show running Building Configuration... version 8.10 hostname "NOC-ARUBA-MM-2" clock timezone America/New_York -04 0 ! location "Building1.floor1" controller config 741 crypto-local pki ServerCert scsd_wc2_full_2026 StarCert-Ex03_26_fullchain.pfx crypto-local pki ServerCert scsd_wildcard_2026 StarCert-Ex03_26_fullchain.pfx crypto-local pki ServerCert scsd_wildcard_sept_2026 StarCert-Ex_09_26_fullchain.pfx crypto-local pki PublicCert master-ssh-pub-cert master-ssh-pub-cert ip nat pool dynamic-srcnat 0.0.0.0 0.0.0.0 ip nat pool localip 0.0.0.0 0.0.0.0 ip access-list eth validuserethacl permit any ! ip access-list geolocation global-geolocation-acl ! netservice svc-snmp-trap udp 162 netservice svc-netbios-dgm udp 138 netservice svc-pcoip2-tcp tcp 4172 netservice svc-facetime-tcp tcp 5223 ALG facetime netservice svc-https tcp 443 netservice svc-dhcp udp 67 68 ALG dhcp netservice svc-ike udp 500 netservice svc-smb-tcp tcp 445 netservice svc-l2tp udp 1701 netservice svc-citrix tcp 2598 netservice svc-syslog udp 514 netservice svc-ica tcp 1494 netservice svc-pptp tcp 1723 netservice svc-telnet tcp 23 netservice svc-sccp tcp 2000 ALG sccp netservice svc-sec-papi udp 8209 netservice svc-tftp udp 69 ALG tftp netservice svc-sip-tcp tcp 5060 ALG sip netservice svc-lpd tcp 515 netservice svc-web tcp list "80 443" netservice svc-kerberos udp 88 netservice svc-netbios-ssn tcp 139 netservice svc-pcoip-udp udp 50002 netservice svc-pop3 tcp 110 netservice svc-pcoip-tcp tcp 50002 netservice svc-http-proxy3 tcp 8888 netservice svc-adp udp 8200 netservice svc-cfgm-tcp tcp 8211 netservice svc-noe udp 32512 ALG noe netservice svc-dns udp 53 ALG dns netservice svc-rtsp tcp 554 ALG rtsp netservice svc-msrpc-tcp tcp 135 139 netservice svc-h323-tcp tcp 1720 ALG h323 netservice svc-vocera udp 5002 ALG vocera netservice svc-http tcp 80 netservice svc-h323-udp udp 1718 1719 ALG h323 netservice vnc tcp 5900 5905 netservice svc-nterm tcp 1026 1028 netservice svc-http-proxy2 tcp 8080 netservice svc-sip-udp udp 5060 ALG sip netservice svc-noe-oxo udp 5000 ALG noe netservice svc-papi udp 8211 netservice svc-natt udp 4500 netservice svc-ftp tcp 21 ALG ftp netservice svc-svp 119 ALG svp netservice svc-microsoft-ds tcp 445 netservice svc-gre 47 netservice svc-smtp tcp 25 netservice svc-sips tcp 5061 ALG sips netservice svc-netbios-ns udp 137 netservice svc-smb-udp udp 445 netservice svc-esp 50 netservice svc-ipp-tcp tcp 631 netservice svc-pcoip2-udp udp 4172 netservice svc-snmp udp 161 netservice svc-bootp udp 67 69 netservice svc-v6-dhcp udp 546 547 netservice svc-icmp 1 netservice svc-ntp udp 123 netservice svc-msrpc-udp udp 135 139 netservice svc-ssh tcp 22 netservice svc-ipp-udp udp 631 netservice svc-http-proxy1 tcp 3128 netservice svc-v6-icmp 58 netservice svc-vmware-rdp tcp 3389 netdestination6 ipv6-reserved-range invert network 2000::/3 ! netdestination wificalling-block name pub.3gppnetwork.org name vowifi.com ! netexthdr default ! time-range periodic night-hours Weekday 18:01 to 23:59 Weekday 00:00 to 07:59 ! time-range periodic working-hours Weekday 08:00 to 18:00 ! ip access-list session control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-papi permit any any svc-sec-papi permit any any svc-cfgm-tcp permit any any svc-adp permit any any svc-tftp permit any any svc-dhcp permit any any svc-natt permit any any tcp 6633 permit ! ip access-list session v6-icmp-acl ipv6 any any svc-v6-icmp permit ! ip access-list session allow-diskservices any any svc-netbios-dgm permit any any svc-netbios-ssn permit any any svc-microsoft-ds permit any any svc-netbios-ns permit ! ip access-list session validuser network 127.0.0.0 255.0.0.0 any any deny network 169.254.0.0 255.255.0.0 any any deny network 224.0.0.0 240.0.0.0 any any deny host 255.255.255.255 any any deny network 240.0.0.0 240.0.0.0 any any deny any any any permit ipv6 host fe80:: any any deny ipv6 network fc00::/7 any any permit ipv6 network fe80::/64 any any permit ipv6 alias ipv6-reserved-range any any deny ipv6 any any any permit ! ip access-list session vocera-acl any any svc-vocera permit queue high ! ip access-list session v6-https-acl ipv6 any any svc-https permit ! ip access-list session voip-applications-acl any any app alg-skype4b-audio permit any any app alg-skype4b-video permit any any app alg-skype4b-desktop-sharing permit any any app alg-skype4b-app-sharing permit any any app alg-sip-audio permit any any app alg-sip-video permit any any app alg-sccp permit any any app alg-vocera permit any any app alg-noe permit any any app alg-h323 permit any any app alg-jabber-audio permit any any app alg-jabber-video permit any any app alg-jabber-desktop-sharing permit any any app alg-facetime permit any any app alg-wifi-calling permit any any app alg-webrtc-audio permit any any app alg-webrtc-video permit any any app alg-teams-audio permit any any app alg-teams-video permit any any app alg-rtp permit ! ip access-list session vmware-acl any any svc-vmware-rdp permit tos 46 dot1p-priority 6 any any svc-pcoip-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip-udp permit tos 46 dot1p-priority 6 any any svc-pcoip2-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip2-udp permit tos 46 dot1p-priority 6 ! ip access-list session icmp-acl any any svc-icmp permit ! ip access-list session apprf-default-vpn-role-sacl ! ip access-list session apprf-logon-sacl ! ip access-list session v6-control ipv6 user any udp 546 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-dns permit ipv6 any any svc-papi permit ipv6 any any svc-sec-papi permit ipv6 any any svc-cfgm-tcp permit ipv6 any any svc-adp permit ipv6 any any svc-tftp permit ipv6 any any svc-v6-dhcp permit ipv6 any any svc-natt permit ipv6 any any svc-dhcp permit ! ip access-list session jabber-acl any any tcp 5222 permit any any tcp 8443 permit ! ip access-list session apprf-authenticated-sacl ! ip access-list session apprf-switch-logon-sacl ! ip access-list session apprf-stateful-dot1x-sacl ! ip access-list session v6-dhcp-acl ipv6 any any svc-v6-dhcp permit ! ip access-list session captiveportal user alias controller svc-https dst-nat 8081 user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 user any svc-http-proxy1 dst-nat 8088 user any svc-http-proxy2 dst-nat 8088 user any svc-http-proxy3 dst-nat 8088 ! ip access-list session wificalling-acl any any tcp 443 permit ! ip access-list session allowall any any any permit ipv6 any any any permit ! ip access-list session v6-dns-acl ipv6 any any svc-dns permit ! ip access-list session facetime-acl any any svc-facetime-tcp permit queue high any any udp 3478 3497 permit any any udp 16384 16387 permit any any udp 16393 16402 permit ! ip access-list session apprf-voice-sacl ! ip access-list session skype4b-acl any any svc-sips permit any any svc-https permit ! ip access-list session apprf-default-iap-user-role-sacl ! ip access-list session captiveportalbridge user alias localip svc-https dual-nat pool localip 8081 user any svc-http dual-nat pool localip 8080 user any svc-https dual-nat pool localip 8081 user any svc-http-proxy1 dual-nat pool localip 8088 user any svc-http-proxy2 dual-nat pool localip 8088 user any svc-http-proxy3 dual-nat pool localip 8088 ! ip access-list session wan-uplink-protect-acl any any sys-svc-dhcp permit ipv6 any any sys-svc-v6-dhcp permit any any sys-svc-esp permit any any sys-svc-natt permit any any sys-svc-ike permit any any sys-svc-icmp permit ipv6 any any sys-svc-icmp6 permit ! ip access-list session sip-acl any any svc-sip-udp permit queue high any any svc-sip-tcp permit queue high ! ip access-list session https-acl any any svc-https permit ! ip access-list session citrix-acl any any svc-citrix permit tos 46 dot1p-priority 6 any any svc-ica permit tos 46 dot1p-priority 6 ! ip access-list session ra-guard ipv6 user any icmpv6 rtr-adv deny ! ip access-list session dns-acl any any svc-dns permit ! ip access-list session allow-printservices any any svc-lpd permit any any svc-ipp-tcp permit any any svc-ipp-udp permit ! ip access-list session skinny-acl any any svc-sccp permit queue high ! ip access-list session logon-control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit any network 169.254.0.0 255.255.0.0 any deny any network 240.0.0.0 240.0.0.0 any deny ! ip access-list session v6-allowall ipv6 any any any permit ! ip access-list session tftp-acl any any svc-tftp permit ! ip access-list session vpnlogon user any svc-ike permit user any svc-esp permit any any svc-l2tp permit any any svc-pptp permit any any svc-gre permit ! ip access-list session srcnat user any any src-nat ! ip access-list session wificalling-block any alias wificalling-block any deny ! ip access-list session cplogout user alias controller svc-https dst-nat 8081 ! ip access-list session captiveportal6 ipv6 user alias controller6 svc-https captive ipv6 user any svc-http captive ipv6 user any svc-https captive ipv6 user any svc-http-proxy1 captive ipv6 user any svc-http-proxy2 captive ipv6 user any svc-http-proxy3 captive ! ip access-list session http-acl any any svc-http permit ! ip access-list session apprf-default-via-role-sacl ! ip access-list session dhcp-acl any any svc-dhcp permit ! ip access-list session v6-http-acl ipv6 any any svc-http permit ! ip access-list session stateful-dot1x any any svc-dns permit any any svc-dhcp permit ! ip access-list session apprf-ap-role-sacl ! ip access-list session apprf-guest-sacl ! ip access-list session ap-uplink-acl any any udp 68 permit any any svc-icmp permit any host 224.0.0.251 udp 5353 permit ipv6 any any udp 546 permit ipv6 any any svc-v6-icmp permit ipv6 any host ff02::fb udp 5353 permit ! ip access-list session apprf-guest-logon-sacl ! ip access-list session noe-acl any any svc-noe permit queue high ! ip access-list session ap-acl any any svc-gre permit any any svc-syslog permit any user svc-snmp permit user any svc-snmp-trap permit user any svc-ntp permit user any svc-ftp permit user any svc-telnet deny ! ip access-list session logon-control-bridge user any udp 68 deny any any svc-icmp src-nat any any svc-dns src-nat any any svc-dhcp permit any network 169.254.0.0 255.255.0.0 any deny any network 240.0.0.0 240.0.0.0 any deny ! ip access-list session svp-acl any any svc-svp permit queue high user host 224.0.1.116 any permit ! ip access-list session global-sacl ! ip access-list session v6-ap-acl ipv6 any any svc-gre permit ipv6 any any svc-syslog permit ipv6 any user svc-snmp permit ipv6 user any svc-snmp-trap permit ipv6 user any svc-ntp permit ipv6 user any svc-ftp permit ! ip access-list session apprf-sys-switch-role-sacl ! ip access-list session h323-acl any any svc-h323-tcp permit queue high any any svc-h323-udp permit queue high ! ip access-list session v6-logon-control ipv6 user any udp 546 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-v6-dhcp permit ipv6 any any svc-dns permit ipv6 any network fc00::/7 any permit ipv6 any network fe80::/64 any permit ipv6 any alias ipv6-reserved-range any deny ! ip access-list session apprf-sys-ap-role-sacl ! ip access-list route uplink-lb-cfg-racl ! ip access-list route master-boc-traffic ! vpn-dialer default-dialer ike authentication pre-share ****** ! user-role ap-role no openflow-enable access-list session ra-guard access-list session control access-list session ap-acl access-list session v6-control access-list session v6-ap-acl ! user-role denyall ! user-role default-vpn-role access-list session global-sacl access-list session apprf-default-vpn-role-sacl access-list session ra-guard access-list session allowall access-list session v6-allowall ! user-role sys-switch-role ! user-role sys-ap-role no openflow-enable ! user-role voice access-list session global-sacl access-list session apprf-voice-sacl access-list session ra-guard access-list session sip-acl access-list session noe-acl access-list session svp-acl access-list session vocera-acl access-list session skinny-acl access-list session h323-acl access-list session dhcp-acl access-list session tftp-acl access-list session dns-acl access-list session icmp-acl access-list session http-acl access-list session https-acl access-list session skype4b-acl access-list session facetime-acl access-list session jabber-acl access-list session wificalling-acl access-list session voip-applications-acl ! user-role default-via-role access-list session global-sacl access-list session apprf-default-via-role-sacl access-list session allowall access-list session v6-allowall ! user-role switch-logon ! user-role guest-logon captive-portal "default" access-list session ra-guard access-list session logon-control access-list session captiveportal access-list session v6-logon-control access-list session captiveportal6 ! user-role guest access-list session global-sacl access-list session apprf-guest-sacl access-list session ra-guard access-list session http-acl access-list session https-acl access-list session dhcp-acl access-list session icmp-acl access-list session dns-acl access-list session v6-http-acl access-list session v6-https-acl access-list session v6-dhcp-acl access-list session v6-icmp-acl access-list session v6-dns-acl ! user-role stateful-dot1x access-list session global-sacl access-list session apprf-stateful-dot1x-sacl ! user-role authenticated access-list session global-sacl access-list session apprf-authenticated-sacl access-list session ra-guard access-list session allowall access-list session v6-allowall ! user-role default-iap-user-role access-list session allowall ! user-role logon access-list session ra-guard access-list session logon-control access-list session captiveportal access-list session vpnlogon access-list session v6-logon-control