Here is the config
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2015.05.28 18:59:38 =~=~=~=~=~=~=~=~=~=~=~=
(Aruba7010-US) #show configuration show running-config
Building Configuration...
version 6.4
enable secret "******"
telnet cli
hostname "Aruba7010-US"
clock timezone PST -8
location "Building1.floor1"
controller config 27
ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0
ip access-list eth validuserethacl
permit any
!
netservice svc-papi udp 8211
netservice svc-sec-papi udp 8209
netexthdr default
!
ip access-list session apprf-stateful-dot1x-sacl
!
ip access-list session syslog
!
ip access-list session global-sacl
!
ip access-list session apprf-guest-sacl
!
ip access-list session validuser
network 127.0.0.0 255.0.0.0 any any deny
network 169.254.0.0 255.255.0.0 any any deny
network 224.0.0.0 240.0.0.0 any any deny
host 255.255.255.255 any any deny
network 240.0.0.0 240.0.0.0 any any deny
any any any permit
ipv6 host fe80:: any any deny
ipv6 network fc00::/7 any any permit
ipv6 network fe80::/64 any any permit
ipv6 alias ipv6-reserved-range any any deny
ipv6 any any any permit
!
aaa derivation-rules user spectralink-derivation
set vlan condition macaddr starts-with "00:90:7a" set-value 1
!
vpn-dialer default-dialer
ike authentication PRE-SHARE ******
!
dot1x high-watermark 70
dot1x low-watermark 66
user-role ap-role
!
user-role stateful-dot1x
access-list session global-sacl
access-list session apprf-stateful-dot1x-sacl
!
user-role guest-logon
!
user-role logon
!
user-role cpbase
!
user-role denyall
!
user-role guest
access-list session global-sacl
access-list session apprf-guest-sacl
!
!
controller-ip vlan 1
interface mgmt
!
dialer group evdo_us
init-string ATQ0V1E0
dial-string ATDT#777
!
dialer group gsm_us
init-string AT+CGDCONT=1,"IP","ISP.CINGULAR"
dial-string ATD*99#
!
dialer group gsm_asia
init-string AT+CGDCONT=1,"IP","internet"
dial-string ATD*99***1#
!
dialer group vivo_br
init-string AT+CGDCONT=1,"IP","zap.vivo.com.br"
dial-string ATD*99#
!
vlan 1 wired aaa-profile "default"
vlan 101
vlan-name Default
no spanning-tree
interface gigabitethernet 0/0/0
description "GE0/0/0"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/1
description "GE0/0/1"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/2
description "GE0/0/2"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/3
description "GE0/0/3"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/4
description "GE0/0/4"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/5
description "GE0/0/5"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/6
description "GE0/0/6"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/7
description "GE0/0/7"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/8
description "GE0/0/8"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/9
description "GE0/0/9"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/10
description "GE0/0/10"
trusted
trusted vlan 1-4094
switchport access vlan 101
!
interface gigabitethernet 0/0/11
description "GE0/0/11"
trusted
trusted vlan 1-4094
switchport access vlan 101
!
interface gigabitethernet 0/0/12
description "GE0/0/12"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/13
description "GE0/0/13"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/14
description "GE0/0/14"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/15
description "GE0/0/15"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/16
description "GE0/0/16"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/17
description "GE0/0/17"
trusted
trusted vlan 1-4094
!
interface vlan 1
ip address 172.16.4.240 255.255.255.0
ip igmp proxy gigabitethernet 0/0/0
!
interface vlan 101
ip address 172.16.2.1 255.255.255.0
shutdown
!
ip default-gateway 172.16.4.1
uplink disable
crypto isakmp policy 10001
!
crypto isakmp policy 10002
encryption aes256
authentication rsa-sig
!
crypto isakmp policy 10003
encryption aes256
!
crypto isakmp policy 10004
version v2
encryption aes256
authentication rsa-sig
!
crypto isakmp policy 10005
encryption aes256
!
crypto isakmp policy 10006
version v2
encryption aes128
authentication rsa-sig
!
crypto isakmp policy 10007
version v2
encryption aes128
!
crypto isakmp policy 10008
version v2
encryption aes128
hash sha2-256-128
group 19
authentication ecdsa-256
prf prf-hmac-sha256
!
crypto isakmp policy 10009
version v2
encryption aes256
hash sha2-384-192
group 20
authentication ecdsa-384
prf prf-hmac-sha384
!
crypto ipsec transform-set default-ha-transform esp-3des esp-sha-hmac
crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac
crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
crypto dynamic-map default-rap-ipsecmap 10001
version v2
set transform-set "default-gcm256" "default-gcm128" "default-rap-transform"
!
crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap
crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap
crypto isakmp eap-passthrough eap-tls
crypto isakmp eap-passthrough eap-peap
crypto isakmp eap-passthrough eap-mschapv2
vpdn group l2tp
!
ip dhcp excluded-address 172.16.1.1 172.16.1.248
ip dhcp excluded-address 172.16.4.1 172.16.4.249
ip dhcp excluded-address 172.16.2.1 172.16.2.99
ip dhcp pool voice
default-router 172.16.4.1
dns-server 10.4.101.10
domain-name ******
lease 8 0 0 0
network 172.16.4.0 255.255.255.0
authoritative
!
