advertisement
Cisco Wireless Controller Command Reference, Release 8.4
First Published: 2017-05-18
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright
©
1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http:// www.cisco.com/go/trademarks
. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
©
2017 Cisco Systems, Inc. All rights reserved.
C O N T E N T S
P r e f a c e
P A R T I
C H A P T E R 1
P A R T I I
C H A P T E R 2
Obtaining Documentation and Submitting a Service Request
Using the Command-Line Interface 1
Using the Command-Line Interface
CLI Command Keyboard Shortcuts
Using the Interactive Help Feature
Using the partial command<tab>
Cisco Wireless Controller Command Reference, Release 8.4 iii
Contents
C H A P T E R 3
P A R T I I I
C H A P T E R 4
clear location statistics rfid
iv
Cisco Wireless Controller Command Reference, Release 8.4
Contents
config 802.11-a antenna extAntGain
config 802.11 antenna diversity
config 802.11 antenna extAntGain
config 802.11 antenna selection
config 802.11h powerconstraint
config 802.11 11nsupport a-mpdu tx priority
config 802.11 11nsupport a-mpdu tx scheduler
config 802.11 11nsupport antenna
config 802.11 11nsupport guard-interval
config 802.11 11nsupport mcs tx
config 802.11 antenna diversity
config 802.11 antenna extAntGain
config 802.11 antenna selection
config 802.11 rx-sop threshold
config 802.11h powerconstraint
Cisco Wireless Controller Command Reference, Release 8.4 v
Contents
config 802.11 11nsupport a-mpdu tx priority
config 802.11 11nsupport a-mpdu tx scheduler
config 802.11 11nsupport antenna
config 802.11 11nsupport guard-interval
config 802.11 11nsupport mcs tx
config 802.11 cac video cac-method
config 802.11 cac video load-based
config 802.11 cac video max-bandwidth
config 802.11 cac media-stream
config 802.11 cac video roam-bandwidth
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac voice max-bandwidth
config 802.11 cac voice roam-bandwidth
config 802.11 cac voice tspec-inactivity-timeout
config 802.11 cac voice load-based
config 802.11 cac voice max-calls
config 802.11 cac voice sip bandwidth
config 802.11 cac voice sip codec
config 802.11 cac voice stream-size
vi
Cisco Wireless Controller Command Reference, Release 8.4
Contents
C H A P T E R 5
config 802.11 l2roam rf-params
config 802.11 media-stream multicast-direct
config 802.11 media-stream video-redirect
config 802.11 multicast data-rate
config acl url-acl external-server-ip
config advanced timers auth-timeout
config advanced timers eap-timeout
config advanced timers eap-identity-request-delay
config advanced 802.11 7920VSIEConfig
config advanced 802.11 edca-parameters
config advanced fastpath fastcache
config advanced fastpath pkt-capture
Cisco Wireless Controller Command Reference, Release 8.4 vii
Contents
config advanced sip-preferred-call-no
config advanced sip-snooping-ports
config advanced 802.11 profile clients
config advanced 802.11 profile customize
config advanced 802.11 profile foreign
config advanced 802.11 profile noise
config advanced 802.11 profile throughput
config advanced 802.11 profile utilization
config advanced backup-controller primary
config advanced backup-controller secondary
config advanced client-handoff
config advanced max-1x-sessions
config advanced 802.11 7920VSIEConfig
config advanced 802.11 channel add
config advanced 802.11 channel cleanair-event
config advanced 802.11 channel dca anchor-time
config advanced 802.11 channel dca chan-width-11n
config advanced 802.11 channel dca interval
config advanced 802.11 channel dca min-metric
config advanced 802.11 channel dca sensitivity
config advanced 802.11 channel foreign
config advanced 802.11 channel load
config advanced 802.11 channel noise
config advanced 802.11 channel outdoor-ap-dca
config advanced 802.11 channel pda-prop
config advanced 802.11 channel update
config advanced 802.11 coverage
config advanced 802.11 coverage exception global
viii
Cisco Wireless Controller Command Reference, Release 8.4
Contents
config advanced 802.11 coverage fail-rate
config advanced 802.11 coverage level global
config advanced 802.11 coverage packet-count
config advanced 802.11 coverage rssi-threshold
config advanced 802.11 edca-parameters
config advanced 802.11 factory
config advanced 802.11 group-member
config advanced 802.11 group-mode
config advanced 802.11 logging channel
config advanced 802.11 logging coverage
config advanced 802.11 logging foreign
config advanced 802.11 logging load
config advanced 802.11 logging noise
config advanced 802.11 logging performance
config advanced 802.11 logging txpower
config advanced 802.11 monitor channel-list
config advanced 802.11 monitor coverage
config advanced 802.11 monitor load
config advanced 802.11 monitor mode
config advanced 802.11 monitor ndp-type
config advanced 802.11 monitor noise
config advanced 802.11 monitor signal
config advanced 802.11 monitor timeout-factor
config advanced 802.11 optimized roaming
config advanced 802.11 profile foreign
config advanced 802.11 profile noise
config advanced 802.11 profile throughput
config advanced 802.11 profile utilization
config advanced 802.11 receiver
config advanced 802.11 tpc-version
config advanced 802.11 tpcv1-thresh
config advanced 802.11 tpcv2-intense
config advanced 802.11 tpcv2-per-chan
config advanced 802.11 tpcv2-thresh
config advanced 802.11 txpower-update
Cisco Wireless Controller Command Reference, Release 8.4 ix
Contents
config ap atf 802.11 client-access airtime-allocation
config ap crash-file clear-all
config ap crash-file get-crash-file
config ap crash-file get-radio-core-dump
config ap dhcp release-override
config ap flexconnect central-dhcp
config ap flexconnect local-split
config ap flexconnect module-vlan
config ap flexconnect radius auth set
config ap flexconnect vlan add
config ap flexconnect vlan native
config ap flexconnect vlan wlan
config ap flexconnect web-auth
config ap flexconnect web-policy acl
x
Cisco Wireless Controller Command Reference, Release 8.4
Contents
config ap logging syslog level
config ap logging syslog facility
Cisco Wireless Controller Command Reference, Release 8.4 xi
Contents
config ap syslog host specific
config band-select cycle-count
config band-select cycle-threshold
config band-select client-rssi
config call-home contact email address
config call-home http-proxy ipaddr
config call-home http-proxy ipaddr 0.0.0.0
config call-home profile delete
config call-home profile status
xii
Cisco Wireless Controller Command Reference, Release 8.4
Contents
config certificate use-device-certificate webadmin
config client ccx clear-reports
config client ccx clear-results
config client ccx default-gw-ping
config client ccx get-client-capability
config client ccx get-manufacturer-info
config client ccx get-operating-parameters
config client ccx get-profiles
config client ccx send-message
config client ccx stats-request
config client ccx test-association
config client ccx test-profile
config client location-calibration
config client profiling delete
config cloud-services server url
config cloud-services server id-token
Cisco Wireless Controller Command Reference, Release 8.4 xiii
Contents
config cts sxp ap connection delete
config cts sxp ap connection peer
config cts sxp ap default password
config cts sxp ap reconciliation period
config cts sxp ap retry period
config cts sxp default password
config custom-web ext-webauth-mode
config custom-web ext-webauth-url
config custom-web ext-webserver
config custom-web logout-popup
config custom-web qrscan-bypass-opt
config custom-web sleep-client
config custom-web webauth-type
config flexconnect arp-caching
xiv
Cisco Wireless Controller Command Reference, Release 8.4
Contents
config flexconnect avc profile
config flexconnect fallback-radio-shut
config flexconnect group group-name dhcp overridden-interface
config flexconnect group web-auth
config flexconnect group web-policy
config flexconnect join min-latency
config flexconnect office-extend
config guest-lan custom-web ext-webauth-url
config guest-lan custom-web global disable
config guest-lan custom-web login_page
config guest-lan custom-web webauth-type
config guest-lan ingress-interface
config guest-lan mobility anchor
config interface address redundancy-management
config interface dhcp management
config interface dhcp dynamic-interface
config interface dhcp management option-6-opendns
Cisco Wireless Controller Command Reference, Release 8.4 xv
Contents
C H A P T E R 6
config interface quarantine vlan
config interface group mdns-profile
config local-auth active-timeout
config local-auth user-credentials
xvi
Cisco Wireless Controller Command Reference, Release 8.4
Contents
config logging syslog facility
config logging syslog facility client
config logging syslog facility ap
config macfilter mac-delimiter
config macfilter radius-compat
config mdns policy service-group
config mdns policy service-group parameters
config mdns policy service-group user-name
config mdns policy service-group user-role
config media-stream multicast-direct
Cisco Wireless Controller Command Reference, Release 8.4 xvii
Contents
config mesh backhaul rate-adapt
config mesh ethernet-bridging allow-bpdu
config mesh ethernet-bridging vlan-transparent
config mesh lsc advanced ap-provision
config mesh secondary-backhaul
config mgmtuser termination-interval
config mobility group keepalive count
config mobility group keepalive interval
xviii
Cisco Wireless Controller Command Reference, Release 8.4
Contents
config mobility group multicast-address
config mobility multicast-mode
config mobility new-architecture
config mobility statistics reset
config netuser guest-role apply
config netuser guest-role create
config netuser guest-role delete
config netuser guest-role qos data-rate average-data-rate
config netuser guest-role qos data-rate average-realtime-rate
config netuser guest-role qos data-rate burst-data-rate
config netuser guest-role qos data-rate burst-realtime-rate
config network client-ip-conflict-detection
config network http-proxy ip-address
config network bridging-shared-secret
config network web-auth captive-bypass
config network web-auth proxy-redirect
config network web-auth secureweb
config network allow-old-bridge-aps
Cisco Wireless Controller Command Reference, Release 8.4 xix
Contents
config network bridging-shared-secret
config network fast-ssid-change
config network link local bridging
config network mgmt-via-wireless
config network multicast global
config network multicast igmp query interval
config network multicast igmp snooping
config network multicast igmp timeout
config network multicast l2mcast
config network multicast mode multicast
config network multicast mode unicast
config network oeap-600 dual-rlan-ports
config network oeap-600 local-network
config pmipv6 mag binding init-retx-time
config pmipv6 mag binding lifetime
config pmipv6 mag binding max-retx-time
xx
Cisco Wireless Controller Command Reference, Release 8.4
Contents
config pmipv6 mag binding maximum
config pmipv6 mag binding refresh-time
config pmipv6 mag replay-protection
config policy action opendns-profile-name
config network rf-network-name
config network secureweb cipher-option
config network web-auth captive-bypass
config network web-auth cmcc-support
config network web-auth proxy-redirect
config network web-auth secureweb
config network web-auth https-redirect
config network allow-old-bridge-aps
config network bridging-shared-secret
config network oeap-600 dual-rlan-ports
config network oeap-600 local-network
config nmsp notify-interval measurement
Cisco Wireless Controller Command Reference, Release 8.4 xxi
Contents
C H A P T E R 7
config port multicast appliance
config qos average-realtime-rate
config qos burst-realtime-rate
config qos fastlane disable global
config qos qosmap up-to-dscp-map
config qos qosmap dscp-to-up-exception
config qos qosmap delete-dscp-exception
config qos qosmap trust dscp upstream
config radius acct ipsec authentication
config radius acct ipsec disable
config radius acct ipsec enable
config radius acct ipsec encryption
config radius acct mac-delimiter
xxii
Cisco Wireless Controller Command Reference, Release 8.4
Contents
config radius acct retransmit-timeout
config radius auth callStationIdType
config radius auth IPsec authentication
config radius auth ipsec disable
config radius auth ipsec encryption
config radius auth mac-delimiter
config radius auth mgmt-retransmit-timeout
config radius auth retransmit-timeout
config radius auth retransmit-timeout
config radius aggressive-failover disabled
config radius backward compatibility
config radius callStationIdCase
config radius callStationIdType
config radius ext-source-ports
config radius acct retransmit-timeout
config radius auth mgmt-retransmit-timeout
config radius auth retransmit-timeout
config radius auth retransmit-timeout
config redundancy interface address peer-service-port
config redundancy timer keep-alive-timer
Cisco Wireless Controller Command Reference, Release 8.4 xxiii
Contents
config redundancy timer peer-search-timer
config remote-lan aaa-override
config remote-lan exclusionlist
config remote-lan mac-filtering
config remote-lan max-associated-clients
config remote-lan radius_server
config remote-lan session-timeout
config remote-lan violation-mode
config remote-lan webauth-exclude
config rf-profile client-trap-threshold
config rf-profile fra client-aware
config rf-profile load-balancing
config rf-profile multicast data-rate
config rf-profile rx-sop threshold
xxiv
Cisco Wireless Controller Command Reference, Release 8.4
Contents
config rf-profile tx-power-control-thresh-v1
config rf-profile tx-power-control-thresh-v2
config rf-profile tx-power-max
config rf-profile tx-power-min
config rogue auto-contain level
config rogue detection client-threshold
config rogue detection min-rssi
config rogue detection monitor-ap
config rogue detection report-interval
config rogue detection security-level
config rogue detection transient-rogue-interval
config rogue rule condition ap
config remote-lan session-timeout
Cisco Wireless Controller Command Reference, Release 8.4 xxv
Contents
config switchconfig boot-break
config switchconfig fips-prerequisite
config switchconfig strong-pwd
config switchconfig flowcontrol
config switchconfig secret-obfuscation
config snmp community accessmode
config snmp trapreceiver create
config snmp trapreceiver delete
config tacacs athr mgmt-server-timeout
config tacacs auth mgmt-server-timeout
config tacacs fallback-test interval
xxvi
Cisco Wireless Controller Command Reference, Release 8.4
Contents
config trapflags 802.11-Security
config trapflags adjchannel-rogueap
config trapflags authentication
config trapflags client max-warning-threshold
config trapflags strong-pwdcheck
config tunnel eogre heart-beat
config tunnel profile_rule-delete
config tunnel profile eogre-DHCP82
config tunnel profile eogre-gateway-radius-proxy
config tunnel profile eogre-gateway-radius-proxy-accounting
config tunnel profile eogre-DHCP82
config tunnel profile eogre-DHCP82-circuit-id
config tunnel profile eogre-DHCP82-delimiter
config tunnel profile eogre-DHCP82-format
config tunnel profile eogre-DHCP82-remote-id
Cisco Wireless Controller Command Reference, Release 8.4 xxvii
Contents
config wlan apgroup atf 802.11
config wlan apgroup atf 802.11 policy
config wlan apgroup opendns-profile
config wlan channel-scan defer-priority
config wlan channel-scan defer-time
config wlan flexconnect ap-auth
config wlan flexconnect central-assoc
config wlan flexconnect learn-ipaddr
config wlan flexconnect local-switching
config wlan flexconnect vlan-central-switching
xxviii
Cisco Wireless Controller Command Reference, Release 8.4
Contents
config wlan hotspot dot11u 3gpp-info
config wlan hotspot dot11u auth-type
config wlan hotspot dot11u disable
config wlan hotspot dot11u domain
config wlan hotspot dot11u enable
config wlan hotspot dot11u hessid
config wlan hotspot dot11u ipaddr-type
config wlan hotspot dot11u nai-realm
config wlan hotspot dot11u network-type
config wlan hotspot dot11u roam-oi
config wlan hotspot hs2 domain-id
config wlan hotspot hs2 osu legacy-ssid
config wlan hotspot hs2 osu sp create
config wlan hotspot hs2 osu sp delete
config wlan hotspot hs2 osu sp icon-file add
config wlan hotspot hs2 osu sp icon-file delete
config wlan hotspot hs2 osu sp method add
config wlan hotspot hs2 osu sp method delete
config wlan hotspot hs2 osu sp nai add
config wlan hotspot hs2 osu sp nai delete
config wlan hotspot hs2 osu sp uri add
config wlan hotspot hs2 osu sp uri delete
config wlan hotspot hs2 wan-metrics downlink
config wlan hotspot hs2 wan-metrics link-status
config wlan hotspot hs2 wan-metrics lmd
config wlan hotspot hs2 wan-metrics uplink
Cisco Wireless Controller Command Reference, Release 8.4 xxix
Contents
config wlan learn-ipaddr-cswlan
config wlan lobby-admin-access
config wlan max-associated-clients
config wlan mobility foreign-map
config wlan multicast interface
config wlan override-rate-limit
config wlan pmipv6 default-realm
config wlan pmipv6 mobility-type
config wlan pmipv6 profile_name
config wlan radius_server acct
config wlan radius_server acct interim-update
config wlan radius_server auth
config wlan radius_server acct interim-update
config wlan radius_server overwrite-interface
config wlan radius_server realm
config wlan roamed-voice-client re-anchor
xxx
Cisco Wireless Controller Command Reference, Release 8.4
Contents
config wlan security cond-web-redir
config wlan security eap-params
config wlan security eap-passthru
config wlan security ft over-the-ds
config wlan security IPsec disable
config wlan security IPsec enable
config wlan security IPsec authentication
config wlan security IPsec encryption
config wlan security IPsec config
config wlan security IPsec ike authentication
config wlan security IPsec ike dh-group
config wlan security IPsec ike lifetime
config wlan security IPsec ike phase1
config wlan security IPsec ike contivity
config wlan security wpa akm ft
config wlan security splash-page-web-redir
config wlan security static-wep-key authentication
config wlan security static-wep-key disable
config wlan security static-wep-key enable
config wlan security static-wep-key encryption
config wlan security web-auth captive-bypass
config wlan security web-auth qrscan-des-key
config wlan security web-passthrough acl
config wlan security web-passthrough disable
config wlan security web-passthrough email-input
Cisco Wireless Controller Command Reference, Release 8.4 xxxi
Contents
config wlan security web-passthrough enable
config wlan security web-passthrough qr-scan
config wlan security wpa akm 802.1x
config wlan security wpa akm cckm
config wlan security wpa akm ft
config wlan security wpa akm pmf
config wlan security wpa akm psk
config wlan security wpa disable
config wlan security wpa enable
config wlan security wpa ciphers
config wlan security wpa gtk-random
config wlan security wpa osen disable
config wlan security wpa osen enable
config wlan security wpa wpa1 disable
config wlan security wpa wpa1 enable
config wlan security wpa wpa2 disable
config wlan security wpa wpa2 enable
config wlan security wpa wpa2 cache
config wlan security wpa wpa2 cache sticky
config wlan security wpa wpa2 ciphers
config wlan sip-cac disassoc-client
config wlan sip-cac send-486busy
config wlan static-ip tunneling
config wlan uapsd compliant client enable
config wlan uapsd compliant-client disable
config wlan user-idle-threshold
xxxii
Cisco Wireless Controller Command Reference, Release 8.4
Contents
P A R T I V
C H A P T E R 8
C H A P T E R 9
config wps signature frequency
config wps signature mac-frequency
config wps signature quiet-time
Cisco Wireless Controller Command Reference, Release 8.4 xxxiii
Contents
debug dot11 mgmt state-machine
xxxiv
Cisco Wireless Controller Command Reference, Release 8.4
Contents
C H A P T E R 1 0
C H A P T E R 1 1
debug flexconnect client ap syslog
debug flexconnect client group
debug flexconnect client group syslog
Cisco Wireless Controller Command Reference, Release 8.4 xxxv
Contents
P A R T V
C H A P T E R 1 2
P A R T V I
C H A P T E R 1 3
license activate ap-count eval
license deactivate ap-count eval
xxxvi
Cisco Wireless Controller Command Reference, Release 8.4
Contents
P A R T V I I
C H A P T E R 1 4
C H A P T E R 1 5
show 802.11 cleanair air-quality summary
show 802.11 cleanair air-quality worst
show 802.11 cleanair device ap
show 802.11 cleanair device type
show advanced 802.11 optimized roaming
Cisco Wireless Controller Command Reference, Release 8.4 xxxvii
Contents
show advanced backup-controller
show advanced send-disassoc-on-handoff
show advanced sip-preferred-call-no
show advanced sip-snooping-ports
show ap join stats summary all
xxxviii
Cisco Wireless Controller Command Reference, Release 8.4
Contents
show avc statistics application
show avc statistics remote-lan
Cisco Wireless Controller Command Reference, Release 8.4 xxxix
Contents
show certificate compatibility
show client ccx client-capability
show client ccx last-response-status
show client ccx last-test-status
show client ccx manufacturer-info
show client ccx operating-parameters
show client location-calibration summary
show client location-calibration summary
show cloud-services cmx summary
xl
Cisco Wireless Controller Command Reference, Release 8.4
Contents
show cloud-services cmx statistics
show flexconnect group summary
show flexconnect office-extend
Cisco Wireless Controller Command Reference, Release 8.4 xli
Contents
C H A P T E R 1 6
xlii
Cisco Wireless Controller Command Reference, Release 8.4
Contents
show mdns domain-name-ip summary
show media-stream group detail
show media-stream group summary
Cisco Wireless Controller Command Reference, Release 8.4 xliii
Contents
show network multicast mgid detail
show network multicast mgid summary
show nmsp notify-interval summary
show nmsp subscription summary
xliv
Cisco Wireless Controller Command Reference, Release 8.4
Contents
C H A P T E R 1 7
show redundancy peer-route summary
show rogue adhoc custom summary
show rogue adhoc friendly summary
show rogue adhoc malicious summary
show rogue adhoc unclassified summary
show rogue ap friendly summary
Cisco Wireless Controller Command Reference, Release 8.4 xlv
Contents
show rogue ap malicious summary
show rogue ap unclassified summary
show run-config startup-commands
xlvi
Cisco Wireless Controller Command Reference, Release 8.4
Contents
P A R T V I I I
C H A P T E R 1 8
C H A P T E R 1 9
show tunnel eogre-domain-summary
show wps ap-authentication summary
show wps ap-authentication summary
capwap ap controller ip address
config ap dhcp release-override
Cisco Wireless Controller Command Reference, Release 8.4 xlvii
Contents
lwapp ap controller ip address
transfer download datatype icon
transfer download tftpPktTimeout
transfer download tftpMaxRetries
xlviii
Cisco Wireless Controller Command Reference, Release 8.4
Contents
Cisco Wireless Controller Command Reference, Release 8.4 xlix
Contents l
Cisco Wireless Controller Command Reference, Release 8.4
Preface
This preface describes the audience, organization, and conventions of the Cisco Wireless LAN Controller
Command Reference Guide. It also provides information on how to obtain other documentation. This chapter includes the following sections:
•
•
•
Related Documentation, page liv
•
Obtaining Documentation and Submitting a Service Request, page liv
Audience
This publication is for experienced network administrators who configure and maintain Cisco wireless controllers (Cisco WLCs) and Cisco lightweight access points (Cisco APs).
Note
Usage of test commands may cause system disruption such as unexpected reboot of the Cisco WLC.
Therefore, we recommend that you use the test commands on Cisco WLCs for debugging purposes with the help of Cisco Technical Assistance Center (TAC) personnel.
Document Conventions
This document uses the following conventions:
Convention
bold font
italic font
[ ]
Indication
Commands and keywords and user-entered text appear in bold font.
Document titles, new or emphasized terms, and arguments for which you supply values are in italic font.
Elements in square brackets are optional.
Cisco Wireless Controller Command Reference, Release 8.4 li
Preface
Document Conventions
Convention
{x | y | z }
[ x | y | z ] string courier font
<>
[]
!, #
Indication
Required alternative keywords are grouped in braces and separated by vertical bars.
Optional alternative keywords are grouped in brackets and separated by vertical bars.
A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks.
Terminal sessions and information the system displays appear in courier font.
Nonprinting characters such as passwords are in angle brackets.
Default responses to system prompts are in square brackets.
An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line.
Note
Means reader take note. Notes contain helpful suggestions or references to material not covered in the manual.
Tip
Means the following information will help you solve a problem.
Caution
Means reader be careful. In this situation, you might perform an action that could result in equipment damage or loss of data.
Warning
This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. (To see translations of the warnings that appear in this publication, refer to the appendix "Translated Safety Warnings.")
Warning Title
Waarschuwing
Description
Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kan veroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bij elektrische schakelingen betrokken risico's en dient u op de hoogte te zijn van standaard maatregelen om ongelukken te voorkomen. (Voor vertalingen van de waarschuwingen die in deze publicatie verschijnen, kunt u het aanhangsel "Translated Safety Warnings" (Vertalingen van veiligheidsvoorschriften) raadplegen.)
lii
Cisco Wireless Controller Command Reference, Release 8.4
Preface
Document Conventions
Warning Title
Varoitus
Attention
Warnung
Avvertenza
Advarsel
Aviso
¡Advertencia!
Description
Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista. (Tässä julkaisussa esiintyvien varoitusten käännökset löydät liitteestä "Translated Safety Warnings" (käännetyt turvallisuutta koskevat varoitukset).)
Ce symbole d'avertissement indique un danger. Vous vous trouvez dans une situation pouvant entraîner des blessures. Avant d'accéder à cet équipement, soyez conscient des dangers posés par les circuits électriques et familiarisez-vous avec les procédures courantes de prévention des accidents. Pour obtenir les traductions des mises en garde figurant dans cette publication, veuillez consulter l'annexe intitulée « Translated Safety Warnings » (Traduction des avis de sécurité).
Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die zu einer Körperverletzung führen könnte. Bevor Sie mit der Arbeit an irgendeinem
Gerät beginnen, seien Sie sich der mit elektrischen Stromkreisen verbundenen
Gefahren und der Standardpraktiken zur Vermeidung von Unfällen bewußt.
(Übersetzungen der in dieser Veröffentlichung enthaltenen Warnhinweise finden
Sie im Anhang mit dem Titel "Translated Safety Warnings" (Übersetzung der
Warnhinweise).)
Questo simbolo di avvertenza indica un pericolo. Si è in una situazione che può causare infortuni. Prima di lavorare su qualsiasi apparecchiatura, occorre conoscere i pericoli relativi ai circuiti elettrici ed essere al corrente delle pratiche standard per la prevenzione di incidenti. La traduzione delle avvertenze riportate in questa pubblicazione si trova nell'appendice, "Translated Safety Warnings"
(Traduzione delle avvertenze di sicurezza).
Dette varselsymbolet betyr fare. Du befinner deg i en situasjon som kan føre til personskade. Før du utfører arbeid på utstyr, må du være oppmerksom på de faremomentene som elektriske kretser innebærer, samt gjøre deg kjent med vanlig praksis når det gjelder å unngå ulykker. (Hvis du vil se oversettelser av de advarslene som finnes i denne publikasjonen, kan du se i vedlegget "Translated
Safety Warnings" [Oversatte sikkerhetsadvarsler].)
Este símbolo de aviso indica perigo. Encontra-se numa situação que lhe poderá causar danos fisicos. Antes de começar a trabalhar com qualquer equipamento, familiarize-se com os perigos relacionados com circuitos eléctricos, e com quaisquer práticas comuns que possam prevenir possíveis acidentes. (Para ver as traduções dos avisos que constam desta publicação, consulte o apêndice
"Translated Safety Warnings" - "Traduções dos Avisos de Segurança").
Este símbolo de aviso significa peligro. Existe riesgo para su integridad física.
Antes de manipular cualquier equipo, considerar los riesgos que entraña la corriente eléctrica y familiarizarse con los procedimientos estándar de prevención de accidentes. (Para ver traducciones de las advertencias que aparecen en esta publicación, consultar el apéndice titulado "Translated Safety Warnings.")
Cisco Wireless Controller Command Reference, Release 8.4 liii
Preface
Related Documentation
Warning Title
Varning
Description
Denna varningssymbol signalerar fara. Du befinner dig i en situation som kan leda till personskada. Innan du utför arbete på någon utrustning måste du vara medveten om farorna med elkretsar och känna till vanligt förfarande för att förebygga skador. (Se förklaringar av de varningar som förekommer i denna publikation i appendix "Translated Safety Warnings" [Översatta säkerhetsvarningar].)
Related Documentation
These documents provide complete information about the Cisco Unified Wireless Network solution:
• Cisco Wireless LAN Controller Configuration Guide
• Cisco Wireless LAN Controller System Message Guide
• Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points
Obtaining Documentation and Submitting a Service Request
For information about obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised
Cisco technical documentation, at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports
RSS Version 2.0.
liv
Cisco Wireless Controller Command Reference, Release 8.4
P A R T
I
Using the Command-Line Interface
•
Using the Command-Line Interface, page 3
Using the Command-Line Interface
This chapter contains the following topics:
•
CLI Command Keyboard Shortcuts, page 3
•
Using the Interactive Help Feature, page 4
CLI Command Keyboard Shortcuts
The table below lists the CLI keyboard shortcuts to help you enter and edit command lines on the controller.
Table 1: CLI Command Keyboard Shortcuts
Action
Change
Delete
Display MORE output
Description
The word at the cursor to lowercase.
The word at the cursor to uppercase.
A character to the left of the cursor.
Keyboard Shortcut
Esc I
Esc u
Ctrl-h, Delete, or Backspace
All characters from the cursor to the beginning of the line.
Ctrl-u
All characters from the cursor to the end of the line.
Ctrl-k
All characters from the cursor to the end of the word.
Esc d
The word to the left of the cursor.
Exit from MORE output.
Ctrl-w or Esc Backspace q, Q, or Ctrl-C
Next additional screen. The default is one screen. To display more than one screen, enter a number before pressing the Spacebar key.
Spacebar
Cisco Wireless Controller Command Reference, Release 8.4
3
Using the Interactive Help Feature
Action Description Keyboard Shortcut
Next line. The default is one line. To display more than one line, enter the number before pressing the Enter key.
Enter
Enter or Return key character.
Ctrl-m
Expand the command or abbreviation.
Move the cursor One character to the left (back).
One character to the right (forward).
Ctrl-t or Tab
Ctrl-b or Left Arrow
Ctrl-f or Right Arrow
Esc b One word to the left (back), to the beginning of the current or previous word.
One word to the right (forward), to the end of the current or next word.
To the beginning of the line.
To the end of the line.
Esc f
Ctrl-a
Ctrl-e
Redraw the screen at the prompt.
Return to the EXEC mode from any configuration mode
Return to the previous mode or exit from the CLI from Exec mode.
Ctrl-l or Ctrl-r
Ctrl-z exit command
Transpose a character at the cursor with a character to the left of the cursor.
Ctrl-t
Using the Interactive Help Feature
The question mark (?) character allows you to get the following type of help about the command at the command line. The table below lists the interactive help feature list.
Table 2: Interactive Help Feature List
Command
help
? at the command prompt partial command?
Description
Provides a brief description of the Help feature in any command mode.
Lists all commands available for a particular command mode.
Provides a list of commands that begin with the character string.
4
Cisco Wireless Controller Command Reference, Release 8.4
Using the Interactive Help Feature
Command
partial command<Tab> command ?
Description
Completes a partial command name.
Lists the keywords, arguments, or both associated with a command.
command keyword ?
Lists the arguments that are associated with the keyword.
Using the help Command
Before You Begin
To look up keyboard commands, use the help command at the root level.
help
Help may be requested at any point in a command by entering a question mark ‘?’. If nothing matches, the help list will be empty and you must back up until entering a ‘?’ shows the available options. Two types of help are available:
1
Full help is available when you are ready to enter a command argument (for example show ?) and describes each possible argument.
2
Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (for example show pr?).
Example:
> help
HELP:
Special keys:
DEL, BS... delete previous character
Ctrl-A .... go to beginning of line
Ctrl-E .... go to end of line
Ctrl-F .... go forward one character
Ctrl-B .... go backward one character
Ctrl-D .... delete current character
Ctrl-U, X. delete to beginning of line
Ctrl-K .... delete to end of line
Ctrl-W .... delete previous word
Ctrl-T .... transpose previous character
Ctrl-P .... go to previous line in history buffer
Ctrl-N .... go to next line in history buffer
Ctrl-Z .... return to root command prompt
Tab, <SPACE> command-line completion
Exit .... go to next lower command prompt
?
.... list choices
Using the ? command
Before You Begin
To display all of the commands in your current level of the command tree, or to display more information about a particular command, use the ? command.
Cisco Wireless Controller Command Reference, Release 8.4
5
Using the Interactive Help Feature command name ?
When you enter a command information request, put a space between the command name and ?.
Examples
This command shows you all the commands and levels available from the root level.
> ?
clear config debug help linktest logout ping reset save show transfer
Clear selected configuration elements.
Configure switch options and settings.
Manages system debug options.
Help
Perform a link test to a specified MAC address.
Exit this session. Any unsaved changes are lost.
Send ICMP echo packets to a specified IP address.
Reset options.
Save switch configurations.
Display switch options and settings.
Transfer a file to or from the switch.
Using the partial? command
Before You Begin
To provide a list of commands that begin with the character string, use the partial command ?.
partial command?
There should be no space between the command and the question mark.
This example shows how to provide a command that begin with the character string “ad”:
> controller> config>ad?
The command that matches with the string “ad” is as follows: advanced
Using the partial command<tab>
Before You Begin
To completes a partial command name, use the partial command<tab> command.
partial command<tab>
There should be no space between the command and <tab>.
This example shows how to complete a partial command name that begin with the character string “cert”:
Controller >config>cert<tab> certificate
6
Cisco Wireless Controller Command Reference, Release 8.4
Using the Interactive Help Feature
Using the command ?
Examples
To list the keywords, arguments, or both associated with the command, use the command ?.
command-name ?
There should be a space between the command and the question mark.
This example shows how to list the arguments and keyword for the command acl:
Controller >config acl ?
Information similar to the following appears: apply counter create delete rule cpu
Applies the ACL to the data path.
Start/Stop the ACL Counters.
Create a new ACL.
Delete an ACL.
Configure rules in the ACL.
Configure the CPU ACL Information
Cisco Wireless Controller Command Reference, Release 8.4
7
Using the Interactive Help Feature command keyword ?
To list the arguments that are associated with the keyword, use the command keyword ?:
command keyword ?
There should be space between the keyword and the question mark.
This example shows how to display the arguments associated with the keyword cpu:
Controller >config acl cpu ?
Information similar to the following appears: none
<name>
None - Disable the CPU ACL
<name> - Name of the CPU ACL
8
Cisco Wireless Controller Command Reference, Release 8.4
P A R T
II
Clear Commands
•
Clear Commands: a to l, page 11
•
Clear Commands: m to z, page 31
Clear Commands: a to l
•
•
•
•
•
•
•
•
•
•
•
•
clear ext-webauth-url, page 24
•
•
clear location statistics rfid, page 26
•
clear locp statistics, page 27
•
•
clear lwapp private-config, page 29
Cisco Wireless Controller Command Reference, Release 8.4
11
clear advanced clear advanced
To reset edca-parameters, packet parameters, or optimized roaming statistics to their deault values, use clear
advanced command.
clear advanced {802.11a | 802.11b} {optimized-roaming stats | packet | edca-parameter }
Syntax Description
802.11a
802.11b
optimized-roaming stats packet edca-parameter
Specifies the 802.11a network.
Specifies the 802.11b network.
Clear the 802.11a optimized roaming statistics.
Clear the 802.11a packet parameters configuration.
Clear the 802.11a edca-parameter configuration.
Command Default
None
Examples
The following example shows how to reset edca-parameter values to default:
(Cisco Controller) >
clear advanced 802.11a optimized-roaming stats
(Cisco Controller) >
clear advanced 802.11a packet
(Cisco Controller) >
clear advanced 802.11a edca-parameter
12
Cisco Wireless Controller Command Reference, Release 8.4
clear acl counters clear acl counters
To clear the current counters for an Access Control List (ACL), use the clear acl counters command.
clear acl counters acl_name
Syntax Description
acl_name
ACL name.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
ACL counters are available only on the following controllers: Cisco 4400 Series Controller, Cisco WiSM, and Catalyst 3750G Integrated Wireless LAN Controller Switch.
Examples
The following example shows how to clear the current counters for acl1:
(Cisco Controller) >
clear acl counters acl1
Related Commands config acl counter show acl
Cisco Wireless Controller Command Reference, Release 8.4
13
clear ap config clear ap config
To clear (reset to the default values) a lightweight access point’s configuration settings, use the clear ap config command.
clear ap config ap_name
Syntax Description
ap_name
Access point name.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Entering this command does not clear the static IP address of the access point.
Examples
The following example shows how to clear the access point’s configuration settings for the access point named ap1240_322115:
(Cisco Controller) >
clear ap config ap1240_322115
Clear ap-config will clear ap config and reboot the AP. Are you sure you want continue?
(y/n)
14
Cisco Wireless Controller Command Reference, Release 8.4
clear ap eventlog clear ap eventlog
To delete the existing event log and create an empty event log file for a specific access point or for all access points joined to the controller, use the clear ap eventlog command.
clear ap eventlog {specific ap_name | all}
Syntax Description specific
ap_name
all
Specifies a specific access point log file.
Name of the access point for which the event log file is emptied.
Deletes the event log for all access points joined to the controller.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to delete the event log for all access points:
(Cisco Controller) >
clear ap eventlog all
This will clear event log contents for all APs. Do you want continue? (y/n) :y
All AP event log contents have been successfully cleared.
Cisco Wireless Controller Command Reference, Release 8.4
15
clear ap join stats clear ap join stats
To clear the join statistics for all access points or for a specific access point, use the clear ap join stats command.
clear ap join stats {all | ap_mac}
Syntax Description all
ap_mac
Specifies all access points.
Access point MAC address.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to clear the join statistics of all the access points:
(Cisco Controller) >
clear ap join stats all
16
Cisco Wireless Controller Command Reference, Release 8.4
clear arp
To clear the Address Resolution Protocol (ARP) table, use the clear arp command.
clear arp
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to clear the ARP table:
(Cisco Controller) >
clear arp
Are you sure you want to clear the ARP cache? (y/n)
Related Commands clear transfer clear download datatype clear download filename clear download mode clear download serverip clear download start clear upload datatype clear upload filename clear upload mode clear upload path clear upload serverip clear upload start clear stats port clear arp
Cisco Wireless Controller Command Reference, Release 8.4
17
clear ap tsm clear ap tsm
To clear the Traffic Stream Metrics (TSM) statistics of clients associated to an access point, use the clear ap
tsm command.
clear ap tsm {802.11a | 802.11b} cisco_ap all
Syntax Description
802.11a
802.11b
cisco_ap
all
Clears 802.11a TSM statistics of clients associated to an access point.
Clears 802.11b TSM statistics of clients associated to an access point.
Cisco lightweight access point.
Clears TSM statistics of clients associated to the access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to clear 802.11a TSM statistics for all clients of an access point:
(Cisco Controller) >
clear ap tsm 802.11a AP3600_1 all
18
Cisco Wireless Controller Command Reference, Release 8.4
clear atf
To clear Cisco Airtime Fairness configuration or statistics, use the clear atf command.
clear atf {config | statistics}
Syntax Description config statistics
Clears Cisco ATF configuration
Clears Cisco ATF statistics
Command History
Release
8.1
Examples
Modification
This command was introduced
The following is a sample output of the clear atf config command:
(Cisco Controller) >
clear atf config clear atf
Cisco Wireless Controller Command Reference, Release 8.4
19
clear avc statistics clear avc statistics
To clear Application Visibility and Control (AVC) statistics of a client, guest LAN, remote LAN, or a WLAN use the clear avc statistics command.
clear avc statistics {client {all | client-mac} | guest-lan {all | guest-lan-id} | remote-lan {all | remote-lan-id}
| wlan {all | wlan-id}}
Syntax Description client all
client-mac
guest-lan all
guest-lan-id
remote-lan all
remote-lan-id
wlan all
wlan-id
Clears AVC statistics of a client.
Clears AVC statistics of all clients.
MAC address of a client.
Clears AVC statistics of a guest LAN.
Clears AVC statistics of all guest LANs.
Guest LAN Identifier between 1 and 5.
Clears AVC statistics of a remote LAN.
Clears AVC statistics of all remote LANs.
Remote LAN Identifier between 1 and 512.
Clears AVC statistics of a WLAN.
Clears AVC statistics of all WLANs.
WLAN Identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to clear the AVC statistics of a client:
(Cisco Controller) >
clear avc statistics client 00:21:1b:ea:36:60
20
Cisco Wireless Controller Command Reference, Release 8.4
Related Commands config avc profile create config avc profile delete config avc profile rule config wlan avc show avc profile show avc applications show avc statistics debug avc error debug avc events clear avc statistics
Cisco Wireless Controller Command Reference, Release 8.4
21
clear client tsm clear client tsm
To clear the Traffic Stream Metrics (TSM) statistics for a particular access point or all the access points to which this client is associated, use the clear client tsm command.
clear client tsm {802.11a | 802.11b} client_mac {ap_mac | all}
Syntax Description
802.11a
802.11b
client_mac ap_mac
all
Specifies the 802.11a network.
Specifies the 802.11b network.
MAC address of the client.
MAC address of a Cisco lightweight access point.
Specifies all access points.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to clear the TSM for the MAC address 00:40:96:a8:f7:98:
(Cisco Controller) >
clear client tsm 802.11a 00:40:96:a8:f7:98 all
Related Commands clear upload start
22
Cisco Wireless Controller Command Reference, Release 8.4
clear config clear config
To reset configuration data to factory defaults, use the clear config command.
clear config
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to reset the configuration data to factory defaults:
(Cisco Controller) >
clear config
Are you sure you want to clear the configuration? (y/n) n
Configuration not cleared!
Related Commands clear transfer clear download datatype clear download filename clear download mode clear download serverip clear download start clear upload datatype clear upload filename clear upload mode clear upload path clear upload serverip clear upload start clear stats port
Cisco Wireless Controller Command Reference, Release 8.4
23
clear ext-webauth-url clear ext-webauth-url
To clear the external web authentication URL, use the clear ext-webauth-url command.
clear ext-webauth-url
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to clear the external web authentication URL:
(Cisco Controller) >
clear ext-webauth-url
URL cleared.
Related Commands clear transfer clear download datatype clear download filename clear download mode clear download serverip clear download start clear upload datatype clear upload filename clear upload mode clear upload path clear upload serverip clear upload start clear stats port
24
Cisco Wireless Controller Command Reference, Release 8.4
clear location rfid clear location rfid
To clear a specific Radio Frequency Identification (RFID) tag or all of the RFID tags in the entire database, use the clear location rfid command.
clear location rfid {mac_address | all}
Syntax Description
mac_address
all
MAC address of a specific RFID tag.
Specifies all the RFID tags in the database.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to clear all the RFID tags in the database:
(Cisco Controller) >
clear location rfid all
Related Commands clear location statistics rfid config location show location show location statistics rfid
Cisco Wireless Controller Command Reference, Release 8.4
25
clear location statistics rfid clear location statistics rfid
To clear Radio Frequency Identification (RFID) statistics, use the clear location statistics rfid command.
clear location statistics rfid
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to clear RFID statistics:
(Cisco Controller) >
clear location statistics rfid
Related Commands config location show location show location statistics rfid
26
Cisco Wireless Controller Command Reference, Release 8.4
clear locp statistics clear locp statistics
To clear the Location Protocol (LOCP) statistics, use the clear locp statistics command.
clear locp statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to clear the statistics related to LOCP:
(Cisco Controller) >
clear locp statistics
Related Commands clear nmsp statistics config nmsp notify-interval measurement show nmsp notify-interval summary show nmsp statistics show nmsp status
Cisco Wireless Controller Command Reference, Release 8.4
27
clear login-banner clear login-banner
To remove the login banner file from the controller, use the clear login-banner command.
clear login-banner
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to clear the login banner file:
(Cisco Controller) >
clear login-banner
Related Commands transfer download datatype
28
Cisco Wireless Controller Command Reference, Release 8.4
clear lwapp private-config clear lwapp private-config
To clear (reset to default values) an access point’s current Lightweight Access Point Protocol (LWAPP) private configuration, which contains static IP addressing and controller IP address configurations, use the clear
lwapp private-config command.
clear lwapp private-config
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Enter the command on the access point console port.
Prior to changing the FlexConnect configuration on an access point using the access point’s console port, the access point must be in standalone mode (not connected to a Cisco WLC) and you must remove the current
LWAPP private configuration by using the clear lwapp private-config command.
Note
The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.
Examples
The following example shows how to clear an access point’s current LWAPP private configuration: ap_console >
clear lwapp private-config
removing the reap config file flash:/lwapp_reap.cfg
Cisco Wireless Controller Command Reference, Release 8.4
29
clear lwapp private-config
30
Cisco Wireless Controller Command Reference, Release 8.4
Clear Commands: m to z
•
clear mdns service-database, page 32
•
clear nmsp statistics, page 34
•
clear radius acct statistics, page 35
•
clear tacacs auth statistics, page 36
•
•
•
clear stats local-auth, page 39
•
•
•
•
clear stats smart-lic, page 44
•
•
•
•
•
•
•
Cisco Wireless Controller Command Reference, Release 8.4
31
clear mdns service-database clear mdns service-database
To clear the multicast DNS service database, use the clear mdns service-database command.
clear mdns service-database {all | service-name}
Syntax Description all
service-name
Clears the mDNS service database.
Name of the mDNS service. The Cisco WLC clears the details of the mDNS service.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The Cisco WLC snoops and learns about the mDNS service advertisements only if the service is available in the Master Services database.
Examples
The following example shows how to clear the mDNS service database:
(Cisco Controller) >
clear mdns service-database all
Related Commands config mdns query interval config mdns service config mdns snooping config interface mdns-profile config interface group mdns-profile config wlan mdns show mdns profile show mnds service config mdns profile debug mdns all debug mdns error debug mdns detail
32
Cisco Wireless Controller Command Reference, Release 8.4
debug mdns message clear mdns service-database
Cisco Wireless Controller Command Reference, Release 8.4
33
clear nmsp statistics clear nmsp statistics
To clear the Network Mobility Services Protocol (NMSP) statistics, use the clear nmsp statistics command.
clear nmsp statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to delete the NMSP statistics log file:
(Cisco Controller) >
clear nmsp statistics
Related Commands clear locp statistics config nmsp notify-interval measurement show nmsp notify-interval summary show nmsp status
34
Cisco Wireless Controller Command Reference, Release 8.4
clear radius acct statistics clear radius acct statistics
To clear the RADIUS accounting statistics on the controller, use the clear radius acc statistics command.
clear radius acct statistics [index | all]
Syntax Description index all
(Optional) Specifies the index of the RADIUS accounting server.
(Optional) Specifies all RADIUS accounting servers.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to clear the RADIUS accounting statistics:
(Cisco Controller) >
clear radius acc statistics
Related Commands show radius acct statistics
Cisco Wireless Controller Command Reference, Release 8.4
35
clear tacacs auth statistics clear tacacs auth statistics
To clear the RADIUS authentication server statistics in the controller, use the clear tacacs auth statistics command.
clear tacacs auth statistics [index | all]
Syntax Description index all
(Optional) Specifies the index of the RADIUS authentication server.
(Optional) Specifies all RADIUS authentication servers.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to clear the RADIUS authentication server statistics:
(Cisco Controller) >
clear tacacs auth statistics
Related Commands show tacacs auth statistics show tacacs summary config tacacs auth
36
Cisco Wireless Controller Command Reference, Release 8.4
clear redirect-url clear redirect-url
To clear the custom web authentication redirect URL on the Cisco Wireless LAN Controller, use the clear
redirect-url command.
clear redirect-url
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to clear the custom web authentication redirect URL:
(Cisco Controller) >
clear redirect-url
URL cleared.
Related Commands clear transfer clear download datatype clear download filename clear download mode clear download path clear download start clear upload datatype clear upload filename clear upload mode clear upload path clear upload serverip clear upload start
Cisco Wireless Controller Command Reference, Release 8.4
37
clear stats ap wlan clear stats ap wlan
To clear the WLAN statistics, use the clear stats ap wlan command.
clear stats ap wlan cisco_ap
Syntax Description
cisco_ap
Selected configuration elements.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to clear the WLAN configuration elements of the access point cisco_ap:
(Cisco Controller) >
clear stats ap wlan cisco_ap
WLAN statistics cleared.
38
Cisco Wireless Controller Command Reference, Release 8.4
clear stats local-auth clear stats local-auth
To clear the local Extensible Authentication Protocol (EAP) statistics, use the clear stats local-auth command.
clear stats local-auth
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to clear the local EAP statistics:
(Cisco Controller) >
clear stats local-auth
Local EAP Authentication Stats Cleared.
Related Commands config local-auth active-timeout config local-auth eap-profile config local-auth method fast config local-auth user-credentials debug aaa local-auth show local-auth certificates show local-auth config show local-auth statistics
Cisco Wireless Controller Command Reference, Release 8.4
39
clear stats mobility clear stats mobility
To clear mobility manager statistics, use the clear stats mobility command.
clear stats mobility
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to clear mobility manager statistics:
(Cisco Controller) >
clear stats mobility
Mobility stats cleared.
40
Cisco Wireless Controller Command Reference, Release 8.4
clear stats port clear stats port
To clear statistics counters for a specific port, use the clear stats port command.
clear stats port port
Syntax Description
port
Physical interface port number.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to clear the statistics counters for port 9:
(Cisco Controller) >
clear stats port 9
Related Commands clear transfer clear download datatype clear download datatype clear download filename clear download mode clear download serverip clear download start clear upload datatype clear upload filename clear upload mode clear upload path clear upload serverip clear upload start clear stats port
Cisco Wireless Controller Command Reference, Release 8.4
41
clear stats radius clear stats radius
To clear the statistics for one or more RADIUS servers, use the clear stats radius command.
clear stats radius {auth | acct} {index | all}
Syntax Description auth acct index all
Clears statistics regarding authentication.
Clears statistics regarding accounting.
Specifies the index number of the RADIUS server to be cleared.
Clears statistics for all RADIUS servers.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to clear the statistics for all RADIUS authentication servers:
(Cisco Controller) >
clear stats radius auth all
Related Commands clear transfer clear download datatype clear download filename clear download mode clear download serverip clear download start clear upload datatype clear upload filename clear upload mode clear upload path clear upload serverip
42
Cisco Wireless Controller Command Reference, Release 8.4
clear upload start clear stats port clear stats radius
Cisco Wireless Controller Command Reference, Release 8.4
43
clear stats smart-lic clear stats smart-lic
To clear all the Cisco Smart Software statistics, use the clear stats smart-lic command.
clear stats smart-lic
Command History
Release
8.2
Modification
This command was introduced.
Examples
The following example shows how to clear smart licensing statistics:
(Cisco Controller) >
clear stats smart-lic
Initiated Smart Licensing statistics clear
44
Cisco Wireless Controller Command Reference, Release 8.4
clear stats switch clear stats switch
To clear all switch statistics counters on a Cisco wireless LAN controller, use the clear stats switch command.
clear stats switch
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to clear all switch statistics counters:
(Cisco Controller) >
clear stats switch
Related Commands clear transfer clear download datatype clear download filename clear download mode clear download path clear download start clear upload datatype clear upload filename clear upload mode clear upload path clear upload serverip clear upload start
Cisco Wireless Controller Command Reference, Release 8.4
45
clear stats tacacs clear stats tacacs
To clear the TACACS+ server statistics on the controller, use the clear stats tacacs command.
clear stats tacacs [auth | athr | acct] [index | all]
Syntax Description auth athr acct index all
(Optional) Clears the TACACS+ authentication server statistics.
(Optional) Clears the TACACS+ authorization server statistics.
(Optional) Clears the TACACS+ accounting server statistics.
(Optional) Specifies index of the TACACS+ server.
(Optional) Specifies all TACACS+ servers.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to clear the TACACS+ accounting server statistics for index 1:
(Cisco Controller) >
clear stats tacacs acct 1
Related Commands show tacacs summary
46
Cisco Wireless Controller Command Reference, Release 8.4
clear transfer clear transfer
To clear the transfer information, use the clear transfer command.
clear transfer
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to clear the transfer information:
(Cisco Controller) >
clear transfer
Are you sure you want to clear the transfer information? (y/n) y
Transfer Information Cleared.
Related Commands transfer upload datatype transfer upload pac transfer upload password transfer upload port transfer upload path transfer upload username transfer upload datatype transfer upload serverip transfer upload start
Cisco Wireless Controller Command Reference, Release 8.4
47
clear traplog clear traplog
To clear the trap log, use the clear traplog command.
clear traplog
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to clear the trap log:
(Cisco Controller) >
clear traplog
Are you sure you want to clear the trap log? (y/n) y
Trap Log Cleared.
Related Commands clear transfer clear download datatype clear download filename clear download mode clear download path clear download serverip clear download start clear upload filename clear upload mode clear upload path clear upload serverip clear upload start
48
Cisco Wireless Controller Command Reference, Release 8.4
clear webimage clear webimage
To clear the custom web authentication image, use the clear webimage command.
clear webimage
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to clear the custom web authentication image:
(Cisco Controller) >
clear webimage
Related Commands clear transfer clear download datatype clear download filename clear download mode clear download path clear download serverip clear download start clear upload filename clear upload mode clear upload path clear upload serverip clear upload start
Cisco Wireless Controller Command Reference, Release 8.4
49
clear webmessage clear webmessage
To clear the custom web authentication message, use the clear webmessage command.
clear webmessage
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to clear the custom web authentication message:
(Cisco Controller) >
clear webmessage
Message cleared.
Related Commands clear transfer clear download datatype clear download filename clear download mode clear download path clear download serverip clear download start clear upload filename clear upload mode clear upload path clear upload serverip clear upload start
50
Cisco Wireless Controller Command Reference, Release 8.4
clear webtitle clear webtitle
To clear the custom web authentication title, use the clear webtitle command.
clear webtitle
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to clear the custom web authentication title:
(Cisco Controller) >
clear webtitle
Title cleared.
Related Commands clear transfer clear download datatype clear download filename clear download mode clear download path clear download serverip clear download start clear upload filename clear upload mode clear upload path clear upload serverip clear upload start
Cisco Wireless Controller Command Reference, Release 8.4
51
clear webtitle
52
Cisco Wireless Controller Command Reference, Release 8.4
P A R T
III
Config Commands
•
Config Commands: 802.11, page 55
•
Config Commands: a to i, page 171
•
Config Commands: j to q, page 579
•
Config Commands: r to z, page 839
Config Commands: 802.11
•
•
config 802.11a 11acsupport, page 59
•
config 802.11-a antenna extAntGain, page 60
•
config 802.11-a channel ap, page 61
•
config 802.11-a txpower ap, page 62
•
config 802.11 antenna diversity, page 63
•
config 802.11 antenna extAntGain, page 64
•
config 802.11 antenna mode, page 65
•
config 802.11 antenna selection, page 66
•
config 802.11b 11gSupport, page 67
•
config 802.11b preamble, page 68
•
config 802.11h channelswitch, page 69
•
config 802.11h powerconstraint, page 70
•
config 802.11h setchannel, page 71
•
config 802.11 11nsupport, page 72
•
config 802.11 11nsupport a-mpdu tx priority, page 73
•
config 802.11 11nsupport a-mpdu tx scheduler, page 75
•
config 802.11 11nsupport antenna, page 76
•
config 802.11 11nsupport guard-interval, page 77
•
config 802.11 11nsupport mcs tx, page 78
•
config 802.11 11nsupport rifs, page 80
•
config 802.11 antenna diversity, page 81
•
config 802.11 antenna extAntGain, page 82
•
config 802.11 antenna mode, page 83
Cisco Wireless Controller Command Reference, Release 8.4
55
•
config 802.11 antenna selection, page 84
•
config 802.11 channel, page 85
•
config 802.11 channel ap, page 87
•
config 802.11 chan_width, page 88
•
config 802.11 rx-sop threshold, page 90
•
config 802.11 txPower, page 92
•
config 802.11 beamforming, page 94
•
config 802.11h channelswitch, page 96
•
config 802.11h powerconstraint, page 97
•
config 802.11h setchannel, page 98
•
config 802.11h smart dfs, page 99
•
config 802.11 11nsupport, page 100
•
config 802.11 11nsupport a-mpdu tx priority, page 101
•
config 802.11 11nsupport a-mpdu tx scheduler, page 103
•
config 802.11 11nsupport antenna, page 104
•
config 802.11 11nsupport guard-interval, page 105
•
config 802.11 11nsupport mcs tx, page 106
•
config 802.11 11nsupport rifs, page 108
•
config 802.11 beacon period, page 109
•
config 802.11 cac defaults, page 110
•
config 802.11 cac video acm, page 112
•
config 802.11 cac video cac-method, page 114
•
config 802.11 cac video load-based, page 116
•
config 802.11 cac video max-bandwidth, page 118
•
config 802.11 cac media-stream, page 120
•
config 802.11 cac multimedia, page 122
•
config 802.11 cac video roam-bandwidth, page 124
•
config 802.11 cac video sip, page 126
•
config 802.11 cac video tspec-inactivity-timeout, page 128
•
config 802.11 cac voice acm, page 130
•
config 802.11 cac voice max-bandwidth, page 131
•
config 802.11 cac voice roam-bandwidth, page 133
•
config 802.11 cac voice tspec-inactivity-timeout, page 135
56
Cisco Wireless Controller Command Reference, Release 8.4
•
config 802.11 cac voice load-based, page 137
•
config 802.11 cac voice max-calls, page 139
•
config 802.11 cac voice sip bandwidth, page 141
•
config 802.11 cac voice sip codec, page 143
•
config 802.11 cac voice stream-size, page 145
•
config 802.11 cleanair, page 147
•
config 802.11 cleanair device, page 149
•
config 802.11 cleanair alarm, page 151
•
config 802.11 disable, page 153
•
•
config 802.11 enable, page 155
•
config 802.11 exp-bwreq, page 157
•
config 802.11 fragmentation, page 158
•
config 802.11 l2roam rf-params, page 159
•
config 802.11 max-clients, page 161
•
config 802.11 media-stream multicast-direct, page 162
•
config 802.11 media-stream video-redirect, page 164
•
config 802.11 multicast data-rate, page 165
•
•
config 802.11 rssi-check, page 167
•
config 802.11 rssi-threshold, page 168
•
•
config 802.11b preamble, page 170
Cisco Wireless Controller Command Reference, Release 8.4
57
config 802.11-abgn config 802.11-abgn
To configure dual-band radio parameters on an access point, use the config 802.11-abgn command.
config 802.11-abgn {cleanair {enable | disable} {cisco_ap band band} | {enable | disable} {cisco_ap}}
Syntax Description cleanair enable disable
cisco_ap
band
band
enable disable
Configures CleanAir on the dual-band radio.
Enables CleanAir for both 2.4-GHz and 5-GHz radios.
Disables CleanAir for both
2.4-GHz and 5-GHz radios.
Name of the access point to which the command applies.
Configures the radio band.
Radio band that can be 2.4-GHz or
5-GHz.
Enables the dual-band radio on an access point.
Disables the dual-band radio on an access point.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Only Cisco CleanAir-enabled access point radios can be configured for Cisco CleanAir.
Examples
The following example shows how to enable Cisco CleanAir on an access point:
(Cisco Controller) >
config 802.11-abgn cleanair enable AP3600 band 5
58
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11a 11acsupport config 802.11a 11acsupport
To configure 802.11ac 5-GHz parameters, use the config 802.11a 11acsupport
config 802.11a 11acsupport {enable | disable | mcs tx mcs_index ss spatial_stream {enable | disable}}
Syntax Description enable disable mcs tx tx
mcs_index
ss
spatial_stream
Enables 802.11ac 5-GHz mode.
Disables 802.11ac 5-GHz mode.
Configures 802.11ac 5-GHz Modulation and Coding Scheme (MCS) rates at which data can be transmitted between the access point and the client.
Configures 802.11ac 5-GHz MCS transmit rates.
MCS index value of 8 or 9. MCS data rates with index 8 or 9 are specific to 802.11ac.
When you enable an MCS data rate with index 9, the data rate with MCS index 8 is automatically enabled.
Configures the 802.11ac 5-GHz MCS spatial stream (SS).
Spatial stream within which you can enable or disable an MCS data rate.
Signals transmitted by the various antennae are multiplexed by using different spaces within the same spectral channel. These spaces are known as spatial streams. Three spatial streams are available within which you can enable or disable a MCS rate. The range is from 1 to 3.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Disabling the 802.11n/ac mode applies only to access radios. Backhaul radios always have 802.11n/ac mode enabled if they are 802.11n capable.
Examples
The following example shows how to configure the MCS index for spatial stream 3:
(Cisco Controller) >
config 802.11a 11acsupport mcs tx 9 ss 3
Cisco Wireless Controller Command Reference, Release 8.4
59
config 802.11-a antenna extAntGain config 802.11-a antenna extAntGain
To configure the external antenna gain for the 4.9-GHz and 5.8-GHz public safety channels on an access point, use the config 802.11-a antenna extAntGain commands.
config {802.11-a49 | 802.11-a58} antenna extAntGain ant_gain cisco_ap {global | channel_no}
Syntax Description
802.11-a49
802.11-a58
ant_gain cisco_ap
global
channel_no
Specifies the 4.9-GHz public safety channel.
Specifies the 5.8-GHz public safety channel.
Value in .5-dBi units (for instance, 2.5 dBi = 5).
Name of the access point to which the command applies.
Specifies the antenna gain value to all channels.
Antenna gain value for a specific channel.
Command Default
Channel properties are disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Before you enter the config 802.11-a antenna extAntGain command, disable the 802.11 Cisco radio with the config 802.11-a disable command.
After you configure the external antenna gain, use the config 802.11-a enable command to reenable the 802.11
Cisco radio.
Examples
The following example shows how to configure an 802.11-a49 external antenna gain of 10 dBi for AP1:
(Cisco Controller) >
config 802.11-a antenna extAntGain 10 AP1
60
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11-a channel ap config 802.11-a channel ap
To configure the channel properties for the 4.9-GHz and 5.8-GHz public safety channels on an access point, use the config 802.11-a channel ap command.
config {802.11-a49 | 802.11-a58} channel ap cisco_ap {global | channel_no}
Syntax Description
802.11-a49
802.11-a58
cisco_ap
global
channel_no
Specifies the 4.9-GHz public safety channel.
Specifies the 5.8-GHz public safety channel.
Name of the access point to which the command applies.
Enables the Dynamic Channel Assignment (DCA) on all 4.9-GHz and
5.8-GHz subband radios.
Custom channel for a specific mesh access point. The range is 1 through
26, inclusive, for a 4.9-GHz band and 149 through 165, inclusive, for a
5.8-GHz band.
Command Default
Channel properties are disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the channel properties:
(Cisco Controller) >
config 802.11-a channel ap
Cisco Wireless Controller Command Reference, Release 8.4
61
config 802.11-a txpower ap config 802.11-a txpower ap
To configure the transmission power properties for the 4.9-GHz and 5.8-GHz public safety channels on an access point, use the config 802.11-a txpower ap command.
config {802.11-a49 | 802.11-a58} txpower ap cisco_ap {global | power_level}
Syntax Description
802.11-a49
802.11-a58 txpower ap
cisco_ap
global
power_level
Specifies the 4.9-GHz public safety channel.
Specifies the 5.8-GHz public safety channel.
Configures transmission power properties.
Configures access point channel settings.
Name of the access point to which the command applies.
Applies the transmission power value to all channels.
Transmission power value to the designated mesh access point. The range is from 1 to 5.
Command Default
The default transmission power properties for the 4.9-GHz and 5.8-GHz public safety channels on an access point is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure an 802.11-a49 transmission power level of 4 for AP1:
(Cisco Controller) >
config 802.11-a txpower ap 4 AP1
62
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 antenna diversity config 802.11 antenna diversity
To configure the diversity option for 802.11 antennas, use the config 802.11 antenna diversity command.
config 802.11{a | b} antenna diversity {enable | sideA | sideB} cisco_ap
Syntax Description a b enable sideA sideB
cisco_ap
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the diversity.
Specifies the diversity between the internal antennas and an external antenna connected to the Cisco lightweight access point left port.
Specifies the diversity between the internal antennas and an external antenna connected to the Cisco lightweight access point right port.
Cisco lightweight access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable antenna diversity for AP01 on an 802.11b network:
(Cisco Controller) >
config 802.11a antenna diversity enable AP01
The following example shows how to enable diversity for AP01 on an 802.11a network, using an external antenna connected to the Cisco lightweight access point left port (sideA):
(Cisco Controller) >
config 802.11a antenna diversity sideA AP01
Cisco Wireless Controller Command Reference, Release 8.4
63
config 802.11 antenna extAntGain config 802.11 antenna extAntGain
To configure external antenna gain for an 802.11 network, use the config 802.11 antenna extAntGain command.
config 802.11{a | b} antenna extAntGain antenna_gain cisco_ap
Syntax Description a b
antenna_gain cisco_ap
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Antenna gain in 0.5 dBm units (for example, 2.5 dBm = 5).
Cisco lightweight access point name.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Before you enter the config 802.11 antenna extAntGain command, disable the 802.11 Cisco radio with the
config 802.11 disable command.
After you configure the external antenna gain, use the config 802.11 enable command to enable the 802.11
Cisco radio.
Examples
The following example shows how to configure an 802.11a external antenna gain of 0.5 dBm for AP1:
(Cisco Controller) >
config 802.11 antenna extAntGain 1 AP1
64
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 antenna mode config 802.11 antenna mode
To configure the Cisco lightweight access point to use one internal antenna for an 802.11 sectorized 180-degree coverage pattern or both internal antennas for an 802.11 360-degree omnidirectional pattern, use the config
802.11 antenna mode command.
config 802.11{a | b} antenna mode {omni | sectorA | sectorB} cisco_ap
Syntax Description a b omni sectorA sectorB
cisco_ap
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies to use both internal antennas.
Specifies to use only the side A internal antenna.
Specifies to use only the side B internal antenna.
Cisco lightweight access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure access point AP01 antennas for a 360-degree omnidirectional pattern on an 802.11b network:
(Cisco Controller) >
config 802.11 antenna mode omni AP01
Cisco Wireless Controller Command Reference, Release 8.4
65
config 802.11 antenna selection config 802.11 antenna selection
To select the internal or external antenna selection for a Cisco lightweight access point on an 802.11 network, use the config 802.11 antenna selection command.
config 802.11{a | b} antenna selection {internal | external} cisco_ap
Syntax Description a b internal external
cisco_ap
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the internal antenna.
Specifies the external antenna.
Cisco lightweight access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure access point AP02 on an 802.11b network to use the internal antenna:
(Cisco Controller) >
config 802.11a antenna selection internal AP02
66
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11b 11gSupport config 802.11b 11gSupport
To enable or disable the Cisco wireless LAN solution 802.11g network, use the config 802.11b 11gSupport command.
config 802.11b 11gSupport {enable | disable}
Syntax Description enable disable
Enables the 802.11g network.
Disables the 802.11g network.
Command Default
The default network for Cisco wireless LAN solution 802.11g is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Before you enter the config 802.11b 11gSupport {enable | disable} command, disable the 802.11 Cisco radio with the config 802.11 disable command.
After you configure the support for the 802.11g network, use the config 802.11 enable command to enable the 802.11 radio.
Note
To disable an 802.11a, 802.11b and/or 802.11g network for an individual wireless LAN, use the config
wlan radio command.
Examples
The following example shows how to enable the 802.11g network:
(Cisco Controller) >
config 802.11b 11gSupport enable
Changing the 11gSupport will cause all the APs to reboot when you enable
802.11b network.
Are you sure you want to continue? (y/n) n
11gSupport not changed!
Cisco Wireless Controller Command Reference, Release 8.4
67
config 802.11b preamble config 802.11b preamble
To change the 802.11b preamble as defined in subclause 18.2.2.2 to long (slower, but more reliable) or short
(faster, but less reliable), use the config 802.11b preamble command.
config 802.11b preamble {long | short}
Syntax Description long short
Specifies the long 802.11b preamble.
Specifies the short 802.11b preamble.
Command Default
The default 802.11b preamble value is short.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Note
You must reboot the Cisco Wireless LAN Controller (reset system) with save to implement this command.
This parameter must be set to long to optimize this Cisco wireless LAN controller for some clients, including
SpectraLink NetLink telephones.
This command can be used any time that the CLI interface is active.
Examples
The following example shows how to change the 802.11b preamble to short:
(Cisco Controller) >
config 802.11b preamble short
(Cisco Controller) >(reset system with save)
68
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11h channelswitch config 802.11h channelswitch
To configure an 802.11h channel switch announcement, use the config 802.11h channelswitch command.
config 802.11h channelswitch {enable {loud | quiet} | disable}
Syntax Description enable disable
Enables the 802.11h channel switch announcement.
Disables the 802.11h channel switch announcement.
Command Default
None
Command History
Release
7.6
Modification
• This command was introduced in a release earlier than Release 7.6.
• The loud and quiet parameters were introduced.
Examples
The following example shows how to disable an 802.11h switch announcement:
(Cisco Controller) >
config 802.11h channelswitch disable
Cisco Wireless Controller Command Reference, Release 8.4
69
config 802.11h powerconstraint config 802.11h powerconstraint
To configure the 802.11h power constraint value, use the config 802.11h powerconstraint command.
config 802.11h powerconstraint value
Syntax Description
value
802.11h power constraint value.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the 802.11h power constraint to 5:
(Cisco Controller) >
config 802.11h powerconstraint 5
70
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11h setchannel config 802.11h setchannel
To configure a new channel using 802.11h channel announcement, use the config 802.11h setchannel command.
config 802.11h setchannel cisco_ap
Syntax Description
cisco_ap
Cisco lightweight access point name.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure a new channel using the 802.11h channel:
(Cisco Controller) >
config 802.11h setchannel ap02
Cisco Wireless Controller Command Reference, Release 8.4
71
config 802.11 11nsupport config 802.11 11nsupport
To enable 802.11n support on the network, use the config 802.11 11nsupport command.
config 802.11{a | b} 11nsupport {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network settings.
Specifies the 802.11b/g network settings.
Enables the 802.11n support.
Disables the 802.11n support.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the 802.11n support on an 802.11a network:
(Cisco Controller) >
config 802.11a 11nsupport enable
72
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 11nsupport a-mpdu tx priority config 802.11 11nsupport a-mpdu tx priority
To specify the aggregation method used for 802.11n packets, use the config 802.11 11nsupport a-mpdu tx
priority command.
config 802.11{a | b} 11nsupport a-mpdu tx priority {0-7 | all} {enable | disable}
Syntax Description a b
0-7 all enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the aggregated MAC protocol data unit priority level between 0 through
7.
Configures all of the priority levels at once.
Specifies the traffic associated with the priority level uses A-MPDU transmission.
Specifies the traffic associated with the priority level uses A-MSDU transmission.
Command Default
Priority 0 is enabled.
Usage Guidelines
Aggregation is the process of grouping packet data frames together rather than transmitting them separately.
Two aggregation methods are available: Aggregated MAC Protocol Data Unit (A-MPDU) and Aggregated
MAC Service Data Unit (A-MSDU). A-MPDU is performed in the software whereas A-MSDU is performed in the hardware.
Aggregated MAC Protocol Data Unit priority levels assigned per traffic type are as follows:
• 1—Background
• 2—Spare
• 0—Best effort
• 3—Excellent effort
• 4—Controlled load
• 5—Video, less than 100-ms latency and jitter
• 6—Voice, less than 10-ms latency and jitter
• 7—Network control
• all—Configure all of the priority levels at once.
Cisco Wireless Controller Command Reference, Release 8.4
73
config 802.11 11nsupport a-mpdu tx priority
Note
Configure the priority levels to match the aggregation method used by the clients.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure all the priority levels at once so that the traffic associated with the priority level uses A-MSDU transmission:
(Cisco Controller) >
config 802.11a 11nsupport a-mpdu tx priority all enable
74
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 11nsupport a-mpdu tx scheduler config 802.11 11nsupport a-mpdu tx scheduler
To configure the 802.11n-5 GHz A-MPDU transmit aggregation scheduler, use the config 802.11 11nsupport
a-mpdu tx scheduler command.
config 802.11{a | b} 11nsupport a-mpdu tx scheduler {enable | disable | timeout rt timeout-value}
Syntax Description enable disable timeout rt
timeout-value
Enables the 802.11n-5 GHz A-MPDU transmit aggregation scheduler.
Disables the 802.11n-5 GHz A-MPDU transmit aggregation scheduler.
Configures the A-MPDU transmit aggregation scheduler realtime traffic timeout.
Timeout value in milliseconds. The valid range is between 1 millisecond to 1000 milliseconds.
Command Default
None
Usage Guidelines
Ensure that the 802.11 network is disabled before you enter this command.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the A-MPDU transmit aggregation scheduler realtime traffic timeout of 100 milliseconds:
(Cisco Controller) >
config 802.11 11nsupport a-mpdu tx scheduler timeout rt 100
Cisco Wireless Controller Command Reference, Release 8.4
75
config 802.11 11nsupport antenna config 802.11 11nsupport antenna
To configure an access point to use a specific antenna, use the config 802.11 11nsupport antenna command.
config 802.11{a | b} 11nsupport antenna cisco_ap {A | B | C | D} {enable | disable}
Syntax Description a b
cisco_ap
A/B/C/D enable disable
Specifies the 802.11a/n network.
Specifies the 802.11b/g/n network.
Access point.
Specifies an antenna port.
Enables the configuration.
Disables the configuration.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure transmission to a single antenna for legacy orthogonal frequency-division multiplexing:
(Cisco Controller) >
config 802.11 11nsupport antenna AP1 C enable
76
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 11nsupport guard-interval config 802.11 11nsupport guard-interval
To configure the guard interval, use the config 802.11 11nsupport guard-interval command.
config 802.11 {a | b} 11nsupport guard-interval {any | long}
Syntax Description any long
Enables either a short or a long guard interval.
Enables only a long guard interval.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure a long guard interval:
(Cisco Controller) >
config 802.11 11nsupport guard-interval long
Cisco Wireless Controller Command Reference, Release 8.4
77
config 802.11 11nsupport mcs tx config 802.11 11nsupport mcs tx
To specify the modulation and coding scheme (MCS) rates at which data can be transmitted between the access point and the client, use the config 802.11 11nsupport mcs tx command.
config 802.11{a | b} 11nsupport mcs tx {0-15} {enable | disable}
Syntax Description a b
11nsupport mcs tx enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies support for 802.11n devices.
Specifies the modulation and coding scheme data rates as follows:
• 0 (7 Mbps)
• 1 (14 Mbps)
• 2 (21 Mbps)
• 3 (29 Mbps)
• 4 (43 Mbps)
• 5 (58 Mbps)
• 6 (65 Mbps)
• 7 (72 Mbps)
• 8 (14 Mbps)
• 9 (29 Mbps)
• 10 (43 Mbps)
• 11 (58 Mbps)
• 12 (87 Mbps)
• 13 (116 Mbps)
• 14 (130 Mbps)
• 15 (144 Mbps)
Enables this configuration.
Disables this configuration.
Command Default
None
78
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 11nsupport mcs tx
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to specify MCS rates:
(Cisco Controller) >
config 802.11a 11nsupport mcs tx 5 enable
Cisco Wireless Controller Command Reference, Release 8.4
79
config 802.11 11nsupport rifs config 802.11 11nsupport rifs
To configure the Reduced Interframe Space (RIFS) between data frames and its acknowledgment, use the
config 802.11 11nsupport rifs command.
config 802.11{a | b} 11nsupport rifs {enable | disable}
Syntax Description enable disable
Enables RIFS for the 802.11 network.
Disables RIFS for the 802.11 network.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
This example shows how to enable RIFS:
(Cisco Controller) >
config 802.11a 11nsupport rifs enable
80
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 antenna diversity config 802.11 antenna diversity
To configure the diversity option for 802.11 antennas, use the config 802.11 antenna diversity command.
config 802.11{a | b} antenna diversity {enable | sideA | sideB} cisco_ap
Syntax Description a b enable sideA sideB
cisco_ap
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the diversity.
Specifies the diversity between the internal antennas and an external antenna connected to the Cisco lightweight access point left port.
Specifies the diversity between the internal antennas and an external antenna connected to the Cisco lightweight access point right port.
Cisco lightweight access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable antenna diversity for AP01 on an 802.11b network:
(Cisco Controller) >
config 802.11a antenna diversity enable AP01
The following example shows how to enable diversity for AP01 on an 802.11a network, using an external antenna connected to the Cisco lightweight access point left port (sideA):
(Cisco Controller) >
config 802.11a antenna diversity sideA AP01
Cisco Wireless Controller Command Reference, Release 8.4
81
config 802.11 antenna extAntGain config 802.11 antenna extAntGain
To configure external antenna gain for an 802.11 network, use the config 802.11 antenna extAntGain command.
config 802.11{a | b} antenna extAntGain antenna_gain cisco_ap
Syntax Description a b
antenna_gain cisco_ap
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Antenna gain in 0.5 dBm units (for example, 2.5 dBm = 5).
Cisco lightweight access point name.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Before you enter the config 802.11 antenna extAntGain command, disable the 802.11 Cisco radio with the
config 802.11 disable command.
After you configure the external antenna gain, use the config 802.11 enable command to enable the 802.11
Cisco radio.
Examples
The following example shows how to configure an 802.11a external antenna gain of 0.5 dBm for AP1:
(Cisco Controller) >
config 802.11 antenna extAntGain 1 AP1
82
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 antenna mode config 802.11 antenna mode
To configure the Cisco lightweight access point to use one internal antenna for an 802.11 sectorized 180-degree coverage pattern or both internal antennas for an 802.11 360-degree omnidirectional pattern, use the config
802.11 antenna mode command.
config 802.11{a | b} antenna mode {omni | sectorA | sectorB} cisco_ap
Syntax Description a b omni sectorA sectorB
cisco_ap
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies to use both internal antennas.
Specifies to use only the side A internal antenna.
Specifies to use only the side B internal antenna.
Cisco lightweight access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure access point AP01 antennas for a 360-degree omnidirectional pattern on an 802.11b network:
(Cisco Controller) >
config 802.11 antenna mode omni AP01
Cisco Wireless Controller Command Reference, Release 8.4
83
config 802.11 antenna selection config 802.11 antenna selection
To select the internal or external antenna selection for a Cisco lightweight access point on an 802.11 network, use the config 802.11 antenna selection command.
config 802.11{a | b} antenna selection {internal | external} cisco_ap
Syntax Description a b internal external
cisco_ap
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the internal antenna.
Specifies the external antenna.
Cisco lightweight access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure access point AP02 on an 802.11b network to use the internal antenna:
(Cisco Controller) >
config 802.11a antenna selection internal AP02
84
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 channel config 802.11 channel
To configure an 802.11 network or a single access point for automatic or manual channel selection, use the
config 802.11 channel command.
config 802.11{a | b} channel {global [auto | once | off | restart]} | ap {ap_name [global | channel]}
Syntax Description a b global auto once off restarts
ap_name channel
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the 802.11a operating channel that is automatically set by RRM and overrides the existing configuration setting.
(Optional) Specifies that the channel is automatically set by Radio Resource
Management (RRM) for the 802.11a radio.
(Optional) Specifies that the channel is automatically set once by RRM.
(Optional) Specifies that the automatic channel selection by RRM is disabled.
(Optional) Restarts the aggressive DCA cycle.
Access point name.
Manual channel number to be used by the access point. The supported channels depend on the specific access point used and the regulatory region.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
When configuring 802.11 channels for a single lightweight access point, enter the config 802.11 disable command to disable the 802.11 network. Enter the config 802.11 channel command to set automatic channel selection by Radio Resource Management (RRM) or manually set the channel for the 802.11 radio, and enter the config 802.11 enable command to enable the 802.11 network.
Cisco Wireless Controller Command Reference, Release 8.4
85
config 802.11 channel
Examples
Note
See the Channels and Maximum Power Settings for Cisco Aironet Lightweight Access Points document for the channels supported by your access point. The power levels and available channels are defined by the country code setting and are regulated on a country-by-country basis.
The following example shows how to have RRM automatically configure the 802.11a channels for automatic channel configuration based on the availability and interference:
(Cisco Controller) >
config 802.11a channel global auto
The following example shows how to configure the 802.11b channels one time based on the availability and interference:
(Cisco Controller) >
config 802.11b channel global once
The following example shows how to turn 802.11a automatic channel configuration off:
(Cisco Controller) >
config 802.11a channel global off
The following example shows how to configure the 802.11b channels in access point AP01 for automatic channel configuration:
(Cisco Controller) >
config 802.11b AP01 channel global
The following example shows how to configure the 802.11a channel 36 in access point AP01 as the default channel:
(Cisco Controller) >
config 802.11a channel AP01 36
86
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 channel ap config 802.11 channel ap
To set the operating radio channel for an access point, use the config 802.11 channel ap command.
config 802.11{a | b} channel ap cisco_ap {global | channel_no}
Syntax Description a b
cisco_ap
global
channel_no
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Name of the Cisco access point.
Enables auto-RF on the designated access point.
Default channel from 1 to 26, inclusive.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable auto-RF for access point AP01 on an 802.11b network:
(Cisco Controller) >
config 802.11b channel ap AP01 global
Cisco Wireless Controller Command Reference, Release 8.4
87
config 802.11 chan_width config 802.11 chan_width
To configure the channel width for a particular access point, use the config 802.11 chan_width command.
config 802.11{a | b} chan_width cisco_ap {20 | 40 | 80 | 160 | best}
Syntax Description a b
cisco_ap
20
40
80
160 best
Configures the 802.11a radio on slot 1 and 802.11ac
radio on slot 2.
Specifies the 802.11b/g radio.
Access point.
Allows the radio to communicate using only 20-MHz channels.
Choose this option for legacy 802.11a radios, 20-MHz
802.11n radios, or 40-MHz 802.11n radios that you want to operate using only 20-MHz channels.
Allows 40-MHz 802.11n radios to communicate using two adjacent 20-MHz channels bonded together.
Allows 80-MHz 802.11ac radios to communicate using two adjacent 40-MHz channels bonded together.
Allows 160-MHz 802.11ac radios to communicate.
In this mode, the device selects the optimum bandwidth channel.
Command Default
The default channel width is 20.
Command History
Release
7.6
8.3
Modification
This command was introduced in a release earlier than
Release 7.6.
This command was enhanced in this release with the inclusion of 160 MHz and best channel bandwidth modes.
Usage Guidelines
This parameter can be configured only if the primary channel is statically assigned.
88
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 chan_width
Examples
Caution
We recommend that you do not configure 40-MHz channels in the 2.4-GHz radio band because severe co-channel interference can occur.
Statically configuring an access point’s radio for 20-MHz or 40-MHz mode overrides the globally configured
DCA channel width setting (configured by using the config advanced 802.11 channel dca chan-width command). If you change the static configuration back to global on the access point radio, the global DCA configuration overrides the channel width configuration that the access point was previously using.
The following example shows how to configure the channel width for access point AP01 on an 802.11 network using 40-MHz channels:
(Cisco Controller) >
config 802.11a chan_width AP01 40
Cisco Wireless Controller Command Reference, Release 8.4
89
config 802.11 rx-sop threshold config 802.11 rx-sop threshold
To configure the high, medium or low Receiver Start of Packet Detection Threshold (Rx SOP) threshold value for each 802.11 band, use the config 802.11 rx-sop threshold command.
config {802.11a | 802.11b} rx-sop threshold {high | medium | low | auto} {ap ap_name | default}
Syntax Description
802.11a
802.11b
high medium low auto
ap ap_name
default
Configures an Rx SOP threshold value for the 802.11a network.
Configures an Rx SOP threshold value for the 802.11b network.
Configures the high Rx SOP threshold value for 802.11a/b networks.
Configures the medium Rx SOP threshold value for 802.11a/b networks.
Configures the low Rx SOP threshold value for 802.11a/b networks.
Configures an auto Rx SOP threshold value for 802.11a/b networks. When you choose auto, the access point determines the best Rx SOP threshold value.
Configures the Rx SOP threshold value on an access point of an 802.11 network.
Configures the Rx SOP threshold value on all access points of an 802.11 network.
Command Default
The default Rx SOP threshold option is auto.
Command History
Release
8.0
Modification
This command was introduced.
Usage Guidelines
Rx SOP determines the Wi-Fi signal level in dBm at which an access point's radio demodulates and decodes a packet. Higher the level, less sensitive the radio is and smaller the receiver cell size. The table below shows the Rx SOP threshold values for high, medium and low levels for each 802.11 band.
Table 3: Rx SOP Thresholds
802.11 Band
5 GHz
2.4 GHz
High Threshold
-76 dBm
-79 dBm
Medium Threshold
-78 dBm
-82 dBm
Low Threshold
-80 dBm
-85 dBm
90
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 rx-sop threshold
Examples
The following example shows how to configure a high Rx SOP threshold value for all access points in the
802.11a band:
(Cisco Controller) >
config 802.11a rx-sop threshold high default
Cisco Wireless Controller Command Reference, Release 8.4
91
config 802.11 txPower config 802.11 txPower
To configure the transmit power level for all access points or a single access point in an 802.11 network, use the config 802.11 txPower command.
config 802.11{a | b} txPower {global {power_level | auto | max | min | once } | ap cisco_ap}
Syntax Description a b global auto once
power_level
ap
ap_name
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Configures the 802.11 transmit power level for all lightweight access points.
(Optional) Specifies the power level is automatically set by Radio Resource Management (RRM) for the
802.11 Cisco radio.
(Optional) Specifies the power level is automatically set once by RRM.
(Optional) Manual Transmit power level number for the access point.
Configures the 802.11 transmit power level for a specified lightweight access point.
Access point name.
Command Default
The command default (global, auto) is for automatic configuration by RRM.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The supported power levels depends on the specific access point used and the regulatory region. For example, the 1240 series access point supports eight levels and the 1200 series access point supports six levels. See the
Channels and Maximum Power Settings for Cisco Aironet Lightweight Access Points document for the maximum transmit power limits for your access point. The power levels and available channels are defined by the country code setting and are regulated on a country-by-country basis.
92
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 txPower
Examples
The following example shows how to automatically set the 802.11a radio transmit power level in all lightweight access points:
(Cisco Controller) >
config 802.11a txPower auto
The following example shows how to manually set the 802.11b radio transmit power to level 5 for all lightweight access points:
(Cisco Controller) >
config 802.11b txPower global 5
The following example shows how to automatically set the 802.11b radio transmit power for access point
AP1:
(Cisco Controller) >
config 802.11b txPower AP1 global
The following example shows how to manually set the 802.11a radio transmit power to power level 2 for access point AP1:
(Cisco Controller) >
config 802.11b txPower AP1 2
Related Commands show ap config 802.11a
config 802.11b txPower
Cisco Wireless Controller Command Reference, Release 8.4
93
config 802.11 beamforming config 802.11 beamforming
To enable or disable Beamforming (ClientLink) on the network or on individual radios, enter the config 802.11
beamforming command.
config 802.11{a | b} beamforming {global | ap ap_name} {enable | disable}
Syntax Description a b global
ap ap_name
enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies all lightweight access points.
Specifies the Cisco access point name.
Enables beamforming.
Disables beamforming.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
When you enable Beamforming on the network, it is automatically enabled for all the radios applicable to that network type.
Follow these guidelines for using Beamforming:
• Beamforming is supported only for legacy orthogonal frequency-division multiplexing (OFDM) data rates (6, 9, 12, 18, 24, 36, 48, and 54 mbps).
Note
Beamforming is not supported for complementary-code keying (CCK) data rates (1, 2,
5.5, and 11 Mbps).
• Beamforming is supported only on access points that support 802.11n (AP1250 and AP1140).
• Two or more antennas must be enabled for transmission.
• All three antennas must be enabled for reception.
• OFDM rates must be enabled.
94
Cisco Wireless Controller Command Reference, Release 8.4
Examples config 802.11 beamforming
If the antenna configuration restricts operation to a single transmit antenna, or if OFDM rates are disabled,
Beamforming is not used.
The following example shows how to enable Beamforming on the 802.11a network:
(Cisco Controller) >
config 802.11 beamforming global enable
Cisco Wireless Controller Command Reference, Release 8.4
95
config 802.11h channelswitch config 802.11h channelswitch
To configure an 802.11h channel switch announcement, use the config 802.11h channelswitch command.
config 802.11h channelswitch {enable {loud | quiet} | disable}
Syntax Description enable disable
Enables the 802.11h channel switch announcement.
Disables the 802.11h channel switch announcement.
Command Default
None
Command History
Release
7.6
Modification
• This command was introduced in a release earlier than Release 7.6.
• The loud and quiet parameters were introduced.
Examples
The following example shows how to disable an 802.11h switch announcement:
(Cisco Controller) >
config 802.11h channelswitch disable
96
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11h powerconstraint config 802.11h powerconstraint
To configure the 802.11h power constraint value, use the config 802.11h powerconstraint command.
config 802.11h powerconstraint value
Syntax Description
value
802.11h power constraint value.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the 802.11h power constraint to 5:
(Cisco Controller) >
config 802.11h powerconstraint 5
Cisco Wireless Controller Command Reference, Release 8.4
97
config 802.11h setchannel config 802.11h setchannel
To configure a new channel using 802.11h channel announcement, use the config 802.11h setchannel command.
config 802.11h setchannel cisco_ap
Syntax Description
cisco_ap
Cisco lightweight access point name.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure a new channel using the 802.11h channel:
(Cisco Controller) >
config 802.11h setchannel ap02
98
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11h smart dfs config 802.11h smart dfs
To enable or disable 802.11h smart-dfs feature, use the config 802.11h smart-dfs command.
config 802.11h smart-dfs {enable | disable}
Syntax Description enable disable
Enables non occupancy time doubling for Radar interfere channel.
Disables non occupancy time doubling and use legacy time (30 minutes) for
Radar interference channel.
Use disable to match legacy DFS behavior.
Command Default
Enabled
Command History
Examples
Release
8.2.141.0
Modification
This command was introduced.
The following example shows how to enable 802.11h smart-dfs:
(Cisco Controller) >
config 802.11h smart-dfs enable
Cisco Wireless Controller Command Reference, Release 8.4
99
config 802.11 11nsupport config 802.11 11nsupport
To enable 802.11n support on the network, use the config 802.11 11nsupport command.
config 802.11{a | b} 11nsupport {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network settings.
Specifies the 802.11b/g network settings.
Enables the 802.11n support.
Disables the 802.11n support.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the 802.11n support on an 802.11a network:
(Cisco Controller) >
config 802.11a 11nsupport enable
100
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 11nsupport a-mpdu tx priority config 802.11 11nsupport a-mpdu tx priority
To specify the aggregation method used for 802.11n packets, use the config 802.11 11nsupport a-mpdu tx
priority command.
config 802.11{a | b} 11nsupport a-mpdu tx priority {0-7 | all} {enable | disable}
Syntax Description a b
0-7 all enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the aggregated MAC protocol data unit priority level between 0 through
7.
Configures all of the priority levels at once.
Specifies the traffic associated with the priority level uses A-MPDU transmission.
Specifies the traffic associated with the priority level uses A-MSDU transmission.
Command Default
Priority 0 is enabled.
Usage Guidelines
Aggregation is the process of grouping packet data frames together rather than transmitting them separately.
Two aggregation methods are available: Aggregated MAC Protocol Data Unit (A-MPDU) and Aggregated
MAC Service Data Unit (A-MSDU). A-MPDU is performed in the software whereas A-MSDU is performed in the hardware.
Aggregated MAC Protocol Data Unit priority levels assigned per traffic type are as follows:
• 1—Background
• 2—Spare
• 0—Best effort
• 3—Excellent effort
• 4—Controlled load
• 5—Video, less than 100-ms latency and jitter
• 6—Voice, less than 10-ms latency and jitter
• 7—Network control
• all—Configure all of the priority levels at once.
Cisco Wireless Controller Command Reference, Release 8.4
101
config 802.11 11nsupport a-mpdu tx priority
Note
Configure the priority levels to match the aggregation method used by the clients.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure all the priority levels at once so that the traffic associated with the priority level uses A-MSDU transmission:
(Cisco Controller) >
config 802.11a 11nsupport a-mpdu tx priority all enable
102
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 11nsupport a-mpdu tx scheduler config 802.11 11nsupport a-mpdu tx scheduler
To configure the 802.11n-5 GHz A-MPDU transmit aggregation scheduler, use the config 802.11 11nsupport
a-mpdu tx scheduler command.
config 802.11{a | b} 11nsupport a-mpdu tx scheduler {enable | disable | timeout rt timeout-value}
Syntax Description enable disable timeout rt
timeout-value
Enables the 802.11n-5 GHz A-MPDU transmit aggregation scheduler.
Disables the 802.11n-5 GHz A-MPDU transmit aggregation scheduler.
Configures the A-MPDU transmit aggregation scheduler realtime traffic timeout.
Timeout value in milliseconds. The valid range is between 1 millisecond to 1000 milliseconds.
Command Default
None
Usage Guidelines
Ensure that the 802.11 network is disabled before you enter this command.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the A-MPDU transmit aggregation scheduler realtime traffic timeout of 100 milliseconds:
(Cisco Controller) >
config 802.11 11nsupport a-mpdu tx scheduler timeout rt 100
Cisco Wireless Controller Command Reference, Release 8.4
103
config 802.11 11nsupport antenna config 802.11 11nsupport antenna
To configure an access point to use a specific antenna, use the config 802.11 11nsupport antenna command.
config 802.11{a | b} 11nsupport antenna cisco_ap {A | B | C | D} {enable | disable}
Syntax Description a b
cisco_ap
A/B/C/D enable disable
Specifies the 802.11a/n network.
Specifies the 802.11b/g/n network.
Access point.
Specifies an antenna port.
Enables the configuration.
Disables the configuration.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure transmission to a single antenna for legacy orthogonal frequency-division multiplexing:
(Cisco Controller) >
config 802.11 11nsupport antenna AP1 C enable
104
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 11nsupport guard-interval config 802.11 11nsupport guard-interval
To configure the guard interval, use the config 802.11 11nsupport guard-interval command.
config 802.11 {a | b} 11nsupport guard-interval {any | long}
Syntax Description any long
Enables either a short or a long guard interval.
Enables only a long guard interval.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure a long guard interval:
(Cisco Controller) >
config 802.11 11nsupport guard-interval long
Cisco Wireless Controller Command Reference, Release 8.4
105
config 802.11 11nsupport mcs tx config 802.11 11nsupport mcs tx
To specify the modulation and coding scheme (MCS) rates at which data can be transmitted between the access point and the client, use the config 802.11 11nsupport mcs tx command.
config 802.11{a | b} 11nsupport mcs tx {0-15} {enable | disable}
Syntax Description a b
11nsupport mcs tx enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies support for 802.11n devices.
Specifies the modulation and coding scheme data rates as follows:
• 0 (7 Mbps)
• 1 (14 Mbps)
• 2 (21 Mbps)
• 3 (29 Mbps)
• 4 (43 Mbps)
• 5 (58 Mbps)
• 6 (65 Mbps)
• 7 (72 Mbps)
• 8 (14 Mbps)
• 9 (29 Mbps)
• 10 (43 Mbps)
• 11 (58 Mbps)
• 12 (87 Mbps)
• 13 (116 Mbps)
• 14 (130 Mbps)
• 15 (144 Mbps)
Enables this configuration.
Disables this configuration.
Command Default
None
106
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 11nsupport mcs tx
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to specify MCS rates:
(Cisco Controller) >
config 802.11a 11nsupport mcs tx 5 enable
Cisco Wireless Controller Command Reference, Release 8.4
107
config 802.11 11nsupport rifs config 802.11 11nsupport rifs
To configure the Reduced Interframe Space (RIFS) between data frames and its acknowledgment, use the
config 802.11 11nsupport rifs command.
config 802.11{a | b} 11nsupport rifs {enable | disable}
Syntax Description enable disable
Enables RIFS for the 802.11 network.
Disables RIFS for the 802.11 network.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
This example shows how to enable RIFS:
(Cisco Controller) >
config 802.11a 11nsupport rifs enable
108
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 beacon period config 802.11 beacon period
To change the beacon period globally for an 802.11a, 802.11b, or other supported 802.11 network, use the
config 802.11 beacon period command.
config 802.11{a | b} beacon period time_units
Note
Disable the 802.11 network before using this command. See the “Usage Guidelines” section.
Syntax Description a b
time_units
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Beacon interval in time units (TU). One TU is 1024 microseconds.
Command Default
None
Usage Guidelines
In Cisco wireless LAN solution 802.11 networks, all Cisco lightweight access point wireless LANs broadcast a beacon at regular intervals. This beacon notifies clients that the 802.11a service is available and allows the clients to synchronize with the lightweight access point.
Before you change the beacon period, make sure that you have disabled the 802.11 network by using the
config 802.11 disable command. After changing the beacon period, enable the 802.11 network by using the
config 802.11 enable command.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
This example shows how to configure an 802.11a network for a beacon period of 120 time units:
(Cisco Controller) >
config 802.11 beacon period 120
Related Commands show 802.11a
config 802.11b beaconperiod config 802.11a disable config 802.11a enable
Cisco Wireless Controller Command Reference, Release 8.4
109
config 802.11 cac defaults config 802.11 cac defaults
To configure the default Call Admission Control (CAC) parameters for the 802.11a and 802.11b/g network, use the config 802.11 cac defaults command.
config 802.11 {a | b} cac defaults
Syntax Description a b
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable command.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
This example shows how to configure the default CAC parameters for the 802.11a network:
(Cisco Controller) >
config 802.11 cac defaults
Related Commands show cac voice stats show cac voice summary show cac video stats show cac video summary config 802.11 cac video tspec-inactivity-timeout
110
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cac video max-bandwidth config 802.11 cac video acm config 802.11 cac video sip config 802.11 cac video roam-bandwidth config 802.11 cac load-based config 802.11 cac media-stream config 802.11 cac multimedia config 802.11 cac video cac-method debug cac config 802.11 cac defaults
Cisco Wireless Controller Command Reference, Release 8.4
111
config 802.11 cac video acm config 802.11 cac video acm
To enable or disable video Call Admission Control (CAC) for the 802.11a or 802.11b/g network, use the
config 802.11 cac video acm command.
config 802.11{a | b} cac video acm {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables video CAC settings.
Disables video CAC settings.
Command Default
The default video CAC settings for the 802.11a or 802.11b/g network is disabled.
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable, or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the video CAC for the 802.11a network:
(Cisco Controller) >
config 802.11 cac video acm enable
112
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cac video acm
The following example shows how to disable the video CAC for the 802.11b network:
(Cisco Controller) >
config 802.11 cac video acm disable
Related Commands config 802.11 cac video max-bandwidth config 802.11 cac video roam-bandwidth config 802.11 cac video tspec-inactivity-timeout
Cisco Wireless Controller Command Reference, Release 8.4
113
config 802.11 cac video cac-method config 802.11 cac video cac-method
To configure the Call Admission Control (CAC) method for video applications on the 802.11a or 802.11b/g network, use the config 802.11 cac video cac-method command.
config 802.11 {a | b} cac video cac-method {static | load-based}
Syntax Description a b static load-based
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the static CAC method for video applications on the 802.11a
or 802.11b/g network.
Static or bandwidth-based CAC enables the client to specify how much bandwidth or shared medium time is required to accept a new video request and in turn enables the access point to determine whether it is capable of accommodating the request.
Enables the load-based CAC method for video applications on the
802.11a or 802.11b/g network.
Load-based or dynamic CAC incorporates a measurement scheme that takes into account the bandwidth consumed by all traffic types from itself, from co-channel access points, and by collocated channel interference. Load-based CAC also covers the additional bandwidth consumption results from PHY and channel impairment. The access point admits a new call only if the channel has enough unused bandwidth to support that call.
Load-based CAC is not supported if SIP-CAC is enabled.
Command Default
Static.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable command.
114
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cac video cac-method
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Video CAC consists of two parts: Unicast Video-CAC and MC2UC CAC. If you need only Unicast Video-CAC, you must configure only static mode. If you need only MC2UC CAC, you must configure Static or Load-based
CAC. Load-based CAC is not supported if SIP-CAC is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
This example shows how to enable the static CAC method for video applications on the 802.11a network:
(Cisco Controller) >
config 802.11 cac video cac-method static
Related Commands show cac voice stats show cac voice summary show cac video stats show cac video summary config 802.11 cac video tspec-inactivity-timeout config 802.11 cac video max-bandwidth config 802.11 cac video acm config 802.11 cac video sip config 802.11 cac video roam-bandwidth config 802.11 cac load-based config 802.11 cac defaults config 802.11 cac media-stream config 802.11 cac multimedia debug cac
Cisco Wireless Controller Command Reference, Release 8.4
115
config 802.11 cac video load-based config 802.11 cac video load-based
To enable or disable load-based Call Admission Control (CAC) for video applications on the 802.11a or
802.11b/g network, use the config 802.11 cac video load-based command.
config 802.11 {a | b} cac video load-based {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables load-based CAC for video applications on the 802.11a or
802.11b/g network.
Load-based or dynamic CAC incorporates a measurement scheme that takes into account the bandwidth consumed by all traffic types from itself, from co-channel access points, and by collocated channel interference. Load-based CAC also covers the additional bandwidth consumption results from PHY and channel impairment. The access point admits a new call only if the channel has enough unused bandwidth to support that call.
Disables load-based CAC method for video applications on the 802.11a
or 802.11b/g network.
Command Default
Disabled.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable command.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
116
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cac video load-based
Video CAC consists of two parts: Unicast Video-CAC and MC2UC CAC. If you need only Unicast Video-CAC, you must configure only static mode. If you need only MC2UC CAC, you must configure Static or Load-based
CAC. Load-based CAC is not supported if SIP-CAC is enabled.
Note
Load-based CAC is not supported if SIP-CAC is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
This example shows how to enable load-based CAC method for video applications on the 802.11a network:
(Cisco Controller) >
config 802.11 cac video load-based enable
Related Commands show cac voice stats show cac voice summary show cac video stats show cac video summary config 802.11 cac video tspec-inactivity-timeout config 802.11 cac video max-bandwidth config 802.11 cac video acm config 802.11 cac video sip config 802.11 cac video roam-bandwidth config 802.11 cac load-based config 802.11 cac defaults config 802.11 cac media-stream config 802.11 cac multimedia config 802.11 cac video cac-method debug cac
Cisco Wireless Controller Command Reference, Release 8.4
117
config 802.11 cac video max-bandwidth config 802.11 cac video max-bandwidth
To set the percentage of the maximum bandwidth allocated to clients for video applications on the 802.11a
or 802.11b/g network, use the config 802.11 cac video max-bandwidth command.
config 802.11{a | b} cac video max-bandwidth bandwidth
Syntax Description a b
bandwidth
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Bandwidth percentage value from 5 to 85%.
Command Default
The default maximum bandwidth allocated to clients for video applications on the 802.11a or 802.11b/g network is 0%.
Usage Guidelines
The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. Once the client reaches the value specified, the access point rejects new calls on this network.
Note
If this parameter is set to zero (0), the controller assumes that you do not want to allocate any bandwidth and allows all bandwidth requests.
Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable, or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
118
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cac video max-bandwidth
Examples
The following example shows how to specify the percentage of the maximum allocated bandwidth for video applications on the selected radio band:
(Cisco Controller) >
config 802.11 cac video max-bandwidth 50
Related Commands config 802.11 cac video acm config 802.11 cac video roam-bandwidth config 802.11 cac voice stream-size config 802.11 cac voice roam-bandwidth
Cisco Wireless Controller Command Reference, Release 8.4
119
config 802.11 cac media-stream config 802.11 cac media-stream
To configure media stream Call Admission Control (CAC) voice and video quality parameters for 802.11a
and 802.11b networks, use the config 802.11 cac media-stream command.
config 802.11 {a | b} cac media-stream multicast-direct {max-retry-percent retry-percentage |
min-client-rate dot11-rate}
Syntax Description a b multicast-direct max-retry-percent
retry-percentage
min-client-rate
dot11-rate
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Configures CAC parameters for multicast-direct media streams.
Configures the percentage of maximum retries that are allowed for multicast-direct media streams.
Percentage of maximum retries that are allowed for multicast-direct media streams.
Configures the minimum transmission data rate to the client for multicast-direct media streams.
Minimum transmission data rate to the client for multicast-direct media streams. Rate in kbps at which the client can operate.
If the transmission data rate is below this rate, either the video will not start or the client may be classified as a bad client. The bad client video can be demoted for better effort QoS or subject to denial. The available data rates are 6000, 9000, 12000,
18000, 24000, 36000, 48000, 54000, and 11n rates.
Command Default
The default value for the maximum retry percent is 80. If it exceeds 80, either the video will not start or the client might be classified as a bad client. The bad client video will be demoted for better effort QoS or is subject to denial.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
120
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cac media-stream
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable command.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the maximum retry percent for multicast-direct media streams as 90 on a 802.11a network:
(Cisco Controller) >
config 802.11 cac media-stream multicast-direct max-retry-percent 90
Related Commands show cac voice stats show cac voice summary show cac video stats show cac video summary config 802.11 cac video tspec-inactivity-timeout config 802.11 cac video max-bandwidth config 802.11 cac video acm config 802.11 cac video sip config 802.11 cac video roam-bandwidth config 802.11 cac load-based config 802.11 cac defaults config 802.11 cac multimedia debug cac
Cisco Wireless Controller Command Reference, Release 8.4
121
config 802.11 cac multimedia config 802.11 cac multimedia
To configure the CAC media voice and video quality parameters for 802.11a and 802.11b networks, use the
config 802.11 cac multimedia command.
config 802.11 {a | b} cac multimedia max-bandwidth bandwidth
Syntax Description a b max-bandwidth
bandwidth
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Configures the percentage of maximum bandwidth allocated to Wi-Fi Multimedia (WMM) clients for voice and video applications on the 802.11a or
802.11b/g network.
Percentage of the maximum bandwidth allocated to WMM clients for voice and video applications on the 802.11a or 802.11b/g network. Once the client reaches the specified value, the access point rejects new calls on this radio band. The range is from 5 to 85%.
Command Default
The default maximum bandwidth allocated to Wi-Fi Multimedia (WMM) clients for voice and video applications on the 802.11a or 802.11b/g network is 85%.
Usage Guidelines
Call Admission Control (CAC) commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable command.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
122
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cac multimedia
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the percentage of the maximum bandwidth allocated to WMM clients for voice and video applications on the 802.11a network:
(Cisco Controller) >
config 802.11 cac multimedia max-bandwidth 80
Related Commands show cac voice stats show cac voice summary show cac video stats show cac video summary config 802.11 cac video tspec-inactivity-timeout config 802.11 cac video max-bandwidth config 802.11 cac video acm config 802.11 cac video sip config 802.11 cac video roam-bandwidth config 802.11 cac load-based config 802.11 cac defaults debug cac
Cisco Wireless Controller Command Reference, Release 8.4
123
config 802.11 cac video roam-bandwidth config 802.11 cac video roam-bandwidth
To configure the percentage of the maximum allocated bandwidth reserved for roaming video clients on the
802.11a or 802.11b/g network, use the config 802.11 cac video roam-bandwidth command.
config 802.11{a | b} cac video roam-bandwidth bandwidth
Syntax Description a b
bandwidth
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Bandwidth percentage value from 5 to 85%.
Command Default
The maximum allocated bandwidth reserved for roaming video clients on the 802.11a or 802.11b/g network is 0%.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The controller reserves the specified bandwidth from the maximum allocated bandwidth for roaming video clients.
Note
If this parameter is set to zero (0), the controller assumes that you do not want to do any bandwidth allocation and, therefore, allows all bandwidth requests.
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11 {a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11 {a |
b} cac voice acm enable or config 802.11 {a | b} cac video acm enable command.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
124
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cac video roam-bandwidth
Examples
The following example shows how to specify the percentage of the maximum allocated bandwidth reserved for roaming video clients on the selected radio band:
(Cisco Controller) >
config 802.11 cac video roam-bandwidth 10
Related Commands config 802.11 cac video tspec-inactivity-timeout config 802.11 cac video max-bandwidth config 802.11 cac video acm config 802.11 cac video cac-method config 802.11 cac video sip config 802.11 cac video load-based
Cisco Wireless Controller Command Reference, Release 8.4
125
config 802.11 cac video sip config 802.11 cac video sip
To enable or disable video Call Admission Control (CAC) for nontraffic specifications (TSPEC) SIP clients using video applications on the 802.11a or 802.11b/g network, use the config 802.11 cac video sip command.
config 802.11 {a | b} cac video sip {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables video CAC for non-TSPEC SIP clients using video applications on the 802.11a or 802.11b/g network.
When you enable video CAC for non-TSPEC SIP clients, you can use applications like Facetime and CIUS video calls.
Disables video CAC for non-TSPEC SIP clients using video applications on the 802.11a or 802.11b/g network.
Command Default
None
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11 {a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable command.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
• Enable call snooping on the WLAN on which the SIP client is present by entering the config wlan
call-snoop enable wlan_id command.
Examples
The following example shows how to enable video CAC for non-TSPEC SIP clients using video applications on the 802.11a network:
(Cisco Controller) >
config 802.11 cac video sip enable
126
Cisco Wireless Controller Command Reference, Release 8.4
Related Commands config 802.11 cac video tspec-inactivity-timeout config 802.11 cac video max-bandwidth config 802.11 cac video acm config 802.11 cac video cac-method config 802.11 cac video load-based config 802.11 cac video roam-bandwidth config 802.11 cac video sip
Cisco Wireless Controller Command Reference, Release 8.4
127
config 802.11 cac video tspec-inactivity-timeout config 802.11 cac video tspec-inactivity-timeout
To process or ignore the Call Admission Control (CAC) Wi-Fi Multimedia (WMM) traffic specifications
(TSPEC) inactivity timeout received from an access point, use the config 802.11 cac video
tspec-inactivity-timeout command.
config 802.11{a | b} cac video tspec-inactivity-timeout {enable | ignore}
Syntax Description a ab enable ignore
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Processes the TSPEC inactivity timeout messages.
Ignores the TSPEC inactivity timeout messages.
Command Default
The default CAC WMM TSPEC inactivity timeout received from an access point is disabled (ignore).
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to process the response to TSPEC inactivity timeout messages received from an access point:
(Cisco Controller) >
config 802.11a cac video tspec-inactivity-timeout enable
This example shows how to ignore the response to TSPEC inactivity timeout messages received from an access point:
(Cisco Controller) >
config 802.11a cac video tspec-inactivity-timeout ignore
128
Cisco Wireless Controller Command Reference, Release 8.4
Related Commands config 802.11 cac video acm config 802.11 cac video max-bandwidth config 802.11 cac video roam-bandwidth config 802.11 cac video tspec-inactivity-timeout
Cisco Wireless Controller Command Reference, Release 8.4
129
config 802.11 cac voice acm config 802.11 cac voice acm
To enable or disable bandwidth-based voice Call Admission Control (CAC) for the 802.11a or 802.11b/g network, use the config 802.11 cac voice acm command.
config 802.11{a | b} cac voice acm {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the bandwidth-based CAC.
Disables the bandwidth-based CAC.
Command Default
The default bandwidth-based voice CAC for the 802.11a or 802.11b/g network id disabled.
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to enable the bandwidth-based CAC:
(Cisco Controller) >
config 802.11c cac voice acm enable
This example shows how to disable the bandwidth-based CAC:
(Cisco Controller) >
config 802.11b cac voice acm disable
Related Commands config 802.11 cac video acm
130
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cac voice max-bandwidth config 802.11 cac voice max-bandwidth
To set the percentage of the maximum bandwidth allocated to clients for voice applications on the 802.11a
or 802.11b/g network, use the config 802.11 cac voice max-bandwidth command.
config 802.11{a | b} cac voice max-bandwidth bandwidth
Syntax Description a b
bandwidth
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Bandwidth percentage value from 5 to 85%.
Command Default
The default maximum bandwidth allocated to clients for voice applications on the 802.11a or 802.11b/g network is 0%.
Usage Guidelines
The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. Once the client reaches the value specified, the access point rejects new calls on this network.
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to specify the percentage of the maximum allocated bandwidth for voice applications on the selected radio band:
(Cisco Controller) >
config 802.11a cac voice max-bandwidth 50
Cisco Wireless Controller Command Reference, Release 8.4
131
config 802.11 cac voice max-bandwidth
Related Commands config 802.11 cac voice roam-bandwidth config 802.11 cac voice stream-size config 802.11 exp-bwreq config 802.11 tsm config wlan save show wlan show wlan summary config 802.11 cac voice tspec-inactivity-timeout config 802.11 cac voice load-based config 802.11 cac video acm
132
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cac voice roam-bandwidth config 802.11 cac voice roam-bandwidth
To configure the percentage of the Call Admission Control (CAC) maximum allocated bandwidth reserved for roaming voice clients on the 802.11a or 802.11b/g network, use the config 802.11 cac voice
roam-bandwidth command.
config 802.11{a | b} cac voice roam-bandwidth bandwidth
Syntax Description a b
bandwidth
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Bandwidth percentage value from 0 to 85%.
Command Default
The default CAC maximum allocated bandwidth reserved for roaming voice clients on the 802.11a or 802.11b/g network is 85%.
Usage Guidelines
The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. The controller reserves the specified bandwidth from the maximum allocated bandwidth for roaming voice clients.
Note
If this parameter is set to zero (0), the controller assumes you do not want to allocate any bandwidth and therefore allows all bandwidth requests.
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
133
config 802.11 cac voice roam-bandwidth
Examples
The following example shows how to configure the percentage of the maximum allocated bandwidth reserved for roaming voice clients on the selected radio band:
(Cisco Controller) >
config 802.11 cac voice roam-bandwidth 10
Related Commands config 802.11 cac voice acm config 802.11cac voice max-bandwidth config 802.11 cac voice stream-size
134
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cac voice tspec-inactivity-timeout config 802.11 cac voice tspec-inactivity-timeout
To process or ignore the Wi-Fi Multimedia (WMM) traffic specifications (TSPEC) inactivity timeout received from an access point, use the config 802.11 cac voice tspec-inactivity-timeout command.
config 802.11{a | b} cac voice tspec-inactivity-timeout {enable | ignore}
Syntax Description a b enable ignore
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Processes the TSPEC inactivity timeout messages.
Ignores the TSPEC inactivity timeout messages.
Command Default
The default WMM TSPEC inactivity timeout received from an access point is disabled (ignore).
Usage Guidelines
Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the voice TSPEC inactivity timeout messages received from an access point:
(Cisco Controller) >
config 802.11 cac voice tspec-inactivity-timeout enable
Cisco Wireless Controller Command Reference, Release 8.4
135
config 802.11 cac voice tspec-inactivity-timeout
Related Commands config 802.11 cac voice load-based config 802.11 cac voice roam-bandwidth config 802.11 cac voice acm config 802.11cac voice max-bandwidth config 802.11 cac voice stream-size
136
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cac voice load-based config 802.11 cac voice load-based
To enable or disable load-based Call Admission Control (CAC) for the 802.11a or 802.11b/g network, use the config 802.11 cac voice load-based command.
config 802.11{a | b} cac voice load-based {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables load-based CAC.
Disables load-based CAC.
Command Default
The default load-based CAC for the 802.11a or 802.11b/g network is disabled.
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the voice load-based CAC parameters:
(Cisco Controller) >
config 802.11a cac voice load-based enable
Cisco Wireless Controller Command Reference, Release 8.4
137
config 802.11 cac voice load-based
The following example shows how to disable the voice load-based CAC parameters:
(Cisco Controller) >
config 802.11a cac voice load-based disable
Related Commands config 802.11 cac voice tspec-inactivity-timeout config 802.11 cac video max-bandwidth config 802.11 cac video acm config 802.11 cac voice stream-size
138
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cac voice max-calls config 802.11 cac voice max-calls
Note
Do not use the config 802.11 cac voice max-calls command if the SIP call snooping feature is disabled and if the SIP based Call Admission Control (CAC) requirements are not met.
To configure the maximum number of voice call supported by the radio, use the config 802.11 cac voice
max-calls command.
config 802.11{a | b} cac voice max-calls number
Syntax Description a b
number
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Number of calls to be allowed per radio.
Command Default
The default maximum number of voice call supported by the radio is 0, which means that there is no maximum limit check for the number of calls.
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
139
config 802.11 cac voice max-calls
Examples
The following example shows how to configure the maximum number of voice calls supported by radio:
(Cisco Controller) >
config 802.11 cac voice max-calls 10
Related Commands config 802.11 cac voice roam-bandwidth config 802.11 cac voice stream-size config 802.11 exp-bwreq config 802.11 cac voice tspec-inactivity-timeout config 802.11 cac voice load-based config 802.11 cac video acm
140
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cac voice sip bandwidth config 802.11 cac voice sip bandwidth
Note
SIP bandwidth and sample intervals are used to compute per call bandwidth for the SIP-based Call
Admission Control (CAC).
To configure the bandwidth that is required per call for the 802.11a or 802.11b/g network, use the config
802.11 cac voice sip bandwidth command.
config 802.11{a | b} cac voice sip bandwidth bw_kbps sample-interval number_msecs
Syntax Description a b
bw_kbps
sample-interval
number_msecs
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Bandwidth in kbps.
Specifies the packetization interval for SIP codec.
Packetization sample interval in msecs. The sample interval for SIP codec is 20 seconds.
Command Default
None
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
141
config 802.11 cac voice sip bandwidth
Examples
The following example shows how to configure the bandwidth and voice packetization interval for a SIP codec:
(Cisco Controller) >
config 802.11 cac voice sip bandwidth 10 sample-interval 40
Related Commands config 802.11 cac voice acm config 802.11 cac voice load-based config 802.11 cac voice max-bandwidth config 802.11 cac voice roam-bandwidth config 802.11 cac voice tspec-inactivity-timeout config 802.11 exp-bwreq
142
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cac voice sip codec config 802.11 cac voice sip codec
To configure the Call Admission Control (CAC) codec name and sample interval as parameters and to calculate the required bandwidth per call for the 802.11a or 802.11b/g network, use the config 802.11 cac voice sip
codec command.
config 802.11{a | b} cac voice sip codec {g711 | g729} sample-interval number_msecs
Syntax Description a b g711 g729 sample-interval
number_msecs
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies CAC parameters for the SIP G711 codec.
Specifies CAC parameters for the SIP G729 codec.
Specifies the packetization interval for SIP codec.
Packetization interval in msecs. The sample interval for SIP codec value is 20 seconds.
Command Default
The default CAC codec parameter is g711.
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
143
config 802.11 cac voice sip codec
Examples
The following example shows how to configure the codec name and sample interval as parameters for SIP
G711 codec:
(Cisco Controller) >
config 802.11a cac voice sip codec g711 sample-interval 40
This example shows how to configure the codec name and sample interval as parameters for SIP G729 codec:
(Cisco Controller) >
config 802.11a cac voice sip codec g729 sample-interval 40
Related Commands config 802.11 cac voice acm config 802.11 cac voice load-based config 802.11 cac voice max-bandwidth config 802.11 cac voice roam-bandwidth config 802.11 cac voice tspec-inactivity-timeout config 802.11 exp-bwreq
144
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cac voice stream-size config 802.11 cac voice stream-size
To configure the number of aggregated voice Wi-Fi Multimedia (WMM) traffic specification (TSPEC) streams at a specified data rate for the 802.11a or 802.11b/g network, use the config 802.11 cac voice stream-size command.
config 802.11{a | b} cac voice stream-size stream_size number mean_datarate max-streams mean_datarate
Syntax Description a b stream-size
stream_size number
mean_datarate max-streams
mean_datarate
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Configures the maximum data rate for the stream.
Range of stream size is between 84000 and 92100.
Number (1 to 5) of voice streams.
Configures the mean data rate.
Configures the mean data rate of a voice stream.
Mean data rate (84 to 91.2 kbps) of a voice stream.
Command Default
The default number of streams is 2 and the mean data rate of a stream is 84 kbps.
Usage Guidelines
Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
• Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
• Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
• Save the new configuration by entering the save config command.
• Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring
Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
145
config 802.11 cac voice stream-size
Examples
The following example shows how to configure the number of aggregated voice traffic specifications stream with the stream size 5 and the mean data rate of 85000 kbps:
(Cisco Controller) >
config 802.11 cac voice stream-size 5 max-streams size 85
Related Commands config 802.11 cac voice acm config 802.11 cac voice load-based config 802.11 cac voice max-bandwidth config 802.11 cac voice roam-bandwidth config 802.11 cac voice tspec-inactivity-timeout config 802.11 exp-bwreq
146
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cleanair config 802.11 cleanair
To enable or disable CleanAir for the 802.11 a or 802.11 b/g network, use the config 802.11 cleanair command.
config 802.11{a | b} cleanair {alarm {air-quality {disable | enable | threshold alarm_threshold } | device
{disable device_type | enable device_type | reporting {disable | enable} | unclassified {disable | enable
| threshold alarm_threshold }} | device {disable device_type | enable device_type | reporting {disable |
enable} | disable {network | cisco_ap} | enable {network | cisco_ap}}
Syntax Description a b alarm air-quality enable disable threshold
alarm_threshold
device
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Configure 5-GHz cleanair alarms.
Configures the 5-GHz air quality alarm.
Enables the CleanAir settings.
Disables the CleanAir settings.
Configure the 5-GHz air quality alarm threshold.
Air quality alarm threshold (1 is bad air quality, and
100 is good air quality).
Configures the 5-GHz cleanair interference devices alarm.
Cisco Wireless Controller Command Reference, Release 8.4
147
config 802.11 cleanair
device_type
reporting unclassified
network cisco_ap
Device types. The device types are as follows:
• 802.11-nonstd—Devices using nonstandard
Wi-Fi channels.
• 802.11-inv—Devices using spectrally inverted
Wi-Fi signals.
• superag—802.11 SuperAG devices.
• all —All interference device types.
• cont-tx—Continuous Transmitter.
• dect-like—Digital Enhanced Cordless
Communication (DECT) like phone.
• tdd-tx—TDD Transmitter.
• jammer—Jammer.
• canopy—Canopy devices.
• video—Video cameras.
• wimax-mobile—WiMax Mobile.
• wimax-fixed—WiMax Fixed.
Configures the 5-GHz CleanAir interference devices alarm reporting.
Configures the 5-GHz air quality alarm on exceeding unclassified category severity.
5-GHz Cisco APs.
Name of the access point to which the command applies.
Command Default
The default CleanAir settings for the 802.11 a or 802.11 b/g network is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the CleanAir settings on access point ap_24:
(Cisco Controller) >
config 802.11a cleanair enable ap_24
148
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cleanair device config 802.11 cleanair device
To configure CleanAir interference device types, use the config 802.11 cleanair device command.
config 802.11{a | b} cleanair device {enable | disable | reporting {enable | disable}} device_type
Syntax Description a b enable disable reporting enable disable
device_type
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the CleanAir reporting for the interference device type.
Disables the CleanAir reporting for the interference device type.
Configures CleanAir interference device reporting.
Enables the 5-GHz Cleanair interference devices reporting.
Disables the 5-GHz Cleanair interference devices reporting.
Interference device type. The device type are as follows:
• 802.11-nonstd—Devices using nonstandard
WiFi channels.
• 802.11-inv—Devices using spectrally inverted
WiFi signals.
• superag—802.11 SuperAG devices.
• all —All interference device types.
• cont-tx—Continuous Transmitter.
• dect-like—Digital Enhanced Cordless
Communication (DECT) like phone.
• tdd-tx—TDD Transmitter.
• jammer—Jammer.
• canopy—Canopy devices.
• video—Video cameras.
• wimax-mobile—WiMax Mobile.
• wimax-fixed—WiMax Fixed.
Cisco Wireless Controller Command Reference, Release 8.4
149
config 802.11 cleanair device
Command Default
The default setting CleanAir reporting for the interference device type is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the CleanAir reporting for the device type jammer:
(Cisco Controller) >
config 802.11a cleanair device enable jammer
The following example shows how to disable the CleanAir reporting for the device type video:
(Cisco Controller) >
config 802.11a cleanair device disable video
The following example shows how to enable the CleanAir interference device reporting:
(Cisco Controller) >
config 802.11a cleanair device reporting enable
150
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 cleanair alarm config 802.11 cleanair alarm
To configure the triggering of the air quality alarms, use the config 802.11 cleanair alarm command.
config 802.11{a | b} cleanair alarm {air-quality {disable | enable | threshold alarm_threshold } | device
{disable device_type | enable device_type | reporting {disable | enable } | unclassified {disable | enable
| threshold alarm_threshold }}
Syntax Description a b air-quality disable enable threshold
alarm_threshold
device all reporting unclassified
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Configures the 5-GHz air quality alarm.
Disables the 5-GHz air quality alarm.
Enables the 5-GHz air quality alarm.
Configures the 5-GHz air quality alarm threshold.
Air quality alarm threshold (1 is bad air quality, and
100 is good air quality).
Configures the 5-GHz cleanair interference devices alarm.
Configures all the device types at once.
Configures the 5-GHz CleanAir interference devices alarm reporting.
Configures the 5-GHz air quality alarm on exceeding unclassified category severity.
Cisco Wireless Controller Command Reference, Release 8.4
151
config 802.11 cleanair alarm
device_type
Device types. The device types are as follows:
• 802.11-nonstd—Devices using nonstandard
Wi-Fi channels.
• 802.11-inv—Devices using spectrally inverted
Wi-Fi signals.
• superag—802.11 SuperAG devices.
• all —All interference device types.
• cont-tx—Continuous Transmitter.
• dect-like—Digital Enhanced Cordless
Communication (DECT) like phone.
• tdd-tx—TDD Transmitter.
• jammer—Jammer.
• canopy—Canopy devices.
• video—Video cameras.
• wimax-mobile—WiMax Mobile.
• wimax-fixed—WiMax Fixed.
Command Default
The default setting for 5-GHz air quality alarm is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the CleanAir alarm to monitor the air quality:
(Cisco Controller) >
config 802.11a cleanair alarm air-quality enable
The following example shows how to enable the CleanAir alarm for the device type video:
(Cisco Controller) >
config 802.11a cleanair alarm device enable video
The following example shows how to enable alarm reporting for the CleanAir interference devices:
(Cisco Controller) >
config 802.11a cleanair alarm device reporting enable
152
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 disable config 802.11 disable
To disable radio transmission for an entire 802.11 network or for an individual Cisco radio, use the
config 802.11 disable command.
config 802.11{a | b} disable {network | cisco_ap}
Syntax Description a b network
cisco_ap
Configures the 802.11a on slot 1 and 802.11ac radio on slot 2.
radio.
Specifies the 802.11b/g network.
Disables transmission for the entire 802.11a network.
Individual Cisco lightweight access point radio.
Command Default
The transmission is enabled for the entire network by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Examples
• You must use this command to disable the network before using many config 802.11 commands.
• This command can be used any time that the CLI interface is active.
The following example shows how to disable the entire 802.11a network:
(Cisco Controller) >
config 802.11a disable network
The following example shows how to disable access point AP01 802.11b transmissions:
(Cisco Controller) >
config 802.11b disable AP01
Cisco Wireless Controller Command Reference, Release 8.4
153
config 802.11 dtpc config 802.11 dtpc
To enable or disable the Dynamic Transmit Power Control (DTPC) setting for an 802.11 network, use the
config 802.11 dtpc command.
config 802.11{a | b} dtpc {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the support for this command.
Disables the support for this command.
Command Default
The default DTPC setting for an 802.11 network is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to disable DTPC for an 802.11a network:
(Cisco Controller) >
config 802.11a dtpc disable
154
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 enable config 802.11 enable
To enable radio transmission for an entire 802.11 network or for an individual Cisco radio, use the config 802.11
enable command.
config 802.11{a | b} enable {network | cisco_ap}
Syntax Description a b network
cisco_ap
Configures the 802.11a radioon slot 1 and 802.11ac on slot 2.
Specifies the 802.11b/g network.
Disables transmission for the entire 802.11a network.
Individual Cisco lightweight access point radio.
Command Default
The transmission is enabled for the entire network by default.
Usage Guidelines
Use this command with the config 802.11 disable command when configuring 802.11 settings.
This command can be used any time that the CLI interface is active.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable radio transmission for the entire 802.11a network:
(Cisco Controller) >
config 802.11a enable network
The following example shows how to enable radio transmission for AP1 on an 802.11b network:
(Cisco Controller) >
config 802.11b enable AP1
Related Commands show sysinfo show 802.11a
config wlan radio config 802.11a disable config 802.11b disable config 802.11b enable config 802.11b 11gSupport enable
Cisco Wireless Controller Command Reference, Release 8.4
155
config 802.11 enable config 802.11b 11gSupport disable
156
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 exp-bwreq config 802.11 exp-bwreq
To enable or disable the Cisco Client eXtension (CCX) version 5 expedited bandwidth request feature for an
802.11 radio, use the config 802.11 exp-bwreq command.
config 802.11{a | b} exp-bwreq {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the expedited bandwidth request feature.
Disables the expedited bandwidth request feature.
Command Default
The expedited bandwidth request feature is disabled by default.
Usage Guidelines
When this command is enabled, the controller configures all joining access points for this feature.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the CCX expedited bandwidth settings:
(Cisco Controller) >
config 802.11a exp-bwreq enable
Cannot change Exp Bw Req mode while 802.11a network is operational.
The following example shows how to disable the CCX expedited bandwidth settings:
(Cisco Controller) >
config 802.11a exp-bwreq disable
Related Commands show 802.11a
show ap stats 802.11a
Cisco Wireless Controller Command Reference, Release 8.4
157
config 802.11 fragmentation config 802.11 fragmentation
To configure the fragmentation threshold on an 802.11 network, use the config 802.11 fragmentation command.
config 802.11{a | b} fragmentation threshold
Note
This command can only be used when the network is disabled using the config 802.11 disable command.
Syntax Description a b
threshold
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Number between 256 and 2346 bytes (inclusive).
Command Default
None.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
This example shows how to configure the fragmentation threshold on an 802.11a network with the threshold number of 6500 bytes:
(Cisco Controller) >
config 802.11a fragmentation 6500
Related Commands config 802.11b fragmentation show 802.11b
show ap auto-rtf
158
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 l2roam rf-params config 802.11 l2roam rf-params
To configure 802.11a or 802.11b/g Layer 2 client roaming parameters, use the config 802.11 l2roam rf-params command.
config 802.11{a | b} l2roam rf-params {default | custom min_rssi roam_hyst scan_thresh trans_time}
Syntax Description a b default custom
min_rssi roam_hyst scan_thresh trans_time
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Restores Layer 2 client roaming RF parameters to default values.
Configures custom Layer 2 client roaming RF parameters.
Minimum received signal strength indicator (RSSI) that is required for the client to associate to the access point. If the client’s average received signal power dips below this threshold, reliable communication is usually impossible. Clients must already have found and roamed to another access point with a stronger signal before the minimum RSSI value is reached. The valid range is –80 to –90 dBm, and the default value is –85 dBm.
How much greater the signal strength of a neighboring access point must be in order for the client to roam to it. This parameter is intended to reduce the amount of roaming between access points if the client is physically located on or near the border between the two access points. The valid range is 2 to 4 dB, and the default value is 2 dB.
Minimum RSSI that is allowed before the client should roam to a better access point. When the RSSI drops below the specified value, the client must be able to roam to a better access point within the specified transition time. This parameter also provides a power-save method to minimize the time that the client spends in active or passive scanning. For example, the client can scan slowly when the RSSI is above the threshold and scan more rapidly when the RSSI is below the threshold.
The valid range is –70 to –77 dBm, and the default value is –72 dBm.
Maximum time allowed for the client to detect a suitable neighboring access point to roam to and to complete the roam, whenever the RSSI from the client’s associated access point is below the scan threshold. The valid range is 1 to 10 seconds, and the default value is 5 seconds.
Note
For high-speed client roaming applications in outdoor mesh environments, we recommend that you set the transition time to 1 second.
Cisco Wireless Controller Command Reference, Release 8.4
159
config 802.11 l2roam rf-params
Command Default
The default minimum RSSI is -85 dBm. The default signal strength of a neighboring access point is 2 dB.
The default scan threshold value is -72 dBm. The default time allowed for the client to detect a suitable neighboring access point to roam to and to complete the roam is 5 seconds.
Usage Guidelines
For high-speed client roaming applications in outdoor mesh environments, we recommend that you set the
trans_time to 1 second.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure custom Layer 2 client roaming parameters on an 802.11a
network:
(Cisco Controller) >
config 802.11 l2roam rf-params custom
–80 2 –70 7
Related Commands show advanced 802.11 l2roam show l2tp
160
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 max-clients config 802.11 max-clients
To configure the maximum number of clients per access point, use the config 802.11 max-clients command.
config 802.11{a | b} max-clients max-clients
Syntax Description a b max-clients
max-clients
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Configures the maximum number of client connections per access point.
Maximum number of client connections per access point. The range is from 1 to 200.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the maximum number of clients at 22:
(Cisco Controller) >
config 802.11 max-clients 22
Related Commands show ap config 802.11a
config 802.11b rate
Cisco Wireless Controller Command Reference, Release 8.4
161
config 802.11 media-stream multicast-direct config 802.11 media-stream multicast-direct
To configure the media stream multicast-direct parameters for the 802.11 networks, use the config 802.11
media-stream multicast-direct command.
config 802.11{a | b} media-stream multicast-direct {admission-besteffort {enable | disable} |
{client-maximum | radio-maximum} {value | no-limit } | enable | disable}
Syntax Description
802.11a
802.11b
admission-besteffort enable disable client-maximum radio-maximum
value
no-limit
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Admits media stream to best-effort queue.
Enables multicast-direct on a 2.4-GHz or a 5-GHz band.
Disables multicast-direct on a 2.4-GHz or a 5-GHz band.
Specifies the maximum number of streams allowed on a client.
Specifies the maximum number of streams allowed on a 2.4-GHz or a 5-GHz band.
Number of streams allowed on a client or on a 2.4-GHz or a 5-GHz band, between
1 to 20.
Specifies the unlimited number of streams allowed on a client or on a 2.4-GHz or a 5-GHz band.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Before you configure the media stream multicast-direct parameters on a 802.11 network, ensure that the network is nonoperational.
Examples
This example shows how to enable a media stream multicast-direct settings on an 802.11a network:
>
config 802.11a media-stream multicast-direct enable
162
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 media-stream multicast-direct
This example shows how to admit the media stream to the best-effort queue:
>
config 802.11a media-stream multicast-direct admission-besteffort enable
This example shows how to set the maximum number of streams allowed on a client:
>
config 802.11a media-stream multicast-direct client-maximum 10
Related Commands config 802.11 media-stream video-redirect show 802.11a media-stream name show media-stream group summary show media-stream group detail
Cisco Wireless Controller Command Reference, Release 8.4
163
config 802.11 media-stream video-redirect config 802.11 media-stream video-redirect
To configure the media stream video-redirect for the 802.11 networks, use the config 802.11 media-stream
video-redirect command.
config 802.11{a | b} media-stream video-redirect {enable | disable}
Syntax Description
802.11a
802.11b
enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables traffic redirection.
Disables traffic redirection.
Command Default
None.
Usage Guidelines
Before you configure the media stream video-redirect on a 802.11 network, ensure that the network is nonoperational.
Examples
This example shows how to enable media stream traffic redirection on an 802.11a network:
>
config 802.11a media-stream video-redirect enable
Related Commands config 802.11 media-stream multicast-redirect show 802.11a media-stream name show media-stream group summary show media-stream group detail
164
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 multicast data-rate config 802.11 multicast data-rate
To configure the minimum multicast data rate, use the config 802.11 multicast data-rate command.
config 802.11{a | b} multicast data-rate data_rate [ap ap_name | default]
Syntax Description
data_rate ap_name
default
Minimum multicast data rates. The options are 6, 9, 12, 18, 24, 36, 48, 54. Enter
0 to specify that APs will dynamically adjust the number of the buffer allocated for multicast.
Specific AP radio in this data rate.
Configures all APs radio in this data rate.
Command Default
The default is 0 where the configuration is disabled and the multicast rate is the lowest mandatory data rate and unicast client data rate.
Usage Guidelines
When you configure the data rate without the AP name or default keyword, you globally reset all the APs to the new value and update the controller global default with this new data rate value. If you configure the data rate with default keyword, you only update the controller global default value and do not reset the value of the APs that are already joined to the controller. The APs that join the controller after the new data rate value is set receives the new data rate value.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure minimum multicast data rate settings:
(Cisco Controller) >
config 802.11 multicast data-rate 12
Cisco Wireless Controller Command Reference, Release 8.4
165
config 802.11 rate config 802.11 rate
To set mandatory and supported operational data rates for an 802.11 network, use the config 802.11 rate command.
config 802.11{a | b} rate {disabled | mandatory | supported} rate
Syntax Description a b disabled mandatory supported
rate
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Disables a specific data rate.
Specifies that a client supports the data rate in order to use the network.
Specifies to allow any associated client that supports the data rate to use the network.
Rate value of 6, 9, 12, 18, 24, 36, 48, or 54 Mbps.
Command Default
None
Usage Guidelines
The data rates set with this command are negotiated between the client and the Cisco wireless LAN controller.
If the data rate is set to mandatory, the client must support it in order to use the network. If a data rate is set as supported by the Cisco wireless LAN controller, any associated client that also supports that rate may communicate with the Cisco lightweight access point using that rate. It is not required that a client is able to use all the rates marked supported in order to associate.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the 802.11b transmission at a mandatory rate at 12 Mbps:
(Cisco Controller) >
config 802.11b rate mandatory 12
Related Commands show ap config 802.11a
config 802.11b rate
166
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 rssi-check config 802.11 rssi-check
To configure the 802.11 RSSI Low Check feature, use the config 802.11 rssi-check command.
config 802.11{a| b}rssi-check{enable| disable}
Syntax Description rssi-check enable disable
Configures the RSSI Low Check feature.
Enables the RSSI Low Check feature.
Disables the RSSI Low Check feature.
Command Default
None
Command History
Release
7.5
Modification
This command was introduced.
Usage Guidelines
Service providers can use the RSSI Low Check feature to prevent clients from connecting to their Wi-Fi network unless the client has a viable connection. In many scenarios, even though clients can hear beacons and connect to Wi-Fi, the signal might not be strong enough to support a stable connection. Use this feature to determine how strong a client must be heard for it to associate with the Wi-Fi network.
If you enable the RSSI Low Check feature, when a client sends an association request to the AP, the controller gets the RSSI value from the association message and compares it with the RSSI threshold that is configured.
If the RSSI value from the association message is less than the RSSI threshold value, the controller rejects the association request. Note that this is only for association frames, and not for other messages.
The default RSSI Low Check value is –80 dBm, which means an association request from a client can be rejected if the AP hears a client with a signal that is weaker than –80 dBm. If you lower the value to –90 dBm, clients are allowed to connect at a further distance, but there is also a higher probability of the connection quality being poor. We recommend that you do not go higher than –80 dBm, for example –70 dBm, because this makes the cell size significantly smaller.
Cisco Wireless Controller Command Reference, Release 8.4
167
config 802.11 rssi-threshold config 802.11 rssi-threshold
To configure the 802.11 RSSI Low Check threshold, use the config 802.11 rssi-threshold command.
config 802.11{a| b} rssi-threshold value-in-dBm
Syntax Description rssi-threshold
value-in-dBm
Configures the RSSI Low Check threshold value.
RSSI threshold value in dBm. The default value is –80 dBm.
Command Default
The default value of the RSSI Low Check threshold is –80 dBm.
Command History
Release
7.5
Modification
This command was introduced.
Usage Guidelines
Service providers can use the RSSI Low Check feature to prevent clients from connecting to their Wi-Fi network unless the client has a viable connection. In many scenarios, even though clients can hear beacons and connect to Wi-Fi, the signal might not be strong enough to support a stable connection. Use this feature to determine how strong a client must be heard for it to associate with the Wi-Fi network.
If you enable the RSSI Low Check feature, when a client sends an association request to the AP, the controller gets the RSSI value from the association message and compares it with the RSSI threshold that is configured.
If the RSSI value from the association message is less than the RSSI threshold value, the controller rejects the association request. Note that this is only for association frames, and not for other messages.
The default RSSI Low Check value is –80 dBm, which means an association request from a client can be rejected if the AP hears a client with a signal that is weaker than –80 dBm. If you lower the value to –90 dBm, clients are allowed to connect at a further distance, but there is also a higher probability of the connection quality being poor. We recommend that you do not go higher than –80 dBm, for example –70 dBm, because this makes the cell size significantly smaller.
Examples
The following example shows how to configure the RSSI threshold value to –70 dBm for an 802.11a network:
(Cisco Controller) >
config 802.11a rssi-threshold
–70
168
Cisco Wireless Controller Command Reference, Release 8.4
config 802.11 tsm config 802.11 tsm
To enable or disable the video Traffic Stream Metric (TSM) option for the 802.11a or 802.11b/g network, use the config 802.11 tsm command.
config 802.11{a | b} tsm {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the video TSM settings.
Disables the video TSM settings.
Command Default
By default, the TSM for the 802.11a or 802.11b/g network is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the video TSM option for the 802.11b/g network:
(Cisco Controller) >
config 802.11b tsm enable
The following example shows how to disable the video TSM option for the 802.11b/g network:
(Cisco Controller) >
config 802.11b tsm disable
Related Commands show ap stats show client tsm
Cisco Wireless Controller Command Reference, Release 8.4
169
config 802.11b preamble config 802.11b preamble
To change the 802.11b preamble as defined in subclause 18.2.2.2 to long (slower, but more reliable) or short
(faster, but less reliable), use the config 802.11b preamble command.
config 802.11b preamble {long | short}
Syntax Description long short
Specifies the long 802.11b preamble.
Specifies the short 802.11b preamble.
Command Default
The default 802.11b preamble value is short.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Note
You must reboot the Cisco Wireless LAN Controller (reset system) with save to implement this command.
This parameter must be set to long to optimize this Cisco wireless LAN controller for some clients, including
SpectraLink NetLink telephones.
This command can be used any time that the CLI interface is active.
Examples
The following example shows how to change the 802.11b preamble to short:
(Cisco Controller) >
config 802.11b preamble short
(Cisco Controller) >(reset system with save)
170
Cisco Wireless Controller Command Reference, Release 8.4
Config Commands: a to i
•
•
config aaa auth mgmt, page 183
•
•
•
•
•
•
•
•
•
config acl url-acl external-server-ip, page 195
•
config acl url-acl list-type, page 196
•
config acl url-domain, page 197
•
•
config advanced hotspot, page 200
•
config advanced timers auth-timeout, page 202
•
config advanced timers eap-timeout, page 203
•
config advanced timers eap-identity-request-delay, page 204
•
config advanced 802.11 7920VSIEConfig, page 205
•
config advanced 802.11 edca-parameters, page 206
•
config advanced timers, page 209
•
config advanced fastpath fastcache, page 212
•
config advanced fastpath pkt-capture, page 213
•
config advanced sip-preferred-call-no, page 214
Cisco Wireless Controller Command Reference, Release 8.4
171
•
config advanced sip-snooping-ports, page 215
•
config advanced 802.11 packet, page 216
•
config advanced 802.11 profile clients, page 218
•
config advanced 802.11 profile customize, page 219
•
config advanced 802.11 profile foreign, page 220
•
config advanced 802.11 profile noise, page 221
•
config advanced 802.11 profile throughput, page 222
•
config advanced 802.11 profile utilization, page 223
•
config advanced backup-controller primary, page 224
•
config advanced backup-controller secondary, page 225
•
config advanced client-handoff, page 226
•
config advanced dot11-padding, page 227
•
config advanced assoc-limit, page 228
•
config advanced max-1x-sessions, page 229
•
config advanced rate, page 230
•
config advanced probe filter, page 231
•
config advanced probe limit, page 232
•
config advanced timers, page 233
•
config advanced 802.11 7920VSIEConfig, page 236
•
config advanced 802.11 channel add, page 237
•
config advanced 802.11 channel cleanair-event, page 238
•
config advanced 802.11 channel dca anchor-time, page 239
•
config advanced 802.11 channel dca chan-width-11n, page 240
•
config advanced 802.11 channel dca interval, page 241
•
config advanced 802.11 channel dca min-metric, page 242
•
config advanced 802.11 channel dca sensitivity, page 243
•
config advanced 802.11 channel foreign, page 245
•
config advanced 802.11 channel load, page 246
•
config advanced 802.11 channel noise, page 247
•
config advanced 802.11 channel outdoor-ap-dca, page 248
•
config advanced 802.11 channel pda-prop, page 249
•
config advanced 802.11 channel update, page 250
•
config advanced 802.11 coverage, page 251
172
Cisco Wireless Controller Command Reference, Release 8.4
•
config advanced 802.11 coverage exception global, page 253
•
config advanced 802.11 coverage fail-rate, page 255
•
config advanced 802.11 coverage level global, page 257
•
config advanced 802.11 coverage packet-count, page 259
•
config advanced 802.11 coverage rssi-threshold, page 261
•
config advanced 802.11 edca-parameters, page 263
•
config advanced 802.11 factory, page 266
•
config advanced 802.11 group-member, page 267
•
config advanced 802.11 group-mode, page 268
•
config advanced 802.11 logging channel, page 269
•
config advanced 802.11 logging coverage, page 270
•
config advanced 802.11 logging foreign, page 271
•
config advanced 802.11 logging load, page 272
•
config advanced 802.11 logging noise, page 273
•
config advanced 802.11 logging performance, page 274
•
config advanced 802.11 logging txpower, page 275
•
config advanced 802.11 monitor channel-list, page 276
•
config advanced 802.11 monitor coverage, page 277
•
config advanced 802.11 monitor load, page 278
•
config advanced 802.11 monitor mode, page 279
•
config advanced 802.11 monitor ndp-type, page 280
•
config advanced 802.11 monitor noise, page 281
•
config advanced 802.11 monitor signal, page 282
•
config advanced 802.11 monitor timeout-factor, page 283
•
config advanced 802.11 optimized roaming, page 284
•
config advanced 802.11 profile foreign, page 286
•
config advanced 802.11 profile noise, page 287
•
config advanced 802.11 profile throughput, page 288
•
config advanced 802.11 profile utilization, page 289
•
config advanced 802.11 receiver, page 290
•
config advanced 802.11 tpc-version, page 291
•
config advanced 802.11 tpcv1-thresh, page 292
•
config advanced 802.11 tpcv2-intense, page 293
Cisco Wireless Controller Command Reference, Release 8.4
173
•
config advanced 802.11 tpcv2-per-chan, page 294
•
config advanced 802.11 tpcv2-thresh, page 295
•
config advanced 802.11 txpower-update, page 296
•
config ap 802.1Xuser, page 297
•
config ap 802.1Xuser delete, page 298
•
config ap 802.1Xuser disable, page 299
•
config advanced dot11-padding, page 300
•
•
config ap atf 802.11, page 302
•
config ap atf 802.11 client-access airtime-allocation, page 303
•
config ap atf 802.11 policy, page 304
•
config ap autoconvert, page 305
•
•
config ap bridgegroupname, page 307
•
•
•
•
config ap crash-file clear-all, page 312
•
config ap crash-file delete, page 313
•
config ap crash-file get-crash-file, page 314
•
config ap crash-file get-radio-core-dump, page 315
•
config ap dhcp release-override, page 316
•
config ap dtls-cipher-suite, page 317
•
config ap dtls-version, page 318
•
config ap ethernet duplex, page 319
•
config ap ethernet tag, page 321
•
config ap autoconvert, page 322
•
config ap flexconnect central-dhcp, page 323
•
config ap flexconnect local-split, page 325
•
config ap flexconnect module-vlan, page 326
•
config ap flexconnect policy, page 327
•
config ap flexconnect radius auth set, page 328
•
config ap flexconnect vlan, page 329
174
Cisco Wireless Controller Command Reference, Release 8.4
•
config ap flexconnect vlan add, page 330
•
config ap flexconnect vlan native, page 331
•
config ap flexconnect vlan wlan, page 332
•
config ap flexconnect web-auth, page 333
•
config ap flexconnect web-policy acl, page 334
•
config ap flexconnect wlan, page 335
•
config ap group-name, page 336
•
•
config ap image predownload, page 344
•
config ap image swap, page 345
•
•
config ap link-encryption, page 348
•
config ap link-latency, page 349
•
•
config ap logging syslog level, page 351
•
config ap logging syslog facility, page 353
•
•
config ap mgmtuser add, page 356
•
config ap mgmtuser delete, page 358
•
•
•
config ap monitor-mode, page 362
•
•
config ap packet-dump, page 364
•
•
config ap power injector, page 368
•
config ap power pre-standard, page 369
•
config ap preferred-mode, page 370
•
config ap primary-base, page 371
•
•
config ap reporting-period, page 374
•
•
config ap retransmit interval, page 376
Cisco Wireless Controller Command Reference, Release 8.4
175
•
config ap retransmit count, page 377
•
•
config ap rst-button, page 379
•
config ap secondary-base, page 380
•
•
•
•
config ap stats-timer, page 387
•
config ap syslog host global, page 388
•
config ap syslog host specific, page 389
•
config ap tcp-mss-adjust, page 390
•
•
config ap tertiary-base, page 393
•
config ap tftp-downgrade, page 395
•
•
•
•
•
•
config auth-list add, page 404
•
config auth-list ap-policy, page 405
•
config auth-list delete, page 406
•
config avc profile create, page 407
•
config avc profile delete, page 408
•
config avc profile rule, page 409
•
config band-select cycle-count, page 411
•
config band-select cycle-threshold, page 412
•
config band-select expire, page 413
•
config band-select client-rssi, page 414
•
•
config call-home contact email address, page 416
•
config call-home events, page 417
•
config call-home http-proxy ipaddr, page 418
176
Cisco Wireless Controller Command Reference, Release 8.4
•
config call-home http-proxy ipaddr 0.0.0.0, page 419
•
config call-home profile, page 420
•
config call-home profile delete, page 421
•
config call-home profile status, page 422
•
config call-home reporting, page 423
•
config call-home tac-profile, page 424
•
•
•
config certificate lsc, page 427
•
config certificate ssc, page 429
•
config certificate use-device-certificate webadmin, page 431
•
config client ccx clear-reports, page 432
•
config client ccx clear-results, page 433
•
config client ccx default-gw-ping, page 434
•
config client ccx dhcp-test, page 435
•
config client ccx dns-ping, page 436
•
config client ccx dns-resolve, page 437
•
config client ccx get-client-capability, page 438
•
config client ccx get-manufacturer-info, page 439
•
config client ccx get-operating-parameters, page 440
•
config client ccx get-profiles, page 441
•
config client ccx log-request, page 442
•
config client ccx send-message, page 444
•
config client ccx stats-request, page 447
•
config client ccx test-abort, page 448
•
config client ccx test-association, page 449
•
config client ccx test-dot1x, page 450
•
config client ccx test-profile, page 451
•
config client deauthenticate, page 452
•
config client location-calibration, page 453
•
config client profiling delete, page 454
•
config cloud-services cmx, page 455
•
config cloud-services server url, page 456
Cisco Wireless Controller Command Reference, Release 8.4
177
•
config cloud-services server id-token, page 457
•
•
•
config coredump username, page 460
•
•
•
•
config cts inline-tag, page 464
•
config cts ap override, page 465
•
config cts device-id, page 466
•
•
config cts sxp ap connection delete, page 468
•
config cts sxp ap connection peer, page 469
•
config cts sxp ap default password, page 470
•
config cts sxp ap listener, page 471
•
config cts sxp ap reconciliation period, page 472
•
config cts sxp ap retry period, page 473
•
config cts sxp ap speaker, page 474
•
•
config cts sxp connection, page 476
•
config cts sxp default password, page 477
•
config cts sxp retry period, page 478
•
config cts sxp version, page 479
•
•
config custom-web ext-webauth-mode, page 482
•
config custom-web ext-webauth-url, page 483
•
config custom-web ext-webserver, page 484
•
config custom-web logout-popup, page 485
•
config custom-web qrscan-bypass-opt , page 486
•
config custom-web radiusauth , page 487
•
config custom-web redirectUrl, page 488
•
config custom-web sleep-client, page 489
•
config custom-web webauth-type, page 490
178
Cisco Wireless Controller Command Reference, Release 8.4
•
config custom-web weblogo, page 491
•
config custom-web webmessage, page 492
•
config custom-web webtitle, page 493
•
config database size, page 494
•
•
config dhcp opt-82 format, page 498
•
config dhcp opt-82 remote-id, page 499
•
•
•
config exclusionlist, page 503
•
config flexconnect acl, page 504
•
config flexconnect acl rule, page 505
•
config flexconnect arp-caching, page 507
•
config flexconnect avc profile, page 508
•
config flexconnect fallback-radio-shut, page 509
•
config flexconnect group, page 510
•
config flexconnect group vlan, page 516
•
config flexconnect group group-name dhcp overridden-interface, page 517
•
config flexconnect group web-auth, page 518
•
config flexconnect group web-policy, page 519
•
config flexconnect join min-latency, page 520
•
config flexconnect office-extend, page 521
•
•
•
config guest-lan custom-web ext-webauth-url, page 526
•
config guest-lan custom-web global disable, page 527
•
config guest-lan custom-web login_page, page 528
•
config guest-lan custom-web webauth-type, page 529
•
config guest-lan ingress-interface, page 530
•
config guest-lan interface, page 531
•
config guest-lan mobility anchor, page 532
•
config guest-lan nac, page 533
•
config guest-lan security, page 534
Cisco Wireless Controller Command Reference, Release 8.4
179
•
config interface 3g-vlan, page 535
•
config interface acl, page 536
•
config interface address, page 537
•
config interface address redundancy-management, page 539
•
config interface ap-manager, page 540
•
config interface create, page 541
•
config interface delete, page 542
•
config interface dhcp management, page 543
•
config interface dhcp, page 545
•
config interface dhcp dynamic-interface, page 546
•
config interface dhcp management option-6-opendns , page 547
•
config interface address, page 548
•
config interface guest-lan, page 550
•
config interface hostname, page 551
•
config interface nasid, page 552
•
config interface nat-address, page 553
•
config interface port, page 554
•
config interface quarantine vlan, page 555
•
config interface url-acl, page 556
•
config interface vlan, page 557
•
config interface group mdns-profile, page 558
•
config interface mdns-profile, page 560
•
•
config icons file-info, page 563
•
•
•
•
•
config ipv6 interface, page 571
•
config ipv6 multicast, page 573
•
config ipv6 neighbor-binding, page 574
•
config ipv6 ns-mcast-fwd, page 576
•
config ipv6 ra-guard, page 577
180
Cisco Wireless Controller Command Reference, Release 8.4
•
Cisco Wireless Controller Command Reference, Release 8.4
181
config aaa auth config aaa auth
To configure the AAA authentication search order for management users, use the config aaa auth command.
config aaa auth mgmt [aaa_server_type1 | aaa_server_type2]
Syntax Description mgmt
aaa_server_type
Configures the AAA authentication search order for controller management users by specifying up to three
AAA authentication server types. The order that the server types are entered specifies the AAA authentication search order.
(Optional) AAA authentication server type (local,
radius, or tacacs). The local setting specifies the local database, the radius setting specifies the RADIUS server, and the tacacs setting specifies the TACACS+ server.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
You can enter two AAA server types as long as one of the server types is local. You cannot enter radius and
tacacs together.
Examples
The following example shows how to configure the AAA authentication search order for controller management users by the authentication server type local:
(Cisco Controller) >
config aaa auth radius local
Related Commands show aaa auth
182
Cisco Wireless Controller Command Reference, Release 8.4
config aaa auth mgmt config aaa auth mgmt
To configure the order of authentication when multiple databases are configured, use the config aaa auth
mgmt command.
config aaa auth mgmt [radius | tacacs]
Syntax Description radius tacacs
(Optional) Configures the order of authentication for
RADIUS servers.
(Optional) Configures the order of authentication for
TACACS servers.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the order of authentication for the RADIUS server:
(Cisco Controller) >
config aaa auth mgmt radius
The following example shows how to configure the order of authentication for the TACACS server:
(Cisco Controller) >
config aaa auth mgmt tacacs
Related Commands show aaa auth order
Cisco Wireless Controller Command Reference, Release 8.4
183
config acl apply config acl apply
To apply an access control list (ACL) to the data path, use the config acl apply command.
config acl apply rule_name
Syntax Description
rule_name
ACL name that contains up to 32 alphanumeric characters.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
For a Cisco 2100 Series Wireless LAN Controller, you must configure a preauthentication ACL on the wireless
LAN for the external web server. This ACL should then be set as a wireless LAN preauthentication ACL under Web Policy. However, you do not need to configure any preauthentication ACL for Cisco 4400 Series
Wireless LAN Controllers.
Examples
The following example shows how to apply an ACL to the data path:
(Cisco Controller) >
config acl apply acl01
Related Commands show acl
184
Cisco Wireless Controller Command Reference, Release 8.4
config acl counter config acl counter
To see if packets are hitting any of the access control lists (ACLs) configured on your controller, use the
config acl counter command.
config acl counter {start | stop}
Syntax Description start stop
Enables ACL counters on your controller.
Disables ACL counters on your controller.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
ACL counters are available only on the following controllers: 4400 series, Cisco WiSM, and Catalyst 3750G
Integrated Wireless LAN Controller Switch.
Examples
The following example shows how to enable ACL counters on your controller:
(Cisco Controller) >
config acl counter start
Related Commands clear acl counters show acl detailed
Cisco Wireless Controller Command Reference, Release 8.4
185
config acl create config acl create
To create a new access control list (ACL), use the config acl create command.
config acl create rule_name
Syntax Description
rule_name
ACL name that contains up to 32 alphanumeric characters.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
For a Cisco 2100 Series Wireless LAN Controller, you must configure a preauthentication ACL on the wireless
LAN for the external web server. This ACL should then be set as a wireless LAN preauthentication ACL under Web Policy. However, you do not need to configure any preauthentication ACL for Cisco 4400 Series
Wireless LAN Controllers.
