Network Management

Hello,

 

We'll soon be retiring our single AMP server (SuperAMP!) and are migrating to two Aruba AMP appliances plus a Glass appliance. We have  a dozen controllers running 6.4.4.16 and around 5600 APs.

 

I have the two AMP appliances built, licensed and ready to go. As soon as I introduce a controller the APs will start being dsicovered.

 

Before I discover anything I'm wondering what the best approach is. Do I configure amp primary-server for newamp1 on half the controllers and for newamp2 on the other half? What about the master? Once I discovery that don't I end up with all of the APs? We tried discovering all APs on a single newamp but that killed it. We need to keep the number at around 4k devices per appliance.

 

Any advice on how to split APs across the two AMP appliances before introducing Glass would be appreciated!

 

Thanks,

Mike

Glass acts similar to Master console. So you will be getting data from al the primary amps on Glass.

Since you have 5K+ devices i would suggest spliting them equally between both the primary server. Also, make sure we have good server spec for handling the devices.

 

Hi Vishnu,

 

I worked with TAC when one of our Aruba AMP appliances devices experiences performance issues. They informed me each appliance is spec'd for no more than 4500 devices. Hopefully splitting (roughly) the devices across the two appliances should not be an issue performance-wise.

 

To split devices I was going to add the statements below to each local controller.

mgmt-server type amp primary-server [amp1 or 2] profile default-amp

snmp-server host [amp1 or 2] version 2c xxxxx udp-port 162

 

One question, if I point the master controller to one of the Airwave appliances will it disover all my APs? Or are the command statements above sufficient to isolate which AMP each controller's AP lands on?

 

Mike

Hi Mike, Splitting the devices should take care of performance issue assuming you have the specs for 2500 devices.

The 2 commands you mentioned are one for sending AMON feeds and other to send the SNMP trap. 
To get the device up on Airwave we have to configure snmp community string on controller and add the controller on Airwave providing the community string under Device setup --> Add. One the device is added to a particular group and folder you will see APs associated under that controller in the new device list on Airwave.

 

Amon feed comes to picture post the device comes up on Airwave using SNMP. Also, you would have to enable prefer AMON vs SNMP under AMP setup --> General for Airwave to receive the AMON data.

 

Hi Vishnu, I do have the snmp community string configured on the controllers and split the amp appliances so that half the controllers are pointed to amp1 and the other half will point to amp2.

 

I know that if I add a local controller to one of the AMP appliances the APs associated with that controller will populate on that AMP. I have two questions:

 

1. If I add the master controller - which has no local APs on it - to one of the AMP appliances do all of the local devices get discovered automatically?

 

2. Which is the preferred method of data feed AMON or SNMP? On our aging production AMP we are using AMON.

 

Thanks for your assistance!

Mike

1. If I add the master controller - which has no local APs on it - to one of the AMP appliances do all of the local devices get discovered automatically?

 

Adding the Master controller can get the local controller under it discovered however not APs assuming it uses the same community string. Else, you can use the discover method on Airwave to discover all the devices on Airwave,

 

2. Which is the preferred method of data feed AMON or SNMP? On our aging production AMP we are using AMON.

 

Amon is preffered

 

Hi Vishnu, I added the master controller on amp1 and all the local controllers were discovered. On the controlller side I configured snmp for (only) amp1 on half of the controllers and for (only) amp2 for the other half.

 

Does it makes sense to Ignore the controllers that were discovered amp1 but that I plan to point to amp2? And add the discovered controllers on amp1 that I wish to remain on amp1?

 

Thanks,

Mike

Yes you can ignore them. Anyway since the community string is configured only on desired controllers(which needs to be on amp1) other controllers won’t come up even if u add them since the string is not configured.

On Amp2 you would have to either do a snmp discovery for rest of the controllers or add them manually since u already have the master added on amp1.

I have all of our controllers discovered - half on amp1 and half on amp2. I am using the same community string for all controllers. I ignored the controllers auto-discovered on amp1 that I wished to point to amp2. All APs have been discovered and are on monitoring.

 

I see that RAPIDS is only detecting rogue related information on amp1. There are no rogues entries for amp2. Is thi sbecause the Master controller is pointing to amp1? How do I resolve this?

 

Thanks,

Mike

Hi Mike,

Yes, this can be the reason. Unless you enable stats on the local controllers in a master/local environment, the local controllers do not populate their MIBs with any information about clients or rogue devices discovered/associated with their APs. Instead the information is sent upstream to master controller.

 

Hi Vishnu,

What commands are you referring when saying "enable stats on the local controllers in a master/local environment"? I have seen this in a doc somewhere but thought I was doing this already (see output commands below). As well, I am getting client data just not RAPIDS data.

 

Alternatively, would it be possible to discover the master on AMP2 as well? And ignore the undesired controllers I an montoring on AMP1? Any downside to doing this?

 

Thanks,

Mike

 

 

show ids wms-general-profile 
IDS WMS General Profile
-----------------------
Parameter                                    Value
---------                                    -----
AP poll interval                             124000 msec
AP poll retries                              2
AP ageout interval                           30 minutes
Adhoc AP ageout interval                     5 minutes
Station ageout interval                      30 minutes
Statistics update                            false
Persistent Neighbor APs                      false
Persistent Valid STAs                        false
AP learning                                  false
Propagate Wired Macs                         true
Collect Stats for Monitored APs and Clients  true
Learn System Wired Macs                      false

(lgrc-wac-106-4) #show wms general             
General Attributes
------------------
Key                           Value
---                           -----
poll-interval                 124000
poll-retries                  2
ap-ageout-interval            30
adhoc-ap-ageout-interval      5
sta-ageout-interval           30
learn-ap                      disable
persistent-neighbor           disable
persistent-valid-sta          disable
propagate-wired-macs          enable
learn-system-wired-macs       disable
stat-update                   disable
collect-stats                 enable
classification-server-ip      0.0.0.0
rtls-port                     8000
wms-on-master                 enable
event-correlation             logs-and-traps
event-correlation-quiet-time  900
use-db                        disable
calc-poll-interval            3504000
Switch IP                     <IP removed>
Is Master                     disable
Minutes Tick                  101191




(lgrc-wac-106-4) #show mgmt-server profile default-amp 
Mgmt Config profile "default-amp" (Predefined (editable))
---------------------------------------------------------
Parameter          Value
---------          -----
Stats              Enabled
Tag                Enabled
Sessions           Enabled
Monitored Info     Disabled
Misc               Enabled
Location           Enabled
UCC Monitoring     Disabled
AirGroup Info      Disabled
Inline DHCP stats  Enabled
Inline AP stats    Enabled
Inline Auth stats  Enabled
Inline DNS stats   Enabled

 

Hi,

 

Montiored info option proivdes AP Station stats/Info data.I see this option is in disabled state,enable this option and check the rogue status in Airwave.

 

Enable poll local controller for rogue option in RAPIDs>Setup page aswell, in master /local setup, it is recommanded to enable this option.

 

We can add master controller in AMP2 and ignore its local but we need to consider the number of snmp GET polling requests. Master controller will receive request from both AMP1 and AMP2 which may increase load on the controller.

 

If large number of APs are terminated on master then I would recommand to montior through single server, but  you can try add and  see the load, if it is high remove it.

 

 

Thanks Pavan,

 

The poll local controller for rogue option in RAPIDs>Setup page is currently disabled. As well as "Montiored info option" on the controllers as you pointed out. Will changing these setting add much load to the local controllers?

 

Under normal conditions the master controller has no APs terminated to it (it is configured as a backup lms for each local, so N+1).

 

If enabling monitored info option on controllers and poll local controller for rogue option in RAPIDs>Setup page will not add much load to t he controllers I am apt to go this route. Otherwise I would discover the master on both AMPs and ignore unwanted controllers on each AMP respectively.

 

Mike

No, enabling this options(poll local & Monitored info) on Airwave and controller does not add load on the controller, infact adding controllers on two airwave servers will add load.

 

Enable this options and check the rogue status.

You can add the Master controller however its not a good pratice to monitor the same device on 2 Airwave servers.
If its only for discovering the local controllers under it, may be you can use the discover option. I.e under Device setup --> Communication Add a network to scan and community string to get it identified. This will list all the devices in your network which have that community string. Post discovery you can add the needed devices to Group and Folder.