version 17.3 service config service timestamps debug datetime msec service timestamps log datetime msec ! Call-home is enabled by Smart-Licensing. service call-home platform qfp utilization monitor load 80 platform punt-keepalive disable-kernel-core ! hostname NSWLC04 ! boot-start-marker boot system bootflash:packages.conf boot-end-marker ! ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ! aaa new-model ! ! aaa authentication login default local aaa authorization exec default local aaa authorization credential-download AP-auth local ! ! aaa attribute list wlan_lobby_access ! ! ! ! ! aaa session-id common clock timezone JST 9 0 vtp mode off ! ! ! ! ! ! ! no ip domain lookup ! ! ! login on-success log ! ! ! ! ! ! ! subscriber templating ! ! ! ! ! ! parameter-map type webauth global virtual-ip ipv4 192.0.2.1 ! no device-tracking logging theft access-session mac-move deny multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! crypto pki trustpoint TP-self-signed-3398299577 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3398299577 revocation-check none rsakeypair TP-self-signed-3398299577 ! crypto pki trustpoint SLA-TrustPoint enrollment pkcs12 revocation-check crl ! ! crypto pki certificate chain TP-self-signed-3398299577 certificate self-signed 01 30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33333938 32393935 3737301E 170D3232 30323232 30343338 33345A17 0D333230 32323230 34333833 345A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33393832 39393537 37308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 0A028201 0100B868 32EF6A9D C1CE8FAF 3EA94F39 F52019A4 A62DB282 ED5A3786 B40E76FA BE7449BE EBAE642D 1AE14A71 F4B23FA9 E1B78EBB 7E21BFEF AFF851D2 603C84E0 6C30A345 A33C1F75 5BED9979 65986764 8B6BB06A 2BF44372 3E3C96F8 88066B79 075175EE E259AE59 66C22783 8CD798D1 41C33592 4B2AD4DE D03B7F72 BC1DCE4A 2363806A B32A3572 BF7C5942 A0AC1F5E 9F27C61C D7AFA926 6BEDAD49 185E5979 381509CC 25EEBF49 9ABF8783 D2230C0F 682827FC C5311E8F 58E78EE2 CFDFFB4F 2945C040 3488D666 34F0986C 654358D3 9041FCC0 5A1DD875 5932B8CF CF27261D F8682AB5 E74573A5 69CAD8A4 E3AA8EFD CE1841F9 94D821E8 51640CE5 6D34C17C 10650203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 1494F9BD B3FA0E0B 270A473C AD859FF8 E2E4EF40 0C301D06 03551D0E 04160414 94F9BDB3 FA0E0B27 0A473CAD 859FF8E2 E4EF400C 300D0609 2A864886 F70D0101 05050003 82010100 6AFF7FC6 DB57CC45 0EF1C2FA BF78C0B5 72047E98 48802466 5F9D50E8 E260CE23 2294D4DE FB810BBE 9398FB7C BB531FEE 58D2E0AD 88C8F3BE 19C244C7 9369C675 9643A9FC 16E72B43 D3AEF0FB 1A851A46 8F6B5BF4 95EED501 3DFAF81E 2614E6EE CEF29760 533BBB21 BE285692 348CD81A 61C055A9 5B3D1126 0FB66918 F96A7348 5247410C 157AD81C D27319C2 7D36052D 3B0657B2 C3BA1D5C 5FB19D70 67662EF5 608FE5B2 23DF4E85 16C0AA7B B72076E7 59DADBD6 06132759 DF81C33E DA4B2532 07BE7A76 231E426A 3DF9290C 742299DD F5D337E2 8F657109 D71D192F 6F22F781 5768025C 8B22E85D 6D962FFA 6D7CDC00 814B78F8 D38ED0CA 3D8C6F34 96C6E07E quit crypto pki certificate chain SLA-TrustPoint certificate ca 01 30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934 3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520 1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE 4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC 7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188 68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7 C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191 C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44 DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201 06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85 4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500 03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905 604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8 467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C 7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B 5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678 80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB 418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0 D697DF7F 28 quit ! ! license udi pid C9800-L-C-K9 sn FCL25300095 license smart reservation device classifier memory free low-watermark processor 170281 ! service-template