Wired Intelligent Edge

last person joined: 10 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Device Profiles Tutorial for CX switches

This thread has been viewed 96 times
  • 1.  Device Profiles Tutorial for CX switches

    Posted Jul 01, 2020 06:38 AM
      |   view attached

    Here is a short technote to demonstrate "Device profile" feature for CX 6200/6300/6400 switches. Device profile was a popular feature in AOS-S switch like 2930F/M and the aim of the feature is to automatically discover the key devices that are connected to the switch port using LLDP/CDP and to enable automatic configuration of the switch ports in which they are connected without the need for authentication.

     

    This technote will demo device profile feature for when an Aruba AP is connected dynamically changing switch port configuration for

    • PoE Priority
    • Trunk mode
    • Native VLAN
    • Allowed VLAN
    • QoS Trust boundary

    Hope you’ll find it useful and as always please send through your feedback for improvements.

    Attachment(s)



  • 2.  RE: Device Profiles Tutorial for CX switches

    Posted Sep 17, 2021 08:45 AM
    Hello
    doesn't work for me. Please Help

    I wannt that if the user connects a telephone with vendor oui 00940, it should be automatically moved in vlan 100 for example.
    I have configured with the Tutorial but doesn't work. The telephones always stay in native Vlan 1.
    i don't know what am I doing wrong.Please Help

    my config

    Role Profile"

    sw-arb01#
    port-access role Phone_role
    description agfeo IP Phone-group
    poe-priority high
    trust-mode dscp
    vlan trunk native 1
    vlan trunk allowed 100

    "lldp Profile"

    sw-arb01#
    port-access lldp-group Phone_group

    seq 10 match vendor-oui 000940

    "associate Role and lldp profile with Device Profile."

    sw-arb01#
    Port-access device-profile Phone_prof

    enable
    associate role Phone_role
    associate lldp-group Phone_group

    end


    sh run from Switch

    sw-arb01# sh run
    Current configuration:
    !
    !Version ArubaOS-CX PL.10.08.0001
    !export-password: default
    hostname sw-arb01
    clock timezone europe/amsterdam
    ntp server 10.10.xx.xx iburst
    ntp server pool.ntp.org minpoll 4 maxpoll 4 iburst
    ntp enable
    !
    !
    !
    !
    ssh server vrf default
    vlan 1
    vlan 100
    name Voice
    voice
    spanning-tree
    port-access lldp-group Phone_group
    seq 10 match vendor-oui 000940
    port-access role Phone_role
    description agfeo IP Phone-group
    poe-priority high
    trust-mode dscp
    vlan trunk native 1
    vlan trunk allowed 100
    port-access device-profile Phone_prof
    enable
    associate role Phone_role
    associate lldp-group Phone_group
    interface 1/1/1
    no shutdown
    vlan access 1
    interface 1/1/2
    no shutdown
    vlan trunk native 1
    vlan trunk allowed 107

    Thx and regards


    ------------------------------
    David Lawson
    ------------------------------



  • 3.  RE: Device Profiles Tutorial for CX switches

    Posted Sep 17, 2021 09:09 PM
    few questions to help narrow it down.
    do your phones support LLDP and is the LLDP OUI vendor correct?
    what version of firmware are you running on CX switch?
    also try the following show commands
    • sh port-access device-profile
    • sh lldp nei de
    • sh port-access device-profile interface all


    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
    ------------------------------



  • 4.  RE: Device Profiles Tutorial for CX switches

    Posted Sep 22, 2021 02:12 PM
    Hello

    please see below my answer.

    -Aruba 6100 m with os Version ArubaOS-CX PL.10.08.0001
    -Agfeo ip phone

    I want the phone to be automatically moved in the predefined vlan 100.

    I did it with lldp protokol but does not work. I did it with mac group doesn't work.
    the phone stays always in vlan 1. Please help.

    ----Configuration with lldp Proticol-----

    swicht# vlan 100
    voice

    port-access lldp-group Phone_group
    seq 10 match vendor-oui 000940

    port-access role phone_role
    description agfeo
    poe-priority high
    trust-mode dscp
    vlan access 100

    port-access device-profile Phone_prof
    enable
    associate role phone_role
    associate lldp-group Phone_group

    Telephone connected to switch, alway in Vlan1

    -----configuration with Mac group-----

    swicht# vlan 100
    voice

    mac-group mac-group1
    seq 10 match mac 00:XX:XX:XX:XX:XX

    port-access role phone_role
    description agfeo
    poe-priority high
    trust-mode dscp
    vlan access 100


    port-access device-profile profile01
    enable
    associate mac-group mac-group1
    associate role phone_role


    ----Telephone connected to switch, alway in Vlan1----

    -sh port-access device-profile

    Profile Name : profile01
    LLDP Groups :
    CDP Groups :
    MAC Groups : mac-group1
    Role : phone_role
    State : Enabled

    -sh lldp nei de
    phone is not displayed.

    # sh port-access device-profile interface all
    No device-profile clients found.

    I do not know what I'm doing wrong

    please Help me.

    my question

    i dont know if the phone support lldp protocol or not, but if not, should mac group profil work or not?


    I do not know what I'm doing wrong. please help
    Thx and regards

    ------------------------------
    David
    ------------------------------



  • 5.  RE: Device Profiles Tutorial for CX switches

    Posted Sep 24, 2021 06:51 AM
    looks like your phones dont support LLDP.  so the MAC group match should work
    please reach out to TAC so you can resolve this issue in timely manner.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
    ------------------------------