Building configuration... Current configuration : 9485 bytes ! ! Last configuration change at 19:49:57 CST Wed Apr 2 2025 ! NVRAM config last updated at 19:50:00 CST Wed Apr 2 2025 ! version 16.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec no platform punt-keepalive disable-kernel-core ! hostname WLC ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! enable secret 5 $1$azST$3QqaYowq8wuqMQBcOdXQ/0 enable password Cisco3850-XX ! no aaa new-model clock timezone CST -5 0 switch 1 provision ws-c3850-48p ! ! ! ! ip routing ! ! ! ip dhcp excluded-address 10.11.0.1 ip dhcp excluded-address 10.30.0.1 ! ip dhcp pool AP_POOL network 10.11.0.0 255.255.0.0 dns-server 10.10.1.1 8.8.8.8 8.8.4.4 default-router 10.11.0.1 option 43 hex f104.0a0b.0001 ! ip dhcp pool WIRELESS_DEVICES network 10.30.0.0 255.255.0.0 dns-server 10.10.1.1 8.8.8.8 8.8.4.4 default-router 10.30.0.1 ! ! ! ! ! ! ! ! ! ! central-management-version 723672169418063875 ! crypto pki trustpoint TP-self-signed-3524352232 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3524352232 revocation-check none rsakeypair TP-self-signed-3524352232 ! ! crypto pki certificate chain TP-self-signed-3524352232 certificate self-signed 01 ! license boot level ipservicesk9 diagnostic bootup level minimal spanning-tree mode rapid-pvst spanning-tree extend system-id ! username joes privilege 15 secret 5 $1$lmhb$.Hp2DC5pyiHCw5Pbsz0Ye0 username joseole privilege 15 secret 5 $1$a2BJ$e17dYfou98zUKZTvGzRbB0 ! redundancy mode sso ! ! transceiver type all monitoring ! ! class-map match-any system-cpp-police-topology-control description Topology control class-map match-any system-cpp-police-sw-forward description Sw forwarding, SGT Cache Full, LOGGING class-map match-any system-cpp-default description DHCP snooping, show forward and rest of traffic class-map match-any system-cpp-police-sys-data description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed class-map match-any system-cpp-police-punt-webauth description Punt Webauth class-map match-any system-cpp-police-forus description Forus Address resolution and Forus traffic class-map match-any system-cpp-police-multicast-end-station description MCAST END STATION class-map match-any system-cpp-police-multicast description Transit Traffic and MCAST Data class-map match-any system-cpp-police-l2-control description L2 control class-map match-any system-cpp-police-dot1x-auth description DOT1X Auth class-map match-any system-cpp-police-data description ICMP_GEN and BROADCAST class-map match-any system-cpp-police-control-low-priority description ICMP redirect and general punt class-map match-any system-cpp-police-wireless-priority1 description Wireless priority 1 class-map match-any system-cpp-police-wireless-priority2 description Wireless priority 2 class-map match-any system-cpp-police-wireless-priority3-4-5 description Wireless priority 3,4 and 5 class-map match-any non-client-nrt-class class-map match-any system-cpp-police-routing-control description Routing control class-map match-any system-cpp-police-protocol-snooping description Protocol snooping ! policy-map port_child_policy class non-client-nrt-class bandwidth remaining ratio 10 policy-map system-cpp-policy class system-cpp-police-data police rate 200 pps class system-cpp-police-sys-data police rate 100 pps class system-cpp-police-sw-forward police rate 1000 pps class system-cpp-police-multicast police rate 500 pps class system-cpp-police-multicast-end-station police rate 2000 pps class system-cpp-police-punt-webauth class system-cpp-police-l2-control class system-cpp-police-routing-control police rate 1800 pps class system-cpp-police-control-low-priority class system-cpp-police-wireless-priority1 class system-cpp-police-wireless-priority2 class system-cpp-police-wireless-priority3-4-5 class system-cpp-police-topology-control class system-cpp-police-dot1x-auth class system-cpp-police-protocol-snooping class system-cpp-police-forus class system-cpp-default ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf no ip address negotiation auto ! interface GigabitEthernet1/0/1 switchport access vlan 30 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/2 ! interface GigabitEthernet1/0/3 ! interface GigabitEthernet1/0/4 ! interface GigabitEthernet1/0/5 ! interface GigabitEthernet1/0/6 ! interface GigabitEthernet1/0/7 ! interface GigabitEthernet1/0/8 ! interface GigabitEthernet1/0/9 ! interface GigabitEthernet1/0/10 ! interface GigabitEthernet1/0/11 ! interface GigabitEthernet1/0/12 ! interface GigabitEthernet1/0/13 ! interface GigabitEthernet1/0/14 ! interface GigabitEthernet1/0/15 ! interface GigabitEthernet1/0/16 ! interface GigabitEthernet1/0/17 ! interface GigabitEthernet1/0/18 ! interface GigabitEthernet1/0/19 ! interface GigabitEthernet1/0/20 ! interface GigabitEthernet1/0/21 ! interface GigabitEthernet1/0/22 ! interface GigabitEthernet1/0/23 ! interface GigabitEthernet1/0/24 ! interface GigabitEthernet1/0/25 ! interface GigabitEthernet1/0/26 ! interface GigabitEthernet1/0/27 ! interface GigabitEthernet1/0/28 ! interface GigabitEthernet1/0/29 ! interface GigabitEthernet1/0/30 ! interface GigabitEthernet1/0/31 ! interface GigabitEthernet1/0/32 ! interface GigabitEthernet1/0/33 ! interface GigabitEthernet1/0/34 ! interface GigabitEthernet1/0/35 ! interface GigabitEthernet1/0/36 ! interface GigabitEthernet1/0/37 ! interface GigabitEthernet1/0/38 ! interface GigabitEthernet1/0/39 ! interface GigabitEthernet1/0/40 ! interface GigabitEthernet1/0/41 ! interface GigabitEthernet1/0/42 ! interface GigabitEthernet1/0/43 ! interface GigabitEthernet1/0/44 switchport access vlan 11 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/45 ! interface GigabitEthernet1/0/46 switchport access vlan 11 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/47 ! interface GigabitEthernet1/0/48 switchport access vlan 11 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/1/1 ! interface GigabitEthernet1/1/2 ! interface GigabitEthernet1/1/3 ! interface GigabitEthernet1/1/4 ! interface TenGigabitEthernet1/1/1 ! interface TenGigabitEthernet1/1/2 ! interface TenGigabitEthernet1/1/3 switchport trunk allowed vlan 10,20 switchport mode trunk ! interface TenGigabitEthernet1/1/4 ! interface Vlan1 no ip address shutdown ! interface Vlan10 ip address 10.0.10.1 255.255.0.0 secondary ip address 10.10.0.1 255.255.0.0 ! interface Vlan11 ip address 10.11.0.1 255.255.0.0 ! interface Vlan30 ip address 10.30.0.1 255.255.0.0 ! ip default-gateway 10.10.1.1 ip forward-protocol nd no ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 25 ip http session-idle-timeout 1200 ip route 0.0.0.0 0.0.0.0 10.10.1.1 ip route 10.0.0.0 255.255.0.0 Vlan10 ip route 10.10.0.0 255.255.0.0 Vlan10 ip route 10.11.0.0 255.255.0.0 Vlan11 ip route 10.30.0.0 255.255.0.0 Vlan30 ! ! ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data permit tcp any any eq 22 permit tcp any any eq 465 permit tcp any any eq 143 permit tcp any any eq 993 permit tcp any any eq 995 permit tcp any any eq 1914 permit tcp any any eq ftp permit tcp any any eq ftp-data permit tcp any any eq smtp permit tcp any any eq pop3 ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf permit udp any any range 16384 32767 permit tcp any any range 50000 59999 ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger permit tcp any any range 2300 2400 permit udp any any range 2300 2400 permit tcp any any range 6881 6999 permit tcp any any range 28800 29100 permit tcp any any eq 1214 permit udp any any eq 1214 permit tcp any any eq 3689 permit udp any any eq 3689 permit tcp any any eq 11999 ip access-list extended AutoQos-4.0-wlan-Acl-Signaling permit tcp any any range 2000 2002 permit tcp any any range 5060 5061 permit udp any any range 5060 5061 ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data permit tcp any any eq 443 permit tcp any any eq 1521 permit udp any any eq 1521 permit tcp any any eq 1526 permit udp any any eq 1526 permit tcp any any eq 1575 permit udp any any eq 1575 permit tcp any any eq 1630 permit udp any any eq 1630 permit tcp any any eq 1527 permit tcp any any eq 6200 permit tcp any any eq 3389 permit tcp any any eq 5985 permit tcp any any eq 8080 ! ! ! ! control-plane service-policy input system-cpp-policy ! ! line con 0 exec-timeout 720 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 720 0 password T3rmP4ssw0rd login transport input telnet line vty 5 15 login ! ntp server 69.48.203.162 ntp server 23.168.24.210 ntp server 142.202.190.19 ntp server 23.168.136.132 ! ! ! ! ! ! wireless mobility controller wireless management interface Vlan11 wireless client user-timeout 10000 wlan Dot1x_Test 1 Dot1x_test client vlan 0030 ip dhcp required ip dhcp server 10.30.0.1 no security wpa akm dot1x security wpa akm psk set-key ascii 0 :.