How to configure Aruba's InstantAP's template. It's a bit old, though.
! Template created from Instant-C4:6B:EC (6.2.1.0-3.3.0.2_38733) at 7/9/2013 12:54 AM
! based on config fetched at 7/9/2013 12:02 AM
version 6.2.1.0-3.3.0
virtual-controller-country JP3
virtual-controller-key %guid%
%if ip_address%
virtual-controller-ip %ip_address%
%endif%
%if organization%
organization %organization%
%endif%
%if syslog_server%
syslog-server %syslog_server%
%endif%
ams-ip %manager_ip_address%
ams-key %password%
%server_cert_checksum%
%ca_cert_checksum%
%cert_psk%
name %hostname%
terminal-access
ntp-server ntp.sut.ac.jp
clock timezone %clock_timezone%
rf-band %rf_band%
ams-identity %ams_identity%
allow-new-aps
%allowed_aps%
arm
wide-bands 5ghz
min-tx-power 18
max-tx-power 127
band-steering-mode prefer-5ghz
air-time-fairness-mode fair-access
client-aware
scanning
rf dot11g-radio-profile
spectrum-monitor
rf dot11a-radio-profile
spectrum-monitor
syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless
mgmt-user admin 0fc42957e6456bb5b3e72f00d107acbe
wlan access-rule default_wired_port_profile
rule any any match any any any permit
wlan access-rule Pre-Role
rule any any match any any any permit
wlan access-rule TK-employee
rule any any match any any any permit
wlan access-rule TK-employee2
rule any any match any any any permit
wlan access-rule TK-guest
rule any any match any any any permit
wlan access-rule TK-psk
rule any any match any any any permit
wlan access-rule contractor
rule any any match any any any permit
wlan access-rule employee
rule any any match any any any permit
wlan access-rule partner
rule any any match any any any permit
wlan access-rule unknown
rule any any match any any any permit
wlan access-rule wired-instant
rule 192.168.0.2 255.255.255.255 match tcp 80 80 permit
rule 192.168.0.2 255.255.255.255 match tcp 4343 4343 permit
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit
wlan ssid-profile TK-employee
enable
type employee
essid TK-employee
opmode wpa2-aes
max-authentication-failures 0
auth-server CP-Internet
set-role Aruba-User-Role contains employee employee
set-role Aruba-User-Role contains contractor contractor
set-role Aruba-User-Role contains partner partner
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 1000
broadcast-filter none
radius-accounting
radius-interim-accounting-interval 10
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
wlan ssid-profile TK-employee2
enable
type employee
essid TK-employee2
opmode wpa2-aes
max-authentication-failures 0
auth-server CP-Internet
set-role Aruba-User-Role contains employee employee
set-role Aruba-User-Role contains contractor contractor
set-role Aruba-User-Role contains partner partner
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 1000
broadcast-filter none
radius-accounting
radius-interim-accounting-interval 5
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
wlan ssid-profile TK-guest
enable
type guest
essid TK-guest
opmode opensystem
max-authentication-failures 0
auth-server CP-Internet
rf-band all
captive-portal external
dtim-period 1
inactivity-timeout 1000
broadcast-filter none
radius-accounting
radius-interim-accounting-interval 5
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
wlan ssid-profile TK-psk
enable
type employee
essid TK-psk
wpa-passphrase de1214a39c1e2636cd32d9f67a13fcdeb42635d039fb7f5f
opmode wpa2-psk-aes
max-authentication-failures 0
auth-server InternalServer
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 1000
broadcast-filter none
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
auth-survivability cache-time-out 24
wlan auth-server CP-Internet
ip %radius_server_ip%
port 1812
acctport 1813
key 3dffdadf846514c9c30daeb6b5f1597b
rfc3576
cppm-rfc3576-port 5999
wlan external-captive-portal
server 114.179.12.251
port 80
url "/guest/device_provisioning.php"
auth-text ""
wlan walled-garden
white-list "ocsp.comodoca.com"
white-list "ocsp.startssl.com"
white-list "onboard-whitelist"
blacklist-time 3600
auth-failure-blacklist-time 3600
ids
wireless-containment none
wired-port-profile default_wired_port_profile
switchport-mode trunk
allowed-vlan all
native-vlan 1
shutdown
access-rule-name default_wired_port_profile
speed auto
duplex full
no poe
type employee
captive-portal disable
no dot1x
wired-port-profile wired-instant
switchport-mode access
allowed-vlan all
native-vlan guest
no shutdown
access-rule-name wired-instant
speed auto
duplex auto
no poe
type guest
captive-portal disable
no dot1x
enet0-port-profile default_wired_port_profile
uplink
preemption
enforce none
failover-internet-pkt-lost-cnt 10
failover-internet-pkt-send-freq 30
failover-vpn-timeout 180
airgroup
disable
airgroupservice airplay
disable
description AirPlay
id _airplay._tcp
id _raop._tcp
airgroupservice airprint
disable
description AirPrint
id _ipp._tcp
id _pdl-datastream._tcp
id _printer._tcp
id _scanner._tcp
id _universal._sub._ipp._tcp
id _printer._sub._http._tcp
id _http._tcp
id _http-alt._tcp
id _ipp-tls._tcp
id _fax-ipp._tcp
id _riousbprint._tcp
id _cups._sub._ipp._tcp
id _cups._sub._fax-ipp._tcp
id _ica-networking._tcp
id _ptp._tcp
id _canon-bjnp1._tcp
0 件のコメント:
コメントを投稿