When working with a PoE enabled port, if I shut the port down, the lights on the port go out but the device remains powered on. Is this normal? Previous experience with Cisco switches tells me the device should lose power since the port is shutdown.
That seems odd to me.
Is setting a non-poe profile on the port the only option to power cycle the PoE device remotely?
Went ahead and created a PoE profile called "none" with PoE disabled. Then, I applied the none PoE profile to the port and removed it. This bounced the device as expected. This solves my need.
Thanks for the info.
It might be worth creating a new topic in the idea portal. It would definitely be beneficial to have an admin poe shudtown command.
Idea created: https://arubanetworkskb.secure.force.com/cp/ideas/viewIdea.apexp?id=08740000000LDZs
Would be nice to do this through a RADIUS COA as well to be able to bounce POE devices completely via Clearpass. I guess it could be done through an SSH script, but RADIUS VSA would be awesome.
DHCP profiling - the idea is for Clearpass to put unprofiled devices into a role that allows DHCP, and when Clearpass profiles the device, it will automatically trigger a COA that should force the client to re-authenticate, upon which role-mapping can now use the information in the endpoint profile to make a different decision on user role.
When the switch receives the COA disconnect, the L3 user session gets removed from the switch, but we have phones that won't attempt DHCP again until a timeout value on the phone is exceeded - appears to be about 4 minutes. Doing a COA that bounces the POE state on the port would force the phone to reboot and it would get the proper user-role much more quickly.
This problem should only occur one time in any case because it only happens the first time a device is profiled, unless it hasn't been connected to the network in a long time and Clearpass has purged the endpoint out.
We moved away from doing role assignment by DHCP profiling for now in any case, we have other devices that don't deal well with having the L3 session removed via COA, maybe actually bouncing the port state would work better, and if doing that actually bounces POE as well, as suggested above, that would be a solution to our problem.
We're using MAC-auth for these types of devices until we can test profiling more thoroughly (also have the issue of false matches for profile fingerprints).
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.