Auto configuration upon Aruba AP detection

Auto device detection and configuration

The auto device detection and configuration detects a directly connected Aruba AP dynamically and applies predefined configurations to ports on which the Aruba AP is detected.

You can create port configuration profiles, associate them to a device type, and enable or disable a device type. The only device type supported is aruba-ap and it is used to identify all the Aruba APs.

When a configured device type is connected on a port, the system automatically applies the corresponding port profile. Connected devices are identified using LLDP. When the LLDP information on the port ages out, the device profile is removed.

By default, the device profile feature is disabled. When you enable the device profile support for a device type, if no other device profile is mapped to the device type, the default device profile default-ap-profile is associated with the device type. You can modify the AP default device profile configuration but you cannot delete it. The default-ap-profile command supports only the AP device type.

More information

Creating a profile and associate a device type
device-profile name
device-profile type

Requirements

  • Only APs directly connected to the switch will be detected.

Limitations

  • Only one device type is supported, aruba-ap, and it is used to identify all the Aruba APs.

  • You can modify the configuration parameters of the default profile, default-ap-profile, but you cannot delete it or change its name.

  • For HPE 5400 Series v1 & v2 modules devices, the maximum value for poe-max-power is 30 W. For all other devices, the maximum value for poe-max-power is 33 W.

  • If the port was part of any protocol VLANs prior to the device profile application, those VLANs will not be removed while applying the device profile.

  • Egress rate limiting is not supported for devices running on:

    • HPE Aruba 2530 Switch Series

    • HPE Switch 2530G Series

    • HPE Switch 2620 Series

  • The egress-bandwidth is only supported for devices running on:

    • HPE Aruba 2920 Switch Series

    • HPE Aruba 2930F Switch Series

    • HPE Aruba 5400R Switch Series v2 & v3 modules

    • HPE 3800 Switch Series

  • The egress-bandwidth option is not supported and not displayed in the CLI running on:

    • HPE Switch 2530G Series

    • HPE Aruba 2530 Switch Series

    • HPE Switch 2620 Series

Feature Interactions

Profile Manager and 802.1X

Profile Manager interoperates with RADIUS when it is working in the client mode. When a port is blocked due to 802.1X authentication failure, the LLDP packets cannot come in on that port. Therefore, the Aruba AP cannot be detected and the device profile cannot be applied. When the port gets authenticated, the LLDP packets comes in, the AP is detected, and the device profile is applied.

You must ensure that the RADIUS server will not supply additional configuration such as VLAN or CoS during the 802.1X authentication as they will conflict with the configuration applied by the Profile Manager. If the RADIUS server supplies any such configurations to a port, the device profile will not be applied on such ports.

Profile Manager and LMA/WMA/MAC-AUTH

If either LMA, WMA, or MAC-AUTH is enabled on an interface, all the MAC addresses reaching the port must be authenticated. If LMA, WMA, or MAC-AUTH is configured on an interface, the user can have more granular control and does not need the device profile configuration. Therefore, the device profile will not be applied on such interface.

Profile manager and Private VLANs

When the device profile is applied, a check is performed to verify if the VLAN addition violates any PVLAN requirements. The following PVLAN related checks are done before applying the VLANs configured in the device profile to an interface:

  • A port can be a member of only one VLAN from a given PVLAN instance.

  • A promiscuous port cannot be a member of a secondary VLAN.

Creating a profile and associate a device type

  1. Create a new profile:

    switch# device-profile <profile-name>
  2. Enable the aruba-ap device type:

    switch# device-profile type aruba-ap enable
  3. Associate the new profile to the aruba-ap device type:

    switch# device-profile type aruba-ap associate <profile-name>

For example, to add the profile abc and associate it with the aruba-ap type, enter:.

switch# device-profile name abc
switch# device-profile type aruba-ap enable
switch# device-profile type aruba-ap associate abc

More information

device-profile name
device-profile type

device-profile name

Syntax

[no] device-profile name <PROFILE-NAME> [untagged-vlan <VLAN-ID> | 
             tagged-vlan <VLAN-LIST> |
             cos <COS-VALUE> | 
             ingress-bandwidth <Percentage> | 
             egress-bandwidth <Percentage> | 
             {poe-priority {critical | high | low} | 
             speed-duplex {auto | auto-10 | auto-100 | ...} |
             poe-max-power <Watts>]

Description

This command is used to create an user-defined profile. A profile is a named collection of port settings applied as a group. You can modify the default profile, default-ap-profile, but you cannot delete it. You can create four additional profiles.

The default-ap-profile has the following values:

  • untagged-vlan: 1

  • tagged-vlan: None

  • ingress-bandwidth: 100

  • egress-bandwidth: 100

  • cos: 0

  • speed-duplex: auto

  • poe-max-power: 33

  • poe-priority: critical

You can modify these parameters. For example, you can execute no untagged-vlan to create a device profile with tagged only ports.

Parameters

name

Specifies the name of the profile to be configured. The profile names can be at most 32 characters long.

cos

The Class of Service (CoS) priority for traffic from the device.

untagged-vlan

The port is an untagged member of specified VLAN.

tagged-vlan

The port is a tagged member of the specified VLANs.

ingress-bandwidth

The ingress maximum bandwidth for the device port.

egress-bandwidth

The egress maximum bandwidth for the device port.

poe-priority

The PoE priority for the device port.

speed-duplex

The speed and duplex for the device port.

poe-max-power

The maximum PoE power for the device port.

Options

no

Removes the user-defined profiles.

Restrictions

  • You can modify the configuration parameters of the default profile, default-ap-profile, but you cannot delete it or change its name.

  • For HPE Aruba 5400R Switch Series devices, the maximum value for poe-max-power is 30 W. For all other devices, the maximum value for poe-max-power is 33 W.

  • Egress rate limiting is not supported for devices running on:

    • HPE Aruba 2530 Switch Series

    • HPE Switch 2530G Series

    • HPE Switch 2620 Series

  • The egress-bandwidth is only supported for HP Switch 2920 Series, HP Switch 5400R Series v2 & v3 modules, and HP Switch 3800 Series.

  • The egress-bandwidth option is not supported and not displayed in the CLI for devices on: HPE Switch 2530G Series, HPE Aruba 2530 Switch Series, and HPE Switch 2620 Series.

  • The profile configuration is only applicable to access points.

More information

device-profile type

device-profile type

Syntax

device-profile type <DEVICE> [associate <PROFILE-NAME> | enable | disable ]

Description

This command specifies an approved device type in order to configure and attach a profile to it. The profile’s configuration is applied to any port where a device of this type is connected.

Parameters

type

An approved device type in order to configure and attach a profile to it. The only device type supported is aruba-ap and it is used to identify all the Aruba APs.

APs.

associate

Associates a profile with a device type.

enable

Enables automatic profile association.

disable

Disables automatic profile association.

Options

no

Removes the device type association and disables the feature for the device type. By default, this feature is disabled.

Restrictions

Only one device type is supported, aruba-ap, and it is used to identify all the Aruba access points.

More information

device-profile name