Product and Software: This article applies to all Aruba M3 and 3000 Series controllers and ArubaOS 3.3.2.x and later.
When the new M3 and 3000 Series controllers were introduced, so was per-user, per-session, and per-AP licensing for these new platforms. However, the software itself was never actually enforcing these limits. For example, an installed LIC-PEF-128 license legally allows a maximum of 128 users to simultaneously connect, but in reality, the 129th and above users were able to connect, up to the platform maximum.
In ArubaOS 3.3.2.0, all license limits are now enforced. In the above scenario, the 129th user will now be refused access.
Note that this license enforcement change only affects the behavior on ArubaOS 3.3.2 or later for the M3mk1, A3200, A3400, and A3600 platforms. The behavior on all other controller platforms for all the licenses is unchanged, because all other platforms do not have this style of cumulative licensing.
The only time when this enforcement change will become an issue is where the customer is running the network over the purchased capacity and then upgrades to ArubaOS 3.3.2. If the enforcement were to take place instantaneously after an upgrade of the version, then the automatic assumption would be that there is a problem with this version of software. To ensure a smooth upgrade, an upgrade to ArubaOS 3.3.2 will sometimes cause the generation of special temporary licenses.
On an upgrade to ArubaOS 3.3.2, the controller will check if there are any PEF, VOC, VPN, XSC, or WIP licenses installed on the controller and if so, it will automatically generate and install an evaluation license for the maximum capacity of the controller platform. This will ensure that no matter what load is about to reconnect, the controller will be able to support it.
This temporary license will be valid for 30 days and will force a license warning message on the WebUI screen. When this temporary license expires, if the license is oversubscribed relative to the permanent license count, existing users/APs/sessions will NOT be disconnected and the controller will NOT reboot, but new users will not be able to connect until the capacity count returns to below the purchased amount.
If these licenses are deleted, the controller will be instantly limited to the number of purchased licenses, which should not be an issue for all properly designed networks.
Note that when you have both AP licenses and WIP licenses, you should ensure that these limits are identical; otherwise, the lower of the two will be used for both licenses. This is the same with user counts for PEF and VOC. For example, if you have a LIC-WIP-8 and a LIC-16-AP, when the temporary license has expired, the controller will only allow eight APs to connect even though a LIC-16-AP is installed. Similarly, with a LIC-PEF-512 and a LIC-VOC-128, when the temporary license expires, the controller will limit the number of users to only 128, whether those users are using voice or not.