#
# Configuration file for ArubaOS
version 7.3
enable secret "2ab82cdf01f6946d888a3acef261533adb9593b5a869006caa"
hostname "Aruba-S1500-Admin-WIFI.138"
clock timezone EST -5
location "Building1.floor1" 
controller config 18

ip access-list eth validuserethacl
  permit any 
  permit any 
!
netservice svc-dhcp udp 67 68
netservice svc-dns udp 53
netservice svc-ftp tcp 21
netservice svc-h323-tcp tcp 1720
netservice svc-h323-udp udp 1718 1719
netservice svc-http tcp 80
netservice svc-https tcp 443
netservice svc-icmp 1
netservice svc-kerberos udp 88
netservice svc-natt udp 4500
netservice svc-ntp udp 123
netservice svc-sip-tcp tcp 5060
netservice svc-sip-udp udp 5060
netservice svc-sips tcp 5061
netservice svc-smtp tcp 25
netservice svc-ssh tcp 22
netservice svc-telnet tcp 23
netservice svc-tftp udp 69
netservice svc-vocera udp 5002
ip access-list stateless allowall-stateless
  any any any  permit 
!
ip access-list stateless dhcp-acl-stateless
  any any svc-dhcp  permit 
!
ip access-list stateless dns-acl-stateless
  any any svc-dns  permit 
!
ip access-list stateless http-acl-stateless
  any any svc-http  permit 
!
ip access-list stateless https-acl-stateless
  any any svc-https  permit 
!
ip access-list stateless icmp-acl-stateless
  any any svc-icmp  permit 
!
ip access-list stateless logon-control-stateless
  any any svc-icmp  permit 
  any any svc-dns  permit 
  any any svc-dhcp  permit 
  any any svc-natt  permit 
!
ip access-list session validuser
  network 169.254.0.0 255.255.0.0 any any  deny 
  any any any  permit 
!
user-role authenticated
 access-list stateless allowall-stateless
!
user-role denyall
!
user-role denydhcp
!
user-role guest
 access-list stateless http-acl-stateless
 access-list stateless https-acl-stateless
 access-list stateless dhcp-acl-stateless
 access-list stateless icmp-acl-stateless
 access-list stateless dns-acl-stateless
!
user-role logon
 access-list stateless logon-control-stateless
!
user-role preauth
!
!

crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac
crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac


mgmt-user admin root 5e7af1aa014953a175be19314727153d14f0c878d70a575632


ntp server 10.110.138.1  

firewall disable-stateful-h323-processing
!
ip domain lookup
!
country US
aaa authentication mac "default"
!
aaa authentication dot1x "default"
!
aaa server-group "default"
 auth-server Internal
 set role condition role value-of
!
aaa profile "default"
!
aaa authentication captive-portal "default"
!
aaa authentication vpn "default"
!
aaa authentication mgmt
!
aaa authentication wired
!
web-server
!
aaa password-policy mgmt
!
traceoptions
!
qos-profile "default"
!
policer-profile "default"
!
ip-profile
   default-gateway 50.204.75.149
   route 10.1.0.0 255.255.252.0 10.1.1.3 1
   route 10.110.138.0 255.255.255.0 10.110.138.1 1
   controller-ip vlan 110
!
interface-profile ospf-profile "default"
   area 0.0.0.0
!
interface-profile pim-profile "default"
!
interface-profile igmp-profile "default"
!
stack-profile
!
ipv6-profile
!
activate-service-firmware
!
mgmt-server type amp
!
aruba-central
!
interface-profile switching-profile "AP"
   access-vlan 114
!
interface-profile switching-profile "Controller"
   access-vlan 114
   native-vlan 114
!
interface-profile switching-profile "default"
!
interface-profile switching-profile "management"
   access-vlan 110
   native-vlan 110
!
interface-profile switching-profile "PublicIP"
   access-vlan 999
   native-vlan 999
!
interface-profile switching-profile "Upstream-profile"
   switchport-mode trunk
!
interface-profile switching-profile "WANProfle"
   access-vlan 99
   native-vlan 99
!
interface-profile tunneled-node-profile "default"
!
interface-profile poe-profile "AP"
   enable
!
interface-profile poe-profile "default"
!
interface-profile poe-profile "poe-factory-initial"
   enable
!
interface-profile enet-link-profile "default"
!
interface-profile enet-link-profile "FullGig"
   speed 1000
   duplex full
!
interface-profile lldp-profile "default"
!
interface-profile lldp-profile "lldp-factory-initial"
   lldp transmit
   lldp receive
   med enable
!
interface-profile mstp-profile "AP"
   portfast 
!
interface-profile mstp-profile "default"
!
interface-profile pvst-port-profile "default"
!
vlan-profile dhcp-snooping-profile "default"
!
vlan-profile mld-snooping-profile "default"
!
vlan-profile igmp-snooping-profile "default"
!
vlan-profile igmp-snooping-profile "igmp-snooping-factory-initial"
!
spanning-tree
   mode mstp
!
gvrp
!
mstp
!
lacp
!
vlan "1"
   igmp-snooping-profile "igmp-snooping-factory-initial"
!
vlan "99"
   description "MetroEWAN"
!
vlan "110"
   description "mgt"
!
vlan "114"
   description "Wifi Management"
!
vlan "999"
   description "MetroEPublic"
!
interface gigabitethernet "0/0/1"
!
interface gigabitethernet "0/0/2"
!
interface gigabitethernet "0/0/3"
!
interface gigabitethernet "0/0/4"
   switching-profile "AP"
!
interface gigabitethernet "0/0/5"
!
interface gigabitethernet "0/0/6"
!
interface gigabitethernet "0/0/7"
   switching-profile "AP"
!
interface gigabitethernet "0/0/8"
   switching-profile "AP"
!
interface gigabitethernet "0/0/9"
   switching-profile "AP"
!
interface gigabitethernet "0/0/10"
!
interface gigabitethernet "0/0/11"
!
interface gigabitethernet "0/0/12"
!
interface gigabitethernet "0/0/13"
!
interface gigabitethernet "0/0/14"
!
interface gigabitethernet "0/0/16"
!
interface gigabitethernet "0/0/18"
   switching-profile "WANProfle"
!
interface gigabitethernet "0/0/20"
   switching-profile "PublicIP"
!
interface gigabitethernet "0/0/22"
   switching-profile "Controller"
!
interface gigabitethernet "0/0/23"
   poe-profile "poe-factory-initial"
   qos-profile "default"
   switching-profile "Upstream-profile"
!
interface vlan "1"
   ip address 10.1.1.138 255.255.252.0
!
interface vlan "110"
   ip address 10.110.138.138 255.255.255.0
!
interface vlan "114"
   ip address 10.114.138.6 255.255.255.0
!
interface vlan "99"
   ip address 50.204.75.150 255.255.255.252
!
interface vlan "999"
   ip address 50.204.75.193 255.255.255.224
!
interface-group gigabitethernet "AP"
   apply-to 0/0/1-0/0/6,0/0/10-0/0/15
   mstp-profile "AP"
   poe-profile "AP"
   mtu 9216
   switching-profile "AP"
!
interface-group gigabitethernet "default"
   apply-to ALL
   lldp-profile "lldp-factory-initial"
   poe-profile "poe-factory-initial"
!

snmp-server community Zer0t0uchpr0visi0ning view ALL
snmp-server view ALL oid-tree iso included 
snmp-server group ALLPRIV v1 read ALL notify ALL 
snmp-server group ALLPRIV v2c read ALL notify ALL 
snmp-server group ALLPRIV v3 noauth read ALL notify ALL 
snmp-server group AUTHPRIV v3 priv read ALL notify ALL 
snmp-server group AUTHNOPRIV v3 auth read ALL notify ALL 
snmp-server group Zer0t0uchpr0visi0ning v1 read ALL 
snmp-server group Zer0t0uchpr0visi0ning v2c read ALL 

snmp-server enable trap

process monitor log
end