Wireless Access

Reply
Contributor II
Posts: 41
Registered: ‎03-04-2015

Dashboard > Security wildly out of sync with "show wms ap list"

In the controller's Web GUI, at Dashboard > Security, I see some very nice summary figures for the WMS database.  If I click, for instance, on the number for "Suspected Rogue" under "Active APs" it shows the details in the lower pane.  If I "Export All" and then sort this spreadsheet on BSSID, I have a lot of duplicates.  If I compare the the numbers shown in the dashboard with what the results of the "show wms ap list" command the results are no where close.  For example, on the Dashboard my number for Suspected Rogue is 3,451.  When I run "show wms ap list | include suspected-rogue" I get 11 records back.

 

Have I misunderstood the relationship between these outputs?  Aren't they supposed to represent the same data?

 

Also, if I do a "show wms counters" my last four rows are:

 

Total Tree Count           700000
MAX RB-tree Count      700000
Max Count Exceeded - APs 45
Max Count Exceeded - STAs 38

 

which I understand is not a good thing.  My AirWave servers are already over-taxed so I cannot offload WMS to them .  Can I increase my "Max RB-tree Count" as long as I have available memory?  Will that resolve my situation?

 

Finally, is there a document with a comprehensive discussion of the WMS database and how to manage it.  What I can find is mostly pieces and parts and most of that is outdated.

 

 

Guru Elite
Posts: 20,810
Registered: ‎03-29-2007

Re: Dashboard > Security wildly out of sync with "show wms ap list"

What version of ArubaOS and what controller hardware?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 41
Registered: ‎03-04-2015

Re: Dashboard > Security wildly out of sync with "show wms ap list"

ArubaOS 6.4.2.6

Controller is an M3

Guru Elite
Posts: 20,810
Registered: ‎03-29-2007

Re: Dashboard > Security wildly out of sync with "show wms ap list"

There is some documentation about WMS in the knowledgebase, but it is not in depth.

The "show wms ap-list" command is very dynamic and it is possible that it will not match the GUI exactly.

You might want to look at "show wms monitor-summary" to attempt to correlate the information with the GUI; but in a highly dynamic network, that also might not match exactly.

 

What is the output of "

show ids wms-general-profile

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 41
Registered: ‎03-04-2015

Re: Dashboard > Security wildly out of sync with "show wms ap list"

The output of "show wms monitor-summary" does correlate.  But why would I see duplicates when I "export all" from the Dashboard?

 

 

# show ids wms-general-profile

IDS WMS General Profile 
----------------------- 
Parameter                                    Value
---------                                    -----
AP poll interval                             60000 msec
AP poll retries                             1
AP ageout interval                           30 minutes
Adhoc AP ageout interval                     5 minutes
Station ageout interval                      5 minutes
Statistics update                            false
Persistent Neighbor APs                      true
Persistent Valid STAs                        false
AP learning                                  false
Propagate Wired Macs                         true
Collect Stats for Monitored APs and Clients  false
Learn System Wired Macs                      false

 

Guru Elite
Posts: 20,810
Registered: ‎03-29-2007

Re: Dashboard > Security wildly out of sync with "show wms ap list"

I don't know exactly what table the export draws its data from.  It could be that having so many interfering devices in the wms database affects the output, since from the counters it seems like your data has grown past the database size..  You cannot increase the memory for the WMS database, because it set by platform.  On the M3, memory is definitely at  a premium.

 

Changing the AP ageout to less than 30 minutes could affect this positively in terms of the overflow, but there is no guarantee that the export will match the output of "show wms" exactly.  You might have to open a TAC case so that they can analyze your data and understand what exactly is going on.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 41
Registered: ‎03-04-2015

Re: Dashboard > Security wildly out of sync with "show wms ap list"

OK, thank you.  One last question:  Can I do any harm by "Delete"ing the entries from the Dashboard > Security.  That is, if I delete them (you have to do this one-by-one) and they are bogus then it seems like a good thing.  If I delete them but they are real, will WMS detect them again and re-insert them?  Or will WMS see that I have previously deleted them and ignore them?

Guru Elite
Posts: 20,810
Registered: ‎03-29-2007

Re: Dashboard > Security wildly out of sync with "show wms ap list"

There is no harm to deleting them. WMS will just reinsert them when observed again.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: