Command of the Day

Reply
Guru Elite
Posts: 20,348
Registered: ‎03-29-2007

COTD: show aaa derivation-rules server-group (how many users are hitting my rules?

You have server groups defined and your users are being authenticated. You also have server derivation rules so that users can be sorted into roles when they authenticate successfully.

The question is, what rules do I have and how many users are hitting them?

First, you need to find out what server groups you have:

(Arub3600) #show aaa server-group                         

Server Group List
-----------------
Name References Profile Status
---- ---------- --------------
default 29
internal 1 Predefined
sg-captiveportal 1
sg-dot1x 4
sg-dot1x-phones-office 1
sg-dot1x-corpsite220 3
sg-dot1x-corpsite320 2
sg-dot1x-warehouse 2
sg-guest 0
sg-mgmt 1

Total:10


You might want to see how many server groups have how many servers, rules and hits each server group has:
(Aruba3600) #show aaa derivation-rules server-group 

Server Groups
-------------
Name Servers Rules hits Out-of-service
---- ------- ----- ---- --------------
default 1 0 0
internal 1 1 0
sg-captiveportal 3 1 0
sg-dot1x 2 2 0
sg-dot1x-corpsite220 2 2 198
sg-dot1x-corpsite320 2 0 0
sg-dot1x-warehouse 2 0 0
sg-guest 1 0 0
sg-mgmt 1 1 0


You might also want to see see how many individual rules were hit by the rules in that server group you are interested in:

(Aruba3600) #show aaa derivation-rules server-group corpsite220

Server Group
------------
Name Inservice trim-FQDN match-FQDN
---- --------- --------- ----------
vortex Yes No
discovery Yes No

Server Rule Table
-----------------
Priority Attribute Operation Operand Action Value Total Hits New Hits
-------- --------- --------- ------- ------ ----- ---------- --------
1 Filter-Id contains employee set role employee 99 99
2 Filter-Id contains contract set vlan 64 99 99

Rule Entries: 2


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: