cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Some accesspoints (AP130 and AP230) are reporting: AP's exceed maximum number of IP sessions (98828) Is there a way to figure out where the sessions are going?

Some accesspoints (AP130 and AP230) are reporting: AP's exceed maximum number of IP sessions (98828) Is there a way to figure out where the sessions are going?

bjorn
New Contributor
Some accesspoints (AP130 and AP230) are reporting: AP's exceed maximum number of IP sessions (98828) Is there a way to figure out where the sessions are going?
20 REPLIES 20

samantha_lynn
Esteemed Contributor III

Sorry about the issues getting the tech data, that might indicate we don't have TCP 22 open on the firewall/content filters, or it could be a server issue on our end (I'll look in to that from my side), but to cut to the chase it might be faster to get the tech data via the CLI. This guide will walk you through that- https://thehivecommunity.aerohive.com/s/article/Collecting-Tech-Data-via-CLI

AnonymousM
Valued Contributor II

Bjorn,

 

I totally get the hesitation in firmware upgrading. We lived on 6.5r4 for years and still have thousands of APs riding it for the forceable future.

 

The alg sip enable command may be of value but only if there are sessions that are not self terminating properly. If however there are actually that many "active" sessions, there could be another underlying issue at play.

 

You can manually clear them (clear forwarding-engine ip-sessions), but that doesn't really fix the problems. A band-aid for a gushing wound at best.

 

CPU/Memory being taxed at all to think that a loop or DoS attack or something similar could be happening by chance? Any/all of the following might shed some additional light onto things: show cpu detail | show mem | show system process state

 

 

bjorn
New Contributor

@Brian, the customer doesn't want to upgrade because he has a stable environment right now (we had a lot of troubles with unstable firmwares in the past)

This is my syslog (from yesterday)

Nov 6 10:04:03 172.*.*.106 kernel: [fe]: exceed maximum number of IP sessions [8191] allowed, per 80000

Nov 6 13:11:29 172.*.*.106 kernel: [fe]: exceed maximum number of IP sessions [8191] allowed, per 80000

Nov 6 13:11:29 172.*.*.106 kernel: [fe]: exceed maximum number of IP sessions [8191] allowed, per 80000

Nov 6 13:16:38 172.*.*.122 kernel: [fe]: exceed maximum number of IP sessions [8191] allowed, per 80000

 

bjorn
New Contributor

When I click on techdata i get a popup with processing but after a while the popup is gone and i'm back to the previous screen (popup blocker disabled and using chrome)

Am I doing something wrong?

 

AnonymousM
Valued Contributor II

Bjorn,

 

The issue I remember was definitely for the AP250s and only when running one of their early code revs (7.0r2). The fix (think workaround in reality) was to run the following command (alg sip enable). This enabled a timer that would terminate unused sessions and not allow them to stay open. I can't say that you are experiencing this exact problem as your hardware and HiveOS are different, but it may be worth looking at.

 

If you do a show log buff or possibly show log flash, do you see any of the following output:

 

err    kernel: [fe]: exceed maximum number of IP sessions [8191] allowed, per 80000

 

Sorry I can't be of much more help. I was always a big fan of 6.5r4 but we didn't deploy many AP130s. Have you tried a newer HiveOS by chance?

 

GTM-P2G8KFN