Building Configuration... version 6.1 enable secret "******" telnet cli hostname "Aruba620" clock timezone PST -8 location "Building1.floor1" controller config 16 ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0 ip access-list eth validuserethacl permit any ! netservice svc-snmp-trap udp 162 netservice svc-netbios-dgm udp 138 netservice svc-pcoip2-tcp tcp 4172 netservice svc-dhcp udp 67 68 netservice svc-smb-tcp tcp 445 netservice svc-https tcp 443 netservice svc-ike udp 500 netservice svc-l2tp udp 1701 netservice svc-syslog udp 514 netservice svc-citrix tcp 2598 netservice svc-pptp tcp 1723 --More-- (q) quit (u) pageup (/) search (n) repeat netservice svc-ica tcp 1494 netservice svc-telnet tcp 23 netservice svc-sccp tcp 2000 netservice svc-sec-papi udp 8209 netservice svc-tftp udp 69 netservice svc-kerberos udp 88 netservice svc-sip-tcp tcp 5060 netservice svc-netbios-ssn tcp 139 netservice svc-lpd tcp 515 netservice svc-pop3 tcp 110 netservice svc-adp udp 8200 netservice svc-cfgm-tcp tcp 8211 netservice svc-noe udp 32512 netservice svc-http-proxy3 tcp 8888 netservice svc-pcoip-tcp tcp 50002 netservice svc-pcoip-udp udp 50002 netservice svc-dns udp 53 netservice svc-msrpc-tcp tcp 135 139 netservice svc-rtsp tcp 554 netservice svc-http tcp 80 netservice svc-vocera udp 5002 netservice svc-h323-tcp tcp 1720 netservice svc-h323-udp udp 1718 1719 --More-- (q) quit (u) pageup (/) search (n) repeat netservice svc-nterm tcp 1026 1028 netservice svc-sip-udp udp 5060 netservice svc-http-proxy2 tcp 8080 netservice svc-papi udp 8211 netservice svc-noe-oxo udp 5000 alg noe netservice svc-ftp tcp 21 netservice svc-natt udp 4500 netservice svc-svp 119 netservice svc-microsoft-ds tcp 445 netservice svc-gre 47 netservice svc-smtp tcp 25 netservice svc-smb-udp udp 445 netservice svc-sips tcp 5061 netservice svc-netbios-ns udp 137 netservice svc-esp 50 netservice svc-ipp-tcp tcp 631 netservice svc-bootp udp 67 69 netservice svc-snmp udp 161 netservice svc-v6-dhcp udp 546 547 netservice svc-pcoip2-udp udp 4172 netservice svc-icmp 1 netservice svc-ntp udp 123 netservice svc-msrpc-udp udp 135 139 --More-- (q) quit (u) pageup (/) search (n) repeat netservice svc-ssh tcp 22 netservice svc-ipp-udp udp 631 netservice svc-http-proxy1 tcp 3128 netservice svc-v6-icmp 58 netservice svc-vmware-rdp tcp 3389 netexthdr default ! ip access-list session allow-diskservices any any svc-netbios-dgm permit any any svc-netbios-ssn permit any any svc-microsoft-ds permit any any svc-netbios-ns permit ! ip access-list session control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-papi permit any any svc-sec-papi permit any any svc-cfgm-tcp permit any any svc-adp permit any any svc-tftp permit any any svc-dhcp permit --More-- (q) quit (u) pageup (/) search (n) repeat any any svc-natt permit ! ip access-list session v6-icmp-acl ipv6 any any svc-v6-icmp permit ! ip access-list session validuser network 169.254.0.0 255.255.0.0 any any deny any any any permit ipv6 any any any permit ! ip access-list session vocera-acl any any svc-vocera permit queue high ! ip access-list session v6-https-acl ipv6 any any svc-https permit ! ip access-list session vmware-acl any any svc-vmware-rdp permit tos 46 dot1p-priority 6 any any svc-pcoip-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip-udp permit tos 46 dot1p-priority 6 any any svc-pcoip2-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip2-udp permit tos 46 dot1p-priority 6 ! --More-- (q) quit (u) pageup (/) search (n) repeat ip access-list session icmp-acl any any svc-icmp permit ! ip access-list session captiveportal user alias controller svc-https dst-nat 8081 user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 user any svc-http-proxy1 dst-nat 8088 user any svc-http-proxy2 dst-nat 8088 user any svc-http-proxy3 dst-nat 8088 ! ip access-list session v6-dhcp-acl ipv6 any any svc-v6-dhcp permit ! ip access-list session allowall any any any permit ipv6 any any any permit ! ip access-list session v6-dns-acl ipv6 any any svc-dns permit ! ip access-list session sip-acl any any svc-sip-udp permit queue high --More-- (q) quit (u) pageup (/) search (n) repeat any any svc-sip-tcp