Incident Details

The Incidents Details page provides a deatiled report of the occurred incident.

Complete the following steps to view the Incident Details page.
  1. On the Navigation bar, click AI Assurance > AI Analytics > Incidents. The Incidents page is displayed.
  2. Click on the Date attribute of the required incident. The Incident Details page is displayed.
    Incident Details Page (Upper Portion Only)
The Incidents Details page displays the severity level of a selected incident beside the Incidents Details title and the description of the incident below the Incidents Details title. The Incidents Details page has the following components:
  • Incident Information tile
  • Insight tile
  • Network Impact tile
  • Incident Graph

Incident Information Tile

The Incident Information tile displays the client impact count, AP impact count, incident category, incident sub-category, type, scope, duration, event start time, and event end time.

To view the impacted clients, click the value under the client impact count. The Impacted Client dialog box is displayed. This impacted client's hostname, MAC address, username, manufacturer, and network are displayed in the table. You can use the search option to search the required client by hostname, MAC address, username, manufacturer, or network.
Note: The hostname is displayed only if the user has successfully obtained an IP address from DHCP. If not, the MAC address is displayed in the Hostname column.
Note: The username is displayed only if the user has successfully passed authentication. If not, the MAC address is displayed in the Username column.
Impacted Clients Dialog Box

To troubleshoot the client, click Hostname in the Impacted Client dialog box. The Troubleshooting page is displayed.

To view the impacted APs, click the value under the AP Impact Count. The Impacted APs dialog box is displayed. This impacted AP name, model, MAC Address, and version are displayed in the table. You can use the search option to search the required AP by its name, model, or MAC address.
Impacted APs Dialog Box

To view the affected AP details, click AP Name in the Impacted APs dialog box. The AP Details Report page is displayed. For more information, refer to Viewing Network Details.

Insight Tile

The Insight tile comprises Root Cause Analysis and Recommended Action panes.

Root Cause Analysis Pane

The Root Cause Analysis pane displays the root cause of the incident that has occurred. The root cause varies based on the incident type, impacted area, data events, and reason codes.

Recommended Action Pane

The Recommended Action pane displays the recommended actions to remediate the problems.

Network Impact Tile

The Network Impact tile consists of various donut charts that represent the areas of the network that were impacted by the incident. Each incident type and subtype has a different set of network impact donut charts, but it is common to see AP model, AP firmware, reason by AP, reason by event, WLAN, client OS types, radio bands, and reason, event type, which all help to explain some of the common questions: who is impacted, which devices are contributing, what are the reason codes, and more. Every donut chart is divided into donut charts of different colors. If you pause the pointer over any portion of the donut chart, an information box displays the impacted area of the incident and the clients affected by it. Under each donut chart is a summary line displaying the impact percentage of the incident. At the center of the donut chart, the total impacted count is displayed.

