version 6.2
enable secret "9b4b9a2f014b7bb185ff783ed86d56921d9c526f829651f9de"
hostname "Aruba3200-US"
clock timezone IDLW -12
location "Building1.floor1"
controller config 83
ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0
ip access-list eth validuserethacl
permit any
!
netservice svc-pcoip2-tcp tcp 4172
netservice svc-citrix tcp 2598
netservice svc-ica tcp 1494
netservice svc-sec-papi udp 8209
netservice svc-pcoip-tcp tcp 50002
netservice svc-pcoip-udp udp 50002
netservice vnc tcp 5900 5905
netservice svc-papi udp 8211
netservice web tcp list "80 443"
netservice svc-pcoip2-udp udp 4172
netservice svc-vmware-rdp tcp 3389
netexthdr default
!
time-range Workhours periodic
weekday 07:30 to 17:30
!
ip access-list session validuser
network 169.254.0.0 255.255.0.0 any any deny
any any any permit
ipv6 host fe80:: any any deny
ipv6 any any any permit
!
ip access-list session vmware-acl
!
ip access-list session v6-control
!
ip access-list session ra-guard
!
ip access-list session citrix-acl
!
ip access-list session captiveportal6
!
ip access-list session v6-ap-acl
!
vpn-dialer default-dialer
ike authentication PRE-SHARE c00356f3cbe592bc98e43927fc4ff9f7c600af47f576f09d
!
user-role ap-role
!
user-role guest-logon
!
user-role guest
!
user-role stateful-dot1x
!
user-role logon
!
controller-ip vlan 1
interface mgmt
shutdown
!
dialer group evdo_us
init-string ATQ0V1E0
dial-string ATDT#777
!
dialer group gsm_us
init-string AT+CGDCONT=1,"IP","ISP.CINGULAR"
dial-string ATD*99#
!
dialer group gsm_asia
init-string AT+CGDCONT=1,"IP","internet"
dial-string ATD*99***1#
!
dialer group vivo_br
init-string AT+CGDCONT=1,"IP","zap.vivo.com.br"
dial-string ATD*99#
!
vlan-name VLAN_1
vlan VLAN_1 1
no spanning-tree
interface gigabitethernet 1/0
description "GE1/0"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 1/1
description "GE1/1"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 1/2
description "GE1/2"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 1/3
description "GE1/3"
trusted
trusted vlan 1-4094
!
interface vlan 1
ip address 10.102.102.22 255.255.254.0
!
ip default-gateway 10.102.102.1
uplink disable
ap mesh-recovery-profile cluster RecoveryfZRTEWloNc0Cuz2z wpa-hexkey 124e23a8fef9f0316d6d65f39bdb9d4166df9871c71ea842ce3c6bd1eded987d2cbcc9252abc536a3480aec33082612b36bff82a9013c6984fe43d675c983028f38cc7184ffde4b414a9e02b351c952f
crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac
crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
crypto isakmp eap-passthrough eap-tls
crypto isakmp eap-passthrough eap-peap
crypto isakmp eap-passthrough eap-mschapv2
ip local pool "Wireless AP Pool" 172.16.0.50 172.16.0.59
vpdn group l2tp
!
!
snmp-server user "testuser" auth-prot sha 9cab4963937fec6259ccaea93f0f93595e11bede3e2e2136 priv-prot des e834bf649b66ad5882bb070c1032381748a4123afbacf249
vpdn group pptp
!
tunneled-node-address 0.0.0.0
adp discovery enable
adp igmp-join enable
adp igmp-vlan 0
ap ap-blacklist-time 3600
mgmt-user admin root 12b66d310105891a0bee83f6e1aa755be48e48508441cf3157
mgmt-user testuser guest-provisioning 5a2831720135cb2537d882c535c7162a379164dbaba7025c9b
no database synchronize
database synchronize rf-plan-data
ip mobile domain default
!
ip igmp
!
ipv6 mld
!
firewall attack-rate ping 1
no firewall attack-rate cp 1024
ipv6 firewall ext-hdr-parse-len 100
!
!
firewall cp
packet-capture-defaults tcp disable udp disable interprocess disable sysmsg disable other disable
!
ip domain lookup
!
country US
aaa authentication mac "default"
!
aaa authentication dot1x "default"
!
aaa authentication dot1x "dot1x_prof-ggy41"
termination enable
termination eap-type eap-peap
termination inner-eap-type eap-mschapv2
!
aaa authentication dot1x "dot1x_prof-kjj72"
termination enable
termination eap-type eap-peap
termination inner-eap-type eap-mschapv2
!
aaa authentication-server radius "10.102.102.31"
host "10.102.102.31"
key 08bc2422c246324338511d8a4a194d7ef252fe1481806bb8
authport 1645
acctport 1646
no enable
!
aaa authentication-server radius "TestRadius"
host "10.102.102.31"
key 20eca3caa76fffe3caf5d4672d924b035aa43abb151226c3
authport 1645
acctport 1646
no enable
!
aaa authentication-server ldap "TestServer"
host 10.102.102.90
admin-dn "CN=Administrator,CN=Users,DC=outside,DC=traffic,DC=devicelab,DC=local"
admin-passwd 3f76637ba54dc2f073429bbef6caa820fefdbbcd9b65c501
allow-cleartext
base-dn "CN=Users,DC=outside,DC=traffic,DC=devicelab,DC=local"
!
aaa server-group "default"
auth-server TestRadius
auth-server TestServer
auth-server Internal
!
