Device profiles Aruba/HPE switches: single ports/ APs as exception?

Is there a way to set an AP or port in the device profile of an HPE Aruba switch as an exception? I have 25 APs on one switch. 2 APs must be isolated. These are to be integrated into an extra VLAN. If I temporarily deactivate the device profile, all WLAN VLANs are directly set to the default (natural VLAN). Because I work remotely and the company produces 24/7 I cannot deactivate the profile or simply dismount the AP.

The switch is a VSF stack Aruba 2530 with firmware YA.16.05.x The APs are IAPs 334,305 and 304

My profile configuration is very simple :

device-profile name "aruba" andtagged-vlan 30 tagged-vlan 31-32 exit device profiles type "aruba-ap" associate "aruba" enable exit

I am happy to receive any information

level 1
3 points · 3 months ago

Maybe try this: create a new device profile, link it to the MAC addresses of those 2 APs. Then use local-mac authentication.

aaa port-access local-mac mac-group "special-APs-group"	
mac-addr x.x.x.x.x.x.x.x.x.x.x.x
mac-addr x.x.x.x.x.x.x.x.x.x.x.x

device-profile name "aruba-special"
untagged-vlan x

aaa port-access local-mac apply profile "aruba-special" mac-group "special-APs-group"

aaa port-access local-mac <ports where those 2 APs are connected>
aaa port-access authenticator active
level 1
Original Poster2 points · 3 months ago

Solution finally found. LLDP is used to select the right device profile. Deactivate lldp on the port.

lldp admin-status <port> disable
level 2

Keep in mind if you do this it will mess with your poe negotiations..

802.3at devicew uses lldp communication for Poe..

level 2

I believe those model APs will put themselves into Power Save mode if you don't have LLDP enabled. I think it will only disable the USB port and the 2nd Ethernet port (if they have 2), but it also turns on the amber LED, which looks bad to most people.

