VLAN-based policer on Cat6500

Hi,
I'm trying to implement policer on Cat 6500 running CatOS 8.4.
The configuration is as such:
set qos enable
set port qos 1/7 vlan-based
set qos policer aggregate 2Mbps rate 2000 policed-dscp erate 2000 drop burst 26 eburst 26
set qos acl mac vlan10 dscp 0 aggregate 2Mbps any any
commit qos acl all
set qos acl map vlan10 10
Port 1/7 is in trunking mode that's why I'm using MAC ACL.
But nothing is working. The output of the command 'show qos statistics aggregate-policer 2Mbps' is:
QoS aggregate-policer statistics:
Aggregate policer Allowed byte Bytes exceed
count excess rate
2Mbps 0 0
I tried to use port-based QoS with no success.
Am I doing something wrong? Any help will be appreciated.

Ooops, thanks for the reminder.
I configured IP ACL but again the output was the same.
I changed the policer to port-based and it worked.
Is this something to do with the fact that the port is in trunking mode?

Similar Messages

Tcl script to change access vlan based on MAC address

Hello all. I'm looking for some input on how best to handle this situation. I have a large nework with a lot of remote offices where we have limited control over users moving around patch cables. We're using vlan-based QoS in these office to mark voice, video, data. etc. The problem I'm having is that our users are moving video conferencing equipment to different interfaces on our swithes, which puts the VTC unit in a different vlan, fouling our QoS policy. They then call and complain about poor video quality.
I'm trying to come up with a way to automate putting the interface in the video vlan if a VTC unit is connected. All of our video conferencing units are from the same vendor, so they have same OUI in the MAC address. The script I've been working on looks for a line protocol up event, then checks to see what access vlan is configured on the interface. If the interface is already in the video vlan, the script exits. if the interface is not in the video vlan, the script looks at the MAC address table for the interface and if the OUI matches a VTC unit, the script changes interface configuration. My question is, is there a better event to trigger script execution? Maybe a MAC notification trap, or something else? Line protocol transitions when the access vlan is changed, so the current script runs twice: once when the interface first comes up with a new connection, and again when the vlan is changed.
Script is attached. Any help or advice is appreciated!

Does your video equipment use CDP? If so, then you can use the neighbor-discovery event detector to only react when you see a media endpoint being connected to a port. Yes, MAC address notifications (the mat ED) can also work if you know the MACs of your media endpoints.

Is Cisco Nexus 5596UP support vlan base Policing and traffic shaping on code NX OS version: 5.1(3)N1(1)

Is Cisco Nexus 5596UP support vlan base Policing and traffic shaping on code NX OS version: 5.1(3)N1(1)
where i couldn't see any police command under the policy map

I have tested this issue on another 5548UP with L3 running the same NX-OS version and get the same problem. Show CDP from the switch is not discovering devices, but the neightbors can see the 5K in question. Reboot sometimes will fix it, but not always. I suspect a problem with the software since that doesn't happen in NX-OS 5.2. The one I am using is
Software
BIOS:      version 3.6.0
loader:    version N/A
kickstart: version 5.1(3)N2(1)
system:    version 5.1(3)N2(1)

EoMPLS : QinQ, Vlan-based

Hi I'm on a EoMPLS project. I succed to connect Customer site accross EoMPLS tunnel.
This is my architecture :
LAN1 -- CE1 --- PE1 (7200)---- MPLS backbone --- PE2 (7200) -- CE2 -- LAN2
Now I know how to transport vlan between CE but my problem is to understand the difference.
In my mind, "Vlan-based" use one VLAN operator (So 1 pseudowire) to transmit all frame tagged or not to CE2. And, "QinQ" allow to do the difference between different Customer VLANs and forward accross MPLS backbone frame on different VLAN operator.
2 questions :
1. Have I correctly understand ??
2. If I'm right, Why we need QinQ ?? What QinQ bring it more than VLAN-BASED ??
3. My goal is to create on Site 1 any vlans and with VTP transport them to Site 2. What kind of these two technology based on VLAN use ??
Thanks for answer !

