version 6.4 enable secret "fd1b897a01a346d1b104c4062852c7dfcab0fef15f5929ba1a" telnet cli hostname "RT-BOS-7205-CTLR.oene.com" clock summer-time EST recurring first sunday april 02:00 last sunday october 02:00 1 clock timezone est -5 location "control.room" controller config 7 ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0 ip access-list eth validuserethacl permit any ! netservice svc-ipp-tcp tcp 631 netservice svc-dhcp udp 67 68 alg dhcp netservice svc-citrix tcp 2598 netservice svc-pcoip-udp udp 50002 netservice svc-netbios-ssn tcp 139 netservice svc-tftp udp 69 alg tftp netservice svc-papi udp 8211 netservice svc-natt udp 4500 netservice svc-ica tcp 1494 netservice svc-msrpc-udp udp 135 139 netservice svc-smtp tcp 25 netservice svc-microsoft-ds tcp 445 netservice svc-msrpc-tcp tcp 135 139 netservice svc-lpd tcp 515 netservice svc-syslog udp 514 netservice svc-http-proxy2 tcp 8080 netservice svc-cfgm-tcp tcp 8211 netservice vnc tcp 5900 5905 netservice svc-bootp udp 67 69 netservice svc-web tcp list "80 443" netservice svc-h323-udp udp 1718 1719 netservice svc-sccp tcp 2000 alg sccp netservice svc-telnet tcp 23 netservice svc-http tcp 80 netservice svc-vmware-rdp tcp 3389 netservice svc-ipp-udp udp 631 netservice svc-esp 50 netservice svc-noe-oxo udp 5000 alg noe netservice svc-vocera udp 5002 alg vocera netservice svc-http-proxy1 tcp 3128 netservice svc-sec-papi udp 8209 netservice svc-gre 47 netservice svc-rtsp tcp 554 alg rtsp netservice svc-l2tp udp 1701 netservice svc-snmp udp 161 netservice svc-svp 119 alg svp netservice svc-sip-tcp tcp 5060 netservice svc-pptp tcp 1723 netservice svc-icmp 1 netservice svc-smb-tcp tcp 445 netservice svc-v6-icmp 58 netservice svc-ssh tcp 22 netservice svc-pcoip2-tcp tcp 4172 netservice svc-ntp udp 123 netservice svc-h323-tcp tcp 1720 netservice svc-pop3 tcp 110 netservice svc-netbios-ns udp 137 netservice svc-adp udp 8200 netservice svc-v6-dhcp udp 546 547 netservice svc-dns udp 53 alg dns netservice svc-sip-udp udp 5060 netservice svc-http-proxy3 tcp 8888 netservice svc-kerberos udp 88 netservice svc-netbios-dgm udp 138 netservice svc-sips tcp 5061 alg sips netservice svc-pcoip2-udp udp 4172 netservice svc-nterm tcp 1026 1028 netservice svc-pcoip-tcp tcp 50002 netservice svc-noe udp 32512 alg noe netservice svc-ike udp 500 netservice svc-snmp-trap udp 162 netservice svc-smb-udp udp 445 netservice svc-ftp tcp 21 alg ftp netservice svc-https tcp 443 netexthdr default ! time-range working-hours periodic weekday 08:00 to 18:00 ! time-range night-hours periodic weekday 18:01 to 23:59 weekday 00:00 to 07:59 ! time-range weekend periodic weekend 00:00 to 23:59 ! ip access-list session svp-acl any any svc-svp permit queue high user host 224.0.1.116 any permit ! ip access-list session apprf-stateful-dot1x-sacl ! ip access-list session apprf-voice-sacl ! ip access-list session apprf-default-vpn-role-sacl ! ip access-list session logon-control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit any network 169.254.0.0 255.255.0.0 any deny any network 240.0.0.0 240.0.0.0 any deny ! ip access-list session ap-uplink-acl any any udp 68 permit any any svc-icmp permit any host 224.0.0.251 udp 5353 permit ! ip access-list session v6-logon-control ipv6 user any udp 68 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-v6-dhcp permit ipv6 any any svc-dns permit ipv6 any network fc00::/7 any permit ipv6 any network fe80::/64 any permit ! ip access-list session v6-http-acl ipv6 any any svc-http permit ! ip access-list session http-acl any any svc-http permit ! ip access-list session icmp-acl any any svc-icmp permit ! ip access-list session vocera-acl any any svc-vocera permit queue high ! ip access-list session tftp-acl any any svc-tftp permit ! ip access-list session citrix-acl any any svc-citrix permit tos 46 dot1p-priority 6 any any svc-ica permit tos 46 dot1p-priority 6 ! ip access-list session sip-acl any any svc-sip-udp permit queue high any any svc-sip-tcp permit queue high ! ip access-list session vmware-acl any any svc-vmware-rdp permit tos 46 dot1p-priority 6 any any svc-pcoip-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip-udp permit tos 46 dot1p-priority 6 any any svc-pcoip2-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip2-udp permit tos 46 dot1p-priority 6 ! ip access-list session srcnat user any any src-nat ! ip access-list session ra-guard ipv6 user any icmpv6 rtr-adv deny ! ip access-list session global-sacl ! ip access-list session Remote_split_tunnel ! ip access-list session v6-dhcp-acl ipv6 any any svc-v6-dhcp permit ! ip access-list session RT-Employee-Policy ! ip access-list session cplogout user alias controller svc-https dst-nat 8081 ! ip access-list session apprf-authenticated-sacl ! ip access-list session block_internal ! ip access-list session vpnlogon user any svc-ike permit user any svc-esp permit any any svc-l2tp permit any any svc-pptp permit any any svc-gre permit ! ip access-list session Employee-Policy ! ip access-list session v6-control ipv6 user any udp 547 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-dns permit ipv6 any any svc-papi permit ipv6 any any svc-sec-papi permit ipv6 any any svc-cfgm-tcp permit ipv6 any any svc-adp permit ipv6 any any svc-tftp permit ipv6 any any svc-dhcp permit ipv6 any any svc-natt permit ! ip access-list session allow-diskservices any any svc-netbios-dgm permit any any svc-netbios-ssn permit any any svc-microsoft-ds permit any any svc-netbios-ns permit ! ip access-list session apprf-guest-sacl ! ip access-list session v6-ap-acl ipv6 any any svc-gre permit ipv6 any any svc-syslog permit ipv6 any user svc-snmp permit ipv6 user any svc-snmp-trap permit ipv6 user any svc-ntp permit ipv6 user any svc-ftp permit ! ip access-list session apprf-default-via-role-sacl ! ip access-list session v6-allowall ipv6 any any any permit ! ip access-list session EmployeePolicy ! ip access-list session v6-icmp-acl ipv6 any any svc-v6-icmp permit ! ip access-list session validuser network 127.0.0.0 255.0.0.0 any any deny network 169.254.0.0 255.255.0.0 any any deny network 224.0.0.0 240.0.0.0 any any deny host 255.255.255.255 any any deny network 240.0.0.0 240.0.0.0 any any deny any any any permit ipv6 host fe80:: any any deny ipv6 network fc00::/7 any any permit ipv6 network fe80::/64 any any permit ipv6 any any any permit ! ip access-list session skype4b-acl ! ip access-list session v6-dns-acl ipv6 any any svc-dns permit ! ip access-list session captiveportal user alias controller svc-https dst-nat 8081 user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 user any svc-http-proxy1 dst-nat 8088 user any svc-http-proxy2 dst-nat 8088 user any svc-http-proxy3 dst-nat 8088 ! ip access-list session h323-acl any any svc-h323-tcp permit queue high any any svc-h323-udp permit queue high ! ip access-list session dhcp-acl any any svc-dhcp permit ! ip access-list session allowall any any any permit ipv6 any any any permit ! ip access-list session v6-https-acl ipv6 any any svc-https permit ! ip access-list session apprf-cpbase-sacl ! ip access-list session allow-printservices any any svc-lpd permit any any svc-ipp-tcp permit any any svc-ipp-udp permit ! ip access-list session skinny-acl any any svc-sccp permit queue high ! ip access-list session https-acl any any svc-https permit ! ip access-list session "Citrix Terminal" ! ip access-list session ap-acl any any svc-gre permit any any svc-syslog permit any user svc-snmp permit user any svc-snmp-trap permit user any svc-ntp permit user any svc-ftp permit ! ip access-list session mail-acl ! ip access-list session captiveportal6 ipv6 user alias controller6 svc-https captive ipv6 user any svc-http captive ipv6 user any svc-https captive ipv6 user any svc-http-proxy1 captive ipv6 user any svc-http-proxy2 captive ipv6 user any svc-http-proxy3 captive ! ip access-list session control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-papi permit any any svc-sec-papi permit any any svc-cfgm-tcp permit any any svc-adp permit any any svc-tftp permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session noe-acl any any svc-noe permit queue high ! ip access-list session dns-acl any any svc-dns permit ! ip access-list session AirMedia ! vpn-dialer default-dialer ike authentication PRE-SHARE 2d3b67156d259ab9e23ae1ca3c4c7b7d ! dot1x