handshake attempts 5
accounting syslog host xxx.17.154.xx port 514 proxy-mode through-controller
data-rates 2.4GHz gn
data-rates 5GHz an
ip arp trust
ip dhcp trust
use ip-access-list out BROADCAST-MULTICAST-CONTROL
use mac-access-list out PERMIT-ARP-AND-IPv4
!
wlan 3
description ICT Test
ssid DOMTEST
vlan 10
bridging-mode tunnel
encryption-type tkip-ccmp
authentication-type none
no answer-broadcast-probes
radio-resource-measurement
fast-bss-transition
wpa-wpa2 psk 0 Dxuxles1x
wpa-wpa2 handshake timeout 200 300 400 500
wpa-wpa2 handshake attempts 5
wing-extensions ft-over-ds-aggregate
no client-load-balancing allow-single-band-clients 5ghz
!
wlan 4
description Company Mobile Phone
ssid VoipT
vlan 10
bridging-mode tunnel
encryption-type tkip-ccmp
authentication-type none
no answer-broadcast-probes
radio-resource-measurement
fast-bss-transition
wpa-wpa2 psk 0 Un1fyxxx
wpa-wpa2 handshake timeout 200 300 400 500
wpa-wpa2 handshake attempts 5
data-rates 2.4GHz gn
data-rates 5GHz an
use ip-access-list out BROADCAST-MULTICAST-CONTROL
use mac-access-list out PERMIT-ARP-AND-IPv4
!
wlan Group-1-DOT1X
description PEAP-TEST
shutdown
ssid RKOI
vlan 1
bridging-mode tunnel
encryption-type ccmp
authentication-type eap
radio-resource-measurement
fast-bss-transition
use aaa-policy INTERNAL-AAA
registration device-OTP group-name tesco expiry-time 4320
service monitor aaa-server
!
meshpoint link
meshid link
beacon-format mesh-point
control-vlan 1
allowed-vlans 1-4094
neighbor inactivity-timeout 60
security-mode none
wpa2 psk 0 hellomoto
no root
!
smart-rf-policy Wood2
channel-width 5GHz auto
channel-width 2.4GHz auto
!
radius-group Corp
policy ssid RKOI
!
radius-group Guest
guest
!
radius-group Test-eap
policy vlan 1
policy ssid RKOI
!
radius-user-pool-policy CORP-USER
user John password 0 doe group Corp
!
radius-user-pool-policy Test-eap
user DT-355856050632419 password 0 Pa55w0rd group Corp Test-eap
!
radius-server-policy RADIUS
use radius-user-pool-policy Test-eap
no ldap-group-verification
!
!
management-policy default
no telnet
no http server
https server
no ftp
ssh
user admin password 1 ab38cb210d7336ec17bcad7b2d0d7fa644e98f9fcd32c691c5ac1875f5858854 role superuser access all
allowed-location MHQ locations MHQ
snmp-server manager v1
snmp-server manager v2
no snmp-server manager v3
snmp-server community 0 public ro ip-snmp-access-list Mic_HQ
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
snmp-server enable traps
snmp-server host xxx.xx.146.1x v2c 161 community 0 public
t5 snmp-server community public ro 192.168.0.1
t5 snmp-server community private rw 192.168.0.1
!
event-system-policy Mesh
event mesh meshpoint-loop-prevent-on email off
event mesh meshpoint-eap-server-timeout email off
event mesh mp-rescan email off
event mesh mesh-link-down email on
event mesh mpr-chan-change email off
event mesh meshpoint-eap-failed email off
event mesh meshpoint-root-change email off
event mesh meshpoint-down email off
event mesh meshpoint-eap-success email off
event mesh meshpoint-eap-client-timeout email off
event mesh meshpoint-up email off
event mesh meshpoint-path-change email off
event mesh meshpoint-loop-prevent-off email off
event mesh mp-chan-change email off
event mesh mesh-link-up email on
!
ex3500-management-policy default
snmp-server community public ro
snmp-server community private rw
snmp-server notify-filter 1 remote 127.0.0.1
snmp-server view defaultview 1 included
!
ex3500-qos-class-map-policy default
!
ex3500-qos-policy-map default
!
l2tpv3 policy default
!
profile rfs7000 default-rfs7000
autoinstall configuration
autoinstall firmware
use radius-server-policy RADIUS
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface me1
interface ge1
interface ge2
interface ge3
interface ge4
interface pppoe1
use firewall-policy default
use role-policy RBFW
cluster member ip 172.xxx.146.105 level 1
cluster member ip 172.xxx.146.106 level 1
cluster member vlan 1
logging on
logging syslog debugging
logging host 1xx.xxx.154.4x
no logging forward
no lldp run
service pm sys-restart
router ospf
!
profile ap7532 AP7532_De
dscp-mapping 46 priority 7
autoinstall configuration
autoinstall firmware
led flash-pattern
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
interface radio2
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
logging on
no lldp run
service pm sys-restart
router ospf
traffic-shape total-bandwidth 20 Mbps
traffic-shape enable
!
profile ap7532 Mic_7532
dscp-mapping 46 priority 7
ip default-gateway xxx.xxx.xxx.xxx
autoinstall configuration
autoinstall firmware
led flash-pattern
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
data-rates gn
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 4 primary
antenna-mode 3x3
antenna-diversity
interface radio2
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 4 primary
interface ge1
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1,10
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
ntp server xxx.xxx.144.1xx prefer version 3
ntp server xxx.xxx.144.xxx version 3
use role-policy RBFW
logging on
no cdp run
no lldp run
service pm sys-restart
router ospf
traffic-shape total-bandwidth 20 Mbps
traffic-shape enable
!
profile ap7532 default-ap7532
dscp-mapping 46 priority 7
autoinstall configuration
autoinstall firmware
led flash-pattern
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
interface radio2
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
ntp server xxx.xxx.144.1xx prefer version 3
ntp server xxx.xxx.144.1xx version 3
logging on
no cdp run
no lldp run
service pm sys-restart
router ospf
traffic-shape total-bandwidth 20 Mbps
traffic-shape enable
!
profile ap7532 mic-mesh
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
placement outdoor
interface radio2
placement outdoor
meshpoint link bss 1
non-unicast tx-rate lowest-basic
no dynamic-chain-selection
interface ge1
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1-4094
interface pppoe1
use event-system-policy Mesh
use firewall-policy default
email-notification host dom02 sender WifiBridge@microlise.com port 25
email-notification recipient support@microlise.com
no cdp run
service pm sys-restart
router ospf
!
profile ap7532 wood_2
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface pppoe1
use firewall-policy default
use role-policy RBFW
no cdp run
no lldp run
service pm sys-restart
router ospf
!
profile ap71xx Mic71xxx
ip default-gateway xxx.xxx.144.xxx
autoinstall configuration
autoinstall firmware
device-upgrade persist-images
load-balancing balance-ap-loads
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface radio1
data-rates custom basic-5.5 basic-11 basic-12 basic-18 basic-24 basic-36 basic-48 basic-54 basic-mcs-1s mcs-2s
rate-selection opportunistic
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
wlan 4 bss 4 primary
preamble-short
no dynamic-chain-selection
no adaptivity recovery
interface radio2
data-rates custom basic-12 basic-18 basic-24 basic-36 basic-48 basic-54 basic-mcs-1s mcs-2s
rate-selection opportunistic
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
wlan 4 bss 4 primary
no dynamic-chain-selection
no adaptivity recovery
interface radio3
shutdown
interface ge1
interface ge2
shutdown
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface wwan1
interface pppoe1
use firewall-policy default
ntp server xxx.xxx.144.150 prefer version 3
ntp server xxx.xxx.144.151 version 3
logging on
no lldp run
no auto-learn staging-config
service pm sys-restart
traffic-shape enable
!