Table 1. Attributes of Network Impact Table
Incident Type Donut Charts Chart Elements
User Authentication
  • Radio: The distribution of impacted clients who connected to 5 GHz and 2.4 GHz radios.
  • WLAN: The different WLANs to which the impacted clients are connected.
  • Client Manufactures: The distribution of device manufacturers.
  • Reason: The breakdown of various failure reasons experienced by the impacted clients.
.
  • Authentication Failure Ratio: A time series chart that shows the failure ratio over time. The chart includes data for 6 hours before and 6 hours after (if available) the incident.
  • Clients: Three types of time series data: a line for new clients, a line for connected clients, and an area chart for impacted clients.
  • Failure counts: A time series chart with three types of raw failure counts: Authentication Failures, Authentication Attempts, and Total Failures, which includes the total of all types of connection failures (authentication, association, EAP, DHCP, and so on) that were observed during this period.
EAP
  • Radio: The distribution of impacted clients who connected to 5 GHz and 2.4 GHz radios.
  • WLAN: The different WLANs to which the impacted clients are connected.
  • Client Manufactures: The distribution of device manufacturers.
  • Reason: The breakdown of various failure reasons experienced by the impacted clients.
  • EAP Failure Ratio: A time series chart that shows the failure ratio over time. The chart includes data for 6 hours before and 6 hours after (if available) the incident.
  • Clients: Three types of time series data: a line for new clients, a line for connected clients, and an area chart for impacted clients.
  • Failure counts: A time series chart with three types of raw failure counts: EAP Failures, EAP Attempts, and Total Failures, which includes the total of all types of connection failures (authentication, association, EAP, DHCP, and so on) that were observed during this period.
Association
  • Radio: The distribution of impacted clients who connected to 5 GHz and 2.4 GHz radios.
  • WLAN: The different WLANs to which the impacted clients are connected.
  • Client Manufactures: The distribution of device manufacturers.
  • Reason: The breakdown of various failure reasons experienced by the impacted clients.
  • Configuration Change: chart with drop-down table displaying configuration changes that are relevant to the specific incident.
  • Association Failure Ratio: A time series chart that shows the failure ratio over time. The chart includes data for 6 hours before and 6 hours after (if available) the incident.
  • Clients: Three types of time series data: a line for new clients, a line for connected clients, and an area chart for impacted clients.
  • Failure counts: A time series chart with three types of raw failure counts: Association Failures, Association Attempts, and Total Failures, which includes the total of all types of connection failures (authentication, association, EAP, DHCP, and so on) that were observed during this period.
DHCP
  • Radio: The distribution of impacted clients who connected to 5 GHz and 2.4 GHz radios.
  • WLAN: The different WLANs to which the impacted clients are connected.
  • Clients Manufactures: The distribution of device manufacturers.
  • Reason: The breakdown of various failure reasons experienced by the impacted clients.
  • Configuration Change: chart with drop-down table displaying configuration changes that are relevant to the specific incident.
  • DHCP Failure Ratio: A time series chart that shows the failure ratio over time. The chart includes data for 6 hours before and 6 hours after (if available) the incident.
  • Clients: Three types of time series data: a line for new clients, a line for connected clients, and an area chart for impacted clients.
  • Failure counts: A time series chart with three types of raw failure counts: DHCP Failures, DHCP Attempts, and Total Failures, which includes the total of all types of connection failures (authentication, association, EAP, DHCP, and so on) that were observed during this period.
RADIUS
  • Radio: The distribution of impacted clients who connected to 5 GHz and 2.4 GHz radios.
  • WLAN: The different WLANs to which the impacted clients are connected.
  • Client Manufactures: The distribution of device manufacturers.
  • Reason: The breakdown of various failure reasons experienced by the impacted clients.
  • Configuration Change: chart with drop-down table displaying configuration changes that are relevant to the specific incident.
