Link Search Menu Expand Document
calendar_month 07-Mar-24

Aruba Branch Core Switch Template

Table of contents

For modification of this template, network-specific parameters are marked as CHANGE_ME.

hostname %_sys_hostname%
banner motd !
**********************************************************
NOTICE TO USER
This is a private computer system and is the property of
Aruba Networks. It is for authorized use only.
users (authorized or unauthorized) have no explicit or
implicit expectation of privacy while connected to this
system.
Any or all uses of this system and all files on this system
may be intercepted, monitored, recorded, copied, audited,
inspected, and disclosed to an authorized site, Aruba networks,
and law enforcement personnel
(foreign and domestic).
By using this system, the user consents to such interception,
monitoring, recording, copying, auditing, inspection, and
disclosure at the discretion of an authorized site or Aruba Networks
personnel.
Unauthorized or improper use of this system may result in
administrative disciplinary action and civil and criminal
penalties. By continuing to use of this system you indicate
your awareness of and consent to these terms and conditions
of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.
***********************************************************!
user admin group administrators password ciphertext AQBapS/ZPlZE0wOgKQN6f741C+kfgFW2WxhLYEkMV+GGlPu5YgAAADYo+tl79RmR5d2HFOLN1RPNQrSf1t1R2QbHxqFSZSpFg8JDt1DD8q35YbrgqazmltMWBlSWXQLy1L+oXFTckeg63j+E9Hmec6E15ChobUGlfsv6/F4GjshcQnW9JLG70NOP
loop-protect transmit-interval 3
loop-protect re-enable-timer 15
ntp server 10.2.120.98 iburst version 3
ntp server 10.2.120.99 iburst version 3
ntp enable
!
!
!
!
radius-server host 10.2.120.94 key ciphertext AQBapUmeqwuSjUoetq4KWXbTnUyBILPjxzok4qzRZeSXsBIzCQAAACMxHv6lEnY7jA== tracking enable
radius-server host 10.2.120.95 key ciphertext AQBapUmeqwuSjUoetq4KWXbTnUyBILPjxzok4qzRZeSXsBIzCQAAACMxHv6lEnY7jA== tracking enable
!
!
!
radius dyn-authorization enable
ssh server vrf default
ssh server vrf mgmt
vsf secondary-member 2
vsf member 1
    type jl666a
    link 1 1/1/25
    link 2 1/1/26
vsf member 2
    type jl666a
    link 1 2/1/25
    link 2 2/1/26
vlan 1
vlan CHANGE_ME
    name CHANGE_ME
    dhcpv4-snooping
    arp inspection
    ip igmp snooping enable
vlan CHANGE_ME
    name CHANGE_ME
    dhcpv4-snooping
    arp inspection
    ip igmp snooping enable
vlan CHANGE_ME
    name CHANGE_ME
    dhcpv4-snooping
    arp inspection
    ip igmp snooping enable
vlan CHANGE_ME
    name CHANGE_ME
    dhcpv4-snooping
    arp inspection
    ip igmp snooping enable
vlan CHANGE_ME
    name CHANGE_ME
    dhcpv4-snooping
    arp inspection
    ip igmp snooping enable
vlan CHANGE_ME
    name CHANGE_ME
    dhcpv4-snooping
    arp inspection
    ip igmp snooping enable
vlan CHANGE_ME
    name CHANGE_ME
    dhcpv4-snooping
    arp inspection
    ip igmp snooping enable
vlan CHANGE_ME
    name CHANGE_ME
    dhcpv4-snooping
    arp inspection
    ip igmp snooping enable
spanning-tree mode rpvst
spanning-tree
spanning-tree vlan 100
spanning-tree vlan 100 priority 0
interface mgmt
    no shutdown
    ip dhcp
port-access lldp-group AP-LLDP-GROUP
     seq 10 match vendor-oui 000b86
     seq 20 match vendor-oui D8C7C8
     seq 30 match vendor-oui 6CF37F
     seq 40 match vendor-oui 186472
     seq 41 match vendor-oui 00120f
     seq 42 match vendor-oui 0012bb
     seq 43 match vendor-oui 904C81
     seq 50 match sys-desc ArubaOS
port-access role ARUBA-AP
    auth-mode device-mode
    vlan trunk native 100
    vlan trunk allowed 100
port-access role EMPLOYEE
    reauth-period 120
    vlan access 101
port-access role  CAMERA
    reauth-period 120
    vlan access CHANGE_ME
port-access role  IOT
    reauth-period 120
    vlan access CHANGE_ME
port-access role VISTOR
    reauth-period 120
    vlan access CHANGE_ME
port-access role REJECT
  reauth-period 120
  vlan access CHANGE_ME
port-access role CRITICAL
  reauth-period 120
  vlan access CHANGE_ME
port-access role QUARANTINE
    reauth-period 120
    vlan access CHANGE_ME
fault-monitor profile PORT_ERRORS
    excessive-broadcasts
    excessive-link-flaps
    excessive-jabbers
    excessive-fragments
    excessive-crc-errors
    excessive-tx-drops
port-access device-profile ARUBA_AP
    enable
    associate role ARUBA-AP
    associate lldp-group AP-LLDP-GROUP
