Wireless Access

Hello. I'm attempting to troubleshoot possible throughput issue with one of the four controllers in a lc-cluster in an environment running 8.3.0.8. I was able to reproduce the issue with one device and attempted swapping out optics and fiber jumpers to see if it would help the issue.

But since the maintenance I've been unable to get any of my test client device back on the specific controller. I've even powered off a device for a few hours in the hope it would get assigned back to the controller but no. lc-clustering seems happy with the current client load distribution and has only moved a tiny fraction of client devices back to the controller. None of which are ones I control and can test with. This is making it impossible to any basic troubleshooting such as iperf tests, etal.

I see there is an apmove command but I see no similar client move command. How does one force the migration of a client device to a specific controller without ripping out lc-cluster completely or other drastic means? I need to do this with as little risk to a production system as possible.

Thanks.

I am unsure if there is an option to specifically move a single client to a controller in a cluster. It is automatically chosen by the cluster leader i believe.

Since its a production environment, tearing down the cluster is not recommended.

Have you tried to remove the test client from user-table?

This can be done using the command " aaa user delete "

Here is an example,

(A_RAK)# aaa user delete 192.168.1.4

And have the test client connect again, it may go back to the UAC that most clients have.

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.

Manipulation of the user/aaa table seems to have no effect on which controller a client gets assigned to. I can delete it over and over and it sticks to whatever controller it was on before.

My guess is there is some state table on the mobility master in play here.

When a client joins a cluster, a hash is calculated on the last 3 octects of the client MAC address to create a Bucket ID for the client. Perform the following command on the MC to see the ID (1st column of output)

show aaa cluster essid-all users

From there, issue the following command to see the bucket map that the user id is referenced against.

show aaa cluster essid-all bucketmap

A list of bucket maps (lookup tables) will be displayed, one for each ESSID. Find the ESSID that the client is connecting to. Take the Bucket ID of the client, for example 130. For the ESSID, go to the line "Active Map[128-159]", based on the client id of 130. The first number is position 128. Move to the 3rd position, which is 130. There will be a number 00, 01, 02, ...  This identifies the user anchor controller that this user will be assigned to. Look above the Active Map section and you will see UAC0, UAC1, UAC2, ... which maps to the IP address of the cluster node. So, whichever controller is reference, that is the user anchor controller of any client whose hash is equal to 130. If you perform this same lookup on the Standby Map table below, you can identify the Standby User Anchor Controller S-UAC for this user too.

No matter what happens with the client, the client bucket id will always be the same (unless the client's MAC address changes) and will correlate to the controller in the bucket map. I don't know of any way of changing the client UAC except for change the cluster configuration (removing a cluster controller). By removing a controller, the user will fail to the standby UAC (if you remove the controller that the client was connected to), and the bucket map will be modified based upon one less controller in the cluster. Adding a controller to the cluster will also generate a new bucket map. Once the controler is added, user load balancing may move clients to a different cluster member.

I hope this helps,

Thank you for the detailed information westcott.

Unfortunately the device I need to move does not have the desired target controller as either it's primary or secondary. A controller reboot and removing a controller from the cluster did not nudge it in a helpful manner.

Time to engage TAC. Sigh.

Thanks again for your expert guidance. :)

So,

There is a way to move a client from one UAC to another, but unfortunately, it changes the UAC and Standby UAC of all clients in the same bucket index, not a single client, because UACs and Standby UACs of clients follow the bucket index.  So the answer to your question, is no there is not a method for a single client.

EDIT;

Alternatively, you can find all of the clients on the UAC that you are looking for by using the “show aaa cluster essid <name of SSID> users” command and filter on the UAC

That might give you potential candidates for that specific SSID.

Thank you westcott and cjoseph.

For future search engine users:

TAC confirmed there is no way to move a specific client but you can change what controllers a specific bucket are assigned to. TAC provided me with a detailed instruction set utilizing some commands under "cluster-debug" to use for this task.

Switching a bucket's controllers is disruptive to all of the clients in that bucket from my testing. You can expect all the clients in the bucket to lose connectivity for a good 20-30 seconds. TAC's instructions also had some warnings to not do this on a regular basis. If this is your first time doing this it's probably a good idea to open a ticket with TAC.

I wish there is a lightweight way of doing this but this solves my immediate need.

Thanks again.