# HPE Aruba Networking Wireless Operating System.
# AOS-8 (MODEL: 515), Version 8.13.1.1 LSR
# Website: http://www.arubanetworks.com
# (c) Copyright 2025 Hewlett Packard Enterprise Development LP.
# Compiled on 2025-11-27 at 11:34:35 UTC (build 94375) by jenkins
# FIPS Mode :disabled
#




version 8.13.1.0-8.13.1
syslocation "Westendorf, Kirchstraße 13"
virtual-controller-country DE
virtual-controller-key e5374bbb011386ea60a9c409c2f430522eb07244f8c0f825a3
name dg-bu-ap-01
virtual-controller-ip 172.26.1.50
terminal-access
ntp-server 192.168.178.1
clock timezone Berlin 01 00
rf-band 5.0

allow-new-aps

allowed-ap b8:37:b2:cf:62:78
allowed-ap a0:25:d7:c7:55:e4
allowed-ap b0:1f:8c:c6:69:3c
allowed-ap 48:00:20:c0:e9:fa
allowed-ap d0:15:a6:c7:ac:b0



arm
wide-bands 5ghz
80mhz-support
min-tx-power 9
max-tx-power 127
band-steering-mode prefer-higher-band
air-time-fairness-mode default-access
channel-quality-aware-arm-disable
client-aware
scanning

rf dot11g-radio-profile
max-distance 0
max-tx-power 9
min-tx-power 6
disable-arm-wids-functions off
free-channel-index 40

rf dot11a-radio-profile
max-distance 0
max-tx-power 18
min-tx-power 12
disable-arm-wids-functions off

rf dot11-6ghz-radio-profile
dot11k-enable

mbssid-group-profile _MBSSID1_
dot11k-enable


syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless



extended-ssid
mesh-security-enhancement
web-server
ssl-protocol tlsv1_2

















hash-mgmt-password
hash-mgmt-user admin password hash 46ecb43f02e169845245ebb1f5a68fd9f690ef9824f38984eb36260c05aaca7ff17ad424a2


wlan access-rule family
index 0
rule any any match any any any permit

wlan access-rule default_wired_port_profile
index 1
rule any any match any any any permit

wlan access-rule wired-SetMeUp
index 2
rule masterip 0.0.0.0 match tcp 80 80 permit
rule masterip 0.0.0.0 match tcp 4343 4343 permit
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit

wlan access-rule k13_iot
index 3
rule any any match any any any permit

wlan access-rule GAST
index 4
rule any any match any any any deny

wlan ssid-profile family
enable
index 0
type employee
essid family
wpa-passphrase 7466355140dcee29324b440eac363d4d06ed804148690915
opmode wpa2-psk-aes
max-authentication-failures 0
vlan 10
rf-band all
rf-band-6ghz
captive-portal disable
dtim-period 1
broadcast-filter arp
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
dot11k
dot11v

wlan ssid-profile k13_iot
enable
index 1
type employee
essid k13_iot
wpa-passphrase 05a0974ff4a8472a3487a2efecdcf957d54ced298787baea
opmode wpa2-psk-aes
max-authentication-failures 0
vlan 15
rf-band all
rf-band-6ghz
captive-portal disable
dtim-period 1
broadcast-filter arp
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
dot11k
dot11v

wlan ssid-profile GAST
enable
index 2
type guest
essid GAST
opmode enhanced-open
max-authentication-failures 5
vlan 10
rf-band all
captive-portal internal
dtim-period 1
broadcast-filter arp
denylist
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64

auth-survivability cache-time-out 24






wlan captive-portal
background-color 16777215
banner-color 16750848
banner-text "Welcome to Guest Network"
terms-of-use "This network is not secure, and use is at your own risk"
use-policy "Please read terms and conditions before using Guest Network"

wlan external-captive-portal
server localhost
port 80
url "/"
auth-text "Authenticated"
auto-whitelist-disable
https


blacklist-time 3600
auth-failure-blacklist-time 3600


ids
wireless-containment none



wired-port-profile wired-SetMeUp
switchport-mode access
allowed-vlan all
native-vlan guest
no shutdown
access-rule-name wired-SetMeUp
speed auto
duplex auto
no poe
type guest
captive-portal disable
no dot1x

wired-port-profile default_wired_port_profile
switchport-mode trunk
allowed-vlan all
native-vlan 1
shutdown
access-rule-name default_wired_port_profile
speed auto
duplex full
no poe
type employee
captive-portal disable
no dot1x


enet0-port-profile default_wired_port_profile

uplink
preemption
enforce none
failover-internet-pkt-lost-cnt 10
failover-internet-pkt-send-freq 30
failover-vpn-timeout 180



airgroup
disable

airgroupservice airplay
disable

airgroupservice airprint
disable

ipm
enable
itm





cluster-security
dtls