  • Radius Failure Ratio: A time series chart that shows the failure ratio over time. The chart includes data for 6 hours before and 6 hours after (if available) the incident.
  • Clients: Three types of time series data: a line for new clients, a line for connected clients, and an area chart for impacted clients.
  • Failure counts: A time series chart with three types of raw failure counts: RADIUS Failures, RADIUS Attempts, and Total Failures, which includes the total of all types of connection failures (authentication, association, EAP, DHCP, and so on.) that were observed during this period.
Time to Connect
  • Radio: The distribution of impacted clients who connected to 5 GHz and 2.4 GHz radios.
  • WLAN: The different WLANs to which the impacted clients are connected.
  • Client Manufactures: The distribution of device manufacturers.
  • Reason: The breakdown of various failure reasons experienced by the impacted clients.
  • Configuration Change: chart with drop-down table displaying configuration changes that are relevant to the specific incident.
  • Time to Connect Failure Ratio: A time series chart that shows the failure ratio over time. The chart includes data for 6 hours before and 6 hours after (if available) the incident.
  • Clients: Three types of time series data: a line for new clients, a line for connected clients, and an area chart for impacted clients.
  • Time to Connect (By stage): A time series chart that displays the time to connect based on various stages of the connection such as authentication, association, EAP, Radius, and DHCP. Pause the pointer over the graph for more information.
RSSI
  • Radio: The distribution of impacted clients who connected to 5 GHz and 2.4 GHz radios
  • WLAN: The different WLANs to which the impacted clients are connected.
  • Client Manufactures: The distribution of device manufacturers.
  • Reason: The breakdown of various failure reasons experienced by the impacted clients.
  • Configuration Change: chart with drop-down table displaying configuration changes that are relevant to the specific incident.
  • RSSI Quality by Clients: Three types of time series data: a line for new clients, a line for connected clients, and an area chart for impacted clients.
  • RSSI Distribution: The RSSI distribution over a period of time.
Network Latency
  • Ping Latency: Average time, in milliseconds, for the controller nodes to transmit and receive the packets. Maximum, average, and minimum latency trends are plotted on the graph.
  • Controller-1: CPU, memory and input-output usage of the controller node over time is displayed.
  • Controller-2: CPU, memory and input-output usage of the other controller node over time is displayed.
Reboot
  • AP Model: distribution of impacted AP models.
  • AP Firmware: distribution of impacted AP versions.
  • Reason by AP: distribution of reasons for failure that caused the AP reboot.
  • Reason by Event: distribution of reasons for failure that caused the AP reboot and triggered related events.
  • Reboot by System: a time series chart that displays the number reboot events.
  • Connected Clients: a time series chart that displays the number of clients connected at that point in time.
  • Rebooted APs: a time series chart that displays the number of APs that were rebooted at a point in time.
High AP-controller connection failures
  • AP Model: displays the percentage of failure that impacted various AP models
  • AP Firmware: displays the number of failures that impacted various AP firmware versions
  • Event Type: displays the percentage of failures that were caused by various events
  • Reason: lists the reasons that caused the incident
  • AP-Controller Disconnections: a time series chart that displays the number of disconnections between the AP and controller over time.
  • Event Count: a time series chart that displays the total event count for the following events: Heartbeat Lost, Connection Lost, Reboot By System, and Reboot By User. When an event is generated for the above mentioned conditions, it is plotted in this graph. You can select the check-box to displays only one or more of the events.
Channel Distribution
  • AP Distribution by Channel: heatmap that displays the AP count over time, across channels.
  • Rogue Distribution by Channel: a time series chart that displays the number of rogue APs across channels.
VLAN Mismatch
  • Impacted Switch: displays the number of switches impacted by VLAN mismatch
  • Impacted VLANs: displays the number of VLANs that are missing

