great-tk: 10月 2013

2013年10月31日木曜日

show ap debug bandwidth-management

(Aruba3600) #show ap debug bandwidth-management ap-name ap-225-2

Interface :wifi0

Shaping policy:Preferred-access

VAP aruba000

in out drop fail q cmn[C:O:H:V] Numcl[C:O:H:V] TotCl BWmgmt

4358110 158959 1153427 0 15705 0-0-0-0 0-0-2-1 3 1-1

d1 d2 d3 d4 d5 d6 d7 d8 d9

0 4358110 0 4358110 4 4358106 0 0 0

idx tokens last-t bw-t in out drop fail q tx-t rx-t al-t rate

1 111260 166656 0 1015525 15843 674251 0 7837 3092 0 29843 115/164

2 143784 166656 0 1286161 58160 467875 0 7820 7502 0 33872 300/242

3 641402 666624 0 2032250 80792 11301 0 48 3550 0 103262 433/711

idx d1 d2 d3 d4 d5 d6 d7 d8 d9 d10

0 0 154797 0 4334192 3180725 0 0 0 00

1 0 0 0 1015551 341300 0 0 0 00

2 0 0 0 1286161 818286 0 0 0 00

3 0 0 0 2032297 2020996 0 0 0 00

Interface :wifi1

Shaping policy:Default-access (no stats)

iperf

＜iPerf 設定パラメータ＞

[11ac]

・server "-s -P 0 -i 1 -p 5001 -w 256.0K -M 1372.0B -f k"

・client "-c 10.28.68.101 -P 0 -i 1 -t 6000 -w 22.0K -M 1372.0B -f k"

[11n]

・server "-s -P 0 -i 1 -p 5001 -w 256.0K -M 1372.0B -f k"

・client "-c 10.28.68.151 -P 0 -i 1 -t 6000 -w 8.0K -M 1372.0B -f k"

> ■サーバ側(スマホ側)

> 　"-s -P 0 -i 1 -p 5001 -w256.0K -M 1372.0B -f k"

> ■クライアント側(Linux側)

> 　" -c <サーバ側アドレス> -P 0 -i 1 -t 6000 -w 256.0K -M 1372.0B -f k"

519 iperf -c 10.215.200.53 -b 200M -t 300 -i 1 -M 1370B -f k -w256K

520 iperf -c 10.215.200.53 -b 220M -t 300 -i 1 -M 1370B -f k -w256K

521 iperf -c 10.215.200.53 -b 230M -t 300 -i 1 -M 1370B -f k -w256K

[root@cent ~]# iperf --help

Usage: iperf [-s|-c host] [options]

iperf [-h|--help] [-v|--version]

Client/Server:

-f, --format [kmKM] format to report: Kbits, Mbits, KBytes, MBytes

-i, --interval # seconds between periodic bandwidth reports

-l, --len #[KM] length of buffer to read or write (default 8 KB)

-m, --print_mss print TCP maximum segment size (MTU - TCP/IP header)

-p, --port # server port to listen on/connect to

-u, --udp use UDP rather than TCP

-w, --window #[KM] TCP window size (socket buffer size)

-B, --bind <host> bind to <host>, an interface or multicast address

-C, --compatibility for use with older versions does not sent extra msgs

-M, --mss # set TCP maximum segment size (MTU - 40 bytes)

-N, --nodelay set TCP no delay, disabling Nagle's Algorithm

-V, --IPv6Version Set the domain to IPv6

Server specific:

-s, --server run in server mode

-U, --single_udp run in single threaded UDP mode

-D, --daemon run the server as a daemon

Client specific:

-b, --bandwidth #[KM] for UDP, bandwidth to send at in bits/sec

(default 1 Mbit/sec, implies -u)

-c, --client <host> run in client mode, connecting to <host>

-d, --dualtest Do a bidirectional test simultaneously

-n, --num #[KM] number of bytes to transmit (instead of -t)

-r, --tradeoff Do a bidirectional test individually

-t, --time # time in seconds to transmit for (default 10 secs)

-F, --fileinput <name> input the data to be transmitted from a file

-I, --stdin input the data to be transmitted from stdin

-L, --listenport # port to recieve bidirectional tests back on

-P, --parallel # number of parallel client threads to run

-T, --ttl # time-to-live, for multicast (default 1)

Miscellaneous:

-h, --help print this message and quit

-v, --version print version information and quit

[KM] Indicates options that support a K or M suffix for kilo- or mega-

The TCP window size option can be set by the environment variable

TCP_WINDOW_SIZE. Most other options can be set by an environment variable

IPERF_<long option name>, such as IPERF_BANDWIDTH.

(Aruba3600) # show wms ap list

AP Tree
-------
Monitor Eth MAC Radio BSSID ESSID RSSI Dur Cnt Class Clients AP-name Encryp IBSS
--------------- ----- ----- ----- ---- --- --- ----- ------- ------- ------ ----
6c:f3:7f:c6:7e:a6 1 00:1d:73:65:eb:8e SKNJ 4 191 163 interfering 0 wep no
6c:f3:7f:c6:7e:a6 1 6c:f3:7f:e7:ea:70 TK-11ac-psk 60 191 2391 valid 1 6c:f3:7f:c6:7e:a6 wpa2-psk-aes no
6c:f3:7f:c6:7e:a6 1 6c:f3:7f:e8:c5:51 AEON-PSK 42 191 2283 valid 1 6c:f3:7f:c6:8c:54 wpa2-psk-aes no
6c:f3:7f:c6:7e:a6 1 b0:c7:45:56:cf:f6 Buffalo-A-CFF0 4 191 127 interfering 0 wpa2-psk-aes no
6c:f3:7f:c6:7e:a6 1 d8:c7:c8:5d:13:48 TK-11n-psk 75 191 1784 valid 0 AP-1 wpa2-psk-aes no
Total:5

show whitelist-db

(Aruba3600) # show whitelist-db cpsec

Control-Plane Security Whitelist-entry Details
----------------------------------------------
MAC-Address Enable State Cert-Type Description Revoke Text Last Updated
----------- ------ ----- --------- ----------- ----------- ------------
00:24:6c:c7:dd:8f Enabled unapproved-factory-cert factory-cert Sun May 20 15:16:08 2012
d8:c7:c8:c8:f1:2d Enabled unapproved-factory-cert factory-cert Sun May 20 15:16:08 2012
d8:c7:c8:c8:f1:2e Enabled unapproved-factory-cert factory-cert Sun May 20 15:16:08 2012
00:24:6c:c7:d0:bf Enabled unapproved-factory-cert factory-cert Sun May 20 15:16:08 2012
d8:c7:c8:c8:e2:cc Enabled certified-hold-switch-cert factory-cert Sun May 20 15:16:08 2012
00:24:6c:c6:0d:30 Enabled certified-factory-cert factory-cert Sun May 20 15:16:08 2012
00:24:6c:c9:4f:ee Enabled unapproved-factory-cert factory-cert Sun May 20 15:16:08 2012
00:24:6c:c0:18:c3 Enabled unapproved-factory-cert factory-cert Sun May 20 15:16:08 2012
d8:c7:c8:cd:d1:34 Enabled certified-factory-cert factory-cert Sun May 20 15:16:08 2012
00:24:6c:c0:0a:8e Enabled certified-factory-cert factory-cert Sun May 20 15:16:08 2012
00:24:6c:c4:18:50 Enabled certified-factory-cert factory-cert Sun May 20 15:16:08 2012
00:1a:1e:c0:c5:7e Enabled certified-factory-cert factory-cert Sun May 20 15:16:08 2012
6c:f3:7f:c6:7e:a6 Enabled certified-factory-cert factory-cert Mon Oct 21 13:03:53 2013
00:22:cf:df:93:eb Enabled certified-factory-cert factory-cert Tue Jun 18 12:59:28 2013
6c:f3:7f:c6:84:74 Enabled certified-factory-cert factory-cert Fri Jun 21 18:56:35 2013
11:11:11:11:11:11 Enabled unapproved-no-cert switch-cert Mon Aug 5 22:30:09 2013
d8:c7:c8:ca:49:f8 Enabled certified-factory-cert factory-cert Mon Sep 2 19:30:52 2013

(Aruba3600) # show whitelist-db rap

AP-entry Details
----------------
Name AP-Group AP-Name Full-Name Authen-Username Revoke-Text AP_Authenticated Description Date-Added Enabled Remote-IP
---- -------- ------- --------- --------------- ----------- ---------------- ----------- ---------- ------- ---------
00:0b:86:66:d3:f5 Amigo RAP-5 Provisioned Thu Jun 6 08:53:38 2013 Yes 0.0.0.0
00:0b:86:68:9a:2d RAP 00:0b:86:68:9a:2d Provisioned Thu Jun 6 08:53:38 2013 Yes 0.0.0.0
00:24:6c:c0:14:4f TK-11ac AP-105-2 Provisioned Wed Sep 11 20:43:26 2013 Yes 7.7.7.12
00:24:6c:cd:13:ee RAP RAP2 Provisioned Thu Jun 6 08:53:38 2013 Yes 0.0.0.0
6c:f3:7f:c3:c1:68 TK-11ac AP-135-1 Provisioned Mon Sep 2 12:12:10 2013 Yes 7.7.7.9
6c:f3:7f:c6:7e:a6 TK-11ac AP-225-1 Provisioned Fri Jul 5 15:55:20 2013 Yes 7.7.7.7
6c:f3:7f:c6:8c:54 TK-11ac AP-225-2 Provisioned Mon Sep 2 12:11:40 2013 Yes 7.7.7.8

show threshold all

(Aruba3600) #show threshold all

Capacity Threshold Values
-------------------------
RESOURCE THRESHOLD(%)
-------- ------------
Datapath CPU 30 %
Controlpath CPU 30 %
Controlpath Memory 85 %
Total Tunnels 80 %
Total Users 80 %
Total APs 80 %
Total Locals 80 %

show station-table show user

(Aruba3600) # show station-table

Station Entry
-------------
MAC Name Role Age(d:h:m) Auth AP name Essid Phy Remote Profile
------------ ------ ---- ---------- ---- ------- ----- --- ------ -------
00:22:cf:e2:10:5d authenticated 09:21:41 No 6c:f3:7f:c6:7e:a6 TK-11ac-psk a-VHT No default-dot1x-psk

Station Entries: 1

(Aruba3600) #show user

Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- ---------
10.215.200.75 00:22:cf:e2:10:5d authenticated 09:21:41 6c:f3:7f:c6:7e:a6 Wireless TK-11ac-psk/6c:f3:7f:e7:ea:70/a-VHT default-dot1x-psk dtunnel Win 7

User Entries: 1/1
Curr/Cum Alloc:2/46 Free:3/44 Dyn:5 AllocErr:0 FreeErr:0

show snmp trap-list

(Aruba3600) #show snmp trap-list

SNMP TRAP LIST
--------------
TRAP-NAME CONFIGURABLE ENABLE-STATE
--------- ------------ ------------
authenticationFailure Yes Disabled
coldStart Yes Enabled
linkDown Yes Disabled
linkUp Yes Disabled
warmStart Yes Enabled
wlsxAPActiveUplinkChanged Yes Enabled
wlsxAPBssidEntryChanged Yes Disabled
wlsxAPChannelChange Yes Disabled
wlsxAPDeauthContainment Yes Disabled
wlsxAPEntryChanged Yes Disabled
wlsxAPImpersonation Yes Disabled
wlsxAPInterferenceCleared Yes Disabled
wlsxAPInterferenceDetected Yes Disabled

show processes sort-by

(Aruba3600) #show processes sort-by cpu

%CPU S PID PPID VSZ RSS F NI START TIME EIP CMD
0.5 S 1767 1541 80580 11328 4 0 Oct07 03:11:46 2b81a0f8 /mswitch/bin/stm
0.5 S 1804 1541 16032 3912 4 0 Oct07 03:02:44 2b426094 /mswitch/bin/snmpd
0.4 S 1789 1541 8820 1856 4 0 Oct07 02:24:49 2b0db094 /mswitch/bin/hwMon
0.1 S 1751 1541 64076 9984 4 0 Oct07 00:47:31 2b86a0f8 /mswitch/bin/auth
0.1 S 1898 1635 147232 94240 5 0 Oct07 00:45:08 2b29488c /mswitch/bin/fpapps
0.1 S 1636 1635 147232 94240 5 0 Oct07 00:43:46 2b4550f8 /mswitch/bin/fpapps
0.1 S 1662 1541 35216 10768 4 0 Oct07 00:34:31 2b77c0f8 /mswitch/bin/wms -l 5
0.0 S 1960 1635 147232 94240 5 0 Oct07 00:20:17 2b4550f8 /mswitch/bin/fpapps
0.0 S 1869 1635 147232 94240 5 0 Oct07 00:18:02 2b4550f8 /mswitch/bin/fpapps

(Aruba3600) #show processes sort-by memory

%CPU S PID PPID VSZ RSS F NI START TIME EIP CMD
0.0 S 1634 1541 147232 94240 0 0 Oct07 00:00:00 2b29488c /mswitch/bin/fpapps
0.0 S 1635 1634 147232 94240 1 0 Oct07 00:00:00 2b452390 /mswitch/bin/fpapps
0.1 S 1636 1635 147232 94240 5 0 Oct07 00:43:46 2b4550f8 /mswitch/bin/fpapps
0.0 S 1851 1635 147232 94240 5 0 Oct07 00:00:00 2b29488c /mswitch/bin/fpapps
0.0 S 1858 1635 147232 94240 5 0 Oct07 00:13:41 2b29488c /mswitch/bin/fpapps

show port stats

(Aruba3600) #show port stats

Port Statistics
---------------
Port PacketsIn PacketsOut BytesIn BytesOut InputErrorBytes OutputErrorBytes CRCErrors
---- --------- ---------- ------- -------- --------------- ---------------- ---------
GE 1/0 81362577 8312461 4789266827 2946440943 175 0 0
GE 1/1 0 0 0 0 0 0 0
GE 1/2 0 0 0 0 0 0 0
GE 1/3 0 0 0 0 0 0 0

show netstat

(Aruba3600) #show netstat

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1622/mysqld
tcp 0 0 0.0.0.0:17 0.0.0.0:* LISTEN 1648/isakmpd
tcp 0 0 0.0.0.0:8211 0.0.0.0:* LISTEN 1593/cfgm
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 1862/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1849/sshd
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 1582/fpcli
tcp 0 0 0.0.0.0:8088 0.0.0.0:* LISTEN 1853/qpdq
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 1859/pptpd
tcp 0 0 127.0.0.1:2300 0.0.0.0:* LISTEN 1586/soed
tcp 0 0 10.215.200.191:22 10.215.250.189:63754 ESTABLISHED 10957/0
tcp 0 0 10.215.200.191:23 10.215.250.171:59252 ESTABLISHED 1582/fpcli
tcp 0 0 :::8080 :::* LISTEN 2043/httpd
tcp 0 0 :::80 :::* LISTEN 2043/httpd
tcp 0 0 :::8081 :::* LISTEN 2043/httpd

show loginsessions

(Aruba3600) #show loginsessions

Session Table
-------------
ID User Name User Role Connection From Idle Time Session Time
-- --------- --------- --------------- --------- ------------
1 admin root EIA-232 522:53:50 569:05:02
2 admin root 10.215.250.171 351:04:31 352:06:55
3 admin root 10.215.250.189 00:00:00 01:19:38

show log ?

(Aruba3600) #show log ?
all Show full logs
ap-debug AP Debug Logs
arm ARM logs
arm-user-debug ARM User Debug Logs
errorlog Logging for System errors or critical information
network Network logs
security Security logs
system System logs
user User logs
user-debug User Debug Logs
wireless Wireless logs

show log errorlog

(Aruba3600) #show log errorlog 10

Oct 23 19:42:26 <wms 126002> <ERRS> |wms| |ids| Rogue AP: The system classified an access point(BSSID 6c:f3:7f:b2:d4:b1 and SSID train-2-2 on CHANNEL 44) as rogue. Additional Info: Detector-AP-Name:6c:f3:7f:c6:7e:a6; Detector-AP-MAC:6c:f3:7f:e7:ea:70; Detector-AP-Radio:1.
Oct 23 19:42:26 <wms 126002> <ERRS> |wms| |ids| Rogue AP: The system classified an access point(BSSID 6c:f3:7f:b2:d4:b2 and SSID train-ssid2-2-1 on CHANNEL 44) as rogue. Additional Info: Detector-AP-Name:6c:f3:7f:c6:7e:a6; Detector-AP-MAC:6c:f3:7f:e7:ea:70; Detector-AP-Radio:1.
Oct 23 19:42:26 <wms 126002> <ERRS> |wms| |ids| Rogue AP: The system classified an access point(BSSID 6c:f3:7f:b2:d4:b3 and SSID Guest-2-2 on CHANNEL 44) as rogue. Additional Info: Detector-AP-Name:6c:f3:7f:c6:7e:a6; Detector-AP-MAC:6c:f3:7f:e7:ea:70; Detector-AP-Radio:1.
Oct 25 15:48:04 <wms 126002> <ERRS> |wms| |ids| Rogue AP: The system classified an access point(BSSID 6c:f3:7f:94:4d:68 and SSID ANAHEIM-setup on CHANNEL 36) as rogue. Additional Info: Detector-AP-Name:6c:f3:7f:c6:7e:a6; Detector-AP-MAC:6c:f3:7f:e7:ea:70; Detector-AP-Radio:1.
Oct 25 15:48:04 <wms 126002> <ERRS> |wms| |ids| Rogue AP: The system classified an access point(BSSID 6c:f3:7f:94:4d:69 and SSID ANAHEIM-WLAN on CHANNEL 40) as rogue. Additional Info: Detector-AP-Name:6c:f3:7f:c6:7e:a6; Detector-AP-MAC:6c:f3:7f:e7:ea:70; Detector-AP-Radio:1.
Oct 25 15:48:04 <wms 126002> <ERRS> |wms| |ids| Rogue AP: The system classified an access point(BSSID 6c:f3:7f:94:4d:6a and SSID ANAHEIM-guest on CHANNEL 40) as rogue. Additional Info: Detector-AP-Name:6c:f3:7f:c6:7e:a6; Detector-AP-MAC:6c:f3:7f:e7:ea:70; Detector-AP-Radio:1.
Oct 25 15:48:04 <wms 126002> <ERRS> |wms| |ids| Rogue AP: The system classified an access point(BSSID 6c:f3:7f:94:4d:6b and SSID jk-psk on CHANNEL 40) as rogue. Additional Info: Detector-AP-Name:6c:f3:7f:c6:7e:a6; Detector-AP-MAC:6c:f3:7f:e7:ea:70; Detector-AP-Radio:1.
Oct 28 13:09:38 <wms 126002> <ERRS> |wms| |ids| Rogue AP: The system classified an access point(BSSID 6c:f3:7f:d1:91:f0 and SSID e5718fd85de75063f4034f79e8f5f10 on CHANNEL 36) as rogue. Additional Info: Detector-AP-Name:6c:f3:7f:c6:7e:a6; Detector-AP-MAC:6c:f3:7f:e7:ea:70; Detector-AP-Radio:1.
Oct 28 13:09:38 <wms 126002> <ERRS> |wms| |ids| Rogue AP: The system classified an access point(BSSID 6c:f3:7f:d1:91:f2 and SSID WLDJ on CHANNEL 36) as rogue. Additional Info: Detector-AP-Name:6c:f3:7f:c6:7e:a6; Detector-AP-MAC:6c:f3:7f:e7:ea:70; Detector-AP-Radio:1.
Oct 28 13:09:38 <wms 126002> <ERRS> |wms| |ids| Rogue AP: The system classified an access point(BSSID 6c:f3:7f:d1:91:f3 and SSID AEON-PSK on CHANNEL 36) as rogue. Additional Info: Detector-AP-Name:6c:f3:7f:c6:7e:a6; Detector-AP-MAC:6c:f3:7f:e7:ea:70; Detector-AP-Radio:1.

AOS: show license

(Aruba3600) # show license

License Table
-------------
Key Installed Expires Flags Service Type
--- --------- ------- ----- ------------
UZsSGbTA-c1u8KYcd-O3nlHYKI-+4X+5bc6-NEm+dbKP-sK0 2012-02-28 Never E RF Protect: 32
17:35:02
ylLdgdcK-rVhg7hLy-xpCV35bc-lyU8z2f4-bNLU8iPZ-jtM 2012-02-28 Never E Next Generation Policy Enforcement Firewall Module: 32
17:35:20
6BLqEdUO-7Sxz8MMU-zkVNyeb+-vLcBK3Zc-06mz9VtY-HxQ 2012-02-28 Never E Policy Enforcement Firewall for VPN users
17:35:37
2IAWRnTB-4sg1oX9B-dW+U32PT-gGo7tW/b-R97/v/Up-DwI 2012-05-30 Never E Access Points: 32
10:25:43
KgC+9Uhi-vkU7vtQz-7xIVnFr6-kRfs9fOe-L+hYFSyQ-esg 2012-05-30 Expired 125abg Upgrade: 64
10:50:35[1]

License Entries: 5

Flags: A - auto-generated; E - enabled; R - reboot required to activate

AOS: RAP whitelist

RAP whitelist & "show user-table internal"

(A3600-3) #show whitelist-db rap

AP-entry Details
----------------
Name AP-Group AP-Name Full-Name Authen-Username Revoke-Text AP_Authenticated Description Date-Added Enabled Remote-IP
---- -------- ------- --------- --------------- ----------- ---------------- ----------- ---------- ------- ---------
6c:f3:7f:c5:13:1a DCM RAP-2 Provisioned Tue Jan 27 13:01:25 2015 Yes 1.1.1.2
d8:c7:c8:c4:55:cc DCM d8:c7:c8:c4:55:cc Provisioned Tue Jan 27 19:38:07 2015 Yes 1.1.1.3
d8:c7:c8:cd:d1:34 DCM RAP-1 Provisioned Tue Jan 13 20:17:15 2015 Yes 1.1.1.1

AP Entries: 3

(A3600-3) #show user-table internal

Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ----
1.1.1.1 00:00:00:00:00:00 d8:c7:c8:cd:d1:34 ap-role 00:00:39 VPN 61.195.154.83 N/A tunnel
61.195.154.83 00:00:00:00:00:00 logon 50:00:17 VPN N/A tunnel

User Entries: 2/2

(Aruba3600) #show local-userdb-ap

NOTE: This command has been deprecated. Please use "show whitelist-db rap" command.

WARNING: Following entries have been automatically upgraded.
If these entries don't exist in "show whitelist-db rap" command,
Please manually move to new table using "whitelist-db rap add" commands.

AP-entry Details
----------------
Name AP-Group AP-Name Full-Name Authen-Username Revoke-Text AP_Authenticated Description Date-Added Enabled Remote-IP
---- -------- ------- --------- --------------- ----------- ---------------- ----------- ---------- ------- ---------
00:24:6c:cd:13:ee RAP RAP2 Provisioned Tue May 15 18:37:41 2012 Yes 0.0.0.0
00:0b:86:68:9a:2d RAP 00:0b:86:68:9a:2d Provisioned Sat May 19 15:22:16 2012 Yes 0.0.0.0
00:0b:86:66:d3:f5 Amigo RAP-5 Provisioned Fri Jul 13 13:06:34 2012 Yes 0.0.0.0
d8:c7:c8:c4:6b:ec test d8:c7:c8:c4:6b:ec Provisioned Tue Aug 7 11:40:00 2012 Yes 0.0.0.0
d8:c7:c8:c4:22:6a test IAP105 Provisioned Tue Aug 7 14:22:57 2012 Yes 0.0.0.0

AP Entries: 5

AOS: Maintenance command

Maintenance command:
show fault
show image version
show controller-ip
show switches
show inventory

(7210-1) #show fault

Active Faults

-------------

Time Number Description

---- ------ -----------

2015-02-10 13:13:10 1 The Certificate aruba-cert has expired.

2015-02-10 13:16:06 2 Fan 2 failed

Total number of entries in the queue :2

(M) #show fault

Active Faults
-------------
Time Number Description
---- ------ -----------
2015-04-10 12:55:33 1 Access point ac:a3:1e:c6:3f:24 is down
2015-04-10 12:55:33 2 BSSID ac:a3:1e:e3:f2:50 on AP (ac:a3:1e:c6:3f:24::1) is down
2015-04-10 12:55:33 3 BSSID ac:a3:1e:e3:f2:51 on AP (ac:a3:1e:c6:3f:24::1) is down
2015-04-10 12:55:33 4 BSSID ac:a3:1e:e3:f2:52 on AP (ac:a3:1e:c6:3f:24::1) is down
2015-04-10 12:55:33 5 BSSID ac:a3:1e:e3:f2:56 on AP (ac:a3:1e:c6:3f:24::1) is down
2015-04-10 12:55:33 6 BSSID ac:a3:1e:e3:f2:57 on AP (ac:a3:1e:c6:3f:24::1) is down
2015-04-10 12:55:33 7 BSSID ac:a3:1e:e3:f2:58 on AP (ac:a3:1e:c6:3f:24::1) is down
2015-04-10 12:55:33 8 BSSID ac:a3:1e:e3:f2:40 on AP (ac:a3:1e:c6:3f:24::2) is down
2015-04-10 12:55:33 9 BSSID ac:a3:1e:e3:f2:41 on AP (ac:a3:1e:c6:3f:24::2) is down
2015-04-10 12:55:40 10 Access point ac:a3:1e:c6:3e:e4 is down
2015-04-10 12:55:40 11 BSSID ac:a3:1e:e3:ee:50 on AP (ac:a3:1e:c6:3e:e4::1) is down
2015-04-10 12:55:40 12 BSSID ac:a3:1e:e3:ee:51 on AP (ac:a3:1e:c6:3e:e4::1) is down
2015-04-10 12:55:40 13 BSSID ac:a3:1e:e3:ee:56 on AP (ac:a3:1e:c6:3e:e4::1) is down
2015-04-10 12:55:40 14 BSSID ac:a3:1e:e3:ee:57 on AP (ac:a3:1e:c6:3e:e4::1) is down
2015-04-10 12:55:40 15 BSSID ac:a3:1e:e3:ee:58 on AP (ac:a3:1e:c6:3e:e4::1) is down
2015-04-10 12:55:40 16 BSSID ac:a3:1e:e3:ee:40 on AP (ac:a3:1e:c6:3e:e4::2) is down
2015-04-10 12:55:40 17 BSSID ac:a3:1e:e3:ee:41 on AP (ac:a3:1e:c6:3e:e4::2) is down
2015-04-10 12:55:40 18 Access point ac:a3:1e:c6:3f:66 is down
2015-04-10 12:55:40 19 BSSID ac:a3:1e:e3:f6:70 on AP (ac:a3:1e:c6:3f:66::1) is down
2015-04-10 12:55:40 20 BSSID ac:a3:1e:e3:f6:60 on AP (ac:a3:1e:c6:3f:66::2) is down
2015-04-10 12:55:47 21 Access point ac:a3:1e:c6:3f:70 is down
2015-04-10 12:55:47 22 BSSID ac:a3:1e:e3:f7:10 on AP (ac:a3:1e:c6:3f:70::1) is down
2015-04-10 12:55:47 23 BSSID ac:a3:1e:e3:f7:00 on AP (ac:a3:1e:c6:3f:70::2) is down
2015-04-10 12:56:00 24 Access point ac:a3:1e:c6:3f:74 is down
2015-04-10 12:56:00 25 BSSID ac:a3:1e:e3:f7:50 on AP (ac:a3:1e:c6:3f:74::1) is down
2015-04-10 12:56:00 26 BSSID ac:a3:1e:e3:f7:40 on AP (ac:a3:1e:c6:3f:74::2) is down
2015-04-10 12:56:21 27 Access point ac:a3:1e:c6:3f:5e is down
2015-04-10 12:56:21 28 BSSID ac:a3:1e:e3:f5:f0 on AP (ac:a3:1e:c6:3f:5e::1) is down
2015-04-10 12:56:21 29 BSSID ac:a3:1e:e3:f5:e0 on AP (ac:a3:1e:c6:3f:5e::2) is down
Total number of entries in the queue :29

(Aruba3600) #show image version
----------------------------------
Partition : 0:0 (/dev/hda1)
Software Version : ArubaOS 6.3.0.0 (Digitally Signed - Customer Test Build)
Build number : 39210
Label : 39210
Built on : Mon Jul 29 02:11:35 PDT 2013
----------------------------------
Partition : 0:1 (/dev/hda2) **Default boot**
Software Version : ArubaOS 6.3.1.0 (Digitally Signed - Production Build)
Build number : 40232
Label : 40232
Built on : Fri Oct 4 18:34:33 PDT 2013

(M) #show controller-ip

Switch IP Address: 10.215.1.253

Switch IP is configured to be Vlan Interface: 2

Switch IPv6 address is not configured.

(M) #show switches

All Switches
------------
IP Address Name Location Type Model Version Status Configuration State Config Sync Time (sec) Config ID
---------- ---- -------- ---- ----- ------- ------ ------------------- ---------------------- ---------
10.215.1.253 Banana-M Building1.floor1 master Aruba7030 6.4.2.5_48774 up UPDATE SUCCESSFUL 0 61
10.215.1.252 Banana-L Building1.floor1 local Aruba7030 6.4.2.5_48774 up UPDATE SUCCESSFUL 10 61

(Banana-M) #show inventory ?
| Output Modifiers
<cr>

(M) #show inventory

Supervisor Card slot : 0
System Serial# : CR0003480 (Date:10/07/14)
CPU Card Serial# : AE39009981 (Date:09/27/14)
CPU Card Assembly# : 2010203D
CPU Card Revision : (Rev:04.00)
SC Model# : Aruba7030
HW MAC Addr : 00:0b:86:b5:55:d7 to 00:0b:86:b5:55:e6
CPLD Version : (Rev: 1.12)
Main Board Temperatures :
: Near Inlet 36 C
: Ambient Temperature 33 C
: Board Mid Temperature 36 C
: Near Exhaust 1 33 C
: Near Exhaust 2 32 C
: PHY 0 Temp 41 C
: PHY 1 Temp 41 C
: PHY 2 Temp 48 C
: PHY 3 Temp 46 C
Fan 0 : 5079 rpm
Fan 1 : 5075 rpm
Fan 2 : 5094 rpm
Main Board Voltages :
ispPAC_POWR1220AT8 :
: VDD_SRAM 0.965V sense 0.984 V
: VDD_0V85 0.85V sense 0.862 V
: VDD_1V8 1.80V sense 1.840 V
: VDD_1V5 1.50V sense 1.540 V
: VDD_3V3 3.30V sense 3.378 V
: VDD_1V0 1.00V sense 1.022 V
: VDD_SB_3V3 3.30V sense 3.342 V
: VDD_CPU 0.994V sense 0.994 V
: VDD_DDR3_VTT 0.75V sense 0.760 V
: VCC5 5.00V sense 4.980 V

(M) #show version
Aruba Operating System Software.
ArubaOS (MODEL: Aruba7030), Version 6.4.2.5
Website: http://www.arubanetworks.com
Copyright (c) 2002-2015, Aruba Networks, Inc.
Compiled on 2015-02-24 at 22:41:44 PST (build 48774) by p4build

ROM: System Bootstrap, Version CPBoot 1.0.2.0 (build 43722)
Built: 2014-05-13 10:06:50
Built by: p4build@re_client_43722

Switch uptime is 5 days 4 hours 20 minutes 23 seconds
Reboot Cause: Datapath timeout (Intent:cause:register 56:86:60)
Supervisor Card
Processor (XLP208 Rev B0 (Secure Boot) , 1600 MHz) with 3735M bytes of memory.
32K bytes of non-volatile configuration memory.
3872M bytes of Supervisor Card system flash.

2013年10月30日水曜日

AOS: 11ac Throughpt by "show ap vht-rates bssid"

(Aruba3600) #show ap vht-rates bssid 6c:f3:7f:e7:ea:70

AP "6c:f3:7f:c6:7e:a6" Radio 0 BSSID 6c:f3:7f:e7:ea:70 Very-high-throughput Rates (Mbps)
----------------------------------------------------------------------------------------
MCS Streams 20 MHz 20 MHz SGI 40 MHz 40 MHz SGI 80 MHz 80 MHz SGI
--- ------- ------ ---------- ------ ---------- ------ ----------
0 1 6.5 7.2 13.5 15.0 29.3 32.5
1 1 13.0 14.4 27.0 30.0 58.5 65.0
2 1 19.5 21.7 40.5 45.0 87.8 97.5
3 1 26.0 28.9 54.0 60.0 117.0 130.0
4 1 39.0 43.3 81.0 90.0 175.5 195.0
5 1 52.0 57.8 108.0 120.0 234.0 260.0
6 1 58.5 65.0 121.5 135.0 263.3 292.5
7 1 65.0 72.2 135.0 150.0 292.5 325.0
8 1 78.0 86.7 162.0 180.0 351.0 390.0
9 1 -- -- 180.0 200.0 390.0 433.3
0 2 13.0 14.4 27.0 30.0 58.5 65.0
1 2 26.0 28.9 54.0 60.0 117.0 130.0
2 2 39.0 43.3 81.0 90.0 175.5 195.0
3 2 52.0 57.8 108.0 120.0 234.0 260.0
4 2 78.0 86.7 162.0 180.0 351.0 390.0
5 2 104.0 115.6 216.0 240.0 468.0 520.0
6 2 117.0 130.0 243.0 270.0 526.5 585.0
7 2 130.0 144.4 270.0 300.0 585.0 650.0
8 2 156.0 173.3 324.0 360.0 702.0 780.0
9 2 -- -- 360.0 400.0 780.0 866.7
0 3 19.5 21.7 40.5 45.0 87.8 97.5
1 3 39.0 43.3 81.0 90.0 175.5 195.0
2 3 58.5 65.0 121.5 135.0 263.3 292.5
3 3 78.0 86.7 162.0 180.0 351.0 390.0
4 3 117.0 130.0 243.0 270.0 526.5 585.0
5 3 156.0 173.3 324.0 360.0 702.0 780.0
6 3 175.5 195.0 364.5 405.0 -- --
7 3 195.0 216.7 405.0 450.0 877.5 975.0
8 3 234.0 260.0 486.0 540.0 1053.0 1170.0
9 3 260.0 288.9 540.0 600.0 1170.0 1300.0

-- : not valid.
Range for 20 MHz: 6.5 - 288.9 Mbps
Range for 40 MHz: 13.5 - 600.0 Mbps
Range for 80 MHz: 29.3 - 1300.0 Mbps

Items enclosed in [ ] are disabled.

