Wireless Access

Reply
Highlighted
Regular Contributor II

Multiple user entries in user table

AOS8.4.0.4 cluster

I was doing some troubleshooting for a user today and noticed that if I look in the global-user-table on the MM and filter for his username he has hundreds of entries (so many that I cancelled the search before all of the entries had been listed) ("show global list | inc <username>"). However if I run "show global list name <username>" I see a much more sane output (1 entry per MAC as you'd expect).

 

He is connecting to a bridged dot1x SSID.

 

If I do the same test on my own username in both cases the output is pretty normal looking.

 

So I'm wondering if the fact that he has hundreds of entries is something to worry about? Is it an artefact of being connected to a bridged dot1x SSID? (Note that I am not connected to the same SSID, I am connected to a tunnelled dot1x SSID). What prompts an entry into the user-table?

 

Thanks

Guy

 

... as an addendum to this post, in the AP debug driver-log I see some entries for one of his devices:

 

[7369184.346211] asap_user_add_entry: 36 callbacks suppressed
[7369184.346239] asap_user_add_entry[1004]: User(ac:bc:32:7d:94:23 0) reach Max number
[7369184.567076] asap_user_add_entry[1004]: User(ac:bc:32:7d:94:23 0) reach Max number
[7369184.734326] asap_user_add_entry[1004]: User(ac:bc:32:7d:94:23 0) reach Max number
[7369185.029109] asap_user_add_entry[1004]: User(ac:bc:32:7d:94:23 0) reach Max number
[7369185.375181] asap_user_add_entry[1004]: User(ac:bc:32:7d:94:23 0) reach Max number

 

There are repeated similar entries for this device. There aren't similar entries for other devices. One thing that is unique about this particular device is that it is a laptop running 2 VMs (in fact it is this device that prompted the troubleshooting - the symptoms are that only one of the VMs ever has connectivity, one always fails to connect though it is 'seen' on the network (ie his local switches and router (this is an enterprise environment)). It isn't always the same VM. The VMs are set to bridging mode. I bumped up the "Max IPv4 for wireless user" limit on his AAA profile to 4 in case he was hitting into the previous limit of 2 but this hasn't changed anything.

 


Accepted Solutions
Highlighted
Moderator

Re: Multiple user entries in user table

hi Guy

 

"What prompts an entry into the user-table"

Any source IP address sent by a valid client mac address

 

But, to your problem at hand, unfortunately bridge mode is limited to max ipv4 = 2 and ipv6 = 4 addresses irrespective of the setting in the aaa profile. This is to be addressed in AOS 8.7, but for now it's not possible for bridge mode.

 

 

 

 

 

 

 

View solution in original post


All Replies
Highlighted
Moderator

Re: Multiple user entries in user table

hi Guy

 

"What prompts an entry into the user-table"

Any source IP address sent by a valid client mac address

 

But, to your problem at hand, unfortunately bridge mode is limited to max ipv4 = 2 and ipv6 = 4 addresses irrespective of the setting in the aaa profile. This is to be addressed in AOS 8.7, but for now it's not possible for bridge mode.

 

 

 

 

 

 

 

View solution in original post

Highlighted
Regular Contributor II

Re: Multiple user entries in user table

Thank you, I think that explains the connectivity issues he is having, I'll pass the info on.

 

 

"'What prompts an entry into the user-table'

Any source IP address sent by a valid client mac address"

 

So would you expect multiple entries (hundreds) as I am seeing in this case? I don't think it is limited to just him so am assuming it is either normal, or if not is affecting multiple users.

 

Thanks for your help with this.

Highlighted
Moderator

Re: Multiple user entries in user table


@cauliflower wrote:

So would you expect multiple entries (hundreds) as I am seeing in this case? I don't think it is limited to just him so am assuming it is either normal, or if not is affecting multiple users.

 

Thanks for your help with this.


I'd have to see it - can you share some output ? If you prefer not to attach to the forum, send me a DM with a dropbox link or something like that

 

 

Highlighted
Moderator

Re: Multiple user entries in user table

to what you sent - it looks like it might be a bridge mode bug in terms of all these repeated users (no doubt exacerbated by bumping up against the max ip4).

 

8.4.x is dead now, so I don't know how far you want to take the issue, if you want to, send it to TAC - it's a valid concern (and should be reproducible by bumping on max ipv4).

 

With that said, does each individual MD show the same result, e.g. what does the "show user-table verbose" show on .100 and .72 in your network ? (filtered by that same username)

 

Highlighted
Regular Contributor II

Re: Multiple user entries in user table

No, I'm not seeing the same number of entries in the user table on the MCs, only when I run 'show global list | inc <user>' on the MM. And it does seem to be common to all users on this local SSID.

 

I'm just looking at another dot1x bridged SSID and I can see the same thing happening. And again on a PSK bridged SSID the same thing with repeated entries for a MAC address.

 

I'll raise it with TAC, I guess it might be nothing but it would be nice to know for sure. Thanks for your help.

 

Guy

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: