show running-config Building Configuration... version 6.3 enable secret "******" telnet cli hostname "Aruba3400" clock timezone PST 8 location "Building1.floor1" controller config 67 ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0 ip access-list eth validuserethacl permit any ! netservice svc-pcoip2-tcp tcp 4172 netservice svc-netbios-dgm udp 138 netservice svc-snmp-trap udp 162 netservice svc-citrix tcp 2598 netservice svc-syslog udp 514 netservice svc-l2tp udp 1701 netservice svc-ike udp 500 netservice svc-https tcp 443 netservice svc-smb-tcp tcp 445 netservice svc-dhcp udp 67 68 alg dhcp netservice svc-ica tcp 1494 netservice svc-pptp tcp 1723 --More-- (q) quit (u) pageup (/) search (n) repeat netservice svc-sccp tcp 2000 alg sccp netservice svc-telnet tcp 23 netservice svc-sec-papi udp 8209 netservice svc-lpd tcp 515 netservice svc-netbios-ssn tcp 139 netservice svc-sip-tcp tcp 5060 netservice svc-kerberos udp 88 netservice svc-tftp udp 69 alg tftp netservice svc-pcoip-udp udp 50002 netservice svc-pcoip-tcp tcp 50002 netservice svc-http-proxy3 tcp 8888 netservice svc-noe udp 32512 alg noe netservice svc-cfgm-tcp tcp 8211 netservice svc-adp udp 8200 netservice svc-pop3 tcp 110 netservice svc-rtsp tcp 554 alg rtsp netservice svc-msrpc-tcp tcp 135 139 netservice svc-dns udp 53 alg dns netservice vnc tcp 5900 5905 netservice svc-h323-udp udp 1718 1719 netservice svc-h323-tcp tcp 1720 netservice svc-vocera udp 5002 alg vocera netservice svc-http tcp 80 netservice svc-http-proxy2 tcp 8080 --More-- (q) quit (u) pageup (/) search (n) repeat netservice svc-sip-udp udp 5060 netservice svc-nterm tcp 1026 1028 netservice svc-noe-oxo udp 5000 alg noe netservice svc-papi udp 8211 netservice svc-natt udp 4500 netservice svc-ftp tcp 21 alg ftp netservice svc-microsoft-ds tcp 445 netservice svc-svp 119 alg svp netservice svc-smtp tcp 25 netservice svc-gre 47 netservice web tcp list "80 443" netservice svc-netbios-ns udp 137 netservice svc-sips tcp 5061 alg sips netservice svc-smb-udp udp 445 netservice svc-ipp-tcp tcp 631 netservice svc-esp 50 netservice svc-pcoip2-udp udp 4172 netservice svc-v6-dhcp udp 546 547 netservice svc-snmp udp 161 netservice svc-bootp udp 67 69 netservice svc-msrpc-udp udp 135 139 netservice svc-ntp udp 123 netservice svc-icmp 1 netservice svc-ipp-udp udp 631 --More-- (q) quit (u) pageup (/) search (n) repeat netservice svc-ssh tcp 22 netservice svc-v6-icmp 58 netservice svc-http-proxy1 tcp 3128 netservice svc-vmware-rdp tcp 3389 netdestination6 ipv6-reserved-range invert network 2000::/3 ! netexthdr default ! time-range night-hours periodic weekday 18:01 to 23:59 weekday 00:00 to 07:59 ! time-range weekend periodic weekend 00:00 to 23:59 ! time-range working-hours periodic weekday 08:00 to 18:00 ! ip access-list session v6-icmp-acl ipv6 any any svc-v6-icmp permit ! ip access-list session control --More-- (q) quit (u) pageup (/) search (n) repeat user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-papi permit any any svc-sec-papi permit any any svc-cfgm-tcp permit any any svc-adp permit any any svc-tftp permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session allow-diskservices any any svc-netbios-dgm permit any any svc-netbios-ssn permit any any svc-microsoft-ds permit any any svc-netbios-ns permit ! ip access-list session validuser network 127.0.0.0 255.0.0.0 any any deny network 169.254.0.0 255.255.0.0 any any deny network 