EasyManua.ls Logo

Aruba 2530 - Profile Manager and 802.1 X; Profile Manager and LMA;WMA;MAC-AUTH; Profile Manager and Private Vlans; Procedure for Creating a Device Identity and Associating a Device Type

Aruba 2530
479 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Profile Manager and 802.1X
Profile Manager interoperates with RADIUS when it is working in the client mode. When a port is blocked due to
802.1X authentication failure, the LLDP packets cannot come in on that port. Therefore, the Aruba AP cannot be
detected and the device profile cannot be applied. When the port gets authenticated, the LLDP packets comes in,
the AP is detected, and the device profile is applied.
You must ensure that the RADIUS server will not supply additional configuration such as VLAN or CoS during the
802.1X authentication as they will conflict with the configuration applied by the Profile Manager. If the RADIUS
server supplies any such configurations to a port, the device profile will not be applied on such ports.
Profile Manager and LMA/WMA/MAC-AUTH
If either LMA, WMA, or MAC-AUTH is enabled on an interface, all the MAC addresses reaching the port must be
authenticated. If LMA, WMA, or MAC-AUTH is configured on an interface, the user can have more granular
control and does not need the device profile configuration. Therefore, the device profile will not be applied on
such interface.
Profile manager and Private VLANs
When the device profile is applied, a check is performed to verify if the VLAN addition violates any PVLAN
requirements. The following PVLAN related checks are done before applying the VLANs configured in the device
profile to an interface:
A port can be a member of only one VLAN from a given PVLAN instance.
A promiscuous port cannot be a member of a secondary VLAN.
Procedure for creating a device identity and associating a device type
Procedure
1. Create a device identity using the command:
switch# device-identity name <DEVICE-NAME>
2. Specify the OUI used in LLDP's organization using specific TLV, (type =127). OUI should be in XXXXXX
format. The default OUI "000000" indicates that device-identity will not use LLDP to identify device:
switch(config)# device-identity name <DEVICE-NAME> lldp oui <MAC_OUI>
sub-type <SUBTYPE>
To add new device on switch:
switch(config)# device-identity name abc lldp oui a1b2c3 sub 2
To remove device from switch:
switch(config)# no device-identity name abc
3. Show device identity configuration:
switch(config)# show device-identity lldp
Device Identity Configuration
Index Device name Oui Subtype
244 Aruba 2530 Management and Configuration Guide for
ArubaOS-Switch 16.05

Table of Contents

Related product manuals