high-watermark 200 dot1x low-watermark 190 user-role default-via-role access-list session global-sacl access-list session apprf-default-via-role-sacl access-list session allowall ! user-role ap-role access-list session ra-guard access-list session control access-list session ap-acl access-list session v6-control access-list session v6-ap-acl ! user-role stateful-dot1x access-list session global-sacl access-list session apprf-stateful-dot1x-sacl ! user-role guest-logon captive-portal "default" access-list session ra-guard access-list session logon-control access-list session captiveportal access-list session v6-logon-control access-list session captiveportal6 ! user-role voice access-list session global-sacl access-list session apprf-voice-sacl access-list session ra-guard access-list session sip-acl access-list session noe-acl access-list session svp-acl access-list session vocera-acl access-list session skinny-acl access-list session h323-acl access-list session dhcp-acl access-list session tftp-acl access-list session dns-acl access-list session icmp-acl ! user-role default-vpn-role access-list session global-sacl access-list session apprf-default-vpn-role-sacl access-list session ra-guard access-list session allowall access-list session v6-allowall ! user-role logon access-list session ra-guard access-list session logon-control access-list session captiveportal access-list session vpnlogon access-list session v6-logon-control access-list session captiveportal6 ! user-role cpbase access-list session global-sacl access-list session apprf-cpbase-sacl ! user-role authenticated access-list session global-sacl access-list session apprf-authenticated-sacl access-list session ra-guard access-list session allowall access-list session v6-allowall ! user-role denyall ! user-role guest access-list session global-sacl access-list session apprf-guest-sacl access-list session ra-guard access-list session http-acl access-list session https-acl access-list session dhcp-acl access-list session icmp-acl access-list session dns-acl access-list session v6-http-acl access-list session v6-https-acl access-list session v6-dhcp-acl access-list session v6-icmp-acl access-list session v6-dns-acl ! user-role default-iap-user-role access-list session allowall ! ! controller-ip vlan 50 kernel coredump interface mgmt shutdown ! dialer group evdo_us init-string ATQ0V1E0 dial-string ATDT#777 ! dialer group gsm_us init-string AT+CGDCONT=1,"IP","ISP.CINGULAR" dial-string ATD*99# ! dialer group gsm_asia init-string AT+CGDCONT=1,"IP","internet" dial-string ATD*99***1# ! dialer group vivo_br init-string AT+CGDCONT=1,"IP","zap.vivo.com.br" dial-string ATD*99# ! vlan 4 vlan 31 vlan 32 vlan 33 vlan 50 vlan 666 spanning-tree mode rapid-pvst no spanning-tree spanning-tree vlan 1 ! spanning-tree vlan 2 ! spanning-tree vlan 3 ! spanning-tree vlan 4 ! spanning-tree vlan 5 ! spanning-tree vlan 6 ! spanning-tree vlan 7 ! spanning-tree vlan 8 ! spanning-tree vlan 9 ! spanning-tree vlan 10 ! spanning-tree vlan 11 ! spanning-tree vlan 12 ! spanning-tree vlan 13 ! spanning-tree vlan 14 ! spanning-tree vlan 15 ! spanning-tree vlan 16 ! spanning-tree vlan 17 ! spanning-tree vlan 18 ! spanning-tree vlan 19 ! spanning-tree vlan 20 ! spanning-tree vlan 54 ! spanning-tree vlan 55 ! spanning-tree vlan 56 ! spanning-tree vlan 57 ! spanning-tree vlan 58 ! spanning-tree vlan 59 ! spanning-tree vlan 60 ! spanning-tree vlan 61 ! spanning-tree vlan 62 ! spanning-tree vlan 63 ! spanning-tree vlan 64 ! interface gigabitethernet 0/0/0 description "GE0/0/0" trusted vlan 1-4094 ! interface gigabitethernet 0/0/1 description "GE0/0/1" trusted vlan 1-4094 ! interface gigabitethernet 0/0/2 description "GE0/0/2" trusted vlan 1-4094 lldp transmit lldp receive lldp med ! interface gigabitethernet 0/0/3 description "GE0/0/3" trusted vlan 1-4094 lldp transmit lldp receive lldp med ! interface gigabitethernet 0/0/4 description "GE0/0/4" trusted vlan 1-4094 ! interface gigabitethernet 0/0/5 description "GE0/0/5" trusted vlan 1-4094 ! interface port-channel 0 add gigabitethernet 0/0/2 add gigabitethernet 0/0/3 trusted trusted vlan 1-4094 switchport mode trunk switchport trunk native vlan 50 switchport trunk allowed vlan 1,31-33,50,666 no spanning-tree ! interface vlan 50 ip address 10.20.50.10 255.255.255.0 operstate up ! interface vlan 1 operstate up ! interface vlan 666 ip address 192.168.66.1 255.255.255.0 ip nat inside bcmc-optimization ! interface tunnel 666 description "Tunnel Interface" tunnel mode gre 0 tunnel vlan 666 ! ! vrrp 50 priority 110 ip address 10.20.50.12 vlan 50 preempt delay 10 advertise 3 tracking master-up-time 30 add 20 ! ! ip default-gateway 10.20.50.1 no uplink wired vlan 1 uplink disable ip nexthop-list pan-gp-ipsec-map-list ! crypto isakmp policy 20 encryption aes256 ! crypto isakmp policy 10001 ! crypto isakmp policy 10002 encryption aes256 authentication rsa-sig ! crypto isakmp policy 10003 encryption aes256 ! crypto isakmp policy 10004 version v2 encryption aes256 authentication rsa-sig ! crypto isakmp policy 10005 encryption aes256 ! crypto isakmp policy 10006 version v2 encryption aes128 authentication rsa-sig ! crypto isakmp policy 10007 version v2 encryption aes128 ! crypto isakmp policy 10008 version v2 encryption aes128 hash sha2-256-128 group 19 authentication ecdsa-256 prf prf-hmac-sha256 ! crypto isakmp policy 10009 version v2 encryption aes256 hash sha2-384-192 group 20 authentication ecdsa-384 prf prf-hmac-sha384 ! crypto isakmp policy 10012 version v2 encryption aes256 authentication rsa-sig ! crypto isakmp policy 10013 encryption aes256 ! crypto ipsec transform-set default-ha-transform esp-3des esp-sha-hmac crypto ipsec transform-set default-boc-bm-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-1st-ikev2-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-3rd-ikev2-transform esp-aes128 esp-sha-hmac crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac crypto dynamic-map default-rap-ipsecmap 10001 version v2 set transform-set "default-gcm256" "default-gcm128" "default-rap-transform" ! crypto dynamic-map default-dynamicmap 10000 set transform-set "default-transform" "default-aes" ! crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-mschapv2 ip local pool "RAP" 1.1.1.1 1.1.1.200 vpdn group l2tp ! ip dhcp pool guest_pool default-router 192.168.66.1 dns-server 172.16.10.1 172.16.10.3 lease 0 3 0 0 network 192.168.66.0 255.255.255.0 authoritative ! service dhcp ! snmp-server community "Rt-$nmp$" vpdn group pptp ! tunneled-node-address 0.0.0.0 ap-crash-transfer adp discovery enable adp igmp-join enable adp igmp-vlan 0 voice rtcp-inactivity disable voice alg-based-cac enable voice sip-midcall-req-timeout disable ap ap-blacklist-time 3600 ap flush-r1-on-new-r0 disable amon msg-buffer-size 32768 stm mon-update-queue 66816 no ssh mgmt-auth public-key ssh mgmt-auth username/password mgmt-user admin root 02beca310108630adc8e1b41b3f95e11b52d6c6dccf8148927 ntp server 172.16.10.1 database synchronize period 15 ip mobile domain default ! ! ! airgroup mdns "enable" ! airgroup dlna "enable" ! airgroup location-discovery "enable" ! ! airgroup active-wireless-discovery "disable" ! airgroupservice "airplay" id "_airplay._tcp" id "_raop._tcp" id "_appletv-v2._tcp" description "AirPlay" ! airgroupservice "airprint" id "_ipp._tcp" id "_pdl-datastream._tcp" id "_printer._tcp" id "_scanner._tcp" id "_http._tcp" id "_http-alt._tcp" id "_ipp-tls._tcp" id "_fax-ipp._tcp" id "_riousbprint._tcp" id "_ica-networking._tcp" id "_ptp._tcp" id "_canon-bjnp1._tcp" id "_ipps._tcp" id "_ica-networking2._tcp" description "AirPrint" ! airgroupservice "itunes" id "_home-sharing._tcp" id "_apple-mobdev._tcp" id "_daap._tcp" id "_dacp._tcp" description "iTunes" ! airgroupservice "remotemgmt" id "_ssh._tcp" id "_sftp-ssh._tcp" id "_ftp._tcp" id "_telnet._tcp" id "_rfb._tcp" id "_net-assistant._tcp" description "Remote management" ! airgroupservice "sharing" id "_odisk._tcp" id "_afpovertcp._tcp" id "_xgrid._tcp" description "Sharing" ! airgroupservice "chat" id "_presence._tcp" description "Chat" ! airgroupservice "googlecast" id "_googlecast._tcp" description "GoogleCast supported by Chromecast etc" ! airgroupservice "AmazonTV" id "_amzn-wplay._tcp" description "Amazon fire tv" ! airgroupservice "DIAL" id "urn:dial-multiscreen-org:service:dial:1" id "urn:dial-multiscreen-org:device:dial:1" description "DIAL supported by Chromecast, FireTV, Roku etc" ! airgroupservice "DLNA Media" id "urn:schemas-upnp-org:device:MediaServer:1" id "urn:schemas-upnp-org:device:MediaServer:2" id "urn:schemas-upnp-org:device:MediaServer:3" id "urn:schemas-upnp-org:device:MediaServer:4" id "urn:schemas-upnp-org:device:MediaRenderer:1" id "urn:schemas-upnp-org:device:MediaRenderer:2" id "urn:schemas-upnp-org:device:MediaRenderer:3" id "urn:schemas-upnp-org:device:MediaPlayer:1" description "Media" ! airgroupservice "DLNA Print" id "urn:schemas-upnp-org:device:Printer:1" id "urn:schemas-upnp-org:service:PrintBasic:1" id "urn:schemas-upnp-org:service:PrintEnhanced:1" description "Print" ! airgroupservice "allowall" description "Remaining-Services" ! airgroup service "airplay" enable ! airgroup service "airprint" enable ! airgroup service "itunes" disable ! airgroup service "remotemgmt" disable ! airgroup service "sharing" disable ! airgroup service "chat" disable ! airgroup service "googlecast" disable ! airgroup service "AmazonTV" disable ! airgroup service "DIAL" enable ! airgroup service "DLNA Media" disable ! airgroup service "DLNA Print" disable ! airgroup service "allowall" disable ! ip igmp ! ipv6 mld ! firewall attack-rate grat-arp 50 drop ipv6 firewall ext-hdr-parse-len 100 ! ! firewall cp ! ip domain lookup ! country US aaa authentication mac "default" ! aaa authentication dot1x "Aruba-test-1X" ! aaa authentication dot1x "default" ! aaa authentication dot1x "dot1x_prof-cah08" ! aaa authentication dot1x "dot1x_prof-ibv10" ! aaa authentication dot1x "dot1x_prof-nbx78" ! aaa authentication dot1x "dot1x_prof-qwt44" termination enable termination eap-type eap-peap termination inner-eap-type eap-mschapv2 ! aaa authentication dot1x "dot1x_prof-srs47" termination enable termination eap-type eap-peap termination inner-eap-type eap-mschapv2 ! aaa authentication dot1x "RAP_Split-tunnel" ! aaa authentication-server radius "bos-dc1.oene.com" host "172.16.10.3" key 1fb0b2218d7d017a09df81af4eea2dc45b6aa620f3c41f76 ! aaa authentication-server radius "bos-exc1.oene.com" host "172.16.10.3" key 7970c3816c68deef3310fca573d98859bbf5729ac902e2cf ! aaa authentication-server radius "bos-nps1.oene.com" host "172.16.0.50" key cb1037121ba90914f8dc9f7ee333142a215601d101792341 ! aaa authentication-server ldap "RT-LDAP-Auth" host 172.16.10.3 admin-dn "CN=Aruba Service,OU=Accounts,OU=Administrative,DC=OENE,DC=com" admin-passwd 3f0c49daff4f5a5f35ae73028d6ec8af5e7f8b7b4f5de12f allow-cleartext base-dn "DC=OENE,DC=com" ! aaa server-group "Aruba Test Radius" auth-server bos-nps1.oene.com ! aaa server-group "default" auth-server Internal set role condition role value-of ! aaa server-group "RT LDAP Servers" auth-server RT-LDAP-Auth trim-fqdn ! aaa server-group "RT Radius Servers" auth-server bos-nps1.oene.com ! aaa server-group "RT-EMPLOYE-WIFI" ! aaa server-group "RT-GUEST-WIFI" ! aaa server-group "RT-IT-MGMT-WIFI" ! aaa profile "Aruba-Test-AAA" authentication-dot1x "Aruba-test-1X" dot1x-server-group "Aruba Test Radius" ! aaa profile "default" ! aaa profile "RT-EMPLOYEE-WIFI" authentication-dot1x "dot1x_prof-nbx78" dot1x-default-role "authenticated" dot1x-server-group "RT Radius Servers" ! aaa profile "RT-ERD-Tech-SVC" authentication-dot1x "dot1x_prof-nbx78" radius-accounting "RT Radius Servers" ! aaa profile "RT-GUEST-WIFI" initial-role "guest" authentication-dot1x "default-psk" radius-accounting "RT Radius Servers" ! aaa profile "RT-IT-MGMT-WIFI" authentication-dot1x "dot1x_prof-nbx78" dot1x-server-group "RT Radius Servers" ! aaa profile "RT-Maine-Warehouse-aaa_prof" initial-role "authenticated" authentication-dot1x "dot1x_prof-ibv10" ! aaa profile "Split-tunnel" initial-role "RAP_Split_Tunnel" authentication-dot1x "RAP_Split-tunnel" dot1x-server-group "RT Radius Servers" ! aaa profile "VTwarehse-aaa_prof" initial-role "authenticated" authentication-dot1x "dot1x_prof-cah08" ! aaa authentication captive-portal "default" ! aaa authentication wispr "default" ! aaa authentication vpn "default" ! aaa authentication vpn "default-rap" ! aaa authentication mgmt ! aaa authentication stateful-ntlm "default" ! aaa authentication stateful-kerberos "default" ! aaa authentication stateful-dot1x ! aaa authentication wired profile "RT-GUEST-WIFI" ! web-server profile ! guest-access-email smtp-server 172.16.0.193 ! voice logging ! voice dialplan-profile "default" ! app skype4b traffic-control "default" ! voice real-time-config ! voice sip ! aaa password-policy mgmt ! control-plane-security auto-cert-prov ! ids wms-general-profile poll-retries 3 ! ids wms-local-system-profile ! valid-network-oui-profile ! upgrade-profile ! license profile centralized-licensing-enable ! activate-service-whitelist ! file syncing profile ! papi-security ! ifmap cppm ! pan profile "default" ! pan-options ! pan active-profile ! lcd-menu ! ap system-profile "apsys_prof-dod63" shell-passwd 007b7319fa441e7c097103f9676511ea680be3f5b5917d1e ! ap system-profile "apsys_prof-mpm36" shell-passwd 1d1868c8386f324587f8ed7138ef4030c52ee32bdba8f655 ! ap system-profile "default" lms-ip 10.20.50.10 bkup-lms-ip 10.20.50.11 lms-preemption lms-hold-down-period 300 shell-passwd 560a1d3b0721efdeea40a8207ec3c6eb526a8a40af7f7503 bkup-passwords 50b6ab3e47909e43ad109c796655831d6124d64ff50e82b6 ! ap system-profile "remote-RAP" lms-ip 209.183.98.112 shell-passwd b34f153b8b58a8cf99f0b5e2fde02e0b938edfbffca07b60 ! ap regulatory-domain-profile "default" country-code US valid-11g-channel 1 valid-11g-channel 6 valid-11g-channel 11 valid-11a-channel 36 valid-11a-channel 40 valid-11a-channel 44 valid-11a-channel 48 valid-11a-channel 149 valid-11a-channel 153 valid-11a-channel 157 valid-11a-channel 161 valid-11a-channel 165 valid-11g-40mhz-channel-pair 1-5 valid-11g-40mhz-channel-pair 7-11 valid-11a-40mhz-channel-pair 36-40 valid-11a-40mhz-channel-pair 44-48 valid-11a-40mhz-channel-pair 149-153 valid-11a-40mhz-channel-pair 157-161 ! ap wired-ap-profile "default" wired-ap-enable trusted ! ap wired-ap-profile "Remote210" wired-ap-enable forward-mode split-tunnel switchport access vlan 210 ! ap wired-ap-profile "Remote220" wired-ap-enable trusted switchport access vlan 220 ! ap enet-link-profile "default" poe ! ap mesh-ht-ssid-profile "default" ! ap lldp med-network-policy-profile "default" ! ap mesh-cluster-profile "default" ! ap lldp profile "default" ! ap mesh-radio-profile "default" ! ap wired-port-profile "default" ! ap wired-port-profile "Remote210" wired-ap-profile "Remote210" aaa-profile "Split-tunnel" ! ap wired-port-profile "Remote220" wired-ap-profile "Remote220" aaa-profile "Split-tunnel" ! ids general-profile "default" ! ids unauthorized-device-profile "default" ! ids profile "default" ! rf arm-profile "arm-maintain" assignment maintain no scanning ! rf arm-profile "arm-scan" ! rf arm-profile "default-a" max-tx-power 18 min-tx-power 12 ! rf arm-profile "default-g" max-tx-power 9 min-tx-power 6 free-channel-index 40 ! rf optimization-profile "default" ! rf event-thresholds-profile "default" ! rf am-scan-profile "default" ! rf dot11a-radio-profile "default" ! rf dot11a-radio-profile "rp-maintain-a" arm-profile "arm-maintain" ! rf dot11a-radio-profile "rp-monitor-a" mode am-mode ! rf dot11a-radio-profile "rp-scan-a" arm-profile "arm-scan" ! rf dot11g-radio-profile "default" ! rf dot11g-radio-profile "rp-maintain-g" arm-profile "arm-maintain" ! rf dot11g-radio-profile "rp-monitor-g" mode am-mode ! rf dot11g-radio-profile "rp-scan-g" arm-profile "arm-scan" ! wlan handover-trigger-profile "default" ! wlan rrm-ie-profile "default" ! wlan bcn-rpt-req-profile "default" ! wlan dot11r-profile "default" ! wlan tsm-req-profile "default" ! wlan voip-cac-profile "default" ! wlan ht-ssid-profile "default" ! wlan ht-ssid-profile "RT-EMPLOYEE-WIFI-htssid_prof" ! wlan ht-ssid-profile "RT-GUEST-WIFI-htssid_prof" ! wlan ht-ssid-profile "RT-IT-MGMT-WIFI-htssid_prof" ! wlan ht-ssid-profile "RT-Maine-Warehouse-htssid_prof" ! wlan ht-ssid-profile "test" no high-throughput-enable no 40MHz-enable no very-high-throughput-enable no 80MHz-enable ! wlan ht-ssid-profile "VTwarehse-htssid_prof" ! wlan hotspot anqp-venue-name-profile "default" ! wlan hotspot anqp-nwk-auth-profile "default" ! wlan hotspot anqp-roam-cons-profile "default" ! wlan hotspot anqp-nai-realm-profile "default" ! wlan hotspot anqp-3gpp-nwk-profile "default" ! wlan hotspot h2qp-operator-friendly-name-profile "default" ! wlan hotspot h2qp-wan-metrics-profile "default" ! wlan hotspot h2qp-conn-capability-profile "default" ! wlan hotspot h2qp-op-cl-profile "default" ! wlan hotspot anqp-ip-addr-avail-profile "default" ! wlan hotspot anqp-domain-name-profile "default" ! wlan edca-parameters-profile station "default" ! wlan edca-parameters-profile ap "default" ! wlan dot11k-profile "default" ! wlan ssid-profile "Aruba_Test_SSID_Profile" essid "aruba-test" opmode wpa2-aes ! wlan ssid-profile "default" essid "RT-ERD-Tech-SVC" wmm-vo-dscp "56" wmm-vi-dscp "40" wmm-be-dscp "24" wmm-bk-dscp "8" wpa-passphrase bfb810275ef354721268bca2dd2ebdf82802db6fef44ff6a ! wlan ssid-profile "Mainewhse" essid "Mainewhse" opmode wpa2-psk-aes wpa-passphrase 634ec1a0aaff002ecd483aa1cfdcc6602136a372699b2b8a ! wlan ssid-profile "RT-EMPLOYEE-WIFI" essid "RT-EMPLOYEE-WIFI" opmode wpa2-aes wmm-vo-dscp "56" wmm-vi-dscp "40" wmm-be-dscp "24" wmm-bk-dscp "8" wpa-passphrase 77d6ad06762eba5bc31402421125cf708814809e2dd9ebb5 ! wlan ssid-profile "RT-ERD-Tech-SVC" essid "RT-ERD-Tech-SVC" opmode wpa-psk-tkip wpa-passphrase f9028bd3661ba62bc92e26b2984523621e49d2976f5cc6ba ! wlan ssid-profile "RT-GUEST-WIFI" essid "RT-GUEST-WIFI" opmode wpa-psk-tkip wpa2-psk-tkip wmm-vo-dscp "56" wmm-vi-dscp "40" wmm-be-dscp "24" wmm-bk-dscp "8" wpa-passphrase 679e026a816242c157741bf525a9ce93beba2d99a29f3b68 ! wlan ssid-profile "RT-IT-MGMT-WIFI" essid "RT-IT-MGMT-WIFI" opmode wpa2-aes wmm-vo-dscp "56" wmm-vi-dscp "40" wmm-be-dscp "24" wmm-bk-dscp "8" hide-ssid wpa-passphrase 5727eebb13095c458d76af4098d1bd4ce24e5d8d09cd1a41 ! wlan ssid-profile "RT-Maine-Warehouse-ssid_prof" essid "Mainewhse" opmode wpa-psk-tkip wpa2-psk-tkip wpa-passphrase e09a751cd52cd07ee42cab8652bcf433e9c03348bf219f5d ht-ssid-profile "RT-Maine-Warehouse-htssid_prof" ! wlan ssid-profile "VTwarehse-ssid_prof" essid "VTwarehse" opmode wpa-psk-tkip wpa-psk-aes wpa-passphrase 836a34363bcc493f00e57cb336651c50b4a81244411f0cad ht-ssid-profile "VTwarehse-htssid_prof" ! wlan hotspot advertisement-profile "default" ! wlan hotspot hs2-profile "default" ! wlan virtual-ap "Aruba_Test_AP_Profile" aaa-profile "Aruba-Test-AAA" ssid-profile "Aruba_Test_SSID_Profile" vlan 32 forward-mode bridge ! wlan virtual-ap "default" ! wlan virtual-ap "RT-EMPLOYEE-WIFI-vap_prof" aaa-profile "RT-EMPLOYEE-WIFI" ssid-profile "RT-EMPLOYEE-WIFI" vlan 32 forward-mode bridge ! wlan virtual-ap "RT-ERD-Tech-SVC" aaa-profile "RT-GUEST-WIFI" ssid-profile "RT-ERD-Tech-SVC" vlan 33 forward-mode bridge ! wlan virtual-ap "RT-GUEST-WIFI-vap_prof" aaa-profile "RT-GUEST-WIFI" ssid-profile "RT-GUEST-WIFI" vlan 31 forward-mode bridge ! wlan virtual-ap "RT-IT-MGMT-WIFI-vap_prof" aaa-profile "RT-IT-MGMT-WIFI" ssid-profile "RT-IT-MGMT-WIFI" vlan 33 forward-mode bridge allowed-band g ! wlan virtual-ap "RT-Maine-Warehouse-vap_prof" aaa-profile "RT-Maine-Warehouse-aaa_prof" ssid-profile "RT-Maine-Warehouse-ssid_prof" vlan 32 forward-mode bridge ! wlan virtual-ap "RT-Mainewhse" aaa-profile "RT-GUEST-WIFI" ssid-profile "Mainewhse" vlan 32 forward-mode bridge ! wlan virtual-ap "Tunneled_Guest" aaa-profile "RT-GUEST-WIFI" ssid-profile "RT-GUEST-WIFI" vlan 666 dynamic-mcast-optimization ! wlan virtual-ap "VTwarehse-vap_prof" aaa-profile "VTwarehse-aaa_prof" ssid-profile "VTwarehse-ssid_prof" vlan 32 forward-mode bridge ! ap provisioning-profile "default" ! rf arm-rf-domain-profile arm-rf-domain-key "8ffc8170a3b72bb7f16b79ce5fbbabb8" ! ap-lacp-striping-ip ! ap general-profile ! ap-group "Aruba Test Group" virtual-ap "Aruba_Test_AP_Profile" ! ap-group "default" ! ap-group "Remote-AP" enet1-port-profile "Remote220" enet2-port-profile "Remote220" ap-system-profile "remote-RAP" ! ap-group "Remote-AP-Loc-2" enet1-port-profile "Remote210" enet2-port-profile "Remote210" ap-system-profile "remote-RAP" ! ap-group "RT-BOS-Production-AP_grp" virtual-ap "RT-EMPLOYEE-WIFI-vap_prof" virtual-ap "RT-IT-MGMT-WIFI-vap_prof" virtual-ap "RT-GUEST-WIFI-vap_prof" virtual-ap "RT-Maine-Warehouse-vap_prof" ! ap-group "RT-ERD-Production-AP_grp" virtual-ap "RT-EMPLOYEE-WIFI-vap_prof" virtual-ap "RT-GUEST-WIFI-vap_prof" virtual-ap "RT-ERD-Tech-SVC" ! ap-group "RT-MAR-Production-AP_grp" virtual-ap "RT-EMPLOYEE-WIFI-vap_prof" virtual-ap "Tunneled_Guest" ! ap-group "RT-MHT-Production-AP_grp" virtual-ap "RT-EMPLOYEE-WIFI-vap_prof" virtual-ap "RT-IT-MGMT-WIFI-vap_prof" virtual-ap "Tunneled_Guest" ! ap-group "RT-MIL-Prodcution-AP_grp" virtual-ap "RT-EMPLOYEE-WIFI-vap_prof" virtual-ap "Tunneled_Guest" ! ap-group "RT-NH-Production-AP_grp" virtual-ap "RT-EMPLOYEE-WIFI-vap_prof" virtual-ap "RT-IT-MGMT-WIFI-vap_prof" virtual-ap "Tunneled_Guest" ! ap-group "RT-PTL-Production-AP_grp" virtual-ap "RT-EMPLOYEE-WIFI-vap_prof" virtual-ap "RT-IT-MGMT-WIFI-vap_prof" virtual-ap "Tunneled_Guest" ! ap-group "RT-PTL-WH-Production-AP grp" virtual-ap "RT-EMPLOYEE-WIFI-vap_prof" virtual-ap "RT-GUEST-WIFI-vap_prof" virtual-ap "RT-Maine-Warehouse-vap_prof" ! ap-group "RT-SMALL-OFFICES" virtual-ap "RT-EMPLOYEE-WIFI-vap_prof" virtual-ap "Tunneled_Guest" ! ap-group "RT-SPR-Production-AP" ! ap-group "RT-STM-Production-AP_grp" virtual-ap "RT-EMPLOYEE-WIFI-vap_prof" virtual-ap "RT-IT-MGMT-WIFI-vap_prof" virtual-ap "Tunneled_Guest" ! ap-group "RT-WIL-Production-AP_grp" virtual-ap "RT-EMPLOYEE-WIFI-vap_prof" virtual-ap "RT-IT-MGMT-WIFI-vap_prof" virtual-ap "RT-GUEST-WIFI-vap_prof" virtual-ap "RT-Maine-Warehouse-vap_prof" ! ap-group "RT-WLSTN-WH-Production-AP grp" virtual-ap "RT-EMPLOYEE-WIFI-vap_prof" virtual-ap "RT-GUEST-WIFI-vap_prof" virtual-ap "VTwarehse-vap_prof" ! ap-name "Steelcase_AP" ! airgroup cppm-server aaa ! logging level debugging network process dhcpd subcat dhcp logging level warnings security subcat ids logging level warnings security subcat ids-ap logging level debugging user-debug 20:10:7a:b3:3c:c5 logging level debugging user-debug 20:10:7a:b3:3c:d5 snmp-server enable trap snmp-server trap source 0.0.0.0 snmp-server trap disable wlsxAdhocNetwork snmp-server trap disable wlsxAdhocNetworkBridgeDetectedAP snmp-server trap disable wlsxAdhocNetworkBridgeDetectedSta snmp-server trap disable wlsxAdhocUsingValidSSID snmp-server trap disable wlsxAuthMaxAclEntries snmp-server trap disable wlsxAuthMaxBWContracts snmp-server trap disable wlsxAuthMaxUserEntries snmp-server trap disable wlsxAuthServerIsUp snmp-server trap disable wlsxAuthServerReqTimedOut snmp-server trap disable wlsxAuthServerTimedOut snmp-server trap disable wlsxChannelChanged snmp-server trap disable wlsxCoverageHoleDetected snmp-server trap disable wlsxDBCommunicationFailure snmp-server trap disable wlsxDisconnectStationAttack snmp-server trap disable wlsxESIServerDown snmp-server trap disable wlsxESIServerUp snmp-server trap disable wlsxFanFailure snmp-server trap disable wlsxFanTrayInserted snmp-server trap disable wlsxFanTrayRemoved snmp-server trap disable wlsxGBICInserted snmp-server trap disable wlsxIpSpoofingDetected snmp-server trap disable wlsxLCInserted snmp-server trap disable wlsxLCRemoved snmp-server trap disable wlsxLicenseExpiry snmp-server trap disable wlsxLowMemory snmp-server trap disable wlsxLowOnFlashSpace snmp-server trap disable wlsxOutOfRangeTemperature snmp-server trap disable wlsxOutOfRangeVoltage snmp-server trap disable wlsxPowerSupplyFailure snmp-server trap disable wlsxPowerSupplyMissing snmp-server trap disable wlsxProcessDied snmp-server trap disable wlsxProcessExceedsMemoryLimits snmp-server trap disable wlsxSCInserted snmp-server trap disable wlsxSignatureMatch snmp-server trap disable wlsxStaUnAssociatedFromUnsecureAP snmp-server trap disable wlsxStationAddedToBlackList snmp-server trap disable wlsxStationRemovedFromBlackList snmp-server trap disable wlsxSwitchIPChanged snmp-server trap disable wlsxSwitchRoleChange snmp-server trap disable wlsxUserAuthenticationFailed snmp-server trap disable wlsxUserEntryAuthenticated snmp-server trap disable wlsxUserEntryChanged snmp-server trap disable wlsxUserEntryCreated snmp-server trap disable wlsxUserEntryDeAuthenticated snmp-server trap disable wlsxUserEntryDeleted snmp-server trap disable wlsxVrrpStateChange process monitor log ip probe default mode Ping frequency 10 retries 3 burst-size 5 ! activate periodic-sync enable end