AOS: XML setting

Captive-portalとXML-APIで利用するRADIUSサーバを別にすることは可能

XML-APIについてはManual記載

http://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/XML_API.php

user-role <name>

captive-portal <captive-portal profile>

wispr <wispr_profile_name>

aaa authentication captive-portal "default"

server-group RADIUS-1

aaa authentication wispr "default"

server-group RADIUS-2

show aaa xml-api server

(host) #show aaa xml-api statistics
Statistics 10.1.2.3
---------- --------
user_authenticate 0 (0)
user_add 0 (0)
user_delete 0 (0)
user_blacklist 0 (0)
user_query 0 (0)

以下はガイドからの抜粋aaa profileにXML-APIサーバー、Initial roleに該当のlogonプロファイル

(host) (config) #aaa profile wirelessusers

(host) (AAA Profile "wirelessusers") #xml-api-server 10.11.12.13

(host) (XML API Server "10.11.12.13") #key aruba123

(host) (config) #show aaa profile wirelessusers

AAA Profile "wirelessusers"

---------------------------

Parameter Value

--------- -----

Initial role logon

MAC Authentication Profile N/A

MAC Authentication Default Role guest

MAC Authentication Server Group default

802.1X Authentication Profile N/A

802.1X Authentication Default Role guest

802.1X Authentication Server Group N/A

RADIUS Accounting Server Group N/A

XML API server 10.11.12.13

AOS: controller performance load

show memory
show cpuload
show datapath utilization
show iostat
show cpuload current
show interface counters

(Aruba3600) #show memory

Memory (Kb): total: 1502964, used: 519732, free: 983232

(Aruba3600) #show cpuload

user 5.2%, system 1.5%, idle 93.3%

(Aruba3600) #show datapath utilization

Datapath Network Processor Utilization
------+---------+---------+----------+
| Cpu utilization during past |
Cpu | 1 Sec 4 Secs 64 Secs |
------+---------+---------+----------+
8 | 0% | 0% | 0% |
9 | 0% | 0% | 0% |
10 | 0% | 0% | 0% |
11 | 0% | 0% | 0% |
12 | 0% | 0% | 0% |
13 | 0% | 0% | 0% |
14 | 0% | 0% | 0% |
15 | 0% | 0% | 0% |
16 | 0% | 0% | 0% |
17 | 0% | 0% | 0% |
18 | 0% | 0% | 0% |
19 | 0% | 0% | 0% |
20 | 0% | 0% | 0% |
21 | 0% | 0% | 0% |
22 | 0% | 0% | 0% |
23 | 0% | 0% | 0% |
24 | 0% | 0% | 0% |
25 | 0% | 0% | 0% |
26 | 0% | 0% | 0% |
27 | 0% | 0% | 0% |
28 | 0% | 0% | 0% |
29 | 0% | 0% | 0% |
30 | 0% | 0% | 0% |
31 | 0% | 0% | 0% |

(Aruba3600) #show iostat

cpu 8144747 157260 3756834 1624881907 12761 75 389133 0
cpu0 804053 18522 744041 203005925 431 0 97346 0
cpu1 919367 18809 426907 203266461 435 0 35507 0
cpu2 1124870 19465 393449 203088697 292 0 40713 0
cpu3 973491 17985 485334 203160006 443 0 30227 0
cpu4 1161287 18118 367285 203093516 251 0 27029 0
cpu5 1123409 20885 365541 203128115 1051 0 28485 0
cpu6 1005731 21103 418820 203190222 482 0 31127 0
cpu7 1032539 22373 555457 202948966 9376 75 98699 0

(Aruba3600) #show cpuload current

top2 - 20:07:50 up 23 days, 2:42, 0 users, load average: 0.02, 0.08, 0.12
Tasks: 248 total, 1 running, 247 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.5%us, 0.2%sy, 0.0%ni, 99.2%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 1502964k total, 564668k used, 938296k free, 3992k buffers
Swap: 0k total, 0k used, 0k free, 197508k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
8817 root 15 0 3860 1096 764 R 15 0.1 0:00.19 top2
1 root 16 0 4388 568 476 S 0 0.0 0:07.82 init
2 root RT 0 0 0 0 S 0 0.0 0:03.50 migration/0
3 root 34 19 0 0 0 S 0 0.0 10:49.89 ksoftirqd/0
4 root RT 0 0 0 0 S 0 0.0 0:02.29 migration/1
5 root 34 19 0 0 0 S 0 0.0 0:00.02 ksoftirqd/1
6 root RT 0 0 0 0 S 0 0.0 0:02.12 migration/2
7 root 34 19 0 0 0 S 0 0.0 0:00.00 ksoftirqd/2
8 root RT 0 0 0 0 S 0 0.0 0:02.55 migration/3
9 root 34 19 0 0 0 S 0 0.0 0:00.02 ksoftirqd/3
10 root RT 0 0 0 0 S 0 0.0 0:02.24 migration/4
11 root 34 19 0 0 0 S 0 0.0 0:05.52 ksoftirqd/4
12 root RT 0 0 0 0 S 0 0.0 0:02.48 migration/5
13 root 34 19 0 0 0 S 0 0.0 0:00.01 ksoftirqd/5
14 root RT 0 0 0 0 S 0 0.0 0:02.33 migration/6
15 root 34 19 0 0 0 S 0 0.0 0:00.03 ksoftirqd/6
16 root RT 0 0 0 0 S 0 0.0 0:02.15 migration/7
17 root 34 19 0 0 0 S 0 0.0 0:00.04 ksoftirqd/7
18 root 10 -5 0 0 0 S 0 0.0 0:00.01 events/0
19 root 10 -5 0 0 0 S 0 0.0 1:08.78 events/1

Display packet numbers

(Aruba3600) #show interface counters

Port InOctets InUcastPkts InMcastPkts InBcastPkts
GE1/0 4779739900 44781595 17120225 19287255

Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts
GE1/0 2940000443 8288263 20 2023

AOS: show run

(Aruba3600) #show run
Building Configuration...