access-list session captiveportal6 ! ! aaa tacacs-accounting controller-ip vlan 35 datapath energy-efficiency kernel coredump no kernel printk interface mgmt shutdown ! vlan 1 ! vlan 35 ! interface gigabitethernet 0/0/0 trusted trusted vlan 1-4094 no poe switchport mode access switchport access vlan 35 switchport trunk allowed vlan 1-4094 no spanning-tree ! interface gigabitethernet 0/0/1 shutdown trusted trusted vlan 1-4094 no poe switchport mode access switchport access vlan 1 switchport trunk allowed vlan 1-4094 no spanning-tree ! interface port-channel 0 switchport mode access switchport access vlan 1 switchport trunk allowed vlan 1-4094 ! interface port-channel 1 switchport mode access switchport access vlan 1 switchport trunk allowed vlan 1-4094 ! interface port-channel 2 switchport mode access switchport access vlan 1 switchport trunk allowed vlan 1-4094 ! interface port-channel 3 switchport mode access switchport access vlan 1 switchport trunk allowed vlan 1-4094 ! interface port-channel 4 switchport mode access switchport access vlan 1 switchport trunk allowed vlan 1-4094 ! interface port-channel 5 switchport mode access switchport access vlan 1 switchport trunk allowed vlan 1-4094 ! interface port-channel 6 switchport mode access switchport access vlan 1 switchport trunk allowed vlan 1-4094 ! interface port-channel 7 switchport mode access switchport access vlan 1 switchport trunk allowed vlan 1-4094 ! interface vlan 35 ip address 10.1.35.23 255.255.255.0 ! interface vlan 1 ! ! ! ip default-gateway 10.1.35.1 ip route 10.1.35.33 255.255.255.255 ipsec default-psk-redundant-conductor-ipsecmap ip nexthop-list load-balance-gateways ! ip nexthop-list load-balance-ipsecs ! ip nexthop-list traditional-ipsecs ! crypto isakmp policy 20 encryption AES256 authentication pre-share ! crypto isakmp policy 10001 authentication pre-share ! crypto isakmp policy 10002 encryption AES256 authentication rsa-sig ! crypto isakmp policy 10003 encryption AES256 authentication pre-share ! crypto isakmp policy 10004 version v2 encryption AES256 authentication rsa-sig ! crypto isakmp policy 10005 encryption AES256 authentication pre-share ! crypto isakmp policy 10006 version v2 encryption AES128 authentication rsa-sig ! crypto isakmp policy 10007 version v2 encryption AES128 authentication pre-share ! crypto isakmp policy 10008 version v2 encryption AES128 hash sha2-256-128 group 19 authentication ecdsa-256 prf PRF-HMAC-SHA256 ! crypto isakmp policy 10009 version v2 encryption AES256 hash sha2-384-192 group 20 authentication ecdsa-384 prf PRF-HMAC-SHA384 ! crypto isakmp policy 10012 version v2 encryption AES256 authentication rsa-sig ! crypto isakmp policy 10013 encryption AES256 authentication pre-share ! crypto isakmp policy 10014 version v2 encryption AES256 hash sha2-256-128 group 14 authentication pre-share prf PRF-HMAC-SHA256 ! crypto isakmp policy 10015 version v2 encryption AES128 hash sha2-256-128 group 14 authentication rsa-sig prf PRF-HMAC-SHA256 ! crypto ipsec transform-set default-ha-transform esp-3des esp-sha-hmac crypto ipsec transform-set default-boc-bm-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-1st-ikev2-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-3rd-ikev2-transform esp-aes128 esp-sha-hmac crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac crypto dynamic-map default-rap-ipsecmap 10001 version v2 set transform-set "default-gcm256" "default-gcm128" "default-rap-transform" ! crypto dynamic-map default-rap-ipsecmap-gcm 10001 version v2 set transform-set "default-gcm256" "default-gcm128" ! crypto dynamic-map default-rap-ipsecmap-aes 10001 version v2 set transform-set "default-rap-transform" ! crypto dynamic-map default-dynamicmap 10000 set transform-set "default-transform" "default-aes" ! crypto map GLOBAL-IKEV2-MAP 10000 ipsec-isakmp dynamic default-rap-ipsecmap crypto map GLOBAL-MAP 10000 ipsec-isakmp dynamic default-dynamicmap localip 10.1.35.14 ipsec *redacted* localip 10.1.35.11 ipsec *redacted* localip 10.1.35.12 ipsec *redacted* crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-mschapv2 vpdn group l2tp ! ip dynamic-dns interval 900 snmp-server community "mickey03" vpdn group pptp ! tunneled-node-address 0.0.0.0 adp discovery disable adp igmp-join disable adp igmp-vlan-id 0 ap flush-r1-on-new-r0 disable amon msg-buffer-size 1264 amon udp 0 mgmt-server primary-server 10.1.35.10 profile default-amp transport udp ssh mgmt-auth public-key ssh mgmt-auth username/password mgmt-user admin root ******************** mgmt-user ssh-pubkey client-cert