Incident identifies incorrect VLAN configurations between switches and wired devices due to which data transmission could be impaired.

  • Configuration Change: chart with drop-down table displaying configuration changes that are relevant to the specific incident.
  • The Impacted Switches table displays detailed information about the switch name, MAC address, mismatched VLANs, mismatched ports, and mismatched device information where the VLAN mismatch occurred.

    Mismatched VLAN numbers are highlighted red.
Memory Utilization Incident identifies memory leaks within the switch. The time series chart displays high memory utilization by a switch against the threshold set. Pause the pointer over the graph to determine the switch memory used against the threshold set, at a time.

The Detected Time identifies when the memory leak happened and based on the threshold set, a Projected Time is calculated and plotted on the graph. Projected time is predicted; it is the time by when the switch will run out of available memory. Contact RUCKUS Support for assistance.

You can select the check-box to displays only Memory Used or Threshold graphs.
PoE Power
  • Impacted Switch: displays the number of switches impacted by the denial of PoE power
  • Impacted PoE port: displays the number of PoE ports that are impacted by the denial of PoE power.
 The Impacted Switches table displays detailed information about the switch (name, MAC address, port) for which PoE power was denied.
AP PoE Underpowered
  • AP Model: displays the percentage of failure due to insufficient PoE power that impacted an AP model
  • AP Firmware: displays the percentage of failure due to insufficient PoE power that impacted an AP firmware version
  • AP POE impact: displays the number of APs impacted at a time, due to insufficient power available on the PoE port
  • Impacted AP: displays the list of APs impacted by failure due to insufficient PoE power within the network
AP Ethernet Auto-negotiation
  • AP Model: displays the percentage of failure due to Ethernet WAN link mismatch that impacted an AP model
  • AP Firmware: displays the percentage of failure due to Ethernet WAN link mismatch that impacted an AP firmware version
  • APs WAN Throughput Impact: displays the number of APs impacted at a time, due to Ethernet WAN link mismatch
  • Impacted AP: displays the list of APs impacted by failure due to Ethernet WAN link mismatch within the network
Airtime Busy
  • Average Airtime Busy: Displays the average percentage of airtime busy and peak percentage of airtime busy. Pause the pointer over the sliced segments of the donut chart to view average airtime Rx, Tx, Idle, and Busy over the incident period.
  • Rogue APs: Displays the distribution of rogue APs across channels. It also displays the channel with the highest number of rogue APs. Pause the pointer over the sliced segments of the donut chart to view the number of rogue APs in each channel. If the donut chart is empty, you may need to enable Rogue AP detection in the venue.
  • Rx PHY Errors: Displays the distribution of PHY errors across impacted APs over the incident period.
  • AP Model: Displays the distribution of impacted AP models.
Airtime Utilization for <radio bands: Displays a timeline graph to indicate average airtime utilization for the respective radio band (2.4 GHz, 5 GHz, or 6 GHz) over the incident period. The data is aggregated over impacted APs only. Pause the pointer at any instance on the timeline graph to view the airtime utilization details at a specific date and time during the incident.
Airtime Tx
  • Average Airtime Tx: Displays the average time and peak time spent by the radio in sending the data. Pause the pointer over the sliced segments of the donut chart to view average airtime Rx, Tx, Idle, and Busy values over the incident period.
  • Average % of Mgmnt. frames: Displays the distribution of data frames as against management frames over the incident period.
  • Average % of MC/BC traffic: Displays the distribution of Unicast traffic, Multicast traffic, and Broadcast traffic over the incident period.
  • Average Peak No. of Clients per AP: Displays the number of clients per AP. Pause the pointer over the sliced segments of the donut chart to view the number of clients in each bin.
    • Less than 30 clients over the incident period.
    • 31 through 50 clients over the incident period.
    • More than 50 clients over the incident period.
 Airtime Utilization for <radio bands: Displays a timeline graph to indicate average airtime utilization for the respective radio band (2.4 GHz, 5 GHz, or 6 GHz) over the incident period. The data is aggregated over impacted APs only. Pause the pointer at any instance on the timeline graph to view the airtime utilization details at a specific date and time during the incident period.
Airtime Rx
  • Average Airtime Rx: Displays the average and peak time spent by the radio in receiving the data. Pause the pointer over the sliced segments of the donut chart to view average airtime Rx, Tx, Idle, and Busy values over the incident period.
  • Average Peak No. of Clients per AP: Displays the number of clients in each bin. Pause the pointer over the sliced segments of the donut chart to view the number of clients in each bin.
    • Less than 30 clients over the incident period.
    • 31 through 50 clients over the incident period.
    • More than 50 clients over the incident period.
  • AP Model: Displays the distribution of impacted AP models.
Airtime Utilization for <radio band>: Displays a timeline graph to indicate average airtime utilization for the respective radio band (2.4 GHz, 5 GHz, or 6 GHz) over the incident period. The data is aggregated over impacted APs only. Pause the pointer at any instance on the timeline graph to view the airtime utilization details at a specific date and time during the incident.

Incident Graph

Various graphs representing the affected network areas by the incident over time are displayed at the bottom of the page.

Mute and Unmute the Incident

Click Settings icon () at the top right of the Insight tile. The Mute Incident dialog box is displayed. By default, the incident is unmuted. To mute the incident, toggle the Switch to ON. When an incident is muted, it is hidden in the Incidents Table, and notifications via email and webhook are also muted. To unmute the incident, toggle the Switch to OFF. When an incident is unmuted, it is visible in the Incidents Table, and notifications via email and webhook are enabled.

To view the muted incident in the Incidents Table, refer to View the Muted Incident in the Incidents Table.