Wireless Access

last person joined: 22 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

AAC and UAC on same or different MC

This thread has been viewed 17 times

  • 1.  AAC and UAC on same or different MC

    Posted May 23, 2020 03:07 PM

    Hi guys,

     

    I understand AAC and UAC can be the same MC, as well as different MC. I know how to check the AAC and S-AAC for APs, but I don't know how to check the UAC and S-UAC for a specific user, is there a command to verify this? The command "show aaa cluster essid xxx users" doesn't work for me because in my network there are only RAPs with only wired clients, the Wi-Fi is disabled.

     

    Regards,

    Julián



  • 2.  RE: AAC and UAC on same or different MC

    EMPLOYEE
    Posted May 23, 2020 03:27 PM

    Hi,

     

    Did you try this command on MM

    show global-user-table list mac <MAC_OF_CLIENT>

    or

    show global-user-table list name <NAME_OF_CLIENT>

    You will be able to find UAC as such..

     

    Then from controller, you can do

    show aaa cluster essid <YOUR_SSID> mac <MAC_OF_CLIENT>

     

    Instead of the <YOUR_SSID> did you try the value that is showing for the ESSID column when you do show global-user-table list for that user?



  • 3.  RE: AAC and UAC on same or different MC

    EMPLOYEE
    Posted May 23, 2020 03:34 PM

    Hi,

     

    Also, did you try

    show user-table | inc <MAC or Name> and

    show user-table standby | inc <MAC or Name>

    commands on the controllers?



  • 4.  RE: AAC and UAC on same or different MC

    Posted May 23, 2020 05:19 PM

    Hi ayman_mukaddam,

     

    Of those commands only the first one shows the UAC of clients:

    show_global.png

    I understand current switch is the UAC.

     

    The other two commands:

    show_aaa.png

    This doesn't work with the essid shown in the previous command.

     

    show_user.png

    This shows the AP where the client is connected to but not the UAC.

     

    From the first command I know the UAC, is there a command to know which is the S-UAC?

     

    Regards,

    Julián

     

     

     



  • 5.  RE: AAC and UAC on same or different MC
    Best Answer

    EMPLOYEE
    Posted May 23, 2020 09:21 PM

    Thank you for asking about the RAP wired users. Let me shed more light on the question:

    A wired RAP user case is different than the wireless user in the sense that there is no ESSID and no roaming for such users. They are tied to the AP itself.

    In the current clustering implementation, no ESSID (not even a dummy one) means no bucketmap. That leads us to conclude that there is no UAC or S-UAC.

    Currently the wired RAP GRE tunnel terminates on the RAP AAC, and a standby wired GRE tunnel terminates on the S-AAC.

     

    You can check those GRE tunnels by running the command:

    show datapath tunnel table | inc <RAP_inner_ip>

     

    here is an example:

    On the AAC:

    (MC2) #show datapath tunnel table | include 8110
    24 10.70.149.12 192.168.200.101 47 8110 1300 153 0 0 85 0 0 20:4c:03:11:be:12 3 0 0 EePRY

     

    On the S-AAC:

    (MC1) #show datapath tunnel table | include 8110
    16 10.70.149.11 192.168.200.101 47 8110 1300 153 0 0 85 0 0 20:4c:03:11:be:12 0 0 0 EePRHY

     

    Note. The H flag indicates that this GRE tunnel is a standby.



  • 6.  RE: AAC and UAC on same or different MC

    Posted May 23, 2020 11:51 PM

    Hi makariosm,

     

    Very good point! I didn't know that about wired users, and that explains the reason in my cluster I see the UAC is the same as the AAC. Many thanks

     

    Regards,

    Julián



  • 7.  RE: AAC and UAC on same or different MC

    EMPLOYEE
    Posted May 24, 2020 02:18 AM

    Thank you Makariosm for this clarification..

     

    Hi Julian,

     

    I am interested to check if the show user-table standby | inc <MAC_OF_CLIENT> shows the standby wired RAP users or not. Can you try this command on the S-AAC and report the results?



  • 8.  RE: AAC and UAC on same or different MC

    EMPLOYEE
    Posted May 24, 2020 08:30 PM

    Hi Ayman,

     

    Although I did not believe that we should find a standby user, I checked it out and the command 'show user-table standby' on the S-AAC where the standby tunnel is and there was no such user.

    I checked both tunnel and split-tunnel mode and the output is pretty consistent.



  • 9.  RE: AAC and UAC on same or different MC

    Posted May 24, 2020 10:04 PM

    Hi Makiarosm,

     

    I think is a case of "terminology". Although you say there is no UAC and S-UAC, there is a controller which serves the user, which is the AAC. And there is also a standby controller which serves the user in case the active controller fails, which is the S-AAC. Isn't that right?

     

    Regards,

    Julian



  • 10.  RE: AAC and UAC on same or different MC

    EMPLOYEE
    Posted May 25, 2020 04:21 AM

    I did mean by UAC/S-UAC, the anchoring of a user to one controller when a user roams between APs. This roaming no longer applies to an AP wired user.

    Furthermore, the stateful failover, whereby the state of a user on one controller (UAC) is duplicated on another controller (S-UAC), also does not apply to the AP wired user.

    So it is not just a terminology, but more of an operation and redundancy of the AP wired user.

    I would compare the failover of an AP wired user in the Cluster to the HA (AP Fast Failover) users.

     



  • 11.  RE: AAC and UAC on same or different MC

    Posted May 25, 2020 11:20 AM

    Hi Makariosm,

     

    Very interesting all what you explain. All documents I have read explain hitless failover, client balancing and so on related to wireless users. With wired users is pretty different. Is there some document where it is explained all this related to the AP wired users as you explain?

     

    Regards,

    Julián