profile ap71xx default-ap71xx
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface radio1
interface radio2
interface radio3
interface ge1
interface ge2
interface wwan1
interface pppoe1
use firewall-policy default
service pm sys-restart
!
profile ap650 default-ap650
ip default-gateway xxx.xxx.144.xxx
autoinstall configuration
autoinstall firmware
no device-upgrade auto
load-balancing balance-ap-loads
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
power 20
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
wlan 4 bss 4 primary
interface radio2
power 20
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
logging on
service pm sys-restart
!
rf-domain Wood_2
location ML_HQ
timezone Europe/London
country-code gb
use smart-rf-policy Wood2
!
rf-domain default
no country-code
!
rfs7000 00-15-70-38-0A-F9
use profile default-rfs7000
use rf-domain Wood_2
hostname rfs7000-Backup
layout-coordinates 145.5 212.5
no mint mlcp ipv6
no mint tunnel-across-extended-vlan
no spanning-tree mst enable bridge-forward
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
spanning-tree mst region RFS_ML
spanning-tree mst revision 2
ip name-server xxx.xxx.144.1xx
ip name-server xxx.xxx.144.xxx
ip domain-name l.local
area "Mez Floor"
ip default-gateway xxx.xxx.144.xxx
interface ge1
speed 1000
duplex full
interface vlan1
ip address xxx.xxx.xxx.106/2x
interface vlan10
ip address dhcp
cluster name M_HQ_Cluster
cluster mode standby
cluster member vlan 1
cluster master-priority 100
cluster handle-stp
cluster force-configured-state
!
rfs7000 00-15-70-81-BE-8E
use profile default-rfs7000
use rf-domain Wood_2
hostname rfs7000-Primary
layout-coordinates 481.5 9.5
license AP baa10e1a4916c4f89b2c620c20ab86b72fd7aefe10c9d75c90cfe595682b28cc0cff4e7c66e1796b
timezone Europe/London
country-code gb
channel-list 2.4GHz 1,2,3,4,5,7,8,10,11,12,13,14
no mint mlcp ipv6
no mint tunnel-across-extended-vlan
ip igmp snooping
ip igmp snooping querier
no spanning-tree mst enable bridge-forward
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
spanning-tree mst region RFS_ML
spanning-tree mst revision 2
ip name-server xxx.xxx.144.1xx
ip name-server xxx.xxx.144.1xx
ip domain-name m.local
area "B4 SRm"
floor GF
ip default-gateway xxx.xxx.144.xxx
no use radius-server-policy
interface me1
ip address 10.10.10.10/24
interface ge1
speed 1000
duplex full
switchport mode trunk
switchport trunk native vlan 1
switchport trunk native tagged
switchport trunk allowed vlan 1,10-11
no ipv6 nd raguard
no ip arp trust
ip arp header-mismatch-validation
interface vlan1
description Ron
ip address xxx.xxx.146.1xx/20
use ip-access-list in BROADCAST-MULTICAST-CONTROL
interface vlan10
ip address dhcp
ip dhcp client request options all
ntp server xxx.xxx.144.1xx prefer version 3
ntp server xxx.xxx.144.1xx version 3
cluster name M_HQ_Cluster
cluster member vlan 1
cluster master-priority 200
cluster handle-stp
cluster force-configured-state
traffic-shape class 1 rate 70 Mbps
traffic-shape total-bandwidth 70 Mbps
traffic-shape enable
!
ap7532 84-24-8D-80-C3-AC
use profile Mic_7532
use rf-domain Wood_2
hostname ap7532-2-Delivery
area HR-Accounts-CEO
floor B4-First-Floor
interface radio1
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 3 primary
interface radio2
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 3 primary
interface ge1
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1,10
interface vlan1
ip address dhcp
!
