This is the S1500 (GriffinTV) #show running-config Building Configuration... # # Configuration file for ArubaOS version 7.4 enable secret "******" hostname "GriffinTV" clock timezone EST -5 location "Building1.floor1" controller config 3 ip access-list eth validuserethacl permit any ! netservice svc-dhcp udp 67 68 netservice svc-dns udp 53 netservice svc-ftp tcp 21 netservice svc-h323-tcp tcp 1720 netservice svc-h323-udp udp 1718 1719 netservice svc-http tcp 80 netservice svc-https tcp 443 netservice svc-icmp 1 netservice svc-kerberos udp 88 netservice svc-natt udp 4500 netservice svc-ntp udp 123 netservice svc-sip-tcp tcp 5060 netservice svc-sip-udp udp 5060 netservice svc-sips tcp 5061 netservice svc-smtp tcp 25 netservice svc-ssh tcp 22 netservice svc-telnet tcp 23 netservice svc-tftp udp 69 netservice svc-vocera udp 5002 ip access-list stateless allowall-stateless any any any permit ! ip access-list session cplogout user alias controller svc-https dst-nat 8081 ! ip access-list stateless cplogout-stateless user alias controller sys-svc-https dst-nat 8081 ! ip access-list stateless dhcp-acl-stateless any any svc-dhcp permit ! ip access-list stateless dns-acl-stateless any any svc-dns permit ! ip access-list stateless http-acl-stateless any any svc-http permit ! ip access-list stateless https-acl-stateless any any svc-https permit ! ip access-list stateless icmp-acl-stateless any any svc-icmp permit ! ip access-list stateless logon-control-stateless any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session validuser network 169.254.0.0 255.255.0.0 any any deny any any any permit ! user-role authenticated access-list stateless allowall-stateless ! user-role denyall ! user-role denydhcp ! user-role guest access-list stateless http-acl-stateless access-list stateless https-acl-stateless access-list stateless dhcp-acl-stateless access-list stateless icmp-acl-stateless access-list stateless dns-acl-stateless ! user-role logon access-list stateless logon-control-stateless ! user-role preauth ! ! crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac mgmt-user admin root 505c782d01110b455611bd60724287990b2b49ef7e11568cf4 ntp server 4.2.2.1 firewall disable-stateful-h323-processing ! ip domain lookup ! aaa authentication mac "default" ! aaa authentication dot1x "default" ! aaa server-group "default" auth-server Internal set role condition role value-of ! aaa profile "default" ! aaa authentication captive-portal "default" ! aaa authentication vpn "default" ! aaa authentication mgmt ! aaa authentication wired ! web-server ! aaa password-policy mgmt ! traceoptions ! probe-profile "default" ! qos-profile "default" dscp 0 ! policer-profile "default" ! ip-profile default-gateway 10.1.10.160 controller-ip vlan 1 ! interface-profile ospf-profile "default" area 0.0.0.0 ! interface-profile pim-profile "default" ! interface-profile igmp-profile "default" ! stack-profile ! ipv6-profile ! activate-service-firmware ! aruba-central ! rogue-ap-containment ! interface-profile switching-profile "default" ! interface-profile switching-profile "Upstream-profile" switchport-mode trunk ! interface-profile switching-profile "WirelessAP" switchport-mode trunk ! interface-profile tunneled-node-profile "default" ! interface-profile poe-profile "default" ! interface-profile poe-profile "poe-factory-initial" enable ! interface-profile enet-link-profile "default" ! interface-profile lldp-profile "default" ! interface-profile lldp-profile "lldp-factory-initial" lldp transmit lldp receive med enable ! interface-profile mstp-profile "default" ! interface-profile pvst-port-profile "default" ! vlan-profile dhcp-snooping-profile "default" ! vlan-profile mld-snooping-profile "default" ! vlan-profile igmp-snooping-profile "default" snooping ! vlan-profile igmp-snooping-profile "igmp-snooping-factory-initial" snooping ! spanning-tree mode mstp ! gvrp ! mstp ! lacp ! vlan "1" igmp-snooping-profile "igmp-snooping-factory-initial" ! vlan "100" description "Wireless100" ! vlan "101" description "Wireless101" ! vlan "200" description "Wireless200" ! vlan "201" description "Wireless201" ! vlan "300" description "Wireless300" ! vlan "301" description "Wireless301" ! vlan "400" description "Wireless400" ! vlan "401" description "Wireless401" ! vlan "500" description "Wireless500" ! interface gigabitethernet "0/0/0" poe-profile "poe-factory-initial" qos-profile "default" switching-profile "WirelessAP" ! interface gigabitethernet "0/0/1" poe-profile "poe-factory-initial" qos-profile "default" switching-profile "WirelessAP" ! interface gigabitethernet "0/0/2" poe-profile "poe-factory-initial" qos-profile "default" switching-profile "WirelessAP" ! interface gigabitethernet "0/0/3" poe-profile "poe-factory-initial" qos-profile "default" switching-profile "WirelessAP" ! interface gigabitethernet "0/0/4" poe-profile "poe-factory-initial" qos-profile "default" switching-profile "WirelessAP" ! interface gigabitethernet "0/0/5" poe-profile "poe-factory-initial" qos-profile "default" switching-profile "WirelessAP" ! interface gigabitethernet "0/0/6" poe-profile "poe-factory-initial" qos-profile "default" switching-profile "WirelessAP" ! interface gigabitethernet "0/0/7" poe-profile "poe-factory-initial" qos-profile "default" switching-profile "WirelessAP" ! interface gigabitethernet "0/0/8" poe-profile "poe-factory-initial" qos-profile "default" switching-profile "WirelessAP" ! interface gigabitethernet "0/0/9" poe-profile "poe-factory-initial" qos-profile "default" switching-profile "WirelessAP" ! interface gigabitethernet "0/0/10" qos-profile "default" ! interface gigabitethernet "0/0/11" qos-profile "default" ! interface gigabitethernet "0/0/12" qos-profile "default" ! interface gigabitethernet "0/0/13" qos-profile "default" ! interface gigabitethernet "0/0/14" qos-profile "default" ! interface gigabitethernet "0/0/15" qos-profile "default" ! interface gigabitethernet "0/0/16" qos-profile "default" ! interface gigabitethernet "0/0/17" qos-profile "default" ! interface gigabitethernet "0/0/18" qos-profile "default" ! interface gigabitethernet "0/0/19" qos-profile "default" ! interface gigabitethernet "0/0/20" qos-profile "default" ! interface gigabitethernet "0/0/21" qos-profile "default" ! interface gigabitethernet "0/0/22" ! interface gigabitethernet "0/0/23" ! interface gigabitethernet "0/1/0" qos-profile "default" ! interface gigabitethernet "0/1/1" qos-profile "default" ! interface vlan "1" ip address 10.1.10.61 255.0.0.0 ! interface vlan "100" ip address 192.168.100.1 255.255.254.0 ! interface vlan "101" ip address 172.16.100.1 255.255.254.0 ! interface vlan "200" ip address 192.168.200.1 255.255.254.0 ! interface vlan "201" ip address 172.16.200.1 255.255.254.0 ! interface vlan "300" ip address 192.168.30.1 255.255.254.0 ! interface vlan "301" ip address 172.16.30.1 255.255.254.0 ! interface vlan "400" ip address 192.168.40.1 255.255.254.0 ! interface vlan "401" ip address 172.16.40.1 255.255.254.0 ! interface vlan "500" ip address 192.168.50.1 255.255.254.0 ! interface port-channel "0" qos-profile "default" port-channel-members gigabitethernet0/0/22,gigabitethernet0/0/23 enet-link-profile pc_default ! device-group ap ! interface-group gigabitethernet "default" apply-to ALL lldp-profile "lldp-factory-initial" poe-profile "poe-factory-initial" ! snmp-server view ALL oid-tree iso included snmp-server group ALLPRIV v1 read ALL notify ALL snmp-server group ALLPRIV v2c read ALL notify ALL snmp-server group ALLPRIV v3 noauth read ALL notify ALL snmp-server group AUTHPRIV v3 priv read ALL notify ALL snmp-server group AUTHNOPRIV v3 auth read ALL notify ALL snmp-server enable trap process monitor log end This is our S2500 (Aruba-DataCenter-1) #show running-config Building Configuration... # # Configuration file for ArubaOS version 7.2 enable secret "******" hostname "Aruba-DataCenter-1" clock timezone EST -5 location "Building1.floor1" controller config 11 ip access-list eth validuserethacl permit any ! netservice svc-dhcp udp 67 68 netservice svc-dns udp 53 netservice svc-ftp tcp 21 netservice svc-h323-tcp tcp 1720 netservice svc-h323-udp udp 1718 1719 netservice svc-http tcp 80 netservice svc-https tcp 443 netservice svc-icmp 1 netservice svc-kerberos udp 88 netservice svc-natt udp 4500 netservice svc-ntp udp 123 netservice svc-sip-tcp tcp 5060 netservice svc-sip-udp udp 5060 netservice svc-sips tcp 5061 netservice svc-smtp tcp 25 netservice svc-ssh tcp 22 netservice svc-telnet tcp 23 netservice svc-tftp udp 69 netservice svc-vocera udp 5002 netexthdr default ! ip access-list stateless allowall-stateless any any any permit ! ip access-list stateless dhcp-acl-stateless any any svc-dhcp permit ! ip access-list stateless dns-acl-stateless any any svc-dns permit ! ip access-list stateless http-acl-stateless any any svc-http permit ! ip access-list stateless https-acl-stateless any any svc-https permit ! ip access-list stateless icmp-acl-stateless any any svc-icmp permit ! ip access-list stateless logon-control-stateless any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session validuser network 169.254.0.0 255.255.0.0 any any deny any any any permit ipv6 alias any6 alias any6 any permit ! user-role authenticated access-list stateless allowall-stateless ! user-role denyall ! user-role guest access-list stateless http-acl-stateless access-list stateless https-acl-stateless access-list stateless dhcp-acl-stateless access-list stateless icmp-acl-stateless access-list stateless dns-acl-stateless ! user-role logon access-list stateless logon-control-stateless ! ! crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-mschapv2 mgmt-user admin root cf31caeb01a3c113c167b3ee9d3d35a879e1a1016d426e36e3 no firewall attack-rate cp 1024 ipv6 firewall ext-hdr-parse-len 100 ! ! firewall cp packet-capture-defaults tcp disable udp disable sysmsg disable other disable ! ip domain lookup ! country US aaa authentication mac "default" ! aaa authentication dot1x "default" ! aaa server-group "default" auth-server Internal set role condition role value-of ! aaa profile "default" ! aaa authentication captive-portal "default" ! aaa authentication vpn "default" ! aaa authentication mgmt ! aaa authentication wired ! web-server ! aaa password-policy mgmt ! traceoptions ! qos-profile "default" ! policer-profile "default" ! ip-profile default-gateway 10.1.10.160 controller-ip vlan 1 ! lcd-menu ! interface-profile ospf-profile "default" area 0.0.0.0 ! interface-profile pim-profile "default" ! interface-profile igmp-profile "default" ! stack-profile ! ipv6-profile ! interface-profile switching-profile "default" ! interface-profile switching-profile "SwitchUplink" switchport-mode trunk ! interface-profile switching-profile "Upstream-profile" switchport-mode trunk ! interface-profile switching-profile "WirelessAP" switchport-mode trunk ! interface-profile tunneled-node-profile "default" ! interface-profile poe-profile "default" ! interface-profile poe-profile "poe-factory-initial" enable ! interface-profile enet-link-profile "default" ! interface-profile lldp-profile "default" ! interface-profile lldp-profile "lldp-factory-initial" lldp transmit lldp receive med enable ! interface-profile mstp-profile "default" ! interface-profile pvst-port-profile "default" ! interface-profile dhcp-relay-profile "DHCPRelay1" helper-address 10.1.10.20 ! vlan-profile mld-snooping-profile "default" ! vlan-profile igmp-snooping-profile "default" ! vlan-profile igmp-snooping-profile "igmp-snooping-factory-initial" ! spanning-tree mode mstp ! gvrp ! mstp ! lacp ! vlan "1" igmp-snooping-profile "igmp-snooping-factory-initial" ! vlan "100" description "Wireless100" ! vlan "101" description "Wireless101" ! vlan "200" description "Wireless200" ! vlan "201" description "Wireless201" ! vlan "300" description "Wireless300" ! vlan "301" description "Wireless301" ! vlan "400" description "Wireless400" ! vlan "401" description "Wireless401" ! vlan "500" description "Wireless500" ! interface gigabitethernet "0/0/0" ! interface gigabitethernet "0/0/1" ! interface gigabitethernet "0/0/2" ! interface gigabitethernet "0/0/3" ! interface gigabitethernet "0/0/4" ! interface gigabitethernet "0/0/5" ! interface gigabitethernet "0/0/6" ! interface gigabitethernet "0/0/7" ! interface gigabitethernet "0/0/8" ! interface gigabitethernet "0/0/9" ! interface gigabitethernet "0/0/10" ! interface gigabitethernet "0/0/11" switching-profile "WirelessAP" ! interface gigabitethernet "0/0/12" ! interface gigabitethernet "0/0/13" ! interface gigabitethernet "0/0/14" ! interface gigabitethernet "0/0/15" ! interface gigabitethernet "0/0/16" ! interface gigabitethernet "0/0/17" ! interface gigabitethernet "0/0/18" ! interface gigabitethernet "0/0/19" ! interface gigabitethernet "0/0/20" ! interface gigabitethernet "0/0/21" ! interface gigabitethernet "0/0/22" ! interface gigabitethernet "0/0/23" ! interface gigabitethernet "0/1/0" switching-profile "WirelessAP" ! interface gigabitethernet "0/1/1" switching-profile "WirelessAP" ! interface vlan "1" ip address 10.1.10.41 255.0.0.0 ! interface vlan "100" dhcp-relay-profile "DHCPRelay1" ip address 192.168.100.1 255.255.254.0 ! interface vlan "101" dhcp-relay-profile "DHCPRelay1" ip address 172.16.100.1 255.255.254.0 ! interface vlan "200" dhcp-relay-profile "DHCPRelay1" ip address 192.168.200.1 255.255.254.0 ! interface vlan "201" dhcp-relay-profile "DHCPRelay1" ip address 172.16.200.1 255.255.254.0 ! interface vlan "300" dhcp-relay-profile "DHCPRelay1" ip address 192.168.30.1 255.255.254.0 ! interface vlan "301" dhcp-relay-profile "DHCPRelay1" ip address 172.16.30.1 255.255.254.0 ! interface vlan "400" dhcp-relay-profile "DHCPRelay1" ip address 192.168.40.1 255.255.254.0 ! interface vlan "401" dhcp-relay-profile "DHCPRelay1" ip address 172.16.40.1 255.255.254.0 ! interface vlan "500" dhcp-relay-profile "DHCPRelay1" ip address 192.168.50.1 255.255.254.0 ! interface mgmt ! interface port-channel "0" qos-profile "default" switching-profile "SwitchUplink" port-channel-members gigabitethernet0/0/22,gigabitethernet0/0/23 enet-link-profile pc_default ! interface port-channel "1" qos-profile "default" switching-profile "SwitchUplink" port-channel-members gigabitethernet0/0/20,gigabitethernet0/0/21 enet-link-profile pc_default ! interface port-channel "2" qos-profile "default" switching-profile "SwitchUplink" port-channel-members gigabitethernet0/0/18,gigabitethernet0/0/19 enet-link-profile pc_default ! interface port-channel "3" qos-profile "default" switching-profile "SwitchUplink" port-channel-members gigabitethernet0/0/16,gigabitethernet0/0/17 enet-link-profile pc_default ! interface port-channel "4" qos-profile "default" switching-profile "SwitchUplink" port-channel-members gigabitethernet0/0/14,gigabitethernet0/0/15 enet-link-profile pc_default ! interface-group gigabitethernet "default" apply-to ALL lldp-profile "lldp-factory-initial" poe-profile "poe-factory-initial" ! snmp-server view ALL oid-tree iso included snmp-server group ALLPRIV v1 read ALL notify ALL snmp-server group ALLPRIV v2c read ALL notify ALL snmp-server group ALLPRIV v3 noauth read ALL notify ALL snmp-server group AUTHPRIV v3 priv read ALL notify ALL snmp-server group AUTHNOPRIV v3 auth read ALL notify ALL snmp-server enable trap process monitor log end