Table of Contents
•
If the port was part of any protocol VLANs prior to the device profile application, those VLANs will not be
removed while applying the device profile.
•
The egress-bandwidth is only supported for devices running on:
◦
Aruba 2930F Switch Series
◦
Aruba 2930M Switch Series
•
Enabling jumbo frame support in a profile affects other ports with different profiles. When a profile has jumbo
frames enabled and is applied to any port, all other ports that are members of any VLAN listed in the profile will
also have jumbo frame support.
Feature Interactions
Profile Manager and 802.1X
Profile Manager interoperates with RADIUS when it is working in the client mode. When a port is blocked due to
802.1X authentication failure, the LLDP packets cannot come in on that port. Therefore, the Aruba AP cannot be
detected and the device profile cannot be applied. When the port gets authenticated, the LLDP packets comes in,
the AP is detected, and the device profile is applied.
You must ensure that the RADIUS server will not supply additional configuration such as VLAN or CoS during the
802.1X authentication as they will conflict with the configuration applied by the Profile Manager. If the RADIUS
server supplies any such configurations to a port, the device profile will not be applied on such ports.
Profile Manager and LMA/WMA/MAC-AUTH
If either LMA, WMA, or MAC-AUTH is enabled on an interface, all the MAC addresses reaching the port must be
authenticated. If LMA, WMA, or MAC-AUTH is configured on an interface, the user can have more granular
control and does not need the device profile configuration. Therefore, the device profile will not be applied on
such interface.
Profile manager and Private VLANs
When the device profile is applied, a check is performed to verify if the VLAN addition violates any PVLAN
requirements. The following PVLAN related checks are done before applying the VLANs configured in the device
profile to an interface:
•
A port can be a member of only one VLAN from a given PVLAN instance.
•
A promiscuous port cannot be a member of a secondary VLAN.
MAC lockout and lockdown
The Rogue AP isolation feature uses the MAC lockout feature to block MACs in hardware. Therefore, any MAC
blocked with the Rogue AP isolation feature cannot be added with the lockout-mac or static-mac command
if the action type is set to block.
For example:
switch# lockout-mac 247703-7a8950
Cannot add the entry for the MAC address 247703-7a8950 because it is already
blocked by rogue-ap-isolation.
switch# static-mac 247703-7a8950 vlan 1 interface 1
Cannot add the entry for the MAC address 247703-7a8950 because it is already
Chapter 21 Simplifying Wireless and IoT Deployments
729
Table of Contents
Troubleshooting
