# # Configuration file for ArubaOS version 7.2 enable secret "**********" hostname "CLIENT-ArubaCore" clock timezone CST -6 location "Building1.floor1" controller config 8 ip access-list eth validuserethacl permit any ! netservice svc-dhcp udp 67 68 netservice svc-dns udp 53 netservice svc-ftp tcp 21 netservice svc-h323-tcp tcp 1720 netservice svc-h323-udp udp 1718 1719 netservice svc-http tcp 80 netservice svc-https tcp 443 netservice svc-icmp 1 netservice svc-kerberos udp 88 netservice svc-natt udp 4500 netservice svc-ntp udp 123 netservice svc-sip-tcp tcp 5060 netservice svc-sip-udp udp 5060 netservice svc-sips tcp 5061 netservice svc-smtp tcp 25 netservice svc-ssh tcp 22 netservice svc-telnet tcp 23 netservice svc-tftp udp 69 netservice svc-vocera udp 5002 netexthdr default ! ip access-list stateless allowall-stateless any any any permit ! ip access-list stateless dhcp-acl-stateless any any svc-dhcp permit ! ip access-list stateless dns-acl-stateless any any svc-dns permit ! ip access-list stateless http-acl-stateless any any svc-http permit ! ip access-list stateless https-acl-stateless any any svc-https permit ! ip access-list stateless icmp-acl-stateless any any svc-icmp permit ! ip access-list stateless logon-control-stateless any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session validuser network 169.254.0.0 255.255.0.0 any any deny any any any permit ipv6 alias any6 alias any6 any permit ! user-role ap-role ! user-role authenticated access-list stateless allowall-stateless ! user-role denyall ! user-role guest access-list stateless http-acl-stateless access-list stateless https-acl-stateless access-list stateless dhcp-acl-stateless access-list stateless icmp-acl-stateless access-list stateless dns-acl-stateless ! user-role guest-logon ! user-role logon access-list stateless logon-control-stateless ! user-role stateful-dot1x ! ! crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-mschapv2 mgmt-user admin root 96dfd81d015b971342299d0946eeed1d6f1e18b9ad7401f207 no firewall attack-rate cp 1024 ipv6 firewall ext-hdr-parse-len 100 ! ! firewall cp packet-capture-defaults tcp disable udp disable sysmsg disable other disable ! ip domain lookup ! ip name-server 10.1.2.10 ip name-server 10.1.2.20 ! country US aaa authentication mac "default" ! aaa authentication dot1x "default" ! aaa server-group "default" auth-server Internal set role condition role value-of ! aaa profile "default" ! aaa authentication captive-portal "default" ! aaa authentication vpn "default" ! aaa authentication mgmt ! aaa authentication wired ! web-server ! aaa password-policy mgmt ! traceoptions ! qos-profile "default" ! policer-profile "default" ! ip-profile default-gateway 10.1.2.254 controller-ip vlan 1 ! lcd-menu ! interface-profile ospf-profile "default" area 0.0.0.0 ! interface-profile pim-profile "default" ! interface-profile pim-profile "fog" ! router pim ! interface-profile igmp-profile "default" ! interface-profile igmp-profile "fog" ! stack-profile member-id 0 election-priority 200 member-id 1 election-priority 199 member-id 2 election-priority 100 member-id 3 election-priority 100 ! ipv6-profile ! interface-profile switching-profile "AccessPoint" switchport-mode trunk ! interface-profile switching-profile "default" ! interface-profile switching-profile "Server" access-vlan 2 ! interface-profile switching-profile "Upstream-profile" switchport-mode trunk ! interface-profile switching-profile "Workstation" access-vlan 200 ! interface-profile tunneled-node-profile "default" ! interface-profile poe-profile "AccessPoint" enable poe-priority high ! interface-profile poe-profile "default" ! interface-profile poe-profile "poe-factory-initial" enable ! interface-profile enet-link-profile "default" ! interface-profile lldp-profile "default" ! interface-profile lldp-profile "lldp-factory-initial" lldp transmit lldp receive med enable ! interface-profile mstp-profile "default" ! interface-profile pvst-port-profile "default" ! interface-profile dhcp-relay-profile "CLIENT-dc" helper-address 10.1.2.10 helper-address 10.1.2.20 ! vlan-profile mld-snooping-profile "default" ! vlan-profile igmp-snooping-profile "default" ! vlan-profile igmp-snooping-profile "fog" ! vlan-profile igmp-snooping-profile "igmp-snooping-factory-initial" ! spanning-tree mode mstp ! gvrp ! mstp instance 0 bridge-priority 0 ! lacp ! vlan "1" description "Management_VLAN" igmp-snooping-profile "igmp-snooping-factory-initial" ! vlan "2" description "SERVER_VLAN" ! vlan "200" description "Student_LAN" ! vlan "300" description "Secure_LAN" ! vlan "400" description "Guest_LAN" ! vlan "500" description "Student_WLAN" ! vlan "600" description "Secure_WLAN" ! vlan "700" description "Guest_WLAN" ! interface gigabitethernet "0/0/0" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "0/0/1" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "0/0/2" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "0/0/3" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "0/0/4" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "0/0/5" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "0/0/10" switching-profile "Upstream-profile" ! interface gigabitethernet "0/0/12" description "Server" switching-profile "Server" ! interface gigabitethernet "0/0/13" description "Server" switching-profile "Server" ! interface gigabitethernet "0/0/14" description "Server" switching-profile "Server" ! interface gigabitethernet "0/0/15" description "Server" switching-profile "Server" ! interface gigabitethernet "0/0/16" description "Server" switching-profile "Server" ! interface gigabitethernet "0/0/17" description "Server" switching-profile "Server" ! interface gigabitethernet "0/1/0" ! interface gigabitethernet "1/0/0" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "1/0/1" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "1/0/2" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "1/0/3" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "1/0/4" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "1/0/5" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "1/0/12" description "Server" switching-profile "Server" ! interface gigabitethernet "1/0/13" description "Server" switching-profile "Server" ! interface gigabitethernet "1/0/14" description "Server" switching-profile "Server" ! interface gigabitethernet "1/0/15" description "Server" switching-profile "Server" ! interface gigabitethernet "1/0/16" description "Server" switching-profile "Server" ! interface gigabitethernet "1/0/17" description "Server" switching-profile "Server" ! interface gigabitethernet "2/0/0" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "2/0/1" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "2/0/2" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "2/0/3" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "2/0/4" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "2/0/5" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "2/0/6" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "2/0/7" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "2/0/8" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "2/0/9" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "2/0/10" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "2/0/11" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "2/0/12" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "2/0/13" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "3/0/0" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "3/0/1" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "3/0/2" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "3/0/3" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "3/0/4" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "3/0/5" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "3/0/6" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "3/0/7" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "3/0/8" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "3/0/9" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "3/0/10" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "3/0/11" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "3/0/12" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "3/0/13" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "3/0/14" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface gigabitethernet "3/0/15" poe-profile "AccessPoint" description "ArubaAccessPoint" switching-profile "AccessPoint" ! interface vlan "1" pim-profile "fog" igmp-profile "fog" dhcp-relay-profile "CLIENT-dc" ip address 10.1.1.1 255.255.255.0 ! interface vlan "2" pim-profile "fog" igmp-profile "fog" dhcp-relay-profile "CLIENT-dc" ip address 10.1.2.1 255.255.255.0 ! interface vlan "200" pim-profile "fog" igmp-profile "fog" dhcp-relay-profile "CLIENT-dc" ip address 10.2.0.1 255.255.0.0 ! interface vlan "300" pim-profile "fog" igmp-profile "fog" dhcp-relay-profile "CLIENT-dc" ip address 10.3.0.1 255.255.0.0 ! interface vlan "400" dhcp-relay-profile "CLIENT-dc" ip address 10.4.0.1 255.255.0.0 ! interface vlan "500" dhcp-relay-profile "CLIENT-dc" ip address 10.5.0.1 255.255.0.0 ! interface vlan "600" dhcp-relay-profile "CLIENT-dc" ip address 10.6.0.1 255.255.0.0 ! interface vlan "700" dhcp-relay-profile "CLIENT-dc" ip address 10.7.0.1 255.255.0.0 ! interface mgmt ! interface-group gigabitethernet "default" apply-to ALL lldp-profile "lldp-factory-initial" poe-profile "poe-factory-initial" ! snmp-server view ALL oid-tree iso included snmp-server group ALLPRIV v1 read ALL notify ALL snmp-server group ALLPRIV v2c read ALL notify ALL snmp-server group ALLPRIV v3 noauth read ALL notify ALL snmp-server group AUTHPRIV v3 priv read ALL notify ALL snmp-server group AUTHNOPRIV v3 auth read ALL notify ALL snmp-server enable trap process monitor log end