!
vpdn group pptp
!
tunneled-node-address 0.0.0.0
adp discovery enable
adp igmp-join enable
adp igmp-vlan 0
ap ap-blacklist-time 3600
ap flush-r1-on-new-r0 disable
mgmt-user admin root 96f741ec0188b9c1f066d7900e80cfe790addd8b9854059c05
no database synchronize
ip mobile domain default
!
!
!
airgroup mdns "disable"
!
airgroup dlna "disable"
!
airgroup location-discovery "enable"
!
!
airgroup active-wireless-discovery "disable"
!
airgroupservice "airplay"
id "_airplay._tcp"
id "_raop._tcp"
id "_appletv-v2._tcp"
description "AirPlay"
!
airgroupservice "airprint"
id "_ipp._tcp"
id "_pdl-datastream._tcp"
id "_printer._tcp"
id "_scanner._tcp"
id "_universal._sub._ipp._tcp"
id "_universal._sub._ipps._tcp"
id "_printer._sub._http._tcp"
id "_http._tcp"
id "_http-alt._tcp"
id "_ipp-tls._tcp"
id "_fax-ipp._tcp"
id "_riousbprint._tcp"
id "_cups._sub._ipp._tcp"
id "_cups._sub._fax-ipp._tcp"
id "_ica-networking._tcp"
id "_ptp._tcp"
id "_canon-bjnp1._tcp"
id "_ipps._tcp"
id "_ica-networking2._tcp"
description "AirPrint"
!
airgroupservice "itunes"
id "_home-sharing._tcp"
id "_apple-mobdev._tcp"
id "_daap._tcp"
id "_dacp._tcp"
description "iTunes"
!
airgroupservice "remotemgmt"
id "_ssh._tcp"
id "_sftp-ssh._tcp"
id "_ftp._tcp"
id "_telnet._tcp"
id "_rfb._tcp"
id "_net-assistant._tcp"
description "Remote management"
!
airgroupservice "sharing"
id "_odisk._tcp"
id "_afpovertcp._tcp"
id "_xgrid._tcp"
description "Sharing"
!
airgroupservice "chat"
id "_presence._tcp"
description "Chat"
!
airgroupservice "googlecast"
id "_googlecast._tcp"
description "GoogleCast supported by Chromecast etc"
!
airgroupservice "DIAL"
id "urn:dial-multiscreen-org:service:dial:1"
id "urn:dial-multiscreen-org:device:dial:1"
description "DIAL supported by Chromecast, FireTV, Roku etc"
!
airgroupservice "DLNA Media"
id "urn:schemas-upnp-org:device:MediaServer:1"
id "urn:schemas-upnp-org:device:MediaServer:2"
id "urn:schemas-upnp-org:device:MediaServer:3"
id "urn:schemas-upnp-org:device:MediaServer:4"
id "urn:schemas-upnp-org:device:MediaRenderer:1"
id "urn:schemas-upnp-org:device:MediaRenderer:2"
id "urn:schemas-upnp-org:device:MediaRenderer:3"
id "urn:schemas-upnp-org:device:MediaPlayer:1"
description "Media"
!
airgroupservice "DLNA Print"
id "urn:schemas-upnp-org:device:Printer:1"
id "urn:schemas-upnp-org:service:PrintBasic:1"
id "urn:schemas-upnp-org:service:PrintEnhanced:1"
description "Print"
!
airgroupservice "allowall"
description "Remaining-Services"
!
airgroup service "airplay" enable
!
airgroup service "airprint" enable
!
airgroup service "itunes" disable
!
airgroup service "remotemgmt" disable
!
airgroup service "sharing" disable
!
airgroup service "chat" disable
!
airgroup service "googlecast" disable
!
airgroup service "DIAL" enable
!
airgroup service "DLNA Media" disable
!
airgroup service "DLNA Print" disable
!
airgroup service "allowall" disable
!
ip igmp
!
ipv6 mld
!
no firewall attack-rate cp 1024
firewall enable ICE-STUN based firewall traversal
firewall attack-rate grat-arp 50 drop
ipv6 firewall ext-hdr-parse-len 100
!
!
firewall cp
!
ip domain lookup
!
country US
aaa authentication mac "default"
!
aaa authentication dot1x "default"
termination enable
!
aaa authentication dot1x "dot1x_prof-kiq40"
!
aaa authentication dot1x "dot1x_prof-qgg66"
!
aaa authentication dot1x "spectralink-psk"
timer idrequest_period 65535
termination enable
termination eap-type eap-tls
termination eap-type eap-peap
termination inner-eap-type eap-mschapv2
!
aaa server-group "default"
auth-server Internal
!
aaa profile "AP_WIFI-aaa_prof"
!
aaa profile "default"
!
aaa profile "spectralink-aaa"
authentication-dot1x "spectralink-psk"
user-derivation-rules "spectralink-derivation"
!
aaa authentication captive-portal "default"
!
aaa authentication wispr "default"
!
aaa authentication vpn "default"
!
aaa authentication mgmt
!
aaa authentication stateful-ntlm "default"
!
aaa authentication stateful-kerberos "default"
!
aaa authentication stateful-dot1x
!
aaa authentication wired
!
web-server
web-https-port-443
!
guest-access-email
!
aaa password-policy mgmt
!
control-plane-security
!
ids wms-general-profile
!
ids wms-local-system-profile
!
valid-network-oui-profile
!
upgrade-profile
!
license profile
!
activate-service-whitelist
!
file syncing profile
!
ifmap cppm
!
pan profile "default"
!
pan active-profile
!
lcd-menu
!
ap system-profile "default"
!
ap regulatory-domain-profile "default"
country-code US
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 149
valid-11a-channel 153
valid-11a-channel 157
valid-11a-channel 161
valid-11a-channel 165
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 149-153
valid-11a-40mhz-channel-pair 157-161
valid-11a-80mhz-channel-group 36-48
valid-11a-80mhz-channel-group 149-161
!
ap wired-ap-profile "default"
!
ap enet-link-profile "default"
!
ap mesh-ht-ssid-profile "default"
!
ap lldp med-network-policy-profile "default"
!
ap mesh-cluster-profile "default"
!
ap lldp profile "default"
!
ap mesh-radio-profile "default"
!
ap wired-port-profile "default"
!
ids general-profile "default"
!
ids unauthorized-device-profile "default"
!
ids profile "default"
!
rf arm-profile "default"
!
rf optimization-profile "default"
!
rf event-thresholds-profile "default"
!
rf am-scan-profile "default"
!
rf dot11a-radio-profile "default"
!
rf dot11g-radio-profile "default"
!
wlan handover-trigger-profile "default"
!
wlan rrm-ie-profile "default"
!
wlan bcn-rpt-req-profile "default"
!
wlan dot11r-profile "default"
!
wlan tsm-req-profile "default"
!
wlan ht-ssid-profile "AP_WIFI-htssid_prof"
!
wlan ht-ssid-profile "default"
!
wlan hotspot anqp-venue-name-profile "default"
!
wlan hotspot anqp-nwk-auth-profile "default"
!
wlan hotspot anqp-roam-cons-profile "default"
!
wlan hotspot anqp-nai-realm-profile "default"
!
wlan hotspot anqp-3gpp-nwk-profile "default"
!
wlan hotspot h2qp-operator-friendly-name-profile "default"
!
wlan hotspot h2qp-wan-metrics-profile "default"
!
wlan hotspot h2qp-conn-capability-profile "default"
!
wlan hotspot h2qp-op-cl-profile "default"
!
wlan hotspot anqp-ip-addr-avail-profile "default"
!
wlan hotspot anqp-domain-name-profile "default"
!
wlan wmm-traffic-management-profile "spectralink"
enable-shaping
video 1
best-effort 3
background 2
!
wlan dot11k-profile "default"
!
wlan ssid-profile "AP_WIFI-ssid_prof"
essid "ap_wifi"
dtim-period 2
g-basic-rates 5 11
g-tx-rates 5 6 9 11 12 18 24 36 48 54
wmm
wmm-ts-min-inact-int 3600000
wmm-vo-dscp "46"
wmm-vi-dscp "40"
wmm-be-dscp "0"
wmm-bk-dscp "0"
wepkey1 8dfdc3002bedd9a62f84b983d934908f65b64a9a39bf4e01
advertise-ap-name
!
wlan ssid-profile "default"
!
wlan ssid-profile "view"
!
wlan hotspot advertisement-profile "default"
!
wlan hotspot hs2-profile "default"
!
wlan virtual-ap "AP_WIFI-vap_prof"
ssid-profile "AP_WIFI-ssid_prof"
vlan 1
no broadcast-filter arp
!
wlan virtual-ap "default"
aaa-profile "NoAuthAAAProfile"
!
wlan traffic-management-profile "8400"
!
wlan traffic-management-profile "cac"
bw-alloc virtual-ap "AP_WIFI-vap_prof" share 100 enforcement hard
report-interval 1
!
ap provisioning-profile "default"
!
rf arm-rf-domain-profile
arm-rf-domain-key "cc5ef177fddb0abff2e0d46e4844bd95"
!
ap-group "default"
virtual-ap "AP_WIFI-vap_prof"
dot11a-traffic-mgmt-profile "cac"
dot11g-traffic-mgmt-profile "cac"
!
ap-name "18:64:72:cf:2a:7e"
!
ap-name "18:64:72:cf:2b:4e"
!
ap-name "18:64:72:cf:2b:70"
!
ap-name "18:64:72:cf:2c:5c"
!
airgroup cppm-server aaa
!
logging level debugging system process cfgm
snmp-server enable trap
snmp-server trap source 0.0.0.0
process monitor log
end
(Aruba7010-US) #