version 2.5 telnet soe hostname "ARUBA-NAP" logging level debugging clock timezone PST -8 netservice svc-snmp-trap udp 162 netservice svc-syslog udp 514 netservice svc-l2tp udp 1701 netservice svc-ike udp 500 netservice svc-https tcp 443 netservice svc-smb-tcp tcp 445 netservice svc-dhcp udp 67 68 netservice svc-pptp tcp 1723 netservice svc-sccp tcp 2000 netservice svc-telnet tcp 23 netservice svc-sip-tcp tcp 5060 netservice svc-tftp udp 69 netservice svc-kerberos udp 88 netservice svc-adp udp 8200 netservice svc-pop3 tcp 110 netservice svc-rtsp tcp 554 netservice svc-msrpc-tcp tcp 135 139 netservice svc-dns udp 53 netservice svc-vocera udp 5002 netservice svc-http tcp 80 netservice svc-sip-udp udp 5060 netservice svc-nterm tcp 1026 1028 netservice svc-papi udp 8211 netservice svc-natt udp 4500 netservice svc-ftp tcp 21 netservice svc-svp 119 netservice svc-smtp tcp 25 netservice svc-gre 47 netservice svc-smb-udp udp 445 netservice svc-esp 50 netservice svc-snmp udp 161 netservice svc-bootp udp 67 69 netservice svc-msrpc-udp udp 135 139 netservice svc-ntp udp 123 netservice svc-icmp 1 netservice svc-ssh tcp 22 ip access-list session control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-papi permit any any svc-adp permit any any svc-tftp permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session validuser any any any permit ! ip access-list session vocera-acl any any svc-vocera permit queue high ! ip access-list session captiveportal user alias mswitch svc-https dst-nat user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 ! ip access-list session allowall any any any permit ! ip access-list session https-acl any any svc-https permit ! ip access-list session sip-acl any any svc-sip-udp permit queue high any any svc-sip-tcp permit queue high ! ip access-list session dns-acl any any svc-dns permit ! ip access-list session tftp-acl any any svc-tftp permit ! ip access-list session skinny-acl any any svc-sccp permit queue high ! ip access-list session srcnat user any any src-nat ! ip access-list session vpnlogon user any svc-ike permit user any svc-esp permit any any svc-l2tp permit any any svc-pptp permit any any svc-gre permit ! ip access-list session cplogout user alias mswitch svc-https dst-nat ! ip access-list session guest ! ip access-list session http-acl any any svc-http permit ! ip access-list session dhcp-acl any any svc-dhcp permit ! ip access-list session nap-logon user any svc-http dst-nat ip 45.200.1.74 user any svc-https dst-nat ip 45.200.1.74 ! ip access-list session svp-acl any any svc-svp permit queue high user host 224.0.1.116 any permit ! ip access-list session ap-acl any any svc-gre permit any any svc-syslog permit any user svc-snmp permit user any svc-snmp-trap permit user any svc-ntp permit ! ip access-list session nap-quarantine any host 45.200.7.2 any permit ! vpn-dialer default-dialer ike authentication PRE-SHARE acb08f58b7b34efd4a54de00316c6edc13002e7095c104a1 ! user-role ap-role session-acl control session-acl ap-acl ! user-role pre-employee session-acl allowall ! user-role trusted-ap session-acl allowall ! user-role default-vpn-role session-acl allowall ! user-role nap-pass vlan 20 session-acl allowall ! user-role nap-unaware vlan 21 session-acl nap-logon session-acl control ! user-role guest session-acl control session-acl cplogout ! user-role stateful-dot1x ! user-role stateful session-acl control ! user-role unaware session-acl nap-logon session-acl control ! user-role pre-voice session-acl sip-acl session-acl svp-acl session-acl vocera-acl session-acl skinny-acl session-acl dhcp-acl session-acl tftp-acl session-acl dns-acl ! user-role logon vlan 21 session-acl allowall session-acl nap-logon session-acl control session-acl vpnlogon ! user-role nap-quarantine vlan 21 session-acl nap-quarantine session-acl nap-logon session-acl control ! user-role pre-guest session-acl http-acl session-acl https-acl session-acl dhcp-acl session-acl dns-acl ! aaa radius-attributes add Tunnel-PVT-Group-Id 81 string aaa radius-server MSFT host 45.200.1.74 key 209199372f9f852a41e4efe24d4809b5c5a126eeb0dafcf2 aaa radius-server MSFT match-essid "ilabs-nap-aruba" aaa radius-server MSFT nas-ip 45.200.1.79 aaa derivation-rules server MSFT set role condition Filter-Id equals "healthy" set-value nap-pass set role condition Filter-Id equals "unhealthy" set-value nap-quarantine set role condition Filter-Id equals "notaware" set-value nap-unaware set role condition essid equals "ilabs-nap-aruba" set-value pre-employee ! aaa derivation-rules user set role condition essid equals "ilabs-nap-aruba" set-value pre-employee ! aaa mgmt-authentication mode enable aaa pubcookie-authentication ! aaa radius-accounting mode enable auth-server MSFT ! aaa dot1x mode enable aaa dot1x default-role logon aaa dot1x enforce-machine-authentication mode disable ! dot1x timeout wpa-key-timeout 1 aaa dot1x auth-server MSFT no spanning-tree interface mgmt shutdown ! interface loopback ip address 45.200.1.84 ! vlan 20 vlan 21 vlan 1000 interface fastethernet 1/0 description "fe1/0" trusted switchport access vlan 1000 ! interface fastethernet 1/1 description "fe1/1" trusted ! interface fastethernet 1/2 description "fe1/2" trusted switchport access vlan 1000 ! interface fastethernet 1/3 description "fe1/3" trusted ! interface fastethernet 1/4 description "fe1/4" trusted ! interface fastethernet 1/5 description "fe1/5" trusted ! interface fastethernet 1/6 description "fe1/6" trusted ! interface fastethernet 1/7 description "fe1/7" trusted switchport mode trunk switchport trunk allowed vlan 1-4094 ! interface gigabitethernet 1/8 description "gig1/8" trusted ! interface vlan 1 ! interface vlan 1000 ip address 45.200.1.79 255.255.255.0 ! ip default-gateway 45.200.1.3 country US ap location 0.0.0 ap-logging level informational snmpd double-encrypt disable ap-logging level informational sapd ap-logging level warnings am ap-logging level warnings stm max-imalive-retries 10 bkplms-ip 0.0.0.0 mode ap_mode authalgo opensystem rts-threshhold 2333 tx-power 2 max-retries 4 dtim-period 1 max-clients 64 beacon-period 100 ap-enable enable power-mgmt enable ageout 1000 rf-band g bootstrap-threshold 7 local-probe-response enable max-tx-fail 0 arm assignment disable arm client-aware enable arm scanning disable arm scan-time 110 arm scan-interval 10 arm multi-band-scan disable arm voip-aware-scan enable arm max-tx-power 4 arm rogue-ap-aware disable voip call-admission-control disable voip drop-sip-invite-for-cac disable voip active-load-balancing disable voip vocera-call-capacity 10 voip sip-call-capacity 10 voip svp-call-capacity 10 voip sccp-call-capacity 10 voip call-handoff-reservation 20 voip high-capacity-threshold 20 native-vlan-id 21 essid "ilabs-nap-aruba" vlan-id 1000 opmode dynamicTkip deny-bcast enable hide-ssid disable forward-mode tunnel phy-type a channel 52 rates 6,12,24 txrates 6,9,12,18,24,36,48,54 ! phy-type g short-preamble enable channel 1 rates 1,2 txrates 1,2,5,11,6,9,12,18,24,36,48,54 bg-mode mixed ! ! ap location 0.0.0 phy-type enet1 mode active-standby switchport mode access switchport access vlan 1 switchport trunk native vlan 1 switchport trunk allowed vlan ALL trusted disable ! ! wms general poll-interval 60000 general poll-retries 2 general ap-ageout-interval 30 general sta-ageout-interval 30 general ap-inactivity-timeout 5 general sta-inactivity-timeout 60 general grace-time 2000 general laser-beam enable general laser-beam-debug disable general wired-laser-beam disable general stat-update enable general am-stats-update-interval 0 ap-policy learn-ap disable ap-policy classification enable ap-policy protect-unsecure-ap disable ap-policy detect-misconfigured-ap disable ap-policy protect-misconfigured-ap disable ap-policy protect-mt-channel-split disable ap-policy protect-mt-ssid disable ap-policy detect-ap-impersonation disable ap-policy protect-ap-impersonation disable ap-policy beacon-diff-threshold 50 ap-policy beacon-inc-wait-time 3 ap-policy min-pot-ap-beacon-rate 25 ap-policy min-pot-ap-monitor-time 2 ap-policy protect-ibss disable ap-policy ap-load-balancing disable ap-policy ap-lb-max-retries 8 ap-policy ap-lb-util-high-wm 90 ap-policy ap-lb-util-low-wm 80 ap-policy ap-lb-util-wait-time 30 ap-policy ap-lb-user-high-wm 255 ap-policy ap-lb-user-low-wm 230 ap-policy persistent-known-interfering disable ap-config short-preamble disable ap-config privacy disable ap-config wpa disable station-policy protect-valid-sta disable station-policy handoff-assist disable station-policy rssi-falloff-wait-time 4 station-policy low-rssi-threshold 20 station-policy rssi-check-frequency 3 station-policy detect-association-failure disable global-policy detect-bad-wep disable global-policy detect-interference disable global-policy interference-inc-threshold 100 global-policy interference-inc-timeout 30 global-policy interference-wait-time 30 event-threshold fer-high-wm 0 event-threshold fer-low-wm 0 event-threshold frr-high-wm 16 event-threshold frr-low-wm 8 event-threshold flsr-high-wm 16 event-threshold flsr-low-wm 8 event-threshold fnur-high-wm 0 event-threshold fnur-low-wm 0 event-threshold frer-high-wm 16 event-threshold frer-low-wm 8 event-threshold ffr-high-wm 16 event-threshold ffr-low-wm 8 event-threshold bwr-high-wm 0 event-threshold bwr-low-wm 0 valid-11b-channel 1 mode enable valid-11b-channel 6 mode enable valid-11b-channel 11 mode enable valid-11a-channel 36 mode enable valid-11a-channel 40 mode enable valid-11a-channel 44 mode enable valid-11a-channel 48 mode enable valid-11a-channel 52 mode enable valid-11a-channel 56 mode enable valid-11a-channel 60 mode enable valid-11a-channel 64 mode enable valid-11a-channel 149 mode enable valid-11a-channel 153 mode enable valid-11a-channel 157 mode enable valid-11a-channel 161 mode enable ids-policy signature-check disable ids-policy rate-check disable ids-policy dsta-check disable ids-policy sequence-check disable ids-policy mac-oui-check disable ids-policy eap-check disable ids-policy ap-flood-check disable ids-policy adhoc-check disable ids-policy wbridge-check disable ids-policy sequence-diff 300 ids-policy sequence-time-tolerance 300 ids-policy sequence-quiet-time 900 ids-policy eap-rate-threshold 10 ids-policy eap-rate-time-interval 60 ids-policy eap-rate-quiet-time 900 ids-policy ap-flood-threshold 50 ids-policy ap-flood-inc-time 3 ids-policy ap-flood-quiet-time 900 ids-policy signature-quiet-time 900 ids-policy dsta-quiet-time 900 ids-policy adhoc-quiet-time 900 ids-policy wbridge-quiet-time 900 ids-policy mac-oui-quiet-time 900 ids-policy rate-frame-type-param assoc channel-threshold 30 ids-policy rate-frame-type-param assoc channel-inc-time 3 ids-policy rate-frame-type-param assoc channel-quiet-time 900 ids-policy rate-frame-type-param assoc node-threshold 30 ids-policy rate-frame-type-param assoc node-time-interval 60 ids-policy rate-frame-type-param assoc node-quiet-time 900 ids-policy rate-frame-type-param disassoc channel-threshold 30 ids-policy rate-frame-type-param disassoc channel-inc-time 3 ids-policy rate-frame-type-param disassoc channel-quiet-time 900 ids-policy rate-frame-type-param disassoc node-threshold 30 ids-policy rate-frame-type-param disassoc node-time-interval 60 ids-policy rate-frame-type-param disassoc node-quiet-time 900 ids-policy rate-frame-type-param deauth channel-threshold 30 ids-policy rate-frame-type-param deauth channel-inc-time 3 ids-policy rate-frame-type-param deauth channel-quiet-time 900 ids-policy rate-frame-type-param deauth node-threshold 20 ids-policy rate-frame-type-param deauth node-time-interval 60 ids-policy rate-frame-type-param deauth node-quiet-time 900 ids-policy rate-frame-type-param probe-request channel-threshold 200 ids-policy rate-frame-type-param probe-request channel-inc-time 3 ids-policy rate-frame-type-param probe-request channel-quiet-time 900 ids-policy rate-frame-type-param probe-request node-threshold 200 ids-policy rate-frame-type-param probe-request node-time-interval 15 ids-policy rate-frame-type-param probe-request node-quiet-time 900 ids-policy rate-frame-type-param probe-response channel-threshold 200 ids-policy rate-frame-type-param probe-response channel-inc-time 3 ids-policy rate-frame-type-param probe-response channel-quiet-time 900 ids-policy rate-frame-type-param probe-response node-threshold 150 ids-policy rate-frame-type-param probe-response node-time-interval 15 ids-policy rate-frame-type-param probe-response node-quiet-time 900 ids-policy rate-frame-type-param auth channel-threshold 30 ids-policy rate-frame-type-param auth channel-inc-time 3 ids-policy rate-frame-type-param auth channel-quiet-time 900 ids-policy rate-frame-type-param auth node-threshold 30 ids-policy rate-frame-type-param auth node-time-interval 60 ids-policy rate-frame-type-param auth node-quiet-time 900 ids-signature "ASLEAP" mode enable frame-type beacon ssid asleap ! ids-signature "Null-Probe-Response" mode enable frame-type probe-response ssid-length 0 ! ids-signature "AirJack" mode enable frame-type beacon ssid AirJack ! ids-signature "NetStumbler Generic" mode enable payload 0x00601d 3 payload 0x0001 6 ! ids-signature "NetStumbler Version 3.3.0x" mode enable payload 0x00601d 3 payload 0x000102 12 ! ids-signature "Deauth-Broadcast" mode enable frame-type deauth dst-mac ff:ff:ff:ff:ff:ff ! ! site-survey calibration-max-packets 256 site-survey calibration-transmit-rate 500 site-survey rra-max-compute-time 600000 site-survey max-ha-neighbors 3 site-survey neighbor-tx-power-bump 2 site-survey ha-compute-time 0 arm min-scan-time 8 arm ideal-coverage-index 5 arm acceptable-coverage-index 2 arm wait-time 15 arm free-channel-index 25 arm backoff-time 240 arm error-rate-threshold 0 arm error-rate-wait-time 30 arm noise-threshold 0 arm noise-wait-time 120 ems server-ip 0.0.0.0 crypto isakmp groupname changeme vpdn group l2tp ppp authentication PAP ! masterip 127.0.0.1 location "Building1.floor1" mobility parameters 60 buffer 32 manager disable proxy-dhcp enable station-masquerade enable on-association disable trusted-roam disable ignore-l2-broadcast disable block-dhcp-release disable no new-user-roaming max-dhcp-requests 4 secure 1000 shared-secret 739df897b5e4907fe648892400f822fa ! mobility-local local-ha disable ! mobagent home-agent parameters 1000 bindings 300 secure-mobile spi 1000 33025ab2ee43e009a13737098a117daf foreign-agent parameters 1100 bindings 300 pending 0 pending-time 300 ! snmp-server new traps vpdn group pptp no ppp authentication PAP ppp authentication MSCHAPv2 ! stm dos-prevention disable stm vlan-mobility disable stm strict-compliance enable stm fast-roaming disable stm sta-dos-prevention disable stm sta-dos-block-time 3600 stm auth-failure-block-time 0 stm coverage-hole-detection disable stm good-rssi-threshold 20 stm poor-rssi-threshold 10 stm hole-detection-interval 180 stm good-sta-ageout 30 stm idle-sta-ageout 90 stm ap-inactivity-timeout 15 mux-address 0.0.0.0 adp discovery enable adp igmp-join enable adp igmp-vlan 0 voip prioritization enable mgmt-role guest-provisioning description "This is Default Super User Role" permit local-userdb read write ! mgmt-role root description "This is Default Super User Role" permit super-user ! mgmt-user admin root 4ed80428b077988f96acebd46c0f8317ad7bd45f2f13d7ab no database synchronize database synchronize rf-plan-data ip igmp ! ip router pim ! ads netad mode disable packet-capture-defaults tcp disable udp disable sysmsg disable other disable end