# # Configuration file for ArubaOS version 7.2 enable secret "7aa7faeb015d7431db7af24a6b7f63befaacc28790a43a26c8" hostname "ENTRE-Demo-Switch01" clock timezone CDT -5 location "Building1.floor1" controller config 8 ip access-list eth validuserethacl permit any ! netservice svc-dhcp udp 67 68 netservice svc-dns udp 53 netservice svc-ftp tcp 21 netservice svc-h323-tcp tcp 1720 netservice svc-h323-udp udp 1718 1719 netservice svc-http tcp 80 netservice svc-https tcp 443 netservice svc-icmp 1 netservice svc-kerberos udp 88 netservice svc-natt udp 4500 netservice svc-ntp udp 123 netservice svc-sip-tcp tcp 5060 netservice svc-sip-udp udp 5060 netservice svc-sips tcp 5061 netservice svc-smtp tcp 25 netservice svc-ssh tcp 22 netservice svc-telnet tcp 23 netservice svc-tftp udp 69 netservice svc-vocera udp 5002 netexthdr default ! ip access-list stateless allowall-stateless any any any permit ! ip access-list stateless dhcp-acl-stateless any any svc-dhcp permit ! ip access-list stateless dns-acl-stateless any any svc-dns permit ! ip access-list stateless http-acl-stateless any any svc-http permit ! ip access-list stateless https-acl-stateless any any svc-https permit ! ip access-list stateless icmp-acl-stateless any any svc-icmp permit ! ip access-list stateless logon-control-stateless any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit ! user-role ap-role ! user-role authenticated access-list stateless allowall-stateless ! user-role denyall ! user-role guest access-list stateless http-acl-stateless access-list stateless https-acl-stateless access-list stateless dhcp-acl-stateless access-list stateless icmp-acl-stateless access-list stateless dns-acl-stateless ! user-role guest-logon ! user-role logon access-list stateless logon-control-stateless ! user-role stateful-dot1x ! ! crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-mschapv2 mgmt-user admin root 066e993001fba4145ed16b348ee58b6def10dff9147974bed5 no firewall attack-rate cp 1024 firewall disable-stateful-sip-processing firewall disable-stateful-h323-processing firewall disable-stateful-sccp-processing firewall disable-stateful-vocera-processing firewall disable-stateful-ua-processing ipv6 firewall ext-hdr-parse-len 100 ! ! firewall cp packet-capture-defaults tcp disable udp disable sysmsg disable other disable ! ip domain lookup ! country US aaa authentication mac "default" ! aaa authentication dot1x "default" ! aaa server-group "default" auth-server Internal set role condition role value-of ! aaa profile "default" ! aaa authentication captive-portal "default" ! aaa authentication vpn "default" ! aaa authentication mgmt ! aaa authentication wired ! web-server ! aaa password-policy mgmt ! traceoptions ! ip dhcp pool "VLAN_702" domain-name "eureka.local" network 172.16.2.0 255.255.254.0 default-router 172.16.2.1 dns-server 8.8.8.8 exclude-address 172.16.2.1 172.16.2.20 vendor-class-identifier ArubaAP ! ip dhcp pool "VLAN_704" domain-name "eureka.local" network 172.16.4.0 255.255.254.0 default-router 172.16.4.1 dns-server 8.8.8.8 exclude-address 172.16.4.1 172.16.4.20 vendor-class-identifier ArubaAP ! ip dhcp pool "VLAN_706" domain-name "eureka.local" network 172.16.6.0 255.255.254.0 default-router 172.16.6.1 dns-server 8.8.8.8 exclude-address 172.16.6.1 172.16.6.20 vendor-class-identifier ArubaAP ! ip dhcp pool "wiredVLAN" domain-name "eureka.local" network 172.16.0.0 255.255.255.0 default-router 172.16.0.1 dns-server 8.8.8.8 exclude-address 172.16.0.1 172.16.0.20 vendor-class-identifier ArubaAP ! service dhcp ! qos-profile "default" ! policer-profile "default" ! ip-profile default-gateway 10.0.228.65 ! lcd-menu ! interface-profile ospf-profile "default" area 0.0.0.0 ! interface-profile pim-profile "default" ! interface-profile igmp-profile "default" ! stack-profile ! ipv6-profile ! interface-profile switching-profile "accesspoint" switchport-mode trunk ! interface-profile switching-profile "default" ! interface-profile switching-profile "UPLINK" access-vlan 700 native-vlan 700 ! interface-profile switching-profile "Upstream-profile" switchport-mode trunk ! interface-profile poe-profile "default" ! interface-profile poe-profile "poe-factory-initial" enable ! interface-profile enet-link-profile "default" ! interface-profile lldp-profile "default" ! interface-profile lldp-profile "lldp-factory-initial" lldp transmit lldp receive med enable ! interface-profile mstp-profile "default" ! interface-profile pvst-port-profile "default" ! vlan-profile mld-snooping-profile "default" ! vlan-profile igmp-snooping-profile "default" ! vlan-profile igmp-snooping-profile "igmp-snooping-factory-initial" ! spanning-tree mode mstp ! gvrp ! mstp ! lacp ! vlan "1" igmp-snooping-profile "igmp-snooping-factory-initial" ! vlan "700" description "Uplink" ! vlan "702" description "Wireless1" ! vlan "704" description "Wireless2" ! vlan "706" description "Wireless3" ! interface gigabitethernet "0/0/0" switching-profile "accesspoint" ! interface gigabitethernet "0/0/1" switching-profile "accesspoint" ! interface gigabitethernet "0/0/2" switching-profile "accesspoint" ! interface gigabitethernet "0/0/3" switching-profile "accesspoint" ! interface gigabitethernet "0/0/4" switching-profile "accesspoint" ! interface gigabitethernet "0/0/5" switching-profile "accesspoint" ! interface gigabitethernet "0/0/6" switching-profile "accesspoint" ! interface gigabitethernet "0/0/7" switching-profile "accesspoint" ! interface gigabitethernet "0/0/8" switching-profile "accesspoint" ! interface gigabitethernet "0/0/9" switching-profile "accesspoint" ! interface gigabitethernet "0/0/10" switching-profile "accesspoint" ! interface gigabitethernet "0/0/11" switching-profile "accesspoint" ! interface gigabitethernet "0/0/12" switching-profile "accesspoint" ! interface gigabitethernet "0/0/13" switching-profile "accesspoint" ! interface gigabitethernet "0/0/14" switching-profile "accesspoint" ! interface gigabitethernet "0/0/15" switching-profile "accesspoint" ! interface gigabitethernet "0/0/16" switching-profile "accesspoint" ! interface gigabitethernet "0/0/17" switching-profile "accesspoint" ! interface gigabitethernet "0/0/18" switching-profile "accesspoint" ! interface gigabitethernet "0/0/19" switching-profile "accesspoint" ! interface gigabitethernet "0/0/20" switching-profile "accesspoint" ! interface gigabitethernet "0/0/21" switching-profile "accesspoint" ! interface gigabitethernet "0/0/22" switching-profile "accesspoint" ! interface gigabitethernet "0/0/23" switching-profile "UPLINK" ! interface gigabitethernet "0/1/0" switching-profile "UPLINK" ! interface gigabitethernet "0/1/1" switching-profile "UPLINK" ! interface vlan "1" ip address 172.16.0.1 255.255.255.0 ! interface vlan "700" ip address 10.0.228.68 255.255.255.192 ! interface vlan "702" ip address 172.16.2.1 255.255.254.0 ! interface vlan "704" ip address 172.16.4.1 255.255.254.0 ! interface vlan "706" ip address 172.16.6.1 255.255.254.0 ! interface mgmt ! interface-group gigabitethernet "default" apply-to ALL lldp-profile "lldp-factory-initial" poe-profile "poe-factory-initial" ! snmp-server view ALL oid-tree iso included snmp-server group ALLPRIV v1 read ALL notify ALL snmp-server group ALLPRIV v2c read ALL notify ALL snmp-server group ALLPRIV v3 noauth read ALL notify ALL snmp-server group AUTHPRIV v3 priv read ALL notify ALL snmp-server group AUTHNOPRIV v3 auth read ALL notify ALL snmp-server enable trap process monitor log end