Reddit Feeds

Sign up and stay connected to your favorite communities.

sign uplog in
3

Device profiles Aruba/HPE switches: single ports/ APs as exception?

Is there a way to set an AP or port in the device profile of an HPE Aruba switch as an exception? I have 25 APs on one switch. 2 APs must be isolated. These are to be integrated into an extra VLAN. If I temporarily deactivate the device profile, all WLAN VLANs are directly set to the default (natural VLAN). Because I work remotely and the company produces 24/7 I cannot deactivate the profile or simply dismount the AP.

The switch is a VSF stack Aruba 2530 with firmware YA.16.05.x The APs are IAPs 334,305 and 304

My profile configuration is very simple :

device-profile name "aruba" andtagged-vlan 30 tagged-vlan 31-32 exit device profiles type "aruba-ap" associate "aruba" enable exit

I am happy to receive any information

4 comments
63% Upvoted
What are your thoughts? Log in or Sign uplog insign up
Original Poster2 points·3 days ago

Solution finally found. LLDP is used to select the right device profile. Deactivate lldp on the port.

lldp admin-status <port> disable

Keep in mind if you do this it will mess with your poe negotiations..

802.3at devicew uses lldp communication for Poe..

I believe those model APs will put themselves into Power Save mode if you don't have LLDP enabled. I think it will only disable the USB port and the 2nd Ethernet port (if they have 2), but it also turns on the amber LED, which looks bad to most people.

2 points·3 days ago

Maybe try this: create a new device profile, link it to the MAC addresses of those 2 APs. Then use local-mac authentication.

aaa port-access local-mac mac-group "special-APs-group"	
mac-addr x.x.x.x.x.x.x.x.x.x.x.x
mac-addr x.x.x.x.x.x.x.x.x.x.x.x

device-profile name "aruba-special"
untagged-vlan x
exit

aaa port-access local-mac apply profile "aruba-special" mac-group "special-APs-group"

aaa port-access local-mac <ports where those 2 APs are connected>
aaa port-access authenticator active
Community Details

117k

Subscribers

403

Online

###Enterprise Networking Routers, switches and firewalls. Network blogs, news and network management articles. Cisco, Juniper, Brocade and more all welcome.

Create Post

r/networking Rules

1.
Rule #1: No Home Networking.
2.
Rule #2: No Certification Brain Dumps / Cheating.
3.
Rule #3: No BlogSpam / Traffic re-direction.
4.
Rule #4: No Low Quality Posts.
5.
Rule #5: No Early Career Advice.
6.
Rule #6: Educational Questions must show effort.