=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2018.06.07 12:35:06 =~=~=~=~=~=~=~=~=~=~=~= (Aruba3600-US) #show configuration run     version 6.4 enable secret "03c35d4101fac8efa38a85e067f33ac2744ec4d9638a3dc8c3" hostname "Aruba3600-US" clock timezone PST -8 location "Building1.floor1" controller config 6 ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0 ip access-list eth validuserethacl permit any ! netservice svc-sec-papi udp 8209 netservice svc-papi udp 8211 netexthdr default ! ip access-list session validuser network 127.0.0.0 255.0.0.0 any any deny network 169.254.0.0 255.255.0.0 any any deny network 224.0.0.0 240.0.0.0 any any deny host 255.255.255.255 any any deny network 240.0.0.0 240.0.0.0 any any deny any any any permit ipv6 host fe80:: any any deny --More-- (q) quit (u) pageup (/) search (n) repeat ipv6 network fc00::/7 any any permit ipv6 network fe80::/64 any any permit ipv6 alias ipv6-reserved-range any any deny ipv6 any any any permit ! ip access-list session apprf-stateful-dot1x-sacl ! ip access-list session apprf-guest-sacl ! ip access-list session global-sacl ! vpn-dialer default-dialer ike authentication PRE-SHARE 680a0107b121f4796bc343937a0dfc41a6fb78483468eb4a ! user-role ap-role ! user-role guest-logon ! user-role guest access-list session global-sacl access-list session apprf-guest-sacl ! user-role stateful-dot1x --More-- (q) quit (u) pageup (/) search (n) repeat access-list session global-sacl access-list session apprf-stateful-dot1x-sacl ! user-role default-iap-user-role ! user-role logon ! ! controller-ip vlan 1 no kernel coredump interface mgmt shutdown ! dialer group evdo_us init-string ATQ0V1E0 dial-string ATDT#777 ! dialer group gsm_us init-string AT+CGDCONT=1,"IP","ISP.CINGULAR" dial-string ATD*99# ! --More-- (q) quit (u) pageup (/) search (n) repeat dialer group gsm_asia init-string AT+CGDCONT=1,"IP","internet" dial-string ATD*99***1# ! dialer group vivo_br init-string AT+CGDCONT=1,"IP","zap.vivo.com.br" dial-string ATD*99# ! vlan 21 vlan 66 vlan 80 vlan-name Aruba_WiFi vlan Aruba_WiFi 66 vlan-name Default vlan-name Internal_WiFi vlan Internal_WiFi 80 no spanning-tree --More-- (q) quit (u) pageup (/) search (n) repeat interface gigabitethernet 1/0 description "GE1/0" trusted trusted vlan 1-4094 ! interface gigabitethernet 1/1 description "GE1/1" trusted trusted vlan 1-4094 switchport access vlan 66 switchport trunk native vlan 66 ! interface gigabitethernet 1/2 description "GE1/2" trusted trusted vlan 1-4094 switchport access vlan 80 switchport trunk native vlan 80 ! interface gigabitethernet 1/3 --More-- (q) quit (u) pageup (/) search (n) repeat description "GE1/3" trusted trusted vlan 1-4094 ! interface vlan 1 ip address 10.0.21.2 255.255.255.0 ! interface vlan 66 ip address 10.0.66.1 255.255.254.0 ip helper-address 10.0.66.1 bcmc-optimization ! interface vlan 80 ip address 10.0.80.1 255.255.255.0 ip helper-address 10.0.80.1 bcmc-optimization ! interface vlan 21 ! --More-- (q) quit (u) pageup (/) search (n) repeat ! ! ip default-gateway 10.0.21.1 uplink disable crypto isakmp policy 10001 ! crypto isakmp policy 10002 encryption aes256 authentication rsa-sig ! crypto isakmp policy 10003 encryption aes256 ! crypto isakmp policy 10004 version v2 encryption aes256 authentication rsa-sig ! crypto isakmp policy 10005 --More-- (q) quit (u) pageup (/) search (n) repeat encryption aes256 ! crypto isakmp policy 10006 version v2 encryption aes128 authentication rsa-sig ! crypto isakmp policy 10007 version v2 encryption aes128 ! crypto isakmp policy 10008 version v2 encryption aes128 hash sha2-256-128 group 19 authentication ecdsa-256 prf prf-hmac-sha256 ! crypto isakmp policy 10009 --More-- (q) quit (u) pageup (/) search (n) repeat version v2 encryption aes256 hash sha2-384-192 group 20 authentication ecdsa-384 prf prf-hmac-sha384 ! crypto isakmp policy 10012 version v2 encryption aes256 authentication rsa-sig ! crypto isakmp policy 10013 encryption aes256 ! crypto ipsec transform-set default-ha-transform esp-3des esp-sha-hmac crypto ipsec transform-set default-boc-bm-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-1st-ikev2-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-3rd-ikev2-transform esp-aes128 esp-sha-hmac crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac crypto dynamic-map default-rap-ipsecmap 10001 --More-- (q) quit (u) pageup (/) search (n) repeat version v2 set transform-set "default-gcm256" "default-gcm128" "default-rap-transform" ! crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-mschapv2 vpdn group l2tp ! ip dhcp pool default-pool dns-server 172.16.0.254 lease 0 0 10 0 no vendor-class-identifier network 172.16.0.0 255.255.255.0 authoritative ! --More-- (q) quit (u) pageup (/) search (n) repeat ! vpdn group pptp ! tunneled-node-address 0.0.0.0 adp discovery enable adp igmp-join enable adp igmp-vlan 0 ap ap-blacklist-time 3600 ap flush-r1-on-new-r0 disable amon msg-buffer-size 32768 stm mon-update-queue 84480 no ssh mgmt-auth public-key ssh mgmt-auth username/password mgmt-user admin root bf82c6b20121cedf5e98915e289002060e8370f5748a5db72c ntp server 132.163.96.1 --More-- (q) quit (u) pageup (/) search (n) repeat no database synchronize ip mobile domain default ! ! ! airgroup mdns "disable" ! airgroup dlna "disable" ! airgroup location-discovery "enable" ! ! airgroup active-wireless-discovery "disable" ! airgroupservice "airplay" id "_airplay._tcp" id "_raop._tcp" id "_appletv-v2._tcp" description "AirPlay" ! airgroupservice "airprint" id "_ipp._tcp" --More-- (q) quit (u) pageup (/) search (n) repeat id "_pdl-datastream._tcp" id "_printer._tcp" id "_scanner._tcp" id "_http._tcp" id "_http-alt._tcp" id "_ipp-tls._tcp" id "_fax-ipp._tcp" id "_riousbprint._tcp" id "_ica-networking._tcp" id "_ptp._tcp" id "_canon-bjnp1._tcp" id "_ipps._tcp" id "_ica-networking2._tcp" description "AirPrint" ! airgroupservice "itunes" id "_home-sharing._tcp" id "_apple-mobdev._tcp" id "_daap._tcp" id "_dacp._tcp" description "iTunes" ! airgroupservice "remotemgmt" id "_ssh._tcp" --More-- (q) quit (u) pageup (/) search (n) repeat id "_sftp-ssh._tcp" id "_ftp._tcp" id "_telnet._tcp" id "_rfb._tcp" id "_net-assistant._tcp" description "Remote management" ! airgroupservice "sharing" id "_odisk._tcp" id "_afpovertcp._tcp" id "_xgrid._tcp" description "Sharing" ! airgroupservice "chat" id "_presence._tcp" description "Chat" ! airgroupservice "googlecast" id "_googlecast._tcp" description "GoogleCast supported by Chromecast etc" ! airgroupservice "AmazonTV" id "_amzn-wplay._tcp" description "Amazon fire tv" --More-- (q) quit (u) pageup (/) search (n) repeat ! airgroupservice "DIAL" id "urn:dial-multiscreen-org:service:dial:1" id "urn:dial-multiscreen-org:device:dial:1" description "DIAL supported by Chromecast, FireTV, Roku etc" ! airgroupservice "DLNA Media" id "urn:schemas-upnp-org:device:MediaServer:1" id "urn:schemas-upnp-org:device:MediaServer:2" id "urn:schemas-upnp-org:device:MediaServer:3" id "urn:schemas-upnp-org:device:MediaServer:4" id "urn:schemas-upnp-org:device:MediaRenderer:1" id "urn:schemas-upnp-org:device:MediaRenderer:2" id "urn:schemas-upnp-org:device:MediaRenderer:3" id "urn:schemas-upnp-org:device:MediaPlayer:1" description "Media" ! airgroupservice "DLNA Print" id "urn:schemas-upnp-org:device:Printer:1" id "urn:schemas-upnp-org:service:PrintBasic:1" id "urn:schemas-upnp-org:service:PrintEnhanced:1" description "Print" ! airgroupservice "allowall" --More-- (q) quit (u) pageup (/) search (n) repeat description "Remaining-Services" ! airgroup service "airplay" enable ! airgroup service "airprint" enable ! airgroup service "itunes" disable ! airgroup service "remotemgmt" disable ! airgroup service "sharing" disable ! airgroup service "chat" disable ! airgroup service "googlecast" disable ! airgroup service "AmazonTV" disable ! airgroup service "DIAL" enable ! airgroup service "DLNA Media" disable ! airgroup service "DLNA Print" disable ! --More-- (q) quit (u) pageup (/) search (n) repeat airgroup service "allowall" disable ! ip igmp ! ipv6 mld ! firewall attack-rate grat-arp 50 drop ipv6 firewall ext-hdr-parse-len 100 ! ! firewall cp ! ip domain lookup ! country US aaa authentication mac "default" ! aaa authentication dot1x "default" ! --More-- (q) quit (u) pageup (/) search (n) repeat aaa server-group "default" auth-server Internal ! aaa profile "default" ! aaa authentication captive-portal "default" ! aaa authentication wispr "default" ! aaa authentication vpn "default" ! aaa authentication mgmt ! aaa authentication stateful-ntlm "default" ! aaa authentication stateful-kerberos "default" ! aaa authentication stateful-dot1x ! aaa authentication wired ! web-server profile ! guest-access-email --More-- (q) quit (u) pageup (/) search (n) repeat ! aaa password-policy mgmt ! control-plane-security ! ids wms-general-profile ! ids wms-local-system-profile ! valid-network-oui-profile ! upgrade-profile ! license profile ! activate-service-whitelist ! file syncing profile ! papi-security ! ifmap cppm ! pan profile "default" --More-- (q) quit (u) pageup (/) search (n) repeat ! pan-options ! pan active-profile ! ap system-profile "default" shell-passwd 86ddd9b62b84742b8501a90704a4f7d55ff99982dbd6e9e0 ! ap regulatory-domain-profile "default" country-code US valid-11g-channel 1 valid-11g-channel 6 valid-11g-channel 11 valid-11a-channel 36 valid-11a-channel 40 valid-11a-channel 44 valid-11a-channel 48 valid-11a-channel 149 valid-11a-channel 153 valid-11a-channel 157 valid-11a-channel 161 valid-11a-channel 165 valid-11g-40mhz-channel-pair 1-5 valid-11g-40mhz-channel-pair 7-11 --More-- (q) quit (u) pageup (/) search (n) repeat valid-11a-40mhz-channel-pair 36-40 valid-11a-40mhz-channel-pair 44-48 valid-11a-40mhz-channel-pair 149-153 valid-11a-40mhz-channel-pair 157-161 valid-11a-80mhz-channel-group 36-48 valid-11a-80mhz-channel-group 149-161 ! ap wired-ap-profile "default" ! ap enet-link-profile "default" ! ap mesh-ht-ssid-profile "default" ! ap lldp med-network-policy-profile "default" ! ap mesh-cluster-profile "default" ! ap lldp profile "default" ! ap mesh-radio-profile "default" ! ap wired-port-profile "default" ! ids general-profile "default" --More-- (q) quit (u) pageup (/) search (n) repeat ! ids unauthorized-device-profile "default" ! ids profile "default" ! rf optimization-profile "default" ! rf event-thresholds-profile "default" ! rf am-scan-profile "default" ! rf dot11a-radio-profile "default" ! rf dot11g-radio-profile "default" ! wlan handover-trigger-profile "default" ! wlan rrm-ie-profile "default" ! wlan bcn-rpt-req-profile "default" ! wlan dot11r-profile "default" ! wlan tsm-req-profile "default" --More-- (q) quit (u) pageup (/) search (n) repeat ! wlan ht-ssid-profile "default" ! wlan hotspot anqp-venue-name-profile "default" ! wlan hotspot anqp-nwk-auth-profile "default" ! wlan hotspot anqp-roam-cons-profile "default" ! wlan hotspot anqp-nai-realm-profile "default" ! wlan hotspot anqp-3gpp-nwk-profile "default" ! wlan hotspot h2qp-operator-friendly-name-profile "default" ! wlan hotspot h2qp-wan-metrics-profile "default" ! wlan hotspot h2qp-conn-capability-profile "default" ! wlan hotspot h2qp-op-cl-profile "default" ! wlan hotspot anqp-ip-addr-avail-profile "default" ! wlan hotspot anqp-domain-name-profile "default" --More-- (q) quit (u) pageup (/) search (n) repeat ! wlan dot11k-profile "default" ! wlan ssid-profile "default" ! wlan hotspot advertisement-profile "default" ! wlan hotspot hs2-profile "default" ! wlan virtual-ap "default" ! ap provisioning-profile "default" ! rf arm-rf-domain-profile arm-rf-domain-key "3fc008f073e6bdb97a633489840f602b" ! ap-lacp-striping-ip ! ap general-profile ! ap-group "default" ! airgroup cppm-server aaa ! --More-- (q) quit (u) pageup (/) search (n) repeat logging level debugging system process cfgm snmp-server enable trap snmp-server trap source 0.0.0.0 process monitor log ip probe default mode Ping frequency 10 retries 3 burst-size 5 ! branch config-id 0 end (Aruba3600-US) #