\2784S<.eG no shutdown ap dot11 airtime-fairness policy-name Default 0 ap group default-group ap hyperlocation ble-beacon 0 ap hyperlocation ble-beacon 1 ap hyperlocation ble-beacon 2 ap hyperlocation ble-beacon 3 ap hyperlocation ble-beacon 4 end Number of WLANs: 1 WLAN Profile Name : Dot1x_Test ================================================ Identifier : 1 Network Name (SSID) : Dot1x_test Status : Enabled Broadcast SSID : Enabled Universal AP Admin : Disabled Max Associated Clients per WLAN : 0 Max Associated Clients per AP per WLAN : 0 Max Associated Clients per AP Radio per WLAN : 0 AAA Policy Override : Disabled Network Admission Control NAC-State : Disabled Number of Active Clients : 0 Exclusionlist Timeout : 60 Session Timeout : 1800 seconds CHD per WLAN : Enabled Webauth DHCP exclusion : Disabled Interface : 0030 Interface Status : Up Multicast Interface : Unconfigured WLAN IPv4 ACL : unconfigured WLAN IPv6 ACL : none DHCP Server : 10.30.0.1 DHCP Address Assignment Required : Enabled DHCP Option 82 : Disabled DHCP Option 82 Format : ap-mac DHCP Option 82 Ascii Mode : Disabled DHCP Option 82 Rid Mode : Disabled Local Profiling -Policy Name : Disabled Device Classification : Disabled QoS Service Policy - Input Policy Name : unknown Policy State : None QoS Service Policy - Output Policy Name : unknown Policy State : None QoS Client Service Policy Input Policy Name : unknown Output Policy Name : unknown Maximum Allowed UP Value : 0 WMM : Allowed WifiDirect : Disabled Channel Scan Defer Priority: Priority (default) : 4 Priority (default) : 5 Priority (default) : 6 Scan Defer Time (msecs) : 100 Media Stream Multicast-direct : Disabled CCX - AironetIe Support : Enabled CCX - Gratuitous ProbeResponse (GPR) : Disabled CCX - Diagnostics Channel Capability : Disabled Dot11-Phone Mode (7920) : Invalid Wired Protocol : None Peer-to-Peer Blocking Action : Disabled Radio Policy : All DTIM period for 802.11a radio : 1 DTIM period for 802.11b radio : 1 Local EAP Authentication : Disabled Mac Filter Authorization list name : Disabled Accounting list name : Disabled 802.1x authentication list name : Disabled Security 802.11 Authentication : Open System Static WEP Keys : Disabled 802.1X : Disabled Wi-Fi Protected Access (WPA/WPA2) : Enabled WPA (SSN IE) : Disabled WPA2 (RSN IE) : Enabled TKIP Cipher : Disabled AES Cipher : Enabled Auth Key Management 802.1x : Disabled PSK : Enabled CCKM : Disabled FT dot1x : Disabled FT PSK : Disabled PMF dot1x : Disabled PMF PSK : Disabled FT Support : Disabled FT Reassociation Timeout : 20 FT Over-The-DS mode : Enabled PMF Support : Disabled PMF Association Comeback Timeout : 1 PMF SA Query Time : 200 CKIP : Disabled IP Security : Disabled L2TP : Disabled Web Based Authentication : Disabled Conditional Web Redirect : Disabled Splash-Page Web Redirect : Disabled Auto Anchor : Disabled Sticky Anchoring : Disabled Cranite Passthru : Disabled Fortress Passthru : Disabled PPTP : Disabled Infrastructure MFP protection : Enabled Webauth On-mac-filter Failure : Disabled Webauth Authentication List Name : Disabled Webauth Parameter Map : Disabled Tkip MIC Countermeasure Hold-down Timer : 60 Call Snooping : Disabled Passive Client : Disabled Non Cisco WGB : Disabled Band Select : Disabled Load Balancing : Disabled Multicast Buffer : Disabled Multicast Buffer Size : 0 IP Source Guard : Disabled Local HTTP Profiling Status : Disabled Radius HTTP Profiling Status : Disabled Assisted-Roaming Neighbor List : Disabled Prediction List : Disabled Dual Band Support : Disabled AVC Visibility : Disabled 802.11ac MU-MIMO : Disabled 802.11v BSS Transition service : Enabled BSS Transition Disassoc Imminent : Disabled BSS Transition Disassoc Timer : 200 BSS Transition Oproam Disassoc Timer : 40