version 6.3
enable secret "******"
telnet cli
loginsession timeout 0
hostname "Aruba3600"
clock timezone JST 9
location "Building1.floor1"
controller config 91
ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0
ip access-list eth validuserethacl
permit any
!
netservice svc-pcoip2-tcp tcp 4172
netservice svc-netbios-dgm udp 138
netservice svc-snmp-trap udp 162
netservice svc-citrix tcp 2598
netservice svc-syslog udp 514
netservice svc-l2tp udp 1701
netservice svc-ike udp 500
netservice svc-https tcp 443
netservice svc-smb-tcp tcp 445
netservice svc-dhcp udp 67 68 alg dhcp
netservice svc-ica tcp 1494
netservice svc-pptp tcp 1723
netservice svc-sccp tcp 2000 alg sccp
netservice svc-telnet tcp 23
netservice svc-sec-papi udp 8209
netservice svc-lpd tcp 515
netservice svc-netbios-ssn tcp 139
netservice svc-sip-tcp tcp 5060
netservice svc-kerberos udp 88
netservice svc-tftp udp 69 alg tftp
netservice svc-pcoip-udp udp 50002
netservice svc-pcoip-tcp tcp 50002
netservice svc-http-proxy3 tcp 8888
netservice svc-noe udp 32512 alg noe
netservice svc-cfgm-tcp tcp 8211
netservice svc-adp udp 8200
netservice svc-pop3 tcp 110
netservice svc-rtsp tcp 554 alg rtsp
netservice svc-msrpc-tcp tcp 135 139
netservice svc-dns udp 53 alg dns
netservice vnc tcp 5900 5905
netservice svc-h323-udp udp 1718 1719
netservice svc-h323-tcp tcp 1720
netservice svc-vocera udp 5002 alg vocera
netservice svc-http tcp 80
netservice svc-http-proxy2 tcp 8080
netservice svc-sip-udp udp 5060
netservice svc-nterm tcp 1026 1028
netservice svc-noe-oxo udp 5000 alg noe
netservice svc-papi udp 8211
netservice svc-natt udp 4500
netservice svc-ftp tcp 21 alg ftp
netservice svc-microsoft-ds tcp 445
netservice svc-svp 119 alg svp
netservice svc-smtp tcp 25
netservice svc-gre 47
netservice web tcp list "80 443"
netservice svc-netbios-ns udp 137
netservice svc-sips tcp 5061 alg sips
netservice svc-smb-udp udp 445
netservice svc-ipp-tcp tcp 631
netservice svc-esp 50
netservice svc-pcoip2-udp udp 4172
netservice svc-v6-dhcp udp 546 547
netservice svc-snmp udp 161
netservice svc-bootp udp 67 69
netservice svc-msrpc-udp udp 135 139
netservice svc-ntp udp 123
netservice svc-icmp 1
netservice svc-ipp-udp udp 631
netservice svc-ssh tcp 22
netservice svc-v6-icmp 58
netservice svc-http-proxy1 tcp 3128
netservice svc-vmware-rdp tcp 3389
netdestination6 ipv6-reserved-range
invert
network 2000::/3
!
netexthdr default
!
time-range night-hours periodic
weekday 18:01 to 23:59
weekday 00:00 to 07:59
!
time-range weekend periodic
weekend 00:00 to 23:59
!
time-range working-hours periodic
weekday 08:00 to 18:00
!
ip access-list session v6-icmp-acl
ipv6 any any svc-v6-icmp permit
!
ip access-list session control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-papi permit
any any svc-sec-papi permit
any any svc-cfgm-tcp permit
any any svc-adp permit
any any svc-tftp permit
any any svc-dhcp permit
any any svc-natt permit
!
ip access-list session allow-diskservices
any any svc-netbios-dgm permit
any any svc-netbios-ssn permit
any any svc-microsoft-ds permit
any any svc-netbios-ns permit
!
ip access-list session hoge
any host 255.255.255.255 any deny
!
ip access-list session validuser
network 127.0.0.0 255.0.0.0 any any deny
network 169.254.0.0 255.255.0.0 any any deny
network 224.0.0.0 240.0.0.0 any any deny
host 255.255.255.255 any any deny
network 240.0.0.0 240.0.0.0 any any deny
any any any permit
ipv6 host fe80:: any any deny
ipv6 network fc00::/7 any any permit
ipv6 network fe80::/64 any any permit
ipv6 alias ipv6-reserved-range any any deny
ipv6 any any any permit
!
ip access-list session v6-https-acl
ipv6 any any svc-https permit
!
ip access-list session vocera-acl
any any svc-vocera permit queue high
!
ip access-list session vmware-acl
any any svc-vmware-rdp permit tos 46 dot1p-priority 6
any any svc-pcoip-tcp permit tos 46 dot1p-priority 6
any any svc-pcoip-udp permit tos 46 dot1p-priority 6
any any svc-pcoip2-tcp permit tos 46 dot1p-priority 6
any any svc-pcoip2-udp permit tos 46 dot1p-priority 6
!
ip access-list session icmp-acl
any any svc-icmp permit
!
ip access-list session v6-control
ipv6 user any udp 547 deny
ipv6 any any svc-v6-icmp permit
ipv6 any any svc-dns permit
ipv6 any any svc-papi permit
ipv6 any any svc-sec-papi permit
ipv6 any any svc-cfgm-tcp permit
ipv6 any any svc-adp permit
ipv6 any any svc-tftp permit
ipv6 any any svc-dhcp permit
ipv6 any any svc-natt permit
!
ip access-list session v6-dhcp-acl
ipv6 any any svc-v6-dhcp permit
!
ip access-list session captiveportal
user alias controller svc-https dst-nat 8081
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
user any svc-http-proxy1 dst-nat 8088
user any svc-http-proxy2 dst-nat 8088
user any svc-http-proxy3 dst-nat 8088
!
ip access-list session v6-dns-acl
ipv6 any any svc-dns permit
!
ip access-list session allowall
any any any permit
ipv6 any any any permit
!
ip access-list session https-acl
any any svc-https permit
!
ip access-list session sip-acl
any any svc-sip-udp permit queue high
any any svc-sip-tcp permit queue high
!
ip access-list session citrix-acl
any any svc-citrix permit tos 46 dot1p-priority 6
any any svc-ica permit tos 46 dot1p-priority 6
!
ip access-list session ra-guard
ipv6 user any icmpv6 rtr-adv deny
!
ip access-list session dns-acl
any any svc-dns permit
!
ip access-list session v6-allowall
ipv6 any any any permit
!
ip access-list session tftp-acl
any any svc-tftp permit
!
ip access-list session skinny-acl
any any svc-sccp permit queue high
!
ip access-list session srcnat
user any any src-nat
!
ip access-list session vpnlogon
user any svc-ike permit
user any svc-esp permit
any any svc-l2tp permit
any any svc-pptp permit
any any svc-gre permit
!
ip access-list session logon-control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
any network 169.254.0.0 255.255.0.0 any deny
any network 240.0.0.0 240.0.0.0 any deny
!
ip access-list session allow-printservices
any any svc-lpd permit
any any svc-ipp-tcp permit
any any svc-ipp-udp permit
!
ip access-list session cplogout
user alias controller svc-https dst-nat 8081
!
ip access-list session v6-http-acl
ipv6 any any svc-http permit
!
ip access-list session http-acl
any any svc-http permit
!
ip access-list session dhcp-acl
any any svc-dhcp permit
!
ip access-list session captiveportal6
ipv6 user alias controller6 svc-https captive
ipv6 user any svc-http captive
ipv6 user any svc-https captive
ipv6 user any svc-http-proxy1 captive
ipv6 user any svc-http-proxy2 captive
ipv6 user any svc-http-proxy3 captive
!
ip access-list session ap-uplink-acl
any any udp 68 permit
any any svc-icmp permit
any host 224.0.0.251 udp 5353 permit
!
ip access-list session noe-acl
any any svc-noe permit queue high
!
ip access-list session svp-acl
any any svc-svp permit queue high
user host 224.0.1.116 any permit
!
ip access-list session ap-acl
any any svc-gre permit
any any svc-syslog permit
any user svc-snmp permit
user any svc-snmp-trap permit
user any svc-ntp permit
user any svc-ftp permit
!
ip access-list session v6-ap-acl
ipv6 any any svc-gre permit
ipv6 any any svc-syslog permit
ipv6 any user svc-snmp permit
ipv6 user any svc-snmp-trap permit
ipv6 user any svc-ntp permit
ipv6 user any svc-ftp permit
!
ip access-list session v6-logon-control
ipv6 user any udp 68 deny
ipv6 any any svc-v6-icmp permit
ipv6 any any svc-v6-dhcp permit
ipv6 any any svc-dns permit
ipv6 any network fc00::/7 any permit
ipv6 any network fe80::/64 any permit
ipv6 any alias ipv6-reserved-range any deny
!
ip access-list session h323-acl
any any svc-h323-tcp permit queue high
any any svc-h323-udp permit queue high
!
vpn-dialer default-dialer
ike authentication PRE-SHARE ******
!
dot1x high-watermark 140
dot1x low-watermark 100
user-role ap-role
access-list session ra-guard
access-list session control
access-list session ap-acl
access-list session v6-control
access-list session v6-ap-acl
!
user-role default-vpn-role
access-list session ra-guard
access-list session allowall
access-list session v6-allowall
!
user-role voice
access-list session ra-guard
access-list session sip-acl
access-list session noe-acl
access-list session svp-acl
access-list session vocera-acl
access-list session skinny-acl
access-list session h323-acl
access-list session dhcp-acl
access-list session tftp-acl
access-list session dns-acl
access-list session icmp-acl
!
user-role default-via-role
access-list session allowall
!
user-role guest-logon
captive-portal "default"
access-list session ra-guard
access-list session logon-control
access-list session captiveportal
access-list session v6-logon-control
access-list session captiveportal6
!
user-role guest
access-list session ra-guard
access-list session http-acl
access-list session https-acl
access-list session dhcp-acl
access-list session icmp-acl
access-list session dns-acl
access-list session v6-http-acl
access-list session v6-https-acl
access-list session v6-dhcp-acl
access-list session v6-icmp-acl
access-list session v6-dns-acl
!
user-role stateful-dot1x
!
user-role authenticated
access-list session ra-guard
access-list session allowall
access-list session v6-allowall
!
user-role logon
captive-portal "default"
access-list session ra-guard
access-list session logon-control
access-list session captiveportal
access-list session vpnlogon
access-list session v6-logon-control
access-list session captiveportal6
!
!

controller-ip vlan 200
interface mgmt
shutdown
!

dialer group evdo_us
init-string ATQ0V1E0
dial-string ATDT#777
!

dialer group gsm_us
init-string AT+CGDCONT=1,"IP","ISP.CINGULAR"
dial-string ATD*99#
!

dialer group gsm_asia
init-string AT+CGDCONT=1,"IP","internet"
dial-string ATD*99***1#
!

dialer group vivo_br
init-string AT+CGDCONT=1,"IP","zap.vivo.com.br"
dial-string ATD*99#
!

vlan 200
vlan 201
vlan 202
vlan 203
vlan 204
vlan 300

no spanning-tree

interface gigabitethernet 1/0
description "GE1/0"
trusted
trusted vlan 1-4094
switchport mode trunk
!

interface gigabitethernet 1/1
description "GE1/1"
trusted
trusted vlan 1-4094
!

interface gigabitethernet 1/2
description "GE1/2"
trusted
trusted vlan 1-4094
!

interface gigabitethernet 1/3
description "GE1/3"
trusted
trusted vlan 1-4094
!

interface vlan 200
ip address 10.215.200.191 255.255.255.0
operstate up
bcmc-optimization
!

interface vlan 1
!

interface vlan 201
bcmc-optimization
!

interface vlan 202
bcmc-optimization
!

interface vlan 203
bcmc-optimization
!

interface vlan 204
bcmc-optimization
!

ip default-gateway 10.215.200.1
uplink disable

ap mesh-recovery-profile cluster RecoverywyQGDSSbEGMyhhPI wpa-hexkey 19f954005288f579f9f4575f02307ba5de35a1e4e3bf84604da1f45fd5b89872717550c2d76ca5d6366331705478650afb5c01700e1a86926efcda1f8d3d89699614b39baab2cd177fde4f047e16c4fe
crypto isakmp policy 20
encryption aes256
!

crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac
crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac
crypto dynamic-map default-dynamicmap 10000
set transform-set "default-transform" "default-aes"
!

crypto isakmp eap-passthrough eap-tls
crypto isakmp eap-passthrough eap-peap
crypto isakmp eap-passthrough eap-mschapv2

vpdn group l2tp
!

!

snmp-server community "aruba"
snmp-server community "public"
vpdn group pptp
!

tunneled-node-address 0.0.0.0

adp discovery enable
adp igmp-join enable
adp igmp-vlan 0

voice rtcp-inactivity disable
voice alg-based-cac enable
voice sip-midcall-req-timeout disable
ap ap-blacklist-time 3600
ap flush-r1-on-new-r0 disable
mgmt-server type amp primary-server 10.2.27.202 profile default-amp
mgmt-server type amp primary-server 10.215.200.194 profile default-amp

mgmt-user admin root 66a6452501da3af8b0739b77c2559f831ce19133a75d4c78ea

no database synchronize
ip mobile domain default
!
!
!
airgroup "enable"
!
airgroup location-discovery "enable"
!
!
airgroup active-wireless-discovery "disable"
!
airgroupservice "airplay"
id "_airplay._tcp"
id "_raop._tcp"
id "_appletv-v2._tcp"
description "AirPlay"
!
airgroupservice "airprint"
id "_ipp._tcp"
id "_pdl-datastream._tcp"
id "_printer._tcp"
id "_scanner._tcp"
id "_universal._sub._ipp._tcp"
id "_universal._sub._ipps._tcp"
id "_printer._sub._http._tcp"
id "_http._tcp"
id "_http-alt._tcp"
id "_ipp-tls._tcp"
id "_fax-ipp._tcp"
id "_riousbprint._tcp"
id "_cups._sub._ipp._tcp"
id "_cups._sub._fax-ipp._tcp"
id "_ica-networking._tcp"
id "_ptp._tcp"
id "_canon-bjnp1._tcp"
id "_ipps._tcp"
id "_ica-networking2._tcp"
description "AirPrint"
!
airgroupservice "itunes"
id "_home-sharing._tcp"
id "_apple-mobdev._tcp"
id "_daap._tcp"
id "_dacp._tcp"
description "iTunes"
!
airgroupservice "remotemgmt"
id "_ssh._tcp"
id "_sftp-ssh._tcp"
id "_ftp._tcp"
id "_telnet._tcp"
id "_rfb._tcp"
id "_net-assistant._tcp"
description "Remote management"
!
airgroupservice "sharing"
id "_odisk._tcp"
id "_afpovertcp._tcp"
id "_xgrid._tcp"
description "Sharing"
!
airgroupservice "chat"
id "_presence._tcp"
description "Chat"
!
airgroupservice "allowall"
description "Remaining-Services"
!
airgroup service "airplay" enable
!
airgroup service "airprint" enable
!
airgroup service "itunes" disable
!
airgroup service "remotemgmt" disable
!
airgroup service "sharing" disable
!
airgroup service "chat" disable
!
airgroup service "allowall" disable
!

ip igmp
!

ipv6 mld
!

no firewall attack-rate cp 1024
ipv6 firewall ext-hdr-parse-len 100

!

