Push from Panorama to Firewall fails due to invalid configuration - poe is invalid. Not a PoE port
18796
Created On 04/20/23 05:02 AM - Last Modified 05/06/23 03:33 AM
Symptom
- On Panorama, when configuring any interface in the template, it shows POE as enabled.
- Since the interface is configured via Panorama and does not support POE, one would assume to disable this option.
- If a customer disables the option <PoE Enable> while configuring a non-supported PoE interface as an aggregate ethernet for a PA-1400 series, then the push from Panorama to Firewall fails with error
- Re-enabling POE will not fix the commit issue.
Details:
. Validation Error:
. network -> interface -> ethernet -> ethernet1/14 -> poe is invalid. Not a PoE port
. network -> interface -> ethernet -> ethernet1/14 -> poe is invalid
. Commit failed
Environment
- Panorama managed PA-1400 series firewall.
- PAN-OS 11.0.0.
- Commit Opreation.
Cause
The settings for option <PoE Enable> should not be modified.
Resolution
- Delete the interface which the customer has configured with aggregate ethernet where he disabled the option <PoE Enable>.
- Delete the aggregate group.
- Perform Commit to Panorama and then Push to devices.
- Create an aggregate group.
- Add interface and call aggregate group and do not modify the settings for option <PoE Enable>. This option should be enabled. PoE is enabled by default on PoE ports.
If the POE option is not touched when configuring the POE setting on an interface, the additional POE line is not added and the issue is not seen.
Aggregate "ae1" and "ae2" configuration
Aggregate "ae1" and "ae2" configuration
Additional Information
- Re-enabling POE will not fix the commit issue since an additional line is already added in the config.
<entry name="ethernet1/14">
<aggregate-group>ae1</aggregate-group>
<poe>
<poe-enabled>no</poe-enabled>
</poe>
</entry>
<entry name="ethernet1/15">
<aggregate-group>ae2</aggregate-group>
<poe>
<poe-enabled>no</poe-enabled>
</poe>
</entry>
</ethernet>