AP1>en Password: AP1#show run Building configuration... Current configuration : 14489 bytes ! ! Last configuration change at 10:02:07 UTC Mon Jun 28 2021 ! version 17.3 service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime msec service call-home no platform punt-keepalive disable-kernel-core no platform punt-keepalive settings platform console serial ! hostname AP1 ! boot-start-marker boot-end-marker ! ! enable password admin@123 ! aaa new-model ! ! aaa authorization network Auth_MAC_Local local aaa authorization network Auth_Mac_Dev_1 local aaa authorization network Auth_Mac_Dev_2 local aaa authorization network Auth_Mac_Office local ! ! aaa attribute list Auth_Mac_AttList_Office attribute type ssid "A_BAN" ! aaa attribute list Auth_Mac_AttList_Dev_2 attribute type ssid "A_Dev_2" ! aaa attribute list Auth_Mac_AttList attribute type ssid "A_Dev_1" ! aaa attribute list wlan_lobby_access ! ! ! ! ! aaa session-id common no fips authorization-key ! ! ! ! ip name-server 208.67.222.222 208.67.220.220 ip domain timeout 1 login on-success log ! ! ! ! ! ! flow exporter default-flow-exporter destination local wlc ! ! flow monitor default-flow-monitor exporter default-flow-exporter record wireless avc basic ! ! crypto pki trustpoint SLA-TrustPoint enrollment pkcs12 revocation-check crl ! crypto pki trustpoint TP-self-signed-2707516555 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2707516555 revocation-check none rsakeypair TP-self-signed-2707516555 ! ! crypto pki certificate chain SLA-TrustPoint certificate ca 01 30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934 3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520 1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE 4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC 7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188 68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7 C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191 C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44 DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201 06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85 4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500 03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905 604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8 467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C 7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B 5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678 80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB 418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0 D697DF7F 28 quit crypto pki certificate chain TP-self-signed-2707516555 certificate self-signed 01 30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32373037 35313635 3535301E 170D3231 30363238 31303035 34385A17 0D333130 36323831 30303534 385A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37303735 31363535 35308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 0A028201 0100DF22 877142BC D5284655 65B5BE06 CEFD2297 BE06A57F B4AF6C6F 634EF291 FE500E6B CD7E9038 BF031DA8 D5444281 E565526A 295DD8BE 6FBCD9E0 7CA9BE32 8112B8A4 53FD98F3 61E6D4C6 C81035A8 75F70A49 59D2E719 D1E43413 9D48C7CD EC57F43A 74237251 8E35E08C BE1194A3 B39AFB52 897B0384 4CE7652D FB2071D9 D50026A2 72EB8DFD 5E4FD2B2 D1BDECD6 318DA9F6 86F6EC69 FAF60916 DAEC8D94 0ADA65FD B819D3A8 F0E69946 058C2F5A FDC28B90 83CBBC8E 9B063291 7FDF734F 9E2A1794 E78A7C73 BAAB93CF 1B4C2187 167F5D71 266B2DCF 24814EF3 12149894 CD6415CD 022DD8F5 0206102B 5FD69FEE 079752DF 880A02F5 F3958915 B524C053 89D90203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 14265DB4 E0E4CBAE 3FCA993E 745643F6 395781C8 E9301D06 03551D0E 04160414 265DB4E0 E4CBAE3F CA993E74 5643F639 5781C8E9 300D0609 2A864886 F70D0101 05050003 82010100 DDA58E85 6BAD9514 A4B9AD1B 0EB41547 163A6582 96B77C28 B682B766 77AF9DF5 7CE2AB74 C38912F5 5CD45F53 903D2A5A A6C14E98 DA665062 1B6EEB28 05145259 E0520646 3C4AF779 636BE7E6 272C3A47 37285DA6 87E16F22 2C238FCD 6D808100 25F87B62 5CA34F61 6E67C7B4 CEC51AAB F5EBAF7D BBC050EF 94C17BB0 2E0679D9 D1BB1A51 64683B8E 7EB53B63 40BD742A 8414EE41 72A9CDD9 C82EC441 A27A688A FA77B5AC 3727A614 82B410E1 301B456D 956D3A44 F56197A8 AD84ECAC F73F660A 290D35F4 8306444A B88D4879 