I don't think PoE bounce is supported on APs connected to mobility controllers. You may check with Aruba support to get a fully confident answer.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Sep 28, 2022 04:45 AM
From: Dario Nardello
Subject: CPPM Wired Policy Enforcement: PoE bounce
Hello,
I have the same issue now with Clearpass 6.10.6 and Aei phones connected to AP 303H managed by mobility conductor and 2 mobility controller in cluster.
there is some enahcements in the new versions?
Dario
------------------------------
Dario Nardello
ACMP ACSP ACCP ACEP
Original Message:
Sent: Apr 26, 2019 12:20 PM
From: Zak Emerick
Subject: CPPM Wired Policy Enforcement: PoE bounce
I've noticed that some devices that are PoE-powered, do not honor the bounce port CoA from CPPM in the following way. The HPE-Port-Bounce-Host message does indeed disable the port. However, some PoE devices will not try to renew their IP if they keep power but link drops. Most devices, I have found, handle the port drop gracefully and the CoA goes off without a hitch. However, devices such as some phones, will not try to renew their IP and just stay up with an IP in the old VLAN.
Example:
1. Phone powers up on default VLAN 20.
2. CPPM profiles device, assigns VLAN 50, bounces port.
3. Phone stays powered up, but does not renew IP regardless of port admin status.
a. As a consequence, it has a VLAN 20 IP, but port is untagging packets for VLAN 50.
4. Bounce power on port, and phone comes up as it should in the correct VLAN 50. (because it's already profiled)
Is there a way to handle this scenario gracefully? Should we lean on the manufacturer of the endpoint? Can Aruba develop a RADIUS VSA to drop power on a port?