Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Dashboard > Security wildly out of sync with "show wms ap list"

This thread has been viewed 1 times

  • 1.  Dashboard > Security wildly out of sync with "show wms ap list"

    Posted May 21, 2015 02:56 PM

    In the controller's Web GUI, at Dashboard > Security, I see some very nice summary figures for the WMS database.  If I click, for instance, on the number for "Suspected Rogue" under "Active APs" it shows the details in the lower pane.  If I "Export All" and then sort this spreadsheet on BSSID, I have a lot of duplicates.  If I compare the the numbers shown in the dashboard with what the results of the "show wms ap list" command the results are no where close.  For example, on the Dashboard my number for Suspected Rogue is 3,451.  When I run "show wms ap list | include suspected-rogue" I get 11 records back.

     

    Have I misunderstood the relationship between these outputs?  Aren't they supposed to represent the same data?

     

    Also, if I do a "show wms counters" my last four rows are:

     

    Total Tree Count           700000
    MAX RB-tree Count      700000
    Max Count Exceeded - APs 45
    Max Count Exceeded - STAs 38

     

    which I understand is not a good thing.  My AirWave servers are already over-taxed so I cannot offload WMS to them .  Can I increase my "Max RB-tree Count" as long as I have available memory?  Will that resolve my situation?

     

    Finally, is there a document with a comprehensive discussion of the WMS database and how to manage it.  What I can find is mostly pieces and parts and most of that is outdated.

     

     



  • 2.  RE: Dashboard > Security wildly out of sync with "show wms ap list"

    EMPLOYEE
    Posted May 21, 2015 03:22 PM
    What version of ArubaOS and what controller hardware?


  • 3.  RE: Dashboard > Security wildly out of sync with "show wms ap list"

    Posted May 21, 2015 03:26 PM

    ArubaOS 6.4.2.6

    Controller is an M3



  • 4.  RE: Dashboard > Security wildly out of sync with "show wms ap list"

    EMPLOYEE
    Posted May 21, 2015 03:35 PM

    There is some documentation about WMS in the knowledgebase, but it is not in depth.

    The "show wms ap-list" command is very dynamic and it is possible that it will not match the GUI exactly.

    You might want to look at "show wms monitor-summary" to attempt to correlate the information with the GUI; but in a highly dynamic network, that also might not match exactly.

     

    What is the output of "

    show ids wms-general-profile

     



  • 5.  RE: Dashboard > Security wildly out of sync with "show wms ap list"

    Posted May 21, 2015 03:55 PM

    The output of "show wms monitor-summary" does correlate.  But why would I see duplicates when I "export all" from the Dashboard?

     

     

    # show ids wms-general-profile

    IDS WMS General Profile 
    ----------------------- 
    Parameter                                    Value
    ---------                                    -----
    AP poll interval                             60000 msec
    AP poll retries                             1
    AP ageout interval                           30 minutes
    Adhoc AP ageout interval                     5 minutes
    Station ageout interval                      5 minutes
    Statistics update                            false
    Persistent Neighbor APs                      true
    Persistent Valid STAs                        false
    AP learning                                  false
    Propagate Wired Macs                         true
    Collect Stats for Monitored APs and Clients  false
    Learn System Wired Macs                      false

     



  • 6.  RE: Dashboard > Security wildly out of sync with "show wms ap list"

    EMPLOYEE
    Posted May 21, 2015 04:35 PM

    I don't know exactly what table the export draws its data from.  It could be that having so many interfering devices in the wms database affects the output, since from the counters it seems like your data has grown past the database size..  You cannot increase the memory for the WMS database, because it set by platform.  On the M3, memory is definitely at  a premium.

     

    Changing the AP ageout to less than 30 minutes could affect this positively in terms of the overflow, but there is no guarantee that the export will match the output of "show wms" exactly.  You might have to open a TAC case so that they can analyze your data and understand what exactly is going on.



  • 7.  RE: Dashboard > Security wildly out of sync with "show wms ap list"

    Posted May 21, 2015 04:58 PM

    OK, thank you.  One last question:  Can I do any harm by "Delete"ing the entries from the Dashboard > Security.  That is, if I delete them (you have to do this one-by-one) and they are bogus then it seems like a good thing.  If I delete them but they are real, will WMS detect them again and re-insert them?  Or will WMS see that I have previously deleted them and ignore them?



  • 8.  RE: Dashboard > Security wildly out of sync with "show wms ap list"

    EMPLOYEE
    Posted May 21, 2015 05:01 PM
    There is no harm to deleting them. WMS will just reinsert them when observed again.