master-ssh-pub-cert seamless-logon read-only mgmt-user ssh-pubkey client-cert master-ssh-pub-cert seamless-logon-w standard ntp database synchronize period 60 ip mobile domain default ! ip mobile domain default ! ip igmp ! ipv6 mld ! firewall prohibit-ip-spoofing attack-rate grat-arp 50 drop session-idle-timeout 16 cp-bandwidth-contract untrusted-ucast 9765 cp-bandwidth-contract untrusted-mcast 1953 cp-bandwidth-contract trusted-ucast 98304 cp-bandwidth-contract trusted-mcast 1953 cp-bandwidth-contract route 976 cp-bandwidth-contract sessmirr 976 cp-bandwidth-contract vrrp 512 cp-bandwidth-contract arp-traffic 976 cp-bandwidth-contract l2-other 976 cp-bandwidth-contract auth 976 cp-bandwidth-contract ike 1953 cp-bandwidth-contract udp-traffic 204800 cp-bandwidth-contract ippkt-err 128 amsdu wireless-bridge-aging session-tunnel-fib optimize-dad-frames deny-needfrag-df-ipsec ! ipv6 firewall ext-hdr-parse-len 100 dpi-classif-cache 0 ! ! ! ! firewall cp ipv4 permit any proto 6 ports 9190 9190 ipv6 permit any proto 6 ports 9190 9190 ipv6 permit any proto 6 ports 15260 15260 ipv6 deny any proto 0 ports 0 65535 ! ip domain lookup ! country US change-config-node / aaa authentication mac "default" ! aaa authentication dot1x "default" ! aaa authentication dot1x "default-psk" ! aaa authentication-server tacacs "ClearPass A" host "10.1.40.116" key *redacted* session-authorization ! aaa authentication-server tacacs "ClearPass B" host "10.1.40.117" key *redacted* session-authorization ! aaa authentication via global-config ! scheduler-profile "default" queue-weights q0 0 q1 0 q2 0 q3 0 priority-map q0 "6 7" q1 "4 5" q2 "2 3" q3 "0 1" ! aaa server-group "default" auth-server Internal position 1 set role condition role value-of ! aaa server-group "internal" auth-server Internal position 1 set role condition Role value-of ! aaa profile "default" ! aaa profile "default-dot1x" authentication-dot1x "default" dot1x-default-role "authenticated" ! aaa profile "default-dot1x-psk" authentication-dot1x "default-psk" ! aaa profile "default-iap-aaa-profile" initial-role "default-iap-user-role" no wired-to-wireless-roam no devtype-classification ! aaa profile "default-mac-auth" authentication-mac "default" mac-default-role "authenticated" ! aaa profile "default-open" ! aaa profile "default-tunneled-user" initial-role "guest" no wired-to-wireless-roam ! aaa profile "default-xml-api" ! aaa profile "NoAuthAAAProfile" ! aaa authentication captive-portal "default" ! aaa authentication wispr "default" ! aaa authentication vpn "default" ! aaa authentication vpn "default-cap" default-role "sys-ap-role" server-group "internal" ! aaa authentication vpn "default-hp-switch" ! aaa authentication vpn "default-iap" ! aaa authentication vpn "default-rap" ! aaa authentication mgmt ! aaa authentication stateful-ntlm "default" ! aaa authentication stateful-kerberos "default" ! aaa authentication stateful-dot1x ! aaa authentication via auth-profile "default" ! aaa authentication wired ! aaa authentication via connection-profile "default" ! aaa authentication via web-auth "default" ! web-server profile cipher-suite ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA switch-cert "scsd_wildcard_sept_2026" ! guest-access-email ! aaa password-policy mgmt ! control-plane-security ! ids management-profile ! ids wms-general-profile ! ids wms-local-system-profile ! ids ap-rule-matching ! valid-network-oui-profile ! traceoptions ! activate ! file syncing profile ! ucc skype4b ! ucc teams ! ucc webrtc ! ucc custom-sip ! ucc rtpa-config ! ucc jabber ! ucc sip ! ucc h323 ! ucc vocera ! ucc sccp ! ucc noe ! ucc facetime ! ucc ich ! ucc session-idle-timeout ! ucc wificalling ! license-pool-profile-root pefng-licenses-enable rfp-license-enable ! papi-security ! est profile "default" ! aruba-central ! wlan sae-profile ! ifmap cppm ! pan profile "default" ! pan-options ! websocket clearpass ! pan active-profile ! openflow-profile ! openflow-controller ! sdwan-profile ! dump-auto-uploading-profile "default" ! ap regulatory-domain-profile "default" country-code US valid-11g-channel 1 valid-11g-channel 6 valid-11g-channel 11 valid-11a-channel 36 valid-11a-channel 40 valid-11a-channel 44 valid-11a-channel 48 valid-11a-channel 149 valid-11a-channel 153 valid-11a-channel 157 valid-11a-channel 161 valid-11a-channel 165 valid-11g-40mhz-channel-pair 1-5 valid-11g-40mhz-channel-pair 7-11 valid-11a-40mhz-channel-pair 36-40 valid-11a-40mhz-channel-pair 44-48 valid-11a-40mhz-channel-pair 149-153 valid-11a-40mhz-channel-pair 157-161 valid-11a-80mhz-channel-group 36-48 valid-11a-80mhz-channel-group 149-161 valid-11a-160mhz-channel-group 36-64 ! ap wired-ap-profile "default" ! ap wired-ap-profile "NoAuthWiredAp" wired-ap-enable ! ap enet-link-profile "default" ! ap mesh-ht-ssid-profile "default" ! ap lldp med-network-policy-profile "default" ! ap mesh-cluster-profile "default" ! ap mesh-accesslist-profile "default" ! ap wifi-uplink-profile "default" ! ap multizone-profile "default" ! ap usb-acl-prof "default" ! dump-collection-profile "default" ! ap lldp profile "default" ! ap mesh-radio-profile "default" ! ap usb-profile "default" ! ap system-profile "default" ap-console- password *redacted* ! ap system-profile "NoAuthApSystem" ap-console- password *redacted* ! ap wired-port-profile "default" ! ap wired-port-profile "NoAuthWiredPort" wired-ap-profile "NoAuthWiredAp" aaa-profile "NoAuthAAAProfile" ! ap wired-port-profile "shutdown" shutdown ! gps service-profile "default" ! ids general-profile "default" ! ids rate-thresholds-profile "default" ! ids rate-thresholds-profile "probe-request-response-thresholds" channel-inc-time 30 channel-threshold 350 node-time-interval 10 node-threshold 250 ! ids signature-profile "AirJack" frame-type beacon ssid AirJack ! ids signature-profile "ASLEAP" frame-type beacon ssid asleap ! ids signature-profile "Deauth-Broadcast-From-Valid-AP" frame-type deauth dst-mac ff:ff:ff:ff:ff:ff src-mac valid-ap bssid valid-ap ! ids signature-profile "default" ! ids signature-profile "Disassoc-Broadcast" frame-type disassoc dst-mac ff:ff:ff:ff:ff:ff ! ids signature-profile "Disassoc-Broadcast-From-Valid-AP" frame-type disassoc dst-mac ff:ff:ff:ff:ff:ff src-mac valid-ap bssid valid-ap ! ids signature-profile "Netstumbler Generic" payload 0x00601d 3 payload 0x0001 6 ! ids signature-profile "Netstumbler Version 3.3.0x" payload 0x00601d 3 payload 0x000102 12 ! ids signature-profile "Null-Probe-Response" frame-type probe-response ssid-length 0 ! ids signature-profile "Wellenreiter" frame-type probe-request ssid this_is_used_for_wellenreiter ! ids impersonation-profile "default" ! ids unauthorized-device-profile "default" ! ids signature-matching-profile "default" signature "Disassoc-Broadcast" ! ids dos-profile "default" ! ids profile "default" ! rf dot11-60GHz-radio-profile "default" ! wlan 6ghz-rrm-ie-profile "default" ! rf arm-profile "arm-maintain" no scanning ! rf arm-profile "arm-scan" ! rf arm-profile "default-6ghz" ! rf arm-profile "default-a" ! rf arm-profile "default-g" ! rf ht-radio-profile "default-6ghz" ! rf ht-radio-profile "default-a" ! rf ht-radio-profile "default-g" ! rf spectrum-profile "default-6ghz" ! rf spectrum-profile "default-a" ! rf spectrum-profile "default-g" ! rf optimization-profile "default" ! rf event-thresholds-profile "default" ! rf am-scan-profile "default" ! rf dot11a-radio-profile "default" max-channel-bandwidth 40MHz ! rf dot11a-radio-profile "rp-maintain-a" arm-profile "arm-maintain" ! rf dot11a-radio-profile "rp-monitor-a" mode am-mode ! rf dot11a-radio-profile "rp-scan-a" arm-profile "arm-scan" ! rf dot11g-radio-profile "default" ! rf dot11g-radio-profile "rp-maintain-g" arm-profile "arm-maintain" ! rf dot11g-radio-profile "rp-monitor-g" mode am-mode ! rf dot11g-radio-profile "rp-scan-g" arm-profile "arm-scan" ! rf dot11-6GHz-radio-profile "default" ! wlan rrm-ie-profile "default" ! wlan bcn-rpt-req-profile "default" ! wlan dot11r-profile "default" ! wlan tsm-req-profile "default" ! wlan ht-ssid-profile "default" ! wlan he-ssid-profile "default" ! wlan hotspot anqp-venue-name-profile "default" ! wlan hotspot anqp-nwk-auth-profile "default" ! wlan hotspot anqp-roam-cons-profile "default" ! wlan hotspot anqp-nai-realm-profile "default" ! wlan hotspot anqp-3gpp-nwk-profile "default" ! wlan hotspot h2qp-operator-friendly-name-profile "default" ! wlan hotspot h2qp-wan-metrics-profile "default" ! wlan hotspot h2qp-conn-capability-profile "default" ! wlan hotspot h2qp-op-cl-profile "default" ! wlan hotspot h2qp-osu-prov-list-profile "default" ! wlan hotspot anqp-ip-addr-avail-profile "default" ! wlan hotspot anqp-domain-name-profile "default" ! wlan edca-parameters-profile station "default" ! wlan edca-parameters-profile ap "default" ! wlan mu-edca-parameters-profile "default" ! wlan dot11k-profile "default" ! wlan ssid-profile "default" ! wlan hotspot advertisement-profile "default" ! wlan hotspot hs2-profile "default" ! wlan virtual-ap "default" ! mgmt-server profile "default-acp" stats-enable tag-enable sessions-enable monitored-info-enable monitored-info-del-enable