Examples
The following example shows how to create a new ACL:
(Cisco Controller) >
config acl create acl01
Related Commands show acl
186
Cisco Wireless Controller Command Reference, Release 8.4
config acl cpu config acl cpu
To create a new access control list (ACL) rule that restricts the traffic reaching the CPU, use the config acl
cpu command.
config acl cpu rule_name {wired | wireless | both}
Syntax Description
rule_name
wired wireless both
Specifies the ACL name.
Specifies an ACL on wired traffic.
Specifies an ACL on wireless traffic.
Specifies an ACL on both wired and wireless traffic.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
This command allows you to control the type of packets reaching the CPU.
Examples
The following example shows how to create an ACL named acl101 on the CPU and apply it to wired traffic:
(Cisco Controller) >
config acl cpu acl01 wired
Related Commands show acl cpu
Cisco Wireless Controller Command Reference, Release 8.4
187
config acl delete config acl delete
To delete an access control list (ACL), use the config acl delete command.
config acl delete rule_name
Syntax Description
rule_name
ACL name that contains up to 32 alphanumeric characters.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
For a Cisco 2100 Series Wireless LAN Controller, you must configure a preauthentication ACL on the wireless
LAN for the external web server. This ACL should then be set as a wireless LAN preauthentication ACL under Web Policy. However, you do not need to configure any preauthentication ACL for Cisco 4400 Series
Wireless LAN Controllers.
Examples
The following example shows how to delete an ACL named acl101 on the CPU:
(Cisco Controller) >
config acl delete acl01
Related Commands show acl
188
Cisco Wireless Controller Command Reference, Release 8.4
config acl layer2 config acl layer2
To configure a Layer 2 access control list (ACL), use the config acl layer2 command.
config acl layer2 {apply acl_name | create acl_name | delete acl_name | rule {action acl_name index
{permit | deny} | add acl_name index | change index acl_name old_index new_index | delete acl_name
index | etherType acl_name index etherType etherTypeMask | swap index acl_name index1 index2}}
Syntax Description apply
acl_name
create delete rule action
index
permit deny add change index
old_index new_index
delete etherType
etherType etherTypeMask
swap index
Applies a Layer 2 ACL to the data path.
Layer 2 ACL name. The name can be up to 32 alphanumeric characters.
Creates a Layer 2 ACL.
Deletes a Layer 2 ACL.
Configures a Layer 2 ACL rule.
Configures the action for the Layer 2 ACL rule.
Index of the Layer 2 ACL rule.
Permits rule action.
Denies rule action.
Creates a Layer 2 ACL rule.
Changes the index of the Layer 2 ACL rule.
Old index of the Layer 2 ACL rule.
New index of the Layer 2 ACL rule.
Deletes a Layer 2 ACL rule.
Configures the EtherType of a Layer 2 ACL rule.
EtherType of a Layer 2 ACL rule. EtherType is used to indicate the protocol that is encapsulated in the payload of an Ethernet frame. The range is a hexadecimal value from 0x0 to 0xffff.
Netmask of the EtherType. The range is a hexadecimal value from 0x0 to 0xffff.
Swaps the index values of two rules.
Cisco Wireless Controller Command Reference, Release 8.4
189
config acl layer2
index1 index2
Index values of two Layer 2 ACL rules.
Command Default
The Cisco WLC does not have any Layer2 ACLs.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Command History
Release
7.5
Modification
This command was introduced.
Usage Guidelines
You can create a maximum of 16 rules for a Layer 2 ACL.
You can create a maximum of 64 Layer 2 ACLs on a Cisco WLC.
A maximum of 16 Layer 2 ACLs are supported per access point because an access point supports a maximum of 16 WLANs.
Ensure that the Layer 2 ACL names do not conflict with the FlexConnect ACL names because an access point does not support the same Layer 2 and Layer 3 ACL names.
Examples
The following example shows how to apply a Layer 2 ACL:
(Cisco Controller) >
config acl layer2 apply acl_l2_1
190
Cisco Wireless Controller Command Reference, Release 8.4
config acl rule config acl rule
To configure ACL rules, use the config acl rule command.
config acl rule {action rule_name rule_index {permit | deny} | add rule_name rule_index | change index
rule_name old_index new_index | delete rule_name rule_index | destination address rule_name rule_index
ip_address netmask | destination port range rule_name rule_index start_port end_port | direction rule_name
rule_index {in | out | any} | dscp rule_name rule_index dscp | protocol rule_name rule_index protocol |
source address rule_name rule_index ip_address netmask | source port range rule_name rule_index
start_port end_port | swap index rule_name index_1 index_2}
Syntax Description action
rule_name rule_index
permit deny add change index delete destination address destination port range
ip_address netmask start_port end_port
direction in out
Configures whether to permit or deny access.
ACL name that contains up to 32 alphanumeric characters.
Rule index between 1 and 32.
Permits the rule action.
Denies the rule action.
Adds a new rule.
Changes a rule’s index.
Specifies a rule index.
Deletes a rule.
Configures a rule’s destination IP address and netmask.
Configure a rule's destination port range.
IP address of the rule.
Netmask of the rule.
Start port number (between 0 and 65535).
End port number (between 0 and 65535).
Configures a rule’s direction to in, out, or any.
Configures a rule’s direction to in.
Configures a rule’s direction to out.
Cisco Wireless Controller Command Reference, Release 8.4
191
config acl rule any dscp
dscp
protocol
protocol
source address source port range swap
Configures a rule’s direction to any.
Configures a rule’s DSCP.
Number between 0 and 63, or any.
Configures a rule’s DSCP.
Number between 0 and 255, or any.
Configures a rule’s source IP address and netmask.
Configures a rule’s source port range.
Swaps two rules’ indices.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
For a Cisco 2100 Series Wireless LAN Controller, you must configure a preauthentication ACL on the wireless
LAN for the external web server. This ACL should then be set as a wireless LAN pre-authentication ACL under Web Policy. However, you do not need to configure any preauthentication ACL for Cisco 4400 Series
Wireless LAN Controllers.
Examples
The following example shows how to configure an ACL to permit access:
(Cisco Controller) >
config acl rule action lab1 4 permit
Related Commands show acl
192
Cisco Wireless Controller Command Reference, Release 8.4
config acl url-acl config acl url-acl
To configure URL Access Control Lists, use the config acl url-acl command.
config acl url-acl[apply|create |delete|disable|enable|rule]
config acl url-aclapply acl-name
config acl url-acl create acl-name
config acl url-acl delete acl-name
config acl url-acldisable config acl url-aclenable
config acl url-aclrule [action|add|delete|url]
config acl url-aclrule action acl-name index {permit | deny}
config acl url-aclrule add acl-name index
config acl url-aclrule delete acl-name index
config acl url-aclrule url acl-name index url-name
Syntax Description
apply acl-name
create delete disable enable
rule (action) (acl-name) (index)
{permit|deny}
add acl-name index
delete acl-name index
url acl-name index url-name
Enter URL ACL name up to 32 alphanumeric characters.
Create a new URL ACL.
Delete URL ACL.
Disable URL ACL feature.
Enable URL ACL feature.
Configures a rule's action in the URL ACL to either permit or deny access. URL ACL name can contains up to 32 alphanumeric characters and URL ACL rule index can be between 1 and 100.
Permit or deny the url rule.
Adds a new rule and rule index.
Deletes a rule and rule index.
Configures a rule’s url address. Enter a url address and set an index between 1and 100.
Command Default
None
Cisco Wireless Controller Command Reference, Release 8.4
193
config acl url-acl
Command History
Examples
Release
8.3
Modification
This command was introduced.
This example shows how to create a new URL ACL:
(Cisco Controller) >
config acl url-acl create test
194
Cisco Wireless Controller Command Reference, Release 8.4
config acl url-acl external-server-ip config acl url-acl external-server-ip
To redirect the user to a page which will be served when the requested URL is blocked. To configure the external server IP address, use the config acl url-acl external-server-ip command.
config acl url-acl external-server-ip ip-address
Syntax Description external-server-ip
ip-address
Specifies the ACL name.
Enter IP address of the external server.
Command Default
None
Command History
Examples
Release
8.4
Modification
This command was introduced.
The following example shows how to configure the external server IP address to redirect and show a page when the URL is blocked:
(Cisco Controller) >
config acl url-acl external-server-ip 192.0.2.1
Cisco Wireless Controller Command Reference, Release 8.4
195
config acl url-acl list-type config acl url-acl list-type
To permit or deny traffic for rules in an given acl, use the config acl url-acl list-type command.
config acl url-acl list-type acl_name{blacklist| || whitelist}
Syntax Description list-type blacklist whitelist
Configure list-type for an URL ACL
All the rules will have action as deny.
All the rules will have action as permit.
Command Default
None
Command History
Examples
Release
8.4
Modification
This command was introduced.
The following example shows how to permit traffic for an ACL:
(Cisco Controller) >
config acl url-acl list-type testacl whitelist
196
Cisco Wireless Controller Command Reference, Release 8.4
config acl url-domain config acl url-domain
To add or delete an URL domain for the access control list, use the config acl url-domain command.
config acl url-domain{add| delete} domain_name acl_name
Syntax Description
domain_name acl_name
URL domain name for the access control list
Name of the access control list.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced.
The following example shows how to add a new URL domain for the access control list:
(Cisco Controller) >
config acl url-domain add cisco.com android
The following example shows how to delete an existing URL domain from the access control list:
(Cisco Controller) >
config acl url-domain delete play.google.com android
Cisco Wireless Controller Command Reference, Release 8.4
197
config advanced eap config advanced eap
To configure advanced extensible authentication protocol (EAP) settings, use the config advanced eap command.
config advanced eap {bcast-key-interval seconds | eapol-key-timeout timeout | eapol-key-retries retries
| identity-request-timeout timeout | identity-request-retries retries | key-index index |
max-login-ignore-identity-response {enable | disable} request-timeout timeout | request-retries retries}
Syntax Description
bcast-key-interval seconds
eapol-key-timeout timeout
eapol-key-retries retries
identity-request- timeout timeout
identity-request- retries
key-index index
Specifies the EAP-broadcast key renew interval time in seconds.
The range is from 120 to 86400 seconds.
Specifies the amount of time (200 to 5000 milliseconds) that the controller waits before retransmitting an EAPOL (WPA) key message to a wireless client using EAP or WPA/WPA-2 PSK.
The default value is 1000 milliseconds.
Specifies the maximum number of times (0 to 4 retries) that the controller retransmits an EAPOL
(WPA) key message to a wireless client.
The default value is 2.
Specifies the amount of time (1 to 120 seconds) that the controller waits before retransmitting an EAP
Identity Request message to a wireless client.
The default value is 30 seconds.
Specifies the maximum number of times (0 to 4 retries) that the controller retransmits an EAPOL
(WPA) key message to a wireless client.
The default value is 2.
Specifies the key index (0 or 3) used for dynamic wired equivalent privacy (WEP).
198
Cisco Wireless Controller Command Reference, Release 8.4
config advanced eap max-login-ignore- identity-response enable disable request-timeout request-retries
When enabled, this command ignores the limit set for the number of devices that can be connected to the controller with the same username using
802.1xauthentication. When disabled, this command limits the number of devices that can be connected to the controller with the same username. This option is not applicable for Web auth user.
Use the command config netuser maxUserLogin to set the limit of maximum number of devices per same username
Ignores the same username reaching the maximum
EAP identity response.
Checks the same username reaching the maximum
EAP identity response.
For EAP messages other than Identity Requests or
EAPOL (WPA) key messages, specifies the amount of time (1 to 120 seconds) that the controller waits before retransmitting the message to a wireless client.
The default value is 30 seconds.
(Optional) For EAP messages other than Identity
Requests or EAPOL (WPA) key messages, specifies the maximum number of times (0 to 20 retries) that the controller retransmits the message to a wireless client.
The default value is 2.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the key index used for dynamic wired equivalent privacy
(WEP):
(Cisco Controller) >
config advanced eap key-index 0
Related Commands show advanced eap
Cisco Wireless Controller Command Reference, Release 8.4
199
config advanced hotspot config advanced hotspot
To configure advanced hotspot configurations, use the config advanced hotspot command.
config advanced hotspot {anqp-4way {disable | enable | threshold value } | cmbk-delay value | garp
{disable | enable } | gas-limit {disable | enable }}
Syntax Description anqp-4way disable enable threshold
value
cmbk-delay
value
garp disable enable gas-limit disable enable
Enables, disables, or, configures the Access Network Query Protocol (ANQP) four way fragment threshold.
Disables the ANQP four way message.
Enables the ANQP four way message.
Configures the ANQP fourway fragment threshold.
ANQP four way fragment threshold value in bytes. The range is from 10 to
1500. The default value is 1500.
Configures the ANQP comeback delay in Time Units (TUs).
ANQP comeback delay in Time Units (TUs). 1 TU is defined by 802.11 as 1024 usec. The range is from 1 milliseconds to 30 seconds.
Disables or enables the Gratuitous ARP (GARP) forwarding to wireless network.
Disables the Gratuitous ARP (GARP) forwarding to wireless network.
Enables the Gratuitous ARP (GARP) forwarding to wireless network.
Limits the number of Generic Advertisement Service (GAS) request action frames sent to the switch by an access point in a given interval.
Disables the GAS request action frame limit on access points.
Enables the GAS request action frame limit on access points.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
200
Cisco Wireless Controller Command Reference, Release 8.4
config advanced hotspot
Examples
The following example shows how to configure the ANQP four way fragment threshold value:
(Cisco Controller) >
config advanced hotspot anqp-4way threshold 200
Cisco Wireless Controller Command Reference, Release 8.4
201
config advanced timers auth-timeout config advanced timers auth-timeout
To configure the authentication timeout, use the config advanced timers auth-timeout command.
config advanced timers auth-timeout seconds
Syntax Description
seconds
Authentication response timeout value in seconds between 10 and 600.
Command Default
The default authentication timeout value is 10 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the authentication timeout to 20 seconds:
(Cisco Controller) >
config advanced timers auth-timeout 20
202
Cisco Wireless Controller Command Reference, Release 8.4
config advanced timers eap-timeout config advanced timers eap-timeout
To configure the Extensible Authentication Protocol (EAP) expiration timeout, use the config advanced
timers eap-timeout command.
config advanced timers eap-timeout seconds
Syntax Description
seconds
EAP timeout value in seconds between 8 and 120.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure the EAP expiration timeout to 10 seconds:
(Cisco Controller) >
config advanced timers eap-timeout 10
Cisco Wireless Controller Command Reference, Release 8.4
203
config advanced timers eap-identity-request-delay config advanced timers eap-identity-request-delay
To configure the advanced Extensible Authentication Protocol (EAP) identity request delay in seconds, use the config advanced timers eap-identity-request-delay command.
config advanced timers eap-identity-request-delay seconds
Syntax Description
seconds
Advanced EAP identity request delay in number of seconds between 0 and 10.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure the advanced EAP identity request delay to 8 seconds:
(Cisco Controller) >
config advanced timers eap-identity-request-delay 8
204
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 7920VSIEConfig config advanced 802.11 7920VSIEConfig
To configure the Cisco unified wireless IP phone 7920 VISE parameters, use the config advanced 802.11
7920VSIEConfig command.
config advanced 802.11{a | b} 7920VSIEConfig {call-admission-limit limit | G711-CU-Quantum quantum}
Syntax Description a b call-admission-limit
G711-CU-Quantum
limit quantum
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Configures the call admission limit for the 7920s.
Configures the value supplied by the infrastructure indicating the current number of channel utilization units that would be used by a single G.711-20ms call.
Call admission limit (from 0 to 255). The default value is 105.
G711 quantum value. The default value is 15.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
This example shows how to configure the call admission limit for 7920 VISE parameters:
(Cisco Controller) >
config advanced 802.11 7920VSIEConfig call-admission-limit 4
Cisco Wireless Controller Command Reference, Release 8.4
205
config advanced 802.11 edca-parameters config advanced 802.11 edca-parameters
To enable a specific Enhanced Distributed Channel Access (EDCA) profile on a 802.11a network, use the
config advanced 802.11 edca-parameters command.
config advanced 802.11{a | b} edca-parameters {wmm-default | svp-voice | optimized-voice |
optimized-video-voice | custom-voice | fastlane | custom-set { QoS Profile Name } { aifs AP-value (0-16 )
Client value (0-16) | ecwmax AP-Value (0-10) Client value (0-10) | ecwmin AP-Value (0-10) Client value
(0-10) | txop AP-Value (0-255) Client value (0-255) } }
Syntax Description a b wmm-default svp-voice optimized-voice optimized-video-voice custom-voice fastlane
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the Wi-Fi Multimedia (WMM) default parameters. Choose this option if voice or video services are not deployed on your network.
Enables Spectralink voice-priority parameters. Choose this option if Spectralink phones are deployed on your network to improve the quality of calls.
Enables EDCA voice-optimized profile parameters.
Choose this option if voice services other than
Spectralink are deployed on your network.
Enables EDCA voice-optimized and video-optimized profile parameters. Choose this option when both voice and video services are deployed on your network.
Note
If you deploy video services, admission control must be disabled.
Enables custom voice EDCA parameters for 802.11a.
The EDCA parameters under this option also match the
6.0 WMM EDCA parameters when this profile is applied.
Enables fastlane on compatible devices.
206
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 edca-parameters custom-set
Enables customization of EDCA parameters
• aifs—Configures the Arbitration Inter-Frame
Space.
AP Value (0-16) Client value (0-16)
• ecwmax—Configures the maximum
Contention Window.
AP Value(0-10) Client Value (0-10)
• ecwmin—Configures the minimum Contention
Window.
AP Value(0-10) Client Value(0-10)
• txop—Configures the Arbitration
Transmission Opportunity Limit.
AP Value(0-255) Client Value(0-255)
QoS Profile Name - Enter the QoS profile name:
• bronze
• silver
• gold
• platinum
Command Default
The default EDCA parameter is wmm-default.
Command History
Release
7.6
8.2.110.0
8.3
Modification
This command was introduced in a release earlier than Release 7.6.
In this release, custom-set keyword was added to edca-parameters command.
This command was modified and the fastlane keyword was added.
Examples
The following example shows how to enable Spectralink voice-priority parameters:
(Cisco Controller) >
config advanced 802.11 edca-parameters svp-voice
Related Commands config advanced 802.11b edca-parameters
Enables a specific Enhanced Distributed Channel
Access (EDCA) profile on the 802.11a network.
Cisco Wireless Controller Command Reference, Release 8.4
207
config advanced 802.11 edca-parameters show 802.11a
Displays basic 802.11a network settings.
208
Cisco Wireless Controller Command Reference, Release 8.4
config advanced timers config advanced timers
To configure an advanced system timer, use the config advanced timers command.
config advanced timers {ap-discovery-timeout discovery-timeout | ap-fast-heartbeat {local | flexconnect
| all} {enable | disable} fast_heartbeat_seconds | ap-heartbeat-timeout heartbeat_seconds |
ap-primary-discovery-timeout primary_discovery_timeout | ap-primed-join-timeout primed_join_timeout
| auth-timeout auth_timeout | pkt-fwd-watchdog {enable | disable} {watchdog_timer | default} |
eap-identity-request-delay eap_identity_request_delay | eap-timeout eap_timeout}
Syntax Description ap-discovery-timeout
discovery-timeout
ap-fast-heartbeat local flexconnect all enable
Configures the Cisco lightweight access point discovery timeout value.
Cisco lightweight access point discovery timeout value, in seconds. The range is from 1 to 10.
Configures the fast heartbeat timer, which reduces the amount of time it takes to detect a controller failure in access points.
Configures the fast heartbeat interval for access points in local mode.
Configures the fast heartbeat interval for access points in FlexConnect mode.
Configures the fast heartbeat interval for all the access points.
Enables the fast heartbeat interval.
disable
fast_heartbeat_seconds
ap-heartbeat-timeout
heartbeat_seconds
ap-primary-discovery-timeout
Configures the access point primary discovery request timer.
primary_discovery_timeout
Cisco the Cisco lightweight access point heartbeat timeout value, in seconds. The range is from 1 to 30. This value should be at least three times larger than the fast heartbeat timer.
ap-primed-join-timeout
Access point primary discovery request time, in seconds. The range is from 30 to 3600.
Configures the access point primed discovery timeout value.
primed_join_timeout
auth-timeout
Disables the fast heartbeat interval.
Small heartbeat interval, which reduces the amount of time it takes to detect a controller failure, in seconds. The range is from 1 to 10.
Configures Cisco lightweight access point heartbeat timeout value.
Access point primed discovery timeout value, in seconds. The range is from 120 to 43200.
Configures the authentication timeout.
Cisco Wireless Controller Command Reference, Release 8.4
209
config advanced timers
auth_timeout
pkt-fwd-watchdog
watchdog_timer
default eap-identity-request-delay
eap_identity_request_delay
eap-timeout
eap_timeout
Authentication response timeout value, in seconds. The range is from 10 to 600.
Configures the packet forwarding watchdog timer to protect from fastpath deadlock.
Packet forwarding watchdog timer, in seconds. The range is from 60 to
300.
Configures the watchdog timer to the default value of 240 seconds.
Configures the advanced Extensible Authentication Protocol (EAP) identity request delay, in seconds.
Advanced EAP identity request delay, in seconds. The range is from 0 to 10.
Configures the EAP expiration timeout.
EAP timeout value, in seconds. The range is from 8 to 120.
Command Default
• The default access point discovery timeout is 10 seconds.
• The default access point heartbeat timeout is 30 seconds.
• The default access point primary discovery request timer is 120 seconds.
• The default authentication timeout is 10 seconds.
• The default packet forwarding watchdog timer is 240 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The Cisco lightweight access point discovery timeout indicates how often a Cisco WLC attempts to discover unconnected Cisco lightweight access points.
The Cisco lightweight access point heartbeat timeout controls how often the Cisco lightweight access point sends a heartbeat keepalive signal to the Cisco Wireless LAN Controller.
Examples
The following example shows how to configure an access point discovery timeout with a timeout value of
20:
(Cisco Controller) >
config advanced timers ap-discovery-timeout 20
210
Cisco Wireless Controller Command Reference, Release 8.4
config advanced timers
The following example shows how to enable the fast heartbeat interval for an access point in FlexConnect mode:
(Cisco Controller) >
config advanced timers ap-fast-heartbeat flexconnect enable 8
The following example shows how to configure the authentication timeout to 20 seconds:
(Cisco Controller) >
config advanced timers auth-timeout 20
Cisco Wireless Controller Command Reference, Release 8.4
211
config advanced fastpath fastcache config advanced fastpath fastcache
To configure the fastpath fast cache control, use the config advanced fastpath fastcache command.
config advanced fastpath fastcache {enable | disable}
Syntax Description enable disable
Enables the fastpath fast cache control.
Disables the fastpath fast cache control.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the fastpath fast cache control:
(Cisco Controller) >
config advanced fastpath fastcache enable
Related Commands config advanced fastpath pkt-capture
212
Cisco Wireless Controller Command Reference, Release 8.4
config advanced fastpath pkt-capture config advanced fastpath pkt-capture
To configure the fastpath packet capture, use the config advanced fastpath pkt-capture command.
config advanced fastpath pkt-capture {enable | disable}
Syntax Description enable disable
Enables the fastpath packet capture.
Disables the fastpath packet capture.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the fastpath packet capture:
(Cisco Controller) >
config advanced fastpath pkt-capture enable
Related Commands config advanced fastpath fastcache
Cisco Wireless Controller Command Reference, Release 8.4
213
config advanced sip-preferred-call-no config advanced sip-preferred-call-no
To configure voice prioritization, use the config advanced sip-preferred-call-no command.
config advanced sip-preferred-call-no call_index {call_number | none}
Syntax Description
call_index call_number
none
Call index with valid values between 1 and 6.
Preferred call number that can contain up to 27 characters.
Deletes the preferred call set for the specified index.
Command Default
None
Usage Guidelines
Before you configure voice prioritization, you must complete the following prerequisites:
• Set the voice to the platinum QoS level by entering the config wlan qos wlan-id platinum command.
• Enable the admission control (ACM) to this radio by entering the config 802.11 {a | b} cac {voice |
video} acm enable command.
• Enable the call-snooping feature for a particular WLAN by entering the config wlan call-snoop enable
wlan-id command.
To view statistics about preferred calls, enter the show ap stats {802.11{a | b} | wlan} cisco_ap command.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to add a new preferred call for index 2:
(Cisco Controller) >
config advanced sip-preferred-call-no 2 0123456789
Related Commands config wlan qos config 802.11 cac video acm config 802.11 cac voice acm config wlan call-snoop show ap stats
214
Cisco Wireless Controller Command Reference, Release 8.4
config advanced sip-snooping-ports config advanced sip-snooping-ports
To configure call snooping ports, use the config advanced sip-snooping-ports command.
config advanced sip-snooping-ports start_port end_port
Syntax Description
start_port end_port
Starting port for call snooping. The range is from 0 to 65535.
Ending port for call snooping. The range is from 0 to 65535.
Usage Guidelines
If you need only a single port for call snooping, configure the start and end port with the same number.
The port used by the CIUS tablet is 5060 and the port range used by Facetime is from 16384 to16402.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the call snooping ports:
(Cisco Controller) >
config advanced sip-snooping-ports 4000 4500
Related Commands show cac voice stats show cac voice summary show cac video stats show cac video summary config 802.11 cac video sip config 802.11 cac voice sip show advanced sip-preferred-call-no show advanced sip-snooping-ports debug cac
Cisco Wireless Controller Command Reference, Release 8.4
215
config advanced 802.11 packet config advanced 802.11 packet
To configure the maximum packet retries, consecutive packet failure thresholds, and the default timeout value, use config advanced 802.11 packet command.
config advanced 802.11{a | b} < QoS Profile Name > { max-client-count <threshold value (0-1000)> |
max-packet-count <threshold value (0-1000)> | max-retry <maximum retry count> | timeout <time(in
miliseconds)> }
Syntax Description a b
QoS Profile Name
max-client-count max-packet-count max-retry timeout
Specifies the 802.11a network.
Specifies the 802.11b/g network.
• bronze
• silver
• gold
• platinum
Configures the consecutive packet failure threshold before disassociating a client.
threshold value - Enter the client count threshold value in the range 0 to 1000
Configures the consecutive packet failure threshold before not retrying failure packet.
threshold value - Enter the packet failure threshold value in the range 0 to 1000
Configures the packet retry time for failure packet.
maximum retry count - Enter the maximum number of retries allowed.
Configures the packet aging or discard timeout threshold.
time - Enter the maximum time before the packet times out.
Command Default
The default values for parameters in config advanced 802.11 packet command are:
Keyword
max-client-count
Default Value
500
216
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 packet
Keyword
max-packet-count max-retry timeout
Command History
Release
8.2
Default Value
100
3
35 miliseconds
Modification
packet command was introduced in this release.
Examples
(Cisco Controller) >
config advanced 802.11a packet platinum max-packet-count 200
Related Commands show 802.11a
Displays basic 802.11a network settings.
Cisco Wireless Controller Command Reference, Release 8.4
217
config advanced 802.11 profile clients config advanced 802.11 profile clients
To set the Cisco lightweight access point clients threshold between 1 and 75 clients, use the config advanced
802.11 profile clients command.
config advanced 802.11{a | b} profile clients {global | cisco_ap} clients
Syntax Description a b global
cisco_ap clients
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Configures all 802.11a Cisco lightweight access points.
Cisco lightweight access point name.
802.11a Cisco lightweight access point client threshold between 1 and 75 clients.
Command Default
The default Cisco lightweight access point clients threshold is 12 clients.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set all Cisco lightweight access point clients thresholds to 25 clients:
(Cisco Controller) >
config advanced 802.11 profile clients global 25
Global client count profile set.
The following example shows how to set the AP1 clients threshold to 75 clients:
(Cisco Controller) >
config advanced 802.11 profile clients AP1 75
Global client count profile set.
218
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 profile customize config advanced 802.11 profile customize
To turn customizing on or off for an 802.11a Cisco lightweight access point performance profile, use the
config advanced 802.11 profile customize command.
config advanced 802.11{a | b} profile customize cisco_ap {on | off}
Syntax Description a b
cisco_ap
on off
Specifies the 802.11a/n network.
Specifies the 802.11b/g/n network.
Cisco lightweight access point.
Customizes performance profiles for this Cisco lightweight access point.
Uses global default performance profiles for this Cisco lightweight access point.
Command Default
The default state of performance profile customization is Off.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to turn performance profile customization on for 802.11a Cisco lightweight access point AP1:
(Cisco Controller) >
config advanced 802.11 profile customize AP1 on
Cisco Wireless Controller Command Reference, Release 8.4
219
config advanced 802.11 profile foreign config advanced 802.11 profile foreign
To set the foreign 802.11a transmitter interference threshold between 0 and 100 percent, use the config
advanced 802.11 profile foreign command.
config advanced 802.11{a | b} profile foreign {global | cisco_ap} percent
Syntax Description a b global
cisco_ap percent
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Configures all 802.11a Cisco lightweight access points.
Cisco lightweight access point name.
802.11a foreign 802.11a interference threshold between 0 and 100 percent.
Command Default
The default foreign 802.11a transmitter interference threshold value is 10.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set the foreign 802.11a transmitter interference threshold for all Cisco lightweight access points to 50 percent:
(Cisco Controller) >
config advanced 802.11a profile foreign global 50
The following example shows how to set the foreign 802.11a transmitter interference threshold for AP1 to 0 percent:
(Cisco Controller) >
config advanced 802.11 profile foreign AP1 0
220
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 profile noise config advanced 802.11 profile noise
To set the 802.11a foreign noise threshold between –127 and 0 dBm, use the config advanced 802.11 profile
noise command.
config advanced 802.11{a | b} profile noise {global | cisco_ap} dBm
Syntax Description a b global
cisco_ap dBm
Specifies the 802.11a/n network.
Specifies the 802.11b/g/n network.
Configures all 802.11a Cisco lightweight access point specific profiles.
Cisco lightweight access point name.
802.11a foreign noise threshold between –127 and 0 dBm.
Command Default
The default foreign noise threshold value is –70 dBm.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set the 802.11a foreign noise threshold for all Cisco lightweight access points to –127 dBm:
(Cisco Controller) >
config advanced 802.11a profile noise global -127
The following example shows how to set the 802.11a foreign noise threshold for AP1 to 0 dBm:
(Cisco Controller) >
config advanced 802.11a profile noise AP1 0
Cisco Wireless Controller Command Reference, Release 8.4
221
config advanced 802.11 profile throughput config advanced 802.11 profile throughput
To set the Cisco lightweight access point data-rate throughput threshold between 1000 and 10000000 bytes per second, use the config advanced 802.11 profile throughput command.
config advanced 802.11{a | b} profile throughput {global | cisco_ap} value
Syntax Description a b global
cisco_ap value
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Configures all 802.11a Cisco lightweight access point specific profiles.
Cisco lightweight access point name.
802.11a Cisco lightweight access point throughput threshold between 1000 and
10000000 bytes per second.
Command Default
The default Cisco lightweight access point data-rate throughput threshold value is 1,000,000 bytes per second.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set all Cisco lightweight access point data-rate thresholds to 1000 bytes per second:
(Cisco Controller) >
config advanced 802.11 profile throughput global 1000
The following example shows how to set the AP1 data-rate threshold to 10000000 bytes per second:
(Cisco Controller) >
config advanced 802.11 profile throughput AP1 10000000
222
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 profile utilization config advanced 802.11 profile utilization
To set the RF utilization threshold between 0 and 100 percent, use the config advanced 802.11 profile
utilization command. The operating system generates a trap when this threshold is exceeded.
config advanced 802.11{a | b} profile utilization {global | cisco_ap} percent
Syntax Description a b global
cisco_ap percent
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Configures a global Cisco lightweight access point specific profile.
Cisco lightweight access point name.
802.11a RF utilization threshold between 0 and 100 percent.
Command Default
The default RF utilization threshold value is 80 percent.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set the RF utilization threshold for all Cisco lightweight access points to 0 percent:
(Cisco Controller) >
config advanced 802.11 profile utilization global 0
The following example shows how to set the RF utilization threshold for AP1 to 100 percent:
(Cisco Controller) >
config advanced 802.11 profile utilization AP1 100
Cisco Wireless Controller Command Reference, Release 8.4
223
config advanced backup-controller primary config advanced backup-controller primary
To configure a primary backup controller, use the config advanced backup-controller primary command.
config advanced backup-controller primary system name IP addr
Syntax Description
system name
IP addr
Configures primary|secondary backup controller.
IP address of the backup controller.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Usage Guidelines
To delete a primary backup controller entry (IPv6 or IPv4), enter 0.0.0.0 for the controller IP address.
Examples
The following example shows how to configure the IPv4 primary backup controller:
(Cisco Controller) >
config advanced backup-controller primary Controller_1 10.10.10.10
The following example shows how to configure the IPv6 primary backup controller:
(Cisco Controller) >
config advanced backup-controller primary systemname 2001:9:6:40::623
The following example shows how to remove the IPv4 primary backup controller:
(Cisco Controller) >
config advanced backup-controller primary Controller_1 10.10.10.10
The following example shows how to remove the IPv6 primary backup controller:
(Cisco Controller) >
config advanced backup-controller primary Controller_1 0.0.0.0
Related Commands show advanced back-up controller
224
Cisco Wireless Controller Command Reference, Release 8.4
config advanced backup-controller secondary config advanced backup-controller secondary
To configure a secondary backup controller, use the config advanced backup-controller secondary command.
config advanced backup-controller secondary system name IP addr
Syntax Description
system name
IP addr
Configures primary|secondary backup controller.
IP address of the backup controller.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Usage Guidelines
To delete a secondary backup controller entry (IPv4 or IPv6), enter 0.0.0.0 for the controller IP address.
Examples
The following example shows how to configure an IPv4 secondary backup controller:
(Cisco Controller) >
config advanced backup-controller secondary Controller_2 10.10.10.10
The following example shows how to configure an IPv6 secondary backup controller:
(Cisco Controller) >
config advanced backup-controller secondary Controller_2 2001:9:6:40::623
The following example shows how to remove an IPv4 secondary backup controller:
(Cisco Controller) >
config advanced backup-controller secondary Controller_2 0.0.0.0
The following example shows how to remove an IPv6 secondary backup controller:
(Cisco Controller) >
config advanced backup-controller secondary Controller_2 0.0.0.0
Related Commands show advanced back-up controller
Cisco Wireless Controller Command Reference, Release 8.4
225
config advanced client-handoff config advanced client-handoff
To set the client handoff to occur after a selected number of 802.11 data packet excessive retries, use the
config advanced client-handoff command.
config advanced client-handoff num_of_retries
Syntax Description
num_of_retries
Number of excessive retries before client handoff (from 0 to 255).
Command Default
The default value for the number of 802.11 data packet excessive retries is 0.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This command is supported only for the 1000/1510 series access points.
Examples
This example shows how to set the client handoff to 100 excessive retries:
(Cisco Controller) >
config advanced client-handoff 100
226
Cisco Wireless Controller Command Reference, Release 8.4
config advanced dot11-padding config advanced dot11-padding
To enable or disable over-the-air frame padding, use the config advanced dot11-padding command.
config advanced dot11-padding {enable | disable}
Syntax Description enable disable
Enables the over-the-air frame padding.
Disables the over-the-air frame padding.
Command Default
The default over-the-air frame padding is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable over-the-air frame padding:
(Cisco Controller) >
config advanced dot11-padding enable
Related Commands debug dot11 debug dot11 mgmt interface debug dot11 mgmt msg debug dot11 mgmt ssid debug dot11 mgmt state-machine debug dot11 mgmt station show advanced dot11-padding
Cisco Wireless Controller Command Reference, Release 8.4
227
config advanced assoc-limit config advanced assoc-limit
To configure the rate at which access point radios send association and authentication requests to the controller, use the config advanced assoc-limit command.
config advanced assoc-limit {enable [number of associations per interval | interval ] | disable}
Syntax Description enable disable
number of associations per interval interval
Enables the configuration of the association requests per access point.
Disables the configuration of the association requests per access point.
(Optional) Number of association request per access point slot in a given interval.
The range is from 1 to 100.
(Optional) Association request limit interval. The range is from 100 to 10000 milliseconds.
Command Default
The default state of the command is disabled state.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
When 200 or more wireless clients try to associate to a controller at the same time, the clients no longer become stuck in the DHCP_REQD state when you use the config advanced assoc-limit command to limit association requests from access points.
Examples
The following example shows how to configure the number of association requests per access point slot in a given interval of 20 with the association request limit interval of 250:
(Cisco Controller) >
config advanced assoc-limit enable 20 250
228
Cisco Wireless Controller Command Reference, Release 8.4
config advanced max-1x-sessions config advanced max-1x-sessions
To configure the maximum number of simultaneous 802.1X sessions allowed per access point, use the config
advanced max-1x-sessions command.
config advanced max-1x-sessions no_of_sessions
Syntax Description
no_of_sessions
Number of maximum 802.1x session initiation per AP at a time. The range is from 0 to 255, where 0 indicates unlimited.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure the maximum number of simultaneous 802.1X sessions:
(Cisco Controller) >
config advanced max-1x-sessions 200
Cisco Wireless Controller Command Reference, Release 8.4
229
config advanced rate config advanced rate
To configure switch control path rate limiting, use the config advanced rate command.
config advanced rate {enable | disable}
Syntax Description enable disable
Enables the switch control path rate limiting feature.
Disables the switch control path rate limiting feature.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable switch control path rate limiting:
(Cisco Controller) >
config advanced rate enable
230
Cisco Wireless Controller Command Reference, Release 8.4
config advanced probe filter config advanced probe filter
To configure the filtering of probe requests forwarded from an access point to the controller, use the config
advanced probe filter command.
config advanced probe filter {enable | disable}
Syntax Description enable disable
Enables the filtering of probe requests.
Disables the filtering of probe requests.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable the filtering of probe requests forwarded from an access point to the controller:
(Cisco Controller) >
config advanced probe filter enable
Cisco Wireless Controller Command Reference, Release 8.4
231
config advanced probe limit config advanced probe limit
To limit the number of probes sent to the WLAN controller per access point per client in a given interval, use the config advanced probe limit command.
config advanced probe limit num_probes interval
Syntax Description
num_probes interval
Number of probe requests (from 1 to 100) forwarded to the controller per client per access point radio in a given interval.
Probe limit interval (from 100 to 10000 milliseconds).
Command Default
The default number of probe requests is 2. The default interval is 500 milliseconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
This example shows how to set the number of probes per access point per client to 5 and the probe interval to 800 milliseconds:
(Cisco Controller) >
config advanced probe limit 5 800
232
Cisco Wireless Controller Command Reference, Release 8.4
config advanced timers config advanced timers
To configure an advanced system timer, use the config advanced timers command.
config advanced timers {ap-discovery-timeout discovery-timeout | ap-fast-heartbeat {local | flexconnect
| all} {enable | disable} fast_heartbeat_seconds | ap-heartbeat-timeout heartbeat_seconds |
ap-primary-discovery-timeout primary_discovery_timeout | ap-primed-join-timeout primed_join_timeout
| auth-timeout auth_timeout | pkt-fwd-watchdog {enable | disable} {watchdog_timer | default} |
eap-identity-request-delay eap_identity_request_delay | eap-timeout eap_timeout}
Syntax Description ap-discovery-timeout
discovery-timeout
ap-fast-heartbeat local flexconnect all enable
Configures the Cisco lightweight access point discovery timeout value.
Cisco lightweight access point discovery timeout value, in seconds. The range is from 1 to 10.
Configures the fast heartbeat timer, which reduces the amount of time it takes to detect a controller failure in access points.
Configures the fast heartbeat interval for access points in local mode.
Configures the fast heartbeat interval for access points in FlexConnect mode.
Configures the fast heartbeat interval for all the access points.
Enables the fast heartbeat interval.
disable
fast_heartbeat_seconds
ap-heartbeat-timeout
heartbeat_seconds
ap-primary-discovery-timeout
Configures the access point primary discovery request timer.
primary_discovery_timeout
Cisco the Cisco lightweight access point heartbeat timeout value, in seconds. The range is from 1 to 30. This value should be at least three times larger than the fast heartbeat timer.
ap-primed-join-timeout
Access point primary discovery request time, in seconds. The range is from 30 to 3600.
Configures the access point primed discovery timeout value.
primed_join_timeout
auth-timeout
Disables the fast heartbeat interval.
Small heartbeat interval, which reduces the amount of time it takes to detect a controller failure, in seconds. The range is from 1 to 10.
Configures Cisco lightweight access point heartbeat timeout value.
Access point primed discovery timeout value, in seconds. The range is from 120 to 43200.
Configures the authentication timeout.
Cisco Wireless Controller Command Reference, Release 8.4
233
config advanced timers
auth_timeout
pkt-fwd-watchdog
watchdog_timer
default eap-identity-request-delay
eap_identity_request_delay
eap-timeout
eap_timeout
Authentication response timeout value, in seconds. The range is from 10 to 600.
Configures the packet forwarding watchdog timer to protect from fastpath deadlock.
Packet forwarding watchdog timer, in seconds. The range is from 60 to
300.
Configures the watchdog timer to the default value of 240 seconds.
Configures the advanced Extensible Authentication Protocol (EAP) identity request delay, in seconds.
Advanced EAP identity request delay, in seconds. The range is from 0 to 10.
Configures the EAP expiration timeout.
EAP timeout value, in seconds. The range is from 8 to 120.
Command Default
• The default access point discovery timeout is 10 seconds.
• The default access point heartbeat timeout is 30 seconds.
• The default access point primary discovery request timer is 120 seconds.
• The default authentication timeout is 10 seconds.
• The default packet forwarding watchdog timer is 240 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The Cisco lightweight access point discovery timeout indicates how often a Cisco WLC attempts to discover unconnected Cisco lightweight access points.
The Cisco lightweight access point heartbeat timeout controls how often the Cisco lightweight access point sends a heartbeat keepalive signal to the Cisco Wireless LAN Controller.
Examples
The following example shows how to configure an access point discovery timeout with a timeout value of
20:
(Cisco Controller) >
config advanced timers ap-discovery-timeout 20
234
Cisco Wireless Controller Command Reference, Release 8.4
config advanced timers
The following example shows how to enable the fast heartbeat interval for an access point in FlexConnect mode:
(Cisco Controller) >
config advanced timers ap-fast-heartbeat flexconnect enable 8
The following example shows how to configure the authentication timeout to 20 seconds:
(Cisco Controller) >
config advanced timers auth-timeout 20
Cisco Wireless Controller Command Reference, Release 8.4
235
config advanced 802.11 7920VSIEConfig config advanced 802.11 7920VSIEConfig
To configure the Cisco unified wireless IP phone 7920 VISE parameters, use the config advanced 802.11
7920VSIEConfig command.
config advanced 802.11{a | b} 7920VSIEConfig {call-admission-limit limit | G711-CU-Quantum quantum}
Syntax Description a b call-admission-limit
G711-CU-Quantum
limit quantum
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Configures the call admission limit for the 7920s.
Configures the value supplied by the infrastructure indicating the current number of channel utilization units that would be used by a single G.711-20ms call.
Call admission limit (from 0 to 255). The default value is 105.
G711 quantum value. The default value is 15.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
This example shows how to configure the call admission limit for 7920 VISE parameters:
(Cisco Controller) >
config advanced 802.11 7920VSIEConfig call-admission-limit 4
236
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 channel add config advanced 802.11 channel add
To add channel to the 802.11 networks auto RF channel list, use the config advanced 802.11 channel add command.
config advanced 802.11{a | b} channel add channel_number
Syntax Description a b add
channel_number
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Adds a channel to the 802.11 network auto RF channel list.
Channel number to add to the 802.11 network auto RF channel list.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to add a channel to the 802.11a network auto RF channel list:
(Cisco Controller) >
config advanced 802.11 channel add 132
Cisco Wireless Controller Command Reference, Release 8.4
237
config advanced 802.11 channel cleanair-event config advanced 802.11 channel cleanair-event
To configure CleanAir event driven Radio Resource Management (RRM) parameters for all 802.11 Cisco lightweight access points, use the config advanced 802.11 channel cleanair-event command.
config advanced 802.11{a | b} channel cleanair-event {enable | disable | sensitivity [low | medium | high]
| custom threshold threshold_value}
Syntax Description a b enable disable sensitivity low medium high custom threshold
threshold_value
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the CleanAir event-driven RRM parameters.
Disables the CleanAir event-driven RRM parameters.
Sets the sensitivity for CleanAir event-driven RRM.
(Optional) Specifies low sensitivity.
(Optional) Specifies medium sensitivity
(Optional) Specifies high sensitivity
Specifies custom sensitivity.
Specifies the EDRRM AQ threshold value.
Number of custom threshold.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable the CleanAir event-driven RRM parameters:
(Cisco Controller) >
config advanced 802.11 channel cleanair-event enable
The following example shows how to configure high sensitivity for CleanAir event-driven RRM:
(Cisco Controller) >
config advanced 802.11 channel cleanair-event sensitivity high
238
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 channel dca anchor-time config advanced 802.11 channel dca anchor-time
To specify the time of day when the Dynamic Channel Assignment (DCA) algorithm is to start, use the config
advanced 802.11 channel dca anchor-time command.
config advanced 802.11{a | b} channel dca anchor-time value
Syntax Description a b
value
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Hour of the time between 0 and 23. These values represent the hour from 12:00 a.m. to 11:00 p.m.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the time of delay when the DCA algorithm starts:
(Cisco Controller) >
config advanced 802.11 channel dca anchor-time 17
Related Commands config advanced 802.11 channel dca interval config advanced 802.11 channel dca sensitivity config advanced 802.11 channel
Cisco Wireless Controller Command Reference, Release 8.4
239
config advanced 802.11 channel dca chan-width-11n config advanced 802.11 channel dca chan-width-11n
To configure the Dynamic Channel Assignment (DCA) channel width for all 802.11n radios in the 5-GHz band, use the config advanced 802.11 channel dca chan-width-11n command.
config advanced 802.11{a | b} channel dca chan-width-11n {20 | 40 | 80}
Syntax Description a b
20
40
80
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Sets the channel width for 802.11n radios to 20 MHz.
Sets the channel width for 802.11n radios to 40 MHz.
Sets the channel width for 802.11ac radios to 80-MHz.
Command Default
The default channel width is 20.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If you choose 40, be sure to set at least two adjacent channels in the config advanced 802.11 channel {add
| delete} channel_number command (for example, a primary channel of 36 and an extension channel of 40).
If you set only one channel, that channel is not used for the 40-MHz channel width.
To override the globally configured DCA channel width setting, you can statically configure an access point’s radio for 20- or 40-MHz mode using the config 802.11 chan_width command. If you then change the static configuration to global on the access point radio, the global DCA configuration overrides the channel width configuration that the access point was previously using.
Examples
Examples
The following example shows how to add a channel to the 802.11a network auto channel list:
(Cisco Controller) >
config advanced 802.11a channel dca chan-width-11n 40
The following example shows how to set the channel width for the 802.11ac radio as 80-MHz:
(Cisco Controller) >
config advanced 802.11a channel dca chan-width-11n 80
240
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 channel dca interval config advanced 802.11 channel dca interval
To specify how often the Dynamic Channel Assignment (DCA) is allowed to run, use the config advanced
802.11 channel dca interval command.
config advanced 802.11{a | b} channel dca interval value
Syntax Description a b
value
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Valid values are 0, 1, 2, 3, 4, 6, 8, 12, or 24 hours. 0 is 10 minutes (600 seconds).
Command Default
The default DCA channel interval is 10 (10 minutes).
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If your controller supports only OfficeExtend access points, we recommend that you set the DCA interval to
6 hours for optimal performance. For deployments with a combination of OfficeExtend access points and local access points, the range of 10 minutes to 24 hours can be used.
Examples
The following example shows how often the DCA algorithm is allowed to run:
(Cisco Controller) >
config advanced 802.11 channel dca interval 8
Related Commands config advanced 802.11 dca anchor-time config advanced 802.11 dca sensitivity show advanced 802.11 channel
Cisco Wireless Controller Command Reference, Release 8.4
241
config advanced 802.11 channel dca min-metric config advanced 802.11 channel dca min-metric
To configure the 5-GHz minimum RSSI energy metric for DCA, use the config advanced 802.11 channel
dca min-metric command.
config advanced 802.11{a | b} channel dca RSSI_value
Syntax Description a b
RSSI_value
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Minimum received signal strength indicator (RSSI) that is required for the DCA to trigger a channel change. The range is from –100 to –60 dBm.
Command Default
The default minimum RSSI energy metric for DCA is –95 dBm.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the minimum 5-GHz RSSI energy metric for DCA:
(Cisco Controller) >
config advanced 802.11a channel dca min-metric
–80
In the above example, the RRM must detect an interference energy of at least -80 dBm in RSSI for the DCA to trigger a channel change.
Related Commands config advanced 802.11 dca interval config advanced 802.11 dca anchor-time show advanced 802.11 channel
242
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 channel dca sensitivity config advanced 802.11 channel dca sensitivity
To specify how sensitive the Dynamic Channel Assignment (DCA) algorithm is to environmental changes
(for example, signal, load, noise, and interference) when determining whether or not to change channels, use the config advanced 802.11 channel dca sensitivity command.
config advanced 802.11{a | b} channel dcasensitivity {low | medium | high}
Syntax Description a b low medium high
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the DCA algorithm is not particularly sensitive to environmental changes. See the “Usage
Guidelines” section for more information.
Specifies the DCA algorithm is moderately sensitive to environmental changes. See the “Usage Guidelines” section for more information.
Specifies the DCA algorithm is highly sensitive to environmental changes. See the “Usage Guidelines” section for more information.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The DCA sensitivity thresholds vary by radio band as shown in the table below.
To aid in troubleshooting, the output of this command shows an error code for any failed calls. This table explains the possible error codes for failed calls.
Table 4: DCA Sensitivity Thresholds
Sensitivity
High
Medium
2.4-GHz DCA Sensitivity Threshold
5 dB
15 dB
5-GHz DCA Sensitivity Threshold
5 dB
20 dB
Cisco Wireless Controller Command Reference, Release 8.4
243
config advanced 802.11 channel dca sensitivity
Sensitivity
Low
2.4-GHz DCA Sensitivity Threshold 5-GHz DCA Sensitivity Threshold
30 dB 35 dB
Examples
The following example shows how to configure the value of DCA algorithm’s sensitivity to low:
(Cisco Controller) >
config advanced 802.11 channel dca sensitivity low
Related Commands config advanced 802.11 dca interval config advanced 802.11 dca anchor-time show advanced 802.11 channel
244
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 channel foreign config advanced 802.11 channel foreign
To have Radio Resource Management (RRM) consider or ignore foreign 802.11a interference avoidance in making channel selection updates for all 802.11a Cisco lightweight access points, use the config advanced
802.11 channel foreign command.
config advanced 802.11{a | b} channel foreign {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the foreign access point 802.11a interference avoidance in the channel assignment.
Disables the foreign access point 802.11a interference avoidance in the channel assignment.
Command Default
The default value for the foreign access point 802.11a interference avoidance in the channel assignment is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to have RRM consider foreign 802.11a interference when making channel selection updates for all 802.11a Cisco lightweight access points:
(Cisco Controller) >
config advanced 802.11a channel foreign enable
Related Commands show advanced 802.11a channel config advanced 802.11b channel foreign
Cisco Wireless Controller Command Reference, Release 8.4
245
config advanced 802.11 channel load config advanced 802.11 channel load
To have Radio Resource Management (RRM) consider or ignore the traffic load in making channel selection updates for all 802.11a Cisco lightweight access points, use the config advanced 802.11 channel load command.
config advanced 802.11{a | b} channel load {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the Cisco lightweight access point 802.11a
load avoidance in the channel assignment.
Disables the Cisco lightweight access point 802.11a
load avoidance in the channel assignment.
Command Default
The default value for Cisco lightweight access point 802.11a load avoidance in the channel assignment is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to have RRM consider the traffic load when making channel selection updates for all 802.11a Cisco lightweight access points:
(Cisco Controller) >
config advanced 802.11 channel load enable
Related Commands show advanced 802.11a channel config advanced 802.11b channel load
246
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 channel noise config advanced 802.11 channel noise
To have Radio Resource Management (RRM) consider or ignore non-802.11a noise in making channel selection updates for all 802.11a Cisco lightweight access points, use the config advanced 802.11 channel
noise command.
config advanced 802.11{a | b} channel noise {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables non-802.11a noise avoidance in the channel assignment. or ignore.
Disables the non-802.11a noise avoidance in the channel assignment.
Command Default
The default value for non-802.11a noise avoidance in the channel assignment is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to have RRM consider non-802.11a noise when making channel selection updates for all 802.11a Cisco lightweight access points:
(Cisco Controller) >
config advanced 802.11 channel noise enable
Related Commands show advanced 802.11a channel config advanced 802.11b channel noise
Cisco Wireless Controller Command Reference, Release 8.4
247
config advanced 802.11 channel outdoor-ap-dca config advanced 802.11 channel outdoor-ap-dca
To enable or disable the controller to avoid checking the non-Dynamic Frequency Selection (DFS) channels, use the config advanced 802.11 channel outdoor-ap-dca command.
config advanced 802.11{a | b} channel outdoor-ap-dca {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables 802.11 network DCA list option for outdoor access point.
Disables 802.11 network DCA list option for outdoor access point.
Command Default
The default value for 802.11 network DCA list option for outdoor access point is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The config advanced 802.11{a | b} channel outdoor-ap-dca {enable | disable} command is applicable only for deployments having outdoor access points such as 1522 and 1524.
Examples
The following example shows how to enable the 802.11a DCA list option for outdoor access point:
(Cisco Controller) >
config advanced 802.11a channel outdoor-ap-dca enable
Related Commands show advanced 802.11a channel config advanced 802.11b channel noise
248
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 channel pda-prop config advanced 802.11 channel pda-prop
To enable or disable propagation of persistent devices, use the config advanced 802.11 channel pda-prop command.
config advanced 802.11{a | b} channel pda-prop {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the 802.11 network DCA list option for the outdoor access point.
Disables the 802.11 network DCA list option for the outdoor access point.
Command Default
The default 802.11 network DCA list option for the outdoor access point is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable or disable propagation of persistent devices:
(Cisco Controller) >
config advanced 802.11 channel pda-prop enable
Cisco Wireless Controller Command Reference, Release 8.4
249
config advanced 802.11 channel update config advanced 802.11 channel update
To have Radio Resource Management (RRM) initiate a channel selection update for all 802.11a Cisco lightweight access points, use the config advanced 802.11 channel update command.
config advanced 802.11{a | b} channel update
Syntax Description a b
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to initiate a channel selection update for all 802.11a network access points:
(Cisco Controller) >
config advanced 802.11a channel update
250
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 coverage config advanced 802.11 coverage
To enable or disable coverage hole detection, use the config advanced 802.11 coverage command.
config advanced 802.11{a | b} coverage {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the coverage hole detection.
Disables the coverage hole detection.
Command Default
The default coverage hole detection value is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If you enable coverage hole detection, the Cisco WLC automatically determines, based on data that is received from the access points, whether any access points have clients that are potentially located in areas with poor coverage.
If both the number and percentage of failed packets exceed the values that you entered in the config advanced
802.11 coverage packet-count and config advanced 802.11 coverage fail-rate commands for a 5-second period, the client is considered to be in a pre-alarm condition. The controller uses this information to distinguish between real and false coverage holes and excludes clients with poor roaming logic. A coverage hole is detected if both the number and percentage of failed clients meet or exceed the values entered in the config
advanced 802.11 coverage level global and config advanced 802.11 coverage exception global commands over a 90-second period. The Cisco WLC determines whether the coverage hole can be corrected and, if appropriate, mitigates the coverage hole by increasing the transmit power level for that specific access point.
Examples
The following example shows how to enable coverage hole detection on an 802.11a network:
(Cisco Controller) >
config advanced 802.11a coverage enable
Related Commands config advanced 802.11 coverage exception global config advanced 802.11 coverage fail-rate config advanced 802.11 coverage level global
Cisco Wireless Controller Command Reference, Release 8.4
251
config advanced 802.11 coverage config advanced 802.11 coverage packet-count config advanced 802.11 coverage rssi-threshold
252
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 coverage exception global config advanced 802.11 coverage exception global
To specify the percentage of clients on an access point that are experiencing a low signal level but cannot roam to another access point, use the config advanced 802.11 coverage exception global command.
config advanced 802.11{a | b} coverage exception global percent
Syntax Description a b
percent
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Percentage of clients. Valid values are from 0 to
100%.
Command Default
The default percentage value for clients on an access point is 25%.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If both the number and percentage of failed packets exceed the values that you entered in the config advanced
802.11 coverage packet-count and config advanced 802.11 coverage fail-rate commands for a 5-second period, the client is considered to be in a pre-alarm condition. The controller uses this information to distinguish between real and false coverage holes and excludes clients with poor roaming logic. A coverage hole is detected if both the number and percentage of failed clients meet or exceed the values entered in theconfig
advanced 802.11 coverage level global and config advanced 802.11 coverage exception global commands over a 90-second period. The controller determines whether the coverage hole can be corrected and, if appropriate, mitigates the coverage hole by increasing the transmit power level for that specific access point.
Examples
The following example shows how to specify the percentage of clients for all 802.11a access points that are experiencing a low signal level:
(Cisco Controller) >
config advanced 802.11 coverage exception global 50
Related Commands config advanced 802.11 coverage exception global config advanced 802.11 coverage fail-rate config advanced 802.11 coverage level global config advanced 802.11 coverage packet-count
Cisco Wireless Controller Command Reference, Release 8.4
253
config advanced 802.11 coverage exception global config advanced 802.11 coverage rssi-threshold config advanced 802.11 coverage
254
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 coverage fail-rate config advanced 802.11 coverage fail-rate
To specify the failure rate threshold for uplink data or voice packets, use the config advanced 802.11 coverage
fail-rate command.
config advanced 802.11{a | b} coverage {data | voice} fail-rate percent
Syntax Description a b data voice
percent
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the threshold for data packets.
Specifies the threshold for voice packets.
Failure rate as a percentage. Valid values are from 1 to 100 percent.
Command Default
The default failure rate threshold uplink coverage fail-rate value is 20%.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If both the number and percentage of failed packets exceed the values that you entered in theconfig advanced
802.11 coverage packet-count and config advanced 802.11 coverage fail-rate commands for a 5-second period, the client is considered to be in a pre-alarm condition. The controller uses this information to distinguish between real and false coverage holes and excludes clients with poor roaming logic. A coverage hole is detected if both the number and percentage of failed clients meet or exceed the values entered in the config
advanced 802.11 coverage level global and config advanced 802.11 coverage exception global commands over a 90-second period. The controller determines whether the coverage hole can be corrected and, if appropriate, mitigates the coverage hole by increasing the transmit power level for that specific access point.
Examples
The following example shows how to configure the threshold count for minimum uplink failures for data packets:
(Cisco Controller) >
config advanced 802.11 coverage fail-rate 80
Related Commands config advanced 802.11 coverage exception global config advanced 802.11 coverage level global
Cisco Wireless Controller Command Reference, Release 8.4
255
config advanced 802.11 coverage fail-rate config advanced 802.11 coverage packet-count config advanced 802.11 coverage rssi-threshold config advanced 802.11 coverage
256
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 coverage level global config advanced 802.11 coverage level global
To specify the minimum number of clients on an access point with an received signal strength indication
(RSSI) value at or below the data or voice RSSI threshold, use the config advanced 802.11 coverage level
global command.
config advanced 802.11{a | b} coverage level global clients
Syntax Description a b
clients
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Minimum number of clients. Valid values are from 1 to 75.
Command Default
The default minimum number of clients on an access point is 3.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If both the number and percentage of failed packets exceed the values that you entered in the config advanced
802.11 coverage packet-count and config advanced 802.11 coverage fail-rate commands for a 5-second period, the client is considered to be in a pre-alarm condition. The controller uses this information to distinguish between real and false coverage holes and excludes clients with poor roaming logic. A coverage hole is detected if both the number and percentage of failed clients meet or exceed the values entered in the config
advanced 802.11 coverage level global and config advanced 802.11 coverage exception global commands over a 90-second period. The controller determines whether the coverage hole can be corrected and, if appropriate, mitigates the coverage hole by increasing the transmit power level for that specific access point.
Examples
The following example shows how to specify the minimum number of clients on all 802.11a access points with an RSSI value at or below the RSSI threshold:
(Cisco Controller) >
config advanced 802.11 coverage level global 60
Related Commands config advanced 802.11 coverage exception global config advanced 802.11 coverage fail-rate config advanced 802.11 coverage packet-count config advanced 802.11 coverage rssi-threshold
Cisco Wireless Controller Command Reference, Release 8.4
257
config advanced 802.11 coverage level global config advanced 802.11 coverage
258
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 coverage packet-count config advanced 802.11 coverage packet-count
To specify the minimum failure count threshold for uplink data or voice packets, use the config advanced
802.11 coverage packet-count command.
config advanced 802.11{a | b} coverage {data | voice} packet-count packets
Syntax Description a b data voice
packets
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the threshold for data packets.
Specifies the threshold for voice packets.
Minimum number of packets. Valid values are from
1 to 255 packets.
Command Default
The default failure count threshold for uplink data or voice packets is10.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If both the number and percentage of failed packets exceed the values that you entered in the config advanced
802.11 coverage packet-count and config advanced 802.11 coverage fail-rate commands for a 5-second period, the client is considered to be in a pre-alarm condition. The controller uses this information to distinguish between real and false coverage holes and excludes clients with poor roaming logic. A coverage hole is detected if both the number and percentage of failed clients meet or exceed the values entered in the config
advanced 802.11 coverage level global and config advanced 802.11 coverage exception global commands over a 90-second period. The controller determines whether the coverage hole can be corrected and, if appropriate, mitigates the coverage hole by increasing the transmit power level for that specific access point.
Examples
The following example shows how to configure the failure count threshold for uplink data packets:
(Cisco Controller) >
config advanced 802.11 coverage packet-count 100
Related Commands config advanced 802.11 coverage exception global config advanced 802.11 coverage fail-rate config advanced 802.11 coverage level global
Cisco Wireless Controller Command Reference, Release 8.4
259
config advanced 802.11 coverage packet-count config advanced 802.11 coverage rssi-threshold config advanced 802.11 coverage
260
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 coverage rssi-threshold config advanced 802.11 coverage rssi-threshold
To specify the minimum receive signal strength indication (RSSI) value for packets that are received by an access point, use the config advanced 802.11 coverage rssi-threshold command.
config advanced 802.11{a | b} coverage {data | voice} rssi-threshold rssi
Syntax Description a b data voice
rssi
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the threshold for data packets.
Specifies the threshold for voice packets.
Valid values are from –60 to –90 dBm.
Command Default
• The default RSSI value for data packets is –80 dBm.
• The default RSSI value for voice packets is –75 dBm.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The rssi value that you enter is used to identify coverage holes (or areas of poor coverage) within your network.
If the access point receives a packet in the data or voice queue with an RSSI value that is below the value that you enter, a potential coverage hole has been detected.
The access point takes RSSI measurements every 5 seconds and reports them to the controller in 90-second intervals.
If both the number and percentage of failed packets exceed the values that you entered in the config advanced
802.11 coverage packet-count and config advanced 802.11 coverage fail-rate commands for a 5-second period, the client is considered to be in a pre-alarm condition. The controller uses this information to distinguish between real and false coverage holes and excludes clients with poor roaming logic. A coverage hole is detected if both the number and percentage of failed clients meet or exceed the values entered in the config
advanced 802.11 coverage level global and config advanced 802.11 coverage exception global commands over a 90-second period. The controller determines whether the coverage hole can be corrected and, if appropriate, mitigates the coverage hole by increasing the transmit power level for that specific access point.
Cisco Wireless Controller Command Reference, Release 8.4
261
config advanced 802.11 coverage rssi-threshold
Examples
The following example shows how to configure the minimum receive signal strength indication threshold value for data packets that are received by an 802.11a access point:
(Cisco Controller) >
config advanced 802.11a coverage rssi-threshold -60
Related Commands config advanced 802.11 coverage exception global config advanced 802.11 coverage fail-rate config advanced 802.11 coverage level global config advanced 802.11 coverage packet-count config advanced 802.11 coverage
262
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 edca-parameters config advanced 802.11 edca-parameters
To enable a specific Enhanced Distributed Channel Access (EDCA) profile on a 802.11a network, use the
config advanced 802.11 edca-parameters command.
config advanced 802.11{a | b} edca-parameters {wmm-default | svp-voice | optimized-voice |
optimized-video-voice | custom-voice | fastlane | custom-set { QoS Profile Name } { aifs AP-value (0-16 )
Client value (0-16) | ecwmax AP-Value (0-10) Client value (0-10) | ecwmin AP-Value (0-10) Client value
(0-10) | txop AP-Value (0-255) Client value (0-255) } }
Syntax Description a b wmm-default svp-voice optimized-voice optimized-video-voice custom-voice fastlane
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the Wi-Fi Multimedia (WMM) default parameters. Choose this option if voice or video services are not deployed on your network.
Enables Spectralink voice-priority parameters. Choose this option if Spectralink phones are deployed on your network to improve the quality of calls.
Enables EDCA voice-optimized profile parameters.
Choose this option if voice services other than
Spectralink are deployed on your network.
Enables EDCA voice-optimized and video-optimized profile parameters. Choose this option when both voice and video services are deployed on your network.
Note
If you deploy video services, admission control must be disabled.
Enables custom voice EDCA parameters for 802.11a.
The EDCA parameters under this option also match the
6.0 WMM EDCA parameters when this profile is applied.
Enables fastlane on compatible devices.
Cisco Wireless Controller Command Reference, Release 8.4
263
config advanced 802.11 edca-parameters custom-set
Enables customization of EDCA parameters
• aifs—Configures the Arbitration Inter-Frame
Space.
AP Value (0-16) Client value (0-16)
• ecwmax—Configures the maximum
Contention Window.
AP Value(0-10) Client Value (0-10)
• ecwmin—Configures the minimum Contention
Window.
AP Value(0-10) Client Value(0-10)
• txop—Configures the Arbitration
Transmission Opportunity Limit.
AP Value(0-255) Client Value(0-255)
QoS Profile Name - Enter the QoS profile name:
• bronze
• silver
• gold
• platinum
Command Default
The default EDCA parameter is wmm-default.
Command History
Release
7.6
8.2.110.0
8.3
Modification
This command was introduced in a release earlier than Release 7.6.
In this release, custom-set keyword was added to edca-parameters command.
This command was modified and the fastlane keyword was added.
Examples
The following example shows how to enable Spectralink voice-priority parameters:
(Cisco Controller) >
config advanced 802.11 edca-parameters svp-voice
Related Commands config advanced 802.11b edca-parameters
Enables a specific Enhanced Distributed Channel
Access (EDCA) profile on the 802.11a network.
264
Cisco Wireless Controller Command Reference, Release 8.4
show 802.11a
config advanced 802.11 edca-parameters
Displays basic 802.11a network settings.
Cisco Wireless Controller Command Reference, Release 8.4
265
config advanced 802.11 factory config advanced 802.11 factory
To reset 802.11a advanced settings back to the factory defaults, use the config advanced 802.11 factory command.
config advanced 802.11{a | b} factory
Syntax Description a b
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to return all the 802.11a advanced settings to their factory defaults:
(Cisco Controller) >
config advanced 802.11a factory
Related Commands show advanced 802.11a channel
266
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 group-member config advanced 802.11 group-member
To configure members in 802.11 static RF group, use the config advanced 802.11 group-member command.
config advanced 802.11{a | b} group-member {add | remove} controller controller-ip-address
Syntax Description a b add remove
controller controller-ip-address
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Adds a controller to the static RF group.
Removes a controller from the static RF group.
Name of the controller to be added.
IP address of the controller to be added.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to add a controller in the 802.11a automatic RF group:
(Cisco Controller) >
config advanced 802.11a group-member add cisco-controller 209.165.200.225
Related Commands show advanced 802.11a group config advanced 802.11 group-mode
Cisco Wireless Controller Command Reference, Release 8.4
267
config advanced 802.11 group-mode config advanced 802.11 group-mode
To set the 802.11a automatic RF group selection mode on or off, use the config advanced 802.11 group-mode command.
config advanced 802.11{a | b} group-mode {auto | leader | off | restart}
Syntax Description a b auto leader off restart
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Sets the 802.11a RF group selection to automatic update mode.
Sets the 802.11a RF group selection to static mode, and sets this controller as the group leader.
Sets the 802.11a RF group selection to off.
Restarts the 802.11a RF group selection.
Command Default
The default 802.11a automatic RF group selection mode is auto.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the 802.11a automatic RF group selection mode on:
(Cisco Controller) >
config advanced 802.11a group-mode auto
The following example shows how to configure the 802.11a automatic RF group selection mode off:
(Cisco Controller) >
config advanced 802.11a group-mode off
Related Commands show advanced 802.11a group config advanced 802.11 group-member
268
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 logging channel config advanced 802.11 logging channel
To turn the channel change logging mode on or off, use the config advanced 802.11 logging channel command.
config advanced 802.11{a | b} logging channel {on | off}
Syntax Description a b logging channel on off
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Logs channel changes.
Enables the 802.11 channel logging.
Disables 802.11 channel logging.
Command Default
The default channel change logging mode is Off (disabled).
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to turn the 802.11a logging channel selection mode on:
(Cisco Controller) >
config advanced 802.11a logging channel on
Related Commands show advanced 802.11a logging config advanced 802.11b logging channel
Cisco Wireless Controller Command Reference, Release 8.4
269
config advanced 802.11 logging coverage config advanced 802.11 logging coverage
To turn the coverage profile logging mode on or off, use the config advanced 802.11 logging coverage command.
config advanced 802.11{a | b} logging coverage {on | off}
Syntax Description a b on off
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the 802.11 coverage profile violation logging.
Disables the 802.11 coverage profile violation logging.
Command Default
The default coverage profile logging mode is Off (disabled).
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to turn the 802.11a coverage profile violation logging selection mode on:
(Cisco Controller) >
config advanced 802.11a logging coverage on
Related Commands show advanced 802.11a logging config advanced 802.11b logging coverage
270
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 logging foreign config advanced 802.11 logging foreign
To turn the foreign interference profile logging mode on or off, use the config advanced 802.11 logging
foreign command.
config advanced 802.11{a | b} logging foreign {on | off}
Syntax Description a b on off
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the 802.11 foreign interference profile violation logging.
Disables the 802.11 foreign interference profile violation logging.
Command Default
The default foreign interference profile logging mode is Off (disabled).
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to turn the 802.11a foreign interference profile violation logging selection mode on:
(Cisco Controller) >
config advanced 802.11a logging foreign on
Related Commands show advanced 802.11a logging config advanced 802.11b logging foreign
Cisco Wireless Controller Command Reference, Release 8.4
271
config advanced 802.11 logging load config advanced 802.11 logging load
To turn the 802.11a load profile logging mode on or off, use the config advanced 802.11 logging load command.
config advanced 802.11{a | b} logging load {on | off}
Syntax Description a b on off
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the 802.11 load profile violation logging.
Disables the 802.11 load profile violation logging.
Command Default
The default 802.11a load profile logging mode is Off (disabled).
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to turn the 802.11a load profile logging mode on:
(Cisco Controller) >
config advanced 802.11 logging load on
Related Commands show advanced 802.11a logging config advanced 802.11b logging load
272
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 logging noise config advanced 802.11 logging noise
To turn the 802.11a noise profile logging mode on or off, use the config advanced 802.11 logging noise command.
config advanced 802.11{a | b} logging noise {on | off}
Syntax Description a b on off
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the 802.11 noise profile violation logging.
Disables the 802.11 noise profile violation logging.
Command Default
The default 802.11a noise profile logging mode is off (disabled).
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to turn the 802.11a noise profile logging mode on:
(Cisco Controller) >
config advanced 802.11a logging noise on
Related Commands show advanced 802.11a logging config advanced 802.11b logging noise
Cisco Wireless Controller Command Reference, Release 8.4
273
config advanced 802.11 logging performance config advanced 802.11 logging performance
To turn the 802.11a performance profile logging mode on or off, use the config advanced 802.11 logging
performance command.
config advanced 802.11{a | b} logging performance {on | off}
Syntax Description a b on off
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the 802.11 performance profile violation logging.
Disables the 802.11 performance profile violation logging.
Command Default
The default 802.11a performance profile logging mode is off (disabled).
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to turn the 802.11a performance profile logging mode on:
(Cisco Controller) >
config advanced 802.11a logging performance on
Related Commands show advanced 802.11a logging config advanced 802.11b logging performance
274
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 logging txpower config advanced 802.11 logging txpower
To turn the 802.11a transmit power change logging mode on or off, use the config advanced 802.11 logging
txpower command.
config advanced 802.11{a | b} logging txpower {on | off}
Syntax Description a b on off
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the 802.11 transmit power change logging.
Disables the 802.11 transmit power change logging.
Command Default
The default 802.11a transmit power change logging mode is off (disabled).
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to turn the 802.11a transmit power change mode on:
(Cisco Controller) >
config advanced 802.11 logging txpower off
Related Commands show advanced 802.11 logging config advanced 802.11b logging power
Cisco Wireless Controller Command Reference, Release 8.4
275
config advanced 802.11 monitor channel-list config advanced 802.11 monitor channel-list
To set the 802.11a noise, interference, and rogue monitoring channel list, use the config advanced 802.11
monitor channel-list command.
config advanced 802.11{a | b} monitor channel-list {all | country | dca}
Syntax Description a b all country dca
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Monitors all channels.
Monitors the channels used in the configured country code.
Monitors the channels used by the automatic channel assignment.
Command Default
The default 802.11a noise, interference, and rogue monitoring channel list is country.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to monitor the channels used in the configured country:
(Cisco Controller) >
config advanced 802.11 monitor channel-list country
Related Commands show advanced 802.11a monitor coverage
276
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 monitor coverage config advanced 802.11 monitor coverage
To set the coverage measurement interval between 60 and 3600 seconds, use the config advanced 802.11
monitor coverage command.
config advanced 802.11{a | b} monitor coverage seconds
Syntax Description a b
seconds
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Coverage measurement interval between 60 and 3600 seconds.
Command Default
The default coverage measurement interval is180 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set the coverage measurement interval to 60 seconds:
(Cisco Controller) >
config advanced 802.11 monitor coverage 60
Related Commands show advanced 802.11a monitor config advanced 802.11b monitor coverage
Cisco Wireless Controller Command Reference, Release 8.4
277
config advanced 802.11 monitor load config advanced 802.11 monitor load
To set the load measurement interval between 60 and 3600 seconds, use the config advanced 802.11 monitor
load command.
config advanced 802.11{a | b} monitor load seconds
Syntax Description a b
seconds
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Load measurement interval between 60 and 3600 seconds.
Command Default
The default load measurement interval is 60 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set the load measurement interval to 60 seconds:
(Cisco Controller) >
config advanced 802.11 monitor load 60
Related Commands show advanced 802.11a monitor config advanced 802.11b monitor load
278
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 monitor mode config advanced 802.11 monitor mode
To enable or disable 802.11a access point monitoring, use the config advanced 802.11 monitor mode command.
config advanced 802.11{a | b} monitor mode {enable | disable}
Syntax Description a b enable disable
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Enables the 802.11 access point monitoring.
Disables the 802.11 access point monitoring.
Command Default
The default 802.11a access point monitoring is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the 802.11a access point monitoring:
(Cisco Controller) >
config advanced 802.11a monitor mode enable
Related Commands show advanced 802.11a monitor config advanced 802.11b monitor mode
Cisco Wireless Controller Command Reference, Release 8.4
279
config advanced 802.11 monitor ndp-type config advanced 802.11 monitor ndp-type
To configure the 802.11 access point radio resource management (RRM) Neighbor Discovery Protocol (NDP) type, use the config advanced 802.11 monitor ndp-type command:
config advanced 802.11{a | b} monitor ndp-type {protected | transparent}
Syntax Description a b protected transparent
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the Tx RRM protected NDP.
Specifies the Tx RRM transparent NDP.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Before you configure the 802.11 access point RRM NDP type, ensure that you have disabled the network by entering the config 802.11 disable network command.
Examples
The following example shows how to enable the 802.11a access point RRM NDP type as protected:
(Cisco Controller) >
config advanced 802.11 monitor ndp-type protected
Related Commands config advanced 802.11 monitor config advanced 802.11 monitor mode config advanced 802.11 disable
280
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 monitor noise config advanced 802.11 monitor noise
To set the 802.11a noise measurement interval between 60 and 3600 seconds, use the config advanced 802.11
monitor noise command.
config advanced 802.11{a | b} monitor noise seconds
Syntax Description a b
seconds
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Noise measurement interval between 60 and 3600 seconds.
Command Default
The default 802.11a noise measurement interval is 80 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set the noise measurement interval to 120 seconds:
(Cisco Controller) >
config advanced 802.11 monitor noise 120
Related Commands show advanced 802.11a monitor config advanced 802.11b monitor noise
Cisco Wireless Controller Command Reference, Release 8.4
281
config advanced 802.11 monitor signal config advanced 802.11 monitor signal
To set the signal measurement interval between 60 and 3600 seconds, use the config advanced 802.11 monitor
signal command.
config advanced 802.11{a | b} monitor signal seconds
Syntax Description a b
seconds
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Signal measurement interval between 60 and 3600 seconds.
Command Default
The default signal measurement interval is 60 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set the signal measurement interval to 120 seconds:
(Cisco Controller) >
config advanced 802.11 monitor signal 120
Related Commands show advanced 802.11a monitor config advanced 802.11b monitor signal
282
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 monitor timeout-factor config advanced 802.11 monitor timeout-factor
To configure the 802.11 neighbor timeout factor, use the config advanced 802.11 monitor timeout-factor command:
config advanced 802.11{a | b} monitor timeout-factor factor-value-in-minutes
Syntax Description
factor-value-in-minutes
Neighbor timeout factor value that you must enter.
Valid range is between 5 minutes to 60 minutes. We recommend that you set the timeout factor to 60 minutes.
Command Default
None
Command History
Release
8.1
Modification
This command was introduced
Usage Guidelines
If you are using Release 8.1 or a later release, we recommend that you set the timeout factor to 60 minutes.
If the access point radio does not receive a neighbor packet from an existing neighbor within 60 minutes, the
Cisco WLC deletes the neighbor from the neighbor list.
Note
The Neighbor Timeout Factor was hardcoded to 60 minutes in Release 7.6, but was changed to 5 minutes in Release 8.0.100.0.
Cisco Wireless Controller Command Reference, Release 8.4
283
config advanced 802.11 optimized roaming config advanced 802.11 optimized roaming
To configure the optimized roaming parameters for each 802.11 band, use the config advanced 802.11
optimized roaming command.
config advanced {802.11a | 802.11b} optimized-roaming {enable | disable | interval seconds | datarate
mbps}
Syntax Description
802.11a
802.11b
enable disable interval
seconds
datarate
mbps
Configures optimized roaming parameters for 802.11a network.
Configures optimized roaming parameters for 802.11b network.
Enables optimized roaming.
Disables optimized roaming.
Configures the client coverage reporting interval for 802.11a/b networks.
Client coverage reporting interval in seconds. The range is from 5 to 90 seconds.
Configures the threshold data rate for 802.11a/b networks.
Threshold data rate in Mbps for 802.11a/b networks.
For 802.11a, the configurable data rates are 6, 9, 12, 18, 24, 36, 48, and 54.
For 802.11b, the configurable data rates are 1, 2, 5.5, 11, 6, 9, 12, 18, 24, 36, 48, and 54.
You can configure 0 to disable the data rate for disassociating clients.
Command Default
By default, optimized roaming is disabled. The default value for client coverage reporting interval is 90 seconds and threshold data rate is 0 (disabled state).
Command History
Release
8.0
Modification
This command was introduced.
Usage Guidelines
You must disable the 802.11a/b network before you configure the optimized roaming reporting interval. If you configure a low value for the reporting interval, the network can get overloaded with coverage report messages.
284
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 optimized roaming
Examples
The following example shows how to enable optimized roaming for the 802.11a network:
(Cisco Controller) >
config advanced 802.11a optimized roaming enable
The following example shows how to configure the data rate interval for the 802.11a network:
(Cisco Controller) >
config advanced 802.11a optimized roaming datarate 9
Cisco Wireless Controller Command Reference, Release 8.4
285
config advanced 802.11 profile foreign config advanced 802.11 profile foreign
To set the foreign 802.11a transmitter interference threshold between 0 and 100 percent, use the config
advanced 802.11 profile foreign command.
config advanced 802.11{a | b} profile foreign {global | cisco_ap} percent
Syntax Description a b global
cisco_ap percent
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Configures all 802.11a Cisco lightweight access points.
Cisco lightweight access point name.
802.11a foreign 802.11a interference threshold between 0 and 100 percent.
Command Default
The default foreign 802.11a transmitter interference threshold value is 10.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set the foreign 802.11a transmitter interference threshold for all Cisco lightweight access points to 50 percent:
(Cisco Controller) >
config advanced 802.11a profile foreign global 50
The following example shows how to set the foreign 802.11a transmitter interference threshold for AP1 to 0 percent:
(Cisco Controller) >
config advanced 802.11 profile foreign AP1 0
286
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 profile noise config advanced 802.11 profile noise
To set the 802.11a foreign noise threshold between –127 and 0 dBm, use the config advanced 802.11 profile
noise command.
config advanced 802.11{a | b} profile noise {global | cisco_ap} dBm
Syntax Description a b global
cisco_ap dBm
Specifies the 802.11a/n network.
Specifies the 802.11b/g/n network.
Configures all 802.11a Cisco lightweight access point specific profiles.
Cisco lightweight access point name.
802.11a foreign noise threshold between –127 and 0 dBm.
Command Default
The default foreign noise threshold value is –70 dBm.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set the 802.11a foreign noise threshold for all Cisco lightweight access points to –127 dBm:
(Cisco Controller) >
config advanced 802.11a profile noise global -127
The following example shows how to set the 802.11a foreign noise threshold for AP1 to 0 dBm:
(Cisco Controller) >
config advanced 802.11a profile noise AP1 0
Cisco Wireless Controller Command Reference, Release 8.4
287
config advanced 802.11 profile throughput config advanced 802.11 profile throughput
To set the Cisco lightweight access point data-rate throughput threshold between 1000 and 10000000 bytes per second, use the config advanced 802.11 profile throughput command.
config advanced 802.11{a | b} profile throughput {global | cisco_ap} value
Syntax Description a b global
cisco_ap value
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Configures all 802.11a Cisco lightweight access point specific profiles.
Cisco lightweight access point name.
802.11a Cisco lightweight access point throughput threshold between 1000 and
10000000 bytes per second.
Command Default
The default Cisco lightweight access point data-rate throughput threshold value is 1,000,000 bytes per second.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set all Cisco lightweight access point data-rate thresholds to 1000 bytes per second:
(Cisco Controller) >
config advanced 802.11 profile throughput global 1000
The following example shows how to set the AP1 data-rate threshold to 10000000 bytes per second:
(Cisco Controller) >
config advanced 802.11 profile throughput AP1 10000000
288
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 profile utilization config advanced 802.11 profile utilization
To set the RF utilization threshold between 0 and 100 percent, use the config advanced 802.11 profile
utilization command. The operating system generates a trap when this threshold is exceeded.
config advanced 802.11{a | b} profile utilization {global | cisco_ap} percent
Syntax Description a b global
cisco_ap percent
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Configures a global Cisco lightweight access point specific profile.
Cisco lightweight access point name.
802.11a RF utilization threshold between 0 and 100 percent.
Command Default
The default RF utilization threshold value is 80 percent.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set the RF utilization threshold for all Cisco lightweight access points to 0 percent:
(Cisco Controller) >
config advanced 802.11 profile utilization global 0
The following example shows how to set the RF utilization threshold for AP1 to 100 percent:
(Cisco Controller) >
config advanced 802.11 profile utilization AP1 100
Cisco Wireless Controller Command Reference, Release 8.4
289
config advanced 802.11 receiver config advanced 802.11 receiver
To set the advanced receiver configuration settings, use the config advanced 802.11 receiver command.
config advanced 802.11{a | b} receiver {default | rxstart jumpThreshold value}
Syntax Description a b receiver default rxstartjumpThreshold
value
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the receiver configuration.
Specifies the default advanced receiver configuration.
Specifies the receiver start signal.
Jump threshold configuration value between 0 and
127.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to prevent changes to receiver parameters while the network is enabled:
(Cisco Controller) >
config advanced 802.11 receiver default
Related Commands config advanced 802.11b receiver
290
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 tpc-version config advanced 802.11 tpc-version
To configure the Transmit Power Control (TPC) version for a radio, use the config advanced 802.11
tpc-version command.
config advanced 802.11{a | b} tpc-version {1 | 2}
Syntax Description
1
2
Specifies the TPC version 1 that offers strong signal coverage and stability.
Specifies TPC version 2 is for scenarios where voice calls are extensively used. The Tx power is dynamically adjusted with the goal of minimum interference. It is suitable for dense networks. In this mode, there could be higher roaming delays and coverage hole incidents.
Command Default
The default TPC version for a radio is 1.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the TPC version as 1 for the 802.11a radio:
(Cisco Controller) >
config advanced 802.11a tpc-version 1
Related Commands config advanced 802.11 tpcv1-thresh
Cisco Wireless Controller Command Reference, Release 8.4
291
config advanced 802.11 tpcv1-thresh config advanced 802.11 tpcv1-thresh
To configure the threshold for Transmit Power Control (TPC) version 1 of a radio, use the config advanced
802.11 tpcv1-thresh command.
config advanced 802.11{a | b} tpcv1-thresh threshold
Syntax Description a b
threshold
Specifies the 802.11a network.
Specifies the 802.11b/g/n network.
Threshold value between –50 dBm to –80 dBm.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the threshold as –60 dBm for TPC version 1 of the 802.11a
radio:
(Cisco Controller) >
config advanced 802.11 tpcv1-thresh -60
Related Commands config advanced 802.11 tpc-thresh config advanced 802.11 tpcv2-thresh
292
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 tpcv2-intense config advanced 802.11 tpcv2-intense
To configure the computational intensity for Transmit Power Control (TPC) version 2 of a radio, use the
config advanced 802.11 tpcv2-intense command.
config advanced 802.11{a | b} tpcv2-intense intensity
Syntax Description a b
intensity
Specifies the 802.11a network.
Specifies the 802.11b/g/n network.
Computational intensity value between 1 to 100.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the computational intensity as 50 for TPC version 2 of the
802.11a radio:
(Cisco Controller) >
config advanced 802.11 tpcv2-intense 50
Related Commands config advanced 802.11 tpc-thresh config advanced 802.11 tpcv2-thresh config advanced 802.11 tpcv2-per-chan
Cisco Wireless Controller Command Reference, Release 8.4
293
config advanced 802.11 tpcv2-per-chan config advanced 802.11 tpcv2-per-chan
To configure the Transmit Power Control Version 2 on a per-channel basis, use the config advanced 802.11
tpcv2-per-chan command.
config advanced 802.11{a | b} tpcv2-per-chan {enable | disable}
Syntax Description enable disable
Enables the configuration of TPC version 2 on a per-channel basis.
Disables the configuration of TPC version 2 on a per-channel basis.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable TPC version 2 on a per-channel basis for the 802.11a radio:
(Cisco Controller) >
config advanced 802.11 tpcv2-per-chan enable
Related Commands config advanced 802.11 tpc-thresh config advanced 802.11 tpcv2-thresh config advanced 802.11 tpcv2-intense
294
Cisco Wireless Controller Command Reference, Release 8.4
config advanced 802.11 tpcv2-thresh config advanced 802.11 tpcv2-thresh
To configure the threshold for Transmit Power Control (TPC) version 2 of a radio, use the config advanced
802.11 tpcv2-thresh command.
config advanced 802.11{a | b} tpcv2-thresh threshold
Syntax Description a b
threshold
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Threshold value between –50 dBm to –80 dBm.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the threshold as –60 dBm for TPC version 2 of the 802.11a
radio:
(Cisco Controller) >
config advanced 802.11a tpcv2-thresh -60
Related Commands config advanced 802.11 tpc-thresh config advanced 802.11 tpcv1-thresh config advanced 802.11 tpcv2-per-chan
Cisco Wireless Controller Command Reference, Release 8.4
295
config advanced 802.11 txpower-update config advanced 802.11 txpower-update
To initiate updates of the 802.11a transmit power for every Cisco lightweight access point, use the config
advanced 802.11 txpower-update command.
config advanced 802.11{a | b} txpower-update
Syntax Description a b
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to initiate updates of 802.11a transmit power for an 802.11a access point:
(Cisco Controller) >
config advanced 802.11 txpower-update
Related Commands config advance 802.11b txpower-update
296
Cisco Wireless Controller Command Reference, Release 8.4
config ap 802.1Xuser
config ap 802.1Xuser
To configure the global authentication username and password for all access points currently associated with the controller as well as any access points that associate with the controller in the future, use the config ap
802.1Xuser command.
config ap 802.1Xuser add username ap-username password ap-password {all | cisco_ap}
Syntax Description add username
ap-username
password
ap-password cisco_ap
all
Specifies to add a username.
Username on the Cisco AP.
Specifies to add a password.
Password.
Specific access point.
Specifies all access points.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
You must enter a strong password. Strong passwords have the following characteristics:
• They are at least eight characters long.
• They contain a combination of uppercase and lowercase letters, numbers, and symbols.
• They are not a word in any language.
You can set the values for a specific access point.
Examples
This example shows how to configure the global authentication username and password for all access points:
(Cisco Controller) >
config ap 802.1Xuser add username cisco123 password cisco2020 all
Cisco Wireless Controller Command Reference, Release 8.4
297
config ap 802.1Xuser delete config ap 802.1Xuser delete
To force a specific access point to use the controller’s global authentication settings, use the config ap
802.1Xuser delete command.
config ap 802.1Xuser delete cisco_ap
Syntax Description
cisco_ap
Access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to delete access point AP01 to use the controller’s global authentication settings:
(Cisco Controller) >
config ap 802.1Xuser delete AP01
298
Cisco Wireless Controller Command Reference, Release 8.4
config ap 802.1Xuser disable config ap 802.1Xuser disable
To disable authentication for all access points or for a specific access point, use the config ap 802.1Xuser
disable command.
config ap 802.1Xuser disable {all | cisco_ap}
Syntax Description disable all
cisco_ap
Disables authentication.
Specifies all access points.
Access point.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
You can disable 802.1X authentication for a specific access point only if global 802.1X authentication is not enabled. If global 802.1X authentication is enabled, you can disable 802.1X for all access points only.
Examples
The following example shows how to disable the authentication for access point cisco_ap1:
(Cisco Controller) >
config ap 802.1Xuser disable
Cisco Wireless Controller Command Reference, Release 8.4
299
config advanced dot11-padding config advanced dot11-padding
To enable or disable over-the-air frame padding, use the config advanced dot11-padding command.
config advanced dot11-padding {enable | disable}
Syntax Description enable disable
Enables the over-the-air frame padding.
Disables the over-the-air frame padding.
Command Default
The default over-the-air frame padding is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable over-the-air frame padding:
(Cisco Controller) >
config advanced dot11-padding enable
Related Commands debug dot11 debug dot11 mgmt interface debug dot11 mgmt msg debug dot11 mgmt ssid debug dot11 mgmt state-machine debug dot11 mgmt station show advanced dot11-padding
300
Cisco Wireless Controller Command Reference, Release 8.4
config ap config ap
To configure a Cisco lightweight access point or to add or delete a third-party (foreign) access point, use the
config ap command.
config ap {{enable | disable} cisco_ap | {add | delete} MAC port {enable | disable} IP_address}
Syntax Description enable disable
cisco_ap
add delete
MAC port
IP_address
Enables the Cisco lightweight access point.
Disables the Cisco lightweight access point.
Name of the Cisco lightweight access point.
Adds foreign access points.
Deletes foreign access points.
MAC address of a foreign access point.
Port number through which the foreign access point can be reached.
IP address of the foreign access point.
Command Default
None
Command History
Release
7.6
8.0
Examples
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6.
The following example shows how to disable lightweight access point AP1:
(Cisco Controller) >
config ap disable AP1
The following example shows how to add a foreign access point with MAC address 12:12:12:12:12:12 and
IP address 192.12.12.1 from port 2033:
(Cisco Controller) >
config ap add 12:12:12:12:12:12 2033 enable 192.12.12.1
Cisco Wireless Controller Command Reference, Release 8.4
301
config ap atf 802.11
config ap atf 802.11
Configure Cisco Airtime Fairness at an AP level by using the config ap atf 802.11 command.
config ap atf 802.11{a | b} {mode {disable | monitor | enforce-policy} ap-name} | {optimization {enable
| disable}}
Syntax Description a b mode disable monitor enforce-policy
ap-name
optimization enable disable
Specifies the 802.11a network settings
Specifies the 802.11b/g network settings
Configures the granularity of Cisco ATF enforcement
Disables Cisco ATF
Configures Cisco ATF in monitor mode
Configures Cisco ATF in enforcement mode
AP name that you must specify
Configures airtime optimization
Enables airtime optimization
Disables airtime optimization
Command History
Examples
Release
8.1
Modification
This command was introduced
To enable airtime optimization on an 802.11a network for a Cisco AP, my-ap, enter the following command:
(Cisco Controller) >
config ap atf 802.11a optimization enable my-ap
302
Cisco Wireless Controller Command Reference, Release 8.4
config ap atf 802.11 client-access airtime-allocation config ap atf 802.11 client-access airtime-allocation
To configure override of ATF airtime allocation on mesh AP, use the config ap atf 802.11 client-access
airtime-allocation override {enable | disable} command.
config ap atf 802.11{a | b} client-access airtime-allocation %-of-airtime-allocation-bw-5-to-90 mesh-ap-name
override {enable | disable}
Syntax Description a b
Specifies the 802.11a network settings
Specifies the 802.11b/g network settings
%-of-airtime-allocation-bw-5-to-90
Percentage of airtime allocation for client access. Valid range is between
5 and 90. This percentage of airtime allocation impacts both the client and the uplink backhaul percentage.
mesh-ap-name
Name of the mesh AP
override enable disable
Allows override of ATF airtime allocation on the mesh AP
Enables airtime allocation override
Disables airtime allocation override
Command History
Release
8.4
Examples
Modification
This command was introduced
On an 802.11a network, to configure override of ATF airtime allocation on a mesh AP, map1, enter the following command:
(Cisco Controller) >
config ap atf 802.11a client-access airtime-allocation
10 override map1 enable
Cisco Wireless Controller Command Reference, Release 8.4
303
config ap atf 802.11 policy config ap atf 802.11 policy
To configure AP-level override for Cisco ATF policy on a WLAN, enter this command:
confit ap atf 802.11{a | b} policy wlan-id policy-name ap-name override {enable | disable}
Syntax Description a b policy
wlan-id policy-name ap-name
override enable disable
Specifies the 802.11a network settings
Specifies the 802.11b network settings
Specifies the Cisco ATF policy
WLAN ID or Remote LAN ID that you must specify
Cisco ATF policy name that you must specify
Name of the AP that you must specify
Configures ATF policy override for a WLAN in the AP group
Enables ATF policy override for a WLAN in the AP group
Disables ATF policy override for a WLAN in the AP group
Command History
Release
8.1
Modification
This command was introduced
304
Cisco Wireless Controller Command Reference, Release 8.4
config ap autoconvert config ap autoconvert
To automatically convert all access points to FlexConnect mode or Monitor mode upon associating with the
Cisco WLC, use the config ap autoconvert command.
config ap autoconvert {flexconnect | monitor | disable}
Syntax Description flexconnect monitor disable
Configures all the access points automatically to FlexConnect mode.
Configures all the access points automatically to monitor mode.
Disables the autoconvert option on the access points.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
When access points in local mode connect to a Cisco 7500 Series Wireless Controller, they do not serve clients. The access point details are available in the controller. To enable access points to serve clients or perform monitoring related tasks when connected to the Cisco 7500 Series Wireless Controller, the access points must be in FlexConnect mode or Monitor mode.
The command can also be used for conversion of AP modes in Cisco 5520, 8540, and 8510 Series Wireless
Controller platforms.
Examples
The following example shows how to automatically convert all access points to the FlexConnect mode:
(Cisco Controller) >
config ap autoconvert flexconnect
The following example shows how to disable the autoconvert option on the APs:
(Cisco Controller) >
config ap autoconvert disable
Cisco Wireless Controller Command Reference, Release 8.4
305
config ap bhrate config ap bhrate
To configure the Cisco bridge backhaul Tx rate, use the config ap bhrate command.
config ap bhrate {rate | auto} cisco_ap
Syntax Description
rate
auto
cisco_ap
Cisco bridge backhaul Tx rate in kbps. The valid values are 6000, 12000, 18000, 24000,
36000, 48000, and 54000.
Configures the auto data rate.
Name of a Cisco lightweight access point.
Command Default
The default status of the command is set to Auto.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
In previous software releases, the default value for the bridge data rate was 24000 (24 Mbps). In controller software release 6.0, the default value for the bridge data rate is auto. If you configured the default bridge data rate value (24000) in a previous controller software release, the bridge data rate is configured with the new default value (auto) when you upgrade to controller software release 6.0. However, if you configured a non default value (for example, 18000) in a previous controller software release, that configuration setting is preserved when you upgrade to Cisco WLC Release 6.0.
When the bridge data rate is set to auto, the mesh backhaul chooses the highest rate where the next higher rate cannot be used due to unsuitable conditions for that specific rate (and not because of conditions that affect all rates).
Examples
The following example shows how to configure the Cisco bridge backhaul Tx rate to 54000 kbps:
(Cisco Controller) >
config ap bhrate 54000 AP01
306
Cisco Wireless Controller Command Reference, Release 8.4
config ap bridgegroupname config ap bridgegroupname
To set or delete a bridge group name on a Cisco lightweight access point, use the config ap bridgegroupname command.
config ap bridgegroupname {set groupname | delete | {strict-matching {enable | disable}}}cisco_ap
Syntax Description set
groupname
delete
cisco_ap
strict-matching enable disable
Sets a Cisco lightweight access point’s bridge group name.
Bridge group name.
Deletes a Cisco lightweight access point’s bridge group name.
Name of a Cisco lightweight access point.
Restricts the possible parent list, if the MAP has a non-default BGN, and the potential parent has a different BGN
Enables a Cisco lightweight access point's group name.
Disables a Cisco lightweight access point's group name.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
The strict-matching parameter was added.
Usage Guidelines
Only access points with the same bridge group name can connect to each other. Changing the AP bridgegroupname may strand the bridge AP.
Examples
The following example shows how to delete a bridge group name on Cisco access point’s bridge group name
AP02:
(Cisco Controller) >
config ap bridgegroupname delete AP02
Changing the AP's bridgegroupname may strand the bridge AP. Please continue with caution.
Changing the AP's bridgegroupname will also cause the AP to reboot.
Are you sure you want to continue? (y/n)
Cisco Wireless Controller Command Reference, Release 8.4
307
config ap bridging config ap bridging
To configure Ethernet-to-Ethernet bridging on a Cisco lightweight access point, use the config ap bridging command.
config ap bridging {enable | disable} cisco_ap
Syntax Description enable disable
cisco_ap
Enables the Ethernet-to-Ethernet bridging on a Cisco lightweight access point.
Disables Ethernet-to-Ethernet bridging.
Name of a Cisco lightweight access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable bridging on an access point:
(Cisco Controller) >
config ap bridging enable nyc04-44-1240
The following example shows hot to disable bridging on an access point:
(Cisco Controller) >
config ap bridging disable nyc04-44-1240
308
Cisco Wireless Controller Command Reference, Release 8.4
config ap cdp config ap cdp
To configure the Cisco Discovery Protocol (CDP) on a Cisco lightweight access point, use the config ap cdp command.
config ap cdp {enable | disable | interface {ethernet interface_number | slot slot_id}} {cisco_ap | all}
Syntax Description enable disable interface ethernet
interface_number
slot
slot_id cisco_ap
all
Enables CDP on an access point.
Disables CDP on an access point.
Configures CDP in a specific interface.
Configures CDP for an ethernet interface.
Ethernet interface number between 0 and 3.
Configures CDP for a radio interface.
Slot number between 0 and 3.
Name of a Cisco lightweight access point.
Specifies all access points.
Note
If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP that is with the keyword all.
Command Default
Enabled on radio interfaces of mesh APs and disabled on radio interfaces of non-mesh APs. Enabled on
Ethernet interfaces of all APs.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The config ap cdp disable all command disables CDP on all access points that are joined to the controller and all access points that join in the future. CDP remains disabled on both current and future access points even after the controller or access point reboots. To enable CDP, enter the config ap cdp enable all command.
Cisco Wireless Controller Command Reference, Release 8.4
309
config ap cdp
Examples
Note
CDP over Ethernet/radio interfaces is available only when CDP is enabled. After you enable CDP on all access points joined to the controller, you may disable and then reenable CDP on individual access points using the config ap cdp {enable | disable} cisco_ap command. After you disable CDP on all access points joined to the controller, you may not enable and then disable CDP on individual access points.
The following example shows how to enable CDP on all access points:
(Cisco Controller) >
config ap cdp enable all
The following example shows how to disable CDP on ap02 access point:
(Cisco Controller) >
config ap cdp disable ap02
The following example shows how to enable CDP for Ethernet interface number 2 on all access points:
(Cisco Controller) >
config ap cdp ethernet 2 enable all
310
Cisco Wireless Controller Command Reference, Release 8.4
config ap core-dump config ap core-dump
To configure a Cisco lightweight access point’s memory core dump, use the config ap core-dump command.
config ap core-dump {disable | enable tftp_server_ipaddress filename {compress | uncompress} {cisco_ap
| all}
Syntax Description enable disable
Enables the Cisco lightweight access point’s memory core dump setting.
Disables the Cisco lightweight access point’s memory core dump setting.
tftp_server_ipaddress
IP address of the TFTP server to which the access point sends core dump files.
filename
compress uncompress
cisco_ap
all
Name that the access point uses to label the core file.
Compresses the core dump file.
Uncompresses the core dump file.
Name of a Cisco lightweight access point.
Specifies all access points.
Note
If an AP itself is configured with the name ‘all’, then the ‘all access points’ case takes precedence over the
AP that is named ‘all’.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6.
Usage Guidelines
The access point must be able to reach the TFTP server. This command is applicable for both IPv4 and IPv6 addresses.
Examples
The following example shows how to configure and compress the core dump file:
(Cisco Controller) >
config ap core-dump enable 209.165.200.225 log compress AP02
Cisco Wireless Controller Command Reference, Release 8.4
311
config ap crash-file clear-all config ap crash-file clear-all
To delete all crash and radio core dump files, use the config ap crash-file clear-all command.
config ap crash-file clear-all
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to delete all crash files:
(Cisco Controller) >
config ap crash-file clear-all
312
Cisco Wireless Controller Command Reference, Release 8.4
config ap crash-file delete config ap crash-file delete
To delete a single crash or radio core dump file, use the config ap crash-file delete command.
config ap crash-file delete filename
Syntax Description
filename
Name of the file to delete.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to delete crash file 1:
(Cisco Controller) >
config ap crash-file delete crash_file_1
Cisco Wireless Controller Command Reference, Release 8.4
313
config ap crash-file get-crash-file config ap crash-file get-crash-file
To collect the latest crash data for a Cisco lightweight access point, use the config ap crash-file get-crash-file command.
config ap crash-file get-crash-file cisco_ap
Syntax Description
cisco_ap
Name of the Cisco lightweight access point.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Use the transfer upload datatype command to transfer the collected data to the Cisco wireless LAN controller.
Examples
The following example shows how to collect the latest crash data for access point AP3:
(Cisco Controller) >
config ap crash-file get-crash-file AP3
314
Cisco Wireless Controller Command Reference, Release 8.4
config ap crash-file get-radio-core-dump config ap crash-file get-radio-core-dump
To get a Cisco lightweight access point’s radio core dump, use the config ap crash-file get-radio-core-dump command.
config ap crash-file get-radio-core-dump slot_id cisco_ap
Syntax Description
slot_id cisco_ap
Slot ID (either 0 or 1).
Name of a Cisco lightweight access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to collect the radio core dump for access point AP02 and slot 0:
(Cisco Controller) >
config ap crash-file get-radio-core-dump 0 AP02
Cisco Wireless Controller Command Reference, Release 8.4
315
config ap dhcp release-override config ap dhcp release-override
To configure DHCP release override on Cisco APs, use the config ap dhcp release-override command.
config ap dhcp release-override {enable | disable} {cisco-ap-name | all}
Syntax Description enable disable
cisco-ap-name
all
Enables DHCP release override and sets number of DHCP releases sent by AP to 1.
To be used as a workaround for a few DHCP servers that mark the AP's IP address as bad. We recommend that you use this configuration only in highly reliable networks.
Disables DHCP release override and sets number of DHCP releases sent by AP to 3, which is the default value. This ensures that the DHCP server receives the release message even if one of the packets is lost.
Configuration is applied to the Cisco AP that you enter
Configuration is applied to all Cisco APs
Command Default
Disabled
Command History
Release
8.2
Modification
This command was introduced.
Usage Guidelines
Use this command when you are using Cisco lightweight APs with Windows Server 2008 R2 or 2012 as the
DHCP server.
316
Cisco Wireless Controller Command Reference, Release 8.4
config ap dtls-cipher-suite config ap dtls-cipher-suite
To enable new cipher suites for DTLS connection between AP and controller, use the config ap
dtls-cipher-suite command.
config ap dtls-cipher-suite{RSA-AES256-SHA256 | RSA-AES256-SHA | RSA-AES128-SHA}
Syntax Description
RSA-AES256-SHA256
RSA-AES256-SHA
RSA-AES128-SHA
Cipher suite using either RSA key exchange or authentication, using 256 bit AES and SHA 256.
Cipher suite using either RSA key exchange or authentication, using 256 bit AES and SHA.
Cipher suite using either RSA key exchange or authentication, using 128 bit AES and SHA.
Command Default
None
Command History
Release
8.0
Examples
Modification
This command was introduced.
The following example shows how to enable RSA cipher suites using 256 bit AES and SHA 256 for DTLS connection between AP and controller:
(Cisco Controller) >
config ap dtls-cipher-suite RSA-AES256-SHA256
Cisco Wireless Controller Command Reference, Release 8.4
317
config ap dtls-version config ap dtls-version
To configure the cipher DTLS version, use the config ap dtls-version command.
config ap dtls-version{dtls1.0 | dtls1.2 | dtls_all}
Syntax Description dtls1.0
dtls1.2
dtls_all
Select DTLS 1.0 version
Select DTLS 1.2 version
Select all DTLS versions for backward compatibility
Command Default
None
Command History
Examples
Release
8.3.111.0
Modification
This command was introduced.
The following example shows how to configure cipher dtls version 1.2:
(Cisco Controller) >
config ap dtls-version dtls1.2
318
Cisco Wireless Controller Command Reference, Release 8.4
config ap ethernet duplex config ap ethernet duplex
To configure the Ethernet port duplex and speed settings of the lightweight access points, use the config ap
ethernet duplex command.
config ap ethernet duplex [auto | half | full] speed [auto | 10 | 100 | 1000] { all | cisco_ap}
Syntax Description auto half full speed auto
10
100
1000 all
cisco_ap
(Optional) Specifies the Ethernet port duplex auto settings.
(Optional) Specifies the Ethernet port duplex half settings.
(Optional) Specifies the Ethernet port duplex full settings.
Specifies the Ethernet port speed settings.
(Optional) Specifies the Ethernet port speed to auto.
(Optional) Specifies the Ethernet port speed to 10
Mbps.
(Optional) Specifies the Ethernet port speed to 100
Mbps.
(Optional) Specifies the Ethernet port speed to 1000
Mbps.
Specifies the Ethernet port setting for all connected access points.
Cisco access point.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
319
config ap ethernet duplex
Examples
The following example shows how to configure the Ethernet port duplex half settings as 10 Mbps for all access points:
(Cisco Controller) >
config ap ethernet duplex half speed 10 all
320
Cisco Wireless Controller Command Reference, Release 8.4
config ap ethernet tag config ap ethernet tag
To configure VLAN tagging of the Control and Provisioning of Wireless Access Points protocol (CAPWAP) packets, use the config ap ethernet tag command.
config ap ethernet tag {id vlan_id | disable} {cisco_ap | all}
Syntax Description id
vlan_id
disable
cisco_ap
all
Specifies the VLAN id.
ID of the trunk VLAN.
Disables the VLAN tag feature. When you disable VLAN tagging, the access point untags the CAPWAP packets.
Name of the Cisco AP.
Configures VLAN tagging on all the Cisco access points.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
After you configure VLAN tagging, the configuration comes into effect only after the access point reboots.
You cannot configure VLAN tagging on mesh access points.
If the access point is unable to route traffic or reach the controller using the specified trunk VLAN, it falls back to the untagged configuration. If the access point joins the controller using this fallback configuration, the controller sends a trap to a trap server such as the Cisco Prime Infrastructure, which indicates the failure of the trunk VLAN. In this scenario, the "Failover to untagged" message appears in show command output.
Examples
The following example shows how to configure VLAN tagging on a trunk VLAN:
(Cisco Controller) >
config ap ethernet tag 6 AP1
Cisco Wireless Controller Command Reference, Release 8.4
321
config ap autoconvert config ap autoconvert
To automatically convert all access points to FlexConnect mode or Monitor mode upon associating with the
Cisco WLC, use the config ap autoconvert command.
config ap autoconvert {flexconnect | monitor | disable}
Syntax Description flexconnect monitor disable
Configures all the access points automatically to FlexConnect mode.
Configures all the access points automatically to monitor mode.
Disables the autoconvert option on the access points.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
When access points in local mode connect to a Cisco 7500 Series Wireless Controller, they do not serve clients. The access point details are available in the controller. To enable access points to serve clients or perform monitoring related tasks when connected to the Cisco 7500 Series Wireless Controller, the access points must be in FlexConnect mode or Monitor mode.
The command can also be used for conversion of AP modes in Cisco 5520, 8540, and 8510 Series Wireless
Controller platforms.
Examples
The following example shows how to automatically convert all access points to the FlexConnect mode:
(Cisco Controller) >
config ap autoconvert flexconnect
The following example shows how to disable the autoconvert option on the APs:
(Cisco Controller) >
config ap autoconvert disable
322
Cisco Wireless Controller Command Reference, Release 8.4
config ap flexconnect central-dhcp config ap flexconnect central-dhcp
To enable central-DHCP on a FlexConnect access point in a WLAN, use the config ap flexconnect
central-dhcp command.
config ap flexconnect central-dhcp wlan_id cisco_ap [add | delete] {enable | disable} override dns {enable
| disable} nat-pat {enable | disable}
Syntax Description
wlan_id cisco_ap
add delete enable disable override dns enable disable nat-pat enable disable
Wireless LAN identifier from 1 to 512.
Name of the Cisco lightweight access point.
(Optional) Adds a new WLAN DHCP mapping.
(Optional) Deletes a WLAN DHCP mapping.
Enables central-DHCP on a FlexConnect access point. When you enable this feature, the DHCP packets received from the access point are centrally switched to the controller and then forwarded to the corresponding VLAN based on the
AP and the SSID.
Disables central-DHCP on a FlexConnect access point.
Overrides the DNS server address on the interface assigned by the controller.
When you override DNS in centrally switched WLANs, the clients get their DNS server IP address from the AP and not from the controller.
Enables the Override DNS feature on a FlexConnect access point.
Disables the Override DNS feature on a FlexConnect access point.
Network Address Translation (NAT) and Port Address Translation (PAT) that you can enable or disable.
Enables NAT-PAT on a FlexConnect access point.
Deletes NAT-PAT on a FlexConnect access point.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
323
config ap flexconnect central-dhcp
Examples
The following example shows how to enable central-DHCP, Override DNS, and NAT-PAT on a FlexConnect access point:
(Cisco Controller) >
config ap flexconnect central-dhcp 1 ap1250 enable override dns enable nat-pat enable
324
Cisco Wireless Controller Command Reference, Release 8.4
config ap flexconnect local-split config ap flexconnect local-split
To configure a local-split tunnel on a FlexConnect access point, use the config ap flexconnect local-split command.
config ap flexconnect local-split wlan_id cisco_ap {enable | disable} acl acl_name
Syntax Description
wlan_id cisco_ap
enable disable acl
acl_name
Wireless LAN identifier between 1 and 512.
Name of the FlexConnect access point.
Enables local-split tunnel on a FlexConnect access point.
Disables local-split tunnel feature on a FlexConnect access point.
Configures a FlexConnect local-split access control list.
Name of the FlexConnect access control list.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
This command allows you to configure a local-split tunnel in a centrally switched WLAN using a FlexConnect
ACL. A local split tunnel supports only for unicast Layer 4 IP traffic as NAT/PAT does not support multicast
IP traffic.
Examples
The following example shows how to configure a local-split tunnel using a FlexConnect ACL:
(Cisco Controller) >
config ap flexconnect local-split 6 AP2 enable acl flex6
Cisco Wireless Controller Command Reference, Release 8.4
325
config ap flexconnect module-vlan config ap flexconnect module-vlan
To configure VLAN tagging for Cisco USC 8x18 Dual Mode Module in FlexConnect Local Switching, use the config ap flexconnect module-vlan command.
config ap flexconnect module-vlan {{enable ap-name [vlan vlan-id]} | {{disable | remove} ap-name}}
Syntax Description
enable ap-name
enable ap-name vlan vlan-id
disable ap-name
remove ap-name
Enables FlexConnect local switching for the external module of the specified Cisco AP with native VLAN
Enables FlexConnect local switching with non-native VLAN for the external module of the specified Cisco AP
Disables FlexConnect local switching for the external module of the specified Cisco AP
Removes the AP-specific external module VLAN configuration
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
This example shows how to enable FlexConnect local switching with non-native VLAN for the external module of a Cisco AP:
(Cisco Controller) >
config ap flexconnect module-vlan enable 3600i-ap vlan4
326
Cisco Wireless Controller Command Reference, Release 8.4
config ap flexconnect policy config ap flexconnect policy
To configure a policy ACL on a FlexConnect access point, use the config ap flexconnect policy command.
config ap flexconnect policy {add | delete} acl_name
Syntax Description add deletes
acl_name
Adds a policy ACL on a FlexConnect access point.
Deletes a policy ACL on a FlexConnect access point.
Name of the ACL.
Command Default
None
Command History
Release
7.5
Examples
Modification
This command was introduced.
The following example shows how to add a policy ACL on a FlexConnect access point:
(Cisco Controller) >
config ap flexconnect policy add acl1
Cisco Wireless Controller Command Reference, Release 8.4
327
config ap flexconnect radius auth set config ap flexconnect radius auth set
To configure a primary or secondary RADIUS server for a specific FlexConnect access point, use the config
ap flexconnect radius auth set command.
config ap flexconnect radius auth set {primary | secondary} ip_address auth_port secret
Syntax Description primary secondary
ip_address auth_port secret secret
Specifies the primary RADIUS server for a specific
FlexConnect access point
Specifies the secondary RADIUS server for a specific
FlexConnect AP
IP address of the RADIUS server
Name of the port
RADIUS server secret
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure a primary RADIUS server for a specific access point:
(Cisco Controller) >
config ap flexconnect radius auth set primary 192.12.12.1
328
Cisco Wireless Controller Command Reference, Release 8.4
config ap flexconnect vlan config ap flexconnect vlan
To enable or disable VLAN tagging for a FlexConnect access, use the config ap flexconnect vlan command.
config ap flexconnect vlan {enable | disable} cisco_ap
Syntax Description enable disable
cisco_ap
Enables the access point’s VLAN tagging.
Disables the access point’s VLAN tagging.
Name of the Cisco lightweight access point.
Command Default
Disabled. Once enabled, WLANs enabled for local switching inherit the VLAN assigned at the Cisco WLC.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
This example shows how to enable the access point’s VLAN tagging for a FlexConnect access:
(Cisco Controller) >
config ap flexconnect vlan enable AP02
Cisco Wireless Controller Command Reference, Release 8.4
329
config ap flexconnect vlan add config ap flexconnect vlan add
To add a VLAN to a FlexConnect access point, use the config ap flexconnect vlan add command.
config ap flexconnect vlan add vlan-id acl in-acl out-acl cisco_ap
Syntax Description
vlan-id acl in-acl out-acl cisco_ap
VLAN identifier.
ACL name that contains up to 32 alphanumeric characters.
Inbound ACL name that contains up to 32 alphanumeric characters.
Outbound ACL name that contains up to 32 alphanumeric characters.
Name of the Cisco lightweight access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure the FlexConnect access point:
(Cisco Controller) >
config ap flexconnect vlan add 21 acl inacl1 outacl1 ap1
330
Cisco Wireless Controller Command Reference, Release 8.4
config ap flexconnect vlan native config ap flexconnect vlan native
To configure a native VLAN for a FlexConnect access point, use the config ap flexconnect vlan native command.
config ap flexconnect vlan native vlan-id cisco_ap
Syntax Description
vlan-id cisco_ap
VLAN identifier.
Name of the Cisco lightweight access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure a native VLAN for a FlexConnect access point mode:
(Cisco Controller) >
config ap flexconnect vlan native 6 AP02
Cisco Wireless Controller Command Reference, Release 8.4
331
config ap flexconnect vlan wlan config ap flexconnect vlan wlan
To assign a VLAN ID to a FlexConnect access point, use the config ap flexconnect vlan wlan command.
config ap flexconnect vlan wlan wlan-id vlan-id cisco_ap
Syntax Description
wlan-id vlan-id cisco_ap
WLAN identifier
VLAN identifier (1 - 4094).
Name of the Cisco lightweight access point.
Command Default
VLAN ID associated to the WLAN.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to assign a VLAN ID to a FlexConnect access point:
(Cisco Controller) >
config ap flexconnect vlan wlan 192.12.12.1 6 AP02
332
Cisco Wireless Controller Command Reference, Release 8.4
config ap flexconnect web-auth config ap flexconnect web-auth
To configure a FlexConnect ACL for external web authentication in locally switched WLANs, use the config
ap flexconnect web-auth command.
config ap flexconnect web-auth wlan wlan_id cisco_ap acl_name { enable | disable }
Syntax Description wlan
wlan_id cisco_ap acl_name
enable disable
Specifies the wireless LAN to be configured with a FlexConnect ACL.
Wireless LAN identifier between 1 and 512 (inclusive).
Name of the FlexConnect access point.
Name of the FlexConnect ACL.
Enables the FlexConnect ACL on the locally switched wireless LAN.
Disables the FlexConnect ACL on the locally switched wireless LAN.
Command Default
FlexConnect ACL for external web authentication in locally switched WLANs is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The FlexConnect ACLs that are specific to an AP have the highest priority. The FlexConnect ACLs that are specific to WLANs have the lowest priority.
Examples
The following example shows how to enable FlexConnect ACL for external web authentication on WLAN
6:
(Cisco Controller) >
config ap flexconnect web-auth wlan 6 AP2 flexacl2 enable
Cisco Wireless Controller Command Reference, Release 8.4
333
config ap flexconnect web-policy acl config ap flexconnect web-policy acl
To configure a Web Policy FlexConnect ACL on an access point, use the config ap flexconnect web-policy
acl command.
config ap flexconnect web-policy acl {add | delete} acl_name
Syntax Description add delete
acl_name
Adds a Web Policy FlexConnect ACL on an access point.
Deletes Web Policy FlexConnect ACL on an access point.
Name of the Web Policy FlexConnect ACL.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to add a Web Policy FlexConnect ACL on an access point:
(Cisco Controller) >
config ap flexconnect web-policy acl add flexacl2
334
Cisco Wireless Controller Command Reference, Release 8.4
config ap flexconnect wlan config ap flexconnect wlan
To configure a FlexConnect access point in a locally switched WLAN, use the config ap flexconnect wlan command.
config ap flexconnect wlan l2acl {add wlan_id cisco_ap acl_name | delete wlan_id cisco_ap}
Syntax Description add
wlan_id cisco_ap acl_name
delete
Adds a Layer 2 ACL to the FlexConnect access point.
Wireless LAN identifier from 1 to 512.
Name of the Cisco lightweight access point.
Layer 2 ACL name. The name can be up to 32 alphanumeric characters.
Deletes a Layer 2 ACL from the FlexConnect access point.
Command Default
None
Command History
Release
7.5
Modification
This command was introduced.
Usage Guidelines
Examples
• You can create a maximum of 16 rules for a Layer 2 ACL.
• You can create a maximum of 64 Layer 2 ACLs on a Cisco WLC.
• A maximum of 16 Layer 2 ACLs are supported per AP because an AP supports a maximum of 16
WLANs.
• Ensure that the Layer 2 ACL names do not conflict with the FlexConnect ACL names because an AP does not support the same Layer 2 and Layer 3 ACL names.
The following example shows how to configure a Layer 2 ACL on a FlexConnect AP.
(Cisco Controller) >
config ap flexconnect wlan add 1 AP1600_1 acl_l2_1
Cisco Wireless Controller Command Reference, Release 8.4
335
config ap group-name config ap group-name
To specify a descriptive group name for a Cisco lightweight access point, use the config ap group-name command.
config ap group-name groupname cisco_ap
Syntax Description
groupname cisco_ap
Descriptive name for the access point group.
Name of the Cisco lightweight access point.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The Cisco lightweight access point must be disabled before changing this parameter.
Examples
The following example shows how to configure a descriptive name for access point AP01:
(Cisco Controller) >
config ap group-name superusers AP01
336
Cisco Wireless Controller Command Reference, Release 8.4
config ap hotspot config ap hotspot
To configure hotspot parameters on an access point, use the config ap hotspot command.
config ap hotspot venue {type group_code type_code | name {add language_code venue_name | delete}}
cisco_ap
Syntax Description venue type
group_code
Configures venue information for given AP group.
Configures the type of venue for given AP group.
Venue group information for given AP group.
The following options are available:
• 0—UNSPECIFIED
• 1—ASSEMBLY
• 2—BUSINESS
• 3—EDUCATIONAL
• 4—FACTORY-INDUSTRIAL
• 5—INSTITUTIONAL
• 6—MERCANTILE
• 7—RESIDENTIAL
• 8—STORAGE
• 9—UTILITY-MISC
• 10—VEHICULAR
• 11—OUTDOOR
Cisco Wireless Controller Command Reference, Release 8.4
337
config ap hotspot
type_code
338
Cisco Wireless Controller Command Reference, Release 8.4
config ap hotspot
Venue type information for the AP group.
For venue group 1 (ASSEMBLY), the following options are available:
• 0—UNSPECIFIED ASSEMBLY
• 1—ARENA
• 2—STADIUM
• 3—PASSENGER TERMINAL
• 4—AMPHITHEATER
• 5—AMUSEMENT PARK
• 6—PLACE OF WORSHIP
• 7—CONVENTION CENTER
• 8—LIBRARY
• 9—MUSEUM
• 10—RESTAURANT
• 11—THEATER
• 12—BAR
• 13—COFFEE SHOP
• 14—ZOO OR AQUARIUM
• 15—EMERGENCY COORDINATION CENTER
For venue group 2 (BUSINESS), the following options are available:
• 0—UNSPECIFIED BUSINESS
• 1—DOCTOR OR DENTIST OFFICE
• 2—BANK
• 3—FIRE STATION
• 4—POLICE STATION
• 6—POST OFFICE
• 7—PROFESSIONAL OFFICE
• 8—RESEARCH AND DEVELOPMENT FACILITY
• 9—ATTORNEY OFFICE
For venue group 3 (EDUCATIONAL), the following options are available:
• 0—UNSPECIFIED EDUCATIONAL
• 1—PRIMARY SCHOOL
• 2—SECONDARY SCHOOL
Cisco Wireless Controller Command Reference, Release 8.4
339
config ap hotspot
• 3—UNIVERSITY OR COLLEGE
For venue group 4 (FACTORY-INDUSTRIAL), the following options are available:
• 0—UNSPECIFIED FACTORY AND INDUSTRIAL
• 1—FACTORY
For venue group 5 (INSTITUTIONAL), the following options are available:
• 0—UNSPECIFIED INSTITUTIONAL
• 1—HOSPITAL
• 2—LONG-TERM CARE FACILITY
• 3—ALCOHOL AND DRUG RE-HABILITATION CENTER
• 4—GROUP HOME
• 5 :PRISON OR JAIL
340
Cisco Wireless Controller Command Reference, Release 8.4
type_code
config ap hotspot
Cisco Wireless Controller Command Reference, Release 8.4
341
config ap hotspot
For venue group 6 (MERCANTILE), the following options are available:
• 0—UNSPECIFIED MERCANTILE
• 1—RETAIL STORE
• 2—GROCERY MARKET
• 3—AUTOMOTIVE SERVICE STATION
• 4—SHOPPING MALL
• 5—GAS STATION
For venue group 7 (RESIDENTIAL), the following options are available:
• 0—UNSPECIFIED RESIDENTIAL
• 1—PRIVATE RESIDENCE
• 2—HOTEL OR MOTEL
• 3—DORMITORY
• 4—BOARDING HOUSE
For venue group 8 (STORAGE), the option is:
• 0—UNSPECIFIED STORAGE
For venue group 9 (UTILITY-MISC), the option is:
• 0—UNSPECIFIED UTILITY AND MISCELLANEOUS
For venue group 10 (VEHICULAR), the following options are available:
• 0—UNSPECIFIED VEHICULAR
• 1—AUTOMOBILE OR TRUCK
• 2—AIRPLANE
• 3—BUS
• 4—FERRY
• 5—SHIP OR BOAT
• 6—TRAIN
• 7—MOTOR BIKE
For venue group 11 (OUTDOOR), the following options are available:
• 0—UNSPECIFIED OUTDOOR
• 1—MINI-MESH NETWORK
• 2—CITY PARK
• 3—REST AREA
342
Cisco Wireless Controller Command Reference, Release 8.4
config ap hotspot
• 4—TRAFFIC CONTROL
• 5—BUS STOP
• 6—KIOSK
name
Configures the name of venue for this access point.
language_code
ISO-639 encoded string defining the language used at the venue. This string is a three-character language code. For example, you can enter ENG for English.
venue_name
Venue name for this access point. This name is associated with the basic service set (BSS) and is used in cases where the SSID does not provide enough information about the venue.
The venue name is case sensitive and can be up to 252 alphanumeric characters.
add delete
cisco_ap
Adds the HotSpot venue name for this access point.
Deletes the HotSpot venue name for this access point.
Name of the Cisco access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure the venue group as educational and venue type as university:
(Cisco Controller) >
config ap hotspot venue type 3 3
Cisco Wireless Controller Command Reference, Release 8.4
343
config ap image predownload config ap image predownload
To configure an image on a specified access point, use the config ap image predownload command.
config ap image predownload {abort | primary | backup} {cisco_ap | all}
Syntax Description abort primary
cisco_ap
all
(Cisco Controller) >
Aborts the predownload image process.
Predownloads an image to a Cisco access point from the controller's primary image.
Name of a Cisco lightweight access point.
Specifies all access points to predownload an image.
Note
If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP that is with the keyword all.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to predownload an image to an access point from the primary image:
(Cisco Controller) >
config ap image predownload primary all
344
Cisco Wireless Controller Command Reference, Release 8.4
config ap image swap config ap image swap
To swap an access point’s primary and backup images, use the config ap image swap command.
config ap image swap {cisco_ap | all}
Syntax Description
cisco_ap
all
Name of a Cisco lightweight access point.
Specifies all access points to interchange the boot images.
Note
If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP that is with the keyword all.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to swap an access point’s primary and secondary images:
(Cisco Controller) >
config ap image swap all
Cisco Wireless Controller Command Reference, Release 8.4
345
config ap led-state config ap led-state
To configure the LED state of an access point or to configure the flashing of LEDs, use the config ap led-state command.
config ap led-state {enable | disable} {cisco_ap | all}
config ap led-state flash {seconds | indefinite | disable} {cisco_ap | dual-band}
Syntax Description enable disable
cisco_ap
flash
seconds
indefinite dual-band
Enables the LED state of an access point.
Disables the LED state of an access point.
Name of a Cisco lightweight access point.
Configure the flashing of LEDs for an access point.
Duration that the LEDs have to flash. The range is from 1 to 3600 seconds.
Configures indefinite flashing of the access point’s LED.
Configures the LED state for all dual-band access points.
Usage Guidelines
Note
If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP that is with the keyword all.
LEDs on access points with dual-band radio module will flash green and blue when you execute the led state flash command.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the LED state for an access point:
(Cisco Controller) >
config ap led-state enable AP02
346
Cisco Wireless Controller Command Reference, Release 8.4
config ap led-state
The following example shows how to enable the flashing of LEDs for dual-band access points:
(Cisco Controller) >
config ap led-state flash 20 dual-band
Cisco Wireless Controller Command Reference, Release 8.4
347
config ap link-encryption config ap link-encryption
To configure the Datagram Transport Layer Security (DTLS) data encryption for access points on the
5500 series controller, use the config ap link-encryption command.
Note
If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP that is with the keyword all.
config ap link-encryption {enable | disable} {cisco_ap | all}
Syntax Description enable disable
cisco_ap
all
Enables the DTLS data encryption for access points.
Disables the DTLS data encryption for access points.
Name of a Cisco lightweight access point.
Specifies all access points.
Command Default
DTLS data encryption is enabled automatically for OfficeExtend access points but disabled by default for all other access points.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Only Cisco 5500 Series Controllers support DTLS data encryption. This feature is not available on other controller platforms. If an access point with data encryption enabled tries to join any other controller, the access point joins the controller, but data packets are sent unencrypted.
Only Cisco 1130, 1140, 1240, and 1250 series access points support DTLS data encryption, and data-encrypted access points can join a Cisco 5500 Series Controller only if the wplus license is installed on the controller.
If the wplus license is not installed, the access points cannot join the controller.
Examples
The following example shows how to enable the data encryption for an access point:
(Cisco Controller) >
config ap link-encryption enable AP02
348
Cisco Wireless Controller Command Reference, Release 8.4
config ap link-latency config ap link-latency
To configure link latency for a specific access point or for all access points currently associated to the controller, use the config ap link-latency command:
Note
If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP that is with the keyword all.
config ap link-latency {enable | disable | reset} {cisco_ap | all}
Syntax Description enable disable reset
cisco_ap
all
Enables the link latency for an access point.
Disables the link latency for an access point.
Resets all link latency for all access points.
Name of the Cisco lightweight access point.
Specifies all access points.
Command Default
By default, link latency is in disabled state.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
This command enables or disables link latency only for access points that are currently joined to the controller.
It does not apply to access points that join in the future.
Examples
The following example shows how to enable the link latency for all access points:
(Cisco Controller) >
config ap link-latency enable all
Cisco Wireless Controller Command Reference, Release 8.4
349
config ap location config ap location
To modify the descriptive location of a Cisco lightweight access point, use the config ap location command.
config ap location location cisco_ap
Syntax Description
location cisco_ap
Location name of the access point (enclosed by double quotation marks).
Name of the Cisco lightweight access point.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The Cisco lightweight access point must be disabled before changing this parameter.
Examples
The following example shows how to configure the descriptive location for access point AP1:
(Cisco Controller) >
config ap location
“Building 1” AP1
350
Cisco Wireless Controller Command Reference, Release 8.4
config ap logging syslog level config ap logging syslog level
To set the severity level for filtering syslog messages for a particular access point or for all access points, use the config ap logging syslog level command.
config ap logging syslog level severity_level {cisco_ap | all}
Syntax Description
severity_level cisco_ap
all
Severity levels are as follows:
• emergencies—Severity level 0
• alerts—Severity level 1
• critical—Severity level 2
• errors—Severity level 3
• warnings—Severity level 4
• notifications—Severity level 5
• informational—Severity level 6
• debugging—Severity level 7
Cisco access point.
Specifies all access points.
Note
If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP that is with the keyword all.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If you set a syslog level, only those messages whose severity is equal to or less than that level are sent to the access point. For example, if you set the syslog level to Warnings (severity level 4), only those messages whose severity is between 0 and 4 are sent to the access point.
Cisco Wireless Controller Command Reference, Release 8.4
351
config ap logging syslog level
Examples
This example shows how to set the severity for filtering syslog messages to 3:
(Cisco Controller) >
config ap logging syslog level 3
352
Cisco Wireless Controller Command Reference, Release 8.4
config ap logging syslog facility config ap logging syslog facility
To set the facility level for filtering syslog messages for a particular access point or for all access points, use the config ap logging syslog facility command.
config ap logging syslog facility facility-level {cisco_ap | all}
Syntax Description
facility-level
Facility level is one of the following:
• auth = Authorization system.
• cron = Cron/at facility.
• daemon = System daemons.
• kern = Kernel.
• local0 = Local use.
• local1 = Local use.
• local2 = Local use.
• local3 = Local use.
• local4 = Local use.
• local5 = Local use.
• local5 = Local use.
• local6 = Local use.
• local7 = Local use.
• lpr = Line printer system.
• mail = Mail system.
• news = USENET news.
• sys10 = System use.
• sys11 = System use.
• sys12 = System use.
• sys13 = System use.
• sys14 = System use.
• sys9 = System use.
• syslog = Syslog itself.
• user = User process.
• uucp Unix-to-Unix copy system.
Cisco Wireless Controller Command Reference, Release 8.4
353
config ap logging syslog facility
cisco_ap
all
Configures for a specific access point.
Configures for all access points.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
This example shows how to set the facility level for filtering syslog messages to auth for all access points:
(Cisco Controller) >
config ap logging syslog facility auth all
354
Cisco Wireless Controller Command Reference, Release 8.4
config ap max-count config ap max-count
To configure the maximum number of access points supported by the Cisco Wireless LAN Controller (WLC), use the config ap max-count command.
config ap max-count number
Syntax Description
number
Number of access points supported by the Cisco WLC.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The access point count of the Cisco WLC license overrides this count if the configured value is greater than the access point count of the license. A value of 0 indicates that there is no restriction on the maximum number of access points. If high availability is configured, you must reboot both the active and the standby Cisco
WLCs after you configure the maximum number of access points supported by the Cisco WLC.
Examples
The following example shows how to configure the number of access points supported by the Cisco WLC:
(Cisco Controller) >
config ap max-count 100
Cisco Wireless Controller Command Reference, Release 8.4
355
config ap mgmtuser add config ap mgmtuser add
To configure username, password, and secret password for AP management, use the config ap mgmtuser
add command.
config ap mgmtuser add username AP_username password AP_password secret secret {all | cisco_ap}
Syntax Description username
AP_username
password
AP_password
secret
secret
all
cisco_ap
Configures the username for AP management.
Management username.
Configures the password for AP management.
AP management password.
Configures the secret password for privileged AP management.
AP managemetn secret password.
Applies configuration to every AP that does not have a specific username.
Cisco access point.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The following requirements are enforced on the password:
• The password should contain characters from at least three of the following classes: lowercase letters, uppercase letters, digits, and special characters.
• No character in the password can be repeated more than three times consecutively.
• The password sould not contain management username or reverse of usename.
• The password should not contain words like Cisco, oscic, admin, nimda or any variant obtained by changing the capitalization of letters by substituting 1, |, or ! or substituting 0 for o or substituting $ for s.
The following requirement is enforced on the secret password:
356
Cisco Wireless Controller Command Reference, Release 8.4
Examples config ap mgmtuser add
• The secret password should contain characters from at least three of the following classes: lowercase letters, uppercase letters, digits, or special characters.
The following example shows how to add a username, password, and secret password for AP management:
(Cisco Controller) >
config ap mgmtuser add username acd password Arc_1234 secret Mid_45 all
Cisco Wireless Controller Command Reference, Release 8.4
357
config ap mgmtuser delete config ap mgmtuser delete
To force a specific access point to use the controller’s global credentials, use the config ap mgmtuser delete command.
config ap mgmtuser delete cisco_ap
Syntax Description
cisco_ap
Access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to delete the credentials of an access point:
(Cisco Controller) >
config ap mgmtuser delete cisco_ap1
358
Cisco Wireless Controller Command Reference, Release 8.4
config ap mode config ap mode
To change a Cisco WLC communication option for an individual Cisco lightweight access point, use the
config ap mode command.
config ap mode {bridge | flexconnect sensor submode {none | wips} | local submode {none | wips} | reap
| rogue | sniffer | se-connect | monitor submode {none | wips} |} cisco_ap
Syntax Description bridge flexconnect local reap rogue sniffer se-connect flex+bridge submode none wips sensor
cisco_ap
Converts from a lightweight access point to a mesh access point
(bridge mode).
Enables FlexConnect mode on an access point.
Converts from an indoor mesh access point (MAP or RAP) to a nonmesh lightweight access point (local mode).
Enables remote edge access point mode on an access point.
Enables wired rogue detector mode on an access point.
Enables wireless sniffer mode on an access point.
Enables flex+bridge mode on an access point.
Enables spectrum expert mode on an access point.
(Optional) Configures wIPS submode on an access point.
Disables the wIPS on an access point.
Enables the wIPS submode on an access point.
Enables sensor mode for the Cisco AP
Name of the Cisco lightweight access point.
Command Default
Local
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
359
config ap mode
Usage Guidelines
The sniffer mode captures and forwards all the packets from the clients on that channel to a remote machine that runs AiroPeek or other supported packet analyzer software. It includes information on the timestamp, signal strength, packet size and so on.
Examples
The following example shows how to set the controller to communicate with access point AP91 in bridge mode:
(Cisco Controller) >
config ap mode bridge AP91
The following example shows how to set the controller to communicate with access point AP01 in local mode:
(Cisco Controller) >
config ap mode local AP01
The following example shows how to set the controller to communicate with access point AP91 in remote office (REAP) mode:
(Cisco Controller) >
config ap mode flexconnect AP91
The following example shows how to set the controller to communicate with access point AP91 in a wired rogue access point detector mode:
(Cisco Controller) >
config ap mode rogue AP91
The following example shows how to set the controller to communicate with access point AP02 in wireless sniffer mode:
(Cisco Controller) >
config ap mode sniffer AP02
360
Cisco Wireless Controller Command Reference, Release 8.4
config ap module3g config ap module3g
To configure the Cisco Universal Small Cell (USC) 8x18 Dual Mode Module, use the config ap module3g command.
config ap module3g {enable | disable} ap-name
Syntax Description enable disable
ap-name
Enables the Cisco USC 8x18 Dual Mode Module on the specified Cisco AP.
Disables the Cisco USC 8x18 Dual Mode Module on the specified Cisco AP.
Name of the Cisco AP
Note
In Release 8.1, only Cisco Aironet 3600I and 3700I APs are supported.
Command Default
Enabled
Command History
Release
8.1
Modification
This command was introduced.
Usage Guidelines
You might be prompted with a co-existence warning when Wi-Fi in 2.4-GHz and 3G/4G module are enabled.
Examples
This example shows how to enable Cisco USC 8x18 Dual Mode Module on a Cisco AP named my-ap
(Cisco Controller) >
config ap module3g enable my-ap
Cisco Wireless Controller Command Reference, Release 8.4
361
config ap monitor-mode config ap monitor-mode
To configure Cisco lightweight access point channel optimization, use the config ap monitor-mode command.
config ap monitor-mode {802.11b fast-channel | no-optimization | tracking-opt | wips-optimized} cisco_ap
Syntax Description
802.11b fast-channel no-optimization tracking-opt wips-optimized
cisco_ap
Configures 802.11b scanning channels for a monitor-mode access point.
Specifies no channel scanning optimization for the access point.
Enables tracking optimized channel scanning for the access point.
Enables wIPS optimized channel scanning for the access point.
Name of the Cisco lightweight access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure a Cisco wireless intrusion prevention system (wIPS) monitor mode on access point AP01:
(Cisco Controller) >
config ap monitor-mode wips-optimized AP01
362
Cisco Wireless Controller Command Reference, Release 8.4
config ap name config ap name
To modify the name of a Cisco lightweight access point, use the config ap name command.
config ap name new_name old_name
Syntax Description
new_name old_name
Desired Cisco lightweight access point name.
Current Cisco lightweight access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to modify the name of access point AP1 to AP2:
(Cisco Controller) >
config ap name AP1 AP2
Cisco Wireless Controller Command Reference, Release 8.4
363
config ap packet-dump config ap packet-dump
To configure the Packet Capture parameters on access points, use the config ap packet-dump command.
config ap packet-dump {buffer-size Size _in_KB| capture-time Time_in_Min| ftp serverip IP_addr path
path username usernamepassword password | start MAC_address Cisco_AP | stop | truncate
Length_in_Bytes}
config ap packet-dump classifier {{arp | broadcast | control | data | dot1x | iapp | ip | management |
multicast } {enable | disable} | tcp {enable | disable | port TCP_Port {enable | disable}} | udp {enable |
disable | port UDP_Port {enable | disable}}}
Syntax Description buffer-size
Size _in_KB
capture-time
Time_in_Min
ftp serverip
IP_addr
path path
username user_ID
password password
start
MAC_address
Cisco_AP
stop
Configures the buffer size for
Packet Capture in the access point.
Size of the buffer. The range is from 1024 to 4096 KB.
Configures the timer value for
Packet Capture.
Timer value for Packet Capture.
The range is from 1 to 60 minutes.
Configures FTP parameters for
Packet Capture.
Configures the FTP server.
IP address of the FTP server.
Configures FTP server path.
Configures the username for the
FTP server.
Configures the password for the
FTP server.
Starts Packet Capture from the access point.
Client MAC Address for Packet
Capture.
Name of the Cisco access point.
Stops Packet Capture from the access point.
364
Cisco Wireless Controller Command Reference, Release 8.4
disable broadcast control data dot1x iapp ip management multicast tcp
TCP_Port
udp truncate
Length_in_Bytes
classifier arp enable config ap packet-dump
Truncates the packet to the specified length during Packet
Capture.
Length of the packet after truncation. The range is from 20 to
1500.
Configures the classifier information for Packet Capture.
You can specify the type of packets that needs to be captured.
Captures ARP packets.
Enables capture of ARP, broadcast,
802.11 control, 802.11 data, dot1x,
Inter Access Point Protocol (IAPP),
IP, 802.11 management, or multicast packets.
Disables capture of ARP, broadcast, 802.11 control, 802.11
data, dot1x, IAPP, IP,
802.11management, or multicast packets.
Captures broadcast packets.
Captures 802.11 control packets.
Captures 802.11 data packets.
Captures dot1x packets.
Captures IAPP packets.
Captures IP packets.
Captures 802.11 management packets.
Captures multicast packets.
Captures TCP packets.
TCP port number. The range is from 1 to 65535.
Captures TCP packets.
Cisco Wireless Controller Command Reference, Release 8.4
365
config ap packet-dump
UDP_Port
ftp
server_ip
UDP port number. The range is from 1 to 65535.
Configures FTP parameters for
Packet Capture.
FTP server IP address.
Command Default
The default buffer size is 2 MB. The default capture time is 10 minutes.
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Usage Guidelines
Packet Capture does not work during intercontroller roaming.
The controller does not capture packets created in the radio firmware and sent out of the access point, such as a beacon or probe response. Only packets that flow through the Radio driver in the Tx path will be captured.
Use the command config ap packet-dump start to start the Packet Capture from the access point. When you start Packet Capture, the controller sends a Control and Provisioning of Wireless Access Points protocol
(CAPWAP) message to the access point to which the client is associated and captures packets. You must configure the FTP server and ensure that the client is associated to the access point before you start Packet
Capture. If the client is not associated to the access point, you must specify the name of the access point.
This command supports both IPv4 and IPv6 address formats.
Examples
The following example shows how to start Packet Capture from an access point:
(Cisco Controller) >
config ap packet-dump start 00:0d:28:f4:c0:45 AP1
The following example shows how to capture 802.11 control packets from an access point:
(Cisco Controller) >
config ap packet-dump classifier control enable
366
Cisco Wireless Controller Command Reference, Release 8.4
config ap port config ap port
To configure the port for a foreign access point, use the config ap port command.
config ap port MAC port
Syntax Description
MAC port
Foreign access point MAC address.
Port number for accessing the foreign access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure the port for a foreign access point MAC address:
(Cisco Controller) >
config ap port 12:12:12:12:12:12 20
Cisco Wireless Controller Command Reference, Release 8.4
367
config ap power injector config ap power injector
To configure the power injector state for an access point, use the config ap power injector command.
config ap power injector {enable | disable} {cisco_ap | all} {installed | override | switch_MAC}
Syntax Description enable disable
cisco_ap
all installed override
switch_MAC
Enables the power injector state for an access point.
Disables the power injector state for an access point.
Name of the Cisco lightweight access point.
Specifies all Cisco lightweight access points connected to the controller.
Detects the MAC address of the current switch port that has a power injector.
Overrides the safety checks and assumes a power injector is always installed.
MAC address of the switch port with an installed power injector.
Note
If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP that is with the keyword all.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the power injector state for all access points:
(Cisco Controller) >
config ap power injector enable all 12:12:12:12:12:12
368
Cisco Wireless Controller Command Reference, Release 8.4
config ap power pre-standard config ap power pre-standard
To enable or disable the inline power Cisco pre-standard switch state for an access point, use the config ap
power pre-standard command.
config ap power pre-standard {enable | disable} cisco_ap
Syntax Description enable disable
cisco_ap
Enables the inline power Cisco pre-standard switch state for an access point.
Disables the inline power Cisco pre-standard switch state for an access point.
Name of the Cisco lightweight access point.
Command Default
Disabled.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable the inline power Cisco pre-standard switch state for access point
AP02:
(Cisco Controller) >
config ap power pre-standard enable AP02
Cisco Wireless Controller Command Reference, Release 8.4
369
config ap preferred-mode config ap preferred-mode
To configure the preferred mode, use the config ap preferred-mode command.
config appreferred-mode{ipv4 | ipv6|any}{AP_name | Ap-group_name | all }
Syntax Description ipv4 ipv6 any
AP_name
Ap-group_name all
Configures IPv4 as the preferred mode
Configures IPv6 as the preferred mode
Configures any as the preferred mode
Configures the preferred mode to the AP
Configures the preferred mode to the AP group members
Configures the preferred mode to all the APs
Command Default
None
Command History
Examples
Release
8.0
Modification
This command was introduced. It supports both IPv4 and IPv6.
The following example shows how to configure IPv6 as the preferred mode to lightweight access point AP1
(Cisco Controller) >
config ap preferred-mode ipv6 AP1
370
Cisco Wireless Controller Command Reference, Release 8.4
config ap primary-base config ap primary-base
To set the Cisco lightweight access point primary Cisco WLC, use the config ap primary-base command.
config ap primary-base controller_name Cisco_AP[controller_ip_address]
Syntax Description
controller_name
Cisco_AP controller_ip_address
Name of the Cisco WLC.
Cisco lightweight access point name.
(Optional) If the backup controller is outside the mobility group to which the access point is connected, then you need to provide the IP address of the primary, secondary, or tertiary controller.
Note
For OfficeExtend access points, you must enter both the name and IP address of the controller. Otherwise, the access point cannot join this controller.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Usage Guidelines
The Cisco lightweight access point associates with this Cisco WLC for all network operations and in the event of a hardware reset.
OfficeExtend access points do not use the generic broadcast or over-the air (OTAP) discovery process to find a controller. You must configure one or more controllers because OfficeExtend access points try to connect only to their configured controllers.
This command supports both IPv4 and IPv6 address formats.
Examples
The following example shows how to set an access point primary Cisco WLC IPv4 address for an Cisco AP:
(Cisco Controller) >
config ap primary-base SW_1 AP2 10.0.0.0
The following example shows how to set an access point primary Cisco WLC IPv6 address for an Cisco AP:
(Cisco Controller) >
config ap primary-base SW_1 AP2 2001:DB8:0:1::1
Cisco Wireless Controller Command Reference, Release 8.4
371
config ap primary-base
Related Commands show ap config general
372
Cisco Wireless Controller Command Reference, Release 8.4
config ap priority config ap priority
To assign a priority designation to an access point that allows it to reauthenticate after a controller failure by priority rather than on a first-come-until-full basis, use the config ap priority command.
config ap priority {1 | 2 | 3 | 4} cisco_ap
Syntax Description
3
4
1
2
cisco_ap
Specifies low priority.
Specifies medium priority.
Specifies high priority.
Specifies the highest (critical) priority.
Cisco lightweight access point name.
Command Default
1 - Low priority.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
In a failover situation, if the backup controller does not have enough ports to allow all the access points in the affected area to reauthenticate, it gives priority to higher-priority access points over lower-priority ones, even if it means replacing lower-priority access points.
Examples
The following example shows how to assign a priority designation to access point AP02 that allows it to reauthenticate after a controller failure by assigning a reauthentication priority 3:
(Cisco Controller) >
config ap priority 3 AP02
Cisco Wireless Controller Command Reference, Release 8.4
373
config ap reporting-period config ap reporting-period
To reset a Cisco lightweight access point, use the config ap reporting-period command.
config ap reporting-period period
Syntax Description
period
Time period in seconds between 10 and 120.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to reset an access point reporting period to 120 seconds:
>
config ap reporting-period 120
374
Cisco Wireless Controller Command Reference, Release 8.4
config ap reset config ap reset
To reset a Cisco lightweight access point, use the config ap reset command.
config ap reset cisco_ap
Syntax Description
cisco_ap
Cisco lightweight access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to reset an access point:
(Cisco Controller) >
config ap reset AP2
Cisco Wireless Controller Command Reference, Release 8.4
375
config ap retransmit interval config ap retransmit interval
To configure the access point control packet retransmission interval, use the config ap retransmit interval command.
config ap retransmit interval seconds {all | cisco_ap}
Syntax Description
seconds
all
cisco_ap
AP control packet retransmission timeout between 2 and 5 seconds.
Specifies all access points.
Cisco lightweight access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure the retransmission interval for all access points globally:
(Cisco Controller) >
config ap retransmit interval 4 all
376
Cisco Wireless Controller Command Reference, Release 8.4
config ap retransmit count config ap retransmit count
To configure the access point control packet retransmission count, use the config ap retransmit count command.
config ap retransmit count count {all | cisco_ap}
Syntax Description
count
all
cisco_ap
Number of times control packet will be retransmitted.
The range is from 3 to 8.
Specifies all access points.
Cisco lightweight access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure the retransmission retry count for a specific access point:
(Cisco Controller) >
config ap retransmit count 6 cisco_ap
Cisco Wireless Controller Command Reference, Release 8.4
377
config ap role config ap role
To specify the role of an access point in a mesh network, use the config ap role command.
config ap role {rootAP | meshAP} cisco_ap
Syntax Description rootAP meshAP
cisco_ap
Designates the mesh access point as a root access point (RAP).
Designates the mesh access point as a mesh access point (MAP).
Name of the Cisco lightweight access point.
Command Default
meshAP.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Use the meshAP keyword if the access point has a wireless connection to the controller, or use the rootAP keyword if the access point has a wired connection to the controller. If you change the role of the AP, the AP will be rebooted.
Examples
The following example shows how to designate mesh access point AP02 as a root access point:
(Cisco Controller) >
config ap role rootAP AP02
Changing the AP's role will cause the AP to reboot.
Are you sure you want to continue? (y/n)
378
Cisco Wireless Controller Command Reference, Release 8.4
config ap rst-button config ap rst-button
To configure the Reset button for an access point, use the config ap rst-button command.
config ap rst-button {enable | disable} cisco_ap
Syntax Description enable disable
cisco_ap
Enables the Reset button for an access point.
Disables the Reset button for an access point.
Name of the Cisco lightweight access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure the Reset button for access point AP03:
(Cisco Controller) >
config ap rst-button enable AP03
Cisco Wireless Controller Command Reference, Release 8.4
379
config ap secondary-base config ap secondary-base
To set the Cisco lightweight access point secondary Cisco WLC, use the config ap secondary-base command.
config ap secondary-base Controller_name Cisco_AP [Controller_IP_address]
Syntax Description
controller_name
Cisco_AP
Controller_IP_address
Name of the Cisco WLC.
Cisco lightweight access point name.
(Optional). If the backup Cisco WLC is outside the mobility group to which the access point is connected, then you need to provide the IP address of the primary, secondary, or tertiary Cisco WLC.
Note
For OfficeExtend access points, you must enter both the name and IP address of the Cisco WLC. Otherwise, the access point cannot join this
Cisco WLC.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Usage Guidelines
The Cisco lightweight access point associates with this Cisco WLC for all network operations and in the event of a hardware reset.
OfficeExtend access points do not use the generic broadcast or over-the air (OTAP) discovery process to find a Cisco WLC. You must configure one or more Cisco WLCs because OfficeExtend access points try to connect only to their configured Cisco WLCs.
This command supports both IPv4 and IPv6 address formats.
Examples
The following example shows how to set an access point secondary Cisco WLC:
(Cisco Controller) >
config ap secondary-base SW_1 AP2 10.0.0.0
The following example shows how to set an access point primary Cisco WLC IPv6 address for an Cisco AP:
(Cisco Controller) >
config ap secondary-base SW_1 AP2 2001:DB8:0:1::1
380
Cisco Wireless Controller Command Reference, Release 8.4
Related Commands show ap config general config ap secondary-base
Cisco Wireless Controller Command Reference, Release 8.4
381
config ap sniff config ap sniff
To enable or disable sniffing on an access point, use the config ap sniff command.
config ap sniff {802.11a | 802.11b} {enable channel server_ip | disable} cisco_ap
Syntax Description
802.11a
802.11b
enable
channel server_ip
disable
cisco_ap
Specifies the 802.11a network.
Specifies the 802.11b network.
Enables sniffing on an access point.
Channel to be sniffed.
IP address of the remote machine running Omnipeek, Airopeek,AirMagnet, or
Wireshark software.
Disables sniffing on an access point.
Access point configured as the sniffer.
Command Default
Channel 36.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
When the sniffer feature is enabled on an access point, it starts sniffing the signal on the given channel. It captures and forwards all the packets to the remote computer that runs Omnipeek, Airopeek, AirMagnet, or
Wireshark software. It includes information on the timestamp, signal strength, packet size and so on.
Before an access point can act as a sniffer, a remote computer that runs one of the listed packet analyzers must be set up so that it can receive packets sent by the access point. After the Airopeek installation, copy the following .dll files to the location where airopeek is installed:
• socket.dll file to the Plug-ins folder (for example, C:\Program Files\WildPackets\AiroPeek\Plugins)
• socketres.dll file to the PluginRes folder (for example, C:\Program Files\WildPackets\AiroPeek\
1033\PluginRes)
382
Cisco Wireless Controller Command Reference, Release 8.4
config ap sniff
Examples
The following example shows how to enable the sniffing on the 802.11a an access point from the primary
Cisco WLC:
(Cisco Controller) >
config ap sniff 80211a enable 23 11.22.44.55 AP01
Cisco Wireless Controller Command Reference, Release 8.4
383
config ap ssh config ap ssh
To enable Secure Shell (SSH) connectivity on an access point, use the config ap ssh command.
config ap ssh {enable | disable | default} cisco_ap | all
Syntax Description enable disable default
cisco_ap all
Enables the SSH connectivity on an access point.
Disables the SSH connectivity on an access point.
Replaces the specific SSH configuration of an access point with the global SSH configuration.
Cisco access point name.
All access points.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The Cisco lightweight access point associates with this Cisco wireless LAN controller for all network operation and in the event of a hardware reset.
Examples
The following example shows how to enable SSH connectivity on access point Cisco_ap2:
>
config ap ssh enable cisco_ap2
384
Cisco Wireless Controller Command Reference, Release 8.4
config ap static-ip config ap static-ip
To configure Static IP address settings on Cisco lightweight access point , use the config ap static-ip command.
config ap static-ip {enable Cisco_AP AP_IP_addr IP_netmask /prefix_length gateway | disable Cisco_AP|
add {domain {Cisco_AP | all} domain_name | nameserver {Cisco_AP | all} nameserver-ip} | delete {domain
| nameserver} {Cisco_AP | all}}
Syntax Description enable disable
Cisco_AP
AP_IP_addr
IP_netmask/prefix_length gateway
add domain all
domain_name
nameserver
nameserver-ip
delete
Enables the Cisco lightweight access point static IP address.
Disables the Cisco lightweight access point static IP address. The access point uses DHCP to get the IP address.
Cisco lightweight access point name.
Cisco lightweight access point IP address
Cisco lightweight access point network mask.
IP address of the Cisco lightweight access point gateway.
Adds a domain or DNS server.
Specifies the domain to which a specific access point or all access points belong.
Specifies all access points.
Specifies a domain name.
Specifies a DNS server so that a specific access point or all access points can discover the controller using DNS resolution.
DNS server IP address.
Deletes a domain or DNS server.
Note
If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP that is with the keyword all.
Cisco Wireless Controller Command Reference, Release 8.4
385
config ap static-ip
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Usage Guidelines
An access point cannot discover the controller using Domain Name System (DNS) resolution if a static IP address is configured for the access point, unless you specify a DNS server and the domain to which the access point belongs.
After you enter the IPv6 address, Prefix-length and IPv6 gateway address, the CAPWAP tunnel will restart for access point. Changing the AP's IP address will cause the AP to disjoin. After the access point rejoins the controller, you can enter the domain and IPv6 DNS server information.
This command supports both IPv4 and IPv6 address formats.
Examples
The following example shows how to configure static IP address on an access point:
(Cisco Controller) >
config ap static-ip enable AP2 1.1.1.1 255.255.255.0 209.165.200.254
The following example shows how to configure static IPv6 address on an access point:
(Cisco Controller) >
config ap static-ip enable AP2 2001:DB8:0:1::1
Related Commands show ap config general
386
Cisco Wireless Controller Command Reference, Release 8.4
config ap stats-timer config ap stats-timer
To set the time in seconds that the Cisco lightweight access point sends its DOT11 statistics to the Cisco wireless LAN controller, use the config ap stats-timer command.
config ap stats-timer period cisco_ap
Syntax Description
period cisco_ap
Time in seconds from 0 to 65535. A zero value disables the timer.
Cisco lightweight access point name.
Command Default
The default value is 0 (disabled state).
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
A value of 0 (zero) means that the Cisco lightweight access point does not send any DOT11 statistics. The acceptable range for the timer is from 0 to 65535 seconds, and the Cisco lightweight access point must be disabled to set this value.
Examples
The following example shows how to set the stats timer to 600 seconds for access point AP2:
(Cisco Controller) >
config ap stats-timer 600 AP2
Cisco Wireless Controller Command Reference, Release 8.4
387
config ap syslog host global config ap syslog host global
To configure a global syslog server for all access points that join the controller, use the config ap syslog host
global command.
config ap syslog host global ip_address
Syntax Description
ip_address
IPv4/IPv6 address of the syslog server.
Command Default
The default value of the IPv4 address of the syslog server is 255.255.255.255.
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Usage Guidelines
By default, the global syslog server IP address for all access points is 255.255.255.255. Make sure that the access points can reach the subnet on which the syslog server resides before configuring the syslog server on the controller. If the access points cannot reach this subnet, the access points are unable to send out syslog messages.
This command supports both IPv4 and IPv6 address formats.
Examples
Examples
The following example shows how to configure a global syslog server, using IPv4 address, for all access points:
(Cisco Controller) >
config ap syslog host global 255.255.255.255
The following example shows how to configure a global syslog server, using IPv6 address, for all access points:
(Cisco Controller) >
config ap syslog host global 2001:9:10:56::100
388
Cisco Wireless Controller Command Reference, Release 8.4
config ap syslog host specific config ap syslog host specific
To configure a syslog server for a specific access point, use the config ap syslog host specific command.
config ap syslog host specific ap_nameip_address
Syntax Description
ap_name ip_address
Cisco lightweight access point.
IPv4/IPv6 address of the syslog server.
Command Default
The default value of the syslog server IP address is 0.0.0.0.
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Usage Guidelines
By default, the syslog server IP address for each access point is 0.0.0.0, indicating that it is not yet set. When the default value is used, the global access point syslog server IP address is pushed to the access point.
This command supports both IPv4 and IPv6 address formats.
Examples
Examples
The following example shows how to configure a syslog server:
(Cisco Controller) >
config ap syslog host specific 0.0.0.0
The following example shows how to configure a syslog server for a specific AP, using IPv6 address:
(Cisco Controller) >
config ap syslog host specific AP3600 2001:9:10:56::100
Cisco Wireless Controller Command Reference, Release 8.4
389
config ap tcp-mss-adjust config ap tcp-mss-adjust
To enable or disable the TCP maximum segment size (MSS) on a particular access point or on all access points, use the config ap tcp-mss-adjust command.
config ap tcp-mss-adjust {enable | disable} {cisco_ap | all} size
Syntax Description enable disable
cisco_ap
all
size
Enables the TCP maximum segment size on an access point.
Disables the TCP maximum segment size on an access point.
Cisco access point name.
Specifies all access points.
Maximum segment size.
• IPv4—Specify a value between 536 and 1363.
• IPv6—Specify a value between 1220 and 1331.
Note
Any TCP MSS value that is below 1220 and above 1331 will not be effective for CAPWAP v6 AP.
Note
If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP that is with the keyword all.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports only IPv6.
Usage Guidelines
When you enable this feature, the access point checks for TCP packets to and from wireless clients in its data path. If the MSS of these packets is greater than the value that you configured or greater than the default value for the CAPWAP tunnel, the access point changes the MSS to the new configured value.
390
Cisco Wireless Controller Command Reference, Release 8.4
config ap tcp-mss-adjust
Examples
This example shows how to enable the TCP MSS on access point cisco_ap1 with a segment size of 1200 bytes:
(Cisco Controller) >
config ap tcp-mss-adjust enable cisco_ap1 1200
Cisco Wireless Controller Command Reference, Release 8.4
391
config ap telnet config ap telnet
To enable Telnet connectivity on an access point, use the config ap telnet command.
config ap telnet {enable | disable | default} cisco_ap | all
Syntax Description enable disable default
cisco_ap all
Enables the Telnet connectivity on an access point.
Disables the Telnet connectivity on an access point.
Replaces the specific Telnet configuration of an access point with the global
Telnet configuration.
Cisco access point name.
All access points.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Examples
• The Cisco lightweight access point associates with this Cisco WLC for all network operation and in the event of a hardware reset.
• Telnet is not supported on Cisco Aironet 1810 OEAP, 1810W, 1830, 1850, 2800, and 3800 Series APs.
The following example shows how to enable Telnet connectivity on access point cisco_ap1:
(Cisco Controller) >
config ap telnet enable cisco_ap1
The following example shows how to disable Telnet connectivity on access point cisco_ap1:
(Cisco Controller) >
config ap telnet disable cisco_ap1
392
Cisco Wireless Controller Command Reference, Release 8.4
config ap tertiary-base config ap tertiary-base
To set the Cisco lightweight access point tertiary Cisco WLC, use the config ap tertiary-base command.
config ap tertiary-base controller_name Cisco_AP [controller_ip_address]
Syntax Description
controller_name
Cisco_AP controller_ip_address
Name of the Cisco WLC.
Cisco lightweight access point name.
(Optional) If the backup controller is outside the mobility group to which the access point is connected, then you need to provide the IP address of the primary, secondary, or tertiary Cisco WLC.
Note
For OfficeExtend access points, you must enter both the name and IP address of the Cisco WLC. Otherwise, the access point cannot join this
Cisco WLC.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Usage Guidelines
OfficeExtend access points do not use the generic broadcast or over-the air (OTAP) discovery process to find a Cisco WLC. You must configure one or more controllers because OfficeExtend access points try to connect only to their configured Cisco WLCs.
The Cisco lightweight access point associates with this Cisco WLC for all network operations and in the event of a hardware reset.
This command supports both IPv4 and IPv6 address formats.
Examples
This example shows how to set the access point tertiary Cisco WLC:
(Cisco Controller) >
config ap tertiary-base SW_1 AP02 10.0.0.0
The following example shows how to set an access point tertiary Cisco WLC IPv6 address for an Cisco AP:
(Cisco Controller) >
config ap tertiary-base SW_1 AP2 2001:DB8:0:1::1
Cisco Wireless Controller Command Reference, Release 8.4
393
config ap tertiary-base
Related Commands show ap config general
394
Cisco Wireless Controller Command Reference, Release 8.4
config ap tftp-downgrade config ap tftp-downgrade
To configure the settings used for downgrading a lightweight access point to an autonomous access point, use the config ap ftp-downgrade command.
config ap tftp-downgrade tftp_ip_addressfilename Cisco_AP
Syntax Description
tftp_ip_address filename
Cisco_AP
IP address of the TFTP server.
Filename of the access point image file on the TFTP server.
Access point name.
Command Default
None
Command History
Examples
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
The following example shows how to configure the settings for downgrading access point ap1240_102301:
(Cisco Controller) >
config ap ftp-downgrade 209.165.200.224 1238.tar ap1240_102301
Cisco Wireless Controller Command Reference, Release 8.4
395
config ap username config ap username
To assign a username and password to access either a specific access point or all access points, use the config
ap username command.
config ap username user_id password passwd [all | ap_name]
Syntax Description
user_id passwd
all
ap_name
Administrator username.
Administrator password.
(Optional) Specifies all access points.
Name of a specific access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to assign a username and password to a specific access point:
(Cisco Controller) >
config ap username jack password blue la204
The following example shows how to assign the same username and password to a all access points:
(Cisco Controller) >
config ap username jack password blue all
396
Cisco Wireless Controller Command Reference, Release 8.4
config ap venue config ap venue
To configure the venue information for 802.11u network on an access point, use the config ap venue command.
config ap venue {addvenue_name venue-group venue-type lang-code cisco-ap | delete}
Syntax Description add
venue_name venue_group venue_type lang_code cisco_ap
deletes
Adds venue information.
Venue name.
Venue group category. See the table below for details on venue group mappings.
Venue type. This value depends on the venue-group specified. See the table below for venue group mappings.
Language used. An ISO-14962-1997 encoded string that defines the language. This string is a three character language code. Enter the first three letters of the language in English (for example, eng for English).
Name of the access point.
Deletes venue information.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to set the venue details for an access point named cisco-ap1:
(Cisco Controller) >
config ap venue add test 11 34 eng cisco-ap1
This table lists the different venue types for each venue group.
Table 5: Venue Group Mapping
Venue Group Name
UNSPECIFIED
Value
0
Venue Type for Group
Cisco Wireless Controller Command Reference, Release 8.4
397
config ap venue
Venue Group Name
ASSEMBLY
Value
1
BUSINESS 2
Venue Type for Group
• 0—UNSPECIFIED ASSEMBLY
• 1—ARENA
• 2—STADIUM
• 3—PASSENGER TERMINAL (E.G.,
AIRPORT, BUS, FERRY, TRAIN
STATION)
• 4—AMPHITHEATER
• 5—AMUSEMENT PARK
• 6—PLACE OF WORSHIP
• 7—CONVENTION CENTER
• 8—LIBRARY
• 9—MUSEUM
• 10—RESTAURANT
• 11—THEATER
• 12—BAR
• 13—COFFEE SHOP
• 14—ZOO OR AQUARIUM
• 15—EMERGENCY
COORDINATION CENTER
• 0—UNSPECIFIED BUSINESS
• 1—DOCTOR OR DENTIST OFFICE
• 2—BANK
• 3—FIRE STATION
• 4—POLICE STATION
• 6—POST OFFICE
• 7—PROFESSIONAL OFFICE
• 8—RESEARCH AND
DEVELOPMENT FACILITY
• 9—ATTORNEY OFFICE
398
Cisco Wireless Controller Command Reference, Release 8.4
Venue Group Name
EDUCATIONAL
Value
3
FACTORY-INDUSTRIAL
INSTITUTIONAL
MERCANTILE
RESIDENTIAL
4
5
6
7
config ap venue
Venue Type for Group
• 0—UNSPECIFIED EDUCATIONAL
• 1—SCHOOL, PRIMARY
• 2—SCHOOL, SECONDARY
• 3—UNIVERSITY OR COLLEGE
• 0—UNSPECIFIED FACTORY AND
INDUSTRIAL
• 1—FACTORY
• 0—UNSPECIFIED
INSTITUTIONAL
• 1—HOSPITAL
• 2—LONG-TERM CARE FACILITY
(E.G., NURSING HOME, HOSPICE,
ETC.)
• 3—ALCOHOL AND DRUG
RE-HABILITATION CENTER
• 4—GROUP HOME
• 5—PRISON OR JAIL
• 0—UNSPECIFIED MERCANTILE
• 1—RETAIL STORE
• 2—GROCERY MARKET
• 3—AUTOMOTIVE SERVICE
STATION
• 4—SHOPPING MALL
• 5—GAS STATION
• 0—UNSPECIFIED RESIDENTIAL
• 1—PRIVATE RESIDENCE
• 2—HOTEL OR MOTEL
• 3—DORMITORY
• 4—BOARDING HOUSE
Cisco Wireless Controller Command Reference, Release 8.4
399
config ap venue
Venue Group Name
STORAGE
UTILITY-MISC
VEHICULAR
Value
8
9
10
OUTDOOR 11
Venue Type for Group
UNSPECIFIED STORAGE
0—UNSPECIFIED UTILITY AND
MISCELLANEOUS
• 0—UNSPECIFIED VEHICULAR
• 1—AUTOMOBILE OR TRUCK
• 2—AIRPLANE
• 3—BUS
• 4—FERRY
• 5—SHIP OR BOAT
• 6—TRAIN
• 7—MOTOR BIKE
• 0—UNSPECIFIED OUTDOOR
• 1—MUNI-MESH NETWORK
• 2—CITY PARK
• 3—REST AREA
• 4—TRAFFIC CONTROL
• 5—BUS STOP
• 6—KIOSK
400
Cisco Wireless Controller Command Reference, Release 8.4
config ap wlan config ap wlan
To enable or disable wireless LAN override for a Cisco lightweight access point radio, use the config ap wlan command.
config ap wlan {enable | disable} {802.11a | 802.11b} wlan_id cisco_ap
Syntax Description enable disable
802.11a
802.11b
wlan_id cisco_ap
Enables the wireless LAN override on an access point.
Disables the wireless LAN override on an access point.
Specifies the 802.11a network.
Specifies the 802.11b network.
Cisco wireless LAN controller ID assigned to a wireless LAN.
Cisco lightweight access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable wireless LAN override on the AP03 802.11a radio:
(Cisco Controller) >
config ap wlan 802.11a AP03
Cisco Wireless Controller Command Reference, Release 8.4
401
config atf 802.11
config atf 802.11
Configure Cisco Air Time Fairness at the network level, at an AP group level, or at an AP radio level by using the config atf 802.11 command.
config atf 802.11{a | b} {mode {disable | monitor | enforce-policy} {[ap-group-name] | [ap-name]}} |
{optimization {enable | disable}}
Syntax Description a b mode disable monitor enforce-policy optimization enable disable
Specifies the 802.11a network settings
Specifies the 802.11b/g network settings
Configures the granularity of Cisco ATF enforcement
Disables Cisco ATF
Configures Cisco ATF in monitor mode
Configures Cisco ATF in enforcement mode
Configures airtime optimization
Enables airtime optimization
Disabled airtime optimization
Command History
Release
8.1
Examples
Modification
This command was introduced
• To configure Cisco ATF in monitor mode on an 802.11a network, enter this command:
(Cisco Controller) >
config atf 802.11a mode monitor
• To enable airtime optimization on an 802.11a network, enter this command:
(Cisco Controller) >
config atf 802.11a optimization enable
402
Cisco Wireless Controller Command Reference, Release 8.4
config atf policy config atf policy
To configure Cisco Air Time Fairness (ATF) policies, use the config atf policy command.
config atf policy {{create policy-id policy-name policy-weight} | {modify {weight policy-weight policy-name}
| {client-sharing {enable | disable} policy-name}} | {delete policy-name}}
Syntax Description create modify delete
client-sharing {enable | disable
policy-name}
policy-id policy-name policy-weight
Creates an air time policy
Modifies an air time policy
Deletes an air time policy
Enables or disables client fair sharing for the specified policy name
Policy ID between 1 and 511
Name of the Cisco ATF policy
Policy weight between 5 and 100
Command History
Release
8.1.122.0
8.2
Examples
Modification
This command was introduced
client-sharing {enable | disable} option was added.
This example shows how to create a Cisco ATF policy:
(Cisco Controller) >
config atf policy create 2 test-policy 70
Cisco Wireless Controller Command Reference, Release 8.4
403
config auth-list add config auth-list add
To create an authorized access point entry, use the config auth-list add command.
config auth-list add {mic | ssc} AP_MAC [AP_key]
Syntax Description mic ssc
AP_MAC
AP_key
Specifies that the access point has a manufacture-installed certificate.
Specifies that the access point has a self-signed certificate.
MAC address of a Cisco lightweight access point.
(Optional) Key hash value that is equal to 20 bytes or
40 digits.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to create an authorized access point entry with a manufacturer-installed certificate on MAC address 00:0b:85:02:0d:20:
(Cisco Controller) >
config auth-list add 00:0b:85:02:0d:20
Related Commands config auth-list delete config auth-list ap-policy
404
Cisco Wireless Controller Command Reference, Release 8.4
config auth-list ap-policy config auth-list ap-policy
To configure an access point authorization policy, use the config auth-list ap-policy command.
config auth-list ap-policy {authorize-ap {enable | disable} | ssc {enable | disable}}
Syntax Description authorize-ap enable authorize-ap disable ssc enable ssc disable
Enables the authorization policy.
Disables the AP authorization policy.
Allows the APs with self-signed certificates to connect.
Disallows the APs with self-signed certificates to connect.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable an access point authorization policy:
(Cisco Controller) >
config auth-list ap-policy authorize-ap enable
The following example shows how to enable an access point with a self-signed certificate to connect:
(Cisco Controller) >
config auth-list ap-policy ssc disable
Related Commands config auth-list delete config auth-list add
Cisco Wireless Controller Command Reference, Release 8.4
405
config auth-list delete config auth-list delete
To delete an access point entry, use the config auth-list delete command.
config auth-list delete AP_MAC
Syntax Description
AP_MAC
MAC address of a Cisco lightweight access point.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to delete an access point entry for MAC address 00:1f:ca:cf:b6:60:
(Cisco Controller) >
config auth-list delete 00:1f:ca:cf:b6:60
Related Commands config auth-list delete config auth-list add config auth-list ap-policy
406
Cisco Wireless Controller Command Reference, Release 8.4
config avc profile create config avc profile create
To create a new Application Visibility and Control (AVC) profile, use the config avc profile create command.
config avc profile profile_name create
Syntax Description
profile_name
create
Name of the AVC profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.
Creates a new AVC profile.
Command Default
None
Command History
Release
7.4
Modification
This command was introduced.
Usage Guidelines
You can configure up to 16 AVC profiles on a controller and associate an AVC profile with multiple WLANs.
You can configure only one AVC profile per WLAN and each AVC profile can have up to 32 rules. Each rule states a Mark or Drop action for an application, which allows you to configure up to 32 application actions per WLAN.
Examples
The following example shows how to create a new AVC profile:
(Cisco Controller) >
config avc profile avcprofile1 create
Related Commands config avc profile delete config avc profile rule config wlan avc show avc profile show avc applications show avc statistics debug avc error debug avc events
Cisco Wireless Controller Command Reference, Release 8.4
407
config avc profile delete config avc profile delete
To delete an Application Visibility and Control (AVC) profile, use the config avc profile delete command.
config avc profile profile_name delete
Syntax Description
profile_name
delete
Name of the AVC profile.
Deletes an AVC profile.
Command Default
The AVC profile is not deleted.
Command History
Release
7.4
Modification
This command was introduced.
Examples
The following example shows how to delete an AVC profile:
(Cisco Controller) >
config avc profile avcprofile1 delete
Related Commands config avc profile create config avc profile rule config wlan avc show avc profile summary show avc profile detailed debug avc error debug avc events
408
Cisco Wireless Controller Command Reference, Release 8.4
config avc profile rule config avc profile rule
To configure a rule for an Application Visibility and Control (AVC) profile, use the config avc profile rule command.
config avc profile profile_name rule {add | remove} application application_name {drop | mark dscp}
Syntax Description
profile_name
rule add remove application
application_name
drop mark
dscp
Name of the AVC profile.
Configures a rule for the AVC profile.
Creates a rule for the AVC profile.
Deletes a rule for the AVC profile.
Specifies the application that has to be dropped or marked.
Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
Drops the upstream and downstream packets that correspond to the chosen application.
Marks the upstream and downstream packets that correspond to the chosen application with the Differentiated Services Code Point (DSCP) value that you specify in the drop-down list. The DSCP value helps you provide differentiated services based on the QoS levels.
Packet header code that is used to define the QoS across the Internet. The range is from 0 to 63.
Command Default
None
Command History
Release
7.4
Modification
This command was introduced.
Examples
The following example shows how to configure a rule for an AVC profile:
(Cisco Controller) >
config avc profile avcprofile1 rule add application gmail mark 10
Related Commands config avc profile delete
Cisco Wireless Controller Command Reference, Release 8.4
409
config avc profile rule config avc profile create config wlan avc show avc profile show avc applications show avc statistics debug avc error debug avc events
410
Cisco Wireless Controller Command Reference, Release 8.4
config band-select cycle-count config band-select cycle-count
To set the band select probe cycle count, use the config band-select cycle-count command.
config band-select cycle-count count
Syntax Description
count
Value for the cycle count between 1 to 10.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the probe cycle count for band select to 8:
(Cisco Controller) >
config band-select cycle-count 8
Related Commands config band-select cycle-threshold config band-select expire config band-select client-rssi
Cisco Wireless Controller Command Reference, Release 8.4
411
config band-select cycle-threshold config band-select cycle-threshold
To set the time threshold for a new scanning cycle, use the config band-select cycle-threshold command.
config band-select cycle-threshold threshold
Syntax Description
threshold
Value for the cycle threshold between 1 and 1000 milliseconds.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the time threshold for a new scanning cycle with threshold value of
700 milliseconds:
(Cisco Controller) >
config band-select cycle-threshold 700
Related Commands config band-select cycle-count config band-select expire config band-select client-rssi
412
Cisco Wireless Controller Command Reference, Release 8.4
config band-select expire config band-select expire
To set the entry expire for band select, use the config band-select expire command.
config band-select expire {suppression | dual-band} seconds
Syntax Description suppression dual-band
seconds
Sets the suppression expire to the band select.
Sets the dual band expire to the band select.
• Value for suppression between 10 to 200 seconds.
• Value for a dual-band between 10 to 300 seconds.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the suppression expire to 70 seconds:
(Cisco Controller) >
config band-select expire suppression 70
Related Commands config band-select cycle-threshold config band-select client-rssi config band-select cycle-count
Cisco Wireless Controller Command Reference, Release 8.4
413
config band-select client-rssi config band-select client-rssi
To set the client received signal strength indicator (RSSI) threshold for band select, use the config band-select
client-rssi command.
config band-select client-rssi rssi
Syntax Description
rssi
Minimum dBM of a client RSSI to respond to probe between
20 and 90.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the RSSI threshold for band select to 70:
(Cisco Controller) >
config band-select client-rssi 70
Related Commands config band-select cycle-threshold config band-select expire config band-select cycle-count
414
Cisco Wireless Controller Command Reference, Release 8.4
config boot config boot
To change a Cisco wireless LAN controller boot option, use the config boot command.
config boot {primary | backup}
Syntax Description primary backup
Sets the primary image as active.
Sets the backup image as active.
Command Default
The default boot option is primary.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Each Cisco wireless LAN controller can boot off the primary, last-loaded operating system image (OS) or boot off the backup, earlier-loaded OS image.
Examples
The following example shows how to set the primary image as active so that the LAN controller can boot off the primary, last loaded image:
(Cisco Controller) >
config boot primary
The following example shows how to set the backup image as active so that the LAN controller can boot off the backup, earlier loaded OS image:
(Cisco Controller) >
config boot backup
Related Commands show boot
Cisco Wireless Controller Command Reference, Release 8.4
415
config call-home contact email address config call-home contact email address
To configure the call-home contact email address, use the config call-home contact-email-addr command.
config call-home contact-email-addr email-address
Syntax Description
email-address
call-home contact email address
Command History
Examples
Release
8.2
Modification
This command was introduced.
The following example shows how to add call-home contact email address:
(Cisco Controller) >
config call-home contact-email-addr [email protected]
416
Cisco Wireless Controller Command Reference, Release 8.4
config call-home events config call-home events
To enable or disable the call-home event reporting, use the call-home events command.
config call-home events {enable | disable}
Syntax Description enable disable
Enables the call-home event reporting.
Disables the call-home event reporting.
Command Default
Enable
Command History
Examples
Release
8.2
Modification
This command was introduced.
The following example shows how to disable call-home event reporting:
(Cisco Controller) >
config call-home events disable
Cisco Wireless Controller Command Reference, Release 8.4
417
config call-home http-proxy ipaddr config call-home http-proxy ipaddr
To configure the http proxy address for reporting, use the config call-home http-proxy ipaddr command.
config call-home http-proxy ipaddr ip-address port port
Syntax Description
ip-address port
the http-proxy IP address the http-proxy port number
Command History
Examples
Release
8.2
Modification
This command was introduced.
The following example shows how to configure call home with the http-proxy IP address:
(Cisco Controller) >
config call-home http-proxy ipaddr 209.165.200.224 port 773
418
Cisco Wireless Controller Command Reference, Release 8.4
config call-home http-proxy ipaddr 0.0.0.0
config call-home http-proxy ipaddr 0.0.0.0
To reset the http proxy settings for reporting, use the config call-home http-proxy ipaddr 0.0.0.0 command.
config call-home http-proxy ipaddr 0.0.0.0
Syntax Description
0.0.0.0
resets the http-proxy settings
Command History
Examples
Release
8.2
Modification
This command was introduced.
The following example shows how to reset call home http-proxy settings:
(Cisco Controller) >
config call-home http-proxy ipaddr 0.0.0.0
Cisco Wireless Controller Command Reference, Release 8.4
419
config call-home profile config call-home profile
To create, update the call-home profile, use the config call-home profile command.
config call-home profile {create | update } profile-name {sm-license-data | all | call-home-data}{short-text
| long-text | xml } url
Syntax Description create update sm-license-data all call-home-data short-text long-text xml
url
create a Call-Home profile updates a Call-Home profile
Configures Smart license reporting profile
Configures reporting profile for all modules
Configures call home data reporting profile
Configures data reporting in short-text format
Configures data reporting in long-text format
Configures data reporting in XML format url name
Command History
Examples
Release
8.2
Modification
This command was introduced.
The following example shows how to create a xml format reporting Call-Home profile:
(Cisco Controller) >
config call-home profile create example-profile sm-license-data xml internal.example.com
420
Cisco Wireless Controller Command Reference, Release 8.4
config call-home profile delete config call-home profile delete
To delete the call-home profile, use the config call-home profile delete command.
config call-home profile delete profile-name
Syntax Description
profile-name
Call-Home profile to be deleted.
Command History
Examples
Release
8.2
Modification
This command was introduced.
The following example shows how to delete a Call-Home profile:
(Cisco Controller) >
config call-home profile delete example-profile
Cisco Wireless Controller Command Reference, Release 8.4
421
config call-home profile status config call-home profile status
To enable or disable the user profile, use the config call-home profile status command.
config call-home profile status {enable | disable}
Syntax Description enable disable
enables the status of call-home profile disables the status of call-home profile
Command History
Examples
Release
8.2
Modification
This command was introduced.
The following example shows how to disable a Call-Home profile:
(Cisco Controller) >
config call-home profile status disable
422
Cisco Wireless Controller Command Reference, Release 8.4
config call-home reporting config call-home reporting
To set the privacy level for data reporting, use the config call-home reporting data-privacy level command.
config call-home reporting data-privacy level {normal | high}hostname host name
Syntax Description normal high hostname
scrubs all normal-level commands scrubs all normal-level commands, the IP domain name and
IP address commands scrubs all high-level commands plus the hostname command
Command History
Examples
Release
8.2
Modification
This command was introduced.
The following example shows how to configure normal privacy level:
(Cisco Controller) >
config call-home reporting data-privacy- level normal hostname internal.example.com
Cisco Wireless Controller Command Reference, Release 8.4
423
config call-home tac-profile config call-home tac-profile
To enable or disable the tac-profile, use the config call-home tac-profile status command.
config call-home tac-profile status{enable | disable}
Syntax Description enable disable
enables call-home TAC profile.
disables call-home TAC profile.
Command Default
Enable
Command History
Examples
Release
8.2
Modification
This command was introduced.
The following example shows how to disable call home tac-profile:
(Cisco Controller) >
config call-home tac-profile status disable
424
Cisco Wireless Controller Command Reference, Release 8.4
config cdp config cdp
To configure the Cisco Discovery Protocol (CDP) on the controller, use the config cdp command.
config cdp {enable | disable | advertise-v2 {enable | disable} | timerseconds | holdtime holdtime_interval}
Syntax Description enable disable advertise-v2 timer
seconds
holdtime
holdtime_interval
Enables CDP on the controller.
Disables CDP on the controller.
Configures CDP version 2 advertisements.
Configures the interval at which CDP messages are to be generated.
Time interval at which CDP messages are to be generated. The range is from 5 to 254 seconds.
Configures the amount of time to be advertised as the time-to-live value in generated CDP packets.
Maximum hold timer value. The range is from
10 to 255 seconds.
Command Default
The default value for CDP timer is 60 seconds.
The default value for CDP holdtime is 180 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the CDP maximum hold timer to 150 seconds:
(Cisco Controller) >
config cdp timer 150
Related Commands config ap cdp show cdp show ap cdp
Cisco Wireless Controller Command Reference, Release 8.4
425
config certificate config certificate
To configure Secure Sockets Layer (SSL) certificates, use the config certificate command.
config certificate {generate {csr-webadmin | csr-webauth | webadmin | webauth}
Syntax Description generate csr-webadmin csr-webauth webadmin webauth
Specifies authentication certificate generation settings.
Generates a new web administration certificate signing request
Generates a new web authentication signing request
Generates a new web administration certificate.
Generates a new web authentication certificate.
Command Default
None
Command History
Examples
Release
7.6
8.3
Modification
This command was introduced in a release earlier than Release 7.6.
This command was enhanced with new keywords in Release 8.3.
The following example shows how to generate a new web administration SSL certificate:
(Cisco Controller) >
config certificate generate webadmin
Creating a certificate may take some time. Do you wish to continue? (y/n)
426
Cisco Wireless Controller Command Reference, Release 8.4
config certificate lsc config certificate lsc
To configure Locally Significant Certificate (LSC) certificates, use the config certificate lsc command.
config certificate lsc {enable | disable | ca-server http://url:port/path | ca-cert {add | delete} |
subject-params country state city orgn dept email | other-params keysize} | ap-provision {auth-list {add
| delete} ap_mac | revert-cert retries}
Syntax Description enable disable ca-server
http://url:port/path
ca-cert add delete subject-params
country state city orgn dept email
other-params
keysize
ap-provision auth-list
ap_mac
revert-cert
retries
Enables LSC certificates on the controller.
Disables LSC certificates on the controller.
Specifies the Certificate Authority (CA) server settings.
Domain name or IP address of the CA server.
Specifies CA certificate database settings.
Obtains a CA certificate from the CA server and adds it to the controller’s certificate database.
Deletes a CA certificate from the controller’s certificate database.
Specifies the device certificate settings.
Country, state, city, organization, department, and email of the certificate authority.
Note
The common name (CN) is generated automatically on the access point using the current MIC/SSC format Cxxxx-MacAddr, where xxxx is the product number.
Specifies the device certificate key size settings.
Value from 384 to 2048 (in bits); the default value is 2048.
Specifies the access point provision list settings.
Specifies the provision list authorization settings.
MAC address of access point to be added or deleted from the provision list.
Specifies the number of times the access point attempts to join the controller using an LSC before reverting to the default certificate.
Value from 0 to 255; the default value is 3.
Note
If you set the number of retries to 0 and the access point fails to join the controller using an LSC, the access point does not attempt to join the controller using the default certificate. If you are configuring LSC for the first time, we recommend that you configure a nonzero value.
Cisco Wireless Controller Command Reference, Release 8.4
427
config certificate lsc
Command Default
The default value of keysize is 2048 bits. The default value of retries is 3.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You can configure only one CA server. To configure a different CA server, delete the configured CA server by using the config certificate lsc ca-server delete command, and then configure a different CA server.
If you configure an access point provision list, only the access points in the provision list are provisioned when you enable AP provisioning (in Step 8). If you do not configure an access point provision list, all access points with an MIC or SSC certificate that join the controller are LSC provisioned.
Examples
The following example shows how to enable the LSC settings:
(Cisco Controller) >
config certificate lsc enable
This example shows how to enable the LSC settings for Certificate Authority (CA) server settings:
(Cisco Controller) >
config certificate lsc ca-server http://10.0.0.1:8080/caserver
The following example shows how to add a CA certificate from the CA server and add it to the controller’s certificate database:
(Cisco Controller) >
config certificate lsc ca-cert add
The following example shows how to configure an LSC certificate with the keysize of 2048 bits:
(Cisco Controller) >
config certificate lsc keysize 2048
428
Cisco Wireless Controller Command Reference, Release 8.4
config certificate ssc config certificate ssc
To configure Self Signed Certificates (SSC) certificates, use the config certificate ssc command.
config certificate ssc hash validation {enable | disable}
Syntax Description hash validation enable disable
Configures the SSC hash key.
Configures hash validation of the SSC certificate.
Enables hash validation of the SSC certificate.
Disables hash validation of the SSC certificate.
Command Default
The SSC certificate is enabled by default..
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
When you enable the SSC hash validation, an AP validates the SSC certificate of the virtual controller. When an AP validates the SSC certificate, it checks if the hash key of the virtual controller matches the hash key stored in its flash. If a match is found, the validation passes and the AP moves to the Run state. If a match is not found, the validation fails and the AP disconnects from the controller and restarts the discovery process.
By default, hash validation is enabled. Hence, an AP must have the virtual controller hash key in its flash before associating with the virtual controller. If you disable hash validation of the SSC certificate, the AP bypasses the hash validation and directly moves to the Run state.
APs can associate with a physical controller, download the hash keys and then associate with a virtual controller.
If the AP is associated to a physical controller and if hash validation is disabled, it joins any virtual controller without hash validation.
Examples
The following example shows how to enable hash validation of the SSC certificate:
(Cisco Controller) >
config certificate ssc hash validation enable
Related Commands show certificate ssc show mobility group member config mobility group member hash config certificate
Cisco Wireless Controller Command Reference, Release 8.4
429
config certificate ssc show certificate compatibility show certificate lsc show certificate summary show local-auth certificates
430
Cisco Wireless Controller Command Reference, Release 8.4
config certificate use-device-certificate webadmin config certificate use-device-certificate webadmin
To use a device certificate for web administration, use the config certificate use-device-certificate webadmin command.
config certificate use-device-certificate webadmin
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to use a device certificate for web administration:
(Cisco Controller) >
config certificate use-device-certificate webadmin
Use device certificate for web administration. Do you wish to continue? (y/n) y
Using device certificate for web administration.
Save configuration and restart controller to use new certificate.
Related Commands config certificate show certificate compatibility show certificate lsc show certificate ssc show certificate summary show local-auth certificates
Cisco Wireless Controller Command Reference, Release 8.4
431
config client ccx clear-reports config client ccx clear-reports
To clear the client reporting information, use the config client ccx clear-reports command.
config client ccx clear-reports client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to clear the reporting information of the client MAC address
00:1f:ca:cf:b6:60:
(Cisco Controller) >
config client ccx clear-reports 00:1f:ca:cf:b6:60
432
Cisco Wireless Controller Command Reference, Release 8.4
config client ccx clear-results config client ccx clear-results
To clear the test results on the controller, use the config client ccx clear-results command.
config client ccx clear-results client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to clear the test results of the client MAC address 00:1f:ca:cf:b6:60:
(Cisco Controller) >
config client ccx clear-results 00:1f:ca:cf:b6:60
Cisco Wireless Controller Command Reference, Release 8.4
433
config client ccx default-gw-ping config client ccx default-gw-ping
To send a request to the client to perform the default gateway ping test, use the config client ccx
default-gw-ping command.
config client ccx default-gw-ping client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This test does not require the client to use the diagnostic channel.
Examples
The following example shows how to send a request to the client00:0b:85:02:0d:20 to perform the default gateway ping test:
(Cisco Controller) >
config client ccx default-gw-ping 00:0b:85:02:0d:20
434
Cisco Wireless Controller Command Reference, Release 8.4
config client ccx dhcp-test config client ccx dhcp-test
To send a request to the client to perform the DHCP test, use the config client ccx dhcp-test command.
config client ccx dhcp-test client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This test does not require the client to use the diagnostic channel.
Examples
The following example shows how to send a request to the client 00:E0:77:31:A3:55 to perform the DHCP test:
(Cisco Controller) >
config client ccx dhcp-test 00:E0:77:31:A3:55
Cisco Wireless Controller Command Reference, Release 8.4
435
config client ccx dns-ping config client ccx dns-ping
To send a request to the client to perform the Domain Name System (DNS) server IP address ping test, use the config client ccx dns-ping command.
config client ccx dns-ping client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This test does not require the client to use the diagnostic channel.
Examples
The following example shows how to send a request to a client to perform the DNS server IP address ping test:
(Cisco Controller) >
config client ccx dns-ping 00:E0:77:31:A3:55
436
Cisco Wireless Controller Command Reference, Release 8.4
config client ccx dns-resolve config client ccx dns-resolve
To send a request to the client to perform the Domain Name System (DNS) resolution test to the specified hostname, use the config client ccx dns-resolve command.
config client ccx dns-resolve client_mac_address host_name
Syntax Description
client_mac_address host_name
MAC address of the client.
Hostname of the client.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This test does not require the client to use the diagnostic channel.
Examples
The following example shows how to send a request to the client 00:E0:77:31:A3:55 to perform the DNS name resolution test to the specified hostname:
(Cisco Controller) >
config client ccx dns-resolve 00:E0:77:31:A3:55 host_name
Cisco Wireless Controller Command Reference, Release 8.4
437
config client ccx get-client-capability config client ccx get-client-capability
To send a request to the client to send its capability information, use the config client ccx get-client-capability command.
config client ccx get-client-capability client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to send a request to the client 172.19.28.40 to send its capability information:
(Cisco Controller) >
config client ccx get-client-capability 172.19.28.40
438
Cisco Wireless Controller Command Reference, Release 8.4
config client ccx get-manufacturer-info config client ccx get-manufacturer-info
To send a request to the client to send the manufacturer’s information, use the config client ccx
get-manufacturer-info command.
config client ccx get-manufacturer-info client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to send a request to the client 172.19.28.40 to send the manufacturer’s information:
(Cisco Controller) >
config client ccx get-manufacturer-info 172.19.28.40
Cisco Wireless Controller Command Reference, Release 8.4
439
config client ccx get-operating-parameters config client ccx get-operating-parameters
To send a request to the client to send its current operating parameters, use the config client ccx
get-operating-parameters command.
config client ccx get-operating-parameters client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to send a request to the client 172.19.28.40 to send its current operating parameters:
(Cisco Controller) >
config client ccx get-operating-parameters 172.19.28.40
440
Cisco Wireless Controller Command Reference, Release 8.4
config client ccx get-profiles config client ccx get-profiles
To send a request to the client to send its profiles, use the config client ccx get-profiles command.
config client ccx get-profiles client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to send a request to the client 172.19.28.40 to send its profile details:
(Cisco Controller) >
config client ccx get-profiles 172.19.28.40
Cisco Wireless Controller Command Reference, Release 8.4
441
config client ccx log-request config client ccx log-request
To configure a Cisco client eXtension (CCX) log request for a specified client device, use the config client
ccx log-request command.
config client ccx log-request {roam | rsna | syslog} client_mac_address
Syntax Description roam rsna syslog
client_mac_address
(Optional) Specifies the request to specify the client CCX roaming log.
(Optional) Specifies the request to specify the client CCX RSNA log.
(Optional) Specifies the request to specify the client CCX system log.
MAC address of the client.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to specify the request to specify the client CCS system log:
(Cisco Controller) >
config client ccx log-request syslog 00:40:96:a8:f7:98
Tue Oct 05 13:05:21 2006
SysLog Response LogID=1: Status=Successful
Event Timestamp=121212121212
Client SysLog = 'This is a test syslog 2'
Event Timestamp=121212121212
Client SysLog = 'This is a test syslog 1'
Tue Oct 05 13:04:04 2006
SysLog Request LogID=1
The following example shows how to specify the client CCX roaming log:
(Cisco Controller) >
config client ccx log-request roam 00:40:96:a8:f7:98
Thu Jun 22 11:55:14 2006
Roaming Response LogID=20: Status=Successful
Event Timestamp=121212121212
Source BSSID=00:40:96:a8:f7:98, Target BSSID=00:0b:85:23:26:70,
Transition Time=100(ms)
Transition Reason: Unspecified Transition Result: Success
Thu Jun 22 11:55:04 2006
Roaming Request LogID=20
Thu Jun 22 11:54:54 2006
Roaming Response LogID=19: Status=Successful
Event Timestamp=121212121212
Source BSSID=00:40:96:a8:f7:98, Target BSSID=00:0b:85:23:26:70,
442
Cisco Wireless Controller Command Reference, Release 8.4
config client ccx log-request
Transition Time=100(ms)
Transition Reason: Unspecified Transition Result: Success
Thu Jun 22 11:54:33 2006 Roaming Request LogID=19
The following example shows how to specify the client CCX RSNA log:
(Cisco Controller) >
config client ccx log-request rsna 00:40:96:a8:f7:98
Tue Oct 05 11:06:48 2006
RSNA Response LogID=2: Status=Successful
Event Timestamp=242424242424
Target BSSID=00:0b:85:23:26:70
RSNA Version=1
Group Cipher Suite=00-x0f-ac-01
Pairwise Cipher Suite Count = 2
Pairwise Cipher Suite 0 = 00-0f-ac-02
Pairwise Cipher Suite 1 = 00-0f-ac-04
AKM Suite Count = 2
KM Suite 0 = 00-0f-ac-01
KM Suite 1 = 00-0f-ac-02
SN Capability = 0x1
PMKID Count = 2
PMKID 0 = 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16
PMKID 1 = 0a 0b 0c 0d 0e 0f 17 18 19 20 1a 1b 1c 1d 1e 1f
802.11i Auth Type: EAP_FAST
RSNA Result: Success
Cisco Wireless Controller Command Reference, Release 8.4
443
config client ccx send-message config client ccx send-message
To send a message to the client, use the config client ccx send-message command.
config client ccx send-message client_mac_address message_id
Syntax Description
client_mac_address
MAC address of the client.
444
Cisco Wireless Controller Command Reference, Release 8.4
config client ccx send-message
message_id
Message type that involves one of the following:
• 1—The SSID is invalid.
• 2—The network settings are invalid.
• 3—There is a WLAN credibility mismatch.
• 4—The user credentials are incorrect.
• 5—Please call support.
• 6—The problem is resolved.
• 7—The problem has not been resolved.
• 8—Please try again later.
• 9—Please correct the indicated problem.
• 10—Troubleshooting is refused by the network.
• 11—Retrieving client reports.
• 12—Retrieving client logs.
• 13—Retrieval complete.
• 14—Beginning association test.
• 15—Beginning DHCP test.
• 16—Beginning network connectivity test.
• 17—Beginning DNS ping test.
• 18—Beginning name resolution test.
• 19—Beginning 802.1X authentication test.
• 20—Redirecting client to a specific profile.
• 21—Test complete.
• 22—Test passed.
• 23—Test failed.
• 24—Cancel diagnostic channel operation or select a WLAN profile to resume normal operation.
• 25—Log retrieval refused by the client.
• 26—Client report retrieval refused by the client.
• 27—Test request refused by the client.
• 28—Invalid network (IP) setting.
• 29—There is a known outage or problem with the network.
• 30—Scheduled maintenance period.
(continued on next page)
Cisco Wireless Controller Command Reference, Release 8.4
445
config client ccx send-message
message_type (cont.)
• 31—The WLAN security method is not correct.
• 32—The WLAN encryption method is not correct.
• 33—The WLAN authentication method is not correct.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to send a message to the client MAC address 172.19.28.40 with the message user-action-required:
(Cisco Controller) >
config client ccx send-message 172.19.28.40 user-action-required
446
Cisco Wireless Controller Command Reference, Release 8.4
config client ccx stats-request config client ccx stats-request
To send a request for statistics, use the config client ccx stats-request command.
config client ccx stats-request measurement_duration {dot11 | security} client_mac_address
Syntax Description
measurement_duration
dot11 security
client_mac_address
Measurement duration in seconds.
(Optional) Specifies dot11 counters.
(Optional) Specifies security counters.
MAC address of the client.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to specify dot11 counter settings:
(Cisco Controller) >
config client ccx stats-request 1 dot11 00:40:96:a8:f7:98
Measurement duration = 1 dot11TransmittedFragmentCount = 1 dot11MulticastTransmittedFrameCount = 2 dot11FailedCount = 3 dot11RetryCount dot11MultipleRetryCount dot11FrameDuplicateCount dot11RTSSuccessCount dot11RTSFailureCount dot11ACKFailureCount dot11ReceivedFragmentCount dot11MulticastReceivedFrameCount dot11FCSErrorCount dot11TransmittedFrameCount
= 4
= 5
= 6
= 7
= 8
= 9
= 10
= 11
= 12
= 13
Cisco Wireless Controller Command Reference, Release 8.4
447
config client ccx test-abort config client ccx test-abort
To send a request to the client to abort the current test, use the config client ccx test-abort command.
config client ccx test-abort client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Only one test can be pending at a time.
Examples
The following example shows how to send a request to a client to abort the correct test settings:
(Cisco Controller) >
config client ccx test-abort 11:11:11:11:11:11
448
Cisco Wireless Controller Command Reference, Release 8.4
config client ccx test-association config client ccx test-association
To send a request to the client to perform the association test, use the config client ccx test-association command.
config client ccx test-association client_mac_address ssid bssid 802.11{a | b | g} channel
Syntax Description
client_mac_address ssid bssid
802.11a
802.11b
802.11g
channel
MAC address of the client.
Network name.
Basic SSID.
Specifies the 802.11a network.
Specifies the 802.11b network.
Specifies the 802.11g network.
Channel number.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to send a request to the client MAC address 00:0E:77:31:A3:55 to perform the basic SSID association test:
(Cisco Controller) >
config client ccx test-association 00:E0:77:31:A3:55 ssid bssid 802.11a
Cisco Wireless Controller Command Reference, Release 8.4
449
config client ccx test-dot1x config client ccx test-dot1x
To send a request to the client to perform the 802.1x test, use the config client ccx test-dot1x command.
config client ccx test-dot1x client_mac_address profile_id bssid 802.11 {a | b | g} channel
Syntax Description
client_mac_address profile_id bssid
802.11a
802.11b
802.11g
channel
MAC address of the client.
Test profile name.
Basic SSID.
Specifies the 802.11a network.
Specifies the 802.11b network.
Specifies the 802.11g network.
Channel number.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to send a request to the client to perform the 802.11b test with the profile name profile_01:
(Cisco Controller) >
config client ccx test-dot1x 172.19.28.40 profile_01 bssid 802.11b
450
Cisco Wireless Controller Command Reference, Release 8.4
config client ccx test-profile config client ccx test-profile
To send a request to the client to perform the profile redirect test, use the config client ccx test-profile command.
config client ccx test-profile client_mac_address profile_id
Syntax Description
client_mac_address profile_id
MAC address of the client.
Test profile name.
Note
The profile_id should be from one of the client profiles for which client reporting is enabled.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to send a request to the client to perform the profile redirect test with the profile name profile_01:
(Cisco Controller) >
config client ccx test-profile 11:11:11:11:11:11 profile_01
Cisco Wireless Controller Command Reference, Release 8.4
451
config client deauthenticate config client deauthenticate
To disconnect a client, use the config client deauthenticate command.
config client deauthenticate {MAC | IPv4/v6_address | user_name}
Syntax Description
MAC
IPv4/v6_address user_name
Client MAC address.
IPv4 or IPv6 address.
Client user name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to deauthenticate a client using its MAC address:
(Cisco Controller) >
config client deauthenticate 11:11:11:11:11
452
Cisco Wireless Controller Command Reference, Release 8.4
config client location-calibration config client location-calibration
To configure link aggregation, use the config client location-calibration command.
config client location-calibration {enable mac_address interval | disable mac_address}
Syntax Description enable
mac_address interval
disable
(Optional) Specifies that client location calibration is enabled.
MAC address of the client.
Measurement interval in seconds.
(Optional) Specifies that client location calibration is disabled.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the client location calibration for the client 37:15:85:2a with a measurement interval of 45 seconds:
(Cisco Controller) >
config client location-calibration enable 37:15:86:2a:Bc:cf 45
Cisco Wireless Controller Command Reference, Release 8.4
453
config client profiling delete config client profiling delete
To delete client profile , use the config client profiling command.
config client profiling delete {mac_address}
Syntax Description
mac_address
MAC address of the client.
Command History
Release
8.2
Modification
This command was introduced in this release.
Examples
The following example shows how to delete a client profile:
(Cisco Controller) >
config client profiling delete 37:15:86:2a:Bc:cf
Note
Executing the above command changes the Device Type to "Unknown". The Client does not get deleted but instead the profiling info of the client is removed, and retains the client as it is still associated. There is no confirmation message from the CLI, due to architecture limitation of the Cisco WLC.
454
Cisco Wireless Controller Command Reference, Release 8.4
config cloud-services cmx config cloud-services cmx
To enable or disable CMX Cloud Services, use the config cloud-services cmx command.
config cloud-services cmx {enable| disable}
Syntax Description enable disable
Enables the CMX Cloud Services
Disables the CMX Cloud Services
Command Default
None
Command History
Examples
Release
8.3
Modification
This command was introduced.
This example shows how to enable the CMX Cloud Services:
(Cisco Controller) >
config cloud-services cmx enable
Cisco Wireless Controller Command Reference, Release 8.4
455
config cloud-services server url config cloud-services server url
To configure the Cloud Server URL, use the config cloud-services server url command.
config cloud-services server url url
Syntax Description
url
Enter the Cloud Server URL.
Command Default
None
Command History
Examples
Release
8.3
Modification
This command was introduced.
This example shows how to configure the Cloud Server URL:
(Cisco Controller) >
config cloud-services server url www.example.com
456
Cisco Wireless Controller Command Reference, Release 8.4
config cloud-services server id-token config cloud-services server id-token
To configure the Cloud Server Id-Token, use the config cloud-services server id-token command.
config cloud-services server id-token id-token
Syntax Description
id-token
Enter the cloud server id-token.
Command Default
None
Command History
Examples
Release
8.3
Modification
This command was introduced.
This example shows how to configure the Cloud Server Id-Token:
(Cisco Controller) >
config cloud-services server id-token dzypisQ2#bo$iAQM
Cisco Wireless Controller Command Reference, Release 8.4
457
config coredump config coredump
To enable or disable the controller to generate a core dump file following a crash, use the config cordump command.
config coredump {enable | disable}
Syntax Description enable disable
Enables the controller to generate a core dump file.
Disables the controller to generate a core dump file.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the controller to generate a core dump file following a crash:
(Cisco Controller) >
config coredump enable
Related Commands config coredump ftp config coredump username show coredump summary
458
Cisco Wireless Controller Command Reference, Release 8.4
config coredump ftp config coredump ftp
To automatically upload a controller core dump file to an FTP server after experiencing a crash, use the config
coredump ftp command.
config coredump ftp server_ip_address filename
Syntax Description
server_ip_address filename
IP address of the FTP server to which the controller sends its core dump file.
Name given to the controller core dump file.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports only IPv4 address format.
Usage Guidelines
The controller must be able to reach the FTP server to use this command.
Examples
The following example shows how to configure the controller to upload a core dump file named
core_dump_controller to an FTP server at network address 192.168.0.13:
(Cisco Controller) >
config coredump ftp 192.168.0.13 core_dump_controller
Related Commands config coredump config coredump username show coredump summary
Cisco Wireless Controller Command Reference, Release 8.4
459
config coredump username config coredump username
To specify the FTP server username and password when uploading a controller core dump file after experiencing a crash, use the config coredump username command.
config coredump username ftp_username password ftp_password
Syntax Description
ftp_username ftp_password
FTP server login username.
FTP server login password.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The controller must be able to reach the FTP server to use this command.
Examples
The following example shows how to specify a FTP server username of admin and password adminpassword for the core dump file upload:
(Cisco Controller) >
config coredump username admin password adminpassword
Related Commands config coredump ftp config coredump show coredump summary
460
Cisco Wireless Controller Command Reference, Release 8.4
config country config country
To configure the controller’s country code, use the config country command.
config country country_code
Syntax Description
country_code
Two-letter or three-letter country code.
Command Default
us (country code of the United States of America).
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Cisco WLCs must be installed by a network administrator or qualified IT professional and the installer must select the proper country code. Following installation, access to the unit should be password protected by the installer to maintain compliance with regulatory requirements and to ensure proper unit functionality. See the related product guide for the most recent country codes and regulatory domains.
You can use the show country command to display a list of supported countries.
Examples
The following example shows how to configure the controller’s country code to DE:
(Cisco Controller) >
config country DE
Cisco Wireless Controller Command Reference, Release 8.4
461
config cts config cts
To enable or disable Cisco TrustSec on Cisco WLC, use the config cts command.
config cts {enable | disable}
Syntax Description enable disable
Enables Cisco TrustSec on the Cisco WLC
Disables Cisco TrustSec on the Cisco WLC
Command Default
By default, Cisco TrustSec is in disabled state.
Command History
Release
8.4
Modification
This command was introduced.
462
Cisco Wireless Controller Command Reference, Release 8.4
config cts ap config cts ap
To configure inline tagging and security group access control list (SGACL) enforcement on APs, use the
config cts ap command.
config cts ap{inline-tagging | sgacl-enforcement} {enable | disable} {ap-name | all}
Syntax Description inline-tagging sgacl-enforcement enable disable
ap-name
all
Configures inline tagging on all the APs or a specific AP
Configures SGACL enforcement on all the APs or a specific AP
Enables the specified feature
Disables the specified feature
Name of the AP for which the specified feature has to be configured
Configures the specified feature for all APs associated with the Cisco
WLC.
Command Default
By default, both inline tagging and SGACL enforcement are in disabled state.
Command History
Release
8.4
Modification
This command was introduced.
Usage Guidelines
Examples
Examples
• Inline tagging is supported only on the APs in FlexConnect mode.
• Inline tagging is not supported on Flex+Bridge 802.11ac lightweight APs.
• Inline tagging and SGACL download or enforcement are not supported on these Cisco WLCs: 5508,
WiSM2, 8510, 7510, and vWLC.
• If you enable SGACL enforcement for all the APs, the configuration is applied on all the APs except for the APs for which Cisco TrustSec override is enabled.
The following example shows how to enable inline tagging on an AP named cisco-flex-ap:
(Cisco Controller) >
config cts ap inline-tagging enable cisco-flex-ap
The following example shows how to enable SGACL enforcement on an AP named cisco-flex-ap:
(Cisco Controller) >
config cts ap sgacl-enforcement enable cisco-flex-ap
Cisco Wireless Controller Command Reference, Release 8.4
463
config cts inline-tag config cts inline-tag
To configure Cisco TrustSec inline tagging for a Cisco WLC, use the config cts inline-tag command.
config cts inline-tag {enable | disable}
Syntax Description inline-tag enable disable
Configures inline tagging for the Cisco WLC
Enables inline tagging
Disables inline tagging
Command Default
By default, inline tagging is in disabled state.
Command History
Release
8.4
Modification
This command was introduced.
Usage Guidelines
Inline tagging is not supported on these Cisco WLCs: 5508, WiSM2, 8510, 7510, and vWLC.
464
Cisco Wireless Controller Command Reference, Release 8.4
config cts ap override config cts ap override
To configure Cisco TrustSec override for an AP, use the config cts ap override command.
config cts ap override {enable | disable} {ap-name}
Syntax Description enable disable
ap-name
Enables CTS override for the corresponding AP
Disables CTS override for the corresponding AP
Name of the AP for which the CTS override has to be configured
Command Default
By default, CTS override for an AP is in disabled state.
Command History
Release
8.4
Modification
This command was introduced.
Usage Guidelines
If you enable SGACL enforcement for all the APs, the configuration is applied on all the APs except the APs for which CTS override is enabled.
Examples
The following example shows how to enable CTS override on an AP named my-cisco-ap:
(Cisco Controller) >
config cts ap override enable my-cisco-ap
Cisco Wireless Controller Command Reference, Release 8.4
465
config cts device-id config cts device-id
To configure a Cisco TrustSec device ID, use the config cts device-id command.
config cts device-id device-id password password
Syntax Description
device-id password
CTS device ID
CTS device ID password
Command Default
None
Command History
Release
8.4
Examples
Modification
This command was introduced.
The following example shows how to configure a CTS device ID:
(Cisco Controller) >
config cts device-id wlc-8540 password Cisco123
466
Cisco Wireless Controller Command Reference, Release 8.4
config cts refresh config cts refresh
To refresh Cisco TrustSec environment data or security group tag (SGT) policy, use the config cts refresh command.
config cts refresh{environment-data} | {policy sgt {all | sgt-tag}}
Syntax Description environment-data policy sgt all
sgt-tag
Refreshes CTS environment data
Refreshes SGT policy
Refreshes all SGT policies
Enter the CTS SGT tag (an integer) to be refreshed
Command Default
None
Command History
Examples
Release
8.4
Modification
This command was introduced.
This example shows how to refresh the SGT policy, Default-65535:
(Cisco Controller) >
config cts refresh policy sgt 65535
Cisco Wireless Controller Command Reference, Release 8.4
467
config cts sxp ap connection delete config cts sxp ap connection delete
To delete an SXPv4 connection peer for all the APs or a specific AP, use the config cts sxp ap connection
delete command.
config cts sxp ap connection delete ip-addr {cisco-ap | all}
Syntax Description
ip-addr cisco-ap
all
SXPv4 IP address of a peer
Name of the AP.
Applies the configuration to all the APs.
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
468
Cisco Wireless Controller Command Reference, Release 8.4
config cts sxp ap connection peer config cts sxp ap connection peer
To configure an SXPv4 peer connection for all the APs or a specific AP, use the config cts sxp ap connection
peer command.
config cts sxp ap connection peer ip-addr password {default | none} mode {both | listener | speaker}
{cisco-ap | all}
Syntax Description
ip-addr
password default none
time-in-seconds
mode both listener speaker
cisco-ap
all
SXPv4 IP address of the peer
Configures password for the SXPv4 peer connection
Uses default pasword for MD5 encryption
Configures SXPv4 without password encryption
Time after which an SXPv4 connection should be tried again after a failure to connect.
Configures mode of the SXPv4 connection
Configures device as both SXP speaker and listener
Configures device as SXP listener
Configures device as SXP speaker
Name of the AP
Applies the configuration to all the APs associated with the corresponding Cisco WLC
Command Default
None
Command History
Examples
Release
8.4
Modification
This command was introduced.
This example shows how to configure an SXPv4 peer connection with a default password and operate in both listener and speaker mode for all the APs associated with the Cisco WLC:
(Cisco Controller) >
config cts sxp ap connection peer 10.165.200.224 password default mode both all
Cisco Wireless Controller Command Reference, Release 8.4
469
config cts sxp ap default password config cts sxp ap default password
To configure the default password for an SXPv4 connection for all the APs or a specific AP, use the config
cts sxp ap default password command.
config cts sxp ap default password password {cisco-ap | all}
Syntax Description
password cisco-ap
all
Default password for SXPv4 connection
Name of the AP
Applies the configuration to all the APs associated with the corresponding Cisco WLC
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
470
Cisco Wireless Controller Command Reference, Release 8.4
config cts sxp ap listener config cts sxp ap listener
To configure SXPv4 listener mode parameters, use the config cts sxp ap listener command.
config cts sxp ap listener hold-time min-hold-time max-hold-time {cisco-ap | all}
Syntax Description
min-hold-time max-hold-time cisco-ap
all
Minimum SXPv4 connection hold time
Maximum SXPv4 connection hold time
Name of the AP for which SXPv4 has to be configured
Configures SXPv4 for all APs associated with the
Cisco WLC
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
Cisco Wireless Controller Command Reference, Release 8.4
471
config cts sxp ap reconciliation period config cts sxp ap reconciliation period
To configure SXPv4 connection reconciliation time period, use the config cts sxp ap reconciliation period command.
config cts sxp ap reconciliation period time-in-seconds {cisco-ap | all}
Syntax Description
time-in-seconds cisco-ap
all
Time interval until when the SXPv4 connection reconciles. Valid range is between 0 and 64000 seconds.
Name of the AP
Applies the configuration to all the APs associated with the Cisco WLC
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
472
Cisco Wireless Controller Command Reference, Release 8.4
config cts sxp ap retry period config cts sxp ap retry period
To configure the interval between SXPv4 connection reattempts, use the config cts sxp ap retry period command.
config cts sxp ap retry period time-in-seconds {cisco-ap | all}
Syntax Description
time-in-seconds cisco-ap
all
Time after which an SXPv4 connection should be attempted again for after a failure to connect. Valid range is between 0 and 64000 seconds.
Name of the AP
Applies the configuration to all the APs associated with the corresponding Cisco
WLC
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
Cisco Wireless Controller Command Reference, Release 8.4
473
config cts sxp ap speaker config cts sxp ap speaker
To configure SXPv4 speaker mode parameters, use the config cts sxp ap speaker command.
config cts sxp ap speaker hold-time time-in-seconds {cisco-ap | all}
Syntax Description
time-in-seconds cisco-ap
all
Hold time interval, in seconds. Valid range is between
1 and 65534 seconds.
Name of the AP for which SXPv4 has to be configured
Configures SXPv4 for all APs associated with the corresponding Cisco WLC
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
474
Cisco Wireless Controller Command Reference, Release 8.4
config cts sxp config cts sxp
To enable or disable Cisco TrustSec SXP on a Cisco WLC, use the config cts sxp command.
config cts sxp {enable | disable}
Syntax Description enable disable
Enables Cisco TrustSec SXP on the Cisco WLC
Disables Cisco TrustSec SXP on the Cisco WLC
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
475
config cts sxp connection config cts sxp connection
To configure the CTS SXP connection on the Cisco WLC, use the config cts sxp connection command.
config cts sxp connection {delete | peer} ipv4-addr
Syntax Description delete peer
ipv4-addr
Deletes the SXP connection
Configures the next hop switch with which the Cisco WLC is connected
IPv4 address of the SXP connection
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
476
Cisco Wireless Controller Command Reference, Release 8.4
config cts sxp default password config cts sxp default password
To configure the default password for CTS SXP, use the config cts sxp default password command.
config cts sxp default password password
Syntax Description
password
Default password for MD5 Authentication of SXP messages. The password should contain a minimum of six characters.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
477
config cts sxp retry period config cts sxp retry period
To configure the interval between CTS SXP connection reattempts, use the config cts sxp retry period command.
config cts sxp retry period time-in-seconds
Syntax Description
time-in-seconds
Time after which a CTS SXP connection should be attempted again for after a failure to connect. Valid range is between 0 and 64000 seconds.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
478
Cisco Wireless Controller Command Reference, Release 8.4
config cts sxp version config cts sxp version
To configure the CTS SXP connection version, use the config cts sxp version command.
config cts sxp version version-1-or-2
Syntax Description
version-1-or-2
Enter the SXP version. Valid values are 1 and 2
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
Cisco Wireless Controller Command Reference, Release 8.4
479
config cts sxp config cts sxp
To configure Cisco TrustSec SXP (CTS) connections on the controller, use the config cts sxp command.
config cts sxp {enable | disable | connection {delete | peer} | default password password | retry period
time-in-seconds}
Syntax Description enable disable connection delete peer
ip-address
default password
password
retry period
time-in-seconds
Enables CTS connections on the controller.
Disables CTS connections on the controller.
Configures CTS connection on the controller.
Deletes the CTS connection on the controller.
Configures the next hop switch with which the controller is connected.
Only IPv4 address of the peer.
Configures the default password for MD5 authentication of SXP messages.
Default password for MD5 Authentication of SXP messages. The password should contain a minimum of six characters.
Configures the SXP retry period.
Time after which a CTS connection should be again tried for after a failure to connect.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
For release 8.0, only IPv4 is supported for TrustSec SXP configuration.
480
Cisco Wireless Controller Command Reference, Release 8.4
Examples
The following example shows how to enable CTS on the controller:
(Cisco Controller) >
config cts sxp enable
The following example shows how to configure a peer for a CTS connection:
>
config cts sxp connection peer 209.165.200.224
Related Commands debug cts sxp config cts sxp
Cisco Wireless Controller Command Reference, Release 8.4
481
config custom-web ext-webauth-mode config custom-web ext-webauth-mode
To configure external URL web-based client authorization for the custom-web authentication page, use the
config custom-web ext-webauth-mode command.
config custom-web ext-webauth-mode {enable | disable}
Syntax Description enable disable
Enables the external URL web-based client authorization.
Disables the external URL we-based client authentication.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the external URL web-based client authorization:
(Cisco Controller) >
config custom-web ext-webauth-mode enable
Related Commands config custom-web redirectUrl config custom-web weblogo config custom-web webmessage config custom-web webtitle config custom-web ext-webauth-url show custom-web
482
Cisco Wireless Controller Command Reference, Release 8.4
config custom-web ext-webauth-url config custom-web ext-webauth-url
To configure the complete external web authentication URL for the custom-web authentication page, use the
config custom-web ext-webauth-url command.
config custom-web ext-webauth-url URL
Syntax Description
URL
URL used for web-based client authorization.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the complete external web authentication URL http://www.AuthorizationURL.com/ for the web-based client authorization:
(Cisco Controller) >
config custom-web ext-webauth-url http://www.AuthorizationURL.com/
Related Commands config custom-web redirectUrl config custom-web weblogo config custom-web webmessage config custom-web webtitle config custom-web ext-webauth-mode show custom-web
Cisco Wireless Controller Command Reference, Release 8.4
483
config custom-web ext-webserver config custom-web ext-webserver
To configure an external web server, use the config custom-web ext-webserver command.
config custom-web ext-webserver {add index IP_address | delete index}
Syntax Description add
index
IP_address
delete
Adds an external web server.
Index of the external web server in the list of external web server. The index must be a number between 1 and 20.
IP address of the external web server.
Deletes an external web server.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports only IPv4 address format.
Examples
The following example shows how to add the index of the external web server 2 to the IP address of the external web server 192.23.32.19:
(Cisco Controller) >
config custom-web ext-webserver add 2 192.23.32.19
Related Commands config custom-web redirectUrl config custom-web weblogo config custom-web webmessage config custom-web webtitle config custom-web ext-webauth-mode config custom-web ext-webauth-url show custom-web
484
Cisco Wireless Controller Command Reference, Release 8.4
config custom-web logout-popup config custom-web logout-popup
To enable or disable the custom web authentication logout popup, use the config custom-web logout-popup command.
config custom-web logout-popup {enable| disable}
Syntax Description enable disable
Enables the custom web authentication logout popup. This page appears after a successful login or a redirect of the custom web authentication page.
Disables the custom web authentication logout popup.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to disable the custom web authentication logout popup:
(Cisco Controller) >
config custom-web logout-popup disable
Related Commands config custom-web redirectUrl config custom-web weblogo config custom-web webmessage config custom-web webtitle config custom-web ext-webauth-url show custom-web
Cisco Wireless Controller Command Reference, Release 8.4
485
config custom-web qrscan-bypass-opt config custom-web qrscan-bypass-opt
To configure the qrscan bypass authentication options, use the config custom-web qrscan-bypass-opt command.
config custom-web qrscan-bypass-opt timer count
Syntax Description
timer count
Set the duration to bypass the traffic temporarily. The range is between 5 and
60.
Set the number of times the traffic can be bypassed before client rejoins. The range is between 1 and 9.
Command Default
None
Command History
Release
8.4
Examples
Modification
This command was introduced.
The following example shows how to set the custom qrscan bypass timer to 60 and number of times to 3 before the client rejoins:
(Cisco Controller) >
config custom-web qrscan-bypass-opt 60 3
486
Cisco Wireless Controller Command Reference, Release 8.4
config custom-web radiusauth config custom-web radiusauth
To configure the RADIUS web authentication method, use the config custom-web radiusauth command.
config custom-web radiusauth {chap | md5chap | pap}
Syntax Description chap md5chap pap
Configures the RADIUS web authentication method as Challenge Handshake
Authentication Protocol (CHAP).
Configures the RADIUS web authentication method as Message Digest 5 CHAP
(MD5-CHAP).
Configures the RADIUS web authentication method as Password Authentication
Protocol (PAP).
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the RADIUS web authentication method as MD5-CHAP:
(Cisco Controller) >
config custom-web radiusauth md5chap
Related Commands config custom-web redirectUrl config custom-web webmessage config custom-web webtitle config custom-web ext-webauth-mode config custom-web ext-webauth-url show custom-web
Cisco Wireless Controller Command Reference, Release 8.4
487
config custom-web redirectUrl config custom-web redirectUrl
To configure the redirect URL for the custom-web authentication page, use the config custom-web redirectUrl command.
config custom-web redirectUrl URL
Syntax Description
URL
URL that is redirected to the specified address.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the URL that is redirected to abc.com:
(Cisco Controller) >
config custom-web redirectUrl abc.com
Related Commands config custom-web weblogo config custom-web webmessage config custom-web webtitle config custom-web ext-webauth-mode config custom-web ext-webauth-url show custom-web
488
Cisco Wireless Controller Command Reference, Release 8.4
config custom-web sleep-client config custom-web sleep-client
To delete a web-authenticated sleeping client, use the config custom-web sleep-client command.
config custom-web sleep-client delete mac_address
Syntax Description delete
mac_address
Deletes a web-authenticated sleeping client with the help of the client MAC address.
MAC address of the sleeping client.
Command Default
The web-authenticated sleeping client is not deleted.
Command History
Release
7.5
Modification
This command was introduced.
Examples
The following example shows how to delete a web-authenticated sleeping client:
(Cisco Controller) >
config custom-web sleep-client delete 0:18:74:c7:c0:90
Cisco Wireless Controller Command Reference, Release 8.4
489
config custom-web webauth-type config custom-web webauth-type
To configure the type of web authentication, use the config custom-web webauth-type command.
config custom-web webauth-type {internal | customized | external}
Syntax Description internal customized external
Configures the web authentication type to internal.
Configures the web authentication type to customized.
Configures the web authentication type to external.
Command Default
The default web authentication type is internal.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the type of the web authentication type to internal:
(Cisco Controller) >
config custom-web webauth-type internal
Related Commands config custom-web redirectUrl config custom-web webmessage config custom-web webtitle config custom-web ext-webauth-mode config custom-web ext-webauth-url show custom-web
490
Cisco Wireless Controller Command Reference, Release 8.4
config custom-web weblogo config custom-web weblogo
To configure the web authentication logo for the custom-web authentication page, use the config custom-web
weblogo command.
config custom-web weblogo {enable | disable}
Syntax Description enable disable
Enables the web authentication logo settings.
Enable or disable the web authentication logo settings.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the web authentication logo:
(Cisco Controller) >
config custom-web weblogo enable
Related Commands config custom-web redirectUrl config custom-web webmessage config custom-web webtitle config custom-web ext-webauth-mode config custom-web ext-webauth-url show custom-web
Cisco Wireless Controller Command Reference, Release 8.4
491
config custom-web webmessage config custom-web webmessage
To configure the custom web authentication message text for the custom-web authentication page, use the
config custom-web webmessage command.
config custom-web webmessage message
Syntax Description
message
Message text for web authentication.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the message text Thisistheplace for webauthentication:
(Cisco Controller) >
config custom-web webmessage Thisistheplace
Related Commands config custom-web redirectUrl config custom-web weblogo config custom-web webtitle config custom-web ext-webauth-mode config custom-web ext-webauth-url show custom-web
492
Cisco Wireless Controller Command Reference, Release 8.4
config custom-web webtitle config custom-web webtitle
To configure the web authentication title text for the custom-web authentication page, use the config
custom-web webtitle command.
config custom-web webtitle title
Syntax Description
title
Custom title text for web authentication.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the custom title text Helpdesk for web authentication:
(Cisco Controller) >
config custom-web webtitle Helpdesk
Related Commands config custom-web redirectUrl config custom-web weblogo config custom-web webmessage config custom-web ext-webauth-mode config custom-web ext-webauth-url show custom-web
Cisco Wireless Controller Command Reference, Release 8.4
493
config database size config database size
To configure the local database, use the config database size command.
config database size count
Syntax Description
count
Database size value between 512 and 2040
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Use the show database command to display local database configuration.
Examples
The following example shows how to configure the size of the local database:
(Cisco Controller) >
config database size 1024
Related Commands show database
494
Cisco Wireless Controller Command Reference, Release 8.4
config dhcp config dhcp
To configure the internal DHCP, use the config dhcp command.
config dhcp {address-pool scope start end | create-scope scope | default-router scope router_1 [router_2]
[router_3] | delete-scope scope | disable scope | dns-servers scope dns1 [dns2] [dns3] | domain scope
domain | enable scope | lease scope lease_duration | netbios-name-server scope wins1 [wins2] [wins3] |
networkscope network netmask}
config dhcpopt-82 remote-id {ap_mac | ap_mac:ssid | ap-ethmac | apname:ssid | ap-group-name |
flex-group-name | ap-location | apmac-vlan_id | apname-vlan_id | ap-ethmac-ssid }
Syntax Description
address-pool scope start end
create-scope name
default-router scope router_1 [router_2] [router_3]
delete-scope scope
disable scope
dns-servers scope dns1 [dns2] [dns3]
domain scope domain
enable scope
lease scope lease_duration
Configures an address range to allocate.
You must specify the scope name and the first and last addresses of the address range.
Creates a new DHCP scope. You must specify the scope name.
Configures the default routers for the specified scope and specify the
IP address of a router. Optionally, you can specify the IP addresses of secondary and tertiary routers.
Deletes the specified DHCP scope.
Disables the specified DHCP scope.
Configures the name servers for the given scope. You must also specify at least one name server. Optionally, you can specify secondary and tertiary name servers.
Configures the DNS domain name. You must specify the scope and domain names.
Enables the specified dhcp scope.
Configures the lease duration (in seconds) for the specified scope.
Cisco Wireless Controller Command Reference, Release 8.4
495
config dhcp
network scope network netmask
opt-82 remote-id
ap_mac
ap_mac:ssid
ap-ethmac apname:ssid ap-group-name flex-group-name ap-location apmac-vlan_id apname-vlan_id ap-ethmac-ssid
netbios-name-server scope wins1 [wins2] [wins3] Configures the netbios name servers.
You must specify the scope name and the IP address of a name server.
Optionally, you can specify the IP addresses of secondary and tertiary name servers.
Configures the network and netmask.
You must specify the scope name, the network address, and the network mask.
Configures the DHCP option 82 remote
ID field format.
DHCP option 82 provides additional security when DHCP is used to allocate network addresses. The controller acts as a DHCP relay agent to prevent
DHCP client requests from untrusted sources. The controller adds option 82 information to DHCP requests from clients before forwarding the requests to the DHCP server.
MAC address of the access point to the
DHCP option 82 payload.
MAC address and SSID of the access point to the DHCP option 82 payload.
Remote ID format as AP Ethernet MAC address.
Remote ID format as AP name:SSID.
Remote ID format as AP group name.
Remote ID format as FlexConnect group name .
Remote ID format as AP location.
Remote ID format as AP radio MAC address:VLAN_ID.
Remote ID format as AP
Name:VLAN_ID.
Remote ID format as AP Ethernet
MAC:SSID address.
496
Cisco Wireless Controller Command Reference, Release 8.4
config dhcp
Command Default
The default value for ap-group-name is default-group, and for ap-location, the default value is default location.
If ap-group-name and flex-group-name are null, the system MAC is sent as the remote ID field.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Use the show dhcp command to display the internal DHCP configuration.
Examples
The following example shows how to configure the DHCP lease for the scope 003:
(Cisco Controller) >
config dhcp lease 003
Cisco Wireless Controller Command Reference, Release 8.4
497
config dhcp opt-82 format config dhcp opt-82 format
To configure the DHCP option 82 format, use the config dhcp opt-82 format command.
config dhcp opt-82 format{binary | ascii}
Syntax Description
binary ascii
Specifies the DHCP option 82 format as binary.
Specifies the DHCP option 82 format as ASCII.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure the format of DHCP option 82 payload:
(Cisco Controller) >
config dhcp opt-82 format binary
498
Cisco Wireless Controller Command Reference, Release 8.4
config dhcp opt-82 remote-id config dhcp opt-82 remote-id
To configure the format of the DHCP option 82 payload, use the config dhcp opt-82 remote-id command.
config dhcp opt-82 remote-id {ap_mac | ap_mac:ssid | ap-ethmac | apname:ssid | ap-group-name |
flex-group-name | ap-location | apmac-vlan-id | apname-vlan-id | ap-ethmac-ssid}
Syntax Description
ap_mac ap_mac:ssid ap-ethmac apname:ssid ap-group-name flex-group-name ap-location apmac-vlan-id apname-vlan-id ap-ethmac-ssid
Specifies the radio MAC address of the access point to the DHCP option 82 payload.
Specifies the radio MAC address and SSID of the access point to the DHCP option 82 payload.
Specifies the Ethernet MAC address of the access point to the DHCP option 82 payload.
Specifies the AP name and SSID of the access point to the DHCP option 82 payload.
Specifies the AP group name to the DHCP option 82 payload.
Specifies the FlexConnect group name to the DHCP option 82 payload.
Specifies the AP location to the DHCP option 82 payload.
Specifies the radio MAC address of the access point and the VLAN ID to the DHCP option 82 payload.
Specifies the AP name and its VLAN ID to the DHCP option 82 payload.
Specifies the Ethernet MAC address of the access point and the SSID to the DHCP option 82 payload.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
499
config dhcp opt-82 remote-id
Examples
The following example shows how to configure the remote ID of DHCP option 82 payload:
(Cisco Controller) >
config dhcp opt-82 remote-id apgroup1
500
Cisco Wireless Controller Command Reference, Release 8.4
config dhcp proxy config dhcp proxy
To specify the level at which DHCP packets are modified, use the config dhcp proxy command.
config dhcp proxy {enable | disable {bootp-broadcast [enable | disable]}
Syntax Description enable disable bootp-broadcast
Allows the controller to modify the DHCP packets without a limit.
Reduces the DHCP packet modification to the level of a relay.
Configures DHCP BootP broadcast option.
Command Default
DHCP is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Use the show dhcp proxy command to display the status of DHCP proxy handling.
To enable third-party WGB support, you must enable the passive-client feature on the wirless LAN by entering the config wlan passive-client enable command.
Examples
The following example shows how to disable the DHCP packet modification:
(Cisco Controller) >
config dhcp proxy disable
The following example shows how to enable the DHCP BootP broadcast option:
(Cisco Controller) >
config dhcp proxy disable bootp-broadcast enable
Cisco Wireless Controller Command Reference, Release 8.4
501
config dhcp timeout config dhcp timeout
To configure a DHCP timeout value, use the config dhcp timeout command. If you have configured a WLAN to be in DHCP required state, this timer controls how long the WLC will wait for a client to get a DHCP lease through DHCP.
config dhcp timeout timeout-value
Syntax Description
timeout-value
Timeout value in the range of 5 to 120 seconds.
Command Default
The default timeout value is 120 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the DHCP timeout to 10 seconds:
(Cisco Controller) >
config dhcp timeout 10
502
Cisco Wireless Controller Command Reference, Release 8.4
config exclusionlist config exclusionlist
To create or delete an exclusion list entry, use the config exclusionlist command.
config exclusionlist {add MAC [description] | delete MAC | description MAC [description]}
Syntax Description config exclusionlist add delete description
MAC description
Configures the exclusion list.
Creates a local exclusion-list entry.
Deletes a local exclusion-list entry
Specifies the description for an exclusion-list entry.
MAC address of the local Excluded entry.
(Optional) Description, up to 32 characters, for an excluded entry.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to create a local exclusion list entry for the MAC address xx:xx:xx:xx:xx:xx:
(Cisco Controller) >
config exclusionlist add xx:xx:xx:xx:xx:xx lab
The following example shows how to delete a local exclusion list entry for the MAC address xx:xx:xx:xx:xx:xx:
(Cisco Controller) >
config exclusionlist delete xx:xx:xx:xx:xx:xx lab
Related Commands show exclusionlist
Cisco Wireless Controller Command Reference, Release 8.4
503
config flexconnect acl config flexconnect acl
To apply access control lists that are configured on a FlexConnect access point, use the config flexconnect
acl command.
config flexconnect acl {apply | create | delete} acl_name
Syntax Description apply create delete
acl_name
Applies an ACL to the data path.
Creates an ACL.
Deletes an ACL.
ACL name that contains up to 32 alphanumeric characters.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to apply the ACL configured on a FlexConnect access point:
(Cisco Controller) >
config flexconnect acl apply acl1
504
Cisco Wireless Controller Command Reference, Release 8.4
config flexconnect acl rule config flexconnect acl rule
To configure access control list (ACL) rules on a FlexConnect access point, use the config flexconnect acl
rule command.
config flexconnect aclrule {action rule_name rule_index {permit | deny} | add rule_name rule_index |
change index rule_name old_index new_index | delete rule_name rule_index | destination address rule_name
rule_index ip_address netmask | destination port range rule_name rule_index start_port end_port | direction
rule_name rule_index {in | out | any} | dscp rule_name rule_index dscp | protocol rule_name rule_index
protocol | source address rule_name rule_index ip_address netmask | source port range rule_name
rule_index start_port end_port | swap index rule_name index_1 index_2}
Syntax Description in out any dscp action
rule_name rule_index
permit deny add change index delete destination address
ip_address netmask start_port end_port
direction
Configures whether to permit or deny access.
ACL name that contains up to 32 alphanumeric characters.
Rule index between 1 and 32.
Permits the rule action.
Denies the rule action.
Adds a new rule.
Changes a rule’s index.
Specifies a rule index.
Deletes a rule.
Configures a rule’s destination IP address and netmask.
IP address of the rule.
Netmask of the rule.
Start port number (between 0 and 65535).
End port number (between 0 and 65535).
Configures a rule’s direction to in, out, or any.
Configures a rule’s direction to in.
Configures a rule’s direction to out.
Configures a rule’s direction to any.
Configures a rule’s DSCP.
Cisco Wireless Controller Command Reference, Release 8.4
505
config flexconnect acl rule
dscp
protocol
protocol
source address source port range swap
index_1 index_2
Number between 0 and 63, or any.
Configures a rule’s DSCP.
Number between 0 and 255, or any.
Configures a rule’s source IP address and netmask.
Configures a rule’s source port range.
Swaps two rules’ indices.
The rule first index to swap.
The rule index to swap the first index with.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
This example shows how to configure an ACL to permit access:
(Cisco Controller) >
config flexconnect acl rule action lab1 4 permit
506
Cisco Wireless Controller Command Reference, Release 8.4
config flexconnect arp-caching config flexconnect arp-caching
To save an ARP entry for a client in the cache with locally switched WLAN on FlexConnect APs use config
flexconnect arp-caching command.
config flexconnect arp-caching {enable } disable}
Syntax Description arp-caching enable arp-caching disable
Instructs the access point to save the ARP entry for a client in the cache and reply on its behalf of the client for locally switched WLAN.
Disables ARP caching.
Command Default
None
Command History
Examples
Release
8.0
Modification
This command was introduced.
The following example shows how to apply the proxy ARP with locally switched WLAN on FlexConnect
APs.
(Cisco Controller) >
config flexconnect arp-caching enable
Cisco Wireless Controller Command Reference, Release 8.4
507
config flexconnect avc profile config flexconnect avc profile
To configure a Flexconnect Application Visibility and Control (AVC) profile, use the config flexconnect avc
profile command.
config flexconnect avc profile profilename {create | delete} | apply | rule {addapplication app-name {drop|
{mark dscp-value}}}| {remove application app-name}
Syntax Description
proflie-name
create delete apply rule add application
app-name
drop mark
dscp-value
remove application
Name of the AVC profile. The range is from 0 to 32 alphanumeric characters.
Creates an AVC profile.
Deletes an AVC profile.
Applies an AVC profile.
Configures a Rule for an AVC profile.
Adds a rule for an AVC profile.
Name of the application. The range is from 0 to 32 alphanumeric characters.
Adds a rule to drop packets.
Adds a rule to mark packets with specific differentiated services code point (DSCP).
DSCP value for marking packets. The range is from 0 to 63.
Removes a rule for an AVC profile.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to create a FlexConnect profile:
(Cisco Controller) >
config flexconnect avc profile profile1 create
508
Cisco Wireless Controller Command Reference, Release 8.4
config flexconnect fallback-radio-shut config flexconnect fallback-radio-shut
To configure the radio interface of an access point when the Ethernet link is not operational, use the config
flexconnect fallback-radio-shut command.
config flexconnect fallback-radio-shut {disable | enable delay delay-in-sec}
Syntax Description disable enable delay
delay-in-sec
Disables the radio interface shutdown.
Enables the radio interface shutdown.
Specifies the delay for the interface after which the radio interface has to be shut down.
Delay duration, in seconds.
Command Default
The radio interface shutdown is disabled.
Command History
Release
7.6
Modification
This command was introduced.
Usage Guidelines
You can specify the delay duration only if you enable the radio interface shutdown.
Examples
The following example shows how to enable the radio interface shutdown after a delay duration of 5 seconds:
(Cisco Controller) >
config flexconnect fallback-radio-shut enable delay 5
Cisco Wireless Controller Command Reference, Release 8.4
509
config flexconnect group config flexconnect group
To add, delete, or configure a FlexConnect group, use the config flexconnect group command.
config flexconnect group group_name {add | delete | ap {add | delete} ap-mac | radius {ap {authority
{id hex_id | info auth_info} | disable | eap-fast {enable | disable} | enable | leap {enable | disable} |
pac-timeout timeout | server-key {auto | key} | user {add {username password} | delete username}}} |
server auth {add | delete} {primary | secondary} IP_address auth_port secret} | predownload {disable
| enable} | master ap_name | slave {retry-count max_count | ap-name cisco_ap} | start {primary backup
abort} | local-split {wlan wlan_id acl acl_name {enable | disable}} | multicast overridden-interface
{enable | disable} | vlan {add vlan_id acl in-aclname out-aclname | delete vlan_id } | web-auth wlan wlan_id
acl acl_name {enable | disable} | web-policy acl {add | delete} acl_name}
config flexconnect group group_name radius ap {eap-cert download | eap-tls {enable | disable} | peap
{enable | disable}}
config flexconnect group group_name policy acl {add | delete} acl_name
config flexconnect group group_name {add | delete}http-proxy ipaddress ip-address port port -no
Syntax Description
group_name
add delete ap add delete
ap_mac
radius ap authority id
Group name.
Adds a FlexConnect group.
Deletes a FlexConnect group.
Adds or deletes an access point to a
FlexConnect group.
Adds an access point to a FlexConnect group.
Deletes an access point to a FlexConnect group.
MAC address of the access point.
Configures the RADIUS server for client authentication for a FlexConnect group.
Configures an access point based RADIUS server for client authentication for a
FlexConnect group.
Configures the Extensible Authentication
Protocol-Flexible Authentication via Secure
Tunneling (EAP-FAST) authority parameters.
Configures the authority identifier of the local
EAP-FAST server.
510
Cisco Wireless Controller Command Reference, Release 8.4
hex_id
info
auth_info
disable eap-fast
timeout
server-key auto
key
user add
username
enable disable enable leap disable enable pac-timeout config flexconnect group
Authority identifier of the local EAP-FAST server in hexadecimal characters. You can enter up to 32 hexadecimal even number of characters.
Configures the authority identifier of the local
EAP-FAST server in text format.
Authority identifier of the local EAP-FAST server in text format.
Disables an AP based RADIUS server.
Enables or disables Extensible Authentication
Protocol-Flexible Authentication via Secure
Tunneling (EAP-FAST) authentication.
Enables EAP-FAST authentication.
Disables EAP-FAST authentication.
Enables AP based RADIUS Server.
Enables or disables Lightweight Extensible
Authentication Protocol (LEAP) authentication.
Disables LEAP authentication.
Enables LEAP authentication.
Configures the EAP-FAST Protected Access
Credential (PAC) timeout parameters.
PAC timeout in days. The range is from 2 to
4095. A value of 0 indicates that it is disabled.
Configures the EAP-FAST server key. The server key is used to encrypt and decrypt PACs.
Automatically generates a random server key.
Key that disables efficient upgrade for a
FlexConnect group.
Manages the user list at the AP-based RADIUS server.
Adds a user. You can configure a maximum of 100 users.
Username that is case-sensitive and alphanumeric and can be up to 24 characters.
Cisco Wireless Controller Command Reference, Release 8.4
511
config flexconnect group
password
delete server add delete primary secondary
IP_address auth_port secret
predownload disable enable master
ap_name
slave retry-count
max_count
ap_name
512
Cisco Wireless Controller Command Reference, Release 8.4
Password of the user.
Deletes a user.
Configures an external RADIUS server.
Adds an external RADIUS server.
Deletes an external RADIUS server.
Configures an external primary RADIUS server.
Configures an external secondary RADIUS server.
IP address of the RADIUS server.
Port address of the RADIUS server.
Index of the RADIUS server.
Configures an efficient AP upgrade for the
FlexConnect group. You can download an upgrade image to the access point from the controller without resetting the access point or losing network connectivity.
Disables an efficient upgrade for a FlexConnect group.
Enables an efficient upgrade for a FlexConnect group.
Manually designates an access point in the
FlexConnect group as the master AP.
Access point name.
Manually designates an access point in the
FlexConnect group as the slave AP.
Configures the number of times the slave access point tries to predownload an image from the master.
Maximum number of times the slave access point tries to predownload an image from the master.
Override the manually configured master.
vlan add
vlan_id in-acl out-acl
delete web-auth wlan
cisco_ap
start primary backup abort local-split wlan
wlan_id
acl
acl_name
multicast overridden-interface config flexconnect group
Name of the master access point.
Starts the predownload image upgrade for the
FlexConnect group.
Starts the predownload primary image upgrade for the FlexConnect group.
Starts the predownload backup image upgrade for the FlexConnect group.
Aborts the predownload image upgrade for the
FlexConnect group.
Configures a local-split ACL on a FlexConnect
AP group per WLAN.
Configures a WLAN for a local split ACL on a FlexConnect AP group.
Wireless LAN identifier between 1 and 512
(inclusive).
Configures a local split ACL on a FlexConnect
AP group per WLAN.
Name of the ACL.
Configures multicast across the Layer 2 broadcast domain on the overridden interface for locally switched clients.
Configures a VLAN to the FlexConnect group.
Adds a VLAN to the FlexConnect group.
VLAN identifier.
Inbound ACL name that contains up to 32 alphanumeric characters.
Outbound ACL name that contains up to 32 alphanumeric characters.
Deletes a VLAN from the FlexConnect group.
Configures a FlexConnect ACL for external web authentication.
Specifies the wireless LAN to be configured with a FlexConnect ACL.
Cisco Wireless Controller Command Reference, Release 8.4
513
config flexconnect group
wlan_id cisco_ap
acl web-policy add delete eap-cert download eap-tls peap policy acl http-proxy ipaddress
ip-address port-no
Wireless LAN identifier between 1 and 512
(inclusive).
Name of the FlexConnect access point.
Configures a FlexConnect ACLs.
Configures a web policy FlexConnect ACL.
Adds a web policy FlexConnect ACL to the
FlexConnect group.
Deletes a web policy FlexConnect ACL from the FlexConnect group
Downloads the EAP root and device certificate.
Enables or disables EAP-Transport Layer
Security (EAP-TLS) authentication.
Enables or disables Protected Extensible
Authentication Protocol (PEAP) authentication.
Configures policy ACL on the FlexConnect group.
Configures http-proxy server.
IP address for flexgroup http-proxy.
Port number for flexgroup http-proxy.
Command Default
None
Command History
Release
7.6
8.3
Modification
This command was introduced in a release earlier than Release 7.6.
This command was modified.
Usage Guidelines
You can add up to 100 clients.
Beginning in Release 7.4 and later releases, the supported maximum number of RADIUS servers is 100.
514
Cisco Wireless Controller Command Reference, Release 8.4
config flexconnect group
Examples
The following example shows how to add a FlexConnect group for MAC address 192.12.1.2:
(Cisco Controller) >
config flexconnect group 192.12.1.2 add
The following example shows how to add a RADIUS server as a primary server for a FlexConnect group with the server index number 1:
(Cisco Controller) >
config flexconnect group 192.12.1.2 radius server add primary 1
The following example shows how to enable a local split ACL on a FlexConnect AP group for a WLAN:
(Cisco Controller) >
config flexconnect group flexgroup1 local-split wlan 1 acl flexacl1 enable
Cisco Wireless Controller Command Reference, Release 8.4
515
config flexconnect group vlan config flexconnect group vlan
To configure VLAN for a FlexConnect group, use the config flexconnect group vlan command.
config flexconnect group group_name vlan {add vlan-id acl in-aclname out-aclname | delete vlan-id}
Syntax Description
group_name
add
vlan-id
acl
in-aclname out-aclname
delete
FlexConnect group name.
Adds a VLAN for the FlexConnect group.
VLAN ID.
Specifies an access control list.
In-bound ACL name.
Out-bound ACL name.
Deletes a VLAN from the FlexConnect group.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to add VLAN ID 1 for the FlexConnect group myflexacl where the in-bound
ACL name is in-acl and the out-bound ACL is out-acl:
(Cisco Controller) >
config flexconnect group vlan myflexacl vlan add 1 acl in-acl out-acl
516
Cisco Wireless Controller Command Reference, Release 8.4
config flexconnect group group-name dhcp overridden-interface config flexconnect group
group-name
dhcp overridden-interface
To enable or disable the DHCP overridden interface for a FlexConnect group, use the config flexconnect
group group-name dhcp overridden-interface command.
config flexconnect group group-name dhcp overridden-interface {enable | disable}
Syntax Description overridden-interface
group-name
enable disable
The DHCP overridden interface for
FlexConnect group.
Name of the FlexConnect group.
Instructs the access point to enable
DHCP broadcast for locally switched clients.
Disables the feature.
Command Default
None
Command History
Release
8.0
Examples
Modification
This command was introduced.
The following example shows how to enable DHCP broadcast for locally switched clients.
(Cisco Controller) >
config flexconnect group flexgroup dhcp overridden-interface enable
Cisco Wireless Controller Command Reference, Release 8.4
517
config flexconnect group web-auth config flexconnect group web-auth
To configure Web-Auth ACL for a FlexConnect group, use the config flexconnect group web-auth command.
config flexconnect group group_name web-auth wlan wlan-id acl acl-name {enable | disable}
Syntax Description
group_name wlan-id acl-name
enable disable
FlexConnect group name.
WLAN ID.
ACL name.
Enables the Web-Auth ACL for a FlexConnect group.
Disables the Web-Auth ACL for a FlexConnect group.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable Web-Auth ACL webauthacl for the FlexConnect group myflexacl on WLAN ID 1:
(Cisco Controller) >
config flexconnect group myflexacl web-auth wlan 1 acl webauthacl enable
518
Cisco Wireless Controller Command Reference, Release 8.4
config flexconnect group web-policy config flexconnect group web-policy
To configure Web Policy ACL for a FlexConnect group, use the config flexconnect group web-policy command.
config flexconnect group group_name web-policy acl {add | delete} acl-name
Syntax Description
group_name
add delete
acl-name
FlexConnect group name.
Adds the Web Policy ACL.
Deletes the Web Policy ACL.
Name of the Web Policy ACL.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to add the Web Policy ACL mywebpolicyacl to the FlexConnect group myflexacl:
(Cisco Controller) >
config flexconnect group myflexacl web-policy acl add mywebpolicyacl
Cisco Wireless Controller Command Reference, Release 8.4
519
config flexconnect join min-latency config flexconnect join min-latency
To enable or disable the access point to choose the controller with the least latency when joining, use the
config flexconnect join min-latency command.
config flexconnect join min-latency {enable | disable} cisco_ap
Syntax Description enable disable
cisco_ap
Enables the access point to choose the controller with the least latency when joining.
Disables the access point to choose the controller with the least latency when joining.
Cisco lightweight access point.
Command Default
The access point cannot choose the controller with the least latency when joining.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
When you enable this feature, the access point calculates the time between the discovery request and discovery response and joins the controller that responds first. This command is supported only on the following controller releases:
• Cisco 2500 Series Controller
• Cisco 5500 Series Controller
• Cisco Flex 7500 Series Controllers
• Cisco 8500 Series Controllers
• Cisco Wireless Services Module 2
This configuration overrides the HA setting on the controller, and is applicable only for OEAP access points.
Examples
The following example shows how to enable the access point to choose the controller with the least latency when joining:
(Cisco Controller) >
config flexconnect join min-latency enable CISCO_AP
520
Cisco Wireless Controller Command Reference, Release 8.4
config flexconnect office-extend config flexconnect office-extend
To configure FlexConnect mode for an OfficeExtend access point, use the config flexconnect office-extend command.
config flexconnect office-extend {{enable | disable} cisco_ap | clear-personalssid-config cisco_ap}
Syntax Description enable disable clear-personalssid-config
cisco_ap
Enables the OfficeExtend mode for an access point.
Disables the OfficeExtend mode for an access point.
Clears only the access point’s personal SSID.
Cisco lightweight access point.
Command Default
OfficeExtend mode is enabled automatically when you enable FlexConnect mode on the access point.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Currently, only Cisco Aironet 1130 series and 1140 series access points that are joined to a Cisco 5500 Series
Controller with a WPlus license can be configured to operate as OfficeExtend access points.
Rogue detection is disabled automatically when you enable the OfficeExtend mode for an access point.
OfficeExtend access points, which are deployed in a home environment, are likely to detect a large number of rogue devices. You can enable or disable rogue detection for a specific access point or for all access points by using the config rogue detection command.
DTLS data encryption is enabled automatically when you enable the OfficeExtend mode for an access point.
However, you can enable or disable DTLS data encryption for a specific access point or for all access points by using the config ap link-encryption command.
Telnet and SSH access are disabled automatically when you enable the OfficeExtend mode for an access point. However, you can enable or disable Telnet or SSH access for a specific access point by using the config
ap telnet or config ap ssh command.
Link latency is enabled automatically when you enable the OfficeExtend mode for an access point. However, you can enable or disable link latency for a specific access point or for all access points currently associated to the controller by using the config ap link-latency command.
Examples
The following example shows how to enable the office-extend mode for the access point Cisco_ap:
(Cisco Controller) >
config flexconnect office-extend enable Cisco_ap
Cisco Wireless Controller Command Reference, Release 8.4
521
config flexconnect office-extend
The following example shows how to clear only the access point’s personal SSID for the access point Cisco_ap:
(Cisco Controller) >
config flexconnect office-extend clear-personalssid-config Cisco_ap
522
Cisco Wireless Controller Command Reference, Release 8.4
config flow config flow
To configure a NetFlow Monitor and Exporter, use the config flow command.
config flow {add | delete} monitor monitor_name {exporter exporter_name |
record{ipv4_client_app_flow_record | ipv4_client_src_dst_flow_record}
Syntax Description add delete monitor
monitor_name
exporter
exporter_name
Associates either a NetFlow monitor with an exporter, or a NetFlow record with a NetFlow monitor.
Dissociates either a NetFlow monitor from an exporter, or a NetFlow record from a NetFlow monitor.
Configures a NetFlow monitor.
Name of the NetFlow monitor. The monitor name can be up to 32 case-sensitive, alphanumeric characters. You cannot include spaces in a monitor name.
Configures a NetFlow exporter.
Name of the NetFlow exporter. The exporter name can be up to 32 case-sensitive, alphanumeric characters. You cannot include spaces in an exporter name.
record
Associates a NetFlow record to the NetFlow monitor.
Existing record template for better performance.
ipv4_client_app_flow_record ipv4_client_src_dst_flow_record
Enhanced record template for better coverage.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
An exporter is a network entity that exports the template with IP traffic information. The Cisco WLC acts as an exporter. A NetFlow record in the Cisco WLC contains the information about the traffic in a given flow, such as client MAC address, client source IP address, WLAN ID, incoming and outgoing bytes of data, incoming and outgoing packets, and incoming and outgoing Differentiated Services Code Point (DSCP).
Cisco Wireless Controller Command Reference, Release 8.4
523
config flow
Examples
The following example shows how to configure a NetFlow monitor and exporter:
(Cisco Controller) >
config flow add monitor monitor1 exporter exporter1
524
Cisco Wireless Controller Command Reference, Release 8.4
config guest-lan config guest-lan
To create, delete, enable or disable a wireless LAN, use the config guest-lan command.
config guest-lan {create | delete} guest_lan_id interface_name | {enable | disable} guest_lan_id
Syntax Description create delete
guest_lan_id interface_name
enable disable
Creates a wired LAN settings.
Deletes a wired LAN settings:
LAN identifier between 1 and 5 (inclusive).
Interface name up to 32 alphanumeric characters.
Enables a wireless LAN.
Disables a wireless LAN.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable a wireless LAN with the LAN ID 16:
(Cisco Controller) >
config guest-lan enable 16
Related Commands show wlan
Cisco Wireless Controller Command Reference, Release 8.4
525
config guest-lan custom-web ext-webauth-url config guest-lan custom-web ext-webauth-url
To redirect guest users to an external server before accessing the web login page, use the config guest-lan
custom-web ext-webauth-url command.
config guest-lan custom-web ext-webauth-url ext_web_url guest_lan_id
Syntax Description
ext_web_url guest_lan_id
URL for the external server.
Guest LAN identifier between 1 and 5 (inclusive).
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable a wireless LAN with the LAN ID 16:
(Cisco Controller) >
config guest-lan custom-web ext-webauth-url http://www.AuthorizationURL.com/ 1
Related Commands config guest-lan config guest-lan create config guest-lan custom-web login_page
526
Cisco Wireless Controller Command Reference, Release 8.4
config guest-lan custom-web global disable config guest-lan custom-web global disable
To use a guest-LAN specific custom web configuration rather than a global custom web configuration, use the config guest-lan custom-web global disable command.
config guest-lan custom-web global disable guest_lan_id
Syntax Description
guest_lan_id Guest LAN identifier between 1 and 5 (inclusive).
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
If you enter the config guest-lan custom-web global enable guest_lan_id command, the custom web authentication configuration at the global level is used.
Examples
The following example shows how to disable the global web configuration for guest LAN ID 1:
(Cisco Controller) >
config guest-lan custom-web global disable 1
Related Commands config guest-lan config guest-lan create config guest-lan custom-web ext-webauth-url config guest-lan custom-web login_page config guest-lan custom-web webauth-type
Cisco Wireless Controller Command Reference, Release 8.4
527
config guest-lan custom-web login_page config guest-lan custom-web login_page
To enable wired guest users to log into a customized web login page, use the config guest-lan custom-web
login_page command.
config guest-lan custom-web login_page page_name guest_lan_id
Syntax Description
page_name guest_lan_id
Name of the customized web login page.
Guest LAN identifier between 1 and 5 (inclusive).
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to customize a web login page custompage1 for guest LAN ID 1:
(Cisco Controller) >
config guest-lan custom-web login_page custompage1 1
Related Commands config guest-lan config guest-lan create config guest-lan custom-web ext-webauth-url
528
Cisco Wireless Controller Command Reference, Release 8.4
config guest-lan custom-web webauth-type config guest-lan custom-web webauth-type
To define the web login page for wired guest users, use the config guest-lan custom-web webauth-type command.
config guest-lan custom-web webauth-type {internal | customized | external} guest_lan_id
Syntax Description internal customized external
guest_lan_id
Displays the default web login page for the controller. This is the default value.
Displays the custom web login page that was previously configured.
Redirects users to the URL that was previously configured.
Guest LAN identifier between 1 and 5 (inclusive).
Command Default
The default web login page for the controller is internal.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the guest LAN with the webauth-type as internal for guest
LAN ID 1:
(Cisco Controller) >
config guest-lan custom-web webauth-type internal 1
Related Commands config guest-lan config guest-lan create config guest-lan custom-web ext-webauth-url
Cisco Wireless Controller Command Reference, Release 8.4
529
config guest-lan ingress-interface config guest-lan ingress-interface
To configure the wired guest VLAN’s ingress interface that provides a path between the wired guest client and the controller through the Layer 2 access switch, use the config guest-lan ingress-interface command.
config guest-lan ingress-interface guest_lan_id interface_name
Syntax Description
guest_lan_id interface_name
Guest LAN identifier from 1 to 5 (inclusive).
Interface name.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to provide a path between the wired guest client and the controller with guest LAN ID 1 and the interface name guest01:
(Cisco Controller) >
config guest-lan ingress-interface 1 guest01
Related Commands config interface guest-lan config guest-lan create
530
Cisco Wireless Controller Command Reference, Release 8.4
config guest-lan interface config guest-lan interface
To configure an egress interface to transmit wired guest traffic out of the controller, use the config guest-lan
interface command.
config guest-lan interface guest_lan_id interface_name
Syntax Description
guest_lan_id interface_name
Guest LAN identifier between 1 and 5 (inclusive).
Interface name.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure an egress interface to transmit guest traffic out of the controller for guest LAN ID 1 and interface name guest01:
(Cisco Controller) >
config guest-lan interface 1 guest01
Related Commands config ingress-interface guest-lan config guest-lan create
Cisco Wireless Controller Command Reference, Release 8.4
531
config guest-lan mobility anchor config guest-lan mobility anchor
To add or delete mobility anchor, use the config guest-lan mobility anchor command.
config guest-lan mobility anchor {add | delete} Guest LAN Id IP addr
Syntax Description add delete
Guest LAN Id
IP addr
Adds a mobility anchor to a WLAN.
Deletes a mobility anchor from a WLAN.
Guest LAN identifier between 1 and 5.
Member switch IPv4 or IPv6 address to anchor WLAN.
Command Default
None
Command History
Examples
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports both IPv4 and IPv6 address formats.
The following example shows how to delete a mobility anchor for WAN ID 4 and the anchor IP 192.168.0.14:
(Cisco Controller) >
config guest-lan mobility anchor delete 4 192.168.0.14
532
Cisco Wireless Controller Command Reference, Release 8.4
config guest-lan nac config guest-lan nac
To enable or disable Network Admission Control (NAC) out-of-band support for a guest LAN, use the config
guest-lan nac command:
config guest-lan nac {enable | disable} guest_lan_id
Syntax Description enable disable
guest_lan_id
Enables the NAC out-of-band support.
Disables the NAC out-of-band support.
Guest LAN identifier between 1 and 5 (inclusive).
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the NAC out-of-band support for guest LAN ID 3:
(Cisco Controller) >
config guest-lan nac enable 3
Related Commands show nac statistics show nac summary config wlan nac debug nac
Cisco Wireless Controller Command Reference, Release 8.4
533
config guest-lan security config guest-lan security
To configure the security policy for the wired guest LAN, use the config guest-lan security command.
config guest-lan security {web-auth {enable | disable | acl | server-precedence} guest_lan_id |
web-passthrough {acl | email-input | disable | enable} guest_lan_id}
Syntax Description web-auth enable disable acl server-precedence
guest_lan_id
web-passthrough email-input
Specifies web authentication.
Enables the web authentication settings.
Disables the web authentication settings.
Configures an access control list.
Configures the authentication server precedence order for web authentication users.
LAN identifier between 1 and 5 (inclusive).
Specifies the web captive portal with no authentication required.
Configures the web captive portal using an e-mail address.
Command Default
The default security policy for the wired guest LAN is web authentication.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the security web authentication policy for guest LAN ID 1:
(Cisco Controller) >
config guest-lan security web-auth enable 1
Related Commands config ingress-interface guest-lan config guest-lan create config interface guest-lan
534
Cisco Wireless Controller Command Reference, Release 8.4
config interface 3g-vlan config interface 3g-vlan
To configure 3G/4G-VLAN interface, use the config interface 3g-vlan command.
config interface 3g-vlan interface-name {enable | disable}
Syntax Description
interface-name enable
interface-name disable
Enables the specified 3G/4G-VLAN interface
Disables the specified 3G/4G-VLAN interface
Command Default
None
Command History
Release
8.1
Examples
Modification
This command was introduced.
The following example shows how to configure 3G/4G-VLAN interface,:
(Cisco Controller) >
config interface 3g-vlan vlan-int enable
Cisco Wireless Controller Command Reference, Release 8.4
535
config interface acl config interface acl
To configure access control list of an interface, use the config interface acl command.
config interface acl {ap-manager | management | interface_name} {ACL | none}
Syntax Description ap-manager management
interface_name
ACL
none
Configures the access point manager interface.
Configures the management interface.
Interface name.
ACL name up to 32 alphanumeric characters.
Specifies none.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
For a Cisco 2100 Series Wireless LAN Controller, you must configure a preauthentication ACL on the wireless
LAN for the external web server. This ACL should then be set as a wireless LAN preauthentication ACL under Web Policy. However, you do not need to configure any preauthentication ACL for Cisco 4400 Series
Wireless LAN Controllers.
Examples
The following example shows how to configure an access control list with a value None:
(Cisco Controller) >
config interface acl management none
536
Cisco Wireless Controller Command Reference, Release 8.4
config interface address config interface address
To configure address information for an interface, use the config interface address command.
config interface address {ap-manager IP_address netmask gateway | management IP_address netmask
gateway | service-port IP_address netmask | virtual IP_address | dynamic-interface IP_address
dynamic_interface netmask gateway | redundancy-management IP_address peer-redundancy-management
IP_address }
Syntax Description ap-manager
IP_address netmask gateway
management service-port virtual interface-name
interface-name
redundancy-management peer-redundancy-management
Specifies the access point manager interface.
IP address— IPv4 only.
Network mask.
IP address of the gateway.
Specifies the management interface.
Specifies the out-of-band service port interface.
Specifies the virtual gateway interface.
Specifies the interface identified by the interface-name parameter.
Interface name.
Configures redundancy management interface IP address.
Configures the peer redundancy management interface
IP address.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
For Cisco 5500 Series Controllers, you are not required to configure an AP-manager interface. The management interface acts like an AP-manager interface by default.
Cisco Wireless Controller Command Reference, Release 8.4
537
config interface address
Examples
This command is applicable for IPv4 addresses only.
Ensure that the management interfaces of both controllers are in the same subnet. Ensure that the Redundant
Management IP address for both controllers is the same. Likewise, ensure that the Peer Redundant Management
IP address for both the controllers is the same.
The following example shows how to configure an access point manager interface with IP address
209.165.201.31, network mask 255.255.0.0, and gateway address 209.165.201.30:
(Cisco Controller) >
config interface address ap-manager 209.165.201.31 255.255.0.0
209.165.201.30
The following example shows how to configure a redundancy management interface on the controller:
(Cisco Controller) >
config interface address redundancy-management 209.4.120.5
peer-redundancy-management 209.4.120.6
The following example shows how to configure a virtual interface:
(Cisco Controller) >
config interface address virtual 1.1.1.1
Related Commands show interface
538
Cisco Wireless Controller Command Reference, Release 8.4
config interface address redundancy-management config interface address redundancy-management
To configure the management interface IP address, subnet and gateway of the controller, use the config
interface address redundancy-management command.
config interface address redundancy-management IP_address netmask gateway
Syntax Description
IP_address netmask gateway
Management interface IP address of the active controller.
Network mask.
IP address of the gateway.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
You can use this command to check the Active-Standby reachability when the keep-alive fails.
Examples
The following example shows how to configure the management IP addresses of the controller:
(Cisco Controller) >
config interface address redundancy-management 209.165.201.31 255.255.0.0
209.165.201.30
Related Commands config redundancy mobilitymac config redundancy interface address peer-service-port config redundancy peer-route config redundancy unit config redundancy timer show redundancy timers show redundancy summary debug rmgr debug rsyncmgr
Cisco Wireless Controller Command Reference, Release 8.4
539
config interface ap-manager config interface ap-manager
To enable or disable access point manager features on the management or dynamic interface, use the config
interface ap-manager command.
config interface ap-manager {management | interface_name} {enable | disable}
Syntax Description management
interface_name
enable disable
Specifies the management interface.
Dynamic interface name.
Enables access point manager features on a dynamic interface.
Disables access point manager features on a dynamic interface.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Use the management option to enable or disable dynamic AP management for the management interface.
For Cisco 5500 Series Controllers, the management interface acts like an AP-manager interface by default.
If desired, you can disable the management interface as an AP-manager interface and create another dynamic interface as an AP manager.
When you enable this feature for a dynamic interface, the dynamic interface is configured as an AP-manager interface (only one AP-manager interface is allowed per physical port). A dynamic interface that is marked as an AP-manager interface cannot be used as a WLAN interface.
Examples
The following example shows how to disable an access point manager myinterface:
(Cisco Controller) >
config interface ap-manager myinterface disable
540
Cisco Wireless Controller Command Reference, Release 8.4
config interface create config interface create
To create a dynamic interface (VLAN) for wired guest user access, use the config interface create command.
config interface create interface_name vlan-id
Syntax Description
interface_name vlan-id
Interface name.
VLAN identifier.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to create a dynamic interface with the interface named lab2 and VLAN
ID 6:
(Cisco Controller) >
config interface create lab2 6
Cisco Wireless Controller Command Reference, Release 8.4
541
config interface delete config interface delete
To delete a dynamic interface, use the config interface delete command.
config interface delete interface-name
Syntax Description
interface-name
interface-nameInterface name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to delete a dynamic interface named VLAN501:
(Cisco Controller) >
config interface delete VLAN501
542
Cisco Wireless Controller Command Reference, Release 8.4
config interface dhcp management config interface dhcp management
To configure DHCP options on a mangament interface, use the config interface dhcp management command.
config interface dhcp management {option-82 {bridge-mode-insertion {enable | disable} | enable |
disable | linksel {enable | disable | relaysrc interface-name} | vpnsel {enable | disable | vpnid vpn-id |
vrfname vrf-name}} | primary primary-dhcp_server [ secondary secondary-dhcp_server ] | proxy-mode
{enable | disable | global} }
Syntax Description option-82 bridge-mode-insertion disable enable linksel relaysrc
interface-name
vpnid
vpn-id
vrfname
vrf-name
primary
primary-dhcp-server
secondary
secondary-dhcp-server
proxy-mode global disable
Configures DHCP Option 82 on the interface.
Configures DHCP option 82 insertion in bridge mode.
Disables the feature.
Enables the feature.
Configures link select suboption 5 on a dynamic or management interface.
Configures Link select suboption 5 on relay source.
Name of an existing WLC interface reachable from the DHCP server.
Configures VPN select suboption 151 VPN Id.
VPN Id in oui:vpn-index format xxxxxx:xxxxxxxx.
Configures VPN select suboption 151 VRF name.
VRF name as string of length 7.
Specifies the primary DHCP server.
IP address of the server.
(Optional) Specifies the secondary DHCP server.
IP address of the server.
Configures the DHCP proxy mode on the interface.
Uses the global DHCP proxy mode on the interface.
(Optional) Disables the DHCP proxy mode on the interface.
Cisco Wireless Controller Command Reference, Release 8.4
543
config interface dhcp management global
(Optional) Uses the global DHCP proxy mode on the interface.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
The new keywords linksel and vpnsel are added.
This command supports IPv6 from this release.
Usage Guidelines
DHCP proxy is not supported for IPv6 and it works in disabled mode.
Examples
The following example shows how to configure option 82 on a management interface.
(Cisco Controller) >
config interface dhcp management option-82 enable
Related Commands config dhcp config dhcp proxy config interface dhcp config wlan dhcp_server debug dhcp debug dhcp service-port debug disable-all show dhcp show dhcp proxy show interface
544
Cisco Wireless Controller Command Reference, Release 8.4
config interface dhcp config interface dhcp
Configure DHCP Option 82 insertion in Bridge mode on either management interface or dynamic interface by entering the config interface dhcp command:
config interface dhcp {management | dynamic-interface dynamic-interface-name} option-82
bridge-mode-insertion {enable | disable}
Syntax Description management dynamic-interface
dynamic-interface-name
option-82 bridge-mode-insertion
Management interface
Dynamic interface
Dynamic interface name
DHCP Option 82 on the interface
To configure Bridge mode insertion
Command Default
DHCP option 82 insertion in Bridge mode is disabled.
Command History
Release
8.0
Modification
The Bridge mode insertion parameter was introduced in this release.
Cisco Wireless Controller Command Reference, Release 8.4
545
config interface dhcp dynamic-interface config interface dhcp dynamic-interface
To configure the DHCP option 6 override on the interface to use OpenDNS server IPs or not, use the config
interface dhcp dynamic-interfacecommand.
config interface dhcp dynamic-interface intf-name option-6-opendns{ enable|disable}
Syntax Description
intf-name
enable disable
Interface name.
Enables the DHCP option 6 override on the interface with OpenDNS IP address as default.
Disables the DHCP option 6 override on the interface and DHCP provided DNS IPs will be used..
Command Default
None
Command Modes
Controller Config >
Command History
Release
8.4
Modification
This command was introduced.
Usage Guidelines
None
Examples
The following example shows how to configure the DHCP option 6 override on the interface to use OpenDNS server IPs:
(Cisco Controller) > config interface dhcp management option-6-opendns enable
546
Cisco Wireless Controller Command Reference, Release 8.4
config interface dhcp management option-6-opendns config interface dhcp management option-6-opendns
To configure the DHCP Option 6 override on the interface in order to use OpenDNS server IPs, use the config
interface dhcp management option-6-opendns command.
config interface dhcp management option-6-opendns{enable | disable}
Syntax Description enable disable
Enables the DHCP Option 6 override on the interface, with the OpenDNS IP address as the default.
Disables the DHCP Option 6 override on the interface, and uses the DHCP-provided
DNS IPs.
Command Default
DHCP Option 6 override is not enabled.
Command Modes
(Controller Configuration) >
Command History
Release
8.4
Modification
This command was introduced.
Examples
The following example shows how to configure the DHCP Option 6 override on the interface in order to use
OpenDNS server IPs:
(Cisco Controller) > config interface dhcp management option-6-opendns enable
Cisco Wireless Controller Command Reference, Release 8.4
547
config interface address config interface address
To configure interface addresses, use the config interface address command.
config interface address {dynamic-interface dynamic_interface netmask gateway | management |
redundancy-management IP_address peer-redundancy-management | service-port netmask | virtual}
IP_address
Syntax Description dynamic-interface
dynamic_interface
IP_address netmask gateway
management redundancy-management peer-redundancy-management service-port virtual
Configures the dynamic interface of the controller.
Dynamic interface of the controller.
IP address of the interface.
Netmask of the interface.
Gateway of the interface.
Configures the management interface IP address.
Configures redundancy management interface IP address.
Configures the peer redundancy management interface
IP address.
Configures the out-of-band service port.
Configures the virtual gateway interface.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Ensure that the management interfaces of both controllers are in the same subnet. Ensure that the redundant management IP address for both controllers is the same and that the peer redundant management IP address for both the controllers is the same.
548
Cisco Wireless Controller Command Reference, Release 8.4
config interface address
Examples
The following example shows how to configure a redundancy management interface on the controller:
(Cisco Controller) >
config interface address redundancy-management 209.4.120.5
peer-redundancy-management 209.4.120.6
The following example shows how to configure a virtual interface:
(Cisco Controller) >
config interface address virtual 1.1.1.1
Related Commands show interface group summary show interface summary
Cisco Wireless Controller Command Reference, Release 8.4
549
config interface guest-lan config interface guest-lan
To enable or disable the guest LAN VLAN, use the config interface guest-lan command.
config interface guest-lan interface_name {enable | disable}
Syntax Description
interface_name
enable disable
Interface name.
Enables the guest LAN.
Disables the guest LAN.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the guest LAN feature on the interface named myinterface:
(Cisco Controller) >
config interface guest-lan myinterface enable
Related Commands config guest-lan create
550
Cisco Wireless Controller Command Reference, Release 8.4
config interface hostname config interface hostname
To configure the Domain Name System (DNS) hostname of the virtual gateway interface, use the config
interface hostname command.
config interface hostname virtual DNS_host
Syntax Description virtual
DNS_host
Specifies the virtual gateway interface to use the specified virtual address of the fully qualified DNS name.
The virtual gateway IP address is any fictitious, unassigned IP address, such as 1.1.1.1, to be used by
Layer 3 security and mobility managers.
DNS hostname.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure virtual gateway interface to use the specified virtual address of the fully qualified DNS hostname DNS_Host:
(Cisco Controller) >
config interface hostname virtual DNS_Host
Cisco Wireless Controller Command Reference, Release 8.4
551
config interface nasid config interface nasid
To configure the Network Access Server identifier (NAS-ID) for the interface, use the config interface nasid command.
config interface nasid {NAS-ID | none} interface_name
Syntax Description
NAS-ID
none
interface_name
Network Access Server identifier (NAS-ID) for the interface. The NAS-ID is sent to the RADIUS server by the controller (as a RADIUS client) using the authentication request, which is used to classify users to different groups. You can enter up to 32 alphanumeric characters.
Beginning in Release 7.4 and later releases, you can configure the NAS-ID on the interface, WLAN, or an access point group. The order of priority is AP group
NAS-ID > WLAN NAS-ID > Interface NAS-ID.
Configures the controller system name as the NAS-ID.
Interface name up to 32 alphanumeric characters.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The NAS-ID configured on the controller for AP group or WLAN or interface is used for authentication. The
NAS-ID is not propagated across controllers.
Examples
The following example shows how to configure the NAS-ID for the interface:
(Cisco Controller) >
config interface nasid
Related Commands config wlan nasid config wlan apgroup
552
Cisco Wireless Controller Command Reference, Release 8.4
config interface nat-address config interface nat-address
To deploy your Cisco 5500 Series Controller behind a router or other gateway device that is using one-to-one mapping network address translation (NAT), use the config interface nat-address command.
config interface nat-address {management | dynamic-interface interface_name} {{enable | disable} | {set
public_IP_address}}
Syntax Description management
dynamic-interface interface_name
enable disable
public_IP_address
Specifies the management interface.
Specifies the dynamic interface name.
Enables one-to-one mapping NAT on the interface.
Disables one-to-one mapping NAT on the interface.
External NAT IP address.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
These NAT commands can be used only on Cisco 5500 Series Controllers and only if the management interface is configured for dynamic AP management.
These commands are supported for use only with one-to-one-mapping NAT, where each private client has a direct and fixed mapping to a global address. They do not support one-to-many NAT, which uses source port mapping to enable a group of clients to be represented by a single IP address.
Examples
The following example shows how to enable one-to-one mapping NAT on the management interface:
(Cisco Controller) >
config interface nat-address management enable
The following example shows how to set the external NAP IP address 10.10.10.10 on the management interface:
(Cisco Controller) >
config interface nat-address management set 10.10.10.10
Cisco Wireless Controller Command Reference, Release 8.4
553
config interface port config interface port
To map a physical port to the interface (if a link aggregation trunk is not configured), use the config interface
port command.
config interface port {management | interface_name | redundancy-management} primary_port
[secondary_port]
Syntax Description management
interface_name
redundancy-management
primary_port secondary_port
Specifies the management interface.
Interface name.
Specifies the redundancy management interface.
Primary physical port number.
(Optional) Secondary physical port number.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
You can use the management option for all controllers except the Cisco 5500 Series Controllers.
Examples
The following example shows how to configure the primary port number of the LAb02 interface to 3:
(Cisco Controller) >
config interface port lab02 3
554
Cisco Wireless Controller Command Reference, Release 8.4
config interface quarantine vlan config interface quarantine vlan
To configure a quarantine VLAN on any dynamic interface, use the config interface quarantine vlan command.
config interface quarantine vlan interface-name vlan_id
Syntax Description
interface-name vlan_id
Interface’s name.
VLAN identifier.
Note
Enter 0 to disable quarantine processing.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure a quarantine VLAN on the quarantine interface with the
VLAN ID 10:
(Cisco Controller) >
config interface quarantine vlan quarantine 10
Cisco Wireless Controller Command Reference, Release 8.4
555
config interface url-acl config interface url-acl
To Configures an interface's URL Access Control List, use the config interface url-aclcommand.
config interface url-acl {management | interface_name} {acl-name | none}
Syntax Description management
interface_name acl-name
none
Configures the management interface.
Interface name.
ACL name up to 32 alphanumeric characters.
Disable the acl configured on the interface.
Command Default
None
Command History
Examples
Release
8.3
Modification
This command was introduced.
This example shows how to configure an interface's url acl:
(Cisco Controller) >
config interface url-acl management test
556
Cisco Wireless Controller Command Reference, Release 8.4
config interface vlan config interface vlan
To configure an interface VLAN identifier, use the config interface vlan command.
config interface vlan {ap-manager | management | interface-name | redundancy-management} vlan
Syntax Description ap-manager management
interface_name vlan
redundancy-management
Configures the access point manager interface.
Configures the management interface.
Interface name.
VLAN identifier.
Specifies the redundancy management interface.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
You cannot change the redundancy management VLAN when the system redundancy management interface is mapped to the redundancy port. You must configure the redundancy management port first.
Examples
The following example shows how to configure VLAN ID 10 on the management interface:
(Cisco Controller) >
config interface vlan management 10
Cisco Wireless Controller Command Reference, Release 8.4
557
config interface group mdns-profile config interface group mdns-profile
To configure an mDNS (multicast DNS) profile for an interface group, use the config interface group
mdns-profile command.
config interface group mdns-profile {all | interface-group-name} {profile-name | none}
Syntax Description all
interface-group-name profile-name
none
Configures an mDNS profile for all interface groups.
Name of the interface group to which the mDNS profile has to be associated.
The interface group name can be up to 32 case-sensitive, alphanumeric characters.
Name of the mDNS profile.
Removes all existing mDNS profiles from the interface group. You cannot configure mDNS profiles on the interface group.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If the mDNS profile is associated to a WLAN, an error appears.
Examples
The following example shows how to configure an mDNS profile for an interface group floor1:
(Cisco Controller) >
config interface group mdns-profile floor1 profile1
Related Commands config mdns query interval config mdns service config mdns snooping config interface mdns-profile config mdns profile config wlan mdns show mdns profile show mnds service
558
Cisco Wireless Controller Command Reference, Release 8.4
clear mdns service-database debug mdns all debug mdns error debug mdns detail debug mdns message config interface group mdns-profile
Cisco Wireless Controller Command Reference, Release 8.4
559
config interface mdns-profile config interface mdns-profile
To configure an mDNS (multicast DNS) profile for an interface, use the config interface mdns-profile command.
config interface mdns-profile {management | all interface-name} {profile-name | none}
Syntax Description management all
interface-name profile-name
none
Configures an mDNS profile for the management interface.
Configures an mDNS profile for all interfaces.
Name of the interface on which the mDNS profile has to be configured. The interface name can be up to 32 case-sensitive, alphanumeric characters.
Name of the mDNS profile.
Removes all existing mDNS profiles from the interface. You cannot configure mDNS profiles on the interface.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If the mDNS profile is associated to a WLAN, an error appears.
Examples
The following example shows how to configure an mDNS profile for an interface lab1:
(Cisco Controller) >
config interface mdns-profile lab1 profile1
Related Commands config mdns query interval config mdns service config mdns snooping config mdns profile config interface group mdns-profile config wlan mdns show mdns profile
560
Cisco Wireless Controller Command Reference, Release 8.4
show mnds service clear mdns service-database debug mdns all debug mdns error debug mdns detail debug mdns message config interface mdns-profile
Cisco Wireless Controller Command Reference, Release 8.4
561
config icons delete config icons delete
To delete an icon or icons from flash, use the config icons delete command in the WLAN configuration mode.
config icons delete{ filename | all }
Syntax Description
filename
all
Name of the icon to be deleted.
Deletes all the icon files from the system.
Command Default
None
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Examples
Modification
This command was introduced.
The following example shows how to delete an icon from flash:
Cisco Controller > config icons delete image-1
562
Cisco Wireless Controller Command Reference, Release 8.4
config icons file-info config icons file-info
To configure an icon parameter, use the config icons file-info command in WLAN configuration mode.
config icons file-info filename file-type lang-code width height
Syntax Description
filename file-type lang-code width height
Icon filename. It can be up to 32 characters long.
Icon filename type or extension. It can be up to 32 characters long.
Language code of the icon. Enter 2 or 3 letters from ISO-639, for example:
eng for English.
Icon width. The range is from 1 to 65535.
Icon height. The range is from 1 to 65535.
Command Default
None
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Examples
Modification
This command was introduced.
This example shows how to configure icon parameters:
Cisco Controller > config icons file-info ima png eng 300 200
Cisco Wireless Controller Command Reference, Release 8.4
563
config ipv6 disable config ipv6 disable
To disable IPv6 globally on the Cisco WLC, use the config ipv6 disable command .
config ipv6 disable
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
When you use this command, the controller drops all IPv6 packets and the clients will not receive any IPv6 address.
Examples
The following example shows how to disable IPv6 on the controller:
(Cisco Controller) >
config ipv6 disable
564
Cisco Wireless Controller Command Reference, Release 8.4
config ipv6 enable config ipv6 enable
To enable IPv6 globally on the Cisco WLC, use the config ipv6 enable command.
config ipv6 enable
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable IPv6 on the Cisco WLC:
(Cisco Controller) >
config ipv6 enable
Cisco Wireless Controller Command Reference, Release 8.4
565
config ipv6 acl config ipv6 acl
To create or delete an IPv6 ACL on the Cisco wireless LAN controller, apply ACL to data path, and configure rules in the IPv6 ACL, use the config ipv6 acl command.
config ipv6 acl [apply | cpu | create | delete | rule]
config ipv6 acl apply name
config ipv6 acl cpu {name | none}
config ipv6 acl create name
config ipv6 acl delete name
]
config ipv6 acl rule [action | add | change | delete | destination | direction | dscp | protocol | source | swap
config ipv6 acl rule action name index {permit | deny}
config ipv6 acl rule add name index
config ipv6 acl rule change index name old_index new_index
config ipv6 acl rule delete name index
config ipv6 acl rule destination {address name index ip_address prefix-len | port range name index }
config ipv6 acl rule direction name index {in | out | any}
config ipv6 acl rule dscp name dscp
config ipv6 acl rule protocol name index protocol
config ipv6 acl rule source {address name index ip_address prefix-len | port range name index start_port
end_port}
config ipv6 acl rule swap index name index_1index_2
Syntax Description
apply name
cpu name
cpu none create delete
rule (action) (name) (index)
{permit|deny}
add name index
Applies an IPv6 ACL. An IPv6 ACL can contain up to 32 alphanumeric characters.
Applies the IPv6 ACL to the CPU.
Configure none if you wish not to have a IPV6 ACL.
Creates an IPv6 ACL.
Deletes an IPv6 ACL.
Configures rules in the IPv6 ACL to either permit or deny access. IPv6
ACL name can contains up to 32 alphanumeric characters and IPv6 ACL rule index can be between 1 and 32.
Permit or deny the IPv6 rule action.
Adds a new rule and rule index.
566
Cisco Wireless Controller Command Reference, Release 8.4
config ipv6 acl
change name old_index
new_index
delete name index
Changes a rule’s index.
Deletes a rule and rule index.
destination address name
index ip_addr prefix-len
destination port name index
Configures a rule’s destination IP address and prefix length (between 0 and
128).
Configure a rule's destination port range. Enter IPv6 ACL name and set an rule index for it.
direction name index
{in|out|any}
dscp name index dscp
Configures a rule’s direction to in, out, or any.
Configures a rule’s DSCP. For rule index of DSCP, select a number between
0 and 63, or any.
protocol name index protocol
Configures a rule’s protocol. Enter a name and set an index between 0 and
255 or any
source address name index
ip_address prefix-len
Configures a rule’s source IP address and netmask.
source port range name index
start_port end_port
Configures a rule’s source port range.
swap index name index_1
index_2
Swap’s two rules’ indices.
Command Default
After adding an ACL, the config ipv6 acl cpu is by default configured as enabled.
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6..
This command was updated by adding cpu and none keywords and the ipv6_acl_name variable.
Usage Guidelines
For a Cisco 2100 Series Wireless LAN Controller, you must configure a preauthentication ACL on the wireless
LAN for the external web server. This ACL should then be set as a wireless LAN preauthentication ACL under Web Policy. However, you do not need to configure any preauthentication ACL for Cisco 4400 Series
Wireless LAN Controllers.
Examples
The following example shows how to configure an IPv6 ACL to permit access:
(Cisco Controller) >
config ipv6 acl rule action lab1 4 permit
Cisco Wireless Controller Command Reference, Release 8.4
567
config ipv6 acl
Examples
The following example shows how to configure an interface ACL:
(Cisco Controller) >
config ipv6 interface acl management IPv6-Acl
Related Commands show ipv6 acl detailed show ipv6 acl cpu
568
Cisco Wireless Controller Command Reference, Release 8.4
config ipv6 capwap config ipv6 capwap
To enable or disable an IPv6 CAPWAP UDPLite for CAPWAP AP on the Cisco Wireless LAN Controller, use the config ipv6 capwap command.
config ipv6 capwap udplite {enable|disable} [all|<Cisco AP>]
Syntax Description udplite enable disable all
<Cisco AP>
Configure IPv6 for CAPWAP UDP Lite.
Enables IPv6 CAPWAP UDP Lite.
Disables IPv6 CAPWAP UDP Lite.
Enables or disables IPv6 CAPWAP UDP Lite on all Cisco
APs.
Enables or disables IPv6 CAPWAP UDP Lite on the user defined Cisco AP.
Command Default
The config ipv6 capwap udplite command is by default configured as enabled.
Command History
Release
8.0
Modification
This command was introduced in Release 8.0
Usage Guidelines
• IPv6 CAPWAP UDP Lite configuration applies only to APs that are connected to controller using IPv6 tunnel.
• For APs connected to WLC using IPv4 Tunnel, IPv6 CAPWAP UDPLite command will not apply on either global configuration or on Per AP.
• IPv6 mandates complete payload checksum for UDP and this will have performance implications. To minimize the impact, UDPLite (mandates only header checksum) will be used for data traffic and UDP for control traffic.
• Usage UDP Lite will have an impact on the firewall. Intermediate firewall must be configured to allow
UDP Lite protocol (protocol ID of 136) packets.
• Turning off UDP Lite will cause performance issues on packet handling.
• Changing from UDP to UDPLite or vice-versa will enforce the AP to dis-join and re-join.
Cisco Wireless Controller Command Reference, Release 8.4
569
config ipv6 capwap
Examples
The following example shows how to configure an IPv6 CAPWAP UDP Lite on All Cisco APs or on a particular Cisco AP:
(Cisco Controller) >
config ipv6 capwap udplite enable all
Changing AP's IPv6 Capwap UDP Lite mode will cause the AP to rejoin.
Are you sure you want to continue? (y/n)
570
Cisco Wireless Controller Command Reference, Release 8.4
config ipv6 interface config ipv6 interface
To configure IPv6 system interfaces, use the config ipv6 interfacecommand.
config ipv6 interface {acl|address|slaac}
config ipv6 interface acl management acl_name
config ipv6 interface address {management primary ipv6_address prefix_length ipv6_gateway_address
|service-port ipv6_address prefix-length}
config ipv6 interface slacc service-port [enable|disable]
Syntax Description acl management
acl_name
address management primary
ipv6_address prefix_length ipv6_gateway_address
service-port
ipv6_address prefix_length
slacc service-port enable disable
Configures IPv6 on an interface's Access Control List.
Configures the management interface.
Enter IPv6 ACL name for the management ACL. It supports up to 32 alphanumeric characters.
Configures IPv6 on an interface's address information.
Configures the management interface.
Configures the primary IPv6 Address for an interface
Configures an interface with IPv6 address information.
Configures IPv6 Prefix length. The range for prefix length is
1 to 127.
Configures the Link Layer IPv6 gateway Address.
Configures IPv6 on the out-of-band service Port.
Configures an interface with IPv6 address information.
Configures IPv6 Prefix length. The range for prefix length is
1 to 127.
Configures SLAAC options on an interface.
Configures IPv6 on the out-of-band service Port.
Enables SLAAC Option
Disables SLAAC Option
Cisco Wireless Controller Command Reference, Release 8.4
571
config ipv6 interface
Command Default
None.
Command History
Release
8.0
Modification
This command was introduced in Release 8.0.
Examples
The following example shows how to configure an IPv6 ACL management interface:
(Cisco Controller) >
config ipv6 interface acl management Test_ACL
Examples
The following example shows how to configure an IPv6 address and primary interface:
(Cisco Controller) >
config ipv6 interface address management primary 2001:9:10:56::44 64 fe80::aea0:16ff:fe4f:2244
Related Commands show interface detailed management show ipv6 interface summary
572
Cisco Wireless Controller Command Reference, Release 8.4
config ipv6 multicast config ipv6 multicast
To configure IPv6 multicast, use the config ipv6 multicastcommand.
config ipv6 multicast mode {unicast|multicast ipv6_address}
Syntax Description mode unicast multicast
ipv6_address
Configure the controller to AP Multicast or Broadcast IPv6 traffic forwarding mode.
Multicast/Broadcasted IPv6 packets are encapsulated in unicast
CAPWAP tunnel to AP.
Multicast/Broadcasted IPv6 packets are encapsulated in multicast CAPWAP tunnel to AP.
Configures IPv6 multicast address.
Command Default
• By default, multicast is enabled on Cisco WLC 8500 and Cisco WLC 2500.
• By default, unicast is enabled on Cisco WLC 5500.
Command History
Release
8.0
Modification
This command was introduced in Release 8.0.
Usage Guidelines
none...
Examples
The following example shows how to configure an IPv6 multicast on Cisco WLC, to permit access:
(Cisco Controller) >
config ipv6 multicast 2001:DB8:0000:0000:0000:0000:0000:0001
Examples
The following example shows how to configure an IPv6 unicast on Cisco WLC, to permit access:
(Cisco Controller) >
config ipv6 multicast mode unicast
Related Commands show network summary
Cisco Wireless Controller Command Reference, Release 8.4
573
config ipv6 neighbor-binding config ipv6 neighbor-binding
To configure the Neighbor Binding table on the Cisco wireless LAN controller, use the config ipv6
neighbor-binding command.
config ipv6 neighbor-binding {timers {down-lifetime down_time | reachable-lifetime reachable_time |
stale-lifetime stale_time } | { ra-throttle {allow at-least at_least_value} | enable | disable | interval-option
{ ignore | passthrough | throttle } | max-through {no_mcast_RA | no-limit} | throttle-period
throttle_period}}
Syntax Description timers down-lifetime
down_time
reachable-lifetime
reachable_time
stale-lifetime
stale_time
ra-throttle allow
at_least_value
enable disable interval-option ignore passthrough
Configures the neighbor binding table timeout timers.
Configures the down lifetime.
Down lifetime in seconds. The range is from 0 to
86400. The default is 30 seconds.
Configures the reachable lifetime.
Reachable lifetime in seconds. The range is from 0 to 86400. The default is 300 seconds.
Configures the stale lifetime.
Stale lifetime in seconds. The range is from 0 to
86400. The default is 86400 seconds.
Configures IPv6 RA throttling options.
Specifies the number of multicast RAs per router per throttle period.
Number of multicast RAs from router before throttling. The range is from 0 to 32. The default is
1.
Enables IPv6 RA throttling.
Disables IPv6 RA throttling.
Adjusts the behavior on RA with RFC3775 interval option.
Indicates interval option has no influence on throttling.
Indicates all RAs with RFC3775 interval option will be forwarded (default).
574
Cisco Wireless Controller Command Reference, Release 8.4
config ipv6 neighbor-binding throttle max-through
no_mcast_RA
no-limit throttle-period
throttle_period
Indicates all RAs with RFC3775 interval option will be throttled.
Specifies unthrottled multicast RAs per VLAN per throttle period.
Number of multicast RAs on VLAN by which throttling is enforced. The default multicast RAs on vlan is 10.
Configures no upper bound at the VLAN level.
Configures the throttle period.
Duration of the throttle period in seconds. The range is from 10 to 86400 seconds. The default is 600 seconds.
Command Default
This command is disabled by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the Neighbor Binding table:
(Cisco Controller) >
config ipv6 neighbor-binding ra-throttle enable
Related Commands show ipv6 neighbor-binding
Cisco Wireless Controller Command Reference, Release 8.4
575
config ipv6 ns-mcast-fwd config ipv6 ns-mcast-fwd
To configure the nonstop multicast cache miss forwarding, use the config ipv6 ns-mcast-fwd command.
config ipv6 ns-mcast-fwd {enable | disable}
Syntax Description enable disable
Enables nonstop multicast forwarding on a cache miss.
Disables nonstop multicast forwarding on a cache miss.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure an nonstop multicast forwarding:
(Cisco Controller) >
config ipv6 ns-mcast-fwd enable
576
Cisco Wireless Controller Command Reference, Release 8.4
config ipv6 ra-guard config ipv6 ra-guard
To configure the filter for Router Advertisement (RA) packets that originate from a client on an AP, use the
config ipv6 ra-guard command.
config ipv6 ra-guard ap {enable | disable}
Syntax Description enable disable
Enables RA guard on an AP.
Disables RA guard on an AP.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable IPv6 RA guard:
(Cisco Controller) >
config ipv6 ra-guard enable
Related Commands show ipv6 ra-guard
Cisco Wireless Controller Command Reference, Release 8.4
577
config ipv6 route config ipv6 route
To add or delete an IPv6 network route, use the config ipv6 routecommand.
config ipv6 route {add network_ipv6_addr prefix-len ipv6_gw_addr |delete network _ipv6 addr }
Syntax Description add
network_ipv6_addr prefix-len ipv6_gw_addr
delete
network_ipv6_addr
Adds an IPv6 network route.
Enter the networks IPv6 address.
Enter the prefix length for the network.
Configures the system interfaces.
Deletes an IPv6 network route.
Enter the networks IPv6 address.
Command Default
None
Command History
Release
8.0
Modification
This command was introduced in Release 8.0.
Usage Guidelines
• This command is used to add and delete an IPv6 network route to access service interface over IPv6 from different network.
• While adding IPv6 route, IPv6 Gateway Address must be a link local scope (FE80::/64).
Examples
The following example shows how to add an IPv6 route:
(Cisco Controller) >
config ipv6 route add 3010:1111:2222:abcd:abcd:abcd:abcd:1111 64 fe80::6616:8dff:fed3:c0cf
Examples
The following example shows how to delete an IPv6 route:
(Cisco Controller) >
config ipv6 route delete 2001:9:5:90::115
Related Commands show ipv6 route summary
578
Cisco Wireless Controller Command Reference, Release 8.4
Config Commands: j to q
•
•
•
•
config local-auth active-timeout, page 591
•
config local-auth eap-profile, page 592
•
config local-auth method fast, page 595
•
config local-auth user-credentials, page 597
•
•
•
•
config load-balancing, page 602
•
•
config location info rogue, page 606
•
config logging buffered, page 607
•
config logging console, page 608
•
config logging debug, page 609
•
config logging fileinfo, page 610
•
config logging procinfo, page 611
•
config logging traceinfo, page 612
•
config logging syslog host, page 613
•
config logging syslog facility, page 616
•
config logging syslog facility client, page 618
•
config logging syslog facility ap, page 619
•
config logging syslog level, page 620
Cisco Wireless Controller Command Reference, Release 8.4
579
•
config loginsession close, page 621
•
•
config macfilter description, page 624
•
config macfilter interface, page 625
•
config macfilter ip-address, page 626
•
config macfilter mac-delimiter, page 627
•
config macfilter radius-compat, page 628
•
config macfilter wlan-id, page 629
•
•
•
config mdns query interval, page 634
•
config mdns service , page 636
•
config mdns snooping , page 639
•
config mdns policy enable , page 641
•
config mdns policy service-group, page 642
•
config mdns policy service-group parameters, page 643
•
config mdns policy service-group user-name, page 644
•
config mdns policy service-group user-role, page 645
•
config media-stream multicast-direct, page 646
•
config media-stream message, page 647
•
config media-stream add, page 649
•
config media-stream admit, page 651
•
config media-stream deny, page 652
•
config media-stream delete, page 653
•
config memory monitor errors, page 654
•
config memory monitor leaks, page 655
•
•
•
config mesh backhaul rate-adapt, page 659
•
config mesh backhaul slot, page 660
•
config mesh battery-state, page 661
•
config mesh client-access, page 662
•
config mesh ethernet-bridging allow-bpdu, page 664
580
Cisco Wireless Controller Command Reference, Release 8.4
•
config mesh ethernet-bridging vlan-transparent, page 665
•
config mesh full-sector-dfs, page 666
•
config mesh linkdata, page 667
•
config mesh linktest, page 669
•
•
config mesh lsc advanced, page 673
•
config mesh lsc advanced ap-provision, page 674
•
config mesh multicast, page 675
•
config mesh parent preferred, page 677
•
config mesh public-safety, page 678
•
config mesh radius-server, page 679
•
•
config mesh secondary-backhaul, page 681
•
config mesh security, page 682
•
config mesh slot-bias, page 684
•
•
config mgmtuser delete, page 686
•
config mgmtuser description, page 687
•
config mgmtuser password, page 688
•
config mgmtuser telnet, page 689
•
config mgmtuser termination-interval, page 690
•
config mobility dscp, page 691
•
config mobility group anchor, page 692
•
config mobility group domain, page 693
•
config mobility group keepalive count, page 694
•
config mobility group keepalive interval, page 695
•
config mobility group member, page 696
•
config mobility group multicast-address, page 698
•
config mobility multicast-mode, page 699
•
config mobility new-architecture, page 700
•
config mobility oracle, page 701
•
config mobility secure-mode, page 702
•
config mobility statistics reset, page 703
Cisco Wireless Controller Command Reference, Release 8.4
581
•
•
config netuser delete, page 706
•
config netuser description, page 707
•
config network dns serverip, page 708
•
config netuser guest-lan-id, page 709
•
config netuser guest-role apply, page 710
•
config netuser guest-role create, page 711
•
config netuser guest-role delete, page 712
•
config netuser guest-role qos data-rate average-data-rate, page 713
•
config netuser guest-role qos data-rate average-realtime-rate, page 714
•
config netuser guest-role qos data-rate burst-data-rate, page 715
•
config netuser guest-role qos data-rate burst-realtime-rate, page 716
•
config netuser lifetime, page 717
•
config netuser maxUserLogin, page 718
•
config netuser password, page 719
•
config netuser wlan-id, page 720
•
config network client-ip-conflict-detection, page 721
•
config network http-proxy ip-address, page 722
•
config network bridging-shared-secret, page 723
•
config network web-auth captive-bypass, page 724
•
config network web-auth port, page 725
•
config network web-auth proxy-redirect, page 726
•
config network web-auth secureweb, page 727
•
config network webmode, page 728
•
config network web-auth, page 729
•
config network 802.3-bridging, page 730
•
config network allow-old-bridge-aps, page 731
•
config network ap-discovery, page 732
•
config network ap-easyadmin, page 733
•
config network ap-fallback, page 734
•
config network ap-priority, page 735
•
config network apple-talk, page 736
•
config network arptimeout, page 737
582
Cisco Wireless Controller Command Reference, Release 8.4
•
config assisted-roaming, page 738
•
config network bridging-shared-secret, page 739
•
config network broadcast, page 740
•
config network fast-ssid-change, page 741
•
config network ip-mac-binding, page 742
•
config network link local bridging, page 743
•
config network master-base, page 744
•
config network mgmt-via-wireless, page 745
•
config network multicast global, page 746
•
config network multicast igmp query interval, page 747
•
config network multicast igmp snooping, page 748
•
config network multicast igmp timeout, page 749
•
config network multicast l2mcast, page 750
•
config network multicast mld, page 751
•
config network multicast mode multicast, page 752
•
config network multicast mode unicast, page 753
•
config network oeap-600 dual-rlan-ports, page 754
•
config network oeap-600 local-network, page 755
•
config network otap-mode, page 756
•
config network profiling, page 757
•
•
config opendns api-token , page 759
•
config opendns forced , page 760
•
config opendns profile, page 761
•
config pmipv6 domain, page 762
•
config pmipv6 add profile, page 763
•
config pmipv6 delete, page 765
•
config pmipv6 mag apn, page 766
•
config pmipv6 mag binding init-retx-time, page 767
•
config pmipv6 mag binding lifetime, page 768
•
config pmipv6 mag binding max-retx-time, page 769
•
config pmipv6 mag binding maximum, page 770
•
config pmipv6 mag binding refresh-time, page 771
Cisco Wireless Controller Command Reference, Release 8.4
583
•
config pmipv6 mag bri delay, page 772
•
config pmipv6 mag bri retries, page 773
•
config pmipv6 mag lma, page 774
•
config pmipv6 mag replay-protection, page 775
•
•
config policy action opendns-profile-name , page 777
•
config network rf-network-name, page 778
•
config network secureweb, page 779
•
config network secureweb cipher-option, page 780
•
•
config network telnet, page 783
•
config network usertimeout, page 784
•
config network web-auth captive-bypass, page 785
•
config network web-auth cmcc-support, page 786
•
config network web-auth port, page 787
•
config network web-auth proxy-redirect, page 788
•
config network web-auth secureweb, page 789
•
config network web-auth https-redirect, page 790
•
config network webmode, page 791
•
config network web-auth, page 792
•
config network zero-config, page 793
•
config network allow-old-bridge-aps, page 794
•
config network ap-discovery, page 795
•
config network ap-fallback, page 796
•
config network ap-priority, page 797
•
config network apple-talk, page 798
•
config network bridging-shared-secret, page 799
•
config network master-base, page 800
•
config network oeap-600 dual-rlan-ports, page 801
•
config network oeap-600 local-network, page 802
•
config network otap-mode, page 803
•
config network zero-config, page 804
•
config nmsp notify-interval measurement, page 805
584
Cisco Wireless Controller Command Reference, Release 8.4
•
•
config passwd-cleartext, page 807
•
•
config port adminmode, page 811
•
•
config port linktrap, page 813
•
config port multicast appliance, page 814
•
•
config qos average-data-rate, page 816
•
config qos average-realtime-rate, page 818
•
config qos burst-data-rate, page 820
•
config qos burst-realtime-rate, page 822
•
config qos description, page 824
•
•
config qos fastlane disable global, page 826
•
config qos max-rf-usage, page 827
•
config qos dot1p-tag, page 828
•
•
config qos protocol-type, page 831
•
config qos queue_length, page 832
•
•
config qos qosmap up-to-dscp-map, page 834
•
config qos qosmap dscp-to-up-exception, page 835
•
config qos qosmap delete-dscp-exception, page 836
•
config qos qosmap clear-all, page 837
•
config qos qosmap trust dscp upstream, page 838
Cisco Wireless Controller Command Reference, Release 8.4
585
config known ap config known ap
To configure a known Cisco lightweight access point, use the config known ap command.
config known ap {add | alert | delete} MAC
Syntax Description add alert delete
MAC
Adds a new known access point entry.
Generates a trap upon detection of the access point.
Deletes an existing known access point entry.
MAC address of the known Cisco lightweight access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to add a new access point entry ac:10:02:72:2f:bf on a known access point:
(Cisco Controller) >
config known ap add ac:10:02:72:2f:bf 12
586
Cisco Wireless Controller Command Reference, Release 8.4
config lag config lag
To enable or disable link aggregation (LAG), use the config lag command.
config lag {enable | disable}
Syntax Description enable disable
Enables the link aggregation (LAG) settings.
Disables the link aggregation (LAG) settings.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable LAG settings:
(Cisco Controller) >
config lag enable
Enabling LAG will map your current interfaces setting to LAG interface,
All dynamic AP Manager interfaces and Untagged interfaces will be deleted
All WLANs will be disabled and mapped to Mgmt interface
Are you sure you want to continue? (y/n)
You must now reboot for the settings to take effect.
The following example shows how to disable LAG settings:
(Cisco Controller) >
config lag disable
Disabling LAG will map all existing interfaces to port 1.
Are you sure you want to continue? (y/n)
You must now reboot for the settings to take effect.
Cisco Wireless Controller Command Reference, Release 8.4
587
config ldap config ldap
To configure the Lightweight Directory Access Protocol (LDAP) server settings, use the config ldap command.
config ldap {add | delete | enable | disable | retransmit-timeout | retry | user | security-mode | simple-bind}
index
config ldap add index server_ip_address port user_base user_attr user_type[ secure]
config ldap retransmit-timeout index retransmit-timeout
config ldap retry attempts
config ldap user {attr index user-attr | base index user-base | typeindex user-type}
config ldap security-mode {enable | disable}index
config ldap simple-bind {anonymous index | authenticated index username password}
Syntax Description add delete enable disable retransmit-timeout retry user security-mode simple-bind anonymous authenticated
index server_ip_address
Specifies that an LDAP server is being added.
Specifies that an LDAP server is being deleted.
Specifies that an LDAP serve is enabled.
Specifies that an LDAP server is disabled.
Changes the default retransmit timeout for an LDAP server.
Configures the retry attempts for an LDAP server.
Configures the user search parameters.
Configures the security mode.
Configures the local authentication bind method.
Allows anonymous access to the LDAP server.
Specifies that a username and password be entered to secure access to the LDAP server.
LDAP server index. The range is from 1 to 17.
IP address of the LDAP server.
588
Cisco Wireless Controller Command Reference, Release 8.4
config ldap
port user_base user_attr user_type
secure
retransmit-timeout attempts
attr base type
username password
Port number.
Distinguished name for the subtree that contains all of the users.
Attribute that contains the username.
ObjectType that identifies the user.
(Optional) Specifies that Transport Layer Security
(TLS) is used.
Retransmit timeout for an LDAP server. The range is from 2 to 30.
Number of attempts that each LDAP server is retried.
Configures the attribute that contains the username.
Configures the distinguished name of the subtree that contains all the users.
Configures the user type.
Username for the authenticated bind method.
Password for the authenticated bind method.
Command Default
None
Command History
Release
7.6
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The secure keyword was added to support secure
LDAP.
Usage Guidelines
When you enable secure LDAP, the controller does not validate the server certificate.
Examples
The following example shows how to enable LDAP server index 10:
(Cisco Controller) >
config ldap enable 10
Cisco Wireless Controller Command Reference, Release 8.4
589
config ldap
Related Commands config ldap add config ldap simple-bind show ldap summary
590
Cisco Wireless Controller Command Reference, Release 8.4
config local-auth active-timeout config local-auth active-timeout
To specify the amount of time in which the controller attempts to authenticate wireless clients using local
Extensible Authentication Protocol (EAP) after any pair of configured RADIUS servers fails, use the config
local-auth active-timeout command.
config local-auth active-timeout timeout
Syntax Description
timeout
Timeout measured in seconds. The range is from 1 to
3600.
Command Default
The default timeout value is 100 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to specify the active timeout to authenticate wireless clients using EAP to 500 seconds:
(Cisco Controller) >
config local-auth active-timeout 500
Related Commands clear stats local-auth config local-auth eap-profile config local-auth method fast config local-auth user-credentials debug aaa local-auth show local-auth certificates show local-auth config show local-auth statistics
Cisco Wireless Controller Command Reference, Release 8.4
591
config local-auth eap-profile config local-auth eap-profile
To configure local Extensible Authentication Protocol (EAP) authentication profiles, use the config local-auth
eap-profile command.
config local-auth eap-profile {[add | delete] profile_name | cert-issuer {cisco | vendor} | method method
local-cert {enable | disable} profile_name | method method client-cert {enable | disable} profile_name |
method method peer-verify ca-issuer {enable | disable} | method method peer-verify cn-verify{enable |
disable} | method method peer-verify date-valid {enable | disable}
Syntax Description add delete
profile_name
cert-issuer cisco vendor method
method
local-cert enable disable client-cert peer-verify
(Optional) Specifies that an EAP profile or method is being added.
(Optional) Specifies that an EAP profile or method is being deleted.
EAP profile name (up to 63 alphanumeric characters).
Do not include spaces within a profile name.
(For use with EAP-TLS, PEAP, or EAP-FAST with certificates) Specifies the issuer of the certificates that will be sent to the client. The supported certificate issuers are Cisco or a third-party vendor.
Specifies the Cisco certificate issuer.
Specifies the third-party vendor.
Configures an EAP profile method.
EAP profile method name. The supported methods are leap, fast, tls, and peap.
(For use with EAP-FAST) Specifies whether the device certificate on the controller is required for authentication.
Specifies that the parameter is enabled.
Specifies that the parameter is disabled.
(For use with EAP-FAST) Specifies whether wireless clients are required to send their device certificates to the controller in order to authenticate.
Configures the peer certificate verification options.
592
Cisco Wireless Controller Command Reference, Release 8.4
config local-auth eap-profile ca-issuer cn-verify date-valid
(For use with EAP-TLS or EAP-FAST with certificates) Specifies whether the incoming certificate from the client is to be validated against the Certificate
Authority (CA) certificates on the controller.
(For use with EAP-TLS or EAP-FAST with certificates) Specifies whether the common name
(CN) in the incoming certificate is to be validated against the CA certificates’ CN on the controller.
(For use with EAP-TLS or EAP-FAST with certificates) Specifies whether the controller is to verify that the incoming device certificate is still valid and has not expired.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to create a local EAP profile named FAST01:
(Cisco Controller) >
config local-auth eap-profile add FAST01
The following example shows how to add the EAP-FAST method to a local EAP profile:
(Cisco Controller) >
config local-auth eap-profile method add fast FAST01
The following example shows how to specify Cisco as the issuer of the certificates that will be sent to the client for an EAP-FAST profile:
(Cisco Controller) >
config local-auth eap-profile method fast cert-issuer cisco
The following example shows how to specify that the incoming certificate from the client be validated against the CA certificates on the controller:
(Cisco Controller) >
config local-auth eap-profile method fast peer-verify ca-issuer enable
Related Commands config local-auth active-timeout config local-auth method fast config local-auth user-credentials debug aaa local-auth show local-auth certificates
Cisco Wireless Controller Command Reference, Release 8.4
593
config local-auth eap-profile show local-auth config show local-auth statistics
594
Cisco Wireless Controller Command Reference, Release 8.4
config local-auth method fast config local-auth method fast
To configure an EAP-FAST profile, use the config local-auth method fast command.
config local-auth method fast {anon-prov [enable | disable] | authority-id auth_id pac-ttl days | server-key
key_value}
Syntax Description anon-prov enable disable authority-id
auth_id
pac-ttl
days
server-key
key_value
Configures the controller to allow anonymous provisioning, which allows PACs to be sent automatically to clients that do not have one during
Protected Access Credentials (PAC) provisioning.
