Security

last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Colorless ports and PoE

This thread has been viewed 4 times

  • 1.  Colorless ports and PoE

    Posted Feb 22, 2019 04:34 AM

    Hello Everyone,

     

    I have setup ClearPass role-based access with colorless ports using the Wired Policy Enforcement Solution Guide. For access switches, we use HPE 5130 (Comware7).

     

    In our network, there are some devices, mainly cameras that require PoE to be turned on. I searched for a way to turn on PoE via RADIUS but found or at least some best practices regarding PoE and colorless ports but I found none.

     

    So far, I plan on turning PoE on by default either on all of the ports or always at first ten or something.

     

    So I would like to ask you whether, any one of you has tackled this issue and what solution did you use in production.

     

    And is this different with ArubaOS switches?

     

    Thanks a lot



  • 2.  RE: Colorless ports and PoE

    Posted Jan 15, 2020 05:15 PM

    I turned on with "poe enable" for all HP H3C switchports but not using colorless with H3C

    I upgraded some of H3C to ArubaOS and implementing colorless.  All switchports in ArubaOS are POE enable by default.  I don't think I can disable POE in AOS switch. 



  • 3.  RE: Colorless ports and PoE

    MVP EXPERT
    Posted Jan 15, 2020 06:00 PM
    In turn on POE on by default on all edge interfaces on 5130 switches.

    How does a offline ‘powered off’ device send its EAP request to the switch If it needs POE to operate in the first place. Steering POE with radius isnt possible is what i think.

    On Aruba switches POE can be disabled per interface with the command “no
    Interface #/# power-over-ethernet”


  • 4.  RE: Colorless ports and PoE

    Posted Jan 16, 2020 07:18 AM

    Well, back then, I was thinking whether something like conditional behavior of PoE exists, for example it could grant power until the authentication is done and then either continue or stop granting the power based on authentication result.

     

    I have found no such settings and went with enabling PoE for all of the colorless ports.

     

    Thank you and have a nice day :)



  • 5.  RE: Colorless ports and PoE

    Posted Jan 16, 2020 08:58 AM

    honestly that sounds like a lot of trouble to go through. All my switch deployments I leave PoE on, or in the case of comware, specifically enable it everywhere.. Is there a specific requirement or need to have PoE disabled where it's not needed?



  • 6.  RE: Colorless ports and PoE

    Posted Jan 16, 2020 10:06 AM

    With former setup, the customer was used to requesting PoE enabling specifically for ports where they needed it and I tried to mirror this behavior with colorless ports as well.