Controller-less WLANs

 View Only
last person joined: one year ago 

Articles relating to existing and legacy HPE Aruba Networking products and solutions including IAP, Central / HPE Aruba Networking Central, MSR, and Outdoor Mesh
Back to Library

How to check if ARM Scanning is getting paused in Aruba Instant 

May 18, 2016 04:24 PM

Q:

How do we verify if scanning is being paused in Aruba Instant?



A:

"Disable Scanning" is an option present in the user-role which stops ARM from scanning when the configured acl is hit.

84:d4:7e:c3:d9:02# show access-rule IAP-SSID

Access Rules
------------
Dest IP  Dest Mask  Eth Type  Dest Match  Protocol (id:sport:eport)  Application  Action  Log  TOS  802.1P  Blacklist  App Throttle (Up:Down)  Mirror  DisScan  ClassifyMedia
-------  ---------  --------  ----------  -------------------------  -----------  ------  ---  ---  ------  ---------  ----------------------  ------  -------  -------------
any      any        IPv4/6    match       sips                                    permit                                                               Yes      Yes
any      any        IPv4/6    match       any                                     permit
Vlan Id           :0
ACL Captive Portal:disable
ACL ECP Profile   :default
CALEA             :disable
DPI error page URL:
Bandwidth Limit   :downstream disable upstream disable

 

84:d4:7e:c3:d9:02# show clients

Client List
-----------
Name          IP Address     MAC Address        OS  ESSID     Access Point       Channel  Type  Role      Signal    Speed (mbps)
----          ----------     -----------        --  -----     ------------       -------  ----  ----      ------    ------------
khils-iPhone  172.31.98.146  d8:1d:72:7d:75:67      IAP-SSID  84:d4:7e:c3:d9:02  36E      AC    IAP-SSID  11(poor)  195(good)
Number of Clients   :1
Info timestamp      :3136


84:d4:7e:c3:d9:02# show datapath user
Datapath User Table Entries
---------------------------
Flags: P - Permanent, W - WEP, T- TKIP, A - AESCCM
       R - ProxyARP to User, N - VPN, L - local, I - Intercept, D - Deny local routing
FM(Forward Mode): S - Split, B - Bridge, N - N/A

       IP              MAC           ACLs    Contract   Location  Age    Sessions   Flags     Vlan  FM  MediaSessCnt
---------------  -----------------  -------  ---------  --------  -----  ---------  -----     ----  --  ------------
0.0.0.0          84:D4:7E:C3:D9:02   105/0      0/0     0         0        2/65535  P           1   N          0
0.0.0.0          D8:1D:72:7D:75:67   136/0      0/0     0         0        0/65535  P        3333   B          0
10.17.169.93     84:D4:7E:C3:D9:02   105/0      0/0     0         0        2/65535  P           1   N          0
172.31.98.146    D8:1D:72:7D:75:67   136/0      0/0     0         0        5/65535           3333   B          0
172.31.98.1      84:D4:7E:C3:D9:02   105/0      0/0     0         0        0/65535  P        3333   B          0


84:d4:7e:c3:d9:02# show datapath acl 136
Datapath ACL 136 Entries
-----------------------
Flags: P - permit, L - log, E - established, M/e - MAC/etype filter
       S - SNAT, D - DNAT, R - redirect, r - reverse redirect m - Mirror
       I - Invert SA, i - Invert DA, H - high prio, O - set prio, C - Classify Media
       A - Disable Scanning, B - black list, T - set TOS, t - time based, o - tunnel only
       K - App Throttle, s - Domain SA, d - Domain DA, 4 - IPv4, 6 - IPv6
----------------------------------------------------------------
 1:  any  any  17 0-65535 8209-8211  P4
 2:  172.31.98.0 255.255.254.0  172.31.98.0 255.255.254.0  6 0-65535 5061-5061  PCA4
 3:  172.31.98.0 255.255.254.0  224.0.0.0 224.0.0.0  6 0-65535 5061-5061  PCA4
 4:  172.31.98.0 255.255.254.0  any  6 0-65535 5061-5061  10.17.169.93 PSCA4
 5:  any  any  6 0-65535 5061-5061  PCA4
 6:  172.31.98.0 255.255.254.0  172.31.98.0 255.255.254.0  any  P4
 7:  172.31.98.0 255.255.254.0  224.0.0.0 224.0.0.0  any  P4  hits 1
 8:  172.31.98.0 255.255.254.0  any  any  10.17.169.93 PS4  hits 16
 9:  any  any  any  P4
10:  any  any  any  Pe4  hits 1


When traffic hits the acl we can see "hits" increasing.

84:d4:7e:c3:d9:02# show datapath acl 136
Datapath ACL 136 Entries
-----------------------
Flags: P - permit, L - log, E - established, M/e - MAC/etype filter
       S - SNAT, D - DNAT, R - redirect, r - reverse redirect m - Mirror
       I - Invert SA, i - Invert DA, H - high prio, O - set prio, C - Classify Media
       A - Disable Scanning, B - black list, T - set TOS, t - time based, o - tunnel only
       K - App Throttle, s - Domain SA, d - Domain DA, 4 - IPv4, 6 - IPv6
----------------------------------------------------------------
 1:  any  any  17 0-65535 8209-8211  P4
 2:  172.31.98.0 255.255.254.0  172.31.98.0 255.255.254.0  6 0-65535 5061-5061  PCA4 hits 18
 3:  172.31.98.0 255.255.254.0  224.0.0.0 224.0.0.0  6 0-65535 5061-5061  PCA4
 4:  172.31.98.0 255.255.254.0  any  6 0-65535 5061-5061  10.17.169.93 PSCA4
 5:  any  any  6 0-65535 5061-5061  PCA4 hits 10
 6:  172.31.98.0 255.255.254.0  172.31.98.0 255.255.254.0  any  P4  hits 11
 7:  172.31.98.0 255.255.254.0  224.0.0.0 224.0.0.0  any  P4  hits 12
 8:  172.31.98.0 255.255.254.0  any  any  10.17.169.93 PS4  hits 778
 9:  any  any  any  P4  hits 5
10:  any  any  any  Pe4  hits 14


84:d4:7e:c3:d9:02# show aps scanning

AP Scanning Stats
-----------------
Name               IP Address    2.4 Reqs  2.4 Voice Rejs  2.4 Video Rejs  5.0 Reqs  5.0 Voice Rejs  5.0 Video Rejs
----               ----------    --------  --------------  --------------  --------  --------------  --------------
84:d4:7e:c3:d9:02  10.17.169.93  418       1               0               408       4               0


84:d4:7e:c3:d9:02# show ap debug radio-stats 0 | include Voice
Voice aware Scan Rejects            4

The value "4" represents that 4 times the Scanning was deferred from happening. Scan Interval is 10 seconds for both the radios.

 

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.