permit queue high ! ip access-list session https-acl any any svc-https permit ! ip access-list session dns-acl any any svc-dns permit ! ip access-list session ra-guard ipv6 user any icmpv6 rtr-adv deny ! ip access-list session citrix-acl any any svc-citrix permit tos 46 dot1p-priority 6 any any svc-ica permit tos 46 dot1p-priority 6 ! ip access-list session allow-printservices any any svc-lpd permit any any svc-ipp-tcp permit any any svc-ipp-udp permit ! ip access-list session logon-control user any udp 68 deny any any svc-icmp permit --More-- (q) quit (u) pageup (/) search (n) repeat any any svc-dns permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session vpnlogon user any svc-ike permit user any svc-esp permit any any svc-l2tp permit any any svc-pptp permit any any svc-gre permit ! ip access-list session srcnat user any any src-nat ! ip access-list session skinny-acl any any svc-sccp permit queue high ! ip access-list session tftp-acl any any svc-tftp permit ! ip access-list session v6-allowall ipv6 any any any permit ! --More-- (q) quit (u) pageup (/) search (n) repeat ip access-list session cplogout user alias controller svc-https dst-nat 8081 ! ip access-list session captiveportal6 ipv6 user alias controller6 svc-https captive ipv6 user any svc-http captive ipv6 user any svc-https captive ipv6 user any svc-http-proxy1 captive ipv6 user any svc-http-proxy2 captive ipv6 user any svc-http-proxy3 captive ! ip access-list session dhcp-acl any any svc-dhcp permit ! ip access-list session http-acl any any svc-http permit ! ip access-list session v6-http-acl ipv6 any any svc-http permit ! ip access-list session ap-uplink-acl any any udp 68 permit any any svc-icmp permit --More-- (q) quit (u) pageup (/) search (n) repeat any host 224.0.0.251 udp 5353 permit ! ip access-list session ap-acl any any svc-gre permit any any svc-syslog permit any user svc-snmp permit user any svc-snmp-trap permit user any svc-ntp permit user alias controller svc-ftp permit ! ip access-list session svp-acl any any svc-svp permit queue high user host 224.0.1.116 any permit ! ip access-list session noe-acl any any svc-noe permit queue high ! ip access-list session h323-acl any any svc-h323-tcp permit queue high any any svc-h323-udp permit queue high ! ip access-list session v6-logon-control ipv6 user any udp 68 deny --More-- (q) quit (u) pageup (/) search (n) repeat ipv6 any any svc-v6-icmp permit ipv6 any any svc-v6-dhcp permit ipv6 any any svc-dns permit ! vpn-dialer default-dialer ike authentication PRE-SHARE ****** ! user-role ap-role access-list session control access-list session ap-acl ! user-role default-vpn-role access-list session allowall access-list session v6-allowall ! user-role voice access-list session sip-acl access-list session noe-acl access-list session svp-acl access-list session vocera-acl access-list session skinny-acl access-list session h323-acl access-list session dhcp-acl --More-- (q) quit (u) pageup (/) search (n) repeat access-list session tftp-acl access-list session dns-acl access-list session icmp-acl ! user-role default-via-role access-list session allowall ! user-role guest-logon captive-portal "default" access-list session logon-control access-list session captiveportal access-list session v6-logon-control access-list session captiveportal6 ! user-role guest access-list session http-acl access-list session https-acl access-list session dhcp-acl access-list session icmp-acl access-list session dns-acl access-list session v6-http-acl access-list session v6-https-acl access-list session v6-dhcp-acl --More-- (q) quit (u) pageup (/) search (n) repeat access-list session v6-icmp-acl access-list session v6-dns-acl ! user-role stateful-dot1x ! user-role authenticated access-list session allowall access-list session v6-allowall ! user-role logon access-list session logon-control access-list session captiveportal access-list session vpnlogon access-list session v6-logon-control access-list session captiveportal6 ! ! interface mgmt shutdown ! dialer group evdo_us --More-- (q) quit (u) pageup (/) search (n) repeat init-string ATQ0V1E0 dial-string ATDT#777 ! dialer group gsm_us init-string