!
firewall cp
!
ip domain lookup
!
country JP3
aaa authentication mac "default"
!
aaa authentication dot1x "default"
!
aaa server-group "default"
auth-server Internal
set role condition role value-of
!
aaa authentication via connection-profile "default"
!
aaa authentication via web-auth "default"
!
aaa authentication via global-config
!
aaa profile "default"
!
aaa profile "default-dot1x-psk"
initial-role "authenticated"
authentication-dot1x "default-psk"
!
aaa authentication captive-portal "default"
!
aaa authentication wispr "default"
!
aaa authentication vpn "default"
!
aaa authentication vpn "default-rap"
!
aaa authentication mgmt
!
aaa authentication stateful-ntlm "default"
!
aaa authentication stateful-kerberos "default"
!
aaa authentication stateful-dot1x
!
aaa authentication via auth-profile "default"
!
aaa authentication wired
!
web-server
session-timeout 3600
!
guest-access-email
!
voice logging
!
voice dialplan-profile "default"
!
voice real-time-config
!
voice sip
!
aaa password-policy mgmt
!
control-plane-security
auto-cert-prov
!
ids management-profile
!
ids wms-general-profile
collect-stats
!
ids wms-local-system-profile
!
ids ap-rule-matching
!
valid-network-oui-profile
!
upgrade-profile
!
license profile
!
activate-service-whitelist
!
ifmap cppm
!
ap system-profile "default"
!
ap system-profile "RAP"
mtu 1400
heartbeat-dscp 32
number_ipsec_retries 36
!
ap regulatory-domain-profile "ar"
country-code AR
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 52
valid-11a-channel 56
valid-11a-channel 60
valid-11a-channel 64
valid-11a-channel 100
valid-11a-channel 104
valid-11a-channel 108
valid-11a-channel 112
valid-11a-channel 116
valid-11a-channel 120
valid-11a-channel 124
valid-11a-channel 128
valid-11a-channel 132
valid-11a-channel 136
valid-11a-channel 140
valid-11a-channel 149
valid-11a-channel 153
valid-11a-channel 157
valid-11a-channel 161
valid-11a-channel 165
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 52-56
valid-11a-40mhz-channel-pair 60-64
valid-11a-40mhz-channel-pair 100-104
valid-11a-40mhz-channel-pair 108-112
valid-11a-40mhz-channel-pair 116-120
valid-11a-40mhz-channel-pair 124-128
valid-11a-40mhz-channel-pair 132-136
valid-11a-40mhz-channel-pair 149-153
valid-11a-40mhz-channel-pair 157-161
valid-11a-80mhz-channel-group 36-48
valid-11a-80mhz-channel-group 52-64
valid-11a-80mhz-channel-group 100-112
valid-11a-80mhz-channel-group 116-128
!
ap regulatory-domain-profile "default"
country-code JP3
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 52
valid-11a-channel 56
valid-11a-channel 60
valid-11a-channel 64
valid-11a-channel 100
valid-11a-channel 104
valid-11a-channel 108
valid-11a-channel 112
valid-11a-channel 116
valid-11a-channel 120
valid-11a-channel 124
valid-11a-channel 128
valid-11a-channel 132
valid-11a-channel 136
valid-11a-channel 140
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 52-56
valid-11a-40mhz-channel-pair 60-64
valid-11a-40mhz-channel-pair 100-104
valid-11a-40mhz-channel-pair 108-112
valid-11a-40mhz-channel-pair 116-120
valid-11a-40mhz-channel-pair 124-128
valid-11a-40mhz-channel-pair 132-136
valid-11a-80mhz-channel-group 36-48
valid-11a-80mhz-channel-group 52-64
valid-11a-80mhz-channel-group 100-112
valid-11a-80mhz-channel-group 116-128
!
ap regulatory-domain-profile "Reg-modified"
country-code JP3
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 52
valid-11a-channel 56
valid-11a-channel 60
valid-11a-channel 64
valid-11a-channel 100
valid-11a-channel 104
valid-11a-channel 108
valid-11a-channel 112
valid-11a-channel 116
valid-11a-channel 120
valid-11a-channel 124
valid-11a-channel 128
valid-11a-channel 132
valid-11a-channel 136
valid-11a-channel 140
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 52-56
valid-11a-40mhz-channel-pair 60-64
valid-11a-40mhz-channel-pair 100-104
valid-11a-40mhz-channel-pair 108-112
valid-11a-40mhz-channel-pair 116-120
valid-11a-40mhz-channel-pair 124-128
valid-11a-40mhz-channel-pair 132-136
valid-11a-80mhz-channel-group 52-64
valid-11a-80mhz-channel-group 100-112
valid-11a-80mhz-channel-group 116-128
!
ap wired-ap-profile "default"
!
ap enet-link-profile "default"
!
ap mesh-ht-ssid-profile "default"
!
ap lldp med-network-policy-profile "default"
!
ap mesh-cluster-profile "default"
!
ap lldp profile "default"
!
ap mesh-radio-profile "default"
!
ap wired-port-profile "default"
!
ids general-profile "default"
wireless-containment none
!
ids rate-thresholds-profile "default"
!
ids signature-profile "default"
!
ids impersonation-profile "default"
!
ids unauthorized-device-profile "default"
!
ids signature-matching-profile "default"
signature "Deauth-Broadcast"
signature "Disassoc-Broadcast"
!
ids dos-profile "default"
!
ids profile "default"
!
rf arm-profile "arm-disable"
assignment disable
no scanning
no multi-band-scan
no client-match
!
rf arm-profile "arm-maintain"
assignment maintain
no scanning
!
rf arm-profile "arm-scan"
!
rf arm-profile "Celluar-HO"
min-tx-power 127
cm-sticky-snr 45
!
rf arm-profile "cellular-ho"
min-tx-power 127
cm-sticky-snr 45
!
rf arm-profile "default"
no client-match
!
rf arm-profile "default2"
!
rf optimization-profile "default"
handoff-assist
rssi-falloff-wait-time 1
rssi-check-frequency 1
!
rf optimization-profile "test1"
handoff-assist
rssi-falloff-wait-time 2
low-rssi-threshold 48
!
rf event-thresholds-profile "default"
!
rf am-scan-profile "default"
!
rf dot11a-radio-profile "36E-ARM-Disable"
channel 36E
tx-power 127
arm-profile "arm-disable"
!
rf dot11a-radio-profile "802-11-a-2"
arm-profile "cellular-ho"
!
rf dot11a-radio-profile "802-11-g-2"
arm-profile "cellular-ho"
!
rf dot11a-radio-profile "ch100E-arm-disable"
channel 100E
tx-power 22
arm-profile "arm-disable"
!
rf dot11a-radio-profile "default"
!
rf dot11a-radio-profile "rp-maintain-a"
arm-profile "arm-maintain"
!
rf dot11a-radio-profile "rp-monitor-a"
mode am-mode
!
rf dot11a-radio-profile "rp-scan-a"
arm-profile "arm-scan"
!
rf dot11g-radio-profile "802-11-g-2"
tx-power 0
dot11h
!
rf dot11g-radio-profile "default"
!
rf dot11g-radio-profile "rp-maintain-g"
arm-profile "arm-maintain"
!
rf dot11g-radio-profile "rp-monitor-g"
mode am-mode
!
rf dot11g-radio-profile "rp-scan-g"
arm-profile "arm-scan"
!
wlan handover-trigger-profile "default"
!
wlan rrm-ie-profile "default"
!
wlan bcn-rpt-req-profile "default"
!
wlan dot11r-profile "default"
!
wlan tsm-req-profile "default"
!
wlan voip-cac-profile "default"
!
wlan ht-ssid-profile "default"
!
wlan hotspot anqp-venue-name-profile "default"
!
wlan hotspot anqp-nwk-auth-profile "default"
!
wlan hotspot anqp-roam-cons-profile "default"
!
wlan hotspot anqp-nai-realm-profile "default"
!
wlan hotspot anqp-3gpp-nwk-profile "default"
!
wlan hotspot h2qp-operator-friendly-name-profile "default"
!
wlan hotspot h2qp-wan-metrics-profile "default"
!
wlan hotspot h2qp-conn-capability-profile "default"
!
wlan hotspot h2qp-op-cl-profile "default"
!
wlan hotspot anqp-ip-addr-avail-profile "default"
!
wlan hotspot anqp-domain-name-profile "default"
!
wlan wmm-traffic-management-profile "test"
!
wlan edca-parameters-profile station "default"
!
wlan edca-parameters-profile ap "default"
!
wlan dot11k-profile "default"