webauth-global-inactive inactivity-timer 3600 service-template DEFAULT_LINKSEC_POLICY_MUST_SECURE linksec policy must-secure service-template DEFAULT_LINKSEC_POLICY_SHOULD_SECURE linksec policy should-secure service-template DEFAULT_CRITICAL_VOICE_TEMPLATE voice vlan service-template DEFAULT_CRITICAL_DATA_TEMPLATE et-analytics diagnostic bootup level minimal ! username admin privilege 15 secret 9 $9$bSveGdM0LEKCJU$IiK6z8HXjKXs7fNmYe1J7MulEyKSWTYuLws/aq6PY/I username administrator privilege 15 secret 9 $9$4vPUJdbIay3ReE$XP7my0aHjj/o9/./C5SxBOWyzD0.2NxT7/6XTbtovcs username f0:4a:02:af:ec:12 mac ! redundancy mode sso ! ! ! ! ! vlan internal allocation policy ascending ! vlan 240 ! ! ! class-map match-any AVC-Reanchor-Class match protocol cisco-jabber-audio match protocol cisco-jabber-video match protocol webex-media match protocol webex-app-sharing match protocol webex-control match protocol webex-meeting match protocol wifi-calling ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Port-channel1 switchport mode access ! interface TwoGigabitEthernet0/0/0 negotiation auto no snmp trap link-status ! interface TwoGigabitEthernet0/0/1 negotiation auto no snmp trap link-status ! interface TwoGigabitEthernet0/0/2 negotiation auto no snmp trap link-status ! interface TwoGigabitEthernet0/0/3 negotiation auto no snmp trap link-status ! interface TenGigabitEthernet0/1/0 switchport mode access negotiation auto no snmp trap link-status channel-group 1 mode on ! interface TenGigabitEthernet0/1/1 switchport mode access negotiation auto no snmp trap link-status channel-group 1 mode on ! interface GigabitEthernet0 vrf forwarding Mgmt-intf ip address dhcp negotiation auto no mop enabled ! interface Vlan1 ip address 10.250.43.253 255.255.252.0 no mop enabled no mop sysid ! ip http server ip http authentication local ip http secure-server ip http secure-trustpoint CISCO_IDEVID_SUDI ip http session-idle-timeout 1200 ip forward-protocol nd ! ip route 0.0.0.0 0.0.0.0 10.250.40.200 ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.239.102.254 ! ! ! snmp-server manager ! ! ! ! ! control-plane ! ! ! ! ! ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 5 0 length 0 transport input telnet line vty 5 15 exec-timeout 5 0 length 0 transport input telnet ! call-home ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications. contact-email-addr sch-smart-licensing@cisco.com profile "CiscoTAC-1" active destination transport-method http ntp server 182.248.129.226 ntp server vrf Mgmt-intf 10.239.102.254 ! ! ! ! ! ! wireless aaa policy AAA-policy nas-id option1 ap-mac nas-id option2 ap-eth-mac nas-id option3 ap-name wireless aaa policy default-aaa-policy wireless cts-sxp profile default-sxp-profile wireless management interface Vlan1 public-ip 10.250.43.253 wireless profile airtime-fairness default-atf-policy 0 wireless profile flex KWS-flex-group-01 description KWS-flex-group native-vlan-id 240 vlan-name VLAN160 vlan-id 160 vlan-name VLAN240 vlan-id 240 wireless profile flex KWU-flex-group-01 description KWU-flex-group no local-auth ap radius native-vlan-id 240 vlan-name VLAN160 vlan-id 160 vlan-name VLAN240 vlan-id 240 wireless profile flex default-flex-profile description "default flex profile" no local-auth ap radius vlan-name VLAN240 vlan-id 240 wireless profile mesh default-mesh-profile description "default mesh profile" wireless profile policy NS-Air_flex_policy-01 no central association no central authentication no central dhcp no central switching description "Policy profile for NS-Air" idle-timeout 100000 session-timeout 0 vlan 240 no shutdown wireless profile policy default-policy-profile no central association no central authentication no central dhcp no central switching description "default policy profile" vlan default no shutdown wireless profile policy KWS_LIMS_flex_policy-01 no central association no central authentication no central dhcp no central switching description "Policy profile for KWS_LIMS" idle-timeout 100000 session-timeout 0 vlan 160 no shutdown wireless profile policy NS-Air24_flex_policy-01 no central association no central authentication no central dhcp no central switching description "Policy profile for NS-Air24" idle-timeout 100000 session-timeout 0 vlan 240 no shutdown wireless profile policy NS-Guest_flex_policy-01 no central association no central authentication no central dhcp no central switching description "Policy profile for NS-Guest" idle-timeout 100000 session-timeout 0 vlan 198 no shutdown wireless profile policy NS-Guest24_flex_policy-01 no central association no central authentication no central dhcp no central switching description "Policy profile for NS-Guest24" idle-timeout 100000 session-timeout 0 vlan 198 no shutdown wireless tag site KWS-site ap-profile KWS-AP-profile wireless tag site KWU-site ap-profile KWU-AP-profile wireless tag site default-site-tag description "default site tag" no local-site wireless tag policy KWS-flex-group-01 description "Policy for KWS" wlan NS-Air policy NS-Air_flex_policy-01 wlan KWS_LIMS policy KWS_LIMS_flex_policy-01 wireless tag policy KWU-flex-group-01 description "Policy for KWU" wlan NS-Air policy NS-Air_flex_policy-01 wlan KWS_LIMS policy KWS_LIMS_flex_policy-01 wireless tag policy default-policy-tag description "default policy-tag" wlan NS-Air policy NS-Air_flex_policy-01 wireless tag rf KWS-rf 24ghz-rf-policy 24GHz_profile 5ghz-rf-policy 5GHz_profile wireless tag rf KWU-rf 24ghz-rf-policy 24GHz_profile 5ghz-rf-policy 5GHz_profile wireless tag rf default-rf-tag 24ghz-rf-policy 24GHz_profile 5ghz-rf-policy 5GHz_profile description "default RF tag" wireless wps rogue ap init-timer 60 wireless wps rogue ap rldp alarm-only monitor-ap-only wireless wps rogue security-level high wireless mgmt-via-wireless wireless rf-network RF-Group wireless fabric control-plane default-control-plane wireless country J4 wlan NS-Air 1 NS-Air no broadcast-ssid load-balance media-stream multicast-direct radio dot11a security wpa psk set-key ascii 0 xxx no security wpa akm dot1x security wpa akm psk no shutdown wlan KWS_LIMS 5 KWS_LIMS no broadcast-ssid load-balance media-stream multicast-direct radio dot11a security wpa psk set-key ascii 0 xxx no security wpa akm dot1x security wpa akm psk no shutdown wlan NS-Air24 3 NS-Air24 no broadcast-ssid load-balance media-stream multicast-direct radio dot11bg security wpa psk set-key ascii 0 xxx no security wpa akm dot1x security wpa akm psk no shutdown wlan NS-Guest 2 NS-Guest media-stream multicast-direct radio dot11a security wpa psk set-key ascii 0 xxx no security wpa akm dot1x security wpa akm psk no shutdown wlan NS-Guest24 4 NS-Guest24 media-stream multicast-direct radio dot11bg security wpa psk set-key ascii 0 xxx no security wpa akm dot1x security wpa akm psk no shutdown ap dot11 24ghz rf-profile 24GHz_profile description "2.4GHz profile" rate RATE_12M supported rate RATE_24M supported rate RATE_6M supported no shutdown ap dot11 24ghz rf-profile Low_Client_Density_rf_24gh coverage data rssi threshold -90 coverage level 2 coverage voice rssi threshold -90 description "pre configured Low Client Density rfprofile for 2.4gh radio" high-density rx-sop threshold low rate RATE_12M supported rate RATE_24M supported rate RATE_6M supported tx-power v1 threshold -65 no shutdown ap dot11 24ghz rf-profile High_Client_Density_rf_24gh description "pre configured High Client Density rfprofile for 2.4gh radio" high-density rx-sop threshold medium rate RATE_11M disable rate RATE_12M mandatory rate RATE_1M disable rate RATE_24M supported rate RATE_2M disable rate RATE_5_5M disable rate RATE_6M disable tx-power min 7 no shutdown ap dot11 24ghz rf-profile Typical_Client_Density_rf_24gh description "pre configured Typical Client Density rfprofile for 2.4gh radio" rate RATE_11M disable rate RATE_12M mandatory rate RATE_1M disable rate RATE_24M supported rate RATE_2M disable rate RATE_5_5M disable rate RATE_6M disable no shutdown ap dot11 24ghz cleanair alarm air-quality ap dot11 24ghz cleanair alarm device ap dot11 24ghz cleanair alarm device ble-beacon ap dot11 24ghz cleanair alarm device bt-discovery ap dot11 24ghz cleanair alarm device bt-link ap dot11 24ghz cleanair alarm device canopy ap dot11 24ghz cleanair alarm device cont-tx ap dot11 24ghz cleanair alarm device dect-like ap dot11 24ghz cleanair alarm device fh ap dot11 24ghz cleanair alarm device inv ap dot11 24ghz cleanair alarm device jammer ap dot11 24ghz cleanair alarm