Wireless Access

Reply
Occasional Contributor II
Posts: 36
Registered: ‎02-08-2011

MIB for current license usage?

Hello,

 

I have a sneaking suspicion that an ongoing problem I am seeing is related to running out of user licenses on a controller.

 

Does anyone know if an OID I can check periodically to report license stats? I'm looking for this type for information:

 

(controller) #show license-usage user

User License Usage
------------------
Name Value
---- -----
License Limit 8192
License Usage 8074
License Exceeded 0
License Platform 8192
Station Total 8074
Station AP entries 0
Station VPN entries 0
Station VPN users 0
Station xSec users 0
IP Users 4554
Association Users 7911

 

 

As of writing this I'm realizing that it is the platform limit that I am hitting. On on another note, why is there such a different between IP Users and Association Users?

 

Thanks in advance,

Dave

Aruba
Posts: 760
Registered: ‎05-31-2007

Re: MIB for current license usage?

Impressive user counts.    Thats the highest loading I have seen on any device (and I have seen hundreds of sites...)  

 

What you have below are indeed platform limits, rather than license limits(a sub-set of the platform limit...from 0% to 100% of platform limit in reality) persay. 

 

I would investigate the users that you have from the 'show user' output on the controller under load.   Or use Airwave to automatically  generate a report of users and look at those in the pre-authentication role vs. post-authentication role.

 

If the vast majority are in pre-authentication role, you may consider a strategy to ensure that you don't have users doing 'drive by's' and consuming user 'space' on the controller.   

 

Pls let us know ...

 

JF

Occasional Contributor II
Posts: 36
Registered: ‎02-08-2011

Re: MIB for current license usage?

Hi,

 

I have opened a support case on this subject. 

 

If I issue the command "show user-table", there are significantly less user entries than what is reported by "License Usage". The "IP Users" field is an accurate representation of the number of users in the user table.

 

If I run the command "show user-table unique | include "N/A"'.. there are hundreds of entries with ages ranging from 1 minute to 15 days. This cannot be correct. These users are also in our post-auth role, where they normally would be, so it seems that they are not just drive-bys. My first guess is that users are not being cleared properly when they go away, and they are taking up a license long after.

 

Is there a configuration directive for ageout that I may be missing? 

 

Any suggestions would be appreciated.

 

Thanks,

Dave

Aruba
Posts: 760
Registered: ‎05-31-2007

Re: MIB for current license usage?

Thanks for the observations.   Definately the path I was going down... e.g. potentially related to timeouts that may be set.

 

You can view some of the timeout values under  configuration/authentication/advanced.   See if those timeouts are very large as a starting point.

Occasional Contributor II
Posts: 36
Registered: ‎02-08-2011

Re: MIB for current license usage?

The longest timeout I can find is on the 802.1x authentication profile:

 

Reauthenticaiton: 24 hrs

 

On the tab you suggested, I see:

 

User Idle Timeout: 900 sec

Logon User Lifetime: 5 min

 

All of those values seem appropriate. 

 

Ps. I appreciate the help ruling things out. The less time I have to spend troubleshooting with TAC, the better!

 

Dave

Search Airheads
Showing results for 
Search instead for 
Did you mean: