Troubleshooting

Dynamic configuration not displayed when using “show running-config”

Symptom

The show running-config command does not display the dynamic configuration applied through the device profile.

Cause

The show running-config command shows only the permanent user configuration and parameters configured through device profile.

Action

Use the specific show device-profile command to display the parameters dynamically configured through the device profile.

Switch does not detect the rogue AP TLVs

Symptom

The switch does not detect the rogue AP TLVs that could be sent from the neighboring device.

Cause

The LLDP administrator status of a port is moved from txOnly to tx_rx or rx_only within 120 seconds of the previous state change to txOnly.

Action

Wait for 120 seconds before moving from the state txOnly to the state tx_rx or rx_only.
Move the administrator status to disable and then back to tx_rx or rx_only.

The show run command displays non-numerical value for untagged-vlan

Symptom

The show run command displays one of the following values for untagged-vlan:

no untagged-vlan
untagged-vlan : None

Cause

The no device-profile or the no rogue-ap-isolation whitelist command is executed to configure untagged-vlan to 0.

Action

No actions is required.

Show commands

Use the following show commands to view the various configurations and status.

Command	Description
`show device-profile`	Shows the device profile configuration and status.
`show device-profile config`	Shows the device profile configuration details for a single profile or all profiles.
`show device-profile status`	Shows currently applied device profiles.
`show rogue-ap-isolation`	Shows the following information: The status of the feature: enabled or disabled. The current action type for the rogue MACs detected. The list of MAC addresses detected as rogue and the MAC address of the AP that reported them.
`show rogue-ap-isolation whitelist`	Shows the rogue AP whitelist configuration.
`show run`	Shows the running configuration.

Validation Rules

Validation	Error/Warning/Prompt
`device-profile profile-name default-ap-profile`	Maximum tagged VLANs that can be associated with a device-profile is 256.
`device-profile` `profile-name` creation.	String too long. Allowed length is 32 characters.
`device-profile` `profile-name` creation.	Device profile <> already exists.
`device-profile` `profile-name` creation.	The maximum number of device profiles allowed is 5.
`device-profile` `profile-name` deletion.	Device profile <> does not exist.
`device-profile` `profile-name` deletion.	Cannot delete profile <> when associated with a device type.
`device-profile` `profile-name` deletion.	Default profile cannot be deleted.
`device-profile` `profile-name` modification via SNMP.	Default profile name cannot be changed.
`device-profileprofile-name` creation/modification via SNMP.	Device profile index cannot be greater than 5.
`untagged-vlan`	Invalid VLAN.
`untagged-vlan`	Cannot configure the VLAN <> as an untagged VLAN because this is already used as a tagged VLAN.
`tagged-vlan 1-1000`	The maximum number of tagged VLANs in a profile is less than 512 or the maximum VLANs, `MAX_VLANs`, configurable in the system.
`tagged-vlan`	Cannot configure the VLAN <> as a tagged VLAN because this is already used as an untagged VLAN.
`ingress-bandwidth`	SNMP should return `WRONG_VALUE_ERROR`.
`egress-bandwidth`	SNMP should return `WRONG_VALUE_ERROR`.
`cos`	SNMP should return `WRONG_VALUE_ERROR`.
`speed-duplex`	SNMP should return `WRONG_VALUE_ERROR`.
`poe-max-power`	SNMP should return `WRONG_VALUE_ERROR`.
`poe-priority`	SNMP should return `WRONG_VALUE_ERROR`.
`device-profile type aruba-ap profile-name`	String <> too long. Allowed length is 32 characters.
`device-profile type aruba-ap profile-name`	Device profile <> does not exist.
`device-profile type aruba-switch-router`	Device type is not supported.
`rogue-ap-whitelist`	Whitelist MAC address already exists in the list.
`rogue-ap-whitelist`	Whitelist MAC address does not exist in the list.
`rogue-ap-whitelist`	The maximum number of whitelist MACs allowed is 128.
`rogue-ap-whitelist <MAC>`	Cannot add the whitelist entry because the specified MAC address is already configured as a lock-out MAC.
`lock-out <MAC>`	Cannot add the lock-out entry because the specified MAC address is already configured as a whitelist MAC.
`lockout-mac <MAC-ADDRESS>` OR `static-mac <MAC-ADDRESS> vlan <vlan-id> interface <interface>` OR `vlan <vlan-id> ip-recv-mac-address <MAC-ADDRESS`	Cannot add an entry for the MAC address <`MAC-ADDRESS`> because it is already blocked by `rogue-ap-isolation`.

prev	up	next
Rogue AP Isolation	home	Link Aggregation Control Protocol—Multi-Active Detection (LACP-MAD)