224.0.0.0 240.0.0.0 any any deny host 255.255.255.255 any any deny network 240.0.0.0 240.0.0.0 any any deny any any any permit --More-- (q) quit (u) pageup (/) search (n) repeat ipv6 host fe80:: any any deny ipv6 network fc00::/7 any any permit ipv6 network fe80::/64 any any permit ipv6 alias ipv6-reserved-range any any deny ipv6 any any any permit ! ip access-list session v6-https-acl ipv6 any any svc-https permit ! ip access-list session vocera-acl any any svc-vocera permit queue high ! ip access-list session vmware-acl any any svc-vmware-rdp permit tos 46 dot1p-priority 6 any any svc-pcoip-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip-udp permit tos 46 dot1p-priority 6 any any svc-pcoip2-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip2-udp permit tos 46 dot1p-priority 6 ! ip access-list session icmp-acl any any svc-icmp permit ! ip access-list session v6-control ipv6 user any udp 547 deny --More-- (q) quit (u) pageup (/) search (n) repeat ipv6 any any svc-v6-icmp permit ipv6 any any svc-dns permit ipv6 any any svc-papi permit ipv6 any any svc-sec-papi permit ipv6 any any svc-cfgm-tcp permit ipv6 any any svc-adp permit ipv6 any any svc-tftp permit ipv6 any any svc-dhcp permit ipv6 any any svc-natt permit ! ip access-list session v6-dhcp-acl ipv6 any any svc-v6-dhcp permit ! ip access-list session captiveportal user alias controller svc-https dst-nat 8081 user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 user any svc-http-proxy1 dst-nat 8088 user any svc-http-proxy2 dst-nat 8088 user any svc-http-proxy3 dst-nat 8088 ! ip access-list session v6-dns-acl ipv6 any any svc-dns permit ! --More-- (q) quit (u) pageup (/) search (n) repeat ip access-list session allowall any any any permit ipv6 any any any permit ! ip access-list session https-acl any any svc-https permit ! ip access-list session sip-acl any any svc-sip-udp permit queue high any any svc-sip-tcp permit queue high ! ip access-list session citrix-acl any any svc-citrix permit tos 46 dot1p-priority 6 any any svc-ica permit tos 46 dot1p-priority 6 ! ip access-list session ra-guard ipv6 user any icmpv6 rtr-adv deny ! ip access-list session dns-acl any any svc-dns permit ! ip access-list session v6-allowall ipv6 any any any permit ! --More-- (q) quit (u) pageup (/) search (n) repeat ip access-list session tftp-acl any any svc-tftp permit ! ip access-list session skinny-acl any any svc-sccp permit queue high ! ip access-list session srcnat user any any src-nat ! ip access-list session vpnlogon user any svc-ike permit user any svc-esp permit any any svc-l2tp permit any any svc-pptp permit any any svc-gre permit ! ip access-list session logon-control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit any network 169.254.0.0 255.255.0.0 any deny any network 240.0.0.0 240.0.0.0 any deny --More-- (q) quit (u) pageup (/) search (n) repeat ! ip access-list session allow-printservices any any svc-lpd permit any any svc-ipp-tcp permit any any svc-ipp-udp permit ! ip access-list session cplogout user alias controller svc-https dst-nat 8081 ! ip access-list session v6-http-acl ipv6 any any svc-http permit ! ip access-list session http-acl any any svc-http permit ! ip access-list session dhcp-acl any any svc-dhcp permit ! ip access-list session captiveportal6 ipv6 user alias controller6 svc-https captive ipv6 user any svc-http captive ipv6 user any svc-https captive ipv6 user any svc-http-proxy1 captive ipv6 user any svc-http-proxy2 captive --More-- (q) quit (u) pageup (/) search (n) repeat ipv6 user any svc-http-proxy3 captive ! ip access-list session ap-uplink-acl any any udp 68 permit any any svc-icmp permit any host 224.0.0.251 udp 5353 permit ! ip access-list session noe-acl any any svc-noe permit queue high ! ip access-list session svp-acl any any svc-svp permit queue high user host 224.0.1.116 any permit ! ip access-list session ap-acl any any svc-gre permit any any svc-syslog permit any user svc-snmp permit user any svc-snmp-trap permit user any svc-ntp permit user any svc-ftp permit ! ip access-list session v6-ap-acl ipv6 any any svc-gre permit --More-- (q) quit (u) pageup (/) search (n) repeat ipv6 any any svc-syslog permit ipv6 any user svc-snmp permit ipv6 user any svc-snmp-trap permit ipv6 user any svc-ntp permit ipv6 user any svc-ftp permit ! ip access-list session v6-logon-control ipv6 user any udp 68 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-v6-dhcp permit ipv6 any any svc-dns permit ipv6 any network fc00::/7 any permit ipv6 any network fe80::/64 any permit ipv6 any alias ipv6-reserved-range any deny ! ip access-list session h323-acl any any svc-h323-tcp permit queue high any any svc-h323-udp permit queue high ! vpn-dialer default-dialer ike authentication PRE-SHARE ****** ! dot1x high-watermark 60 dot1x low-watermark 57 --More-- (q) quit (u) pageup (/) search (n) repeat user-role ap-role access-list session ra-guard access-list session control access-list session ap-acl access-list session v6-control access-list session v6-ap-acl ! user-role default-vpn-role access-list session ra-guard access-list session allowall access-list session v6-allowall ! user-role voice access-list session ra-guard access-list session sip-acl access-list session noe-acl access-list session svp-acl access-list session vocera-acl access-list session skinny-acl access-list session h323-acl access-list session dhcp-acl access-list session tftp-acl access-list session dns-acl access-list session icmp-acl --More-- (q) quit (u) pageup (/) search (n) repeat ! user-role default-via-role access-list session allowall ! user-role guest-logon captive-portal "default" access-list session ra-guard access-list session logon-control access-list session captiveportal access-list session v6-logon-control access-list session captiveportal6 access-list session http-acl access-list session https-acl ! user-role guest access-list session ra-guard access-list session http-acl access-list session https-acl access-list session dhcp-acl access-list session icmp-acl access-list session dns-acl access-list session v6-http-acl access-list session v6-https-acl access-list session v6-dhcp-acl --More-- (q) quit (u) pageup (/) search (n) repeat access-list session v6-icmp-acl access-list session v6-dns-acl ! user-role stateful-dot1x ! user-role authenticated access-list session ra-guard access-list session allowall access-list session v6-allowall ! user-role logon access-list session ra-guard access-list session logon-control access-list session captiveportal access-list session vpnlogon access-list session v6-logon-control access-list session captiveportal6 ! ! controller-ip vlan 10 interface mgmt shutdown ! --More-- (q) quit (u) pageup (/) search (n) repeat dialer group evdo_us init-string ATQ0V1E0 dial-string ATDT#777 ! dialer group gsm_us init-string AT+CGDCONT=1,"IP","ISP.CINGULAR" dial-string ATD*99# ! dialer group gsm_asia init-string AT+CGDCONT=1,"IP","internet" dial-string ATD*99***1# ! dialer group vivo_br init-string AT+CGDCONT=1,"IP","zap.vivo.com.br" dial-string ATD*99# ! vlan 10 --More-- (q) quit (u) pageup (/) search (n) repeat vlan 11 vlan 12 vlan 20 vlan 30 vlan 40 interface gigabitethernet 1/0 description "GE1/0" trusted trusted vlan 1-4094 ! interface gigabitethernet 1/1 description "GE1/1" trusted trusted vlan 1,10-12,20,30,40 switchport mode trunk switchport trunk allowed vlan 10,20,30,40 ! interface gigabitethernet 1/2 description "GE1/2" trusted --More-- (q) quit (u) pageup (/) search (n) repeat trusted vlan 1-4094 ! interface gigabitethernet 1/3 description "GE1/3" trusted trusted vlan 1-4094 ! interface vlan 10 ip address 10.101.232.99 255.255.255.0 ! interface vlan 1 ip address 172.16.0.254 255.255.255.0 ! interface vlan 40 ip address 10.105.186.2 255.255.255.0 ! ip default-gateway 10.101.232.100 uplink disable --More-- (q) quit (u) pageup (/) search (n) repeat ap mesh-recovery-profile cluster Recovery4FfcKnyYmM0mMXEn wpa-hexkey abc3b5fd598fde266183081b46f11cffd93701c3053710df8cfa1b4381acfdeff927433be1bf13d93997b34c6832f970051dc3b83c54005d4cee63ed2b87033613f52180de222cf7b940f1c439c8cae0 crypto isakmp policy 20 encryption aes256 ! crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac crypto dynamic-map default-dynamicmap 10000 set transform-set "default-transform" "default-aes" ! crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-mschapv2 vpdn group l2tp ! --More-- (q) quit (u) pageup (/) search (n) repeat ! vpdn group pptp ! tunneled-node-address 0.0.0.0 adp discovery enable adp igmp-join enable adp igmp-vlan 0 voice rtcp-inactivity disable voice alg-based-cac enable voice sip-midcall-req-timeout disable ap ap-blacklist-time 3600 ap flush-r1-on-new-r0 disable mgmt-user admin root 9a9c9baf0151e45f37dfbfc5689c4895fea07a2d7fe4ca160e mgmt-user manager guest-provisioning 5ddcbbdc01e61e2704018f2e3e3b435dbbec875323965ce09f --More-- (q) quit (u) pageup (/) search (n) repeat no database synchronize ip mobile domain default ! ! ! airgroup "enable" ! airgroup location-discovery "enable" ! ! airgroup active-wireless-discovery "disable" ! airgroupservice "airplay" id "_airplay._tcp" id "_raop._tcp" id "_appletv-v2._tcp" description "AirPlay" ! airgroupservice "airprint" id "_ipp._tcp" id "_pdl-datastream._tcp" id "_printer._tcp" id "_scanner._tcp" --More-- (q) quit (u) pageup (/) search (n) repeat id "_universal._sub._ipp._tcp" id "_universal._sub._ipps._tcp" id "_printer._sub._http._tcp" id "_http._tcp" id "_http-alt._tcp" id "_ipp-tls._tcp" id "_fax-ipp._tcp" id "_riousbprint._tcp" id "_cups._sub._ipp._tcp" id "_cups._sub._fax-ipp._tcp" id "_ica-networking._tcp" id "_ptp._tcp" id "_canon-bjnp1._tcp" id "_ipps._tcp" id "_ica-networking2._tcp" description "AirPrint" ! airgroupservice "itunes" id "_home-sharing._tcp" id "_apple-mobdev._tcp" id "_daap._tcp" id "_dacp._tcp" description "iTunes" ! --More-- (q) quit (u) pageup (/) search (n) repeat airgroupservice "remotemgmt" id "_ssh._tcp" id "_sftp-ssh._tcp" id "_ftp._tcp" id "_telnet._tcp" id "_rfb._tcp" id "_net-assistant._tcp" description "Remote management" ! airgroupservice "sharing" id "_odisk._tcp" id "_afpovertcp._tcp" id "_xgrid._tcp" description "Sharing" ! airgroupservice "chat" id "_presence._tcp" description "Chat" ! airgroupservice "allowall" description "Remaining-Services" ! airgroup service "airplay" enable ! --More-- (q) quit (u) pageup (/) search (n) repeat airgroup service "airprint" enable ! airgroup service "itunes" disable ! airgroup service "remotemgmt" disable ! airgroup service "sharing" disable ! airgroup service "chat" disable ! airgroup service "allowall" disable ! ip igmp ! ipv6 mld ! no firewall attack-rate cp 1024 ipv6 firewall ext-hdr-parse-len 100 ! --More-- (q) quit (u) pageup (/) search (n) repeat ! firewall cp ! ip domain lookup ! country MY aaa authentication mac "default" ! aaa authentication dot1x "default" ! aaa authentication dot1x "dot1x_prof-hou64" ! aaa authentication-server radius "SRBB2NPSSRV1" host "10.101.232.212" key 7df7dfe7f0468f03920f8e914200aa13a582e993fc932f6927db4c048699e7be ! aaa server-group "default" auth-server Internal set role condition role value-of ! aaa server-group "Guest_WLAN_srvgrp-qgl85" auth-server Internal ! aaa server-group "Radius_ Accounting" --More-- (q) quit (u) pageup (/) search (n) repeat auth-server SRBB2NPSSRV1 ! aaa server-group "SRBB2-CIMS_srvgrp-dzc80" auth-server SRBB2NPSSRV1 set vlan condition Tunnel-Private-Group-Id equals "20" set-value 20 set vlan condition Tunnel-Private-Group-Id equals "30" set-value 20 ! aaa server-group "test_srvgrp-mtq25" auth-server Internal ! aaa profile "default" ! aaa profile "SRBB2-CIMS-aaa_prof" authentication-dot1x "dot1x_prof-hou64" dot1x-default-role "authenticated" dot1x-server-group "SRBB2-CIMS_srvgrp-dzc80" radius-accounting "Radius_ Accounting" ! aaa profile "test-aaa_prof" initial-role "authenticated" mac-default-role "logon" authentication-dot1x "dot1x_prof-hou64" dot1x-default-role "logon" ! --More-- (q) quit (u) pageup (/) search (n) repeat aaa authentication captive-portal "default" default-role "logon" default-guest-role "guest-logon" protocol-http ip-addr-in-redirection-url "10.105.186.2" ! aaa authentication wispr "default" ! aaa authentication vpn "default" ! aaa authentication vpn "default-rap" ! aaa authentication mgmt ! aaa authentication stateful-ntlm "default" ! aaa authentication stateful-kerberos "default" ! aaa authentication stateful-dot1x ! aaa authentication wired ! web-server web-https-port-443 --More-- (q) quit (u) pageup (/) search (n) repeat ! guest-access-email ! voice logging ! voice dialplan-profile "default" ! voice real-time-config ! voice sip ! aaa password-policy mgmt ! control-plane-security ! ids wms-general-profile ! ids wms-local-system-profile ! valid-network-oui-profile ! upgrade-profile ! license profile --More-- (q) quit (u) pageup (/) search (n) repeat ! activate-service-whitelist ! ifmap cppm ! ap system-profile "apsys_prof-uqk22" ! ap system-profile "default" ! ap regulatory-domain-profile "default" country-code MY valid-11g-channel 1 valid-11g-channel 6 valid-11g-channel 11 valid-11a-channel 52 valid-11a-channel 56 valid-11a-channel 60 valid-11a-channel 64 valid-11a-channel 149 valid-11a-channel 153 valid-11a-channel 157 valid-11a-channel 161 valid-11a-channel 165 valid-11g-40mhz-channel-pair 1-5 --More-- (q) quit (u) pageup (/) search (n) repeat valid-11g-40mhz-channel-pair 7-11 valid-11a-40mhz-channel-pair 36-40 valid-11a-40mhz-channel-pair 44-48 valid-11a-40mhz-channel-pair 52-56 valid-11a-40mhz-channel-pair 60-64 valid-11a-40mhz-channel-pair 149-153 valid-11a-40mhz-channel-pair 157-161 valid-11a-80mhz-channel-group 36-48 valid-11a-80mhz-channel-group 52-64 valid-11a-80mhz-channel-group 149-161 ! ap wired-ap-profile "default" ! ap enet-link-profile "default" ! ap mesh-ht-ssid-profile "default" ! ap lldp med-network-policy-profile "default" ! ap mesh-cluster-profile "default" ! ap lldp profile "default" ! ap mesh-radio-profile "default" --More-- (q) quit (u) pageup (/) search (n) repeat ! ap wired-port-profile "default" ! ids general-profile "default" ! ids unauthorized-device-profile "default" ! ids profile "default" ! rf arm-profile "arm-maintain" assignment maintain no scanning ! rf arm-profile "arm-scan" ! rf arm-profile "default" ! rf optimization-profile "default" ! rf event-thresholds-profile "default" ! rf am-scan-profile "default" ! rf dot11a-radio-profile "default" --More-- (q) quit (u) pageup (/) search (n) repeat ! rf dot11a-radio-profile "rp-maintain-a" arm-profile "arm-maintain" ! rf dot11a-radio-profile "rp-monitor-a" mode am-mode ! rf dot11a-radio-profile "rp-scan-a" arm-profile "arm-scan" ! rf dot11g-radio-profile "default" ! rf dot11g-radio-profile "rp-maintain-g" arm-profile "arm-maintain" ! rf dot11g-radio-profile "rp-monitor-g" mode am-mode ! rf dot11g-radio-profile "rp-scan-g" arm-profile "arm-scan" ! wlan handover-trigger-profile "default" ! wlan rrm-ie-profile "default" --More-- (q) quit (u) pageup (/) search (n) repeat ! wlan bcn-rpt-req-profile "default" ! wlan dot11r-profile "default" ! wlan tsm-req-profile "default" ! wlan voip-cac-profile "default" ! wlan ht-ssid-profile "default" ! wlan ht-ssid-profile "SRBB2-CIMS-htssid_prof" ! wlan ht-ssid-profile "test-htssid_prof" ! wlan hotspot anqp-venue-name-profile "default" ! wlan hotspot anqp-nwk-auth-profile "default" ! wlan hotspot anqp-roam-cons-profile "default" ! wlan hotspot anqp-nai-realm-profile "default" ! wlan hotspot anqp-3gpp-nwk-profile "default" --More-- (q) quit (u) pageup (/) search (n) repeat ! wlan hotspot h2qp-operator-friendly-name-profile "default" ! wlan hotspot h2qp-wan-metrics-profile "default" ! wlan hotspot h2qp-conn-capability-profile "default" ! wlan hotspot h2qp-op-cl-profile "default" ! wlan hotspot anqp-ip-addr-avail-profile "default" ! wlan hotspot anqp-domain-name-profile "default" ! wlan edca-parameters-profile station "default" ! wlan edca-parameters-profile ap "default" ! wlan dot11k-profile "default" ! wlan ssid-profile "default" ! wlan ssid-profile "SRBB2-CIMS-ssid_prof" essid "SRBB2-CIMS" opmode wpa2-aes wpa2-tkip --More-- (q) quit (u) pageup (/) search (n) repeat ht-ssid-profile "SRBB2-CIMS-htssid_prof" ! wlan ssid-profile "test-ssid_prof" essid "test" ht-ssid-profile "test-htssid_prof" ! wlan hotspot advertisement-profile "default" ! wlan hotspot hs2-profile "default" ! wlan virtual-ap "default" ! wlan virtual-ap "SRBB2-CIMS-vap_prof" aaa-profile "SRBB2-CIMS-aaa_prof" ssid-profile "SRBB2-CIMS-ssid_prof" vlan 10,20,30 band-steering ! wlan virtual-ap "test-vap_prof" aaa-profile "test-aaa_prof" ssid-profile "test-ssid_prof" vlan 40 ! ap provisioning-profile "default" --More-- (q) quit (u) pageup (/) search (n) repeat ! rf arm-rf-domain-profile arm-rf-domain-key "1f992dd0c513dbe0d1affa03da1b83a2" ! ap-group "CiMS 1:1" virtual-ap "SRBB2-CIMS-vap_prof" virtual-ap "test-vap_prof" ap-system-profile "apsys_prof-uqk22" ! ap-group "default" ! airgroup cppm-server aaa ! logging level warnings security subcat ids logging level warnings security subcat ids-ap snmp-server enable trap process monitor log end (Aruba3400) #