(Optional) Specifies that the parameter is enabled.
(Optional) Specifies that the parameter is disabled.
Configures the authority identifier of the local
EAP-FAST server.
Authority identifier of the local EAP-FAST server (2 to 32 hexadecimal digits).
Configures the number of days for the Protected
Access Credentials (PAC) to remain viable (also known as the time-to-live [TTL] value).
Time-to-live value (TTL) value (1 to 1000 days).
Configures the server key to encrypt or decrypt PACs.
Encryption key value (2 to 32 hexadecimal digits).
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to disable the controller to allows anonymous provisioning:
(Cisco Controller) >
config local-auth method fast anon-prov disable
Cisco Wireless Controller Command Reference, Release 8.4
595
config local-auth method fast
The following example shows how to configure the authority identifier 0125631177 of the local EAP-FAST server:
(Cisco Controller) >
config local-auth method fast authority-id 0125631177
The following example shows how to configure the number of days to 10 for the PAC to remain viable:
(Cisco Controller) >
config local-auth method fast pac-ttl 10
Related Commands clear stats local-auth config local-auth eap-profile config local-auth active-timeout config local-auth user-credentials debug aaa local-auth show local-auth certificates show local-auth config show local-auth statistics
596
Cisco Wireless Controller Command Reference, Release 8.4
config local-auth user-credentials config local-auth user-credentials
To configure the local Extensible Authentication Protocol (EAP) authentication database search order for user credentials, use the config local-auth user credentials command.
config local-auth user-credentials {local [ldap] | ldap [local] }
Syntax Description local ldap
Specifies that the local database is searched for the user credentials.
(Optional) Specifies that the Lightweight Directory
Access Protocol (LDAP) database is searched for the user credentials.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The order of the specified database parameters indicate the database search order.
Examples
The following example shows how to specify the order in which the local EAP authentication database is searched:
(Cisco Controller) >
config local-auth user credentials local lda
In the above example, the local database is searched first and then the LDAP database.
Related Commands clear stats local-auth config local-auth eap-profile config local-auth method fast config local-auth active-timeout debug aaa local-auth show local-auth certificates show local-auth config show local-auth statistics
Cisco Wireless Controller Command Reference, Release 8.4
597
config lync-sdn config lync-sdn
To configure the Lync service, use the config lync-sdn command.
config lync-sdn {port port-number} | {enable | disable}
Syntax Description port
port-number
enable disable
Configures the Lync server port number.
Port number of the server.
Enables Lync service globally.
Disables Lync service globally.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to enable Lync service globally:
(Cisco Controller) >
config lync-sdn enable
598
Cisco Wireless Controller Command Reference, Release 8.4
config licensing config licensing
To switch between Cisco Smart Software Licensing and RTU licensing platform, use the config licensing command.
config licensing {rtu | smart-license} dns-server ip address
Syntax Description rtu smart-license dns-server
Right To Use license platform.
Cisco Smart Software License platform.
Configures smart software licensing dns server parameters
Command History
Release
8.2
Modification
This command was introduced.
Command Default
The Right To Use (RTU) is the default license mechanism in the device.
Examples
The following example shows how to activate Cisco Smart Software License on the controller:
(Cisco Controller) >
config licensing smart-license dns-server 209.165.200.224
Note
The controller needs to be rebooted to activate the change in the license platform.
Cisco Wireless Controller Command Reference, Release 8.4
599
config license boot config license boot
To specify the license level to be used on the next reboot of the Cisco 5500 Series Controller, use the config
license boot command.
config license boot {base | wplus | auto}
Syntax Description base wplus auto
Specifies the base boot level.
Specifies the wplus boot level.
Specifies the auto boot level.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
If you enter auto, the licensing software automatically chooses the license level to use on the next reboot. It generally chooses permanent licenses over evaluation licenses and wplus licenses over base licenses.
Note
If you are considering upgrading from a base license to a wplus license, you can try an evaluation wplus license before upgrading to a permanent wplus license. To activate the evaluation license, you need to set the image level to wplus in order for the controller to use the wplus evaluation license instead of the base permanent license.
Examples
Note
To prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the controller defaults to the same feature set level as the expired evaluation license. If no permanent license at the same feature set level is installed, the controller uses a permanent license at another level or an unexpired evaluation license.
The following example shows how to set the license boot settings to wplus:
(Cisco Controller) >
config license boot wplus
600
Cisco Wireless Controller Command Reference, Release 8.4
Related Commands license install show license in-use license modify priority config license boot
Cisco Wireless Controller Command Reference, Release 8.4
601
config load-balancing config load-balancing
To globally configure aggressive load balancing on the controller, use the config load-balancing command.
config load-balancing {window client_count | status {enable | disable} | denial denial_count}
config load-balancing uplink-threshold traffic_threshold
Syntax Description window
client_count
status enable disable denial
denial_count
uplink-threshold
traffic_threshold
Specifies the aggressive load balancing client window.
Aggressive load balancing client window with the number of clients from 1 to 20.
Sets the load balancing status.
Enables load balancing feature.
Disables load balancing feature.
Specifies the number of association denials during load balancing.
Maximum number of association denials during load balancing.
from 0 to 10.
Specifies the threshold traffic for an access point to deny new associations.
Threshold traffic for an access point to deny new associations. This value is a percentage of the WAN utilization measured over a 90 second interval. For example, the default threshold value of 50 triggers the load balancing upon detecting an utilization of 50% or more on an access point WAN interface.
Command Default
By default, the aggressive load balancing is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Load-balancing-enabled WLANs do not support time-sensitive applications like voice and video because of roaming delays.
602
Cisco Wireless Controller Command Reference, Release 8.4
config load-balancing
When you use Cisco 7921 and 7920 Wireless IP Phones with controllers, make sure that aggressive load balancing is disabled on the voice WLANs for each controller. Otherwise, the initial roam attempt by the phone might fail, causing a disruption in the audio path.
Clients can only be load balanced across access points joined to the same controller. The WAN utilization is calculated as a percentage using the following formula: (Transmitted Data Rate (per second) + Received Data
Rate (per second))/(1000Mbps TX + 1000Mbps RX) * 100
Examples
The following example shows how to enable the aggressive load-balancing settings:
(Cisco Controller) >
config load-balancing aggressive enable
Related Commands show load-balancing config wlan load-balance
Cisco Wireless Controller Command Reference, Release 8.4
603
config location config location
To configure a location-based system, use the config location command.
config location {algorithm {simple | rssi-average} | {rssi-half-life | expiry} [client | calibrating-client |
tags | rogue-aps] seconds | notify-threshold [client | tags | rogue-aps] threshold | interface-mapping {add
| delete} location wlan_id interface_name | plm {client {enable | disable} burst_interval | calibrating
{enable | disable} {uniband | multiband}}}
Syntax Description algorithm simple rssi-average rssi-half-life expiry client calibrating-client tags rogue-aps
seconds
notify-threshold
threshold
interface-mapping
wlan_id interface_name
Note
We recommend that you do not use or modify the config location
algorithm command. It is set to optimal default values.
Configures the algorithm used to average RSSI and SNR values.
Specifies a faster algorithm that requires low CPU overhead but provides less accuracy.
Specifies a more accurate algorithm but requires more CPU overhead.
Note
We recommend that you do not use or modify the config location
rssi-half-life command. It is set to optimal default values.
Configures the half-life when averaging two RSSI readings.
Note
We recommend that you do not use or modify the config location expiry command. It is set to optimal default values.
Configures the timeout for RSSI values.
(Optional) Specifies the parameter applies to client devices.
(Optional) Specifies the parameter is used for calibrating client devices.
(Optional) Specifies the parameter applies to radio frequency identification (RFID) tags.
(Optional) Specifies the parameter applies to rogue access points.
Time value (0, 1, 2, 5, 10, 20, 30, 60, 90, 120, 180, 300 seconds).
Note
We recommend that you do not use or modify the config location
notify-threshold command. It is set to optimal default values.
Specifies the NMSP notification threshold for RSSI measurements.
Threshold parameter. The range is 0 to 10 dB, and the default value is 0 dB.
Adds or deletes a new location, wireless LAN, or interface mapping element.
WLAN identification name.
Name of interface to which mapping element applies.
604
Cisco Wireless Controller Command Reference, Release 8.4
config location plm client
burst_interval
calibrating uniband multiband
Specifies the path loss measurement (S60) request for normal clients or calibrating clients.
Specifies normal, noncalibrating clients.
Burst interval. The range is from 1 to 3600 seconds, and the default value is 60 seconds.
Specifies calibrating clients.
Specifies the associated 802.11a or 802.11b/g radio (uniband).
Specifies the associated 802.11a/b/g radio (multiband).
Command Default
See the “Syntax Description” section for default values of individual arguments and keywords.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to specify the simple algorithm for averaging RSSI and SNR values on a location-based controller:
(Cisco Controller) >
config location algorithm simple
Related Commands config location info rogue clear location rfid clear location statistics rfid show location show location statistics rfid
Cisco Wireless Controller Command Reference, Release 8.4
605
config location info rogue config location info rogue
To configure info-notification for rogue service, use the config location info rogue command.
config location info rogue {basic | extended}
Syntax Description basic extended
Configures basic rogue parameters such as mode, class, containmentlevel, numclients, firsttime, lasttime, ssid, and so on, for rogue info-notification service.
Note
Configure the basic parameters if the version of Cisco MSE is older than the version of the Cisco WLC.
Configures extended rogue parameters, which is basic parameters plus security type, detecting LRAD type, and so on, for rogue info-notification service.
Command History
Release
8.0
Modification
This command was introduced.
606
Cisco Wireless Controller Command Reference, Release 8.4
config logging buffered config logging buffered
To set the severity level for logging messages to the controller buffer, use the config logging buffered command.
config logging buffered security_level
Syntax Description
security_level
Security level. Choose one of the following:
• emergencies—Severity level 0
• alerts—Severity level 1
• critical—Severity level 2
• errors—Severity level 3
• warnings—Severity level 4
• notifications—Severity level 5
• informational—Severity level 6
• debugging—Severity level 7
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the controller buffer severity level for logging messages to 4:
(Cisco Controller) >
config logging buffered 4
Related Commands config logging syslog facility config logging syslog level show logging
Cisco Wireless Controller Command Reference, Release 8.4
607
config logging console config logging console
To set the severity level for logging messages to the controller console, use the config logging console command.
config logging console security_level
Syntax Description
security_level
Severity level. Choose one of the following:
• emergencies—Severity level 0
• alerts—Severity level 1
• critical—Severity level 2
• errors—Severity level 3
• warnings—Severity level 4
• notifications—Severity level 5
• informational—Severity level 6
• debugging—Severity level 7
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the controller console severity level for logging messages to 3:
(Cisco Controller) >
config logging console 3
Related Commands config logging syslog facility config logging syslog level show logging
608
Cisco Wireless Controller Command Reference, Release 8.4
config logging debug config logging debug
To save debug messages to the controller buffer, the controller console, or a syslog server, use the config
logging debug command.
config logging debug {buffered | console | syslog} {enable | disable}
Syntax Description buffered console syslog enable disable
Saves debug messages to the controller buffer.
Saves debug messages to the controller console.
Saves debug messages to the syslog server.
Enables logging of debug messages.
Disables logging of debug messages.
Command Default
The console command is enabled and the buffered and syslog commands are disabled by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to save the debug messages to the controller console:
(Cisco Controller) >
config logging debug console enable
Related Commands show logging
Cisco Wireless Controller Command Reference, Release 8.4
609
config logging fileinfo config logging fileinfo
To cause the controller to include information about the source file in the message logs or to prevent the controller from displaying this information, use the config logging fileinfo command.
config logging fileinfo {enable | disable}
Syntax Description enable disable
Includes information about the source file in the message logs.
Prevents the controller from displaying information about the source file in the message logs.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the controller to include information about the source file in the message logs:
(Cisco Controller) >
config logging fileinfo enable
Related Commands show logging
610
Cisco Wireless Controller Command Reference, Release 8.4
config logging procinfo config logging procinfo
To cause the controller to include process information in the message logs or to prevent the controller from displaying this information, use the config logging procinfo command.
config logging procinfo {enable | disable}
Syntax Description enable disable
Includes process information in the message logs.
Prevents the controller from displaying process information in the message logs.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the controller to include the process information in the message logs:
(Cisco Controller) >
config logging procinfo enable
Related Commands show logging
Cisco Wireless Controller Command Reference, Release 8.4
611
config logging traceinfo config logging traceinfo
To cause the controller to include traceback information in the message logs or to prevent the controller from displaying this information, use the config logging traceinfo command.
config logging traceinfo {enable | disable}
Syntax Description enable disable
Includes traceback information in the message logs.
Prevents the controller from displaying traceback information in the message logs.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to disable the controller to include the traceback information in the message logs:
(Cisco Controller) >
config logging traceinfo disable
Related Commands show logging
612
Cisco Wireless Controller Command Reference, Release 8.4
config logging syslog host config logging syslog host
To configure a remote host for sending syslog messages, use the config logging syslog host command.
config logging syslog host ip_addr
Syntax Description
ip_addr
IP address for the remote host.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Usage Guidelines
Examples
• To configure a remote host for sending syslog messages, use the config logging syslog host ip_addr command.
• To remove a remote host that was configured for sending syslog messages, use the config logging syslog
host ip_addr delete command.
• To display the configured syslog servers on the controller, use the show logging command.
The following example shows how to configure two remote hosts 10.92.125.52 and 2001:9:6:40::623 for sending the syslog messages and displaying the configured syslog servers on the controller:
(Cisco Controller) >
config logging syslog host 10.92.125.52
System logs will be sent to 10.92.125.52 from now on
(Cisco Controller) >
config logging syslog host 2001:9:6:40::623
System logs will be sent to 2001:9:6:40::623 from now on
(Cisco Controller) >
show logging
Logging to buffer :
- Logging of system messages to buffer :
- Logging filter level.......................... errors
- Number of system messages logged.............. 1316
- Number of system messages dropped............. 6892
- Logging of debug messages to buffer ........... Disabled
- Number of debug messages logged............... 0
- Number of debug messages dropped.............. 0
- Cache of logging ............................. Disabled
- Cache of logging time(mins) ................... 10080
- Number of over cache time log dropped ........ 0
Logging to console :
- Logging of system messages to console :
Cisco Wireless Controller Command Reference, Release 8.4
613
config logging syslog host
- Logging filter level.......................... disabled
- Number of system messages logged.............. 0
- Number of system messages dropped............. 8243
- Logging of debug messages to console .......... Enabled
- Number of debug messages logged............... 0
- Number of debug messages dropped.............. 0
Logging to syslog :
- Syslog facility................................ local0
- Logging of system messages to console :
- Logging filter level.......................... disabled
- Number of system messages logged.............. 0
- Number of system messages dropped............. 8208
- Logging of debug messages to console .......... Enabled
- Number of debug messages logged............... 0
- Number of debug messages dropped.............. 0
- Logging of system messages to syslog :
- Logging filter level.......................... errors
- Number of system messages logged.............. 1316
- Number of system messages dropped............. 6892
- Logging of debug messages to syslog ........... Disabled
- Number of debug messages logged............... 0
- Number of debug messages dropped.............. 0
- Number of remote syslog hosts.................. 2
- syslog over tls................................ Disabled
- Host 0....................................... 10.92.125.52
- Host 1....................................... 2001:9:6:40::623
- Host 2.......................................
Logging of RFC 5424.............................. Disabled
Logging of Debug messages to file :
- Logging of Debug messages to file.............. Disabled
- Number of debug messages logged................ 0
- Number of debug messages dropped............... 0
Logging of traceback............................. Enabled
The following example shows how to remove two remote hosts 10.92.125.52 and 2001:9:6:40::623 that were configured for sending syslog messages and displaying that the configured syslog servers were removed from the controller:
(Cisco Controller) >
config logging syslog host 10.92.125.52 delete
System logs will not be sent to 10.92.125.52 anymore
(Cisco Controller) >
config logging syslog host 2001:9:6:40::623 delete
System logs will not be sent to 2001:9:6:40::623 anymore
(Cisco Controller) >
show logging
Logging to buffer :
- Logging of system messages to buffer :
- Logging filter level.......................... errors
- Number of system messages logged.............. 1316
- Number of system messages dropped............. 6895
- Logging of debug messages to buffer ........... Disabled
- Number of debug messages logged............... 0
- Number of debug messages dropped.............. 0
- Cache of logging ............................. Disabled
- Cache of logging time(mins) ................... 10080
- Number of over cache time log dropped ........ 0
Logging to console :
- Logging of system messages to console :
- Logging filter level.......................... disabled
- Number of system messages logged.............. 0
- Number of system messages dropped............. 8211
- Logging of debug messages to console .......... Enabled
- Number of debug messages logged............... 0
- Number of debug messages dropped.............. 0
Logging to syslog :
- Syslog facility................................ local0
- Logging of system messages to syslog :
- Logging filter level.......................... errors
- Number of system messages logged.............. 1316
- Number of system messages dropped............. 6895
- Logging of debug messages to syslog ........... Disabled
614
Cisco Wireless Controller Command Reference, Release 8.4
- Number of debug messages logged............... 0
- Number of debug messages dropped.............. 0
- Number of remote syslog hosts.................. 0
- syslog over tls................................ Disabled
- Host 0.......................................
- Host 1.......................................
- Host 2.......................................
Logging of RFC 5424.............................. Disabled
Logging of Debug messages to file :
- Logging of Debug messages to file.............. Disabled
- Number of debug messages logged................ 0
- Number of debug messages dropped............... 0
Logging of traceback............................. Enabled
- Traceback logging level........................ errors
Logging of source file informational............. Enabled
Timestamping of messages.........................
- Timestamping of system messages................ Enabled
- Timestamp format.............................. Date and Time
config logging syslog host
Cisco Wireless Controller Command Reference, Release 8.4
615
config logging syslog facility config logging syslog facility
To set the facility for outgoing syslog messages to the remote host, use the config logging syslog facility command.
config logging syslog facility facility_code
Syntax Description
facility_code
Facility code. Choose one of the following:
• authorization—Authorization system. Facility level—4.
• auth-private—Authorization system (private). Facility level—10.
• cron—Cron/at facility. Facility level—9.
• daemon—System daemons. Facility level—3.
• ftp—FTP daemon. Facility level—11.
• kern—Kernel. Facility level—0.
• local0—Local use. Facility level—16.
• local1—Local use. Facility level—17.
• local2—Local use. Facility level—18.
• local3—Local use. Facility level—19.
• local4—Local use. Facility level—20.
• local5—Local use. Facility level—21.
• local6—Local use. Facility level—22.
• local7—Local use. Facility level—23.
• lpr—Line printer system. Facility level—6.
• mail—Mail system. Facility level—2.
• news—USENET news. Facility level—7.
• sys12—System use. Facility level—12.
• sys13—System use. Facility level—13.
• sys14—System use. Facility level—14.
• sys15—System use. Facility level—15.
• syslog—The syslog itself. Facility level—5.
• user—User process. Facility level—1.
• uucp—UNIX-to-UNIX copy system. Facility level—8.
616
Cisco Wireless Controller Command Reference, Release 8.4
config logging syslog facility
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the facility for outgoing syslog messages to authorization:
(Cisco Controller) >
config logging syslog facility authorization
Related Commands config logging syslog host config logging syslog level show logging
Cisco Wireless Controller Command Reference, Release 8.4
617
config logging syslog facility client config logging syslog facility client
To configure the syslog facility to AP, use the config logging syslog facility client { assocfail Dot11 | associate
Dot11 | authentication | authfail Dot11 | deauthenticate Dot11 | disassociate Dot11 | exclude}{ enable |
disable} command.
config logging syslog facility Client
Syntax Description
Client
Facility Client. Has the following functions:
• assocfail Dot11—Association fail syslog for clients
• associate Dot11—Association syslog for clients
• authentication—Authentication success syslog for clients
• authfail Dot11—Authentication fail syslog for clients
• deauthenticate Dot11—Deauthentication syslog for clients
• disassociate Dot11—Disassociation syslog for clients
• excluded—Excluded syslog for clients
Command Default
None
Command History
Release
7.5
Modification
This command was introduced in a release earlier than Release 7.5.
Examples
The following example shows how to set the facility syslog facility for client: cisco controller
config logging syslog facility client
Related Commands show logging flags client
618
Cisco Wireless Controller Command Reference, Release 8.4
config logging syslog facility ap config logging syslog facility ap
To configure the syslog facility to AP, use the config logging syslog facility ap{ associate | disassociate}{
enable | disable} command.
config logging syslog facility AP
Syntax Description
AP
Facility AP. Has the following functions:
• associate—Association syslog for AP
• disassociate—Disassociation syslog for AP
Command Default
None
Command History
Release
7.5
Modification
This command was introduced in a release earlier than Release 7.5.
Examples
The following example shows how to configure syslog facility for AP: cisco controller
config logging syslog facility ap
Related Commands show logging flags ap
Cisco Wireless Controller Command Reference, Release 8.4
619
config logging syslog level config logging syslog level
To set the severity level for filtering syslog messages to the remote host, use the config logging syslog level command.
config logging syslog level severity_level
Syntax Description
severity_level
Severity level. Choose one of the following:
• emergencies—Severity level 0
• alerts—Severity level 1
• critical—Severity level 2
• errors—Severity level 3
• warnings—Severity level 4
• notifications—Severity level 5
• informational—Severity level 6
• debugging—Severity level 7
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the severity level for syslog messages to 3:
(Cisco Controller) >
config logging syslog level 3
Related Commands config logging syslog host config logging syslog facility show logging
620
Cisco Wireless Controller Command Reference, Release 8.4
config loginsession close config loginsession close
To close all active Telnet sessions, use the config loginsession close command.
config loginsession close {session_id | all}
Syntax Description
session_id
all
ID of the session to close.
Closes all Telnet sessions.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to close all active Telnet sessions:
(Cisco Controller) >
config loginsession close all
Related Commands show loginsession
Cisco Wireless Controller Command Reference, Release 8.4
621
config macfilter config macfilter
To create or delete a MAC filter entry on the Cisco wireless LAN controller, use the config macfilter {add
|delete}command.
config macfilter {add client_MAC wlan_id [interface_name] [description] [macfilter_IP] | delete client_MAC}
Syntax Description add delete
MAC_addr wlan_id interface_name description
IP Address
Adds a MAC filter entry on the controller.
Deletes a MAC filter entry on the controller.
Client MAC address.
Wireless LAN identifier with which the MAC filter entry should associate. A zero value associates the entry with any wireless LAN.
(Optional) Name of the interface. Enter 0 to specify no interface.
(Optional) Short description of the interface (up to 32 characters) in double quotes.
Note
A description is mandatory if macfilterIP is specified.
(Optional) IPv4 address of the local MAC filter database.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Use the config macfilter add command to add a client locally to a wireless LAN on the Cisco wireless LAN controller. This filter bypasses the RADIUS authentication process.
As on release 7.6, the optional macfilter_IP supports only IPv4 address.
622
Cisco Wireless Controller Command Reference, Release 8.4
config macfilter
Examples
The following example shows how to add a MAC filter entry 00:E0:77:31:A3:55 with the wireless LAN ID
1, interface name labconnect, and MAC filter IP 10.92.125.51 on the controller:
(Cisco Controller) >
config macfilter add 00:E0:77:31:A3:55 1 lab02
“labconnect” 10.92.125.51
Related Commands show macfilter config macfilter ip-address
Cisco Wireless Controller Command Reference, Release 8.4
623
config macfilter description config macfilter description
To add a description to a MAC filter, use the config macfilter description command.
config macfilter description MAC addrdescription
Syntax Description
MAC addr description
Client MAC address.
(Optional) Description within double quotes (up to
32 characters).
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the description MAC filter 01 to MAC address
11:11:11:11:11:11:
(Cisco Controller) >
config macfilter description 11:11:11:11:11:11
“MAC Filter 01”
Related Commands show macfilter
624
Cisco Wireless Controller Command Reference, Release 8.4
config macfilter interface config macfilter interface
To create a MAC filter client interface, use the config macfilter interface command.
config macfilter interface MAC_addr interface
Syntax Description
MAC addr interface
Client MAC address.
Interface name. A value of zero is equivalent to no name.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure a MAC filer interface Lab01 on client 11:11:11:11:11:11:
(Cisco Controller) >
config macfilter interface 11:11:11:11:11:11 Lab01
Related Commands show macfilter
Cisco Wireless Controller Command Reference, Release 8.4
625
config macfilter ip-address config macfilter ip-address
To enter passive client IP address , use the config macfilter ip-address command.
config macfilterip-address MAC_addr IP Address
Syntax Description
MAC_addr
IP Address
MAC address of the client.
Adds an IP address for passive clients.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports only IPv4.
Examples
The following example shows how to add an IP address for a passive client:
(Cisco Controller) >
config macfilter ip-address aa-bb-cc-dd-ee-ff 10.92.125.51
Related Commands show macfilter
626
Cisco Wireless Controller Command Reference, Release 8.4
config macfilter mac-delimiter config macfilter mac-delimiter
To set the MAC delimiter (colon, hyphen, none, and single-hyphen) for MAC addresses sent to RADIUS servers, use the config macfilter mac-delimiter command.
config macfilter mac-delimiter {none | colon | hyphen | single-hyphen}
Syntax Description none colon hyphen single-hyphen
Disables the delimiters (for example, xxxxxxxxxx).
Sets the delimiter to a colon (for example, xx:xx:xx:xx:xx:xx).
Sets the delimiter to a hyphen (for example, xx-xx-xx-xx-xx-xx).
Sets the delimiter to a single hyphen (for example, xxxxxx-xxxxxx).
Command Default
The default delimiter is hyphen.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to have the operating system send MAC addresses to the RADIUS server in the form aa:bb:cc:dd:ee:ff:
(Cisco Controller) >
config macfilter mac-delimiter colon
The following example shows how to have the operating system send MAC addresses to the RADIUS server in the form aa-bb-cc-dd-ee-ff:
(Cisco Controller) >
config macfilter mac-delimiter hyphen
The following example shows how to have the operating system send MAC addresses to the RADIUS server in the form aabbccddeeff:
(Cisco Controller) >
config macfilter mac-delimiter none
Related Commands show macfilter
Cisco Wireless Controller Command Reference, Release 8.4
627
config macfilter radius-compat config macfilter radius-compat
To configure the Cisco wireless LAN controller for compatibility with selected RADIUS servers, use the
config macfilter radius-compat command.
config macfilter radius-compat {cisco | free | other}
Syntax Description cisco free other
Configures the Cisco ACS compatibility mode
(password is the MAC address of the server).
Configures the Free RADIUS server compatibility mode (password is secret).
Configures for other server behaviors (no password is necessary).
Command Default
Other
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports only IPv4.
Examples
The following example shows how to configure the Cisco ACS compatibility mode to “other”:
(Cisco Controller) >
config macfilter radius-compat other
Related Commands show macfilter
628
Cisco Wireless Controller Command Reference, Release 8.4
config macfilter wlan-id config macfilter wlan-id
To modify a wireless LAN ID for a MAC filter, use the config macfilter wlan-id command.
config macfilter wlan-id MAC_addr WLAN_id
Syntax Description
MAC addr
WLAN_id
Client MAC address.
Wireless LAN identifier to associate with. A value of zero is not allowed.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to modify client wireless LAN ID 2 for a MAC filter 11:11:11:11:11:11:
(Cisco Controller) >
config macfilter wlan-id 11:11:11:11:11:11 2
Related Commands show macfilter show wlan
Cisco Wireless Controller Command Reference, Release 8.4
629
config mdns ap config mdns ap
To configure multicast Domain Name System (mDNS) snooping on an access point, use the config mdns ap command.
config mdns ap {enable {ap_name | all} [vlan vlan_id] | disable {ap_name | all} | vlan {add | delete} vlan
ap_name}
Syntax Description enable
ap_name
all vlan
vlan_id
disable add delete
Enables mDNS snooping on an access point.
Name of the access point on which mDNS snooping has to be configured.
Configures mDNS snooping on all access points.
(Optional) Configures the VLAN on which the access point snoops and forwards the mDNS packets.
VLAN identifier.
Disables mDNS snooping on an access point.
Adds a VLAN from which the access point snoops and forwards the mDNS packets to the Cisco Wireless LAN Controller (WLC). You can configure up to 10 VLANs for an mDNS access point.
Deletes a VLAN from which the access point snoops and forwards the mDNS packets to the Cisco WLC.
Command Default
The mDNS-enabled access point snoops the access or native VLANs by default.
Command History
Release
7.5
Modification
This command was introduced.
Usage Guidelines
Enabling mDNS snooping on access points allows the access points to snoop the wired services on VLANs that are invisible to the Cisco WLC. mDNS snooping is supported only on local-mode and monitor-mode access points. The access point must be in the access mode or trunk mode. If the access point is in the trunk mode, you must configure the VLAN on the Cisco WLC on which the access point snoops and forwards the mDNS packets. You must also configure the native VLAN from the Cisco WLC for the access point to snoop and send mDNS queries on. The access point also tags the packets with the native VLAN.
Global mDNS snooping overrides mDNS access point snooping.
630
Cisco Wireless Controller Command Reference, Release 8.4
config mdns ap
Examples
The following example shows how to enable mDNS snooping on an access point and the VLAN on which it must snoop for mDNS packets:
(Cisco Controller) >
config mdns ap enable vlan 1
Cisco Wireless Controller Command Reference, Release 8.4
631
config mdns profile config mdns profile
To configure a multicast DNS (mDNS) profile and associate a service with the profile, use the config mdns
profile command.
config mdns profile {create | delete | service {add | delete} service _name profile_name
Syntax Description create delete service add delete
service -name profile_name
Creates an mDNS profile.
Deletes an mDNS profile. If the profile is associated to an interface group, an interface, or a WLAN, an error appears.
Configures an mDNS service.
Adds an mDNS service to an mDNS profile.
Deletes an mDNS service from an mDNS profile.
Name of the mDNS service.
Name of the mDNS profile. You can create a maximum of 16 profiles.
Command Default
By default, the controller has an mDNS profile, default-mdns-profile. You cannot delete this default profile.
Command History
Release
7.4
Modification
This command was introduced.
Usage Guidelines
After creating a new profile, you must map the profile to an interface group, an interface, or a WLAN. Clients receive service advertisements only for the services associated with the profile. The controller gives the highest priority to the profiles associated to interface groups, followed by the interface profiles, and then the WLAN profiles. Each client is mapped to a profile based on the order of priority.
By default, the controller has an mDNS profile, default-mdns-profile. You cannot delete this default profile.
Examples
The following example shows how to add the Apple TV mDNS service to the mDNS profile1.
(Cisco Controller) >
config mdns profile create profile1 Apple TV
Related Commands config mdns query interval config mdns service
632
Cisco Wireless Controller Command Reference, Release 8.4
config mdns snooping config interface mdns-profile config interface group mdns-profile config wlan mdns show mdns profile show mnds service clear mdns service-database debug mdns all debug mdns error debug mdns detail debug mdns message config mdns profile
Cisco Wireless Controller Command Reference, Release 8.4
633
config mdns query interval config mdns query interval
To configure the query interval for multicast DNS (mDNS) services, use the config mdns query interval command.
config mdns query interval interval_value
Syntax Description
interval_value
mDNS query interval, in minutes, that you can set. The query interval is the frequency at which the controller sends periodic queries to all the services defined in the Master
Services database. The range is from 10 to 120.
Command Default
The default query interval for an mDNS service is 15 minutes.
Command History
Release
7.4
Modification
This command was introduced.
Usage Guidelines
The controller snoops and learns about the mDNS service advertisements only if the service is available in the Master Services database. mDNS uses the multicast IP address 224.0.0.251 as the destination address and
5353 as UDP destination port.
Examples
The following example shows how to configure the query interval for mDNS services as 20 minutes.
(Cisco Controller) >
config mdns query interval 20
Related Commands config mdns profile config mdns service config mdns snooping config interface mdns-profile config interface group mdns-profile config wlan mdns show mdns profile show mnds service clear mdns service-database debug mdns all debug mdns error
634
Cisco Wireless Controller Command Reference, Release 8.4
debug mdns detail debug mdns message config mdns query interval
Cisco Wireless Controller Command Reference, Release 8.4
635
config mdns service config mdns service
To configure multicast DNS (mDNS) services in the master services database, use the config mdns service command.
The following command is valid in Release 7.5 and later releases:
config mdns service {create service_name service_string origin {Wireless | Wired | All} lss {enable |
disable} [query {enable | disable}] | lss {enable | disable} {service_name | all} | priority-mac {add |
delete} priority-mac service_name [ap-group ap-group-name] | origin {Wireless | Wired | All} {service_name
| all}}
Syntax Description create
service_name service_string
delete query enable disable origin
Wireless
Wired
All lss all priority-mac
Adds a new mDNS service to the Master Services database.
Name of the mDNS service, for example, Air Tunes, iTunes Music Sharing,
FTP, Apple File Sharing Protocol (AFP).
Unique string associated to an mDNS service, for example,
_airplay._tcp.local. is the service string associated with Apple TV.
Deletes an mDNS service from the Master Services database. Before deleting the service, the controller checks if any profile is using the service.
Note
You must delete the service from all profiles before deleting it.
Configures the query status for the mDNS service.
Enables periodic query for an mDNS service by the controller.
Disables periodic query for an mDNS service by the controller.
Configures the origin of the mDNS service. You can restrict the origin of the service as wired or wireless.
Configures the origin of the mDNS service as wireless.
Configures the origin of the mDNS service as wired.
Configures the origin of the mDNS service as wireless or wired.
Configures Location Specific Services (LSS) for a service or all mDNS services. LSS is not applicable for registered service providers. The registered service providers are always included if the querying client corresponds to the user. You cannot configure LSS on the services configured as only wired.
Configures LSS for all mDNS services.
Configures the MAC address of a service provider device. This device gets a priority even if the service provider database is full.
636
Cisco Wireless Controller Command Reference, Release 8.4
config mdns service add delete
priority-mac
ap-group
ap-group-name
Adds the MAC address of a service provider device for priority.
You can configure up to 50 MAC addresses for a service.
Deletes the MAC address of a service provider device from the priority list.
MAC address of a service provider device that needs priority. The MAC address must be unique for each service.
Configures the access point group for wired service providers. These service providers get priority over others. When a client mNDS query originates from this AP group, the wired entries with priority MAC addresses and access point groups are listed first in the aggregated response.
Name of the access point group to which the service provider belongs.
Command Default
By default, LSS is disabled, but it is enabled for all the discovered services.
Command History
Release
7.4
7.5
Modification
This command was introduced.
This command was modified. The origin, Wireless, Wired, All, lss, priority-mac,
add, delete, ap-group keywords and priority-mac ap-group-name arguments were added.
Usage Guidelines
In Release 7.5 and later releases, the maximum number of service providers for different controller models are as follows:
• Cisco 5500 Series Controller and Cisco 2500 Series Controller—6400
• Cisco Wireless Services Module 2—6400
• Cisco 8500 Series Controller and Cisco 7500 Series Controller—16000
You cannot change the services with the origin set to Wireless to Wired if LSS is enabled for the service.
Examples
The following example shows how to add the HTTP mDNS service to the Master Services database, configure the origin as wireless, and enable LSS for the service:
(Cisco Controller) >
config mdns service create http _http._tcp.local. origin wireless lss enable
Cisco Wireless Controller Command Reference, Release 8.4
637
config mdns service
The following example shows how to add a priority MAC address of a HTTP service provider device:
(Cisco Controller) >
config mdns service priority-mac add 44:03:a7:a3:04:45 http
638
Cisco Wireless Controller Command Reference, Release 8.4
config mdns snooping config mdns snooping
To enable or disable global multicast DNS (mDNS) snooping on the Cisco WLC, use the config mdns
snooping command.
config mdns snooping {enable | disable}
Syntax Description enable disable
Enables mDNS snooping on the Cisco WLC.
Disables mDNS snooping on the Cisco WLC.
Command Default
By default, mDNS snooping is enabled on the Cisco WLC.
Command History
Release
7.4
Modification
This command was introduced.
Usage Guidelines
mDNS service discovery provides a way to announce and discover services on the local network. mDNS perform DNS queries over IP multicast. mDNS supports zero configuration IP networking.
Examples
The following example shows how to enable mDNS snooping:
(Cisco Controller) >
config mdns snooping enable
Related Commands config mdns query interval config mdns service config mdns profile config interface mdns-profile config interface group mdns-profile config wlan mdns show mdns profile show mnds service clear mdns service-database debug mdns all debug mdns error debug mdns detail
Cisco Wireless Controller Command Reference, Release 8.4
639
config mdns snooping debug mdns message
640
Cisco Wireless Controller Command Reference, Release 8.4
config mdns policy enable config mdns policy enable
To configure the mDNS policy use the config mdns policy enable | disable command.
config mdnspolicyenable | disable
Syntax Description policy enable disable
Name of the mDNS policy.
Enables the policy for an mDNS service by the controller.
Disables the policy for an mDNS service by the controller.
Command Default
None
Command History
Release
8.0
Modification
This command was introduced.
Usage Guidelines
This command is valid for 8.0 release onwards.
Examples
The following example show how to configure the mDNS policy.
(Cisco Controller) >
config mdns policy enable
Cisco Wireless Controller Command Reference, Release 8.4
641
config mdns policy service-group config mdns policy service-group
To create or delete mDNS policy service group use the config mdns policy service-group command.
config mdns policy service-group {create | delete} service-group-name
Syntax Description create delete
service-group-name
Creates the mDNS service group.
Deletes the mDNS service group.
Name of the service group.
Command Default
None
Command History
Examples
Release
8.0
Modification
This command was introduced.
The following example shows how to delete a mDNS service group.
(Cisco Controller) >
config mdns policy service-group create <service-group-name>
642
Cisco Wireless Controller Command Reference, Release 8.4
config mdns policy service-group parameters config mdns policy service-group parameters
To configure the parameters of a service group, use the config mdns policy service-group command.
config mdnspolicyservice-group device-mac add service-group-name mac-addr device name location-type
[AP_LOCATION | AP_NAME |AP_GROUP] device-location [location string |any | same]
Syntax Description device-mac add
service-group-name device-name
location type
[AP_LOCATION | AP_NAME |
AP_GROUP]
device-location
[location string |any | same]
Configures MAC address of a service provider device.
Adds the service group name of the service provider device.
Name of a mDNS service group.
Name of a device to which the service provider belongs.
Configures a location type of a service provider device.
Name, location, group of the access point.
Configures location of a device to which the service provider belongs.
location string of a device.
Command Default
None
Command History
Release
8.0
Examples
Modification
This command was introduced.
The following example shows how to configure a location type of a service provider device.
(Cisco Controller) >
config mdns policy service-group location type [AP_LOCATION | AP_NAME
| AP_GROUP]
Cisco Wireless Controller Command Reference, Release 8.4
643
config mdns policy service-group user-name config mdns policy service-group user-name
To configure a user role for a mDNS service group, use the config mdns policy service-group user-name
add | delete <service-group-name> <user-role-name>command
config mdnspolicyservice-groupuser-nameadd | deleteservice-group-name user-name
Syntax Description user-name
service-group-name user-name
Configures name of a user for mDNS service group.
Name of a mDNS service group
Name of the user role for mDNS service group
Command Default
None
Command History
Examples
Release
8.0
Modification
This command was introduced.
The following example show how to add user name for a mDNS service group
(Cisco Controller) >
config mdns policy service-group user-name add <service-group-name>
<user-role-name>
644
Cisco Wireless Controller Command Reference, Release 8.4
config mdns policy service-group user-role config mdns policy service-group user-role
To configure a user role for a mDNS service group, use the config mdns policy service-group user-role add
| delete <service-group-name> <user-role-name>command.
config mdnspolicyservice-groupuser-roleadd | deleteservice-group-name user-role-name
Syntax Description user-role
service-group-name user-role-name
Configures a user role for mDNS service group.
Name of a mDNS service group
Name of the user role for mDNS service group
Command Default
None
Command History
Examples
Release
8.0
Modification
This command was introduced.
The following example show how to add user role details for a mDNS service group
(Cisco Controller) >
config mdns policy service-group user-role add <service-group-name>
<user-role-name>
Cisco Wireless Controller Command Reference, Release 8.4
645
config media-stream multicast-direct config media-stream multicast-direct
To configure the media-stream multicast direct, use the config media-stream multicast direct command.
config media-stream multicast-direct {enable | disable}
Syntax Description enable disable
Enables a media stream.
Disables a media stream.
Command Default
None.
Usage Guidelines
Media-stream multicast-direct requires load based Call Admission Control (CAC) to run.
Examples
This example shows how to enable media-stream multicast-direct settings:
>
config media-stream multicast-direct enable
This example shows how to disable media-stream multicast-direct settings:
>
config media-stream multicast-direct disable
Related Commands config 802.11 media-stream video-redirect show 802.11a media-stream name show media-stream group summary show media-stream group detail
646
Cisco Wireless Controller Command Reference, Release 8.4
config media-stream message config media-stream message
To configure various parameters of message configuration, use the config media-stream message command.
config media-stream message {state [enable | disable] | url url | email email | phone phone_number |note
note}
Syntax Description state enable disable url
url
phone
phone_number
note
note
Specifies the media stream message state.
(Optional) Enables the session announcement message state.
(Optional) Disables the session announcement message state.
Configures the URL.
Session announcement URL.
Configures the email ID.
Specifies the session announcement e-mail.
Configures the phone number.
Session announcement phone number.
Configures the notes.
Session announcement notes.
Command Default
Disabled.
Usage Guidelines
Media-stream multicast-direct requires load-based Call Admission Control (CAC) to run.
Examples
This example shows how to enable the session announcement message state:
>
config media-stream message state enable
This example shows how to configure the session announcement e-mail address:
>
config media-stream message mail [email protected]
Related Commands config media-stream show 802.11a media-stream name show media-stream group summary
Cisco Wireless Controller Command Reference, Release 8.4
647
config media-stream message show media-stream group detail
648
Cisco Wireless Controller Command Reference, Release 8.4
config media-stream add config media-stream add
To configure the various global media-stream configurations, use the config media-stream add command.
config media-stream add multicast-direct media_stream_name start-IP end-IP [template {very coarse |
coarse | ordinary | low-resolution | med-resolution | high-resolution} | detail {bandwidth packet-size
{periodic| initial}} qos priority {drop | fallback}
Syntax Description multicast-direct
media_stream_name start-IP end-IP
template very coarse coarse ordinary low-resolution med-resolution high-resolution detail
bandwidth packet-size
periodic initial
qos priority
drop fallback
Specifies the media stream for the multicast-direct setting.
Media-stream name.
IP multicast destination start address.
IP multicast destination end address.
(Optional) Configures the media stream from templates.
Applies a very-coarse template.
Applies a coarse template.
Applies an ordinary template.
Applies a low-resolution template.
Applies a medium-resolution template.
Applies a high-resolution template.
Configures the media stream with specific parameters.
Maximum expected stream bandwidth.
Average packet size.
Specifies the periodic admission evaluation.
Specifies the Initial admission evaluation.
AIR QoS class (video only).
Media-stream priority.
Specifies that the stream is dropped on a periodic reevaluation.
Specifies if the stream is demoted to the best-effort class on a periodic reevaluation.
Cisco Wireless Controller Command Reference, Release 8.4
649
config media-stream add
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Media-stream multicast-direct requires load-based Call Admission Control (CAC) to run.
Examples
This example shows how to configure a new media stream:
>
config media-stream add multicast-direct abc 227.8.8.8 227.9.9.9 detail 2 150 periodic video 1 drop
Related Commands show 802.11a media-stream name show media-stream group summary show media-stream group detail
650
Cisco Wireless Controller Command Reference, Release 8.4
config media-stream admit config media-stream admit
To allow traffic for a media stream group, use the config media-stream admit command.
config media-stream admit media_stream_name
Syntax Description
media_stream_name
Media-stream group name.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
When you try to allow traffic for the media stream group, you will be prompted that IGMP snooping will be disabled and enabled again, and all clients might observe a glitch on the multicast traffic.
Examples
This example shows how to allow traffic for a media stream group:
(Cisco Controller) >
config media-stream admit MymediaStream
Related Commands show 802.11a media-stream name show media-stream group summary show media-stream group detail
Cisco Wireless Controller Command Reference, Release 8.4
651
config media-stream deny config media-stream deny
To block traffic for a media stream group, use the config media-stream deny command.
Syntax Description
media_stream_name
Media-stream group name.
config media-stream deny media_stream_name
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
When you try to block traffic for the media stream group, you will be prompted that IGMP snooping will be disabled and enabled again, and all clients might observe a glitch on the multicast traffic.
Examples
This example shows how to block traffic for a media stream group:
(Cisco Controller) >
config media-stream deny MymediaStream
Related Commands show 802.11a media-stream name show media-stream group summary show media-stream group detail
652
Cisco Wireless Controller Command Reference, Release 8.4
config media-stream delete config media-stream delete
To configure the various global media-stream configurations, use the config media-stream delete command.
config media-stream delete media_stream_name
Syntax Description
media_stream_name
Media-stream name.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Media-stream multicast-direct requires load-based Call Admission Control (CAC) to run.
Examples
This example shows how to delete the media stream named abc:
(Cisco Controller) >
config media-stream delete abc
Related Commands show 802.11a media-stream name show media-stream group summary show media-stream group detail
Cisco Wireless Controller Command Reference, Release 8.4
653
config memory monitor errors config memory monitor errors
To enable or disable monitoring for memory errors and leaks, use the config memory monitor errors command.
config memory monitor errors {enable | disable}
Caution
The config memory monitor commands can be disruptive to your system and should be run only when you are advised to do so by the Cisco TAC.
Syntax Description enable disable
Enables the monitoring for memory settings.
Disables the monitoring for memory settings.
Command Default
Monitoring for memory errors and leaks is disabled by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Be cautious about changing the defaults for the config memory monitor command unless you know what you are doing, you have detected a problem, or you are collecting troubleshooting information.
Examples
The following example shows how to enable monitoring for memory errors and leaks for a controller:
(Cisco Controller) >
config memory monitor errors enable
Related Commands config memory monitor leaks debug memory show memory monitor
654
Cisco Wireless Controller Command Reference, Release 8.4
config memory monitor leaks config memory monitor leaks
To configure the controller to perform an auto-leak analysis between two memory thresholds, use the config
memory monitor leaks command.
config memory monitor leaks low_thresh high_thresh
Caution
The config memory monitor commands can be disruptive to your system and should be run only when you are advised to do so by the Cisco TAC.
Syntax Description
low_thresh high_thresh
Value below which free memory cannot fall without crashing. This value cannot be set lower than 10000 KB.
Value below which the controller enters auto-leak-analysis mode. See the “Usage
Guidelines” section.
Command Default
The default value for low_thresh is 10000 KB; the default value for high_thresh is 30000 KB.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Note
Be cautious about changing the defaults for the config memory monitor command unless you know what you are doing, you have detected a problem, or you are collecting troubleshooting information.
Use this command if you suspect that a memory leak has occurred.
If the free memory is lower than the low_thresh threshold, the system crashes, generating a crash file. The default value for this parameter is 10000 KB, and you cannot set it below this value.
Set the high_thresh threshold to the current free memory level or higher so that the system enters auto-leak-analysis mode. After the free memory reaches a level lower than the specified high_thresh threshold, the process of tracking and freeing memory allocation begins. As a result, the debug memory events enable command shows all allocations and frees, and the show memory monitor detail command starts to detect any suspected memory leaks.
Cisco Wireless Controller Command Reference, Release 8.4
655
config memory monitor leaks
Examples
The following example shows how to set the threshold values for auto-leak-analysis mode to 12000 KB for the low threshold and 35000 KB for the high threshold:
(Cisco Controller) >
config memory monitor leaks 12000 35000
Related Commands config memory monitor leaks debug memory show memory monitor
656
Cisco Wireless Controller Command Reference, Release 8.4
config mesh alarm config mesh alarm
To configure alarm settings for outdoor mesh access points, use the config mesh alarm command.
config mesh alarm {max-hop | max-children | low-snr | high-snr | association | parent-change count}
value
Syntax Description max-hop max-children low-snr high-snr association parent-change count
value
Sets the maximum number of hops before triggering an alarm for traffic over the mesh network. The valid values are 1 to 16 (inclusive).
Sets the maximum number of mesh access points (MAPs) that can be assigned to a mesh router access point (RAP) before triggering an alarm.
The valid values are 1to 16 (inclusive).
Sets the low-end signal-to-noise ratio (SNR) value before triggering an alarm. The valid values are 1 to 30 (inclusive).
Sets the high-end SNR value before triggering an alarm. The valid values are 1 to 30 (inclusive).
Sets the mesh alarm association count value before triggering an alarm.
The valid values are 1 to 30 (inclusive).
Sets the number of times a MAP can change its RAP association before triggering an alarm. The valid values are 1 to 30 (inclusive).
Value above or below which an alarm is generated. The valid values vary for each command.
Command Default
See the “Syntax Description” section for command and argument value ranges.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the maximum hops threshold to 8:
(Cisco Controller) >
config mesh alarm max-hop 8
The following example shows how to set the upper SNR threshold to 25:
(Cisco Controller) >
config mesh alarm high-snr 25
Cisco Wireless Controller Command Reference, Release 8.4
657
config mesh astools config mesh astools
To globally enable or disable the anti-stranding feature for outdoor mesh access points, use the config mesh
astools command.
config mesh astools {enable | disable}
Syntax Description enable disable
Enables this feature for all outdoor mesh access points.
Disables this feature for all outdoor mesh access points.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable anti-stranding on all outdoor mesh access points:
(Cisco Controller) >
config mesh astools enable
658
Cisco Wireless Controller Command Reference, Release 8.4
config mesh backhaul rate-adapt config mesh backhaul rate-adapt
To globally configure the backhaul Tx rate adaptation (universal access) settings for indoor and outdoor mesh access points, use the config mesh backhaul rate-adapt command.
config mesh backhaul rate-adapt [all | bronze | silver | gold | platinum] {enable | disable}
Syntax Description all bronze silver gold platinum enable disable
(Optional) Grants universal access privileges on mesh access points.
(Optional) Grants background-level client access privileges on mesh access points.
(Optional) Grants best effort-level client access privileges on mesh access points.
(Optional) Grants video-level client access privileges on mesh access points.
(Optional) Grants voice-level client access privileges on mesh access points.
Enables this backhaul access level for mesh access points.
Disables this backhaul access level for mesh access points.
Command Default
Backhaul access level for mesh access points is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
To use this command, mesh backhaul with client access must be enabled by using the config mesh client-access command.
Note
After this feature is enabled, all mesh access points reboot.
Examples
The following example shows how to set the backhaul client access to the best-effort level:
(Cisco Controller) >
config mesh backhaul rate-adapt silver
Cisco Wireless Controller Command Reference, Release 8.4
659
config mesh backhaul slot config mesh backhaul slot
To configure the slot radio as a downlink backhaul, use the config mesh backhaul slot command.
config mesh backhaul slot slot_id {enable | disable} cisco_ap
Syntax Description
slot_id
enable disable
cisco_ap
Slot number between 0 and 2.
Enables the entered slot radio as a downlink backhaul.
Disables the entered slot radio as a downlink backhaul.
Name of the Root AP of the sector on which the backhaul needs to be enabled or disabled.
Command Default
The entered slot radio as a downlink backhaul is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
For 2.4 GHz, only slot 0 and 1 are valid. If slot 0 is enabled, slot 1 is automatically be disabled. If slot 0 is disabled, slot 1 is automatically enabled.
Examples
The following example shows how to enable slot 1 as the preferred backhaul for the root AP myrootap1:
(Cisco Controller) >
config mesh backhaul slot 1 enable myrootap1
660
Cisco Wireless Controller Command Reference, Release 8.4
config mesh battery-state config mesh battery-state
To configure the battery state for Cisco Aironet 1520 Series mesh access points, use the config mesh
battery-state command.
config mesh battery-state {enable | disable} {all | cisco_ap}
Syntax Description enable disable all
cisco_ap
Enables the battery-state for 1520 series mesh access points.
Disables the battery-state for 1520 series mesh access points.
Applies this command to all mesh access points.
Specific mesh access point.
Command Default
Battery state is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the backhaul client access to the best-effort level:
(Cisco Controller) >
config mesh battery-state enable all
Cisco Wireless Controller Command Reference, Release 8.4
661
config mesh client-access config mesh client-access
To enable or disable client access to the mesh backhaul on indoor and outdoor mesh access points, use the
config mesh client-access command.
config mesh client-access {enable [extended] | disable}
Syntax Description enable extended disable
Allows wireless client association over the mesh access point backhaul 802.11a radio.
(Optional) Enables client access over both the backhaul radios for backhaul access points.
Restricts the 802.11a radio to backhaul traffic, and allows client association only over the 802.11b/g radio.
Command Default
Client access is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Backhaul interfaces (802.11a radios) act as primary Ethernet interfaces. Backhauls function as trunks in the network and carry all VLAN traffic between the wireless and wired network. No configuration of primary
Ethernet interfaces is required.
When this feature is enabled, the mesh access points allow wireless client association over the 802.11a radio, which implies that a 152x mesh access point can carry both backhaul traffic and 802.11a client traffic over the same 802.11a radio.
When this feature is disabled, the mesh access points carry backhaul traffic over the 802.11a radio and allows client association only over the 802.11b/g radio.
Examples
The following example shows how to enable client access extended to allow a wireless client association over the 802.11a radio:
(Cisco Controller) >
config mesh client-access enable extended
Enabling client access on both backhaul slots
Same BSSIDs will be used on both slots
All Mesh AP will be rebooted
Are you sure you want to start? (y/N)Y
The following example shows how to restrict a wireless client association to the 802.11b/g radio:
(Cisco Controller) >
config mesh client-access disable
All Mesh AP will be rebooted
662
Cisco Wireless Controller Command Reference, Release 8.4
Are you sure you want to start? (Y/N) Y
Backhaul with client access is canceled.
config mesh client-access
Cisco Wireless Controller Command Reference, Release 8.4
663
config mesh ethernet-bridging allow-bpdu config mesh ethernet-bridging allow-bpdu
To configure STP BPDUs towards wired mesh uplink, use the config mesh ethernet-bridging allow-bpdu command.
config mesh ethernet-bridging allow-bpdu {enable | disable}
Syntax Description enable disable
Enables STP BPDUs towards wired mesh uplink.
Disables STP BPDUs towards wired mesh uplink.
Command Default
Disabled
Command History
Release
8.0.110.0
Modification
This command was introduced.
Usage Guidelines
Cisco WLC does not allow you to use this command if VLAN transparency is enabled.
664
Cisco Wireless Controller Command Reference, Release 8.4
config mesh ethernet-bridging vlan-transparent config mesh ethernet-bridging vlan-transparent
To configure how a mesh access point handles VLAN tags for Ethernet bridged traffic, use the config mesh
ethernet-bridging vlan-transparent command.
config mesh ethernet-bridging vlan-transparent {enable | disable}
Syntax Description enable disable
Bridges packets as if they are untagged.
Drops all tagged packets.
Command Default
Bridges packets as if they are untagged.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure Ethernet packets as untagged:
(Cisco Controller) >
config mesh ethernet-bridging vlan-transparent enable
The following example shows how to drop tagged Ethernet packets:
(Cisco Controller) >
config mesh ethernet-bridging vlan-transparent disable
Cisco Wireless Controller Command Reference, Release 8.4
665
config mesh full-sector-dfs config mesh full-sector-dfs
To globally enable or disable full-sector Dynamic Frequency Selection (DFS) on mesh access points, use the
config mesh full-sector-dfs command.
config mesh full-sector-dfs {enable | disable}
Syntax Description enable disable
Enables DFS for mesh access points.
Disables DFS for mesh access points.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This command instructs the mesh sector to make a coordinated channel change on the detection of a radar signal. For example, if a mesh access point (MAP) detects a radar signal, the MAP will notify the root access point (RAP), and the RAP will initiate a sector change.
All MAPs and the RAP that belong to that sector go to a new channel, which lowers the probability of MAPs stranding when radar is detected on the current backhaul channel, and no other valid parent is available as backup.
Each sector change causes the network to be silent for 60 seconds (as dictated by the DFS standard).
It is expected that after a half hour, the RAP will go back to the previously configured channel, which means that if radar is frequently observed on a RAP's channel, it is important that you configure a different channel for that RAP to exclude the radar affected channel at the controller.
Examples
This example shows to enable full-sector DFS on mesh access points:
(Cisco Controller) >
config mesh full-sector-dfs enable
666
Cisco Wireless Controller Command Reference, Release 8.4
config mesh linkdata config mesh linkdata
To enable external MAC filtering of access points, use the config mesh linkdata command.
config mesh linkdata destination_ap_name
Syntax Description
destination_ap_name
Destination access point name for MAC address filtering.
Command Default
External MAC filtering is disabled.
Usage Guidelines
Note
The config mesh linktest and config mesh linkdata commands are designed to be used together to verify information between a source and a destination access point. To get this information, first execute the
config mesh linktest command with the access point that you want link data from in the dest_ap argument.
When the command completes, enter the config mesh linkdata command and list the same destination access point, to display the link data will display (see example).
MAC filtering uses the local MAC filter on the controller by default.
When external MAC filter authorization is enabled, if the MAC address is not found in the local MAC filter, then the MAC address in the external RADIUS server is used.
MAC filtering protects your network against rogue mesh access points by preventing access points that are not defined on the external server from joining.
Before employing external authentication within the mesh network, the following configuration is required:
• The RADUIS server to be used as an AAA server must be configured on the controller.
• The controller must also be configured on the RADIUS server.
• The mesh access point configured for external authorization and authentication must be added to the user list of the RADIUS server.
Examples
The following example shows how to enable external MAC address filtering on access point AP001d.710d.e300:
(Cisco Controller) >
config mesh linkdata MAP2-1-1522.7400 AP001d.710d.e300 18 100 1000 30
LinkTest started on source AP, test ID: 0
[00:1D:71:0E:74:00]->[00:1D:71:0D:E3:0F]
Test config: 1000 byte packets at 100 pps for 30 seconds, a-link rate 18 Mb/s
In progress: | || || || || || || || || || || || || |
LinkTest complete
Results
======= txPkts: txBuffAllocErr: txQFullErrs:
2977
0
0
Total rx pkts heard at destination: rx pkts decoded correctly: err pkts: Total rx lost packets:
2977
2977
0 (PHY 0 + CRC 0 + Unknown 0), TooBig 0, TooSmall 0
0 (incr for each pkt seq missed or out of order)
Cisco Wireless Controller Command Reference, Release 8.4
667
config mesh linkdata
rx dup pkts: rx out of order:
0
0 avgSNR:
SNR profile
30, high: 33, low:
[0dB...60dB]
0 6
3
0
2888
0
(>60dB)
0
3
0
0 avgNf: -95, high: -67, low: -97
Noise Floor profile [-100dB...-40dB]
0 2948 19
0
1
0
0
0
2
0
0
0
77
0
0
0
3
0
(>-40dB)
0
3
0
0 avgRssi: 64, high: 68, low: 63
RSSI profile [-100dB...-40dB]
0
0
0
3
0
0
0
1
0
0
0
0
0
0
0
(>-40dB)
0
0
0
0
2977
0
0
0
0
0
0
0
0
0
0
0
0
Summary PktFailedRate (Total pkts sent/recvd): 0.000%
Physical layer Error rate (Total pkts with errors/Total pkts heard): 0.000%
This example shows how to enable external MAC filtering on access point AP001d.71d.e300:
(Cisco Controller) >
config mesh linkdata AP001d.710d.e300
[SD:0,0,0(0,0,0), 0,0, 0,0]
[SD:1,105,0(0,0,0),30,704,95,707]
[SD:2,103,0(0,0,0),30,46,95,25]
[SD:3,105,0(0,0,0),30,73,95,29]
[SD:4,82,0(0,0,0),30,39,95,24]
[SD:5,82,0(0,0,0),30,60,95,26]
[SD:6,105,0(0,0,0),30,47,95,23]
[SD:7,103,0(0,0,0),30,51,95,24]
[SD:8,105,0(0,0,0),30,55,95,24]
[SD:9,103,0(0,0,0),30,740,95,749]
[SD:10,105,0(0,0,0),30,39,95,20]
[SD:11,104,0(0,0,0),30,58,95,23]
[SD:12,105,0(0,0,0),30,53,95,24]
[SD:13,103,0(0,0,0),30,64,95,43]
[SD:14,105,0(0,0,0),30,54,95,27]
[SD:15,103,0(0,0,0),31,51,95,24]
[SD:16,105,0(0,0,0),30,59,95,23]
[SD:17,104,0(0,0,0),30,53,95,25]
[SD:18,105,0(0,0,0),30,773,95,777]
[SD:19,103,0(0,0,0),30,745,95,736]
[SD:20,105,0(0,0,0),30,64,95,54]
[SD:21,103,0(0,0,0),30,747,95,751]
[SD:22,105,0(0,0,0),30,55,95,25]
[SD:23,104,0(0,0,0),30,52,95,35]
[SD:24,105,0(0,0,0),30,134,95,23]
[SD:25,103,0(0,0,0),30,110,95,76]
[SD:26,105,0(0,0,0),30,791,95,788]
[SD:27,103,0(0,0,0),30,53,95,23]
[SD:28,105,0(0,0,0),30,128,95,25]
[SD:29,104,0(0,0,0),30,49,95,24]
[SD:30,0,0(0,0,0), 0,0, 0,0]
668
Cisco Wireless Controller Command Reference, Release 8.4
config mesh linktest config mesh linktest
To verify client access between mesh access points, use the config mesh linktest command.
config mesh linktest source_ap {dest_ap | MAC addr} datarate packet_rate packet_size duration
Syntax Description
source_ap dest_ap
MAC addr datarate packet_rate packet_size duration
Source access point.
Destination access point.
MAC address.
• Data rate for 802.11a radios. Valid values are 6, 9, 11, 12, 18, 24, 36, 48 and 54 Mbps.
• Data rate for 802.11b radios. Valid values are 6, 12, 18, 24, 36, 54, or 100 Mbps.
• Data rate for 802.11n radios. Valid values are MCS rates between m0 to m15.
Number of packets per second. Valid range is 1 through 3000, but the recommended default is 100.
(Optional) Packet size in bytes. If not specified, packet size defaults to 1500 bytes.
(Optional) Duration of the test in seconds. Valid values are 10-300 seconds, inclusive. If not specified, duration defaults to 30 seconds.
Command Default
100 packets per second, 1500 bytes, 30-second duration.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The config mesh linktest and config mesh linkdata commands are designed to be used together to verify information between a source and a destination access point. To get this information, first enter the config
mesh linktest command with the access point that you want link data from in the dest_ap argument. When the command completes, enter the config mesh linkdata command and list the same destination access point, to display the link data.
Cisco Wireless Controller Command Reference, Release 8.4
669
config mesh linktest
Examples
The following warning message appears when you run a linktest that might oversubscribe the link:
Warning! Data Rate (100 Mbps) is not enough to perform this link test on packet size (2000bytes) and (1000) packets per second. This may cause AP to disconnect or reboot. Are you sure you want to continue?
The following example shows how to verify client access between mesh access points SB_MAP1 and SB_RAP2 at 36 Mbps, 20 fps, 100 frame size, and 15-second duration:
(Cisco Controller) >
config mesh linktest SB_MAP1 SB_RAP1 36 20 100 15
LinkTest started on source AP, test ID: 0
[00:1D:71:0E:85:00]->[00:1D:71:0E:D0:0F]
Test config: 100 byte packets at 20 pps for 15 seconds, a-link rate 36 Mb/s
In progress: | || || || || || |
LinkTest complete
Results
======= txPkts: txBuffAllocErr:
290
0 txQFullErrs: 0
Total rx pkts heard at destination: rx pkts decoded correctly:
290 err pkts: Total rx lost packets: rx dup pkts: rx out of order:
0 (PHY 0 + CRC 0 + Unknown 0), TooBig 0, TooSmall 0
0 (incr for each pkt seq missed or out of order)
0
0 avgSNR:
SNR profile
37, high: 40, low:
[0dB...60dB]
0 1
5
3
8
0
(>60dB)
0
27
0
0
0
1
243
0
0
0
4
0
1
2
0
0 avgNf: -89, high: -58, low: -90
Noise Floor profile [-100dB...-40dB]
0 0 0
11
3
0
(>-40dB)
2
0
0
0 avgRssi: 51, high: 53, low: 50
RSSI profile [-100dB...-40dB]
0
1
0
145
1
0
0
126
0
1
0
0
0
0
0
(>-40dB)
0
0
0
7
0
0
0
0
283
0
0
0
0
0
0
0
0
Summary PktFailedRate (Total pkts sent/recvd): 0.000%
Physical layer Error rate (Total pkts with errors/Total pkts heard): 0.000%
The following table lists the output flags displayed for the config mesh linktest command.
Table 6: Output Flags for the Config Mesh Linktest Command
Output Flag
txPkts txBuffAllocErr txQFullErrs
Description
Number of packets sent by the source.
Number of linktest buffer allocation errors at the source (expected to be zero).
Number of linktest queue full errors at the source (expected to be zero).
670
Cisco Wireless Controller Command Reference, Release 8.4
config mesh linktest
Output Flag Description
Total rx pkts heard at destination
Number of linktest packets received at the destination (expected to be same as or close to the txPkts).
rx pkts decoded correctly
Number of linktest packets received and decoded correctly at the destination (expected to be same as close to txPkts).
err pkts: Total rx lost packets rx dup pkts
Packet error statistics for linktest packets with errors.
Total number of linktest packets not received at the destination.
Total number of duplicate linktest packets received at the destination.
rx out of order avgNF
Noise Floor profile avgSNR
SNR profile
[odb...60dB] avgRSSI
RSSI profile
[-100dB...-40dB]
Total number of linktest packets received out of order at the destination.
Average noise floor.
Noise floor profile in dB and are negative numbers.
Average SNR values.
Histogram samples received between 0 to 60 dB. The different colums in the SNR profile is the number of packets falling under the bucket 0-3, 3-6, 6-9, up to 57-60.
Average RSSI values. The average high and low RSSI values are positive numbers.
The RSSI profile in dB and are negative numbers.
Cisco Wireless Controller Command Reference, Release 8.4
671
config mesh lsc config mesh lsc
To configure a locally significant certificate (LSC) on mesh access points, use the config mesh lsc command.
config mesh lsc {enable | disable}
Syntax Description enable disable
Enables an LSC on mesh access points.
Disables an LSC on mesh access points.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable LSC on mesh access points:
(Cisco Controller) >
config mesh lsc enable
672
Cisco Wireless Controller Command Reference, Release 8.4
config mesh lsc advanced config mesh lsc advanced
To configure an advanced locally significant certificate (LSC) when a wildcard is used in an external authentication, authorization, and accounting (AAA) server for a mesh Access Point (AP), use the config
mesh lsc advanced command.
config mesh lsc advanced {enable | disable}
Syntax Description enable disable
Enables advanced LSC for a mesh AP.
Disables advanced LSC for a mesh AP.
Command Default
None
Command History
Examples
Release
8.0
Modification
This command was introduced.
The following example shows how to enable advanced LSC for a mesh AP:
(Cisco Controller) >
config mesh lsc advanced enable
Cisco Wireless Controller Command Reference, Release 8.4
673
config mesh lsc advanced ap-provision config mesh lsc advanced ap-provision
To configure advanced mesh locally significant certificate (LSC) Access Point (AP) provision if a wildcard is used in an external authentication, authorization, and accounting (AAA) server for a mesh AP, use the
config mesh lsc advanced ap-provision command.
config mesh lsc advanced ap-provision {enable | disable | open-window {enable | disable} |
provision-controller {enable | disable}}
Syntax Description enable disable open-window enable disable provision-controller enable disable
Enables advanced mesh LSC AP provision if a wildcard is used in an external
AAA server for a mesh AP.
Disables advanced mesh LSC AP provision if a wildcard is used in an external
AAA server for a mesh AP .
Configures mesh LSC provision for all mesh APs without MAC validation.
Enables AP provision for all mesh APs without MAC validation.
Disables AP provision for all mesh APs without MAC validation.
Configures the provision controller details for mesh APs to get an LSC.
Enables the provision controller option to get an LSC.
Disables the provision controller option to get an LSC.
Command Default
None
Command History
Examples
Release
8.0
Modification
This command was introduced.
The following example shows how to enable the advanced AP provision method:
(Cisco Controller) >
config mesh lsc advanced ap-provision enable
674
Cisco Wireless Controller Command Reference, Release 8.4
config mesh multicast config mesh multicast
To configure multicast mode settings to manage multicast transmissions within the mesh network, use the
config mesh multicast command.
config mesh multicast {regular | in | in-out}
Syntax Description regular in in-out
Multicasts the video across the entire mesh network and all its segments by bridging-enabled root access points (RAPs) and mesh access points (MAPs).
Forwards the multicast video received from the Ethernet by a MAP to the RAP’s
Ethernet network. No additional forwarding occurs, which ensures that non-LWAPP multicasts received by the RAP are not sent back to the MAP
Ethernet networks within the mesh network (their point of origin), and
MAP-to-MAP multicasts do not occur because they are filtered out
Configures the RAP and MAP to multicast, but each in a different manner:
If multicast packets are received at a MAP over Ethernet, they are sent to the
RAP; however, they are not sent to other MAP Ethernets, and the MAP-to-MAP packets are filtered out of the multicast.
If multicast packets are received at a RAP over Ethernet, they are sent to all the
MAPs and their respective Ethernet networks. See the Usage Guidelines section for more information.
Command Default
In-out mode
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Multicast for mesh networks cannot be enabled using the controller GUI.
Mesh multicast modes determine how bridging-enabled access points mesh access points (MAPs) and root access points (RAPs) send multicasts among Ethernet LANs within a mesh network. Mesh multicast modes manage non-LWAPP multicast traffic only. LWAPP multicast traffic is governed by a different mechanism.
You can use the controller CLI to configure three mesh multicast modes to manage video camera broadcasts on all mesh access points. When enabled, these modes reduce unnecessary multicast transmissions within the mesh network and conserve backhaul bandwidth.
When using in-out mode, it is important to properly partition your network to ensure that a multicast sent by one RAP is not received by another RAP on the same Ethernet segment and then sent back into the network.
Cisco Wireless Controller Command Reference, Release 8.4
675
config mesh multicast
Examples
Note
If 802.11b clients need to receive CAPWAP multicasts, then multicast must be enabled globally on the controller as well as on the mesh network (by using the config network multicast global command). If multicast does not need to extend to 802.11b clients beyond the mesh network, you should disable the global multicast parameter.
The following example shows how to multicast video across the entire mesh network and all its segments by bridging-enabled RAPs and MAPs:
(Cisco Controller) >
config mesh multicast regular
676
Cisco Wireless Controller Command Reference, Release 8.4
config mesh parent preferred config mesh parent preferred
To configure a preferred parent for a mesh access point, use the config mesh parent preferred command.
config mesh parent preferred cisco_ap {mac_address | none}
Syntax Description
cisco_ap mac_address
none
Name of the child access point.
MAC address of the preferred parent.
Clears the configured parent.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
A child AP selects the preferred parent based on the following conditions:
• The preferred parent is the best parent.
• The preferred parent has a link SNR of at least 20 dB (other parents, however good, are ignored).
• The preferred parent has a link SNR in the range of 12 dB and 20 dB, but no other parent is significantly better (that is, the SNR is more than 20 percent better). For an SNR lower than 12 dB, the configuration is ignored.
• The preferred parent is not blacklisted.
• The preferred parent is not in silent mode because of dynamic frequency selection (DFS).
• The preferred parent is in the same bridge group name (BGN). If the configured preferred parent is not in the same BGN and no other parent is available, the child joins the parent AP using the default BGN.
Examples
The following example shows how to configure a preferred parent with the MAC address 00:21:1b:ea:36:60 for a mesh access point myap1:
(Cisco Controller) >
config mesh parent preferred myap1 00:21:1b:ea:36:60
The following example shows how to clear a preferred parent with the MAC address 00:21:1b:ea:36:60 for a mesh access point myap1, by using the keyword none:
(Cisco Controller) >
config mesh parent preferred myap1 00:21:1b:ea:36:60 none
Cisco Wireless Controller Command Reference, Release 8.4
677
config mesh public-safety config mesh public-safety
To enable or disable the 4.9-GHz public safety band for mesh access points, use the config mesh public-safety command.
config mesh public-safety {enable | disable} {all | cisco_ap}
Syntax Description enable disable all
cisco_ap
Enables the 4.9-GHz public safety band.
Disables the 4.9-GHz public safety band.
Applies the command to all mesh access points.
Specific mesh access point.
Command Default
The 4.9-GHz public safety band is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
4.9 GHz is a licensed frequency band restricted to public-safety personnel.
Examples
The following example shows how to enable the 4.9-GHz public safety band for all mesh access points:
(Cisco Controller) >
config mesh public-safety enable all
4.9GHz is a licensed frequency band in -A domain for public-safety usage
Are you sure you want to continue? (y/N) y
678
Cisco Wireless Controller Command Reference, Release 8.4
config mesh radius-server config mesh radius-server
To enable or disable external authentication for mesh access points, use the config mesh radius-server command.
config mesh radius-server index {enable | disable}
Syntax Description
index
enable disable
RADIUS authentication method. Options are as follows:
• Enter eap to designate Extensible Authentication Protocol (EAP) for the mesh RADIUS server setting.
• Enter psk to designate Preshared Keys (PSKs) for the mesh RADIUS server setting.
Enables the external authentication for mesh access points.
Disables the external authentication for mesh access points.
Command Default
EAP is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable external authentication for mesh access points:
(Cisco Controller) >
config mesh radius-server eap enable
Cisco Wireless Controller Command Reference, Release 8.4
679
config mesh range config mesh range
To globally set the maximum range between outdoor root access points (RAPs) and mesh access points
(MAPs), use the config mesh range command.
config mesh range [distance]
Syntax Description
distance
(Optional) Maximum operating range (150 to 132000 ft) of the mesh access point.
Command Default
12,000 feet.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
After this command is enabled, all outdoor mesh access points reboot. This command does not affect indoor access points.
Examples
The following example shows how to set the range between an outdoor mesh RAP and a MAP:
(Cisco Controller) >
config mesh range 300
Command not applicable for indoor mesh. All outdoor Mesh APs will be rebooted
Are you sure you want to start? (y/N) y
680
Cisco Wireless Controller Command Reference, Release 8.4
config mesh secondary-backhaul config mesh secondary-backhaul
To configure a secondary backhaul on the mesh network, use the config mesh secondary-backhaul command.
config mesh secondary-backhaul {enable [force-same-secondary-channel] | disable [rll-retransmit |
rll-transmit]}
Syntax Description enable
Enables the secondary backhaul configuration.
force-same-secondarychannel
(Optional) Enables secondary-backhaul mesh capability. Forces all access points rooted at the first hop node to have the same secondary channel and ignores the automatic or manual channel assignments for the mesh access points (MAPs) at the second hop and beyond.
disable rll-transmit
Specifies the secondary backhaul configuration is disabled.
(Optional) Uses reliable link layer (RLL) at the second hop and beyond.
rll-retransmit
(Optional) Extends the number of RLL retry attempts in an effort to improve reliability.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This command uses a secondary backhaul radio as a temporary path for traffic that cannot be sent on the primary backhaul due to intermittent interference.
Examples
The following example shows ho to enable a secondary backhaul radio and force all access points rooted at the first hop node to have the same secondary channel:
(Cisco Controller) >
config mesh secondary-backhaul enable force-same-secondary-channel
Cisco Wireless Controller Command Reference, Release 8.4
681
config mesh security config mesh security
To configure the security settings for mesh networks, use the config mesh security command.
config mesh security {{rad-mac-filter | force-ext-auth } {enable | disable}} | {{eap | psk provisioning |
provisioning window} | {enable | disable}} | {delete_psk | key}
Syntax Description rad-mac-filter force-ext-auth lsc-only-auth enable disable eap psk provisioning provisioning window enable disable key
Enables a Remote Authentication Dial-In User
Service (RADIUS) MAC address filter for the mesh security setting.
Disables forced external authentication for the mesh security setting.
Enables Locally Significant Certificate only authentication for the mesh security setting.
Enables the mesh security setting.
Disables the mesh security setting.
Designates the Extensible Authentication
Protocol (EAP) for the mesh security setting by default.
Designates a preshared key(PSK) for the mesh security setting.
Encrypts provisioning for the PSK in Cisco
Wireless Controller (WLC).
Encrypts provisioning window for the PSK in
Cisco WLC.
Enables provisioning of the PSK.
Disables provisioning of the PSK.
Specifies the key for the PSK.
Command Default
The EAP is designated as default for the mesh security.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
682
Cisco Wireless Controller Command Reference, Release 8.4
config mesh security
Examples
Release
8.2
Modification
This command was modified, the psk provisioning and psk provisioning keywords are added.
The following example shows how to configure EAP as the security option for all mesh access points:
(Cisco Controller)
config mesh security eap
The following example shows how to configure PSK as the security option for all mesh access points:
(Cisco Controller)
config mesh security psk
The following example shows how to enable PSK provisioning as the security option for all mesh access points:
(Cisco Controller)>
config mesh security psk provisioning enable
The following example shows how to configure a PSK provisioning key as the security option for all mesh access points:
(Cisco Controller)>
config mesh security psk provisioning key 5
The following example shows how to enable a PSK provisioning window as the security option for all mesh access points:
(Cisco Controller)>
config mesh security psk provisioning window enable
The following example shows how to delete the PSK provisioning for Cisco WLC :
(Cisco Controller)>
config mesh security psk provisioning delete_psk wlc
The following example shows how to delete the PSK provisioning for all mesh access points:
(Cisco Controller)>
config mesh security psk provisioning delete_psk ap
The following example shows how to delete PSK provisioning for all configurations in Cisco WLC :
(Cisco Controller)>
config mesh security psk provisioning delete_psk wlc all
Cisco Wireless Controller Command Reference, Release 8.4
683
config mesh slot-bias config mesh slot-bias
To enable or disable slot bias for serial backhaul mesh access points, use the config mesh slot-bias command.
config mesh slot-bias {enable | disable}
Syntax Description enable disable
Enables slot bias for serial backhaul mesh APs.
Disables slot bias for serial backhaul mesh APs.
Command Default
By default, slot bias is in enabled state.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Follow these guidelines when using this command:
• The config mesh slot-bias command is a global command and therefore applicable to all 1524SB APs associated with the same controller.
• Slot bias is applicable only when both slot 1 and slot 2 are available. If a slot radio does not have a channel that is available because of dynamic frequency selection (DFS), the other slot takes up both the uplink and downlink roles.
• If slot 2 is not available because of hardware issues, slot bias functions normally. Corrective action should be taken by disabling the slot bias or fixing the antenna.
Examples
The following example shows how to disable slot bias for serial backhaul mesh APs:
(Cisco Controller) >
config mesh slot-bias disable
684
Cisco Wireless Controller Command Reference, Release 8.4
config mgmtuser add config mgmtuser add
To add a local management user to the controller, use the config mgmtuser add command.
config mgmtuser add username password {lobby-admin | read-write | read-only} [description]
Syntax Description
username password
lobby-admin read-write read-only
description
Account username. The username can be up to 24 alphanumeric characters.
Account password. The password can be up to 24 alphanumeric characters.
Creates a management user with lobby ambassador privileges.
Creates a management user with read-write access.
Creates a management user with read-only access.
(Optional) Description of the account. The description can be up to 32 alphanumeric characters within double quotes.
Command Default
None
Command History
Release
7.6
8.4
Modification
This command was introduced in a release earlier than Release 7.6.
This command creates lobby-admin user .
Examples
The following example shows how to create a management user account with read-write access.
(Cisco Controller) >
config mgmtuser add admin admin read-write
“Main account“
Related Commands show mgmtuser
Cisco Wireless Controller Command Reference, Release 8.4
685
config mgmtuser delete config mgmtuser delete
To delete a management user from the controller, use the config mgmtuser delete command.
config mgmtuser delete username
Syntax Description
username
Account username. The username can be up to 24 alphanumeric characters.
Command Default
The management user is not deleted by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to delete a management user account admin from the controller.
(Cisco Controller) >
config mgmtuser delete admin
Deleted user admin
Related Commands show mgmtuser
686
Cisco Wireless Controller Command Reference, Release 8.4
config mgmtuser description config mgmtuser description
To add a description to an existing management user login to the controller, use the config mgmtuser
description command.
config mgmtuser description username description
Syntax Description
username description
Account username. The username can be up to 24 alphanumeric characters.
Description of the account. The description can be up to 32 alphanumeric characters within double quotes.
Command Default
No description is added to the management user.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to add a description “master-user” to the management user “admin”:
(Cisco Controller) >
config mgmtuser description admin "master user"
Related Commands config mgmtuser add config mgmtuser delete config mgmtuser password show mgmtuser
Cisco Wireless Controller Command Reference, Release 8.4
687
config mgmtuser password config mgmtuser password
To configure a management user password, use the config mgmtuser password command.
config mgmtuser password username password
Syntax Description
username password
Account username. The username can be up to 24 alphanumeric characters.
Account password. The password can be up to 24 alphanumeric characters.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to change the password of the management user “admin” with the new password 5rTfm:
(Cisco Controller) >
config mgmtuser password admin 5rTfm
Related Commands show mgmtuser
688
Cisco Wireless Controller Command Reference, Release 8.4
config mgmtuser telnet config mgmtuser telnet
To enable local management users to use Telnet to connect to the Cisco Wireless LAN Controller, use the
config mgmtuser telnet command.
config mgmtuser telnet user_name {enable | disable}
Syntax Description
user_name
enable disable
Username of a local management user.
Enables a local management user to use Telnet to connect to the Cisco WLC.
You can enter up to 24 alphanumeric characters.
Disables a local management user from using Telnet to connect to the Cisco
WLC.
Command Default
Local management users can use Telnet to connect to the Cisco WLC.
Command History
Release
7.5
Modification
This command was introduced.
Usage Guidelines
You must enable global Telnet to enable this command. Secure Shell (SSH) connection is not affected when you enable this option.
Examples
The following example shows how to enable a local management user to use Telnet to connect to the Cisco
WLC:
(Cisco Controller) >
config mgmtuser telnet admin1 enable
Cisco Wireless Controller Command Reference, Release 8.4
689
config mgmtuser termination-interval config mgmtuser termination-interval
To configure the user re-authentication terminal interval in seconds, use the config mgmtuser
termination-interval command.
config mgmtuser termination-interval {seconds }
Syntax Description
seconds
Re-authentication terminal interval in seconds for a user before being logged out.
Default value is 0, the valid range is 0 to 300 seconds.
Command History
Examples
Release
8.2
Modification
This command was introduced in this release.
The following example shows how to set the interval in seconds before the user is logged out:
(Cisco Controller) >
config mgmtuser termination-interval 180
690
Cisco Wireless Controller Command Reference, Release 8.4
config mobility dscp config mobility dscp
To configure the mobility intercontroller DSCP value, use the config mobility dscp command.
config mobility dscp dscp_value
Syntax Description
dscp_value
DSCP value ranging from 0 to 63.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure the mobility intercontroller DSCP value to 40:
(Cisco Controller) >
config mobility dscp 40
Cisco Wireless Controller Command Reference, Release 8.4
691
config mobility group anchor config mobility group anchor
To create a new mobility anchor for the WLAN or wired guest LAN, enter, use the config mobility group
anchor command.
config mobility group anchor {add | delete} {wlan wlan_id | guest-lan guest_lan_id} anchor_ip
Syntax Description add delete wlan
wlan_id
guest-lan
guest_lan_id anchor_ip
Adds or changes a mobility anchor to a wireless LAN.
Deletes a mobility anchor from a wireless LAN.
Specifies the wireless LAN anchor settings.
Wireless LAN identifier between 1 and 512 (inclusive).
Specifies the guest LAN anchor settings.
Guest LAN identifier between 1 and 5 (inclusive).
IP address of the anchor controller.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The wlan_id or guest_lan_id must exist and be disabled.
Auto-anchor mobility is enabled for the WLAN or wired guest LAN when you configure the first mobility anchor. Deleting the last anchor disables the auto-anchor mobility feature and resumes normal mobility for new associations.
Examples
The following example shows how to add a mobility anchor with the IP address 192.12.1.5 to a wireless LAN
ID 2:
(Cisco Controller) >
config mobility group anchor add wlan 2 192.12.1.5
The following example shows how to delete a mobility anchor with the IP address 193.13.1.15 from a wireless
LAN:
(Cisco Controller) >
config mobility group anchor delete wlan 5 193.13.1.5
692
Cisco Wireless Controller Command Reference, Release 8.4
config mobility group domain config mobility group domain
To configure the mobility domain name, use the config mobility group domain command.
config mobility group domain domain_name
Syntax Description
domain_name
Domain name. The domain name can be up to 31 case-sensitive characters.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure a mobility domain name lab1:
(Cisco Controller) >
config mobility group domain lab1
Cisco Wireless Controller Command Reference, Release 8.4
693
config mobility group keepalive count config mobility group keepalive count
To configure the Cisco WLC to detect failed mobility group members (including anchor Cisco WLCs), use the config mobility group keepalive count command.
config mobility group keepalive count count
Syntax Description
count
Number of times that a ping request is sent to a mobility group member before the member is considered unreachable. The range is from 3 to 20. The default is 3.
Command Default
The default number of times that a ping request is sent to a mobility group member is 3.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to specify the number of times a ping request is sent to a mobility group member before the member is considered unreachable to three counts:
(Cisco Controller) >
config mobility group keepalive count 3
694
Cisco Wireless Controller Command Reference, Release 8.4
config mobility group keepalive interval config mobility group keepalive interval
To configure the controller to detect failed mobility group members (including anchor controllers), use the
config mobility group keepalive command.
config mobility group keepalive interval
Syntax Description
interval
Interval of time between each ping request sent to a mobility group member. The range is from 1 to 30 seconds. The default value is 10 seconds.
Command Default
The default interval of time between each ping request is 10 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to specify the amount of time between each ping request sent to a mobility group member to 10 seconds:
(Cisco Controller) >
config mobility group keepalive 10
Cisco Wireless Controller Command Reference, Release 8.4
695
config mobility group member config mobility group member
To add or delete users from the mobility group member list, use the config mobility group member command.
config mobility group member {add MAC-addr IP-addr [group_name] | delete MAC-addr | hash IP-addr
{key | none}}
Syntax Description add
MAC-addr
IP-addr group_name
delete hash
key
none
Adds or changes a mobility group member to the list.
Member switch MAC address.
Member switch IP address.
(Optional) Member switch group name (if different from the default group name).
(Optional) Deletes a mobility group member from the list.
Configures the hash key for authorization. You can configure the hash key only if the member is a virtual controller in the same domain.
Hash key of the virtual controller. For example, a819d479dcfeb3e0974421b6e8335582263d9169
Clears the previous hash key of the virtual controller.
Command Default
None
Command History
Examples
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
The following example shows how to add a mobility group member with an IPv4 address to the list:
(Cisco Controller) >
config mobility group member add 11:11:11:11:11:11 209.165.200.225
696
Cisco Wireless Controller Command Reference, Release 8.4
config mobility group member
The following example shows how to add a mobility group member with an IPv6 address to the list:
(Cisco Controller) >
config mobility group member add 11:11:11:11:11:11 2001:DB8::1
The following example shows how to configure the hash key of a virtual controller in the same domain:
Note
The IP address in this example can be in either IPv4 or IPv6 format.
(Cisco Controller) >
config mobility group member hash 209.165.201.1
a819d479dcfeb3e0974421b6e8335582263d9169
Cisco Wireless Controller Command Reference, Release 8.4
697
config mobility group multicast-address config mobility group multicast-address
To configure the multicast group IP address for nonlocal groups within the mobility list, use the config mobility
group multicast-address command.
config mobility group multicast-address group_name ip_address
Syntax Description
group_name ip_address
Member switch group name (if different from the default group name).
Member switch IP address.
Command Default
None
Command History
Examples
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
The following example shows how to configure the multicast group IP address 10.10.10.1 for a group named test:
(Cisco Controller) >
config mobility group multicast-address test 10.10.10.1
The following example shows how to configure the multicast group IP address 2001:DB8::1 for a group named test:
(Cisco Controller) >
config mobility group multicast-address test 2001:DB8::1
698
Cisco Wireless Controller Command Reference, Release 8.4
config mobility multicast-mode config mobility multicast-mode
To enable or disable mobility multicast mode, use the config mobility multicast-mode command.
config mobility multicast-mode {enable | disable} local_group_multicast_address
Syntax Description enable disable
local_group_multicast_address
Enables the multicast mode; the controller uses multicast mode to send Mobile Announce messages to the local group.
Disables the multicast mode; the controller uses unicast mode to send the Mobile Announce messages to the local group.
IP address for the local mobility group.
Command Default
The mobility multicast mode is disabled.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable the multicast mobility mode for the local mobility group IP address 157.168.20.0:
(Cisco Controller) >
config mobility multicast-mode enable 157.168.20.0
Cisco Wireless Controller Command Reference, Release 8.4
699
config mobility new-architecture config mobility new-architecture
To enable new mobility on the Cisco Wireless LAN Controller (WLC), use the config mobility
new-architecture command.
config mobility new-architecture {enable | disable}
Syntax Description enable disable
Configures the Cisco WLC to switch to the new mobility architecture.
Configures the Cisco WLC to switch to the old flat mobility architecture.
Command Default
By default, new mobility is disabled.
Command History
Release
7.3.112.0
Modification
This command was introduced.
Usage Guidelines
New mobility is supported only on Cisco WiSM2, Cisco 2500 Series Wireless Controllers, Cisco 5500 Series
Wireless Controllers, and Cisco 8500 Series Wireless Controllers. New mobility enables the Cisco WLC to be compatible with Converged Access controllers with Wireless Control Module (WCM), such as Cisco
Catalyst 3850 Series and the Cisco 5760 Wireless LAN Controllers.
Examples
The following example shows how to enable new mobility on the Cisco WLC:
(Cisco Controller) >
config mobility new-architecture enable
700
Cisco Wireless Controller Command Reference, Release 8.4
config mobility oracle config mobility oracle
To configure the Mobility Oracle (MO), use the config mobility oracle command.
config mobility oracle {enable | disable | ip ip_address}
Syntax Description enable disable ip
ip_address
Enables the MO on startup.
Disables the MO on startup.
Specifies the IP address of the MO.
IP address of the MO.
Command Default
None
Command History
Release
7.3.112.0
8.0
Modification
This command was introduced.
This command supports only IPv4 address format.
Usage Guidelines
The MO maintains the client database under one complete mobility domain. It consists of a station database, an interface to the mobility Cisco WLC, and an NTP server. There can be only one MO in the entire mobility domain.
The IPv6 address format for this command is not supported.
Examples
The following example shows how to configure the MO IP address:
(Cisco Controller) >
config mobility oracle ip 27.0.0.1
Cisco Wireless Controller Command Reference, Release 8.4
701
config mobility secure-mode config mobility secure-mode
To configure the secure mode for mobility messages between Cisco WLCs, use the config mobility
secure-mode command.
config mobility secure-mode {enable | disable}
Syntax Description enable disable
Enables the mobility group message security.
Disables mobility group message security.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable the secure mode for mobility messages:
(Cisco Controller) >
config mobility secure-mode enable
702
Cisco Wireless Controller Command Reference, Release 8.4
config mobility statistics reset config mobility statistics reset
To reset the mobility statistics, use the config mobility statistics reset command.
config mobility statistics reset
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
This example shows how to reset the mobility group statistics:
(Cisco Controller) >
config mobility statistics reset
Cisco Wireless Controller Command Reference, Release 8.4
703
config netuser add config netuser add
To add a guest user on a WLAN or wired guest LAN to the local user database on the controller, use the
config netuser add command.
config netuser add username password {wlan wlan_id | guestlan guestlan_id} userType guest lifetime
lifetime description description
Syntax Description
username password
wlan
wlan_id
guestlan
guestlan_id
userType guest lifetime
lifetime description
Guest username. The username can be up to 50 alphanumeric characters.
User password. The password can be up to 24 alphanumeric characters.
Specifies the wireless LAN identifier to associate with or zero for any wireless
LAN.
Wireless LAN identifier assigned to the user. A zero value associates the user with any wireless LAN.
Specifies the guest LAN identifier to associate with or zero for any wireless
LAN.
Guest LAN ID.
Specifies the user type.
Specifies the guest for the guest user.
Specifies the lifetime.
Lifetime value (60 to 259200 or 0) in seconds for the guest user.
Note
A value of 0 indicates an unlimited lifetime.
Short description of user. The description can be up to 32 characters enclosed in double-quotes.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Local network usernames must be unique because they are stored in the same database.
704
Cisco Wireless Controller Command Reference, Release 8.4
config netuser add
Examples
The following example shows how to add a permanent username Jane to the wireless network for 1 hour:
(Cisco Controller) >
config netuser add jane able2 1 wlan_id 1 userType permanent
The following example shows how to add a guest username George to the wireless network for 1 hour:
(Cisco Controller) >
config netuser add george able1 guestlan 1 3600
Related Commands show netuser config netuser delete
Cisco Wireless Controller Command Reference, Release 8.4
705
config netuser delete config netuser delete
To delete an existing user from the local network, use the config netuser delete command.
config netuser delete username
Syntax Description
username
Network username. The username can be up to 24 alphanumeric characters.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Local network usernames must be unique because they are stored in the same database.
Examples
The following example shows how to delete an existing username named able1 from the network:
(Cisco Controller) >
config netuser delete able1
Deleted user able1
Related Commands show netuser
706
Cisco Wireless Controller Command Reference, Release 8.4
config netuser description config netuser description
To add a description to an existing net user, use the config netuser description command.
config netuser description username description
Syntax Description
username description
Network username. The username can contain up to 24 alphanumeric characters.
(Optional) User description. The description can be up to 32 alphanumeric characters enclosed in double quotes.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to add a user description “HQ1 Contact” to an existing network user named able 1:
(Cisco Controller) >
config netuser description able1
“HQ1 Contact”
Related Commands show netuser
Cisco Wireless Controller Command Reference, Release 8.4
707
config network dns serverip config network dns serverip
To configure the network dns server, use the config network dns serverip command.
config network dns serverip { ipaddr}
Syntax Description
ipaddr
Specifies the ip-address.
Command Default
The default network-level web authentication value is disabled.
Command History
Release
8.3
Modification
This command was introduced
Examples
The following example shows how to enable proxy redirect support for web authentication clients: cisco controller
config network dns serverip 198.172.202.252
Related Commands show network summary
708
Cisco Wireless Controller Command Reference, Release 8.4
config netuser guest-lan-id config netuser guest-lan-id
To configure a wired guest LAN ID for a network user, use the config netuser guest-lan-id command.
config netuser guest-lan-id username lan_id
Syntax Description
username lan_id
Network username. The username can be 24 alphanumeric characters.
Wired guest LAN identifier to associate with the user. A zero value associates the user with any wired LAN.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure a wired LAN ID 2 to associate with the user named aire1:
(Cisco Controller) >
config netuser guest- lan-id aire1 2
Related Commands show netuser show wlan summary
Cisco Wireless Controller Command Reference, Release 8.4
709
config netuser guest-role apply config netuser guest-role apply
To apply a quality of service (QoS) role to a guest user, use the config netuser guest-role apply command.
config netuser guest-role apply username role_name
Syntax Description
username role_name
Name of the user.
QoS guest role name.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
If you do not assign a QoS role to a guest user, the Role field in the User Details shows the role as default.
The bandwidth contracts for this user are defined in the QoS profile for the WLAN.
If you want to unassign a QoS role from a guest user, use the config netuser guest-role apply username
default. This user now uses the bandwidth contracts defined in the QoS profile for the WLAN.
Examples
The following example shows how to apply a QoS role to a guest user jsmith with the QoS guest role named
Contractor:
(Cisco Controller) >
config netuser guest-role apply jsmith Contractor
Related Commands config netuser guest-role create config netuser guest-role delete
710
Cisco Wireless Controller Command Reference, Release 8.4
config netuser guest-role create config netuser guest-role create
To create a quality of service (QoS) role for a guest user, use the config netuser guest-role create command.
config netuser guest-role create role_name
Syntax Description
role name
QoS guest role name.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
To delete a QoS role, use the config netuser guest-role delete role-name .
Examples
The following example shows how to create a QoS role for the guest user named guestuser1:
(Cisco Controller) >
config netuser guest-role create guestuser1
Related Commands config netuser guest-role delete
Cisco Wireless Controller Command Reference, Release 8.4
711
config netuser guest-role delete config netuser guest-role delete
To delete a quality of service (QoS) role for a guest user, use the config netuser guest-role delete command.
config netuser guest-role delete role_name
Syntax Description
role name
Quality of service (QoS) guest role name.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to delete a quality of service (QoS) role for guestuser1:
(Cisco Controller) >
config netuser guest-role delete guestuser1
Related Commands config netuser guest-role create
712
Cisco Wireless Controller Command Reference, Release 8.4
config netuser guest-role qos data-rate average-data-rate config netuser guest-role qos data-rate average-data-rate
To configure the average data rate for TCP traffic on a per user basis, use the config netuser guest-role qos
data-rate average-data-rate command.
config netuser guest-role qos data-rate average-data-rate role_name rate
Syntax Description
role_name rate
Quality of service (QoS) guest role name.
Rate for TCP traffic on a per user basis.
Command Default
None
Usage Guidelines
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
Examples
The following example shows how to configure an average rate for the QoS guest named guestuser1:
(Cisco Controller) >
config netuser guest-role qos data-rate average-data-rate guestuser1
0
Related Commands config netuser guest-role create config netuser guest-role delete config netuser guest-role qos data-rate burst-data-rate
Cisco Wireless Controller Command Reference, Release 8.4
713
config netuser guest-role qos data-rate average-realtime-rate config netuser guest-role qos data-rate average-realtime-rate
To configure the average data rate for TCP traffic on a per user basis, use the config netuser guest-role qos
data-rate average-realtime-rate command.
config netuser guest-role qos data-rate average-realtime-rate role_name rate
Syntax Description
role_name rate
Quality of service (QoS) guest role name.
Rate for TCP traffic on a per user basis.
Command Default
None
Usage Guidelines
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
Examples
The following example shows how to configure an average data rate for the QoS guest user named guestuser1 with the rate for TCP traffic of 0 Kbps:
(Cisco Controller) >
config netuser guest-role qos data-rate average-realtime-rate guestuser1
0
Related Commands config netuser guest-role config netuser guest-role qos data-rate average-data-rate
714
Cisco Wireless Controller Command Reference, Release 8.4
config netuser guest-role qos data-rate burst-data-rate config netuser guest-role qos data-rate burst-data-rate
To configure the peak data rate for TCP traffic on a per user basis, use the config netuser guest-role qos
data-rate burst-data-rate command.
config netuser guest-role qos data-rate burst-data-rate role_name rate
Syntax Description
role_name rate
Quality of service (QoS) guest role name.
Rate for TCP traffic on a per user basis.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The burst data rate should be greater than or equal to the average data rate. Otherwise, the QoS policy may block traffic to and from the wireless client.
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
Examples
The following example shows how to configure the peak data rate for the QoS guest named guestuser1 with the rate for TCP traffic of 0 Kbps:
(Cisco Controller) >
config netuser guest-role qos data-rate burst-data-rate guestuser1 0
Related Commands config netuser guest-role create config netuser guest-role delete config netuser guest-role qos data-rate average-data-rate
Cisco Wireless Controller Command Reference, Release 8.4
715
config netuser guest-role qos data-rate burst-realtime-rate config netuser guest-role qos data-rate burst-realtime-rate
To configure the burst real-time data rate for UDP traffic on a per user basis, use the config netuser guest-role
qos data-rate burst-realtime-rate command.
config netuser guest-role qos data-rate burst-realtime-rate role_name rate
Syntax Description
role_name rate
Quality of service (QoS) guest role name.
Rate for TCP traffic on a per user basis.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The burst real-time rate should be greater than or equal to the average real-time rate. Otherwise, the quality of service (QoS) policy may block traffic to and from the wireless client.
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
Examples
The following example shows how to configure a burst real-time rate for the QoS guest user named guestuser1 with the rate for TCP traffic of 0 Kbps:
(Cisco Controller) >
config netuser guest-role qos data-rate burst-realtime-rate guestuser1
0
Related Commands config netuser guest-role config netuser guest-role qos data-rate average-data-rate config netuser guest-role qos data-rate burst-data-rate
716
Cisco Wireless Controller Command Reference, Release 8.4
config netuser lifetime config netuser lifetime
To configure the lifetime for a guest network user, use the config netuser lifetime command.
config netuser lifetime username time
Syntax Description
username time
Network username. The username can be up to 50 alphanumeric characters.
Llifetime between 60 to 31536000 seconds or 0 for no limit.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure lifetime for a guest network user:
(Cisco Controller) >
config netuser lifetime guestuser1 22450
Related Commands show netuser show wlan summary
Cisco Wireless Controller Command Reference, Release 8.4
717
config netuser maxUserLogin config netuser maxUserLogin
To configure the maximum number of login sessions allowed for a network user, use the config netuser
maxUserLogin command.
config netuser maxUserLogin count
Syntax Description
count
Maximum number of login sessions for a single user. The allowed values are from 0 (unlimited) to 8.
Command Default
By default, the maximum number of login sessions for a single user is 0 (unlimited).
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the maximum number of login sessions for a single user to
8:
(Cisco Controller) >
config netuser maxUserLogin 8
Related Commands show netuser
718
Cisco Wireless Controller Command Reference, Release 8.4
config netuser password config netuser password
To change a local network user password, use the config netuser password command.
config netuser password username password
Syntax Description
username password
Network username. The username can be up to 24 alphanumeric characters.
Network user password. The password can contain up to 24 alphanumeric characters.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to change the network user password from aire1 to aire2:
(Cisco Controller) >
config netuser password aire1 aire2
Related Commands show netuser
Cisco Wireless Controller Command Reference, Release 8.4
719
config netuser wlan-id config netuser wlan-id
To configure a wireless LAN ID for a network user, use the config netuser wlan-id command.
config netuser wlan-id username wlan_id
Syntax Description
username wlan_id
Network username. The username can be 24 alphanumeric characters.
Wireless LAN identifier to associate with the user. A zero value associates the user with any wireless LAN.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure a wireless LAN ID 2 to associate with the user named aire1:
(Cisco Controller) >
config netuser wlan-id aire1 2
Related Commands show netuser show wlan summary
720
Cisco Wireless Controller Command Reference, Release 8.4
config network client-ip-conflict-detection config network client-ip-conflict-detection
To enable or disable client DHCP address conflict detection in a network, use the config network
client-ip-conflict-detection command.
config network client-ip-conflict-detection {enable | disable}
Syntax Description enable disable
If a wireless client receives a DHCP address, which is already registered to another client, the earlier client will be disconnected and will have to reconnect and get a new address.
Disables this feature.
Command Default
Disabled.
Command History
Release
8.1
Modification
This command was introduced.
Cisco Wireless Controller Command Reference, Release 8.4
721
config network http-proxy ip-address config network http-proxy ip-address
To configure network http proxy server ipaddress, use the config network http-proxy ip-address command.
config network http-proxy ip-address ip-addressportport-no
Syntax Description
ip-address port-no
IP address for http-proxy.
Port number for http-proxy.
Command Default
None
Command History
Release
8.3
Modification
This command was introduced.
Examples
The following example shows how to enable configure network http proxy server ipaddress: cisco controller
config network http-proxy ip-address 10.10.10.11 port 8080
Related Commands show network summary
722
Cisco Wireless Controller Command Reference, Release 8.4
config network bridging-shared-secret config network bridging-shared-secret
To configure the bridging shared secret, use the config network bridging-shared-secret command.
config network bridging-shared-secret shared_secret
Syntax Description
shared_secret
Bridging shared secret string. The string can contain up to 10 bytes.
Command Default
The bridging shared secret is enabled by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This command creates a secret that encrypts backhaul user data for the mesh access points that connect to the switch.
The zero-touch configuration must be enabled for this command to work.
Examples
The following example shows how to configure the bridging shared secret string “shhh1”:
(Cisco Controller) >
config network bridging-shared-secret shhh1
Related Commands show network summary
Cisco Wireless Controller Command Reference, Release 8.4
723
config network web-auth captive-bypass config network web-auth captive-bypass
To configure the controller to support bypass of captive portals at the network level, use the config network
web-auth captive-bypass command.
config network web-auth captive-bypass {enable | disable}
Syntax Description enable disable
Allows the controller to support bypass of captive portals.
Disallows the controller to support bypass of captive portals.
Command Default
None
Examples
The following example shows how to configure the controller to support bypass of captive portals:
(Cisco Controller) >
config network web-auth captive-bypass enable
Related Commands show network summary config network web-auth cmcc-support
724
Cisco Wireless Controller Command Reference, Release 8.4
config network web-auth port config network web-auth port
To configure an additional port to be redirected for web authentication at the network level, use the config
network web-auth port command.
config network web-auth port port
Syntax Description
port
Port number. The valid range is from 0 to 65535.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure an additional port number 1200 to be redirected for web authentication:
(Cisco Controller) >
config network web-auth port 1200
Related Commands show network summary
Cisco Wireless Controller Command Reference, Release 8.4
725
config network web-auth proxy-redirect config network web-auth proxy-redirect
To configure proxy redirect support for web authentication clients, use the config network web-auth
proxy-redirect command.
config network web-auth proxy-redirect {enable | disable}
Syntax Description enable disable
Allows proxy redirect support for web authentication clients.
Disallows proxy redirect support for web authentication clients.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable proxy redirect support for web authentication clients:
(Cisco Controller) >
config network web-auth proxy-redirect enable
Related Commands show network summary
726
Cisco Wireless Controller Command Reference, Release 8.4
config network web-auth secureweb config network web-auth secureweb
To configure the secure web (https) authentication for clients, use the config network web-auth secureweb command.
config network web-auth secureweb {enable | disable}
Syntax Description enable disable
Allows secure web (https) authentication for clients.
Disallows secure web (https) authentication for clients.
Enables http web authentication for clients.
Command Default
The default secure web (https) authentication for clients is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If you configure the secure web (https) authentication for clients using the config network web-auth secureweb
disable command, then you must reboot the Cisco WLC to implement the change.
Examples
The following example shows how to enable the secure web (https) authentication for clients:
(Cisco Controller) >
config network web-auth secureweb enable
Related Commands show network summary
Cisco Wireless Controller Command Reference, Release 8.4
727
config network webmode config network webmode
To enable or disable the web mode, use the config network webmode command.
config network webmode {enable | disable}
Syntax Description enable disable
Enables the web interface.
Disables the web interface.
Command Default
The default value for the web mode is enable.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to disable the web interface mode:
(Cisco Controller) >
config network webmode disable
Related Commands show network summary
728
Cisco Wireless Controller Command Reference, Release 8.4
config network web-auth config network web-auth
To configure the network-level web authentication options, use the config network web-auth command.
config network web-auth {port port-number} | {proxy-redirect {enable | disable}}
Syntax Description port
port-number
proxy-redirect enable disable
Configures additional ports for web authentication redirection.
Port number (between 0 and 65535).
Configures proxy redirect support for web authentication clients.
Enables proxy redirect support for web authentication clients.
Note
Web-auth proxy redirection will be enabled for ports 80, 8080, and 3128, along with user defined port 345.
Disables proxy redirect support for web authentication clients.
Command Default
The default network-level web authentication value is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
You must reset the system for the configuration to take effect.
Examples
The following example shows how to enable proxy redirect support for web authentication clients:
(Cisco Controller) >
config network web-auth proxy-redirect enable
Related Commands show network summary show run-config config qos protocol-type
Cisco Wireless Controller Command Reference, Release 8.4
729
config network 802.3-bridging config network 802.3-bridging
To enable or disable 802.3 bridging on a controller, use the config network 802.3-bridging command.
config network 802.3-bridging {enable | disable}
Syntax Description enable disable
Enables the 802.3 bridging.
Disables the 802.3 bridging.
Command Default
By default, 802.3 bridging on the controller is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
In controller software release 5.2, the software-based forwarding architecture for Cisco 2100 Series Controllers is being replaced with a new forwarding plane architecture. As a result, Cisco 2100 Series Controllers and the Cisco wireless LAN controller Network Module for Cisco Integrated Services Routers bridge 802.3 packets by default. Therefore, 802.3 bridging can now be disabled only on Cisco 4400 Series Controllers, the Cisco
WiSM, and the Catalyst 3750G Wireless LAN Controller Switch.
To determine the status of 802.3 bridging, enter the show netuser guest-roles command.
Examples
The following example shows how to enable the 802.3 bridging:
(Cisco Controller) >
config network 802.3-bridging enable
Related Commands show netuser guest-roles show network
730
Cisco Wireless Controller Command Reference, Release 8.4
config network allow-old-bridge-aps config network allow-old-bridge-aps
To configure an old bridge access point’s ability to associate with a switch, use the config network
allow-old-bridge-aps command.
config network allow-old-bridge-aps {enable | disable}
Syntax Description enable disable
Enables the switch association.
Disables the switch association.
Command Default
Switch association is enabled.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure an old bridge access point to associate with the switch:
(Cisco Controller) >
config network allow-old-bridge-aps enable
Cisco Wireless Controller Command Reference, Release 8.4
731
config network ap-discovery config network ap-discovery
To enable or disable NAT IP in an AP discovery response, use the config network ap-discovery command.
config network ap-discovery nat-ip-only {enable | disable}
Syntax Description enable disable
Enables use of NAT IP only in discovery response.
Enables use of both NAT IP and non NAT IP in discovery response.
Command Default
The use of NAT IP only in discovery response is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If the config interface nat-address management command is set, this command controls which address(es) are sent in the CAPWAP discovery responses.
If all APs are on the outside of the NAT gateway of the controller, enter the config network ap-discovery
nat-ip-only enable command, and only the management NAT address is sent.
If the controller has both APs on the outside and the inside of its NAT gateway, enter the config network
ap-discovery nat-ip-only disable command, and both the management NAT address and the management inside address are sent. Ensure that you have entered the config ap link-latency disable all command to avoid stranding APs.
Examples
The following example shows how to enable NAT IP in an AP discovery response:
(Cisco Controller) >
config network ap-discovery nat-ip-only enable
732
Cisco Wireless Controller Command Reference, Release 8.4
config network ap-easyadmin config network ap-easyadmin
To configure Cisco AP easyadmin feature, use the config network ap-easyadmin command.
config network ap-easyadmin {enable | disable}
Syntax Description enable disable
Enables AP EasyAdmin.
Disables AP EasyAdmin.
Command Default
The easyadmin is disabled by default.
Command History
Examples
Release
8.4
Modification
This command was introduced in this release
The following example shows how to enable the Cisco AP easyadmin:
(Cisco Controller) >
config network ap-easyadmin enable
Cisco Wireless Controller Command Reference, Release 8.4
733
config network ap-fallback config network ap-fallback
To configure Cisco lightweight access point fallback, use the config network ap-fallback command.
config network ap-fallback {enable | disable}
Syntax Description enable disable
Enables the Cisco lightweight access point fallback.
Disables the Cisco lightweight access point fallback.
Command Default
The Cisco lightweight access point fallback is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the Cisco lightweight access point fallback:
(Cisco Controller) >
config network ap-fallback enable
734
Cisco Wireless Controller Command Reference, Release 8.4
config network ap-priority config network ap-priority
To enable or disable the option to prioritize lightweight access points so that after a controller failure they reauthenticate by priority rather than on a first-come-until-full basis, use the config network ap-priority command.
config network ap-priority {enable | disable}
Syntax Description enable disable
Enables the lightweight access point priority reauthentication.
Disables the lightweight access point priority reauthentication.
Command Default
The lightweight access point priority reauthentication is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the lightweight access point priority reauthorization:
(Cisco Controller) >
config network ap-priority enable
Cisco Wireless Controller Command Reference, Release 8.4
735
config network apple-talk config network apple-talk
To configure AppleTalk bridging, use the config network apple-talk command.
config network apple-talk {enable | disable}
Syntax Description enable disable
Enables the AppleTalk bridging.
Disables the AppleTalk bridging.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure AppleTalk bridging:
(Cisco Controller) >
config network apple-talk enable
736
Cisco Wireless Controller Command Reference, Release 8.4
config network arptimeout config network arptimeout
To set the Address Resolution Protocol (ARP) entry timeout value, use the config network arptimeout command.
config network arptimeout seconds
Syntax Description
seconds
Timeout in seconds. The minimum value is 10 seconds. The default value is 300 seconds.
Command Default
The default ARP entry timeout value is 300 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
This example shows how to set the ARP entry timeout value to 240 seconds:
(Cisco Controller) >
config network arptimeout 240
Related Commands show network summary
Cisco Wireless Controller Command Reference, Release 8.4
737
config assisted-roaming config assisted-roaming
To configure assisted roaming parameters on the controller, use the config assisted-roaming command.
config assisted-roaming {denial-maximum count | floor-bias RSSI | prediction-minimum number_of_APs}
Syntax Description denial-maximum
count
floor-bias
RSSI
prediction-minimum
number_of_APs
Configures the maximum number of counts for association denial.
Maximum number of times that a client is denied for association when the association request that was sent to an access point does not match any access point on the prediction list. The range is from 1 to 10.
Configures the RSSI bias for access points on the same floor.
RSSI bias for access points on the same floor. The range is from 5 to 25. Access points on the same floor have more preference.
Configures the minimum number of optimized access points for the assisted roaming feature.
Minimum number of optimized access points for the assisted roaming feature.
The range is from 1 to 6. If the number of access points in the prediction assigned to the client is smaller than this number, the assisted roaming feature does not work.
Command Default
The default RSSI bias for access points on the same floor is 15 dBm.
Usage Guidelines
802.11k allows a client to request a neighbor report that contains information about known neighbor access points, which can be used for a service set transition. The neighbor list reduces the need for active and passive scanning.
Examples
This example shows how to configure the minimum number of optimized access points for the assisted roaming feature:
(Cisco Controller) >
config assisted-roaming prediction-minimum 4
738
Cisco Wireless Controller Command Reference, Release 8.4
config network bridging-shared-secret config network bridging-shared-secret
To configure the bridging shared secret, use the config network bridging-shared-secret command.
config network bridging-shared-secret shared_secret
Syntax Description
shared_secret
Bridging shared secret string. The string can contain up to 10 bytes.
Command Default
The bridging shared secret is enabled by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This command creates a secret that encrypts backhaul user data for the mesh access points that connect to the switch.
The zero-touch configuration must be enabled for this command to work.
Examples
The following example shows how to configure the bridging shared secret string “shhh1”:
(Cisco Controller) >
config network bridging-shared-secret shhh1
Related Commands show network summary
Cisco Wireless Controller Command Reference, Release 8.4
739
config network broadcast config network broadcast
To enable or disable broadcast packet forwarding, use the config network broadcast command.
config network broadcast {enable | disable}
Syntax Description enable disable
Enables the broadcast packet forwarding.
Disables the broadcast packet forwarding.
Command Default
The broadcast packet forwarding is disabled by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This command allows you to enable or disable broadcasting. You must enable multicast mode before enabling broadcast forwarding. Use the config network multicast mode command to configure multicast mode on the controller.
Note
The default multicast mode is unicast in case of all controllers except for Cisco 2106 Controllers. The broadcast packets and multicast packets can be independently controlled. If multicast is off and broadcast is on, broadcast packets still reach the access points, based on the configured multicast mode.
Examples
The following example shows how to enable broadcast packet forwarding:
(Cisco Controller) >
config network broadcast enable
Related Commands show network summary config network multicast global config network multicast mode
740
Cisco Wireless Controller Command Reference, Release 8.4
config network fast-ssid-change config network fast-ssid-change
To enable or disable fast Service Set Identifier (SSID) changing for mobile stations, use the config network
fast-ssid-change command.
config network fast-ssid-change {enable | disable}
Syntax Description enable disable
Enables the fast SSID changing for mobile stations
Disables the fast SSID changing for mobile stations.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
When you enable the Fast SSID Change feature, the controller allows clients to move between SSIDs. When the client sends a new association for a different SSID, the client entry in the controller connection table is cleared before the client is added to the new SSID.
When you disable the FastSSID Change feature, the controller enforces a delay before clients are allowed to move to a new SSID.
Examples
The following example shows how to enable the fast SSID changing for mobile stations:
(Cisco Controller) >
config network fast-ssid-change enable
Related Commands show network summary
Cisco Wireless Controller Command Reference, Release 8.4
741
config network ip-mac-binding config network ip-mac-binding
To validate the source IP address and MAC address binding within client packets, use the config network
ip-mac-binding command.
config network ip-network-binding {enable | disable}
Syntax Description enable disable
Enables the validation of the source IP address to MAC address binding in clients packets.
Disables the validation of the source IP address to MAC address binding in clients packets.
Command Default
The validation of the source IP address to MAC address binding in clients packets is enabled by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
In controller software release 5.2, the controller enforces strict IP address-to-MAC address binding in client packets. The controller checks the IP address and MAC address in a packet, compares them to the addresses that are registered with the controller, and forwards the packet only if they both match. In previous releases, the controller checks only the MAC address of the client and ignores the IP address.
Note
You might want to disable this binding check if you have a routed network behind a workgroup bridge
(WGB).
Examples
The following example shows how to validate the source IP and MAC address within client packets:
(Cisco Controller) >
config network ip-mac-binding enable
742
Cisco Wireless Controller Command Reference, Release 8.4
config network link local bridging config network link local bridging
To configure bridging of link local traffic at the local site, use the config network link-local-bridging command.
config network link-local-bridging {enable | disable}
Syntax Description enable disable
Enables bridging of link local traffic at the local site
Disables bridging of link local traffic at the local site
Command Default
Disabled
Command History
Release
8.0
Modification
This command was introduced
Cisco Wireless Controller Command Reference, Release 8.4
743
config network master-base config network master-base
To enable or disable the Cisco wireless LAN controller as an access point default master, use the config
network master-base command.
config network master-base {enable | disable}
Syntax Description enable disable
Enables the Cisco wireless LAN controller acting as a Cisco lightweight access point default master.
Disables the Cisco wireless LAN controller acting as a Cisco lightweight access point default master.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This setting is only used upon network installation and should be disabled after the initial network configuration.
Because the Master Cisco wireless LAN controller is normally not used in a deployed network, the Master
Cisco wireless LAN controller setting can be saved from 6.0.199.0 or later releases.
Examples
The following example shows how to enable the Cisco wireless LAN controller as a default master:
(Cisco Controller) >
config network master-base enable
744
Cisco Wireless Controller Command Reference, Release 8.4
config network mgmt-via-wireless config network mgmt-via-wireless
To enable Cisco wireless LAN controller management from an associated wireless client, use the config
network mgmt-via-wireless command.
config network mgmt-via-wireless {enable | disable}
Syntax Description enable disable
Enables the switch management from a wireless interface.
Disables the switch management from a wireless interface.
Command Default
The switch management from a wireless interface is disabled by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This feature allows wireless clients to manage only the Cisco wireless LAN controller associated with the client and the associated Cisco lightweight access point. That is, clients cannot manage another Cisco wireless
LAN controller with which they are not associated.
Examples
This example shows how to configure switch management from a wireless interface:
(Cisco Controller) >
config network mgmt-via-wireless enable
Related Commands show network summary
Cisco Wireless Controller Command Reference, Release 8.4
745
config network multicast global config network multicast global
To enable or disable multicasting on the controller, use the config network multicast global command.
config network multicast global {enable | disable}
Syntax Description enable disable
Enables the multicast global support.
Disables the multicast global support.
Command Default
Multicasting on the controller is disabled by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The config network broadcast {enable | disable} command allows you to enable or disable broadcasting without enabling or disabling multicasting as well. This command uses the multicast mode configured on the controller (by using the config network multicast mode command) to operate.
Examples
The following example shows how to enable the global multicast support:
(Cisco Controller) >
config network multicast global enable
Related Commands show network summary config network broadcast config network multicast mode
746
Cisco Wireless Controller Command Reference, Release 8.4
config network multicast igmp query interval config network multicast igmp query interval
To configure the IGMP query interval, use the config network multicast igmp query interval command.
config network multicast igmp query interval value
Syntax Description
value
Frequency at which controller sends IGMP query messages. The range is from
15 to 2400 seconds.
Command Default
The default IGMP query interval is 20 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
To configure IGMP query interval, ensure that you do the following:
• Enable the global multicast by entering the config network multicast global enable command.
• Enable IGMP snooping by entering the config network multicast igmp snooping enable command.
Examples
The following example shows how to configure the IGMP query interval at 20 seconds:
(Cisco Controller) >
config network multicast igmp query interval 20
Related Commands config network multicast global config network multicast igmp snooping config network multicast igmp timeout
Cisco Wireless Controller Command Reference, Release 8.4
747
config network multicast igmp snooping config network multicast igmp snooping
To enable or disable IGMP snooping, use the config network multicast igmp snooping command.
config network multicast igmp snooping {enable | disable}
Syntax Description enable disable
Enables IGMP snooping.
Disables IGMP snooping.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable internet IGMP snooping settings:
(Cisco Controller) >
config network multicast igmp snooping enable
Related Commands config network multicast global config network multicast igmp query interval config network multicast igmp timeout
748
Cisco Wireless Controller Command Reference, Release 8.4
config network multicast igmp timeout config network multicast igmp timeout
To set the IGMP timeout value, use the config network multicast igmp timeout command.
config network multicast igmp timeout value
Syntax Description
value
Timeout range from 30 to 7200 seconds.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You can enter a timeout value between 30 and 7200 seconds. The controller sends three queries in one timeout value at an interval of timeout/3 to see if any clients exist for a particular multicast group. If the controller does not receive a response through an IGMP report from the client, the controller times out the client entry from the MGID table. When no clients are left for a particular multicast group, the controller waits for the
IGMP timeout value to expire and then deletes the MGID entry from the controller. The controller always generates a general IGMP query (to destination address 224.0.0.1) and sends it on all WLANs with an MGID value of 1.
Examples
The following example shows how to configure the timeout value 50 for IGMP network settings:
(Cisco Controller) >
config network multicast igmp timeout 50
Related Commands config network multicast global config network igmp snooping config network multicast igmp query interval
Cisco Wireless Controller Command Reference, Release 8.4
749
config network multicast l2mcast config network multicast l2mcast
To configure the Layer 2 multicast on an interface or all interfaces, use the config network multicast l2mcast command.
config network multicast l2mcast {enable| disable {all | interface-name}
Syntax Description enable disable all
interface-name
Enables Layer 2 multicast.
Disables Layer 2 multicast.
Applies to all interfaces.
Interface name for which the Layer 2 multicast is to enabled or disabled.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable Layer 2 multicast for all interfaces:
(Cisco Controller) >
config network multicast l2mcast enable all
Related Commands config network multicast global config network multicast igmp snooping config network multicast igmp query interval config network multicast mld
750
Cisco Wireless Controller Command Reference, Release 8.4
config network multicast mld config network multicast mld
To configure the Multicast Listener Discovery (MLD) parameters, use the config network multicast mld command.
config network multicast mld {query interval interval-value | snooping {enable | disable} | timeout
timeout-value}
Syntax Description query interval
interval-value
snooping enable disable timeout
timeout-value
Configures query interval to send MLD query messages.
Query interval in seconds. The range is from 15 to 2400 seconds.
Configures MLD snooping.
Enables MLD snooping.
Disables MLD snooping.
Configures MLD timeout.
Timeout value in seconds. The range is from 30 seconds to 7200 seconds.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set a query interval of 20 seconds for MLD query messages:
(Cisco Controller) >
config network multicast mld query interval 20
Related Commands config network multicast global config network multicast igmp snooping config network multicast igmp query interval config network multicast l2mcast
Cisco Wireless Controller Command Reference, Release 8.4
751
config network multicast mode multicast config network multicast mode multicast
To configure the controller to use the multicast method to send broadcast or multicast packets to an access point, use the config network multicast mode multicast command.
config network multicast mode multicast
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the multicast mode to send a single copy of data to multiple receivers:
(Cisco Controller) >
config network multicast mode multicast
Related Commands config network multicast global config network broadcast config network multicast mode unicast
752
Cisco Wireless Controller Command Reference, Release 8.4
config network multicast mode unicast config network multicast mode unicast
To configure the controller to use the unicast method to send broadcast or multicast packets to an access point, use the config network multicast mode unicast command.
config network multicast mode unicast
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the controller to use the unicast mode:
(Cisco Controller) >
config network multicast mode unicast
Related Commands config network multicast global config network broadcast config network multicast mode multicast
Cisco Wireless Controller Command Reference, Release 8.4
753
config network oeap-600 dual-rlan-ports config network oeap-600 dual-rlan-ports
To configure the Ethernet port 3 of Cisco OfficeExtend 600 Series access points to operate as a remote LAN port in addition to port 4, use the config network oeap-600 dual-rlan-ports command.
config network oeap-600 dual-rlan-ports {enable | disable}
Syntax Description enable disable
Enables Ethernet port 3 of Cisco OfficeExtend 600 Series access points to operate as a remote LAN port in addition to port 4.
Resets the Ethernet port 3 Cisco OfficeExtend 600 Series access points to function as a local LAN port.
Command Default
The Ethernet port 3 Cisco 600 Series OEAP is reset.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the Ethernet port 3 of Cisco OfficeExtend 600 Series access points to operate as a remote LAN port:
(Cisco Controller) >
config network oeap-600 dual-rlan-ports enable
754
Cisco Wireless Controller Command Reference, Release 8.4
config network oeap-600 local-network config network oeap-600 local-network
To configure access to the local network for the Cisco 600 Series OfficeExtend access points, use the config
network oeap-600 local-network command.
config network oeap-600 local-network {enable | disable}
Syntax Description enable disable
Enables access to the local network for the Cisco 600 Series OfficeExtend access points.
Disables access to the local network for the Cisco 600 Series OfficeExtend access points.
Command Default
Access to the local network for the Cisco 600 Series OEAPs is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable access to the local network for the Cisco 600 Series OfficeExtend access points:
(Cisco Controller) >
config network oeap-600 local-network enable
Cisco Wireless Controller Command Reference, Release 8.4
755
config network otap-mode config network otap-mode
To enable or disable over-the-air provisioning (OTAP) of Cisco lightweight access points, use the config
network otap-mode command.
config network otap-mode {enable | disable}
Syntax Description enable disable
Enables the OTAP provisioning.
Disables the OTAP provisioning.
Command Default
The OTAP provisioning is enabled.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to disable the OTAP provisioning:
(Cisco Controller) >
config network otap-mode disable
756
Cisco Wireless Controller Command Reference, Release 8.4
config network profiling config network profiling
To profile http port for a specific port, use the config network profiling http-port command.
config network profiling http-port port number
Syntax Description
port number
Interface port number. Default value is 80.
Command History
Release
8.2
Examples
Modification
This command was introduced
The following example shows how to configure the http port in a network:
(Cisco Controller) >
config network profiling http-port 80
Cisco Wireless Controller Command Reference, Release 8.4
757
config opendns config opendns
To enable or disable open Domain Name System (DNS) on the Cisco Wireless Controller (WLC), use the
config opendnscommand.
config opendns{ enable|disable}
Syntax Description enable disable
Enables the opendns global configuration.
Disables the opendns global configuration.
Command Default
Open DNS is not configured.
Command Modes
Controller Config >
Command History
Release
8.4
Modification
This command was introduced.
Usage Guidelines
None
Examples
The following example shows how to enable open DNS on the Cisco WLC:
(Cisco Controller) > config opendns enable
758
Cisco Wireless Controller Command Reference, Release 8.4
config opendns api-token config opendns api-token
To enable or disable OpenDNS API token help for registering on Cisco Wireless Controller (WLC), use the
config opendns api-token command.
config opendns api-token api-token
Syntax Description
api-token
API token for the OpenDNS.
Command Modes
(Controller Configuration) >
Command History
Release
8.4
Modification
This command was introduced.
Usage Guidelines
None
Examples
The following example shows how to enable API token help for registering OpenDNS on the Cisco WLC:
(Cisco Controller) > config opendns api-token 12
Cisco Wireless Controller Command Reference, Release 8.4
759
config opendns forced config opendns forced
To enable or disable OpenDNS on Cisco Wireless Controller (WLC), use the config opendns forced command.
config opendns forced {enable | disable}
Syntax Description enable disable
Enables the OpenDNS global configuration.
Disables the OpenDNS global configuration.
Command Default
OpenDNS is not configured.
Command Modes
(Controller Configuration) >
Command History
Release
8.4
Modification
This command was introduced.
Usage Guidelines
None
Examples
The following example shows how to enable OpenDNS on Cisco WLC:
(Cisco Controller) > config opendns forced enable
760
Cisco Wireless Controller Command Reference, Release 8.4
config opendns profile config opendns profile
To configure a profile for the OpenDNS, which can be applied to a user group, or wireless LAN (WLAN), or site, use the config opendns profile command.
config opendns profile{ create | delete | refresh} profile-name
Syntax Description create delete refresh
profile-name
Creates an OpenDNS identity name.
Removes an OpenDNS identity name.
Refreshes OpenDNS identity by retriggering the registration, irrespective of current state.
OpenDNS identity name.
Command Default
OpenDNS profile is not created.
Command Modes
(Controller Configuration) >
Command History
Release
8.4
Modification
This command was introduced.
Usage Guidelines
None
Examples
The following example shows how to configure a profile for OpenDNS, which can be applied to a user group:
(Cisco Controller) > config opendns profile create usergroup1
Cisco Wireless Controller Command Reference, Release 8.4
761
config pmipv6 domain config pmipv6 domain
To configure PMIPv6 and to enable Mobile Access Gateway (MAG) functionality on Cisco WLC, use the
config pmipv6 domain command.
config pmipv6 domain domain_name
Syntax Description
domain_name
Name of the PMIPv6 domain. The domain name can be up to 127 case-sensitive, alphanumeric characters.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure a domain name for a PMIPv6 WLAN:
(Cisco Controller) >
config pmipv6 domain floor1
762
Cisco Wireless Controller Command Reference, Release 8.4
config pmipv6 add profile config pmipv6 add profile
To create a Proxy Mobility IPv6 (PMIPv6) profile for the WLAN, use the config pmipv6 add profile command.
You can configure PMIPv6 profiles based on a realm or a service set identifier (SSID).
config pmipv6 add profile profile_name nai {user@realm | @realm | *} lma lma_name apn apn_name
Syntax Description
profile_name
nai
user@realm
@realm
* lma
lma_name
apn
ap_name
Name of the profile. The profile name is case sensitive and can be up to 127 alphanumeric characters.
Specifies the Network Access Identifier of the client.
Network Access Identifier of the client in the format user@realm. The NAI name is case sensitive and can be up to 127 alphanumeric characters.
Network Access Identifier of the client in the format @realm.
All Network Access Identifiers. You can have profiles based on an SSID for all users.
Specifies the Local Mobility Anchor (LMA).
Name of LMA. The LMA name is case sensitive and can be up to 127 alphanumeric characters.
Specifies the access point.
Name of the access point. The access point name is case sensitive and can be up to 127 alphanumeric characters.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
This command is a prerequisite for using PMIPv6 configuration commands if the controller uses open authentication.
Cisco Wireless Controller Command Reference, Release 8.4
763
config pmipv6 add profile
Examples
The following example shows how to create a PMIPv6 profile:
(Cisco Controller) >
config pmipv6 add profile profile1 nai @vodfone.com lma vodfonelma apn vodafoneapn
764
Cisco Wireless Controller Command Reference, Release 8.4
config pmipv6 delete config pmipv6 delete
To delete a Proxy Mobility IPv6 (PMIPv6) profile, domain, or Local Mobility Anchor (LMA), use the config
pmipv6 delete command.
config pmipv6 delete {profile profile_name nai { nai_id | all } | domain domain_name | lma lma_name}
Syntax Description profile
profile_name
nai
nai_id
all domain
domain_name
lma
lma_name
Specifies the PMIPv6 profile.
Name of the PMIPv6 profile. The profile name is case sensitive and can be up to 127 alphanumeric characters.
Specifies the Network Access Identifier (NAI) of a mobile client.
Network Access Identifier of a mobile client. The NAI is case sensitive and can be up to 127 alphanumeric characters.
Specifies all NAIs. When you delete all NAIs, the profile is deleted.
Specifies the PMIPv6 domain.
Name of the PMIPv6 domain. The domain name is case sensitive and can be up to 127 alphanumeric characters.
Specifies the LMA.
Name of the LMA. The LMA name is case sensitive and can be up to 127 alphanumeric characters.
Command Default
None
Command History
Examples
Release
7.6
The following example shows how to delete a domain:
(Cisco Controller) >
config pmipv6 delete lab1
Modification
This command was introduced in a release earlier than
Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
765
config pmipv6 mag apn config pmipv6 mag apn
To configure an Access Point Name (APN) for a mobile access gateway (MAG), use the config pmipv6 mag
apn command.
config pmipv6 mag apn apn-name
Syntax Description
apn-name
Access point name for the MAG.
Command Default
None
Command History
Release
8.0
Modification
This command was introduced.
Usage Guidelines
By default, the MAG role is WLAN. However, for the lightweight access points, MAG role should be configured as 3GPP. If the MAG role is 3GPP, it is mandatory to specify an APN for the MAG.
To delete an APN for a MAG, use the config pmipv6 delete mag apn apn-name command.
Examples
The following example shows how to add an APN for a MAG:
(Cisco Controller) >
config pmipv6 mag apn myCiscoAP
766
Cisco Wireless Controller Command Reference, Release 8.4
config pmipv6 mag binding init-retx-time config pmipv6 mag binding init-retx-time
To configure the initial timeout between the proxy binding updates (PBUs) when the Mobile Access Gateway
(MAG) does not receive the proxy binding acknowledgements (PBAs), use the config pmipv6 mag binding
init-retx-time command.
config pmipv6 mag binding init-retx-time units
Syntax Description
units
Initial timeout between the PBUs when the MAG does not receive the PBAs. The range is from 100 to 65535 seconds.
Command Default
The default initial timeout is 1000 seconds.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure the initial timeout between the PBUs when the MAG does not receive the PBAs:
(Cisco Controller) >
config pmipv6 mag binding init-retx-time 500
Cisco Wireless Controller Command Reference, Release 8.4
767
config pmipv6 mag binding lifetime config pmipv6 mag binding lifetime
To configure the lifetime of the binding entries in the Mobile Access Gateway (MAG), use the config pmipv6
mag binding lifetime command.
config pmipv6 mag binding lifetime units
Syntax Description
units
Lifetime of the binding entries in the MAG. The binding lifetime must be a multiple of
4 seconds. The range is from 10 to 65535 seconds.
Command Default
The default lifetime of the binding entries is 65535 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You must configure a Proxy Mobility IPv6 (PMIPv6) domain before you configure the lifetime of the binding entries in the controller.
Examples
The following example shows how to configure the lifetime of the binding entries in the controller:
(Cisco Controller) >
config pmipv6 mag binding lifetime 5000
768
Cisco Wireless Controller Command Reference, Release 8.4
config pmipv6 mag binding max-retx-time config pmipv6 mag binding max-retx-time
To configure the maximum timeout between the proxy binding updates (PBUs) when the Mobility Access
Gateway (MAG) does not receive the proxy binding acknowledgments (PBAs), use the config pmipv6 mag
binding max-retx-time command.
config pmipv6 mag binding max-retx-time units
Syntax Description
units
Maximum timeout between the PBUs when the MAG does not receive the PBAs. The range is from 100 to 65535 seconds.
Command Default
The default maximum timeout is 32000 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the maximum timeout between the PBUs when the MAG does not receive the PBAs:
(Cisco Controller) >
config pmipv6 mag binding max-retx-time 50
Cisco Wireless Controller Command Reference, Release 8.4
769
config pmipv6 mag binding maximum config pmipv6 mag binding maximum
To configure the maximum number of binding entries in the Mobile Access Gateway (MAG), use the config
pmipv6 mag binding maximum command.
config pmipv6 mag binding maximum units
Syntax Description
units
Maximum number of binding entries in the MAG. This number indicates the maximum number of users connected to the MAG. The range is from 0 to 40000.
Command Default
The default maximum number of binding entries in the MAG is 10000.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
You must configure a Proxy Mobility IPv6 (PMIPv6) domain before you configure the maximum number of binding entries in the MAG.
Examples
The following example shows how to configure the maximum number of binding entries in the MAG:
(Cisco Controller) >
config pmipv6 mag binding maximum 20000
770
Cisco Wireless Controller Command Reference, Release 8.4
config pmipv6 mag binding refresh-time config pmipv6 mag binding refresh-time
To configure the refresh time of the binding entries in the MAG, use the config pmipv6 mag binding
refresh-time command.
config pmipv6 mag binding refresh-time units
Syntax Description
units
Refresh time of the binding entries in the MAG. The binding refresh time must be a multiple of 4. The range is from 4 to 65535 seconds.
Command Default
The default refresh time of the binding entries in the MAG is 300 seconds.
Usage Guidelines
You must configure a PMIPv6 domain before you configure the refresh time of the binding entries in the
MAG.
Examples
The following example shows how to configure the refresh time of the binding entries in the MAG:
(Cisco Controller) >
config pmipv6 mag binding refresh-time 500
Cisco Wireless Controller Command Reference, Release 8.4
771
config pmipv6 mag bri delay config pmipv6 mag bri delay
To configure the maximum or minimum amount of time that the MAG waits before retransmitting a Binding
Revocation Indication (BRI) message, use the config pmipv6 mag bri delay command.
config pmipv6 mag bri delay {min | max} time
Syntax Description min max
time
Specifies the minimum amount of time that the MAG waits before retransmitting a
BRI message.
Specifies the maximum amount of time that the MAG waits before retransmitting a
BRI message.
Maximum or minimum amount of time that the Cisco WLC waits before retransmitting a BRI message. The range is from 500 to 65535 milliseconds.
Command Default
The default value of the maximum amount of time that the MAG waits before retransmitting a BRI message is 2 seconds.
The default value of the minimum amount of time that the MAG waits before retransmitting a BRI message is 1 second.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the minimum amount of time that the MAG waits before retransmitting a BRI message:
(Cisco Controller) >
config pmipv6 mag bri delay min 500
772
Cisco Wireless Controller Command Reference, Release 8.4
config pmipv6 mag bri retries config pmipv6 mag bri retries
To configure the maximum number of times that the MAG retransmits the Binding Revocation Indication
(BRI) message before receiving the Binding Revocation Acknowledgment (BRA) message, use the config
pmipv6 mag bri retries command.
config pmipv6 mag bri retries retries
Syntax Description
retries
Maximum number of times that the MAG retransmits the BRI message before receiving the BRA message. The range is from 1 to 10 retries.
Command Default
The default is 1 retry.
Examples
The following example shows how to configure the maximum number of times that the MAG retries:
(Cisco Controller) >
config pmipv6 mag bri retries 5
Cisco Wireless Controller Command Reference, Release 8.4
773
config pmipv6 mag lma config pmipv6 mag lma
To configure a local mobility anchor (LMA) with the mobile access gateway (MAG), use the config pmipv6
mag lma command.
config pmipv6 mag lma lma_name ipv4-address address
Syntax Description
lma_name
ipv4-address
address
Name of the LMA. The LMA name can be a NAI or a string that uniquely identifies the LMA.
Specifies the IP address of the LMA.
IP address of the LMA.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
This command is a prerequisite to configure PMIPv6 parameters on the MAG.
Examples
The following example shows how to configure an LMA with the MAG:
(Cisco Controller) >
config pmipv6 mag lma vodafonelma ipv4-address 209.165.200.254
774
Cisco Wireless Controller Command Reference, Release 8.4
config pmipv6 mag replay-protection config pmipv6 mag replay-protection
To configure the maximum amount of time difference between the timestamp in the received proxy binding acknowledgment (PBA) and the current time of the day for replay protection, use the config pmipv6 mag
replay-protection command.
config pmipv6 mag replay-protection { timestamp window time | sequence-no sequence |
mobile-node-timestamp mobile_node_timestamp }
Syntax Description timestamp window
time
sequence-no
sequence
mobile_node_timestamp
mobile_node_timestamp
Specifies the time stamp of the PBA message.
Specifies the maximum time difference between the time stamp in the received PBA message and the current time of day.
Maximum time difference between the time stamp in the received
PBA message and the current time of day. The range is from 1 to
300 milliseconds.
(Optional) Specifies the sequence number in a Proxy Binding
Update message.
(Optional) Sequence number in the Proxy Binding Update message.
(Optional) Specifies the time stamp of the mobile node.
(Optional) Time stamp of the mobile node.
Command Default
The default maximum time difference is 300 milliseconds.
Usage Guidelines
Only the timestamp option is supported.
Examples
The following example shows how to configure the maximum amount of time difference in milliseconds between the time stamp in the received PBA message and the current time of day:
(Cisco Controller) >
config pmipv6 mag replay-protection timestamp window 200
Cisco Wireless Controller Command Reference, Release 8.4
775
config port power config port power
To enable or disable Power over Ethernet (PoE) for a specific controller port or for all ports, use the config
port power command.
config port power {all | port} {enable | disable}
Syntax Description all
port
enable disable
Configures all ports.
Port number.
Enables the specified ports.
Disables the specified ports.
Command Default
Enabled
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable PoE on all ports:
(Cisco Controller) >
config port power all enable
The following example shows how to disable PoE on port 8:
(Cisco Controller) >
config port power 8 disable
776
Cisco Wireless Controller Command Reference, Release 8.4
config policy action opendns-profile-name config policy action opendns-profile-name
To configure an OpenDNS action to a policy, use the config policy action opendns-profile-name command.
config policy policy-name action opendns-profile-name{enable | disable}
Syntax Description
policy-name
enable disable
Policy name, for example, iPad, iPhone, smartphone.
Enables the action.
Disables the action.
Command Modes
(Controller Configuration) >
Command History
Release
8.4
Modification
This command was introduced.
Usage Guidelines
None
Examples
The following example shows how to configure an OpenDNS action to a policy:
(Cisco Controller) > config policy ipad action opendns-profile-name enable
Cisco Wireless Controller Command Reference, Release 8.4
777
config network rf-network-name config network rf-network-name
To set the RF-Network name, use the config network rf-network-name command.
config network rf-network-name name
Syntax Description
name
RF-Network name. The name can contain up to 19 characters.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set the RF-network name to travelers:
(Cisco Controller) >
config network rf-network-name travelers
Related Commands show network summary
778
Cisco Wireless Controller Command Reference, Release 8.4
config network secureweb config network secureweb
To change the state of the secure web (https is http and SSL) interface for management users, use the config
network secureweb command.
config network secureweb {enable | disable}
Syntax Description enable disable
Enables the secure web interface for management users.
Disables the secure web interface for management users.
Command Default
The secure web interface for management users is enabled by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This command allows management users to access the controller GUI using an http://ip-address. Web mode is not a secure connection.
Examples
The following example shows how to enable the secure web interface settings for management users:
(Cisco Controller) >
config network secureweb enable
You must reboot for the change to take effect.
Related Commands config network secureweb cipher-option show network summary
Cisco Wireless Controller Command Reference, Release 8.4
779
config network secureweb cipher-option config network secureweb cipher-option
To enable or disable secure web mode with increased security, or to enable or disable Secure Sockets Layer
(SSL v2) for web administration and web authentication, use the config network secureweb cipher-option command.
config network secureweb cipher-option {high | sslv2 | rc4-preference} {enable | disable}
Syntax Description high sslv2 rc4-preference enable disable
Configures whether or not 128-bit ciphers are required for web administration and web authentication.
Configures SSLv2 for both web administration and web authentication.
Configures preference for RC4-SHA (Rivest Cipher 4-Secure Hash
Algorithm) cipher suites (over CBC cipher suites) for web authentication and web administration.
Enables the secure web interface.
Disables the secure web interface.
Command Default
The default is disable for secure web mode with increased security and enable for SSL v2.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Note
The config network secureweb cipher-option command allows users to access the controller GUI using an http://ip-address but only from browsers that support 128-bit (or larger) ciphers.
When cipher-option sslv2 is disabled, users cannot connect using a browser configured with SSLv2 only.
They must use a browser that is configured to use a more secure protocol such as SSLv3 or later.
In RC4-SHA based cipher suites, RC4 is used for encryption and SHA is used for message authentication.
Examples
The following example shows how to enable secure web mode with increased security:
(Cisco Controller) >
config network secureweb cipher-option
780
Cisco Wireless Controller Command Reference, Release 8.4
config network secureweb cipher-option
The following example shows how to disable SSL v2:
(Cisco Controller) >
config network secureweb cipher-option sslv2 disable
Related Commands config network secureweb show network summary
Cisco Wireless Controller Command Reference, Release 8.4
781
config network ssh config network ssh
To allow or disallow new Secure Shell (SSH) sessions, use the config network ssh command.
config network ssh {enable | disable}
Syntax Description enable disable
Allows the new SSH sessions.
Disallows the new SSH sessions.
Command Default
The default value for the new SSH session is disable.
Examples
The following example shows how to enable the new SSH session:
(Cisco Controller) >
config network ssh enable
Related Commands show network summary
782
Cisco Wireless Controller Command Reference, Release 8.4
config network telnet config network telnet
To allow or disallow new Telnet sessions, use the config network telnet command.
config network telnet {enable | disable}
Syntax Description enable disable
Allows new Telnet sessions.
Disallows new Telnet sessions.
Command Default
By default, the new Telnet session is disallowed and the value is disable.
Usage Guidelines
Telnet is not supported on Cisco Aironet 1830 and 1850 Series Access Points.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the new Telnet sessions:
(Cisco Controller) >
config network telnet enable
Related Commands config ap telnet show network summary
Cisco Wireless Controller Command Reference, Release 8.4
783
config network usertimeout config network usertimeout
To change the timeout for idle client sessions, use the config network usertimeout command.
config network usertimeout seconds
Syntax Description
seconds
Timeout duration in seconds. The minimum value is 90 seconds. The default value is 300 seconds.
Command Default
The default timeout value for idle client session is 300 seconds.
Usage Guidelines
Use this command to set the idle client session duration on the Cisco wireless LAN controller. The minimum duration is 90 seconds.
Examples
The following example shows how to configure the idle session timeout to 1200 seconds:
(Cisco Controller) >
config network usertimeout 1200
Related Commands show network summary
784
Cisco Wireless Controller Command Reference, Release 8.4
config network web-auth captive-bypass config network web-auth captive-bypass
To configure the controller to support bypass of captive portals at the network level, use the config network
web-auth captive-bypass command.
config network web-auth captive-bypass {enable | disable}
Syntax Description enable disable
Allows the controller to support bypass of captive portals.
Disallows the controller to support bypass of captive portals.
Command Default
None
Examples
The following example shows how to configure the controller to support bypass of captive portals:
(Cisco Controller) >
config network web-auth captive-bypass enable
Related Commands show network summary config network web-auth cmcc-support
Cisco Wireless Controller Command Reference, Release 8.4
785
config network web-auth cmcc-support config network web-auth cmcc-support
To configure eWalk on the controller, use the config network web-auth cmcc-support command.
config network web-auth cmcc-support {enable | disable}
Syntax Description enable disable
Enables eWalk on the controller.
Disables eWalk on the controller.
Command Default
None
Examples
The following example shows how to enable eWalk on the controller:
(Cisco Controller) >
config network web-auth cmcc-support enable
Related Commands show network summary config network web-auth captive-bypass
786
Cisco Wireless Controller Command Reference, Release 8.4
config network web-auth port config network web-auth port
To configure an additional port to be redirected for web authentication at the network level, use the config
network web-auth port command.
config network web-auth port port
Syntax Description
port
Port number. The valid range is from 0 to 65535.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure an additional port number 1200 to be redirected for web authentication:
(Cisco Controller) >
config network web-auth port 1200
Related Commands show network summary
Cisco Wireless Controller Command Reference, Release 8.4
787
config network web-auth proxy-redirect config network web-auth proxy-redirect
To configure proxy redirect support for web authentication clients, use the config network web-auth
proxy-redirect command.
config network web-auth proxy-redirect {enable | disable}
Syntax Description enable disable
Allows proxy redirect support for web authentication clients.
Disallows proxy redirect support for web authentication clients.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable proxy redirect support for web authentication clients:
(Cisco Controller) >
config network web-auth proxy-redirect enable
Related Commands show network summary
788
Cisco Wireless Controller Command Reference, Release 8.4
config network web-auth secureweb config network web-auth secureweb
To configure the secure web (https) authentication for clients, use the config network web-auth secureweb command.
config network web-auth secureweb {enable | disable}
Syntax Description enable disable
Allows secure web (https) authentication for clients.
Disallows secure web (https) authentication for clients.
Enables http web authentication for clients.
Command Default
The default secure web (https) authentication for clients is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If you configure the secure web (https) authentication for clients using the config network web-auth secureweb
disable command, then you must reboot the Cisco WLC to implement the change.
Examples
The following example shows how to enable the secure web (https) authentication for clients:
(Cisco Controller) >
config network web-auth secureweb enable
Related Commands show network summary
Cisco Wireless Controller Command Reference, Release 8.4
789
config network web-auth https-redirect config network web-auth https-redirect
To configure https redirect support for web authentication clients, use the config network web-auth
https-redirect command.
config network web-auth https-redirect {enable | disable}
Syntax Description enable disable
Enables the secure redirection(https) for web-authentication clients.
Disables the secure redirection(https) for web-authentication clients.
Command Default
This command is by default disabled.
Command History
Release
8.0
Modification
This command was introduced in Release 8.0
Examples
The following example shows how to enable proxy redirect support for web authentication clients:
(Cisco Controller) >
config network web-auth https-redirect enable
Related Commands show network summary
790
Cisco Wireless Controller Command Reference, Release 8.4
config network webmode config network webmode
To enable or disable the web mode, use the config network webmode command.
config network webmode {enable | disable}
Syntax Description enable disable
Enables the web interface.
Disables the web interface.
Command Default
The default value for the web mode is enable.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to disable the web interface mode:
(Cisco Controller) >
config network webmode disable
Related Commands show network summary
Cisco Wireless Controller Command Reference, Release 8.4
791
config network web-auth config network web-auth
To configure the network-level web authentication options, use the config network web-auth command.
config network web-auth {port port-number} | {proxy-redirect {enable | disable}}
Syntax Description port
port-number
proxy-redirect enable disable
Configures additional ports for web authentication redirection.
Port number (between 0 and 65535).
Configures proxy redirect support for web authentication clients.
Enables proxy redirect support for web authentication clients.
Note
Web-auth proxy redirection will be enabled for ports 80, 8080, and 3128, along with user defined port 345.
Disables proxy redirect support for web authentication clients.
Command Default
The default network-level web authentication value is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
You must reset the system for the configuration to take effect.
Examples
The following example shows how to enable proxy redirect support for web authentication clients:
(Cisco Controller) >
config network web-auth proxy-redirect enable
Related Commands show network summary show run-config config qos protocol-type
792
Cisco Wireless Controller Command Reference, Release 8.4
config network zero-config config network zero-config
To configure bridge access point ZeroConfig support, use the config network zero-config command.
config network zero-config {enable | disable}
Syntax Description enable disable
Enables the bridge access point ZeroConfig support.
Disables the bridge access point ZeroConfig support.
Command Default
The bridge access point ZeroConfig support is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the bridge access point ZeroConfig support:
(Cisco Controller) >
config network zero-config enable
Cisco Wireless Controller Command Reference, Release 8.4
793
config network allow-old-bridge-aps config network allow-old-bridge-aps
To configure an old bridge access point’s ability to associate with a switch, use the config network
allow-old-bridge-aps command.
config network allow-old-bridge-aps {enable | disable}
Syntax Description enable disable
Enables the switch association.
Disables the switch association.
Command Default
Switch association is enabled.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure an old bridge access point to associate with the switch:
(Cisco Controller) >
config network allow-old-bridge-aps enable
794
Cisco Wireless Controller Command Reference, Release 8.4
config network ap-discovery config network ap-discovery
To enable or disable NAT IP in an AP discovery response, use the config network ap-discovery command.
config network ap-discovery nat-ip-only {enable | disable}
Syntax Description enable disable
Enables use of NAT IP only in discovery response.
Enables use of both NAT IP and non NAT IP in discovery response.
Command Default
The use of NAT IP only in discovery response is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If the config interface nat-address management command is set, this command controls which address(es) are sent in the CAPWAP discovery responses.
If all APs are on the outside of the NAT gateway of the controller, enter the config network ap-discovery
nat-ip-only enable command, and only the management NAT address is sent.
If the controller has both APs on the outside and the inside of its NAT gateway, enter the config network
ap-discovery nat-ip-only disable command, and both the management NAT address and the management inside address are sent. Ensure that you have entered the config ap link-latency disable all command to avoid stranding APs.
Examples
The following example shows how to enable NAT IP in an AP discovery response:
(Cisco Controller) >
config network ap-discovery nat-ip-only enable
Cisco Wireless Controller Command Reference, Release 8.4
795
config network ap-fallback config network ap-fallback
To configure Cisco lightweight access point fallback, use the config network ap-fallback command.
config network ap-fallback {enable | disable}
Syntax Description enable disable
Enables the Cisco lightweight access point fallback.
Disables the Cisco lightweight access point fallback.
Command Default
The Cisco lightweight access point fallback is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the Cisco lightweight access point fallback:
(Cisco Controller) >
config network ap-fallback enable
796
Cisco Wireless Controller Command Reference, Release 8.4
config network ap-priority config network ap-priority
To enable or disable the option to prioritize lightweight access points so that after a controller failure they reauthenticate by priority rather than on a first-come-until-full basis, use the config network ap-priority command.
config network ap-priority {enable | disable}
Syntax Description enable disable
Enables the lightweight access point priority reauthentication.
Disables the lightweight access point priority reauthentication.
Command Default
The lightweight access point priority reauthentication is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the lightweight access point priority reauthorization:
(Cisco Controller) >
config network ap-priority enable
Cisco Wireless Controller Command Reference, Release 8.4
797
config network apple-talk config network apple-talk
To configure AppleTalk bridging, use the config network apple-talk command.
config network apple-talk {enable | disable}
Syntax Description enable disable
Enables the AppleTalk bridging.
Disables the AppleTalk bridging.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure AppleTalk bridging:
(Cisco Controller) >
config network apple-talk enable
798
Cisco Wireless Controller Command Reference, Release 8.4
config network bridging-shared-secret config network bridging-shared-secret
To configure the bridging shared secret, use the config network bridging-shared-secret command.
config network bridging-shared-secret shared_secret
Syntax Description
shared_secret
Bridging shared secret string. The string can contain up to 10 bytes.
Command Default
The bridging shared secret is enabled by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This command creates a secret that encrypts backhaul user data for the mesh access points that connect to the switch.
The zero-touch configuration must be enabled for this command to work.
Examples
The following example shows how to configure the bridging shared secret string “shhh1”:
(Cisco Controller) >
config network bridging-shared-secret shhh1
Related Commands show network summary
Cisco Wireless Controller Command Reference, Release 8.4
799
config network master-base config network master-base
To enable or disable the Cisco wireless LAN controller as an access point default master, use the config
network master-base command.
config network master-base {enable | disable}
Syntax Description enable disable
Enables the Cisco wireless LAN controller acting as a Cisco lightweight access point default master.
Disables the Cisco wireless LAN controller acting as a Cisco lightweight access point default master.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This setting is only used upon network installation and should be disabled after the initial network configuration.
Because the Master Cisco wireless LAN controller is normally not used in a deployed network, the Master
Cisco wireless LAN controller setting can be saved from 6.0.199.0 or later releases.
Examples
The following example shows how to enable the Cisco wireless LAN controller as a default master:
(Cisco Controller) >
config network master-base enable
800
Cisco Wireless Controller Command Reference, Release 8.4
config network oeap-600 dual-rlan-ports config network oeap-600 dual-rlan-ports
To configure the Ethernet port 3 of Cisco OfficeExtend 600 Series access points to operate as a remote LAN port in addition to port 4, use the config network oeap-600 dual-rlan-ports command.
config network oeap-600 dual-rlan-ports {enable | disable}
Syntax Description enable disable
Enables Ethernet port 3 of Cisco OfficeExtend 600 Series access points to operate as a remote LAN port in addition to port 4.
Resets the Ethernet port 3 Cisco OfficeExtend 600 Series access points to function as a local LAN port.
Command Default
The Ethernet port 3 Cisco 600 Series OEAP is reset.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the Ethernet port 3 of Cisco OfficeExtend 600 Series access points to operate as a remote LAN port:
(Cisco Controller) >
config network oeap-600 dual-rlan-ports enable
Cisco Wireless Controller Command Reference, Release 8.4
801
config network oeap-600 local-network config network oeap-600 local-network
To configure access to the local network for the Cisco 600 Series OfficeExtend access points, use the config
network oeap-600 local-network command.
config network oeap-600 local-network {enable | disable}
Syntax Description enable disable
Enables access to the local network for the Cisco 600 Series OfficeExtend access points.
Disables access to the local network for the Cisco 600 Series OfficeExtend access points.
Command Default
Access to the local network for the Cisco 600 Series OEAPs is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable access to the local network for the Cisco 600 Series OfficeExtend access points:
(Cisco Controller) >
config network oeap-600 local-network enable
802
Cisco Wireless Controller Command Reference, Release 8.4
config network otap-mode config network otap-mode
To enable or disable over-the-air provisioning (OTAP) of Cisco lightweight access points, use the config
network otap-mode command.
config network otap-mode {enable | disable}
Syntax Description enable disable
Enables the OTAP provisioning.