AT+CGDCONT=1,"IP","ISP.CINGULAR" dial-string ATD*99# ! dialer group gsm_asia init-string AT+CGDCONT=1,"IP","internet" dial-string ATD*99***1# ! dialer group vivo_br init-string AT+CGDCONT=1,"IP","zap.vivo.com.br" dial-string ATD*99# ! --More-- (q) quit (u) pageup (/) search (n) repeat interface fastethernet 1/0 description "FE1/0" trusted trusted vlan 1-4094 ! interface fastethernet 1/1 description "FE1/1" trusted trusted vlan 1-4094 switchport access vlan 10 ! interface fastethernet 1/2 description "FE1/2" trusted trusted vlan 1-4094 ! interface fastethernet 1/3 description "FE1/3" trusted trusted vlan 1-4094 --More-- (q) quit (u) pageup (/) search (n) repeat ! interface fastethernet 1/4 description "FE1/4" trusted trusted vlan 1-4094 ! interface fastethernet 1/5 description "FE1/5" trusted trusted vlan 1-4094 ! interface fastethernet 1/6 description "FE1/6" trusted trusted vlan 1-4094 ! interface fastethernet 1/7 description "FE1/7" trusted --More-- (q) quit (u) pageup (/) search (n) repeat trusted vlan 1-4094 ! interface gigabitethernet 1/8 description "GE1/8" trusted trusted vlan 1-4094 ! interface vlan 1 ip address 192.168.15.210 255.255.255.0 ip helper-address 192.168.15.210 ! ip default-gateway 192.168.15.99 no uplink wired vlan 1 uplink disable ap mesh-recovery-profile cluster Recovery5hRRdfLebaVoXDXb wpa-hexkey dab7e8c552b0cc2969f691b6379d4a800ffa18aba84ca8d8dd92425fefa886a8e6525f0a3055b71b5b4114f9a91cc55f97a255fcdad4a08accf3b3b0b88e955e2eb73accc0f60fd88290632d288a2a2a crypto isakmp policy 20 encryption aes256 --More-- (q) quit (u) pageup (/) search (n) repeat ! crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac crypto dynamic-map default-dynamicmap 10000 set transform-set "default-transform" "default-aes" ! crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-mschapv2 vpdn group l2tp ! ip dhcp excluded-address 192.168.15.1 192.168.15.211 ip dhcp pool test default-router 192.168.15.210 dns-server 192.168.15.99 network 192.168.15.0 255.255.255.0 authoritative ! --More-- (q) quit (u) pageup (/) search (n) repeat service dhcp ! vpdn group pptp ! tunneled-node-address 0.0.0.0 adp discovery enable adp igmp-join enable adp igmp-vlan 0 voice rtcp-inactivity disable voice sip-midcall-req-timeout disable ap ap-blacklist-time 3600 ssh mgmt-auth username/password mgmt-user admin root e4d2f49401bbfb9988453eea779c7748bb1cf12b517204fad0 mgmt-user localauth-disable --More-- (q) quit (u) pageup (/) search (n) repeat no database synchronize database synchronize rf-plan-data ip mobile domain default ! ip igmp ! ipv6 mld ! no firewall attack-rate cp 1024 ipv6 firewall ext-hdr-parse-len 100 ! firewall cp ! firewall cp packet-capture-defaults tcp disable udp disable sysmsg disable other disable --More-- (q) quit (u) pageup (/) search (n) repeat ! ip domain lookup ! country IN aaa authentication mac "default" ! aaa authentication dot1x "default" machine-authentication enable machine-authentication machine-default-role "authenticated" machine-authentication user-default-role "authenticated" no cert-cn-lookup ! aaa server-group "default" auth-server Internal set role condition role value-of ! aaa profile "default" mac-default-role "logon" ! aaa profile "NSPL" initial-role "authenticated" mac-default-role "logon" dot1x-default-role "logon" --More-- (q) quit (u) pageup (/) search (n) repeat ! aaa authentication captive-portal "default" default-role "authenticated" default-guest-role "authenticated" single-session ! aaa authentication wispr "default" ! aaa authentication vpn "default" ! aaa authentication vpn "default-rap" ! aaa authentication mgmt ! aaa authentication stateful-ntlm "default" ! aaa authentication stateful-kerberos "default" ! aaa authentication stateful-dot1x default-role "authenticated" ! aaa authentication wired ! --More-- (q) quit (u) pageup (/) search (n) repeat web-server ! papi-security ! guest-access-email ! voice logging ! voice dialplan-profile "default" ! voice real-time-config ! voice sip ! aaa password-policy mgmt ! control-plane-security ! ids wms-general-profile poll-retries 3 ! ids wms-local-system-profile ! --More-- (q) quit (u) pageup (/) search (n) repeat valid-network-oui-profile ! ap system-profile "default" ! ap system-profile "NSPL" ! ap regulatory-domain-profile "default" country-code IN valid-11g-channel 1 valid-11g-channel 6 valid-11g-channel 11 valid-11a-channel 36 valid-11a-channel 40 valid-11a-channel 44 valid-11a-channel 48 valid-11a-channel 52 valid-11a-channel 56 valid-11a-channel 60 valid-11a-channel 64 valid-11a-channel 149 valid-11a-channel 153 valid-11a-channel 157 valid-11a-channel 161 --More-- (q) quit (u) pageup (/) search (n) repeat valid-11a-channel 165 valid-11g-40mhz-channel-pair 1-5 valid-11g-40mhz-channel-pair 7-11 valid-11a-40mhz-channel-pair 36-40 valid-11a-40mhz-channel-pair 44-48 valid-11a-40mhz-channel-pair 149-153 valid-11a-40mhz-channel-pair 157-161 ! ap regulatory-domain-profile "NSPL" country-code IN valid-11g-channel 1 valid-11g-channel 6 valid-11g-channel 11 valid-11a-channel 36 valid-11a-channel 40 valid-11a-channel 44 valid-11a-channel 48 valid-11a-channel 52 valid-11a-channel 56 valid-11a-channel 60 valid-11a-channel 64 valid-11a-channel 149 valid-11a-channel 153 --More-- (q) quit (u) pageup (/) search (n) repeat valid-11a-channel 157 valid-11a-channel 161 valid-11a-channel 165 valid-11g-40mhz-channel-pair 1-5 valid-11g-40mhz-channel-pair 7-11 valid-11a-40mhz-channel-pair 36-40 valid-11a-40mhz-channel-pair 44-48 valid-11a-40mhz-channel-pair 149-153 valid-11a-40mhz-channel-pair 157-161 ! ap wired-ap-profile "default" ! ap enet-link-profile "default" ! ap enet-link-profile "NSPL" ! ap mesh-ht-ssid-profile "default" ! ap mesh-cluster-profile "default" ! ap wired-port-profile "default" bridge-role "authenticated" ! --More-- (q) quit (u) pageup (/) search (n) repeat ap mesh-radio-profile "default" ! ids general-profile "default" ! ids unauthorized-device-profile "default" ! ids profile "default" ! rf arm-profile "arm-maintain" assignment maintain no scanning ! rf arm-profile "arm-scan" ! rf arm-profile "default" assignment multi-band ! rf ht-radio-profile "default-a" 40MHz-intolerance ! rf ht-radio-profile "NSPL" 40MHz-intolerance ! --More-- (q) quit (u) pageup (/) search (n) repeat rf optimization-profile "default" ! rf optimization-profile "NSPL" ! rf event-thresholds-profile "default" ! rf am-scan-profile "default" ! rf dot11a-radio-profile "default" ! rf dot11a-radio-profile "NSPL" spectrum-load-balancing ! rf dot11a-radio-profile "rp-maintain-a" arm-profile "arm-maintain" ! rf dot11a-radio-profile "rp-monitor-a" mode am-mode ! rf dot11a-radio-profile "rp-scan-a" arm-profile "arm-scan" ! rf dot11g-radio-profile "default" --More-- (q) quit (u) pageup (/) search (n) repeat ! rf dot11g-radio-profile "NSPL" spectrum-load-balancing ! rf dot11g-radio-profile "rp-maintain-g" arm-profile "arm-maintain" ! rf dot11g-radio-profile "rp-monitor-g" mode am-mode ! rf dot11g-radio-profile "rp-scan-g" arm-profile "arm-scan" ! wlan dot11k-profile "default" ! wlan voip-cac-profile "default" ! wlan ht-ssid-profile "default" temporal-diversity ! wlan ht-ssid-profile "NSPL" temporal-diversity ! --More-- (q) quit (u) pageup (/) search (n) repeat wlan edca-parameters-profile station "default" ! wlan edca-parameters-profile ap "default" ! wlan ssid-profile "default" essid "NSPL" ! wlan ssid-profile "NSPL" essid "NSPL" wmm no disable-probe-retry ht-ssid-profile "NSPL" ! wlan virtual-ap "default" aaa-profile "default-open" ssid-profile "NSPL" no blacklist ! wlan virtual-ap "NSPL" aaa-profile "NSPL" ssid-profile "NSPL" no mobile-ip no blacklist --More-- (q) quit (u) pageup (/) search (n) repeat disable-ra-mcast-to-ucast band-steering ! ap provisioning-profile "default" ! ap-group "default" virtual-ap "default" dot11a-radio-profile "NSPL" dot11g-radio-profile "NSPL" ! ap-group "NSPL" virtual-ap "NSPL" dot11a-radio-profile "NSPL" dot11g-radio-profile "NSPL" ! logging level warnings security subcat ids logging level warnings security subcat ids-ap logging level debugging user-debug 00:00:00:00:00:00 snmp-server enable trap process monitor log --More-- (q) quit (u) pageup (/) search (n) repeat service network-storage service print-server network-printer max-jobs 500 network-printer max-clients-per-host 10 network-printer max-clients 10 end (Aruba620) #