!
wlan ssid-profile "default"
!
wlan ssid-profile "KDDI-1"
a-basic-rates 12 18
a-tx-rates 12 18 24 36 48 54
g-basic-rates 12 18
g-tx-rates 12 18 24 36 48 54
!
wlan ssid-profile "TK-11ac-psk-ssid-prof"
essid "TK-11ac-psk"
opmode wpa2-psk-aes
local-probe-req-thresh 30
wpa-passphrase 679f53560480f0b1e6cd40fa6ed2fd1df0c25756f5744d50
!
wlan ssid-profile "TK-11ac-psk-ssid-prof10"
essid "TK-11ac-psk10"
local-probe-req-thresh 30
wpa-passphrase 62606ab662fcb4127bf7c08cecb1980e4e4b64e71c9f5175
!
wlan ssid-profile "TK-11ac-psk-ssid-prof11"
essid "TK-11ac-psk11"
local-probe-req-thresh 30
wpa-passphrase 3708f1b3bb43ca75c22721b9a48147f8d31d6dde6b688402
!
wlan ssid-profile "TK-11ac-psk-ssid-prof12"
essid "TK-11ac-psk12"
local-probe-req-thresh 30
wpa-passphrase 922553688b6c9dece1580cf2586d7b1a46c5cdb853e00d82
!
wlan ssid-profile "TK-11ac-psk-ssid-prof13"
essid "TK-11ac-psk13"
local-probe-req-thresh 30
wpa-passphrase 1077b2c252b8d56a915342ac7544d4b24a41c74dde90e5da
!
wlan ssid-profile "TK-11ac-psk-ssid-prof14"
essid "TK-11ac-psk14"
local-probe-req-thresh 30
wpa-passphrase 223bbe06304b3be1958f355140a022cb6564cf85a9ca6c67
!
wlan ssid-profile "TK-11ac-psk-ssid-prof15"
essid "TK-11ac-psk15"
local-probe-req-thresh 30
wpa-passphrase 1bd123db0cfcc1f06068bf7726ed2f1d7c85202a7bf70a42
!
wlan ssid-profile "TK-11ac-psk-ssid-prof16"
essid "TK-11ac-psk16"
local-probe-req-thresh 30
wpa-passphrase c9ef256e66c43dba49b5401cda40ede855a311e544c6a126
!
wlan ssid-profile "TK-11ac-psk-ssid-prof17"
essid "TK-11ac-psk17"
local-probe-req-thresh 30
wpa-passphrase 236b6b0dd0102a4d61262bcf168e3d7390dcb4fdad888fd6
!
wlan ssid-profile "TK-11ac-psk-ssid-prof2"
essid "TK-11ac-psk2"
opmode wpa-psk-tkip wpa-psk-aes wpa2-psk-aes wpa2-psk-tkip
local-probe-req-thresh 30
wpa-passphrase df5b7cd6d11b94258d1dcf7e6a2a464a77560781d8c7d414
!
wlan ssid-profile "TK-11ac-psk-ssid-prof3"
essid "TK-11ac-psk3"
opmode wpa2-psk-aes
local-probe-req-thresh 30
wpa-passphrase 9262943d0eec3f111f080dd80d269603fb5ce1c0626e8baa
!
wlan ssid-profile "TK-11ac-psk-ssid-prof4"
essid "TK-11ac-psk4"
local-probe-req-thresh 30
wpa-passphrase 4b52bb7bc9408c80d7ec7909542257e1a568838ad68ac180
!
wlan ssid-profile "TK-11ac-psk-ssid-prof5"
essid "TK-11ac-psk5"
local-probe-req-thresh 30
wpa-passphrase a5f5843d035dc74d9e2f689880693d8d37637b8c8880fde4
!
wlan ssid-profile "TK-11ac-psk-ssid-prof6"
essid "TK-11ac-psk6"
local-probe-req-thresh 30
wpa-passphrase 3734dfd880d1727faed190d31e9220d77c8147c51b5e8895
!
wlan ssid-profile "TK-11ac-psk-ssid-prof7"
essid "TK-11ac-psk7"
local-probe-req-thresh 30
wpa-passphrase f8f539c6a2114d59618f0e7ba98f5e174716660dc43c1d43
!
wlan ssid-profile "TK-11ac-psk-ssid-prof8"
essid "TK-11ac-psk8"
local-probe-req-thresh 30
wpa-passphrase 2a3583d283773ddf48825aa7a5514b909a01448163b947e8
!
wlan ssid-profile "TK-11ac-psk-ssid-prof9"
essid "TK-11ac-psk9"
local-probe-req-thresh 30
wpa-passphrase 6a66dc0bacd2bcd4631d8f60aabdb429b8680ca5458e9fb5
!
wlan ssid-profile "TK-11n-psk-ssid-prof"
essid "TK-11n-psk"
opmode wpa2-psk-aes
wpa-passphrase d1bb9d37d566aec3bf439ffe87112dae5239576af5ea1f89
!
wlan hotspot advertisement-profile "default"
!
wlan hotspot hs2-profile "default"
!
wlan virtual-ap "default"
!
wlan virtual-ap "TK-11ac-psk-vap"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof"
vlan 200
forward-mode decrypt-tunnel
allowed-band a
!
wlan virtual-ap "TK-11ac-psk-vap10"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof10"
vlan 204
forward-mode decrypt-tunnel
allowed-band a
!
wlan virtual-ap "TK-11ac-psk-vap11"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof11"
vlan 204
forward-mode decrypt-tunnel
allowed-band a
!
wlan virtual-ap "TK-11ac-psk-vap12"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof12"
vlan 204
forward-mode decrypt-tunnel
allowed-band a
!
wlan virtual-ap "TK-11ac-psk-vap13"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof13"
vlan 204
forward-mode decrypt-tunnel
allowed-band a
!
wlan virtual-ap "TK-11ac-psk-vap14"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof14"
vlan 204
forward-mode decrypt-tunnel
allowed-band a
!
wlan virtual-ap "TK-11ac-psk-vap15"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof15"
vlan 204
forward-mode decrypt-tunnel
allowed-band a
!
wlan virtual-ap "TK-11ac-psk-vap16"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof16"
vlan 204
forward-mode decrypt-tunnel
!
wlan virtual-ap "TK-11ac-psk-vap17"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof17"
vlan 204
forward-mode decrypt-tunnel
allowed-band a
!
wlan virtual-ap "TK-11ac-psk-vap2"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof2"
vlan 200
forward-mode decrypt-tunnel
allowed-band a
!
wlan virtual-ap "TK-11ac-psk-vap3"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof3"
vlan 202
forward-mode decrypt-tunnel
allowed-band a
!
wlan virtual-ap "TK-11ac-psk-vap4"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof4"
vlan 203
forward-mode decrypt-tunnel
allowed-band a
!
wlan virtual-ap "TK-11ac-psk-vap5"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof5"
vlan 204
forward-mode decrypt-tunnel
allowed-band a
!
wlan virtual-ap "TK-11ac-psk-vap6"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof6"
vlan 200
forward-mode decrypt-tunnel
allowed-band a
!
wlan virtual-ap "TK-11ac-psk-vap7"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof7"
vlan 200
forward-mode decrypt-tunnel
allowed-band a
!
wlan virtual-ap "TK-11ac-psk-vap8"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof8"
vlan 202
forward-mode decrypt-tunnel
allowed-band a
!
wlan virtual-ap "TK-11ac-psk-vap9"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11ac-psk-ssid-prof9"
vlan 203
forward-mode decrypt-tunnel
allowed-band a
!
wlan virtual-ap "TK-11n-psk-vap"
aaa-profile "default-dot1x-psk"
ssid-profile "TK-11n-psk-ssid-prof"
vlan 200
forward-mode decrypt-tunnel
band-steering
!
wlan traffic-management-profile "default"
!
wlan traffic-management-profile "preferred"
shaping-policy preferred-access
!
ap provisioning-profile "a"
!
ap provisioning-profile "default"
!
rf arm-rf-domain-profile
arm-rf-domain-key "bd6fba16fc1dd3f6e2017b90cb1c0424"
!
ap spectrum local-override
!
ap-group "default"
dot11a-radio-profile "rp-monitor-a"
dot11g-radio-profile "rp-monitor-g"
!
ap-group "TK-11ac"
virtual-ap "TK-11ac-psk-vap"
dot11a-radio-profile "36E-ARM-Disable"
dot11g-radio-profile "802-11-g-2"
ap-system-profile "RAP"
dot11a-traffic-mgmt-profile "preferred"
regulatory-domain-profile "Reg-modified"
!
ap-name "AP-105-1"
virtual-ap "TK-11n-psk-vap"
exclude-virtual-ap "TK-11ac-psk-vap"
!
ap-name "AP-135-1"
virtual-ap "TK-11n-psk-vap"
exclude-virtual-ap "TK-11ac-psk-vap"
!
ap-name "AP-225-1"
!
ap-name "AP-225-2"
!
airgroup cppm-server aaa
!
logging level debugging arm
logging level debugging arm subcat client-match
logging level debugging network process dhcpd
logging level informational network
logging level debugging network subcat dhcp
logging level informational security
logging level warnings security subcat ids
logging level warnings security subcat ids-ap
logging level informational system
logging level informational user
logging level informational wireless
logging 10.2.27.202
logging 10.215.1.68