Ok thanks for answer.
I understand the principle but PE in my case is a 7200 emulated router. I work with dynagen/dynamips server and only 7200 can be emulated no 7600 !!
I have looked these following links :
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_9_ea1/configuration/guide/swtunnel.html#wp1010370
http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_qnq_tunneling_atom_xe.html#wp1001506
In the first link we can see the dot1q tunnel mode with some layer 2 protocol transport CDP, STP, and VTP.
Ideally this is my first goal --> transport VTP on site 2 by EoMPLS but it was only on switch multilayer (like 7600) or with specially cards, I don't know. But what I know it's with my 7200 I don't have command switchport to activate switchport mode dot1q-tunnel and l2protocol-tunnel vtp for example.
Is it true ??
Secondly, in the second link I read I should to be able to transport vlan frame of site 1 to site 2 but simply carry and not propagate different vlan that I created !!!
Again, Have I correctly understand ??
Thanks for help

GE cards supported for port- vlan based EoMPLS on 7600/sup720

Hi,
Can anyone explain/point where I can find de proper documentation where I can find the support for port- vlan based EoMPLS support cards on a 7600 with a sup720 engine on the CCO site ?
WHich GE port cards are supporting EoMPLS and which GE cards will support it not.

try
www.cisco.com/go/fn
-Waris

7609 RSP vlan based internet bandwidth rate limit

Hi,
I have a requirements to restrict the bandwidth for CORP internet users in our metro network, Could you check this template is good to go for to restrict the download and upload speed in Users WAN interface which is VLAN, my bandwidth limitations is 5 Mbps downlink and 5 Mbps uplink.
class-map match-all corp_traffic1
match access-group name corp_traffic
policy-map CORP_ingress
class corp_traffic1
    police 5000000 500000 conform-action transmit exceed-action drop
ip access-list extended corp_traffic
permit ip 172.25.5.0 0.0.0.255 any
permit ip any 172.25.5.0 0.0.0.255
Interface vl 351
service-policy input CORP_ingress
service-policy output CORP_ingress
Thanks&Regards
-Saji

Riccardo,
Thank you for your response..
I have RSP as SUP and ES20 as uplink card..
but I have clarfication...Is service policy input is realy required...
It seems input position is not working from this below logs..It is not matching the same
ABR#sh policy-map interface vlan 3xx
Service-policy input: CORP_ingress
    class-map: corp_traffic1 (match-all)
      Match: access-group name corp_traffic
      police :
        5000000 bps 156000 limit 156000 extended limit
      Earl in slot 1 :
        0 bytes
        5 minute offered rate 0 bps
        aggregate-forwarded 0 bytes action: transmit
        exceeded 0 bytes action: drop
        aggregate-forward 0 bps exceed 0 bps
      Earl in slot 2 :
        0 bytes
        5 minute offered rate 0 bps
        aggregate-forwarded 0 bytes action: transmit
        exceeded 0 bytes action: drop
        aggregate-forward 0 bps exceed 0 bps
      Earl in slot 3 :
        0 bytes
        5 minute offered rate 0 bps
        aggregate-forwarded 0 bytes action: transmit
        exceeded 0 bytes action: drop
        aggregate-forward 0 bps exceed 0 bps
      Earl in slot 5 :
        0 bytes
        5 minute offered rate 0 bps
        aggregate-forwarded 0 bytes action: transmit
        exceeded 0 bytes action: drop
        aggregate-forward 0 bps exceed 0 bps
    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any
        0 packets, 0 bytes
        5 minute rate 0 bps
Service-policy output: CORP_ingress
    class-map: corp_traffic1 (match-all)
      Match: access-group name corp_traffic
      police :
        5000000 bps 156000 limit 156000 extended limit
      Earl in slot 1 :
        3739884 bytes
        5 minute offered rate 20576 bps
        aggregate-forwarded 3739884 bytes action: transmit
        exceeded 0 bytes action: drop
        aggregate-forward 17464 bps exceed 0 bps
      Earl in slot 2 :
        0 bytes
        5 minute offered rate 0 bps
        aggregate-forwarded 0 bytes action: transmit
        exceeded 0 bytes action: drop
        aggregate-forward 0 bps exceed 0 bps
      Earl in slot 3 :
        105048931 bytes
        5 minute offered rate 539032 bps
        aggregate-forwarded 105048931 bytes action: transmit
        exceeded 0 bytes action: drop
        aggregate-forward 545760 bps exceed 0 bps
      Earl in slot 5 :
        0 bytes
        5 minute offered rate 0 bps
        aggregate-forwarded 0 bytes action: transmit
        exceeded 0 bytes action: drop
        aggregate-forward 0 bps exceed 0 bps
I will post more update on this...as I am waiting for the clients to test the same..

Vlan based default gateway

Alteon Web OS allows you to assign different default gateways for each VLAN. You can effectively map multiple customers to specific gateways on a single switch.
do cisco load balancers support different default gateway for each vlan?

one way of doing it today would be to define a serverfarm for each gateway, and have a vserver match_all for every vlan.
For example,
serverfarm gateway_1
no nat client
no nat server
real
x.x.x.x
serverfarm gateway_2
<...>
vserver gateway_vlan1
virtual 0.0.0.0 /0 any
serverfarm gateway_1
vlan
vserver gateway_vlan2
virtual 0.0.0.0 /0 any
serverfarm gateway_2
vlan

VLAN-Based SPAN

hello everybody,
why can i only monitoring received (rx) traffic on a VLAN ?
thanks for an answer...

Hi again:
Ingress/Egress SPAN
In the example in the section Monitor VLANs with SPAN, traffic that enters and leaves the specified ports is monitored. The field Direction: transmit/receive shows this. The Catalyst 4500/4000, 5500/5000, and 6500/6000 series switches allow you to collect only egress (outbound) or only ingress (inbound) traffic on a particular port. Add the keyword rx (receive) or tx (transmit) to the end of the command. The default value is both (tx and rx).
set span source_port destination_port [rx | tx | both]
Have you defined only rx keyword?
I hope this help. Please rate if it does.
Best regards
Alberto Giorgi from spain.

NAC Host-Based Policies Issue

Hi
I have a problem... when I try to permit in a temporary role a web page (for example www.microsoft.com) the user can't open it and display security message but when i add the web ip the users can access.... the nac is working on real-ip layer 3...
thanks for your help

Hi
The result of the dns lookup in the host is the next:
*** Can't find server name for address 172.16.48.253: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 172.16.48.253
Non-authoritative answer:
Name: com.com.mx
Address: 74.52.164.242
Aliases: www.cisco.com.com.mx
The result of the nslookup in the CAS is the next
[root@CAS-MTY ~]# nslookup www.cisco.com
Server: 172.16.48.253
Address: 172.16.48.253#53
Non-authoritative answer:
Name: www.cisco.com
Address: 198.133.219.25
Help me

QOS-ios 12.2

6509(12.2(17d)SXB10)-->4500(12.2.25SG)
I am planning to use vlan-based-qos.
-Several VLANs are defined at 6509 and trunked to 4500. To use, vlan-based-qos, is it enough to define qos-vlan at vlan interfaces at 6509 only.
Do i have to define one interface for each vlan at 4500 ? At present only one interface (VLAN1) with IP address is configured on 4500 though ports belong to different Vlans.

Hi,
generally QoS has to be applied where there can be a lack of resources. In your case this can be f.e. trunk and access ports. The question is what you want to achieve where. In case you want a VLAN based policer you need a vlan interface to apply the policy to. For queueing you can apply per port or per switch settings, so no VLAN interfaces nessessary.
Hope this helps
Martin

CoS or DSCP based QoS Policies

I have to configure QoS on a VSS with the following modules installed:
Switch Number:     1   Role:   Virtual Switch Active
Mod Ports Card Type                              Model              Serial No.
1   48 CEF720 48 port 1000mb SFP              WS-X6848-SFP       SAL16042610
3   48 CEF720 48 port 10/100/1000mb Ethernet WS-X6848-GE-TX     SAL16095Y48
4   48 CEF720 48 port 10/100/1000mb Ethernet WS-X6848-GE-TX     SAL16095Y3F
5    5 Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G       SAL1543TRQ9
9    8 DCEF2T 8 port 10GE                     WS-X6908-10G       SAL1539QYTC
Mod MAC addresses                       Hw    Fw           Sw           Status
1 c464.1341.7a50 to c464.1341.7a7f   1.0   12.2(18r)S1 15.0(1)SY4   Ok
3 0007.7df7.4618 to 0007.7df7.4647   1.0   12.2(18r)S1 15.0(1)SY4   Ok
4 442b.0311.4a58 to 442b.0311.4a87   1.0   12.2(18r)S1 15.0(1)SY4   Ok
5 7081.0583.88e8 to 7081.0583.88ef   1.1   12.2(50r)SYS 15.0(1)SY4   Ok
9 0007.7d90.a1a0 to 0007.7d90.a1a7   1.1   12.2(50r)SYL 15.0(1)SY4   Ok
Mod Sub-Module                  Model              Serial       Hw     Status
1 Distributed Forwarding Card WS-F6K-DFC4-A      SAL16085BLE 1.2    Ok
3 Distributed Forwarding Card WS-F6K-DFC4-A      SAL16085BLL 1.2    Ok
4 Distributed Forwarding Card WS-F6K-DFC4-A      SAL16095GH7 1.2    Ok
5 Policy Feature Card 4       VS-F6K-PFC4        SAL1544UAL2 1.1    Ok
5 CPU Daughterboard           VS-F6K-MSFC5       SAL1544UB95 1.1    Ok
9 Distributed Forwarding Card WS-F6K-DFC4-E      SAL1529K4QC 1.0    Ok
On Cat6500 with SUP 2T and PFC4 QoS is enabled by default.
DSCP is trusted and preserved by default, independent of port state.
CoS is preserved by default for Layer 2 packets by default, independent of port state.
Additional Info about the queuing on the modules installed:
SUP 2T 10G - with Gigabit Ethernet Ports enabled it works CoS-based, with this interfaces disabled it works DSCP-based.
WS-X6848-GE-TX an WS-X6848-SFB works CoS-based, does not support DSCP-based queuing.
WS-X6908-10G - supports DSCP-based queuing
The options now are:
1) All policies CoS-based although the WS-X6980-10G supports DSCP-based queuing.
2) Policies for SUP and WS-X6848 CoS-based and the policies for the WS-X6908 DSCP-based
3) Disable Gigabit Ethernet Interfaces on the SUP hence it supports DSCP-based queuing policies, also use DSCP-based policies for the WS-X6908 and use CoS-based queuing policies for the WS-X6848.
The recommendation in the core is to use DSCP-based QoS.
The question is what to do?
Option 1) Less complexity and simpler configuration if only CoS-based policies are used.
Option 2) Least configuration necessary, mixture of CoS and DSCP-based policies
Option 3) Gigabit Ethernet ports on SUP have to be disabled, uses then DSCP-based queuing on all supported modules and CoS-based policies on all other modules.

You don't trust "to" a device, only from.
The advice I've gotten from switching guys is "If you're not sure - just trust DSCP".
If you try to trust cos on an access port where there is no VLAN header, there is no cos, and you can have problems.
If you have a trunk to another switch, you can trust cos and you shouldn't have any problems.
hth,
nick

Policy-map based rate-limiting per vlan

Hi
I was thinking if someone could help me to come up with solution to a problem. Scenario as follow:
I have a trunk interface with multiple vlans on:
interface GigabitEthernet2/0/3
description TRUNK-to-*********
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 415,416,610,1191-1193,1195
switchport mode trunk
duplex full
storm-control broadcast level pps 1k
storm-control multicast level pps 3k
storm-control unicast level pps 250k
storm-control action trap
spanning-tree portfast trunk
spanning-tree bpdufilter enable
I'm trying to rate limit two of the vlans that are present on this trunk interface - vlan 415 and vlan 1192.
So I'm putting the class-map (to be later applied under the policy-map which is not significant here):
(config)#class-map match-any 120-mbps-class
(config-cmap)#match input-interface vlan 415
(config-cmap)#match input-interface vlan 1192
Now, when you show the class-map I created, I can see this:
sh class-map 120-mbps-class
Class Map match-any 120-mbps-class (id 1)
   Match input-interface Vlan415
   Match input-interface FastEthernet0
For some bizzare reason class-map is matching the Fa0. I have researched this, and this is most probably because you can only match 1 vlan instance under the class-map.
And here's my problem - I can't police whole interface as the other vlans should not be policed - how can I police those two vlans ?
Any thoughts ? All help appreciated as always.
Rob.

Hi Daniel,
I have labed it and unfortuantely it does not work as expected. I have put 1x 3750 and 1x 2960 trunk between them, each box had an access port for laptop to create some traffic across. All vlan-based qos has been applied on 3750G.
3750G config
Interface g1/0/20
descriprion trunk
swicthport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 100,120
Interface g1/0/1
description access
switchport mode access
switchport access vlan 100
Interface vlan 100
ip address 192.168.100.254
service-policy input PARENT-POLICER
Interface vlan 120
ip address 10.10.10.1
Policy-map PARENT-POLICER
class PERMIT-ANY-CLASS
trust COS
service-policy CHILD-POLICER
class-map match-any PERMIT-ANY-CLASS
match access-group name POLICY-LIST
Extended IP access list POLICY-LIST
    10 permit ip any any
Policy-map CHILD-POLICER
class INTERFACE-POLICE-CLASS
police 100000 8000 exceed-action drop
Class Map match-any INTERFACE-POLICE-CLASS
Match input-interface GigabitEthernet1/0/20
2960 config:
interface g0/20
switchport mode trunk
switchport trunk allowed vlan 100,120
interface g0/1
switchport mode access
switchport access vlan 100
interface vlan 100
ip address 192.168.100.253
interface vlan 120
ip address 10.10.10.2
So as you can see vlan 100 is the one it need to be rate limited (I have only rate limited to 100kbps just to see if it's working) and vlan 120 is only on the trunk ports to confirm if the traffic for this one is not affected.
Unfortunately when the policing is applied on 3750 vlan 100 (and policing is working fine) then I can see the packet loss while pinging between switches on vlan 120 suggesting that the policy is affecting the other vlan as well. When I take the policy out of the vlan 100 I cannot observe the packet loss on vlan 120 meaning is no longer affected.
Not sure if I have explained this clear enough so far, if not let me know.
Do you have any suggestions ?
Thanks!

Vlan vs port based qos

Hi,
I have a question about vlan based qos. I am happy with qos configuration as applied to ports. However, vlan based qos confuses me somewhat.
Is vlan based qos intended for situations where packets are to cross vlans? In that case, am I correct in assuming that vlan based qos has no effect on packet flows within that vlan? In that case the idea of vlan based qos would be to police/mark traffic leaving/joing that vlan?
Or, does vlan based qos extend queuing (priority queue etc) down to ports that are members of that vlan are configured with vlan based qos? I think not but I'm not absolutely sure.
I can't seem to get to the bottom of this on cco.
Thanks, Steve

Hi Steve,
Packets do not have to cross VLANs for you to need VLAN-based QoS.
VLAN-based QoS gives you an additional layer of queueing hierarchy. With port-based Qos, there is a set of software queues per physical port. As packets are scheduled from these queues, they are emitted from the port.
With VLAN-based QoS, there is another layer. Each VLAN configured for VLAN-based QoS will have a set of queues associated with it, instead of having a set of queues for the physical port. This comes in useful for providers of Metro Ethernet service who offer multiple classes of service. Such ethernet services are usually sold with a fixed bandwidth per-VLAN. At egress switch ports, the provider will use vlan-based QoS to police/shape traffic in order to conform to the sold rate. Within this shaped rate, queueing will be used to ensure that the higher classes of service get preference.
In answer to your questio, vlan-based qos does have an effect on packet flows within that vlan.
Hope that helps - pls rate the post if it does.
Regards,
Paresh.

802.1x dynamic vlan assignment based on MAC?

Hello,
I am using Catalyst3750 and Widows AD Authentication.
Our customers' pc is runnnig Windows (isn't 802.1x capable) that is connected to the catalyst switch.
Is it possible to dynamic assign a Vlan based on MAC?
When possible, we want to make it without using VMPS.
and, is there any document relating to the above.
Thanks a lot for you help.
Tomoyuki

Hello Tomoyuki,
which Radius Server are you using to authenticate your Clients?
For the Secure ACS you can configure a feature called "MAC-Authentication-Bypass" which fullfils your requirements.
This Feature must be configured on the Switch and on the Radius Server (which does the vlan assigment based on the MAC-Address of the Client)
An Overwiew of this feature can be found here:
http://www.cisco.com/univercd/cc/td/doc/solution/macauthb.pdf
I hope this helps,
Kind regards,
Chris