aaa authentication port-access dot1x authenticator
    enable
aaa authentication port-access mac-auth
    addr-format multi-dash-uppercase
    enable
interface lag 1
    no shutdown
    no routing
    vlan trunk native 100
    vlan trunk allowed 100-107
    lacp mode active
    lacp fallback-static
    arp inspection trust
    dhcpv4-snooping trust
interface lag 2
    no shutdown
    no routing
    vlan trunk native 100
    vlan trunk allowed 100-107
    lacp mode active
    lacp fallback-static
    arp inspection trust
    dhcpv4-snooping trust
interface lag 3
    no shutdown
    no routing
    vlan trunk native 100
    vlan trunk allowed 100-107
    lacp mode active
    lacp fallback-static
interface lag 4
    no shutdown
    no routing
    vlan trunk native 100
    vlan trunk allowed 100-107
    lacp mode active
    lacp fallback-static
    arp inspection trust
    dhcpv4-snooping trust
interface 1/1/1
    no shutdown
    lag 3
interface 1/1/2
    no shutdown
    lag 4
interface 1/1/3
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/4
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/5
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/6
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/7
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/8
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/9
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/10
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/11
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/12
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/13
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/14
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/15
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/16
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/17
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/18
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/19
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/20
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/21
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/22
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 1/1/23
    description SFOBR-ECB1-1
    no shutdown
    lag 1
interface 1/1/24
    description SFOBR-ECB1-2
    no shutdown
    lag 2
interface 1/1/25
    no shutdown
interface 1/1/26
    no shutdown
interface 1/1/27
    no shutdown
    no routing
    vlan access 1
interface 1/1/28
    no shutdown
    no routing
    vlan access 1
interface 2/1/1
    no shutdown
    lag 3
interface 2/1/2
    no shutdown
    lag 4
interface 2/1/3
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/4
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/5
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/6
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/7
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/8
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/9
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/10
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/11
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/12
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/13
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/14
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/15
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/16
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/17
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/18
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/19
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/20
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/21
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/22
    description ACCESS_PORT
    no shutdown
    no routing
    vlan access 1
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method precedence device-profile aaa
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role CRITICAL
    aaa authentication port-access reject-role REJECT
    aaa authentication port-access dot1x authenticator
        eapol-timeout 30
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
interface 2/1/23
    no shutdown
    lag 1
interface 2/1/24
    no shutdown
    lag 2
interface 2/1/25
    no shutdown
interface 2/1/26
    no shutdown
interface 2/1/27
    no shutdown
    no routing
    vlan access 1
interface 2/1/28
    no shutdown
    no routing
    vlan access 1
interface vlan 1
    no ip dhcp
interface vlan 100
    description MGMT
    ip mtu 9198
    ip dhcp