Disables the OTAP provisioning.
Command Default
The OTAP provisioning is enabled.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to disable the OTAP provisioning:
(Cisco Controller) >
config network otap-mode disable
Cisco Wireless Controller Command Reference, Release 8.4
803
config network zero-config config network zero-config
To configure bridge access point ZeroConfig support, use the config network zero-config command.
config network zero-config {enable | disable}
Syntax Description enable disable
Enables the bridge access point ZeroConfig support.
Disables the bridge access point ZeroConfig support.
Command Default
The bridge access point ZeroConfig support is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the bridge access point ZeroConfig support:
(Cisco Controller) >
config network zero-config enable
804
Cisco Wireless Controller Command Reference, Release 8.4
config nmsp notify-interval measurement config nmsp notify-interval measurement
To modify the Network Mobility Services Protocol (NMSP) notification interval value on the controller to address latency in the network, use the config nmsp notify-interval measurement command.
config nmsp notify-interval measurement {client | rfid | rogue} interval
Syntax Description client rfid rogue
interval
Modifies the interval for clients.
Modifies the interval for active radio frequency identification (RFID) tags.
Modifies the interval for rogue access points and rogue clients.
Time interval. The range is from 1 to 30 seconds.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The TCP port (16113) that the controller and location appliance communicate over must be open (not blocked) on any firewall that exists between the controller and the location appliance for NMSP to function.
Examples
The following example shows how to modify the NMSP notification interval for the active RFID tags to 25 seconds:
(Cisco Controller) >
config nmsp notify-interval measurement rfid 25
Related Commands clear locp statistics clear nmsp statistics show nmsp notify-interval summary show nmsp statistics show nmsp status
Cisco Wireless Controller Command Reference, Release 8.4
805
config paging config paging
To enable or disable scrolling of the page, use the config paging command.
config paging {enable | disable}
Syntax Description enable disable
Enables the scrolling of the page.
Disables the scrolling of the page.
Command Default
By default, scrolling of the page is enabled.
Usage Guidelines
Commands that produce a huge number of lines of output with the scrolling of the page disabled might result in the termination of SSH/Telnet connection or user session on the console.
Examples
The following example shows how to enable scrolling of the page:
(Cisco Controller) >
config paging enable
Related Commands show run-config
806
Cisco Wireless Controller Command Reference, Release 8.4
config passwd-cleartext config passwd-cleartext
To enable or disable temporary display of passwords in plain text, use the config passwd-cleartext command.
config passwd-cleartext {enable | disable}
Syntax Description enable disable
Enables the display of passwords in plain text.
Disables the display of passwords in plain text.
Command Default
By default, temporary display of passwords in plain text is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This command must be enabled if you want to see user-assigned passwords displayed in clear text when using the show run-config command.
To execute this command, you must enter an admin password. This command is valid only for this particular session. It is not saved following a reboot.
Examples
The following example shows how to enable display of passwords in plain text:
(Cisco Controller) >
config passwd-cleartext enable
The way you see your passwds will be changed
You are being warned.
Enter admin password:
Related Commands show run-config
Cisco Wireless Controller Command Reference, Release 8.4
807
config policy config policy
To configure a native profiling policy on the Cisco Wireless LAN Controller (WLC), use the config policy command.
config policypolicy_name {action {acl {enable | disable} acl_name | {average-data-rate |
average-realtime-rate | burst-data-rate | burst-realtime-rate | qos | session-timeout | sleeping-client-timeout
| vlan} {enable | disable}}} | active {add hours start _time end _time days day | delete days day} | create
| delete | match {device-type {add | delete} device-type | eap-type {add | delete} {eap-fast | eap-tls | leap
| peap} | role {role_name | none}}
Syntax Description
policy_name
action acl enable disable
acl_name
average-data-rate average-realtime-rate burst-data-rate burst-realtime-rate qos session-timeout sleeping-client-timeout vlan active add hours
start _time end _time
Name of a profiling policy.
Configures an action for the policy.
Configures an ACL for the policy
Enables an action for the policy.
Disables an action for the policy.
Name of an ACL.
Configures the QoS average data rate.
Configures the QoS average real-time rate.
Configures the QoS burst data rate.
Configures the QoS burst real-time rate.
Configures a QoS action for the policy.
Configures a session timeout action for the policy.
Configures a sleeping client timeout for the policy.
Configures a VLAN action for the policy.
Configures the active hours and days for the policy.
Adds active hours and days.
Configures active hours for the policy.
Start time for the policy.
End time for the policy.
808
Cisco Wireless Controller Command Reference, Release 8.4
config policy days
day
delete create match device-type
device-type
eap-type eap-fast eap-tls leap peap role
role_name
none
Configures the day on the policy must work.
Day of the week, such as mon, tue, wed, thu, fri, sat,
sun. You can also specify daily or weekdays for the policy to occur daily or on all weekdays.
Deletes active hours and days.
Creates a policy.
Configures a match criteria for the policy.
Configures a device type match.
Device type on which the policy must be applied. You can configure up to 16 devices types for a policy.
Configures the Extensible Authentication Protocol (EAP) type as a match criteria.
Configures the EAP type as EAP Flexible Authentication via Secure Tunneling (FAST).
Configures the EAP type as EAP Transport Layer
Security (TLS).
Configures the EAP type as Lightweight EAP (LEAP).
Configures the EAP type as Protected EAP (PEAP).
Configures the user type or user group for the user.
User type or user group of the user, for example, student, employee.
You can configure only one role per policy.
Configures no user type or user group for the user.
Command Default
There is no native profiling policy on the Cisco WLC.
Command History
Release
7.5
Modification
This command was introduced.
Usage Guidelines
The maximum number of policies that you can configure is 64.
Cisco Wireless Controller Command Reference, Release 8.4
809
config policy
Examples
The following example shows how to configure a role for a policy:
(Cisco Controller) >
config policy student_policy role student
810
Cisco Wireless Controller Command Reference, Release 8.4
config port adminmode config port adminmode
To enable or disable the administrative mode for a specific controller port or for all ports, use the config port
adminmode command.
config port adminmode {all | port} {enable | disable}
Syntax Description all
port
enable disable
Configures all ports.
Number of the port.
Enables the specified ports.
Disables the specified ports.
Command Default
Enabled
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to disable port 8:
(Cisco Controller) >
config port adminmode 8 disable
The following example shows how to enable all ports:
(Cisco Controller) >
config port adminmode all enable
Cisco Wireless Controller Command Reference, Release 8.4
811
config port autoneg config port autoneg
To configure 10/100BASE-T Ethernet ports for physical port autonegotiation, use the config port autoneg command.
config port autoneg {all | port} {enable | disable}
Syntax Description all
port
enable disable
Configures all ports.
Number of the port.
Enables the specified ports.
Disables the specified ports.
Command Default
The default for all ports is that auto-negotiation is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
You must disable port auto-configuration before you make physical mode manual settings by using the config
port physicalmode command. The config port autoneg command overrides settings that you made using the config port physicalmode command.
Examples
The following example shows how to turn on physical port autonegotiation for all front-panel Ethernet ports:
(Cisco Controller) >
config port autoneg all enable
The following example shows how to disable physical port autonegotiation for front-panel Ethernet port 19:
(Cisco Controller) >
config port autoneg 19 disable
812
Cisco Wireless Controller Command Reference, Release 8.4
config port linktrap config port linktrap
To enable or disable the up and down link traps for a specific controller port or for all ports, use the config
port linktrap command.
config port linktrap {all | port} {enable | disable}
Syntax Description all
port
enable disable
Configures all ports.
Number of the port.
Enables the specified ports.
Disables the specified ports.
Command Default
The default value for down link traps for a specific controller port or for all ports is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to disable port 8 traps:
(Cisco Controller) >
config port linktrap 8 disable
The following example shows how to enable all port traps:
(Cisco Controller) >
config port linktrap all enable
Cisco Wireless Controller Command Reference, Release 8.4
813
config port multicast appliance config port multicast appliance
To enable or disable the multicast appliance service for a specific controller port or for all ports, use the config
port multicast appliance commands.
config port multicast appliance {all | port} {enable | disable}
Syntax Description all
port
enable disable
Configures all ports.
Number of the port.
Enables the specified ports.
Disables the specified ports.
Command Default
The default multicast appliance service for a specific controller port or for all ports is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable multicast appliance service on all ports:
(Cisco Controller) >
config port multicast appliance all enable
The following example shows how to disable multicast appliance service on port 8:
(Cisco Controller) >
config port multicast appliance 8 disable
814
Cisco Wireless Controller Command Reference, Release 8.4
config prompt config prompt
To change the CLI system prompt, use the config prompt command.
config prompt prompt
Syntax Description
prompt
New CLI system prompt enclosed in double quotes. The prompt can be up to 31 alphanumeric characters and is case sensitive.
Command Default
The system prompt is configured using the startup wizard.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Because the system prompt is a user-defined variable, it is omitted from the rest of this documentation.
Examples
The following example shows how to change the CLI system prompt to Cisco 4400:
(Cisco Controller) >
config prompt
“Cisco 4400”
Cisco Wireless Controller Command Reference, Release 8.4
815
config qos average-data-rate config qos average-data-rate
To define the average data rate in Kbps for TCP traffic per user or per service set identifier (SSID), use the
config qos average-data-rate command.
config qos average-data-rate {bronze | silver | gold | platinum} {per-ssid | per-client} {downstream |
upstream} rate
Syntax Description bronze silver gold platinum per-ssid per-client downstream upstream
rate
Specifies the average data rate for the queue bronze.
Specifies the average data rate for the queue silver.
Specifies the average data rate for the queue gold.
Specifies the average data rate for the queue platinum.
Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
Configures the rate limit for each client associated with the SSID.
Configures the rate limit for downstream traffic.
Configures the rate limit for upstream traffic.
Average data rate for TCP traffic per user. A value between 0 and
51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the average data rate 0 Kbps for the queue gold per SSID:
(Cisco Controller) >
config qos average-data-rate gold per ssid downstream 0
Related Commands config qos burst-data-rate config qos average-realtime-rate
816
Cisco Wireless Controller Command Reference, Release 8.4
config qos burst-realtime-rate config wlan override-rate-limit config qos average-data-rate
Cisco Wireless Controller Command Reference, Release 8.4
817
config qos average-realtime-rate config qos average-realtime-rate
To define the average real-time data rate in Kbps for UDP traffic per user or per service set identifier (SSID), use the config qos average-realtime-rate command.
config qos average-realtime-rate {bronze | silver | gold | platinum} {per-ssid | per-client} {downstream
| upstream} rate
Syntax Description bronze silver gold platinum per-ssid per-client downstream upstream
rate
Specifies the average real-time data rate for the queue bronze.
Specifies the average real-time data rate for the queue silver.
Specifies the average real-time data rate for the queue gold.
Specifies the average real-time data rate for the queue platinum.
Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
Configures the rate limit for each client associated with the SSID.
Configures the rate limit for downstream traffic.
Configures the rate limit for upstream traffic.
Average real-time data rate for UDP traffic per user. A value between 0 and
51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the average real-time actual rate for queue gold:
(Cisco Controller) >
config qos average-realtime-rate gold per ssid downstream 10
Related Commands config qos average-data-rate config qos burst-data-rate
818
Cisco Wireless Controller Command Reference, Release 8.4
config qos burst-realtime-rate config wlan override-rate-limit config qos average-realtime-rate
Cisco Wireless Controller Command Reference, Release 8.4
819
config qos burst-data-rate config qos burst-data-rate
To define the peak data rate in Kbps for TCP traffic per user or per service set identifier (SSID), use the config
qos burst-data-rate command.
config qos burst-data-rate {bronze | silver | gold | platinum} {per-ssid | per-client} {downstream |
upstream} rate
Syntax Description bronze silver gold platinum per-ssid per-client downstream upstream
rate
Specifies the peak data rate for the queue bronze.
Specifies the peak data rate for the queue silver.
Specifies the peak data rate for the queue gold.
Specifies the peak data rate for the queue platinum.
Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
Configures the rate limit for each client associated with the SSID.
Configures the rate limit for downstream traffic.
Configures the rate limit for upstream traffic.
Peak data rate for TCP traffic per user. A value between 0 and
51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the peak rate 30000 Kbps for the queue gold:
(Cisco Controller) >
config qos burst-data-rate gold per ssid downstream 30000
Related Commands config qos average-data-rate config qos average-realtime-rate
820
Cisco Wireless Controller Command Reference, Release 8.4
config qos burst-realtime-rate config wlan override-rate-limit config qos burst-data-rate
Cisco Wireless Controller Command Reference, Release 8.4
821
config qos burst-realtime-rate config qos burst-realtime-rate
To define the burst real-time data rate in Kbps for UDP traffic per user or per service set identifier (SSID), use the config qos burst-realtime-rate command.
config qos burst-realtime-rate {bronze | silver | gold | platinum} { per-ssid | per-client } { downstream
| upstream } rate
Syntax Description bronze silver gold platinum per-ssid per-client downstream upstream
rate
Specifies the burst real-time data rate for the queue bronze.
Specifies the burst real-time data rate for the queue silver.
Specifies the burst real-time data rate for the queue gold.
Specifies the burst real-time data rate for the queue platinum.
Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
Configures the rate limit for each client associated with the SSID.
Configures the rate limit for downstream traffic.
Configures the rate limit for upstream traffic.
Burst real-time data rate for UDP traffic per user. A value between 0 and 51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the burst real-time actual rate 2000 Kbps for the queue gold:
(Cisco Controller) >
config qos burst-realtime-rate gold per ssid downstream 2000
822
Cisco Wireless Controller Command Reference, Release 8.4
Related Commands config qos average-data-rate config qos burst-data-rate config qos average-realtime-rate config wlan override-rate-limit config qos burst-realtime-rate
Cisco Wireless Controller Command Reference, Release 8.4
823
config qos description config qos description
To change the profile description, use the config qos description command.
config qos description {bronze | silver | gold | platinum} description
Syntax Description bronze silver gold platinum
description
Specifies the QoS profile description for the queue bronze.
Specifies the QoS profile description for the queue silver.
Specifies the QoS profile description for the queue gold.
Specifies the QoS profile description for the queue platinum.
QoS profile description.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the QoS profile description “description” for the queue gold:
(Cisco Controller) >
config qos description gold abc
Related Commands show qos average-data-rate config qos burst-data-rate config qos average-realtime-rate config qos burst-realtime-rate config qos max-rf-usage
824
Cisco Wireless Controller Command Reference, Release 8.4
config qos fastlane config qos fastlane
To enable the Fastlane QoS feature on each WLAN, use the config qos fastlane command.
config qos fastlane {enable | disable} wlan-id
Syntax Description enable disable
wlan-id
Enables Fastlane QoS on each WLAN.
Disables Fastlane QoS on each WLAN.
WLAN identifier.
Command Default
Fastlane is not configured.
Command Modes
WLAN configuration
Command History
Release
8.3
Examples
Modification
This command was introduced.
The following example shows how to configure Fastlane QoS on each WLAN:
Controller(config)# config qos fastlane enable 1
Cisco Wireless Controller Command Reference, Release 8.4
825
config qos fastlane disable global config qos fastlane disable global
To disable the Fastlane QoS feature globally, use the config qos fastlane disable global command.
config qos fastlane disable global
Syntax Description
This command has no keywords or arguments.
Command Default
None
Command Modes
Global configuration (config)
Command History
Release
8.3
Modification
This command was introduced.
Usage Guidelines
Fastlane QoS must be disabled on all WLANs before executing this command.
Examples
The following example shows how to disable Fastlane QoS globally for Apple wireless clients:
Controller(config)# config qos fastlane disable global
826
Cisco Wireless Controller Command Reference, Release 8.4
config qos max-rf-usage config qos max-rf-usage
To specify the maximum percentage of RF usage per access point, use the config qos max-rf-usage command.
config qos max-rf-usage {bronze | silver | gold | platinum} usage_percentage
Syntax Description bronze silver gold platinum
usage-percentage
Specifies the maximum percentage of RF usage for the queue bronze.
Specifies the maximum percentage of RF usage for the queue silver.
Specifies the maximum percentage of RF usage for the queue gold.
Specifies the maximum percentage of RF usage for the queue platinum.
Maximum percentage of RF usage.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to specify the maximum percentage of RF usage for the queue gold:
(Cisco Controller) >
config qos max-rf-usage gold 20
Related Commands show qos description config qos average-data-rate config qos burst-data-rate config qos average-realtime-rate config qos burst-realtime-rate
Cisco Wireless Controller Command Reference, Release 8.4
827
config qos dot1p-tag config qos dot1p-tag
To define the maximum value (0 to 7) for the priority tag associated with packets that fall within the profile, use the config qos dot1p-tag command.
config qos dot1p-tag {bronze | silver | gold | platinum} dot1p_tag
Syntax Description bronze silver gold platinum
dot1p_tag
Specifies the QoS 802.1p tag for the queue bronze.
Specifies the QoS 802.1p tag for the queue silver.
Specifies the QoS 802.1p tag for the queue gold.
Specifies the QoS 802.1p tag for the queue platinum.
Dot1p tag value between 1 and 7.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the a QoS 802.1p tag for the queue gold with the dot1p tag value of 5:
(Cisco Controller) >
config qos dot1p-tag gold 5
Related Commands show qos queue_length all config qos protocol-type
828
Cisco Wireless Controller Command Reference, Release 8.4
config qos priority config qos priority
To define the maximum and default QoS levels for unicast and multicast traffic when you assign a QoS profile to a WLAN, use the config qos priority command.
config qos priority {bronze | silver | gold | platinum} {maximum-priority | default-unicast-priority |
default-multicast-priority}
Syntax Description bronze silver gold platinum
maximum-priority default-unicast-priority default-multicast-priority
Specifies a Bronze profile of the WLAN.
Specifies a Silver profile of the WLAN.
Specifies a Gold profile of the WLAN.
Specifies a Platinum profile of the WLAN.
Maximum QoS priority as one of the following:
• besteffort
• background
• video
• voice
Default unicast priority as one of the following:
• besteffort
• background
• video
• voice
Default multicast priority as one of the following:
• besteffort
• background
• video
• voice
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
829
config qos priority
Usage Guidelines
The maximum priority level should not be lower than the default unicast and multicast priority levels.
Examples
The following example shows how to configure the QoS priority for a gold profile of the WLAN with voice as the maximum priority, video as the default unicast priority, and besteffort as the default multicast priority.
(Cisco Controller) >
config qos priority gold voice video besteffort
Related Commands config qos protocol-type
830
Cisco Wireless Controller Command Reference, Release 8.4
config qos protocol-type config qos protocol-type
To define the maximum value (0 to 7) for the priority tag associated with packets that fall within the profile, use the config qos protocol-type command.
config qos protocol-type {bronze | silver | gold | platinum} {none | dot1p}
Syntax Description bronze silver gold platinum none
dot1p
Specifies the QoS 802.1p tag for the queue bronze.
Specifies the QoS 802.1p tag for the queue silver.
Specifies the QoS 802.1p tag for the queue gold.
Specifies the QoS 802.1p tag for the queue platinum.
Specifies when no specific protocol is assigned.
Specifies when dot1p type protocol is assigned.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the QoS protocol type silver:
(Cisco Controller) >
config qos protocol-type silver dot1p
Related Commands show qos queue_length all config qos dot1p-tag
Cisco Wireless Controller Command Reference, Release 8.4
831
config qos queue_length config qos queue_length
To specify the maximum number of packets that access points keep in their queues, use the config qos
queue_length command.
config qos queue_length {bronze | silver | gold | platinum} queue_length
Syntax Description bronze silver gold platinum
queue_length
Specifies the QoS length for the queue bronze.
Specifies the QoS length for the queue silver.
Specifies the QoS length for the queue gold.
Specifies the QoS length for the queue platinum.
Maximum queue length values (10 to 255).
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the QoS length for the queue “gold” with the maximum queue length value as 12:
(Cisco Controller) >
config qos queue_length gold 12
Related Commands show qos
832
Cisco Wireless Controller Command Reference, Release 8.4
config qos qosmap config qos qosmap
To configure QoS map, use the config qos qosmap command.
config qos qosmap {enable | disable | default }
Syntax Description enable disable default
Enables the QoS map feature.
Disables the QoS map feature.
Resets to default QoS map.
This resets the QoS map values to 255 (default), and also adds DSCP UP exceptions if not present previously. To clear the DSCP UP values, enter the config qos qosmap clear-all command.
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to enable the QoS map.
(Cisco Controller) >
config qos qosmap enable
Cisco Wireless Controller Command Reference, Release 8.4
833
config qos qosmap up-to-dscp-map config qos qosmap up-to-dscp-map
To configure the DSCP range for UP, use the config qos qosmap command.
config qos qosmap up-to-dscp-map {up dscp-default dscp-start dscp-end}
Syntax Description
up-to-dscp-map
up dscp-default dscp-start dscp-end
Sets the DSCP range for UP
Wireless UP value
Default DSCP value for this UP
The DSCP start range. Range is between 0-63
The DSCP stop range. Range is 0-63
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to set the DSCP range for UP.
(Cisco Controller) >
config qos qosmap up-to-dscp-map 2 3 5 20
834
Cisco Wireless Controller Command Reference, Release 8.4
config qos qosmap dscp-to-up-exception config qos qosmap dscp-to-up-exception
To configure the DSCP exception, use the config qos qosmap command.
config qos qosmap dscp-to-up-exception {dscp up }
Syntax Description
dscp-to-up-exception
dscp up
Allows to configure DSCP exception.
Exception DSCP value for the UP value
Links to the Wireless User Priority (UP) value
Examples
The following example shows how to configure the DSCP exception:
(Cisco Controller) >
config qos qosmap dscp-to-up-exception 3 1
Cisco Wireless Controller Command Reference, Release 8.4
835
config qos qosmap delete-dscp-exception config qos qosmap delete-dscp-exception
To delete a dscp exception, use the config qos qosmap command.
config qos qosmap delete-dscp-exception dscp
Syntax Description
delete-dscp-exception
dscp
Deletes exception for DSCP
DSCP exception for the UP
Command History
Release
8.1
Examples
Modification
This command was introduced.
The following example shows how to delete a exception for DSCP.
(Cisco Controller) >
config qos qosmap delete-dscp-exception 23
836
Cisco Wireless Controller Command Reference, Release 8.4
config qos qosmap clear-all config qos qosmap clear-all
To delete all the exceptions from the QoS map, use the config qos qosmap command.
config qos qosmap clear-all
Syntax Description clear-all
Deletes all the exceptions
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to clear all the exceptions from the QoS map.
(Cisco Controller) >
config qos qosmap clear-all
Cisco Wireless Controller Command Reference, Release 8.4
837
config qos qosmap trust dscp upstream config qos qosmap trust dscp upstream
To mark the upstream packets using the client dscp, use the config qos qosmap command.
config qos qosmap trust-dscp-upstream {enable | disable }
Syntax Description trust-dscp-upstream enable disable
Based on the client's DSCP the upstream packets are marked
Enables the upstream packet marking using the client dscp.
Disables the upstream packet marking using the client dscp.
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to enable client dscp based packet marking.
(Cisco Controller) >
config qos qosmap trust-dscp-upstream enable
838
Cisco Wireless Controller Command Reference, Release 8.4
Config Commands: r to z
•
•
config radius acct ipsec authentication, page 854
•
config radius acct ipsec disable, page 855
•
config radius acct ipsec enable, page 856
•
config radius acct ipsec encryption, page 857
•
config radius acct ipsec ike, page 858
•
config radius acct mac-delimiter, page 859
•
config radius acct network, page 860
•
config radius acct realm, page 861
•
config radius acct retransmit-timeout, page 862
•
•
config radius auth callStationIdType, page 866
•
config radius auth framed-mtu, page 868
•
config radius auth IPsec authentication, page 869
•
config radius auth ipsec disable, page 870
•
config radius auth ipsec encryption, page 871
•
config radius auth ipsec ike, page 872
•
config radius auth keywrap, page 874
•
config radius auth mac-delimiter, page 875
•
config radius auth management, page 876
•
config radius auth mgmt-retransmit-timeout, page 877
•
config radius auth network, page 878
•
config radius auth realm, page 879
•
config radius auth retransmit-timeout, page 880
Cisco Wireless Controller Command Reference, Release 8.4
839
•
config radius auth rfc3576, page 881
•
config radius auth retransmit-timeout, page 882
•
config radius aggressive-failover disabled, page 883
•
config radius backward compatibility, page 884
•
config radius callStationIdCase, page 885
•
config radius callStationIdType, page 886
•
•
config radius fallback-test, page 890
•
config radius ext-source-ports, page 892
•
config radius acct retransmit-timeout, page 893
•
config radius auth mgmt-retransmit-timeout, page 894
•
config radius auth retransmit-timeout, page 895
•
config radius auth retransmit-timeout, page 896
•
config redundancy interface address peer-service-port, page 897
•
config redundancy mobilitymac, page 898
•
config redundancy mode, page 899
•
config redundancy peer-route, page 900
•
config redundancy timer keep-alive-timer, page 901
•
config redundancy timer peer-search-timer, page 902
•
config redundancy unit, page 903
•
•
config remote-lan aaa-override, page 905
•
config remote-lan acl, page 906
•
config remote-lan apgroup, page 907
•
config remote-lan create, page 908
•
config remote-lan custom-web, page 909
•
config remote-lan delete, page 911
•
config remote-lan dhcp_server, page 912
•
config remote-lan exclusionlist, page 913
•
config remote-lan host-mode, page 914
•
config remote-lan interface, page 915
•
config remote-lan ldap, page 916
•
config remote-lan mac-filtering, page 917
840
Cisco Wireless Controller Command Reference, Release 8.4
•
config remote-lan mab, page 918
•
config remote-lan max-associated-clients, page 919
•
config remote-lan pre-auth, page 920
•
config remote-lan radius_server, page 921
•
config remote-lan security, page 923
•
config remote-lan session-timeout, page 924
•
config remote-lan violation-mode, page 925
•
config remote-lan webauth-exclude, page 926
•
config rf-profile band-select, page 927
•
config rf-profile client-trap-threshold, page 929
•
config rf-profile create, page 930
•
config rf-profile fra client-aware, page 931
•
config rf-profile data-rates, page 932
•
config rf-profile delete, page 933
•
config rf-profile description, page 934
•
config rf-profile load-balancing, page 935
•
config rf-profile max-clients, page 936
•
config rf-profile multicast data-rate, page 937
•
config rf-profile out-of-box, page 938
•
config rf-profile rx-sop threshold , page 939
•
config rf-profile tx-power-control-thresh-v1, page 940
•
config rf-profile tx-power-control-thresh-v2, page 941
•
config rf-profile tx-power-max, page 942
•
config rf-profile tx-power-min, page 943
•
config rogue ap timeout, page 944
•
•
config rogue ap classify, page 949
•
config rogue ap friendly, page 951
•
config rogue ap rldp, page 953
•
config rogue ap ssid, page 955
•
config rogue ap timeout, page 957
•
config rogue auto-contain level, page 959
•
config rogue ap valid-client, page 961
Cisco Wireless Controller Command Reference, Release 8.4
841
•
•
config rogue containment, page 965
•
config rogue detection, page 966
•
config rogue detection client-threshold, page 968
•
config rogue detection min-rssi, page 969
•
config rogue detection monitor-ap, page 970
•
config rogue detection report-interval, page 972
•
config rogue detection security-level, page 973
•
config rogue detection transient-rogue-interval, page 974
•
•
config rogue rule condition ap, page 979
•
config remote-lan session-timeout, page 981
•
config rfid auto-timeout, page 982
•
•
•
config rogue ap timeout, page 985
•
•
•
config serial baudrate, page 989
•
config serial timeout, page 990
•
config service timestamps, page 991
•
config sessions maxsessions, page 992
•
config sessions timeout, page 993
•
•
config switchconfig boot-break, page 995
•
config switchconfig fips-prerequisite, page 996
•
config switchconfig ucapl, page 997
•
config switchconfig wlancc, page 998
•
config switchconfig strong-pwd, page 999
•
config switchconfig flowcontrol, page 1002
•
config switchconfig mode, page 1003
•
config switchconfig secret-obfuscation, page 1004
•
842
Cisco Wireless Controller Command Reference, Release 8.4
•
config snmp community accessmode, page 1006
•
config snmp community create, page 1007
•
config snmp community delete, page 1008
•
config snmp community ipaddr, page 1009
•
config snmp community mode, page 1010
•
config snmp engineID, page 1011
•
config snmp syscontact, page 1012
•
config snmp syslocation, page 1013
•
config snmp trapreceiver create, page 1014
•
config snmp trapreceiver delete, page 1015
•
config snmp trapreceiver mode, page 1016
•
config snmp v3user create, page 1017
•
config snmp v3user delete, page 1019
•
config snmp version, page 1020
•
•
•
config tacacs athr mgmt-server-timeout, page 1025
•
•
config tacacs auth mgmt-server-timeout, page 1028
•
•
config tacacs fallback-test interval, page 1031
•
•
•
config time timezone, page 1036
•
config time timezone location, page 1037
•
config trapflags 802.11-Security, page 1040
•
config trapflags aaa, page 1041
•
config trapflags adjchannel-rogueap, page 1042
•
config trapflags ap, page 1044
•
config trapflags authentication, page 1045
•
config trapflags client, page 1046
•
config trapflags client max-warning-threshold, page 1047
•
config trapflags configsave, page 1049
Cisco Wireless Controller Command Reference, Release 8.4
843
•
config trapflags IPsec, page 1050
•
config trapflags linkmode, page 1051
•
config trapflags mesh, page 1052
•
config trapflags multiusers, page 1053
•
config trapflags rfid , page 1054
•
config trapflags rogueap, page 1056
•
config trapflags rrm-params, page 1057
•
config trapflags rrm-profile, page 1058
•
config trapflags stpmode, page 1059
•
config trapflags strong-pwdcheck, page 1060
•
config trapflags wps, page 1061
•
config tunnel eogre heart-beat, page 1062
•
config tunnel eogre gateway, page 1063
•
config tunnel eogre domain, page 1064
•
config tunnel profile, page 1065
•
config tunnel profile_rule, page 1066
•
config tunnel profile_rule-delete, page 1067
•
config tunnel profile eogre-DHCP82, page 1068
•
config tunnel profile eogre-gateway-radius-proxy, page 1069
•
config tunnel profile eogre-gateway-radius-proxy-accounting, page 1070
•
config tunnel profile eogre-DHCP82, page 1071
•
config tunnel profile eogre-DHCP82-circuit-id, page 1072
•
config tunnel profile eogre-DHCP82-delimiter, page 1073
•
config tunnel profile eogre-DHCP82-format, page 1074
•
config tunnel profile eogre-DHCP82-remote-id, page 1075
•
config watchlist add, page 1076
•
config watchlist delete, page 1077
•
config watchlist disable, page 1078
•
config watchlist enable, page 1079
•
•
•
config wlan 7920-support, page 1083
•
config wlan 802.11e, page 1084
844
Cisco Wireless Controller Command Reference, Release 8.4
•
config wlan aaa-override, page 1085
•
•
config wlan apgroup, page 1087
•
config wlan apgroup atf 802.11, page 1094
•
config wlan apgroup atf 802.11 policy, page 1095
•
config wlan apgroup opendns-profile , page 1096
•
config wlan apgroup qinq, page 1097
•
config wlan assisted-roaming, page 1099
•
•
•
config wlan band-select allow, page 1102
•
config wlan broadcast-ssid, page 1103
•
config wlan call-snoop, page 1104
•
•
config wlan ccx aironet-ie, page 1106
•
config wlan channel-scan defer-priority, page 1107
•
config wlan channel-scan defer-time, page 1108
•
config wlan custom-web, page 1109
•
config wlan dhcp_server, page 1111
•
config wlan diag-channel, page 1112
•
•
config wlan exclusionlist, page 1114
•
config wlan fabric , page 1115
•
config wlan flexconnect ap-auth, page 1116
•
config wlan flexconnect central-assoc, page 1117
•
config wlan flexconnect learn-ipaddr, page 1118
•
config wlan flexconnect local-switching, page 1119
•
config wlan flexconnect vlan-central-switching, page 1121
•
•
config wlan hotspot, page 1123
•
config wlan hotspot dot11u, page 1124
•
config wlan hotspot dot11u 3gpp-info, page 1125
•
config wlan hotspot dot11u auth-type, page 1126
Cisco Wireless Controller Command Reference, Release 8.4
845
•
config wlan hotspot dot11u disable, page 1127
•
config wlan hotspot dot11u domain, page 1128
•
config wlan hotspot dot11u enable, page 1129
•
config wlan hotspot dot11u hessid, page 1130
•
config wlan hotspot dot11u ipaddr-type, page 1131
•
config wlan hotspot dot11u nai-realm, page 1132
•
config wlan hotspot dot11u network-type, page 1135
•
config wlan hotspot dot11u roam-oi , page 1136
•
config wlan hotspot hs2, page 1137
•
config wlan hotspot hs2 domain-id, page 1140
•
config wlan hotspot hs2 osu legacy-ssid, page 1141
•
config wlan hotspot hs2 osu sp create, page 1142
•
config wlan hotspot hs2 osu sp delete, page 1143
•
config wlan hotspot hs2 osu sp icon-file add, page 1144
•
config wlan hotspot hs2 osu sp icon-file delete, page 1145
•
config wlan hotspot hs2 osu sp method add, page 1146
•
config wlan hotspot hs2 osu sp method delete, page 1147
•
config wlan hotspot hs2 osu sp nai add, page 1148
•
config wlan hotspot hs2 osu sp nai delete, page 1149
•
config wlan hotspot hs2 osu sp uri add, page 1150
•
config wlan hotspot hs2 osu sp uri delete, page 1151
•
config wlan hotspot hs2 wan-metrics downlink, page 1152
•
config wlan hotspot hs2 wan-metrics link-status, page 1153
•
config wlan hotspot hs2 wan-metrics lmd, page 1154
•
config wlan hotspot hs2 wan-metrics uplink, page 1155
•
config wlan hotspot msap, page 1156
•
config wlan interface, page 1157
•
config wlan ipv6 acl, page 1158
•
config wlan kts-cac, page 1159
•
config wlan layer2 acl, page 1160
•
•
config wlan learn-ipaddr-cswlan, page 1162
•
config wlan load-balance, page 1163
846
Cisco Wireless Controller Command Reference, Release 8.4
•
config wlan lobby-admin-access, page 1164
•
config wlan mac-filtering, page 1165
•
config wlan max-associated-clients, page 1166
•
config wlan max-radio-clients, page 1167
•
•
config wlan media-stream, page 1169
•
•
config wlan mobility anchor, page 1171
•
config wlan mobility foreign-map, page 1172
•
config wlan multicast buffer, page 1173
•
config wlan multicast interface, page 1174
•
config wlan mu-mimo, page 1175
•
•
config wlan override-rate-limit, page 1177
•
config wlan opendns-mode, page 1179
•
config wlan opendns-profile, page 1180
•
config wlan passive-client, page 1181
•
config wlan peer-blocking, page 1182
•
config wlan pmipv6 default-realm, page 1183
•
config wlan pmipv6 mobility-type, page 1184
•
config wlan pmipv6 profile_name, page 1185
•
•
config wlan profiling, page 1187
•
•
•
config wlan radius_server acct, page 1191
•
config wlan radius_server acct interim-update, page 1192
•
config wlan radius_server auth, page 1193
•
config wlan radius_server acct interim-update, page 1194
•
config wlan radius_server overwrite-interface, page 1195
•
config wlan radius_server realm, page 1196
•
config wlan roamed-voice-client re-anchor, page 1197
•
config wlan security 802.1X, page 1198
Cisco Wireless Controller Command Reference, Release 8.4
847
•
config wlan security ckip, page 1200
•
config wlan security cond-web-redir, page 1202
•
config wlan security eap-params, page 1203
•
config wlan security eap-passthru, page 1205
•
config wlan security ft, page 1206
•
config wlan security ft over-the-ds, page 1207
•
config wlan security IPsec disable, page 1208
•
config wlan security IPsec enable, page 1209
•
config wlan security IPsec authentication, page 1210
•
config wlan security IPsec encryption, page 1211
•
config wlan security IPsec config, page 1212
•
config wlan security IPsec ike authentication, page 1213
•
config wlan security IPsec ike dh-group, page 1214
•
config wlan security IPsec ike lifetime, page 1215
•
config wlan security IPsec ike phase1, page 1216
•
config wlan security IPsec ike contivity, page 1217
•
config wlan security wpa akm ft, page 1218
•
config wlan security ft, page 1219
•
config wlan security passthru, page 1220
•
config wlan security pmf , page 1221
•
config wlan security sgt, page 1223
•
config wlan security splash-page-web-redir, page 1224
•
config wlan security static-wep-key authentication, page 1225
•
config wlan security static-wep-key disable, page 1226
•
config wlan security static-wep-key enable, page 1227
•
config wlan security static-wep-key encryption, page 1228
•
config wlan security tkip, page 1229
•
config wlan usertimeout, page 1230
•
config wlan security web-auth, page 1231
•
config wlan security web-auth captive-bypass, page 1233
•
config wlan security web-auth qrscan-des-key, page 1234
•
config wlan security web-passthrough acl, page 1235
•
config wlan security web-passthrough disable, page 1236
848
Cisco Wireless Controller Command Reference, Release 8.4
•
config wlan security web-passthrough email-input, page 1237
•
config wlan security web-passthrough enable, page 1238
•
config wlan security web-passthrough qr-scan, page 1239
•
config wlan security wpa akm 802.1x, page 1240
•
config wlan security wpa akm cckm, page 1241
•
config wlan security wpa akm ft, page 1242
•
config wlan security wpa akm pmf, page 1243
•
config wlan security wpa akm psk, page 1244
•
config wlan security wpa disable, page 1245
•
config wlan security wpa enable, page 1246
•
config wlan security wpa ciphers, page 1247
•
config wlan security wpa gtk-random, page 1248
•
config wlan security wpa osen disable, page 1249
•
config wlan security wpa osen enable, page 1250
•
config wlan security wpa wpa1 disable, page 1251
•
config wlan security wpa wpa1 enable, page 1252
•
config wlan security wpa wpa2 disable, page 1253
•
config wlan security wpa wpa2 enable, page 1254
•
config wlan security wpa wpa2 cache, page 1255
•
config wlan security wpa wpa2 cache sticky, page 1256
•
config wlan security wpa wpa2 ciphers, page 1257
•
config wlan session-timeout, page 1258
•
config wlan sip-cac disassoc-client, page 1260
•
config wlan sip-cac send-486busy, page 1261
•
config wlan static-ip tunneling, page 1262
•
config wlan uapsd compliant client enable, page 1263
•
config wlan uapsd compliant-client disable, page 1264
•
config wlan url-acl, page 1265
•
config wlan user-idle-threshold, page 1266
•
config wlan usertimeout, page 1267
•
config wlan webauth-exclude, page 1268
•
config wlan wifidirect, page 1269
•
Cisco Wireless Controller Command Reference, Release 8.4
849
•
config wps ap-authentication, page 1271
•
config wps auto-immune, page 1272
•
config wps cids-sensor, page 1273
•
config wps client-exclusion, page 1275
•
•
config wps shun-list re-sync, page 1278
•
config wps signature, page 1279
•
config wps signature frequency, page 1281
•
config wps signature interval, page 1282
•
config wps signature mac-frequency, page 1283
•
config wps signature quiet-time, page 1284
•
config wps signature reset, page 1285
850
Cisco Wireless Controller Command Reference, Release 8.4
config radius acct config radius acct
To configure settings for a RADIUS accounting server for the Cisco wireless LAN controller, use the config
radius acct command.
config radius acct{ {add index IP addr port {ascii | hex} secret} | delete index | disable index | enable
index | ipsec {authentication {hmac-md5 index | hmac-sha1 index } | disable index | enable index |
encryption {256-aes | 3des | aes | des} index | ike {auth-mode {pre-shared-key index type shared_secret_key
| certificate index } | dh-group { 2048bit-group-14 | group-1 | group-2 | group-5} index | lifetime seconds
index | phase1 {aggressive | main} index } } | {mac-delimiter {colon | hyphen | none | single-hyphen}}
| {network index {disable | enable}} | {region {group | none | provincial}} | retransmit-timeout index
seconds | realm {add | delete} index realm-string}
Syntax Description add
index
IP addr port
ascii hex
secret
enable disable delete ipsec authentication hmac-md5 hmac-sha1 disable enable
Adds a RADIUS accounting server (IPv4 or IPv6).
RADIUS server index (1 to 17).
RADIUS server IP address (IPv4 or IPv6).
RADIUS server’s UDP port number for the interface protocols.
Specifies the RADIUS server’s secret type: ascii.
Specifies the RADIUS server’s secret type: hex.
RADIUS server’s secret.
Enables a RADIUS accounting server.
Disables a RADIUS accounting server.
Deletes a RADIUS accounting server.
Enables or disables IPSec support for an accounting server.
Note
IPSec is not supported for
IPv6.
Configures IPSec Authentication.
Enables IPSec HMAC-MD5 authentication.
Enables IPSec HMAC-SHA1 authentication.
Disables IPSec support for an accounting server.
Enables IPSec support for an accounting server.
Cisco Wireless Controller Command Reference, Release 8.4
851
config radius acct encryption
256-aes
3des aes des ike auth-mode pre-shared-key certificate dh-group
2048bit-group-14 group-1 group-2 group-5
lifetime seconds
phase1 aggressive main mac-delimiter colon hyphen none single-hyphen
852
Cisco Wireless Controller Command Reference, Release 8.4
Configures IPSec encryption.
Enables IPSec AES-256 encryption.
Enables IPSec 3DES encryption.
Enables IPSec AES-128 encryption.
Enables IPSec DES encryption.
Configures Internet Key Exchange (IKE).
Configures IKE authentication method.
Pre-shared key for authentication.
Certificate used for authentication.
Configures IKE Diffie-Hellman group.
Configures DH group 14 (2048 bits).
Configures DH group 1 (768 bits).
Configures DH group 2 (1024 bits).
Configures DH group 5 (1536 bits).
Configures IKE lifetime in seconds. The range is from
1800 to 57600 seconds and the default is 28800.
Configures IKE phase1 mode.
Enables IKE aggressive mode.
Enables IKE main mode.
Configures MAC delimiter for caller station ID and calling station ID.
Sets the delimiter to colon (For example: xx:xx:xx:xx:xx:xx).
Sets the delimiter to hyphen (For example: xx-xx-xx-xx-xx-xx).
Disables delimiters (For example: xxxxxxxxxx).
Sets the delimiters to single hyphen (For example: xxxxxx-xxxxxx).
config radius acct network group none provincial retransmit-timeout
seconds
realm add delete
Command Default
When adding a RADIUS server, the port number defaults to 1813 and the state is enabled.
Usage Guidelines
IPSec is not supported for IPv6.
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Examples
Configures a default RADIUS server for network users.
Specifies RADIUS server type group.
Specifies RADIUS server type none.
Specifies RADIUS server type provincial.
Changes the default retransmit timeout for the server.
The number of seconds between retransmissions.
Specifies radius acct realm.
Adds radius acct realm.
Deletes radius acct realm.
The following example shows how to configure a priority 1 RADIUS accounting server at 10.10.10.10 using port 1813 with a login password of admin:
(Cisco Controller) >
config radius acct add 1 10.10.10.10 1813 ascii admin
The following example shows how to configure a priority 1 RADIUS accounting server at 2001:9:6:40::623 using port 1813 with a login password of admin:
(Cisco Controller) >
config radius acct add 1 2001:9:6:40::623 1813 ascii admin
Cisco Wireless Controller Command Reference, Release 8.4
853
config radius acct ipsec authentication config radius acct ipsec authentication
To configure IPsec authentication for the Cisco wireless LAN controller, use the config radius acct ipsec
authentication command.
config radius acct ipsec authentication {hmac-md5 | hmac-sha1} index
Syntax Description hmac-md5 hmac-sha1
index
Enables IPsec HMAC-MD5 authentication.
Enables IPsec HMAC-SHA1 authentication.
RADIUS server index.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the IPsec hmac-md5 authentication service on the RADIUS accounting server index 1:
(Cisco Controller) >
config radius acct ipsec authentication hmac-md5 1
Related Commands show radius acct statistics
854
Cisco Wireless Controller Command Reference, Release 8.4
config radius acct ipsec disable config radius acct ipsec disable
To disable IPsec support for an accounting server for the Cisco wireless LAN controller, use the config radius
acct ipsec disable command.
config radius acct ipsec disable index
Syntax Description
index
RADIUS server index.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to disable the IPsec support for RADIUS accounting server index 1:
(Cisco Controller) >
config radius acct ipsec disable 1
Related Commands show radius acct statistics
Cisco Wireless Controller Command Reference, Release 8.4
855
config radius acct ipsec enable config radius acct ipsec enable
To enable IPsec support for an accounting server for the Cisco wireless LAN controller, use the config radius
acct ipsec enable command.
config radius acct ipsec enable index
Syntax Description
index
RADIUS server index.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the IPsec support for RADIUS accounting server index 1:
(Cisco Controller) >
config radius acct ipsec enable 1
Related Commands show radius acct statistics
856
Cisco Wireless Controller Command Reference, Release 8.4
config radius acct ipsec encryption config radius acct ipsec encryption
To configure IPsec encryption for an accounting server for the Cisco wireless LAN controller, use the config
radius acct ipsec encryption command.
config radius acct ipsec encryption {3des | aes | des} index
Syntax Description
256-aes
3des aes des
index
Enables IPSec AES-256 encryption.
Enables IPsec 3DES encryption.
Enables IPsec AES encryption.
Enables IPsec DES encryption.
RADIUS server index value of between 1 and 17.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure the IPsec 3DES encryption for RADIUS server index value
3:
(Cisco Controller) >
config radius acct ipsec encryption 3des 3
Cisco Wireless Controller Command Reference, Release 8.4
857
config radius acct ipsec ike config radius acct ipsec ike
To configure Internet Key Exchange (IKE) for the Cisco WLC, use the config radius acct ipsec ike command.
config radius acct ipsec ike dh-group {group-1 | group-2 | group-5 | group-14} | lifetime seconds | phase1
{aggressive | main}} index
Syntax Description dh-group group-1 group-2 group-5 group-5 lifetime
seconds
phase1 aggressive main
index
Specifies the Dixie-Hellman (DH) group.
Configures the DH Group 1 (768 bits).
Configures the DH Group 2 (1024 bits).
Configures the DH Group 5 (1024 bits).
Configures the DH Group 14 (2048 bits).
Configures the IKE lifetime.
IKE lifetime in seconds.
Configures the IKE phase1 node.
Enables the aggressive mode.
Enables the main mode.
RADIUS server index.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure an IKE lifetime of 23 seconds for RADIUS server index 1:
(Cisco Controller) >
config radius acct ipsec ike lifetime 23 1
Related Commands show radius acct statistics
858
Cisco Wireless Controller Command Reference, Release 8.4
config radius acct mac-delimiter config radius acct mac-delimiter
To specify the delimiter to be used in the MAC addresses that are sent to the RADIUS accounting server, use the config radius acct mac-delimiter command.
config radius acct mac-delimiter {colon | hyphen | single-hyphen | none}
Syntax Description colon hyphen single-hyphen none
Sets the delimiter to a colon (for example, xx:xx:xx:xx:xx:xx).
Sets the delimiter to a hyphen (for example, xx-xx-xx-xx-xx-xx).
Sets the delimiter to a single hyphen (for example, xxxxxx-xxxxxx).
Disables the delimiter (for example, xxxxxxxxxxxx).
Command Default
The default delimiter is a hyphen.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set the delimiter hyphen to be used in the MAC addresses that are sent to the RADIUS accounting server for the network users:
(Cisco Controller) >
config radius acct mac-delimiter hyphen
Related Commands show radius acct statistics
Cisco Wireless Controller Command Reference, Release 8.4
859
config radius acct network config radius acct network
To configure a default RADIUS server for network users, use the config radius acct network command.
config radius acct network index {enable | disable}
Syntax Description
index
enable disable
RADIUS server index.
Enables the server as a network user’s default
RADIUS server.
Disables the server as a network user’s default
RADIUS server.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure a default RADIUS accounting server for the network users with RADIUS server index1:
(Cisco Controller) >
config radius acct network 1 enable
Related Commands show radius acct statistics
860
Cisco Wireless Controller Command Reference, Release 8.4
config radius acct realm config radius acct realm
To configure realm on RADIUS accounting server, use the config radius acct realm command.
config radius acct realm{add | delete} radius_index realm_string
Syntax Description
radius_server
add delete
realm_string
Radius server index. The range is from 1 to 17.
Add realm to RADIUS accounting server.
Delete realm from RADIUS accounting server.
Unique string associated to RADIUS accounting realm.
Command Default
None
Command History
Examples
Release
8.0
Modification
This command was introduced.
The following example shows how add realm to the RADIUS accounting server:
(Cisco Controller) >
config radius acct realm add 3 test
Cisco Wireless Controller Command Reference, Release 8.4
861
config radius acct retransmit-timeout config radius acct retransmit-timeout
To change the default transmission timeout for a RADIUS accounting server for the Cisco wireless LAN controller, use the config radius acct retransmit-timeout command.
config radius acct retransmit-timeout index timeout
Syntax Description
index timeout
RADIUS server index.
Number of seconds (from 2 to 30) between retransmissions.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure retransmission timeout value 5 seconds between the retransmission:
(Cisco Controller) >
config radius acct retransmit-timeout 5
Related Commands show radius acct statistics
862
Cisco Wireless Controller Command Reference, Release 8.4
config radius auth config radius auth
To configure settings for a RADIUS authentication server for the Cisco wireless LAN controller, use the
config radius auth command.
config radius auth {add index IP addr portascii/hexsecret} | | delete index | disable index | enable index |
framed-mtu mtu | { ipsec {authentication {hmac-md5 index | hmac-sha1 index } | disable index | enable
index | encryption {256-aes | 3des | aes | des} index | ike {auth-mode {pre-shared-key index ascii/hex
shared_secret | certificate index } | dh-group { 2048bit-group-14 | group-1 | group-2 | group-5} index |
lifetime seconds index | phase1 {aggressive | main} index } } | { { keywrap{add ascii/hex kek mack index
} | delete index | disable | enable} } | {mac-delimiter {colon | hyphen | none | single-hyphen}} |
{{management index {enable | disable}} | { mgmt-retransmit-timeout index Retransmit Timeout } | {
network index {enable | disable}} | {realm {add | delete} radius-index realm-string} } | {region {group
| none | provincial}} | {retransmit-timeout index Retransmit Timeout} | { rfc3576 {enable | disable} index
}
Syntax Description enable disable delete
index
add
IP addr port ascii/hex secret
callStationIdType framed-mtu ipsec
Enables a RADIUS authentication server.
Disables a RADIUS authentication server.
Deletes a RADIUS authentication server.
RADIUS server index. The controller begins the search with 1. The server index range is from 1 to 17.
Adds a RADIUS authentication server. See the
“Defaults” section.
IP address (IPv4 or IPv6) of the RADIUS server.
RADIUS server’s UDP port number for the interface protocols.
Specifies RADIUS server’s secret type: ascii or hex.
RADIUS server’s secret.
Configures Called Station Id information sent in
RADIUS authentication messages.
Configures the Framed-MTU for all the RADIUS servers. The framed-mtu range is from 64 to 1300 bytes.
Enables or disables IPSEC support for an authentication server.
Note
IPSec is not supported for
IPv6.
Cisco Wireless Controller Command Reference, Release 8.4
863
config radius auth keywrap
ascii/hex kek mack
mac-delimiter management mgmt-retransmit-timeout network realm region retransmit-timeout rfc3576
Configures RADIUS keywrap.
Specifies the input format of the keywrap keys.
Enters the 16-byte key-encryption-key.
Enters the 20-byte message-authenticator-code-key.
Configures MAC delimiter for caller station ID and calling station ID.
Configures a RADIUS Server for management users.
Changes the default management login retransmission timeout for the server.
Configures a default RADIUS server for network users.
Configures radius auth realm.
Configures RADIUS region property.
Changes the default network login retransmission timeout for the server.
Enables or disables RFC-3576 support for an authentication server.
Command Default
When adding a RADIUS server, the port number defaults to 1812 and the state is enabled.
Usage Guidelines
IPSec is not supported for IPv6.
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Examples
The following example shows how to configure a priority 3 RADIUS authentication server at 10.10.10.10 using port 1812 with a login password of admin:
(Cisco Controller) >
config radius auth add 3 10.10.10.10 1812 ascii admin
864
Cisco Wireless Controller Command Reference, Release 8.4
config radius auth
The following example shows how to configure a priority 3 RADIUS authentication server at 2001:9:6:40::623 using port 1812 with a login password of admin:
(Cisco Controller) >
config radius auth add 3 2001:9:6:40::623 1812 ascii admin
Cisco Wireless Controller Command Reference, Release 8.4
865
config radius auth callStationIdType config radius auth callStationIdType
To configure the RADIUS authentication server, use the config radius auth callStationIdType command.
config radius auth callStationIdType {ap-ethmac-only | ap-ethmac-ssid | ap-group-name |
ap-label-address | ap-label-address-ssid| ap-location | ap-mac-ssid-ap-group | ap-macaddr-only |
ap-macaddr-ssid | ap-name | ap-name-ssid | flex-group-name | ipaddr | macaddr| vlan-id}
Syntax Description ipaddr macaddr ap-macaddr-only ap-macaddr-ssid ap-ethmac-only ap-ethmac-ssid ap-group-name flex-group-name ap-name ap-name-ssid ap-location ap-mac-ssid-ap-group
Configures the Call Station ID type to use the IP address (only Layer 3).
Configures the Call Station ID type to use the system’s
MAC address (Layers 2 and 3).
Configures the Call Station ID type to use the access point’s MAC address (Layers 2 and 3).
Configures the Call Station ID type to use the access point’s MAC address (Layers 2 and 3) in the format
AP MAC address:SSID.
Configures the Called Station ID type to use the access point’s Ethernet MAC address.
Configures the Called Station ID type to use the access point’s Ethernet MAC address in the format AP
Ethernet MAC address:SSID.
Configures the Call Station ID type to use the AP group name. If the AP is not part of any AP group, default-group is taken as the AP group name.
Configures the Call Station ID type to use the
FlexConnect group name. If the FlexConnect AP is not part of any FlexConnect group, the system MAC address is taken as the Call Station ID.
Configures the Call Station ID type to use the access point’s name.
Configures the Call Station ID type to use the access point’s name in the format AP name:SSID
Configures the Call Station ID type to use the access point’s location.
Sets Called Station ID type to the format <AP MAC address>:<SSID>:<AP Group>
866
Cisco Wireless Controller Command Reference, Release 8.4
config radius auth callStationIdType vlan-id
Command Default
The MAC address of the system.
Usage Guidelines
The controller sends the Called Station ID attribute to the RADIUS server in all authentication and accounting packets. The Called Station ID attribute can be used to classify users to different groups based on the attribute value. The command is applicable only for the Called Station and not for the Calling Station.
You cannot send only the SSID as the Called-Station-ID, you can only combine the SSID with either the access point MAC address or the access point name.
Command History
Release
7.6
7.6
8.0
8.3
Modification
This command was introduced in a release earlier than
Release 7.6.
The ap-ethmac-only and ap-ethmac-ssid keywords were added to support the access point’s Ethernet
MAC address.
The ap-label-address and ap-label-address-ssid keywords were added.
This command supports both IPv4 and IPv6 address formats.
The ap-mac-ssid-ap-group keyword was added.
Examples
Configures the Call Station ID type to use the system’s
VLAN-ID.
The following example shows how to configure the call station ID type to use the IP address:
(Cisco Controller) >
config radius auth callStationIdType ipAddr
The following example shows how to configure the call station ID type to use the system’s MAC address:
(Cisco Controller) >
config radius auth callStationIdType macAddr
The following example shows how to configure the call station ID type to use the access point’s MAC address:
(Cisco Controller) >
config radius auth callStationIdType ap-macAddr
Cisco Wireless Controller Command Reference, Release 8.4
867
config radius auth framed-mtu config radius auth framed-mtu
To configure the framed-mtu value for all RADIUS servers, use the config radius auth framed-mtu command.
config radius auth framed-mtu mtu
Syntax Description
mtu
Framed-MTU value range between 64 and 1300 bytes
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced.
The following example shows how to set the framed-mtu value for a RADIUS authentication server:
(Cisco Controller) >
config radius auth framed-mtu 500
868
Cisco Wireless Controller Command Reference, Release 8.4
config radius auth IPsec authentication config radius auth IPsec authentication
To configure IPsec support for an authentication server for the Cisco wireless LAN controller, use the config
radius auth IPsec authentication command.
config radius auth IPsec authentication {hmac-md5 | hmac-sha1} index
Syntax Description hmac-md5 hmac-shal
index
Enables IPsec HMAC-MD5 authentication.
Enables IPsec HMAC-SHA1 authentication.
RADIUS server index.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the IPsec hmac-md5 support for RADIUS authentication server index 1:
(Cisco Controller) >
config radius auth IPsec authentication hmac-md5 1
Related Commands show radius acct statistics
Cisco Wireless Controller Command Reference, Release 8.4
869
config radius auth ipsec disable config radius auth ipsec disable
To disable IPsec support for an authentication server for the Cisco wireless LAN controller, use the config
radius auth IPsec disable command.
config radius auth ipsec {enable | disable} index
Syntax Description enable disable
index
Enables the IPsec support for an authentication server.
Disables the IPsec support for an authentication server.
RADIUS server index.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
This example shows how to enable the IPsec support for RADIUS authentication server index 1:
(Cisco Controller) >
config radius auth ipsec enable 1
This example shows how to disable the IPsec support for RADIUS authentication server index 1:
(Cisco Controller) >
config radius auth ipsec disable 1
Related Commands show radius acct statistics
870
Cisco Wireless Controller Command Reference, Release 8.4
config radius auth ipsec encryption config radius auth ipsec encryption
To configure IPsec encryption support for an authentication server for the Cisco wireless LAN controller, use the config radius auth ipsec encryption command.
config radius auth IPsec encryption {256-aes | 3des | aes | des} index
Syntax Description
256-aes
3des aes des
index
Enables the IPsec 256 AES encryption.
Enables the IPsec 3DES encryption.
Enables the IPsec AES encryption.
Enables the IPsec DES encryption.
RADIUS server index.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
The keyword 256-aes was added.
Examples
The following example shows how to configure IPsec 3dec encryption RADIUS authentication server index
3:
(Cisco Controller) >
config radius auth ipsec encryption 3des 3
Related Commands show radius acct statistics
Cisco Wireless Controller Command Reference, Release 8.4
871
config radius auth ipsec ike config radius auth ipsec ike
To configure Internet Key Exchange (IKE) for the Cisco wireless LAN controller, use the config radius auth
IPsec ike command.
config radius auth ipsec ike {auth-mode {pre-shared-keyindex {ascii | hex shared-secret} | certificate
index } dh-group {2048bit-group-14 | group-1 | group-2 | group-5} | lifetime seconds | phase1 {aggressive
| main}} index
Syntax Description auth-mode pre-shared-key
index
ascii hex
shared-secret
certificate dh-group
2048bit-group-14 group-1 group-2 group-5 lifetime
seconds
phase1 aggressive main
index
Configures the IKE authentication method.
Configures the preshared key for IKE authentication method.
RADIUS server index between 1 and 17.
Configures RADIUS IPsec IKE secret in an ASCII format.
Configures RADIUS IPsec IKE secret in a hexadecimal format.
Configures the shared RADIUS IPsec secret.
Configures the certificate for IKE authentication.
Configures the IKE Diffe-Hellman group.
Configures the DH Group14 (2048 bits).
Configures the DH Group 1 (768 bits).
Configures the DH Group 2 (1024 bits).
Configures the DH Group 2 (1024 bits).
Configures the IKE lifetime.
IKE lifetime in seconds. The range is from 1800 to
57600 seconds.
Configures the IKE phase1 mode.
Enables the aggressive mode.
Enables the main mode.
RADIUS server index.
872
Cisco Wireless Controller Command Reference, Release 8.4
config radius auth ipsec ike
Command Default
By default, preshared key is used for IPsec sessions and IKE lifetime is 28800 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure IKE lifetime of 23 seconds for RADIUS authentication server index 1:
(Cisco Controller) >
config radius auth ipsec ike lifetime 23 1
Related Commands show radius acct statistics
Cisco Wireless Controller Command Reference, Release 8.4
873
config radius auth keywrap config radius auth keywrap
To enable and configure Advanced Encryption Standard (AES) key wrap, which makes the shared secret between the controller and the RADIUS server more secure, use the config radius auth keywrap command.
config radius auth keywrap {enable | disable | add {ascii | hex} kek mack | delete} index
Syntax Description enable disable add ascii hex
kek mack
delete
index
Enables AES key wrap.
Disables AES key wrap.
Configures AES key wrap attributes.
Configures key wrap in an ASCII format.
Configures key wrap in a hexadecimal format.
16-byte Key Encryption Key (KEK).
20-byte Message Authentication Code Key (MACK).
Deletes AES key wrap attributes.
Index of the RADIUS authentication server on which to configure the AES key wrap.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the AES key wrap for a RADIUS authentication server:
(Cisco Controller) >
config radius auth keywrap enable
Related Commands show radius auth statistics
874
Cisco Wireless Controller Command Reference, Release 8.4
config radius auth mac-delimiter config radius auth mac-delimiter
To specify a delimiter to be used in the MAC addresses that are sent to the RADIUS authentication server, use the config radius auth mac-delimiter command.
config radius auth mac-delimiter {colon | hyphen | single-hyphen | none}
Syntax Description colon hyphen single-hyphen none
Sets a delimiter to a colon (for example, xx:xx:xx:xx:xx:xx).
Sets a delimiter to a hyphen (for example, xx-xx-xx-xx-xx-xx).
Sets a delimiter to a single hyphen (for example, xxxxxx-xxxxxx).
Disables the delimiter (for example, xxxxxxxxxxxx).
Command Default
The default delimiter is a hyphen.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to specify a delimiter hyphen to be used for a RADIUS authentication server:
(Cisco Controller) >
config radius auth mac-delimiter hyphen
Related Commands show radius auth statistics
Cisco Wireless Controller Command Reference, Release 8.4
875
config radius auth management config radius auth management
To configure a default RADIUS server for management users, use the config radius auth management command.
config radius auth management index {enable | disable}
Syntax Description
index
enable disable
RADIUS server index.
Enables the server as a management user’s default
RADIUS server.
Disables the server as a management user’s default
RADIUS server.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure a RADIUS server for management users:
(Cisco Controller) >
config radius auth management 1 enable
Related Commands show radius acct statistics config radius acct network config radius auth mgmt-retransmit-timeout
876
Cisco Wireless Controller Command Reference, Release 8.4
config radius auth mgmt-retransmit-timeout config radius auth mgmt-retransmit-timeout
To configure a default RADIUS server retransmission timeout for management users, use the config radius
auth mgmt-retransmit-timeout command.
config radius auth mgmt-retransmit-timeout index retransmit-timeout
Syntax Description
index retransmit-timeout
RADIUS server index.
Timeout value. The range is from 1 to 30 seconds.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure a default RADIUS server retransmission timeout for management users:
(Cisco Controller) >
config radius auth mgmt-retransmit-timeout 1 10
Related Commands config radius auth management
Cisco Wireless Controller Command Reference, Release 8.4
877
config radius auth network config radius auth network
To configure a default RADIUS server for network users, use the config radius auth network command.
config radius auth network index {enable | disable}
Syntax Description
index
enable disable
RADIUS server index.
Enables the server as a network user default RADIUS server.
Disables the server as a network user default RADIUS server.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure a default RADIUS server for network users:
(Cisco Controller) >
config radius auth network 1 enable
Related Commands show radius acct statistics config radius acct network
878
Cisco Wireless Controller Command Reference, Release 8.4
config radius auth realm config radius auth realm
To configure realm on RADIUS authentication server, use the config radius auth realm command.
config radius auth realm{add | delete} radius_index realm_string
Syntax Description
radius_server
add delete
realm_string
Radius server index. The range is from 1 to 17.
Add realm to RADIUS authentication server.
Delete realm from RADIUS authentication server.
Unique string associated to RADIUS authentication realm.
Command Default
None
Command History
Examples
Release
8.0
Modification
This command was introduced.
The following example shows how add realm to the RADIUS authentication server:
(Cisco Controller) >
config radius auth realm add 3 test
Cisco Wireless Controller Command Reference, Release 8.4
879
config radius auth retransmit-timeout config radius auth retransmit-timeout
To change a default transmission timeout for a RADIUS authentication server for the Cisco wireless LAN controller, use the config radius auth retransmit-timeout command.
config radius auth retransmit-timeout index timeout
Syntax Description
index timeout
RADIUS server index.
Number of seconds (from 2 to 30) between retransmissions.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure a retransmission timeout of 5 seconds for a RADIUS authentication server:
(Cisco Controller) >
config radius auth retransmit-timeout 5
Related Commands show radius auth statistics
880
Cisco Wireless Controller Command Reference, Release 8.4
config radius auth rfc3576 config radius auth rfc3576
To configure RADIUS RFC-3576 support for the authentication server for the Cisco WLC, use the config
radius auth rfc3576 command.
config radius auth rfc3576 {enable | disable} index
Syntax Description enable disable
index
Enables RFC-3576 support for an authentication server.
Disables RFC-3576 support for an authentication server.
RADIUS server index.
Command Default
Disabled
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
RFC 3576, which is an extension to the RADIUS protocol, allows dynamic changes to a user session. RFC
3576 includes support for disconnecting users and changing authorizations applicable to a user session.
Disconnect messages cause a user session to be terminated immediately; CoA messages modify session authorization attributes such as data filters.
Examples
The following example shows how to enable the RADIUS RFC-3576 support for a RADIUS authentication server:
(Cisco Controller) >
config radius auth rfc3576 enable 2
Related Commands show radius auth statistics show radius summary show radius rfc3576
Cisco Wireless Controller Command Reference, Release 8.4
881
config radius auth retransmit-timeout config radius auth retransmit-timeout
To configure a retransmission timeout value for a RADIUS accounting server, use the config radius auth
server-timeout command.
config radius auth retransmit-timeout index timeout
Syntax Description
index timeout
RADIUS server index.
Timeout value. The range is from 2 to 30 seconds.
Command Default
The default timeout is 2 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure a server timeout value of 2 seconds for RADIUS authentication server index 10:
(Cisco Controller) >
config radius auth retransmit-timeout 2 10
Related Commands show radius auth statistics show radius summary
882
Cisco Wireless Controller Command Reference, Release 8.4
config radius aggressive-failover disabled config radius aggressive-failover disabled
To configure the controller to mark a RADIUS server as down (not responding) after the server does not reply to three consecutive clients, use the config radius aggressive-failover disabled command.
config radius aggressive-failover disabled
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the controller to mark a RADIUS server as down:
(Cisco Controller) >
config radius aggressive-failover disabled
Related Commands show radius summary
Cisco Wireless Controller Command Reference, Release 8.4
883
config radius backward compatibility config radius backward compatibility
To configure RADIUS backward compatibility for the Cisco wireless LAN controller, use the config radius
backward compatibility command.
config radius backward compatibility {enable | disable}
Syntax Description enable disable
Enables RADIUS vendor ID backward compatibility.
Disables RADIUS vendor ID backward compatibility.
Command Default
Enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the RADIUS backward compatibility settings:
(Cisco Controller) >
config radius backward compatibility disable
Related Commands show radius summary
884
Cisco Wireless Controller Command Reference, Release 8.4
config radius callStationIdCase config radius callStationIdCase
To configure callStationIdCase information sent in RADIUS messages for the Cisco WLC, use the config
radius callStationIdCase command.
config radius callStationIdCase {legacy | lower | upper}
Syntax Description legacy lower upper
Configures Call Station IDs for Layer 2 authentication to RADIUS in uppercase.
Configures all Call Station IDs to RADIUS in lowercase.
Configures all Call Station IDs to RADIUS in uppercase.
Command Default
Enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to send the call station ID in lowercase:
(Cisco Controller) >
config radius callStationIdCase lower
Related Commands show radius summary
Cisco Wireless Controller Command Reference, Release 8.4
885
config radius callStationIdType config radius callStationIdType
To configure the Called Station ID type information sent in RADIUS accounting messages for the Cisco wireless LAN controller, use the config radius callStationIdType command.
config radius callStationIdType {ap-ethmac-only | ap-ethmac-ssid | ap-group-name | ap-label-address
| ap-label-address-ssid| ap-location | ap-mac-ssid-ap-group | ap-macaddr-only | ap-macaddr-ssid |
ap-name | ap-name-ssid | flex-group-name | ipaddr | macaddr| vlan-id}
Syntax Description ipaddr macaddr ap-macaddr-only ap-macaddr-ssid ap-ethmac-only ap-ethmac-ssid ap-group-name flex-group-name ap-name ap-name-ssid ap-location ap-mac-ssid-ap-group
Configures the Call Station ID type to use the IP address (only Layer 3).
Configures the Call Station ID type to use the system’s
MAC address (Layers 2 and 3).
Configures the Call Station ID type to use the access point’s MAC address (Layers 2 and 3).
Configures the Call Station ID type to use the access point’s MAC address (Layers 2 and 3) in the format
AP MAC address:SSID.
Configures the Called Station ID type to use the access point’s Ethernet MAC address.
Configures the Called Station ID type to use the access point’s Ethernet MAC address in the format AP
Ethernet MAC address:SSID.
Configures the Call Station ID type to use the AP group name. If the AP is not part of any AP group, default-group is taken as the AP group name.
Configures the Call Station ID type to use the
FlexConnect group name. If the FlexConnect AP is not part of any FlexConnect group, the system MAC address is taken as the Call Station ID.
Configures the Call Station ID type to use the access point’s name.
Configures the Call Station ID type to use the access point’s name in the format AP name:SSID
Configures the Call Station ID type to use the access point’s location.
Sets Called Station ID type to the format <AP MAC address>:<SSID>:<AP Group>
886
Cisco Wireless Controller Command Reference, Release 8.4
config radius callStationIdType vlan-id
Command Default
The IP address of the system.
Usage Guidelines
The controller sends the Called Station ID attribute to the RADIUS server in all authentication and accounting packets. The Called Station ID attribute can be used to classify users to different groups based on the attribute value. The command is applicable only for the Called Station and not for the Calling Station.
You cannot send only the SSID as the Called-Station-ID, you can only combine the SSID with either the access point MAC address or the access point name.
Command History
Release
7.6
7.6
8.0
8.3
Modification
This command was introduced in a release earlier than
Release 7.6.
The ap-ethmac-only and ap-ethmac-ssid keywords were added to support the access point’s Ethernet
MAC address.
The ap-label-address and ap-label-address-ssid keywords were added.
This command supports both IPv4 and IPv6 address formats.
The ap-mac-ssid-ap-group keyword was added.
Examples
Configures the Call Station ID type to use the system’s
VLAN-ID.
The following example shows how to configure the call station ID type to use the IP address:
(Cisco Controller) >
config radius callStationIdType ipaddr
The following example shows how to configure the call station ID type to use the system’s MAC address:
(Cisco Controller) >
config radius callStationIdType macaddr
The following example shows how to configure the call station ID type to use the access point’s MAC address:
(Cisco Controller) >
config radius callStationIdType ap-macaddr-only
Cisco Wireless Controller Command Reference, Release 8.4
887
config radius dns config radius dns
To retrieve the RADIUS IP information from a DNS server, use the config radius dns command.
config radius dns {global port {ascii | hex} secret | queryurl timeout | serverip ip_address | disable | enable}
Syntax Description global
port ascii hex secret
query
url timeout
serverip
ip_address
disable enable
Configures the global port and secret to retrieve the RADIUS IP information from a DNS server.
Port number for authentication. The range is from 1 to 65535. All the DNS servers should use the same authentication port.
Format of the shared secret that you should set to ASCII.
Format of the shared secret that you should set to hexadecimal.
RADIUS server login secret.
Configures the fully qualified domain name (FQDN) of the RADIUS server and
DNS timeout.
FQDN of the RADIUS server. The FQDN can be up to 63 case-sensitive, alphanumeric characters.
Maximum time that the Cisco WLC waits for, in days, before timing out the request and resending it. The range is from 1 to 180.
Configures the DNS server IP address.
DNS server IP address.
Disables the RADIUS DNS feature. By default, this feature is disabled.
Enables the Cisco WLC to retrieve the RADIUS IP information from a DNS server.
When you enable a DNS query, the static configurations are overridden, that is, the DNS list overrides the static AAA list.
Command Default
You cannot configure the global port and secret to retrieve the RADIUS IP information.
Command History
Release
7.5
Modification
This command was introduced.
888
Cisco Wireless Controller Command Reference, Release 8.4
config radius dns
Usage Guidelines
The accounting port is derived from the authentication port. All the DNS servers should use the same secret.
Examples
The following example shows how to enable the RADIUS DNS feature on the Cisco WLC:
(Cisco Controller) >
config radius dns enable
Cisco Wireless Controller Command Reference, Release 8.4
889
config radius fallback-test config radius fallback-test
To configure the RADIUS server fallback behavior, use the config radius fallback-test command.
config radius fallback-test mode {off | passive | active} | username username} | {interval interval}
Syntax Description mode off passive active username
username
interval
interval
Specifies the mode.
Disables RADIUS server fallback.
Causes the controller to revert to a preferable server
(with a lower server index) from the available backup servers without using extraneous probe messages. The controller ignores all inactive servers for a time period and retries later when a RADIUS message needs to be sent.
Causes the controller to revert to a preferable server
(with a lower server index) from the available backup servers by using RADIUS probe messages to proactively determine whether a server that has been marked inactive is back online. The controller ignores all inactive servers for all active RADIUS requests.
Specifies the username.
Username. The username can be up to 16 alphanumeric characters.
Specifies the probe interval value.
Probe interval. The range is 180 to 3600.
Command Default
The default probe interval is 300.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to disable the RADIUS accounting server fallback behavior:
(Cisco Controller) >
config radius fallback-test mode off
890
Cisco Wireless Controller Command Reference, Release 8.4
config radius fallback-test
The following example shows how to configure the controller to revert to a preferable server from the available backup servers without using the extraneous probe messages:
(Cisco Controller) >
config radius fallback-test mode passive
The following example shows how to configure the controller to revert to a preferable server from the available backup servers by using RADIUS probe messages:
(Cisco Controller) >
config radius fallback-test mode active
Related Commands config advanced probe filter config advanced probe limit show advanced probe show radius acct statistics
Cisco Wireless Controller Command Reference, Release 8.4
891
config radius ext-source-ports config radius ext-source-ports
To configure support for extended source ports in the RADIUS servers, use the config radius ext-source-ports command.
config radius ext-source-ports { enable | disable }
Syntax Description enable disable
Enables Radius source port support.
Disables Radius source port support.
Command Default
None
Command Modes
Config
Command History
Release
8.1
Examples
Modification
This command was introduced.
The following example shows how to enable the extended source ports in the RADIUS servers:
config radius ext-source-ports enable
892
Cisco Wireless Controller Command Reference, Release 8.4
config radius acct retransmit-timeout config radius acct retransmit-timeout
To change the default transmission timeout for a RADIUS accounting server for the Cisco wireless LAN controller, use the config radius acct retransmit-timeout command.
config radius acct retransmit-timeout index timeout
Syntax Description
index timeout
RADIUS server index.
Number of seconds (from 2 to 30) between retransmissions.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure retransmission timeout value 5 seconds between the retransmission:
(Cisco Controller) >
config radius acct retransmit-timeout 5
Related Commands show radius acct statistics
Cisco Wireless Controller Command Reference, Release 8.4
893
config radius auth mgmt-retransmit-timeout config radius auth mgmt-retransmit-timeout
To configure a default RADIUS server retransmission timeout for management users, use the config radius
auth mgmt-retransmit-timeout command.
config radius auth mgmt-retransmit-timeout index retransmit-timeout
Syntax Description
index retransmit-timeout
RADIUS server index.
Timeout value. The range is from 1 to 30 seconds.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure a default RADIUS server retransmission timeout for management users:
(Cisco Controller) >
config radius auth mgmt-retransmit-timeout 1 10
Related Commands config radius auth management
894
Cisco Wireless Controller Command Reference, Release 8.4
config radius auth retransmit-timeout config radius auth retransmit-timeout
To change a default transmission timeout for a RADIUS authentication server for the Cisco wireless LAN controller, use the config radius auth retransmit-timeout command.
config radius auth retransmit-timeout index timeout
Syntax Description
index timeout
RADIUS server index.
Number of seconds (from 2 to 30) between retransmissions.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure a retransmission timeout of 5 seconds for a RADIUS authentication server:
(Cisco Controller) >
config radius auth retransmit-timeout 5
Related Commands show radius auth statistics
Cisco Wireless Controller Command Reference, Release 8.4
895
config radius auth retransmit-timeout config radius auth retransmit-timeout
To configure a retransmission timeout value for a RADIUS accounting server, use the config radius auth
server-timeout command.
config radius auth retransmit-timeout index timeout
Syntax Description
index timeout
RADIUS server index.
Timeout value. The range is from 2 to 30 seconds.
Command Default
The default timeout is 2 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure a server timeout value of 2 seconds for RADIUS authentication server index 10:
(Cisco Controller) >
config radius auth retransmit-timeout 2 10
Related Commands show radius auth statistics show radius summary
896
Cisco Wireless Controller Command Reference, Release 8.4
config redundancy interface address peer-service-port config redundancy interface address peer-service-port
To configure the service port IP and netmask of the peer or standby controller, use the config redundancy
interface address peer-service-port command.
config redundancy interface address peer-service-port ip_address netmask
Syntax Description
ip_address netmask
IP address of the peer service port.
Netmask of the peer service port.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
You can configure this command only from the Active controller. For the HA feature, the service port configurations are made per controller. You will loose these configurations if you change the mode from HA to non-HA and vice-versa.
Examples
The following example shows how to configure the service port IP and netmask of the peer or standby controller:
(Cisco Controller) >
config redundancy interface address peer-service-port 11.22.44.55
Cisco Wireless Controller Command Reference, Release 8.4
897
config redundancy mobilitymac config redundancy mobilitymac
To configure the HA mobility MAC address to be used as an identifier, use the config redundancy
mobilitymac command.
config redundancy mobilitymac mac_address
Syntax Description
mac_address
MAC address that is an identifier for the active and standby controller pair.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If you upgrade from Release 8.0.110.0 to a later release, the command's setting is removed. You must manually reconfigure the mobility MAC address after the upgrade.
Examples
The following example shows how to configure the HA mobility MAC address:
(Cisco Controller) >
config redundancy mobilitymac ff:ff:ff:ff:ff:ff
898
Cisco Wireless Controller Command Reference, Release 8.4
config redundancy mode config redundancy mode
To enable or disable redundancy or High Availability (HA), use the config redundancy mode command.
config redundancy mode {sso | none}
Syntax Description sso none
Enables a stateful switch over (SSO) or hot standby redundancy mode.
Disables redundancy mode.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
You must configure local and peer redundancy management IP addresses before you configure redundancy.
Examples
The following example shows how to enable redundancy:
(Cisco Controller) >
config redundancy mode sso
Cisco Wireless Controller Command Reference, Release 8.4
899
config redundancy peer-route config redundancy peer-route
To configure the route configurations of the peer or standby controller, use the config redundancy peer-route command.
config redundancy peer-route {add | delete} network_ip_address netmask gateway
Syntax Description add delete
network_ip_address netmask gateway
Adds a network route.
Deletes a network route specific to standby controller.
Network IP address.
Subnet mask of the network.
IP address of the gateway for the route network.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
You can configure this command only from the Active controller. For the HA feature, the service port configurations are made per controller. You will lose these configurations if you change the mode from HA to non-HA and vice-versa.
Examples
The following example shows how to configure route configurations of a peer or standby controller.
(Cisco Controller) >
config redundancy peer-route add 10.1.1.0 255.255.255.0 10.1.1.1
900
Cisco Wireless Controller Command Reference, Release 8.4
config redundancy timer keep-alive-timer config redundancy timer keep-alive-timer
To configure the keep-alive timeout value, use the config redundancy timer keep-alive-timer command.
config redundancy timer keep-alive-timer milliseconds
Syntax Description
milliseconds
Keep-alive timeout value in milliseconds. The range is from 100 to 400 milliseconds.
Command Default
The default keep-alive timeout value is 100 milliseconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the keep-alive timeout value:
(Cisco Controller) >
config redundancy timer keep-alive-timer 200
Cisco Wireless Controller Command Reference, Release 8.4
901
config redundancy timer peer-search-timer config redundancy timer peer-search-timer
To configure the peer search timer, use the config redundancy timer peer-search-timer command.
config redundancy timer peer-search-timer seconds
Syntax Description
seconds
Value of the peer search timer in seconds. The range is from 60 to 180 secs.
Command Default
The default value of the peer search timer is 120 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
You can use this command to configure the boot up role negotiation timeout value in seconds.
Examples
The following example shows how to configure the redundancy peer search timer:
(Cisco Controller) >
config redundancy timer peer-search-timer 100
902
Cisco Wireless Controller Command Reference, Release 8.4
config redundancy unit config redundancy unit
To configure a Cisco WLC as a primary or secondary WLC, use the config redundancy unit command.
config redundancy unit {primary | secondary}
Syntax Description primary secondary
Configures the Cisco WLC as the primary WLC.
Configures the Cisco WLC as the secondary WLC.
Command Default
The default state is as the primary WLC.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
When you configure a Cisco WLC as the secondary WLC, it becomes the HA Stakable Unit (SKU) without any valid AP licenses.
Examples
The following example shows how to configure a Cisco WLC as the primary WLC:
(Cisco Controller) >
config redundancy unit primary
Cisco Wireless Controller Command Reference, Release 8.4
903
config remote-lan config remote-lan
To configure a remote LAN, use the config remote-lan command.
config remote-lan {enable | disable} {remote-lan-id | all}
Syntax Description enable disable
remote-lan-id
all
Enables a remote LAN.
Disables a remote LAN.
Remote LAN identifier. Valid values are between 1 and 512.
Configures all wireless LANs.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable a remote LAN with ID 2:
(Cisco Controller) >
config remote-lan enable 2
904
Cisco Wireless Controller Command Reference, Release 8.4
config remote-lan aaa-override config remote-lan aaa-override
To configure user policy override through AAA on a remote LAN, use the config remote-lan aaa-override command.
config remote-lan aaa-override {enable | disable} remote-lan-id
Syntax Description enable disable
remote-lan-id
Enables user policy override through AAA on a remote LAN.
Disables user policy override through AAA on a remote LAN.
Remote LAN identifier. Valid values are between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable user policy override through AAA on a remote LAN where the remote LAN ID is 2:
(Cisco Controller) >
config remote-lan aaa-override enable 2
Cisco Wireless Controller Command Reference, Release 8.4
905
config remote-lan acl config remote-lan acl
To specify an access control list (ACL) for a remote LAN, use the config remote-lan acl command.
config remote-lan acl remote-lan-id acl_name
Syntax Description
remote-lan-id acl_name
Remote LAN identifier. Valid values are between 1 and 512.
ACL name.
Note
Use the show acl summary command to know the ACLs available.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to specify ACL1 for a remote LAN whose ID is 2:
(Cisco Controller) >
config remote-lan acl 2 ACL1
906
Cisco Wireless Controller Command Reference, Release 8.4
config remote-lan apgroup config remote-lan apgroup
To add an access point (AP) group to remote LAN IEEE 802.1X, use the config remote-lan apgroup command.
config remote-lan apgroup add apgroup-name description
Syntax Description add
apgroup-name description
Creates a new AP group.
Name of an AP group to configure.
(Optional) Description of the AP group.
Command Default
None
Command Modes
Controller Configuration
Command History
Release
8.4
Modification
This command was introduced.
Usage Guidelines
Examples
The following example shows how to add an AP group to remote LAN IEEE 802.1X:
(Cisco Controller) >
config remote-lan apgroup add testap
Cisco Wireless Controller Command Reference, Release 8.4
907
config remote-lan create config remote-lan create
To configure a new remote LAN connection, use the config remote-lan create command.
config remote-lan create remote-lan-id name
Syntax Description
remote-lan-id
name
Remote LAN identifier. Valid values are between 1 and 512.
Remote LAN name. Valid values are up to 32 alphanumeric characters.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure a new remote LAN, MyRemoteLAN, with the LAN ID as
3:
(Cisco Controller) >
config remote-lan create 3 MyRemoteLAN
908
Cisco Wireless Controller Command Reference, Release 8.4
config remote-lan custom-web config remote-lan custom-web
To configure web authentication for a remote LAN, use the config remote-lan custom-web command.
config remote-lan custom-web {ext-webauth-url URL } | global {enable | disable} | login-page page-name
| loginfailure-page {page-name | none} | logout-page {page-name | none} | webauth-type {internal
|customized | external}} remote-lan-id
Syntax Description ext-webauth-url
URL
global enable disable login-page
page-name
none logout-page none webauth-type internal customized external
name remote-lan-id
Configures an external web authentication URL.
Web authentication URL for the Login page.
Configures the global status for the remote LAN.
Enables the global status for the remote LAN.
Disables the global status for the remote LAN.
Configures a login page.
Login page name.
Configures no login page.
Configures a logout page.
Configures no logout page.
Configures the web authentication type for the remote LAN.
Displays the default login page.
Displays a downloaded login page.
Displays a login page that is on an external server.
Remote LAN name. Valid values are up to 32 alphanumeric characters.
Remote LAN identifier. Valid values are from 1 to 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
909
config remote-lan custom-web
Usage Guidelines
Follow these guidelines when you use the config remote-lan custom-web command:
• When you configure the external Web-Auth URL, do the following:
â—¦Ensure that Web-Auth or Web-Passthrough Security is in enabled state. To enable Web-Auth, use the config remote-lan security web-auth enable command. To enable Web-Passthrough, use the
config remote-lan security web-passthrough enable command.
â—¦Ensure that the global status of the remote LAN is in disabled state. To enable the global status of the remote LAN, use the config remote-lan custom-web global disable command.
â—¦Ensure that the remote LAN is in disabled state. To disable a remote LAN, use the config remote-lan
disable command.
• When you configure the Web-Auth type for the remote LAN, do the following:
â—¦When you configure a customized login page, ensure that you have a login page configured. To configure a login page, use the config remote-lan custom-web login-page command.
â—¦When you configure an external login page, ensure that you have configured preauthentication
ACL for external web authentication to function.
Examples
The following example shows how to configure an external web authentication URL for a remote LAN with
ID 3:
(Cisco Controller) >
config remote-lan custom-web ext-webauth-url http://www.AuthorizationURL.com/ 3
The following example shows how to enable the global status of a remote LAN with ID 3:
(Cisco Controller) >
config remote-lan custom-web global enable 3
The following example shows how to configure the login page for a remote LAN with ID 3:
(Cisco Controller) >
config remote-lan custom-web login-page custompage1 3
The following example shows how to configure a web authentication type with the default login page for a remote LAN with ID 3:
(Cisco Controller) >
config remote-lan custom-web webauth-type internal 3
910
Cisco Wireless Controller Command Reference, Release 8.4
config remote-lan delete config remote-lan delete
To delete a remote LAN connection, use the config remote-lan delete command.
config remote-lan delete remote-lan-id
Syntax Description
remote-lan-id
Remote LAN identifier. Valid values are between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to delete a remote LAN with ID 3:
(Cisco Controller) >
config remote-lan delete 3
Cisco Wireless Controller Command Reference, Release 8.4
911
config remote-lan dhcp_server config remote-lan dhcp_server
To configure a dynamic host configuration protocol (DHCP) server for a remote LAN, use the config
remote-lan dhcp_server command.
config remote-lan dhcp_server remote-lan-id ip_address
Syntax Description
remote-lan-id ip_addr
Remote LAN identifier. Valid values are between 1 and 512.
IPv4 address of the override DHCP server.
Command Default
0.0.0.0 is set as the default interface value.
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports only IPv4 address format.
Examples
The following example shows how to configure a DHCP server for a remote LAN with ID 3:
(Cisco Controller) >
config remote-lan dhcp_server 3 209.165.200.225
Related Commands show remote-lan
912
Cisco Wireless Controller Command Reference, Release 8.4
config remote-lan exclusionlist config remote-lan exclusionlist
To configure the exclusion list timeout on a remote LAN, use the config remote-lan exclusionlist command.
config remote-lan exclusionlist remote-lan-id {seconds | disabled | enabled}
Syntax Description
remote-lan-id seconds
disabled enabled
Remote LAN identifier. Valid values are between 1 and 512.
Exclusion list timeout in seconds. A value of 0 requires an administrator override.
Disables exclusion listing.
Enables exclusion listing.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the exclusion list timeout to 20 seconds on a remote LAN with ID 3:
(Cisco Controller) >
config remote-lan exclusionlist 3 20
Cisco Wireless Controller Command Reference, Release 8.4
913
config remote-lan host-mode config remote-lan host-mode
To configure a host mode for remote LAN IEEE 802.1X, use the config remote-lan host-mode command.
config remote-lan host-mode {singlehost | multihost } remote-lan-id
Syntax Description singlehost multihost
remote-lan-id
Configures the remote LAN single-host mode.
Configures the remote LAN multi-host mode.
WLAN identifier. The range is from 1 to 512.
Command Default
None
Command Modes
Controller Configuration
Command History
Release
8.4
Examples
Modification
This command was introduced.
The following example shows how to configure the host mode as single for remote LAN IEEE 802.1X:
(Cisco Controller) >
config remote-lan host-mode singlehost 1
914
Cisco Wireless Controller Command Reference, Release 8.4
config remote-lan interface config remote-lan interface
To configure an interface for a remote LAN, use the config remote-lan interface command.
config remote-lan interface remote-lan-id interface_name
Syntax Description
remote-lan-id interface_name
Remote LAN identifier. Valid values are between 1 and 512.
Interface name.
Note
Interface name should not be in upper case characters.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure an interface myinterface for a remote LAN with ID 3:
(Cisco Controller) >
config remote-lan interface 3 myinterface
Cisco Wireless Controller Command Reference, Release 8.4
915
config remote-lan ldap config remote-lan ldap
To configure a remote LAN’s LDAP servers, use the config remote-lan ldap command.
config remote-lan ldap {add | delete} remote-lan-id index
Syntax Description add delete
remote-lan-id index
Adds a link to a configured LDAP server (maximum of three).
Deletes a link to a configured LDAP server.
Remote LAN identifier. Valid values are between 1 and 512.
LDAP server index.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to add an LDAP server with the index number 10 for a remote LAN with
ID 3:
(Cisco Controller) >
config remote-lan ldap add 3 10
916
Cisco Wireless Controller Command Reference, Release 8.4
config remote-lan mac-filtering config remote-lan mac-filtering
To configure MAC filtering on a remote LAN, use the config remote-lan mac-filtering command.
config remote-lan mac-filtering {enable | disable} remote-lan-id
Syntax Description enable disable
remote-lan-id
Enables MAC filtering on a remote LAN.
Disables MAC filtering on a remote LAN.
Remote LAN identifier. Valid values are between 1 and 512.
Command Default
MAC filtering on a remote LAN is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to disable MAC filtering on a remote LAN with ID 3:
(Cisco Controller) >
config remote-lan mac-filtering disable 3
Cisco Wireless Controller Command Reference, Release 8.4
917
config remote-lan mab config remote-lan mab
To configure MAC Authentication Bypass (MAB) authentication support for AP Port LAN clients, use the
config remote-lan mab command.
config remote-lan mab{enable | disable} remote-lan-id
Syntax Description enable
disable remote-lan-id
Enables MAB authentication support.
Disables MAB authentication support.
WLAN Identifier. The valid range is between 1 and 512.
Command Default
None
Command Modes
Controller Configuration
Command History
Release
8.4
Examples
Modification
This command was introduced.
The following example shows how to enable MAB authentication support for AP Port LAN clients:
(Cisco Controller) >config remote-lan mab enable 8
918
Cisco Wireless Controller Command Reference, Release 8.4
config remote-lan max-associated-clients config remote-lan max-associated-clients
To configure the maximum number of client connections on a remote LAN, use the config remote-lan
max-associated-clients command.
config remote-lan max-associated-clients remote-lan-id max-clients
Syntax Description
remote-lan-id max-clients
Remote LAN identifier. Valid values are between 1 and 512.
Configures the maximum number of client connections on a remote LAN.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure 10 client connections on a remote LAN with ID 3:
(Cisco Controller) >
config remote-lan max-associated-clients 3 10
Cisco Wireless Controller Command Reference, Release 8.4
919
config remote-lan pre-auth config remote-lan pre-auth
To configure a preauthentication VLAN for RLAN IEEE 802.1X, use the config remote-lan pre-auth command.
config remote-lan pre-auth {enable | disable} remote-lan-id vlan vlan-id
Syntax Description enable disable
remote-lan-id
vlan
vlan-id
Enables RLAN preauthentication.
Disables RLAN preauthentication.
WLAN identifier. The range is from 1 to 512.
Configures preauthentication VLAN for RLAN IEEE 802.1X.
Remote LAN preauthentication VLAN identifier.
Command Default
None
Command Modes
(Controller Configuration)
Command History
Release
8.4
Modification
This command was introduced.
Examples
The following example shows how to enable preauthentication VLAN for remote LAN IEEE 802.1X:
(Cisco Controller) >
config remote-lan pre-auth enable 1 vlan vlan1
920
Cisco Wireless Controller Command Reference, Release 8.4
config remote-lan radius_server config remote-lan radius_server
To configure the RADIUS servers on a remote LAN, use the config remote-lan radius_server command.
config remote-lan radius_server {acct {{add | delete} server-index | {enable | disable} | interim-update
{interval | enable | disable}} | auth {{add | delete} server-index | {enable | disable }} | overwrite-interface
{enable | disable}} remote-lan-id
Syntax Description acct add delete
remote-lan-id server-index
enable disable interim-update
interval
enable disable auth enable disable overwrite-interface enable disable
Configures a RADIUS accounting server.
Adds a link to a configured RADIUS server.
Deletes a link to a configured RADIUS server.
Remote LAN identifier. Valid values are between 1 and 512.
RADIUS server index.
Enables RADIUS accounting for this remote LAN.
Disables RADIUS accounting for this remote LAN.
Enables RADIUS accounting for this remote LAN.
Accounting interim interval. The range is from 180 to 3600 seconds.
Enables accounting interim update.
Disables accounting interim update.
Configures a RADIUS authentication server.
Enables RADIUS authentication for this remote LAN.
Disables RADIUS authentication for this remote LAN.
Configures a RADIUS dynamic interface for the remote LAN.
Enables a RADIUS dynamic interface for the remote LAN.
Disables a RADIUS dynamic interface for the remote LAN.
Command Default
The interim update interval is set to 600 seconds.
Cisco Wireless Controller Command Reference, Release 8.4
921
config remote-lan radius_server
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable RADIUS accounting for a remote LAN with ID 3:
(Cisco Controller) >
config remote-lan radius_server acct enable 3
922
Cisco Wireless Controller Command Reference, Release 8.4
config remote-lan security config remote-lan security
To configure security policy for a remote LAN, use the config remote-lan security command.
config remote-lan security {{web-auth {enable | disable | acl | server-precedence} remote-lan-id |
{web-passthrough {enable | disable | acl | email-input} remote-lan-id}}
Syntax Description web-auth enable disable acl server-precedence
remote-lan-id
email-input web-passthrough
Specifies web authentication.
Enables the web authentication settings.
Disables the web authentication settings.
Configures an access control list.
Configures the authentication server precedence order for web authentication users.
Remote LAN identifier. Valid values are between 1 and 512.
Configures the web captive portal using an e-mail address.
Specifies the web captive portal with no authentication required.
Command Default
None
Command History
Examples
Release
7.6
8.4
Modification
This command was introduced in a release earlier than Release 7.6.
The 802.1X keyword was added.
The following example shows how to configure the security web authentication policy for remote LAN ID
1:
(Cisco Controller) >
config remote-lan security web-auth enable 1
Cisco Wireless Controller Command Reference, Release 8.4
923
config remote-lan session-timeout config remote-lan session-timeout
To configure client session timeout, use the config remote-lan session-timeout command.
config remote-lan session-timeout remote-lan-id seconds
Syntax Description
remote-lan-id seconds
Remote LAN identifier. Valid values are between 1 and 512.
Timeout or session duration in seconds. A value of zero is equivalent to no timeout.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the client session timeout to 6000 seconds for a remote LAN with ID 1:
(Cisco Controller) >
config remote-lan session-timeout 1 6000
924
Cisco Wireless Controller Command Reference, Release 8.4
config remote-lan violation-mode config remote-lan violation-mode
To configure the violation mode for remote LAN IEEE 802.1X, use the config remote-lan violation-mode command.
config remote-lan violation-mode {protect | replace | shutdown} remote-lan-id
Syntax Description protect replace shutdown
remote-lan-id
Configures the remote LAN protect mode.
Configures the remote LAN replace mode.
Configures the remote LAN shutdown mode.
WLAN identifier. The range is from 1 to 512.
Command Default
None
Command Modes
Controller Configuration
Command History
Release
8.4
Modification
This command was introduced.
Usage Guidelines
Examples
The following example shows how to configure the violation mode as protect for remote LAN IEEE 802.1X:
(Cisco Controller) >
config remote-lan violation-mode protect 1
Cisco Wireless Controller Command Reference, Release 8.4
925
config remote-lan webauth-exclude config remote-lan webauth-exclude
To configure web authentication exclusion on a remote LAN, use the config remote-lan webauth-exclude command.
config remote-lan webauth-exclude remote-lan-id {enable | disable}
Syntax Description
remote-lan-id
enable disable
Remote LAN identifier. Valid values are between 1 and 512.
Enables web authentication exclusion on the remote LAN.
Disables web authentication exclusion on the remote LAN.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable web authentication exclusion on a remote LAN with ID 1:
(Cisco Controller) >
config remote-lan webauth-exclude 1 enable
926
Cisco Wireless Controller Command Reference, Release 8.4
config rf-profile band-select config rf-profile band-select
To configure the RF profile band selection parameters, use the config rf-profile band-select command.
config rf-profile band-select {client-rssi rssi | cycle-count cycles | cycle-threshold value | expire {dual-band
value | suppression value} | probe-response {enable | disable}} profile_name
Syntax Description client-rssi
rssi
cycle-count
cycles
cycle-threshold
value
expire dual-band
value
suppression
value
probe-response enable disable
profile name
Configures the client Received Signal Strength Indicator (RSSI) threshold for the RF profile.
Minimum RSSI for a client to respond to a probe. The range is from -20 to -90 dBm.
Configures the probe cycle count for the RF profile. The cycle count sets the number of suppression cycles for a new client.
Value of the cycle count. The range is from 1 to 10.
Configures the time threshold for a new scanning RF Profile band select cycle period. This setting determines the time threshold during which new probe requests from a client come in a new scanning cycle.
Value of the cycle threshold for the RF profile. The range is from 1 to 1000 milliseconds.
Configures the expiration time of clients for band select.
Configures the expiration time for pruning previously known dual-band clients.
After this time elapses, clients become new and are subject to probe response suppression.
Value for a dual band. The range is from 10 to 300 seconds.
Configures the expiration time for pruning previously known 802.11b/g clients.
After this time elapses, clients become new and are subject to probe response suppression.
Value for suppression. The range is from 10 to 200 seconds.
Configures the probe response for a RF profile.
Enables probe response suppression on clients operating in the 2.4-GHz band for a RF profile.
Disables probe response suppression on clients operating in the 2.4-GHz band for a RF profile.
Name of the RF profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.
Cisco Wireless Controller Command Reference, Release 8.4
927
config rf-profile band-select
Command Default
The default value for client RSSI is –80 dBm.
The default cycle count is 2.
The default cycle threshold is 200 milliseconds.
The default value for dual-band expiration is 60 seconds.
The default value for suppression expiration is 20 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
When you enable band select on a WLAN, the access point suppresses client probes on 2.4-GHz and moves the dual band clients to the 5-Ghz spectrum. The band-selection algorithm directs dual-band clients only from the 2.4-GHz radio to the 5-GHz radio of the same access point, and it only runs on an access point when both the 2.4-GHz and 5-GHz radios are up and running. Band selection can be used only with Cisco Aironet 1040,
1140, and 1250 Series and the 3500 series access points.
Examples
The following example shows how to configure the client RSSI:
(Cisco Controller) >
config rf-profile band-select client-rssi -70
928
Cisco Wireless Controller Command Reference, Release 8.4
config rf-profile client-trap-threshold config rf-profile client-trap-threshold
To configure the threshold value of the number of clients that associate with an access point, after which an
SNMP trap is sent to the controller, use the config rf-profile client-trap-threshold command.
config rf-profile client-trap-threshold threshold profile_name
Syntax Description
threshold profile_name
Threshold value of the number of clients that associate with an access point, after which an SNMP trap is sent to the controller. The range is from 0 to 200. Traps are disabled if the threshold value is configured as zero.
Name of the RF profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the threshold value of the number of clients that associate with an access point:
(Cisco Controller) >
config rf-profile client-trap-threshold 150
Cisco Wireless Controller Command Reference, Release 8.4
929
config rf-profile create config rf-profile create
To create a RF profile, use the config rf-profile create command.
config rf-profile create {802.11a | 802.11b/g} profile-name
Syntax Description
802.11a
802.11b/g
profile-name
Configures the RF profile for the 2.4GHz band.
Configures the RF profile for the 5GHz band.
Name of the RF profile.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to create a new RF profile:
(Cisco Controller) >
config rf-profile create 802.11a RFtestgroup1
930
Cisco Wireless Controller Command Reference, Release 8.4
config rf-profile fra client-aware config rf-profile fra client-aware
To configure the RF profile client-aware FRA feature, use the config rf-profile fra client-aware command.
config rf-profile fra client-aware {client-reset percent rf-profile-name | client-select percent rf-profile-name
| disable rf-profile-name | enable rf-profile-name}
Syntax Description client-reset
percent rf-profile-name
client-select
percent
disable enable
Configures the RF profile AP utilization threshold for radio to switch back to Monitor mode.
Utilization percentage value ranges from 0 to 100. The default is 5%.
Name of the RF Profile.
Configures the RF profile utilization threshold for radio to switch to 5GHz.
Utilization percentage value ranges from 0 to 100. The default is 50%.
Disables the RF profile client-aware FRA feature.
Enables the RF profile client-aware FRA feature.
Command Default
The default percent value for client-select and client-reset is 50% and 5% respectively.
Command History
Release
8.5
Modification
This command was introduced.
Examples
The following example shows how to configure the RF profile utilization threshold for redundant dual-band radios to switch back from 5GHz client-serving role to Monitor mode:
(Cisco Controller) >
config rf-profile fra client-aware client-reset 15 profile1
The following example shows how to configure the RF profile utilization threshold for redundant dual-band radios to switch from Monitor mode to 5GHz client-serving role:
(Cisco Controller) >
config rf-profile fra client-aware client-select 20 profile1
The following example shows how to disable the RF profile client-aware FRA feature:
(Cisco Controller) >
config rf-profile fra client-aware disable profile1
The following example shows how to enable the RF profile client-aware FRA feature:
(Cisco Controller) >
config rf-profile fra client-aware enable profile1
Cisco Wireless Controller Command Reference, Release 8.4
931
config rf-profile data-rates config rf-profile data-rates
To configure the data rate on a RF profile, use the config rf-profile data-rates command.
config rf-profile data-rates {802.11a |802.11b } {disabled | mandatory | supported} data-rate profile-name
Syntax Description
802.11a
802.11b
disabled mandatory supported
data-rate profile-name
Specifies 802.11a as the radio policy of the RF profile.
Specifies 802.11b as the radio policy of the RF profile.
Disables a rate.
Sets a rate to mandatory.
Sets a rate to supported.
802.11 operational rates, which are 1*, 2*, 5.5*, 6, 9, 11*,
12, 18, 24, 36, 48 and 54, where * denotes 802.11b only rates.
Name of the RF profile.
Command Default
Default data rates for RF profiles are derived from the controller system defaults, the global data rate configurations. For example, if the RF profile's radio policy is mapped to 802.11a then the global 802.11a
data rates are copied into the RF profiles at the time of creation.
The data rates set with this command are negotiated between the client and the Cisco wireless LAN controller.
If the data rate is set to mandatory, the client must support it in order to use the network. If a data rate is set as supported by the Cisco wireless LAN controller, any associated client that also supports that rate may communicate with the Cisco lightweight access point using that rate. It is not required that a client is able to use all the rates marked supported in order to associate.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the 802.11b transmission of an RF profile at a mandatory rate at 12
Mbps:
(Cisco Controller) >
config rf-profile 802.11b data-rates mandatory 12 RFGroup1
932
Cisco Wireless Controller Command Reference, Release 8.4
config rf-profile delete config rf-profile delete
To delete a RF profile, use the config rf-profile delete command.
config rf-profile delete profile-name
Syntax Description
profile-name
Name of the RF profile.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to delete a RF profile:
(Cisco Controller) >
config rf-profile delete RFGroup1
Cisco Wireless Controller Command Reference, Release 8.4
933
config rf-profile description config rf-profile description
To provide a description to a RF profile, use the config rf-profile description command.
config rf-profile description description profile-name
Syntax Description
description profile-name
Description of the RF profile.
Name of the RF profile.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to add a description to a RF profile:
(Cisco Controller) >
config rf-profile description This is a demo desciption RFGroup1
934
Cisco Wireless Controller Command Reference, Release 8.4
config rf-profile load-balancing config rf-profile load-balancing
To configure load balancing on an RF profile, use the config rf-profile load-balancing command.
config rf-profile load-balancing {window clients | denial value} profile_name
Syntax Description window
clients
denial
value profile_name
Configures the client window for load balancing of an RF profile.
Client window size that limits the number of client associations with an access point. The range is from 0 to 20. The default value is 5.
The window size is part of the algorithm that determines whether an access point is too heavily loaded to accept more client associations:
load-balancing window + client associations on AP with lightest load = load-balancing threshold
Access points with more client associations than this threshold are considered busy, and clients can associate only to access points with client counts lower than the threshold. This window also helps to disassociate sticky clients.
Configures the client denial count for load balancing of an RF profile.
Maximum number of association denials during load balancing. The range is from 1 to 10.
The default value is 3.
When a client tries to associate on a wireless network, it sends an association request to the access point. If the access point is overloaded and load balancing is enabled on the controller, the access point sends a denial to the association request. If there are no other access points in the range of the client, the client tries to associate the same access point again. After the maximum denial count is reached, the client is able to associate. Association attempts on an access point from any client before associating any AP is called a sequence of association. The default is 3.
Name of the RF profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the client window size for an RF profile:
(Cisco Controller) >
config rf-profile load-balancing window 15
Cisco Wireless Controller Command Reference, Release 8.4
935
config rf-profile max-clients config rf-profile max-clients
To configure the maximum number of client connections per access point of an RF profile, use the config
rf-profile max-clients commands.
config rf-profile max-clients clients
Syntax Description
clients
Maximum number of client connections per access point of an RF profile. The range is from 1 to 200.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You can use this command to configure the maximum number of clients on access points that are in client dense areas, or serving high bandwidth video or mission critical voice applications.
Examples
The following example shows how to set the maximum number of clients at 50:
(Cisco Controller) >
config rf-profile max-clients 50
936
Cisco Wireless Controller Command Reference, Release 8.4
config rf-profile multicast data-rate config rf-profile multicast data-rate
To configure the minimum RF profile multicast data rate, use the config rf-profile multicast data-rate command.
config rf-profile multicast data-rate value profile_name
Syntax Description
value profile_name
Minimum RF profile multicast data rate. The options are 6, 9, 12, 18, 24, 36, 48,
54. Enter 0 to specify that access points will dynamically adjust the data rate.
Name of the RF profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.
Command Default
The minimum RF profile multicast data rate is 0.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the multicast data rate for an RF profile:
(Cisco Controller) >
config rf-profile multicast data-rate 24
Cisco Wireless Controller Command Reference, Release 8.4
937
config rf-profile out-of-box config rf-profile out-of-box
To create an out-of-box AP group consisting of newly installed access points, use the config rf-profile
out-of-box command.
config rf-profile out-of-box {enable | disable}
Syntax Description enable disable
Enables the creation of an out-of-box AP group. When you enable this command, the following occurs:
• Newly installed access points that are part of the default AP group will be part of the out-of-box AP group and their radios will be switched off, which eliminates any RF instability caused by the new access points.
• All access points that do not have a group name become part of the out-of-box AP group.
• Special RF profiles are created per 802.11 band. These RF profiles have default-settings for all the existing RF parameters and additional new configurations.
Disables the out-of-box AP group. When you disable this feature, only the subscription of new APs to the out-of-box AP group stops. All APs that are subscribed to the out-of-box AP group remain in this AP group. You can move APs to the default group or a custom AP group upon network convergence.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
When an out-of-box AP associates with the controller for the first time, it will be redirected to a special AP group and the RF profiles applicable to this AP Group will control the radio admin state configuration of the
AP. You can move APs to the default group or a custom group upon network convergence.
Examples
The following example shows how to enable the creation of an out-of-box AP group:
(Cisco Controller) >
config rf-profile out-of-box enable
938
Cisco Wireless Controller Command Reference, Release 8.4
config rf-profile rx-sop threshold config rf-profile rx-sop threshold
To configure high, medium or low Rx SOP threshold values for each 802.11 band, use the config rf-profile
rx-sop threshold command.
config rf-profile rx-sop threshold {high | medium | low | auto} profile_name
Syntax Description high medium low auto
profile_name
Configures the high Rx SOP threshold value for an RF profile.
Configures the medium Rx SOP threshold value for an RF profile.
Configures the low Rx SOP threshold value for an RF profile.
Configures an auto Rx SOP threshold value for an RF profile. When you choose auto, the access point determines the best Rx SOP threshold value.
RF profile on which the Rx SOP threshold value will be configured.
Command Default
The default Rx SOP threshold option is auto.
Command History
Release
8.0
Modification
This command was introduced.
Examples
The following example shows how to configure the high Rx SOP threshold value on an RF profile:
(Cisco Controller) >
config 802.11 rx-sop threshold high T1a
Cisco Wireless Controller Command Reference, Release 8.4
939
config rf-profile tx-power-control-thresh-v1 config rf-profile tx-power-control-thresh-v1
To configure Transmit Power Control version1 (TPCv1) to an RF profile, use the config rf-profile
tx-power-control-thresh-v1 command.
config rf-profile tx-power-control-thresh-v1 tpc-threshold profile_name
Syntax Description
tpc-threshold profile-name
TPC threshold.
Name of the RF profile.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure TPCv1 on an RF profile:
(Cisco Controller) >
config rf-profile tx-power-control-thresh-v1 RFGroup1
940
Cisco Wireless Controller Command Reference, Release 8.4
config rf-profile tx-power-control-thresh-v2 config rf-profile tx-power-control-thresh-v2
To configure Transmit Power Control version 2 (TPCv2) to an RF profile, use the config rf-profile
tx-power-control-thresh-v2 command.
config rf-profile tx-power-control-thresh-v2 tpc-threshold profile-name
Syntax Description
tpc-threshold profile-name
TPC threshold.
Name of the RF profile.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure TPCv2 on an RF profile:
(Cisco Controller) >
config rf-profile tx-power-control-thresh-v2 RFGroup1
Cisco Wireless Controller Command Reference, Release 8.4
941
config rf-profile tx-power-max config rf-profile tx-power-max
To configure maximum auto-rf to an RF profile, use the config rf-profile tx-power-max command.
config rf-profile tx-power-max profile-name
Syntax Description
tx-power-max profile-name
Maximum auto-rf tx power.
Name of the RF profile.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure tx-power-max on an RF profile:
(Cisco Controller) >
config rf-profile tx-power-max RFGroup1
942
Cisco Wireless Controller Command Reference, Release 8.4
config rf-profile tx-power-min config rf-profile tx-power-min
To configure minimum auto-rf to an RF profile, use the config rf-profile tx-power-min command.
config rf-profile tx-power-min tx-power-min profile-name
Syntax Description
tx-power-min profile-name
Minimum auto-rf tx power.
Name of the RF profile.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure tx-power-min on an RF profile:
(Cisco Controller) >
config rf-profile tx-power-min RFGroup1
Cisco Wireless Controller Command Reference, Release 8.4
943
config rogue ap timeout config rogue ap timeout
To specify the number of seconds after which the rogue access point and client entries expire and are removed from the list, use the config rogue ap timeout command.
config rogue ap timeout seconds
Syntax Description
seconds
Value of 240 to 3600 seconds (inclusive), with a default value of 1200 seconds.
Command Default
The default number of seconds after which the rogue access point and client entries expire is 1200 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set an expiration time for entries in the rogue access point and client list to 2400 seconds:
(Cisco Controller) >
config rogue ap timeout 2400
Related Commands config rogue ap classify config rogue ap friendly config rogue ap rldp config rogue ap ssid config rogue rule config trapflags rogueap show rogue ap clients show rogue ap detailed show rogue ap summary show rogue ap friendly summary show rogue ap malicious summary show rogue ap unclassified summary show rogue ignore-list show rogue rule detailed
944
Cisco Wireless Controller Command Reference, Release 8.4
show rogue rule summary config rogue ap timeout
Cisco Wireless Controller Command Reference, Release 8.4
945
config rogue adhoc config rogue adhoc
To globally or individually configure the status of an Independent Basic Service Set (IBSS or ad-hoc) rogue access point, use the config rogue adhoc command.
config rogue adhoc {enable | disable | external rogue_MAC | alert {rogue_MAC | all} | auto-contain
[monitor_ap] | contain rogue_MAC 1234_aps| }
config rogue adhoc {delete {all | mac-address mac-address} | classify {friendly state {external | internal}
mac-address | malicious state {alert | contain} mac-address | unclassified state {alert | contain }
mac-address}
Syntax Description enable disable external
rogue_MAC
alert all auto-contain
monitor_ap
contain
1234_aps
delete all mac-address
Globally enables detection and reporting of ad-hoc rogues.
Globally disables detection and reporting of ad-hoc rogues.
Configure external state on the rogue access point that is outside the network and poses no threat to WLAN security. The controller acknowledges the presence of this rogue access point.
MAC address of the ad-hoc rogue access point.
Generates an SMNP trap upon detection of the ad-hoc rogue, and generates an immediate alert to the system administrator for further action.
Enables alerts for all ad-hoc rogue access points.
Contains all wired ad-hoc rogues detected by the controller.
(Optional) IP address of the ad-hoc rogue access point.
Contains the offending device so that its signals no longer interfere with authorized clients.
Maximum number of Cisco access points assigned to actively contain the ad-hoc rogue access point (1 through 4, inclusive).
Deletes ad-hoc rogue access points.
Deletes all ad-hoc rogue access points.
Deletes ad-hoc rogue access point with the specified
MAC address.
946
Cisco Wireless Controller Command Reference, Release 8.4
config rogue adhoc
mac-address
classify friendly state internal malicious state alert contain unclassified state
MAC address of the ad-hoc rogue access point.
Configures ad-hoc rogue access point classification.
Classifies ad-hoc rogue access points as friendly.
Configures alert state on rogue access point that is inside the network and poses no threat to WLAN security. The controller trusts this rogue access point.
Classifies ad-hoc rogue access points as malicious.
Configures alert state on the rogue access point that is not in the neighbor list or in the user configured friendly MAC list. The controller forwards an immediate alert to the system administrator for further action.
Configures contain state on the rogue access point.
Controller contains the offending device so that its signals no longer interfere with authorized clients.
Classifies ad-hoc rogue access points as unclassified.
Command Default
The default for this command is enabled and is set to alert. The default for auto-containment is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The controller continuously monitors all nearby access points and automatically discovers and collects information on rogue access points and clients. When the controller discovers a rogue access point, it uses
RLDP to determine if the rogue is attached to your wired network.
Note
RLDP is not supported for use with Cisco autonomous rogue access points. These access points drop the
DHCP Discover request sent by the RLDP client. Also, RLDP is not supported if the rogue access point channel requires dynamic frequency selection (DFS).
When you enter any of the containment commands, the following warning appears:
Using this feature may have legal consequences. Do you want to continue? (y/n) :
Cisco Wireless Controller Command Reference, Release 8.4
947
config rogue adhoc
The 2.4- and 5-GHz frequencies in the Industrial, Scientific, and Medical (ISM) band are open to the public and can be used without a license. As such, containing devices on another party’s network could have legal consequences.
Enter the auto-contain command with the monitor_ap argument to monitor the rogue access point without containing it. Enter the auto-contain command without the optional monitor_ap to automatically contain all wired ad-hoc rogues detected by the controller.
Examples
The following example shows how to enable the detection and reporting of ad-hoc rogues:
(Cisco Controller) >
config rogue adhoc enable
The following example shows how to enable alerts for all ad-hoc rogue access points:
(Cisco Controller) >
config rogue adhoc alert all
The following example shows how to classify an ad-hoc rogue access point as friendly and configure external state on it:
(Cisco Controller) >
config rogue adhoc classify friendly state internal 11:11:11:11:11:11
Related Commands config rogue auto-contain level show rogue ignore-list show rogue rule detailed show rogue rule summary
948
Cisco Wireless Controller Command Reference, Release 8.4
config rogue ap classify config rogue ap classify
To classify the status of a rogue access point, use the config rogue ap classify command.
config rogue ap classify {friendly state {internal | external} ap_mac }
config rogue ap classify {malicious | unclassified} state {alert | contain} ap_mac
Syntax Description friendly state internal external
ap_mac
malicious unclassified alert contain
Classifies a rogue access point as friendly.
Specifies a response to classification.
Configures the controller to trust this rogue access point.
Configures the controller to acknowledge the presence of this access point.
MAC address of the rogue access point.
Classifies a rogue access point as potentially malicious.
Classifies a rogue access point as unknown.
Configures the controller to forward an immediate alert to the system administrator for further action.
Configures the controller to contain the offending device so that its signals no longer interfere with authorized clients.
Command Default
These commands are disabled by default. Therefore, all unknown access points are categorized as unclassified by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
A rogue access point cannot be moved to the unclassified class if its current state is contain.
When you enter any of the containment commands, the following warning appears: “Using this feature may have legal consequences. Do you want to continue?” The 2.4- and 5-GHz frequencies in the Industrial,
Cisco Wireless Controller Command Reference, Release 8.4
949
config rogue ap classify
Scientific, and Medical (ISM) band are open to the public and can be used without a license. As such, containing devices on another party’s network could have legal consequences.
Examples
The following example shows how to classify a rogue access point as friendly and can be trusted:
(Cisco Controller) >
config rogue ap classify friendly state internal 11:11:11:11:11:11
The following example shows how to classify a rogue access point as malicious and to send an alert:
(Cisco Controller) >
config rogue ap classify malicious state alert 11:11:11:11:11:11
The following example shows how to classify a rogue access point as unclassified and to contain it:
(Cisco Controller) >
config rogue ap classify unclassified state contain 11:11:11:11:11:11
Related Commands config rogue adhoc config rogue ap friendly config rogue ap rldp config rogue ap ssid config rogue ap timeout config rogue ap valid-client config rogue client config trapflags rogueap show rogue ap clients show rogue ap detailed show rogue ap summary show rogue ap friendly summary show rogue ap malicious summary show rogue ap unclassified summary show rogue client detailed show rogue client summary show rogue ignore-list show rogue rule detailed show rogue rule summary
950
Cisco Wireless Controller Command Reference, Release 8.4
config rogue ap friendly config rogue ap friendly
To add a new friendly access point entry to the friendly MAC address list, or delete an existing friendly access point entry from the list, use the config rogue ap friendly command.
config rogue ap friendly {add | delete} ap_mac
Syntax Description add delete
ap_mac
Adds this rogue access point from the friendly MAC address list.
Deletes this rogue access point from the friendly MAC address list.
MAC address of the rogue access point that you want to add or delete.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to add a new friendly access point with MAC address 11:11:11:11:11:11 to the friendly MAC address list.
(Cisco Controller) >
config rogue ap friendly add 11:11:11:11:11:11
Related Commands config rogue adhoc config rogue ap classify config rogue ap rldp config rogue ap ssid config rogue ap timeout config rogue ap valid-client config rogue client config trapflags rogueap show rogue ap clients show rogue ap detailed
Cisco Wireless Controller Command Reference, Release 8.4
951
config rogue ap friendly show rogue ap summary show rogue ap friendly summary show rogue ap malicious summary show rogue ap unclassified summary show rogue client detailed show rogue client summary show rogue ignore-list show rogue rule detailed show rogue rule summary
952
Cisco Wireless Controller Command Reference, Release 8.4
config rogue ap rldp config rogue ap rldp
To enable, disable, or initiate the Rogue Location Discovery Protocol (RLDP), use the config rogue ap rldp command.
config rogue ap rldp enable {alarm-only | auto-contain} [monitor_ap_only]
config rogue ap rldp initiate rogue_mac_address
config rogue ap rldp disable
Syntax Description alarm-only auto-contain
monitor_ap_only
initiate
rogue_mac_address
disable
When entered without the optional argument
monitor_ap_only, enables RLDP on all access points.
When entered without the optional argument
monitor_ap_only, automatically contains all rogue access points.
(Optional) RLDP is enabled (when used with
alarm-only keyword), or automatically contained
(when used with auto-contain keyword) is enabled only on the designated monitor access point.
Initiates RLDP on a specific rogue access point.
MAC address of specific rogue access point.
Disables RLDP on all access points.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
When you enter any of the containment commands, the following warning appears: “Using this feature may have legal consequences. Do you want to continue?” The 2.4- and 5-GHz frequencies in the Industrial,
Scientific, and Medical (ISM) band are open to the public and can be used without a license. As such, containing devices on another party’s network could have legal consequences.
Cisco Wireless Controller Command Reference, Release 8.4
953
config rogue ap rldp
Examples
The following example shows how to enable RLDP on all access points:
(Cisco Controller) >
config rogue ap rldp enable alarm-only
The following example shows how to enable RLDP on monitor-mode access point ap_1:
(Cisco Controller) >
config rogue ap rldp enable alarm-only ap_1
The following example shows how to start RLDP on the rogue access point with MAC address 123.456.789.000:
(Cisco Controller) >
config rogue ap rldp initiate 123.456.789.000
The following example shows how to disable RLDP on all access points:
(Cisco Controller) >
config rogue ap rldp disable
Related Commands config rogue adhoc config rogue ap classify config rogue ap friendly config rogue ap ssid config rogue ap timeout config rogue ap valid-client config rogue client config trapflags rogueap show rogue ap clients show rogue ap detailed show rogue ap summary show rogue ap friendly summary show rogue ap malicious summary show rogue ap unclassified summary show rogue client detailed show rogue client summary show rogue ignore-list show rogue rule detailed show rogue rule summary
954
Cisco Wireless Controller Command Reference, Release 8.4
config rogue ap ssid config rogue ap ssid
To generate an alarm only, or to automatically contain a rogue access point that is advertising your network’s service set identifier (SSID), use the config rogue ap ssid command.
config rogue ap ssid {alarm | auto-contain}
Syntax Description alarm auto-contain
Generates only an alarm when a rogue access point is discovered to be advertising your network’s SSID.
Automatically contains the rogue access point that is advertising your network’s SSID.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
When you enter any of the containment commands, the following warning appears: “Using this feature may have legal consequences. Do you want to continue?” The 2.4- and 5-GHz frequencies in the Industrial,
Scientific, and Medical (ISM) band are open to the public and can be used without a license. As such, containing devices on another party’s network could have legal consequences.
Examples
The following example shows how to automatically contain a rogue access point that is advertising your network’s SSID:
(Cisco Controller) >
config rogue ap ssid auto-contain
Related Commands config rogue adhoc config rogue ap classify config rogue ap friendly config rogue ap rldp config rogue ap timeout config rogue ap valid-client config rogue client config trapflags rogueap
Cisco Wireless Controller Command Reference, Release 8.4
955
config rogue ap ssid show rogue ap clients show rogue ap detailed show rogue ap summary show rogue ap friendly summary show rogue ap malicious summary show rogue ap unclassified summary show rogue client detailed show rogue client summary show rogue ignore-list show rogue rule detailed show rogue rule summary
956
Cisco Wireless Controller Command Reference, Release 8.4
config rogue ap timeout config rogue ap timeout
To specify the number of seconds after which the rogue access point and client entries expire and are removed from the list, use the config rogue ap timeout command.
config rogue ap timeout seconds
Syntax Description
seconds
Value of 240 to 3600 seconds (inclusive), with a default value of 1200 seconds.
Command Default
The default number of seconds after which the rogue access point and client entries expire is 1200 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set an expiration time for entries in the rogue access point and client list to 2400 seconds:
(Cisco Controller) >
config rogue ap timeout 2400
Related Commands config rogue ap classify config rogue ap friendly config rogue ap rldp config rogue ap ssid config rogue rule config trapflags rogueap show rogue ap clients show rogue ap detailed show rogue ap summary show rogue ap friendly summary show rogue ap malicious summary show rogue ap unclassified summary show rogue ignore-list show rogue rule detailed
Cisco Wireless Controller Command Reference, Release 8.4
957
config rogue ap timeout show rogue rule summary
958
Cisco Wireless Controller Command Reference, Release 8.4
config rogue auto-contain level config rogue auto-contain level
To configure rogue the auto-containment level, use the config rogue auto-contain level command.
config rogue auto-contain level level [monitor_ap_only]
Syntax Description
level
monitor_ap_only
Rogue auto-containment level in the range of 1 to 4.
You can enter a value of 0 to enable the Cisco WLC to automatically select the number of APs used for auto containment. The controller chooses the required number of APs based on the RSSI for effective containment.
Note
Up to four APs can be used to auto-contain when a rogue AP is moved to contained state through any of the auto-containment policies.
(Optional) Configures auto-containment using only monitor AP mode.
Command Default
The default auto-containment level is 1.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The controller continuously monitors all nearby access points and automatically discovers and collects information on rogue access points and clients. When the controller discovers a rogue access point, it uses any of the configured auto-containment policies to start autocontainment. The policies for initiating autocontainment are rogue on wire (detected through RLDP or rogue detector AP), rogue using managed
SSID, Valid client on Rogue AP, and AdHoc Rogue.
This table lists the RSSI value associated with each containment level.
Table 7: RSSI Associated with Each Containment Level
2
3
Auto-containment
Level
1
RSSI
0 to –55 dBm
–75 to –55 dBm
–85 to –75 dBm
Cisco Wireless Controller Command Reference, Release 8.4
959
config rogue auto-contain level
Auto-containment
Level
4
RSSI
Less than –85 dBm
Note
RLDP is not supported for use with Cisco autonomous rogue access points. These access points drop the
DHCP Discover request sent by the RLDP client. Also, RLDP is not supported if the rogue access point channel requires dynamic frequency selection (DFS).
When you enter any of the containment commands, the following warning appears:
Using this feature may have legal consequences. Do you want to continue? (y/n) :
The 2.4-GHz and 5-GHz frequencies in the Industrial, Scientific, and Medical (ISM) band are open to the public and can be used without a license. As such, containing devices on another party’s network could have legal consequences.
Examples
The following example shows how to configure the auto-contain level to 3:
(Cisco Controller) >
config rogue auto-contain level 3
Related Commands config rogue adhoc show rogue adhoc summary show rogue client summary show rogue ignore-list show rogue rule summary
960
Cisco Wireless Controller Command Reference, Release 8.4
config rogue ap valid-client config rogue ap valid-client
To generate an alarm only, or to automatically contain a rogue access point to which a trusted client is associated, use the config rogue ap valid-client command.
config rogue ap valid-client {alarm | auto-contain}
Syntax Description alarm auto-contain
Generates only an alarm when a rogue access point is discovered to be associated with a valid client.
Automatically contains a rogue access point to which a trusted client is associated.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
When you enter any of the containment commands, the following warning appears: “Using this feature may have legal consequences. Do you want to continue?” The 2.4- and 5-GHz frequencies in the Industrial,
Scientific, and Medical (ISM) band are open to the public and can be used without a license. As such, containing devices on another party’s network could have legal consequences.
Examples
The following example shows how to automatically contain a rogue access point that is associated with a valid client:
(Cisco Controller) >
config rogue ap valid-client auto-contain
Related Commands config rogue ap classify config rogue ap friendly config rogue ap rldp config rogue ap timeout config rogue ap ssid config rogue rule config trapflags rogueap show rogue ap clients
Cisco Wireless Controller Command Reference, Release 8.4
961
config rogue ap valid-client show rogue ap detailed show rogue ap summary show rogue ap friendly summary show rogue ap malicious summary show rogue ap unclassified summary show rogue ignore-list show rogue rule detailed show rogue rule summary
962
Cisco Wireless Controller Command Reference, Release 8.4
config rogue client config rogue client
To configure rogue clients, use the config rogue client command.
config rogue client {aaa {enable | disable} | alert ap_mac | contain client_mac | delete {state {alert | any
| contained | contained-pending} | all | mac-address client_mac} | mse{enable | disable} } }
Syntax Description aaa enable disable alert
ap_mac
contain
client_mac
delete state alert any contained contained-pending all mac-address mse
Configures AAA server or local database to validate whether rogue clients are valid clients. The default is disabled.
Enables the AAA server or local database to check rogue client MAC addresses for validity.
Disables the AAA server or local database to check rogue client MAC addresses for validity.
Configures the controller to forward an immediate alert to the system administrator for further action.
Access point MAC address.
Configures the controller to contain the offending device so that its signals no longer interfere with authorized clients.
MAC address of the rogue client.
Deletes the rogue client.
Deletes the rogue clients according to their state.
Deletes the rogue clients in alert state.
Deletes the rogue clients in any state.
Deletes all rogue clients that are in contained state.
Deletes all rogue clients that are in contained pending state.
Deletes all rogue clients.
Deletes a rogue client with the configured MAC address.
Validates if the rogue clients are valid clients using
MSE. The default is disabled.
Cisco Wireless Controller Command Reference, Release 8.4
963
config rogue client
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
You cannot validate rogue clients against MSE and AAA at the same time.
Examples
The following example shows how to enable the AAA server or local database to check MAC addresses:
(Cisco Controller) >
config rogue client aaa enable
The following example shows how to disable the AAA server or local database from checking MAC addresses:
(Cisco Controller) >
config rogue client aaa disable
Related Commands config rogue rule config trapflags rogueap show rogue ap clients show rogue ap detailed show rogue client summary show rogue ignore-list show rogue rule detailed show rogue rule summary
964
Cisco Wireless Controller Command Reference, Release 8.4
config rogue containment config rogue containment
To configure rogue containment, use the config rogue containment command.
config rogue containment {flexconnect | auto-rate} {enable | disable}
Syntax Description flexconnect auto-rate enable disable
Configures rogue containment for standalone FlexConnect APs.
Configures automatic rate selection for rogue containment.
Enables the rogue containment.
Disables the rogue containment.
Command Default
None
Command History
Release
7.5
Modification
This command was introduced.
Usage Guidelines
The following table lists the rogue containment automatic rate selection details.
Table 8: Rogue Containment Automatic Rate Selection
RSSI (dBm)
–74
–70
–55
< –40
802.11b/g Tx Rate (Mbps)
1
2
5.5
5.5
802.11a Tx Rate (Mbps)
6
12
12
18
Examples
The following example shows how to enable automatic rate selection for rogue containment:
(Cisco Controller) >
config rogue containment auto-rate enable
Cisco Wireless Controller Command Reference, Release 8.4
965
config rogue detection config rogue detection
To enable or disable rogue detection, use the config rogue detection command.
Note
If an AP itself is configured with the keyword all, the all access points case takes precedence over the
AP that is with the keyword all.
config rogue detection {enable | disable} {cisco_ap | all}
Syntax Description enable disable
cisco_ap
all
Enables rogue detection on this access point.
Disables rogue detection on this access point.
Cisco access point.
Specifies all access points.
Command Default
The default rogue detection value is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Rogue detection is enabled by default for all access points joined to the controller except for OfficeExtend access points. OfficeExtend access points are deployed in a home environment and are likely to detect a large number of rogue devices.
Examples
The following example shows how to enable rogue detection on the access point Cisco_AP:
(Cisco Controller) >
config rogue detection enable Cisco_AP
Related Commands config rogue rule config trapflags rogueap show rogue client detailed show rogue client summary show rogue ignore-list
966
Cisco Wireless Controller Command Reference, Release 8.4
show rogue rule detailed show rogue rule summary config rogue detection
Cisco Wireless Controller Command Reference, Release 8.4
967
config rogue detection client-threshold config rogue detection client-threshold
To configure the rogue client threshold for access points, use the config rogue detection client-threshold command.
config rogue detection client-threshold value
Syntax Description
value
Threshold rogue client count on an access point after which a trap is sent from the Cisco
Wireless LAN Controller (WLC). The range is from 1 to 256. Enter 0 to disable the feature.
Command Default
The default rogue client threshold is 0.
Command History
Release
7.5
Modification
This command was introduced.
Examples
The following example shows how to configure the rogue client threshold:
(Cisco Controller) >
config rogue detection client-threshold 200
968
Cisco Wireless Controller Command Reference, Release 8.4
config rogue detection min-rssi config rogue detection min-rssi
To configure the minimum Received Signal Strength Indicator (RSSI) value at which APs can detect rogues and create a rogue entry in the controller, use the config rogue detection min-rssi command.
config rogue detection min-rssi rssi-in-dBm
Syntax Description
rssi-in-dBm
Minimum RSSI value. The valid range is from –70 dBm to –128 dBm, and the default value is –128 dBm.
Command Default
The default RSSI value to detect rogues in APs is -128 dBm.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
This feature is applicable to all the AP modes.
There can be many rogues with very weak RSSI values that do not provide any valuable information in rogue analysis. Therefore, you can use this option to filter rogues by specifying the minimum RSSI value at which
APs should detect rogues.
Examples
The following example shows how to configure the minimum RSSI value:
(Cisco Controller) >
config rogue detection min-rssi
–80
Related Commands config rogue detection show rogue ap clients config rogue rule config trapflags rogueap show rogue client detailed show rogue client summary show rogue ignore-list show rogue rule detailed show rogue rule summary
Cisco Wireless Controller Command Reference, Release 8.4
969
config rogue detection monitor-ap config rogue detection monitor-ap
To configure the rogue report interval for all monitor mode Cisco APs, use the config rogue detection
monitor-ap command.
config rogue detection monitor-ap {report-interval | transient-rogue-interval} time-in-seconds
Syntax Description report-interval transient-rogue-interval
time-in-seconds
Specifies the interval at which rogue reports are sent.
Specifies the interval at which rogues are consistently scanned for by APs after the first time the rogues are scanned.
Time in seconds. The valid range is as follows:
• 10 to 300 for report-interval
• 120 to 1800 for transient-rogue-interval
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
This feature is applicable to APs that are in monitor mode only.
Using the transient interval values, you can control the time interval at which APs should scan for rogues.
APs can also filter the rogues based on their transient interval values.
This feature has the following advantages:
• Rogue reports from APs to the controller are shorter.
• Transient rogue entries are avoided in the controller.
• Unnecessary memory allocation for transient rogues are avoided.
Examples
The following example shows how to configure the rogue report interval to 60 seconds:
(Cisco Controller) >
config rogue detection monitor-ap report-interval 60
The following example shows how to configure the transient rogue interval to 300 seconds:
(Cisco Controller) >
config rogue detection monitor-ap transient-rogue-interval 300
970
Cisco Wireless Controller Command Reference, Release 8.4
Related Commands config rogue detection config rogue detection min-rssi config rogue rule config trapflags rogueap show rogue ap clients show rogue client detailed show rogue client summary show rogue ignore-list show rogue rule detailed show rogue rule summary config rogue detection monitor-ap
Cisco Wireless Controller Command Reference, Release 8.4
971
config rogue detection report-interval config rogue detection report-interval
To configure the rogue detection report interval, use the config rogue detection report-interval command.
config rogue detection report-interval time
Syntax Description
time
Time interval, in seconds, at which the access points send the rogue detection report to the controller. The range is from 10 to 300.
Command Default
The default rogue detection report interval is 10 seconds.
Command History
Release
7.5
Modification
This command was introduced.
Usage Guidelines
This feature is applicable only to the access points that are in the monitor mode.
Examples
The following example shows how to configure the rogue detection report interval:
(Cisco Controller) >
config rogue detection report-interval 60
972
Cisco Wireless Controller Command Reference, Release 8.4
config rogue detection security-level config rogue detection security-level
To configure the rogue detection security level, use the config rogue detection security-level command.
config rogue detection security-level {critical | custom | high | low}
Syntax Description critical custom high low
Configures the rogue detection security level to critical.
Configures the rogue detection security level to custom, and allows you to configure the rogue policy parameters.
Configures the rogue detection security level to high. This security level configures basic rogue detection and auto containment for medium-scale or less critical deployments.
The Rogue Location Discovery Protocol (RLDP) is disabled for this security level.
Configures the rogue detection security level to low. This security level configures basic rogue detection for small-scale deployments. Auto containment is not supported for this security level.
Command Default
The default rogue detection security level is custom.
Command History
Release
7.5
Modification
This command was introduced.
Examples
The following example shows how to configure the rogue detection security level to high:
(Cisco Controller) >
config rogue detection security-level high
Cisco Wireless Controller Command Reference, Release 8.4
973
config rogue detection transient-rogue-interval config rogue detection transient-rogue-interval
To configure the rogue-detection transient interval, use the config rogue detection transient-rogue-interval command.
config rogue detection transient-rogue-interval time
Syntax Description
time
Time interval, in seconds, at which a rogue should be consistently scanned by the access point after the rogue is scanned for the first time. The range is from 120 to 1800.
Command Default
The default rogue-detection transient interval for each security level is as follows:
• Low—120 seconds
• High—300 seconds
• Critical—600 seconds
Command History
Release
7.5
Modification
This command was introduced.
Usage Guidelines
This feature applies only to the access points that are in the monitor mode.
After the rogue is scanned consistently, updates are sent periodically to the Cisco Wireless LAN Controller
(WLC). The access points filter the active transient rogues for a very short period and are then silent.
Examples
The following example shows how to configure the rogue detection transient interval:
(Cisco Controller) >
config rogue detection transient-rogue-interval 200
974
Cisco Wireless Controller Command Reference, Release 8.4
config rogue rule config rogue rule
To add and configure rogue classification rules, use the config rogue rule command.
config rogue rule {add ap priority priority classify {custom severity-score classification-name | friendly
| malicious} notify {all | global | none | local} state {alert | contain | delete | internal | external} rule_name
| classify {custom severity-score classification-name | friendly | malicious} rule_name | condition ap {set
| delete} condition_type condition_value rule_name | {enable | delete | disable} {all | rule_name} | match
{all | any} | priority priority| notify {all | global | none | local} rule_name |state {alert | contain | internal
| external}rule_name}
Syntax Description add ap priority
priority
classify custom
severity-score classification-name
friendly malicious notify all global local none state
Adds a rule with match any criteria and the priority that you specify.
Priority of this rule within the list of rules.
Specifies the classification of a rule.
Classifies devices matching the rule as custom.
Custom classification severity score of the rule. The range is from 1 to 100.
Custom classification name. The name can be up to
32 case-sensitive, alphanumeric characters.
Classifies a rule as friendly.
Classifies a rule as malicious.
Configures type of notification upon rule match.
Notifies the controller and a trap receiver such as
Cisco Prime Infrastructure.
Notifies only a trap receiver such as Cisco Prime
Infrastructure.
Notifies only the controller.
Notifies neither the controller nor a trap receiver such as Cisco Prime Infrastructure.
Configures state of the rogue access point after a rule match.
Cisco Wireless Controller Command Reference, Release 8.4
975
config rogue rule alert contain delete external internal
rule_name
condition ap set delete
Configures alert state on the rogue access point that is not in the neighbor list or in the user configured friendly MAC list. The controller forwards an immediate alert to the system administrator for further action.
Configures contain state on the rogue access point.
Controller contains the offending device so that its signals no longer interfere with authorized clients.
Configures delete state on the rogue access point.
Configures external state on the rogue access point that is outside the network and poses no threat to
WLAN security. The controller acknowledges the presence of this rogue access point.
Configures alert state on rogue access point that is inside the network and poses no threat to WLAN security. The controller trusts this rogue access point.
Rule to which the command applies, or the name of a new rule.
Specifies the conditions for a rule that the rogue access point must meet.
Adds conditions to a rule that the rogue access point must meet.
Removes conditions to a rule that the rogue access point must meet.
976
Cisco Wireless Controller Command Reference, Release 8.4
condition_type condition_value
enable delete disable match all any priority config rogue rule
Type of the condition to be configured. The condition types are listed below:
• client-count—Requires that a minimum number of clients be associated to a rogue access point.
The valid range is 1 to 10 (inclusive).
• duration—Requires that a rogue access point be detected for a minimum period of time. The valid range is 0 to 3600 seconds (inclusive).
• managed-ssid—Requires that a rogue access point’s SSID be known to the controller.
• no-encryption—Requires that a rogue access point’s advertised WLAN does not have encryption enabled.
• rssi—Requires that a rogue access point have a minimum RSSI value. The range is from –95 to
–50 dBm (inclusive).
• ssid—Requires that a rogue access point have a specific SSID.
• substring-ssid—Requires that a rogue access point have a substring of a user-configured
SSID.
Value of the condition. This value is dependent upon the condition_type. For instance, if the condition type is ssid, then the condition value is either the SSID name or all.
Enables all rules or a single specific rule.
Deletes all rules or a single specific rule.
Deletes all rules or a single specific rule.
Specifies whether a detected rogue access point must meet all or any of the conditions specified by the rule in order for the rule to be matched and the rogue access point to adopt the classification type of the rule.
Specifies all rules defined.
Specifies any rule meeting certain criteria.
Changes the priority of a specific rule and shifts others in the list accordingly.
Cisco Wireless Controller Command Reference, Release 8.4
977
config rogue rule
Command Default
No rogue rules are configured.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
For your changes to be effective, you must enable the rule. You can configure up to 64 rules.
Reclassification of rogue APs according to the RSSI condition of the rogue rule occurs only when the RSSI changes more than +/- 2 dBm of the configured RSSI value. Manual and automatic classification override custom rogue rules. Rules are applied to manually changed rogues if their class type changes to unclassified and state changes to alert. Adhoc rogues are classified and do not go to the pending state. You can have up to 50 classification types.
Examples
The following example shows how to create a rule called rule_1 with a priority of 1 and a classification as friendly.
(Cisco Controller) >
config rogue rule add ap priority 1 classify friendly rule_1
The following example shows how to enable rule_1.
(Cisco Controller) >
config rogue rule enable rule_1
The following example shows how to change the priority of the last command.
(Cisco Controller) >
config rogue rule priority 2 rule_1
The following example shows how to change the classification of the last command.
(Cisco Controller) >
config rogue rule classify malicious rule_1
The following example shows how to disable the last command.
(Cisco Controller) >
config rogue rule disable rule_1
The following example shows how to delete SSID_2 from the user-configured SSID list in rule-5.
(Cisco Controller) >
config rogue rule condition ap delete ssid ssid_2 rule-5
The following example shows how to create a custom rogue rule.
(Cisco Controller) >
config rogue rule classify custom 1 VeryMalicious rule6
978
Cisco Wireless Controller Command Reference, Release 8.4
config rogue rule condition ap config rogue rule condition ap
To configure a condition of a rogue rule for rogue access points, use the config rogue rule condition ap command.
config rogue rule condition ap {set {client-count count | duration time | managed-ssid | no-encryption |
rssi rssi | ssid ssid | substring-ssid substring-ssid} | delete {all | client-count | duration | managed-ssid |
no-encryption | rssi | ssid | substring-ssid} rule_name
Syntax Description set client-count
count
duration
time
managed-ssid no-encryption rssi
rssi
ssid
ssid
substring-ssid
substring-ssid
delete all
Configures conditions to a rule that the rogue access point must meet.
Enables a minimum number of clients to be associated to the rogue access point.
Minimum number of clients to be associated to the rogue access point. The range is from 1 to 10 (inclusive). For example, if the number of clients associated to a rogue access point is greater than or equal to the configured value, the access point is classified as malicious.
Enables a rogue access point to be detected for a minimum period of time.
Minimum time period, in seconds, to detect the rogue access point. The range is from 0 to 3600.
Enables a rogue access point’s SSID to be known to the controller.
Enables a rogue access point’s advertised WLAN to not have encryption enabled.
If a rogue access point has encryption disabled, it is likely that more clients will try to associate to it.
Enables a rogue access point to have a minimum Received Signal Strength Indicator
(RSSI) value.
Minimum RSSI value, in dBm, required for the access point. The range is from
–95 to –50 (inclusive). For example, if the rogue access point has an RSSI that is greater than the configured value, the access point is classified as malicious.
Enables a rogue access point have a specific SSID.
SSID of the rogue access point.
Enables a rogue access point to have a substring of a user-configured SSID.
Substring of a user-configured SSID. For example, if you have an SSID as ABCDE, you can specify the substring as ABCD or ABC. You can classify multiple SSIDs with matching patterns.
Removes the conditions to a rule that a rogue access point must comply with.
Deletes all the rogue rule conditions.
Cisco Wireless Controller Command Reference, Release 8.4
979
config rogue rule condition ap
rule_name
Rogue rule to which the command applies.
Command Default
The default value for RSSI is 0 dBm.
The default value for duration is 0 seconds.
The default value for client count is 0.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
You can configure up to 25 SSIDs per rogue rule. You can configure up to 25 SSID substrings per rogue rule.
Examples
The following example shows how to configure the RSSI rogue rule condition:
(Cisco Controller) >
config rogue rule condition ap set rssi
–50
980
Cisco Wireless Controller Command Reference, Release 8.4
config remote-lan session-timeout config remote-lan session-timeout
To configure client session timeout, use the config remote-lan session-timeout command.
config remote-lan session-timeout remote-lan-id seconds
Syntax Description
remote-lan-id seconds
Remote LAN identifier. Valid values are between 1 and 512.
Timeout or session duration in seconds. A value of zero is equivalent to no timeout.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the client session timeout to 6000 seconds for a remote LAN with ID 1:
(Cisco Controller) >
config remote-lan session-timeout 1 6000
Cisco Wireless Controller Command Reference, Release 8.4
981
config rfid auto-timeout config rfid auto-timeout
To configure an automatic timeout of radio frequency identification (RFID) tags, use the config rfid
auto-timeout command.
config rfid auto-timeout {enable | disable}
Syntax Description enable disable
Enables an automatic timeout.
Disables an automatic timeout.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable an automatic timeout of RFID tags:
(Cisco Controller) >
config rfid auto-timeout enable
Related Commands show rfid summary config rfid status config rfid timeout
982
Cisco Wireless Controller Command Reference, Release 8.4
config rfid status config rfid status
To configure radio frequency identification (RFID) tag data tracking, use the config rfid status command.
config rfid status {enable | disable}
Syntax Description enable disable
Enables RFID tag tracking.
Enables RFID tag tracking.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure RFID tag tracking settings:
(Cisco Controller) >
config rfid status enable
Related Commands show rfid summary config rfid auto-timeout config rfid timeout
Cisco Wireless Controller Command Reference, Release 8.4
983
config rfid timeout config rfid timeout
To configure a static radio frequency identification (RFID) tag data timeout, use the config rfid timeout command.
config rfid timeout seconds
Syntax Description
seconds
Timeout in seconds (from 60 to 7200).
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure a static RFID tag data timeout of 60 seconds:
(Cisco Controller) >
config rfid timeout 60
Related Commands show rfid summary config rfid statistics
984
Cisco Wireless Controller Command Reference, Release 8.4
config rogue ap timeout config rogue ap timeout
To specify the number of seconds after which the rogue access point and client entries expire and are removed from the list, use the config rogue ap timeout command.
config rogue ap timeout seconds
Syntax Description
seconds
Value of 240 to 3600 seconds (inclusive), with a default value of 1200 seconds.
Command Default
The default number of seconds after which the rogue access point and client entries expire is 1200 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to set an expiration time for entries in the rogue access point and client list to 2400 seconds:
(Cisco Controller) >
config rogue ap timeout 2400
Related Commands config rogue ap classify config rogue ap friendly config rogue ap rldp config rogue ap ssid config rogue rule config trapflags rogueap show rogue ap clients show rogue ap detailed show rogue ap summary show rogue ap friendly summary show rogue ap malicious summary show rogue ap unclassified summary show rogue ignore-list show rogue rule detailed
Cisco Wireless Controller Command Reference, Release 8.4
985
config rogue ap timeout show rogue rule summary
986
Cisco Wireless Controller Command Reference, Release 8.4
config route add config route add
To configure a network route from the service port to a dedicated workstation IP address range, use the config
route add command.
config route add ip_address netmask gateway
Syntax Description
ip_address netmask gateway
Network IP address.
Subnet mask for the network.
IP address of the gateway for the route network.
Command Default
None
Usage Guidelines
As on release 7.6, IP_address supports only IPv4 addresses.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports only IPv4 address format.
Examples
The following example shows how to configure a network route to a dedicated workstation IP address 10.1.1.0, subnet mask 255.255.255.0, and gateway 10.1.1.1:
(Cisco Controller) >
config route add 10.1.1.0 255.255.255.0 10.1.1.1
Cisco Wireless Controller Command Reference, Release 8.4
987
config route delete config route delete
To remove a network route from the service port, use the config route delete command.
config route delete ip_address
Syntax Description
ip_address
Network IP address.
Command Default
None
Usage Guidelines
As on release 7.6, IP_address supports only IPv4 addresses.
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports only IPv6 address format.
Examples
The following example shows how to delete a route from the network IP address 10.1.1.0:
(Cisco Controller) >
config route delete 10.1.1.0
988
Cisco Wireless Controller Command Reference, Release 8.4
config serial baudrate config serial baudrate
To set the serial port baud rate, use the config serial baudrate command.
config serial baudrate {1200 | 2400 | 4800 | 9600 | 19200 | 38400 | 57600}
Syntax Description
1200
2400
4800
9600
19200
38400
57600
Specifies the supported connection speeds to 1200.
Specifies the supported connection speeds to 2400.
Specifies the supported connection speeds to 4800.
Specifies the supported connection speeds to 9600.
Specifies the supported connection speeds to 19200.
Specifies the supported connection speeds to 38400.
Specifies the supported connection speeds to 57600.
Command Default
The default serial port baud rate is 9600.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure a serial baud rate with the default connection speed of 9600:
(Cisco Controller) >
config serial baudrate 9600
Cisco Wireless Controller Command Reference, Release 8.4
989
config serial timeout config serial timeout
To set the timeout of a serial port session, use the config serial timeout command.
config serial timeout minutes
Syntax Description
minutes
Timeout in minutes from 0 to 160. A value of 0 indicates no timeout.
Command Default
0 (no timeout)
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Use this command to set the timeout for a serial connection to the front of the Cisco wireless LAN controller from 0 to 160 minutes where 0 is no timeout.
Examples
The following example shows how to configure the timeout of a serial port session to 10 minutes:
(Cisco Controller) >
config serial timeout 10
990
Cisco Wireless Controller Command Reference, Release 8.4
config service timestamps config service timestamps
To enable or disable time stamps in message logs, use the config service timestamps command.
config service timestamps {debug | log} {datetime | disable}
Syntax Description debug log datetime disable
Configures time stamps in debug messages.
Configures time stamps in log messages.
Specifies to time-stamp message logs with the standard date and time.
Specifies to prevent message logs being time-stamped.
Command Default
By default, the time stamps in message logs are disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure time-stamp message logs with the standard date and time:
(Cisco Controller) >
config service timestamps log datetime
The following example shows how to prevent message logs being time-stamped:
(Cisco Controller) >
config service timestamps debug disable
Related Commands show logging
Cisco Wireless Controller Command Reference, Release 8.4
991
config sessions maxsessions config sessions maxsessions
To configure the number of Telnet CLI sessions allowed by the Cisco wireless LAN controller, use the config
sessions maxsessions command.
config sessions maxsessions session_num
Syntax Description
session_num
Number of sessions from 0 to 5.
Command Default
The default number of Telnet CLI sessions allowed by the Cisco WLC is 5.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Up to five sessions are possible while a setting of zero prohibits any Telnet CLI sessions.
Examples
The following example shows how to configure the number of allowed CLI sessions to 2:
(Cisco Controller) >
config sessions maxsessions 2
Related Commands show sessions
992
Cisco Wireless Controller Command Reference, Release 8.4
config sessions timeout config sessions timeout
To configure the inactivity timeout for Telnet CLI sessions, use the config sessions timeout command.
config sessions timeout timeout
Syntax Description
timeout
Timeout of Telnet session in minutes (from 0 to 160). A value of 0 indicates no timeout.
Command Default
The default inactivity timeout for Telnet CLI sessions is 5 minutes.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the inactivity timeout for Telnet sessions to 20 minutes:
(Cisco Controller) >
config sessions timeout 20
Related Commands show sessions
Cisco Wireless Controller Command Reference, Release 8.4
993
config slot config slot
To configure various slot parameters, use the config slot command.
config slot slot_id {enable | disable | channel ap | chan_width | txpower ap | antenna extAntGain
antenna_gain | rts} cisco_ap
Syntax Description
slot_id
enable disable channel ap chan_width txpower antenna extAntGain
antenna_gain
rts
cisco_ap
Slot downlink radio to which the channel is assigned. Beginning in Release 7.5
and later releases, you can configure 802.11a on slot 1 and 802.11ac on slot 2.
Enables the slot.
Disables the slot.
Configures the channel for the slot.
Configures one 802.11a Cisco access point.
Configures channel width for the slot.
Configures Tx power for the slot.
Configures the 802.11a antenna.
Configures the 802.11a external antenna gain.
External antenna gain value in .5 dBi units (such as 2.5 dBi = 5).
Configures RTS/CTS for an access point.
Name of the Cisco access point on which the channel is configured.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable slot 3 for the access point abc:
(Cisco Controller) >
config slot 3 enable abc
The following example shows how to configure RTS for the access point abc:
(Cisco Controller) >
config slot 2 rts abc
994
Cisco Wireless Controller Command Reference, Release 8.4
config switchconfig boot-break config switchconfig boot-break
To enable or disable the breaking into boot prompt by pressing the Esc key at system startup, use the config
switchconfig boot-break command.
config switchconfig boot-break {enable | disable}
Syntax Description enable disable
Enables the breaking into boot prompt by pressing the Esc key at system startup.
Disables the breaking into boot prompt by pressing the Esc key at system startup.
Command Default
By default, the breaking into boot prompt by pressing the Esc key at system startup is disabled.
Usage Guidelines
You must enable the features that are prerequisites for the Federal Information Processing Standard (FIPS) mode before enabling or disabling the breaking into boot prompt.
Examples
The following example shows how to enable the breaking into boot prompt by pressing the Esc key at system startup:
(Cisco Controller) >
config switchconfig boot-break enable
Related Commands show switchconfig config switchconfig flowcontrol config switchconfig mode config switchconfig secret-obfuscation config switchconfig fips-prerequisite config switchconfig strong-pwd
Cisco Wireless Controller Command Reference, Release 8.4
995
config switchconfig fips-prerequisite config switchconfig fips-prerequisite
To enable or disable the features that are prerequisites for the Federal Information Processing Standard (FIPS) mode, use the config switchconfig fips-prerequisite command.
config switchconfig fips-prerequisite {enable | disable}
Syntax Description enable disable
Enables the features that are prerequisites for the FIPS mode.
Disables the features that are prerequisites for the FIPS mode.
Command Default
By default, the features that are prerequisites for the FIPS mode are disabled.
Usage Guidelines
You must configure the FIPS authorization secret before you can enable or disable the FIPS prerequisite features.
Examples
The following example shows how to enable the features that are prerequisites for the FIPS mode:
(Cisco Controller) >
config switchconfig fips-prerequisite enable
Related Commands show switchconfig config switchconfig flowcontrol config switchconfig mode config switchconfig secret-obfuscation config switchconfig boot-break config switchconfig strong-pwd
996
Cisco Wireless Controller Command Reference, Release 8.4
config switchconfig ucapl config switchconfig ucapl
To configure US Department of Defense (DoD) Unified Capabilities Approved Product List (APL) certification on the controller, use the config switchconfig wlancc command.
config switchconfig ucapl {enable | disable}
Syntax Description enable disable
Enables UCAPL on the controller.
Disables UCAPL on the controller.
Command Default
None
Command History
Release
8.0
Examples
The following example shows how to enable UCAPL on the controller:
(Cisco Controller) >
config switchconfig ucapl enable
Modification
This command was introduced.
Cisco Wireless Controller Command Reference, Release 8.4
997
config switchconfig wlancc config switchconfig wlancc
To configure WLAN Common Criteria (CC) on the controller, use the config switchconfig wlancc command.
config switchconfig wlancc {enable | disable}
Syntax Description enable disable
Enables WLAN CC on the controller.
Disables WLAN CC on the controller.
Command Default
None
Command History
Examples
Release
8.0
The following example shows how to enable WLAN CC on the controller:
(Cisco Controller) >
config switchconfig wlancc enable
Modification
This command was introduced.