snmp-server enable trap
snmp-server host 10.2.27.202 version 2c aruba udp-port 162
snmp-server host 10.215.200.194 version 2c aruba udp-port 162
snmp-server host 10.215.250.156 version 2c aruba udp-port 162
snmp-server trap disable authenticationFailure
snmp-server trap disable linkDown
snmp-server trap disable linkUp
snmp-server trap disable wlsxAPBssidEntryChanged
snmp-server trap disable wlsxAPChannelChange
snmp-server trap disable wlsxAPDeauthContainment
snmp-server trap disable wlsxAPEntryChanged
snmp-server trap disable wlsxAPImpersonation
snmp-server trap disable wlsxAPInterferenceCleared
snmp-server trap disable wlsxAPInterferenceDetected
snmp-server trap disable wlsxAPModeChange
snmp-server trap disable wlsxAPPowerChange
snmp-server trap disable wlsxAPRadioAttributesChanged
snmp-server trap disable wlsxAPRadioEntryChanged
snmp-server trap disable wlsxAPSpoofingDetected
snmp-server trap disable wlsxAPTaggedWiredContainment
snmp-server trap disable wlsxAPWiredContainment
snmp-server trap disable wlsxAdhocNetwork
snmp-server trap disable wlsxAdhocNetworkBridgeDetected
snmp-server trap disable wlsxAdhocNetworkBridgeDetectedAP
snmp-server trap disable wlsxAdhocNetworkBridgeDetectedSta
snmp-server trap disable wlsxAdhocNetworkDetected
snmp-server trap disable wlsxAdhocNetworkRemoved
snmp-server trap disable wlsxAdhocUsingValidSSID
snmp-server trap disable wlsxApFloodAttack
snmp-server trap disable wlsxAuthMaxAclEntries
snmp-server trap disable wlsxAuthMaxBWContracts
snmp-server trap disable wlsxAuthMaxUserEntries
snmp-server trap disable wlsxAuthServerIsUp
snmp-server trap disable wlsxAuthServerReqTimedOut
snmp-server trap disable wlsxAuthServerTimedOut
snmp-server trap disable wlsxBSSIDIsDown
snmp-server trap disable wlsxBSSIDIsUp
snmp-server trap disable wlsxBlockAckAttackDetected
snmp-server trap disable wlsxCTSRateAnomaly
snmp-server trap disable wlsxCTSTransferError
snmp-server trap disable wlsxCTSTransferSucceeded
snmp-server trap disable wlsxChannelChanged
snmp-server trap disable wlsxChannelFrameErrorRateExceeded
snmp-server trap disable wlsxChannelFrameFragmentationRateExceeded
snmp-server trap disable wlsxChannelFrameRetryRateExceeded
snmp-server trap disable wlsxChannelInterferenceCleared
snmp-server trap disable wlsxChannelInterferenceDetected
snmp-server trap disable wlsxChannelMisconfiguration
snmp-server trap disable wlsxChannelRateAnomaly
snmp-server trap disable wlsxChopChopAttack
snmp-server trap disable wlsxClientAssociatingOnWrongChannel
snmp-server trap disable wlsxClientDeauthContainment
snmp-server trap disable wlsxClientFloodAttack
snmp-server trap disable wlsxClientTaggedWiredContainment
snmp-server trap disable wlsxClientWiredContainment
snmp-server trap disable wlsxColdStart
snmp-server trap disable wlsxConfigurationLicenseMismatch
snmp-server trap disable wlsxConfigurationUpdateError
snmp-server trap disable wlsxConfigurationUpdateSucceeded
snmp-server trap disable wlsxCoverageHoleDetected
snmp-server trap disable wlsxCoverageHoleResolved
snmp-server trap disable wlsxDBCommunicationFailure
snmp-server trap disable wlsxDisconnectStationAttack
snmp-server trap disable wlsxDisconnectStationAttackAP
snmp-server trap disable wlsxDisconnectStationAttackSta
snmp-server trap disable wlsxEAPRateAnomaly
snmp-server trap disable wlsxESIServerDown
snmp-server trap disable wlsxESIServerUp
snmp-server trap disable wlsxEsiServerChanged
snmp-server trap disable wlsxFanTrayInserted
snmp-server trap disable wlsxFanTrayRemoved
snmp-server trap disable wlsxFataJackAttack
snmp-server trap disable wlsxFlashSpaceOK
snmp-server trap disable wlsxFrameBandWidthRateExceeded
snmp-server trap disable wlsxFrameFragmentationRateExceeded
snmp-server trap disable wlsxFrameLowSpeedRateExceeded
snmp-server trap disable wlsxFrameNonUnicastRateExceeded
snmp-server trap disable wlsxFrameReceiveErrorRateExceeded
snmp-server trap disable wlsxFrameRetryRateExceeded
snmp-server trap disable wlsxGBICInserted
snmp-server trap disable wlsxGlobalConfigurationChangeNotification
snmp-server trap disable wlsxHT40MHzIntoleranceAP
snmp-server trap disable wlsxHT40MHzIntoleranceSta
snmp-server trap disable wlsxHotspotterAttackDetected
snmp-server trap disable wlsxHtGreenfieldSupported
snmp-server trap disable wlsxInRangeVoltage
snmp-server trap disable wlsxInformQueueOverFlow
snmp-server trap disable wlsxInterferingApDetected
snmp-server trap disable wlsxInvalidAddressCombination
snmp-server trap disable wlsxInvalidMacOUIAP
snmp-server trap disable wlsxInvalidMacOUISta
snmp-server trap disable wlsxIpSpoofingDetected
snmp-server trap disable wlsxLCInserted
snmp-server trap disable wlsxLCRemoved
snmp-server trap disable wlsxLicenseEntryChanged
snmp-server trap disable wlsxLicenseExpiry
snmp-server trap disable wlsxLoadbalancingDisabled
snmp-server trap disable wlsxLoadbalancingEnabled
snmp-server trap disable wlsxLowMemory
snmp-server trap disable wlsxLowOnFlashSpace
snmp-server trap disable wlsxMalformedAssocReqDetected
snmp-server trap disable wlsxMalformedAuthFrame
snmp-server trap disable wlsxMalformedFrameLargeDurationDetected
snmp-server trap disable wlsxMalformedFrameWrongChannelDetected
snmp-server trap disable wlsxMalformedHTIEDetected
snmp-server trap disable wlsxMemoryUsageOK
snmp-server trap disable wlsxMeshNodeEntryChanged
snmp-server trap disable wlsxMgmtUserAuthenticationFailed
snmp-server trap disable wlsxMonAPEntryChanged
snmp-server trap disable wlsxMonStationEntryChanged
snmp-server trap disable wlsxNAPMasterStatusChange
snmp-server trap disable wlsxNAccessPointIsDown
snmp-server trap disable wlsxNAccessPointIsUp
snmp-server trap disable wlsxNAdhocNetwork
snmp-server trap disable wlsxNAdhocNetworkBridgeDetectedAP
snmp-server trap disable wlsxNAdhocNetworkBridgeDetectedSta
snmp-server trap disable wlsxNAdhocUsingValidSSID
snmp-server trap disable wlsxNApOnBackupController
snmp-server trap disable wlsxNAuthMaxAclEntries
snmp-server trap disable wlsxNAuthMaxBWContracts
snmp-server trap disable wlsxNAuthMaxUserEntries
snmp-server trap disable wlsxNAuthMaxXsecUserEntries
snmp-server trap disable wlsxNAuthServerAllInService
snmp-server trap disable wlsxNAuthServerIsDown
snmp-server trap disable wlsxNAuthServerIsUp
snmp-server trap disable wlsxNAuthServerReqTimedOut
snmp-server trap disable wlsxNAuthServerTimedOut
snmp-server trap disable wlsxNChannelChanged
snmp-server trap disable wlsxNConnectionResetWithLocal
snmp-server trap disable wlsxNCoverageHoleDetected
snmp-server trap disable wlsxNDBCommunicationFailure
snmp-server trap disable wlsxNDisconnectStationAttack
snmp-server trap disable wlsxNESIServerDown
snmp-server trap disable wlsxNESIServerUp
snmp-server trap disable wlsxNFanTrayInserted
snmp-server trap disable wlsxNFanTrayRemoved
snmp-server trap disable wlsxNGBICInserted
snmp-server trap disable wlsxNInterferingAPDetected
snmp-server trap disable wlsxNIpSpoofingDetected
snmp-server trap disable wlsxNLCInserted
snmp-server trap disable wlsxNLCRemoved
snmp-server trap disable wlsxNLicenseExpiry
snmp-server trap disable wlsxNLowMemory
snmp-server trap disable wlsxNLowOnFlashSpace
snmp-server trap disable wlsxNOutOfRangeTemperature
snmp-server trap disable wlsxNOutOfRangeVoltage
snmp-server trap disable wlsxNPowerSupplyFailure
snmp-server trap disable wlsxNPowerSupplyMissing
snmp-server trap disable wlsxNProcessDied
snmp-server trap disable wlsxNProcessExceedsMemoryLimits
snmp-server trap disable wlsxNRadioAttributesChanged
snmp-server trap disable wlsxNRapExpiredPSK
snmp-server trap disable wlsxNRapWarnExpiredPSK
snmp-server trap disable wlsxNRogueAPDetected
snmp-server trap disable wlsxNRogueAPResolved
snmp-server trap disable wlsxNSCInserted
snmp-server trap disable wlsxNSignatureMatch
snmp-server trap disable wlsxNSignatureMatchAirjack
snmp-server trap disable wlsxNSignatureMatchAsleap
snmp-server trap disable wlsxNSignatureMatchDeauthBcast
snmp-server trap disable wlsxNSignatureMatchDisassocBcast
snmp-server trap disable wlsxNSignatureMatchNetstumbler
snmp-server trap disable wlsxNSignatureMatchNullProbeResp
snmp-server trap disable wlsxNSignatureMatchWellenreiter
snmp-server trap disable wlsxNStaUnAssociatedFromUnsecureAP
snmp-server trap disable wlsxNStationAddedToBlackList
snmp-server trap disable wlsxNStationRemovedFromBlackList
snmp-server trap disable wlsxNSuspectRogueAPDetected
snmp-server trap disable wlsxNSuspectRogueAPResolved
snmp-server trap disable wlsxNSwitchIPChanged
snmp-server trap disable wlsxNSwitchRoleChange
snmp-server trap disable wlsxNUserAuthenticationFailed
snmp-server trap disable wlsxNUserEntryAuthenticated
snmp-server trap disable wlsxNUserEntryCreated
snmp-server trap disable wlsxNUserEntryDeAuthenticated
snmp-server trap disable wlsxNUserEntryDeleted
snmp-server trap disable wlsxNVpnMaxSessions
snmp-server trap disable wlsxNVrrpStateChange
snmp-server trap disable wlsxNeighborAPDetected
snmp-server trap disable wlsxNodeRateAnomaly
snmp-server trap disable wlsxNodeRateAnomalyAP
snmp-server trap disable wlsxNodeRateAnomalySta
snmp-server trap disable wlsxNormalTemperature
snmp-server trap disable wlsxOUIMisconfiguration
snmp-server trap disable wlsxOmertaAttack
snmp-server trap disable wlsxOutOfRangeTemperature
snmp-server trap disable wlsxOutOfRangeVoltage
snmp-server trap disable wlsxOverflowEAPOLKeyDetected
snmp-server trap disable wlsxOverflowIEDetected
snmp-server trap disable wlsxPortDown
snmp-server trap disable wlsxPortEntryChanged
snmp-server trap disable wlsxPortUp
snmp-server trap disable wlsxPowerSaveDosAttack
snmp-server trap disable wlsxPowerSupplyFailure
snmp-server trap disable wlsxPowerSupplyMissing
snmp-server trap disable wlsxPowerSupplyOK
snmp-server trap disable wlsxProcessDied
snmp-server trap disable wlsxProcessExceedsMemoryLimits
snmp-server trap disable wlsxProcessRestart
snmp-server trap disable wlsxRTSRateAnomaly
snmp-server trap disable wlsxRepeatWEPIVViolation
snmp-server trap disable wlsxReservedChannelViolation
snmp-server trap disable wlsxSCInserted
snmp-server trap disable wlsxSCRemoved
snmp-server trap disable wlsxSSIDMisconfiguration
snmp-server trap disable wlsxSequenceNumberAnomalyAP
snmp-server trap disable wlsxSequenceNumberAnomalySta
snmp-server trap disable wlsxShortPreableMisconfiguration
snmp-server trap disable wlsxSignAPAirjack
snmp-server trap disable wlsxSignAPAsleap
snmp-server trap disable wlsxSignAPDeauthBcast
snmp-server trap disable wlsxSignAPNetstumbler
snmp-server trap disable wlsxSignAPNullProbeResp
snmp-server trap disable wlsxSignStaAirjack
snmp-server trap disable wlsxSignStaAsleap
snmp-server trap disable wlsxSignStaDeauthBcast
snmp-server trap disable wlsxSignStaNetstumbler
snmp-server trap disable wlsxSignStaNullProbeResp
snmp-server trap disable wlsxSignalAnomaly
snmp-server trap disable wlsxSignatureMatch
snmp-server trap disable wlsxSignatureMatchAP
snmp-server trap disable wlsxSignatureMatchSta
snmp-server trap disable wlsxStaAssociatedToUnsecureAP
snmp-server trap disable wlsxStaImpersonation
snmp-server trap disable wlsxStaInterferenceCleared
snmp-server trap disable wlsxStaInterferenceDetected
snmp-server trap disable wlsxStaPolicyViolation
snmp-server trap disable wlsxStaRepeatWEPIVViolation
snmp-server trap disable wlsxStaUnAssociatedFromUnsecureAP
snmp-server trap disable wlsxStaWeakWEPIVViolation
snmp-server trap disable wlsxStationAddedToBlackList
snmp-server trap disable wlsxStationRemovedFromBlackList
snmp-server trap disable wlsxSuspectUnsecureAPDetected
snmp-server trap disable wlsxSuspectUnsecureAPResolved
snmp-server trap disable wlsxSwitchIPChanged
snmp-server trap disable wlsxSwitchListEntryChanged
snmp-server trap disable wlsxSwitchRoleChange
snmp-server trap disable wlsxTKIPReplayAttack
snmp-server trap disable wlsxTarpitContainment
snmp-server trap disable wlsxTunnelDown
snmp-server trap disable wlsxTunnelUp
snmp-server trap disable wlsxUnsecureAPDetected
snmp-server trap disable wlsxUnsecureAPResolved
snmp-server trap disable wlsxUserAuthenticationFailed
snmp-server trap disable wlsxUserEntryAttributesChanged
snmp-server trap disable wlsxUserEntryAuthenticated
snmp-server trap disable wlsxUserEntryChanged
snmp-server trap disable wlsxUserEntryCreated
snmp-server trap disable wlsxUserEntryDeAuthenticated
snmp-server trap disable wlsxUserEntryDeleted
snmp-server trap disable wlsxValidClientMisassociation
snmp-server trap disable wlsxValidClientNotUsingEncryption
snmp-server trap disable wlsxValidSSIDViolation
snmp-server trap disable wlsxVlanEntryChanged
snmp-server trap disable wlsxVlanInterfaceEntryChanged
snmp-server trap disable wlsxVlanLinkDown
snmp-server trap disable wlsxVlanLinkUp
snmp-server trap disable wlsxVoiceCdrBufferThresholdReached
snmp-server trap disable wlsxVoiceClientLocationUpdate
snmp-server trap disable wlsxWEPMisconfiguration
snmp-server trap disable wlsxWPAMisconfiguration
snmp-server trap disable wlsxWeakWEPIVViolation
snmp-server trap disable wlsxWindowsBridgeDetected
snmp-server trap disable wlsxWindowsBridgeDetectedAP
snmp-server trap disable wlsxWindowsBridgeDetectedSta
snmp-server trap disable wlsxWirelessBridge
firewall-visibility

process monitor log
end

登録: 投稿 (Atom)