Wired Intelligent Edge

Dear Gurus,

is it possible to apply profile on the port based on OUI part of MAC address of connected device?

Switch is 2930F. I've tried this:


The line "lldp oui 00085d" do not work. Everything else does (checked with changing the line to "lldp sys-name "Mitel IP Phone").
I've tried "lldp oui 00085d sub-type 1" with no avail. I suppose this TLV is not included in LLDP frame from the phone. I don't know how to check it (I would use Wireshark but the switch is not in my possession).

Is it somehow possible to use part of PortId from LLDP (which is, in fact, OUI):


Can someone, please, clarify this for me? Maybe there must be a completely different approach?

------------------------------
Alexander Suntsev
------------------------------

LLDP oui is not the same as MAC oui
in your pcap, look for LLDP packet with organization specific TLV (type =127)
you need to match it with this value, note that the screenshot below is just a sample not the value for mital phones.


------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Nov 26, 2021 11:07 AM
From: Alexander Suntsev
Subject: AOS-SW, Port profiling based on OUI

Dear Gurus,

is it possible to apply profile on the port based on OUI part of MAC address of connected device?

Switch is 2930F. I've tried this:

device-identity name "Mitel"

lldp oui 00085d

exit

device-profile name "Mitel-Profile"

untagged-vlan 8

tagged-vlan 30

exit

device-profile device-type "Mitel"

associate "Mitel-Profile"

enable

exit

The line "lldp oui 00085d" do not work. Everything else does (checked with changing the line to "lldp sys-name "Mitel IP Phone").
I've tried "lldp oui 00085d sub-type 1" with no avail. I suppose this TLV is not included in LLDP frame from the phone. I don't know how to check it (I would use Wireshark but the switch is not in my possession).

Is it somehow possible to use part of PortId from LLDP (which is, in fact, OUI):

# sh lldp info remote-device 1

LLDP Remote Device Information Detail

Local Port : 1

ChassisType : network-address

ChassisId : 10.1.8.13

PortType : mac-address

PortId : 00 08 5d 6d a5 0b

SysName : Mitel IP Phone

System Descr : Mitel IP Phone

PortDescr : port 0

Pvid :

System Capabilities Supported : bridge, telephone

…

#

Can someone, please, clarify this for me? Maybe there must be a completely different approach?

------------------------------
Alexander Suntsev
------------------------------

Thank you. I see your point. I don't have a pcap to look at it. Maybe there is a different LLDP oui which can be used, but.. a customer has a various endpoint devices all of which has a common MAC oui "00:08:5d". On other vendor's switches they use this part of MAC to apply voice vlan to this and only this devices. So they want to copy that logic to an Aruba switches. Can you tell is there a way to archive this? Or LLDP oui, SysName or System Description is the only options (without involving ClearPass)?

------------------------------
Alexander Suntsev
------------------------------

Original Message:
Sent: Nov 26, 2021 06:24 PM
From: Ariya Parsamanesh
Subject: AOS-SW, Port profiling based on OUI

LLDP oui is not the same as MAC oui
in your pcap, look for LLDP packet with organization specific TLV (type =127)
you need to match it with this value, note that the screenshot below is just a sample not the value for mital phones.


------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Nov 26, 2021 11:07 AM
From: Alexander Suntsev
Subject: AOS-SW, Port profiling based on OUI

Dear Gurus,

is it possible to apply profile on the port based on OUI part of MAC address of connected device?

Switch is 2930F. I've tried this:

device-identity name "Mitel"

lldp oui 00085d

exit

device-profile name "Mitel-Profile"

untagged-vlan 8

tagged-vlan 30

exit

device-profile device-type "Mitel"

associate "Mitel-Profile"

enable

exit

The line "lldp oui 00085d" do not work. Everything else does (checked with changing the line to "lldp sys-name "Mitel IP Phone").
I've tried "lldp oui 00085d sub-type 1" with no avail. I suppose this TLV is not included in LLDP frame from the phone. I don't know how to check it (I would use Wireshark but the switch is not in my possession).

Is it somehow possible to use part of PortId from LLDP (which is, in fact, OUI):

# sh lldp info remote-device 1

LLDP Remote Device Information Detail

Local Port : 1

ChassisType : network-address

ChassisId : 10.1.8.13

PortType : mac-address

PortId : 00 08 5d 6d a5 0b

SysName : Mitel IP Phone

System Descr : Mitel IP Phone

PortDescr : port 0

Pvid :

System Capabilities Supported : bridge, telephone

…

#

Can someone, please, clarify this for me? Maybe there must be a completely different approach?

------------------------------
Alexander Suntsev
------------------------------

yes I think that what you need with device profile approach.
however you can also do the simpler way of having voice VLANs and using LLDP med to put the IP Phones in the voice vlans.
I think LLDP is globally enabled b default.

VLAN 10 is for VOIP Phones, VLAN 21 is for PC and 1-12 are Switch port numbers.

Here is the sample config snippet

vlan 10
voice
tagged 1-12
!
vlan 21
untagged 1-12

here you can find more explanation on it and device profiles.
https://higherlogicdownload.s3.amazonaws.com/HPE/MigratedAssets/VoIP_Deployment_on_ArubaOS-Switch.pdf

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Nov 29, 2021 03:25 AM
From: Alexander Suntsev
Subject: AOS-SW, Port profiling based on OUI

Thank you. I see your point. I don't have a pcap to look at it. Maybe there is a different LLDP oui which can be used, but.. a customer has a various endpoint devices all of which has a common MAC oui "00:08:5d". On other vendor's switches they use this part of MAC to apply voice vlan to this and only this devices. So they want to copy that logic to an Aruba switches. Can you tell is there a way to archive this? Or LLDP oui, SysName or System Description is the only options (without involving ClearPass)?

------------------------------
Alexander Suntsev

Original Message:
Sent: Nov 26, 2021 06:24 PM
From: Ariya Parsamanesh
Subject: AOS-SW, Port profiling based on OUI

LLDP oui is not the same as MAC oui
in your pcap, look for LLDP packet with organization specific TLV (type =127)
you need to match it with this value, note that the screenshot below is just a sample not the value for mital phones.


------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Nov 26, 2021 11:07 AM
From: Alexander Suntsev
Subject: AOS-SW, Port profiling based on OUI

Dear Gurus,

is it possible to apply profile on the port based on OUI part of MAC address of connected device?

Switch is 2930F. I've tried this:

device-identity name "Mitel"

lldp oui 00085d

exit

device-profile name "Mitel-Profile"

untagged-vlan 8

tagged-vlan 30

exit

device-profile device-type "Mitel"

associate "Mitel-Profile"

enable

exit

The line "lldp oui 00085d" do not work. Everything else does (checked with changing the line to "lldp sys-name "Mitel IP Phone").
I've tried "lldp oui 00085d sub-type 1" with no avail. I suppose this TLV is not included in LLDP frame from the phone. I don't know how to check it (I would use Wireshark but the switch is not in my possession).

Is it somehow possible to use part of PortId from LLDP (which is, in fact, OUI):

# sh lldp info remote-device 1

LLDP Remote Device Information Detail

Local Port : 1

ChassisType : network-address

ChassisId : 10.1.8.13

PortType : mac-address

PortId : 00 08 5d 6d a5 0b

SysName : Mitel IP Phone

System Descr : Mitel IP Phone

PortDescr : port 0

Pvid :

System Capabilities Supported : bridge, telephone

…

#

Can someone, please, clarify this for me? Maybe there must be a completely different approach?

------------------------------
Alexander Suntsev
------------------------------