ap7532 84-24-8D-80-C5-F4
use profile Mic_7532
use rf-domain Wood_2
hostname AP7532-ICT-B4a
location B4a-Sdesk
contact ICT
ip name-server xxx.xx.144.xx
ip name-server xxx.xx.144.xxx
ip domain-name m.local
ip default-gateway xxx.xxx.144.1.xxx
no ip default-gateway failover
interface radio1
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
wlan 4 bss 4 primary
no adaptivity recovery
interface radio2
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 3 bss 3 primary
wlan 4 bss 4 primary
antenna-mode 3x3
antenna-diversity
no adaptivity recovery
interface vlan1
ip address dhcp
ip address zeroconf secondary
!
ap7532 84-24-8D-80-C6-24
use profile Mic_7532
use rf-domain Wood_2
hostname AP7532-Reception-Landing
layout-coordinates -72.5 -198.5
area B4
floor First-floor-Theatre
interface radio1
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 4 primary
interface radio2
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 4 primary
!
ap7532 84-24-8D-82-BC-78
use profile mic-mesh
use rf-domain Wood_2
hostname ap7532-Remote-Bridge
layout-coordinates -179.5 -291.5
geo-coordinates 53.0151 -1.3156
ip igmp snooping
interface radio1
shutdown
power smart
no mesh
mesh psk 0 RUc6UnarePa&
interface radio2
power smart
no mesh
mesh psk 0 RUc6UnarePa&
antenna-gain 0.0
antenna-mode 3x3
antenna-diversity
interface vlan1
ip address 172.17.148.252/20
ip address zeroconf secondary
!
ap7532 84-24-8D-82-BC-F4
use profile Mic_7532
use rf-domain Wood_2
ap7532-82BCF4-eap
layout-coordinates 159.5 -1hostname86.5
area TBC
floor TBC
interface radio1
wlan Group-1-DOT1X bss 1 primary
interface radio2
wlan Group-1-DOT1X bss 1 primary
interface ge1
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1,10
interface vlan1
ip address dhcp
ip address zeroconf secondary
!
ap7532 84-24-8D-82-BD-80
use profile Mic_7532
use rf-domain Wood_2
hostname ap7532-Reception
layout-coordinates 214.5 -155.5
area Reception-by-Lift
floor Ground-Floor
interface radio1
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 4 primary
interface radio2
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 4 primary
interface ge1
no cdp receive
no cdp transmit
no lldp receive
no lldp transmit
!
ap7532 84-24-8D-82-BF-18
use profile m-mesh
use rf-domain Wood_2
hostname ap7532-HQ-Bridge
layout-coordinates 258.5 -298.5
geo-coordinates xx.0137 -1.3146
bridge vlan 1
ip default-gateway xxx.xxx.144.1.xxx
interface radio1
shutdown
data-rates gn
placement outdoor
no mesh
antenna-gain 0.0
antenna-mode default
no antenna-diversity
interface radio2
power smart
no mesh
mesh psk 0 RUc6UnarePa&
antenna-gain 0.0
antenna-mode 3x3
antenna-diversity
interface vlan1
ip address xxx.17.xx.251/2x
ip address zeroconf secondary
meshpoint-device link
root
!
ap7532 84-24-8D-82-C7-88
use profile Mic_7532
use rf-domain Wood_2
hostname ap7532-1-Delivery
layout-coordinates x48.5 -201.5
area Delivery
floor B4-First-Floor-Kitchen-Sec-end
interface radio1
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 3 primary
interface radio2
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 3 primary
interface ge1
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1,10
no cdp receive
no cdp transmit
no lldp receive
no lldp transmit
!
ap71xx 00-15-70-EB-7C-A8
use profile Mic71xxx
use rf-domain Wood_2
hostname ap7131-7-PC01
layout-coordinates -396.5 -39.4
area "PortaCabin- Embedded Team"
floor B4a-GF
interface radio1
no shutdown
channel smart
power smart
data-rates default
wlan 1 bss 1 primary
wlan 2 bss 2 primary
wlan 4 bss 5 primary
non-unicast tx-rate lowest-basic
no antenna-diversity
interface radio2
no shutdown
channel smart
power smart
data-rates an
wlan 1 bss 1 primary
wlan 2 bss 2 primar