ACAB87FB 97258D03 05F45DB9 043B3161 015EAA5E 0B69EDE6 8A515847 235AFF34 587104B9 E216069A BFA9DB59 52743637 56C67B6A quit ! crypto pki certificate pool cabundle nvram:ios_core.p7b ! memory free low-watermark processor 12899 ! license udi pid C9800-AP sn FGL2450L3XA device classifier username admin privilege 15 password 0 admin@123 username 886440007025 mac aaa attribute list Auth_Mac_AttList description tongliyang_iphone_220217 username 4c02204cdf2f mac aaa attribute list Auth_Mac_AttList_Office description tongliyang_shouji_220218 ! redundancy mode sso ! ! ! ! ! ! ! ! interface GigabitEthernet0 mac-address 0000.5e00.0101 ip dhcp client client-id GigabitEthernet0 ip dhcp client broadcast-flag clear ip address 192.168.50.205 255.255.255.0 no negotiation auto ! interface Vlan1 no ip address ! interface Vlan101 description connect-csw ip address 10.10.100.11 255.255.255.0 ! interface Vlan610 description VLAN610 no ip address ! interface Vlan620 description btcex_wireless ip address 172.16.20.2 255.255.255.0 ! interface Vlan630 description gu_wireless ip address 172.16.30.2 255.255.255.0 ! interface Vlan640 description VLAN640 no ip address ! interface Vlan690 description device_ap ip address 172.16.90.2 255.255.255.0 ! ip http server ip http authentication local ip http secure-server ip http secure-trustpoint CISCO_IDEVID_SUDI ip forward-protocol nd ip tftp blocksize 8192 ip route 0.0.0.0 0.0.0.0 GigabitEthernet0 250 ip dns server ip ssh version 2 ! ! ! snmp-server community BT RW snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps flowmon snmp-server enable traps tty snmp-server enable traps entity-sensor snmp-server enable traps entity snmp-server enable traps license snmp-server enable traps pki snmp-server enable traps smart-license snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down snmp-server host 192.168.50.190 BT snmp-server manager ! ! ! control-plane ! banner exec ^C ######################################################################################################## # # # Welcome to the Cisco Catalyst 9800-AP Embedded Wireless Controller command line interface. # # # # Please see command reference guide for the complete list of supported commands for this release: # # https://www.cisco.com/c/en/us/td/docs/wireless/embedded_wireless_controller_configuration_guide.html # # # ######################################################################################################## ^C ! line con 0 stopbits 1 line vty 0 3 password admin@123 length 0 transport input all line vty 4 password admin@123 transport input all line vty 5 15 transport input ssh ! call-home ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications. contact-email-addr sch-smart-licensing@cisco.com profile "CiscoTAC-1" active destination transport-method http ntp server 2.ciscome.pool.ntp.org ntp server 0.ciscome.pool.ntp.org ntp server 1.ciscome.pool.ntp.org ! ! ! ! ! wireless aaa policy default-aaa-policy wireless cts-sxp profile default-sxp-profile wireless management interface GigabitEthernet0 wireless profile airtime-fairness default-atf-policy 0 wireless profile flex test wireless profile flex default-flex-profile description "default flex profile" wireless profile flex Auth_Mac_Flex_Profile native-vlan-id 10 vlan-name vlan10 vlan-id 10 wireless profile image-download default description "default image download profile" wireless profile mesh default-mesh-profile description "default mesh profile" wireless profile policy sisco no central association no central dhcp no central switching description sisco dhcp-tlv-caching http-tlv-caching ipv4 flow monitor default-flow-monitor input ipv4 flow monitor default-flow-monitor output no shutdown wireless profile policy test_WLANID_2 no central association no central dhcp no central switching description test_OFFICE-Cisco no shutdown wireless profile policy default-policy-profile no central association no central switching description "default policy profile" dhcp-tlv-caching http-tlv-caching ipv4 flow monitor default-flow-monitor input ipv4 flow monitor default-flow-monitor output no shutdown wireless profile policy Auth_Mac_Policy_Profile aaa-override no central association no central switching description