Wireless Access

last person joined: 21 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Port shutdown not working as expected

This thread has been viewed 2 times

  • 1.  Port shutdown not working as expected

    Posted Jul 05, 2013 12:14 PM

    When working with a PoE enabled port, if I shut the port down, the lights on the port go out but the device remains powered on.  Is this normal?  Previous experience with Cisco switches tells me the device should lose power since the port is shutdown.



  • 2.  RE: Port shutdown not working as expected
    Best Answer

    EMPLOYEE
    Posted Jul 05, 2013 12:19 PM
    This is normal. Admin shutdown of a port does not kill power.


  • 3.  RE: Port shutdown not working as expected

    Posted Jul 05, 2013 12:22 PM

    That seems odd to me.

     

    Is setting a non-poe profile on the port the only option to power cycle the PoE device remotely?



  • 4.  RE: Port shutdown not working as expected

    EMPLOYEE
    Posted Jul 05, 2013 12:28 PM
    Currently, that is the only way to do it.


  • 5.  RE: Port shutdown not working as expected

    Posted Jul 05, 2013 12:30 PM

    Went ahead and created a PoE profile called "none" with PoE disabled.  Then, I applied the none PoE profile to the port and removed it.  This bounced the device as expected.  This solves my need.

     

    Thanks for the info.



  • 6.  RE: Port shutdown not working as expected

    EMPLOYEE
    Posted Jul 05, 2013 12:36 PM

    It might be worth creating a new topic in the idea portal. It would definitely be beneficial to have an admin poe shudtown command.



  • 7.  RE: Port shutdown not working as expected



  • 8.  RE: Port shutdown not working as expected

    Posted Jul 08, 2013 06:01 PM

    Would be nice to do this through a RADIUS COA as well to be able to bounce POE devices completely via Clearpass.  I guess it could be done through an SSH script, but RADIUS VSA would be awesome.



  • 9.  RE: Port shutdown not working as expected

    EMPLOYEE
    Posted Jul 08, 2013 06:10 PM
    Purely out of curiosity, what would be the use case for that? I'm
    intrigued.


  • 10.  RE: Port shutdown not working as expected

    Posted Jul 08, 2013 06:50 PM

    DHCP profiling - the idea is for Clearpass to put unprofiled devices into a role that allows DHCP, and when Clearpass profiles the device, it will automatically trigger a COA that should force the client to re-authenticate, upon which role-mapping can now use the information in the endpoint profile to make a different decision on user role.  

     

    When the switch receives the COA disconnect, the L3 user session gets removed from the switch, but we have phones that won't attempt DHCP again until a timeout value on the phone is exceeded - appears to be about 4 minutes.  Doing a COA that bounces the POE state on the port would force the phone to reboot and it would get the proper user-role much more quickly.

     

    This problem should only occur one time in any case because it only happens the first time a device is profiled, unless it hasn't been connected to the network in a long time and Clearpass has purged the endpoint out.

     

    We moved away from doing role assignment by DHCP profiling for now in any case, we have other devices that don't deal well with having the L3 session removed via COA, maybe actually bouncing the port state would work better, and if doing that actually bounces POE as well, as suggested above, that would be a solution to our problem.

     

    We're using MAC-auth for these types of devices until we can test profiling more thoroughly (also have the issue of false matches for profile fingerprints).