998
Cisco Wireless Controller Command Reference, Release 8.4
config switchconfig strong-pwd config switchconfig strong-pwd
To enable or disable your controller to check the strength of newly created passwords, use the config
switchconfig strong-pwd command.
config switchconfig strong-pwd {case-check | consecutive-check | default-check | username-check |
position-check | case-digit-check | minimum {upper-case | lower-case | digits | special-chars}
no._of_characters | min-length | password_length | lockout{mgmtuser | snmpv3user | time | attempts} |
lifetime {mgmtuser | snmpv3user} lifetime | all-checks} {enable | disable}
Syntax Description case-check consecutive-check default-check username-check position-check case-digit-check minimum upper-case lower-case digits special-chars min-length
password_length
Checks at least three combinations: lowercase characters, uppercase characters, digits, or special characters.
Checks the occurrence of the same character three times.
Checks for default values or use of their variants.
Checks whether the username is specified or not.
Checks whether the password has a four-character change from the old password.
Checks whether the password has all the four combinations: lower, upper, digits, or special characters.
Checks whether the password has a minimum number of upper case and lower case characters, digits, or special characters.
Checks whether the password has a minimum number of upper case characters.
Checks whether the password has a minimum number of lower case characters.
Checks whether the password has a minimum number of digits.
Checks whether the password has a minimum number of special characters.
Configures the minimum length for the password.
Minimum length for the password. The range is from
3 to 24 case-sensitive characters.
Cisco Wireless Controller Command Reference, Release 8.4
999
config switchconfig strong-pwd lockout mgmtuser snmpv3user time attempts lifetime mgmtuser snmpv3user
lifetime
all-checks enable disable
Command Default
None
Command History
Release
7.6
Configures the lockout feature for a management user or Simple Network Management Protocol version 3
(SNMPv3) user.
Locks out a management user when the number of successive failed attempts exceed the management user lockout attempts.
Locks out a SNMPv3 user when the number of successive failed attempts exceeds the SNMPv3 user lockout attempts.
Configures the time duration after the lockout attempts when the management user or SNMPv3 user is locked.
Configures the number of successive incorrect password attempts after which the management user or SNMPv3 user is locked.
Configures the number of days before the management user or SNMPv3 user requires a change of password due to the age of the password.
Configures the number of days before the management user requires a change of password due to the password age.
Configures the number of days before the SNMPv3 user requires a change of password due to the age of the password.
Number of days before the management user or
SNMPv3 user requirlifetimees a change of password due to the age of the password.
Checks all the cases.
Enables a strong password check for the access point and Cisco WLC.
Disables a strong password check for the access point and Cisco WLC.
Modification
This command was introduced in a release earlier than Release 7.6.
1000
Cisco Wireless Controller Command Reference, Release 8.4
config switchconfig strong-pwd
Examples
The following example shows how to enable the Strong Password Check feature:
(Cisco Controller) >
config switchconfig strong-pwd case-check enable
Related Commands show switchconfig config switchconfig flowcontrol config switchconfig mode config switchconfig secret-obfuscation config switchconfig fips-prerequisite config switchconfig boot-break
Cisco Wireless Controller Command Reference, Release 8.4
1001
config switchconfig flowcontrol config switchconfig flowcontrol
To enable or disable 802.3x flow control, use the config switchconfig flowcontrol command.
config switchconfig flowcontrol {enable | disable}
Syntax Description enable disable
Enables 802.3x flow control.
Disables 802.3x flow control.
Command Default
By default, 802.3x flow control is disabled.
Examples
The following example shows how to enable 802.3x flow control on Cisco wireless LAN controller parameters:
(Cisco Controller) >
config switchconfig flowcontrol enable
Related Commands show switchconfig
1002
Cisco Wireless Controller Command Reference, Release 8.4
config switchconfig mode config switchconfig mode
To configure Lightweight Access Port Protocol (LWAPP) transport mode for Layer 2 or Layer 3, use the
config switchconfig mode command.
config switchconfig mode {L2 | L3}
Syntax Description
L2
L3
Specifies Layer 2 as the transport mode.
Specifies Layer 3 as the transport mode.
Command Default
The default transport mode is L3.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure LWAPP transport mode to Layer 3:
(Cisco Controller) >
config switchconfig mode L3
Related Commands show switchconfig
Cisco Wireless Controller Command Reference, Release 8.4
1003
config switchconfig secret-obfuscation config switchconfig secret-obfuscation
To enable or disable secret obfuscation, use the config switchconfig secret-obfuscation command.
config switchconfig secret-obfuscation {enable | disable}
Syntax Description enable disable
Enables secret obfuscation.
Disables secret obfuscation.
Command Default
Secrets and user passwords are obfuscated in the exported XML configuration file.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
To keep the secret contents of your configuration file secure, do not disable secret obfuscation. To further enhance the security of the configuration file, enable configuration file encryption.
Examples
The following example shows how to enable secret obfuscation:
(Cisco Controller) >
config switchconfig secret-obfuscation enable
Related Commands show switchconfig
1004
Cisco Wireless Controller Command Reference, Release 8.4
config sysname config sysname
To set the Cisco wireless LAN controller system name, use the config sysname command.
config sysname name
Syntax Description
name
System name. The name can contain up to 31 alphanumeric characters.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the system named Ent_01:
(Cisco Controller) >
config sysname Ent_01
Related Commands show sysinfo
Cisco Wireless Controller Command Reference, Release 8.4
1005
config snmp community accessmode config snmp community accessmode
To modify the access mode (read only or read/write) of an SNMP community, use the config snmp community
accessmode command.
config snmp community accessmode {ro | rw} name
Syntax Description ro rw
name
Specifies a read-only mode.
Specifies a read/write mode.
SNMP community name.
Command Default
Two communities are provided by default with the following settings:
SNMP Community Name Client IP Address Client IP Mask Access Mode Status
------------------- ----------------- ---------------- ----------- -----public 0.0.0.0
0.0.0.0
Read Only Enable private 0.0.0.0
0.0.0.0
Read/Write Enable
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure read/write access mode for SNMP community:
(Cisco Controller) >
config snmp community accessmode rw private
Related Commands show snmp community config snmp community mode config snmp community create config snmp community delete config snmp community ipaddr
1006
Cisco Wireless Controller Command Reference, Release 8.4
config snmp community create config snmp community create
To create a new SNMP community, use the config snmp community create command.
config snmp community create name
Syntax Description
name
SNMP community name of up to 16 characters.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Use this command to create a new community with the default configuration.
Examples
The following example shows how to create a new SNMP community named test:
(Cisco Controller) >
config snmp community create test
Related Commands show snmp community config snmp community mode config snmp community accessmode config snmp community delete config snmp community ipaddr
Cisco Wireless Controller Command Reference, Release 8.4
1007
config snmp community delete config snmp community delete
To delete an SNMP community, use the config snmp community delete command.
config snmp community delete name
Syntax Description
name
SNMP community name.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to delete an SNMP community named test:
(Cisco Controller) >
config snmp community delete test
Related Commands show snmp community config snmp community mode config snmp community accessmode config snmp community create config snmp community ipaddr
1008
Cisco Wireless Controller Command Reference, Release 8.4
config snmp community ipaddr config snmp community ipaddr
To configure the IPv4 or IPv6 address of an SNMP community, use the config snmp community ipaddr command.
config snmp community ipaddr IP addr IPv4 mask/IPv6 Prefix lengthname
Syntax Description
IP addr
IPv4 mask/IPv6 Prefix length name
SNMP community IPv4 or IPv6 address.
SNMP community IP mask (IPv4 mask or IPv6 Prefix length). The IPv6 prefix length is from 0 to 128.
SNMP community name.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Usage Guidelines
Examples
• This command is applicable for both IPv4 and IPv6 addresses.
• This command is not applicable for default SNMP community (public, private).
The following example shows how to configure an SNMP community with the IPv4 address 10.10.10.10,
IPv4 mask 255.255.255.0, and SNMP community named comaccess:
(Cisco Controller) >
config snmp community ipaddr 10.10.10.10 255.255.255.0 comaccess
The following example shows how to configure an SNMP community with the IPv6 address 2001:9:2:16::1,
IPv6 prefix length 64, and SNMP community named comaccess:
(Cisco Controller) >
config snmp community ipaddr 2001:9:2:16::1 64 comaccess
Cisco Wireless Controller Command Reference, Release 8.4
1009
config snmp community mode config snmp community mode
To enable or disable an SNMP community, use the config snmp community mode command.
config snmp community mode {enable | disable} name
Syntax Description enable disable
name
Enables the community.
Disables the community.
SNMP community name.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the SNMP community named public:
(Cisco Controller) >
config snmp community mode disable public
Related Commands show snmp community config snmp community delete config snmp community accessmode config snmp community create config snmp community ipaddr
1010
Cisco Wireless Controller Command Reference, Release 8.4
config snmp engineID config snmp engineID
To configure the SNMP engine ID, use the config snmp engineID command.
config snmp engineID {engine_id | default}
Syntax Description
engine_id
default
Engine ID in hexadecimal characters (a minimum of 10 and a maximum of 24 characters are allowed).
Restores the default engine ID.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The SNMP engine ID is a unique string used to identify the device for administration purposes. You do need to specify an engine ID for the device because a default string is automatically generated using Cisco’s enterprise number and the MAC address of the first interface on the device.
If you change the engine ID, then a reboot is required for the change to take effect.
Caution If you change the value of the SNMP engine ID, then the password of the user entered on the command line is converted to an MD5 (Message-Digest algorithm 5) or SHA (Secure Hash Algorithm) security digest.
This digest is based on both the password and the local engine ID. The command line password is then deleted.
Because of this deletion, if the local value of the engine ID changes, the security digests of the SNMP users will become invalid, and the users will have to be reconfigured.
Examples
The following example shows how to configure the SNMP engine ID with the value fffffffffff:
(Cisco Controller) >
config snmp engineID fffffffffff
Related Commands show snmpengineID
Cisco Wireless Controller Command Reference, Release 8.4
1011
config snmp syscontact config snmp syscontact
To set the SNMP system contact name, use the config snmp syscontact command.
config snmp syscontact contact
Syntax Description
contact
SNMP system contact name. Valid value can be up to 255 printable characters.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to set the SMNP system contact named Cisco WLAN
Solution_administrator:
(Cisco Controller) >
config snmp syscontact Cisco WLAN Solution_administrator
1012
Cisco Wireless Controller Command Reference, Release 8.4
config snmp syslocation config snmp syslocation
To configure the SNMP system location name, use the config snmp syslocation command.
config snmp syslocation location
Syntax Description
location
SNMP system location name. Valid value can be up to 255 printable characters.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the SNMP system location name to Building_2a:
(Cisco Controller) >
config snmp syslocation Building_2a
Cisco Wireless Controller Command Reference, Release 8.4
1013
config snmp trapreceiver create config snmp trapreceiver create
To configure a server to receive SNMP traps, use the config snmp trapreceiver create command.
config snmp trapreceiver create name IP addr
Syntax Description
name
IP addr
SNMP community name. The name contain up to 31 characters.
Configure the IPv4 or IPv6 address of where to send SNMP traps.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Usage Guidelines
The IPv4 or IPv6 address must be valid for the command to add the new server.
Examples
The following example shows how to add a new SNMP trap receiver with the SNMP trap receiver named test and IP address 10.1.1.1:
(Cisco Controller) >
config snmp trapreceiver create test 10.1.1.1
The following example shows how to add a new SNMP trap receiver with the SNMP trap receiver named test and IP address 2001:10:1:1::1:
(Cisco Controller) >
config snmp trapreceiver create test 2001:10:1:1::1
1014
Cisco Wireless Controller Command Reference, Release 8.4
config snmp trapreceiver delete config snmp trapreceiver delete
To delete a server from the trap receiver list, use the config snmp trapreceiver delete command.
config snmp trapreceiver delete name
Syntax Description
name
SNMP community name. The name can contain up to 16 characters.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to delete a server named test from the SNMP trap receiver list:
(Cisco Controller) >
config snmp trapreceiver delete test
Related Commands show snmp trap
Cisco Wireless Controller Command Reference, Release 8.4
1015
config snmp trapreceiver mode config snmp trapreceiver mode
To send or disable sending traps to a selected server, use the config snmp trapreceiver mode command.
config snmp trapreceiver mode {enable | disable} name
Syntax Description enable disable
name
Enables an SNMP trap receiver.
Disables an SNMP trap receiver.
SNMP community name.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This command enables or disables the Cisco wireless LAN controller from sending the traps to the selected server.
Examples
The following example shows how to disable an SNMP trap receiver from sending traps to a server named server1:
(Cisco Controller) >
config snmp trapreceiver mode disable server1
Related Commands show snmp trap
1016
Cisco Wireless Controller Command Reference, Release 8.4
config snmp v3user create config snmp v3user create
To create a version 3 SNMP user, use the config snmp v3user create command.
config snmp v3user create username {ro | rw} {none | hmacmd5 | hmacsha} {none | des | aescfb128}
[auth_key] [encrypt_key]
Syntax Description
username
ro rw none hmacmd5 hmacsha none des aescfb128
auth_key encrypt_key
Version 3 SNMP username.
Specifies a read-only user privilege.
Specifies a read-write user privilege.
Specifies if no authentication is required.
Specifies Hashed Message Authentication
Coding Message Digest 5 (HMAC-MD5) for authentication.
Specifies Hashed Message Authentication
Coding-Secure Hashing Algorithm
(HMAC-SHA) for authentication.
Specifies if no encryption is required.
Specifies to use Cipher Block
Chaining-Digital Encryption Standard
(CBC-DES) encryption.
Specifies to use Cipher Feedback
Mode-Advanced Encryption Standard-128
(CFB-AES-128) encryption.
(Optional) Authentication key for the
HMAC-MD5 or HMAC-SHA authentication protocol.
(Optional) Encryption key for the CBC-DES or CFB-AES-128 encryption protocol.
Command Default
SNMP v3 username AccessMode Authentication Encryption
-------------------- ------------- -------------- ----------default Read/Write HMAC-SHA CFB-AES
Cisco Wireless Controller Command Reference, Release 8.4
1017
config snmp v3user create
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to add an SNMP username named test with read-only privileges and no encryption or authentication:
(Cisco Controller) >
config snmp v3user create test ro none none
Related Commands show snmpv3user
1018
Cisco Wireless Controller Command Reference, Release 8.4
config snmp v3user delete config snmp v3user delete
To delete a version 3 SNMP user, use the config snmp v3user delete command.
config snmp v3user delete username
Syntax Description
username
Username to delete.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to remove an SNMP user named test:
(Cisco Controller) >
config snmp v3user delete test
Related Commands show snmp v3user
Cisco Wireless Controller Command Reference, Release 8.4
1019
config snmp version config snmp version
To enable or disable selected SNMP versions, use the config snmp version command.
config snmp version {v1 | v2 | v3} {enable | disable}
Syntax Description v1 v2 v3 enable disable
Specifies an SNMP version to enable or disable.
Specifies an SNMP version to enable or disable.
Specifies an SNMP version to enable or disable.
Enables a specified version.
Disables a specified version.
Command Default
By default, all the SNMP versions are enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable SNMP version v1:
(Cisco Controller) >
config snmp version v1 enable
Related Commands show snmpversion
1020
Cisco Wireless Controller Command Reference, Release 8.4
config tacacs acct config tacacs acct
To configure TACACS+ accounting server settings, use the config tacacs acct command.
config tacacs acct {add1-3 IP addr port ascii/hex secret | delete 1-3 | disable 1-3 | enable 1-3 |
server-timeout 1-3 seconds}
Syntax Description add
1-3
IP addr port ascii/hex secret
delete disable enable server-timeout
seconds
Adds a new TACACS+ accounting server.
Specifies TACACS+ accounting server index from 1 to 3.
Specifies IPv4 or IPv6 address of the TACACS+ accounting server.
Specifies TACACS+ Server's TCP port.
Specifies type of TACACS+ server's secret being used
(ASCII or HEX).
Specifies secret key in ASCII or hexadecimal characters.
Deletes a TACACS+ server.
Disables a TACACS+ server.
Enables a TACACS+ server.
Changes the default server timeout for the TACACS+ server.
Specifies the number of seconds before the TACACS+ server times out. The server timeout range is from 5 to 30 seconds.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Cisco Wireless Controller Command Reference, Release 8.4
1021
config tacacs acct
Examples
The following example shows how to add a new TACACS+ accounting server index 1 with the IPv4 address
10.0.0.0, port number 49, and secret key 12345678 in ASCII:
(Cisco Controller) >
config tacacs acct add 1 10.0.0.0 10 ascii 12345678
The following example shows how to add a new TACACS+ accounting server index 1 with the IPv6 address
2001:9:6:40::623, port number 49, and secret key 12345678 in ASCII:
(Cisco Controller) >
config tacacs acct add 1 2001:9:6:40::623 10 ascii 12345678
The following example shows how to configure the server timeout of 5 seconds for the TACACS+ accounting server:
(Cisco Controller) >
config tacacs acct server-timeout 1 5
1022
Cisco Wireless Controller Command Reference, Release 8.4
config tacacs athr config tacacs athr
To configure TACACS+ authorization server settings, use the config tacacs athr command.
config tacacs athr {add1-3 IP addr port ascii/hex secret | delete 1-3 | disable 1-3 | enable 1-3 |
mgmt-server-timeout 1-3 seconds | server-timeout 1-3 seconds}
Syntax Description add
1-3
IP addr port ascii/hex secret
delete disable enable
mgmt-server-timeout 1-3seconds
server-timeout 1-3 seconds
Adds a new TACACS+ authorization server (IPv4 or
IPv6).
TACACS+ server index from 1 to 3.
TACACS+ authorization server IP address (IPv4 or
IPv6).
TACACS+ server TCP port.
Type of secret key being used (ASCII or HEX).
Secret key in ASCII or hexadecimal characters.
Deletes a TACACS+ server.
Disables a TACACS+ server.
Enables a TACACS+ server.
Changes the default management login server timeout for the server. The number of seconds before server times out is from 1 to 30 seconds.
Changes the default network login server timeout for the server. The number of seconds before server times out is from 5 to 30 seconds.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Cisco Wireless Controller Command Reference, Release 8.4
1023
config tacacs athr
Examples
The following example shows how to add a new TACACS+ authorization server index 1 with the IPv4 address
10.0.0.0, port number 49, and secret key 12345678 in ASCII:
(Cisco Controller) >
config tacacs athr add 1 10.0.0.0 49 ascii 12345678
The following example shows how to add a new TACACS+ authorization server index 1 with the IPv6 address
2001:9:6:40::623, port number 49, and secret key 12345678 in ASCII:
(Cisco Controller) >
config tacacs athr add 1 2001:9:6:40::623 49 ascii 12345678
The following example shows how to configure the retransmit timeout of 5 seconds for the TACACS+ authorization server:
(Cisco Controller) >
config tacacs athr server-timeout 1 5
1024
Cisco Wireless Controller Command Reference, Release 8.4
config tacacs athr mgmt-server-timeout config tacacs athr mgmt-server-timeout
To configure a default TACACS+ authorization server timeout for management users, use the config tacacs
athr mgmt-server-timeout command.
config tacacs athr mgmt-server-timeout index timeout
Syntax Description
index timeout
TACACS+ authorization server index.
Timeout value. The range is 1 to 30 seconds.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure a default TACACS+ authorization server timeout for management users:
(Cisco Controller) >
config tacacs athr mgmt-server-timeout 1 10
Related Commands config tacacs athr
Cisco Wireless Controller Command Reference, Release 8.4
1025
config tacacs auth config tacacs auth
To configure TACACS+ authentication server settings, use the config tacacs auth command.
config tacacs auth{ add1-3 IP addr port ascii/hex secret | delete 1-3 | disable 1-3 | enable 1-3 |
mgmt-server-timeout 1-3 seconds | server-timeout 1-3seconds}
Syntax Description add
1-3
IP addr port ascii/hex secret
delete disable enable
mgmt-server-timeout 1-3 seconds
server-timeout 1-3 seconds
Adds a new TACACS+ accounting server.
TACACS+ accounting server index from 1 to 3.
IP address for the TACACS+ accounting server.
Controller port used for the TACACS+ accounting server.
Type of secret key being used (ASCII or HEX).
Secret key in ASCII or hexadecimal characters.
Deletes a TACACS+ server.
Disables a TACACS+ server.
Enables a TACACS+ server.
Changes the default management login server timeout for the server. The number of seconds before server times out is from 1 to 30 seconds.
Changes the default network login server timeout for the server. The number of seconds before server times out is from 5 to 30 seconds.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
1026
Cisco Wireless Controller Command Reference, Release 8.4
config tacacs auth
Examples
The following example shows how to add a new TACACS+ authentication server index 1 with the IPv4 address 10.0.0.3, port number 49, and secret key 12345678 in ASCII:
(Cisco Controller) >
config tacacs auth add 1 10.0.0.3 49 ascii 12345678
The following example shows how to add a new TACACS+ authentication server index 1 with the IPv6 address 2001:9:6:40::623, port number 49, and secret key 12345678 in ASCII:
(Cisco Controller) >
config tacacs auth add 1 2001:9:6:40::623 49 ascii 12345678
The following example shows how to configure the server timeout for TACACS+ authentication server:
(Cisco Controller) >
config tacacs auth server-timeout 1 5
Cisco Wireless Controller Command Reference, Release 8.4
1027
config tacacs auth mgmt-server-timeout config tacacs auth mgmt-server-timeout
To configure a default TACACS+ authentication server timeout for management users, use the config tacacs
auth mgmt-server-timeout command.
config tacacs auth mgmt-server-timeout index timeout
Syntax Description
index timeout
TACACS+ authentication server index.
Timeout value. The range is 1 to 30 seconds.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure a default TACACS+ authentication server timeout for management users:
(Cisco Controller) >
config tacacs auth mgmt-server-timeout 1 10
Related Commands config tacacs auth
1028
Cisco Wireless Controller Command Reference, Release 8.4
config tacacs dns config tacacs dns
To retrieve the TACACS IP information from a DNS server, use the config radius dns command.
config radius dns {global port {ascii | hex} secret | query url timeout | serverip ip_address | disable |
enable}
Syntax Description global
port ascii hex secret
query
url timeout
serverip
ip_address
disable enable
Configures the global port and secret to retrieve the TACACS IP information from a DNS server.
Port number for authentication. The range is from 1 to 65535. All the DNS servers should use the same authentication port.
Format of the shared secret that you should set to ASCII.
Format of the shared secret that you should set to hexadecimal.
TACACS server login secret.
Configures the fully qualified domain name (FQDN) of the TACACS server and
DNS timeout.
FQDN of the TACACS server. The FQDN can be up to 63 case-sensitive, alphanumeric characters.
Maximum time that the Cisco Wireless LAN Controller (WLC) waits for, in days, before timing out a request and resending it. The range is from 1 to 180.
Configures the DNS server IP address.
DNS server IP address.
Disables the TACACS DNS feature. The default is disabled.
Enables the Cisco WLC to retrieve the TACACS IP information from a DNS server.
Command Default
You cannot retrieve the TACACS IP information from a DNS server.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
1029
config tacacs dns
Usage Guidelines
The accounting port is derived from the authentication port. All the DNS servers should use the same secret.
When you enable a DNS query, the static configurations will be overridden. The DNS list overrides the static
AAA list.
Examples
The following example shows how to enable the TACACS DNS feature on the Cisco WLC:
(Cisco Controller) >
config tacacs dns enable
1030
Cisco Wireless Controller Command Reference, Release 8.4
config tacacs fallback-test interval config tacacs fallback-test interval
To configure TACACS+ probing interval, use the config tacacs fallback-test interval command.
config tacacs fallback-test interval { seconds }
Syntax Description
seconds
TACACS+ probing interval in seconds. Disable is 0,
Range from 180 to 3600 seconds.
Command Default
None
Command History
Examples
Release
8.2
Modification
This command was introduced in this release.
The following example shows how to configure TACACS+ probing interval:
(Cisco Controller) >
config tacacs fallback-test interval 200
Cisco Wireless Controller Command Reference, Release 8.4
1031
config time manual config time manual
To set the system time, use the config time manual command.
config time manual MM |DD | YY HH:MM:SS
Syntax Description
MM/DD/YY
HH:MM:SS
Date.
Time.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the system date to 04/04/2010 and time to 15:29:00:
(Cisco Controller) >
config time manual 04/04/2010 15:29:00
Related Commands show time
1032
Cisco Wireless Controller Command Reference, Release 8.4
config time ntp config time ntp
To set the Network Time Protocol (NTP), use the config time ntp command.
config time ntp {auth {enable server-index key-index | disable server-index} | interval interval | key-auth
{add key-index md5 {ascii | hex} key} | delete key-index} | server index IP Address}
Syntax Description add md5 ascii hex
key
auth enable
server-index key-index
disable interval
interval
key-auth delete server
IP Address
Configures the NTP authentication.
Enables the NTP authentication.
NTP server index.
Key index between 1 and 4294967295.
Disables the NTP authentication.
Configures the NTP polling interval.
NTP polling interval in seconds. The range is from 3600 and 604800 seconds.
Configures the NTP authentication key.
Adds an NTP authentication key.
Specifies the authentication protocol.
Specifies the ASCII key type.
Specifies the hexadecimal key type.
Specifies the ASCII key format with a maximum of 16 characters or the hexadecimal key format with a maximum of 32 digits.
Deletes an NTP authentication key.
Configures the NTP servers.
NTP server's IP address. Use 0.0.0.0 or :: to delete entry.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
1033
config time ntp
Release
8.0
Modification
This command supports both IPv4 and IPv6 address formats.
Usage Guidelines
Examples
• To add the NTP server to the controller, use the config time ntp server index IP Address command.
• To delete the NTP server (IPv4) from the controller, use the config time ntp serverindex 0.0.0.0 command.
• To delete the NTP server (IPv6) from the controller, use the config time ntp serverindex :: command.
• To display configured NTP server on the controller, use the show time command.
The following example shows how to configure the NTP polling interval to 7000 seconds:
(Cisco Controller) >
config time ntp interval 7000
The following example shows how to enable NTP authentication where the server index is 4 and the key index is 1:
(Cisco Controller) >
config time ntp auth enable 4 1
The following example shows how to add an NTP authentication key of value ff where the key format is in hexadecimal characters and the key index is 1:
(Cisco Controller) >
config time ntp key-auth add 1 md5 hex ff
The following example shows how to add an NTP authentication key of value ff where the key format is in
ASCII characters and the key index is 1:
(Cisco Controller) >
config time ntp key-auth add 1 md5 ascii ciscokey
The following example shows how to add NTP servers and display the servers configured to controllers:
(Cisco Controller) >
config time ntp server 1 10.92.125.52
(Cisco Controller) >
config time ntp server 2 2001:9:6:40::623
(Cisco Controller) >
show time
Time............................................. Fri May 23 12:04:18 2014
Timezone delta................................... 0:0
Timezone location................................ (GMT +5:30) Colombo, New Delhi, Chennai,
Kolkata
NTP Servers
NTP Polling Interval......................... 3600
Index NTP Key Index NTP Server NTP Msg Auth Status
------- --------------------------------------------------
1
2
1
1
10.92.125.52
2001:9:6:40::623
AUTH SUCCESS
AUTH SUCCESS
The following example shows how to delete NTP servers and verify that the servers are deleted removed from the NTP server list:
(Cisco Controller) >
config time ntp server 1 0.0.0.0
(Cisco Controller) >
config time ntp server 2 ::
(Cisco Controller) >
show time
1034
Cisco Wireless Controller Command Reference, Release 8.4
config time ntp
Time............................................. Fri May 23 12:04:18 2014
Timezone delta................................... 0:0
Timezone location................................ (GMT +5:30) Colombo, New Delhi, Chennai,
Kolkata
NTP Servers
NTP Polling Interval......................... 3600
Index NTP Key Index NTP Server NTP Msg Auth Status
------- --------------------------------------------------
Cisco Wireless Controller Command Reference, Release 8.4
1035
config time timezone config time timezone
To configure the system time zone, use the config time timezone command.
config time timezone {enable | disable} delta_hours delta_mins
Syntax Description enable disable
delta_hours delta_mins
Enables daylight saving time.
Disables daylight saving time.
Local hour difference from the Universal Coordinated Time (UCT).
Local minute difference from UCT.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the daylight saving time:
(Cisco Controller) >
config time timezone enable 2 0
Related Commands show time
1036
Cisco Wireless Controller Command Reference, Release 8.4
config time timezone location config time timezone location
To set the location of the time zone in order to have daylight saving time set automatically when it occurs, use the config time timezone location command.
config time timezone location location_index
Cisco Wireless Controller Command Reference, Release 8.4
1037
config time timezone location
Syntax Description
location_index
Number representing the time zone required. The time zones are as follows:
• (GMT-12:00) International Date Line West
• (GMT-11:00) Samoa
• (GMT-10:00) Hawaii
• (GMT-9:00) Alaska
• (GMT-8:00) Pacific Time (US and Canada)
• (GMT-7:00) Mountain Time (US and Canada)
• (GMT-6:00) Central Time (US and Canada)
• (GMT-5:00) Eastern Time (US and Canada)
• (GMT-4:00) Atlantic Time (Canada)
• (GMT-3:00) Buenos Aires (Argentina)
• (GMT-2:00) Mid-Atlantic
• (GMT-1:00) Azores
• (GMT) London, Lisbon, Dublin, Edinburgh (default value)
• (GMT +1:00) Amsterdam, Berlin, Rome, Vienna
• (GMT +2:00) Jerusalem
• (GMT +3:00) Baghdad
• (GMT +4:00) Muscat, Abu Dhabi
• (GMT +4:30) Kabul
• (GMT +5:00) Karachi, Islamabad, Tashkent
• (GMT +5:30) Colombo, Kolkata, Mumbai, New Delhi
• (GMT +5:45) Katmandu
• (GMT +6:00) Almaty, Novosibirsk
• (GMT +6:30) Rangoon
• (GMT +7:00) Saigon, Hanoi, Bangkok, Jakatar
• (GMT +8:00) Hong Kong, Bejing, Chongquing
• (GMT +9:00) Tokyo, Osaka, Sapporo
• (GMT +9:30) Darwin
• (GMT+10:00) Sydney, Melbourne, Canberra
• (GMT+11:00) Magadan, Solomon Is., New Caledonia
• (GMT+12:00) Kamchatka, Marshall Is., Fiji
• (GMT+12:00) Auckland (New Zealand)
1038
Cisco Wireless Controller Command Reference, Release 8.4
config time timezone location
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the location of the time zone in order to set the daylight saving time to location index 10 automatically:
(Cisco Controller) >
config time timezone location 10
Related Commands show time
Cisco Wireless Controller Command Reference, Release 8.4
1039
config trapflags 802.11-Security config trapflags 802.11-Security
To enable or disable sending 802.11 security-related traps, use the config trapflags 802.11-Security command.
config trapflags 802.11-Security wepDecryptError {enable | disable}
Syntax Description enable disable
Enables sending 802.11 security-related traps.
Disables sending 802.11 security-related traps.
Command Default
By default, sending the 802.11 security-related traps is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to disable the 802.11 security related traps:
(Cisco Controller) >
config trapflags 802.11-Security wepDecryptError disable
Related Commands show trapflags
1040
Cisco Wireless Controller Command Reference, Release 8.4
config trapflags aaa config trapflags aaa
To enable or disable the sending of AAA server-related traps, use the config trapflags aaa command.
config trapflags aaa {auth | servers} {enable | disable}
Syntax Description auth servers enable disable
Enables trap sending when an AAA authentication failure occurs for management user, net user, or MAC filter.
Enables trap sending when no RADIUS servers are responding.
Enables the sending of AAA server-related traps.
Disables the sending of AAA server-related traps.
Command Default
By default, the sending of AAA server-related traps is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the sending of AAA server-related traps:
(Cisco Controller) >
config trapflags aaa auth enable
Related Commands show watchlist
Cisco Wireless Controller Command Reference, Release 8.4
1041
config trapflags adjchannel-rogueap config trapflags adjchannel-rogueap
To configure trap notifications when a rogue access point is detected at the adjacent channel, use the config
trapflags adjchannel-rogueap command.
config trapflags adjchannel-rogueap {enable | disable}
Syntax Description enable disable
Enables trap notifications when a rogue access point is detected at the adjacent channel.
Disables trap notifications when a rogue access point is detected at the adjacent channel.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable trap notifications when a rogue access point is detected at the adjacent channel:
(Cisco Controller) >
config trapflags adjchannel-rogueap enable
Related Commands config trapflags 802.11-Security config trapflags aaa config trapflags ap config trapflags authentication config trapflags client config trapflags configsave config trapflags IPsec config trapflags linkmode config trapflags multiusers config trapflags mesh config trapflags strong-pwdcheck config trapflags rfid config trapflags rogueap
1042
Cisco Wireless Controller Command Reference, Release 8.4
show trapflags config trapflags adjchannel-rogueap
Cisco Wireless Controller Command Reference, Release 8.4
1043
config trapflags ap config trapflags ap
To enable or disable the sending of Cisco lightweight access point traps, use the config trapflags ap command.
config trapflags ap {register | interfaceUp} {enable | disable}
Syntax Description register interfaceUp enable disable
Enables sending a trap when a Cisco lightweight access point registers with Cisco switch.
Enables sending a trap when a Cisco lightweight access point interface (A or B) comes up.
Enables sending access point-related traps.
Disables sending access point-related traps.
Command Default
By default, the sending of Cisco lightweight access point traps is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to prevent traps from sending access point-related traps:
(Cisco Controller) >
config trapflags ap register disable
Related Commands show trapflags
1044
Cisco Wireless Controller Command Reference, Release 8.4
config trapflags authentication config trapflags authentication
To enable or disable sending traps with invalid SNMP access, use the config trapflags authentication command.
config trapflags authentication {enable | disable}
Syntax Description enable disable
Enables sending traps with invalid SNMP access.
Disables sending traps with invalid SNMP access.
Command Default
By default, the sending traps with invalid SNMP access is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to prevent sending traps on invalid SNMP access:
(Cisco Controller) >
config trapflags authentication disable
Related Commands show trapflags
Cisco Wireless Controller Command Reference, Release 8.4
1045
config trapflags client config trapflags client
To enable or disable the sending of client-related DOT11 traps, use the config trapflags client command.
config trapflags client {802.11-associate 802.11-disassociate | 802.11-deauthenticate | 802.11-authfail |
802.11-assocfail | authentication | excluded} {enable | disable}
Syntax Description
802.11-associate
802.11-disassociate
802.11-deauthenticate
802.11-authfail
802.11-assocfail authentication excluded enable disable
Enables the sending of Dot11 association traps to clients.
Enables the sending of Dot11 disassociation traps to clients.
Enables the sending of Dot11 deauthentication traps to clients.
Enables the sending of Dot11 authentication fail traps to clients.
Enables the sending of Dot11 association fail traps to clients.
Enables the sending of authentication success traps to clients.
Enables the sending of excluded trap to clients.
Enables sending of client-related DOT11 traps.
Disables sending of client-related DOT11 traps.
Command Default
By default, the sending of client-related DOT11 traps is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the sending of Dot11 disassociation trap to clients:
(Cisco Controller) >
config trapflags client 802.11-disassociate enable
Related Commands show trapflags
1046
Cisco Wireless Controller Command Reference, Release 8.4
config trapflags client max-warning-threshold config trapflags client max-warning-threshold
To configure the threshold value of the number of clients that associate with the controller, after which an
SNMP trap and a syslog message is sent to the controller, use the config trapflags client
max-warning-threshold command.
config trapflags client max-warning-threshold {threshold | enable | disable}
Syntax Description threshold enable disable
Configures the threshold percentage value of the number of clients that associate with the controller, after which an SNMP trap and a syslog message is sent to the controller. The range is from 80 to 100.
The minimum interval between two warnings is 10 mins You cannot configure this interval.
Enables the generation of the traps and syslog messages.
Disables the generation of the traps and syslog messages.
Command Default
The default threshold value of the number of clients that associate with the controller is 90 %.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This table lists the maximum number of clients for different controllers.
Table 9: Maximum Number of Clients Supported on Different Controllers
Controller
Cisco 5500 Series Controllers
Cisco 2500 Series Controllers
Cisco Wireless Services Module 2
Cisco Flex 7500 Series Controllers
Cisco 8500 Series Controllers
Cisco Virtual Wireless LAN Controllers
Maximum Number of Supported Clients
7000
500
15000
64000
64000
30000
Cisco Wireless Controller Command Reference, Release 8.4
1047
config trapflags client max-warning-threshold
Examples
The following example shows how to configure the threshold value of the number of clients that associate with the controller:
(Cisco Controller) >
config trapflags client max-warning-threshold 80
Related Commands show trapflags config trapflags client
1048
Cisco Wireless Controller Command Reference, Release 8.4
config trapflags configsave config trapflags configsave
To enable or disable the sending of configuration-saved traps, use the config trapflags configsave command.
config trapflags configsave {enable | disable}
Syntax Description enable disable
Enables sending of configuration-saved traps.
Disables the sending of configuration-saved traps.
Command Default
By default, the sending of configuration-saved traps is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the sending of configuration-saved traps:
(Cisco Controller) >
config trapflags configsave enable
Related Commands show trapflags
Cisco Wireless Controller Command Reference, Release 8.4
1049
config trapflags IPsec config trapflags IPsec
To enable or disable the sending of IPsec traps, use the config trapflags IPsec command.
config trapflags IPsec {esp-auth | esp-reply | invalidSPI | ike-neg | suite-neg | invalid-cookie} {enable |
disable}
Syntax Description esp-auth esp-reply invalidSPI ike-neg suite-neg invalid-cookie enable disable
Enables the sending of IPsec traps when an ESP authentication failure occurs.
Enables the sending of IPsec traps when an ESP replay failure occurs.
Enables the sending of IPsec traps when an ESP invalid SPI is detected.
Enables the sending of IPsec traps when an IKE negotiation failure occurs.
Enables the sending of IPsec traps when a suite negotiation failure occurs.
Enables the sending of IPsec traps when a Isakamp invalid cookie is detected.
Enables sending of IPsec traps.
Disables sending of IPsec traps.
Command Default
By default, the sending of IPsec traps is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the sending of IPsec traps when ESP authentication failure occurs:
(Cisco Controller) >
config trapflags IPsec esp-auth enable
Related Commands show trapflags
1050
Cisco Wireless Controller Command Reference, Release 8.4
config trapflags linkmode config trapflags linkmode
To enable or disable Cisco wireless LAN controller level link up/down trap flags, use the config trapflags
linkmode command.
config trapflags linkmode {enable | disable}
Syntax Description enable disable
Enables Cisco wireless LAN controller level link up/down trap flags.
Disables Cisco wireless LAN controller level link up/down trap flags.
Command Default
By default, the Cisco WLC level link up/down trap flags are enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the Cisco wireless LAN controller level link up/down trap:
(Cisco Controller) >
config trapflags linkmode disable
Related Commands show trapflags
Cisco Wireless Controller Command Reference, Release 8.4
1051
config trapflags mesh config trapflags mesh
To configure trap notifications when a mesh access point is detected, use the config trapflags mesh command.
config trapflags mesh {enable | disable}
Syntax Description enable disable
Enables trap notifications when a mesh access point is detected.
Disables trap notifications when a mesh access point is detected.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable trap notifications when a mesh access point is detected:
(Cisco Controller) >
config trapflags mesh enable
Related Commands config trapflags 802.11-Security config trapflags aaa config trapflags ap config trapflags adjchannel-rogueap config trapflags authentication config trapflags client config trapflags configsave config trapflags IPsec config trapflags linkmode config trapflags multiusers config trapflags strong-pwdcheck config trapflags rfid config trapflags rogueap show trapflags
1052
Cisco Wireless Controller Command Reference, Release 8.4
config trapflags multiusers config trapflags multiusers
To enable or disable the sending of traps when multiple logins are active, use the config trapflags multiusers command.
config trapflags multiusers {enable | disable}
Syntax Description enable disable
Enables the sending of traps when multiple logins are active.
Disables the sending of traps when multiple logins are active.
Command Default
By default, the sending of traps when multiple logins are active is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to disable the sending of traps when multiple logins are active:
(Cisco Controller) >
config trapflags multiusers disable
Related Commands show trapflags
Cisco Wireless Controller Command Reference, Release 8.4
1053
config trapflags rfid config trapflags rfid
To configure the threshold value of the maximum number of radio frequency identification (RFID) tags, after which an SNMP trap and a syslog message is sent to the controller, use the config trapflags rfid command.
config trapflags rfid {threshold | enable | disable}
Syntax Description threshold enable disable
Configures the threshold percentage value of the maximum number of RFID tags, after which an SNMP trap and a syslog message is sent to the controller. The range is from 80 to 100.
The traps and syslog messages are generated every 10 minutes. You cannot configure this interval.
Enables the generation of the traps and syslog messages.
Disables the generation of the traps and syslog messages.
Command Default
The default threshold value of the maximum number of RFID tags is 90 %.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The following table shows the maximum number of RFID tags supported on different controllers:
Table 10: Maximum Number of RFID Tags Supported on Different Controllers
Controller
Cisco 5500 Series Controllers
Cisco 2500 Series Controllers
Cisco Wireless Services Module 2
Cisco Flex 7500 Series Controllers
Cisco 8500 Series Controllers
Cisco Virtual Wireless LAN Controllers
Maximum Number of Supported Clients
5000
500
10000
50000
50000
3000
1054
Cisco Wireless Controller Command Reference, Release 8.4
config trapflags rfid
Examples
The following example shows how to configure the threshold value of the maximum number of RFID tags:
(Cisco Controller) >
config trapflags rfid 80
Related Commands config trapflags 802.11-Security config trapflags aaa config trapflags ap config trapflags adjchannel-rogueap config trapflags authentication config trapflags client config trapflags configsave config trapflags IPsec config trapflags linkmode config trapflags multiusers config trapflags mesh config trapflags strong-pwdcheck config trapflags rogueap config trapflags mesh show trapflags
Cisco Wireless Controller Command Reference, Release 8.4
1055
config trapflags rogueap config trapflags rogueap
To enable or disable sending rogue access point detection traps, use the config trapflags rogueap command.
config trapflags rogueap {enable | disable}
Syntax Description enable disable
Enables the sending of rogue access point detection traps.
Disables the sending of rogue access point detection traps.
Command Default
By default, the sending of rogue access point detection traps is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to disable the sending of rogue access point detection traps:
(Cisco Controller) >
config trapflags rogueap disable
Related Commands config rogue ap classify config rogue ap friendly config rogue ap rldp config rogue ap ssid config rogue ap timeout config rogue ap valid-client show rogue ap clients show rogue ap detailed show rogue ap summary show rogue ap friendly summary show rogue ap malicious summary show rogue ap unclassified summary show trapflags
1056
Cisco Wireless Controller Command Reference, Release 8.4
config trapflags rrm-params config trapflags rrm-params
To enable or disable the sending of Radio Resource Management (RRM) parameters traps, use the config
trapflags rrm-params command.
config trapflags rrm-params {tx-power | channel | antenna} {enable | disable}
Syntax Description tx-power channel antenna enable disable
Enables trap sending when the RF manager automatically changes the tx-power level for the Cisco lightweight access point interface.
Enables trap sending when the RF manager automatically changes the channel for the Cisco lightweight access point interface.
Enables trap sending when the RF manager automatically changes the antenna for the Cisco lightweight access point interface.
Enables the sending of RRM parameter-related traps.
Disables the sending of RRM parameter-related traps.
Command Default
By default, the sending of RRM parameters traps is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the sending of RRM parameter-related traps:
(Cisco Controller) >
config trapflags rrm-params tx-power enable
Related Commands show trapflags
Cisco Wireless Controller Command Reference, Release 8.4
1057
config trapflags rrm-profile config trapflags rrm-profile
To enable or disable the sending of Radio Resource Management (RRM) profile-related traps, use the config
trapflags rrm-profile command.
config trapflags rrm-profile {load | noise | interference | coverage} {enable | disable}
Syntax Description load noise interference coverage enable disable
Enables trap sending when the load profile maintained by the RF manager fails.
Enables trap sending when the noise profile maintained by the RF manager fails.
Enables trap sending when the interference profile maintained by the RF manager fails.
Enables trap sending when the coverage profile maintained by the RF manager fails.
Enables the sending of RRM profile-related traps.
Disables the sending of RRM profile-related traps.
Command Default
By default, the sending of RRM profile-related traps is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to disable the sending of RRM profile-related traps:
(Cisco Controller) >
config trapflags rrm-profile load disable
Related Commands show trapflags
1058
Cisco Wireless Controller Command Reference, Release 8.4
config trapflags stpmode config trapflags stpmode
To enable or disable the sending of spanning tree traps, use the config trapflags stpmode command.
config trapflags stpmode {enable | disable}
Syntax Description enable disable
Enables the sending of spanning tree traps.
Disables the sending of spanning tree traps.
Command Default
By default, the sending of spanning tree traps is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to disable the sending of spanning tree traps:
(Cisco Controller) >
config trapflags stpmode disable
Related Commands show trapflags
Cisco Wireless Controller Command Reference, Release 8.4
1059
config trapflags strong-pwdcheck config trapflags strong-pwdcheck
To configure trap notifications for strong password checks, use the config trapflags strong-pwdcheck command.
config trapflags strong-pwdcheck {enable | disable}
Syntax Description enable disable
Enables trap notifications for strong password checks.
Disables trap notifications for strong password checks.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable trap notifications for strong password checks:
(Cisco Controller) >
config trapflags strong-pwdcheck enable
Related Commands config trapflags 802.11-Security config trapflags aaa config trapflags ap config trapflags adjchannel-rogueap config trapflags authentication config trapflags client config trapflags configsave config trapflags IPsec config trapflags linkmode config trapflags multiusers config trapflags mesh config trapflags rfid config trapflags rogueap show trapflags
1060
Cisco Wireless Controller Command Reference, Release 8.4
config trapflags wps config trapflags wps
To enable or disable Wireless Protection System (WPS) trap sending, use the config trapflags wps command.
config trapflags wps {enable | disable}
Syntax Description enable disable
Enables WPS trap sending.
Disables WPS trap sending.
Command Default
By default, the WPS trap sending is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to disable the WPS traps sending:
(Cisco Controller) >
config trapflags wps disable
Related Commands show trapflags
Cisco Wireless Controller Command Reference, Release 8.4
1061
config tunnel eogre heart-beat config tunnel eogre heart-beat
To configure the keep alive ping interval duration, use the config tunnel eogre command.
config tunnel eogre heart-beat {interval | max-skip-count} number-value
Syntax Description
interval number-value
max-skip-count number-value
Time interval between echo request message in seconds.
Maximum number of retries before the member is considered non functional.
Command Default
The default value of heart-beat interval is 60 seconds. Range is between 10 to 600 seconds.
The default value of heart-beat max-skip-count is 3 retries. Range is between 3 to 10 retries.
Command History
Release
8.1
Modification
This command was introduced.
Examples
The following example shows how to set the heart-beat interval value '45 seconds' :
config tunnel eogre heart-beat interval 45
1062
Cisco Wireless Controller Command Reference, Release 8.4
config tunnel eogre gateway config tunnel eogre gateway
To configure the Ethernet over GRE gateway IPv4 address, use the config tunnel eogre gateway command.
config tunnel eogre gateway {{{add | modify} gateway-name {ipv4-address | ipv6-address}
gateway-ip-address} | {delete gateway-name}}
Syntax Description add delete modify ipv4-address ipv6-address
gateway-ip-address gateway-name
Adds new gateway.
Removes a gateway.
Modifies an existing gateway.
To enter the IPv4 address of the gateway.
To enter the IPv6 address of the gateway.
IPv4 or IPv6 address of the gateway.
Tunnel gateway name.
Command Default
None
Command History
Release
8.1
8.3
Examples
Modification
This command was introduced.
The IPv6 address format option for the tunnel gateway was added.
• IPv4 address example
config tunnel eogre gateway add hurricane ipv4 192.168.10.1
• IPv6 address example
config tunnel eogre gateway add hurricane ipv6 2001:DB8::1
Cisco Wireless Controller Command Reference, Release 8.4
1063
config tunnel eogre domain config tunnel eogre domain
To perform tunnel gateway domain configuration, use the config tunnel eogre domain command.
config tunnel eogre domain {{create | delete}domain-name} {add | remove}domain-name gateway-name
Syntax Description create delete add remove
domain-name gateway-name
Creates new gateway domain name.
Deletes gateway domain.
Add gateway name to domain
Remove gateway name from domain
Domain name
Gateway name
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to create new gateway domain name:
config tunnel eogre domain create web.com data
1064
Cisco Wireless Controller Command Reference, Release 8.4
config tunnel profile
To create, copy, or delete a profile, use the config tunnel profile command.
config tunnel profile {copy | create | delete}profile-name
Syntax Description copy create delete
Copies an existing profile.
Creates a new profile.
Deletes an existing profile.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to create a profile:
config tunnel profile create floorone config tunnel profile
Cisco Wireless Controller Command Reference, Release 8.4
1065
config tunnel profile_rule config tunnel profile_rule
To add or modify a rule in a profile, use the config tunnel profile command.
config tunnel profile rule {add | modify }profile-name realm-filter realm-string eogre vlan vlan-id
gateway-domain-name
Syntax Description add modify
Adds a new rule.
Modifies an existing rule.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to add a rule to a profile:
config tunnel profile add table realm filter 5 eogre vlan 3 web.com
1066
Cisco Wireless Controller Command Reference, Release 8.4
config tunnel profile_rule-delete
To delete a rule from a profile, use the config tunnel profile command.
config tunnel profile ruledelete profile-name realm-filter realm-string
Syntax Description delete
Deletes an existing rule from a profile.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to delete a rule from a profile:
config tunnel profile delete table realm filter 5 config tunnel profile_rule-delete
Cisco Wireless Controller Command Reference, Release 8.4
1067
config tunnel profile eogre-DHCP82 config tunnel profile eogre-DHCP82
To enable or disable the DHCP option 82 parameter, use the config tunnel profile command.
config tunnel profile eogre profile-name DHCP-Opt-82 {enable | disable}
Syntax Description enable disable
Enables DHCP option 82 parameter in the system.
Disables DHCP option 82 parameter in the system.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to enable the DHCP option 82 parameter:
config tunnel profile eogre test dhcp-opt-82 enable
1068
Cisco Wireless Controller Command Reference, Release 8.4
config tunnel profile eogre-gateway-radius-proxy config tunnel profile eogre-gateway-radius-proxy
To enable or disable the gateway-radius-proxy, use the config tunnel profile command.
config tunnel profile eogre profile-name gateway-radius-proxy {enable | disable}
Syntax Description enable disable
Enables Gateway as Radius Proxy.
Disables Gateway as Radius Proxy.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to enable the gateway proxy:
config tunnel profile eogre test gateway-radius-proxy enable
Cisco Wireless Controller Command Reference, Release 8.4
1069
config tunnel profile eogre-gateway-radius-proxy-accounting config tunnel profile eogre-gateway-radius-proxy-accounting
To enable or disable the gateway as accounting radius-proxy, use the config tunnel profile command.
config tunnel profile eogre profile-name gateway-radius-proxy accounting {enable | disable}
Syntax Description enable disable
Enables Gateway as accounting Radius Proxy.
Disables Gateway as accounting Radius Proxy.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to disable the gateway as accounting radius proxy:
config tunnel profile eogre test gateway-radius-proxy accounting disable
1070
Cisco Wireless Controller Command Reference, Release 8.4
config tunnel profile eogre-DHCP82 config tunnel profile eogre-DHCP82
To enable or disable the DHCP option 82 parameter, use the config tunnel profile command.
config tunnel profile eogre profile-name DHCP-Opt-82 {enable | disable}
Syntax Description enable disable
Enables DHCP option 82 parameter in the system.
Disables DHCP option 82 parameter in the system.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to enable the DHCP option 82 parameter:
config tunnel profile eogre test dhcp-opt-82 enable
Cisco Wireless Controller Command Reference, Release 8.4
1071
config tunnel profile eogre-DHCP82-circuit-id config tunnel profile eogre-DHCP82-circuit-id
To set format for circuit-id field in DHCP option 82 parameter, use the config tunnel profile command.
config tunnel profile eogre profile-name DHCP-Opt-82 circuit-id parameter-id
Syntax Description circuit-id
parameter-id
Sets the format for the Circuit-ID field in DHCP option 82
List of supported parameters:
• ap-mac
• ap-ethmac
• ap-name
• ap-group-name
• flex-group-name
• ap-location
• vlan-id
• SSID-name
• SSID-TYPE
• Client-mac
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to set the format for circuit-id in the DHCP option 82 parameter:
config tunnel profile eogre test dhcp-opt-82 circuit-id access1bldg
1072
Cisco Wireless Controller Command Reference, Release 8.4
config tunnel profile eogre-DHCP82-delimiter config tunnel profile eogre-DHCP82-delimiter
To set the delimiter for the DHCP option 82 parameter, use the config tunnel profile command.
config tunnel profile eogre profile-name DHCP-Opt-82 delimiter delimiter character
Syntax Description delimiter
delimiter character
Sets the delimiter for the DHCP option 82 parameter in the system.
Delimiter is used to separate the DHCP option 82 parameter.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to delimit the DHCP option 82 parameter:
config tunnel profile eogre test dhcp-opt-82 delimiter -
Cisco Wireless Controller Command Reference, Release 8.4
1073
config tunnel profile eogre-DHCP82-format config tunnel profile eogre-DHCP82-format
To set the required format for DCHP option 82, use the config tunnel profile command.
config tunnel profile eogre profile-name dhcp-opt-82 format {binary | ascii}
Syntax Description binary ascii
Set Format for DHCP option 82 as Binary
Set Format for DHCP option 82 as Ascii
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to set 'binary' format to the DHCP option 82 parameter:
config tunnel profile eogre test dhcp-opt-82 format binary
1074
Cisco Wireless Controller Command Reference, Release 8.4
config tunnel profile eogre-DHCP82-remote-id config tunnel profile eogre-DHCP82-remote-id
To set format for remote-id field in DHC P option 82 parameter, use the config tunnel profile command.
config tunnel profile eogre profile-name DHCP-Opt-82 remote-id parameter-id
Syntax Description remote-id
parameter-id
Sets the format for the Remote-ID field in DHCP option 82
List of supported parameters:
• ap-mac
• ap-ethmac
• ap-name
• ap-group-name
• flex-group-name
• ap-location
• vlan-id
• SSID-name
• SSID-TYPE
• Client-mac
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to set the format for remote-id in the DHCP option 82 parameter:
config tunnel profile eogre test dhcp-opt-82 remote-id access1flr
Cisco Wireless Controller Command Reference, Release 8.4
1075
config watchlist add config watchlist add
To add a watchlist entry for a wireless LAN, use the config watchlist add command.
config watchlist add {mac MAC | username username}
Syntax Description
mac MAC
username username
Specifies the MAC address of the wireless LAN.
Specifies the name of the user to watch.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to add a watchlist entry for the MAC address a5:6b:ac:10:01:6b:
(Cisco Controller) >
config watchlist add mac a5:6b:ac:10:01:6b
1076
Cisco Wireless Controller Command Reference, Release 8.4
config watchlist delete config watchlist delete
To delete a watchlist entry for a wireless LAN, use the config watchlist delete command.
config watchlist delete {mac MAC | username username}
Syntax Description
mac MAC
username username
Specifies the MAC address of the wireless LAN to delete from the list.
Specifies the name of the user to delete from the list.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to delete a watchlist entry for the MAC address a5:6b:ac:10:01:6b:
(Cisco Controller) >
config watchlist delete mac a5:6b:ac:10:01:6b
Cisco Wireless Controller Command Reference, Release 8.4
1077
config watchlist disable config watchlist disable
To disable the client watchlist, use the config watchlist disable command.
config watchlist disable
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to disable the client watchlist:
(Cisco Controller) >
config watchlist disable
1078
Cisco Wireless Controller Command Reference, Release 8.4
config watchlist enable config watchlist enable
To enable a watchlist entry for a wireless LAN, use the config watchlist enable command.
config watchlist enable
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable a watchlist entry:
(Cisco Controller) >
config watchlist enable
Cisco Wireless Controller Command Reference, Release 8.4
1079
config wgb vlan config wgb vlan
To configure the Workgroup Bridge (WGB) VLAN client support, use the config wgb vlan command.
config wgb vlan {enable | disable}
Syntax Description enable disable
Enables wired clients behind a WGB to connect to an anchor controller in a Data
Management Zone (DMZ).
Disables wired clients behind a WGB from connecting to an anchor controller in a DMZ.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable WGB VLAN client support:
(Cisco Controller) >
config wgb vlan enable
1080
Cisco Wireless Controller Command Reference, Release 8.4
config wlan config wlan
To create, delete, enable, or disable a wireless LAN, use the config wlan command.
config wlan {enable | disable | create | delete} wlan_id [name | foreignAp name ssid | all]
Syntax Description enable disable create delete
wlan_id name
foreignAp
ssid
all
Enables a wireless LAN.
Disables a wireless LAN.
Creates a wireless LAN.
Deletes a wireless LAN.
Wireless LAN identifier between 1 and 512.
(Optional) WLAN profile name up to 32 alphanumeric characters.
(Optional) Specifies the third-party access point settings.
SSID (network name) up to 32 alphanumeric characters.
(Optional) Specifies all wireless LANs.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
When you create a new WLAN using the config wlan create command, it is created in disabled mode. Leave it disabled until you have finished configuring it.
If you do not specify an SSID, the profile name parameter is used for both the profile name and the SSID.
If the management and AP-manager interfaces are mapped to the same port and are members of the same
VLAN, you must disable the WLAN before making a port-mapping change to either interface. If the management and AP-manager interfaces are assigned to different VLANs, you do not need to disable the
WLAN.
An error message appears if you try to delete a WLAN that is assigned to an access point group. If you proceed, the WLAN is removed from the access point group and from the access point’s radio.
Cisco Wireless Controller Command Reference, Release 8.4
1081
config wlan
Examples
The following example shows how to enable wireless LAN identifier 16:
(Cisco Controller) >
config wlan enable 16
1082
Cisco Wireless Controller Command Reference, Release 8.4
config wlan 7920-support config wlan 7920-support
To configure support for phones, use the config wlan 7920-support command.
config wlan 7920-support {client-cac-limit | ap-cac-limit} {enable | disable} wlan_id
Syntax Description ap-cac-limit client-cac-limit enable disable
wlan_id
Supports phones that require client-controlled Call Admission Control (CAC) that expect the Cisco vendor-specific information element (IE).
Supports phones that require access point-controlled CAC that expect the IEEE
802.11e Draft 6 QBSS-load.
Enables phone support.
Disables phone support.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You cannot enable both WMM mode and client-controlled CAC mode on the same WLAN.
Examples
The following example shows how to enable the phone support that requires client-controlled CAC with wireless LAN ID 8:
(Cisco Controller) >
config wlan 7920-support ap-cac-limit enable 8
Cisco Wireless Controller Command Reference, Release 8.4
1083
config wlan 802.11e
config wlan 802.11e
To configure 802.11e support on a wireless LAN, use the config wlan 802.11e command.
config wlan 802.11e {allow | disable | require} wlan_id
Syntax Description allow disable require
wlan_id
Allows 802.11e-enabled clients on the wireless LAN.
Disables 802.11e on the wireless LAN.
Requires 802.11e-enabled clients on the wireless LAN.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
802.11e provides quality of service (QoS) support for LAN applications, which are critical for delay sensitive applications such as Voice over Wireless IP (VoWIP).
802.11e enhances the 802.11 Media Access Control layer (MAC layer) with a coordinated time division multiple access (TDMA) construct, and adds error-correcting mechanisms for delay sensitive applications such as voice and video. The 802.11e specification provides seamless interoperability and is especially well suited for use in networks that include a multimedia capability.
Examples
The following example shows how to allow 802.11e on the wireless LAN with LAN ID 1:
(Cisco Controller) >
config wlan 802.11e allow 1
1084
Cisco Wireless Controller Command Reference, Release 8.4
config wlan aaa-override config wlan aaa-override
To configure a user policy override via AAA on a wireless LAN, use the config wlan aaa-override command.
config wlan aaa-override {enable | disable} {wlan_id | foreignAp}
Syntax Description enable disable
wlan_id
foreignAp
Enables a policy override.
Disables a policy override.
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
Command Default
AAA is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
When AAA override is enabled and a client has conflicting AAA and Cisco wireless LAN controller wireless
LAN authentication parameters, client authentication is performed by the AAA server. As part of this authentication, the operating system will move clients from the default Cisco wireless LAN VLAN to a VLAN returned by the AAA server and predefined in the controller interface configuration (only when configured for MAC filtering, 802.1X, and/or WPA operation). In all cases, the operating system will also use QoS,
DSCP, 802.1p priority tag values, and ACLs provided by the AAA server, as long as they are predefined in the controller interface configuration. (This VLAN switching by AAA override is also referred to as Identity
Networking.)
If the corporate wireless LAN uses a management interface assigned to VLAN 2, and if AAA override returns a redirect to VLAN 100, the operating system redirects all client transmissions to VLAN 100, regardless of the physical port to which VLAN 100 is assigned.
When AAA override is disabled, all client authentication defaults to the controller authentication parameter settings, and authentication is performed by the AAA server if the controller wireless LAN does not contain any client-specific authentication parameters.
The AAA override values might come from a RADIUS server.
Examples
The following example shows how to configure user policy override via AAA on WLAN ID 1:
(Cisco Controller) >
config wlan aaa-override enable 1
Cisco Wireless Controller Command Reference, Release 8.4
1085
config wlan acl config wlan acl
To configure a wireless LAN access control list (ACL), use the config wlan acl command.
config wlan acl [acl_name | none]
Syntax Description
wlan_id acl_name
none
Wireless LAN identifier (1 to 512).
(Optional) ACL name.
(Optional) Clears the ACL settings for the specified wireless LAN.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure a WLAN access control list with WLAN ID 1 and ACL named office_1:
(Cisco Controller) >
config wlan acl 1 office_1
1086
Cisco Wireless Controller Command Reference, Release 8.4
config wlan apgroup config wlan apgroup
To manage access point group VLAN features, use the config wlan apgroup command.
config wlan apgroup {add apgroup_name [description] | delete apgroup_name | description apgroup_name
description | interface-mapping {add | delete} apgroup_name wlan_id interface_name | nac-snmp {enable
| disable} apgroup_name wlan_id | nasid NAS-ID apgroup_name | profile-mapping {add | delete}
apgroup_name profile_name | wlan-radio-policy apgroup_name wlan-id {802.11a-only | 802.11bg |
802.11g-only | all} | hotspot {venue {type apgroup_name group_codetype_code| name apgroup_name
language_codevenue_name } | operating-class {add | delete} apgroup_name operating_class_value}}
Syntax Description add
apgroup_name wlan_id
delete description
description
interface-mapping
interface_name
nac-snmp enable disable
NAS-ID
none
Creates a new access point group (AP group).
Access point group name.
Wireless LAN identifier from 1 to 512.
Removes a wireless LAN from an AP group.
Describes an AP group.
Description of the AP group.
(Optional) Assigns or removes a Wireless LAN from an AP group.
(Optional) Interface to which you want to map an AP group.
Configures NAC SNMP functionality on given AP group. Enables or disables Network Admission Control
(NAC) out-of-band support on an access point group.
Enables NAC out-of-band support on an AP group.
Disables NAC out-of-band support on an AP group.
Network Access Server identifier (NAS-ID) for the AP group. The NAS-ID is sent to the RADIUS server by the controller (as a RADIUS client) using the authentication request, which is used to classify users to different groups. You can enter up to 32 alphanumeric characters. Beginning in Release 7.4 and later releases, you can configure the NAS-ID on the interface, WLAN, or an access point group. The order of priority is AP group NAS-ID > WLAN NAS-ID > Interface NAS-ID.
Configures the controller system name as the NAS-ID.
Cisco Wireless Controller Command Reference, Release 8.4
1087
config wlan apgroup profile-mapping
profile_name
wlan-radio-policy
802.11a-only
802.11bg
802.11g-only all hotspot venue type
group_code
Configures RF profile mapping on an AP group.
RF profile name for a specified AP group.
Configures WLAN radio policy on an AP group.
Configures WLAN radio policy on an AP group.
Configures WLAN radio policy on an AP group.
Configures WLAN radio policy on an AP group.
Configures WLAN radio policy on an AP group.
Configures a HotSpot on an AP group.
Configures venue information for an AP group.
Configures the type of venue for an AP group.
Venue group information for an AP group.
The following options are available:
• 0 : UNSPECIFIED
• 1 : ASSEMBLY
• 2 : BUSINESS
• 3 : EDUCATIONAL
• 4 : FACTORY-INDUSTRIAL
• 5 : INSTITUTIONAL
• 6 : MERCANTILE
• 7 : RESIDENTIAL
• 8 : STORAGE
• 9 : UTILITY-MISC
• 10 : VEHICULAR
• 11 : OUTDOOR
1088
Cisco Wireless Controller Command Reference, Release 8.4
type_code
config wlan apgroup
Cisco Wireless Controller Command Reference, Release 8.4
1089
config wlan apgroup
1090
Cisco Wireless Controller Command Reference, Release 8.4
Venue type information for an AP group.
For venue group 1 (ASSEMBLY), the following options are available:
• 0 : UNSPECIFIED ASSEMBLY
• 1 : ARENA
• 2 : STADIUM
• 3 : PASSENGER TERMINAL
• 4 : AMPHITHEATER
• 5 : AMUSEMENT PARK
• 6 : PLACE OF WORSHIP
• 7 : CONVENTION CENTER
• 8 : LIBRARY
• 9 : MUSEUM
• 10 : RESTAURANT
• 11 : THEATER
• 12 : BAR
• 13 : COFFEE SHOP
• 14 : ZOO OR AQUARIUM
• 15 : EMERGENCY COORDINATION CENTER
For venue group 2 (BUSINESS), the following options are available:
• 0 : UNSPECIFIED BUSINESS
• 1 : DOCTOR OR DENTIST OFFICE
• 2 : BANK
• 3 : FIRE STATION
• 4 : POLICE STATION
• 6 : POST OFFICE
• 7 : PROFESSIONAL OFFICE
• 8 : RESEARCH AND DEVELOPMENT
FACILITY
• 9 : ATTORNEY OFFICE
For venue group 3 (EDUCATIONAL), the following options are available:
• 0 : UNSPECIFIED EDUCATIONAL
config wlan apgroup
• 1 : PRIMARY SCHOOL
• 2 : SECONDARY SCHOOL
• 3 : UNIVERSITY OR COLLEGE
For venue group 4 (FACTORY-INDUSTRIAL), the following options are available:
• 0 : UNSPECIFIED FACTORY AND
INDUSTRIAL
• 1 : FACTORY
For venue group 5 (INSTITUTIONAL), the following options are available:
• 0 : UNSPECIFIED INSTITUTIONAL
• 1 : HOSPITAL
• 2 : LONG-TERM CARE FACILITY
• 3 : ALCOHOL AND DRUG RE-HABILITATION
CENTER
• 4 :GROUP HOME
• 5 :PRISON OR JAIL
For venue group 6 (MERCANTILE), the following options are available:
• 0 : UNSPECIFIED MERCANTILE
• 1 : RETAIL STORE
• 2 : GROCERY MARKET
• 3 : AUTOMOTIVE SERVICE STATION
• 4 : SHOPPING MALL
• 5 : GAS STATION
For venue group 7 (RESIDENTIAL), the following options are available:
• 0 : UNSPECIFIED RESIDENTIAL
• 1 : PRIVATE RESIDENCE
• 2 : HOTEL OR MOTEL
• 3 : DORMITORY
• 4 : BOARDING HOUSE
Cisco Wireless Controller Command Reference, Release 8.4
1091
config wlan apgroup name
language_code venue_name
1092
Cisco Wireless Controller Command Reference, Release 8.4
For venue group 8 (STORAGE), the following options are available:
• 0 : UNSPECIFIED STORAGE
For venue group 9 (UTILITY-MISC), the following options are available:
• 0 : UNSPECIFIED UTILITY AND
MISCELLANEOUS
For venue group 10 (VEHICULAR), the following options are available:
• 0 : UNSPECIFIED VEHICULAR
• 1 : AUTOMOBILE OR TRUCK
• 2 : AIRPLANE
• 3 : BUS
• 4 : FERRY
• 5 : SHIP OR BOAT
• 6 : TRAIN
• 7 : MOTOR BIKE
For venue group 11 (OUTDOOR), the following options are available:
• 0 : UNSPECIFIED OUTDOOR
• 1 : MINI-MESH NETWORK
• 2 : CITY PARK
• 3 : REST AREA
• 4 : TRAFFIC CONTROL
• 5 : BUS STOP
• 6 : KIOSK
Configures the name of venue for an AP group.
An ISO-639 encoded string defining the language used at the venue. This string is a three character language code. For example, you can enter ENG for English.
Venue name for this AP group. This name is associated with the basic service set (BSS) and is used in cases where the SSID does not provide enough information about the venue. The venue name is case-sensitive and can be up to 252 alphanumeric characters.
config wlan apgroup add delete
operating_class_value
Adds an operating class for an AP group.
Deletes an operating class for an AP group.
Operating class for an AP group. The available operating classes are 81, 83, 84, 112, 113, 115, 116, 117, 118, 119,
120, 121, 122, 123, 124, 125, 126, 127.
Command Default
AP Group VLAN is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
An error message appears if you try to delete an access point group that is used by at least one access point.
Before you can delete an AP group in controller software release 6.0, move all APs in this group to another group. The access points are not moved to the default-group access point group as in previous releases. To see the APs, enter the show wlan apgroups command. To move APs, enter the config ap group-name
groupname cisco_ap command.
The NAS-ID configured on the controller for AP group or WLAN or interface is used for authentication. The
NAS-ID is not propagated across controllers.
Examples
The following example shows how to enable the NAC out-of band support on access point group 4:
(Cisco Controller) >
config wlan apgroup nac enable apgroup 4
Cisco Wireless Controller Command Reference, Release 8.4
1093
config wlan apgroup atf 802.11
config wlan apgroup atf 802.11
Configure Cisco Airtime Fairness at an AP group level by using the config wlan apgroup atf 802.11 command.
config wlan apgroups atf 802.11{a | b} {mode {disable | monitor | enforce-policy} ap-group-name} |
{optimization {enable | disable}}
Syntax Description a b mode disable monitor enforce-policy
ap-group-name
optimization enable disable
Specifies the 802.11a network settings
Specifies the 802.11b/g network settings
Configures the granularity of Cisco ATF enforcement
Disables Cisco ATF
Configures Cisco ATF in monitor mode
Configures Cisco ATF in enforcement mode
AP group name that you must specify
Configures airtime optimization
Enables airtime optimization
Disabled airtime optimization
Command History
Examples
Release
8.1
Modification
This command was introduced
To configure Cisco ATF in enforcement mode on an 802.11a network, for an AP group my-ap-group, enter the following command:
(Cisco Controller) >
config wlan apgroup atf 802.11a mode enforce-policy my-ap-group
1094
Cisco Wireless Controller Command Reference, Release 8.4
config wlan apgroup atf 802.11 policy config wlan apgroup atf 802.11 policy
To configure AP group-level override for Cisco ATF policy on a WLAN by using this command:
config wlan apgroup atf 802.11{a | b} policy ap-group-name wlan-id policy-name override {enable |
disable}
Syntax Description a b policy
ap-group-name wlan-id policy-name
override enable disable
Specifies the 802.11a network settings
Specifies the 802.11b network settings
Specifies the Cisco ATF policy
Name of the AP group that you must specify
WLAN ID or Remote LAN ID that you must specify
Cisco ATF policy name that you must specify
Configures ATF policy override for a WLAN in the AP group
Enables ATF policy override for a WLAN in the AP group
Disables ATF policy override for a WLAN in the AP group
Command History
Release
8.1
Modification
This command was introduced
Cisco Wireless Controller Command Reference, Release 8.4
1095
config wlan apgroup opendns-profile config wlan apgroup opendns-profile
To configure an open Domain Name System (DNS) profile to an access point (AP) group wireless LAN
(WLAN), use the config wlan apgroup opendns-profile command.
config wlan apgroup opendns-profilewlan-id site-name profile-name enable
Syntax Description
wlan-id site-name profile-name
enable disable
WLAN identifier.
Name of the AP group to configure.
OpenDNS profile name used for tracking this profile.
Enables OpenDNS identity.
Disables OpenDNS identity.
Command Default
The OpenDNS profile for an AP group WLAN is not created.
Command Modes
(Controller Configuration) >
Command History
Release
8.4
Modification
This command was introduced.
Usage Guidelines
None
Examples
The following example shows how to configure an openDNS profile to an AP group WLAN:
(Cisco Controller) > config wlan apgroup opendns-profile wlan1 site1 user1
1096
Cisco Wireless Controller Command Reference, Release 8.4
config wlan apgroup qinq config wlan apgroup qinq
To configure 802.1Q-in-Q VLAN tagging of traffic for an AP group, use the config wlan apgroup qinq command.
config wlan apgroup qinq {tagging {client-traffic | dhcp-v4 | eap-sim-aka} apgroup_name {enable |
disable}| service-vlan apgroup_name vlan_id}
Syntax Description tagging client-traffic dhcp-v4 eap-sim-aka enable disable service-vlan
apgroup_name vlan_id
Configures 802.1Q-in-Q VLAN tagging of traffic.
Configures 802.1Q-in-Q tagging of client traffic for an AP group.
Configures 802.1Q-in-Q tagging of DHCPv4 traffic for an AP group.
Configures 802.1Q-in-Q tagging of Extensible Authentication Protocol for
Authentication and Key Agreement (EAP-AKA) and EAP for Global System for Mobile Communications Subscriber Identity Module (EAP-SIM) traffic for an AP group.
Enables 802.1Q-in-Q tagging of traffic.
Disables 802.1Q-in-Q tagging of traffic.
Configures service VLAN for an AP group.
Name of the access point group.
VLAN identifier.
Command Default
By default, 802.1Q-in-Q tagging of client and DHCPv4 traffic for an AP group is disabled.
Command History
Release
8.0
Modification
This command was introduced.
Usage Guidelines
Note
You must enable 802.1Q-in-Q tagging of client traffic before you enable 802.1Q-in-Q tagging of DHCPv4 traffic.
When you enable 802.1Q-in-Q tagging of client traffic, the 802.1Q-in-Q tagging of EAP-AKA and EAP-SIM traffic is also enabled.
Cisco Wireless Controller Command Reference, Release 8.4
1097
config wlan apgroup qinq
Examples
The following example shows how to enable 802.1Q-in-Q tagging of client traffic for an AP group:
(Cisco Controller) >
config wlan apgroup qinq tagging client-traffic APg1 enable
The following example shows how to configure the service VLAN for an AP group:
(Cisco Controller) >
config wlan apgroup qinq service-vlan APg1 10
1098
Cisco Wireless Controller Command Reference, Release 8.4
config wlan assisted-roaming config wlan assisted-roaming
To configure assisted roaming on a WLAN, use the config wlan assisted-roaming command.
config wlan assisted-roaming {neighbor-list | dual-list | prediction} {enable | disable} wlan_id
Syntax Description neighbor-list dual-list prediction enable disable
wlan_id
Configures an 802.11k neighbor list for a WLAN.
Configures a dual band 802.11k neighbor list for a WLAN. The default is the band that the client is currently associated with.
Configures an assisted roaming optimization prediction for a WLAN.
Enables the configuration on the WLAN.
Disables the configuration on the WLAN.
Wireless LAN identifier between 1 and 512 (inclusive).
Command Default
The 802.11k neighbor list is enabled for all WLANs.
By default, dual band list is enabled if the neighbor list feature is enabled for the WLAN.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
When you enable the assisted roaming prediction list, a warning appears and load balancing is disabled for the WLAN, if load balancing is already enabled on the WLAN.
Examples
The following example shows how to enable an 802.11k neighbor list for a WLAN:
(Cisco Controller) >
config wlan assisted-roaming neighbor-list enable 1
Cisco Wireless Controller Command Reference, Release 8.4
1099
config wlan atf config wlan atf
Map a WLAN to a Cisco ATF policy using the config wlan atf command.
config wlan atf wlan-id policy policy-id
Syntax Description
wlan-id
policy
policy-id
WLAN ID that you must specify to which the Cisco ATF policy has to be mapped.
Specifies the Cisco ATF policy
Cisco ATF policy ID that you must specify
Command History
Release
8.1
Modification
This command was introduced
1100
Cisco Wireless Controller Command Reference, Release 8.4
config wlan avc config wlan avc
To configure Application Visibility and Control (AVC) on a WLAN, use the config wlan avc command.
config wlan avc wlan_id {profile profile_name | visibility} {enable | disable}
Syntax Description
wlan_id
profile
profile_name
visibility enable disable
Wireless LAN identifier from 1 to 512.
Associates or removes an AVC profile from a WLAN.
Name of the AVC profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.
Configures application visibility on a WLAN.
Enables application visibility on a WLAN. You can view the classification of applications based on the Network Based
Application Recognition (NBAR) deep packet inspection technology.
Use the show avc statistics client command to view the client AVC statistics.
Disables application visibility on a WLAN.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You can configure only one AVC profile per WLAN and each AVC profile can have up to 32 rules. Each rule states a Mark or Drop action for an application, which allows you to configure up to 32 application actions per WLAN. You can configure up to 16 AVC profiles on a controller and associate an AVC profile with multiple WLANs.
Examples
The following example shows how to associate an AVC profile with a WLAN:
(Cisco Controller) >
config wlan avc 5 profile profile1 enable
Cisco Wireless Controller Command Reference, Release 8.4
1101
config wlan band-select allow config wlan band-select allow
To configure band selection on a WLAN, use the config wlan band-select allow command.
config wlan band-select allow {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables band selection on a WLAN.
Disables band selection on a WLAN.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
When you enable band select on a WLAN, the access point suppresses client probes on 2.4-GHz and moves the dual band clients to the 5-Ghz spectrum. The band-selection algorithm directs dual-band clients only from the 2.4-GHz radio to the 5-GHz radio of the same access point, and it only runs on an access point when both the 2.4-GHz and 5-GHz radios are up and running. Band selection can be used only with Cisco Aironet 1040,
1140, and 1250 Series and the 3500 series access points.
Examples
The following example shows how to enable band selection on a WLAN:
(Cisco Controller) >
config wlan band-select allow enable 6
1102
Cisco Wireless Controller Command Reference, Release 8.4
config wlan broadcast-ssid config wlan broadcast-ssid
To configure an Service Set Identifier (SSID) broadcast on a wireless LAN, use the config wlan broadcast-ssid command.
config wlan broadcast-ssid {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables SSID broadcasts on a wireless LAN.
Disables SSID broadcasts on a wireless LAN.
Wireless LAN identifier between 1 and 512.
Command Default
Broadcasting of SSID is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure an SSID broadcast on wireless LAN ID 1:
(Cisco Controller) >
config wlan broadcast-ssid enable 1
Cisco Wireless Controller Command Reference, Release 8.4
1103
config wlan call-snoop config wlan call-snoop
To enable or disable Voice-over-IP (VoIP) snooping for a particular WLAN, use the config wlan call-snoop command.
config wlan call-snoop {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables VoIP snooping on a wireless LAN.
Disables VoIP snooping on a wireless LAN.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
WLAN should be with Platinum QoS and it needs to be disabled while invoking this CLI
Examples
The following example shows how to enable VoIP snooping for WLAN 3:
(Cisco Controller) >
config wlan call-snoop 3 enable
1104
Cisco Wireless Controller Command Reference, Release 8.4
config wlan chd config wlan chd
To enable or disable Coverage Hole Detection (CHD) for a wireless LAN, use the config wlan chd command.
config wlan chd wlan_id {enable | disable}
Syntax Description
wlan_id
enable disable
Wireless LAN identifier between 1 and 512.
Enables SSID broadcasts on a wireless LAN.
Disables SSID broadcasts on a wireless LAN.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable CHD for WLAN 3:
(Cisco Controller) >
config wlan chd 3 enable
Cisco Wireless Controller Command Reference, Release 8.4
1105
config wlan ccx aironet-ie config wlan ccx aironet-ie
To enable or disable Aironet information elements (IEs) for a WLAN, use the config wlan ccx aironet-ie command.
config wlan ccx aironet-ie {enable | disable}
Syntax Description enable disable
Enables the Aironet information elements.
Disables the Aironet information elements.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable Aironet information elements for a WLAN:
(Cisco Controller) >
config wlan ccx aironet-ie enable
1106
Cisco Wireless Controller Command Reference, Release 8.4
config wlan channel-scan defer-priority config wlan channel-scan defer-priority
To configure the controller to defer priority markings for packets that can defer off channel scanning, use the
config wlan channel-scan defer-priority command.
config wlan channel-scan defer-priority priority [enable | disable] wlan_id
Syntax Description
priority
enable disable
wlan_id
User priority value (0 to 7).
(Optional) Enables packet at given priority to defer off channel scanning.
(Optional) Disables packet at gven priority to defer off channel scanning.
Wireless LAN identifier (1 to 512).
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The priority value should be set to 6 on the client and on the WLAN.
Examples
The following example shows how to enable the controller to defer priority markings that can defer off channel scanning with user priority value 6 and WLAN id 30:
(Cisco Controller) >
config wlan channel-scan defer-priority 6 enable 30
Cisco Wireless Controller Command Reference, Release 8.4
1107
config wlan channel-scan defer-time config wlan channel-scan defer-time
To assign the channel scan defer time in milliseconds, use the config wlan channel-scan defer-time command.
config wlan channel-scan defer-time msecs wlan_id
Syntax Description
msecs wlan_id
Deferral time in milliseconds (0 to 60000 milliseconds).
Wireless LAN identifier from 1 to 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The time value in milliseconds should match the requirements of the equipment on your WLAN.
Examples
The following example shows how to assign the scan defer time to 40 milliseconds for WLAN with ID 50:
(Cisco Controller) >
config wlan channel-scan defer-time 40 50
1108
Cisco Wireless Controller Command Reference, Release 8.4
config wlan custom-web config wlan custom-web
To configure the web authentication page for a WLAN, use the config wlan custom-web command.
config wlan custom-web{ {ext-webauth-url ext-webauth-url wlan_id } | {global {enable | disable}} |
{ms-open {enable | disable |url}} | {login-page page-name } | {loginfailure-page {page-name | none}} |
{logout-page {page-name | none}} | {sleep-client {enable | disable} wlan_id timeout duration} |
{webauth-type {internal | customized | external} wlan_id}}
Syntax Description ext-webauth-url
ext-webauth-url wlan_id
global enable disable ms-open enable disable url login-page
page-name
loginfailure-page none logout-page sleep-client timeout
Configures an external web authentication URL.
External web authentication URL.
WLAN identifier. Default range is from 1 to 512.
Configures the global status for a WLAN.
Enables the global status for a WLAN.
Disables the global status for a WLAN.
Configures the ms-open feature on the WLAN.
Enables the ms-open feature on the WLAN.
Disables the ms-open feature on the WLAN.
Configures ms-open URL.
Configures the name of the login page for an external web authentication
URL.
Login page name for an external web authentication URL.
Configures the name of the login failure page for an external web authentication URL.
Does not configure a login failure page for an external web authentication
URL.
Configures the name of the logout page for an external web authentication
URL.
Configures the sleep client feature on the WLAN.
Configures the sleep client timeout on the WLAN.
Cisco Wireless Controller Command Reference, Release 8.4
1109
config wlan custom-web
duration
webauth-type internal customized external
Maximum amount of time after the idle timeout, in hours, before a sleeping client is forced to reauthenticate. The range is from 1 to 720. The default is 12. When the sleep client feature is enabled, the clients need not provide the login credentials when they move from one Cisco WLC to another (if the Cisco WLCs are in the same mobility group) between the sleep and wake-up times.
Configures the type of web authentication for the WLAN.
Displays the default login page.
Displays a customized login page.
Displays a login page on an external web server.
Command Default
None
Command History
Examples
Release
7.6
8.2
Modification
This command was introduced in a release earlier than Release 7.6.
This command was modified and the ms-open parameters were added.
The following example shows how to configure web authentication type in the WLAN.
Cisco Controller
config wlan custom-web webauth-type external
1110
Cisco Wireless Controller Command Reference, Release 8.4
config wlan dhcp_server config wlan dhcp_server
To configure the internal DHCP server for a wireless LAN, use the config wlan dhcp_server command.
config wlan dhcp_server {wlan_id | foreignAp} ip_address [required]
Syntax Description
wlan_id
foreignAp
ip_address
required
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
IP address of the internal DHCP server (this parameter is required).
(Optional) Specifies whether DHCP address assignment is required.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The preferred method for configuring DHCP is to use the primary DHCP address assigned to a particular interface instead of the DHCP server override. If you enable the override, you can use the show wlan command to verify that the DHCP server has been assigned to the WLAN.
Examples
The following example shows how to configure an IP address 10.10.2.1 of the internal DHCP server for wireless LAN ID 16:
(Cisco Controller) >
config wlan dhcp_server 16 10.10.2.1
Cisco Wireless Controller Command Reference, Release 8.4
1111
config wlan diag-channel config wlan diag-channel
To enable the diagnostic channel troubleshooting on a particular WLAN, use the config wlan diag-channel command.
config wlan diag-channel [enable | disable] wlan_id
Syntax Description enable disable
wlan_id
(Optional) Enables the wireless LAN diagnostic channel.
(Optional) Disables the wireless LAN diagnostic channel.
Wireless LAN identifier (1 to 512).
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the wireless LAN diagnostic channel for WLAN ID 1:
(Cisco Controller) >
config wlan diag-channel enable 1
1112
Cisco Wireless Controller Command Reference, Release 8.4
config wlan dtim config wlan dtim
To configure a Delivery Traffic Indicator Message (DTIM) for 802.11 radio network config wlan dtim command.
config wlan dtim {802.11a | 802.11b} dtim wlan_id
Syntax Description
802.11a
802.11b
dtim wlan_id
Configures DTIM for the 802.11a radio network.
Configures DTIM for the 802.11b radio network.
Value for DTIM (between 1 to 255 inclusive).
Number of the WLAN to be configured.
Command Default
The default is DTIM 1.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure DTIM for 802.11a radio network with DTIM value 128 and
WLAN ID 1:
(Cisco Controller) >
config wlan dtim 802.11a 128 1
Cisco Wireless Controller Command Reference, Release 8.4
1113
config wlan exclusionlist config wlan exclusionlist
To configure the wireless LAN exclusion list, use the config wlan exclusionlist command.
config wlan exclusionlist {wlan_id [enabled | disabled | time] | foreignAp [enabled | disabled | time]}
Syntax Description
wlan_id
enabled disabled
time
foreignAp
Wireless LAN identifier (1 to 512).
(Optional) Enables the exclusion list for the specified wireless LAN or foreign access point.
(Optional) Disables the exclusion list for the specified wireless LAN or a foreign access point.
(Optional) Exclusion list timeout in seconds. A value of zero (0) specifies infinite time.
Specifies a third-party access point.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This command replaces the config wlan blacklist command.
Examples
The following example shows how to enable the exclusion list for WLAN ID 1:
(Cisco Controller) >
config wlan exclusionlist 1 enabled
1114
Cisco Wireless Controller Command Reference, Release 8.4
config wlan fabric
To enable or disable fabric on a WLAN, use the config wlan fabric command.
config wlan fabric {enable|disable}wlan-id
Syntax Description enable disable
wlan-id
Enables fabric on a WLAN.
Disables fabric on a WLAN.
WLAN identifier.
Command Default
Command Modes
Command History
Release
8.5
Modification
This command was introduced.
Usage Guidelines
Non-fabric APs are not configured with fabric WLAN.
Examples
The following example shows how to enable fabric on a WLAN: config wlan fabric enable wlan1
config wlan fabric
Cisco Wireless Controller Command Reference, Release 8.4
1115
config wlan flexconnect ap-auth config wlan flexconnect ap-auth
To configure local authentication of clients associated with FlexConnect on a locally switched WLAN, use the config wlan flexconnect ap-auth command.
config wlan flexconnect ap-auth wlan_id {enable | disable}
Syntax Description ap-auth
wlan_id
enable disable
Configures local authentication of clients associated with an FlexConnect on a locally switched WLAN.
Wireless LAN identifier between 1 and 512.
Enables AP authentication on a WLAN.
Disables AP authentication on a WLAN.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Local switching must be enabled on the WLAN where you want to configure local authentication of clients associated with FlexConnect.
Examples
The following example shows how to enable authentication of clients associated with FlexConnect on a specified WLAN:
(Cisco Controller) >
config wlan flexconnect ap-auth 6 enable
1116
Cisco Wireless Controller Command Reference, Release 8.4
config wlan flexconnect central-assoc config wlan flexconnect central-assoc
To configure client reassociation and security key caching on the Cisco WLC, use the config wlan flexconnect
central-assoc command.
config wlan flexconnect central-assoc wlan-id {enable | disable}
Syntax Description
wlan-id
enable disable
ID of the WLAN
Enables client reassociation and security key caching on the Cisco
WLC
Disables client reassociation and security key caching on the Cisco
WLC
Command Default
Client reassociation and security key caching on the Cisco WLC is in disabled state.
Command History
Release
8.0
Modification
This command was introduced.
Usage Guidelines
A use case for this configuration is a large-scale deployment with fast roaming.
Configuration of central association with local authentication is not supported for the WLAN. After the
PMIPv6 tunnel is set up, all data traffic from the PMIPv6 clients are forwarded from the Cisco AP to the local mobility anchor (LMA) in the Generic Routing Encapsulation (GRE) tunnel. If the connectivity between the
Cisco AP and the Cisco WLC is lost, the data traffic for the existing PMIPv6 clients continue to flow until the connectivity between the Cisco AP and the client is lost. When the AP is in stand-alone mode, no new client associations are accepted on the PMIPv6 enabled WLAN.
Examples
The following example shows how to enable client reassociation and security key caching on the Cisco WLC for a WLAN whose ID is 2:
(Cisco Controller) >
config wlan flexconnect central-assoc 2 enable
Cisco Wireless Controller Command Reference, Release 8.4
1117
config wlan flexconnect learn-ipaddr config wlan flexconnect learn-ipaddr
To enable or disable client IP address learning for the Cisco WLAN controller, use the config wlan flexconnect
learn-ipaddr command.
config wlan flexconnect learn-ipaddr wlan_id {enable | disable}
Syntax Description
wlan_id
enable disable
Wireless LAN identifier between 1 and 512.
Enables client IPv4 address learning on a wireless LAN.
Disables client IPv4 address learning on a wireless LAN.
Command Default
Disabled when the config wlan flexconnect local-switching command is disabled. Enabled when the config
wlan flexconnect local-switching command is enabled.
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports only IPv4 address format.
Usage Guidelines
If the client is configured with Layer 2 encryption, the controller cannot learn the client IP address, and the controller will periodically drop the client. Disable this option to keep the client connection without waiting to learn the client IP address.
Note
This command is valid only for IPv4.
Note
The ability to disable IP address learning is not supported with FlexConnect central switching.
Examples
The following example shows how to disable client IP address learning for WLAN 6:
(Cisco Controller) >
config wlan flexconnect learn-ipaddr disable 6
Related Commands show wlan
1118
Cisco Wireless Controller Command Reference, Release 8.4
config wlan flexconnect local-switching config wlan flexconnect local-switching
To configure local switching, central DHCP, NAT-PAT, or the override DNS option on a FlexConnect WLAN, use the config wlan flexconnect local switching command.
config wlan flexconnect local-switching wlan_id {enable | disable} { {central-dhcp {enable | disable}
nat-pat {enable | disable} } | {override option dns { enable | disable} } }
Syntax Description
wlan_id
enable disable central-dhcp enable disable nat-pat enable disable override option dns enable disable
Wireless LAN identifier from 1 to 512.
Enables local switching on a FlexConnect WLAN.
Disables local switching on a FlexConnect WLAN.
Configures central switching of DHCP packets on the local switching
FlexConnect WLAN. When you enable this feature, the DHCP packets received from the AP are centrally switched to the controller and forwarded to the corresponding VLAN based on the AP and the
SSID.
Enables central DHCP on a FlexConnect WLAN.
Disables central DHCP on a FlexConnect WLAN.
Configures Network Address Translation (NAT) and Port Address
Translation (PAT) on the local switching FlexConnect WLAN.
Enables NAT-PAT on the FlexConnect WLAN.
Disables NAT-PAT on the FlexConnect WLAN.
Specifies the DHCP override options on the FlexConnect WLAN.
Specifies the override DNS option on the FlexConnect WLAN.
When you override this option, the clients get their DNS server IP address from the AP, not from the controller.
Enables the override DNS option on the FlexConnect WLAN.
Disables the override DNS option on the FlexConnect WLAN.
Command Default
This feature is disabled.
Cisco Wireless Controller Command Reference, Release 8.4
1119
config wlan flexconnect local-switching
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports only IPv4 address format.
Usage Guidelines
When you enable the config wlan flexconnect local-switching command, the config wlan flexconnect
learn-ipaddr command is enabled by default.
Note
This command is valid only for IPv4.
Examples
Note
The ability to disable IP address learning is not supported with FlexConnect central switching.
The following example shows how to enable WLAN 6 for local switching and enable central DHCP and
NAT-PAT:
(Cisco Controller) >
config wlan flexconnect local-switching 6 enable central-dhcp enable nat-pat enable
The following example shows how to enable the override DNS option on WLAN 6:
(Cisco Controller) >
config wlan flexconnect local-switching 6 override option dns enable
1120
Cisco Wireless Controller Command Reference, Release 8.4
config wlan flexconnect vlan-central-switching config wlan flexconnect vlan-central-switching
To configure central switching on a locally switched WLAN, use the config wlan flexconnect
vlan-central-switching command.
config wlan flexconnect vlan-central-switching wlan_id { enable | disable }
Syntax Description
wlan_id
enable disable
Wireless LAN identifier between 1 and 512.
Enables central switching on a locally switched wireless LAN.
Disables central switching on a locally switched wireless LAN.
Command Default
Central switching is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You must enable Flexconnect local switching to enable VLAN central switching. When you enable WLAN central switching, the access point bridges the traffic locally if the WLAN is configured on the local IEEE
802.1Q link. If the VLAN is not configured on the access point, the AP tunnels the traffic back to the controller and the controller bridges the traffic to the corresponding VLAN.
WLAN central switching does not support:
• FlexConnect local authentication.
• Layer 3 roaming of local switching client.
Examples
The following example shows how to enable WLAN 6 for central switching:
(Cisco Controller) >
config wlan flexconnect vlan-central-switching 6 enable
Cisco Wireless Controller Command Reference, Release 8.4
1121
config wlan flow config wlan flow
To associate a NetFlow monitor with a WLAN, use the config wlan flow command.
config wlan flow wlan_id monitor monitor_name {enable | disable}
Syntax Description
wlan_id
monitor
monitor_name
enable disable
Wireless LAN identifier from 1 to 512 (inclusive).
Configures a NetFlow monitor.
Name of the NetFlow monitor. The monitor name can be up to 32 case-sensitive, alphanumeric characters. You cannot include spaces for a monitor name.
Associates a NetFlow monitor with a WLAN.
Dissociates a NetFlow monitor from a WLAN.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You can use the config flow command to create a new NetFlow monitor.
Examples
The following example shows how to associate a NetFlow monitor with a WLAN:
(Cisco Controller) >
config wlan flow 5 monitor monitor1 enable
1122
Cisco Wireless Controller Command Reference, Release 8.4
config wlan hotspot config wlan hotspot
To configure a HotSpot on a WLAN, use the config wlan hotspot command.
config wlan hotspot {clear-all wlan_id | dot11u | hs2 | msap}
Syntax Description clear-all
wlan_id
dot11u hs2 msap
Clears the HotSpot configurations on a WLAN.
Wireless LAN identifier from 1 to 512.
Configures an 802.11u HotSpot on a WLAN.
Configures HotSpot2 on a WLAN.
Configures the Mobility Services Advertisement Protocol (MSAP) on a
WLAN.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You can configure up to 32 HotSpot WLANs.
Examples
The following example shows how to configure HotSpot2 for a WLAN:
(Cisco Controller) >
config wlan hotspot hs2 enable 2
Cisco Wireless Controller Command Reference, Release 8.4
1123
config wlan hotspot dot11u config wlan hotspot dot11u
To configure an 802.11u HotSpot on a WLAN, use the config wlan hotspot dot11u command.
config wlan hotspot dot11u {3gpp-info | auth-type | enable | disable | domain | hessid | ipaddr-type |
nai-realm | network-type | roam-oi}
Syntax Description
3gpp-info auth-type disable domain enable hessid ipaddr-type nai-realm network-type roam-oi
Configures 3GPP cellular network information.
Configures the network authentication type.
Disables 802.11u on the HotSpot profile.
Configures a domain.
Enables 802.11u on the HotSpot profile. IEEE 802.11u enables automatic
WLAN offload for 802.1X devices at the HotSpot of mobile or roaming partners.
Configures the Homogenous Extended Service Set Identifier (HESSID). The
HESSID is a 6-octet MAC address that uniquely identifies the network.
Configures the IPv4 address availability type.
Configures a realm for 802.11u enabled WLANs.
Configures the 802.11u network type and Internet access.
Configures the roaming consortium Organizational Identifier (OI) list.
Command Default
None.
Command History
Examples
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports only IPv4 address format.
The following example shows how to enable 802.11u on a HotSpot profile:
(Cisco Controller) >
config wlan hotspot dot11u enable 6
1124
Cisco Wireless Controller Command Reference, Release 8.4
config wlan hotspot dot11u 3gpp-info config wlan hotspot dot11u 3gpp-info
To configure 3GPP cellular network information on an 802.11u HotSpot WLAN, use the config wlan hotspot
dot11u 3gpp-info command.
config wlan hotspot dot11u 3gpp-info {add | delete} index country_code network_code wlan_id
Syntax Description add delete
index country_code network_code wlan_id
Adds mobile cellular network information.
Deletes mobile cellular network information.
Cellular index. The range is from 1 to 32.
Mobile Country Code (MCC) in Binary Coded Decimal (BCD) format. The country code can be up to 3 characters. For example, the MCC for USA is 310.
Mobile Network Code (MNC) in BCD format. An MNC is used in combination with a Mobile Country Code (MCC) to uniquely identify a mobile phone operator or carrier. The network code can be up to 3 characters. For example, the MNC for T- Mobile is 026.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Number of mobile network codes supported is 32 per WLAN.
Examples
The following example shows how to configure 3GPP cellular network information on a WLAN:
(Cisco Controller) >
config wlan hotspot dot11u 3gpp-info add
Cisco Wireless Controller Command Reference, Release 8.4
1125
config wlan hotspot dot11u auth-type config wlan hotspot dot11u auth-type
To configure the network authentication type on an 802.11u HotSpot WLAN, use the config wlan hotspot
dot11u auth-type command.
config wlan hotspot dot11u auth-type network-auth wlan_id
Syntax Description
network-auth wlan_id
Network authentication that you would like to configure on the WLAN. The available values are as follows:
• 0—Acceptance of terms and conditions
• 1—On-line enrollment
• 2—HTTP/HTTPS redirection
• 3—DNS Redirection
• 4—Not Applicable
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The DNS redirection option is not supported in Release 7.3.
Examples
The following example shows how to configure HTTP/HTTPS redirection as the network authentication type on an 802.11u HotSpot WLAN:
(Cisco Controller) >
config wlan hotspot dot11u auth-type 2 1
1126
Cisco Wireless Controller Command Reference, Release 8.4
config wlan hotspot dot11u disable config wlan hotspot dot11u disable
To disable an 802.11u HotSpot on a WLAN, use the config wlan hotspot dot11u disable command.
config wlan hotspot dot11u disable wlan_id
Syntax Description
wlan_id
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to disable an 802.11u HotSpot on a WLAN:
(Cisco Controller) >
config wlan hotspot dot11u disable 6
Cisco Wireless Controller Command Reference, Release 8.4
1127
config wlan hotspot dot11u domain config wlan hotspot dot11u domain
To configure a domain operating in the 802.11 access network, use the config wlan hotspot dot11u domain command.
config wlan hotspot dot11u domain {add wlan_id domain-index domain_name | delete wlan_id domain-index
| modify wlan_id domain-index domain_name}
Syntax Description add
wlan_id domain-index domain_name
delete modify
Adds a domain.
Wireless LAN identifier between 1 and 512.
Domain index in the range 1 to 32.
Domain name. The domain name is case sensitive and can be up to
255 alphanumeric characters.
Deletes a domain.
Modifies a domain.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to add a domain in the 802.11 access network:
(Cisco Controller) >
config wlan hotspot dot11u domain add 6 30 domain1
1128
Cisco Wireless Controller Command Reference, Release 8.4
config wlan hotspot dot11u enable config wlan hotspot dot11u enable
To enable an 802.11u HotSpot on a WLAN, use the config wlan hotspot dot11u enable command.
config wlan hotspot dot11u enable wlan_id
Syntax Description
wlan_id
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable an 802.11u HotSpot on a WLAN:
(Cisco Controller) >
config wlan hotspot dot11u enable 6
Cisco Wireless Controller Command Reference, Release 8.4
1129
config wlan hotspot dot11u hessid config wlan hotspot dot11u hessid
To configure a Homogenous Extended Service Set Identifier (HESSID) on an 802.11u HotSpot WLAN, use the config wlan hotspot dot11u hessid command.
config wlan hotspot dot11u hessid hessid wlan_id
Syntax Description
hessid wlan_id
MAC address that can be configured as an HESSID. The HESSID is a 6-octet MAC address that uniquely identifies the network. For example, Basic Service Set
Identification (BSSID) of the WLAN can be used as the HESSID.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure an HESSID on an 802.11u HotSpot WLAN:
(Cisco Controller) >
config wlan hotspot dot11u hessid 00:21:1b:ea:36:60 6
1130
Cisco Wireless Controller Command Reference, Release 8.4
config wlan hotspot dot11u ipaddr-type config wlan hotspot dot11u ipaddr-type
To configure the type of IP address available on an 802.11u HotSpot WLAN, use the config wlan hotspot
dot11u ipaddr-type command.
config wlan hotspot dot11u ipaddr-type IPv4Type {0 - 7} IPv6Type {0 - 2}wlan_id
Syntax Description
IPv4Type
IPv6Type wlan_id
IPv4 type address. Enter one of the following values:
0—IPv4 address not available.
1—Public IPv4 address available.
2—Port restricted IPv4 address available.
3—Single NAT enabled private IPv4 address available.
4—Double NAT enabled private IPv4 address available.
5—Port restricted IPv4 address and single NAT enabled IPv4 address available.
6—Port restricted IPv4 address and double NAT enabled IPv4 address available.
7— Availability of the IPv4 address is not known.
IPv6 type address. Enter one of the following values:
0—IPv6 address not available.
1—IPv6 address available.
2—Availability of the IPv6 address is not known.
Wireless LAN identifier between 1 and 512.
Command Default
The default values for IPv4 type address is 1.
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports only IPv4 address format.
Examples
The following example shows how to configure the IP address availability type on an 802.11u HotSpot WLAN:
(Cisco Controller) >
config wlan hotspot dot11u ipaddr-type 6 2 6
Related Commands show wlan
Cisco Wireless Controller Command Reference, Release 8.4
1131
config wlan hotspot dot11u nai-realm config wlan hotspot dot11u nai-realm
To configure realms for an 802.11u HotSpot WLANs, use the config wlan hotspot dot11u nai-realm command.
config wlan hotspot dot11u nai-realm {add | delete | modify} {auth-method wlan_id realm-index eap-index
auth-index auth-method auth-parameter | eap-method wlan_id realm-index eap-index eap-method |
realm-name wlan_id realm-index realm}
Syntax Description add delete modify auth-method
wlan_id realm-index eap-index auth-index auth-method auth-parameter
eap-method
Adds a realm.
Deletes a realm.
Modifies a realm.
Specifies the authentication method used.
Wireless LAN identifier from 1 to 512.
Realm index. The range is from 1 to 32.
EAP index. The range is from 1 to 4.
Authentication index value. The range is from 1 to 10.
Authentication method to be used. The range is from 1 to 4. The following options are available:
• 1—Non-EAP Inner Auth Method
• 2—Inner Auth Type
• 3—Credential Type
• 4—Tunneled EAP Method Credential Type
Authentication parameter to use. This value depends on the authentication method used. See the following table for more details.
Specifies the Extensible Authentication Protocol (EAP) method used.
1132
Cisco Wireless Controller Command Reference, Release 8.4
config wlan hotspot dot11u nai-realm
eap-method
realm-name
realm
EAP Method. The range is from 0 to 7. The following options are available:
• 0—Not Applicable
• 1—Lightweight Extensible Authentication Protocol (LEAP)
• 2—Protected EAP (PEAP)
• 3—EAP-Transport Layer Security (EAP-TLS)
• 4—EAP-FAST (Flexible Authentication via Secure Tunneling)
• 5—EAP for GSM Subscriber Identity Module (EAP-SIM)
• 6—EAP-Tunneled Transport Layer Security (EAP-TTLS)
• 7—EAP for UMTS Authentication and Key Agreement (EAP-AKA)
Specifies the name of the realm.
Name of the realm. The realm name should be RFC 4282 compliant. For example,
Cisco. The realm name is case-sensitive and can be up to 255 alphanumeric characters.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This table lists the authentication parameters.
Cisco Wireless Controller Command Reference, Release 8.4
1133
config wlan hotspot dot11u nai-realm
Examples
Table 11: Authentication Parameters
Non-EAP Inner Method(1) Inner Authentication EAP Method
Type(2)
Credential Type(3)/Tunneled EAP
Credential Type(4)
0—Reserved 1—LEAP
1—Password authentication protocol (PAP)
2—PEAP
3—EAP-TLS
2—Challenge-Handshake
Authentication Protocol (CHAP)
4—EAP-FAST
3—Microsoft Challenge
Handshake Authentication Protocol
(MS-CHAP)
5—EAP-SIM
6—EAP-TTLS
7—EAP-AKA
4—MSCHAPV2
1—SIM
2—USIM
3—NFC Secure Element
4—Hardware Token
5—Soft Token
6—Certificate
7—Username/Password
8—Reserver
9—Anonymous
10—Vendor Specific
The following example shows how to add the Tunneled EAP Method Credential authentication method on
WLAN 4:
(Cisco Controller) >
config wlan hotspot dot11u nai-realm add auth-method 4 10 3 5 4 6
1134
Cisco Wireless Controller Command Reference, Release 8.4
config wlan hotspot dot11u network-type config wlan hotspot dot11u network-type
To configure the network type and internet availability on an 802.11u HotSpot WLAN, use the config wlan
hotspot dot11u network-type command.
config wlan hotspot dot11u network-type wlan_id network-type internet-access
Syntax Description
wlan_id network-type internet-access
Wireless LAN identifier from 1 to 512.
Network type. The available options are as follows:
• 0—Private Network
• 1—Private Network with Guest Access
• 2—Chargeable Public Network
• 3—Free Public Network
• 4—Personal Device Network
• 5—Emergency Services Only Network
• 14—Test or Experimental
• 15—Wildcard
Internet availability status. A value of zero indicates no Internet availability and
1 indicates Internet availability.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the network type and Internet availability on an 802.11u
HotSpot WLAN:
(Cisco Controller) >
config wlan hotspot dot11u network-type 2 1
Cisco Wireless Controller Command Reference, Release 8.4
1135
config wlan hotspot dot11u roam-oi config wlan hotspot dot11u roam-oi
To configure a roaming consortium Organizational Identifier (OI) list on a 802.11u HotSpot WLAN, use the
config wlan hotspot dot11u roam-oi command.
config wlan hotspot dot11u roam-oi {add wlan_id oi-index oi is-beacon | modify wlan_id oi-index oi
is-beacon | delete wlan_id oi-index}
Syntax Description add
wlan-id oi-index oi is-beacon
modify delete
Adds an OI.
Wireless LAN identifier from 1 to 512.
Index in the range 1 to 32.
Number that must be a valid 6 digit hexadecimal number and 6 bytes in length. For example, 004096 or AABBDF.
Beacon flag used to add an OI to the beacon. 0 indicates disable and 1 indicates enable. You can add a maximum of 3 OIs for a WLAN with this flag set.
Modifies an OI.
Deletes an OI.
Command Default
None.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the roaming consortium OI list:
(Cisco Controller) >
config wlan hotspot dot11u roam-oi add 4 10 004096 1
1136
Cisco Wireless Controller Command Reference, Release 8.4
config wlan hotspot hs2 config wlan hotspot hs2
To configure the HotSpot2 parameters, use the config wlan hotspot hs2 command.
config wlan hotspot hs2 {disable wlan_id | enable wlan_id | operator-name {add wlan_id index
operator_name language-code | delete wlan_id index | modify wlan_id index operator-name language-code}
| port-config {add wlan_id port_config_index ip-protocol port-number status | delete wlan_id
port-config-index | modify wlan_id port-config-index ip-protocol port-number status} | wan-metrics wlan_id
link-status symet-link downlink-speed uplink-speed }
Syntax Description disable
wlan-id
enable operator-name add
index operator-name language-code
delete modify port-config
port_config_index
Disables HotSpot2.
Wireless LAN identifier from 1 to 512.
Enables HotSpot2.
Specifies the name of the 802.11 operator.
Adds the operator name, port configuration, or WAN metrics parameters to the WLAN configuration.
Index of the operator. The range is from 1 to 32.
Name of the operator.
Language used. An ISO-14962-1997 encoded string that defines the language. This string is a three character language code. Enter the first three letters of the language in English. For example, eng for English.
Deletes the operator name, port configuration, or WAN metrics parameters from the WLAN.
Modifies the operator name, port configuration, or WAN metrics parameters of the WLAN.
Configures the port configuration values.
Port configuration index. The range is from 1 to 32. The default value is 1.
Cisco Wireless Controller Command Reference, Release 8.4
1137
config wlan hotspot hs2
ip-protocol port-number status
wan-metrics
link-status symet-link downlink-speed
1138
Cisco Wireless Controller Command Reference, Release 8.4
Protocol to use. This parameter provides information on the connection status of the most commonly used communication protocols and ports. The following options are available:
1—ICMP
6—FTP/SSH/TLS/PPTP-VPN/VoIP
17—IKEv2 (IPSec-VPN/VoIP/ESP)
50—ESP (IPSec-VPN)
Port number. The following options are available:
0—ICMP/ESP (IPSec-VPN)
20—FTP
22—SSH
443—TLS-VPN
500—IKEv2
1723—PPTP-VPN
4500—IKEv2
5060—VoIP
Status of the IP port. The following options are available:
0—Closed
1—Open
2—Unknown
Configures the WAN metrics.
Link status. The following options are available:
• 0—Unknown
• 1—Link up
• 2—Link down
• 3—Link in test state
Symmetric link status. The following options are available:
• 0—Link speed is different for uplink and downlink.
For example: ADSL
• 1—Link speed is the same for uplink and downlink.
For example: DS1
Downlink speed of the WAN backhaul link in kbps.
Maximum value is 4,194,304 kbps.
config wlan hotspot hs2
uplink-speed
Uplink speed of the WAN backhaul link in kbps. The maximum value is 4,194,304 kbps.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the WAN metrics parameters:
(Cisco Controller) >
config wlan hotspot hs2 wan-metrics add 345 1 0 3333
Cisco Wireless Controller Command Reference, Release 8.4
1139
config wlan hotspot hs2 domain-id config wlan hotspot hs2 domain-id
To configure a domain ID, use the config wlan hotspot hs2 domain-id command in WLAN configuration mode.
config wlan hotspot hs2 domain-id wlan-id domain-id
Syntax Description
wlan-id domain-id
WLAN identification number. Enter a value between 1 and 512.
Domain ID. Enter a value between 0 to 65535.
Command Default
The domain ID is not configured.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Modification
This command was introduced.
Examples
This example shows how to configure a domain ID:
Cisco Controller > config wlan hotspot hs2 domain-id 12 2
1140
Cisco Wireless Controller Command Reference, Release 8.4
config wlan hotspot hs2 osu legacy-ssid config wlan hotspot hs2 osu legacy-ssid
To configure Online Sign Up (OSU) Service Set Identifier (SSID) name, use the config wlan hotspot hs2
osu legacy-ssid command in WLAN configuration mode.
config wlan hotspot hs2 osu legacy-ssid wlan-id ssid-name
Syntax Description
wlan-id ssid-name
WLAN identification number. Enter a value between 1 and 512.
SSID name.
Command Default
OSU SSID name is not configured.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Modification
This command was introduced.
Examples
This example shows how to configure an OSU SSID name:
Cisco Controller > config wlan hotspot hs2 osu legacy-ssid 12 cisco
Cisco Wireless Controller Command Reference, Release 8.4
1141
config wlan hotspot hs2 osu sp create config wlan hotspot hs2 osu sp create
To create the Online Sign Up (OSU) service provider name, use the config wlan hotspot hs2 osu sp create command in WLAN configuration node.
config wlan hotspot hs2 osu sp create wlan-id osu-index lang-code ascii/hex friendly-name [description ]
Syntax Description
wlan-id osu-index lang-code
ascii/hex
friendly-name description
WLAN identification number. Enter a value between 1 and 512.
OSU index. Enter a value between 1 and 16.
Language code. Enter 2 or 3 letters from ISO-639, for example,eng for
English.
Specifies the text format, whether ASCII or Hex.
Service provider name. The maximum limit is 252 characters.
(Optional) Server description. The maximum limit is 252 characters.
Command Default
The OSU service provider name is not configured.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Modification
This command was introduced.
Examples
This example shows how to configure an OSU service provider name:
Cisco Controller > config wlan hotspot hs2 osu sp create 12 2 eng ascii cisco server-1
1142
Cisco Wireless Controller Command Reference, Release 8.4
config wlan hotspot hs2 osu sp delete config wlan hotspot hs2 osu sp delete
To delete the Online Sign Up (OSU) service provider, use the config wlan hotspot hs2 osu sp delete command.
config wlan hotspot hs2 osu sp delete wlan-idosu-index lang-code
Syntax Description
wlan-id osu-index lang-code
WLAN identification number. Enter a value between 1 and 512.
OSU index. Enter a value between 1 and 16.
Language code. Enter 2 or 3 letters from ISO-639, for example, eng for
English.
Command Default
The OSU service provider is configured.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Modification
This command was introduced.
Examples
This example shows how to delete an OSU service provider:
Cisco Controller > config wlan hotspot hs2 osu sp delete 12 2 eng
Cisco Wireless Controller Command Reference, Release 8.4
1143
config wlan hotspot hs2 osu sp icon-file add config wlan hotspot hs2 osu sp icon-file add
To configure an Online Sign Up (OSU) icon file on a particular WLAN, use the config wlan hotspot hs2 osu
sp icon-file add command in WLAN configuration mode.
config wlan hotspot hs2 osu sp icon-file add wlan-idosu-index icon-filename
Syntax Description
wlan-id osu-index icon-filename
WLAN identification number. Enter a value between 1 and 512.
OSU index. Enter a value between 1 and 16.
Filename of the icon.
Command Default
The OSU icon file is not configured.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Modification
This command was introduced.
Usage Guidelines
Before using this command, configure icon parameters using the config icon file-info command.
Examples
This example shows how to configure an OSU icon file on a WLAN:
Cisco Controller > config wlan hotspot hs2 osu sp icon-file add 12 2 test-icon
1144
Cisco Wireless Controller Command Reference, Release 8.4
config wlan hotspot hs2 osu sp icon-file delete config wlan hotspot hs2 osu sp icon-file delete
To delete an Online Sign Up (OSU) icon file from a WLAN, use the config wlan hotspot hs2 osu sp icon-file
delete command in WLAN configuration mode.
config wlan hotspot hs2 osu sp icon-file delete wlan-idosu-index icon-filename
Syntax Description
wlan-id osu-index icon-filename
WLAN identification number. Enter a value between 1 and 512.
OSU index. Enter a value between 1 and 16.
Filename of the icon.
Command Default
The OSU icon file is configured.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Examples
Modification
This command was introduced.
This example shows how to delete an OSU icon file from a WLAN:
Cisco Controller > config wlan hotspot hs2 osu sp icon-file delete 12 2 test-icon
Cisco Wireless Controller Command Reference, Release 8.4
1145
config wlan hotspot hs2 osu sp method add config wlan hotspot hs2 osu sp method add
To configure an Online Sign Up (OSU) method list, use the config wlan hotspot hs2 osu sp method add command in WLAN configuration mode.
config wlan hotspot hs2 osu sp method add wlan-id osu-index method-primary method-secondary
Syntax Description
wlan-id osu-index method-primary method-secondary
WLAN identification number. Enter a value between 1 and 512.
OSU index. Enter a value between 1 and 16.
Primary OSU encoding method. Valid values are: oma-dm or soap-xml.
(Optional) Secondary OSU encoding method. Valid values are: oma-dm or soap-xml.
Command Default
The OSU method list is not configured.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Modification
This command was introduced.
Examples
This example shows how to configure an OSU method list:
Cisco Controller > config wlan hotspot hs2 osu sp method add 12 2 oma-dm oma-dm
1146
Cisco Wireless Controller Command Reference, Release 8.4
config wlan hotspot hs2 osu sp method delete config wlan hotspot hs2 osu sp method delete
To delete an Online Sign Up (OSU) method list, use the config wlan hotspot hs2 osu sp method delete command in WLAN configuration mode.
config wlan hotspot hs2 osu sp method delete wlan-id osu-index method
Syntax Description
wlan-id osu-index method
WLAN identification number. Enter a value between 1 and 512.
OSU index. Enter a value between 1 and 16.
The OSU encoding method. Valid values are oma-dm or soap-xml.
Command Default
The OSU method list is configured.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Modification
This command was introduced.
Examples
This example shows how to delete an OSU method list:
Cisco Controller > config wlan hotspot hs2 osu sp method delete 12 2 oma-dm
Cisco Wireless Controller Command Reference, Release 8.4
1147
config wlan hotspot hs2 osu sp nai add config wlan hotspot hs2 osu sp nai add
To create an Online Sign Up (OSU) Network Access Identifier (NAI), use the config wlan hotspot hs2 osu
sp nai add command in WLAN configuration mode.
config wlan hotspot hs2 osu sp nai add wlan-id osu-index nai
Syntax Description
wlan-id osu-index nai
WLAN identification number. Enter a value between 1 and 512.
OSU index. Enter a value between 1 and 16.
OSU Server NAI. Enter a name within a maximum limit of 255 characters.
Command Default
The OSU NAI is not configured.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Examples
Modification
This command was introduced.
This example shows how to configure an OSU NAI:
Cisco Controller > config wlan hotspot hs2 osu sp nai add 12 2 nai-1
1148
Cisco Wireless Controller Command Reference, Release 8.4
config wlan hotspot hs2 osu sp nai delete config wlan hotspot hs2 osu sp nai delete
To delete an Online Sign Up (OSU) Network Access Identifier (NAI), use the config wlan hotspot hs2 osu
sp nai delete command in WLAN configuration mode.
config wlan hotspot hs2 osu sp nai delete wlan-id osu-index
Syntax Description
wlan-id osu-index
WLAN identification number. Enter a value between 1 and 512.
OSU index. Enter a value between 1 and 16.
Command Default
The OSU NAI is configured.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Examples
Modification
This command was introduced.
This example shows how to delete an OSU NAI:
Cisco Controller > config wlan hotspot hs2 osu sp nai delete 12 2
Cisco Wireless Controller Command Reference, Release 8.4
1149
config wlan hotspot hs2 osu sp uri add config wlan hotspot hs2 osu sp uri add
To create an Online Sign Up (OSU) URI, use the config wlan hotspot hs2 osu sp uri add command in WLAN configuration mode.
config wlan hotspot hs2 osu sp uri add wlan-id osu-index uri
Syntax Description
wlan-id osu-index uri
WLAN identification number. Enter a value between 1 and 512.
OSU index. Enter a value between 1 and 16.
OSU server name. Enter a Uniform Resource Identifier (URI) with a maximum of 255 characters.
Command Default
The OSU URI is not configured.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Examples
Modification
This command was introduced.
This example shows how to create an OSU URI:
Cisco Controller > config wlan hotspot hs2 osu sp uri add 12 2 server
1150
Cisco Wireless Controller Command Reference, Release 8.4
config wlan hotspot hs2 osu sp uri delete config wlan hotspot hs2 osu sp uri delete
To delete an Online Sign Up (OSU) URI, use the config wlan hotspot hs2 osu sp uri delete command.
config wlan hotspot hs2 osu sp uri delete wlan-idosu-index
Syntax Description
wlan-id osu-index
WLAN identification number. Enter a value between 1 and 512.
OSU index. Enter a value between 1 and 16.
Command Default
The OSU URI is configured.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Examples
Modification
This command was introduced.
This example shows how to delete an OSU URI:
Cisco Controller > config wlan hotspot hs2 osu sp uri delete 12 2
Cisco Wireless Controller Command Reference, Release 8.4
1151
config wlan hotspot hs2 wan-metrics downlink config wlan hotspot hs2 wan-metrics downlink
To configure the downlink WAN metrics, use the config wlan hotspot hs2 wan-metrics downlink command in WLAN configuration mode.
config wlan hotspot hs2 wan-metrics downlink wlan-id dlink-speed dlink-load
Syntax Description
wlan-id dlink-speed dlink-load
WLAN identification number. Enter a value between 1 and 512.
WAN backhaul link speed, in Kbps. The range is from 0 to 4,294,967,295.
WAN backhaul link load. The range is from 0 to 100.
Command Default
The downlink WAN metrics are not configured.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Modification
This command was introduced.
Examples
This example shows how to configure downlink WAN metrics:
Cisco Controller > config wlan hotspot hs2 wan-metrics downlink 12 2468 10
1152
Cisco Wireless Controller Command Reference, Release 8.4
config wlan hotspot hs2 wan-metrics link-status config wlan hotspot hs2 wan-metrics link-status
To configure the link status of WAN metrics, use the config wlan hotspot hs2 wan-metrics link-status command in WLAN configuration mode.
config wlan hotspot hs2 wan-metrics link-status wlan-id link-status
Syntax Description
wlan-id link-status
WLAN identification number. Enter a value between 1 and 512.
Link status. Valid values are:
• 0—Unknown
• 1—Up
• 2—Down
• 3—Test
Command Default
The link status is not configured.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Examples
Modification
This command was introduced.
This example shows how to configure the link status of WAN metrics:
Cisco Controller > config wlan hotspot hs2 wan-metrics link-status 12 1
Cisco Wireless Controller Command Reference, Release 8.4
1153
config wlan hotspot hs2 wan-metrics lmd config wlan hotspot hs2 wan-metrics lmd
To configure the load measurement duration of WAN metrics, use the config wlan hotspot hs2 wan-metrics
lmd command in WLAN configuration mode.
config wlan hotspot hs2 wan-metrics lmd wlan-id lmd-value
Syntax Description
wlan-id lmd-value
WLAN identification number. Enter a value between 1 and 512.
Load measurement duration of WAN. The range is from 0 to 65535.
Command Default
Load measurement duration of WAN is not configured.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Modification
This command was introduced.
Examples
This example shows how to configure load measurement duration of WAN metrics:
Cisco Controller > config wlan hotspot hs2 wan-metrics lmd 1 2456
1154
Cisco Wireless Controller Command Reference, Release 8.4
config wlan hotspot hs2 wan-metrics uplink config wlan hotspot hs2 wan-metrics uplink
To configure the uplink WAN metrics, use the config wlan hotspot hs2 wan-metrics uplink command in
WLAN configuration mode.
config wlan hotspot hs2 wan-metrics uplink wlan-id ulink-speed ulink-load
Syntax Description
wlan-id ulink-speed ulink-load
WLAN identification number. Enter a value between 1 and 512.
WAN backhaul link speed, in Kbps. The range is from 0 to 4,294,967,295.
WAN backhaul link load. The range is from 0 to 100.
Command Default
The uplink WAN metrics are not configured.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Modification
This command was introduced.
Examples
This example shows how to configure the uplink WAN metrics:
Cisco Controller > config wlan hotspot hs2 wan-metrics uplink 12 2468 10
Cisco Wireless Controller Command Reference, Release 8.4
1155
config wlan hotspot msap config wlan hotspot msap
To configure the Mobility Service Advertisement Protocol (MSAP) parameters on a WLAN, use the config
wlan hotspot msap command.
config wlan hotspot msap {enable | disable | server-id server_id} wlan_id
Syntax Description enable disable server-id
server_id wlan_id
Enables MSAP on the WLAN.
Disables MSAP on the WLAN.
Specifies the MSAP server id.
MSAP server ID. The range is from 1 to 10.
Wireless LAN identifier from 1 to 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable MSAP on a WLAN:
(Cisco Controller) >
config wlan hotspot msap enable 4
1156
Cisco Wireless Controller Command Reference, Release 8.4
config wlan interface config wlan interface
To configure a wireless LAN interface or an interface group, use the config wlan interface command.
config wlan interface {wlan_id | foreignAp} {interface-name | interface-group-name}
Syntax Description
wlan_id
foreignAp
interface-name interface-group-name
(Optional) Wireless LAN identifier (1 to 512).
Specifies third-party access points.
Interface name.
Interface group name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure an interface named VLAN901:
(Cisco Controller) >
config wlan interface 16 VLAN901
Cisco Wireless Controller Command Reference, Release 8.4
1157
config wlan ipv6 acl config wlan ipv6 acl
To configure IPv6 access control list (ACL) on a wireless LAN, use the config wlan ipv6 acl command.
config wlan ipv6 acl wlan_id acl_name
Syntax Description
wlan_id acl_name
Wireless LAN identifier between 1 and 512.
IPv6 ACL name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure an IPv6 ACL for local switching:
(Cisco Controller) >
config wlan ipv6 acl 22 acl_sample
1158
Cisco Wireless Controller Command Reference, Release 8.4
config wlan kts-cac config wlan kts-cac
To configure the Key Telephone System-based CAC policy for a WLAN, use the config wlan kts-cac command.
config wlan kts-cac {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables the KTS-based CAC policy.
Disables the KTS-based CAC policy.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
To enable the KTS-based CAC policy for a WLAN, ensure that you do the following:
• Configure the QoS profile for the WLAN to Platinum by entering the following command:
config wlan qos wlan-id platinum
• Disable the WLAN by entering the following command:
config wlan disable wlan-id
• Disable FlexConnect local switching for the WLAN by entering the following command:
config wlan flexconnect local-switching wlan-id disable
Examples
The following example shows how to enable the KTS-based CAC policy for a WLAN with the ID 4:
(Cisco Controller) >
config wlan kts-cac enable 4
Cisco Wireless Controller Command Reference, Release 8.4
1159
config wlan layer2 acl config wlan layer2 acl
To configure a Layer 2 access control list (ACL) on a centrally switched WLAN, use the config wlan acl
layer2 command.
config wlan layer2 aclwlan_id {acl_name | none}
Syntax Description
wlan_id acl_name
none
Wireless LAN identifier. The range is from 1 to 512.
Layer2 ACL name. The name can be up to 32 alphanumeric characters.
Clears any Layer2 ACL mapped to the WLAN.
Command Default
None
Command History
Release
7.5
Modification
This command was introduced.
Usage Guidelines
You can create a maximum of 16 rules for a Layer 2 ACL.
You can create a maximum of 64 Layer 2 ACLs on a Cisco WLC.
A maximum of 16 Layer 2 ACLs are supported per access point because an access point supports a maximum of 16 WLANs.
Ensure that the Layer 2 ACL names do not conflict with the FlexConnect ACL names because an access point does not support the same Layer 2 and Layer 3 ACL names.
Examples
The following example shows how to apply a Layer 2 ACL on a WLAN:
(Cisco Controller) >
config wlan layer2 acl 1 acl_l2_1
1160
Cisco Wireless Controller Command Reference, Release 8.4
config wlan ldap config wlan ldap
To add or delete a link to a configured Lightweight Directory Access Protocol (LDAP) server, use the config
wlan ldap command.
config wlan ldap {add wlan_id server_id | delete wlan_id {all | server_id}}
Syntax Description add
wlan_id server_id
delete all
Adds a link to a configured LDAP server.
Wireless LAN identifier between 1 and 512.
LDAP server index.
Removes the link to a configured LDAP server.
Specifies all LDAP servers.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Use this command to specify the LDAP server priority for the WLAN.
To specify the LDAP server priority, one of the following must be configured and enabled:
• 802.1X authentication and Local EAP
• Web authentication and LDAP
Note
Local EAP was introduced in controller software release 4.1; LDAP support on Web authentication was introduced in controller software release 4.2.
Examples
The following example shows how to add a link to a configured LDAP server with the WLAN ID 100 and server ID 4:
(Cisco Controller) >
config wlan ldap add 100 4
Cisco Wireless Controller Command Reference, Release 8.4
1161
config wlan learn-ipaddr-cswlan config wlan learn-ipaddr-cswlan
To configure client IP address learning on a centrally switched WLAN, use theconfig wlan
learn-ipaddr-cswlan command.
config wlan learn-ipaddr-cswlan wlan_id {enable | disable}
Syntax Description
wlan_id
enable disable
Wireless LAN identifier from 1 to 512.
Enables client IPv4 address learning on the centrally switched WLAN
Disables client IPv4 address learning on the centrally switched WLAN
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports only IPv4 address format.
Usage Guidelines
If the client is configured with Layer 2 encryption, the Cisco WLC cannot learn the client IP address and will periodically drop the client. Disable this option so that the Cisco WLC maintains the client connection without waiting to learn the client IP address.
Examples
The following example shows how to enable client IP address learning on a centrally switched WLAN:
(Cisco Controller) >
config wlan learn-ipaddr-cswlan 2 enable
Related Commands show wlan
1162
Cisco Wireless Controller Command Reference, Release 8.4
config wlan load-balance config wlan load-balance
To override the global load balance configuration and enable or disable load balancing on a particular WLAN, use the config wlan load-balance command.
config wlan load-balance allow {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables band selection on a wireless LAN.
Disables band selection on a wireless LAN.
Wireless LAN identifier between 1 and 512.
Command Default
Load balancing is enabled by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable band selection on a wireless LAN with WLAN ID 3:
(Cisco Controller) >
config wlan load-balance allow enable 3
Cisco Wireless Controller Command Reference, Release 8.4
1163
config wlan lobby-admin-access config wlan lobby-admin-access
To provide admin access to the lobby user on a particular WLAN, use the config wlan lobby-admin-access command.
config wlan lobby-admin-access {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables band selection on a wireless LAN.
Disables band selection on a wireless LAN.
Wireless LAN identifier between 1 and 512.
Command Default
Lobby admin user is disabled by default.
Command History
Release
8.4
Modification
This command was introduced.
Examples
The following example shows how to enable lobby admin on a WLAN:
(Cisco Controller) >
config wlan lobby-admin-access enable 2
1164
Cisco Wireless Controller Command Reference, Release 8.4
config wlan mac-filtering config wlan mac-filtering
To change the state of MAC filtering on a wireless LAN, use the config wlan mac-filtering command.
config wlan mac-filtering {enable | disable} {wlan_id | foreignAp}
Syntax Description enable disable
wlan_id
foreignAp
Enables MAC filtering on a wireless LAN.
Disables MAC filtering on a wireless LAN.
Wireless LAN identifier from 1 to 512.
Specifies third-party access points.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the MAC filtering on WLAN ID 1:
(Cisco Controller) >
config wlan mac-filtering enable 1
Cisco Wireless Controller Command Reference, Release 8.4
1165
config wlan max-associated-clients config wlan max-associated-clients
To configure the maximum number of client connections on a wireless LAN, guest LAN, or remote LAN, use the config wlan max-associated-clients command.
config wlan max-associated-clients max_clients wlan_id
Syntax Description
max_clients wlan_id
Maximum number of client connections to be accepted.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to specify the maximum number of client connections on WLAN ID 2:
(Cisco Controller) >
config wlan max-associated-clients 25 2
1166
Cisco Wireless Controller Command Reference, Release 8.4
config wlan max-radio-clients config wlan max-radio-clients
To configure the maximum number of WLAN client per access point, use the config wlan max-radio-clients command.
config wlan max-radio-clients max_radio_clients wlan_id
Syntax Description
max_radio_clients wlan_id
Maximum number of client connections to be accepted per access point radio.
The valid range is from 1 to 200.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to specify the maximum number of client connections per access point radio on WLAN ID 2:
(Cisco Controller) >
config wlan max-radio-clients 25 2
Cisco Wireless Controller Command Reference, Release 8.4
1167
config wlan mdns config wlan mdns
To configure an multicast DNS (mDNS) profile for a WLAN, use the config wlan mdns command.
config wlan mdns {enable | disable | profile {profile-name | none}} {wlan_id | all}
Syntax Description enable disable profile
profile-name
none
wlan_id
all
Enables mDNS snooping on a WLAN.
Disables mDNS snooping on a WLAN.
Configures an mDNS profile for a WLAN.
Name of the mDNS profile to be associated with a WLAN.
Removes all existing mDNS profiles from the WLAN. You cannot configure mDNS profiles on the WLAN.
Wireless LAN identifier from 1 to 512.
Configures the mDNS profile for all WLANs.
Command Default
By default, mDNS snooping is enabled on WLANs.
Command History
Release
7.4
Modification
This command was introduced.
Usage Guidelines
You must disable the WLAN before you use this command. Clients receive service advertisements only for the services associated with the profile. The controller gives the highest priority to the profiles associated to interface groups, followed by the interface profiles, and then the WLAN profiles. Each client is mapped to a profile based on the order of priority.
Examples
The following example shows how to configure an mDNS profile for a WLAN.
(Cisco Controller) >
config wlan mdns profile profile1 1
1168
Cisco Wireless Controller Command Reference, Release 8.4
config wlan media-stream config wlan media-stream
To configure multicast-direct for a wireless LAN media stream, use the config wlan media-stream command.
config wlan media-stream multicast-direct {wlan_id | all} {enable | disable}
Syntax Description multicast-direct
wlan_id
all enable disable
Configures multicast-direct for a wireless LAN media stream.
Wireless LAN identifier between 1 and 512.
Configures the wireless LAN on all media streams.
Enables global multicast to unicast conversion.
Disables global multicast to unicast conversion.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Media stream multicast-direct requires load based Call Admission Control (CAC) to run. WLAN quality of service (QoS) needs to be set to either gold or platinum.
Examples
The following example shows how to enable the global multicast-direct media stream with WLAN ID 2:
(Cisco Controller) >
config wlan media-stream multicast-direct 2 enable
Cisco Wireless Controller Command Reference, Release 8.4
1169
config wlan mfp config wlan mfp
To configure management frame protection (MFP) options for the wireless LAN, use the config wlan mfp command.
config wlan mfp {client [enable | disable] wlan_id | infrastructure protection [enable | disable] wlan_id}
Syntax Description client enable disable
wlan_id
infrastructure protection
Configures client MFP for the wireless LAN.
(Optional) Enables the feature.
(Optional) Disables the feature.
Wireless LAN identifier (1 to 512).
(Optional) Configures the infrastructure MFP for the wireless LAN.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure client management frame protection for WLAN ID 1:
(Cisco Controller) >
config wlan mfp client enable 1
1170
Cisco Wireless Controller Command Reference, Release 8.4
config wlan mobility anchor config wlan mobility anchor
To change the state of MAC filtering on a wireless LAN, use the config wlan mobility anchor command.
config wlan mobility anchor {add | delete} wlan_id ip_addr priority priority-number
Syntax Description add delete
wlan_id ip_addr
priority
priority-number
Enables MAC filtering on a wireless LAN.
Disables MAC filtering on a wireless LAN.
Wireless LAN identifier between 1 and 512.
Member switch IPv4 address for anchoring the wireless LAN.
Sets priority to the anchored wireless LAN IP address.
Range between 1 to 3.
Command Default
None
Command History
Release
7.6
8.0
8.1
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports only IPv4 address format.
prioritypriority number parameter introduced.
Examples
The following example shows how to configure and set priority to the mobility wireless LAN anchor list with
WLAN ID 4 and IPv4 address 192.168.0.14
(Cisco Controller) >
config wlan mobility anchor add 4 192.168.0.14 priority 1
Related Commands show wlan
Cisco Wireless Controller Command Reference, Release 8.4
1171
config wlan mobility foreign-map config wlan mobility foreign-map
To configure interfaces or interface groups for foreign Cisco WLCs, use the config wlan mobility foreign-map command.
config wlan mobility foreign-map {add | delete} wlan_id foreign_mac_address {interface_name |
interface_group_name}
Syntax Description add delete
wlan_id foreign_mac_address interface_name interface_group_name
Adds an interface or interface group to the map of foreign controllers.
Deletes an interface or interface group from the map of foreign controllers.
Wireless LAN identifier from 1 to 512.
Foreign switch MAC address on a WLAN.
Interface name up to 32 alphanumeric characters.
Interface group name up to 32 alphanumeric characters.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to add an interface group for foreign Cisco WLCs with WLAN ID 4 and a foreign switch MAC address on WLAN 00:21:1b:ea:36:60:
(Cisco Controller) >
config wlan mobility foreign-map add 4 00:21:1b:ea:36:60 mygroup1
1172
Cisco Wireless Controller Command Reference, Release 8.4
config wlan multicast buffer config wlan multicast buffer
To configure the radio multicast packet buffer size, use the config wlan multicast buffer command.
config wlan multicast buffer {enable | disable} buffer-size
Syntax Description enable disable
buffer-size wlan_id
Enables the multicast interface feature for a wireless LAN.
Disables the multicast interface feature on a wireless LAN.
Radio multicast packet buffer size. The range is from 30 to 60. Enter 0 to indicate
APs will dynamically adjust the number of buffers allocated for multicast.
Wireless LAN identifier between 1 and 512.
Command Default
The default buffer size is 30
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure radio multicast buffer settings:
(Cisco Controller) >
config wlan multicast buffer enable 45 222
Cisco Wireless Controller Command Reference, Release 8.4
1173
config wlan multicast interface config wlan multicast interface
To configure a multicast interface for a wireless LAN, use the config wlan multicast interface command.
config wlan multicast interface wlan_id {enable | disable} interface_name
Syntax Description
wlan_id
enable delete
interface_name
Wireless LAN identifier between 1 and 512.
Enables multicast interface feature for a wireless LAN.
Disables multicast interface feature on a wireless LAN.
Interface name.
Note
The interface name can only be specified in lower case characters.
Command Default
Multicast is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the multicast interface feature for a wireless LAN with WLAN
ID 4 and interface name myinterface1:
(Cisco Controller) >
config wlan multicast interface 4 enable myinterface1
1174
Cisco Wireless Controller Command Reference, Release 8.4
config wlan mu-mimo config wlan mu-mimo
To enable Multi-User, Multiple-Input, Multiple-Output (MU-MIMO) on a WLAN, enter the config wlan
mu-mimo command.
config wlan mu-mimo {enable | disable} wlan-id
Syntax Description
enable wlan-id
disable wlan-id
Enables MU-MIMO on the WLAN that is specified
Disables MU-MIMO on the WLAN that is specified
Command History
Release
8.1
Modification
This command was introduced.
Cisco Wireless Controller Command Reference, Release 8.4
1175
config wlan nac config wlan nac
To enable or disable Network Admission Control (NAC) out-of-band support for a WLAN, use the config
wlan nac command.
config wlan nac {snmp | radius} {enable | disable} wlan_id
Syntax Description snmp radius enable disable
wlan_id
Configures SNMP NAC support.
Configures RADIUS NAC support.
Enables NAC for the WLAN.
Disables NAC for the WLAN.
WLAN identifier from 1 to 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You should enable AAA override before you enable the RADIUS NAC state. You also should disable
FlexConnect local switching before you enable the RADIUS NAC state.
Examples
The following example shows how to configure SNMP NAC support for WLAN 13:
(Cisco Controller) >
config wlan nac snmp enable 13
The following example shows how to configure RADIUS NAC support for WLAN 34:
(Cisco Controller) >
config wlan nac radius enable 20
1176
Cisco Wireless Controller Command Reference, Release 8.4
config wlan override-rate-limit config wlan override-rate-limit
To override the bandwidth limits for upstream and downstream traffic per user and per service set identifier
(SSID) defined in the QoS profile, use the config wlan override-rate-limit command.
config wlan override-rate-limit wlan_id { average-data-rate | average-realtime-rate | burst-data-rate |
burst-realtime-rate } { per-ssid | per-client } { downstream | upstream } rate
Syntax Description
wlan_id
average-data-rate average-realtime-rate burst-data-rate burst-realtime-rate per-ssid per-client downstream upstream
rate
Wireless LAN identifier between 1 and 512.
Specifies the average data rate for TCP traffic per user or per SSID. The range is from 0 to 51,2000 Kbps.
Specifies the average real-time data rate for UDP traffic per user or per SSID. The range is from 0 to 51,2000 Kbps.
Specifies the peak data rate for TCP traffic per user or per
SSID. The range is from 0 to 51,2000 Kbps.
Specifies the peak real-time data rate for UDP traffic per user or per SSID. The range is from 0 to 51,2000 Kbps.
Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
Configures the rate limit for each client associated with the
SSID.
Configures the rate limit for downstream traffic.
Configures the rate limit for upstream traffic.
Data rate for TCP or UDP traffic per user or per SSID. The range is form 0 to 51,2000 Kbps. A value of 0 imposes no bandwidth restriction on the QoS profile.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
1177
config wlan override-rate-limit
Usage Guidelines
The rate limits are enforced by the controller and the AP. For central switching, the controller handles the downstream enforcement of per-client rate limit and the AP handles the enforcement of the upstream traffic and per-SSID rate limit for downstream traffic. When the AP enters standalone mode it handles the downstream enforcement of per-client rate limits too.
In FlexConnect local switching and standalone modes, per-client and per-SSID rate limiting is done by the
AP for downstream and upstream traffic. However, in FlexConnect standalone mode, the configuration is not saved on the AP, so when the AP reloads, the configuration is lost and rate limiting does not happen after reboot.
For roaming clients, if the client roams between the APs on the same controller, same rate limit parameters are applied on the client. However, if the client roams from an anchor to a foreign controller, the per-client downstream rate limiting uses the parameters configured on the anchor controller while upstream rate limiting uses the parameters of the foreign controller.
Examples
The following example shows how to configure the burst real-time actual rate 2000 Kbps for the upstream traffic per SSID:
(Cisco Controller) >
config wlan override-rate-limit 2 burst-realtime-rate per-ssid upstream
2000
1178
Cisco Wireless Controller Command Reference, Release 8.4
config wlan opendns-mode config wlan opendns-mode
To configure WLAN OpenDNS mode to force or copy or ignore the DNS to OpenDNS server access, use the
config wlan opendns-modecommand.
config wlan opendns-mode wlan-id { ignore|force|copy}
Syntax Description
wlan-id
ignore force copy
Wireless LAN (WLAN) identifier.
Ignores the OpenDNS mode.
Forces the OpenDNS mode.
Copies the OpenDNS mode.
Command Modes
(Controller Configuration) >
Command History
Release
8.4
Modification
This command was introduced.
Examples
The following example shows how to configure per WLAN OpenDNS mode to copy DNS to OpenDNS server:
(Cisco Controller) > config wlan opendns-mode wlan1 copy
Cisco Wireless Controller Command Reference, Release 8.4
1179
config wlan opendns-profile config wlan opendns-profile
To configure per WLAN OpenDNS profile to force or copy or ignore the Domain Name System (DNS) to
OpenDNS server access, use the config wlan opendns-profile command.
config wlan opendns profile wlan-id profile-name {enable | disable}
Syntax Description
wlan-id profile-name
enable disable
Wireless LAN network.
OpenDNS profile name used for tracking this profile.
Maps OpenDNS identity.
Removes OpenDNS identity.
Command Modes
(Controller Configuration) >
Command History
Release
8.4
Modification
This command was introduced.
Usage Guidelines
None
Examples
The following example shows how to configure a WLAN on OpenDNS profile to force the DNS to OpenDNS server:
(Cisco Controller) > config wlan opendns-profile wlan1 user1 enable
1180
Cisco Wireless Controller Command Reference, Release 8.4
config wlan passive-client config wlan passive-client
To configure passive-client feature on a wireless LAN, use the config wlan passive-client command.
config wlan passive-client {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables the passive-client feature on a WLAN.
Disables the passive-client feature on a WLAN.
WLAN identifier between 1 and 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You need to enable the global multicast mode and multicast-multicast mode by using the config network
multicast global and config network multicast mode commands before entering this command.
Note
You should configure the multicast in multicast-multicast mode only not in unicast mode. The passive client feature does not work with multicast-unicast mode in this release.
Examples
The following example shows how to configure the passive client on wireless LAN ID 2:
(Cisco Controller) >
config wlan passive-client enable 2
Cisco Wireless Controller Command Reference, Release 8.4
1181
config wlan peer-blocking config wlan peer-blocking
To configure peer-to-peer blocking on a WLAN, use the config wlan peer-blocking command.
config wlan peer-blocking {disable | drop | forward-upstream} wlan_id
Syntax Description disable drop forward-upstream
wlan_id
Disables peer-to-peer blocking and bridge traffic locally within the controller whenever possible.
Causes the controller to discard the packets.
Causes the packets to be forwarded on the upstream VLAN. The device above the controller decides what action to take regarding the packets.
WLAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to disable the peer-to-peer blocking for WLAN ID 1:
(Cisco Controller) >
config wlan peer-blocking disable 1
1182
Cisco Wireless Controller Command Reference, Release 8.4
config wlan pmipv6 default-realm config wlan pmipv6 default-realm
To configure a default realm for a PMIPv6 WLAN, use the config wlan pmipv6 default-realm command.
config wlan pmipv6 default-realm { default-realm-name | none } wlan_id
Syntax Description
default-realm-name
Default realm name for the WLAN.
none
wlan_id
Clears the realm name for the WLAN.
Wireless LAN identifier between 1 and 512.
Command Default
None.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure a default realm name on a PMIPv6 WLAN:
(Cisco Controller) >
config wlan pmipv6 default-realm XYZ 6
Cisco Wireless Controller Command Reference, Release 8.4
1183
config wlan pmipv6 mobility-type config wlan pmipv6 mobility-type
To configure the mobility type on a WLAN, use the config wlan pmipv6 mobility-type command.
config wlan pmipv6 mobility-type {none | pmipv6 } { wlan_id | all }
Syntax Description none pmipv6 all
wlan_id
Configures a WLAN with Simple IP mobility.
Configures a WLAN with PMIPv6 mobility.
Enables the specified type of mobility for all WLANs.
WLAN identifier between 1 and 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You must disable the WLAN when you configure the mobility type.
Examples
The following example shows how to configure the mobility type as PMIPv6 on a WLAN:
(Cisco Controller) >
config wlan pmipv6 mobility-type pmipv6 16
1184
Cisco Wireless Controller Command Reference, Release 8.4
config wlan pmipv6 profile_name config wlan pmipv6 profile_name
To configure a profile name for the PMIPv6 WLAN, use the config wlan pmipv6 profile_name command.
config wlan pmipv6 profile_name profile_name wlan_id
Syntax Description
profile_name wlan_id
Profile name for the PMIPv6 WLAN.
Wireless LAN identifier from 1 to 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This command binds a profile name to the PMIPv6 WLAN or SSID. Each time that a mobile node associates with the controller, it uses the profile name and NAI in the trigger to the PMIPV6 module. The PMIPV6 module extracts all the profile specific parameters such as LMA IP, APN, and NAI and sends the PBU to the
ASR5K.
Examples
The following example shows how to create a profile named ABC01 on a PMIPv6 WLAN:
(Cisco Controller) >
config wlan pmipv6 profile_name ABC01 16
Cisco Wireless Controller Command Reference, Release 8.4
1185
config wlan policy config wlan policy
To configure a policy on a WLAN, use the config wlan policy command.
config wlan policy {add | delete} priority-index wlan-id
Syntax Description add delete
priority-index policy_name wlan-id
Adds a policy on a WLAN.
Deletes an existing policy from a WLAN.
Priority index of the policy to be configured on the WLAN. The policies are applied to the clients according to the priority index.
The range is from 1 to 16.
Name of the profiling policy.
WLAN identifier from 1 to 512.
Command Default
There is no WLAN policy.
Command History
Release
7.5
Modification
This command was introduced.
Usage Guidelines
You can apply up to 16 policies on a WLAN.
Examples
The following example shows how to configure a policy on a WLAN:
(Cisco Controller) >
config wlan policy add 1 teacher_policy 1
1186
Cisco Wireless Controller Command Reference, Release 8.4
config wlan profiling config wlan profiling
To configure client profiling on a WLAN, use the config wlan profiling command.
config wlan profiling {local | radius} {all | dhcp | http} {enable | disable} wlan_id
Syntax Description local radius all dhcp http enable disable
wlan_id
Configures client profiling in Local mode for a WLAN.
Configures client profiling in RADIUS mode on a WLAN.
Configures DHCP and HTTP client profiling in a WLAN.
Configures DHCP client profiling alone in a WLAN.
Configures HTTP client profiling in a WLAN.
Enables the specific type of client profiling in a WLAN.
When you enable HTTP profiling, the Cisco WLC collects the HTTP attributes of clients for profiling.
When you enable DHCP profiling, the Cisco WLC collects the DHCP attributes of clients for profiling.
Disables the specific type of client profiling in a WLAN.
Wireless LAN identifier from 1 to 512.
Usage Guidelines
Ensure that you have disabled the WLAN before configuring client profiling on the WLAN.
Command Default
Client profiling is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Only clients connected to port 80 for HTTP can be profiled. IPv6 only clients are not profiled.
If a session timeout is configured for a WLAN, clients must send the HTTP traffic before the configured timeout to get profiled.
This feature is not supported on the following:
• FlexConnect Standalone mode
Cisco Wireless Controller Command Reference, Release 8.4
1187
config wlan profiling
Examples
• FlexConnect Local Authentication
The following example shows how to enable both DHCP and HTTP profiling on a WLAN:
(Cisco Controller) >
config wlan profiling radius all enable 6
HTTP Profiling successfully enabled.
DHCP Profiling successfully enabled.
1188
Cisco Wireless Controller Command Reference, Release 8.4
config wlan qos config wlan qos
To change the quality of service (QoS) for a wireless LAN, use the config wlan qos command.
config wlan qos wlan_id {bronze | silver | gold | platinum}
config wlan qos foreignAp {bronze | silver | gold | platinum}
Syntax Description
wlan_id
bronze silver gold platinum foreignAp
Wireless LAN identifier between 1 and 512.
Specifies the bronze QoS policy.
Specifies the silver QoS policy.
Specifies the gold QoS policy.
Specifies the platinum QoS policy.
Specifies third-party access points.
Command Default
The default QoS policy is silver.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to set the highest level of service on wireless LAN 1:
(Cisco Controller) >
config wlan qos 1 gold
Cisco Wireless Controller Command Reference, Release 8.4
1189
config wlan radio config wlan radio
To set the Cisco radio policy on a wireless LAN, use the config wlan radio command.
config wlan radio wlan_id {all | 802.11a | 802.11bg | 802.11g | 802.11ag}
Syntax Description
wlan_id
all
802.11a
802.11bg
802.11g
Wireless LAN identifier between 1 and 512.
Configures the wireless LAN on all radio bands.
Configures the wireless LAN on only 802.11a.
Configures the wireless LAN on only 802.11b/g (only 802.11b if 802.11g is disabled).
Configures the wireless LAN on 802.11g only.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the wireless LAN on all radio bands:
(Cisco Controller) >
config wlan radio 1 all
1190
Cisco Wireless Controller Command Reference, Release 8.4
config wlan radius_server acct config wlan radius_server acct
To configure RADIUS accounting servers of a WLAN, use the config wlan radius_server acct command.
config wlan radius_server acct {enable | disable} wlan_id | add wlan_id server_id | delete wlan_id {all |
server_id} | framed-ipv6 { address | both | prefix } wlan_id}
Syntax Description enable disable
wlan_id
add
server_id
delete address both prefix
Enables RADIUS accounting for the WLAN.
Disables RADIUS accounting for the WLAN.
Wireless LAN identifier from 1 to 512.
Adds a link to a configured RADIUS accounting server.
RADIUS server index.
Deletes a link to a configured RADIUS accounting server.
Configures an accounting framed IPv6 attribute to an IPv6 address.
Configures the accounting framed IPv6 attribute to an IPv6 address and prefix.
Configures the accounting framed IPv6 attribute to an IPv6 prefix.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable RADIUS accounting for the WLAN 2:
(Cisco Controller) >
config wlan radius_server acct enable 2
The following example shows how to add a link to a configured RADIUS accounting server:
(Cisco Controller) >
config wlan radius_server acct add 2 5
Cisco Wireless Controller Command Reference, Release 8.4
1191
config wlan radius_server acct interim-update config wlan radius_server acct interim-update
To configure the interim update of a RADIUS accounting server of a WLAN, use the config wlan
radius_server acct interim-update command.
config wlan radius_serveracctinterim-update {interval | enable | disable} wlan_id
Syntax Description interim-update
interval
enable disable
wlan_id
Configures the interim update of the RADIUS accounting server.
Interim update interval that you specify. The valid range is 180 seconds to 3600 seconds.
Enables interim update of the RADIUS accounting server for the WLAN.
Disables interim update of the RADIUS accounting server for the WLAN.
Wireless LAN identifier between 1 and 512.
Command Default
Interim update of a RADIUS accounting sever is set at 600 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to specify an interim update of 200 seconds to a RADIUS accounting server of WLAN 2:
(Cisco Controller) >
config wlan radius_server acct interim-update 200 2
1192
Cisco Wireless Controller Command Reference, Release 8.4
config wlan radius_server auth config wlan radius_server auth
To configure RADIUS authentication servers of a WLAN, use the config wlan radius_server auth command.
config wlan radius_server auth {enable wlan_id | disable wlan_id} {add wlan_id server_id | delete wlan_id
{all | server_id}}
Syntax Description auth enable
wlan_id
disable add
server_id
delete all
Configures a RADIUS authentication
Enables RADIUS authentication for this WLAN.
Wireless LAN identifier from 1 to 512.
Disables RADIUS authentication for this WLAN.
Adds a link to a configured RADIUS server.
RADIUS server index.
Deletes a link to a configured RADIUS server.
Deletes all links to configured RADIUS servers.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to add a link to a configured RADIUS authentication server with WLAN
ID 1 and Server ID 1:
(Cisco Controller) >
config wlan radius_server auth add 1 1
Cisco Wireless Controller Command Reference, Release 8.4
1193
config wlan radius_server acct interim-update config wlan radius_server acct interim-update
To configure a wireless LAN’s RADIUS servers, use the config wlan radius_server acct interim-update command.
config wlan radius_serveracct interim-update {enable wlan_id | disable wlan_id} {interval wlan_id}
Syntax Description enable
wlan_id
disable
interval
Enables RADIUS authentication or accounting for this WLAN.
Wireless LAN identifier between 1 and 512.
Disables RADIUS authentication or accounting for this WLAN.
Accounting interim interval between 180 to 3600 seconds.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This command helps to set some time as a default if the timeout interval is not specified.
Examples
The following example shows how to force the 10 minutes as the default, if timeout interval is not specified:
(Cisco Controller) >
config wlan radius_server acct interim-update 600 1
1194
Cisco Wireless Controller Command Reference, Release 8.4
config wlan radius_server overwrite-interface config wlan radius_server overwrite-interface
To configure a wireless LAN’s RADIUS dynamic interface, use the config wlan radius_server
overwrite-interface command.
config wlan radius_server overwrite-interface {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables RADIUS dynamic interface for this WLAN.
Disables RADIUS dynamic interface for this WLAN.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The controller uses the management interface as identity. If the RADIUS server is on a directly connected dynamic interface, the traffic is sourced from the dynamic interface. Otherwise, the management IP address is used.
If the feature is enabled, controller uses the interface specified on the WLAN configuration as identity and source for all RADIUS related traffic on the WLAN.
Examples
The following example shows how to enable RADIUS dynamic interface for a WLAN with an ID 1:
(Cisco Controller) >
config wlan radius_server overwrite-interface enable 1
Cisco Wireless Controller Command Reference, Release 8.4
1195
config wlan radius_server realm config wlan radius_server realm
To configure realm on a WLAN, use the config wlan radius_server realm command.
config wlan radius_serverrealm{enable | disable} wlan-id
Syntax Description
radius_server
enable disable
wlan-id
Radius server index. The range is from 1 to 17.
Enable realm on a WLAN.
Disable realm on a WLAN.
WLAN ID. The range is from 1 to 512.
Command Default
None
Command History
Examples
Release
8.0
Modification
This command was introduced.
The following example shows how to enable realm on a WLAN:
(Cisco Controller) >
config wlan 2 realm enable 50
1196
Cisco Wireless Controller Command Reference, Release 8.4
config wlan roamed-voice-client re-anchor config wlan roamed-voice-client re-anchor
To configure a roamed voice client’s reanchor policy, use the config wlan roamed-voice-client re-anchor command.
config wlan roamed-voice-client re-anchor {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables the roamed client’s reanchor policy.
Disables the roamed client’s reanchor policy.
Wireless LAN identifier between 1 and 512.
Command Default
The roamed client reanchor policy is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable a roamed voice client’s reanchor policy where WLAN ID is 1:
(Cisco Controller) >
config wlan roamed-voice-client re-anchor enable 1
Cisco Wireless Controller Command Reference, Release 8.4
1197
config wlan security 802.1X
config wlan security 802.1X
To change the state of 802.1X security on the wireless LAN Cisco radios, use the config wlan security 802.1X command.
config wlan security 802.1X {enable {wlan_id | foreignAp} | disable {wlan_id | foreignAp} | encryption
{wlan_id | foreignAp} {0 | 40 | 104} | on-macfilter-failure {enable | disable}}
Syntax Description enable
wlan_id
foreignAp disable encryption
0
40
104 on-macfilter-failure enable disable
Enables the 802.1X settings.
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
Disables the 802.1X settings.
Specifies the static WEP keys and indexes.
Specifies a WEP key size of 0 (no encryption) bits. The default value is 104.
Note
All keys within a wireless LAN must be the same size.
Specifies a WEP key size of 40 bits. The default value is 104.
Note
All keys within a wireless LAN must be the same size.
Specifies a WEP key size of 104 bits. The default value is 104.
Note
All keys within a wireless LAN must be the same size.
Configures 802.1X on MAC filter failure.
Enables 802.1X authentication on MAC filter failure.
Disables 802.1X authentication on MAC filter failure.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
1198
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security 802.1X
Usage Guidelines
To change the encryption level of 802.1X security on the wireless LAN Cisco radios, use the following key sizes:
• 0—no 802.1X encryption.
• 40—40/64-bit encryption.
• 104—104/128-bit encryption. (This is the default encryption setting.)
Examples
The following example shows how to configure 802.1X security on WLAN ID 16.
(Cisco Controller) >
config wlan security 802.1X enable 16
Cisco Wireless Controller Command Reference, Release 8.4
1199
config wlan security ckip config wlan security ckip
To configure Cisco Key Integrity Protocol (CKIP) security options for the wireless LAN, use the config wlan
security ckip command.
config wlan security ckip {enable | disable} wlan_id [akm psk set-key {hex | ascii} {40 | 104} key
key_index wlan_id | mmh-mic {enable | disable} wlan_id | kp {enable | disable} wlan_id]
Syntax Description enable disable
wlan_id
Wireless LAN identifier from 1 to 512.
akm psk set-key
(Optional) Configures encryption key management for the CKIP wireless LAN.
hex ascii
Specifies a hexadecimal encryption key.
Specifies an ASCII encryption key.
40
Enables CKIP security.
Disables CKIP security.
104 key
Sets the static encryption key length to 40 bits for the CKIP WLAN. 40-bit keys must contain 5 ASCII text characters or 10 hexadecimal characters.
Sets the static encryption key length to 104 bits for the CKIP WLAN. 104-bit keys must contain 13 ASCII text characters or 26 hexadecimal characters.
Specifies the CKIP WLAN key settings.
Configured PSK key index.
key_index
mmh-mic kp
(Optional) Configures multi-modular hash message integrity check (MMH MIC) validation for the CKIP wireless LAN.
(Optional) Configures key-permutation for the CKIP wireless LAN.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
1200
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security ckip
Examples
The following example shows how to configure a CKIP WLAN encryption key of 104 bits (26 hexadecimal characters) for PSK key index 2 on WLAN 03:
(Cisco Controller) >
config wlan security ckip akm psk set-key hex 104 key 2 03
Cisco Wireless Controller Command Reference, Release 8.4
1201
config wlan security cond-web-redir config wlan security cond-web-redir
To enable or disable conditional web redirect, use the config wlan security cond-web-redir command.
config wlan security cond-web-redir {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables conditional web redirect.
Disables conditional web redirect.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the conditional web direct on WLAN ID 2:
(Cisco Controller) >
config wlan security cond-web-redir enable 2
1202
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security eap-params config wlan security eap-params
To configure local EAP timers on a WLAN, use the config wlan security eap-params command.
config wlan security eap-params{ {enable| disbale} | eapol-key-timeouttimeout| eap-key-retries retries
| identity-request-timeout timeout | identity-request-retries retries | request-timeout timeout | request-retries
retries}wlan_id
Syntax Description
{enable |disable }
eapol-key-timeout timeout
eapol-key-retries retries
identity-request- timeout timeout
identity-request-retries retries
request-timeout
request-retriesretries
Specifies to enable or disable SSID specific EAP timeouts or retries. The default value is disabled.
Specifies the amount of time (200 to 5000 milliseconds) that the controller attempts to send an
EAP key over the WLAN to wireless clients using local EAP. The valid range is 200 to 5000 milliseconds.
The default value is 1000 milliseconds.
Specifies the maximum number of times (0 to 4 retries) that the controller attempts to send an EAP key over the WLAN to wireless clients using local
EAP.
The default value is 2.
Specifies the amount of time (1 to 120 seconds) that the controller attempts to send an EAP identity request to wireless clients within WLAN using local EAP.
The default value is 30 seconds.
Specifies the maximum number of times (0 to 4 retries) that the controller attempts to retransmit the
EAP identity request to wireless clients within WLAN using local EAP.
The default value is 2.
Specifies the amount of time (1 to 120 seconds) in which the controller attempts to send an EAP parameter request to wireless clients within WLAN using local EAP.
The default value is 30 seconds.
Specifies the maximum number of times (0 to 20 retries) that the controller attempts to retransmit the
EAP parameter request to wireless clients within
WLAN using local EAP.
The default value is 2.
Cisco Wireless Controller Command Reference, Release 8.4
1203
config wlan security eap-params
wlan-id
WLAN identification number.
Command Default
The default EAPOL key timeout is 1000 milliseconds.
The default for EAPOL key retries is 2.
The default identity request timeout is 30 seconds.
The default identity request retries is 2.
The default request timeout is 30 seconds.
The default request retries is 2.
Command History
Release
7.6
Modification
This command was introduced.
Examples
The following example shows how to enable SSID specific EAP parameters on a WLAN:
(Cisco Controller) >
config wlan security eap-params enable 4
The following example shows how to set EAPOL key timeout parameter on a WLAN:
(Cisco Controller) >
config wlan security eap-params eapol-key-retries 4
The following example shows how to set EAPOL key retries on a WLAN:
(Cisco Controller) >
config wlan security eap-params eapol-key-retries 4
1204
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security eap-passthru config wlan security eap-passthru
To configure the 802.1X frames pass through on to the external authenticator, use the config wlan security
eap-passthru command.
config wlan security eap-passthru {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables 802.1X frames pass through to external authenticator.
Disables 802.1X frames pass through to external authenticator.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the 802.1X frames pass through to external authenticator on
WLAN ID 2:
(Cisco Controller) >
config wlan security eap-passthru enable 2
Cisco Wireless Controller Command Reference, Release 8.4
1205
config wlan security ft config wlan security ft
To configure 802.11r Fast Transition Roaming parameters, use the config wlan security ft command.
config wlan security ft {adaptive | enable | disable | reassociation-timeout timeout-in-seconds} wlan_id
Syntax Description adaptive enable disable reassociation-timeout
timeout-in-seconds wlan_id
Configures 802.11r Fast Transition Roaming adaptive support. This is the default option.
Enables 802.11r Fast Transition Roaming support.
Disables 802.11r Fast Transition Roaming support.
Configures reassociation deadline interval.
Reassociation timeout value, in seconds. The valid range is 1 to 100 seconds.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Release
7.6
8.3
Modification
This command was introduced in a release earlier than Release 7.6.
This command was modified. The adaptive keyword was added.
Usage Guidelines
Ensure that you have disabled the WLAN before you proceed.
Examples
The following example shows how to enable 802.11r Fast Transition Roaming support on WLAN 2:
(Cisco Controller) >
config wlan security ft enable 2
The following example shows how to set a reassociation timeout value of 20 seconds for 802.11r Fast Transition
Roaming support on WLAN 2:
(Cisco Controller) >
config wlan security ft reassociation-timeout 20 2
1206
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security ft over-the-ds config wlan security ft over-the-ds
To configure 802.11r fast transition parameters over a distributed system, use the config wlan security ft
over-the-ds command.
config wlan security ft over-the-ds {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables 802.11r fast transition roaming support over a distributed system.
Disables 802.11r fast transition roaming support over a distributed system.
Wireless LAN identifier between 1 and 512.
Command Default
Enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Ensure that you have disabled the WLAN before you proceed.
Ensure that 802.11r fast transition is enabled on the WLAN.
Examples
The following example shows how to enable 802.11r fast transition roaming support over a distributed system on WLAN ID 2:
(Cisco Controller) >
config wlan security ft over-the-ds enable 2
Cisco Wireless Controller Command Reference, Release 8.4
1207
config wlan security IPsec disable config wlan security IPsec disable
To disable IPsec security, use the config wlan security IPsec disable command.
config wlan security IPsec disable {wlan_id | foreignAp}
Syntax Description
wlan_id
foreignAp
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to disable the IPsec for WLAN ID 16:
(Cisco Controller) >
config wlan security IPsec disable 16
1208
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security IPsec enable config wlan security IPsec enable
To enable IPsec security, use the config wlan security IPsec enable command.
config wlan security IPsec enable {wlan_id | foreignAp}
Syntax Description
wlan_id
foreignAp
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the IPsec for WLAN ID 16:
(Cisco Controller) >
config wlan security IPsec enable 16
Cisco Wireless Controller Command Reference, Release 8.4
1209
config wlan security IPsec authentication config wlan security IPsec authentication
To modify the IPsec security authentication protocol used on the wireless LAN, use the config wlan security
IPsec authentication command.
config wlan security IPsec authentication {hmac-md5 | hmac-sha-1} {wlan_id | foreignAp}
Syntax Description hmac-md5 hmac-sha-1
wlan_id
foreignAp
Specifies the IPsec HMAC-MD5 authentication protocol.
Specifies the IPsec HMAC-SHA-1 authentication protocol.
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the IPsec HMAC-SHA-1 security authentication parameter for WLAN ID 1:
(Cisco Controller) >
config wlan security IPsec authentication hmac-sha-1 1
1210
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security IPsec encryption config wlan security IPsec encryption
To modify the IPsec security encryption protocol used on the wireless LAN, use the config wlan security
IPsec encryption command.
config wlan security IPsec encryption {3des | aes | des} {wlan_id | foreignAp}
Syntax Description
3des aes des
wlan_id
foreignAp
Enables IPsec 3DES encryption.
Enables IPsec AES 128-bit encryption.
Enables IPsec DES encryption.
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the IPsec AES encryption:
(Cisco Controller) >
config wlan security IPsec encryption aes 1
Cisco Wireless Controller Command Reference, Release 8.4
1211
config wlan security IPsec config config wlan security IPsec config
To configure the proprietary Internet Key Exchange (IKE) CFG-Mode parameters used on the wireless LAN, use the config wlan security IPsec config command.
config wlan security IPsec config qotd ip_address {wlan_id | foreignAp}
Syntax Description qotd
ip_address wlan_id
foreignAp
Configures the quote-of-the day server IP for cfg-mode.
Quote-of-the-day server IP for cfg-mode.
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
IKE is used as a method of distributing the session keys (encryption and authentication), as well as providing a way for the VPN endpoints to agree on how the data should be protected. IKE keeps track of connections by assigning a bundle of Security Associations (SAs), to each connection.
Examples
The following example shows how to configure the quote-of-the-day server IP 44.55.66.77 for cfg-mode for
WLAN 1:
(Cisco Controller) >
config wlan security IPsec config qotd 44.55.66.77 1
1212
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security IPsec ike authentication config wlan security IPsec ike authentication
To modify the IPsec Internet Key Exchange (IKE) authentication protocol used on the wireless LAN, use the
config wlan security IPsec ike authentication command.
config wlan security IPsec ike authentication {certificates {wlan_id | foreignAp} | pre-share-key {wlan_id
| foreignAp} key | xauth-psk {wlan_id | foreignAp} key}
Syntax Description certificates
wlan_id
foreignAp pre-share-key xauth-psk
key
Enables the IKE certificate mode.
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
Enables the IKE Xauth with preshared keys.
Enables the IKE preshared key.
Key required for preshare and xauth-psk.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the IKE certification mode:
(Cisco Controller) >
config wlan security IPsec ike authentication certificates 16
Cisco Wireless Controller Command Reference, Release 8.4
1213
config wlan security IPsec ike dh-group config wlan security IPsec ike dh-group
To modify the IPsec Internet Key Exchange (IKE) Diffie Hellman group used on the wireless LAN, use the
config wlan security IPsec ike dh-group command.
config wlan security IPsec ike dh-group {wlan_id | foreignAp} {group-1 | group-2 | group-5}
Syntax Description
wlan_id
foreignAp group-1 group-2 group-5
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
Specifies DH group 1 (768 bits).
Specifies DH group 2 (1024 bits).
Specifies DH group 5 (1536 bits).
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the Diffe Hellman group parameter for group-1:
(Cisco Controller) >
config wlan security IPsec ike dh-group 1 group-1
1214
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security IPsec ike lifetime config wlan security IPsec ike lifetime
To modify the IPsec Internet Key Exchange (IKE) lifetime used on the wireless LAN, use the config wlan
security IPsec ike lifetime command.
config wlan security IPsec ike lifetime {wlan_id | foreignAp} seconds
Syntax Description
wlan_id
foreignAp
seconds
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
IKE lifetime in seconds, between 1800 and 345600.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the IPsec IKE lifetime use on the wireless LAN:
(Cisco Controller) >
config wlan security IPsec ike lifetime 1 1900
Cisco Wireless Controller Command Reference, Release 8.4
1215
config wlan security IPsec ike phase1 config wlan security IPsec ike phase1
To modify IPsec Internet Key Exchange (IKE) Phase 1 used on the wireless LAN, use the config wlan security
IPsec ike phase1 command.
config wlan security IPsec ike phase1 {aggressive | main} {wlan_id | foreignAp}
Syntax Description aggressive main
wlan_id
foreignAp
Enables the IKE aggressive mode.
Enables the IKE main mode.
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to modify IPsec IKE Phase 1:
(Cisco Controller) >
config wlan security IPsec ike phase1 aggressive 16
1216
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security IPsec ike contivity config wlan security IPsec ike contivity
To modify Nortel’s Contivity VPN client support on the wireless LAN, use the config wlan security IPsec
ike contivity command.
config wlan security IPsec ike contivity {enable | disable} {wlan_id | foreignAp}
Syntax Description enable disable
wlan_id
foreignAp
Enables contivity support for this WLAN.
Disables contivity support for this WLAN.
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to modify Contivity VPN client support:
(Cisco Controller) >
config wlan security IPsec ike contivity enable 14
Cisco Wireless Controller Command Reference, Release 8.4
1217
config wlan security wpa akm ft config wlan security wpa akm ft
To configure authentication key-management using 802.11r fast transition 802.1X, use the config wlan
security wpa akm ft command.
config wlan security wpa akm ft [over-the-air | over-the-ds | psk | [reassociation-timeout seconds]] {enable
| disable} wlan_id
Syntax Description over-the-air over-the-ds psk reassociation-timeout
seconds
enable disable
wlan_id
(Optional) Configures 802.11r fast transition roaming over-the-air support.
(Optional) Configures 802.11r fast transition roaming DS support.
(Optional) Configures 802.11r fast transition PSK support.
(Optional) Configures the reassociation deadline interval.
The valid range is between 1 to 100 seconds. The default value is 20 seconds.
Reassociation deadline interval in seconds.
Enables 802.11r fast transition 802.1X support.
Disables 802.11r fast transition 802.1X support.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure authentication key-management using 802.11r fast transition:
(Cisco Controller) >
config wlan security wpa akm ft reassociation-timeout 25 1
1218
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security ft config wlan security ft
To configure 802.11r Fast Transition Roaming parameters, use the config wlan security ft command.
config wlan security ft {adaptive | enable | disable | reassociation-timeout timeout-in-seconds} wlan_id
Syntax Description adaptive enable disable reassociation-timeout
timeout-in-seconds wlan_id
Configures 802.11r Fast Transition Roaming adaptive support. This is the default option.
Enables 802.11r Fast Transition Roaming support.
Disables 802.11r Fast Transition Roaming support.
Configures reassociation deadline interval.
Reassociation timeout value, in seconds. The valid range is 1 to 100 seconds.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Release
7.6
8.3
Modification
This command was introduced in a release earlier than Release 7.6.
This command was modified. The adaptive keyword was added.
Usage Guidelines
Ensure that you have disabled the WLAN before you proceed.
Examples
The following example shows how to enable 802.11r Fast Transition Roaming support on WLAN 2:
(Cisco Controller) >
config wlan security ft enable 2
The following example shows how to set a reassociation timeout value of 20 seconds for 802.11r Fast Transition
Roaming support on WLAN 2:
(Cisco Controller) >
config wlan security ft reassociation-timeout 20 2
Cisco Wireless Controller Command Reference, Release 8.4
1219
config wlan security passthru config wlan security passthru
To modify the IPsec pass-through used on the wireless LAN, use the config wlan security passthru command.
config wlan security passthru {enable | disable} {wlan_id | foreignAp} [ip_address]
Syntax Description enable disable
wlan_id
foreignAp
ip_address
Enables IPsec pass-through.
Disables IPsec pass-through.
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
(Optional) IP address of the IPsec gateway (router) that is terminating the VPN tunnel.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to modify IPsec pass-through used on the wireless LAN:
(Cisco Controller) >
config wlan security passthru enable 3 192.12.1.1
1220
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security pmf config wlan security pmf
To configure 802.11w Management Frame Protection (MFP) on a WLAN, use the config wlan security pmf command.
config wlan security pmf {disable | optional | required | association-comeback
association-comeback_timeout | saquery-retrytimeout saquery-retry_timeout} wlan_id
Syntax Description disable optional
Disables 802.11w MFP protection on a WLAN.
Enables 802.11w MFP protection on a WLAN.
required
saquery-retry_timeout wlan_id
Requires clients to negotiate 802.11w MFP protection on a WLAN.
Configures the 802.11w association comeback time.
association-comeback
association-comeback_timeout
Association comeback interval in seconds. Time interval that an associated client must wait before the association is tried again after it is denied with a status code 30. The status code 30 message is "Association request rejected temporarily; Try again later”.
The range is from 1 to 20 seconds.
saquery-retrytimeout
Configures the 802.11w Security Association (SA) query retry timeout.
Time interval identified in the association response to an already associated client before the association can be tried again. This time interval checks if the client is a real client and not a rogue client during the association comeback time. If the client does not respond within this time, the client association is deleted from the controller. The range is from 100 to 500 ms.
Wireless LAN identifier from 1 to 512.
Command Default
Default SA query retry timeout is 200 milliseconds.
Default association comeback timeout is 1 second.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
802.11w introduces an Integrity Group Temporal Key (IGTK) that is used to protect broadcast or multicast robust management frames. IGTK is a random value, assigned by the authenticator station (controller) used to protect MAC management protocol data units (MMPDUs) from the source STA. The 802.11w IGTK key
Cisco Wireless Controller Command Reference, Release 8.4
1221
Examples
Examples config wlan security pmf
is derived using the four way handshake and is used only on WLANs that are configured with WPA or WPA2 security at Layer 2.
The following example shows how to enable 802.11w MFP protection on a WLAN:
(Cisco Controller) >
config wlan security pmf optional 1
The following example shows how to configure the SA query retry timeout on a WLAN:
(Cisco Controller) >
config wlan security pmf saquery-retrytimeout 300 1
1222
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security sgt config wlan security sgt
To configures Secure Group Tag (SGT) for a WLAN, use the config wlan security sgt command.
config wlan security sgt {value | wlan-id} wlan_id
Syntax Description
value wlan-id
SGT value
WLAN ID
Command Default
None
Command History
Release
8.4
Modification
This command was introduced
Cisco Wireless Controller Command Reference, Release 8.4
1223
config wlan security splash-page-web-redir config wlan security splash-page-web-redir
To enable or disable splash page web redirect, use the config wlan security splash-page-web-redir command.
config wlan security splash-page-web-redir {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables splash page web redirect.
Disables splash page web redirect.
Wireless LAN identifier between 1 and 512.
Command Default
Splash page web redirect is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable spash page web redirect:
(Cisco Controller) >
config wlan security splash-page-web-redir enable 2
1224
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security static-wep-key authentication config wlan security static-wep-key authentication
To configure static Wired Equivalent Privacy (WEP) key 802.11 authentication on a wireless LAN, use the
config wlan security static-wep-key authentication command.
config wlan security static-wep-key authentication {shared-key | open} wlan_id
Syntax Description shared-key open
wlan_id
Enables shared key authentication.
Enables open system authentication.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the static WEP shared key authentication for WLAN ID 1:
(Cisco Controller) >
config wlan security static-wep-key authentication shared-key 1
Cisco Wireless Controller Command Reference, Release 8.4
1225
config wlan security static-wep-key disable config wlan security static-wep-key disable
To disable the use of static Wired Equivalent Privacy (WEP) keys, use the config wlan security static-wep-key
disable command.
config wlan security static-wep-key disable wlan_id
Syntax Description
wlan_id
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to disable the static WEP keys for WLAN ID 1:
(Cisco Controller) >
config wlan security static-wep-key disable 1
1226
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security static-wep-key enable config wlan security static-wep-key enable
To enable the use of static Wired Equivalent Privacy (WEP) keys, use the config wlan security static-wep-key
enable command.
config wlan security static-wep-key enable wlan_id
Syntax Description
wlan_id
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the use of static WEK keys for WLAN ID 1:
(Cisco Controller) >
config wlan security static-wep-key enable 1
Cisco Wireless Controller Command Reference, Release 8.4
1227
config wlan security static-wep-key encryption config wlan security static-wep-key encryption
To configure the static Wired Equivalent Privacy (WEP) keys and indexes, use the config wlan security
static-wep-key encryption command.
config wlan security static-wep-key encryption wlan_id {40 | 104} {hex | ascii} key key-index
Syntax Description
wlan_id
40
104 hex ascii
key key-index
Wireless LAN identifier from 1 to 512.
Specifies the encryption level of 40.
Specifies the encryption level of 104.
Specifies to use hexadecimal characters to enter key.
Specifies whether to use ASCII characters to enter key.
WEP key in ASCII.
Key index (1 to 4).
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
One unique WEP key index can be applied to each wireless LAN. Because there are only four WEP key indexes, only four wireless LANs can be configured for static WEP Layer 2 encryption.
Make sure to disable 802.1X before using this command.
Examples
The following example shows how to configure the static WEP keys for WLAN ID 1 that uses hexadecimal character 0201702001 and key index 2:
(Cisco Controller) >
config wlan security static-wep-key encryption 1 40 hex 0201702001 2
1228
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security tkip config wlan security tkip
To configure the Temporal Key Integrity Protocol (TKIP) Message Integrity Check (MIC) countermeasure hold-down timer, use the config wlan security tkip command.
config wlan security tkip hold-down time wlan_id
Syntax Description hold-down
time wlan_id
Configures the TKIP MIC countermeasure hold-down timer.
TKIP MIC countermeasure hold-down time in seconds. The range is from 0 to 60 seconds.
Wireless LAN identifier from 1 to 512.
Command Default
The default TKIP countermeasure is set to 60 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
TKIP countermeasure mode can occur if the access point receives 2 MIC errors within a 60 second period.
When this situation occurs, the access point deauthenticates all TKIP clients that are associated to that 802.11
radio and holds off any clients for the countermeasure holdoff time.
Examples
The following example shows how to configure the TKIP MIC countermeasure hold-down timer:
(Cisco Controller) >
config wlan security tkip
Cisco Wireless Controller Command Reference, Release 8.4
1229
config wlan usertimeout config wlan usertimeout
To configure the timeout for idle client sessions for a WLAN, use the config wlan usertimeout command.
config wlan usertimeout timeout wlan_id
Syntax Description
timeout wlan_id
Timeout for idle client sessions for a WLAN. If the client sends traffic less than the threshold, the client is removed on timeout. The range is from 15 to 100000 seconds.
Wireless LAN identifier between 1 and 512.
Command Default
The default client session idle timeout is 300 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The timeout value that you configure here overrides the global timeout that you define using the command
config network usertimeout.
Examples
The following example shows how to configure the idle client sessions for a WLAN:
(Cisco Controller) >
config wlan usertimeout 100 1
1230
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security web-auth config wlan security web-auth
To change the status of web authentication used on a wireless LAN, use the config wlan security web-auth command.
config wlan security web-auth {{acl | enable | disable} {wlan_id | foreignAp} [acl_name | none]} |
{on-macfilter-failure wlan_id} | {server-precedence wlan_id | local | ldap | radius} | {flexacl wlan_id
[ipv4_acl_name | none]} | {ipv6 acl wlan_id [ipv6_acl_name | none]} | {mac-auth-server {ip_address
wlan_id }} | {timeout {value_in_seconds wlan_id }} | {web-portal-server {ip_address wlan_id }}
Syntax Description acl enable disable
wlan_id
foreignAp
acl_name
none on-macfilter-failure server-precendence local ldap radius flexacl
ipv4_acl_name ipv6_acl_name ipv6
mac-auth-server
Configures the access control list.
Enables web authentication.
Disables web authentication.
Wireless LAN identifier from 1 to 512.
Specifies third-party access points.
(Optional) ACL name (up to 32 alphanumeric characters).
(Optional) Specifies no ACL name.
Enables web authentication on MAC filter failure.
Configures the authentication server precedence order for Web-Auth users.
Specifies the server type.
Specifies the server type.
Specifies the server type.
Configures Flexconnect Access Control List.
(Optional) IPv4 ACL name. You can enter up to 32 alphanumeric characters.
(Optional) IPv6 ACL name. You can enter up to 32 alphanumeric characters.
Configures IPv6 related parameters.
Configures MAC authentication server for the
WLAN.
Cisco Wireless Controller Command Reference, Release 8.4
1231
config wlan security web-auth timeout
value_in_seconds
web-portal-server
Configures Web authentication Timeout.
Timeout value in seconds; valid range is between 300 and 14400 seconds.
Configures CMCC web portal server for the WLAN.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the security policy for WLAN ID 1 and an ACL named
ACL03:
(Cisco Controller) >
config wlan security web-auth acl 1 ACL03
1232
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security web-auth captive-bypass config wlan security web-auth captive-bypass
To configure captive-bypass on a wireless LAN, use the config wlan security web-auth captive-bypass command.
config wlan security web-auth captive-bypass {enable | disable | none }
Syntax Description enable disable none
wlan-id
Enable the captive-bypass for WLAN.
Disable the captive-bypass for WLAN.
Clear the captive-bypass configuration for WLAN.
And global captive netwrok assistant bypass setting will get applied
Enter WLAN identifier between 1 and 16.
Command History
Examples
Release
8.4
Modification
This command is introduced.
The following example shows how to enable Captive Network Bypass:
(Cisco Controller) >
config wlan security web-auth captive-bypass enable 1
Cisco Wireless Controller Command Reference, Release 8.4
1233
config wlan security web-auth qrscan-des-key config wlan security web-auth qrscan-des-key
To configure the QR-scan DES key in a WLAN, use the config wlan security web-auth qrscan-des-key command.
config wlan security web-auth qrscan-des-key {DES key stringwlan_id }
Syntax Description
DES key string wlan-id
Enter the DES key of 8 characters.
Enter WLAN Identifier between 1 and 16.
Command History
Release
8.4
Examples
Modification
This command was introduced.
The following example shows how to configure the QR-scan DES key:
(Cisco Controller) >
config wlan security web-auth qrscan-des-key 1
1234
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security web-passthrough acl config wlan security web-passthrough acl
To add an access control list (ACL) to the wireless LAN definition, use the config wlan security
web-passthrough acl command.
config wlan security web-passthrough acl {wlan_id | foreignAp} {acl_name | none}
Syntax Description
wlan_id
foreignAp
acl_name
none
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
ACL name (up to 32 alphanumeric characters).
Specifies that there is no ACL.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to add an ACL to the wireless LAN definition:
(Cisco Controller) >
config wlan security web-passthrough acl 1 ACL03
Cisco Wireless Controller Command Reference, Release 8.4
1235
config wlan security web-passthrough disable config wlan security web-passthrough disable
To disable a web captive portal with no authentication required on a wireless LAN, use the config wlan
security web-passthrough disable command.
config wlan security web-passthrough disable {wlan_id | foreignAp}
Syntax Description
wlan_id
foreignAp
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to disable a web captive portal with no authentication required on wireless
LAN ID 1:
(Cisco Controller) >
config wlan security web-passthrough disable 1
1236
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security web-passthrough email-input config wlan security web-passthrough email-input
To configure a web captive portal using an e-mail address, use the config wlan security web-passthrough
email-input command.
config wlan security web-passthrough email-input {enable | disable} {wlan_id | foreignAp}
Syntax Description email-input enable disable
wlan_id
foreignAp
Configures a web captive portal using an e-mail address.
Enables a web captive portal using an e-mail address.
Disables a web captive portal using an e-mail address.
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure a web captive portal using an e-mail address:
(Cisco Controller) >
config wlan security web-passthrough email-input enable 1
Cisco Wireless Controller Command Reference, Release 8.4
1237
config wlan security web-passthrough enable config wlan security web-passthrough enable
To enable a web captive portal with no authentication required on the wireless LAN, use the config wlan
security web-passthrough enable command.
config wlan security web-passthrough enable {wlan_id | foreignAp}
Syntax Description
wlan_id
foreignAp
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable a web captive portal with no authentication required on wireless
LAN ID 1:
(Cisco Controller) >
config wlan security web-passthrough enable 1
1238
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security web-passthrough qr-scan config wlan security web-passthrough qr-scan
To enable or disable qr-scan on the WLAN, use the config wlan security web-passthrough qr-scan command.
config wlan security web-passthrough qr-scan {{localenable | disable} | enable | disable}
Syntax Description local enable disable
wlan-id
Configures QR code scanning support locally on AP for clients.
• enable–enables QR code scanning support for clients.
• disable–disables QR code scanning support for clients.
Enables QR code scanning support for clients.
Disables QR code scanning support for clients.
Enter WLAN Identifier between 1 and 16.
Command Default
None
Command History
Examples
Release
8.4
Modification
This command was introduced.
The following example shows how to enable qr-scan on WLAN ID 1:
(Cisco Controller) >
config wlan security web-passthrough qr-scan enable 1
Cisco Wireless Controller Command Reference, Release 8.4
1239
config wlan security wpa akm 802.1x
config wlan security wpa akm 802.1x
To configure authentication key-management (AKM) using 802.1X, use the config wlan security wpa akm
802.1x command.
config wlan security wpa akm 802.1x {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables the 802.1X support.
Disables the 802.1X support.
Wireless LAN identifier from 1 to 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure authentication using 802.1X.
(Cisco Controller) >
config wlan security wpa akm 802.1x enable 1
1240
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security wpa akm cckm config wlan security wpa akm cckm
To configure authentication key-management using Cisco Centralized Key Management (CCKM), use the
config wlan security wpa akm cckm command.
config wlan security wpa akm cckm {enable wlan_id | disable wlan_id | timestamp-tolerance }
Syntax Description enable disable
wlan_id timestamp-tolerance
Enables CCKM support.
Disables CCKM support.
Wireless LAN identifier between 1 and 512.
CCKM IE time-stamp tolerance. The range is between 1000 to 5000 milliseconds; the default is 1000 milliseconds.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure authentication key-management using CCKM.
(Cisco Controller) >
config wlan security wpa akm cckm 1500
Cisco Wireless Controller Command Reference, Release 8.4
1241
config wlan security wpa akm ft config wlan security wpa akm ft
To configure authentication key-management using 802.11r fast transition 802.1X, use the config wlan
security wpa akm ft command.
config wlan security wpa akm ft [over-the-air | over-the-ds | psk | [reassociation-timeout seconds]] {enable
| disable} wlan_id
Syntax Description over-the-air over-the-ds psk reassociation-timeout
seconds
enable disable
wlan_id
(Optional) Configures 802.11r fast transition roaming over-the-air support.
(Optional) Configures 802.11r fast transition roaming DS support.
(Optional) Configures 802.11r fast transition PSK support.
(Optional) Configures the reassociation deadline interval.
The valid range is between 1 to 100 seconds. The default value is 20 seconds.
Reassociation deadline interval in seconds.
Enables 802.11r fast transition 802.1X support.
Disables 802.11r fast transition 802.1X support.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure authentication key-management using 802.11r fast transition:
(Cisco Controller) >
config wlan security wpa akm ft reassociation-timeout 25 1
1242
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security wpa akm pmf config wlan security wpa akm pmf
To configure Authenticated Key Management (AKM) of management frames, use the config wlan security
wpa akm pmf command.
config wlan security wpa akm pmf {802.1x | psk} {enable | disable}wlan_id
Syntax Description
802.1x
psk enable disable
wlan_id
Configures 802.1X authentication for protection of management frames
(PMF).
Configures preshared keys (PSK) for PMF.
Enables 802.1X authentication or PSK for PMF.
Disables 802.1X authentication or PSK for PMF.
Wireless LAN identifier from 1 to 512.
Command Default
Disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
802.11w has two new AKM suites: 00-0F-AC:5 or 00-0F-AC:6. You must enable WPA and then disable the
WLAN to configure PMF on the WLAN.
Examples
The following example shows how to enable 802.1X authentication for PMF in a WLAN:
(Cisco Controller) >
config wlan security wpa akm pmf 802.1x enable 1
Cisco Wireless Controller Command Reference, Release 8.4
1243
config wlan security wpa akm psk config wlan security wpa akm psk
To configure the Wi-Fi protected access (WPA) preshared key mode, use the config wlan security wpa akm
psk command.
config wlan security wpa akm psk {enable | disable | set-key key-format key} wlan_id
Syntax Description enable disable set-key
key-format key wlan_id
Enables WPA-PSK.
Disables WPA-PSK.
Configures a preshared key.
Specifies key format. Either ASCII or hexadecimal.
WPA preshared key.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the WPA preshared key mode:
(Cisco Controller) >
config wlan security wpa akm psk disable 1
1244
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security wpa disable config wlan security wpa disable
To disable WPA1, use the config wlan security wpa disable command.
config wlan security wpa disable wlan_id
Syntax Description
wlan_id
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to disable WPA:
(Cisco Controller) >
config wlan security wpa disable 1
Cisco Wireless Controller Command Reference, Release 8.4
1245
config wlan security wpa enable config wlan security wpa enable
To enable WPA1, use the config wlan security wpa enable command.
config wlan security wpa enable wlan_id
Syntax Description
wlan_id
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the WPA on WLAN ID 1:
(Cisco Controller) >
config wlan security wpa enable 1
1246
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security wpa ciphers config wlan security wpa ciphers
To configure the Wi-Fi protected authentication (WPA1) or Wi-Fi protected authentication (WPA2), use the
config wlan security wpa ciphers command.
config wlan security wpa {wpa1 | wpa2} ciphers {aes | tkip} {enable | disable} wlan_id
Syntax Description wpa1 wpa2 ciphers aes tkip enable disable
wlan_id
Configures WPA1 support.
Configures WPA2 support.
Configures WPA ciphers.
Configures AES encryption support.
Configures TKIP encryption support.
Enables WPA AES/TKIP mode.
Disables WPA AES/TKIP mode.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
If you are not specifying the WPA versions, it implies the following:
• If the cipher enabled is AES, you are configuring WPA2/AES.
• If the ciphers enabled is AES+TKIP, you are configuring WPA/TKIP, WPA2/AES,or WPA/TKIP.
• If the cipher enabled is TKIP, you are configuring WPA/TKIP or WPA2/TKIP.
Examples
The following example shows how to encrypt the WPA:
(Cisco Controller) >
config wlan security wpa wpa1 ciphers aes enable 1
Cisco Wireless Controller Command Reference, Release 8.4
1247
config wlan security wpa gtk-random config wlan security wpa gtk-random
To enable the randomization of group temporal keys (GTK) between access points and clients on a WLAN, use the config wlan security wpa gtk-random command.
config wlan security wpa gtk-random {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables the randomization of GTK keys between the access point and clients.
Disables the randomization of GTK keys between the access point and clients.
WLAN identifier between 1 and 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
When you enable this command, the clients in the Basic Service Set (BSS) get a unique GTK key. The clients do not receive multicast or broadcast traffic.
Examples
The following example shows how to enable the GTK randomization for each client associated on a WLAN:
(Cisco Controller) >
config wlan security wpa gtk-random enable 3
1248
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security wpa osen disable config wlan security wpa osen disable
To disable OSU Server-Only Authenticated L2 Encryption Network (OSEN) on a WLAN, use the config
wlan security wpa osen enable command in WLAN configuration mode.
config wlan security wpa osen disable wlan-id
Syntax Description
wlan-id
WLAN identification number. Enter a value between 1 and 512.
Command Default
OSEN is enabled.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Modification
This command was introduced.
Examples
This example shows how to disable OSEN on a WLAN:
Cisco Controller > config wlan security wpa osen disable 12
Cisco Wireless Controller Command Reference, Release 8.4
1249
config wlan security wpa osen enable config wlan security wpa osen enable
To enable OSU Server-Only Authenticated L2 Encryption Network (OSEN) on a WLAN, use the config
wlan security wpa osen enable command in WLAN configuration mode.
config wlan security wpa osen enable wlan-id
Syntax Description
wlan-id
WLAN identification number. Enter a value between 1 and 512.
Command Default
OSEN is not enabled.
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Modification
This command was introduced.
Examples
This example shows how to enable an OSEN on a WLAN:
Cisco Controller > config wlan security wpa osen enable 12
1250
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security wpa wpa1 disable config wlan security wpa wpa1 disable
To disable WPA1, use the config wlan security wpa wpa1 disable command.
config wlan security wpa wpa1 disable wlan_id
Syntax Description
wlan_id
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to disable WPA1:
(Cisco Controller) >
config wlan security wpa wpa1 disable 1
Cisco Wireless Controller Command Reference, Release 8.4
1251
config wlan security wpa wpa1 enable config wlan security wpa wpa1 enable
To enable WPA1, use the config wlan security wpa wpa1 enable command.
config wlan security wpa wpa1 enable wlan_id
Syntax Description
wlan_id
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable WPA1:
(Cisco Controller) >
config wlan security wpa wpa1 enable 1
1252
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security wpa wpa2 disable config wlan security wpa wpa2 disable
To disable WPA2, use the config wlan security wpa wpa2 disable command.
config wlan security wpa wpa2 disable wlan_id
Syntax Description
wlan_id
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to disable WPA2:
(Cisco Controller) >
config wlan security wpa wpa2 disable 1
Cisco Wireless Controller Command Reference, Release 8.4
1253
config wlan security wpa wpa2 enable config wlan security wpa wpa2 enable
To enable WPA2, use the config wlan security wpa wpa2 enable command.
config wlan security wpa wpa2 enable wlan_id
Syntax Description
wlan_id
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable WPA2:
(Cisco Controller) >
config wlan security wpa wpa2 enable 1
1254
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security wpa wpa2 cache config wlan security wpa wpa2 cache
To configure caching methods on a WLAN, use the config wlan security wpa wpa2 cache command.
config wlan security wpa wpa2 cache sticky {enable | disable} wlan_id
Syntax Description sticky enable disable
wlan_id
Configures Sticky Key Caching (SKC) roaming support on the WLAN.
Enables SKC roaming support on the WLAN.
Disables SKC roaming support on the WLAN.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
In SKC (Sticky Key caching) also known as PKC (Pro Active Key caching), the client stores each Pairwise
Master Key (PMK) ID (PMKID) against a Pairwise Master Key Security Association (PMKSA). When a client finds an AP for which it has a PMKSA, it sends the PMKID in the association request to the AP. If the
PMKSA is alive in the AP, the AP provides support for fast roaming. In SKC, full authentication is done on each new AP to which the client associates and the client must keep the PMKSA associated with all APs.
Examples
The following example shows how to enable SKC roaming support on a WLAN:
(Cisco Controller) >
config wlan security wpa wpa2 cache sticky enable 1
Cisco Wireless Controller Command Reference, Release 8.4
1255
config wlan security wpa wpa2 cache sticky config wlan security wpa wpa2 cache sticky
To configure Sticky PMKID Caching (SKC) on a WLAN, use the config wlan security wpa wpa2 cache
sticky command.
config wlan security wpa wpa2 cache sticky {enable |disable} wlan_id
Syntax Description enable disable
wlan_id
Enables SKC on a WLAN.
Disables SKC on a WLAN.
Wireless LAN identifier between 1 and 512 (inclusive).
Command Default
Stkcky PMKID Caching is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Beginning in Release 7.2 and later releases, the controller supports Sticky PMKID Caching (SKC). With sticky PMKID caching, the client receives and stores a different PMKID for every AP it associates with. The
APs also maintain a database of the PMKID issued to the client. In SKC also known as PKC (Pro Active Key caching), the client stores each Pairwise Master Key (PMK) ID (PMKID) against a Pairwise Master Key
Security Association (PMKSA). When a client finds an AP for which it has the PMKSA, it sends the PMKID in the association request to the AP. If the PMKSA is alive in the AP, the AP provides support for fast roaming.
In SKC, full authentication is done on each new AP to which the client associates and the client must keep the PMKSA associated with all APs. For SKC, PMKSA is a per AP cache that the client stores and PMKSA is precalculated based on the BSSID of the new AP.
• You cannot use SKC for large scale deployments as the controller supports SKC only up to eight APs.
• SKC does not work across controllers in a mobility group.
• SKC works only on WPA2-enabled WLANs.
• SKC works only on local mode APs.
Examples
The following example shows how to enable Sticky PMKID Caching on WLAN 5:
(Cisco Controller) >
config wlan security wpa wpa2 cache sticky enable 5
1256
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security wpa wpa2 ciphers config wlan security wpa wpa2 ciphers
To configure WPA2 ciphers and enable or disable Advanced Encryption Standard (AES) or Temporal Key
Integrity Protocol (TKIP) data encryption for WPA2, use the config wlan security wpa wpa2 ciphers command
config wlan security wpa wpa2 ciphers {aes | tkip} {enable | disable} wlan_id
Syntax Description
(Cisco Controller) > aes
tkip enable disable
wlan_id
Configures AES data encryption for WPA2.
Configures TKIP data encryption for WPA2.
Enables AES or TKIP data encryption for WPA2.
Disables AES or TKIP data encryption for WPA2.
Wireless LAN identifier between 1 and 512.
Command Default
AES is enabled by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable AES data encryption for WPA2:
(Cisco Controller) >
config wlan security wpa wpa2 ciphers aes enable 1
Cisco Wireless Controller Command Reference, Release 8.4
1257
config wlan session-timeout config wlan session-timeout
To change the timeout of wireless LAN clients, use the config wlan session-timeout command.
config wlan session-timeout {wlan_id | foreignAp} seconds
Syntax Description
wlan_id
foreignAp
seconds
Wireless LAN identifier between 1 and 512.
Specifies third-party access points.
Timeout or session duration in seconds. A value of zero is equivalent to no timeout.
Note
The range of session timeout depends on the security type:
• Open system: 0-65535 (sec)
• 802.1x: 300-86400 (sec)
• static wep: 0-65535 (sec)
• cranite: 0-65535 (sec)
• fortress: 0-65535 (sec)
• CKIP: 0-65535 (sec)
• open+web auth: 0-65535 (sec)
• web pass-thru: 0-65535 (sec)
• wpa-psk: 0-65535 (sec)
• disable: To disable reauth/session-timeout timers.
Command Default
None
Usage Guidelines
For 802.1X client security type, which creates the PMK cache, the maximum session timeout that can be set is 86400 seconds when the session timeout is disabled. For other client security such as open, WebAuth, and
PSK for which the PMK cache is not created, the session timeout value is shown as infinite when session timeout is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
1258
Cisco Wireless Controller Command Reference, Release 8.4
config wlan session-timeout
Examples
The following example shows how to configure the client timeout to 6000 seconds for WLAN ID 1:
(Cisco Controller) >
config wlan session-timeout 1 6000
Cisco Wireless Controller Command Reference, Release 8.4
1259
config wlan sip-cac disassoc-client config wlan sip-cac disassoc-client
To enable client disassociation in case of session initiation protocol (SIP) call admission control (CAC) failure, use the config wlan sip-cac disassoc-client command.
config wlan sip-cac disassoc-client {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables a client disassociation on a SIP CAC failure.
Disables a client disassociation on a SIP CAC failure.
Wireless LAN identifier between 1 and 512.
Command Default
Client disassociation for SIP CAC is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable a client disassociation on a SIP CAC failure where the WLAN
ID is 1:
(Cisco Controller) >
config wlan sip-cac disassoc-client enable 1
1260
Cisco Wireless Controller Command Reference, Release 8.4
config wlan sip-cac send-486busy config wlan sip-cac send-486busy
To configure sending session initiation protocol (SIP) 486 busy message if a SIP call admission control (CAC) failure occurs, use the config wlan sip-cac send-486busy command:
config wlan sip-cac send-486busy {enable | disable} wlan_id
Syntax Description enable disable
wlan_id
Enables sending a SIP 486 busy message upon a SIP CAC failure.
Disables sending a SIP 486 busy message upon a SIP CAC failure.
Wireless LAN identifier between 1 and 512.
Command Default
Session initiation protocol is enabled by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable sending a SIP 486 busy message upon a SIP CAC failure where the WLAN ID is 1:
(Cisco Controller) >
config wlan sip-cac send-busy486 enable 1
Cisco Wireless Controller Command Reference, Release 8.4
1261
config wlan static-ip tunneling config wlan static-ip tunneling
To configure static IP client tunneling support on a WLAN, use the config wlan static-ip tunneling command.
config wlan static-ip tunneling {enable | disable} wlan_id
Syntax Description tunneling enable disable
wlan_id
Configures static IP client tunneling support on a WLAN.
Enables static IP client tunneling support on a WLAN.
Disables static IP client tunneling support on a WLAN.
Wireless LAN identifier from 1 to 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable static IP client tunneling support for WLAN ID 3:
(Cisco Controller) >
config wlan static-ip tunneling enable 34
1262
Cisco Wireless Controller Command Reference, Release 8.4
config wlan uapsd compliant client enable config wlan uapsd compliant client enable
To enable WPA1, use the config wlan uapsd compliant-client enable command.
Note
This was introduced for Ascom non-wmm capable phones and is not applicable for Cisco 792x/9971 IP phones.
config wlan uapsd compliant-client enablewlan-id
Syntax Description
wlan_id
Wireless LAN identifier between 1 and 512.
Command Default
Examples
None
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable WPA1:
(Cisco Controller) >
config wlan uapsd compliant-client enable 1
Property Type Property Value Property Description
Cisco Wireless Controller Command Reference, Release 8.4
1263
config wlan uapsd compliant-client disable config wlan uapsd compliant-client disable
To disable WPA1, use the config wlan uapsd compliant-client disable command.
Note
This was introduced for Ascom non-wmm capable phones and is not applicable for Cisco 792x/9971 IP phones.
config wlan uapsd compliant-client disablewlan-id
Syntax Description
wlan_id
Wireless LAN identifier between 1 and 512.
Command Default
Examples
None
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable WPA1:
(Cisco Controller) >
config wlan uapsd compliant-client disable 1
1264
Cisco Wireless Controller Command Reference, Release 8.4
config wlan url-acl config wlan url-acl
To configure the WLAN's URL ACL, use the config wlan url-acl command.
config wlan url-aclWLAN-id acl-name
Syntax Description
WLAN-id acl-name
WLAN Identifier. The range is between 1 and 512.
Name of the ACL.
Command Default
None
Command History
Examples
Release
8.3
Modification
This command was introduced.
This example shows how to cofigure a WLAN URL ACL:
(Cisco Controller) >
config wlan url-acl 3 testacl
Cisco Wireless Controller Command Reference, Release 8.4
1265
config wlan user-idle-threshold config wlan user-idle-threshold
To configure the threshold data sent by the client during the idle timeout for client sessions for a WLAN, use the config wlan user-idle-threshold command.
config wlan user-idle-threshold bytes wlan_id
Syntax Description
bytes wlan_id
Threshold data sent by the client during the idle timeout for the client session for a
WLAN. If the client send traffic less than the defined threshold, the client is removed on timeout. The range is from 0 to 10000000 bytes.
Wireless LAN identifier between 1 and 512.
Command Default
The default timeout for threshold data sent by client during the idle timeout is 0 bytes.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the threshold data sent by the client during the idle timeout for client sessions for a WLAN:
(Cisco Controller) >
config wlan user-idle-threshold 100 1
1266
Cisco Wireless Controller Command Reference, Release 8.4
config wlan usertimeout config wlan usertimeout
To configure the timeout for idle client sessions for a WLAN, use the config wlan usertimeout command.
config wlan usertimeout timeout wlan_id
Syntax Description
timeout wlan_id
Timeout for idle client sessions for a WLAN. If the client sends traffic less than the threshold, the client is removed on timeout. The range is from 15 to 100000 seconds.
Wireless LAN identifier between 1 and 512.
Command Default
The default client session idle timeout is 300 seconds.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The timeout value that you configure here overrides the global timeout that you define using the command
config network usertimeout.
Examples
The following example shows how to configure the idle client sessions for a WLAN:
(Cisco Controller) >
config wlan usertimeout 100 1
Cisco Wireless Controller Command Reference, Release 8.4
1267
config wlan webauth-exclude config wlan webauth-exclude
To release the guest user IP address when the web authentication policy time expires and exclude the guest user from acquiring an IP address for three minutes, use the config wlan webauth-exclude command.
config wlan webauth-exclude wlan_id {enable | disable}
Syntax Description
wlan_id
enable disable
Wireless LAN identifier (1 to 512).
Enables web authentication exclusion.
Disables web authentication exclusion.
Command Default
Disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You can use this command for guest WLANs that are configured with web authentication.
This command is applicable when you configure the internal DHCP scope on the controller.
By default, when the web authentication timer expires for a guest user, the guest user can immediately reassociate with the same IP address before another guest user can acquire the IP address. If there are many guest users or limited IP address in the DHCP pool, some guest users might not be able to acquire an IP address.
When you enable this feature on the guest WLAN, the guest user’s IP address is released when the web authentication policy time expires and the guest user is excluded from acquiring an IP address for three minutes.
The IP address is available for another guest user to use. After three minutes, the excluded guest user can reassociate and acquire an IP address, if available.
Examples
The following example shows how to enable the web authentication exclusion for WLAN ID 5:
(Cisco Controller) >
config wlan webauth-exclude 5 enable
1268
Cisco Wireless Controller Command Reference, Release 8.4
config wlan wifidirect config wlan wifidirect
To configure Wi-Fi Direct Client Policy on a WLAN, use the config wlan wifidirect command.
config wlan wifidirect {allow | disable | not-allow | xconnect-not-allow} wlan_id
Syntax Description allow disable not-allow xconnect-not-allow
wlan_id
Allows Wi-Fi Direct clients to associate with the WLAN
Ignores the Wi-Fi Direct status of clients thereby allowing
Wi-Fi Direct clients to associate
Disallows the Wi-Fi Direct clients from associating with the WLAN
Enables AP to allow a client with the Wi-Fi Direct option enabled to associate, but the client (if it works according to the Wi-Fi standards) will refrain from setting up a peer-to-peer connection
Wireless LAN identifier (1 to 16).
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to allow Wi-Fi Direct Client Policy on WLAN ID 1:
(Cisco Controller) >
config wlan wifidirect allow 1
Cisco Wireless Controller Command Reference, Release 8.4
1269
config wlan wmm config wlan wmm
To configure Wi-Fi Multimedia (WMM) mode on a wireless LAN, use the config wlan wmm command.
config wlan wmm {allow | disable | require} wlan_id
Syntax Description allow disable require
wlan_id
Allows WMM on the wireless LAN.
Disables WMM on the wireless LAN.
Specifies that clients use WMM on the specified wireless LAN.
Wireless LAN identifier (1 to 512).
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
When the controller is in Layer 2 mode and WMM is enabled, you must put the access points on a trunk port in order to allow them to join the controller.
Examples
The following example shows how to configure wireless LAN ID 1 to allow WMM:
(Cisco Controller) >
config wlan wmm allow 1
The following example shows how to configure wireless LAN ID 1 to specify that clients use WMM:
(Cisco Controller) >
config wlan wmm require 1
1270
Cisco Wireless Controller Command Reference, Release 8.4
config wps ap-authentication config wps ap-authentication
To configure access point neighbor authentication, use the config wps ap-authentication command.
config wps ap-authentication [enable | disable threshold threshold_value]
Syntax Description enable disable threshold
threshold_value
(Optional) Enables WMM on the wireless LAN.
(Optional) Disables WMM on the wireless LAN.
(Optional) Specifies that WMM-enabled clients are on the wireless LAN.
Threshold value (1 to 255).
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the access point neighbor authentication:
(Cisco Controller) >
config wps ap-authentication threshold 25
Related Commands show wps ap-authentication summary
Cisco Wireless Controller Command Reference, Release 8.4
1271
config wps auto-immune config wps auto-immune
To enable or disable protection from Denial of Service (DoS) attacks, use the config wps auto-immune command.
config wps auto-immune {enable | disable | stop}
Syntax Description enable disable stop
Enables the auto-immune feature.
Disables the auto-immune feature.
Stops dynamic auto-immune feature.
Command Default
Disabled
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
A potential attacker can use specially crafted packets to mislead the Intrusion Detection System (IDS) into treating a legitimate client as an attacker. It causes the controller to disconnect this legitimate client and launch a DoS attack. The auto-immune feature, when enabled, is designed to protect against such attacks. However, conversations using Cisco 792x phones might be interrupted intermittently when the auto-immune feature is enabled. If you experience frequent disruptions when using 792x phones, you might want to disable this feature.
Examples
The following example shows how to configure the auto-immune mode:
(Cisco Controller) >
config wps auto-immune enable
The following example shows how to stop the auto-immune mode:
(Cisco Controller) >
config wps auto-immune stop
Dynamic Auto Immune by WIPS is stopped
Related Commands show wps summary
1272
Cisco Wireless Controller Command Reference, Release 8.4
config wps cids-sensor config wps cids-sensor
To configure Intrusion Detection System (IDS) sensors for the Wireless Protection System (WPS), use the
config wps cids-sensor command.
config wps cids-sensor { [add index ip_address username password] | [delete index] | [enable index] |
[disable index] | [port index port] | [interval index query_interval] | [fingerprint sha1 fingerprint] }
Syntax Description add
index ip_address username password
delete enable disable port
port
interval
query_interval
fingerprint sha1
fingerprint
(Optional) Configures a new IDS sensor.
IDS sensor internal index.
IDS sensor IP address.
IDS sensor username.
IDS sensor password.
(Optional) Deletes an IDS sensor.
(Optional) Enables an IDS sensor.
(Optional) Disables an IDS sensor.
(Optional) Configures the IDS sensor’s port number.
Port number.
(Optional) Specifies the IDS sensor’s query interval.
Query interval setting.
(Optional) Specifies the IDS sensor’s TLS fingerprint.
(Optional) Specifies the TLS fingerprint.
TLS fingerprint.
Command Default
Command defaults are listed below as follows:
Port
Query interval
Certification fingerprint
443
60
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Cisco Wireless Controller Command Reference, Release 8.4
1273
config wps cids-sensor
Query state Disabled
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the intrusion detection system with the IDS index 1, IDS sensor IP address 10.0.0.51, IDS username Sensor_user0doc1, and IDS password passowrd01:
(Cisco Controller) >
config wps cids-sensor add 1 10.0.0.51 Sensor_user0doc1 password01
Related Commands show wps cids-sensor detail
1274
Cisco Wireless Controller Command Reference, Release 8.4
config wps client-exclusion config wps client-exclusion
To configure client exclusion policies, use the config wps client-exclusion command.
config wps client-exclusion {802.11-assoc | 802.11-auth | 802.11x-auth | ip-theft | web-auth | all} {enable
| disable}
Syntax Description
802.11-assoc
802.11-auth
802.1x-auth ip-theft web-auth all enable disable
Specifies that the controller excludes clients on the sixth 802.11 association attempt, after five consecutive failures.
Specifies that the controller excludes clients on the sixth 802.11 authentication attempt, after five consecutive failures.
Specifies that the controller excludes clients on the sixth 802.11X authentication attempt, after five consecutive failures.
Specifies that the control excludes clients if the IP address is already assigned to another device.
Specifies that the controller excludes clients on the fourth web authentication attempt, after three consecutive failures.
Specifies that the controller excludes clients for all of the above reasons.
Enables client exclusion policies.
Disables client exclusion policies.
Command Default
All policies are enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
1275
config wps client-exclusion
Examples
The following example shows how to disable clients on the 802.11 association attempt after five consecutive failures:
(Cisco Controller) >
config wps client-exclusion 802.11-assoc disable
Related Commands show wps summary
1276
Cisco Wireless Controller Command Reference, Release 8.4
config wps mfp config wps mfp
To configure Management Frame Protection (MFP), use the config wps mfp command.
config wps mfp {infrastructure| ap-impersonation} {enable | disable}
Syntax Description infrastructure ap-impersonation enable disable
Configures the MFP infrastructure.
Configures ap impersonation detection by MFP.
Enables the MFP feature.
Disables the MFP feature.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the infrastructure MFP:
(Cisco Controller) >
config wps mfp infrastructure enable
Related Commands show wps mfp
Cisco Wireless Controller Command Reference, Release 8.4
1277
config wps shun-list re-sync config wps shun-list re-sync
To force the controller to synchronization with other controllers in the mobility group for the shun list, use the config wps shun-list re-sync command.
config wps shun-list re-sync
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the controller to synchronize with other controllers for the shun list:
(Cisco Controller) >
config wps shun-list re-sync
Related Commands show wps shun-list
1278
Cisco Wireless Controller Command Reference, Release 8.4
config wps signature config wps signature
To enable or disable Intrusion Detection System (IDS) signature processing, or to enable or disable a specific
IDS signature, use the config wps signature command.
config wps signature {standard | custom} state signature_id {enable | disable}
Syntax Description standard custom state
signature_id
enable disable
Configures a standard IDS signature.
Configures a standard IDS signature.
Specifies the state of the IDS signature.
Identifier for the signature to be enabled or disabled.
Enables the IDS signature processing or a specific
IDS signature.
Disables IDS signature processing or a specific IDS signature.
Command Default
IDS signature processing is enabled by default.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If IDS signature processing is disabled, all signatures are disabled, regardless of the state configured for individual signatures.
Examples
The following example shows how to enable IDS signature processing, which enables the processing of all
IDS signatures:
(Cisco Controller) >
config wps signature enable
The following example shows how to disable a standard individual IDS signature:
(Cisco Controller) >
config wps signature standard state 15 disable
Related Commands config wps signature frequency
Cisco Wireless Controller Command Reference, Release 8.4
1279
config wps signature config wps signature interval config wps signature mac-frequency config wps signature quiet-time config wps signature reset show wps signature events show wps signature summary show wps summary
1280
Cisco Wireless Controller Command Reference, Release 8.4
config wps signature frequency config wps signature frequency
To specify the number of matching packets per interval that must be identified at the individual access point level before an attack is detected, use the config wps signature frequency command.
config wps signature frequency signature_id frequency
Syntax Description
signature_id frequency
Identifier for the signature to be configured.
Number of matching packets per interval that must be at the individual access point level before an attack is detected. The range is 1 to 32,000 packets per interval.
Command Default
The frequency default value varies per signature.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If IDS signature processing is disabled, all signatures are disabled, regardless of the state configured for individual signatures.
Examples
The following example shows how to set the number of matching packets per interval per access point before an attack is detected to 1800 for signature ID 4:
(Cisco Controller) >
config wps signature frequency 4 1800
Related Commands config wps signature frequency config wps signature interval config wps signature quiet-time config wps signature reset show wps signature events show wps signature summary show wps summary
Cisco Wireless Controller Command Reference, Release 8.4
1281
config wps signature interval config wps signature interval
To specify the number of seconds that must elapse before the signature frequency threshold is reached within the configured interval, use the config wps signature interval command.
config wps signature interval signature_id interval
Syntax Description
signature_id interval
Identifier for the signature to be configured.
Number of seconds that must elapse before the signature frequency threshold is reached. The range is 1 to 3,600 seconds.
Command Default
The default value of interval varies per signature.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If IDS signature processing is disabled, all signatures are disabled, regardless of the state configured for individual signatures.
Examples
The following example shows how to set the number of seconds to elapse before reaching the signature frequency threshold to 200 for signature ID 1:
(Cisco Controller) >
config wps signature interval 1 200
Related Commands config wps signature frequency config wps signature config wps signature mac-frequency config wps signature quiet-time config wps signature reset show wps signature events show wps signature summary show wps summary
1282
Cisco Wireless Controller Command Reference, Release 8.4
config wps signature mac-frequency config wps signature mac-frequency
To specify the number of matching packets per interval that must be identified per client per access point before an attack is detected, use the config wps signature mac-frequency command.
config wps signature mac-frequency signature_id mac_frequency
Syntax Description
signature_id mac_frequency
Identifier for the signature to be configured.
Number of matching packets per interval that must be identified per client per access point before an attack is detected. The range is 1 to 32,000 packets per interval.
Command Default
The mac_frequency default value varies per signature.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If IDS signature processing is disabled, all signatures are disabled, regardless of the state configured for individual signatures.
Examples
The following example shows how to set the number of matching packets per interval per client before an attack is detected to 50 for signature ID 3:
(Cisco Controller) >
config wps signature mac-frequency 3 50
Related Commands config wps signature frequency config wps signature interval config wps signature config wps signature quiet-time config wps signature reset show wps signature events show wps signature summary show wps summary
Cisco Wireless Controller Command Reference, Release 8.4
1283
config wps signature quiet-time config wps signature quiet-time
To specify the length of time after which no attacks have been detected at the individual access point level and the alarm can stop, use the config wps signature quiet-time command.
config wps signature quiet-time signature_id quiet_time
Syntax Description
signature_id quiet_time
Identifier for the signature to be configured.
Length of time after which no attacks have been detected at the individual access point level and the alarm can stop. The range is 60 to 32,000 seconds.
Command Default
The default value of quiet_time varies per signature.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If IDS signature processing is disabled, all signatures are disabled, regardless of the state configured for individual signatures.
Examples
The following example shows how to set the number of seconds after which no attacks have been detected per access point to 60 for signature ID 1:
(Cisco Controller) >
config wps signature quiet-time 1 60
Related Commands config wps signature config wps signature frequency config wps signature interval config wps signature mac-frequency config wps signature reset show wps signature events show wps signature summary show wps summary
1284
Cisco Wireless Controller Command Reference, Release 8.4
config wps signature reset config wps signature reset
To reset a specific Intrusion Detection System (IDS) signature or all IDS signatures to default values, use the
config wps signature reset command.
config wps signature reset {signature_id | all}
Syntax Description
signature_id
all
Identifier for the specific IDS signature to be reset.
Resets all IDS signatures.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If IDS signature processing is disabled, all signatures are disabled, regardless of the state configured for individual signatures.
Examples
The following example shows how to reset the IDS signature 1 to default values:
(Cisco Controller) >
config wps signature reset 1
Related Commands config wps signature config wps signature frequency config wps signature interval config wps signature mac-frequency config wps signature quiet-time show wps signature events show wps signature summary show wps summary
Cisco Wireless Controller Command Reference, Release 8.4
1285
config wps signature reset
1286
Cisco Wireless Controller Command Reference, Release 8.4
P A R T
IV
Debug Commands
•
Debug Commands: 802.11, page 1289
•
Debug Commands: a to i, page 1297
•
Debug Commands: j to q, page 1371
•
Debug Commands: r to z, page 1397
Debug Commands: 802.11
•
•
•
•
•
•
Cisco Wireless Controller Command Reference, Release 8.4
1289
debug 11k debug 11k
To configure the debugging of 802.11k settings, use the debug 11k command.
debug 11k {all | detail | errors| events | history | optimization | simulation} {enable | disable}
Syntax Description all detail errors events history optimization simulation enable disable
Configures the debugging of all 802.11k messages.
Configures the debugging of 802.11k details.
Configures the debugging of 802.11k errors.
Configures the debugging of all 802.11k events.
Configures the debugging of all 802.11k history. The Cisco WLC collects roam history of the client.
Configures the debugging of 802.11k optimizations. You can view optimization steps of neighbor lists.
Configures the debugging of 802.11k simulation data. You can view details of client roaming parameters and import them for offline simulation.
Enables the 802.1k debugging.
Disables the 802.1k debugging.
Command Default
None.
Examples
This example shows how to enable the debugging of 802.11k simulation data:
(Cisco Controller) >
debug 11k simulation enable
Related Commands config assisted-roaming config wlan assisted-roaming show assisted-roaming
1290
Cisco Wireless Controller Command Reference, Release 8.4
debug 11w-pmf
To configure the debugging of 802.11w, use the debug 11w-pmf command.
debug 11w-pmf {all | events| keys} {enable | disable}
Syntax Description all keys events enable disable
Configures the debugging of all 802.11w messages.
Configures the debugging of 802.11w keys.
Configures the debugging of 802.11w events.
Enables the debugging of 802.1w options.
Disables the debugging of 802.1w options.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the debugging of 802.11w keys:
(Cisco Controller) >
debug 11w-pmf keys enable debug 11w-pmf
Cisco Wireless Controller Command Reference, Release 8.4
1291
debug 11v all debug 11v all
To configure the 802.11v debug options, use the debug 11v all command.
debug 11v all {enable | disable}
Syntax Description enable disable
Enables all the debug.
Disables all the debug.
Command Default
None
Command History
Release
8.1
Examples
Modification
This command was introduced.
The following example shows how to enable all the debug:
(Cisco Controller) >
debug 11v all enable
1292
Cisco Wireless Controller Command Reference, Release 8.4
debug 11v detail
To configure the 802.11v debug details, use the debug 11v detail command.
debug 11v detail {enable | disable}
Syntax Description enable disable
Enables debug details.
Disables debug details.
Command Default
None
Command History
Release
8.1
Examples
Modification
This command was introduced.
The following example shows how to enable 802.11v debug details:
(Cisco Controller) >
debug 11v detail enable debug 11v detail
Cisco Wireless Controller Command Reference, Release 8.4
1293
debug 11v error debug 11v error
To configure the 802.11v error debug options, use the debug 11v errors command.
debug 11v errors {enable | disable}
Syntax Description enable disable
Enables error debug.
Disables error debug.
Command Default
None
Command History
Release
8.1
Examples
Modification
This command was introduced.
The following example shows how to enable 802.11v error debug:
(Cisco Controller) >
debug 11v error enable
1294
Cisco Wireless Controller Command Reference, Release 8.4
debug 11w-pmf
To configure the debugging of 802.11w, use the debug 11w-pmf command.
debug 11w-pmf {all | events| keys} {enable | disable}
Syntax Description all keys events enable disable
Configures the debugging of all 802.11w messages.
Configures the debugging of 802.11w keys.
Configures the debugging of 802.11w events.
Enables the debugging of 802.1w options.
Disables the debugging of 802.1w options.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the debugging of 802.11w keys:
(Cisco Controller) >
debug 11w-pmf keys enable debug 11w-pmf
Cisco Wireless Controller Command Reference, Release 8.4
1295
debug 11w-pmf
1296
Cisco Wireless Controller Command Reference, Release 8.4
Debug Commands: a to i
•
•
•
debug aaa local-auth, page 1303
•
debug airewave-director, page 1305
•
•
•
debug ap packet-dump, page 1309
•
debug ap show stats, page 1310
•
debug ap show stats video, page 1312
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Cisco Wireless Controller Command Reference, Release 8.4
1297
•
•
debug cts key-store, page 1329
•
debug cts provisioning, page 1330
•
•
•
•
•
•
•
debug dhcp service-port, page 1337
•
•
•
•
•
debug dot11 mgmt interface, page 1344
•
debug dot11 mgmt msg, page 1345
•
debug dot11 mgmt ssid, page 1346
•
debug dot11 mgmt state-machine, page 1347
•
debug dot11 mgmt station, page 1348
•
•
•
•
debug flexconnect avc, page 1356
•
debug flexconnect aaa, page 1357
•
debug flexconnect acl, page 1358
•
debug flexconnect cckm, page 1359
•
•
•
debug flexconnect client ap, page 1362
•
debug flexconnect client ap syslog, page 1363
•
debug flexconnect client group, page 1364
•
debug flexconnect client group syslog, page 1365
•
debug flexconnect group, page 1366
1298
Cisco Wireless Controller Command Reference, Release 8.4
•
•
•
Cisco Wireless Controller Command Reference, Release 8.4
1299
debug aaa debug aaa
To configure the debugging of AAA settings, use the debug aaa command.
debug aaa {[all | detail | events | packet | ldap | local-auth | tacacs] [enable | disable]}
Syntax Description all detail events packet ldap local-auth tacacs enable disable
(Optional) Configures the debugging of all AAA messages.
(Optional) Configures the debugging of AAA errors.
(Optional) Configures the debugging of AAA events.
(Optional) Configures the debugging of AAA packets.
(Optional) Configures the debugging of the AAA
Lightweight Directory Access Protocol (LDAP) events.
(Optional) Configures the debugging of the AAA local Extensible Authentication Protocol (EAP) events.
(Optional) Configures the debugging of the AAA
TACACS+ events.
(Optional) Enables the debugging.
(Optional) Disables the debugging.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the debugging of AAA LDAP events:
(Cisco Controller) >
debug aaa ldap enable
Related Commands debug aaa local-auth eap
1300
Cisco Wireless Controller Command Reference, Release 8.4
show running-config debug aaa
Cisco Wireless Controller Command Reference, Release 8.4
1301
debug aaa events debug aaa events
To configure the debugging related to DNS-based ACLs, use the debug aaa events enable command.
debug aaa events enable
Syntax Description events
Configures the debugging of DNS-based ACLs.
Command History
Release
7.6
Examples
Modification
This command is introduced.
The following example shows how to enable the debugging for DNS-based ACLs:
(Cisco Controller) >
debug aaa events enble
1302
Cisco Wireless Controller Command Reference, Release 8.4
debug aaa local-auth debug aaa local-auth
To configure the debugging of AAA local authentication on the Cisco WLC, use the debug aaa local-auth command.
debug aaa local-auth {db | shim | eap {framework | method} {all | errors | events | packets | sm}} {enable
| disable}
Syntax Description db shim eap framework method all errors events packets sm enable disable
Configures the debugging of the AAA local authentication back-end messages and events.
Configures the debugging of the AAA local authentication shim layer events.
Configures the debugging of the AAA local Extensible
Authentication Protocol (EAP) authentication.
Configures the debugging of the local EAP framework.
Configures the debugging of local EAP methods.
Configures the debugging of local EAP messages.
Configures the debugging of local EAP errors.
Configures the debugging of local EAP events.
Configures the debugging of local EAP packets.
Configures the debugging of the local EAP state machine.
Starts the debugging.
Stops the debugging.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
1303
debug aaa local-auth
Examples
The following example shows how to enable the debugging of the AAA local EAP authentication:
(Cisco Controller) >
debug aaa local-auth eap method all enable
Related Commands clear stats local-auth config local-auth active-timeout config local-auth eap-profile config local-auth method fast config local-auth user-credentials show local-auth certificates show local-auth config show local-auth statistics
1304
Cisco Wireless Controller Command Reference, Release 8.4
debug airewave-director debug airewave-director
To configure the debugging of Airewave Director software, use the debug airwave-director command.
debug airewave-director {all | channel | detail | error | group | manager | message | packet | power |
profile | radar | rf-change} {enable | disable}
Syntax Description all channel detail error group manager message packet power profile radar rf-change enable disable
Configures the debugging of all Airewave Director logs.
Configures the debugging of the Airewave Director channel assignment protocol.
Configures the debugging of the Airewave Director detail logs.
Configures the debugging of the Airewave Director error logs.
Configures the debugging of the Airewave Director grouping protocol.
Configures the debugging of the Airewave Director manager.
Configures the debugging of the Airewave Director messages.
Configures the debugging of the Airewave Director packets.
Configures the debugging of the Airewave Director power assignment protocol and coverage hole detection.
Configures the debugging of the Airewave Director profile events.
Configures the debugging of the Airewave Director radar detection/avoidance protocol.
Configures the debugging of the Airewave Director rf changes.
Enables the Airewave Director debugging.
Disables the Airewave Director debugging.
Cisco Wireless Controller Command Reference, Release 8.4
1305
debug airewave-director
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the debugging of Airewave Director profile events:
(Cisco Controller) >
debug airewave-director profile enable
Related Commands debug disable-all show sysinfo
1306
Cisco Wireless Controller Command Reference, Release 8.4
debug ap debug ap
To configure the remote debugging of Cisco lightweight access points or to remotely execute a command on a lightweight access point, use the debug ap command.
debug ap {enable | disable | command cmd} cisco_ap
Syntax Description enable disable command
cmd cisco_ap
Enables the debugging on a lightweight access point.
Note
The debugging information is displayed only to the controller console and does not send output to a controller Telnet/SSH CLI session.
Disables the debugging on a lightweight access point.
Note
The debugging information is displayed only to the controller console and does not send output to a controller Telnet/SSH CLI session.
Specifies that a CLI command is to be executed on the access point.
Command to be executed.
Note
The command to be executed must be enclosed in double quotes, such as debug ap command “led flash 30” AP03.
The output of the command displays only to the controller console and does not send output to a controller Telnet/SSH CLI session.
Name of a Cisco lightweight access point.
Command Default
The remote debugging of Cisco lightweight access points is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the remote debugging on access point AP01:
(Cisco Controller) >
debug ap enable AP01
The following example shows how to execute the config ap location command on access point AP02:
(Cisco Controller) >
debug ap command
“config ap location "Building 1" AP02”
The following example shows how to execute the flash LED command on access point AP03:
(Cisco Controller) >
debug ap command
“led flash 30” AP03
Cisco Wireless Controller Command Reference, Release 8.4
1307
debug ap enable debug ap enable
To configure the remote debugging of Cisco lightweight access points or to remotely execute a command on a lightweight access point, use the debug ap enable command.
debug ap {enable | disable | command cmd} cisco_ap
Syntax Description enable disable command
cmd cisco_ap
Enables the remote debugging.
Note
The debugging information is displayed only to the controller console and does not send output to a controller Telnet/SSH CLI session.
Disables the remote debugging.
Specifies that a CLI command is to be executed on the access point.
Command to be executed.
Note
The command to be executed must be enclosed in double quotes, such as debug ap command “led flash 30” AP03.
The output of the command displays only to the controller console and does not send output to a controller Telnet/SSH CLI session.
Cisco lightweight access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable the remote debugging on access point AP01:
(Cisco Controller) >
debug ap enable AP01
The following example shows how to disable the remote debugging on access point AP02:
(Cisco Controller) >
debug ap disable AP02
The following example shows how to execute the flash LED command on access point AP03:
(Cisco Controller) >
debug ap command
“led flash 30” AP03
1308
Cisco Wireless Controller Command Reference, Release 8.4
debug ap packet-dump debug ap packet-dump
To configure the debugging of Packet Capture, use the debug ap packet-dump command.
debug ap packet-dump {enable | disable}
Syntax Description enable disable
Enables the debugging of Packet Capture of an access point.
Disables the debugging of Packet Capture of an access point.
Command Default
Debugging of Packet Capture is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Packet Capture does not work during inter-Cisco WLC roaming.
The Cisco WLC does not capture packets created in the radio firmware and sent out of the access point, such as beacon or probe response. Only packets that flow through the radio driver in the Tx path will be captured.
Examples
The following example shows how to enable the debugging of Packet Capture from an access point:
(Cisco Controller) >
debug ap packet-dump enable
Cisco Wireless Controller Command Reference, Release 8.4
1309
debug ap show stats debug ap show stats
To debug video messages and statistics of Cisco lightweight access points, use the debug ap show stats command.
debug ap show stats {802.11a | 802.11b} cisco_ap {tx-queue | packet | load | multicast | client {client_MAC
| video | all} | video metrics}
debug ap show stats video cisco_ap {multicast mgid mgid_database_number | admission | bandwidth}
Syntax Description
802.11a
802.11b
cisco_ap
tx-queue packet load multicast client
client_MAC
video all video metrics mgid
mgid_database_number
admission bandwidth
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Cisco lightweight access point name.
Displays the transmit queue traffic statistics of the AP.
Displays the packet statistics of the AP.
Displays the QoS Basic Service Set (QBSS) and other statistics of the AP.
Displays the multicast supported rate statistics of the AP.
Displays the specified client metric statistics.
MAC address of the client.
Displays video statistics of all clients on the AP.
Displays statistics of all clients on the AP.
Displays the video metric statistics.
Displays detailed multicast information for a single multicast group ID
(MGID).
Layer 2 MGID database number.
Displays video admission control on the AP.
Displays video bandwidth on the AP.
Command Default
None
1310
Cisco Wireless Controller Command Reference, Release 8.4
debug ap show stats
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to troubleshoot the access point AP01’s transmit queue traffic on an 802.11a
network:
(Cisco Controller) >
debug ap show stats 802.11a AP01 tx-queue
The following example shows how to troubleshoot the access point AP02’s multicast supported rates on an
802.11b/g network:
(Cisco Controller) >
debug ap show stats 802.11b AP02 multicast
The following example shows how to troubleshoot the metrics of a client identified by its MAC address, associated with the access point AP01 on an 802.11a network:
(Cisco Controller) >
debug ap show stats 802.11a AP01 client 00:40:96:a8:f7:98
The following example shows how to troubleshoot the metrics of all clients associated with the access point
AP01 on an 802.11a network:
(Cisco Controller) >
debug ap show stats 802.11a AP01 client all
Cisco Wireless Controller Command Reference, Release 8.4
1311
debug ap show stats video debug ap show stats video
To configure the debugging of video messages and statistics of Cisco lightweight access points, use the debug
ap show stats video command.
debug ap show stats video cisco_ap {multicast mgid mgid_value | admission | bandwidth}
Syntax Description
cisco_ap
multicast mgid
mgid_value
admission bandwidth
Cisco lightweight access point name.
Displays multicast database related information for the specified MGID of an access point.
Layer 2 MGID database number from 1 to 4095.
Displays the video admission control.
Displays the video bandwidth.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to configure the debugging of an access point AP01’s multicast group that is identified by the group’s Layer 2 MGID database number:
(Cisco Controller) >
debug ap show stats video AP01 multicast mgid 50
This example shows how to configure the debugging of an access point AP01’s video bandwidth:
(Cisco Controller) >
debug ap show stats video AP01 bandwidth
1312
Cisco Wireless Controller Command Reference, Release 8.4
debug arp debug arp
To configure the debugging of Address Resolution Protocol (ARP) options, use the debug arp command.
debug arp {all | detail | events | message} {enable | disable}
Syntax Description all detail error message enable disable
Configures the debugging of all ARP logs.
Configures the debugging of ARP detail messages.
Configures the debugging of ARP errors.
Configures the debugging of ARP messages.
Enables the ARP debugging.
Disables the ARP debugging.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable ARP debug settings:
(Cisco Controller) >
debug arp error enable
The following example shows how to disable ARP debug settings:
(Cisco Controller) >
debug arp error disable
Related Commands debug disable-all show sysinfo
Cisco Wireless Controller Command Reference, Release 8.4
1313
debug avc debug avc
To configure the debugging of Application Visibility and Control (AVC) options, use the debug avc error command.
debug avc {events | error} {enable | disable}
Syntax Description events error enable disable
Configures the debugging of AVC events.
Configures the debugging of AVC errors.
Enables the debugging of AVC events or errors.
Disables the debugging of AVC events or errors.
Command Default
By default, the debugging of AVC options is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the debugging of AVC errors:
(Cisco Controller) >
debug avc error enable
Related Commands config avc profile delete config avc profile rule config wlan avc show avc profile show avc applications show avc statistics
1314
Cisco Wireless Controller Command Reference, Release 8.4
debug bcast debug bcast
To configure the debugging of broadcast options, use the debug bcast command.
debug bcast {all | error | message | igmp | detail} {enable | disable}
Syntax Description all error message igmp detail enable disable
Configures the debugging of all broadcast logs.
Configures the debugging of broadcast errors.
Configures the debugging of broadcast messages.
Configures the debugging of broadcast IGMP messages.
Configures the debugging of broadcast detailed messages.
Enables the broadcast debugging.
Disables the broadcast debugging.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the debugging of broadcast messages:
(Cisco Controller) >
debug bcast message enable
The following example shows how to disable the debugging of broadcast mesages:
(Cisco Controller) >
debug bcast message disable
Related Commands debug disable-all show sysinfo
Cisco Wireless Controller Command Reference, Release 8.4
1315
debug call-control debug call-control
To configure the debugging of the SIP call control settings, use the debug call-control command.
debug call-control {all | event} {enable | disable}
Syntax Description all event enable disable
Configures the debugging options for all SIP call control messages.
Configures the debugging options for SIP call control events.
Enables the debugging of SIP call control messages or events.
Disables the debugging of SIP call control messages or events.
Command Default
Disabled.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the debugging of all SIP call control messages:
(Cisco Controller) >
debug call-control all enable
1316
Cisco Wireless Controller Command Reference, Release 8.4
debug capwap debug capwap
To configure the debugging of Control and Provisioning of Wireless Access Points (CAPWAP) settings, use the debug capwap command.
debug capwap {detail | dtls-keepalive | errors | events | hexdump | info | packet | payload | mfp} {enable
| disable}
Syntax Description detail dtls-keepalive errors events hexdump info packet payload mfp enable disable
Configures the debugging for CAPWAP detail settings.
Configures the debugging for CAPWAP DTLS data keepalive packets settings.
Configures the debugging for CAPWAP error settings.
Configures the debugging for CAPWAP events settings.
Configures the debugging for CAPWAP hexadecimal dump settings.
Configures the debugging for CAPWAP info settings.
Configures the debugging for CAPWAP packet settings.
Configures the debugging for CAPWAP payload settings.
Configures the debugging for CAPWAP mfp settings.
Enables the debugging of the CAPWAP command.
Disables the debugging of the CAPWAP command.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable the debugging of CAPWAP details:
(Cisco Controller) >
debug capwap detail enable
Cisco Wireless Controller Command Reference, Release 8.4
1317
debug capwap reap debug capwap reap
To configure the debugging of Control and Provisioning of Wireless Access Points (CAPWAP) settings on a FlexConnect access point, use the debug capwap reap command.
debug capwap reap [mgmt | load]
Syntax Description mgmt load
(Optional) Configures the debugging for client authentication and association messages.
(Optional) Configures the debugging for payload activities, which is useful when the FlexConnect access point boots up in standalone mode.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the debugging of FlexConnect client authentication and association messages:
(Cisco Controller) >
debug capwap reap mgmt
1318
Cisco Wireless Controller Command Reference, Release 8.4
debug ccxdiag debug ccxdiag
To configure debugging of Cisco Compatible Extensions (CCX) diagnostic options, use the debug ccxdiag command.
debug ccxdiag {all | error | event | packet} {enable | disable}
Syntax Description all error event packet enable disable
Configures debugging of all the CCX S69 messages.
Configures debugging of the CCX S69 errors.
Configures debugging of the CCX S69 events.
Configures debugging of the CCX S69 packets.
Enables debugging of the CCX S69 options.
Disables debugging of the CCX S69 options.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable CCX S69 packets debugging:
(Cisco Controller) >
debug ccxdiag packets enable
Cisco Wireless Controller Command Reference, Release 8.4
1319
debug ccxrm debug ccxrm
To configure debugging of the CCX Cisco Client eXtension (CCX) Radio Management (RM), use the debug
ccxrm command.
debug ccxrm {all | detail | error | location-calibration | message | packet | warning} {enable| disable}
Syntax Description all detail error location-calibration message packet warning enable disable
Configures debugging of all CCX RM messages.
Configures detailed debugging of CCX RM.
Configures debugging of the CCX RM errors.
Configures debugging of the CCX RM location calibration.
Configures debugging of CCX RM messages.
Configures debugging of the CCX RM packets.
Configures debugging of the CCX RM warnings.
Enables debugging of the CCX RM options.
Disables debugging of the CCX RM options.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable CCX RM debugging:
(Cisco Controller) > debug ccxrm all enable
1320
Cisco Wireless Controller Command Reference, Release 8.4
debug ccxs69
To configure debugging of CCX S69 tasks, use the debug ccxs69 command.
debug ccxs69 {all | error | event} {enable| disable}
Syntax Description all error event enable disable
Configures debugging of all the CCX S69 messages.
Configures debugging of the CCX S69 errors.
Configures debugging of the CCX S69 events.
Enables debugging of the CCX S69 options.
Disables debugging of the CCX S69 options.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable CCX S69 debugging:
(Cisco Controller) >
debug ccxs69 all enable debug ccxs69
Cisco Wireless Controller Command Reference, Release 8.4
1321
debug cckm debug cckm
To configure the debugging of the Cisco Centralized Key Management options, use the debug cckm
debug cckm {client | detailed} {enable| disable}
Syntax Description client detailed enable disable
Configures debugging of the Cisco Centralized Key Management of clients.
Configures detailed debugging of Cisco Centralized Key Management.
Enables debugging of Cisco Centralized Key Management.
Disables debugging of Cisco Centralized Key Management.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable detailed debugging of Cisco Centralized Key Management:
(Cisco Controller) >
debug cckm detailed enable
1322
Cisco Wireless Controller Command Reference, Release 8.4
debug client debug client
To configure the debugging for a specific client, use the debug client command.
debug client mac_address
Syntax Description
mac_address
MAC address of the client.
Command Default
None
Usage Guidelines
After entering the debug client mac_address command, if you enter the debug aaa events enable command, then the AAA events logs are displayed for that particular client MAC address.
Command History
Release
7.6
Modification
This command was introduced.
Examples
The following example shows how to debug a specific client:
(Cisco Controller) >
debug client 01:35:6x:yy:21:00
Cisco Wireless Controller Command Reference, Release 8.4
1323
debug cts aaa debug cts aaa
To configure the Cisco TrustSec AAA debug options, use the debug cts aaa command.
debug cts aaa {all | errors | events} {enable | disable}
Syntax Description all errors events enable disable
Configures debugging of all the CTS AAA debug options
Configures debugging of all the CTS AAA errors
Configures debugging of all the CTS AAA events
Enables debugging
Disables debugging
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
1324
Cisco Wireless Controller Command Reference, Release 8.4
debug cts authz debug cts authz
To configure the Cisco TrustSec security group access control list (SGACL) download debug options, use the debug cts authz command.
debug cts authz {aaa | all | errors | events} {enable | disable}
Syntax Description aaa all errors events enable disable
Configures debugging of CTS AAA policy
Configures debugging of all the CTS policies
Configures debugging of all the CTS policy errors
Configures debugging of all the CTS policy events
Enables debugging
Disables debugging
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
Cisco Wireless Controller Command Reference, Release 8.4
1325
debug cts capwap debug cts capwap
To configure the debug options for Cisco TrustSec policy download over CAPWAP messages, use the debug
cts capwap command.
debug cts capwap {messages | all | errors | events} {enable | disable}
Syntax Description messages all errors events enable disable
Configures debugging of Protected Access Credential (PAC) CAPWAP messages
Configures debugging of all the CTS CAPWAP messages
Configures debugging of the PAC CAPWAP errors
Configures debugging of the PAC CAPWAP events
Enables debugging
Disables debugging
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
1326
Cisco Wireless Controller Command Reference, Release 8.4
debug cts env-data debug cts env-data
To configure Cisco TrustSec environment data debugs, use the debug cts env-data command.
debug cts env-data {all | errors | events} {enable | disable}
Syntax Description all errors events enable disable
Configures debugging of all the CTS environment data
Configures debugging of CTS environment data errors
Configures debugging of CTS environment data events
Enables debugging
Disables debugging
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
Cisco Wireless Controller Command Reference, Release 8.4
1327
debug cts ha debug cts ha
To configure the Cisco TrustSec High Availability (HA) debug options, use the debug cts ha command.
debug cts ha {all | errors | events} {enable | disable}
Syntax Description all errors events enable disable
Configures debugging of all the CTS HA options
Configures debugging of CTS HA errors
Configures debugging of CTS HA events
Enables debugging
Disables debugging
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
1328
Cisco Wireless Controller Command Reference, Release 8.4
debug cts key-store debug cts key-store
To configure the Cisco TrustSec Key-store debug options, use the debug cts key-store command.
debug cts key-store {enable | disable}
Syntax Description enable disable
Enables debugging
Disables debugging
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
Cisco Wireless Controller Command Reference, Release 8.4
1329
debug cts provisioning debug cts provisioning
To configure the Cisco TrustSec PAC Provisioning debug options, use the debug cts provisioning command.
debug cts provisioning {packets | all | errors | events} {enable | disable}
Syntax Description packets all errors events enable disable
Configures debugging of PAC provisioning packets
Configures debugging of all the PAC provisioning options
Configures debugging of the PAC provisioning errors
Configures debugging of the PAC provisioning events
Enables debugging
Disables debugging
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
1330
Cisco Wireless Controller Command Reference, Release 8.4
debug cts sgt
To configure debugging of up to 10 SGTs, use the debug cts sgt command.
debug cts sgt {sgt-1 | sgt-2 | sgt-3 | sgt-4 | sgt-5 | sgt-6 | sgt-7 | sgt-8 | sgt-9 | sgt-10}
Syntax Description
sgt-1 to sgt-10 SGT IDs that you have to enter.
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
debug cts sgt
Cisco Wireless Controller Command Reference, Release 8.4
1331
debug cts sxp debug cts sxp
To configure debugging of Cisco TrustSec SXP options, use the debug cts sxp command.
debug cts sxp {all | errors | events | framework | message} {enable | disable}
Syntax Description all errors events framework message enable disable
Configures debugging of all the CTS SXP options
Configures debugging of the CTS SXP errors
Configures debugging of the CTS SXP events
Configures debugging of the CTS SXP framework
Configures debugging of the CTS SXP messages
Enables debugging
Disables debugging
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
1332
Cisco Wireless Controller Command Reference, Release 8.4
debug cac debug cac
To configure the debugging of Call Admission Control (CAC) options, use the debug cac command.
debug cac {all | event | packet} {enable | disable}
Syntax Description all event packet kts enable disable
Configures the debugging options for all CAC messages.
Configures the debugging options for CAC events.
Configures the debugging options for selected CAC packets.
Configures the debugging options for KTS-based CAC messages.
Enables the debugging of CAC settings.
Disables the debugging of CAC settings.
Command Default
By default, the debugging of CAC options is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable debugging of CAC settings:
(Cisco Controller) >
debug cac event enable
(Cisco Controller) >
debug cac packet enable
Related Commands config 802.11 cac video acm config 802.11 cac video max-bandwidth config 802.11 video roam-bandwidth config 802.11 cac video tspec-inactivity-timeout config 802.11 cac voice load-based config 802.11 cac voice roam-bandwidth config 802.11cac voice stream-size config 802.11cac voice tspec-inactivity-timeout
Cisco Wireless Controller Command Reference, Release 8.4
1333
debug cdp debug cdp
To configure debugging of CDP, use the debug cdp command.
debug cdp {events | packets} {enable | disable}
Syntax Description events packets enable disable
Configures debugging of the CDP events.
Configures debugging of the CDP packets.
Enables debugging of the CDP options.
Disables debugging of the CDP options.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable CDP event debugging in a Cisco controller:
(Cisco Controller) >
debug cdp
1334
Cisco Wireless Controller Command Reference, Release 8.4
debug crypto debug crypto
To configure the debugging of the hardware cryptographic options, use the debug crypto command.
debug crypto {all | sessions | trace | warning} {enable | disable}
Syntax Description all sessions trace warning enable disable
Configures the debugging of all hardware crypto messages.
Configures the debugging of hardware crypto sessions.
Configures the debugging of hardware crypto sessions.
Configures the debugging of hardware crypto sessions.
Enables the debugging of hardware cryptographic sessions.
Disables the debugging of hardware cryptographic sessions.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the debugging of hardware crypto sessions:
(Cisco Controller) >
debug crypto sessions enable
Related Commands debug disable-all show sysinfo
Cisco Wireless Controller Command Reference, Release 8.4
1335
debug dhcp debug dhcp
To configure the debugging of DHCP, use the debug dhcp command.
debug dhcp {message | packet} {enable | disable}
Syntax Description message packet enable disable
Configures the debugging of DHCP error messages.
Configures the debugging of DHCP packets.
Enables the debugging DHCP messages or packets.
Disables the debugging of DHCP messages or packets.
Command Default
None
Examples
The following example shows how to enable the debugging of DHCP messages:
(Cisco Controller) >
debug dhcp message enable
1336
Cisco Wireless Controller Command Reference, Release 8.4
debug dhcp service-port debug dhcp service-port
To enable or disable debugging of the Dynamic Host Configuration Protocol (DHCP) packets on the service port, use the debug dhcp service-port command.
debug dhcp service-port {enable | disable}
Syntax Description enable disable
Enables the debugging of DHCP packets on the service port.
Disables the debugging of DHCP packets on the service port.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the debugging of DHCP packets on a service port:
(Cisco Controller) >
debug dhcp service-port enable
Cisco Wireless Controller Command Reference, Release 8.4
1337
debug disable-all debug disable-all
To disable all debug messages, use the debug disable-all command.
debug disable-all
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to disable all debug messages:
(Cisco Controller) >
debug disable-all
1338
Cisco Wireless Controller Command Reference, Release 8.4
debug dns debug dns
To configure debugging of Domain Name System (DNS) options, use the debug dns command.
debug dns {all | detail | error | message} {enable | disable}
Syntax Description all detail error message enable disable
Configures debugging of all the DNS options.
Configures debugging of the DNS details.
Configures debugging of the DNS errors.
Configures debugging of the DNS messages.
Enables debugging of the DNS options.
Disables debugging of the DNS options.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable DNS error debugging:
(Cisco Controller) >
debug dns error enable
Cisco Wireless Controller Command Reference, Release 8.4
1339
debug dot11 debug dot11
To configure the debugging of 802.11 events, use the debug dot11 command.
debug dot11 {all | load-balancing | management | mobile | nmsp | probe | rldp | rogue | state} {enable |
disable}
Syntax Description all load-balancing management mobile nmsp probe rldp rogue state enable disable
Configures the debugging of all 802.11 messages.
Configures the debugging of 802.11 load balancing events.
Configures the debugging of 802.11 MAC management messages.
Configures the debugging of 802.11 mobile events.
Configures the debugging of the 802.11 NMSP interface events.
Configures the debugging of probe.
Configures the debugging of 802.11 Rogue Location
Discovery.
Configures the debugging of 802.11 rogue events.
Configures the debugging of 802.11 mobile state transitions.
Enables the 802.11 debugging.
Disables the 802.11 debugging.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
1340
Cisco Wireless Controller Command Reference, Release 8.4
Examples
The following example shows how to enable the debugging of 802.11 settings:
(Cisco Controller) >
debug dot11 state enable
(Cisco Controller) >
debug dot11 mobile enable debug dot11
Cisco Wireless Controller Command Reference, Release 8.4
1341
debug dot11 debug dot11
To configure the debugging of 802.11 events, use the debug dot11 command.
debug dot11 {all | load-balancing | management | mobile | nmsp | probe | rldp | rogue | state} {enable |
disable}
Syntax Description all load-balancing management mobile nmsp probe rldp rogue state enable disable
Configures the debugging of all 802.11 messages.
Configures the debugging of 802.11 load balancing events.
Configures the debugging of 802.11 MAC management messages.
Configures the debugging of 802.11 mobile events.
Configures the debugging of the 802.11 NMSP interface events.
Configures the debugging of probe.
Configures the debugging of 802.11 Rogue Location
Discovery.
Configures the debugging of 802.11 rogue events.
Configures the debugging of 802.11 mobile state transitions.
Enables the 802.11 debugging.
Disables the 802.11 debugging.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
1342
Cisco Wireless Controller Command Reference, Release 8.4
Examples
The following example shows how to enable the debugging of 802.11 settings:
(Cisco Controller) >
debug dot11 state enable
(Cisco Controller) >
debug dot11 mobile enable debug dot11
Cisco Wireless Controller Command Reference, Release 8.4
1343
debug dot11 mgmt interface debug dot11 mgmt interface
To configure debugging of 802.11 management interface events, use the debug dot11 mgmt interface command.
debug dot11 mgmt interface
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to debug 802.11 management interface events:
(Cisco Controller) >
debug dot11 mgmt interface
1344
Cisco Wireless Controller Command Reference, Release 8.4
debug dot11 mgmt msg debug dot11 mgmt msg
To configure debugging of 802.11 management messages, use the debug dot11 mgmt msg command.
debug dot11 mgmt msg
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
This example shows how to debug dot11 management messages:
(Cisco Controller) >
debug dot11 mgmt msg
Cisco Wireless Controller Command Reference, Release 8.4
1345
debug dot11 mgmt ssid debug dot11 mgmt ssid
To configure debugging of 802.11 SSID management events, use the debug dot11 mgmt ssid command.
debug dot11 mgmt ssid
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the debugging of 802.11 SSID management events:
(Cisco Controller) >
debug dot11 mgmt ssid
1346
Cisco Wireless Controller Command Reference, Release 8.4
debug dot11 mgmt state-machine debug dot11 mgmt state-machine
To configure debugging of the 802.11 state machine, use the debug dot11 mgmt state-machine command.
debug dot11 mgmt state-machine
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the debugging of 802.11 state machine:
(Cisco Controller) >
debug dot11 mgmt state-machine
Cisco Wireless Controller Command Reference, Release 8.4
1347
debug dot11 mgmt station debug dot11 mgmt station
To configure the debugging of the management station settings, use the debug dot11 mgmt station command.
debug dot11 mgmt station
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the debugging of the management station settings:
(Cisco Controller) >
debug dot11 mgmt station
1348
Cisco Wireless Controller Command Reference, Release 8.4
debug dot1x debug dot1x
To configure debugging of the 802.1X options, use the debug dot1x command.
debug dot1x {aaa | all | events | packets | states} {enable | disable}
Syntax Description aaa all events packets states enable disable
Configures debugging of the 802.1X AAA interactions.
Configures debugging of all the 802.1X messages.
Configures debugging of the 802.1X events.
Configures debugging of the 802.1X packets.
Configures debugging of the 802.1X state transitions.
Enables debugging of the 802.1X options.
Disables debugging of the 802.1X options.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable 802.1X state transitions debugging:
(Cisco Controller) >
debug dot1x states enable
Cisco Wireless Controller Command Reference, Release 8.4
1349
debug dtls debug dtls
To configure debugging of the Datagram Transport Layer Security (DTLS) options, use the debug dtls command.
debug dtls {all | event | packet | trace} {enable | disable}
Syntax Description all event packet trace enable disable
Configures debugging of all the DTLS messages.
Configures debugging of the DTLS events.
Configures debugging of the DTLS packets.
Configures debugging of the DTLS trace messages.
Enables debugging of the DTLS options.
Disables debugging of the DTLS options.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The debug actions described here are used in conjunction with CAPWAP troubleshooting.
Examples
The following example shows how to enable DTLS packet debugging:
(Cisco Controller) >
debug dtls packet enable
1350
Cisco Wireless Controller Command Reference, Release 8.4
debug fastpath debug fastpath
To debug the issues in the 10-Gigabit Ethernet interface of the controller and to view details of all the management and control features of the controller, use the debug fastpath command.
debug fastpath [disable| enable| errors| events| warning| log| status| dump| audit| clear]
debug fastpath log [{error | events | show}]
debug fastpath dump [{stats DP_number} | {fpapoolDP_number} | {ownerdb}|{portdb} |{tun4db| index|
DP_number} | {scbdb| index| DP_number} | {cfgtool -- dump.sfp} |{urlacldb| start-acl-id start-rule-index
} |{vlandb} | { dpcp-stats} | { clear| stats} | {systemdb} | {debug| {wlanappstats| wlan_id}} | { appqosdb}]
Syntax Description disable enable errors events warnings log
errors events show
status dump stats
Enables debug of fastpath messages.
Disables debug of fastpath messages.
Displays the debug messages related to the fastpath errors.
Displays the debug messages related to the fastpath events.
Displays the debug messages related to the fastpath warnings.
Configures debug of log messages.
Configures debug of fastpath errors.
Configures debug of fastpath events.
Displays log of most recent events related to fastpath.
Displays status of fastpath configuration.
Displays the CLI dump commands.
Displays the debug statistics from the data plane.
Cisco Wireless Controller Command Reference, Release 8.4
1351
debug fastpath
DP_number
fpapool
DP_number
ownerdb portdb tun4db
index
DP_number
1352
Cisco Wireless Controller Command Reference, Release 8.4
Displays the statistic counters at data plane based on selected data plane number. Values include 0, 1, and
All. The default option is All. You must select:
• The index 0 for the Cisco Wireless LAN
Controller 2504 Series, Cisco Wireless LAN
Controller 5508 Series, Cisco Wireless LAN
Controller 7500 Series, Cisco Wireless LAN
Controller 8500 Series.
• The index 0 and/or 1 respectively for the two data planes in WiSM2 to view statistics of individual data plane or from both.
Displays statistics of packet buffer in data plane.
Displays statistics of packet buffer based on data plane number. Values include 0, 1, and All. The default option is All. You must select:
• The index 0 for the Cisco Wireless LAN
Controller 2504 Series, Cisco Wireless LAN
Controller 5508 Series, Cisco Wireless LAN
Controller 7500 Series, Cisco Wireless LAN
Controller 8500 Series.
• The index 0 and/or 1 respectively for the two data planes in WiSM2 to view statistics of individual data plane or from both.
Displays the data plane owner information.
Displays the port database at data plane.
Dumps the first 20 tunnels from the data plane.
Dumps 20 tunnel entries from index provided. You must use data plane number 0/1 to denote WISM2 data plane processor.
Dumps the first twenty client entries from the data plane. Values include 0, 1, and All. The default option is All. You must select:
• The index 0 for the Cisco Wireless LAN
Controller 2504 Series, Cisco Wireless LAN
Controller 5508 Series, Cisco Wireless LAN
Controller 7500 Series, Cisco Wireless LAN
Controller 8500 Series.
• The index 0 and/or 1 respectively for the two data planes in WiSM2 to view statistics of individual data plane or from both.
scbdb
index
DP_number
cfgtool -- dump.sfp
urlacldb start-acl-id start-rule-index
vlandb dpcp-stats clear stats systemdb debug wlanappstats
wlan_id
appqosdb clear debug fastpath
Dumps 20 client entries starting from index provided.
You must use data plane number 0/1 to denote
WISM2 data plane processor.
Dumps client information for the selected MAC address.
Dumps the first twenty client entries from the data plane. Values include 0, 1, and All. The default option is All. You must select:
• The index 0 for the Cisco Wireless LAN
Controller 2504 Series, Cisco Wireless LAN
Controller 5508 Series, Cisco Wireless LAN
Controller 7500 Series, Cisco Wireless LAN
Controller 8500 Series.
• The index 0 and/or 1 respectively for the two data planes in WiSM2 to view statistics of individual data plane or from both.
Displays the model/type of SX/LC/T small form-factor plug-in (SFP) modules with the OUI
Partnumber.
Dumps the URL ACL database.
Dumps the VLAN database in the dataplane.
Displays the dataplane to controlplane message statistics.
Clears the data plane statistic counters.
Displays the global data plane configuration.
Displays the few latest messages of the data plane to enable troubleshooting.
Displays Application Visibility and Control (AVC) statistics of a WLAN.
The WLAN identifier of the WLAN you need identify the AVC statistics.
Displays Application Visibility and Control (AVC) database statistics of the data plane.
Clear command.
Cisco Wireless Controller Command Reference, Release 8.4
1353
debug fastpath
Command Default
None
Command History
Release
7.6
8.3
Modification
This command was introduced in a release earlier than Release 7.6.
This command was enhanced in this release. The new keyword added is urlacldb
Usage Guidelines
None
Examples
Examples
The following is an example of the SX/LC/T small form-factor plug-in (SFP) modules model/type with the respective OUI Partnumber.
(Cisco Controller) >
debug fastpath status
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE
SFPType
-- ------- ---- ------- ---------- ---------- ------ ------- -------
----------
1 Normal Forw Enable Auto
1000BaseTX
2 Normal Forw Enable Auto
1000BaseTX
1000 Full
1000 Full
Up
Up
Enable
Enable
N/A
N/A
The following is an example of the fastpath status displayed while you execute the status command.
(Cisco Controller) >
debug fastpath status
FP0.03:(119115)Received command: FP_CMD_ACL_COUNTER_GET
FP0.00:(119115)Received command: FP_CMD_ACL_COUNTER_GET
FP0.06:(119115)Received command: FP_CMD_ACL_COUNTER_GET
FP0.05:(119115)Received command: FP_CMD_ACL_COUNTER_GET
FP0.06:(119115)Received command: FP_CMD_ACL_COUNTER_GET
FP0.03:(119115)Received command: FP_CMD_ACL_COUNTER_GET
FP0.06:(119115)Received command: FP_CMD_ACL_COUNTER_GET
FP0.07:(119125)Received command: FP_CMD_ACL_COUNTER_GET
FP0.04:(119125)Received command: FP_CMD_ACL_COUNTER_GET
FP0.03:(119125)Received command: FP_CMD_ACL_COUNTER_GET
The following is an example of the fastpath errors displayed while you execute the debug fastpath log errors command.
(Cisco Controller) >
debug fastpath log errors
FP0.04:(873365)[fp_ingress_capwap:429]Discarding Control/Data
Plane DTLS-Application packets after Lookup Failed
FP0.02:(873418)Change logDebugLevel from: 0x1e to 0x9
The following is an example of the fastpath events displayed while you execute the debug fastpath log events command.
(Cisco Controller) >
debug fastpath log events
1354
Cisco Wireless Controller Command Reference, Release 8.4
debug fastpath
FP0.09:(873796)[fp_ingress_capwap:429]Discarding Control/Dat a Plane DTLS-Application packets after Lookup Failed
FP0.06:(873921)Change logDebugLevel from: 0x9 to 0x1e
The following is an example displayed while you execute the debug fastpath log show command.
(Cisco Controller) >
debug fastpath log show
FP0.07:(874033)Change logDebugLevel from: 0x1e to 0x9
Fastpath CPU0.02: FAST CACHE DISABLED
Fastpath CPU0.02: FAST CACHE ENABLED
Fastpath CPU0.00: Received command: FP_CMD_ADD_AP
Fastpath CPU0.05: Received command: FP_CMD_DEL_TUN4 ifTun=1113
Fastpath CPU0.03: Received command: FP_CMD_DEL_TUN4 ifTun=3161
Fastpath CPU0.03: Received command: FP_CMD_DEL_AP
FP0.02:[cmdDelMcastRgTun:6733]failed to delete mcast rg tun 0 ifTun=3161
FP0.07:[fp_ingress_capwap:429]Discarding Control/Data Plane
DTLS-Application packets after Lookup Failed
FP0.01:[fp_ingress_capwap:429]Discarding Control/Data Plane
DTLS-Application packets after Lookup Failed
Fastpath CPU0.01: Received command: FP_CMD_ADD_TUN4 type=CAPWAP ifTun=1114 dstIP
=9.4.110.100 dstMac=2037.06e2.5ec4 dstIPv6=
0000:0000:0000:0000:0000:0000:0000:0000
Fastpath CPU0.01: Tunnel 1114 srcip=9041820 dstip=9046e64 xor=0x7644(30276)
LAG Offset=0,0,0,0,1,0,1,4
Fastpath CPU0.09: Received command: FP_CMD_ADD_TUN4 type=CAPWAP ifTun=3162 dstIP
=9.4.110.100 dstMac=2037.06e2.5ec4 dstIPv6=
0000:0000:0000:0000:0000:0000:0000:0000
Fastpath CPU0.09: Tunnel 3162 srcip=9041820 dstip=9046e64 xor=0x7644(30276)
LAG Offset=0,0,0,0,1,0,1,4
Fastpath CPU0.00: Received command: FP_CMD_SET_INTERFACE_MTU
Fastpath CPU0.00: FAST CACHE DISABLED
Fastpath CPU0.00: FAST CACHE ENABLED
Fastpath CPU0.00: Received command: FP_CMD_ADD_AP
Fastpath CPU0.03: Received command: FP_CMD_UPDATE_EOIP for index=5122
Fastpath CPU0.02: Received command: FP_CMD_UPDATE_EOIP for index=5122
Fastpath CPU0.00: Received command: FP_CMD_DEL_TUN4 ifTun=1114
Fastpath CPU0.03: Received command: FP_CMD_DEL_TUN4 ifTun=3162
Fastpath CPU0.03: Received command: FP_CMD_DEL_AP
FP0.04:[cmdDelMcastRgTun:6733]failed to delete mcast rg tun 0 ifTun=3162
Cisco Wireless Controller Command Reference, Release 8.4
1355
debug flexconnect avc debug flexconnect avc
To debug a Flexconnect Application Visibility and Control (AVC) event, use the debug flexconnect avc command.
debug flexconnect ave {event | error | detail} {enable | disable}
Syntax Description event error detail enable disable
Debugsa FlexConnect AVC event.
Debugs a FlexConnect AVC error.
Debugs a FlexConnect AVC details.
Enables debug.
Disables debug.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to enable a debug action for an event:
(Cisco Controller) >
debug flexconnect avc event enable
1356
Cisco Wireless Controller Command Reference, Release 8.4
debug flexconnect aaa debug flexconnect aaa
To configure debugging of FlexConnect backup RADIUS server events or errors, use the debug flexconnect
aaa command.
debug flexconnect aaa {event | error} {enable | disable}
Syntax Description event error enable disable
Configures the debugging for FlexConnect RADIUS server events.
Configures the debugging for FlexConnect RADIUS server errors.
Enables the debugging of FlexConnect RADIUS server settings.
Disables the debugging of FlexConnect RADIUS server settings.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the debugging of FlexConnect RADIUS server events:
(Cisco Controller) >
debug flexconnect aaa event enable
Cisco Wireless Controller Command Reference, Release 8.4
1357
debug flexconnect acl debug flexconnect acl
Configures debugging of FlexConnect access control lists (ACLs), use the debug flexconnect acl command.
debug flexconnect acl {enable | disable}
Syntax Description enable disable
Enables the debugging of FlexConnect ACLs.
Disables the debugging of FlexConnect ACLs.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the debugging of FlexConnect ACLs:
(Cisco Controller) >
debug flexconnect acl enable
1358
Cisco Wireless Controller Command Reference, Release 8.4
debug flexconnect cckm debug flexconnect cckm
Configure debugging of FlexConnect Cisco Centralized Key Management (CCKM) fast roaming, use the
debug flexconnect cckm command.
debug flexconnect cckm {enable | disable}
Syntax Description enable disable
Enables the debugging of FlexConnect CCKM fast roaming settings.
Disables the debugging of FlexConnect CCKM fast roaming settings.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the debugging of FlexConnect CCKM fast roaming events:
(Cisco Controller) >
debug flexconnect cckm event enable
Cisco Wireless Controller Command Reference, Release 8.4
1359
debug group debug group
To configure the debugging of access point groups, use the debug group command.
debug group {enable | disable}
Syntax Description enable disable
Enables the debugging of access point groups.
Disables the debugging of access point groups.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable the debugging of access point groups:
(Cisco Controller) >
debug group enable
1360
Cisco Wireless Controller Command Reference, Release 8.4
debug fmchs debug fmchs
To configure debugging of Fixed Mobile Convergence Handover Service (FMCHS) of the controller, use the
debug fmchscommand.
debug fmchs {all | error | event | nmsp | packet} {enable | disable}
Syntax Description all error event nmsp packet enable disable
Configures debugging of all FMCHS messages.
Configures debugging of the FMCHS errors.
Configures debugging of the FMCHS events.
Configures debugging of the FMCHS NMSP events.
Configures debugging of the FMCHS packets.
Enables debugging of the FMCHS options.
Disables debugging of the FMCHS options.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable FMCHS event debugging:
(Cisco Controller) >
debug fmchs event enable
Cisco Wireless Controller Command Reference, Release 8.4
1361
debug flexconnect client ap debug flexconnect client ap
To debug FlexConnect client access point MAC addresses, use the debug flexconnect client ap command.
debug flexconnect client ap ap-name {add | delete} MAC-address1 MAC-address2 MAC-address3
MAC-address4
Syntax Description add delete
MAC-address
Adds the MAC address to the group.
Deletes the MAC address from the group.
MAC address of the client
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was added
The following example shows how to debug FlexConnect client ap 'room' MAC addresses:
(Cisco Controller) >
debug flexconnect client ap room add 00.0c.41.07.33.a6 0A.0c.52.17.97.b6
1362
Cisco Wireless Controller Command Reference, Release 8.4
debug flexconnect client ap syslog debug flexconnect client ap syslog
To configure debug logging of the syslog server for a FlexConnect client AP, use the debug flexconnect
client ap command.
debug flexconnect client ap ap-name syslog {ip-address |disable}
Syntax Description
ip-address
disable
Configures the syslog server ip-address for debug logging.
Disables the debug logging to the syslog server.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was added.
The following example shows how to configure syslog server for debug log for the FlexConnect client AP
'room':
(Cisco Controller) >
debug flexconnect client ap room syslog 192.168.1.1
Cisco Wireless Controller Command Reference, Release 8.4
1363
debug flexconnect client group debug flexconnect client group
To debug FlexConnect client group MAC addresses, use the debug flexconnect client group command.
debug flexconnect client group group-name {add | delete} MAC-address1 MAC-address2 MAC-address3
MAC-address4
Syntax Description add delete
MAC-address
Adds the MAC address to the group.
Deletes the MAC address from the group.
MAC address of the client.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was added.
The following example shows how to debug FlexConnect client group MAC addresses:
(Cisco Controller) >
debug flexconnect client group school add 00.0c.41.07.33.a6
0A.0c.52.17.97.b6
1364
Cisco Wireless Controller Command Reference, Release 8.4
debug flexconnect client group syslog debug flexconnect client group syslog
To debug FlexConnect group access point syslog, use the debug flexconnect client group command.
debug flexconnect client group group-name syslog ip-address | disable
Syntax Description ip-address disable
Configures the syslog server ip-address for debug logging.
Disables the debug logging to the syslog server.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was added.
The following example shows how to configure FlexConnect client group 'school' for debug logging purposes:
(Cisco Controller) >
debug flexconnect client group school syslog 192.168.1.1
Cisco Wireless Controller Command Reference, Release 8.4
1365
debug flexconnect group debug flexconnect group
To configure debugging of FlexConnect access point groups, use the debug flexconnect group command.
debug flexconnect group {enable | disable}
Syntax Description enable disable
Enables the debugging of FlexConnect access point groups.
Disables the debugging of FlexConnect access point groups.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the debugging of FlexConnect access point groups:
(Cisco Controller) >
debug flexconnect group enable
1366
Cisco Wireless Controller Command Reference, Release 8.4
debug ft
To configure debugging of 802.11r, use the debug ft command.
debug ft {events | keys} {enable | disable}
Syntax Description events keys enable disable
Configures debugging of the 802.11r events.
Configures debugging of the 802.11r keys.
Enables debugging of the 802.11r options.
Disables debugging of the 802.11r options.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable 802.11r debugging:
(Cisco Controller) >
debug ft events enable debug ft
Cisco Wireless Controller Command Reference, Release 8.4
1367
debug hotspot debug hotspot
To configure debugging of HotSpot events or packets, use the debug hotspot command.
debug hotspot {events | packets} {enable | disable} {enable | disable}
Syntax Description events packets enable disable
Configures debugging of HotSpot events.
Configures debugging of HotSpot packets.
Enables the debugging of HotSpot options.
Disables the debugging of HotSpot options.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable debugging of hotspot events:
(Cisco Controller) >
debug hotspot events enable
1368
Cisco Wireless Controller Command Reference, Release 8.4
debug ipv6 debug ipv6
To configure debugging of IPv6 options, use the debug ipv6 command.
debug ipv6 {all | bt | classifier | errors | events | filter | fsm | gleaner | hwapi | memory | ndsuppress |
parser | policy | ra_throttler | switcher} {enable | disable}
Syntax Description all bt classifier errors events filter fsm gleaner hwapi memory ndsuppress parser policy ra_throttler switcher enable disable
Configures debugging of all the IPv6 information.
Configures debugging of the IPv6 neighbor binding table.
Configures debugging of the IPv6 packet classifiers.
Configures debugging of the IPv6 errors.
Configures debugging of the IPv6 events.
Configures filters for the IPv6 debugs.
Configures debugging of the IPv6 finite state machine (FSM).
Configures debugging of the IPv6 gleaner. Learning of entries is called gleaning.
Configures debugging of the IPv6 hardware APIs.
Configures debugging of the IPv6 binding table memory usage.
Configures debugging of the suppressed IPv6 neighbor discoveries.
Configures debugging of the IPv6 parser.
Configures debugging of the IPv6 policies.
Configures debugging of the IPv6 router advertising throttler.
Configures debugging of the IPv6 switcher.
Enables debugging of the IPv6 options.
Disables debugging of the IPv6 options.
Command Default
None
Cisco Wireless Controller Command Reference, Release 8.4
1369
debug ipv6
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to configure the debugging of IPv6 policies:
(Cisco Controller) >
debug ipv6 policy enable
1370
Cisco Wireless Controller Command Reference, Release 8.4
Debug Commands: j to q
•
•
•
•
•
•
debug mdns message , page 1377
•
•
•
debug mesh security, page 1380
•
•
•
•
•
•
debug packet logging, page 1387
•
•
•
•
•
Cisco Wireless Controller Command Reference, Release 8.4
1371
debug l2age debug l2age
To configure the debugging of Layer 2 age timeout messages, use the debug l2age command.
debug l2age {enable | disable}
Syntax Description enable disable
Enables the debugging of Layer2 age settings.
Disables the debugging Layer2 age settings.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the debugging of Layer2 age settings:
(Cisco Controller) >
debug l2age enable
Related Commands debug disable-all
1372
Cisco Wireless Controller Command Reference, Release 8.4
debug mac debug mac
To configure the debugging of the client MAC address, use the debug mac command.
debug mac {disable | addr MAC}
Syntax Description disable addr
MAC
Disables the debugging of the client using the MAC address.
Configures the debugging of the client using the MAC address.
MAC address of the client.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the debugging of the client using the MAC address:
(Cisco Controller) >
debug mac addr 00.0c.41.07.33.a6
Related Commands debug disable-all
Cisco Wireless Controller Command Reference, Release 8.4
1373
debug mdns all debug mdns all
To debug all multicast DNS (mDNS) messages, details, and errors, use the debug mdns all command.
debug mdns all {enable | disable}
Syntax Description enable disable
Enables the debugging of all mDNS messages, details, and errors.
Disables the debugging of all mDNS messages, details, and errors.
Command Default
By default, the debugging of all mDNS messages, details, and errors is disabled.
Command History
Release
7.4
Modification
This command was introduced.
Examples
The following example shows how to enable debugging of all mDNS messages, details, and errors:
(Cisco Controller) >
debug mdns all enable
Related Commands config mdns profile config mdns query interval config mdns service config mdns snooping config interface mdns-profile config interface group mdns-profile config wlan mdns show mdns profile show mnds service clear mdns service-database debug mdns error debug mdns detail
1374
Cisco Wireless Controller Command Reference, Release 8.4
debug mdns detail
To debug multicast DNS (mDNS) details, use the debug mdns detail command.
debug mdns detail {enable | disable}
Syntax Description enable disable
Enables the debugging of mDNS details.
Disables the debugging of mDNS details.
Command Default
This command is disabled by default.
Command History
Release
7.4
Modification
This command was introduced.
Examples
The following example shows how to enable the debugging of mDNS details:
(Cisco Controller) >
debug mdns detail enable
Related Commands config mdns profile config mdns query interval config mdns service config mdns snooping config interface mdns-profile config interface group mdns-profile config wlan mdns show mdns profile show mnds service clear mdns service-database debug mdns all debug mdns error debug mdns detail
Cisco Wireless Controller Command Reference, Release 8.4
1375
debug mdns error debug mdns error
To debug multicast DNS (mDNS) errors, use the debug mdns error command.
debug mdns error {enable | disable}
Syntax Description enable disable
Enables the debugging of mDNS errors.
Disables the debugging of mDNS errors.
Command Default
This command is disabled by default.
Command History
Release
7.4
Modification
This command was introduced.
Examples
The following example shows how to enable the debugging of mDNS errors.
(Cisco Controller) >
debug mdns error enable
Related Commands config mdns profile config mdns query interval config mdns service config mdns snooping config interface mdns-profile config interface group mdns-profile config wlan mdns show mdns profile show mnds service clear mdns service-database debug mdns all debug mdns detail debug mdns message
1376
Cisco Wireless Controller Command Reference, Release 8.4
debug mdns message debug mdns message
To debug multicast DNS (mDNS) messages, use the debug mdns message command.
debug mdns message {enable | disable}
Syntax Description enable disable
Enables the debugging of mDNS messages.
Disables the debugging of mDNS messages.
Command Default
Disabled.
Command History
Release
7.4
Modification
This command was introduced.
Examples
The following example shows how to enable the debugging of mDNS messages:
(Cisco Controller) >
debug mdns message enable
Related Commands config mdns profile config mdns query interval config mdns service config mdns snooping config interface mdns-profile config interface group mdns-profile config wlan mdns show mdns profile show mnds service clear mdns service-database debug mdns all debug mdns error debug mdns detail
Cisco Wireless Controller Command Reference, Release 8.4
1377
debug mdns ha debug mdns ha
To debug all the multicast Domain Name System (mDNS) High Availability (HA) messages, use the debug
mdns ha command.
debug mdns ha {enable | disable}
Syntax Description enable disable
Enables debugging of all the mDNS HA messages.
Disables debugging of all the mDNS HA messages.
Command Default
This command is disabled by default.
Command History
Release
7.5
Modification
This command was introduced.
Usage Guidelines
This command is automatically enabled when the debug mdns all command is enabled.
Examples
The following example shows how to enable debugging of all the mDNS HA messages:
(Cisco Controller) >
debug mdns ha enable
1378
Cisco Wireless Controller Command Reference, Release 8.4
debug memory debug memory
To enable or disable the debugging of errors or events during the memory allocation of the Cisco WLC, use the debug memory command.
debug memory {errors | events} {enable | disable}
Syntax Description errors events enable disable
Configures the debugging of memory leak errors.
Configures debugging of memory leak events.
Enables the debugging of memory leak events.
Disables the debugging of memory leak events.
Command Default
By default, the debugging of errors or events during the memory allocation of the Cisco WLC is disabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the debugging of memory leak events:
(Cisco Controller) >
debug memory events enable
Related Commands config memory monitor errors show memory monitor config memory monitor leaks
Cisco Wireless Controller Command Reference, Release 8.4
1379
debug mesh security debug mesh security
To configure the debugging of mesh security issues, use the debug mesh security command.
debug mesh security {all | events | errors} {enable | disable}
Syntax Description all events errors enable disable
Configures the debugging of all mesh security messages.
Configures the debugging of mesh security event messages.
Configures the debugging of mesh security error messages.
Enables the debugging of mesh security error messages.
Disables the debugging of mesh security error messages.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the debugging of mesh security error messages:
(Cisco Controller) >
debug mesh security errors enable
1380
Cisco Wireless Controller Command Reference, Release 8.4
debug mobility debug mobility
To configure the debugging of wireless mobility, use the debug mobility command.
debug mobility {ap-list | config | directory | dtls | handoff | keep-alive | multicast | oracle | packet | peer-ip
IP-address | pmk | pmtu-discovery | redha} {enable | disable}
Syntax Description ap-list config directory dtls handoff keep-alive multicast oracle packet peer-ip
IP-address
pmk pmtu-discovery
Configures the debugging of wireless mobility access point list.
Configures the debugging of wireless mobility configuration.
Configures the debugging of wireless mobility error messages.
Configures the debugging of wireless mobility
Datagram Transport Layer Security (DTLS) options.
Configures the debugging of wireless mobility handoff messages.
Configures the debugging of wireless mobility
CAPWAP data DTLS keep-alive packets.
Configures the debugging of multicast mobility packets.
Starts the debugging of wireless mobility oracle options.
Configures the debugging of wireless mobility packets.
Configures IP address of the mobility peer for which incoming and outgoing mobility messages should be displayed.
IP address of the mobility peer for which incoming and outgoing mobility messages should be displayed.
Configures the debugging of wireless mobility pairwise master key (PMK).
Configures the debugging of the wireless mobility path MTU discovery.
Cisco Wireless Controller Command Reference, Release 8.4
1381
debug mobility redha enable disable
Configures the debugging of the multicast mobility high availability.
Enables the debugging of the wireless mobility feature.
Disables the debugging of the wireless mobility feature.
Command Default
None
Command History
Examples
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
The following example shows how to enable the debugging of wireless mobility packets.
(Cisco Controller) >
debug mobility handoff enable
1382
Cisco Wireless Controller Command Reference, Release 8.4
debug nac debug nac
To configure the debugging of Network Access Control (NAC), use the debug nac command.
debug nac {events | packet} {enable | disable}
Syntax Description events packet enable disable
Configures the debugging of NAC events.
Configures the debugging of NAC packets.
Enables the NAC debugging.
Disables the NAC debugging.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the debugging of NAC settings:
(Cisco Controller) >
debug nac events enable
Related Commands show nac statistics show nac summary config guest-lan nac config wlan nac
Cisco Wireless Controller Command Reference, Release 8.4
1383
debug nmsp debug nmsp
To configure the debugging of the Network Mobility Services Protocol (NMSP), use the debug nmsp command.
debug nmsp {all | connection | detail | error | event | message | packet}
Syntax Description all connection detail error event message packet
Configures the debugging for all NMSP messages.
Configures the debugging for NMSP connection events.
Configures the debugging for NMSP events in detail.
Configures the debugging for NMSP error messages.
Configures the debugging for NMSP events.
Configures the debugging for NMSP transmit and receive messages.
Configures the debugging for NMSP packet events.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the debugging of NMSP connection events:
(Cisco Controller) >
debug nmsp connection
Related Commands clear nmsp statistics debug disable-all config nmsp notify-interval measurement
1384
Cisco Wireless Controller Command Reference, Release 8.4
debug ntp debug ntp
To configure the debugging of the Network Time Protocol (NTP), use the debug ntp command.
debug ntp {detail | low | packet} {enable | disable}
Syntax Description detail low packet enable disable
Configures the debugging of detailed NTP messages.
Configures the debugging of NTP messages.
Configures the debugging of NTP packets.
Enables the NTP debugging.
Disables the NTP debugging.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the debugging of NTP settings:
(Cisco Controller) >
debug ntp packet enable
Related Commands debug disable-all
Cisco Wireless Controller Command Reference, Release 8.4
1385
debug packet error debug packet error
To configure debugging of the packets sent to the Cisco Wireless LAN Controller (WLC) CPU , use the debug
packet error command.
debug packet error {enable | disable}
Syntax Description enable disable
Enables debugging of the packets sent to the Cisco WLC CPU.
Disables debugging of the packets sent to the Cisco WLC CPU.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the debugging of the packets sent to the Cisco WLC CPU:
(Cisco Controller) >
debug packet error enable
1386
Cisco Wireless Controller Command Reference, Release 8.4
debug packet logging debug packet logging
To configure logging of the packets sent to the Cisco Wireless LAN Controller CPU, use the debug packet
logging command.
debug packet logging {acl | disable | enable {rx | tx | all} packet_count display_size | format {hex2pcap |
text2pcap}}
debug packet logging acl {clear-all | driver rule_index action npu_encap port | eoip-eth rule_index action
dst src type vlan | eoip-ip rule_index action src dst proto src_port dst_port | eth rule_index action dst src
type vlan | ip rule_index action src dst proto src_port dst_port | lwapp-dot11rule_index action dst src bssid
type | lwapp-ip rule_index action src dst proto src_port dst_port}
Syntax Description acl disable enable rx tx all
packet_count display_size
format hex2pcap text2pcap clear-all driver
rule_index action
Filters the displayed packets according to a rule.
Disables logging of all the packets.
Enables logging of all the packets.
Displays all the received packets.
Displays all the transmitted packets.
Displays both the transmitted and the received packets.
Maximum number of packets to be logged. The range is from 1 to
65535. The default value is 25.
Number of bytes to be displayed when printing a packet. By default, the entire packet is displayed.
Configures the format of the debug output.
Configures the output format to be compatible with the hex2pcap format. The standard format used by Cisco IOS supports the use of hex2pcap and can be decoded using an HTML front end.
Configures the output format to be compatible with the text2pcap format. In this format, the sequence of packets can be decoded from the same console log file. .
Clears all the existing rules pertaining to the packets.
Filters the packets based on an incoming port or a Network
Processing Unit (NPU) encapsulation type.
Index of the rule that is a value between 1 and 6 (inclusive).
Action for the rule, which can be permit, deny, or disable.
Cisco Wireless Controller Command Reference, Release 8.4
1387
debug packet logging
npu_encap port
eoip-eth
dst src type vlan
eoip-ip
proto src_port dst_port
eth ip lwapp-dot11
bssid
lwapp-ip
1388
Cisco Wireless Controller Command Reference, Release 8.4
NPU encapsulation type that determines how the packets are filtered. The possible values are dhcp, dot11-mgmt, dot11-probe,
dot1x, eoip-ping, iapp, ip, lwapp, multicast, orphan-from-sta,
orphan-to-sta, rbcp, wired-guest, or any.
Physical port for packet transmission or reception.
Filters packets based on the Ethernet II header in the Ethernet over
IP (EoIP) payload.
Destination MAC address.
Source MAC address.
Two-byte type code, such as 0x800 for IP, 0x806 for Address
Resolution Protocol (ARP). You can also enter a few common string values such as ip (for 0x800) or arp (for 0x806).
Two-byte VLAN identifier.
Filters packets based on the IP header in the EoIP payload.
Protocol. Valide values are: ip, icmp, igmp, ggp, ipencap, st, tcp,
egp, pup, udp, hmp, xns-idp, rdp, iso-tp4, xtp, ddp, idpr-cmtp, rspf,
vmtp, ospf, ipip, and encap.
User Datagram Protocol or Transmission Control Protocol (UDP or TCP) two-byte source port, such as telnet, 23 , or any. The Cisco
WLC supports the following strings: tcpmux, echo, discard, systat,
daytime, netstat, qotd, msp, chargen, ftp-data, ftp, fsp, ssh, telnet, smtp, time, rlp, nameserver, whois, re-mail-ck, domain, mtp, bootps, bootpc, tftp, gopher, rje, finger, www, link, kerberos, supdup, hostnames, iso-tsap, csnet-ns, 3com-tsmux, rtelnet, pop-2, pop-3, sunrpc, auth, sftp, uucp-path, nntp, ntp, netbios-ns, netbios-dgm, netbios-ssn, imap2, snmp, snmp-trap, cmip-man, cmip-agent, xdmcp, nextstep, bgp, prospero, irc, smux, at-rtmp, at-nbp, at-echo, at-zis, qmtp, z3950, ipx, imap3, ulistserv, https, snpp, saft, npmp-local,
npmp-gui, and hmmp-ind.
UDP or TCP two-byte destination port, such as telnet, 23, or any.
The Cisco WLC supports the same strings as those for the src_port.
Filters packets based on the values in the Ethernet II header.
Filters packets based on the values in the IP header.
Filters packets based on the 802.11 header in the Lightweight
Access Point Protocol (LWAPP) payload.
Basic Service Set Identifier of the VLAN.
Filters packets based on the IP header in the LWAPP payload.
debug packet logging
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable logging of a packet:
(Cisco Controller) >
debug packet logging enable
Cisco Wireless Controller Command Reference, Release 8.4
1389
debug pem debug pem
To configure debugging of the access policy manager, use the debug pem command.
debug pem {events | state} {enable | disable}
Syntax Description events state enable disable
Configures the debugging of the policy manager events.
Configures the debugging of the policy manager state machine.
Enables the debugging of the access policy manager.
Disables the debugging of the access policy manager.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the debugging of the access policy manager:
(Cisco Controller) >
debug pem state enable
1390
Cisco Wireless Controller Command Reference, Release 8.4
debug pm debug pm
To configure the debugging of the security policy manager module, use the debug pm command.
debug pm {all disable | {config | hwcrypto | ikemsg | init | list | message | pki | rng | rules | sa-export |
sa-import | ssh-l2tp | ssh-appgw | ssh-engine | ssh-int | ssh-pmgr | ssh-ppp | ssh-tcp} {enable | disable}}
Syntax Description all disable config hwcrypto ikemsg init list message pki rng rules sa-export sa-import ssh-l2tp ssh-appgw ssh-engine ssh-int
Disables all debugging in the policy manager module.
Configures the debugging of the policy manager configuration.
Configures the debugging of hardware offload events.
Configures the debugging of Internet Key Exchange
(IKE) messages.
Configures the debugging of policy manager initialization events.
Configures the debugging of policy manager list mgmt.
Configures the debugging of policy manager message queue events.
Configures the debugging of Public Key Infrastructure
(PKI) related events.
Configures the debugging of random number generation.
Configures the debugging of Layer 3 policy events.
Configures the debugging of SA export (mobility).
Configures the debugging of SA import (mobility).
Configures the debugging of policy manager Layer
2 Tunneling Protocol (l2TP) handling.
Configures the debugging of application gateways.
Configures the debugging of the policy manager engine.
Configures the debugging of the policy manager intercepter.
Cisco Wireless Controller Command Reference, Release 8.4
1391
debug pm ssh-pmgr ssh-ppp ssh-tcp enable disable
Configures the debugging of the policy manager.
Configures the debugging of policy manager Point
To Point Protocol (PPP) handling.
Configures the debugging of policy manager TCP handling.
Enables the debugging.
Disables the debugging.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to configure the debugging of PKI-related events:
(Cisco Controller) >
debug pm pki enable
Related Commands debug disable-all
1392
Cisco Wireless Controller Command Reference, Release 8.4
debug poe debug poe
To configure the debugging of Power over Ethernet (PoE), use the debug poe command.
debug poe {detail | message | error} {enable | disable}
Syntax Description detail error message enable disable
Configures the debugging of PoE detail logs.
Configures the debugging of PoE error logs.
Configures the debugging of PoE messages.
Enables the debugging of PoE logs.
Disables the debugging of PoE logs.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable the PoE debugging:
(Cisco Controller) >
debug poe message enable
Related Commands debug disable-all
Cisco Wireless Controller Command Reference, Release 8.4
1393
debug policy debug policy
To configure debugging of policy settings, use the debug policy command.
debug policy {errors | events} {enable | disable}
Syntax Description errors events enable disable
Configures debugging of policy errors.
Configures debugging of policy events.
Enables debugging of policy events.
Disables debugging of policy events.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable debugging of policy errors:
(Cisco Controller) >
debug policy errors enable
1394
Cisco Wireless Controller Command Reference, Release 8.4
debug profiling debug profiling
To configure the debugging of client profiling, use the debug profiling command.
debug profiling {enable | disable}
Syntax Description enable disable
Enables the debugging of client profiling (HTTP and DHCP profiling).
Disables the debugging of client profiling (HTTP and DHCP profiling).
Command Default
Disabled.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the debugging of client profiling:
(Cisco Controller) >
debug profiling enable
Cisco Wireless Controller Command Reference, Release 8.4
1395
debug profiling
1396
Cisco Wireless Controller Command Reference, Release 8.4
Debug Commands: r to z
•
•
•
•
•
•
•
•
•
•
Cisco Wireless Controller Command Reference, Release 8.4
1397
debug rbcp debug rbcp
To configure Router Blade Control (RBCP) debug options, use the debug rbcp command.
debug rbcp {all | detail | errors | packet} {enable | disable}
Syntax Description all detail errors packet enable disable
Configures the debugging of RBCP.
Configures the debugging of RBCP detail.
Configures the debugging of RBCP errors.
Configures the debugging of RBCP packet trace.
Enables the RBCP debugging.
Disables the RBCP debugging.
Command Default
None
Examples
The following example shows how to enable the debugging of RBCP settings:
(Cisco Controller) >
debug rbcp packet enable
Related Commands debug disable-all
1398
Cisco Wireless Controller Command Reference, Release 8.4
debug rfid debug rfid
To configure radio frequency identification (RFID) debug options, use the debug rfid command.
debug rfid {all | detail | errors | nmsp | receive} {enable | disable}
Syntax Description all detail errors nmsp receive enable disable
Configures the debugging of all RFID.
Configures the debugging of RFID detail.
Configures the debugging of RFID error messages.
Configures the debugging of RFID Network Mobility Services
Protocol (NMSP) messages.
Configures the debugging of incoming RFID tag messages.
Enables the RFID debugging.
Disables the RFID debugging.
Command Default
None
Examples
The following example shows how to enable the debugging of RFID error messages:
(Cisco Controller) >
debug rfid errors enable
Related Commands debug disable-all
Cisco Wireless Controller Command Reference, Release 8.4
1399
debug snmp debug snmp
To configure SNMP debug options, use the debug snmp command.
debug snmp {agent | all | mib | trap} {enable | disable}
Syntax Description agent all mib trap enable disable
Configures the debugging of the SNMP agent.
Configures the debugging of all SNMP messages.
Configures the debugging of the SNMP MIB.
Configures the debugging of SNMP traps.
Enables the SNMP debugging.
Disables the SNMP debugging.
Command Default
None
Examples
The following example shows how to enable the SNMP debugging:
(Cisco Controller) >
debug snmp trap enable
Related Commands debug disable-all
1400
Cisco Wireless Controller Command Reference, Release 8.4
debug transfer
To configure transfer debug options, use the debug transfer command.
debug transfer {all | tftp | trace} {enable | disable}
Syntax Description all tftp trace enable disable
Configures the debugging of all transfer messages.
Configures the debugging of TFTP transfers.
Configures the debugging of transfer messages.
Enables the debugging of transfer messages.
Disables the debugging of transfer messages.
Command Default
None
Examples
The following example shows how to enable the debugging of transfer messages:
(Cisco Controller) >
debug transfer trace enable
Related Commands debug disable-all debug transfer
Cisco Wireless Controller Command Reference, Release 8.4
1401
debug voice-diag debug voice-diag
To trace call or packet flow, use the debug voice-diag command.
debug voice-diag {enable client_mac1 [client_mac2] [verbose] | disable}
Syntax Description enable
client_mac1 client_mac2
verbose disable
Enables the debugging of voice diagnostics for voice clients involved in a call.
MAC address of a voice client.
(Optional) MAC address of an additional voice client.
Note
Voice diagnostics can be enabled or disabled for a maximum of two voice clients at a time.
(Optional) Enables debug information to be displayed on the console.
Note
When voice diagnostics is enabled from the NCS or Prime Infrastructure, the verbose option is not available.
Disables the debugging of voice diagnostics for voice clients involved in a call.
Command Default
None
Usage Guidelines
Follow these guidelines when you use the debug voice-diag command:
• When the command is entered, the validity of the clients is not checked.
• A few output messages of the command are sent to the NCS or Prime Infrastructure.
• The command expires automatically after 60 minutes.
• The command provides the details of the call flow between a pair of client MACs involved in an active call.
Note
Voice diagnostics can be enabled for a maximum of two voice clients at a time.
Examples
The following example shows how to enable transfer/upgrade settings:
(Cisco Controller) >
debug voice-diag enable 00:1a:a1:92:b9:5c 00:1a:a1:92:b5:9c verbose
Related Commands show client voice-diag show client calls
1402
Cisco Wireless Controller Command Reference, Release 8.4
debug wcp debug wcp
To configure the debugging of WLAN Control Protocol (WCP), use the debug wcp command.
debug wcp {events | packet} {enable | disable}
Syntax Description events packet enable disable
Configures the debugging of WCP events.
Configures the debugging of WCP packets.
Enables the debugging of WCP settings.
Disables the debugging of WCP settings.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the debugging of WCP settings:
(Cisco Controller) >
debug wcp packet enable
Cisco Wireless Controller Command Reference, Release 8.4
1403
debug web-auth debug web-auth
To configure debugging of web-authenticated clients, use the debug web-auth command.
debug web-auth {redirect{ enable mac mac_address | disable} | webportal-server {enable | disable}}
Syntax Description redirect enable mac
mac_address
disable webportal-server
Configures debugging of web-authenticated and redirected clients.
Enables the debugging of web-authenticated clients.
Configures the MAC address of the web-authenticated client.
MAC address of the web-authenticated client.
Disables the debugging of web-authenticated clients.
Configures the debugging of portal authentication of clients.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to enable the debugging of a web authenticated and redirected client:
(Cisco Controller) >
debug web-auth redirect enable mac xx:xx:xx:xx:xx:xx
1404
Cisco Wireless Controller Command Reference, Release 8.4
debug wips debug wips
To configure debugging of wireless intrusion prevention system (WIPS), use the debug wips command.
debug wips {all | error | event | nmsp | packet} {enable | disable}
Syntax Description all error event nmsp packet enable disable
Configures debugging of all WIPS messages.
Configures debugging of WIPS errors.
Configures debugging of WIPS events.
Configures debugging of WIPS Network Mobility
Services Protocol (NMSP) events.
Configures debugging of WIPS packets.
Enables debugging of WIPS.
Disables debugging of WIPS.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable debugging of all WIPS messages:
(Cisco Controller) >
debug wips all enable
Related Commands debug client debug dot11 rogue show wps summary show wps wips
Cisco Wireless Controller Command Reference, Release 8.4
1405
debug wps sig debug wps sig
To configure the debugging of Wireless Provisioning Service (WPS) signature settings, use the debug wps
sig command.
debug wps sig {enable | disable}
Syntax Description enable disable
Enables the debugging for WPS settings.
Disables the debugging for WPS settings.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the debugging of WPS signature settings:
(Cisco Controller) >
debug wps sig enable
Related Commands debug wps mfp debug disable-all
1406
Cisco Wireless Controller Command Reference, Release 8.4
debug wps mfp debug wps mfp
To configure the debugging of WPS Management Frame Protection (MFP) settings, use the debug wps mfp command.
debug wps mfp {client | capwap | detail | report | mm} {enable | disable}
Syntax Description client capwap detail report mm enable disable
Configures the debugging for client MFP messages.
Configures the debugging for MFP messages between the controller and access points.
Configures the detailed debugging for MFP messages.
Configures the debugging for MFP reporting.
Configures the debugging for MFP mobility
(inter-Cisco WLC) messages.
Enables the debugging for WPS MFP settings.
Disables the debugging for WPS MFP settings.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to enable the debugging of WPS MFP settings:
(Cisco Controller) >
debug wps mfp detail enable
Related Commands debug disable-all debug wps sig
Cisco Wireless Controller Command Reference, Release 8.4
1407
debug wps mfp
1408
Cisco Wireless Controller Command Reference, Release 8.4
P A R T
V
IMM Commands
•
IMM Commands
•
•
•
•
•
•
Cisco Wireless Controller Command Reference, Release 8.4
1411
imm address imm address
To configure the static IP address of the IMM, use the imm address command.
imm address ip-addr netmask gateway
Syntax Description
ip-addr netmask gateway
IP address of the IMM
Netmask of the IMM
Gateway of the IMM
Command Default
None
Command History
Release
7.6
8.0
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports only IPv4 address format.
The following example shows how to set the static IP address of an IMM:
(Cisco Controller) >
imm address 209.165.200.225 255.255.255.224 10.1.1.1
1412
Cisco Wireless Controller Command Reference, Release 8.4
imm dhcp imm dhcp
To configure DHCP for the IMM, use the imm dhcp command.
imm dhcp {enable | disable | fallback}
Syntax Description enable disable fallback
Enables DHCP for the IMM
Disables DHCP for the IMM
Enables DHCP for the IMM, but if it fails, then uses static IP of the IMM
Command Default
DHCP for IMM is enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to enable DHCP for the IMM:
(Cisco Controller) >
imm dhcp enable
Cisco Wireless Controller Command Reference, Release 8.4
1413
imm mode imm mode
To configure the IMM mode, use the imm mode command.
imm mode {shared | dedicated}
Syntax Description shared dedicated
Sets IMM in shared mode
Sets IMM in dedicated mode
Command Default
Dedicated
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to set the IMM in shared mode:
(Cisco Controller) >
imm mode
1414
Cisco Wireless Controller Command Reference, Release 8.4
imm restart
To restart the IMM, use the imm restart command.
imm restart
Syntax Description restart
Saves your settings and restarts the IMM
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
imm restart
Cisco Wireless Controller Command Reference, Release 8.4
1415
imm summary imm summary
To view the IMM parameters, use the imm summary command.
imm summary
Syntax Description summary
Lists the IMM parameters
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows a typical summary of the IMM:
(Cisco Controller) >
imm summary
User ID..........................................username1
Mode............................................. Shared
DHCP............................................. Enabled
IP Address....................................... 209.165.200.225
Subnet Mask...................................... 255.255.255.224
Gateway.......................................... 10.1.1.1
1416
Cisco Wireless Controller Command Reference, Release 8.4
imm username
To configure the logon credentials for an IMM user, use the imm username command.
imm username username password
Syntax Description
username password
Username for the user
Password for the user
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to set the logon credentials of an IMM user:
(Cisco Controller) >
imm username username1 password1 imm username
Cisco Wireless Controller Command Reference, Release 8.4
1417
imm username
1418
Cisco Wireless Controller Command Reference, Release 8.4
P A R T
VI
License Commands
•
License Commands
•
license activate ap-count eval, page 1422
•
license activate feature, page 1423
•
license add ap-count, page 1424
•
license add feature, page 1425
•
•
•
license deactivate ap-count eval, page 1428
•
license deactivate feature, page 1429
•
license delete ap-count, page 1430
•
license delete feature, page 1431
•
•
license modify priority, page 1433
•
•
•
Cisco Wireless Controller Command Reference, Release 8.4
1421
license activate ap-count eval license activate ap-count eval
To activate an evaluation access point license on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless
LAN Controllers, use the license activate ap-count eval command.
license activate ap-count eval
Syntax Description
This command has no arguments or keywords.
Command Default
By default, in release 7.3 Cisco Flex 7500 Series Controllers and Cisco 8500 Series Wireless LAN Controllers support 6000 APs.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
When you activate this license, the controller prompts you to accept or reject the End User License Agreement
(EULA) for the given license. If you activate a license that supports a smaller number of APs than the current number of APs connected to the controller, the activation command fails.
Examples
The following example shows how to activate an evaluation AP-count license on a Cisco Flex 7500 Series controller:
(Cisco Controller) >
license activate ap-count eval
1422
Cisco Wireless Controller Command Reference, Release 8.4
license activate feature license activate feature
To activate a feature license on Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN Controllers, use the license activate feature command.
license activate feature license_name
Syntax Description
license_name
Name of the feature license. The license name can be up to 50 case-sensitive characters.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to activate a data DTLS feature license on a Cisco Flex 7500 Series controller:
(Cisco Controller) >
license activate feature data-DTLS
Cisco Wireless Controller Command Reference, Release 8.4
1423
license add ap-count license add ap-count
To configure the number of access points (APs) that an AP license can support on Cisco Flex 7500 and 8500
Series Wireless LAN controllers, use the license add ap-count command.
license add ap-count count
Syntax Description
count
Number of APs that the AP license supports. The range is from 1 to the maximum number of APs that the controller can support. The count must be a multiple of 5.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Right to Use (RTU) licensing allows you to enable a desired AP license count on the controller after accepting the End User License Agreement (EULA). You can now easily add AP counts on a controller without using external tools. RTU licensing is available only on Cisco Flex 7500 and 8500 series Wireless LAN controllers.
You can use this command to increase the count of an existing AP license. When you activate a license that supports a smaller number of APs than the current number of APs connected to the controller, the activation command fails.
Examples
The following example shows how to configure the count of an AP license on a Cisco Flex 7500 Series controller:
(Cisco Controller) >
license add ap-count 5000
1424
Cisco Wireless Controller Command Reference, Release 8.4
license add feature license add feature
To add a license for a feature on the Cisco 5520 WLC, Cisco Flex 7510 WLC, Cisco 8510 WLC, Cisco 8540
WLC, and Cisco Virtual Controller, use the license add feature command.
license add feature license_name
Syntax Description
license_name
Name of the feature license. The license name can be up to 50 case-sensitive characters. For example, data_encryption.
Command Default
None
Command History
Examples
Release
7.6
8.1
Modification
This command was introduced in a release earlier than Release 7.6.
This command is applicable to Cisco Flex 7510 WLC and Cisco 8510 WLC.
This command is applicable to Cisco 5520 WLC, Cisco Flex 7510 WLC, Cisco 8510
WLC, Cisco 8540 WLC, and Cisco vWLC.
The following example shows how to add a data_encryption feature license:
(Cisco Controller) >
license add feature data_encryption
Cisco Wireless Controller Command Reference, Release 8.4
1425
license clear license clear
To remove a license from the Cisco 5500 Series Controller, use the license clear command.
license clear license_name
Syntax Description
license_name
Name of the license.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You can delete an expired evaluation license or any unused license. You cannot delete unexpired evaluation licenses, the permanent base image license, or licenses that are in use by the controller.
Examples
The following example shows how to remove the license settings of the license named wplus-ap-count:
(Cisco Controller) >
license clear wplus-ap-count
1426
Cisco Wireless Controller Command Reference, Release 8.4
license comment license comment
To add comments to a license or delete comments from a license on the Cisco 5500 Series Controller, use the
license comment command.
license comment {add | delete} license_name comment_string
Syntax Description add delete
license_name comment_string
Adds a comment.
Deletes a comment.
Name of the license.
License comment.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to add a comment “wplus ap count license” to the license name wplus-ap-count:
(Cisco Controller) >
license comment add wplus-ap-count Comment for wplus ap count license
Cisco Wireless Controller Command Reference, Release 8.4
1427
license deactivate ap-count eval license deactivate ap-count eval
To deactivate an evaluation access point license on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless
LAN Controllers, use the license deactivate ap-count eval command.
license deactivate ap-count eval
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to deactivate an evaluation AP license on a Cisco Flex 7500 Series controller:
(Cisco Controller) >
license deactivate ap-count eval
1428
Cisco Wireless Controller Command Reference, Release 8.4
license deactivate feature license deactivate feature
To deactivate a feature license on Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN controllers, use the license deactivate feature command.
license deactivate feature license_name
Syntax Description
license_name
Name of the feature license. The license name can be up to 50 case-sensitive characters.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to deactivate a data DTLS feature license on a Cisco Flex 7500 Series controller:
(Cisco Controller) >
license deactivate feature data_DTLS
Cisco Wireless Controller Command Reference, Release 8.4
1429
license delete ap-count license delete ap-count
To delete an access point (AP) count license on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless
LAN Controllers, use the license delete ap-count command.
license delete ap-count count
Syntax Description
count
Number of APs that the AP license supports. The range is from 1 to the maximum number of APs that the controller can support. The count must be a multiple of 5.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to delete an AP count license on a Cisco Flex 7500 Series controller:
(Cisco Controller) >
license delete ap-count 5000
1430
Cisco Wireless Controller Command Reference, Release 8.4
license delete feature license delete feature
To delete a license for a feature on Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN controllers, use the license delete feature command.
license delete feature license_name
Syntax Description
license_name
Name of the feature license.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to delete the High Availability feature license on a Cisco Flex 7500 Series controller:
(Cisco Controller) >
license delete feature high_availability
Cisco Wireless Controller Command Reference, Release 8.4
1431
license install license install
To install a license on the Cisco 5500 Series Controller, use the license install command.
license install url
Syntax Description
url
URL of the TFTP server (tftp://server_ip/path/filename).
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
We recommend that the access point count be the same for the base-ap-count and wplus-ap-count licenses installed on your controller. If your controller has a base-ap-count license of 100 and you install a wplus-ap-count license of 12, the controller supports up to 100 access points when the base license is in use but only a maximum of 12 access points when the wplus license is in use.
You cannot install a wplus license that has an access point count greater than the controller's base license. For example, you cannot apply a wplus-ap-count 100 license to a controller with an existing base-ap-count 12 license. If you attempt to register for such a license, an error message appears indicating that the license registration has failed. Before upgrading to a wplus-ap-count 100 license, you would first have to upgrade the controller to a base-ap-count 100 or 250 license.
Examples
The following example shows how to install a license on the controller from the URL tftp://10.10.10.10/path/license.lic:
(Cisco Controller) >
license install tftp://10.10.10.10/path/license.lic
1432
Cisco Wireless Controller Command Reference, Release 8.4
license modify priority license modify priority
To raise or lower the priority of the base-ap-count or wplus-ap-count evaluation license on a Cisco 5500 Series
Controller, use the license modify priority command.
license modify priority license_name {high | low}
Syntax Description
license_name
high low
Ap-count evaluation license.
Modifies the priority of an ap-count evaluation license.
Modifies the priority of an ap-count evaluation license.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
If you are considering upgrading to a license with a higher access point count, you can try an evaluation license before upgrading to a permanent version of the license. For example, if you are using a permanent license with a 50 access point count and want to try an evaluation license with a 100 access point count, you can try out the evaluation license for 60 days.
AP-count evaluation licenses are set to low priority by default so that the controller uses the ap-count permanent license. If you want to try an evaluation license with an increased access point count, you must change its priority to high. If you no longer want to have this higher capacity, you can lower the priority of the ap-count evaluation license, which forces the controller to use the permanent license.
Note
You can set the priority only for ap-count evaluation licenses. AP-count permanent licenses always have a medium priority, which cannot be configured.
Note
If the ap-count evaluation license is a wplus license and the ap-count permanent license is a base license, you must also change the feature set to wplus.
Cisco Wireless Controller Command Reference, Release 8.4
1433
license modify priority
Examples
Note
To prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the controller defaults to the same feature set level as the expired evaluation license. If no permanent license at the same feature set level is installed, the controller uses a permanent license at another level or an unexpired evaluation license.
The following example shows how to set the priority of the wplus-ap-count to high:
(Cisco Controller) >
license modify priority wplus-ap-count high
1434
Cisco Wireless Controller Command Reference, Release 8.4
license revoke license revoke
To rehost a license on a Cisco 5500 Series WLC, use the license revoke command.
license revoke {permission_ticket_url | rehost rehost_ticket_url}
Syntax Description
permission_ticket_url
rehost
rehost_ticket_url
URL of the TFTP server (tftp://server_ip/path/filename) where you saved the permission ticket.
Specifies the rehost license settings.
URL of the TFTP server (tftp://server_ip/path/filename) where you saved the rehost ticket.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Before you revoke a license, save the device credentials by using the license save credential url command.
You can rehost all permanent licenses except the permanent base image license. Evaluation licenses and the permanent base image license cannot be rehosted.
In order to rehost a license, you must generate credential information from the controller and use it to obtain a permission ticket to revoke the license from the Cisco licensing site, https://tools.cisco.com/SWIFT/
LicensingUI/Quickstart . Next, you must obtain a rehost ticket and use it to obtain a license installation file for the controller on which you want to install the license.
For detailed information on rehosting licenses, see the “Installing and Configuring Licenses” section in the
Cisco Wireless LAN Controller Configuration Guide.
Examples
The following example shows how to revoke the license settings from the saved permission ticket URL tftp://10.10.10.10/path/permit_ticket.lic:
(Cisco Controller) >
license revoke tftp://10.10.10.10/path/permit_ticket.lic
The following example shows how to revoke the license settings from the saved rehost ticket URL tftp://10.10.10.10/path/rehost_ticket.lic:
(Cisco Controller) >
license revoke rehost tftp://10.10.10.10/path/rehost_ticket.lic
Cisco Wireless Controller Command Reference, Release 8.4
1435
license save license save
To save a backup copy of all installed licenses or license credentials on the Cisco 5500 Series Controller, use the license save command.
license save credential url
Syntax Description
credential url
Device credential information.
URL of the TFTP server (tftp://server_ip/path/filename).
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Save the device credentials before you revoke the license by using the license revoke command.
Examples
The following example shows how to save a backup copy of all installed licenses or license credentials on tftp://10.10.10.10/path/cred.lic:
(Cisco Controller) >
license save credential tftp://10.10.10.10/path/cred.lic
1436
Cisco Wireless Controller Command Reference, Release 8.4
license smart license smart
To register or deregister a device using Cisco Smart Software Licensing platform, use the license smart command.
license smart {register | deregister} idtoken
Syntax Description register deregister
idtoken
To add and activate a device on Cisco Smart Software License platform
To delete a device on Cisco Smart Software License platform unique id for the device
Command History
Release
8.2
Modification
This command was introduced.
Examples
The following example shows how to register a device on Cisco Smart Software License platform:
(Cisco Controller) >
license smart register
RkMxJbjKMV11hmpgh46mAgXSNKmticyJzu0xDfYgf8xflkiYbZsCqprt
Cisco Wireless Controller Command Reference, Release 8.4
1437
license smart
1438
Cisco Wireless Controller Command Reference, Release 8.4
P A R T
VII
Show Commands
•
Show Commands: 802.11, page 1441
•
Show Commands: a to i, page 1457
•
Show Commands: j to q, page 1671
•
Show Commands: r to z, page 1789
Show Commands: 802.11
•
•
•
show 802.11 cleanair, page 1446
•
show 802.11 cleanair air-quality summary, page 1448
•
show 802.11 cleanair air-quality worst, page 1449
•
show 802.11 cleanair device ap, page 1450
•
show 802.11 cleanair device type, page 1451
•
show 802.11 cu-metrics, page 1453
•
show 802.11 extended, page 1454
•
show 802.11 media-stream, page 1456
Cisco Wireless Controller Command Reference, Release 8.4
1441
show 802.11
show 802.11
To display basic 802.11a, 802.11b/g, or 802.11h network settings, use the show 802.11 command.
show 802.11{a | b | h}
Syntax Description a b h
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the 802.11h network.
Command Default
None.
