Wireless Access

Reply

Port shutdown not working as expected

When working with a PoE enabled port, if I shut the port down, the lights on the port go out but the device remains powered on.  Is this normal?  Previous experience with Cisco switches tells me the device should lose power since the port is shutdown.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite

Re: Port shutdown not working

This is normal. Admin shutdown of a port does not kill power.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Port shutdown not working

That seems odd to me.

 

Is setting a non-poe profile on the port the only option to power cycle the PoE device remotely?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite

Re: Port shutdown not working

Currently, that is the only way to do it.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Port shutdown not working

Went ahead and created a PoE profile called "none" with PoE disabled.  Then, I applied the none PoE profile to the port and removed it.  This bounced the device as expected.  This solves my need.

 

Thanks for the info.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite

Re: Port shutdown not working

It might be worth creating a new topic in the idea portal. It would definitely be beneficial to have an admin poe shudtown command.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Port shutdown not working

Idea created:  https://arubanetworkskb.secure.force.com/cp/ideas/viewIdea.apexp?id=08740000000LDZs

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Occasional Contributor II

Re: Port shutdown not working

Would be nice to do this through a RADIUS COA as well to be able to bounce POE devices completely via Clearpass.  I guess it could be done through an SSH script, but RADIUS VSA would be awesome.

Guru Elite

Re: Port shutdown not working

Purely out of curiosity, what would be the use case for that? I'm
intrigued.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Port shutdown not working

DHCP profiling - the idea is for Clearpass to put unprofiled devices into a role that allows DHCP, and when Clearpass profiles the device, it will automatically trigger a COA that should force the client to re-authenticate, upon which role-mapping can now use the information in the endpoint profile to make a different decision on user role.  

 

When the switch receives the COA disconnect, the L3 user session gets removed from the switch, but we have phones that won't attempt DHCP again until a timeout value on the phone is exceeded - appears to be about 4 minutes.  Doing a COA that bounces the POE state on the port would force the phone to reboot and it would get the proper user-role much more quickly.

 

This problem should only occur one time in any case because it only happens the first time a device is profiled, unless it hasn't been connected to the network in a long time and Clearpass has purged the endpoint out.

 

We moved away from doing role assignment by DHCP profiling for now in any case, we have other devices that don't deal well with having the L3 session removed via COA, maybe actually bouncing the port state would work better, and if doing that actually bounces POE as well, as suggested above, that would be a solution to our problem.

 

We're using MAC-auth for these types of devices until we can test profiling more thoroughly (also have the issue of false matches for profile fingerprints).

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: