Wired Intelligent Edge

We are in the testing stages of replacing our soon to be EOL 215 series access points with the new 635 series. These 2 models are incompatible due to firmware versions and need to be on separate vlans for their controllers to work correctly.

Our access switches are configured to profile AP devices and give them the correct VLAN information. Where I am getting stuck is that the new APs keep getting placed into the profile for old APs. I've matched the OUI for the profile to what wireshark's lookup tool says for the OUI based on the mac address of the new APs. However, the OUI in use for the older APs does not match the start of the mac address as wireshark claims it should. So I'm guessing that the OUI of 000b86 is some kind of aruba catch-all or parent oui. Curiously even if I disable the profile for the OUI used for old APs, the new AP still is not profiled by the OUI of 946424.

I'm sure this is something simple where I'm missing some small but key piece of information. Obviously, I can always just change the vlan config on the profile for the OLD AP model and just roll from there since it is catching the new APs. But I would like to be able to have both models profiled correctly to make the deployment of 100+ access points simpler by not having to ensure every AP connected to a switch gets swapped at the same time simply because of a minor config hurdle.


Old device identity ap215
device-identity name "ap"
lldp oui 000b86
exit

New device identity ap635
device-identity name "AP635"
lldp oui 946424
exit

Old device profile ap215
device-profile name "AP-Profile"
untagged-vlan 450
tagged-vlan 202-203,205
exit

New device profile ap635
device-profile name "AP635-Profile"
untagged-vlan 200
tagged-vlan 202-203,205
exit

Old device profile ap215
device-profile device-type "ap"
associate "AP-Profile"
enable
exit

New device profile ap635
device-profile device-type "AP635"
associate "AP635-Profile"
enable
exit


New AP635 LLDP Info
Aruba2930F# show lldp info remote-device 18

LLDP Remote Device Information Detail

Local Port : 18
ChassisType : mac-address
ChassisId : 946424-c447bb
PortType : mac-address
PortId : 94 64 24 c4 47 bb
SysName : 94:64:24:c4:47:bb
System Descr : ArubaOS (MODEL: 635), Version Aruba IAP
PortDescr : eth0
Pvid :

System Capabilities Supported : bridge, wlan-access-point
System Capabilities Enabled : wlan-access-point


Old AP215 LLDP Info
Aruba2930F# show lldp info remote-device 47

LLDP Remote Device Information Detail

Local Port : 47
ChassisType : mac-address
ChassisId : f05c19-111111
PortType : mac-address
PortId : f0 5c 19 11 11 11
SysName : f0:5c:19:11:11:11
System Descr : ArubaOS (MODEL: 215), Version Aruba IAP
PortDescr : bond0
Pvid :

System Capabilities Supported : bridge, wlan-access-point
System Capabilities Enabled : wlan-access-point

It depends on the OS type. ie, 2930 AOS, or 6300 AOS-CX.

This is the configurations I am using, and it is working fine.

(However only on single interfaces, when enabling dual interfaces on AP's with LACP it is not,
[then you must set the vlan on the LACP trunk, untagged])

AOS:

device-profile name "default-ap-profile"

   untagged-vlan 11

   allow-jumbo-frames

   no allow-tunneled-node

   poe-priority low

   exit

device-profile type "aruba-ap"

   enable

   exit

 

CX:

port-access lldp-group Aruba-AP_LLDP

     seq 20 match sys-desc ArubaOS

port-access role Aruba-AP

    description Aruba AP

    mtu 9198

    poe-priority low

    trust-mode dscp

    vlan access 11

port-access device-profile default-ap-profile

    enable

    associate role Aruba-AP

    associate lldp-group Aruba-AP_LLDP

 

 Hope this helps

Original Message:
Sent: Jul 15, 2022 05:24 PM
From: Justin Rasmussen
Subject: Device-Profiling - Access Points

We are in the testing stages of replacing our soon to be EOL 215 series access points with the new 635 series. These 2 models are incompatible due to firmware versions and need to be on separate vlans for their controllers to work correctly.

Our access switches are configured to profile AP devices and give them the correct VLAN information. Where I am getting stuck is that the new APs keep getting placed into the profile for old APs. I've matched the OUI for the profile to what wireshark's lookup tool says for the OUI based on the mac address of the new APs. However, the OUI in use for the older APs does not match the start of the mac address as wireshark claims it should. So I'm guessing that the OUI of 000b86 is some kind of aruba catch-all or parent oui. Curiously even if I disable the profile for the OUI used for old APs, the new AP still is not profiled by the OUI of 946424.

I'm sure this is something simple where I'm missing some small but key piece of information. Obviously, I can always just change the vlan config on the profile for the OLD AP model and just roll from there since it is catching the new APs. But I would like to be able to have both models profiled correctly to make the deployment of 100+ access points simpler by not having to ensure every AP connected to a switch gets swapped at the same time simply because of a minor config hurdle.


Old device identity ap215
device-identity name "ap"
lldp oui 000b86
exit

New device identity ap635
device-identity name "AP635"
lldp oui 946424
exit

Old device profile ap215
device-profile name "AP-Profile"
untagged-vlan 450
tagged-vlan 202-203,205
exit

New device profile ap635
device-profile name "AP635-Profile"
untagged-vlan 200
tagged-vlan 202-203,205
exit

Old device profile ap215
device-profile device-type "ap"
associate "AP-Profile"
enable
exit

New device profile ap635
device-profile device-type "AP635"
associate "AP635-Profile"
enable
exit


New AP635 LLDP Info
Aruba2930F# show lldp info remote-device 18

LLDP Remote Device Information Detail

Local Port : 18
ChassisType : mac-address
ChassisId : 946424-c447bb
PortType : mac-address
PortId : 94 64 24 c4 47 bb
SysName : 94:64:24:c4:47:bb
System Descr : ArubaOS (MODEL: 635), Version Aruba IAP
PortDescr : eth0
Pvid :

System Capabilities Supported : bridge, wlan-access-point
System Capabilities Enabled : wlan-access-point


Old AP215 LLDP Info
Aruba2930F# show lldp info remote-device 47

LLDP Remote Device Information Detail

Local Port : 47
ChassisType : mac-address
ChassisId : f05c19-111111
PortType : mac-address
PortId : f0 5c 19 11 11 11
SysName : f0:5c:19:11:11:11
System Descr : ArubaOS (MODEL: 215), Version Aruba IAP
PortDescr : bond0
Pvid :

System Capabilities Supported : bridge, wlan-access-point
System Capabilities Enabled : wlan-access-point

The LLDP OUI is NOT the first part of a MAC address it is instead an OUI in the vendor specific LLDP TLV and for all Aruba APs the same. Therefore you cannot use it to differentiate between different models of Aruba APs.

Thanks for this, explains a lot. Mildly concerning that my Aruba Sales Engineer gave me the wrong information on this and I spent a day beating my head against a wall because of it.
Original Message:
Sent: Jul 20, 2022 04:30 AM
From: Holger Hasenaug
Subject: Device-Profiling - Access Points

The LLDP OUI is NOT the first part of a MAC address it is instead an OUI in the vendor specific LLDP TLV and for all Aruba APs the same. Therefore you cannot use it to differentiate between different models of Aruba APs.

You may use the LLDP System Description or System Name for your use case which is supported from AOS-S  version 16.10.0003 for the 2930 switch series.