aaa server-group "devicelab_srvgrp-zpm23"
auth-server Internal
!
aaa server-group "New_WLAN_srvgrp-ysk90"
auth-server Internal
!
aaa server-group "Test"
auth-server 10.102.102.31
!
aaa profile "default"
!
aaa profile "devicelab-aaa_prof"
authentication-dot1x "dot1x_prof-ggy41"
dot1x-server-group "devicelab_srvgrp-zpm23"
!
aaa profile "NoAuthAAAProfile"
!
aaa authentication captive-portal "default"
!
aaa authentication wispr "default"
!
aaa authentication vpn "default"
!
aaa authentication mgmt
!
aaa authentication stateful-ntlm "default"
!
aaa authentication stateful-kerberos "default"
!
aaa authentication stateful-dot1x
server-group "Test"
!
aaa authentication wired
!
web-server
!
guest-access-email
!
aaa password-policy mgmt
enable
password-not-username
password-lock-out 3
!
control-plane-security
no cpsec-enable
auto-cert-prov
!
ids management-profile
!
ids wms-general-profile
!
ids wms-local-system-profile
!
ids ap-rule-matching
!
valid-network-oui-profile
!
qos-profile "default"
!
policer-profile "default"
!
ap system-profile "default"
rap-local-network-access
!
ap regulatory-domain-profile "default"
country-code US
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 149
valid-11a-channel 153
valid-11a-channel 157
valid-11a-channel 161
valid-11a-channel 165
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 52-56
valid-11a-40mhz-channel-pair 60-64
valid-11a-40mhz-channel-pair 100-104
valid-11a-40mhz-channel-pair 108-112
valid-11a-40mhz-channel-pair 132-136
valid-11a-40mhz-channel-pair 149-153
valid-11a-40mhz-channel-pair 157-161
!
ap wired-ap-profile "default"
wired-ap-enable
!
ap enet-link-profile "default"
!
ap mesh-ht-ssid-profile "default"
!
ap lldp med-network-policy-profile "default"
!
ap mesh-cluster-profile "default"
!
ap lldp profile "default"
!
ap mesh-radio-profile "default"
!
ap wired-port-profile "default"
!
ids general-profile "default"
ids-events logs-and-traps
wired-containment
!
ids rate-thresholds-profile "default"
!
ids signature-profile "default"
!
ids impersonation-profile "default"
detect-ap-impersonation
detect-beacon-wrong-channel
detect-hotspotter
!
ids unauthorized-device-profile "default"
detect-adhoc-network
detect-invalid-mac-oui
detect-misconfigured-ap
protect-misconfigured-ap
detect-bad-wep
rogue-containment
suspect-rogue-containment
detect-valid-ssid-misuse
protect-ssid
detect-wireless-bridge
!
ids signature-matching-profile "default"
signature "Deauth-Broadcast"
signature "Disassoc-Broadcast"
!
ids dos-profile "default"
detect-ap-flood
detect-chopchop-attack
detect-client-flood
detect-cts-rate-anomaly
detect-eap-rate-anomaly
detect-invalid-address-combination
detect-malformed-association-request
detect-malformed-auth-frame
detect-malformed-htie
detect-overflow-eapol-key
detect-rate-anomalies
detect-rts-rate-anomaly
detect-tkip-replay-attack
!
ids profile "default"
!
rf arm-profile "default"
rogue-ap-aware
active-scan
!
rf optimization-profile "default"
!
rf event-thresholds-profile "default"
detect-frame-rate-anomalies
!
rf am-scan-profile "default"
!
rf dot11a-radio-profile "default"
!
rf dot11a-radio-profile "default-radiosOFF"
no radio-enable
!
rf dot11g-radio-profile "default"
!
rf dot11g-radio-profile "default-radiosOFF"
no radio-enable
!
wlan handover-trigger-profile "default"
!
wlan rrm-ie-profile "default"
!
wlan bcn-rpt-req-profile "default"
!
wlan tsm-req-profile "default"
!
wlan ht-ssid-profile "default"
!
wlan ht-ssid-profile "devicelab-htssid_prof"
!
wlan dot11k-profile "default"
!
wlan ssid-profile "default"
wmm-vo-dscp "56"
wmm-vi-dscp "40"
wmm-be-dscp "24"
wmm-bk-dscp "8"
!
wlan ssid-profile "devicelab-ssid_prof"
essid "devicelab"
opmode wpa2-aes
hide-ssid
ht-ssid-profile "devicelab-htssid_prof"
!
wlan virtual-ap "default"
!
wlan virtual-ap "devicelab-vap_prof"
aaa-profile "devicelab-aaa_prof"
ssid-profile "devicelab-ssid_prof"
vlan VLAN_1
!
ap provisioning-profile "default"
!
rf arm-rf-domain-profile
arm-rf-domain-key "6bee9e4a95e54ca65c36ea3c9e736232"
!
ap spectrum local-override
!
ap-group "default"
virtual-ap "devicelab-vap_prof"
!
ap-name "00:1a:1e:c1:81:ec"
virtual-ap "devicelab-vap_prof"
ap-system-profile "default"
ids-profile "default"
authorization-profile "default"
!
logging level informational network
logging level informational security
logging level informational system
logging level informational user
logging level informational wireless
logging 10.102.102.83
logging level informational ap-debug 10.102.102.23 subcat all
logging level debugging user-debug ec:1a:59:b0:cf:f6
snmp-server enable trap
process monitor log
remote-node config-id 13
end