device mw-oven ap dot11 24ghz cleanair alarm device nonstd ap dot11 24ghz cleanair alarm device si_fhss ap dot11 24ghz cleanair alarm device superag ap dot11 24ghz cleanair alarm device tdd-tx ap dot11 24ghz cleanair alarm device video ap dot11 24ghz cleanair alarm device wimax-fixed ap dot11 24ghz cleanair alarm device wimax-mobile ap dot11 24ghz cleanair alarm device xbox ap dot11 24ghz cleanair alarm device zigbee ap dot11 24ghz media-stream multicast-direct ap dot11 24ghz media-stream video-redirect ap dot11 24ghz cac voice acm no ap dot11 24ghz dot11ax ap dot11 24ghz rrm channel dca add 1 ap dot11 24ghz rrm channel dca add 6 ap dot11 24ghz rrm channel dca add 11 ap dot11 24ghz rate RATE_12M supported ap dot11 24ghz rate RATE_24M supported ap dot11 24ghz rate RATE_6M supported ap dot11 5ghz rf-profile 5GHz_profile description "5GHz profile" rate RATE_12M mandatory rate RATE_24M mandatory rate RATE_6M mandatory no shutdown ap dot11 5ghz rf-profile Low_Client_Density_rf_5gh coverage data rssi threshold -90 coverage level 2 coverage voice rssi threshold -90 description "pre configured Low Client Density rfprofile for 5gh radio" high-density rx-sop threshold low rate RATE_12M mandatory rate RATE_24M mandatory rate RATE_6M mandatory tx-power v1 threshold -60 no shutdown ap dot11 5ghz rf-profile High_Client_Density_rf_5gh description "pre configured High Client Density rfprofile for 5gh radio" high-density rx-sop threshold medium rate RATE_12M mandatory rate RATE_24M mandatory rate RATE_6M disable rate RATE_9M disable tx-power min 7 tx-power v1 threshold -65 no shutdown ap dot11 5ghz rf-profile Typical_Client_Density_rf_5gh description "pre configured Typical Density rfprofile for 5gh radio" rate RATE_12M mandatory rate RATE_24M mandatory rate RATE_6M mandatory no shutdown ap dot11 5ghz cleanair alarm air-quality ap dot11 5ghz cleanair alarm device canopy ap dot11 5ghz cleanair alarm device cont-tx ap dot11 5ghz cleanair alarm device dect-like ap dot11 5ghz cleanair alarm device inv ap dot11 5ghz cleanair alarm device jammer ap dot11 5ghz cleanair alarm device nonstd ap dot11 5ghz cleanair alarm device si_fhss ap dot11 5ghz cleanair alarm device superag ap dot11 5ghz cleanair alarm device tdd-tx ap dot11 5ghz cleanair alarm device video ap dot11 5ghz cleanair alarm device wimax-fixed ap dot11 5ghz cleanair alarm device wimax-mobile ap dot11 5ghz media-stream multicast-direct ap dot11 5ghz media-stream video-redirect ap dot11 5ghz cac voice acm no ap dot11 5ghz dot11ax ap dot11 5ghz rrm channel dca add 36 ap dot11 5ghz rrm channel dca add 40 ap dot11 5ghz rrm channel dca add 44 ap dot11 5ghz rrm channel dca add 48 ap dot11 5ghz rrm channel dca add 52 ap dot11 5ghz rrm channel dca add 56 ap dot11 5ghz rrm channel dca add 60 ap dot11 5ghz rrm channel dca add 64 ap dot11 5ghz rrm channel dca add 100 ap dot11 5ghz rrm channel dca add 104 ap dot11 5ghz rrm channel dca add 108 ap dot11 5ghz rrm channel dca add 112 ap dot11 5ghz rrm channel dca add 116 ap dot11 5ghz rrm channel dca add 120 ap dot11 5ghz rrm channel dca add 124 ap dot11 5ghz rrm channel dca add 128 ap dot11 5ghz rrm channel dca add 132 ap dot11 5ghz rrm channel dca add 136 ap dot11 5ghz rrm channel dca add 140 ap dot11 5ghz rate RATE_12M mandatory ap dot11 5ghz rate RATE_24M mandatory ap dot11 5ghz rate RATE_6M disable ap lsc-provision trustpoint CISCO_IDEVID_SUDI ap auth-list authorize-mac ap auth-list method-list AP-auth ap tag-source-priority 2 source filter ap tag-source-priority 3 source ap ap profile KWS-AP-profile capwap window size 10 dot1x lsc-ap-auth-state dot1x-port-auth lag no oeap link-encryption rogue detection min-rssi -80 ap profile KWU-AP-profile capwap window size 10 dot1x lsc-ap-auth-state dot1x-port-auth lag no oeap link-encryption rogue detection min-rssi -80 ap profile default-ap-profile capwap window size 10 description "default ap profile" lag link-encryption no oeap link-encryption rogue detection containment auto-rate rogue detection min-rssi -80 rogue detection min-transient-time 300 rogue detection report-interval 30 ap f04a.02af.ec12 policy-tag KWS-flex-group-01 rf-tag KWS-rf site-tag KWS-site trapflags ap crash trapflags ap noradiocards trapflags ap register end