Wireless Access

 View Only
last person joined: 2 days ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Disable 2nd Ethernet Port

This thread has been viewed 36 times
  • 1.  Disable 2nd Ethernet Port

    Posted Jan 18, 2022 07:22 PM
    I am looking to administratively shut down Ethernet port 1 on the APs in my environment.
    Presently, I have the default profile assigned to the AP Group.
    With the default profile, I have the Ethernet port 1 assigned the port profile of shutdown. 
    !
    ap-group "default" 
    virtual-ap "A0001_DATA_10" 
    dot11a-radio-profile "default_radio_a_ui" 
    dot11g-radio-profile "default_radio_g_ui" 
    dot11-6GHz-radio-profile "default_radio11_ghz6_ui" 
    enet1-port-profile "shutdown" 
    regulatory-domain-profile "A0001_regulatory_domain" 
    !​


    Unfortunately, I still cannot get Ethernet Port 1 to administratively shutdown.  See below.

    show ap port status ap-name AP_005
    
    AP "AP_005" Port Status (updated every 60 seconds)
    ---------------------------------------------------------
    Port  MAC                Type  Forward Mode  Admin     Oper  Speed   Duplex  802.3az   802.3bz  PoE  STP  Portfast  TX-Packets  TX-Bytes   RX-Packets  RX-Bytes
    ----  ---                ----  ------------  -----     ----  -----   ------  -------   -------  ---  ---  --------  ----------  --------   ----------  --------
    0     bc:9f:e4:ca:01:de  5G    N/A           enabled   up    1 Gb/s  full    disabled  No       N/A  N/A  N/A       1919009     664982651  2272655     336045970
    1     bc:9f:e4:ca:01:df  5G    none          enabled   up    1 Gb/s  full    disabled  No       N/A  N/A  N/A       59          11418      2133        188328
    2     be:9f:e4:ca:01:df  USB   none          disabled  down  N/A     N/A     N/A       N/A      N/A  N/A  N/A       0           0          0           0


    Any ideas on what I am missing in order to successfully shut down Ethernet Port 1?

    Thank you.



    ------------------------------
    Administrator Eronetix
    ------------------------------


  • 2.  RE: Disable 2nd Ethernet Port

    MVP EXPERT
    Posted Jan 19, 2022 05:06 AM
    Can you post the configuration of enet profile? Is the admin status indeed set to down?

    ------------------------------
    Craig Syme
    ------------------------------



  • 3.  RE: Disable 2nd Ethernet Port

    Posted Jan 19, 2022 10:14 AM
    Hi, See these screenshots.
    As you can see, there is an option for shutdown, but nothing that I can see in either the Web GUI or CLI that explicitly gives an option for administratively shutting down the 2nd Ethernet port (ETH1 in this case).


    Thank you.

    ------------------------------
    Administrator Eronetix
    ------------------------------



  • 4.  RE: Disable 2nd Ethernet Port

    EMPLOYEE
    Posted Jan 19, 2022 10:50 AM
    I see the same in my lab. Can you please open a TAC case for this?

    MM (8.9.0.1) + MD7010 (8.9.0.1) + AP275

    (md7010) [MDC] #show ap port status ap-name AP275-xx:08
    
    AP "AP275-xx:08" Port Status (updated every 60 seconds)
    -------------------------------------------------------
    Port  MAC                Type  Forward Mode  Admin    Oper  Speed   Duplex  802.3az               802.3bz  PoE  STP  Portfast  TX-Packets  TX-Bytes  RX-Packets  RX-Bytes
    ----  ---                ----  ------------  -----    ----  -----   ------  -------               -------  ---  ---  --------  ----------  --------  ----------  --------
    0     6c:f3:xx:xx:xx:08  GE    N/A           enabled  up    1 Gb/s  full    unsupported           N/A      N/A  N/A  N/A       1461        361466    6052        744047
    1     6c:f3:xx:xx:xx:09  GE    none          enabled  up    1 Gb/s  full    100baseTX, 1000BaseT  N/A      N/A  N/A  N/A       40          7040      34          12342​
    
    (md7010) [MDC] #show ap profile-usage ap-name AP275-xx:08
    AP "AP275-xx:08" Ethernet 1 Profiles
    ------------------------------------
    Profile Type              Profile   Source
    ------------              -------   ------
    AP Ethernet Link profile  default   ap wired-port-profile "shutdown" enet-link-profile
    AP LLDP Profile           default   ap wired-port-profile "shutdown" lldp-profile
    AP wired port profile     shutdown  ap-group "Test-PortShut" enet1-port-profile
    
    AP "AP275-xx:08" Ethernet 1 Wired AP Profiles
    ---------------------------------------------
    Profile Type           Profile   Source
    ------------           -------   ------
    Wired AP profile       default   ap wired-port-profile "shutdown" wired-ap-profile
    AP wired port profile  shutdown  ap-group "Test-PortShut" enet1-port-profile

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 5.  RE: Disable 2nd Ethernet Port

    Posted Jan 19, 2022 10:58 AM
    Good Morning Herman,

    Will do, and thank you for confirming this in your lab environment.