Auth_Mac_Policy_Profile ipv4 flow monitor default-flow-monitor input ipv4 flow monitor default-flow-monitor output no shutdown wireless tag site default-site-tag ap-profile test description "default site tag" flex-profile test no local-site wireless tag policy Auth_Mac_tag wlan A_BAN policy Auth_Mac_Policy_Profile wlan A_Dev_1 policy Auth_Mac_Policy_Profile wlan A_Dev_2 policy Auth_Mac_Policy_Profile wireless tag policy default-policy-tag description "default policy-tag" wlan A_BAN policy Auth_Mac_Policy_Profile wlan A_Dev_1 policy Auth_Mac_Policy_Profile wlan A_Dev_2 policy Auth_Mac_Policy_Profile wlan Web_Auth policy default-policy-profile wlan OFFICE-Cisco policy test_WLANID_2 wireless tag rf default-rf-tag description "default RF tag" wireless mgmt-via-wireless wireless country CN wlan test 1 test no security ft adaptive security wpa psk set-key ascii 0 admin@123 no security wpa akm dot1x security wpa akm psk no shutdown wlan A_BAN 9 A_BAN mac-filtering Auth_MAC_Local security ft over-the-ds security wpa psk set-key ascii 0 Aa321654 no security wpa akm dot1x security wpa akm psk wlan A_Dev_1 5 A_Dev_1 mac-filtering Auth_MAC_Local security ft over-the-ds security wpa psk set-key ascii 0 Aa321654 no security wpa akm dot1x security wpa akm psk wlan A_Dev_2 7 A_Dev_2 mac-filtering Auth_MAC_Local security ft over-the-ds security wpa psk set-key ascii 0 Aa321654 no security wpa akm dot1x security wpa akm psk wlan Web_Auth 10 Web_Auth mac-filtering Auth_MAC_Local security ft over-the-ds security web-auth security web-auth authentication-list web_auth security web-auth parameter-map global wlan OFFICE-Cisco 2 OFFICE-Cisco no security ft adaptive security wpa psk set-key ascii 0 o6HgahRDiLC no security wpa akm dot1x security wpa akm psk no shutdown ap dot11 24ghz rf-profile Low_Client_Density_rf_24gh coverage data rssi threshold -90 coverage level 2 coverage voice rssi threshold -90 description "pre configured Low Client Density rfprofile for 2.4gh radio" high-density rx-sop threshold low rate RATE_12M supported rate RATE_24M supported rate RATE_6M supported tx-power v1 threshold -65 no shutdown ap dot11 24ghz rf-profile High_Client_Density_rf_24gh description "pre configured High Client Density rfprofile for 2.4gh radio" high-density rx-sop threshold medium rate RATE_11M disable rate RATE_12M mandatory rate RATE_1M disable rate RATE_24M supported rate RATE_2M disable rate RATE_5_5M disable rate RATE_6M disable tx-power min 7 no shutdown ap dot11 24ghz rf-profile Typical_Client_Density_rf_24gh description "pre configured Typical Client Density rfprofile for 2.4gh radio" rate RATE_11M disable rate RATE_12M mandatory rate RATE_1M disable rate RATE_24M supported rate RATE_2M disable rate RATE_5_5M disable rate RATE_6M disable no shutdown ap dot11 24ghz rate RATE_12M supported ap dot11 24ghz rate RATE_24M supported ap dot11 24ghz rate RATE_6M supported ap dot11 5ghz rf-profile Low_Client_Density_rf_5gh coverage data rssi threshold -90 coverage level 2 coverage voice rssi threshold -90 description "pre configured Low Client Density rfprofile for 5gh radio" high-density rx-sop threshold low rate RATE_12M mandatory rate RATE_24M mandatory rate RATE_6M mandatory tx-power v1 threshold -60 no shutdown ap dot11 5ghz rf-profile High_Client_Density_rf_5gh description "pre configured High Client Density rfprofile for 5gh radio" high-density rx-sop threshold medium rate RATE_12M mandatory rate RATE_24M mandatory rate RATE_6M disable rate RATE_9M disable tx-power min 7 tx-power v1 threshold -65 no shutdown ap dot11 5ghz rf-profile Typical_Client_Density_rf_5gh description "pre configured Typical Density rfprofile for 5gh radio" rate RATE_12M mandatory rate RATE_24M mandatory rate RATE_6M mandatory no shutdown ap dot11 5ghz rate RATE_12M mandatory ap dot11 5ghz rate RATE_24M mandatory ap dot11 5ghz rate RATE_6M mandatory ap tri-radio ap tag-source-priority 2 source filter ap tag-source-priority 3 source ap ap location name test ap-eth-mac 70f0.966d.d994 ap-eth-mac 70f0.966d.da28 ap-eth-mac c884.a1aa.3240 description test ap profile test ap profile default-ap-profile description "default ap profile" trapflags ap crash trapflags ap noradiocards trapflags ap register end AP1#