aaa-policy CISCO-ISE
authentication server 1 host RADIUS-SERVER1 secret 0 RADIUS-SECRET
authentication server 1 timeout 5
authentication server 2 host RADIUS-SERVER2 secret 0 RADIUS-SECRET
authentication server 2 timeout 5
authentication protocol mschapv2
!
wlan WLAN-PERSONEL
ssid COMPANY-SSID
vlan VLAN-ID
bridging-mode local
encryption-type ccmp
authentication-type eap
use aaa-policy CISCO-ISE
!
wlan WLAN-GUEST
ssid COMPANY-GUEST
vlan VLAN-ID
bridging-mode local
encryption-type none
authentication-type none
!
smart-rf-policy SMART-RF-COMPANY-SITE1
group-by floor
channel-list 5GHz 36,40,44,48,52,56,60,64,100,104,108,112,136,140
channel-width 5GHz auto
channel-width 2.4GHz auto
no select-shutdown
no smart-sensor
!
smart-rf-policy SMART-RF-COMPANY-SITE2
group-by floor
channel-list 5GHz 36,40,44,48
channel-width 2.4GHz auto
channel-width 5GHz 20MHz
no select-shutdown
no smart-sensor
!
auto-provisioning-policy AUTO-PROVISIONING-1-COMPANY
default-adoption
adopt ap510-1 precedence 1 profile AP510-1-COMPANY-PROFILE rf-domain RF-DOMAIN-COMPANY-SITE1 any
!
auto-provisioning-policy AUTO-PROVISIONING-2-COMPANY
default-adoption
adopt ap510-1 precedence 1 profile AP510-1-COMPANY-PROFILE rf-domain RF-DOMAIN-COMPANY-SITE1 any
!
management-policy default
no telnet
no http server
nova
https server
rest-server
ssh
user admin password ADMIN-PASSWORD role superuser access all
user USER1 password USER1-PASSWORD role superuser access all
!
profile ap510-1 AP510-1-COMPANY-SITE1
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan WLAN-PERSONEL bss 1 primary
wlan WLAN-GUEST bss 2 primary
interface radio2
wlan WLAN-PERSONEL bss 1 primary
wlan WLAN-GUEST bss 2 primary
interface ge1
switchport mode trunk
switchport trunk allowed vlan 1,VLAN-ID1,VLAN-ID2
interface ge2
switchport mode trunk
switchport trunk allowed vlan 1,VLAN-ID1,VLAN-ID2
interface vlan1
ip address dhcp
interface pppoe1
interface usb0
use firewall-policy default
ntp server ntp1.etu.edu.tr prefer
ntp server ntp2.etu.edu.tr
controller host vx9000-CTRL1-HOSTNAME pool 1 level 1
controller host vx9000-CTRL2-HOSTNAME pool 1 level 1
controller vlan 1
service pm sys-restart
router ospf
adoption-mode controller
!
profile ap510-1 AP510-1-COMPANY-SITE2
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan WLAN-PERSONEL bss 1 primary
wlan WLAN-GUEST bss 2 primary
interface radio2
wlan WLAN-PERSONEL bss 1 primary
wlan WLAN-GUEST bss 2 primary
interface ge1
switchport mode trunk
switchport trunk allowed vlan 1,VLAN-ID1,VLAN-ID2
interface ge2
switchport mode trunk
switchport trunk allowed vlan 1,VLAN-ID1,VLAN-ID2
interface vlan1
ip address dhcp
interface pppoe1
interface usb0
use firewall-policy default
use auto-provisioning-policy AUTO-PROVISIONING-1-COMPANY
ntp server ntp1.etu.edu.tr prefer
ntp server ntp2.etu.edu.tr
controller host vx9000-controller1-HOSTNAME pool 1 level 1
controller host vx9000-controller2-HOSTNAME pool 1 level 1
controller vlan 1
service pm sys-restart
router ospf
adoption-mode controller
!
rf-domain RF-DOMAIN-COMPANY-SITE1
location “DESCRIPTION”
geo-coordinates Latitude Longitude
contact SUPPORT-TEAM
timezone Europe/Istanbul
country-code tr
use smart-rf-policy SMART-RF-COMPANY-SITE1
ad-wips-wireless-mitigation disable
ad-wips-wired-mitigation disable
tree-node country TURKEY city Istanbul campus “COMPANY”
!
rf-domain RF-DOMAIN-COMPANY-SITE2
location “DESCRIPTION”
geo-coordinates Latitude Longitude
contact SUPPORT-TEAM
timezone Europe/Istanbul
country-code tr
use smart-rf-policy SMART-RF-COMPANY-SITE2
ad-wips-wireless-mitigation disable
ad-wips-wired-mitigation disable
tree-node country TURKEY city Istanbul campus “COMPANY”
!
profile vx9000 default-vx9000
no autoinstall configuration
no autoinstall firmware
no device-upgrade auto
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface xge1
interface xge2
interface xge3
interface xge4
interface ge1
interface ge2
use firewall-policy default
logging on
service pm sys-restart
router bgp
adoption-mode controller
!
vx9000 VX9000-CONTR1-ID
use profile default-vx9000
use rf-domain RF-DOMAIN-COMPANY-SITE1
hostname VX9000-CONTR1-HOSTNAME
no lci-config
timezone Europe/Istanbul
mint mlcp vlan
mint mlcp ip
mint mlcp ipv6
no mint tunnel-across-extended-vlan
ip name-server NS1
ip name-server NS2
ip domain-name COMPANY-DOMAIN-NAME
floor FLOOR-NUMBER
device-upgrade auto
device-upgrade count 5
led
interface vlan1
ip address dhcp
use auto-provisioning-policy AUTO-PROVISIONING-1-COMPANY
ntp server NTP-1-SERVER-HOSTNAME prefer
ntp server NTP-2-SERVER-HOSTNAME
cluster name WIRELESS-CLUSTER-NAME
cluster mode active
cluster member ip CONTR1-IP
cluster member ip CONTR1-IP level 1
cluster member ip CONTR2-IP level 1
no cluster member vlan
cluster master-priority MASTER PRIORITY=255
no cluster handle-stp
cluster force-configured-state
cluster force-configured-state-delay 5
cluster radius-counter-db-sync-time 5
ip dns-server-forward
no controller vlan
!
vx9000 VX9000-CONTR2-ID
use profile default-vx9000
use rf-domain RF-DOMAIN-COMPANY-SITE1
hostname VX9000-CONTR2-HOSTNAME
interface vlan1
ip address dhcp
cluster name WIRELESS-CLUSTER-NAME
cluster mode standby
cluster member ip CONTR1-IP
cluster member ip CONTR1-IP level 1
cluster member ip CONTR2-IP level 1
How to configure Extreme Wing Controller?
By:
Notes to Myself 