hostname %_sys_hostname%
banner motd !
**********************************************************
NOTICE TO USERS
This is a private computer system and is the property of
Aruba Networks. It is for authorized use only.
users (authorized or unauthorized) have no explicit or
implicit expectation of privacy while connected to this
system.
Any or all uses of this system and all files on this system
may be intercepted, monitored, recorded, copied, audited,
inspected, and disclosed to an authorized site, Aruba networks,
and law enforcement personnel
(foreign and domestic).
By using this system, the user consents to such interception,
monitoring, recording, copying, auditing, inspection, and
disclosure at the discretion of an authorized site or Aruba Networks
personnel.
Unauthorized or improper use of this system may result in
administrative disciplinary action and civil and criminal
penalties. By continuing to use of this system you indicate
your awareness of and consent to these terms and conditions
of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.
***********************************************************
!
allow-unsupported-transceiver
user admin group administrators password ciphertext AQBapYgH7fQfCF/KrVb/BQgUokVkgVv3Uy40a9ORbWmjXSAkYgAAAARIutMR8CXywenaYnWmITrkEhZYN1gqxgeaCc629vQ4cRc2RtSBzMZz/ewMjXmxdyCPF9uTiuMqjfeJ7p06obLWUNn0jytGDYpkGhrWLkfzK4vBKOLjfHl35xsIR/dviTUp
clock timezone pst8pdt
no ip icmp redirect
vrf VSX-Keepalive
ntp server %NTP_IP_Address_1% iburst version 3
ntp server %NTP_IP_Address_2% iburst version 3
ntp enable
cli-session
timeout 0
!
!
!
!
tacacs-server host %TACACS_SERVER1_IP% key Plaintext %TACACS_KEY%
tacacs-server host %TACACS_SERVER2_IP% key Plaintext %TACACS_KEY%
aaa authentication allow-fail-through
!
aaa group server tacacs ClearPass
server %TACACS_SERVER1_IP%
server %TACACS_SERVER2_IP%
aaa authentication login console group ClearPass local
aaa authentication login ssh group ClearPass local
aaa authorization commands default group local ClearPass
ssh server vrf default
ssh server vrf mgmt
vlan 1
vlan 2
name SW_ZTP
vlan 3
name EMPLOYEE
vlan 5
name CAMERA
vlan 6
name PRINTER
vlan 13
name REJECT_AUTH
vlan 14
name CRITICAL_AUTH
vlan 15
name MGMT_VLAN
spanning-tree mode rpvst
spanning-tree
spanning-tree priority 0
spanning-tree vlan %VLAN_RANGE%
spanning-tree vlan 1 priority 0
spanning-tree vlan 2 priority 0
spanning-tree vlan 3 priority 0
spanning-tree vlan 5 priority 0
spanning-tree vlan 6 priority 0
spanning-tree vlan 13 priority 0
spanning-tree vlan 14 priority 0
spanning-tree vlan 15 priority 0
interface mgmt
no shutdown
ip static %MGMT_IP%/24
default-gateway 172.16.10.1
interface lag 11 multi-chassis
no shutdown
description 5400-AG1-AC1
no routing
vlan trunk native 2
vlan trunk allowed %VLAN_RANGE%
lacp mode active
ip pim-sparse enable
interface lag 12 multi-chassis
no shutdown
description 3810-AG1-AC2
no routing
vlan trunk native 2
vlan trunk allowed %VLAN_RANGE%
lacp mode active
ip pim-sparse enable
interface lag 13 multi-chassis
no shutdown
description 3810-AG1-AC3
no routing
vlan trunk native 2
vlan trunk allowed %VLAN_RANGE%
lacp mode active
interface lag 14 multi-chassis
no shutdown
description 2930M-AG1-AC4
no routing
vlan trunk native 2
vlan trunk allowed %VLAN_RANGE%
lacp mode active
ip pim-sparse enable
interface lag 15 multi-chassis
no shutdown
description 6300M-AG1-AC5
no routing
vlan trunk native 2
vlan trunk allowed %VLAN_RANGE%
lacp mode active
ip pim-sparse enable
interface lag 16 multi-chassis
no shutdown
description 6300M-AG1-AC6
no routing
vlan trunk native 2
vlan trunk allowed %VLAN_RANGE%
lacp mode active
ip pim-sparse enable
interface lag 128
vsx-sync vlans
no shutdown
description ISL
no routing
vlan trunk native 2
vlan trunk allowed all
lacp mode active
interface 1/1/1
no shutdown
mtu 9198
lag 11
interface 1/1/2
no shutdown
mtu 9198
lag 13
interface 1/1/3
no shutdown
mtu 9198
lag 14
interface 1/1/4
no shutdown
mtu 9198
lag 15
interface 1/1/5
no shutdown
lag 16
interface 1/1/49
mtu 9198
description 8400_C2_LNK
ip mtu 9198
ip address %OSPF_UPLINK1_IP%/30
ip ospf 1 area 0.0.0.0
no ip ospf passive
ip ospf network point-to-point
ip pim-sparse enable
interface 1/1/50
no shutdown
mtu 9198
lag 12
interface 1/1/51
no shutdown
mtu 9198
vrf attach VSX-Keepalive
description VSX Keepalive
ip address %KEEPALIVE_IP%/30
interface 1/1/52
mtu 9198
description 8400_C1_LNK
ip mtu 9198
ip address %OSPF_UPLINK2_IP%/30
ip ospf 1 area 0.0.0.0
no ip ospf passive
ip ospf network point-to-point
ip pim-sparse enable
interface 1/1/53
no shutdown
mtu 9198
description ISL Lag
lag 128
interface 1/1/54
no shutdown
mtu 9198
description ISL Lag
lag 128
interface loopback 1
ip address %AGG_LOOPBACK0_IP%/32
ip ospf 1 area 0.0.0.0
ip pim-sparse enable
interface vlan 1
description SW_ZTP
ip mtu 9198
ip address %VLAN_ID_1_IP%/24
active-gateway ip mac a2:00:00:a1:a1:a1
active-gateway ip 10.1.1.1
ip helper-address %HELPER_ADDRESS_1%
ip helper-address %HELPER_ADDRESS_2%
ip ospf 1 area 0.0.0.0
ip igmp enable
ip pim-sparse enable
interface vlan 2
description SW_ZTP
ip mtu 9198
ip address %VLAN_ID_2_IP%/24
active-gateway ip mac a2:00:00:a2:a2:a2
active-gateway ip 10.1.2.1
ip helper-address %HELPER_ADDRESS_1%
ip helper-address %HELPER_ADDRESS_2%
ip ospf 1 area 0.0.0.0
ip igmp enable
ip pim-sparse enable
interface vlan 3
description EMPLOYEE
ip mtu 9198
ip address %VLAN_ID_3_IP%/24
active-gateway ip mac a2:00:00:a3:a3:a3
active-gateway ip 10.1.3.1
ip helper-address %HELPER_ADDRESS_1%
ip helper-address %HELPER_ADDRESS_2%
ip ospf 1 area 0.0.0.0
ip igmp enable
ip pim-sparse enable
interface vlan 5
description CAMERA
ip mtu 9198
ip address %VLAN_ID_5_IP%/24
active-gateway ip mac a2:00:00:a5:a5:a5
active-gateway ip 10.1.5.1
ip helper-address %HELPER_ADDRESS_1%
ip helper-address %HELPER_ADDRESS_2%
ip ospf 1 area 0.0.0.0
ip igmp enable
ip pim-sparse enable
interface vlan 6
description PRINTER
ip mtu 9198
ip address %VLAN_ID_5_IP%/24
active-gateway ip mac a2:00:00:a6:a6:a6
active-gateway ip 10.1.6.1
ip helper-address %HELPER_ADDRESS_1%
ip helper-address %HELPER_ADDRESS_2%
ip ospf 1 area 0.0.0.0
ip igmp enable
ip pim-sparse enable
interface vlan 13
description REJECT_AUTH
ip mtu 9198
ip address %VLAN_ID_13_IP%/24
active-gateway ip mac a2:00:00:13:13:13
active-gateway ip 10.1.13.1
ip helper-address %HELPER_ADDRESS_1%
ip helper-address %HELPER_ADDRESS_2%
ip ospf 1 area 0.0.0.0
ip igmp enable
ip pim-sparse enable
interface vlan 14
description CRITICAL_AUTH
ip mtu 9198
ip address %VLAN_ID_14_IP%/24
active-gateway ip mac a2:00:00:14:14:14
active-gateway ip 10.1.14.1
ip helper-address %HELPER_ADDRESS_1%
ip helper-address %HELPER_ADDRESS_2%
ip ospf 1 area 0.0.0.0
ip igmp enable
ip pim-sparse enable
interface vlan 15
description MGMT_VLAN
ip mtu 9198
ip address %VLAN_ID_15_IP%/24
active-gateway ip mac a2:00:00:15:15:15
active-gateway ip 10.1.15.1
ip helper-address %HELPER_ADDRESS_1%
ip helper-address %HELPER_ADDRESS_2%
ip ospf 1 area 0.0.0.0
ip igmp enable
ip pim-sparse enable
vsx
system-mac 00:00:10:00:01:01
inter-switch-link lag 128
role %VSX_ROLE%
keepalive peer %KEEPALIVE_IP_PEER% source %KEEPALIVE_IP_SOURCE% vrf VSX_KEEPALIVE
vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dhcp-snooping dns icmp-tcp lldp loop-protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global
ip dns domain-name example.local
ip dns server-address 10.2.120.98
ip dns server-address 10.2.120.99
!
!
!
!
!
router ospf 1
router-id %AGG_LOOPBACK0_IP%
passive-interface default
area 0.0.0.0
router pim
enable
active-active
https-server vrf default
https-server vrf mgmt