Controller based AirGroup Policies & Auto-association

Requirement:
Controller based AirGroup Policies
By default all AirGroup servers are visible to every AirGroup user.
This features enables configuring policies on controller for AirGroup servers to limit the visibility of AirGroup servers to destined AirGroup users. Admin is allowed to configure shared user-list, shared role-list and shared group-list for each AirGroup server to limit this server’s visibility to intended AirGroup users.
The group-list is the same as the group defined in Active directory.
These configurations were done in CPPM prior to v6.4.3, now it is extended to the controller.
Auto-association
Auto-association feature helps with visibility of an AirGroup server If it needs to be seen by a broader area. This feature enables attaching an AirGroup server to an AP-name, AP-group or AP-FQLN and any AirGroup users associated to that AP-name etc. will be automatically see those AirGroup Server.
Auto-association feature can be applied at AirGroup Service level as well – AirPlay etc. All AirGroup  Servers advertising that service will be seen by AG users associated to that AP-name/AP-group/AP-FQLN.
Use case – In a multi-floor building, if you want users in Floor-10 to have access to a printer in Floor-10. You can define location based policy and attach the printer to an AP-group for floor-10 and users belonging to that AP-group will be able to access that printer.
Solution:
Controller based AirGroup Policies
Policies can be configured on the controller to limit the visibility of AirGroup servers to destined AirGroup users
Policies can be configured based on shared user-list, shared role-list and shared group-list
Location based policies for AirGroup devices can be configured based on ap-name, ap-group and ap-fqln
This was done in CPPM prior to v6.4.3
Auto-association
Enables AG users to discover AG servers based on
AP or its neighbours
AP-Group
AP-FQLN
Auto-associate can be enabled at Airgroup Server
Airgroup Service level (Airplay etc)
Configuration:
This configuration defines a policy for AG server based on its MAC address and share this server among list of users, role, group and location.
Mac Address Based Policy Configuration
(config) #airgroup policy <AG-Server-mac>
(config-airgroup-policy) #?
  userlist
  rolelist
  grouplist
location
no
Configuration – Shared user list
Configuration to add/remove users in an shared user-list.
Configuring shared user-list
(Aruba) (config-airgroup-policy) #userlist ?
Adding a user-name:
(config-airgroup-policy) #userlist add Bob
Deleting a user-name from the shared user-list:
(config-airgroup-policy) #userlist remove Bob
Deleting the entire shared-user list:
(config-airgroup-policy)# no userlist
Configuring Shared user-role
(Aruba) (config-airgroup-policy) #rolelist ?
Adding a shared-role:
(config-airgroup-policy) #rolelist add <name-string>
Deleting a role from the shared role-list:
(config-airgroup-policy) #rolelist remove <name-string>
Deleting the entire shared-role list:
(config-airgroup-policy) #no
Configuration – Shared user group
Configuring shared user-group
(config-airgroup-policy) #grouplist add <name-string>
Removing a shared user-group
(config-airgroup-policy) #grouplist remove <name-string>
Disable user-group based sharing
(config-airgroup-policy) #no grouplist
Configuration – Shared location
Configuring shared location
(config-airgroup-policy) #location ?
  ap-group
  ap-fqln
  ap-name
no.
Auto-association configuration:
Adding an ap-group to shared-location
(config-airgroup-policy) #location ap-group bldg1
Deleting an ap-group to shared-location
(config-airgroup-policy) #location ap-group remove bldg1
Enabling location auto-association for ap-group
(config-airgroup-policy) #location ap-group auto
Service level Auto-associate
Configure Auto-association based on AirGroup Service based for AP-name, AP-Group and AP-location. Users associated to AP-name/AP-group/AP-FQLN will automatically see all Airgroup servers that advertise the AG service.
(Aruba) (config) #airgroupservice ?
   STRING AirGroup Service
(Aruba (config) #airgroupservice airplay
(Aruba) (config-airgroupservice)#autoassociate
apfqln Auto tag with AP FQLN
apgroup Auto tag with AP Group
apname Auto tag with AP Name
(Aruba) (config-airgroupservice) #autoassociate apname <AP-Name-String>
(Aruba) (config-airgroupservice) #autoassociate apgroup <AP-Group-String>
(Aruba) (config-airgroupservice) # autoassociate apfqln <AP-fqln-String>
Configuration GUI – Device level Auto-associate
GUI-Service level Auto-associate
Verification
Debugging commands
Enable mdns logging using the following commands -
   #logging level debugging user process mdns
#logging level debugging system process mdns
Command to see policy entries
Command to see service level Auto-assciate
Command to see records of each of the airgroup servers and the buckets (AP name/FQLN) in which they fall into
This command shows the AirGroup devices fall into different buckets based on the controller based policies.
In this example, the AirGroup device (10.70.21.32) is configured under AP bucket.
This bucketing mechanism also helps with the scalability. With AOS v6.4.3, the scalability in terms of number of AirGroup users and servers has been increased to the platform limit of the controller. For example, for 7240 controller, number of AirGroup users and servers is 32K (max #of clients to be supported by 7240 controller). Fetching an entry for AirGroup device from the cache entries (with this increased scalability) was a challenge. This bucketing mechanism helps finding clien entries belonging to a specific bucket and fetching from the entries in that bucket.
Few additional commands to find log files and tech-support.
#Show airgroup servers verbose
#Show log user all
#Show log system all
#Show tech-support <file-name>

> The processing of Group Policy failed. Windows attempted to read the file \\bank
> a.com\SysVol\banka.com\Policies\{7E60CAFC-6077-4FBB-B30A-F5FEAF4A38F1}\gpt.ini f
> rom a domain controller and was not successful.
Repair Sysvol Replication - it is broken.
NTFRS:
https://support.microsoft.com/en-us/kb/315457
DFSR:
https://support.microsoft.com/en-us/kb/2218556
Greetings/Grüße,
Martin
Mal ein
gutes Buch über GPOs lesen?
Good or bad GPOs? - my blog…
And if IT bothers me -
coke bottle design refreshment (-:

VLAN-based policer on Cat6500

Similar Messages

Maybe you are looking for