The auto device detection and configuration detects a directly connected Aruba AP dynamically and applies predefined configurations to ports on which the Aruba AP is detected.
You can create port configuration profiles, associate them to a device type, and enable or disable a device type. The only device type supported is aruba-ap and it is used to identify all the Aruba APs.
When a configured device type is connected on a port, the system automatically applies the corresponding port profile. Connected devices are identified using LLDP. When the LLDP information on the port ages out, the device profile is removed.
By default, the device profile feature is disabled. When you enable the device profile support for a device type, if no other device profile is mapped to the device type, the default device profile default-ap-profile is associated with the device type. You can modify the AP default device profile configuration but you cannot delete it. The default-ap-profile command supports only the AP device type.
More information
| Creating a profile and associate a device type |
| device-profile name |
| device-profile type |
-
Only one device type is supported,
aruba-ap, and it is used to identify all the Aruba APs. -
You can modify the configuration parameters of the default profile,
default-ap-profile, but you cannot delete it or change its name. -
For HPE 5400 Series v1 & v2 modules devices, the maximum value for
poe-max-poweris 30 W. For all other devices, the maximum value forpoe-max-poweris 33 W. -
If the port was part of any protocol VLANs prior to the device profile application, those VLANs will not be removed while applying the device profile.
-
Egress rate limiting is not supported for devices running on:
-
HPE Aruba 2530 Switch Series
-
HPE Switch 2530G Series
-
HPE Switch 2620 Series
-
-
The
egress-bandwidthis only supported for devices running on:-
HPE Aruba 2920 Switch Series
-
HPE Aruba 5400R Switch Series v2 & v3 modules
-
HPE 3800 Switch Series
-
-
The
egress-bandwidthoption is not supported and not displayed in the CLI running on:-
HPE Switch 2530G Series
-
HPE Aruba 2530 Switch Series
-
HPE Switch 2620 Series
-
Profile Manager interoperates with RADIUS when it is working in the client mode. When a port is blocked due to 802.1X authentication failure, the LLDP packets cannot come in on that port. Therefore, the Aruba AP cannot be detected and the device profile cannot be applied. When the port gets authenticated, the LLDP packets comes in, the AP is detected, and the device profile is applied.
You must ensure that the RADIUS server will not supply additional configuration such as VLAN or CoS during the 802.1X authentication as they will conflict with the configuration applied by the Profile Manager. If the RADIUS server supplies any such configurations to a port, the device profile will not be applied on such ports.
If either LMA, WMA, or MAC-AUTH is enabled on an interface, all the MAC addresses reaching the port must be authenticated. If LMA, WMA, or MAC-AUTH is configured on an interface, the user can have more granular control and does not need the device profile configuration. Therefore, the device profile will not be applied on such interface.
When the device profile is applied, a check is performed to verify if the VLAN addition violates any PVLAN requirements. The following PVLAN related checks are done before applying the VLANs configured in the device profile to an interface:
-
A port can be a member of only one VLAN from a given PVLAN instance.
-
A promiscuous port cannot be a member of a secondary VLAN.
For example, to add the profile abc and associate it with the aruba-ap type, enter:.
switch# device-profile name abc switch# device-profile type aruba-ap enable switch# device-profile type aruba-ap associate abc
More information
| device-profile name |
| device-profile type |
Syntax
[no] device-profile name <PROFILE-NAME> [untagged-vlan <VLAN-ID> |
tagged-vlan <VLAN-LIST> |
cos <COS-VALUE> |
ingress-bandwidth <Percentage> |
egress-bandwidth <Percentage> |
{poe-priority {critical | high | low} |
speed-duplex {auto | auto-10 | auto-100 | ...} |
poe-max-power <Watts>]
Description
This command is used to create an user-defined profile. A profile is a named collection of port settings applied as a group. You can modify the default profile, default-ap-profile, but you cannot delete it. You can create four additional profiles.
The default-ap-profile has the following values:
-
untagged-vlan: 1 -
tagged-vlan: None -
ingress-bandwidth: 100 -
egress-bandwidth: 100 -
cos: 0 -
speed-duplex: auto -
poe-max-power: 33 -
poe-priority: critical
You can modify these parameters. For example, you can execute no untagged-vlan to create a device profile with tagged only ports.
Parameters
Specifies the name of the profile to be configured. The profile names can be at most 32 characters long.
The Class of Service (CoS) priority for traffic from the device.
The port is an untagged member of specified VLAN.
The port is a tagged member of the specified VLANs.
The ingress maximum bandwidth for the device port.
The egress maximum bandwidth for the device port.
The PoE priority for the device port.
The speed and duplex for the device port.
The maximum PoE power for the device port.
Options
Removes the user-defined profiles.
Restrictions
-
You can modify the configuration parameters of the default profile,
default-ap-profile, but you cannot delete it or change its name. -
For HPE Aruba 5400R Switch Series devices, the maximum value for
poe-max-poweris 30 W. For all other devices, the maximum value forpoe-max-poweris 33 W. -
Egress rate limiting is not supported for devices running on:
-
HPE Aruba 2530 Switch Series
-
HPE Switch 2530G Series
-
HPE Switch 2620 Series
-
-
The
egress-bandwidthis only supported for HP Switch 2920 Series, HP Switch 5400R Series v2 & v3 modules, and HP Switch 3800 Series. -
The
egress-bandwidthoption is not supported and not displayed in the CLI for devices on: HPE Switch 2530G Series, HPE Aruba 2530 Switch Series, and HPE Switch 2620 Series. -
The profile configuration is only applicable to access points.
More information
| device-profile type |
Syntax
device-profile type <DEVICE> [associate <PROFILE-NAME> | enable | disable ]
Description
This command specifies an approved device type in order to configure and attach a profile to it. The profile’s configuration is applied to any port where a device of this type is connected.
Parameters
An approved device type in order to configure and attach a profile to it. The only device type supported is aruba-ap and it is used to identify all the Aruba APs.
Associates a profile with a device type.
Enables automatic profile association.
Disables automatic profile association.
Options
Removes the device type association and disables the feature for the device type. By default, this feature is disabled.
Restrictions
Only one device type is supported, aruba-ap, and it is used to identify all the Aruba access points.
More information
| device-profile name |