Building Configuration...

#
# Configuration file for ArubaOS
# ArubaOS Version 7.4.1.12 72393
version 7.4
enable secret "******"
hostname "vm-switch"
clock timezone cst -7
controller config 2
ip access-list eth validuserethacl
  permit any
!
netservice svc-dhcp udp 67 68
netservice svc-dns udp 53
netservice svc-ftp tcp 21
netservice svc-h323-tcp tcp 1720
netservice svc-h323-udp udp 1718 1719
netservice svc-http tcp 80
netservice svc-https tcp 443
netservice svc-icmp 1
netservice svc-kerberos udp 88
netservice svc-natt udp 4500
netservice svc-ntp udp 123
netservice svc-sip-tcp tcp 5060
netservice svc-sip-udp udp 5060
netservice svc-sips tcp 5061
netservice svc-smtp tcp 25
netservice svc-ssh tcp 22
netservice svc-telnet tcp 23
netservice svc-tftp udp 69
netservice svc-vocera udp 5002
ip access-list stateless allowall-stateless
  any any any  permit
!
ip access-list stateless cplogout-stateless
  user   alias controller sys-svc-https  dst-nat 8081
!
ip access-list stateless dhcp-acl-stateless
  any any svc-dhcp  permit
!
ip access-list stateless dns-acl-stateless
  any any svc-dns  permit
!
ip access-list stateless http-acl-stateless
  any any svc-http  permit
!
ip access-list stateless https-acl-stateless
  any any svc-https  permit
!
ip access-list stateless icmp-acl-stateless
  any any svc-icmp  permit
!
ip access-list stateless logon-control-stateless
  any any svc-icmp  permit
  any any svc-dns  permit
  any any svc-dhcp  permit
  any any svc-natt  permit
!
ip access-list session validuser
  network 169.254.0.0 255.255.0.0 any any  deny
  any any any  permit
!
user-role authenticated
 access-list stateless allowall-stateless
!
user-role denyall
!
user-role denydhcp
!
user-role guest
 access-list stateless http-acl-stateless
 access-list stateless https-acl-stateless
 access-list stateless dhcp-acl-stateless
 access-list stateless icmp-acl-stateless
 access-list stateless dns-acl-stateless
!
user-role logon
 access-list stateless logon-control-stateless
!
user-role preauth
!
!

crypto ipsec transform-set default-boc-bm-transform esp-aes256 esp-sha-hmac
crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac


mgmt-user admin root 0fe146ce011fd0c7ad3d7e2d4f43468c1a459a6a9d36a8e02d


ntp server 10.0.12.5

firewall disable-stateful-h323-processing
!
ip domain lookup
!
ip name-server 10.0.12.5
!
aaa authentication mac "default"
!
aaa authentication dot1x "default"
!
aaa server-group "default"
 auth-server Internal
 set role condition role value-of
!
aaa profile "default"
!
aaa authentication captive-portal "default"
!
aaa authentication vpn "default"
!
aaa authentication mgmt
!
aaa authentication wired
!
web-server
!
papi-security
!
aaa password-policy mgmt
!
traceoptions
!
probe-profile "default"
   protocol icmp
!
qos-profile "default"
!
policer-profile "default"
!
ip-profile
   default-gateway 10.0.22.1
   controller-ip vlan 22
!
lcd-menu
!
interface-profile ospf-profile "default"
   area 0.0.0.0
!
interface-profile pim-profile "default"
!
interface-profile igmp-profile "default"
!
stack-profile
!
ipv6-profile
!
activate-service-firmware
!
aruba-central
!
rogue-ap-containment
!
interface-profile switching-profile "1-access"
!
interface-profile switching-profile "2-access"
   access-vlan 2
   native-vlan 2
!
interface-profile switching-profile "22-access"
   access-vlan 22
   native-vlan 22
!
interface-profile switching-profile "default"
   switchport-mode trunk
!
interface-profile switching-profile "mgmt-trunk"
   switchport-mode trunk
   access-vlan 13
   native-vlan 13
!
interface-profile switching-profile "san-access"
   access-vlan 14
   native-vlan 14
   trunk allowed vlan 14
!
interface-profile switching-profile "storage-access"
   access-vlan 11
   native-vlan 11
!
interface-profile switching-profile "vhost-trunk"
   switchport-mode trunk
   access-vlan 13
   native-vlan 13
!
interface-profile switching-profile "vlan1-trunk"
   switchport-mode trunk
!
interface-profile switching-profile "vmmgmt-access"
   switchport-mode trunk
   access-vlan 13
   native-vlan 13
!
interface-profile switching-profile "wifi-access"
   access-vlan 20
   native-vlan 20
!
interface-profile switching-profile "wifi-trunk"
   switchport-mode trunk
   access-vlan 20
   native-vlan 20
!
interface-profile tunneled-node-profile "default"
!
interface-profile poe-profile "default"
!
interface-profile poe-profile "poe-factory-initial"
   enable
!
interface-profile enet-link-profile "10-Gigabit"
   speed 10000
   duplex full
!
interface-profile enet-link-profile "default"
!
interface-profile lacp-profile "storage1-net"
   group-id 3
   mode active
!
interface-profile lldp-profile "default"
!
interface-profile lldp-profile "lldp-factory-initial"
   lldp transmit
   lldp receive
!
interface-profile mstp-profile "default"
!
interface-profile pvst-port-profile "default"
!
interface-profile dhcp-relay-profile "dc1"
   helper-address 10.0.12.5
!
vlan-profile dhcp-snooping-profile "default"
!
vlan-profile mld-snooping-profile "default"
!
vlan-profile igmp-snooping-profile "default"
!
vlan-profile igmp-snooping-profile "igmp-snooping-factory-initial"
!
spanning-tree
   mode mstp
!
gvrp
!
mstp
!
lacp
!
vlan "1"
!
vlan "2"
!
vlan "3"
!
vlan "10"
!
vlan "11"
!
vlan "12"
!
vlan "13"
!
vlan "14"
!
vlan "20"
!
vlan "21"
!
vlan "22"
   description "VLAN0022"
!
interface gigabitethernet "0/0/0"
   description " Mgmt port 1"
   switching-profile "1-access"
!
interface gigabitethernet "0/0/1"
   description "spare"
   switching-profile "wifi-access"
!
interface gigabitethernet "0/0/2"
   description "ap"
   switching-profile "wifi-trunk"
!
interface gigabitethernet "0/0/3"
   description "Vlan 2"
   switching-profile "wifi-access"
!
interface gigabitethernet "0/0/4"
   description "spare"
   switching-profile "storage-access"
!
interface gigabitethernet "0/0/5"
   description "Mgmt port 22"
   switching-profile "22-access"
!
interface gigabitethernet "0/0/6"
   description "spare"
!
interface gigabitethernet "0/0/7"
   description "spare"
!
interface gigabitethernet "0/0/8"
   description "spare"
!
interface gigabitethernet "0/0/9"
   description "vhost1-mgmt"
   switching-profile "vhost-trunk"
!
interface gigabitethernet "0/0/10"
   description "vhost1-net1"
   switching-profile "vhost-trunk"
!
interface gigabitethernet "0/0/11"
   description "vhost1-net2"
   switching-profile "vhost-trunk"
!
interface gigabitethernet "0/0/12"
   description "vhost1-net3"
   switching-profile "vhost-trunk"
!
interface gigabitethernet "0/0/13"
   description "vhost1-net4"
   switching-profile "vhost-trunk"
!
interface gigabitethernet "0/0/14"
   description "vhost2-mgmt"
   switching-profile "vhost-trunk"
!
interface gigabitethernet "0/0/15"
   description "vhost2-net1"
   switching-profile "vhost-trunk"
!
interface gigabitethernet "0/0/16"
   description "vhost2-net2"
   switching-profile "vhost-trunk"
!
interface gigabitethernet "0/0/17"
   description "vhost2-net3"
   switching-profile "vhost-trunk"
!
interface gigabitethernet "0/0/18"
   description "vhost2-net4"
   switching-profile "vhost-trunk"
!
interface gigabitethernet "0/0/19"
   description "storage1-mgmt"
   switching-profile "vmmgmt-access"
!
interface gigabitethernet "0/0/20"
   description "storage1-net1"
   lacp-profile "storage1-net"
!
interface gigabitethernet "0/0/21"
   description "storage1-net2"
   lacp-profile "storage1-net"
!
interface gigabitethernet "0/0/22"
   description "storage1-net3"
   lacp-profile "storage1-net"
!
interface gigabitethernet "0/0/23"
   description "storage1-net4"
   lacp-profile "storage1-net"
!
interface gigabitethernet "0/1/0"
   description "uplink1"
   enet-link-profile "10-Gigabit"
!
interface gigabitethernet "0/1/1"
   description "vhost1-iscsi"
   enet-link-profile "10-Gigabit"
   mtu 9000
   switching-profile "san-access"
!
interface gigabitethernet "0/1/2"
   description "vhost2-iscsi"
   enet-link-profile "10-Gigabit"
   mtu 9000
   switching-profile "san-access"
!
interface gigabitethernet "0/1/3"
   description "storage1-iscsi"
   enet-link-profile "10-Gigabit"
   mtu 9000
   switching-profile "san-access"
!
interface vlan "1"
   dhcp-relay-profile "dc1"
!
interface vlan "10"
!
interface vlan "11"
!
interface vlan "12"
!
interface vlan "13"
!
interface vlan "14"
   description "SAN"
   ip address 10.0.14.1 255.255.255.0
!
interface vlan "2"
!
interface vlan "20"
!
interface vlan "21"
!
interface vlan "22"
   ip address 10.0.22.254 255.255.255.0
!
interface vlan "3"
!
interface mgmt
   shutdown
!
interface port-channel "3"
   description "storage1-lag"
   qos-profile "default"
   switching-profile "storage-access"
   enet-link-profile pc_default
!
device-group ap
!
interface-group gigabitethernet "default"
   apply-to ALL
   lldp-profile "lldp-factory-initial"
   poe-profile "poe-factory-initial"
!

snmp-server community Zer0t0uchpr0visi0ning view ALL
snmp-server view ALL oid-tree iso included
snmp-server group ALLPRIV v1 read ALL notify ALL
snmp-server group ALLPRIV v2c read ALL notify ALL
snmp-server group ALLPRIV v3 noauth read ALL notify ALL
snmp-server group AUTHPRIV v3 priv read ALL notify ALL
snmp-server group AUTHNOPRIV v3 auth read ALL notify ALL
snmp-server group Zer0t0uchpr0visi0ning v1 read ALL
snmp-server group Zer0t0uchpr0visi0ning v2c read ALL

snmp-server enable trap

process monitor log
end