    ------------------------------
    Administrator Eronetix
    ------------------------------



  • 6.  RE: Disable 2nd Ethernet Port

    Posted Jan 19, 2022 11:36 AM

    Eronetix,

    Here's something to check. The enet1-port-profile is named "shutdown", but have you looked in that profile to confirm that the shutdown setting within that profile is actually shutdown:

     

    (TestController) [MDC] *#show ap wired-port-profile NoAuthWiredPort

     

    AP wired port profile "NoAuthWiredPort" (Predefined)

    --------------------------------------------------------------

    Parameter                                   Value

    ---------                                   -----

    Wired AP profile                            NoAuthWiredAp

    Ethernet interface link profile             default

    AP LLDP profile                             default

    Shut down                                   No              <-----------------------------------------------

    Remote-AP Backup                            Enabled

    AAA Profile                                 NoAuthAAAProfile

    Bridge Role                                 N/A

    Time to wait for authentication to succeed  20 sec

    Spanning Tree                               Disabled

    Portfast                                    Disabled

    Portfast on trunk                           Disabled

    Loop Protect Enable                         Disabled

    Loop Detection Interval                     2

    Storm Control Broadcast                     Disabled

    Storm Control Broadcast Threshold           2000

    Auto Recovery Enable                        Disabled

    Auto Recovery Interval                      300

    (TestController) [MDC] *#

     

    Mine is NOT shutdown. Hope this helps.

     

    Thanks,

    Brad



    ------------------------------
    Brad
    ------------------------------



  • 7.  RE: Disable 2nd Ethernet Port

    Posted Jan 19, 2022 05:32 PM
    Hi Brad,

    Thanks for the comments.  Yes - The profile that ETH1 is tied to is the shutdown profile.  Here is the CLI output for it:

    #show ap wired-port-profile shutdown 
    
    AP wired port profile "shutdown" (Predefined)
    ---------------------------------------------
    Parameter                                   Value
    ---------                                   -----
    Wired AP profile                            default
    Ethernet interface link profile             default
    AP LLDP profile                             default
    Shut down                                   Yes
    Remote-AP Backup                            Enabled
    AAA Profile                                 N/A
    Time to wait for authentication to succeed  20 sec
    Spanning Tree                               Disabled
    Portfast                                    Disabled
    Portfast on trunk                           Disabled
    Loop Protect Enable                         Disabled
    Loop Detection Interval                     2
    Storm Control Broadcast                     Disabled
    Storm Control Broadcast Threshold           2000
    Auto Recovery Enable                        Disabled
    Auto Recovery Interval                      300​


    Unfortunately, the Ethernet port (ETH1) will still stay up with this shutdown profile applied to it.



    ------------------------------
    Administrator Eronetix
    ------------------------------



  • 8.  RE: Disable 2nd Ethernet Port

    Posted Jan 20, 2022 04:00 AM
    This can be done per AP

    ap-name "303_H"
    enet0-port-profile "default"
    enet1-port-profile "default"
    enet2-port-profile "default"
    enet3-port-profile "default"

    #show ap port status ap-name 303_H

    AP "303_H" Port Status (updated every 60 seconds)
    -------------------------------------------------
    Port MAC Type Forward Mode Admin Oper Speed Duplex 802.3az 802.3bz PoE STP Portfast TX-Packets TX-Bytes RX-Packets RX-Bytes
    ---- --- ---- ------------ ----- ---- ----- ------ ------- ------- --- --- -------- ---------- -------- ---------- --------
    0 20:4c:03:e0:b6:3c GE N/A enabled up 1 Gb/s full disabled N/A N/A N/A N/A 303916 62502106 811201 299064197
    1 20:4c:03:e0:b6:3d GE none enabled down N/A N/A N/A N/A N/A Off Off 0 0 0 0
    2 20:4c:03:e0:b6:3e GE none enabled down N/A N/A N/A N/A N/A Off Off 0 0 0 0
    3 20:4c:03:e0:b6:3f GE none enabled down N/A N/A N/A N/A disabled Off Off 0 0 0 0
    4 22:4c:03:e0:b6:3f USB none disabled down N/A N/A N/A N/A N/A Off Off 0 0 0 0


    #ap-name "303_H"
    (AP name "303_H") #enet1-port-profile "shutdown"
    (AP name "303_H") #enet2-port-profile "shutdown"
    (AP name "303_H") #enet3-port-profile "shutdown"
    (AP name "303_H") #write mem

    #show ap port status ap-name 303_H

    AP "303_H" Port Status (updated every 60 seconds)
    -------------------------------------------------
    Port MAC Type Forward Mode Admin Oper Speed Duplex 802.3az 802.3bz PoE STP Portfast TX-Packets TX-Bytes RX-Packets RX-Bytes
    ---- --- ---- ------------ ----- ---- ----- ------ ------- ------- --- --- -------- ---------- -------- ---------- --------
    0 20:4c:03:e0:b6:3c GE N/A enabled up 1 Gb/s full disabled N/A N/A N/A N/A 304908 62683889 814260 299768541
    1 20:4c:03:e0:b6:3d GE none disabled down N/A N/A N/A N/A N/A Off Off 0 0 0 0
    2 20:4c:03:e0:b6:3e GE none disabled down N/A N/A N/A N/A N/A Off Off 0 0 0 0
    3 20:4c:03:e0:b6:3f GE none disabled down N/A N/A N/A N/A disabled Off Off 0 0 0 0
    4 22:4c:03:e0:b6:3f USB none disabled down N/A N/A N/A N/A N/A Off Off 0 0 0 0


    I guess same should be able to achieve via ap-group.


    ------------------------------
    Predrag Jovic
    ------------------------------



  • 9.  RE: Disable 2nd Ethernet Port

    Posted Jan 20, 2022 08:55 AM
    Hi Predrag,

    Yes, I agree this can/could be done per AP.
    My desired end-state in this case is to achieve the admin shutdown of the port(s) at the ap-group level.

    I opened a case with TAC on this.  I'll add more to this thread as I get an update from them.

    ------------------------------
    Administrator Eronetix
    ------------------------------