show ip dhcp database
DHCP enabled
# split
subnet 172.32.0.0 netmask 255.255.240.0 {
default-lease-time 14400;
max-lease-time 14400;
option vendor-class-identifier "ArubaAP";
option vendor-encapsulated-options "x.x.x.x";
option routers 172.32.0.1;
range 172.32.0.21 172.32.15.254;
authoritative;
show ip interface brief
Interface IP Address / IP Netmask Admin Protocol
vlan 32 172.32.0.1 / 255.255.240.0 up up none (none)
show ip access-list vbn-guest-control
ip access-list session vbn-guest-control
vbn-guest-control
-----------------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
1 user any udp 68 deny Low 4
2 any any svc-dhcp permit Low 4
3 any any svc-dns permit Low 4
4 any any svc-icmp permit Low 4
show ip access-list vbn-guest-captiveportal
ip access-list session vbn-guest-captiveportal
vbn-guest-captiveportal
-----------------------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
1 user controller svc-https dst-nat 8081 Low 4
2 user any svc-http dst-nat 8080 Yes Low 4
3 user any svc-https dst-nat 8081 Low 4
show aaa authentication captive-portal "vbn-guest"
Captive Portal Authentication Profile "vbn-guest"
-------------------------------------------------
Parameter Value
--------- -----
Default Role vbn-guest
Default Guest Role guest
Server Group default
Redirect Pause 1 sec
User Login Enabled
Guest Login Disabled
Logout popup window Enabled
Use HTTP for authentication Disabled
Logon wait minimum wait 5 sec
Logon wait maximum wait 10 sec
logon wait CPU utilization threshold 60 %
Max Authentication failures 0
Show FQDN Disabled
Authentication Protocol PAP
Login page /auth/index.html
Welcome page /auth/welcome.html
Show Welcome Page Yes
Add switch IP address in the redirection URL Disabled
Adding user vlan in redirection URL Disabled
Add a controller interface in the redirection URL N/A
Allow only one active user session Disabled
White List N/A
Black List N/A
Show the acceptable use policy page Disabled
User idle timeout N/A
Redirect URL N/A
Bypass Apple Captive Network Assistant Disabled
URL Hash Key N/A
show rights vbn-guest-logon
Valid = 'Yes'
CleanedUp = 'No'
Derived Role = 'vbn-guest-logon'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Number of users referencing it = 0
Periodic reauthentication: Disabled
DPI Classification: Enabled
Youtube education: Disabled
Web Content Classification: Enabled
IP-Classification Enforcement: Enabled
ACL Number = 81/0
Openflow: Disabled
Max Sessions = 65535
Check CP Profile for Accounting = TRUE
Captive Portal profile = vbn-guest
Application Exception List
--------------------------
Name Type
---- ----
Application BW-Contract List
----------------------------
Name Type BW Contract Id Direction
---- ---- ----------- -- ---------
access-list List
----------------
Position Name Type Location
-------- ---- ---- --------
1 global-sacl session
2 apprf-vbn-guest-logon-sacl session
3 vbn-guest-control session
4 vbn-guest-captiveportal session
global-sacl
-----------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
apprf-vbn-guest-logon-sacl
--------------------------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
vbn-guest-control
-----------------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
1 user any udp 68 deny Low 4
2 any any svc-dhcp permit Low 4
3 any any svc-dns permit Low 4
4 any any svc-icmp permit Low 4
vbn-guest-captiveportal
-----------------------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
1 user controller svc-https dst-nat 8081 Low 4
2 user any svc-http dst-nat 8080 Yes Low 4
3 user any svc-https dst-nat 8081 Low 4
show rights vbn-guest
Valid = 'Yes'
CleanedUp = 'No'
Derived Role = 'vbn-guest'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Number of users referencing it = 0
Periodic reauthentication: Disabled
DPI Classification: Enabled
Youtube education: Disabled
Web Content Classification: Enabled
IP-Classification Enforcement: Enabled
ACL Number = 84/0
Openflow: Disabled
Max Sessions = 65535
Check CP Profile for Accounting = TRUE
Application Exception List
--------------------------
Name Type
---- ----
Application BW-Contract List
----------------------------
Name Type BW Contract Id Direction
---- ---- ----------- -- ---------
access-list List
----------------
Position Name Type Location
-------- ---- ---- --------
1 global-sacl session
2 apprf-vbn-guest-sacl session
3 vbn-guest session
global-sacl
-----------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
apprf-vbn-guest-sacl
--------------------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
vbn-guest
---------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
1 any any svc-dhcp permit Low 4
2 user my-dns svc-dns permit Low 4
3 user controller svc-https dst-nat 8081 Low 4
4 user any any route src-nat Low 4
#show ip access-list vbn-guest
ip access-list session vbn-guest
vbn-guest
---------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
1 any any svc-dhcp permit Low 4
2 user my-dns svc-dns permit Low 4
3 user controller svc-https dst-nat 8081 Low 4
4 user any any route src-nat Low 4
show aaa profile "vbn-guest"
AAA Profile "vbn-guest"
-----------------------
Parameter Value
--------- -----
Initial role vbn-guest-logon
MAC Authentication Profile N/A
MAC Authentication Default Role guest
MAC Authentication Server Group default
802.1X Authentication Profile N/A
802.1X Authentication Default Role guest
802.1X Authentication Server Group N/A
Download Role from CPPM Disabled
Set username from dhcp option 12 Disabled
L2 Authentication Fail Through Disabled
Multiple Server Accounting Disabled
User idle timeout N/A
Max IPv4 for wireless user 2
RADIUS Accounting Server Group N/A
RADIUS Roaming Accounting Disabled
RADIUS Interim Accounting Disabled
XML API server N/A
RFC 3576 server N/A
User derivation rules N/A
Wired to Wireless Roaming Enabled
SIP authentication role N/A
Device Type Classification Enabled
--------------------------------
SSID is open
Enforce DHCP Disabled
PAN Firewall Integration Disabled
Open SSID radius accounting Disabled
#show wlan virtual-ap "email capture-vap_prof"
Virtual AP profile "email capture-vap_prof"
-------------------------------------------
Parameter Value
--------- -----
AAA Profile email capture-aaa_prof
802.11K Profile default
Hotspot 2.0 Profile N/A
SSID Profile email capture-ssid_prof
Virtual AP enable Enabled
VLAN 32
Forward mode split-tunnel
Allowed band all
Band Steering Enabled
Cellular handoff assist Disabled
Openflow Enable Disabled
Steering Mode prefer-5ghz
Dynamic Multicast Optimization (DMO) Enabled
Dynamic Multicast Optimization (DMO) Threshold 6
Drop Broadcast and Unknown Multicast Disabled
Convert Broadcast ARP requests to unicast Enabled
Authentication Failure Blacklist Time 3600 sec
Blacklist Time 3600 sec
Deny inter user traffic Disabled
Deny time range N/A
DoS Prevention Disabled
HA Discovery on-association Enabled
Mobile IP Enabled
Preserve Client VLAN Disabled
Remote-AP Operation standard
Station Blacklisting Enabled
Strict Compliance Disabled
VLAN Mobility Disabled
WAN Operation mode always
FDB Update on Assoc Disabled
WMM Traffic Management Profile N/A
Anyspot profile N/A