Wireless Access

Reply
Highlighted
MVP Expert

AAC and UAC on same or different MC

Hi guys,

 

I understand AAC and UAC can be the same MC, as well as different MC. I know how to check the AAC and S-AAC for APs, but I don't know how to check the UAC and S-UAC for a specific user, is there a command to verify this? The command "show aaa cluster essid xxx users" doesn't work for me because in my network there are only RAPs with only wired clients, the Wi-Fi is disabled.

 

Regards,

Julián


Accepted Solutions
Highlighted
Aruba Employee

Re: AAC and UAC on same or different MC

Thank you for asking about the RAP wired users. Let me shed more light on the question:

A wired RAP user case is different than the wireless user in the sense that there is no ESSID and no roaming for such users. They are tied to the AP itself.

In the current clustering implementation, no ESSID (not even a dummy one) means no bucketmap. That leads us to conclude that there is no UAC or S-UAC.

Currently the wired RAP GRE tunnel terminates on the RAP AAC, and a standby wired GRE tunnel terminates on the S-AAC.

 

You can check those GRE tunnels by running the command:

show datapath tunnel table | inc <RAP_inner_ip>

 

here is an example:

On the AAC:

(MC2) #show datapath tunnel table | include 8110
24 10.70.149.12 192.168.200.101 47 8110 1300 153 0 0 85 0 0 20:4c:03:11:be:12 3 0 0 EePRY

 

On the S-AAC:

(MC1) #show datapath tunnel table | include 8110
16 10.70.149.11 192.168.200.101 47 8110 1300 153 0 0 85 0 0 20:4c:03:11:be:12 0 0 0 EePRHY

 

Note. The H flag indicates that this GRE tunnel is a standby.

View solution in original post


All Replies
Highlighted
Aruba Employee

Re: AAC and UAC on same or different MC

Hi,

 

Did you try this command on MM

show global-user-table list mac <MAC_OF_CLIENT>

or

show global-user-table list name <NAME_OF_CLIENT>

You will be able to find UAC as such..

 

Then from controller, you can do

show aaa cluster essid <YOUR_SSID> mac <MAC_OF_CLIENT>

 

Instead of the <YOUR_SSID> did you try the value that is showing for the ESSID column when you do show global-user-table list for that user?

Highlighted
Aruba Employee

Re: AAC and UAC on same or different MC

Hi,

 

Also, did you try

show user-table | inc <MAC or Name> and

show user-table standby | inc <MAC or Name>

commands on the controllers?

Highlighted
MVP Expert

Re: AAC and UAC on same or different MC

Hi ayman_mukaddam,

 

Of those commands only the first one shows the UAC of clients:

show_global.png

I understand current switch is the UAC.

 

The other two commands:

show_aaa.png

This doesn't work with the essid shown in the previous command.

 

show_user.png

This shows the AP where the client is connected to but not the UAC.

 

From the first command I know the UAC, is there a command to know which is the S-UAC?

 

Regards,

Julián

 

 

 

Highlighted
Aruba Employee

Re: AAC and UAC on same or different MC

Thank you for asking about the RAP wired users. Let me shed more light on the question:

A wired RAP user case is different than the wireless user in the sense that there is no ESSID and no roaming for such users. They are tied to the AP itself.

In the current clustering implementation, no ESSID (not even a dummy one) means no bucketmap. That leads us to conclude that there is no UAC or S-UAC.

Currently the wired RAP GRE tunnel terminates on the RAP AAC, and a standby wired GRE tunnel terminates on the S-AAC.

 

You can check those GRE tunnels by running the command:

show datapath tunnel table | inc <RAP_inner_ip>

 

here is an example:

On the AAC:

(MC2) #show datapath tunnel table | include 8110
24 10.70.149.12 192.168.200.101 47 8110 1300 153 0 0 85 0 0 20:4c:03:11:be:12 3 0 0 EePRY

 

On the S-AAC:

(MC1) #show datapath tunnel table | include 8110
16 10.70.149.11 192.168.200.101 47 8110 1300 153 0 0 85 0 0 20:4c:03:11:be:12 0 0 0 EePRHY

 

Note. The H flag indicates that this GRE tunnel is a standby.

View solution in original post

Highlighted
MVP Expert

Re: AAC and UAC on same or different MC

Hi makariosm,

 

Very good point! I didn't know that about wired users, and that explains the reason in my cluster I see the UAC is the same as the AAC. Many thanks

 

Regards,

Julián

Highlighted
Aruba Employee

Re: AAC and UAC on same or different MC

Thank you Makariosm for this clarification..

 

Hi Julian,

 

I am interested to check if the show user-table standby | inc <MAC_OF_CLIENT> shows the standby wired RAP users or not. Can you try this command on the S-AAC and report the results?

Highlighted
Aruba Employee

Re: AAC and UAC on same or different MC

Hi Ayman,

 

Although I did not believe that we should find a standby user, I checked it out and the command 'show user-table standby' on the S-AAC where the standby tunnel is and there was no such user.

I checked both tunnel and split-tunnel mode and the output is pretty consistent.

Highlighted
MVP Expert

Re: AAC and UAC on same or different MC

Hi Makiarosm,

 

I think is a case of "terminology". Although you say there is no UAC and S-UAC, there is a controller which serves the user, which is the AAC. And there is also a standby controller which serves the user in case the active controller fails, which is the S-AAC. Isn't that right?

 

Regards,

Julian

Highlighted
Aruba Employee

Re: AAC and UAC on same or different MC

I did mean by UAC/S-UAC, the anchoring of a user to one controller when a user roams between APs. This roaming no longer applies to an AP wired user.

Furthermore, the stateful failover, whereby the state of a user on one controller (UAC) is duplicated on another controller (S-UAC), also does not apply to the AP wired user.

So it is not just a terminology, but more of an operation and redundancy of the AP wired user.

I would compare the failover of an AP wired user in the Cluster to the HA (AP Fast Failover) users.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: