Configuration commands

allow-jumbo-frames

Syntax

allow-jumbo-frames

Description

Configure jumbo frame support for the device port. Jumbo frames are not enabled by default.

Enabling jumbo frame support in a profile affects other ports with different profiles. When a profile has jumbo frames enabled and is applied to any port, all other ports that are members of any VLAN listed in the profile will also have jumbo frame support.

Validation rules

Validation

Error/Warning/Prompt

Invalid jumbo command.

Invalid input.

If jumbo frame support is configured on a VLAN for which the device profile had overridden the configuration, display the existing warning.

This configuration change will be delayed because a device profile that enables jumbo frame support is applied to a port in this VLAN.

Default AP Profile

Creates a user-defined profile.

The profile name is a valid character string with the maximum permissible length of 32. The default profile is named default-ap-profile and cannot be modified.

The default configuration parameters may be modified using the command device-<PROFILE NAME> default-ap-profile . Up to four different profiles may be configured.

The [no] command removes the user-defined profiles.

device-profile

From within the configure context:

Syntax

device-profile <PROFILE-NAME> <DEVICE-TYPE>

Description

Create port configuration profiles and associate them with devices. When a configured device type is connected on a port, the system will automatically apply the corresponding port profile. When the device is disconnected, the profile is removed after a 2 minute delay. Connected devices are identified using LLDP.

Options

<PROFILE-NAME>

Specify the name of the profile to be configured.

<DEVICE-TYPE>

Specify an approved device-type to configure and attach a profile to.

Parameters

allow-jumbo-frames

Configure jumbo frame support for the device port.

untagged-vlan <VLAN-ID>

Configure this port as an untagged member of specified VLAN.

tagged-vlan <VLAN-LIST>

Configure this port as a tagged member of the specified VLANs.

cos <COS-VALUE>

Configure the Class of Service (CoS) priority for traffic from the device.

ingress-bandwidth <PERCENTAGE>

Configure ingress maximum bandwidth for the device port.

egress-bandwidth <PERCENTAGE>

Configure egress maximum bandwidth for the device port.

poe-max-power <WATTS>

Configure the maximum PoE power for the device port (in watts).

poe-priority

Configure the PoE priority for the device port.

Usage

[no] device-profile name <PROFILE-NAME>
[no] device-profile type <DEVICE>

Associating a device with a profile

To associate an Aruba access point (AP) device-type to a user-defined profile, use the context HPE Switch(device-aruba-ap)#. All Aruba access points use the identifier aruba-ap.

The [no] form of the command removes the device type association and disables the feature for the device type.

The feature is disabled by default.

device-profile type

From within the configure context:

Syntax

device-profile type

Description

Configure an approved device-type and attach the profile. The profile configuration is applied to any port where this device type is connected.

Approved device types

aruba-ap

Aruba access point device.

aruba-switch-router

Aruba switch or router device.

cisco-phone

Cisco phone device.

cisco-switch-router

Cisco switch or router device.

hpe-switch-router

HPE switch or router device.

Options

From within the device-aruba-ap context

associate <PROFILE-NAME>

Associated the specified device type by profile name.

enable

Enables the automatic profile association.

disable

Disables the automatic profile association.

Usage

[no] device-profile type <DEVICE> [associate <PROFILE-NAME> |enable | disable]

Configuring the rogue-ap-isolation command

Used to configure the rogue-ap-isolation command. A block/log option may be configured for when a rogue AP is identified by the switch. The block/log option may be enabled or disabled. The default action is to block a rogue AP.

The whitelist command is used to configure any specific MAC addresses excluded from the rogue AP list. The whitelist configuration is saved in the configuration. The whitelist supports 128 MACs.

The [no] form the command is used to remove the MAC address individually by specifying the MAC.

rogue-ap-isolation

Within the configure context:

Syntax

rogue-ap-isolation

Description

Configure rogue AP isolation and rogue AP Whitelist MAC addresses for the switch. When enabled, the system detects the MAC address of rogue access points and takes the specified action for traffic or from that address. The whitelist is used to add MAC addresses of approved access points to the whitelist.

Options

action

Configure the action to take for rogue AP packets. Actions available are enable, disable, block, log, and whitelist.

block

Block and logs traffic to or from any rogue access points.

log

Log traffic to or from any rogue access points.

enable

Enable the rogue AP Isolation.

disable

Disable the rogue AP Isolation.

whitelist <MAC-ADDRESS>

Configures rogue AP Whitelist MAC addresses for the switch. This option is used to add MAC addresses of approved access points to the whitelist.

<MAC-ADDR>

Specify the MAC address of the device to be moved from the Rogue AP list to the whitelist.

Usage

rogue-ap-isolation [enable | disable]
rogue-ap-isolation action [log | block]
[no] rogue-ap-isolation whitelist <MAC-ADDRESS>