monitored-info-snapshot-enable wids-event-info-enable misc-enable location-enable uccmonitoring-enable airgroupinfo-enable wan-state ! mgmt-server profile "default-ale" stats-enable tag-enable sessions-enable misc-enable location-enable uccmonitoring-enable ! mgmt-server profile "default-amp" stats-enable tag-enable sessions-enable user-visibility-enable misc-enable location-enable ! mgmt-server profile "default-controller" stats-enable tag-enable sessions-enable user-visibility-enable misc-enable location-enable uccmonitoring-enable airgroupinfo-enable wan-state ap-stats ! mgmt-server profile "default-niara" no generic-amon-enable sessions-enable no inline-dhcp-stats no inline-ap-stats no inline-auth-stats no inline-dns-stats ! ap authorization-profile "default" ap-authorization-group "NoAuthApGroup" ! ap provisioning-profile "default" ! rf arm-rf-domain-profile ! ap am-filter-profile "default" ! ap spectrum local-override ! airmatch profile ! ap-lacp-striping-ip ! ap general-profile ! ap deploy-profile ! ap provisioning-rule "PSLA" condition network 10.3.35.0 24 action ap-group "APG03Fowler" ! airslice-profile "default" ! ap provisioning-rules provision-rule "PSLA" priority 1 ! ap-group "APG33Lemoyne" ! ap-group "default" ! ap-group "NoAuthApGroup" enet1-port-profile "NoAuthWiredPort" enet2-port-profile "NoAuthWiredPort" enet3-port-profile "NoAuthWiredPort" enet4-port-profile "NoAuthWiredPort" ap-system-profile "NoAuthApSystem" ! airgroupprofile service "default-airplay" id "_airplay._tcp" id "_appletv-v2._tcp" id "_raop._tcp" description "AirPlay" ! airgroupprofile service "default-airprint" id "_canon-bjnp1._tcp" id "_fax-ipp._tcp" id "_http-alt._tcp" id "_http._tcp" id "_ica-networking._tcp" id "_ica-networking2._tcp" id "_ipp-tls._tcp" id "_ipp._tcp" id "_ipps._tcp" id "_pdl-datastream._tcp" id "_printer._tcp" id "_ptp._tcp" id "_riousbprint._tcp" id "_universal._sub._ipp._tcp" id "_universal._sub._ipps._tcp" description "AirPrint" ! airgroupprofile service "default-allowall" description "Remaining-Services" ! airgroupprofile service "default-amazontv" id "_amzn-wplay._tcp" description "Amazon fire tv" ! airgroupprofile service "default-dial" id "urn:dial-multiscreen-org:device:dial:1" id "urn:dial-multiscreen-org:service:dial:1" description "DIAL supported by Chromecast, FireTV, Roku etc" ! airgroupprofile service "default-dlna-media" id "urn:schemas-upnp-org:device:MediaPlayer:1" id "urn:schemas-upnp-org:device:MediaRenderer:1" id "urn:schemas-upnp-org:device:MediaRenderer:2" id "urn:schemas-upnp-org:device:MediaRenderer:3" id "urn:schemas-upnp-org:device:MediaServer:1" id "urn:schemas-upnp-org:device:MediaServer:2" id "urn:schemas-upnp-org:device:MediaServer:3" id "urn:schemas-upnp-org:device:MediaServer:4" id "urn:schemas-upnp-org:device:ZonePlayer:1" id "urn:schemas-upnp-org:service:AVTransport:1" id "urn:schemas-upnp-org:service:AlarmClock:1" id "urn:schemas-upnp-org:service:ConnectionManager:1" id "urn:schemas-upnp-org:service:ContentDirectory:1" id "urn:schemas-upnp-org:service:DeviceProperties:1" id "urn:schemas-upnp-org:service:GroupManagement:1" id "urn:schemas-upnp-org:service:GroupRenderingControl:1" id "urn:schemas-upnp-org:service:MusicServices:1" id "urn:schemas-upnp-org:service:RenderingControl:1" id "urn:schemas-upnp-org:service:SystemProperties:1" id "urn:schemas-upnp-org:service:ZoneGroupTopology:1" description "Media" ! airgroupprofile service "default-dlna-print" id "urn:schemas-upnp-org:device:Printer:1" id "urn:schemas-upnp-org:service:PrintBasic:1" id "urn:schemas-upnp-org:service:PrintEnhanced:1" description "Print" ! airgroupprofile service "default-googlecast" id "_0F5096E8._sub._googlecast._tcp" id "_17608BC8._sub._googlecast._tcp" id "_233637DE._sub._googlecast._tcp" id "_42B56469._sub._googlecast._tcp" id "_668E5548._sub._googlecast._tcp" id "_674A0243._sub._googlecast._tcp" id "_85CDB22F._sub._googlecast._tcp" id "_8DA7527D._sub._googlecast._tcp" id "_8E6C866D._sub._googlecast._tcp" id "_96084372._sub._googlecast._tcp" id "_CA5E8412._sub._googlecast._tcp" id "_CC1AD845._sub._googlecast._tcp" id "_googlecast._tcp" id "_googlezone._tcp" description "GoogleCast supported by Chromecast etc" ! airgroupprofile service "default-itunes" id "_apple-mobdev._tcp" id "_daap._tcp" id "_dacp._tcp" id "_home-sharing._tcp" description "iTunes" ! airgroupprofile service "default-remotemgmt" id "_ftp._tcp" id "_net-assistant._tcp" id "_rfb._tcp" id "_sftp-ssh._tcp" id "_ssh._tcp" id "_telnet._tcp" description "Remote management" ! airgroupprofile service "default-sharing" id "_afpovertcp._tcp" id "_odisk._tcp" id "_xgrid._tcp" description "Sharing" ! airgroupprofile ipv6 "default" ! airgroupprofile network "default" ! airgroupprofile "default" service "default-airplay" service "default-airprint" service "default-dial" disallow-vlan type servers service "" disallow-role "" type servers service "" ! logging security subcat ids level warnings logging security subcat ids-ap level warnings snmp-server enable trap snmp-server host 10.1.35.10 version 2c mickey03 udp-port 162 snmp-server trap source 0.0.0.0 snmp-server trap disable wlsxAPBROADCASTSTORM snmp-server trap disable wlsxAPIPConflict snmp-server trap disable wlsxAPLoopDetected snmp-server trap disable wlsxAPPortDown snmp-server trap disable wlsxAPPortUp snmp-server trap disable wlsxAPUSBPLUGALARM snmp-server trap disable wlsxAceUsageThreshold snmp-server trap disable wlsxAdhocNetwork snmp-server trap disable wlsxAdhocNetworkBridgeDetectedAP snmp-server trap disable wlsxAdhocNetworkBridgeDetectedSta snmp-server trap disable wlsxAdhocUsingValidSSID snmp-server trap disable wlsxAuthMaxAclEntries snmp-server trap disable wlsxAuthMaxBWContracts snmp-server trap disable wlsxAuthMaxUserEntries snmp-server trap disable wlsxAuthServerIsUp snmp-server trap disable wlsxAuthServerReqTimedOut snmp-server trap disable wlsxAuthServerTimedOut snmp-server trap disable wlsxCLEARPASSSERVERINVALID snmp-server trap disable wlsxChannelChanged snmp-server trap disable wlsxClientPskAuthenticationFailed snmp-server trap disable wlsxClientRejectedByMaxClientCount snmp-server trap disable wlsxClusterVlanProbeStatus snmp-server trap disable wlsxCoverageHoleDetected snmp-server trap disable wlsxDBCommunicationFailure snmp-server trap disable wlsxDisconnectStationAttack snmp-server trap disable wlsxDot1xThresholdLimitHit snmp-server trap disable wlsxDot1xTotalLimitHit snmp-server trap disable wlsxESIServerDown snmp-server trap disable wlsxESIServerUp snmp-server trap disable wlsxFanAbsent snmp-server trap disable wlsxFanFailure snmp-server trap disable wlsxFanTrayInserted snmp-server trap disable wlsxFanTrayRemoved snmp-server trap disable wlsxFlash1SpaceOK snmp-server trap disable wlsxGBICInserted snmp-server trap disable wlsxGhostTunnelclientAttack snmp-server trap disable wlsxGhostTunnelserverAttack snmp-server trap disable wlsxHaFailoverRequestFromAp snmp-server trap disable wlsxHaFailoverTrigger snmp-server trap disable wlsxHaIntercontrollerHbtMiss snmp-server trap disable wlsxHaStandbyConnectivityState snmp-server trap disable wlsxHaStandbyIpSentFailed snmp-server trap disable wlsxHaState snmp-server trap disable wlsxIpSpoofingDetected snmp-server trap disable wlsxLCInserted snmp-server trap disable wlsxLCRemoved snmp-server trap disable wlsxLicenseExpiry snmp-server trap disable wlsxLowMemory snmp-server trap disable wlsxLowOnFlash1Space snmp-server trap disable wlsxLowOnFlashSpace snmp-server trap disable wlsxNAceUsageThreshold snmp-server trap disable wlsxNDot1xThresholdLimitHit snmp-server trap disable wlsxNDot1xTotalLimitHit snmp-server trap disable wlsxNFanAbsent snmp-server trap disable wlsxNLowOnFlash1Space snmp-server trap disable wlsxNSwitchIPv6Changed snmp-server trap disable wlsxNWebCCLicenseEnforcement snmp-server trap disable wlsxOutOfRangeTemperature snmp-server trap disable wlsxOutOfRangeVoltage snmp-server trap disable wlsxPhonyBSSIDDetected snmp-server trap disable wlsxPowerSupplyFailure snmp-server trap disable wlsxPowerSupplyMissing snmp-server trap disable wlsxProcessDied snmp-server trap disable wlsxProcessExceedsMemoryLimits snmp-server trap disable wlsxSCInserted snmp-server trap disable wlsxSignatureMatch snmp-server trap disable wlsxStaUnAssociatedFromUnsecureAP snmp-server trap disable wlsxSwitchIPChanged snmp-server trap disable wlsxSwitchIPv6Changed snmp-server trap disable wlsxSwitchRoleChange snmp-server trap disable wlsxTHERMALSHUTDOWN snmp-server trap disable wlsxUserAuthenticationFailed snmp-server trap disable wlsxUserEntryAuthenticated snmp-server trap disable wlsxUserEntryChanged snmp-server trap disable wlsxUserEntryCreated snmp-server trap disable wlsxUserEntryDeAuthenticated snmp-server trap disable wlsxUserEntryDeleted snmp-server trap disable wlsxVrrpStateChange snmp-server trap disable wlsxWebCCLicenseEnforcement process monitor log process monitor log ale-configuration ! conductor-redundancy conductor-vrrp 35 peer-ip-address 10.1.35.13 ipsec *redacted* ! vrrp 35 authentication ******** ip address 10.1.35.33 description "Secondary" vlan 35 no shutdown ! end