Examples
This example shows to display basic 802.11a network settings:
>
show 802.11a
802.11a Network.................................. Enabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
1442
Cisco Wireless Controller Command Reference, Release 8.4
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
--More-- or (q)uit
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Enabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admission Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0
This example shows how to display basic 802.11h network settings:
>
show 802.11h
802.11h ......................................... powerconstraint : 0
802.11h ......................................... channelswitch : Disable
802.11h ......................................... channelswitch mode : 0
Related Commands show ap stats show ap summary show client summary show network show network summary show port show wlan show 802.11
Cisco Wireless Controller Command Reference, Release 8.4
1443
show 802.11
show 802.11
To display basic 802.11a, 802.11b/g, or 802.11h network settings, use the show 802.11 command.
show 802.11{a | b | h}
Syntax Description a b h
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the 802.11h network.
Command Default
None.
Examples
This example shows to display basic 802.11a network settings:
>
show 802.11a
802.11a Network.................................. Enabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
1444
Cisco Wireless Controller Command Reference, Release 8.4
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
--More-- or (q)uit
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Enabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admission Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0
This example shows how to display basic 802.11h network settings:
>
show 802.11h
802.11h ......................................... powerconstraint : 0
802.11h ......................................... channelswitch : Disable
802.11h ......................................... channelswitch mode : 0
Related Commands show ap stats show ap summary show client summary show network show network summary show port show wlan show 802.11
Cisco Wireless Controller Command Reference, Release 8.4
1445
show 802.11 cleanair show 802.11 cleanair
To display the multicast-direct configuration state, use the show 802.11 cleanair command.
show 802.11{a | b | h} cleanair config
Syntax Description a b h config
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the 802.11h network.
Displays the network Cleanair configuration.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the 802.11a cleanair configuration:
(Cisco Controller) >
show 802.11a cleanair
Clean Air Solution............................... Enabled
Air Quality Settings:
Air Quality Reporting........................ Enabled
Air Quality Reporting Period (min)........... 15
Air Quality Alarms........................... Enabled
Air Quality Alarm Threshold.................. 35 Interference Device
Settings:
Interference Device Reporting................ Enabled
Interference Device Types:
TDD Transmitter.......................... Disabled
Jammer................................... Disabled
Continuous Transmitter................... Disabled
DECT-like Phone.......................... Disabled
Video Camera............................. Disabled
WiFi Inverted............................ Disabled
WiFi Invalid Channel..................... Disabled
SuperAG.................................. Disabled
Radar.................................... Disabled
Canopy................................... Disabled
WiMax Mobile............................. Disabled
WiMax Fixed.............................. Disabled
Interference Device Alarms................... Enabled
Interference Device Types Triggering Alarms:
1446
Cisco Wireless Controller Command Reference, Release 8.4
show 802.11 cleanair
TDD Transmitter.......................... Disabled
Jammer................................... Disabled
Continuous Transmitter................... Disabled
DECT-like Phone.......................... Disabled
Video Camera............................. Disabled
WiFi Inverted............................ Disabled
WiFi Invalid Channel..................... Disabled
SuperAG.................................. Disabled
Radar.................................... Disabled
Canopy................................... Disabled
WiMax Mobile............................. Disabled
WiMax Fixed.............................. Disabled Additional
Clean Air Settings:
CleanAir Event-driven RRM State.............. Enabled
CleanAir Driven RRM Sensitivity.............. Medium
CleanAir Persistent Devices state............ Disabled
Cisco Wireless Controller Command Reference, Release 8.4
1447
show 802.11 cleanair air-quality summary show 802.11 cleanair air-quality summary
To display the air quality summary information for the 802.11 networks, use the show 802.11 cleanair
air-quality summary command.
show 802.11 {a | b | h} cleanair air-quality summary
Syntax Description a b h summary
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the 802.11h network.
Displays a summary of 802.11 radio band air quality information.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display a summary of the air quality information for the 802.11a network:
(Cisco Controller) >
show 802.11a cleanair air-quality summary
AQ = Air Quality
DFS = Dynamic Frequency Selection
AP Name Channel Avg AQ Min AQ Interferers DFS
------------------ -----------------------------
CISCO_AP3500 36 95 70 0
CISCO_AP3500 40 93 75 0
1448
Cisco Wireless Controller Command Reference, Release 8.4
show 802.11 cleanair air-quality worst show 802.11 cleanair air-quality worst
To display the worst air quality information for the 802.11 networks, use the show 802.11 cleanair air-quality
worst command.
show 802.11{a | b | h} cleanair air-quality worst
Syntax Description a b h worst
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the 802.11h network.
Displays the worst air quality information for 802.11
networks.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display worst air quality information for the 802.11a network:
(Cisco Controller) >
show 802.11 cleanair air-quality worst
AQ = Air Quality
DFS = Dynamic Frequency Selection
AP Name Channel Avg AQ Min AQ Interferers DFS
------------------ -----------------------------
CISCO_AP3500 1 83 57 3 5
Cisco Wireless Controller Command Reference, Release 8.4
1449
show 802.11 cleanair device ap show 802.11 cleanair device ap
To display the information of the device access point on the 802.11 radio band, use the show 802.11 cleanair
device ap command.
show 802.11 {a | b | h} cleanair device ap cisco_ap
Syntax Description a b h
cisco_ap
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the 802.11h network.
Specified access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the device access point for the 802.11a network:
(Cisco Controller) >
show 802.11a cleanair device ap AP_3500
DC = Duty Cycle (%)
ISI = Interference Severity Index (1-Low Interference, 100-High
Interference)
RSSI = Received Signal Strength Index (dBm)
DevID = Device ID
No ClusterID
RSSI DC Channel
DevID Type AP Name ISI
--- ------------------ ------ ---------- --------------- ---- ----- ----
-------------
1 c2:f7:40:00:00:03 0x8001 DECT phone CISCO_AP3500 1
149,153,157,161
2 c2:f7:40:00:00:51 0x8002 Radar CISCO_AP3500 1
153,157,161,165
3 c2:f7:40:00:00:03 0x8005 Canopy
153,157,161,165
CISCO_AP3500 2
-43
-81
-62
3
2
2
1450
Cisco Wireless Controller Command Reference, Release 8.4
show 802.11 cleanair device type show 802.11 cleanair device type
To display the information of all the interferers device type detected by a specific access point on the 802.11
radio band, use the show 802.11 cleanair device type command.
show 802.11{a | b | h} cleanair device type device_type
Syntax Description a b h
device_type
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the 802.11h network.
Interferer device type for a specified radio band. The device type is one of the following:
• tdd-tx—Tdd-transmitter device information.
• jammer—Jammer device information.
• cont-tx—Continuous-transmitter devices information.
• dect-like—Dect-like phone devices information.
• video—Video devices information.
• 802.11-inv—WiFi inverted devices information.
• 802.11-nonstd—Nonstandard WiFi devices information.
• superag—Superag devices information.
• canopy—Canopy devices information.
• wimax-mobile—WiMax mobile devices information.
• wimax-fixed—WiMax fixed devices information.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
1451
show 802.11 cleanair device type
Examples
The following example shows how to display the information of all the interferers detected by a specified access point for the 802.11a network:
(Cisco Controller) >
show 802.11a cleanair device type canopy
DC = Duty Cycle (%)
ISI = Interference Severity Index (1-Low Interference, 100-High
Interference)
RSSI = Received Signal Strength Index (dBm)
DevID = Device ID
No ClusterID DevID Type AP Name ISI
RSSI DC Channel
--- ------------------ ------ ---------- --------------- ---- ----- ----
-------------
1c2:f7:40:00:00:03 0x8005 Canopy
153,157,161,165
CISCO_AP3500 2 -62 2
1452
Cisco Wireless Controller Command Reference, Release 8.4
show 802.11 cu-metrics show 802.11 cu-metrics
To display access point channel utilization metrics, use the show 802.11 cu-metrics command.
show 802.11{a | b} cu-metrics cisco_ap
Syntax Description a b
cisco_ap
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show 802.11a cu-metrics command:
(Cisco Controller) >
show 802.11a cu-metrics AP1
AP Interface Mac: 30:37:a6:c8:8a:50
Measurement Duration: 90sec
Timestamp Thu Jan 27 09:08:48 2011
Channel Utilization stats
================
Picc (50th Percentile)...................... 0
Pib (50th Percentile)....................... 76
Picc (90th Percentile)...................... 0
Pib (90th Percentile)....................... 77
Timestamp Thu Jan 27 09:34:34 2011
Cisco Wireless Controller Command Reference, Release 8.4
1453
show 802.11 extended show 802.11 extended
To display access point radio extended configurations, use the show 802.11 extended command.
show 802.11 {a | b} extended
Syntax Description a b
extended
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Displays the 802.11a/b radio extended configurations.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
The command output was expanded to include the Rx
SOP threshold.
Examples
The following example shows how to display radio extended configurations:
(Cisco Controller) >
show 802.11a extended
Default 802.11a band radio extended configurations: beacon period 300, range 60; multicast buffer 45, rate 200;
RX SOP -80; CCA threshold -90;
AP0022.9090.b618 00:24:97:88:99:60 beacon period 300, range 60; multicast buffer 45, rate 200;
RX SOP -80; CCA threshold -77
AP0022.9090.bb3e 00:24:97:88:c5:d0 beacon period 300, range 0; multicast buffer 0, rate 0;
RX SOP -80; CCA threshold -0 ironRap.ddbf 00:17:df:36:dd:b0 beacon period 300, range 0; multicast buffer 0, rate 0;
RX SOP -80; CCA threshold -0
The following example shows how to display radio extended configurations and the Rx SOP threshold:
(Cisco Controller) >
show 802.11a extended
Default 802.11a band Radio Extended Configurations:
Beacon period: 100, range: 0 (AUTO);
Multicast buffer: 0 (AUTO), rate: 0 (AUTO);
RX SOP threshold: -76; CCA threshold: 0 (AUTO);
AP3600-XALE3 34:a8:4e:6a:7b:00
Beacon period: 100, range: 0 (AUTO);
Multicast buffer: 0 (AUTO), rate: 0 (AUTO);
1454
Cisco Wireless Controller Command Reference, Release 8.4
RX SOP threshold: -76; CCA threshold: 0 (AUTO);
show 802.11 extended
Cisco Wireless Controller Command Reference, Release 8.4
1455
show 802.11 media-stream show 802.11 media-stream
To display the multicast-direct configuration state, use the show 802.11 media-stream command.
show 802.11 {a | b | h} media-stream media_stream_name
Syntax Description a b h
media_stream_name
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the 802.11h network.
Specified media stream name.
Command Default
None.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
This example shows how to display the media-stream configuration:
>
show 802.11a media-stream rrc
Multicast-direct................................. Enabled
Best Effort...................................... Disabled
Video Re-Direct.................................. Enabled
Max Allowed Streams Per Radio.................... Auto
Max Allowed Streams Per Client................... Auto
Max Video Bandwidth.............................. 0
Max Voice Bandwidth.............................. 75
Max Media Bandwidth.............................. 85
Min PHY Rate..................................... 6000
Max Retry Percentage............................. 80
Related Commands show media-stream group summary
1456
Cisco Wireless Controller Command Reference, Release 8.4
Show Commands: a to i
•
•
•
•
show acl url-acl detailed, page 1467
•
•
show acl url-acl summary, page 1469
•
show advanced 802.11 channel, page 1470
•
show advanced 802.11 coverage, page 1471
•
show advanced 802.11 group, page 1472
•
show advanced 802.11 l2roam, page 1473
•
show advanced 802.11 logging, page 1474
•
show advanced 802.11 monitor, page 1475
•
show advanced 802.11 optimized roaming, page 1476
•
show advanced 802.11 profile, page 1477
•
show advanced 802.11 receiver, page 1478
•
show advanced 802.11 summary, page 1479
•
show advanced 802.11 txpower, page 1480
•
show advanced backup-controller, page 1481
•
show advanced dot11-padding, page 1482
•
show advanced hotspot, page 1483
•
show advanced max-1x-sessions, page 1484
•
show advanced probe, page 1485
•
•
show advanced timers, page 1487
Cisco Wireless Controller Command Reference, Release 8.4
1457
•
show advanced client-handoff, page 1488
•
•
show advanced send-disassoc-on-handoff, page 1490
•
show advanced sip-preferred-call-no, page 1491
•
show advanced sip-snooping-ports, page 1492
•
•
•
•
•
•
•
•
show ap config general , page 1507
•
show ap config global, page 1509
•
•
•
•
show ap dtls-cipher-suite, page 1513
•
show ap ethernet tag, page 1514
•
•
show ap flexconnect, page 1516
•
•
•
show ap join stats detailed, page 1519
•
show ap join stats summary, page 1521
•
show ap join stats summary all, page 1522
•
•
•
show ap link-encryption, page 1525
•
show ap max-count summary, page 1526
•
show ap monitor-mode summary, page 1527
•
show ap module summary, page 1528
•
show ap packet-dump status, page 1529
1458
Cisco Wireless Controller Command Reference, Release 8.4
•
show ap prefer-mode stats, page 1530
•
•
•
•
show ap tcp-mss-adjust, page 1536
•
•
show assisted-roaming , page 1538
•
•
show atf statistics ap, page 1540
•
•
show avc applications, page 1542
•
•
show avc statistics application, page 1544
•
show avc statistics client, page 1546
•
show avc statistics guest-lan, page 1548
•
show avc statistics remote-lan, page 1550
•
show avc statistics top-apps, page 1552
•
show avc statistics wlan, page 1554
•
•
•
•
show cac voice stats, page 1560
•
show cac voice summary, page 1561
•
show cac video stats, page 1562
•
show cac video summary, page 1564
•
show call-control ap, page 1565
•
show call-control client, page 1569
•
show call-home summary, page 1570
•
show capwap reap association, page 1571
•
show capwap reap status, page 1572
•
•
show certificate compatibility, page 1574
•
show certificate lsc, page 1575
Cisco Wireless Controller Command Reference, Release 8.4
1459
•
show certificate ssc, page 1576
•
show certificate summary, page 1577
•
•
•
show client ccx client-capability, page 1580
•
show client ccx frame-data, page 1581
•
show client ccx last-response-status, page 1582
•
show client ccx last-test-status, page 1583
•
show client ccx log-response, page 1584
•
show client ccx manufacturer-info, page 1586
•
show client ccx operating-parameters, page 1587
•
show client ccx profiles, page 1588
•
show client ccx results, page 1590
•
•
show client ccx stats-report, page 1593
•
•
show client location-calibration summary, page 1598
•
show client roam-history, page 1599
•
show client summary, page 1600
•
show client summary guest-lan, page 1602
•
•
show client username, page 1605
•
show client voice-diag, page 1606
•
•
show client location-calibration summary, page 1609
•
show client probing, page 1610
•
show client roam-history, page 1611
•
show client summary, page 1612
•
•
show cloud-services cmx summary, page 1615
•
show cloud-services cmx statistics, page 1616
•
•
show cts environment-data, page 1618
1460
Cisco Wireless Controller Command Reference, Release 8.4
•
•
•
•
•
•
show coredump summary, page 1624
•
•
show country channels, page 1626
•
show country supported, page 1627
•
•
•
show database summary, page 1631
•
•
•
•
show dtls connections, page 1635
•
•
show flexconnect acl detailed, page 1637
•
show flexconnect acl summary, page 1638
•
show flexconnect group detail, page 1639
•
show flexconnect group summary, page 1640
•
show flexconnect office-extend, page 1641
•
•
show flow monitor summary, page 1643
•
•
•
•
show interface summary, page 1647
•
show interface detailed, page 1648
•
show interface group, page 1650
•
show invalid-config, page 1652
•
•
Cisco Wireless Controller Command Reference, Release 8.4
1461
•
•
•
•
show icons file-info, page 1659
•
•
•
show ipv6 acl detailed, page 1662
•
show ipv6 neighbor-binding, page 1663
•
•
show ipv6 route summary, page 1668
•
•
1462
Cisco Wireless Controller Command Reference, Release 8.4
show aaa auth show aaa auth
To display the configuration settings for the AAA authentication server database, use the show aaa auth command.
show aaa auth
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the configuration settings for the AAA authentication server database:
(Cisco Controller) >
show aaa auth
Management authentication server order:
1............................................ local
2............................................ tacacs
Related Commands config aaa auth config aaa auth mgmt
Cisco Wireless Controller Command Reference, Release 8.4
1463
show acl show acl
To display the access control lists (ACLs) that are configured on the controller, use the show acl command.
show acl {cpu | detailed acl_name | summary | layer2 { summary | detailed acl_name } }
Syntax Description cpu detailed
acl_name
summary layer2
Displays the ACLs configured on the Cisco WLC's central processing unit (CPU).
Displays detailed information about a specific ACL.
ACL name. The name can be up to 32 alphanumeric characters.
Displays a summary of all ACLs configured on the controller.
Displays the Layer 2 ACLs.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the access control lists on the CPU.
(Cisco Controller) >
show acl cpu
CPU Acl Name................................
Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled
Applied to NPU.............................. No
The following example shows how to display a summary of the access control lists.
(Cisco Controller) >
show acl summary
ACL Counter Status Disabled
----------------------------------------
IPv4 ACL Name Applied
-------------------------------- ------acl1 acl2 acl3
Yes
Yes
Yes
1464
Cisco Wireless Controller Command Reference, Release 8.4
show acl
----------------------------------------
IPv6 ACL Name Applied
-------------------------------- ------acl6 No
The following example shows how to display the detailed information of the access control lists.
(Cisco Controller) >
show acl detailed acl_name
Source Destination Source Port Dest Port
I Dir IP Address/Netmask IP Address/Netmask Prot Range
Action Counter
Range DSCP
- --- ------------------ ------------------ ---- --------- --------- -----
------ -------
1
Any 0.0.0.0/0.0.0.0
0.0.0.0/0.0.0.0
Any 0-65535 0-65535 0 Deny
2
In 0.0.0.0/0.0.0.0
200.200.200.0/ 6 80-80 0-65535 Any Permit
0
0
255.255.255.0
DenyCounter : 0
Note
The Counter field increments each time a packet matches an ACL rule, and the DenyCounter field increments each time a packet does not match any of the rules.
Related Commands clear acl counters config acl apply config acl counter config acl cpu config acl create config acl delete config interface acl config acl rule
Cisco Wireless Controller Command Reference, Release 8.4
1465
show acl detailed show acl detailed
To display detailed DNS-based ACL information, use the show acl detailed command.
show acl detailedacl_name
Syntax Description
acl_name
Name of the access control list.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced.
The following is a sample output of the show acl detailed acl_name command.
(Cisco Controller) >
show acl detailed android
No rules are configured for this ACL.
DenyCounter : 0
URLs configured in this ACL
---------------------------
*.play.google.com
*.store.google.com
1466
Cisco Wireless Controller Command Reference, Release 8.4
show acl url-acl detailed show acl url-acl detailed
To display detailed URL ACL profile information, use the show acl url-acl detailed command.
show acl url-acl detailed acl_name
Syntax Description
acl_name
Name of the access control list.
Command Default
None
Command History
Examples
Release
8.3
Modification
This command was introduced.
This example shows detailed information of a specific URL ACL profile:
(Cisco Controller) >
show acl url-acl detailed
Cisco Wireless Controller Command Reference, Release 8.4
1467
show acl summary show acl summary
To display DNS-based ACL information, use the show acl summary command.
show aclsummary
Syntax Description summary
Displays DNS-based ACL information.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following is a sample output of the show acl summary command.
(Cisco Controller) >
show acl summary
ACL Counter Status Disabled
----------------------------------------
IPv4 ACL Name Applied
-------------------------------- ------android
StoreACL
No
Yes
----------------------------------------
IPv6 ACL Name Applied
-------------------------------- -------
1
1468
Cisco Wireless Controller Command Reference, Release 8.4
show acl url-acl summary show acl url-acl summary
To display a summary of the URL ACL profiles, use the show acl url-acl summary command.
show acl url-acl summary
Syntax Description summary
Displays URL ACL profiles information.
Command Default
None
Command History
Examples
Release
8.3
This example shows a summary of URL ACL profiles:
(Cisco Controller) >
show acl summary
URL ACL Feature
ACL Counter Status
Disabled
Enabled
----------------------------------------
URL ACL Name Applied
--------------test
-------
No
Modification
This command was introduced.
Cisco Wireless Controller Command Reference, Release 8.4
1469
show advanced 802.11 channel show advanced 802.11 channel
To display the automatic channel assignment configuration and statistics, use the show advanced 802.11
channel command.
show advanced 802.11{a | b} channel
Syntax Description a b
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the automatic channel assignment configuration and statistics:
(Cisco Controller) >
show advanced 802.11a channel
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... 00:1a:6d:dd:1e:40
Last Run....................................... 129 seconds ago
DCA Sensitivity Level: ...................... STARTUP (5 dB)
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Auto-RF Allowed Channel List...................
36,40,44,48,52,56,60,64,149,
............................................. 153,157,161
Auto-RF Unused Channel List....................
100,104,108,112,116,132,136,
............................................. 140,165,190,196
DCA Outdoor AP option.......................... Enabled
1470
Cisco Wireless Controller Command Reference, Release 8.4
show advanced 802.11 coverage show advanced 802.11 coverage
To display the configuration and statistics for coverage hole detection, use the show advanced 802.11 coverage command.
show advanced 802.11{a | b} coverage
Syntax Description a b
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the statistics for coverage hole detection:
(Cisco Controller) >
show advanced 802.11a coverage
Coverage Hole Detection
802.11a Coverage Hole Detection Mode........... Enabled
802.11a Coverage Voice Packet Count............ 100 packets
802.11a Coverage Voice Packet Percentage....... 50%
802.11a Coverage Voice RSSI Threshold.......... -80 dBm
802.11a Coverage Data Packet Count............. 50 packets
802.11a Coverage Data Packet Percentage........ 50%
802.11a Coverage Data RSSI Threshold........... -80 dBm
802.11a Global coverage exception level........ 25 %
802.11a Global client minimum exception lev.... 3 clients
Cisco Wireless Controller Command Reference, Release 8.4
1471
show advanced 802.11 group show advanced 802.11 group
To display 802.11a or 802.11b Cisco radio RF grouping, use the show advanced 802.11 group command.
show advanced 802.11{a | b} group
Syntax Description a b
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display Cisco radio RF group settings:
(Cisco Controller) >
show advanced 802.11a group
Radio RF Grouping
802.11a Group Mode................................... AUTO
802.11a Group Update Interval........................ 600 seconds
802.11a Group Leader................................. xx:xx:xx:xx:xx:xx
802.11a Group Member............................... xx:xx:xx:xx:xx:xx
802.11a Last Run..................................... 133 seconds ago
1472
Cisco Wireless Controller Command Reference, Release 8.4
show advanced 802.11 l2roam show advanced 802.11 l2roam
To display 802.11a or 802.11b/g Layer 2 client roaming information, use the show advanced 802.11 l2roam command.
show advanced 802.11{a | b} l2roam {rf-param | statistics} mac_address}
Syntax Description a b rf-param statistics
mac_address
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies the Layer 2 frequency parameters.
Specifies the Layer 2 client roaming statistics.
MAC address of the client.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show advanced 802.11b l2roam rf-param command:
(Cisco Controller) >
show advanced 802.11b l2roam rf-param
L2Roam 802.11bg RF Parameters.....................
Config Mode.................................. Default
Minimum RSSI................................. -85
Roam Hysteresis.............................. 2
Scan Threshold............................... -72
Transition time.............................. 5
Cisco Wireless Controller Command Reference, Release 8.4
1473
show advanced 802.11 logging show advanced 802.11 logging
To display 802.11a or 802.11b RF event and performance logging, use the show advanced 802.11 logging command.
show advanced 802.11{a | b} logging
Syntax Description a b
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display 802.11b RF event and performance logging:
(Cisco Controller) >
show advanced 802.11b logging
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
TxPower Update Logging......................... Off
1474
Cisco Wireless Controller Command Reference, Release 8.4
show advanced 802.11 monitor show advanced 802.11 monitor
To display the 802.11a or 802.11b default Cisco radio monitoring, use the show advanced 802.11 monitor command.
show advanced 802.11{a | b} monitor
Syntax Description a b
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the radio monitoring for the 802.11b network:
(Cisco Controller) >
show advanced 802.11b monitor
Default 802.11b AP monitoring
802.11b Monitor Mode........................... enable
802.11b Monitor Channels....................... Country channels
802.11b RRM Neighbor Discovery Type............ Transparent
802.11b AP Coverage Interval................... 180 seconds
802.11b AP Load Interval....................... 60 seconds
802.11b AP Noise Interval...................... 180 seconds
802.11b AP Signal Strength Interval............ 60 seconds
Cisco Wireless Controller Command Reference, Release 8.4
1475
show advanced 802.11 optimized roaming show advanced 802.11 optimized roaming
To display the optimized roaming configurations for 802.11a/b networks, use the show advanced 802.11
optimized roaming command.
show advanced 802.11 {a | b} optimized roaming [stats]
Syntax Description stats
(Optional) Displays optimized roaming statistics for a 802.11a/b network.
Command Default
None
Command History
Release
8.0
Modification
This command was introduced.
Examples
The following example shows how to display the optimized roaming configurations for an 802.11a network:
(Cisco Controller) >
show advanced 802.11a optimized roaming
OptimizedRoaming
802.11a OptimizedRoaming Mode.................. Enabled
802.11a OptimizedRoaming Reporting Interval.... 20 seconds
802.11a OptimizedRoaming Rate Threshold........ disabled
The following example shows how to display the optimized roaming statistics for an 802.11a network:
(Cisco Controller) >
show advanced 802.11a optimized roaming stats
OptimizedRoaming Stats
802.11a OptimizedRoaming Disassociations....... 2
802.11a OptimizedRoaming Rejections............ 1
1476
Cisco Wireless Controller Command Reference, Release 8.4
show advanced 802.11 profile show advanced 802.11 profile
To display the 802.11a or 802.11b lightweight access point performance profiles, use the show advanced
802.11 profile command.
show advanced 802.11{a | b} profile {global | cisco_ap}
Syntax Description a b global
cisco_ap
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies all Cisco lightweight access points.
Name of a specific Cisco lightweight access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the global configuration and statistics of an 802.11a profile:
(Cisco Controller) >
show advanced 802.11 profile global
Default 802.11a AP performance profiles
802.11a Global Interference threshold.............. 10%
802.11a Global noise threshold..................... -70 dBm
802.11a Global RF utilization threshold............ 80%
802.11a Global throughput threshold................ 1000000 bps
802.11a Global clients threshold................... 12 clients
802.11a Global coverage threshold.................. 12 dB
802.11a Global coverage exception level............ 80%
802.11a Global client minimum exception lev........ 3 clients
The following example shows how to display the configuration and statistics of a specific access point profile:
(Cisco Controller) >
show advanced 802.11 profile AP1
Cisco AP performance profile not customized
This response indicates that the performance profile for this lightweight access point is using the global defaults and has not been individually configured.
Cisco Wireless Controller Command Reference, Release 8.4
1477
show advanced 802.11 receiver show advanced 802.11 receiver
To display the configuration and statistics of the 802.11a or 802.11b receiver, use the show advanced 802.11
receiver command.
show advanced 802.11{a | b} receiver
Syntax Description a b
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the configuration and statistics of the 802.11a network settings:
(Cisco Controller) >
show advanced 802.11 receiver
802.11a Receiver Settings
RxStart : Signal Threshold........................... 15
RxStart : Signal Lamp Threshold...................... 5
RxStart : Preamble Power Threshold................... 2
RxReStart : Signal Jump Status......................... Enabled
RxReStart : Signal Jump Threshold...................... 10
TxStomp : Low RSSI Status.............................. Enabled
TxStomp : Low RSSI Threshold........................... 30
TxStomp : Wrong BSSID Status........................... Enabled
TxStomp : Wrong BSSID Data Only Status................. Enabled
RxAbort : Raw Power Drop Status........................ Disabled
RxAbort : Raw Power Drop Threshold..................... 10
RxAbort : Low RSSI Status.............................. Disabled
RxAbort : Low RSSI Threshold........................... 0
RxAbort : Wrong BSSID Status........................... Disabled
RxAbort : Wrong BSSID Data Only Status................. Disabled
1478
Cisco Wireless Controller Command Reference, Release 8.4
show advanced 802.11 summary show advanced 802.11 summary
To display the 802.11a or 802.11b Cisco lightweight access point name, channel, and transmit level summary, use the show advanced 802.11 summary command.
show advanced 802.11{a | b} summary
Syntax Description a b
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a summary of the 802.11b access point settings:
(Cisco Controller) >
show advanced 802.11b summary
AP Name MAC Address Admin State Operation State Channel
TxPower
------------ ------------------ ------------ ----------------- -------
--------
CJ-1240
1( )
CJ-1130
1(*)
00:21:1b:ea:36:60
00:1f:ca:cf:b6:60
ENABLED
ENABLED
UP
UP
161
56*
Note
An asterisk (*) next to a channel number or power level indicates that it is being controlled by the global algorithm settings.
Cisco Wireless Controller Command Reference, Release 8.4
1479
show advanced 802.11 txpower show advanced 802.11 txpower
To display the 802.11a or 802.11b automatic transmit power assignment, use the show advanced 802.11
txpower command.
show advanced 802.11{a | b} txpower
Syntax Description a b
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the configuration and statistics of the 802.11b transmit power cost:
(Cisco Controller) >
show advanced 802.11b txpower
Automatic Transmit Power Assignment
Transmit Power Assignment Mode.................. AUTO
Transmit Power Update Interval.................. 600 seconds
Transmit Power Threshold........................ -65 dBm
Transmit Power Neighbor Count................... 3 APs
Transmit Power Update Contribution.............. SN.
Transmit Power Assignment Leader................ xx:xx:xx:xx:xx:xx
Last Run........................................ 384 seconds ago
1480
Cisco Wireless Controller Command Reference, Release 8.4
show advanced backup-controller show advanced backup-controller
To display a list of primary and secondary backup WLCs, use the show advanced backup-controller command.
show advanced backup-controller
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the backup controller information:
(Cisco Controller) >
show advanced backup-controller
AP primary Backup Controller ....................
controller 10.10.10.10
AP secondary Backup Controller ..................
0.0.0.0
Cisco Wireless Controller Command Reference, Release 8.4
1481
show advanced dot11-padding show advanced dot11-padding
To display the state of over-the-air frame padding on a wireless LAN controller, use the show advanced
dot11-padding command.
show advanced dot11-padding
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to view the state of over-the-air frame padding:
(Cisco Controller) >
show advanced dot11-padding
dot11-padding.................................... Disabled
1482
Cisco Wireless Controller Command Reference, Release 8.4
show advanced hotspot show advanced hotspot
To display the advanced HotSpot parameters, use the show advanced hotspot command.
show advanced hotspot
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to display the advanced HotSpot parameters:
(Cisco Controller) >
show advanced hotspot
ANQP 4-way state................................. Disabled
GARP Broadcast state: ........................... Enabled
GAS request rate limit .......................... Disabled
ANQP comeback delay in TUs(TU=1024usec).......... 50
Cisco Wireless Controller Command Reference, Release 8.4
1483
show advanced max-1x-sessions show advanced max-1x-sessions
To display the maximum number of simultaneous 802.1X sessions allowed per access point, use the show
advanced max-1x-sessions command.
show advanced max-1x-sessions
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the maximum 802.1X sessions per access point:
(Cisco Controller) >
show advanced max-1x-sessions
Max 802.1x session per AP at a given time........ 0
1484
Cisco Wireless Controller Command Reference, Release 8.4
show advanced probe show advanced probe
To display the number of probes sent to the Cisco WLC per access point per client and the probe interval in milliseconds, use the show advanced probe command.
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the probe settings for the WLAN controller:
(Cisco Controller) >
show advanced probe
Probe request filtering.......................... Enabled
Probes fwd to controller per client per radio.... 12
Probe request rate-limiting interval............. 100 msec
Cisco Wireless Controller Command Reference, Release 8.4
1485
show advanced rate show advanced rate
To display whether control path rate limiting is enabled or disabled, use the show advanced rate command.
show advanced rate
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the switch control path rate limiting mode:
(Cisco Controller) >
show advanced rate
Control Path Rate Limiting.......................
Disabled
1486
Cisco Wireless Controller Command Reference, Release 8.4
show advanced timers show advanced timers
To display the mobility anchor, authentication response, and rogue access point entry timers, use the show
advanced timers command.
show advanced timers
Syntax Description
This command has no arguments or keywords.
Command Default
The defaults are shown in the “Examples” section.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the system timers setting:
(Cisco Controller) >
show advanced timers
Authentication Response Timeout (seconds)........ 10
Rogue Entry Timeout (seconds).................... 1200
AP Heart Beat Timeout (seconds).................. 30
AP Discovery Timeout (seconds)................... 10
AP Local mode Fast Heartbeat (seconds)........... disable
AP flexconnect mode Fast Heartbeat (seconds)........... disable
AP Primary Discovery Timeout (seconds)........... 120
Cisco Wireless Controller Command Reference, Release 8.4
1487
show advanced client-handoff show advanced client-handoff
To display the number of automatic client handoffs after retries, use the show advanced client-handoff command.
show advanced client-handoff
Syntax Description
This command has no arguments or keywords.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the client auto handoff mode after excessive retries:
(Cisco Controller) >
show advanced client-handoff
Client auto handoff after retries................
130
1488
Cisco Wireless Controller Command Reference, Release 8.4
show advanced eap show advanced eap
To display Extensible Authentication Protocol (EAP) settings, use the show advanced eap command.
show advanced eap
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the EAP settings:
(Cisco Controller) >
show advanced eap
EAP-Identity-Request Timeout (seconds)........... 1
EAP-Identity-Request Max Retries................. 20
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 1
EAP-Request Max Retries.......................... 20
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
Related Commands config advanced eap config advanced timers eap-identity-request-delay config advanced timers eap-timeout
Cisco Wireless Controller Command Reference, Release 8.4
1489
show advanced send-disassoc-on-handoff show advanced send-disassoc-on-handoff
To display whether the WLAN controller disassociates clients after a handoff, use the show advanced
send-disassoc-on-handoff command.
show advanced send-disassoc-on-handoff
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show advanced send-disassoc-on-handoff command:
(Cisco Controller) >
show advanced send-disassoc-on-handoff
Send Disassociate on Handoff..................... Disabled
1490
Cisco Wireless Controller Command Reference, Release 8.4
show advanced sip-preferred-call-no show advanced sip-preferred-call-no
To display the list of preferred call numbers, use the show advanced sip-preferred-call-no command.
show advanced sip-preferred-call-no
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show advanced sip-preferred-call-no command:
2
3
4
5
6
(Cisco Controller) >
show advanced sip-preferred-call-no
Preferred Call Numbers List
Call Index Preferred Call No
-----------
1
------------------
911
100
101
102
103
104
Cisco Wireless Controller Command Reference, Release 8.4
1491
show advanced sip-snooping-ports show advanced sip-snooping-ports
To display the port range for call snooping, use the show advanced sip-snooping-ports command.
show advanced sip-snooping-ports
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show advanced sip-snooping-ports command:
(Cisco Controller) >
show advanced sip-snooping-ports
SIP Call Snoop Ports: 1000 - 2000
1492
Cisco Wireless Controller Command Reference, Release 8.4
show arp kernel show arp kernel
To display the kernel Address Resolution Protocol (ARP) cache information, use the show arp kernel command.
show arp kernel
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show arp kernel command:
(Cisco Controller) >
show arp kernel
IP address
192.0.2.1
192.0.2.8
HW type
0x1
0x1
Flags
0x2
0x6
HW address
00:1A:6C:2A:09:C2
00:1E:E5:E6:DB:56
Mask
*
*
Device dtl0 dtl0
Cisco Wireless Controller Command Reference, Release 8.4
1493
show arp switch show arp switch
To display the Cisco wireless LAN controller MAC addresses, IP addresses, and port types, use the show arp
switch command.
show arp switch
Syntax Description
This command has no arguments or keywords.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show arp switch command:
(Cisco Controller) >
show arp switch
MAC Address IP Address Port VLAN Type
------------------- ---------------- ------------ ---- ------------------xx:xx:xx:xx:xx:xx xxx.xxx.xxx.xxx
service port xx:xx:xx:xx:xx:xx xxx.xxx.xxx.xxx
service port
1 xx:xx:xx:xx:xx:xx xxx.xxx.xxx.xxx
service port
1494
Cisco Wireless Controller Command Reference, Release 8.4
show ap auto-rf show ap auto-rf
To display the auto-RF settings for a Cisco lightweight access point, use the show ap auto-rf command.
show ap auto-rf 802.11{a | b} cisco_ap
Syntax Description a b
cisco_ap
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Cisco lightweight access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display auto-RF information for an access point:
(Cisco Controller) >
show ap auto-rf 802.11a AP1
Number Of Slots.................................. 2
AP Name.......................................... AP03
MAC Address...................................... 00:0b:85:01:18:b7
Radio Type..................................... RADIO_TYPE_80211a
Noise Information
Noise Profile................................ PASSED
Channel 36...................................
-88 dBm
Channel 40...................................
-86 dBm
Channel 44...................................
-87 dBm
Channel 48...................................
-85 dBm
Channel 52...................................
-84 dBm
Channel 56...................................
-83 dBm
Channel 60...................................
-84 dBm
Channel 64...................................
-85 dBm
Interference Information
Interference Profile......................... PASSED
Channel 36...................................
-66 dBm @ 1% busy
Channel 40................................... -128 dBm @ 0% busy
Channel 44................................... -128 dBm @ 0% busy
Channel 48................................... -128 dBm @ 0% busy
Channel 52................................... -128 dBm @ 0% busy
Channel 56...................................
-73 dBm @ 1% busy
Channel 60...................................
-55 dBm @ 1% busy
Channel 64...................................
-69 dBm @ 1% busy
Rogue Histogram (20/40_ABOVE/40_BELOW)
Channel 36................................... 16/ 0/ 0
Cisco Wireless Controller Command Reference, Release 8.4
1495
show ap auto-rf
Channel 40................................... 28/ 0/ 0
Channel 44...................................
9/ 0/ 0
Channel 48...................................
9/ 0/ 0
Channel 52...................................
3/ 0/ 0
Channel 56...................................
4/ 0/ 0
Channel 60...................................
7/ 1/ 0
Channel 64...................................
2/ 0/ 0
Load Information
Load Profile................................. PASSED
Receive Utilization.......................... 0%
Transmit Utilization......................... 0%
Channel Utilization.......................... 1%
Attached Clients............................. 1 clients
Coverage Information
Coverage Profile............................. PASSED
Failed Clients............................... 0 clients
Client Signal Strengths
RSSI -100 dBm................................ 0 clients
RSSI -92 dBm................................ 0 clients
RSSI -84 dBm................................ 0 clients
RSSI -76 dBm................................ 0 clients
RSSI -68 dBm................................ 0 clients
RSSI -60 dBm................................ 0 clients
RSSI -52 dBm................................ 0 clients
Client Signal To Noise Ratios
SNR 0 dBm................................. 0 clients
SNR 5 dBm................................. 0 clients
SNR 10 dBm................................. 0 clients
SNR 15 dBm................................. 0 clients
SNR 20 dBm................................. 0 clients
SNR 25 dBm................................. 0 clients
SNR 30 dBm................................. 0 clients
SNR 35 dBm................................. 0 clients
SNR 40 dBm................................. 0 clients
SNR 45 dBm................................. 0 clients
Nearby RADs
RAD 00:0b:85:01:05:08 slot 0.................
-46 dBm on 10.1.30.170
RAD 00:0b:85:01:12:65 slot 0.................
-24 dBm on 10.1.30.170
Channel Assignment Information
Current Channel Average Energy...............
-86 dBm
Previous Channel Average Energy..............
-75 dBm
Channel Change Count.........................
109
2004
Last Channel Change Time..................... Wed Sep 29 12:53e:34
Recommended Best Channel..................... 44
RF Parameter Recommendations
Power Level.................................. 1
RTS/CTS Threshold............................ 2347
Fragmentation Threshold...................... 2346
Antenna Pattern.............................. 0
1496
Cisco Wireless Controller Command Reference, Release 8.4
show ap ccx rm show ap ccx rm
To display an access point’s Cisco Client eXtensions (CCX) radio management status information, use the
show ap ccx rm command.
show ap ccx rm ap_name status
Syntax Description
ap_name
status
Specified access point name.
Displays the CCX radio management status information for an access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the status of the CCX radio management:
(Cisco Controller) >
show ap ccx rm AP1240-21ac status
A Radio
Channel Load Request ..................... Disabled
Noise Histogram Request .................. Disabled
Beacon Request ........................... Disabled
Frame Request ............................ Disabled
Interval ................................. 60
Iteration ................................ 10
G Radio
Channel Load Request ..................... Disabled
Noise Histogram Request .................. Disabled
Beacon Request ........................... Disabled
Frame Request ............................ Disabled
Interval ................................. 60
Iteration ................................ 10
Cisco Wireless Controller Command Reference, Release 8.4
1497
show ap cdp show ap cdp
To display the Cisco Discovery Protocol (CDP) information for an access point, use the show ap cdp command.
show ap cdp {all | ap-name cisco_ap | neighbors {all | ap-name cisco_ap | detail cisco_ap}}
Syntax Description all ap-name
cisco_ap
neighbors detail
Displays the CDP status on all access points.
Displays the CDP status for a specified access point.
Specified access point name.
Displays neighbors using CDP.
Displays details about a specific access point neighbor using CDP.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the CDP status of all access points:
(Cisco Controller) >
show ap cdp all
AP CDP State
AP Name AP CDP State
---------------------------
SB_RAP1 enable
SB_MAP1
SB_MAP2
SB_MAP3 enable enable enable
The following example shows how to display the CDP status of a specified access point:
(Cisco Controller) >
show ap cdp ap-name SB_RAP1
AP CDP State
AP Name AP CDP State
---------------------------
AP CDP State.......................Enabled
AP Interface-Based CDP state
Ethernet 0.....................Enabled
Slot 0.........................Enabled
Slot 1.........................Enabled
1498
Cisco Wireless Controller Command Reference, Release 8.4
show ap cdp
The following example shows how to display details about all neighbors using CDP:
(Cisco Controller) >
show ap cdp neighbor all
AP Name AP IP Neighbor Name Neighbor IP Neighbor Port
-----------------------------------------------------------------
SB_RAP1 192.168.102.154
sjc14-41a-sw1 192.168.102.2
GigabitEthernet1/0/13
SB_RAP1
SB_MAP1
SB_MAP1
SB_MAP2
SB_MAP2
SB_MAP3
192.168.102.154
192.168.102.137
192.168.102.137
192.168.102.138
192.168.102.138
192.168.102.139
SB_MAP1
SB_RAP1
SB_MAP2
SB_MAP1
SB_MAP3
SB_MAP2
192.168.102.137
192.168.102.154
192.168.102.138
192.168.102.137
192.168.102.139
192.168.102.138
Virtual-Dot11Radio0
Virtual-Dot11Radio0
Virtual-Dot11Radio0
Virtual-Dot11Radio1
Virtual-Dot11Radio0
Virtual-Dot11Radio1
The following example shows how to display details about a specific neighbor with a specified access point using CDP:
(Cisco Controller) >
show ap cdp neighbors ap-name SB_MAP2
AP Name AP IP Neighbor Name Neighbor IP Neighbor Port
----------------------------------------------------------------
SB_MAP2
SB_MAP2
192.168.102.138
SB_MAP1
192.168.102.138
SB_MAP3
192.168.102.137
Virtual-Dot11Radio1
192.168.102.139
Virtual-Dot11Radio0
The following example shows how to display details about neighbors using CDP:
(Cisco Controller) >
show ap cdp neighbors detail SB_MAP2
AP Name:SB_MAP2
AP IP address:192.168.102.138
-------------------------
Device ID: SB_MAP1
Entry address(es): 192.168.102.137
Platform: cisco AIR-LAP1522AG-A-K9 , Cap
Interface: Virtual-Dot11Radio0, Port ID (outgoing port): Virtual-Dot11Radio1
Holdtime : 180 sec
Version :
Cisco IOS Software, C1520 Software (C1520-K9W8-M), Experimental Version 12.4(200
81114:084420) [BLD-v124_18a_ja_throttle.20081114 208] Copyright (c) 1986-2008 by
Cisco Systems, Inc. Compiled Fri 14-Nov-08 23:08 by advertisement version: 2
-------------------------
Device ID: SB_MAP3
Entry address(es): 192.168.102.139
Platform: cisco AIR-LAP1522AG-A-K9 , Capabilities: Trans-Bridge
Interface: Virtual-Dot11Radio1, Port ID (outgoing port): Virtual-Dot11Radio0
Holdtime : 180 sec
Version :
Cisco IOS Software, C1520 Software (C1520-K9W8-M), Experimental Version 12.4(200
81114:084420) [BLD-v124_18a_ja_throttle.20081114 208] Copyright (c) 1986-2008 by
Cisco Systems, Inc. Compiled Fri 14-Nov-08 23:08 by advertisement version: 2
Cisco Wireless Controller Command Reference, Release 8.4
1499
show ap channel show ap channel
To display the available channels for a specific mesh access point, use the show ap channel command.
show ap channel ap_name
Syntax Description
ap_name
Name of the mesh access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the available channels for a particular access point:
(Cisco Controller) >
show ap channel AP47
802.11b/g Current Channel ...........1
Allowed Channel List.....................1,2,3,4,5,6,7,8,9,10,11
802.11a Current Channel .................161
Allowed Channel List.....................36,40,44,48,52,56,60,64,100,
.........................................104,108,112,116,132,136,140,
.........................................149,153,157,161
1500
Cisco Wireless Controller Command Reference, Release 8.4
show ap config show ap config
To display the detailed configuration for a lightweight access point, use the show ap config command.
show ap config 802.11{a | b} [summary] cisco_ap
Syntax Description
802.11a
802.11b
summary
cisco_ap
Specifies the 802.11a or 802.11b/g network.
Specifies the 802.11b/g network.
(Optional) Displays radio summary of all APs
Lightweight access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the detailed configuration for an access point:
(Cisco Controller) >
show ap config 802.11a AP02
Cisco AP Identifier.............................. 0
Cisco AP Name.................................... AP02
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Regulatory Domain............................. Unconfigured
Switch Port Number .............................. 1
MAC Address...................................... 00:0b:85:18:b6:50
IP Address Configuration......................... DHCP
IP Address....................................... 1.100.49.240
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 1.100.49.1
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ default-location
Cisco AP Group Name.............................. default-group
Primary Cisco Switch............................. Cisco_32:ab:63
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch...........................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch............................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ........................................... Sniffer
Public Safety ..................................... Global: Disabled, Local: Disabled
Cisco Wireless Controller Command Reference, Release 8.4
1501
show ap config
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.110.6
Boot Version ................................... 12.4.18.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
Stats Re--More-- or (q)uit
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Enabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1142N-A-K9
AP Image......................................... C1140-K9W8-M
IOS Version...................................... 12.4(20100502:031212)
Reset Button..................................... Enabled
AP Serial Number................................. FTX1305S180
AP Certificate Type.............................. Manufacture Installed
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 47 days, 23 h 47 m 47 s
AP LWAPP Up Time................................. 47 days, 23 h 10 m 37 s
Join Date and Time............................... Tue May 4 16:05:00 2010
Join Taken Time.................................. 0 days, 00 h 01 m 37 s
Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211n-5
Radio Subband................................ RADIO_SUBBAND_ALL
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 2
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:24:97:88:99:60
Operation Rate Set
6000 Kilo Bits........................... MANDATORY
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... MANDATORY
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... MANDATORY
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
MCS Set
MCS 0.................................... SUPPORTED
MCS 1.................................... SUPPORTED
MCS 2.................................... SUPPORTED
MCS 3.................................... SUPPORTED
MCS 4.................................... SUPPORTED
MCS 5.................................... SUPPORTED
MCS 6.................................... SUPPORTED
MCS 7.................................... SUPPORTED
MCS 8.................................... SUPPORTED
MCS 9.................................... SUPPORTED
MCS 10................................... SUPPORTED
MCS 11................................... SUPPORTED
MCS 12................................... SUPPORTED
MCS 13................................... SUPPORTED
MCS 14................................... SUPPORTED
MCS 15................................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
1502
Cisco Wireless Controller Command Reference, Release 8.4
show ap config
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 36
Number Of Channels ........................ 21
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 6
Tx Power Level 1 .......................... 14 dBm
Tx Power Level 2 .......................... 11 dBm
Tx Power Level 3 .......................... 8 dBm
Tx Power Level 4 .......................... 5 dBm
Tx Power Level 5 .......................... 2 dBm
Tx Power Level 6 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 0
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 36
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
......................................... 104,108,112,116,132,136,140,
......................................... 149,153,157,161,165
TI Threshold .............................. -50
Legacy Tx Beamforming Configuration ....... AUTOMATIC
Legacy Tx Beamforming ..................... DISABLED
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 6
Diversity.................................. DIVERSITY_ENABLED
802.11n Antennas
Tx
A....................................... ENABLED
B....................................... ENABLED
Rx
A....................................... ENABLED
B....................................... ENABLED
C....................................... ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................
-70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 16 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Radio Extended Configurations:
Buffer size
……………………….30
Data-rate
…………………………..0
Beacon strt
………………………..90 ms
Rx-Sensitivity SOP threshold
………….. -80 dB
CCA threshold
……………………. -60 dB
The following example shows how to display the detailed configuration for another access point:
(Cisco Controller) >
show ap config 802.11b AP02
Cisco AP Identifier.............................. 0
Cisco AP Name.................................... AP02
AP Regulatory Domain............................. Unconfigured
Switch Port Number .............................. 1
MAC Address...................................... 00:0b:85:18:b6:50
IP Address Configuration......................... DHCP
Cisco Wireless Controller Command Reference, Release 8.4
1503
show ap config
IP Address....................................... 1.100.49.240
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 1.100.49.1
Cisco AP Location................................ default-location
Cisco AP Group Name.............................. default-group
Primary Cisco Switch............................. Cisco_32:ab:63
Secondary Cisco Switch...........................
Tertiary Cisco Switch............................
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... Local
Remote AP Debug ................................. Disabled
S/W Version .................................... 3.1.61.0
Boot Version ................................... 1.2.59.6
Stats Reporting Period .......................... 180
LED State........................................ Enabled
ILP Pre Standard Switch.......................... Disabled
ILP Power Injector............................... Disabled
Number Of Slots.................................. 2
AP Model......................................... AS-1200
AP Serial Number................................. 044110223A
AP Certificate Type.............................. Manufacture Installed
Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211g
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 1
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:0b:85:18:b6:50
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
6000 Kilo Bits........................... SUPPORTED
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... SUPPORTED
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... SUPPORTED
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
Beacon Period ............................. 100
DTIM Period ............................... 1
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 11
MAC Operation Parameters
Configuration ............................. AUTOMATIC
RTS Threshold ............................. 2347
Short Retry Limit ......................... 7
Long Retry Limit .......................... 4
Fragmentation Threshold ................... 2346
Maximum Tx MSDU Life Time ................. 512
Maximum Rx Life Time....................... 512
Tx Power
Num Of Supported Power Levels.............. 5
Tx Power Level 1 .......................... 17 dBm
Tx Power Level 2........................... 14 dBm
Tx Power Level 3........................... 11 dBm
Tx Power Level 4........................... 8 dBm
Tx Power Level 5........................... 5 dBm
1504
Cisco Wireless Controller Command Reference, Release 8.4
show ap config
Tx Power Configuration..................... CUSTOMIZED
Current Tx Power Level..................... 5
Phy OFDM parameters
Configuration.............................. CUSTOMIZED
Current Channel............................ 1
TI Threshold............................... -50
Legacy Tx Beamforming Configuration ....... CUSTOMIZED
Legacy Tx Beamforming ..................... ENABLED
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in5 dBm units)...... 11
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration.............................. AUTOMATIC
Interference threshold..................... 10%
Noise threshold............................
-70 dBm
RF utilization threshold................... 80%
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
Coverage exception level................... 25%
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
The following example shows how to display the general configuration of a Cisco access point:
(Cisco Controller) >
show ap config general cisco-ap
Cisco AP Identifier.............................. 9
Cisco AP Name.................................... cisco-ap
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. 802.11bg:-A 802.11a:-A
Switch Port Number .............................. 1
MAC Address...................................... 12:12:12:12:12:12
IP Address Configuration......................... DHCP
IP Address....................................... 10.10.10.21
IP NetMask....................................... 255.255.255.0
CAPWAP Path MTU.................................. 1485
Domain...........................................
Name Server......................................
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ default location
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................ 4404
Primary Cisco Switch IP Address.................. 10.10.10.32
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name....................... 4404
Tertiary Cisco Switch IP Address................. 3.3.3.3
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... Local
Public Safety ................................... Global: Disabled, Local: Disabled
AP subMode ...................................... WIPS
Remote AP Debug ................................. Disabled
S/W Version .................................... 5.1.0.0
Boot Version ................................... 12.4.10.0
Mini IOS Version ................................ 0.0.0.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Enabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. PoE/Low Power (degraded mode)
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1252AG-A-K9
IOS Version...................................... 12.4(10:0)
Reset Button..................................... Enabled
AP Serial Number................................. serial_number
AP Certificate Type.............................. Manufacture Installed
Cisco Wireless Controller Command Reference, Release 8.4
1505
show ap config
Management Frame Protection Validation........... Enabled (Global MFP Disabled)
AP User Mode..................................... CUSTOMIZED
AP username..................................... maria
AP Dot1x User Mode............................... Not Configured
AP Dot1x username............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 4 days, 06 h 17 m 22 s
AP LWAPP Up Time................................. 4 days, 06 h 15 m 00 s
Join Date and Time............................... Mon Mar 3 06:19:47 2008
Ethernet Port Duplex............................. Auto
Ethernet Port Speed.............................. Auto
AP Link Latency.................................. Enabled
Current Delay................................... 0 ms
Maximum Delay................................... 240 ms
Minimum Delay................................... 0 ms
Last updated (based on AP Up Time).............. 4 days, 06 h 17 m 20 s
Rogue Detection.................................. Enabled
AP TCP MSS Adjust................................ Disabled
Mesh preferred parent............................ 00:24:13:0f:92:00
1506
Cisco Wireless Controller Command Reference, Release 8.4
show ap config general show ap config general
To display the access point specific syslog server settings for all access points, use the show ap config general command.
show ap config general
Syntax Description
This command has no arguments and keywords.
Command History
Release
8.0
Modification
This command was introduced in the Release 8.0
Examples
The following example shows how to display AP specific server settings: ap_console >
show ap config general APc89c.1d53.6799
Cisco AP Identifier.............................. 76
Cisco AP Name.................................... APc89c.1d53.6799
Country code..................................... Multiple Countries:IN,JP,US
Regulatory Domain allowed by Country............. 802.11bg:-AJPU 802.11a:-AJN
AP Country code.................................. US - United States
AP Regulatory Domain............................. 802.11bg:-A 802.11a:-A
Switch Port Number .............................. 1
MAC Address...................................... c8:9c:1d:53:67:99
IP Address Configuration......................... DHCP
IP Address....................................... 10.8.77.103
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 10.8.77.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Globally Disabled
Ssh State........................................ Globally Disabled
Cisco AP Location................................ default location
Cisco AP Floor Label............................. 0
Cisco AP Group Name.............................. apGroup2
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... Local
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... system
S/W Version .................................... 8.0.72.132
Boot Version ................................... 12.4.23.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
Stats Collection Mode ........................... normal
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. PoE/Full Power
Number Of Slots.................................. 2
Cisco Wireless Controller Command Reference, Release 8.4
1507
show ap config general
AP Model......................................... AIR-LAP1142N-A-K9
AP Image......................................... C1140-K9W8-M
IOS Version...................................... 15.3(20140302:180954)$
Reset Button..................................... Enabled
AP Serial Number................................. FGL1510S3VZ
AP Certificate Type.............................. Manufacture Installed
AP User Mode..................................... AUTOMATIC
AP User Name..................................... cisco
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 0 days, 18 h 43 m 35 s
AP LWAPP Up Time................................. 0 days, 18 h 42 m 23 s
Join Date and Time............................... Wed Mar 5 07:26:07 2014
Join Taken Time.................................. 0 days, 00 h 01 m 11 s
Memory Type...................................... DDR3
Memory Size...................................... 98294 KBytes
CPU Type......................................... PowerPC405ex CPU at 586Mhz, revision number 0x147E
Flash Type....................................... Onboard Flash
Flash Size....................................... 31374 KBytes
GPS Present...................................... NO
Ethernet Vlan Tag................................ Disabled
Ethernet Port Duplex............................. Auto
Ethernet Port Speed.............................. Auto
AP Link Latency.................................. Disabled
Rogue Detection.................................. Enabled
AP TCP MSS Adjust................................ Disabled
Hotspot Venue Group.............................. Unspecified
Hotspot Venue Type............................... Unspecified
DNS server IP ............................. Not Available
1508
Cisco Wireless Controller Command Reference, Release 8.4
show ap config global show ap config global
To display the global syslog server settings for all access points that join the controller, use the show ap config
global command.
show ap config global
Syntax Description
This command has no arguments and keywords.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display global syslog server settings:
(Cisco Controller) >
show ap config global
AP global system logging host.............................. 255.255.255.255
Cisco Wireless Controller Command Reference, Release 8.4
1509
show ap core-dump show ap core-dump
To display the memory core dump information for a lightweight access point, use the show ap core-dump command.
show ap core-dump cisco_ap
Syntax Description
cisco_ap
Cisco lightweight access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display memory core dump information:
(Cisco Controller) >
show ap core-dump AP02
Memory core dump is disabled.
1510
Cisco Wireless Controller Command Reference, Release 8.4
show ap crash-file show ap crash-file
To display the list of both crash and radio core dump files generated by lightweight access points, use the
show ap crash-file command.
show ap crash-file
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the crash file generated by the access point:
(Cisco Controller) >
show ap crash-file
Cisco Wireless Controller Command Reference, Release 8.4
1511
show ap data-plane show ap data-plane
To display the data plane status for all access points or a specific access point, use the show ap data-plane command.
show ap data-plane {all | cisco_ap}
Syntax Description all
cisco_ap
Specifies all Cisco lightweight access points.
Name of a Cisco lightweight access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the data plane status of all access points:
(Cisco Controller) >
show ap data-plane all
Min Data
AP Name
Data
Round Trip
Max Data Last
Round Trip Round Trip Update
--------------------------------------------------------------
1130 0.000s
0.000s
0.002s
18:51:23
1240 0.000s
0.000s
0.000s
18:50:45
1512
Cisco Wireless Controller Command Reference, Release 8.4
show ap dtls-cipher-suite show ap dtls-cipher-suite
To display the DTLS show cipher suite information, use the show ap dtls-cipher-suite command.
show ap dtls-cipher-suite
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
8.0
Modification
This command was introduced.
Examples
The following example shows how to display DTLS cipher suite information:
(Cisco Controller) >
show ap dtls-cipher-suite
DTLS Cipher Suite................................ RSA-AES256-SHA
Cisco Wireless Controller Command Reference, Release 8.4
1513
show ap ethernet tag show ap ethernet tag
To display the VLAN tagging information of an Ethernet interface, use the show ap ethernet tag command.
show ap ethernet tag {summary | cisco_ap}
Syntax Description summary
cisco_ap
Displays the VLAN tagging information for all access points associated to the controller.
Name of the Cisco lightweight access point. Displays the VLAN tagging information for a specific access point associated to the controller.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If the access point is unable to route traffic or reach the controller using the specified trunk VLAN, it falls back to the untagged configuration. If the access point joins the controller using this fallback configuration, the controller sends a trap to a trap server such as the WCS, which indicates the failure of the trunk VLAN.
In this scenario, the "Failover to untagged" message appears in show command output.
Examples
The following example shows how to display the VLAN tagging information for all access points associated to the controller:
(Cisco Controller) >
show ap ethernet tag summary
AP Name Vlan Tag Configuration
------------------------
AP2 7 (Failover to untagged) charan.AP1140.II
disabled
1514
Cisco Wireless Controller Command Reference, Release 8.4
show ap eventlog show ap eventlog
To display the contents of the event log file for an access point that is joined to the controller, use the show ap
eventlog command.
show ap eventlog ap_name
Syntax Description
ap_name
Event log for the specified access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the event log of an access point:
(Cisco Controller) >
show ap eventlog ciscoAP
AP event log download has been initiated
Waiting for download to complete
AP event log download completed.
======================= AP Event log Contents =====================
*Feb 13 11:54:17.146: %CAPWAP-3-CLIENTEVENTLOG: AP event log has been cleared from the contoller 'admin'
*Feb 13 11:54:32.874: *** Access point reloading. Reason: Reload Command ***
*Mar 1 00:00:39.134: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:00:39.174: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:00:39.211: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:00:49.947: %CAPWAP-3-CLIENTEVENTLOG: Did not get vendor specific options from
DHCP.
...
Cisco Wireless Controller Command Reference, Release 8.4
1515
show ap flexconnect show ap flexconnect
To view the details of APs in FlexConnect mode, use the show ap flexconnect command.
show ap flexconnect module-vlan ap-name
Syntax Description module-vlan
ap-name
Displays the status of FlexConnect local switching and VLAN ID value
Cisco AP name
Command History
Release
8.1
Modification
This command was introduced
1516
Cisco Wireless Controller Command Reference, Release 8.4
show ap image show ap image
To display the detailed information about the predownloaded image for specified access points, use the show
ap image command.
show ap image {cisco_ap | all}
Syntax Description
cisco_ap
all
Name of the lightweight access point.
Specifies all access points.
Note
If you have an AP that has the name all, it conflicts with the keyword all that specifies all access points.
In this scenario, the keyword all takes precedence over the AP that is named all.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
1517
show ap inventory show ap inventory
To display inventory information for an access point, use the show ap inventory command.
show ap inventory {ap-name | all}
Syntax Description
ap-name
all
Inventory for the specified AP.
Inventory for all the APs.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the inventory of an access point:
(Cisco Controller) >
show ap inventory test101
NAME: "test101" , DESCR: "Cisco Wireless Access Point"
PID: AIR-LAP1131AG-A-K9 , VID: V01, SN: FTX1123T2XX
1518
Cisco Wireless Controller Command Reference, Release 8.4
show ap join stats detailed show ap join stats detailed
To display all join-related statistics collected for a specific access point, use the show ap join stats detailed command.
show ap join stats detailed ap_mac
Syntax Description
ap_mac
Access point Ethernet MAC address or the MAC address of the 802.11 radio interface.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display join information for a specific access point trying to join the controller:
(Cisco Controller) >
show ap join stats detailed 00:0b:85:02:0d:20
Discovery phase statistics
- Discovery requests received.......................... 2
- Successful discovery responses sent.................. 2
- Unsuccessful discovery request processing............ 0
- Reason for last unsuccessful discovery attempt....... Not applicable
- Time at last successful discovery attempt............ Aug 21 12:50:23:335
- Time at last unsuccessful discovery attempt.......... Not applicable
Join phase statistics
- Join requests received............................... 1
- Successful join responses sent....................... 1
- Unsuccessful join request processing................. 1
- Reason for last unsuccessful join attempt.............RADIUS authorization is pending for the AP
- Time at last successful join attempt................. Aug 21 12:50:34:481
- Time at last unsuccessful join attempt............... Aug 21 12:50:34:374
Configuration phase statistics
- Configuration requests received...................... 1
- Successful configuration responses sent.............. 1
- Unsuccessful configuration request processing........ 0
- Reason for last unsuccessful configuration attempt... Not applicable
- Time at last successful configuration attempt........ Aug 21 12:50:34:374
- Time at last unsuccessful configuration attempt...... Not applicable
Last AP message decryption failure details
- Reason for last message decryption failure........... Not applicable
Last AP disconnect details
- Reason for last AP connection failure................ Not applicable
Last join error summary
- Type of error that occurred last..................... Lwapp join request rejected
- Reason for error that occurred last.................. RADIUS authorization is pending for the AP
Cisco Wireless Controller Command Reference, Release 8.4
1519
show ap join stats detailed
- Time at which the last join error occurred........... Aug 21 12:50:34:374
1520
Cisco Wireless Controller Command Reference, Release 8.4
show ap join stats summary show ap join stats summary
To display the last join error detail for a specific access point, use the show ap join stats summary command.
show ap join stats summary ap_mac
Syntax Description
ap_mac
Access point Ethernet MAC address or the MAC address of the 802.11 radio interface.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
To obtain the MAC address of the 802.11 radio interface, enter the show interface command on the access point.
Examples
The following example shows how to display specific join information for an access point:
(Cisco Controller) >
show ap join stats summary 00:0b:85:02:0d:20
Is the AP currently connected to controller.......................... No
Time at which the AP joined this controller last time................ Aug 21 12:50:36:061
Type of error that occurred last..................................... Lwapp join request rejected
Reason for error that occurred last.................................. RADIUS authorization is pending for the AP
Time at which the last join error occurred........................... Aug 21 12:50:34:374
Cisco Wireless Controller Command Reference, Release 8.4
1521
show ap join stats summary all show ap join stats summary all
To display the MAC addresses of all the access points that are joined to the controller or that have tried to join, use the show ap join stats summary all command.
show ap join stats summary all
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a summary of join information for all access points:
(Cisco Controller) >
show ap join stats summary all
Number of APs.............................................. 4
Base Mac AP EthernetMac AP Name IP Address
00:0b:85:57:bc:c0 00:0b:85:57:bc:c0 AP1130 10.10.163.217
00:1c:0f:81:db:80
00:1c:0f:81:fc:20
00:21:1b:ea:36:60
00:1c:63:23:ac:a0
00:1b:d5:9f:7d:b2
00:0c:d4:8a:6b:c1
AP1140
AP1
AP2
10.10.163.216
10.10.163.215
10.10.163.214
Status
Joined
Not joined
Joined
Not joined
1522
Cisco Wireless Controller Command Reference, Release 8.4
show ap led-state show ap led-state
To view the LED state of all access points or a specific access point, use the show ap led-state command.
show ap led-state {all | cisco_ap}
Syntax Description all
cisco_ap
Shows the LED state for all access points.
Name of the access point whose LED state is to be shown.
Command Default
The AP LED state is enabled.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to get the LED state of all access points:
(Cisco Controller) >
show ap led-state all
Global LED State: Enabled (default)
Cisco Wireless Controller Command Reference, Release 8.4
1523
show ap led-flash show ap led-flash
To display the LED flash status of an access point, use the show ap led-flash command.
show ap led-flash cisco_ap
Syntax Description
cisco_ap
Enter the name of the Cisco AP.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the LED flash status of an access point:
(Cisco Controller) >
show ap led-flash
1524
Cisco Wireless Controller Command Reference, Release 8.4
show ap link-encryption show ap link-encryption
To display the MAC addresses of all the access points that are joined to the controller or that have tried to join, use the show ap link-encryption command.
show ap link-encryption {all | cisco_ap}
Syntax Description all
cisco_ap
Specifies all access points.
Name of the lightweight access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the link encryption status of all access points:
(Cisco Controller) >
show ap link-encryption all
Encryption Dnstream Upstream Last
AP Name State Count Count Update
---------------------------------------
1240 Dis 4406 237553 Never
1130 En 2484 276308 19:31
Cisco Wireless Controller Command Reference, Release 8.4
1525
show ap max-count summary show ap max-count summary
To display the maximum number of access points supported by the Cisco WLC, use the show ap max-count
summarycommand.
show ap max-count summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.5
Modification
This command was introduced.
Examples
The following is a sample output of the show ap max-count summarycommand:
(Cisco Controller) >
show ap max-count
The max number of AP's supported................. 500
1526
Cisco Wireless Controller Command Reference, Release 8.4
show ap monitor-mode summary show ap monitor-mode summary
To display the current channel-optimized monitor mode settings, use the show ap monitor-mode summary command.
show ap monitor-mode summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display current channel-optimized monitor mode settings:
(Cisco Controller) >
show ap monitor-mode summary
AP Name Ethernet MAC Status Scanning Channel List
---------------------------- ----------------------
AP_004 xx:xx:xx:xx:xx:xx Tracking 1, 6, 11, 4
Cisco Wireless Controller Command Reference, Release 8.4
1527
show ap module summary show ap module summary
To view detailed information about the external module, for a specific Cisco AP or for all Cisco APs, use the
show ap module summary command.
show ap module summary {ap-name | all}
Syntax Description
ap-name
all
Cisco AP name that has the external module
All Cisco APs that have the external module
Command History
Release
8.1
Modification
This command was introduced.
1528
Cisco Wireless Controller Command Reference, Release 8.4
show ap packet-dump status show ap packet-dump status
To display access point Packet Capture configurations, use the show ap packet-dump status command.
show ap packet-dump status
Syntax Description
This command has no arguments or keywords.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Packet Capture does not work during intercontroller roaming.
The controller does not capture packets created in the radio firmware and sent out of the access point, such as the beacon or probe response. Only packets that flow through the Radio driver in the Tx path are captured.
Examples
The following example shows how to display the access point Packet Capture configurations:
(Cisco Controller) >
show ap packet-dump status
Packet Capture Status............................ Stopped
FTP Server IP Address............................ 0.0.0.0
FTP Server Path..................................
FTP Server Username..............................
FTP Server Password.............................. ********
Buffer Size for Capture.......................... 2048 KB
Packet Capture Time.............................. 45 Minutes
Packet Truncate Length........................... Unspecified
Packet Capture Classifier........................ None
Cisco Wireless Controller Command Reference, Release 8.4
1529
show ap prefer-mode stats show ap prefer-mode stats
To view prefer-mode global and per AP group statistics, use the show ap prefer-mode stats command.
show ap prefer-mode stats
Syntax Description stats
Displays prefer-mode global and per AP group statistics
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
1530
Cisco Wireless Controller Command Reference, Release 8.4
show ap retransmit show ap retransmit
To display access point control packet retransmission parameters, use theshow ap retransmit command.
show ap retransmit {all | cisco_ap}
Syntax Description all
cisco_ap
Specifies all access points.
Name of the access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the control packet retransmission parameters of all access points on a network:
(Cisco Controller) >
show ap retransmit all
Global control packet retransmit interval: 3 (default)
Global control packet retransmit count: 5 (default)
AP Name Retransmit Interval Retransmit count
------------------------------------------------------
AP_004 3 (default) 5 (WLC default),5 (AP default)
Cisco Wireless Controller Command Reference, Release 8.4
1531
show ap stats show ap stats
To display the statistics for a Cisco lightweight access point, use the show ap stats command.
show ap stats {802.11{a | b} | wlan | ethernet summary} cisco_ap [tsm {client_mac | all}]
Syntax Description
802.11a
802.11b
wlan ethernet summary
cisco_ap
tsm
client_mac
all
Specifies the 802.11a network
Specifies the 802.11b/g network.
Specifies WLAN statistics.
Specifies AP ethernet interface statistics.
Displays ethernet interface summary of all the connected
Cisco access points.
Name of the lightweight access point.
(Optional) Specifies the traffic stream metrics.
(Optional) MAC address of the client.
(Optional) Specifies all access points.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command was modified. The OEAP WMM
Counters were added to the output.
Examples
The following example shows how to display statistics of an access point for the 802.11b network:
(Cisco Controller) >
show ap stats 802.11a Ibiza
Number Of Slots.................................. 2
AP Name.......................................... Ibiza
MAC Address...................................... 44:2b:03:9a:8a:73
Radio Type....................................... RADIO_TYPE_80211a
Stats Information
Number of Users................................ 0
TxFragmentCount................................ 84628
1532
Cisco Wireless Controller Command Reference, Release 8.4
show ap stats
MulticastTxFrameCnt............................ 84628
FailedCount.................................... 0
RetryCount..................................... 0
MultipleRetryCount............................. 0
FrameDuplicateCount............................ 0
RtsSuccessCount................................ 1
RtsFailureCount................................ 0
AckFailureCount................................ 0
RxIncompleteFragment........................... 0
MulticastRxFrameCnt............................ 0
FcsErrorCount.................................. 20348857
TxFrameCount................................... 84628
WepUndecryptableCount.......................... 19907
TxFramesDropped................................ 0
OEAP WMM Stats :
Best Effort:
Tx Frame Count............................... 0
Tx Failed Frame Count........................ 0
Tx Expired Count............................. 0
Tx Overflow Count............................ 0
Tx Queue Count............................... 0
Tx Queue Max Count........................... 0
Rx Frame Count............................... 0
Rx Failed Frame Count........................ 0
Background:
Tx Frame Count............................... 0
Tx Failed Frame Count........................ 0
Tx Expired Count............................. 0
Tx Overflow Count............................ 0
Tx Queue Count............................... 0
Tx Queue Max Count........................... 0
Rx Frame Count............................... 0
Rx Failed Frame Count........................ 0
Video:
Tx Frame Count............................... 0
Tx Failed Frame Count........................ 0
Tx Expired Count............................. 0
Tx Overflow Count............................ 0
Tx Queue Count............................... 0
Tx Queue Max Count........................... 0
Rx Frame Count............................... 0
Rx Failed Frame Count........................ 0
Voice:
Tx Frame Count............................... 0
Tx Failed Frame Count........................ 0
Tx Expired Count............................. 0
Tx Overflow Count............................ 0
Tx Queue Count............................... 0
Tx Queue Max Count........................... 0
Rx Frame Count............................... 0
Rx Failed Frame Count........................ 0
Rate Limiting Stats:
Wlan 1:
Number of Data Packets Received.............. 592
Number of Data Rx Packets Dropped............ 160
Number of Data Bytes Received................ 160783
Number of Data Rx Bytes Dropped.............. 0
Number of Realtime Packets Received.......... 592
Number of Realtime Rx Packets Dropped........ 0
Number of Realtime Bytes Received............ 160783
Number of Realtime Rx Bytes Dropped.......... 0
Number of Data Packets Sent.................. 131
Number of Data Tx Packets Dropped............ 0
Number of Data Bytes Sent.................... 23436
Number of Data Tx Bytes Dropped.............. 0
Number of Realtime Packets Sent.............. 131
Number of Realtime Tx Packets Dropped........ 0
Number of Realtime Bytes Sent................ 23436
Number of Realtime Tx Bytes Dropped.......... 0
Call Admission Control (CAC) Stats
Voice Bandwidth in use(% of config bw)......... 0
Voice Roam Bandwidth in use(% of config bw).... 0
Cisco Wireless Controller Command Reference, Release 8.4
1533
show ap stats
Total channel MT free........................ 0
Total voice MT free.......................... 0
Na Direct.................................... 0
Na Roam...................................... 0
Video Bandwidth in use(% of config bw)......... 0
Video Roam Bandwidth in use(% of config bw).... 0
Total BW in use for Voice(%)................... 0
Total BW in use for SIP Preferred call(%)...... 0
WMM TSPEC CAC Call Stats
Total num of voice calls in progress........... 0
Num of roaming voice calls in progress......... 0
Total Num of voice calls since AP joined....... 0
Total Num of roaming calls since AP joined..... 0
Total Num of exp bw requests received.......... 0
Total Num of exp bw requests admitted.......... 0
Num of voice calls rejected since AP joined.... 0
Num of roam calls rejected since AP joined..... 0
Num of calls rejected due to insufficent bw.... 0
Num of calls rejected due to invalid params.... 0
Num of calls rejected due to PHY rate.......... 0
Num of calls rejected due to QoS policy........ 0
SIP CAC Call Stats
Total Num of calls in progress................. 0
Num of roaming calls in progress............... 0
Total Num of calls since AP joined............. 0
Total Num of roaming calls since AP joined..... 0
Total Num of Preferred calls received.......... 0
Total Num of Preferred calls accepted.......... 0
Total Num of ongoing Preferred calls........... 0
Total Num of calls rejected(Insuff BW)......... 0
Total Num of roam calls rejected(Insuff BW).... 0
WMM Video TSPEC CAC Call Stats
Total num of video calls in progress........... 0
Num of roaming video calls in progress......... 0
Total Num of video calls since AP joined....... 0
Total Num of video roaming calls since AP j.... 0
Num of video calls rejected since AP joined.... 0
Num of video roam calls rejected since AP j.... 0
Num of video calls rejected due to insuffic.... 0
Num of video calls rejected due to invalid .... 0
Num of video calls rejected due to PHY rate.... 0
Num of video calls rejected due to QoS poli.... 0
SIP Video CAC Call Stats
Total Num of video calls in progress........... 0
Num of video roaming calls in progress......... 0
Total Num of video calls since AP joined....... 0
Total Num of video roaming calls since AP j.... 0
Total Num of video calls rejected(Insuff BW.... 0
Total Num of video roam calls rejected(Insu.... 0
Band Select Stats
Num of dual band client ....................... 0
Num of dual band client added.................. 0
Num of dual band client expired ............... 0
Num of dual band client replaced............... 0
Num of dual band client detected .............. 0
Num of suppressed client ...................... 0
Num of suppressed client expired............... 0
Num of suppressed client replaced.............. 0
1534
Cisco Wireless Controller Command Reference, Release 8.4
show ap summary show ap summary
To display a summary of all lightweight access points attached to the controller, use the show ap summary command.
show ap summary [cisco_ap]
Syntax Description
cisco_ap
(Optional) Type sequence of characters that make up the name of a specific AP or a group of APs, or enter a wild character search pattern.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
A list that contains each lightweight access point name, number of slots, manufacturer, MAC address, location, and the controller port number appears. When you specify
Examples
The following example shows how to display a summary of all connected access points:
(Cisco Controller) >
show ap summary
Number of APs.................................... 2
Global AP username.............................. user
Global AP Dot1x username........................ Not Configured
Number of APs.................................... 2
Global AP username.............................. user
Global AP Dot1x username........................ Not Configured
AP Name
Country IP Address
AP1140 location
Slots AP Model
Clients
Ethernet MAC Location
------------------------------------------------------------------------------
---------------------
2 AIR-LAP1142N-A-K9
US 192.168.0.0
0 f0:f7:55:75:f3:29 default
Access Points using IPv6 transport:
AP Name Slots AP Model Ethernet MAC Location Country
Address Clients
------------------ ----- ------------------------------------- ------------
------------------ ----- ---------------------------- ------
AP1040 2
2001:DB8:0:1::1
AIR-LAP1042N-A-K9 00:40:96:b9:4b:89 default location US
0
IPv6
Cisco Wireless Controller Command Reference, Release 8.4
1535
show ap tcp-mss-adjust show ap tcp-mss-adjust
To display the Basic Service Set Identifier (BSSID) value for each WLAN defined on an access point, use the show ap tcp-mss-adjust command.
show ap tcp-mss-adjust {cisco_ap | all}
Syntax Description
cisco_ap
all
Specified lightweight access point name.
Specifies all access points.
Note
If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP that is with the keyword all.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display Transmission Control Protocol (TCP) maximum segment size
(MSS) information of all access points:
(Cisco Controller) >
show ap tcp-mss-adjust all
AP Name TCP State MSS Size
------------------ --------- -------
AP-1140
AP-1240
AP-1130 enabled disabled disabled
536
-
-
1536
Cisco Wireless Controller Command Reference, Release 8.4
show ap wlan show ap wlan
To display the Basic Service Set Identifier (BSSID) value for each WLAN defined on an access point, use the show ap wlan command.
show ap wlan 802.11{a | b} cisco_ap
Syntax Description
802.11a
802.11b
ap_name
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Lightweight access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display BSSIDs of an access point for the 802.11b network:
(Cisco Controller) >
show ap wlan 802.11b AP01
Site Name........................................ MY_AP_GROUP1
Site Description................................. MY_AP_GROUP1
WLAN ID
-------
Interface
-----------
BSSID
--------------------------
1
2 management dynamic
00:1c:0f:81:fc:20
00:1c:0f:81:fc:21
Cisco Wireless Controller Command Reference, Release 8.4
1537
show assisted-roaming show assisted-roaming
To display assisted roaming and 802.11k configurations, use the show assisted-roaming command.
show assisted-roaming
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display assisted roaming and 802.11k configurations:
(Cisco Controller) >
show assisted-roaming
Assisted Roaming and 80211k Information:
Floor RSSI Bias.................................. 15 dBm
Maximum Denial................................... 2 counts
Minimium Optimized Neighbor Assigned............. 2 neighbors
Assisted Roaming Performance Chart:
Matching Assigned Neighbor....................... [0] = 0
Matching Assigned Neighbor....................... [1] = 0
Matching Assigned Neighbor....................... [2] = 0
Matching Assigned Neighbor....................... [3] = 0
Matching Assigned Neighbor....................... [4] = 0
Matching Assigned Neighbor....................... [5] = 0
Matching Assigned Neighbor....................... [6] = 0
Matching Assigned Neighbor....................... [7] = 0
No Matching Neighbor............................. [8] = 0
No Neighbor Assigned............................. [9] = 0
Related Commands config assisted-roaming config wlan assisted-roaming debug 11k
1538
Cisco Wireless Controller Command Reference, Release 8.4
show atf config
To monitor Cisco Airtime Fairness configuration, use the show atf config command.
show atf config {all | {ap-nameap-name} | {802.11{a | b}} | policy | wlan}
Syntax Description all ap-name
ap-name
802.11a
802.11b
policy wlan
Shows Cisco ATF configuration of all radios
Shows Cisco ATF configuration of an AP
AP name that you must specify
Shows Cisco ATF configuration of all 5-GHz radios
Shows Cisco ATF configuration of all 2.4-GHz radios
Shows configuration of all airtime policies
Shows Cisco ATF configuration of all WLANs
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced
This example shows how to monitor Cisco Airtime Fairness configuration:
(Cisco Controller) >
show atf config all show atf config
Cisco Wireless Controller Command Reference, Release 8.4
1539
show atf statistics ap show atf statistics ap
To monitor Cisco Airtime Fairness statistics, use the show atf statistics command.
show atf statistics ap ap-name 802.11{a | b} {summary | wlan-id | policy-id}
Syntax Description
802.11a
802.11b
summary
wlan wlan-id
policy policy-name
Shows detailed statistics on all 5-GHz radios.
Shows detailed statistics on all 2.4-GHz radios.
Shows summary statistics for the AP.
Shows detailed ATF statistics for the specified WLAN.
Shows detailed ATF statistics for the specified policy name.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
This example shows how to monitor Cisco Airtime Fairness statistics:
(Cisco Controller) >
show atf statistics ap Ap01323 802.11a summary
1540
Cisco Wireless Controller Command Reference, Release 8.4
show auth-list show auth-list
To display the access point authorization list, use the show auth-list command.
show auth-list
Syntax Description
This command has no arguments or keywords.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the access point authorization list:
(Cisco Controller) >
show auth-list
Authorize APs against AAA...................... disabled
Allow APs with Self-signed Certificate (SSC)... disabled
Mac Addr Cert Type Key Hash
------------------------------------------------------------------------xx:xx:xx:xx:xx:xx MIC
Cisco Wireless Controller Command Reference, Release 8.4
1541
show avc applications show avc applications
To display all the supported Application Visibility and Control (AVC) applications, use the show avc
applications command.
show avc applications
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.4
Modification
This command was introduced.
Usage Guidelines
AVC uses the Network-Based Application Recognition (NBAR) deep packet inspection technology to classify applications based on the protocol they use. Using AVC, the controller can detect more than 1500 Layer 4 to
Layer 7 protocols.
Examples
The following is a sample output of the show avc applications command:
(Cisco Controller) >
show avc applications
Application-Name
================
3com-amp3
3com-tsmux
3pc
914c/g
9pfs acap acas accessbuilder accessnetwork acp acr-nema active-directory activesync
App-ID Engine-ID Selector-ID Application-Group-Name
====== ========= =========== ======================
538
977
3
3
629
106 other obsolete
788
1109
479
582
939
662
607
513
975
1194
1419
13
13
1
3
3
3
3
3
3
3
3
34
211
564
674
62
888
699
599
104
473
490 layer3-over-ip net-admin net-admin net-admin other other other other industrial-protocols other business-and-productivity-tools adobe-connect aed-512 afpovertcp agentx alpes aminet an
----
1441
963
1327
609
377
558
861
----
13
3
3
3
3
3
1
---
505
149
548
705
463
2639
107
----other obsolete business-and-productivity-tools net-admin net-admin file-sharing layer3-over-ip
-------------
1542
Cisco Wireless Controller Command Reference, Release 8.4
show avc profile show avc profile
To display Application Visibility and Control (AVC) profiles, use the show avc profile command.
show avc profile {summary | detailed profile_name }
Syntax Description summary detailed
profile_name
Displays a summary of AVC profiles.
Displays the details of an AVC profile.
Name of the AVC profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.
Command Default
None
Command History
Release
7.4
Examples
Modification
This command was introduced.
The following is a sample output of the show avc profile summary command.
(Cisco Controller) >
show avc profile summary
Profile-Name
============ profile 1 avc_profile2
Number of Rules
==============
3
1
The following is a sample output of the show avc profile detailed command.
(Cisco Controller) >
show avc profile detailed
Application-Name
================ ftp flash-video facebook
Associated WLAN IDs :
Associated Remote LAN IDs :
Associated Guest LAN IDs :
Application-Group-Name
======================= file-sharing browsing browsing
Action DSCP
====== ====
Drop
Mark
Mark
-
10
10
Cisco Wireless Controller Command Reference, Release 8.4
1543
show avc statistics application show avc statistics application
To display the statistics of an application, use the show avc statistics application command.
show avc statistics application application_name top-users [downstream wlan | upstream wlan | wlan]
[wlan_id ]}
Syntax Description
application_name
top-users downstream wlan
wlan_id
upstream
Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
Displays AVC statistics for top application users.
(Optional) Displays statistics of top downstream applications.
(Optional) Displays AVC statistics of a WLAN.
WLAN identifier from 1 to 512.
(Optional) Displays statistics of top upstream applications.
Command Default
None
Command History
Examples
Release
7.4
Modification
This command was introduced.
The following is a sample output of the show avc statistics application command:
(Cisco Controller) >
show avc statistics application ftp top-users downstream wlan 1
Client MAC
Bytes DSCP
(Up/Down)
(Total) In Out
Client IP
===========
======= === ===
=========
00:0a:ab:15:00:9c(U) 172.16.31.156
338 0 0
(D) 172.16.31.156
6409 0 0
00:0a:ab:15:00:5a(U) 172.16.31.90
84 0 0
(D) 172.16.31.90
5869 0 0
00:0a:ab:15:00:60(U) 172.16.31.96
8666 0 0
(D) 172.16.31.96
9595 0 0
00:0a:ab:15:00:a4(U) 172.16.31.164
161 0 0
WLAN ID Packets Bytes Avg Pkt Packets
(n secs) (n secs) Size (Total)
====== ======= ======= ====== =======
1
1
1
1
1
1
1
16
22
7
12
19
19
18
91 5
5911 268
39 5
5723 476
117 6
4433 233
139 7
43
48
13
18
75
83
21
1544
Cisco Wireless Controller Command Reference, Release 8.4
show avc statistics application
(D) 172.16.31.164
4439 0 0
00:0a:ab:15:00:48(U) 172.16.31.72
2738 0 0
(D) 172.16.31.72
4367 0 0
00:0a:ab:15:00:87(U) 172.16.31.135
301 0 0
(D) 172.16.31.135
7755 0 0
00:0a:ab:15:00:92(U) 172.16.31.146
84 0 0
(D) 172.16.31.146
4201 0 0
00:0a:ab:15:00:31(U) 172.16.31.49
250 0 0
(D) 172.16.31.49
3755 0 0
00:0a:ab:15:00:46(U) 172.16.31.70
175 0 0
(D) 172.16.31.70
3448 0 0
00:0a:ab:15:00:b3(U) 172.16.31.179
241 0 0
1
1
1
1
1
1
1
1
1
1
1
1
18
7
10
10
12
10
9
11
23
21
22
11
4409 191
2738 130
4367 198
47 4
4208 350
73 7
4168 463
95 8
3201 177
47 6
3162 316
85 8
43
20
23
34
48
11
11
34
24
21
22
49
Cisco Wireless Controller Command Reference, Release 8.4
1545
show avc statistics client show avc statistics client
To display the client Application Visibility and Control (AVC) statistics, use the show avc statistics client command.
show avc statistics client client_MAC {application application_name | top-apps [upstream | downstream]}
Syntax Description
client_MAC
upstream
MAC address of the client.
Displays AVC statistics for an application.
application
application_name
Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
top-apps
Displays AVC statistics for top applications.
(Optional) Displays statistics of top upstream applications.
downstream
(Optional) Displays statistics of top downstream applications.
Command Default
None
Command History
Examples
Release
7.4
Modification
This command was introduced.
The following is a sample output of the show avc statistics client command:
(Cisco Controller) >
show avc statistics client 00:0a:ab:15:00:01 application http
Description
===========
Number of Packtes(n secs)
Number of Bytes(n secs)
Average Packet size(n secs)
Total Number of Packtes
Total Number of Bytes
DSCP Incoming packet
DSCP Outgoing Packet
Upstream
========
5059
170144
33
131878
6054464
16
16
Downstream
==========
6369
8655115
1358
150169
205239972
0
0
The following is a sample output of the show avc statistics client command.
(Cisco Controller) >
show avc statistics client 00:0a:ab:15:00:01 top-apps
Application-Name
(Up/Down)
================ http ggp
(U)
(D)
(U)
Packets Bytes Avg Pkt Packets Bytes
(n secs) (n secs) Size (Total) (Total)
======= ====== ====== ======= ======
6035
5420
1331
637728
7218796
1362944
105
1331
1024
6035
5420
1331
637728
7218796
1362944
DSCP DSCP
In Out
==== ====
16
0
0
16
0
0
1546
Cisco Wireless Controller Command Reference, Release 8.4
smp vrrp bittorrent icmp edonkey dns realmedia
show avc statistics client
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
0 0 0
1046 1071104 1024
0 0 0
205 209920 1024
0 0 0
117
121
0
72
1604
70469
0
40032
13
582
0
556
112
105
10
7
2
2
4620
33076
380
1743
158
65
41
315
38
249
79
32
0
1046
0
205
0
117
121
0
72
112
105
10
7
2
2
0
1071104
0
209920
0
1604
70469
0
40032
4620
33076
380
1743
158
65
0
0
0
0
0
0
0
0
48
0
24
0
0
0
0
0
0
0
0
0
0
0
0
48
0
24
0
0
0
0
Cisco Wireless Controller Command Reference, Release 8.4
1547
show avc statistics guest-lan show avc statistics guest-lan
To display the Application Visibility and Control (AVC) statistics of a guest LAN, use the show avc statistics
guest-lan command.
show avc statistics guest-lan guest-lan_id {application application_name | top-app-groups [upstream |
downstream] | top-apps [upstream | downstream]}
Syntax Description
guest-lan_id
application
application_name
top-app-groups upstream downstream top-apps
Guest LAN identifier from 1 to 5.
Displays AVC statistics for an application.
Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
Displays AVC statistics for top application groups.
(Optional) Displays statistics of top upstream applications.
(Optional) Displays statistics of top downstream applications.
Displays AVC statistics for top applications.
Command Default
None
Command History
Examples
Release
7.4
Modification
This command was introduced.
The following is a sample output of the show avc statistics command.
(Cisco Controller) >
show avc statistics guest-lan 1
Application-Name
(Up/Down)
================ unclassified ftp http gre icmp ipinip imap
Packets Bytes Avg Pkt Packets
(n secs) (n secs) Size (Total)
Bytes
(Total)
(U)
======= ======
805 72880
====== ======
(U) 191464 208627
(D) 63427 53440610 842
1
90
92208613
16295621
172939
=======
11138796586
9657054635
11206202
(D) 911 58143
(U) 264904 12508288
63
47
(D) 319894 436915253 1365
(U) 0 0 0
190900 17418653
27493945 2837672192
29850934 36817587924
10158872 10402684928
(D)
(U)
0
1
0
40
0
40
(D) 7262 4034576 555
(U) 62565 64066560 1024
(D) 0 0 0
(U) 1430 16798 11
0
323
0
98476
2888266 1605133372
11992305 12280120320
0 0
305161 3795766
1548
Cisco Wireless Controller Command Reference, Release 8.4
irc nntp
show avc statistics guest-lan
(D) 1555
(U) 9
(D)
(U)
(D)
11
22
22
576371 370
74 8
371
158
372
33
7
16
332290
1736
1972
1705
2047
125799465
9133
173381
9612
214391
Cisco Wireless Controller Command Reference, Release 8.4
1549
show avc statistics remote-lan show avc statistics remote-lan
To display the Application Visibility and Control (AVC) statistics of a remote LAN, use the show avc statistics
remote-lan command.
show avc statistics remote-lan remote-lan_id{application application_name | top-app-groups [upstream
| downstream] | top-apps [upstream | downstream]}
Syntax Description
remote-lan_id
application
application_name
top-app-groups upstream downstream top-apps
Remote LAN identifier from 1 to 512.
Displays AVC statistics for an application.
Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
Displays AVC statistics for top application groups.
(Optional) Displays statistics of top upstream applications.
(Optional) Displays statistics of top downstream applications.
Displays AVC statistics for top applications.
Command Default
None
Command History
Examples
Release
7.4
Modification
This command was introduced.
The following is a sample output of the show avc statistics remote-lan command.
(Cisco Controller) >
show avc statistics remote-lan 1
Application-Name
(Up/Down)
================ unclassified ftp http gre icmp ipinip imap
Packets Bytes Avg Pkt Packets
(n secs) (n secs) Size (Total)
Bytes
(Total)
(U)
======= ======
805 72880
====== ======
(U) 191464 208627
(D) 63427 53440610 842
1
90
92208613
16295621
172939
=======
11138796586
9657054635
11206202
(D) 911 58143
(U) 264904 12508288
63
47
(D) 319894 436915253 1365
(U) 0 0 0
190900 17418653
27493945 2837672192
29850934 36817587924
10158872 10402684928
(D)
(U)
0
1
0
40
0
40
(D) 7262 4034576 555
(U) 62565 64066560 1024
(D) 0 0 0
(U) 1430 16798 11
0
323
0
98476
2888266 1605133372
11992305 12280120320
0 0
305161 3795766
1550
Cisco Wireless Controller Command Reference, Release 8.4
irc nntp
show avc statistics remote-lan
(D) 1555
(U) 9
(D)
(U)
(D)
11
22
22
576371 370
74 8
371
158
372
33
7
16
332290
1736
1972
1705
2047
125799465
9133
173381
9612
214391
Cisco Wireless Controller Command Reference, Release 8.4
1551
show avc statistics top-apps show avc statistics top-apps
To display the Application Visibility and Control (AVC) statistics for the most used applications, use the
show avc statistics top-apps command.
show avc statistics top-apps [upstream | downstream]
Syntax Description upstream downstream
(Optional) Displays statistics of the most used upstream applications.
(Optional) Displays statistics of the most used downstream applications.
Command Default
None
Command History
Release
7.4
Modification
This command was introduced.
Examples
The following is a sample output of the show avc statistics top-aps command:
(Cisco Controller) >
show avc statistics top-apps
Application-Name
(Up/Down)
================ http realmedia mpls-in-ip fire pipe gre crudp rtp icmp
(D)
(U)
(D)
(U)
(D)
(U)
(D)
Packets Bytes Avg Pkt
(n secs) (n secs) Size
======= ======= =======
(U) 204570 10610912 51
(D) 240936 327624221 1359
(U) 908 62154 68
(D) 166694 220522943 1322
(U)
(D)
(U)
77448 79306752 1024
0 0 0
70890 72591360 1024
(U)
(D)
(U)
(D)
0
68296
0
60982
0
26430
0
0
7482
0
10155
0
69935104
0
62445568
0
27064320
0
0
0
5640504
0
1024
0
1024
0
1024
0
0
9936096 1328
0
555
Packets
(Total)
=======
28272539
30750570
400698
35802836
10292787
0
10242484
0
10224255
0
10340221
0
10109812
0
0
2603923
323
2924693
Bytes
(Total)
========
2882294016
38026889010
26470359
47131836785
10539813888
0
10488303616
0
10469637120
0
10588386304
0
10352447488
0
0
3458009744
98476
1625363564
Related Commands config avc profile delete config avc profile create config avc profile rule config wlan avc
1552
Cisco Wireless Controller Command Reference, Release 8.4
show avc profile show avc applications show avc statistics client show avc statistics wlan show avc statistics applications show avc statistics guest-lan show avc statistics remote-lan debug avc error debug avc events show avc statistics top-apps
Cisco Wireless Controller Command Reference, Release 8.4
1553
show avc statistics wlan show avc statistics wlan
To display the Application Visibility and Control (AVC) statistics of a WLAN, use the show avc statistics
wlan command.
show avc statistics wlan wlan_id {application application_name | top-app-groups [upstream | downstream]
| top-apps [upstream | downstream]}
Syntax Description
wlan_id
application
application_name
top-app-groups upstream downstream top-apps
WLAN identifier from 1 to 512.
Displays AVC statistics for an application.
Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
Displays AVC statistics for top application groups.
(Optional) Displays statistics of top upstream applications.
(Optional) Displays statistics of top downstream applications.
Displays AVC statistics for top applications.
Command Default
None
Command History
Examples
Release
7.4
Modification
This command was introduced.
The following is a sample output of the show avc statistics command.
(Cisco Controller) >
show avc statistics wlan 1
Application-Name
(Up/Down)
================ unclassified ftp http gre icmp ipinip imap
Packets Bytes Avg Pkt Packets
(n secs) (n secs) Size (Total)
Bytes
(Total)
(U)
======= ======
805 72880
====== ======
(U) 191464 208627
(D) 63427 53440610 842
1
90
92208613
16295621
172939
=======
11138796586
9657054635
11206202
(D) 911 58143
(U) 264904 12508288
63
47
(D) 319894 436915253 1365
(U) 0 0 0
190900 17418653
27493945 2837672192
29850934 36817587924
10158872 10402684928
(D)
(U)
0
1
0
40
0
40
(D) 7262 4034576 555
(U) 62565 64066560 1024
(D) 0 0 0
(U) 1430 16798 11
0
323
0
98476
2888266 1605133372
11992305 12280120320
0 0
305161 3795766
1554
Cisco Wireless Controller Command Reference, Release 8.4
show avc statistics wlan
irc nntp
(D) 1555
(U) 9
(D)
(U)
(D)
11
22
22
576371 370
74 8
371
158
372
33
7
16
332290
1736
1972
1705
2047
The following is a sample output of the show avc statistics wlan command.
(Cisco Controller) >
show avc statistics wlan 1 application ftp
Description
===========
Number of Packtes(n secs)
Number of Bytes(n secs)
Average Packet size(n secs)
Total Number of Packtes
Total Number of Bytes
Upstream
========
0
0
0
32459
274
Downstream
==========
0
0
0
64888
94673983
125799465
9133
173381
9612
214391
Cisco Wireless Controller Command Reference, Release 8.4
1555
show boot show boot
To display the primary and backup software build numbers with an indication of which is active, use the show
boot command.
show boot
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Each Cisco wireless LAN controller retains one primary and one backup operating system software load in nonvolatile RAM to allow controllers to boot off the primary load (default) or revert to the backup load when desired.
Examples
The following is a sample output of the show boot command:
(Cisco Controller) >
show boot
Primary Boot Image............................... 3.2.13.0 (active)
Backup Boot Image................................ 3.2.15.0
Related Commands config boot
1556
Cisco Wireless Controller Command Reference, Release 8.4
show band-select show band-select
To display band selection information, use the show band-select command.
show band-select
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show band-select command:
(Cisco Controller) >
show band-select
Band Select Probe Response....................... per WLAN enabling
Cycle Count................................... 3 cycles
Cycle Threshold............................... 200 milliseconds
Age Out Suppression........................... 20 seconds
Age Out Dual Band............................. 60 seconds
Client RSSI................................... -80 dBm
Related Commands config band-select config wlan band-select
Cisco Wireless Controller Command Reference, Release 8.4
1557
show buffers show buffers
To display buffer information of the controller, use the show buffers command.
show buffers
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show buffers command:
(Cisco Controller) >
show buffers
Pool[00]: 16 byte chunks chunks in pool: chunks in use:
50000
9196 bytes in use: 147136 bytes requested: 73218 (73918 overhead bytes)
Pool[01]: 64 byte chunks chunks in pool: 50100 chunks in use: 19222 bytes in use: 1230208 bytes requested: 729199 (501009 overhead bytes)
Pool[02]: 128 byte chunks chunks in pool: 26200 chunks in use: bytes in use:
9861
1262208 bytes requested: 848732 (413476 overhead bytes)
Pool[03]: 256 byte chunks chunks in pool: 3000 chunks in use: bytes in use:
596
152576 bytes requested: 93145 (59431 overhead bytes)
Pool[04]: 384 byte chunks chunks in pool: 6000 chunks in use: bytes in use:
258
99072 bytes requested: 68235 (30837 overhead bytes)
Pool[05]: 512 byte chunks chunks in pool: chunks in use:
18700
18667 bytes in use: 9557504 bytes requested: 7933814 (1623690 overhead bytes)
Pool[06]: 1024 byte chunks chunks in pool: 3500 chunks in use: 94 bytes in use: 96256 bytes requested: 75598 (20658 overhead bytes)
Pool[07]: 2048 byte chunks chunks in pool: 1000 chunks in use: bytes in use:
54
110592 bytes requested: 76153 (34439 overhead bytes)
Pool[08]: 4096 byte chunks
1558
Cisco Wireless Controller Command Reference, Release 8.4
chunks in pool: chunks in use:
1000
47 bytes in use: 192512 bytes requested: 128258 (64254 overhead bytes)
Raw Pool: chunks in use: 256 bytes requested: 289575125
show buffers
Cisco Wireless Controller Command Reference, Release 8.4
1559
show cac voice stats show cac voice stats
To view the detailed voice CAC statistics of the 802.11a or 802.11b radio, use the show cac voice stats command.
show cac voice stats {802.11a | 802.11b}
Syntax Description
802.11a
802.11b
Displays detailed voice CAC statistics for 802.11a.
Displays detailed voice CAC statistics for 802.11b/g.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show cac voice stats 802.11b command:
(Cisco Controller) >
show cac voice stats 802.11b
WLC Voice Call Statistics for 802.11b Radio
WMM TSPEC CAC Call Stats
Total num of Calls in progress................. 0
Num of Roam Calls in progress.................. 0
Total Num of Calls Admitted.................... 0
Total Num of Roam Calls Admitted............... 0
Total Num of exp bw requests received.......... 0
Total Num of exp bw requests Admitted.......... 0
Total Num of Calls Rejected.................... 0
Total Num of Roam Calls Rejected............... 0
Num of Calls Rejected due to insufficent bw.... 0
Num of Calls Rejected due to invalid params.... 0
Num of Calls Rejected due to PHY rate.......... 0
Num of Calls Rejected due to QoS policy........ 0
SIP CAC Call Stats
Total Num of Calls in progress................. 0
Num of Roam Calls in progress.................. 0
Total Num of Calls Admitted.................... 0
Total Num of Roam Calls Admitted............... 0
Total Num of Preferred Calls Received.......... 0
Total Num of Preferred Calls Admitted.......... 0
Total Num of Ongoing Preferred Calls........... 0
Total Num of Calls Rejected(Insuff BW)......... 0
Total Num of Roam Calls Rejected(Insuff BW).... 0
KTS based CAC Call Stats
Total Num of Calls in progress................. 0
Num of Roam Calls in progress.................. 0
Total Num of Calls Admitted.................... 0
Total Num of Roam Calls Admitted............... 0
Total Num of Calls Rejected(Insuff BW)......... 0
Total Num of Roam Calls Rejected(Insuff BW).... 0
1560
Cisco Wireless Controller Command Reference, Release 8.4
show cac voice summary show cac voice summary
To view the list of all APs with brief voice statistics (includes bandwidth used, maximum bandwidth available, and the number of calls information), use the show cac voice summary command.
show cac voice summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show cac voice summary command:
(Cisco Controller) >
show cac voice summary
AP Name Slot# Radio BW Used/Max Calls
-----------------------------------------
APc47d.4f3a.3547
1 11a
0 11b/g
1072/23437 1
0/23437 0
Cisco Wireless Controller Command Reference, Release 8.4
1561
show cac video stats show cac video stats
To view the detailed video CAC statistics of the 802.11a or 802.11b radio, use the show cac video stats command.
show cac video stats {802.11a | 802.11b}
Syntax Description
802.11a
802.11b
Displays detailed video CAC statistics for 802.11a.
Displays detailed video CAC statistics for 802.11b/g.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show cac video stats 802.11b command:
(Cisco Controller) >
show cac video stats 802.11b
WLC Video Call Statistics for 802.11b Radio
WMM TSPEC CAC Call Stats
Total num of Calls in progress................. 0
Num of Roam Calls in progress.................. 0
Total Num of Calls Admitted.................... 0
Total Num of Roam Calls Admitted............... 0
Total Num of Calls Rejected.................... 0
Total Num of Roam Calls Rejected............... 0
Num of Calls Rejected due to insufficent bw.... 0
Num of Calls Rejected due to invalid params.... 0
Num of Calls Rejected due to PHY rate.......... 0
Num of Calls Rejected due to QoS policy........ 0
SIP CAC Call Stats
Total Num of Calls in progress................. 0
Num of Roam Calls in progress.................. 0
Total Num of Calls Admitted.................... 0
Total Num of Roam Calls Admitted............... 0
Total Num of Calls Rejected(Insuff BW)......... 0
Total Num of Roam Calls Rejected(Insuff BW).... 0
Related Commands config 802.11 cac voice config 802.11 cac defaults config 802.11 cac video config 802.11 cac multimedia show cac voice stats show cac voice summary show cac video stats
1562
Cisco Wireless Controller Command Reference, Release 8.4
show cac video summary config 802.11 cac video load-based config 802.11 cac video cac-method config 802.11 cac video sip show cac video stats
Cisco Wireless Controller Command Reference, Release 8.4
1563
show cac video summary show cac video summary
To view the list of all access points with brief video statistics (includes bandwidth used, maximum bandwidth available, and the number of calls information), use the show cac video summary command.
show cac video summary
Syntax Description
This command has no arguments or keywords.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show cac video summary command:
(Cisco Controller) >
show cac video summary
AP Name Slot# Radio BW Used/Max Calls
-----------------------------------------
AP001b.d571.88e0
0
1
11b/g
11a
0/10937
0/18750
0
0
AP5_1250 0
1
11b/g
11a
0/10937
0/18750
0
0
Related Commands config 802.11 cac voice config 802.11 cac defaults config 802.11 cac video config 802.11 cac multimedia show cac voice stats show cac voice summary show cac video stats show cac video summary config 802.11 cac video load-based config 802.11 cac video cac-method config 802.11 cac video sip
1564
Cisco Wireless Controller Command Reference, Release 8.4
show call-control ap show call-control ap
Note
The show call-control ap command is applicable only for SIP based calls.
To see the metrics for successful calls or the traps generated for failed calls, use the show call-control ap command.
show call-control ap {802.11a | 802.11b} cisco_ap {metrics | traps}
Syntax Description
802.11a
802.11b
cisco_ap
metrics traps
Specifies the 802.11a network
Specifies the 802.11b/g network.
Cisco access point name.
Specifies the call metrics information.
Specifies the trap information for call control.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
To aid in troubleshooting, the output of this command shows an error code for any failed calls. This table explains the possible error codes for failed calls.
Table 12: Error Codes for Failed VoIP Calls
Error Code Integer
1 unknown
400 badRequest
401
402 unauthorized paymentRequired
Description
Unknown error.
The request could not be understood because of malformed syntax.
The request requires user authentication.
Reserved for future use.
Cisco Wireless Controller Command Reference, Release 8.4
1565
show call-control ap
Error Code Integer
403
404
405
406
407
408
409
410
411
413
414
415
420
480
481
482 forbidden notFound methodNotallowed notAcceptable proxyAuthenticationRequired requestTimeout conflict gone lengthRequired requestEntityTooLarge requestURITooLarge unsupportedMediaType badExtension temporarilyNotAvailable callLegDoesNotExist loopDetected
Description
The server understood the request but refuses to fulfill it.
The server has information that the user does not exist at the domain specified in the Request-URI.
The method specified in the Request-Line is understood but not allowed for the address identified by the Request-URI.
The resource identified by the request is only capable of generating response entities with content characteristics that are not acceptable according to the Accept header field sent in the request.
The client must first authenticate with the proxy.
The server could not produce a response within a suitable amount of time.
The request could not be completed due to a conflict with the current state of the resource.
The requested resource is no longer available at the server, and no forwarding address is known.
The server is refusing to process a request because the request entity-body is larger than the server is willing or able to process.
The server is refusing to process a request because the request entity-body is larger than the server is willing or able to process.
The server is refusing to service the request because the
Request-URI is longer than the server is willing to interpret.
The server is refusing to service the request because the message body of the request is in a format not supported by the server for the requested method.
The server did not understand the protocol extension specified in a Proxy-Require or Require header field.
The callee’s end system was contacted successfully, but the callee is currently unavailable.
The UAS received a request that does not match any existing dialog or transaction.
The server has detected a loop.
1566
Cisco Wireless Controller Command Reference, Release 8.4
show call-control ap
Error Code Integer
483 tooManyHops
484 addressIncomplete
485
486 ambiguous busy
500
501
502 internalServerError notImplemented badGateway
503 serviceUnavailable
504
505
600
603
604
606 serverTimeout versionNotSupported busyEverywhere decline doesNotExistAnywhere notAcceptable
Description
The server received a request that contains a Max-Forwards header field with the value zero.
The server received a request with a Request-URI that was incomplete.
The Request-URI was ambiguous.
The callee’s end system was contacted successfully, but the callee is currently not willing or able to take additional calls at this end system.
The server encountered an unexpected condition that prevented it from fulfilling the request.
The server does not support the functionality required to fulfill the request.
The server, while acting as a gateway or proxy, received an invalid response from the downstream server it accessed in attempting to fulfill the request.
The server is temporarily unable to process the request because of a temporary overloading or maintenance of the server.
The server did not receive a timely response from an external server it accessed in attempting to process the request.
The server does not support or refuses to support the SIP protocol version that was used in the request.
The callee’s end system was contacted successfully, but the callee is busy or does not want to take the call at this time.
The callee’s machine was contacted successfully, but the user does not want to or cannot participate.
The server has information that the user indicated in the
Request-URI does not exist anywhere.
The user’s agent was contacted successfully, but some aspects of the session description (such as the requested media, bandwidth, or addressing style) were not acceptable.
Cisco Wireless Controller Command Reference, Release 8.4
1567
show call-control ap
Examples
The following is a sample output of the show call-controller ap command that displays successful calls generated for an access point:
(Cisco Controller) >
show call-control ap 802.11a Cisco_AP metrics
Total Call Duration in Seconds................... 120
Number of Calls.................................. 10
Number of calls for given client is................. 1
The following is a sample output of the show call-control ap command that displays metrics of traps generated for an AP.
(Cisco Controller) >
show call-control ap 802.11a Cisco_AP traps
Number of traps sent in one min.................. 2
Last SIP error code.............................. 404
Last sent trap timestamp...................... Jun 20 10:05:06
1568
Cisco Wireless Controller Command Reference, Release 8.4
show call-control client show call-control client
To see call information for a call-aware client when Voice-over-IP (VoIP) snooping is enabled and the call is active, use the show call-control client command
show call-control client callInfo client_MAC_address
Syntax Description callInfo
client_MAC_address
Specifies the call-control information.
Client MAC address.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example is a sample output of the show call-controller client command:
(Cisco Controller) >
show call-control client callInfo 10.10.10.10.10.10
Uplink IP/port................................... 0.0.0.0 / 0
Downlink IP/port................................ 9.47.96.107 / 5006
UP...............................................
6
Calling Party.................................... sip:1021
Called Party..................................... sip:1000
Call ID.......................................... 38423970c3fca477
Call on hold: ................................... FALSE
Number of calls for given client is.............. 1
Cisco Wireless Controller Command Reference, Release 8.4
1569
show call-home summary show call-home summary
To view the Call Home details, use the show call-home summary command.
show call-home summary
Command History
Release
8.2
Modification
This command was introduced.
Examples
The following example shows the call-home summary:
(Cisco Controller) > show call-home summaryCurrent call home settings: call home feature : enabled contact person's email address: [email protected]
Mail-server: Not yet set up http proxy: Not yet set up
Smart licensing messages: disabled data-privacy: normal
Event throttling: Off
Rate-limit: 20 message(s) per minute
Profile name: CiscoTAC-1
Status: Inactive
TAC profile: Yes
Mode: Full reporting
Report data: SCH SL
Msg Format: XML
Msg size limit: 3145728
Transport method: HTTP
--More-- or (q)uit In slWlcProcessSLStatsClearMsg https://tools.cisco.com/its/service/oddce/services/DDCEService
1570
Cisco Wireless Controller Command Reference, Release 8.4
show capwap reap association show capwap reap association
To display the list of clients associated with an access point and their SSIDs, use the show capwap reap
association command.
show capwap reap association
Syntax Description
This command has no arguments or keywords.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to display clients associated to an access point and their SSIDs:
(Cisco Controller) >
show capwap reap association
Cisco Wireless Controller Command Reference, Release 8.4
1571
show capwap reap status show capwap reap status
To display the status of the FlexConnect access point (connected or standalone), use the show capwap reap
status command.
show capwap reap status
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The command shows only the VLAN when configured as AP-specific.
Examples
The following example shows how to display the status of the FlexConnect access point:
(Cisco Controller) >
show capwap reap status
1572
Cisco Wireless Controller Command Reference, Release 8.4
show cdp show cdp
To display the status and details of the Cisco Discovery Protocol (CDP), use the show cdp command.
show cdp {neighbors [detail] | entry all | traffic}
Syntax Description neighbors detail entry all traffic
Displays a list of all CDP neighbors on all interfaces.
(Optional) Displays detailed information of the controller’s CDP neighbors. This command shows only the CDP neighbors of the controller; it does not show the
CDP neighbors of the controller’s associated access points.
Displays all CDP entries in the database.
Displays CDP traffic information.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show cdp command:
(Cisco Controller) >
show cdp
CDP counters :
Total packets output: 0, Input: 0
Chksum error: 0
No memory: 0, Invalid packet: 0,
Related Commands config cdp config ap cdp show ap cdp
Cisco Wireless Controller Command Reference, Release 8.4
1573
show certificate compatibility show certificate compatibility
To display whether or not certificates are verified as compatible in the Cisco wireless LAN controller, use the show certificate compatibility command.
show certificate compatibility
Syntax Description
This command has no arguments or keywords.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show certificate compatibility command:
(Cisco Controller) >
show certificate compatibility
Certificate compatibility mode:................ off
1574
Cisco Wireless Controller Command Reference, Release 8.4
show certificate lsc show certificate lsc
To verify that the controller has generated a Locally Significant Certificate (LSC), use the show certificate
lsc summary command.
show certificate lsc {summary | ap-provision}
Syntax Description summary ap-provision
Displays a summary of LSC certificate settings and certificates.
Displays details about the access points that are provisioned using the LSC.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show certificate lsc summary command:
(Cisco Controller) >
show certificate lsc summary
LSC Enabled...................................... Yes
LSC CA-Server.................................... http://10.0.0.1:8080/caserver
LSC AP-Provisioning.............................. Yes
Provision-List............................... Not Configured
LSC Revert Count in AP reboots............... 3
LSC Params:
Country...................................... 4
State........................................ ca
City......................................... ss
Orgn......................................... org
Dept......................................... dep
Email........................................ [email protected]
KeySize...................................... 390
LSC Certs:
CA Cert...................................... Not Configured
RA Cert...................................... Not Configured
This example shows how to display the details about the access points that are provisioned using the LSC:
(Cisco Controller) >
show certificate lsc ap-provision
LSC AP-Provisioning.............................. Yes
Provision-List................................... Present
Idx Mac Address
--- -------------
1 00:18:74:c7:c0:90
Cisco Wireless Controller Command Reference, Release 8.4
1575
show certificate ssc show certificate ssc
To view the Self Signed Device Certificate (SSC) and hash key of the virtual controller, use the show certificate
ssc command.
show certificate ssc
Syntax Description
This command has no arguments or keywords.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show certificate ssc command :
(Cisco Controller) >
show certificate ssc
SSC Hash validation.............................. Enabled.
SSC Device Certificate details:
Subject Name :
C=US, ST=California, L=San Jose, O=Cisco Virtual Wireless LAN Controller,
CN=DEVICE-vWLC-AIR-CTVM-K9-000C297F2CF7, [email protected]
Validity :
Start : 2012 Jul 23rd, 15:47:53 GMT
End : 2022 Jun 1st, 15:47:53 GMT
Hash key : 5870ffabb15de2a617132bafcd73
1576
Cisco Wireless Controller Command Reference, Release 8.4
show certificate summary show certificate summary
To verify that the controller has generated a certificate, use the show certificate summary command.
show certificate summary
Syntax Description
This command has no arguments or keywords.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show certificate summary command:
(Cisco Controller) >
show certificate summary
Web Administration Certificate................. Locally Generated
Web Authentication Certificate................. Locally Generated
Certificate compatibility mode:................ off
Cisco Wireless Controller Command Reference, Release 8.4
1577
show client ap show client ap
To display the clients on a Cisco lightweight access point, use the show client ap command.
show client ap 802.11{a | b} cisco_ap
Syntax Description
802.11a
802.11b
cisco_ap
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Cisco lightweight access point name.
Command Default
None
Usage Guidelines
The show client ap command may list the status of automatically disabled clients. Use the show exclusionlist command to view clients on the exclusion list (blacklisted).
Examples
This example shows how to display client information on an access point:
(Cisco Controller) >
show client ap 802.11b AP1
MAC Address AP Id Status WLAN Id Authenticated
-----------------------------------------------------xx:xx:xx:xx:xx:xx 1 Associated 1 No
1578
Cisco Wireless Controller Command Reference, Release 8.4
show client calls show client calls
To display the total number of active or rejected calls on the controller, use the show client calls command.
show client calls {active | rejected} {802.11a | 802.11bg | all}
Syntax Description active rejected
802.11a
802.11bg
all
Specifies active calls.
Specifies rejected calls.
Specifies the 802.11a network.
Specifies the 802.11b/g network.
Specifies both the 802.11a and 802.11b/g network.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show client calls active 802.11a command :
(Cisco Controller) >
show client calls active 802.11a
Client MAC Username Total Call
--------------------
00:09: ef: 02:65:70
00:13: ce: cc: 51:39
00:40:96: af: 15:15
00:40:96:b2:69: df
--------abc xyz def def
Duration (sec)
----------
45
45
45
45
AP Name
---------------
VJ-1240C-ed45cc
AP1130-a416
AP1130-a416
AP1130-a416
Number of Active Calls ------------------------------------ 4
Radio Type
----------
802.11a
802.11a
802.11a
802.11a
Cisco Wireless Controller Command Reference, Release 8.4
1579
show client ccx client-capability show client ccx client-capability
To display the client’s capability information, use the show client ccx client-capability command.
show client ccx client-capability client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This command displays the client’s available capabilities, not the current settings for the capabilities.
Examples
The following is a sample output of the show client ccx client-capability command:
(Cisco Controller) >
show client ccx client-capability 00:40:96:a8:f7:98
Service Capability.................................. Voice, Streaming(uni-directional)
Video, Interactive(bi-directional) Video
Radio Type.......................................... DSSS OFDM(802.11a) HRDSSS(802.11b)
ERP(802.11g)
Radio Type.......................................... DSSS
Radio Channels.................................. 1 2 3 4 5 6 7 8 9 10 11
Tx Power Mode................................... Automatic
Rate List(MB)................................... 1.0 2.0
Radio Type.......................................... HRDSSS(802.11b)
Radio Channels.................................. 1 2 3 4 5 6 7 8 9 10 11
Tx Power Mode................................... Automatic
Rate List(MB)................................... 5.5 11.0
Radio Type.......................................... ERP(802.11g)
Radio Channels.................................. 1 2 3 4 5 6 7 8 9 10 11
Tx Power Mode................................... Automatic
Rate List(MB)................................... 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
Are you sure you want to start? (y/N)y Are you sure you want to start? (y/N)
1580
Cisco Wireless Controller Command Reference, Release 8.4
show client ccx frame-data show client ccx frame-data
To display the data frames sent from the client for the last test, use the show client ccx frame-data command.
show client ccx frame-data client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show client ccx frame-data command:
(Cisco Controller) >
show client ccx frame-data
xx:xx:xx:xx:xx:xx
Cisco Wireless Controller Command Reference, Release 8.4
1581
show client ccx last-response-status show client ccx last-response-status
To display the status of the last test response, use the show client ccx last-response-status command.
show client ccx last-response-status client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show client ccx last-response-status command:
(Cisco Controller) >
show client ccx last-response-status
Test Status ........................ Success
Response Dialog Token.............. 87
Response Status.................... Successful
Response Test Type................. 802.1x Authentication Test
Response Time...................... 3476 seconds since system boot
1582
Cisco Wireless Controller Command Reference, Release 8.4
show client ccx last-test-status show client ccx last-test-status
To display the status of the last test, use the show client ccx last-test-status command.
show client ccx last-test-status client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show client ccx last-test-status command:
(Cisco Controller) >
show client ccx last-test-status
Test Type ........................ Gateway Ping Test
Test Status ...................... Pending/Success/Timeout
Dialog Token ..................... 15
Timeout .......................... 15000 ms
Request Time ..................... 1329 seconds since system boot
Cisco Wireless Controller Command Reference, Release 8.4
1583
show client ccx log-response show client ccx log-response
To display a log response, use the show client ccx log-response command.
show client ccx log-response {roam | rsna | syslog} client_mac_address
Syntax Description roam rsna syslog
client_mac_address
(Optional) Displays the CCX client roaming log response.
(Optional) Displays the CCX client RSNA log response.
(Optional) Displays the CCX client system log response.
Inventory for the specified access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show client ccx log-response syslog command:
(Cisco Controller) >
show client ccx log-response syslog 00:40:96:a8:f7:98
Tue Jun 26 18:07:48 2007 Syslog Response LogID=131: Status=Successful
Event Timestamp=0d 00h 19m 42s 278987us
Client SysLog =
‘<11> Jun 19 11:49:47 unraval13777 Mandatory elements missing in the
OID response
’
Event Timestamp=0d 00h 19m 42s 278990us
Client SysLog =
‘<11> Jun 19 11:49:47 unraval13777 Mandatory elements missing in the
OID response
’
Tue Jun 26 18:07:48 2007 Syslog Response LogID=131: Status=Successful
Event Timestamp=0d 00h 19m 42s 278987us
Client SysLog =
‘<11> Jun 19 11:49:47 unraval13777 Mandatory elements missing in the
OID response
’
Event Timestamp=0d 00h 19m 42s 278990us
Client SysLog =
‘<11> Jun 19 11:49:47 unraval13777 Mandatory elements missing in the
OID response
’
The following example shows how to display the client roaming log response:
(Cisco Controller) >
show client ccx log-response roam 00:40:96:a8:f7:98
Thu Jun 22 11:55:14 2007 Roaming Response LogID=20: Status=Successful
Event Timestamp=0d 00h 00m 13s 322396us Source BSSID=00:40:96:a8:f7:98
Target BSSID=00:0b:85:23:26:70, Transition Time=100(ms)
Transition Reason: Normal roam, poor link Transition Result: Success
Thu Jun 22 11:55:14 2007 Roaming Response LogID=133: Status=Successful
Event Timestamp=0d 00h 00m 16s 599006us Source BSSID=00:0b:85:81:06:c2
Target BSSID=00:0b:85:81:06:c2, Transition Time=3235(ms)
Transition Reason: Normal roam, poor link Transition Result: Success
Thu Jun 22 18:28:48 2007 Roaming Response LogID=133: Status=Successful
Event Timestamp=0d 00h 00m 08s 815477us Source BSSID=00:0b:85:81:06:c2
1584
Cisco Wireless Controller Command Reference, Release 8.4
show client ccx log-response
Target BSSID=00:0b:85:81:06:d2, Transition Time=3281(ms)
Transition Reason: First association to WLAN Transition Result: Success
Cisco Wireless Controller Command Reference, Release 8.4
1585
show client ccx manufacturer-info show client ccx manufacturer-info
To display the client manufacturing information, use the show client ccx manufacturer-info command.
show client ccx manufacturer-info client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show client ccx manufacturer-info command:
(Cisco Controller) >
show client ccx manufacturer-info 00:40:96:a8:f7:98
Manufacturer OUI .............................. 00:40:96
Manufacturer ID ............................... Cisco
Manufacturer Model ............................ Cisco Aironet 802.11a/b/g Wireless Adapter
Manufacturer Serial ........................... FOC1046N3SX
Mac Address ................................... 00:40:96:b2:8d:5e
Radio Type .................................... DSSS OFDM(802.11a) HRDSSS(802.11b)
ERP(802.11g)
Antenna Type .................................. Omni-directional diversity
Antenna Gain .................................. 2 dBi
Rx Sensitivity:
Radio Type ...................................... DSSS
Rx Sensitivity .................................. Rate:1.0 Mbps, MinRssi:-95, MaxRss1:-30
Rx Sensitivity .................................. Rate:2.0 Mbps, MinRssi:-95, MaxRss1:-30
Radio Type ...................................... HRDSSS(802.11b)
Rx Sensitivity .................................. Rate:5.5 Mbps, MinRssi:-95, MaxRss1:-30
Rx Sensitivity .................................. Rate:11.0 Mbps, MinRssi:-95, MaxRss1:-30
Radio Type ...................................... ERP(802.11g)
Rx Sensitivity .................................. Rate:6.0 Mbps, MinRssi:-95, MaxRss1:-30
Rx Sensitivity .................................. Rate:9.0 Mbps, MinRssi:-95, MaxRss1:-30
Rx Sensitivity .................................. Rate:12.0 Mbps, MinRssi:-95, MaxRss1:-30
Rx Sensitivity .................................. Rate:18.0 Mbps, MinRss1:-95, MaxRss1:-30
1586
Cisco Wireless Controller Command Reference, Release 8.4
show client ccx operating-parameters show client ccx operating-parameters
To display the client operating-parameters, use the show client ccx operating-parameters command.
show client ccx operating-parameters client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show client ccx operating-parameters command:
(Cisco Controller) >
show client ccx operating-parameters 00:40:96:b2:8d:5e
Client Mac ......................................... 00:40:96:b2:8d:5e
Radio Type ......................................... OFDM(802.11a)
Radio Type ......................................... OFDM(802.11a)
Radio Channels ................................. 36 40 44 48 52 56 60 64 100 104 108 112
116 120 124 128 132 136 140 149 153 157 161 165
Tx Power Mode .................................. Automatic
Rate List(MB)................................... 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
Power Save Mode .................................... Normal Power Save
SSID ............................................... wifi
Security Parameters[EAP Method, Credential]......... None
Auth Method ........................................ None
Key Management...................................... None
Encryption ......................................... None
Device Name ........................................ Wireless Network Connection 15
Device Type ........................................ 0
OS Id .............................................. Windows XP
OS Version ......................................... 5.1.6.2600 Service Pack 2
IP Type ............................................ DHCP address
IPv4 Address ....................................... Available
IP Address ......................................... 70.0.4.66
Subnet Mask ........................................ 255.0.0.0
Default Gateway .................................... 70.1.0.1
IPv6 Address ....................................... Not Available
IPv6 Address ....................................... 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:
IPv6 Subnet Mask ................................... 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:
DNS Servers ........................................ 103.0.48.0
WINS Servers .......................................
System Name ........................................ URAVAL3777
Firmware Version ................................... 4.0.0.187
Driver Version ..................................... 4.0.0.187
Cisco Wireless Controller Command Reference, Release 8.4
1587
show client ccx profiles show client ccx profiles
To display the client profiles, use the show client ccx profiles command.
show client ccx profiles client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show client ccx profiles command:
(Cisco Controller) >
show client ccx profiles 00:40:96:15:21:ac
Number of Profiles .................................. 1
Current Profile ..................................... 1
Profile ID .......................................... 1
Profile Name ........................................ wifiEAP
SSID ................................................ wifiEAP
Security Parameters [EAP Method, Credential]......... EAP-TLS, Host OS Login Credentials
Auth Method ......................................... EAP
Key Management ...................................... WPA2+CCKM
Encryption .......................................... AES-CCMP
Power Save Mode ..................................... Constantly Awake
Radio Configuration:
Radio Type........................................... DSSS
Preamble Type.................................... Long preamble
CCA Method....................................... Energy Detect + Carrier
Detect/Correlation
Data Retries..................................... 6
Fragment Threshold............................... 2342
Radio Channels................................... 1 2 3 4 5 6 7 8 9 10 11
Tx Power Mode.................................... Automatic
Rate List (MB)................................... 1.0 2.0
Radio Type........................................... HRDSSS(802.11b)
Preamble Type.................................... Long preamble
CCA Method....................................... Energy Detect + Carrier
Detect/Correlation
Data Retries..................................... 6
Fragment Threshold............................... 2342
Radio Channels................................... 1 2 3 4 5 6 7 8 9 10 11
Tx Power Mode.................................... Automatic
Rate List(MB).................................... 5.5 11.0
Radio Type........................................... ERP(802.11g)
Preamble Type.................................... Long preamble
CCA Method....................................... Energy Detect + Carrier
Detect/Correlation
Data Retries..................................... 6
Fragment Threshold............................... 2342
Radio Channels................................... 1 2 3 4 5 6 7 8 9 10 11
Tx Power Mode.................................... Automatic
Rate List (MB)................................... 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
1588
Cisco Wireless Controller Command Reference, Release 8.4
show client ccx profiles
Radio Type........................................... OFDM(802.11a)
Preamble Type.................................... Long preamble
CCA Method....................................... Energy Detect + Carrier
Detect/Correlation
Data Retries..................................... 6
Fragment Threshold............................... 2342
Radio Channels................................... 36 40 44 48 52 56 60 64 149 153 157 161
165
Tx Power Mode.................................... Automatic
Rate List (MB)................................... 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
Cisco Wireless Controller Command Reference, Release 8.4
1589
show client ccx results show client ccx results
To display the results from the last successful diagnostic test, use the show client ccx results command.
show client ccx results client_mac_address
Syntax Description
client_mac_address
MAC address of the client.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show client ccx results command:
(Cisco Controller) >
show client ccx results xx.xx.xx.xx
dot1x Complete....................................... Success
EAP Method........................................... *1,Host OS Login Credentials dot1x Status......................................... 255
1590
Cisco Wireless Controller Command Reference, Release 8.4
show client ccx rm show client ccx rm
To display Cisco Client eXtension (CCX) client radio management report information, use the show client
ccx rm command.
show client ccx rm client_MAC {status | {report {chan-load | noise-hist | frame | beacon | pathloss}}}
Syntax Description
client_MAC
status report chan-load noise-hist beacon frame pathloss
Client MAC address.
Displays the client CCX radio management status information.
Displays the client CCX radio management report.
Displays radio management channel load reports.
Displays radio management noise histogram reports.
Displays radio management beacon load reports.
Displays radio management frame reports.
Displays radio management path loss reports.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to display the client radio management status information:
(Cisco Controller) >
show client ccx rm 00:40:96:15:21:ac status
Client Mac Address............................... 00:40:96:15:21:ac
Channel Load Request............................. Enabled
Noise Histogram Request.......................... Enabled
Beacon Request................................... Enabled
Frame Request.................................... Enabled
Interval......................................... 30
Iteration........................................... 10
The following example shows how to display the client radio management load reports:
(Cisco Controller) >
show client ccx rm 00:40:96:15:21:ac report chan-load
Channel Load Report
Client Mac Address............................... 00:40:96:ae:53:bc
Timestamp........................................ 788751121
Cisco Wireless Controller Command Reference, Release 8.4
1591
show client ccx rm
Incapable Flag................................... On
Refused Flag........................................ On
Chan CCA Busy Fraction
-----------------------
1 194
2 86
3 103
4 0
5 178
6 82
7 103
8 95
9 13
10 222
11 75
The following example shows how to display the client radio management noise histogram reports:
(Cisco Controller) >
show client ccx rm 00:40:96:15:21:ac report noise-hist
Noise Histogram Report
Client Mac Address............................... 00:40:96:15:21:ac
Timestamp........................................ 4294967295
Incapable Flag................................... Off
Refused Flag........................................ Off
Chan RPI0 RPI1 RPI2 RPI3 RPI4 RPI5 RPI6 RPI7
1592
Cisco Wireless Controller Command Reference, Release 8.4
show client ccx stats-report show client ccx stats-report
To display the Cisco Client eXtensions (CCX) statistics report from a specified client device, use the show
client ccx stats-report command.
show client ccx stats-report client_mac_address
Syntax Description
client_mac_address
Client MAC address.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show client ccx stats-report command:
(Cisco Controller) >
show client ccx stats-report 00:0c:41:07:33:a6
Measurement duration = 1 dot11TransmittedFragmentCount = 1 dot11MulticastTransmittedFrameCount = 2 dot11FailedCount = 3 dot11RetryCount dot11MultipleRetryCount
= 4
= 5 dot11FrameDuplicateCount dot11RTSSuccessCount dot11RTSFailureCount dot11ACKFailureCount dot11ReceivedFragmentCount dot11MulticastReceivedFrameCount dot11FCSErrorCount dot11TransmittedFrameCount
= 6
= 7
= 8
= 9
= 10
= 11
= 12
= 13
Cisco Wireless Controller Command Reference, Release 8.4
1593
show client detail show client detail
To display IP addresses per client learned through DNS snooping (DNS-based ACL), use the show client
detail mac_address command.
show client detail mac_address
Syntax Description
mac_address
MAC address of the client.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced.
Examples
The following is a sample output of the show client detail mac_address command.
(Cisco Controller) >
show client detail 01:35:6x:yy:21:00
Client MAC Address............................... 01:35:6x:yy:21:00
Client Username ................................. test
AP MAC Address................................... 00:11:22:33:44:x0
AP Name.......................................... AP0011.2020.x111
AP radio slot Id................................. 1
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 7
Hotspot (802.11u)................................ Not Supported
BSSID............................................ 00:11:22:33:44:xx
Connected For ................................... 28 secs
Channel.......................................... 56
IP Address....................................... 10.0.0.1
Gateway Address.................................. Unknown
Netmask.......................................... Unknown
IPv6 Address..................................... xx20::222:6xyy:zeeb:2233
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Client CCX version............................... No CCX support
Re-Authentication Timeout........................ 1756
QoS Level........................................ Silver
Avg data Rate.................................... 0
Burst data Rate.................................. 0
Avg Real time data Rate.......................... 0
Burst Real Time data Rate........................ 0
802.1P Priority Tag.............................. disabled
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
1594
Cisco Wireless Controller Command Reference, Release 8.4
show client detail
WMM Support...................................... Enabled
APSD ACs.......................................
BK BE VI VO
Power Save....................................... ON
Current Rate..................................... m7
Supported Rates..................................
6.0,9.0,12.0,18.0,24.0,36.0,
............................................. 48.0,54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ No
Policy Manager State............................. SUPPLICANT_PROVISIONING
Policy Manager Rule Created...................... Yes
AAA Override ACL Name............................ android
AAA Override ACL Applied Status.................. Yes
AAA Override Flex ACL Name....................... none
AAA Override Flex ACL Applied Status............. Unavailable
AAA URL redirect.................................
https://10.0.0.3:8443/guestportal/gateway?sessionId=0a68aa72000000015272404e&action=nsp
Audit Session ID................................. 0a68aa72000000015272404e
AAA Role Type.................................... none
Local Policy Applied............................. p1
IPv4 ACL Name.................................... none
FlexConnect ACL Applied Status................... Unavailable
IPv4 ACL Applied Status.......................... Unavailable
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Layer2 ACL Name.................................. none
Layer2 ACL Applied Status........................ Unavailable
Client Type...................................... SimpleIP mDNS Status...................................... Enabled mDNS Profile Name................................ default-mdns-profile
No. of mDNS Services Advertised.................. 0
Policy Type...................................... WPA2
Authentication Key Management.................... 802.1x
Encryption Cipher................................ CCMP (AES)
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... PEAP
Interface......................................
.. management
VLAN............................................. 0
Quarantine VLAN.................................. 0
Access VLAN...................................... 0
Client Capabilities:
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Not implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 10
Fast BSS Transition........................ Not implemented
Client Wifi Direct Capabilities:
WFD capable................................ No
Manged WFD capable......................... No
Cross Connection Capable................... No
Support Concurrent Operation............... No
Fast BSS Transition Details:
Client Statistics:
Number of Bytes Received................... 123659
Number of Bytes Sent....................... 120564
Number of Packets Received................. 1375
Cisco Wireless Controller Command Reference, Release 8.4
1595
show client detail
Number of Packets Sent..................... 276
Number of Interim-Update Sent.............. 0
Number of EAP Id Request Msg Timeouts...... 0
Number of EAP Id Request Msg Failures...... 0
Number of EAP Request Msg Timeouts......... 2
Number of EAP Request Msg Failures......... 0
Number of EAP Key Msg Timeouts............. 0
Number of EAP Key Msg Failures............. 0
Number of Data Retries..................... 82
Number of RTS Retries...................... 0
Number of Duplicate Received Packets....... 0
Number of Decrypt Failed Packets........... 0
Number of Mic Failured Packets............. 0
Number of Mic Missing Packets.............. 0
Number of RA Packets Dropped............... 0
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -51 dBm
Signal to Noise Ratio...................... 46 dB
Client Rate Limiting Statistics:
Number of Data Packets Recieved............ 0
Number of Data Rx Packets Dropped.......... 0
Number of Data Bytes Recieved.............. 0
Number of Data Rx Bytes Dropped............ 0
Number of Realtime Packets Recieved........ 0
Number of Realtime Rx Packets Dropped...... 0
Number of Realtime Bytes Recieved.......... 0
Number of Realtime Rx Bytes Dropped........ 0
Number of Data Packets Sent................ 0
Number of Data Tx Packets Dropped.......... 0
Number of Data Bytes Sent.................. 0
Number of Data Tx Bytes Dropped............ 0
Number of Realtime Packets Sent............ 0
Number of Realtime Tx Packets Dropped...... 0
Number of Realtime Bytes Sent.............. 0
Number of Realtime Tx Bytes Dropped........ 0
Nearby AP Statistics:
AP0022.9090.c545(slot 0) antenna0: 26 secs ago.................... -33 dBm antenna1: 26 secs ago.................... -35 dBm
AP0022.9090.c545(slot 1) antenna0: 25 secs ago.................... -41 dBm antenna1: 25 secs ago.................... -44 dBm
APc47d.4f3a.35c2(slot 0) antenna0: 26 secs ago.................... -30 dBm antenna1: 26 secs ago.................... -36 dBm
APc47d.4f3a.35c2(slot 1) antenna0: 24 secs ago.................... -43 dBm antenna1: 24 secs ago.................... -45 dBm
DNS Server details:
DNS server IP ............................. 0.0.0.0
DNS server IP ............................. 0.0.0.0
Client Dhcp Required:
Allowed (URL)IP Addresses
-------------------------
209.165.200.225
209.165.200.226
209.165.200.227
209.165.200.228
209.165.200.229
209.165.200.230
False
1596
Cisco Wireless Controller Command Reference, Release 8.4
209.165.200.231
209.165.200.232
209.165.200.233
209.165.200.234
209.165.200.235
209.165.200.236
209.165.200.237
209.165.200.238
209.165.201.1
209.165.201.2
209.165.201.3
209.165.201.4
209.165.201.5
209.165.201.6
209.165.201.7
209.165.201.8
209.165.201.9
209.165.201.10
show client detail
Cisco Wireless Controller Command Reference, Release 8.4
1597
show client location-calibration summary show client location-calibration summary
To display client location calibration summary information, use the show client location-calibration summary command.
show client location-calibration summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to display the location calibration summary information:
(Cisco Controller) >
show client location-calibration summary
MAC Address Interval
----------- ----------
10:10:10:10:10:10 60
21:21:21:21:21:21 45
1598
Cisco Wireless Controller Command Reference, Release 8.4
show client roam-history show client roam-history
To display the roaming history of a specified client, use the show client roam-history command.
show client roam-history mac_address
Syntax Description
mac_address
Client MAC address.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show client roam-history command:
(Cisco Controller) >
show client roam-history 00:14:6c:0a:57:77
Cisco Wireless Controller Command Reference, Release 8.4
1599
show client summary show client summary
To display a summary of clients associated with a Cisco lightweight access point, use the show client summary command.
show client summary [ssid / ip / username / devicetype]
Syntax Description
This command has no arguments or keywords.
Syntax Description
ssid / ip / username / devicetype
(Optional) Displays active clients selective details on any of the following parameters or all the parameters in any order:
• SSID
• IP addresss
• Username
• Device type (such as Samsung-Device or
WindowsXP-Workstation)
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Use show client ap command to list the status of automatically disabled clients. Use the show exclusionlist command to display clients on the exclusion list (blacklisted).
Examples
The following example shows how to display a summary of the active clients:
(Cisco Controller) >
show client summary
Number of Clients................................ 24
Number of PMIPV6 Clients......................... 200
MAC Address
Wired PMIPV6
AP Name Status WLAN/GLAN/RLAN Auth Protocol Port
----------------- ----------------- ------------- -------------- ---- ---------------- ----
----------
00:00:15:01:00:01 NMSP-TalwarSIM1-2 Associated
No Yes
00:00:15:01:00:02 NMSP-TalwarSIM1-2 Associated
No No
00:00:15:01:00:03 NMSP-TalwarSIM1-2 Associated
No Yes
00:00:15:01:00:04 NMSP-TalwarSIM1-2 Associated
1
1
1
1
Yes 802.11a
Yes 802.11a
Yes 802.11a
Yes 802.11a
13
13
13
13
1600
Cisco Wireless Controller Command Reference, Release 8.4
Examples show client summary
No No
The following example shows how to display all clients that are WindowsXP-Workstation device type:
(Cisco Controller) >
show client summary WindowsXP-Workstation
Number of Clients in WLAN........................ 0
MAC Address AP Name Status Auth Protocol
----------------- -------- ------------- ----------------
Number of Clients with requested device type..... 0
Port Wired Mobility Role
---------- --------------
Cisco Wireless Controller Command Reference, Release 8.4
1601
show client summary guest-lan show client summary guest-lan
To display the active wired guest LAN clients, use the show client summary guest-lan command.
show client summary guest-lan
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show client summary guest-lan command:
(Cisco Controller) >
show client summary guest-lan
Number of Clients................................ 1
MAC Address AP Name Status WLAN Auth Protocol Port Wired
-------------------
00:16:36:40:ac:58 N/A
----------
Associated
----------------- -----
1 No 802.3
1 Yes
Related Commands show client summary
1602
Cisco Wireless Controller Command Reference, Release 8.4
show client tsm show client tsm
To display the client traffic stream metrics (TSM) statistics, use the show client tsm command.
show client tsm 802.11{a | b} client_mac {ap_mac | all}
Syntax Description
802.11a
802.11b
client_mac ap_mac
all
Specifies the 802.11a network.
Specifies the 802.11 b/g network.
MAC address of the client.
MAC address of the tsm access point.
Specifies the list of all access points to which the client has associations.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show client tsm 802.11a command:
(Cisco Controller) >
show client tsm 802.11a xx:xx:xx:xx:xx:xx all
AP Interface MAC: 00:0b:85:01:02:03
Client Interface Mac:
Measurement Duration:
Timestamp
UpLink Stats
================
00:01:02:03:04:05
90 seconds
1st Jan 2006, 06:35:80
Average Delay (5sec intervals)............................35
Delay less than 10 ms.....................................20
Delay bet 10 - 20 ms......................................20
Delay bet 20 - 40 ms......................................20
Delay greater than 40 ms..................................20
Total packet Count.........................................80
Total packet lost count (5sec).............................10
Maximum Lost Packet count(5sec)............................5
Average Lost Packet count(5secs)...........................2
DownLink Stats
================
Average Delay (5sec intervals)............................35
Delay less than 10 ms.....................................20
Delay bet 10 - 20 ms......................................20
Delay bet 20 - 40 ms......................................20
Delay greater than 40 ms..................................20
Total packet Count.........................................80
Total packet lost count (5sec).............................10
Maximum Lost Packet count(5sec)............................5
Average Lost Packet count(5secs)...........................2
Cisco Wireless Controller Command Reference, Release 8.4
1603
show client tsm
Related Commands show client ap show client detail show client summary
1604
Cisco Wireless Controller Command Reference, Release 8.4
show client username show client username
To display the client data by the username, use the show client username command.
show client username username
Syntax Description
username
Client’s username.
You can view a list of the first eight clients that are in RUN state associated to controller's access points.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show client username command:
(Cisco Controller) >
show client username local
MAC Address AP Name Status WLAN Auth Protocol Port
Device Type
---------------------------------------------------------------------
-----------
Associated 1 Yes 802.11g
1 12:22:64:64:00:01 WEB-AUTH-AP-1
Unknown
12:22:64:64:00:02 WEB-AUTH-AP-1
Unknown
12:22:64:64:00:03 WEB-AUTH-AP-1
Unknown
12:22:64:64:00:04 WEB-AUTH-AP-1
Unknown
12:22:64:64:00:05 WEB-AUTH-AP-1
Unknown
12:22:64:64:00:06 WEB-AUTH-AP-1
Unknown
12:22:64:64:00:07 WEB-AUTH-AP-1
Unknown
12:22:64:64:00:08 WEB-AUTH-AP-1
Unknown
Associated
Associated
Associated
Associated
Associated
Associated
Associated
1
1
1
1
1
1
1
Yes
Yes
Yes
Yes
Yes
Yes
Yes
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
1
1
1
1
1
1
1
Cisco Wireless Controller Command Reference, Release 8.4
1605
show client voice-diag show client voice-diag
To display voice diagnostics statistics, use the show client voice-diag command.
show client voice-diag {quos-map | roam-history | rssi | status | tspec}
Syntax Description quos-map roam-history rssi status tspec
Displays information about the QoS/DSCP mapping and packet statistics in each of the four queues: VO, VI, BE, BK. The different DSCP values are also displayed.
Displays information about history of the last three roamings. The output contains the timestamp, access point associated with the roaming, the roaming reason, and if there is a roaming failure, the reason for the roaming failure.
Displays the client’s RSSI values in the last 5 seconds when voice diagnostics are enabled.
Displays the status of voice diagnostics for clients.
Displays TSPEC for the voice diagnostic for clients.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show client voice-diag status command:
(Cisco Controller) >
show client voice-diag status
Voice Diagnostics Status: FALSE
Related Commands show client ap show client detail show client summary debug voice-diag
1606
Cisco Wireless Controller Command Reference, Release 8.4
show client detail show client detail
To display detailed information for a client on a Cisco lightweight access point, use the show client detail command.
show client detail mac_address
Syntax Description
mac_address
Client MAC address.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The show client ap command may list the status of automatically disabled clients. Use the show exclusionlist command to display clients on the exclusion list (blacklisted).
Examples
The following example shows how to display the client detailed information:
(Cisco Controller) >
show client detail 00:0c:41:07:33:a6
Policy Manager State..............................POSTURE_REQD
Policy Manager Rule Created.......................Yes
Client MAC Address............................... 00:16:36:40:ac:58
Client Username.................................. N/A
Client State..................................... Associated
Client NAC OOB State............................. QUARANTINE
Guest LAN Id..................................... 1
IP Address....................................... Unknown
Session Timeout.................................. 0
QoS Level........................................ Platinum
802.1P Priority Tag.............................. disabled
KTS CAC Capability............................... Yes
WMM Support...................................... Enabled
Power Save....................................... ON
Diff Serv Code Point (DSPC)...................... disabled
Mobility State................................... Local
Internal Mobility State.......................... apfMsMmInitial
Security Policy Completed........................ No
Policy Manager State............................. WEBAUTH_REQD
Policy Manager Rule Created...................... Yes
NPU Fast Fast Notified........................... Yes
Last Policy Manager State........................ WEBAUTH_REQD
Client Entry Create Time......................... 460 seconds
Interface........................................ wired-guest
FlexConnect Authentication....................... Local
FlexConnect Data Switching....................... Local
VLAN............................................. 236
Quarantine VLAN.................................. 0
Client Statistics:
Number of Bytes Received................... 66806
Number of Data Bytes Received................... 160783
Cisco Wireless Controller Command Reference, Release 8.4
1607
show client detail
Number of Realtime Bytes Received............... 160783
Number of Data Bytes Sent....................... 23436
Number of Realtime Bytes Sent................... 23436
Number of Data Packets Received................. 592
Number of Realtime Packets Received............. 592
Number of Data Packets Sent..................... 131
Number of Realtime Packets Sent................. 131
Number of Interim-Update Sent.............. 0
Number of EAP Id Request Msg Timeouts...... 0
Number of EAP Request Msg Timeouts......... 0
Number of EAP Key Msg Timeouts............. 0
Number of Data Retries..................... 0
Number of RTS Retries...................... 0
Number of Duplicate Received Packets....... 3
Number of Decrypt Failed Packets........... 0
Number of Mic Failured Packets............. 0
Number of Mic Missing Packets.............. 0
Number of RA Packets Dropped............... 6
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -50 dBm
Signal to Noise Ratio...................... 43 dB
...
1608
Cisco Wireless Controller Command Reference, Release 8.4
show client location-calibration summary show client location-calibration summary
To display client location calibration summary information, use the show client location-calibration summary command.
show client location-calibration summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to display the location calibration summary information:
(Cisco Controller) >
show client location-calibration summary
MAC Address Interval
----------- ----------
10:10:10:10:10:10 60
21:21:21:21:21:21 45
Cisco Wireless Controller Command Reference, Release 8.4
1609
show client probing show client probing
To display the number of probing clients, use the show client probing command.
show client probing
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to display the number of probing clients:
(Cisco Controller) >
show client probing
Number of Probing Clients........................ 0
1610
Cisco Wireless Controller Command Reference, Release 8.4
show client roam-history show client roam-history
To display the roaming history of a specified client, use the show client roam-history command.
show client roam-history mac_address
Syntax Description
mac_address
Client MAC address.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show client roam-history command:
(Cisco Controller) >
show client roam-history 00:14:6c:0a:57:77
Cisco Wireless Controller Command Reference, Release 8.4
1611
show client summary show client summary
To display a summary of clients associated with a Cisco lightweight access point, use the show client summary command.
show client summary [ssid / ip / username / devicetype]
Syntax Description
This command has no arguments or keywords.
Syntax Description
ssid / ip / username / devicetype
(Optional) Displays active clients selective details on any of the following parameters or all the parameters in any order:
• SSID
• IP addresss
• Username
• Device type (such as Samsung-Device or
WindowsXP-Workstation)
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Use show client ap command to list the status of automatically disabled clients. Use the show exclusionlist command to display clients on the exclusion list (blacklisted).
Examples
The following example shows how to display a summary of the active clients:
(Cisco Controller) >
show client summary
Number of Clients................................ 24
Number of PMIPV6 Clients......................... 200
MAC Address
Wired PMIPV6
AP Name Status WLAN/GLAN/RLAN Auth Protocol Port
----------------- ----------------- ------------- -------------- ---- ---------------- ----
----------
00:00:15:01:00:01 NMSP-TalwarSIM1-2 Associated
No Yes
00:00:15:01:00:02 NMSP-TalwarSIM1-2 Associated
No No
00:00:15:01:00:03 NMSP-TalwarSIM1-2 Associated
No Yes
00:00:15:01:00:04 NMSP-TalwarSIM1-2 Associated
1
1
1
1
Yes 802.11a
Yes 802.11a
Yes 802.11a
Yes 802.11a
13
13
13
13
1612
Cisco Wireless Controller Command Reference, Release 8.4
Examples show client summary
No No
The following example shows how to display all clients that are WindowsXP-Workstation device type:
(Cisco Controller) >
show client summary WindowsXP-Workstation
Number of Clients in WLAN........................ 0
MAC Address AP Name Status Auth Protocol
----------------- -------- ------------- ----------------
Number of Clients with requested device type..... 0
Port Wired Mobility Role
---------- --------------
Cisco Wireless Controller Command Reference, Release 8.4
1613
show client wlan show client wlan
To display the summary of clients associated with a WLAN, use the show client wlan command.
show client wlan wlan_id [devicetype device]
Syntax Description
wlan_id
devicetype
device
Wireless LAN identifier from 1 to 512.
(Optional) Displays all clients with the specified device type.
Device type. For example, Samsung-Device or
WindowsXP-Workstation.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following are sample outputs of the show client wlan command:
(Cisco Controller) >
show client wlan 1
Number of Clients in WLAN........................ 0
(Cisco Controller) >
show client devicetype WindowsXP-Workstation
Number of Clients in WLAN........................ 0
MAC Address AP Name Status Auth Protocol
----------------- -------- ------------- ----------------
Number of Clients with requested device type..... 0
Port Wired Mobility Role
---------- --------------
1614
Cisco Wireless Controller Command Reference, Release 8.4
show cloud-services cmx summary show cloud-services cmx summary
To view the cmx cloud services summary, use the show cloud-services cmx summary command.
show cloud-services cmx summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
8.3
Modification
This command was introduced.
Examples
This example shows the CMX Cloud Services summary:
(Cisco Controller) >
show cloud-services cmx summary
Cisco Wireless Controller Command Reference, Release 8.4
1615
show cloud-services cmx statistics show cloud-services cmx statistics
To view the cmx cloud services statistics, use the show cloud-services cmx statistics command.
show cloud-services cmx statistics
This command has no arguments or keywords.
Command Default
None
Command History
Release
8.3
Modification
This command was introduced.
Examples
This example shows the CMX Cloud Services statistics:
(Cisco Controller) >
show cloud-services cmx statistics
1616
Cisco Wireless Controller Command Reference, Release 8.4
show cts ap show cts ap
To view CTS AP SGT information, use the show cts ap command.
show cts ap {sgt-info cisco-ap | summary}
Syntax Description
sgt-info cisco-ap
summary
Shows CTS SGT information for a specific AP
Shows CTS SGT information for all APs.
Command Default
None
Command History
Examples
Release
8.4
Modification
This command was introduced.
This example shows how to view CTS SGT information for all APs:
(Cisco Controller) >
show cts ap summary
Inline Tag Status................................ Disabled
SGACL enforcement................................ Disabled
SXP State........................................ Enabled
Default Password................................. ****
Listener hold-time min .......................... 2
Listener hold-time max .......................... 3
Speaker hold-time ............................... 120
Reconciliation time period....................... 120
Retry time period ............................... 120
Total num of SXP Connections..................... 0
Peer IP Password Mode
-------------------------------
Cisco Wireless Controller Command Reference, Release 8.4
1617
show cts environment-data show cts environment-data
To view CTS Environment data, use the show cts environment-data command.
show cts environment-data
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
Examples
(Cisco Controller) >
show cts environment-data
CTS Environment Data
====================
Current State.................................... START
Last status...................................... WAITING_RESPONSE
Environment data is empty
1618
Cisco Wireless Controller Command Reference, Release 8.4
show cts pacs show cts pacs
To view CTS Protected Access Credential (PAC) provisioning information, use the show cts pacs command.
show cts pacs
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
Cisco Wireless Controller Command Reference, Release 8.4
1619
show cts policy show cts policy
To view CTS SGT policy information, use the show cts policy command.
show cts policy {all | sgt-tag}
Syntax Description all
sgt-tag
Shows all SGT policy information
Shows policy information of a specific SGT
Command Default
None
Command History
Release
8.4
Examples
Modification
This command was introduced.
This example shows how to view all SGT policy information:
(Cisco Controller) >
show cts policy all
Policy Matrix for SGT.......................... Unknown-0
Generation Id.................................. 0x0
Policy Download Status.........................
Failed
Number of clients with this SGT................ 0
Policy Matrix for SGT.......................... Default-65535
Generation Id.................................. 0x0
Policy Download Status.........................
Failed
Number of clients with this SGT................ 0
1620
Cisco Wireless Controller Command Reference, Release 8.4
show cts sgacl show cts sgacl
To view CTS SGACL information, use the show cts sgacl command.
show cts sgacl {all | sgacl-name}
Syntax Description all
sgt-tag
Shows all SGACL information
Shows information for a specific SGACL
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
Cisco Wireless Controller Command Reference, Release 8.4
1621
show cts summary show cts summary
To view CTS summary, use the show cts summary command.
show cts summary
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
Examples
(Cisco Controller) >
show cts summary
CTS Status.................................... Enabled
CTS Device Identity............................. Not Configured
Inline Tag Status............................... Disabled
1622
Cisco Wireless Controller Command Reference, Release 8.4
show cts sxp
To view CTS SXP information, use the show cts sxp command.
show cts sxp {{ap {connections | summary} cisco-ap} | connections | summary}
Command Default
None
Command History
Release
8.4
Modification
This command was introduced.
show cts sxp
Cisco Wireless Controller Command Reference, Release 8.4
1623
show coredump summary show coredump summary
To display a summary of the controller’s core dump file, use the show coredump summary command.
show coredump summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show coredump summary command:
(Cisco Controller) >
show coredump summary
Core Dump is enabled
FTP Server IP.................................... 10.10.10.17
FTP Filename..................................... file1
FTP Username..................................... ftpuser
FTP Password.................................. *********
Related Commands config coredump config coredump ftp config coredump username
1624
Cisco Wireless Controller Command Reference, Release 8.4
show country show country
To display the configured country and the radio types that are supported, use the show country command.
show country
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the configured countries and supported radio types:
(Cisco Controller) >
show country
Configured Country............................. United States
Configured Country Codes
US - United States............................. 802.11a / 802.11b / 802.11g
Cisco Wireless Controller Command Reference, Release 8.4
1625
show country channels show country channels
To display the radio channels supported in the configured country, use the show country channels command.
show country channels
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the auto-RF channels for the configured countries:
(Cisco Controller) >
show country channels
Configured Country............................. United States
KEY: * = Channel is legal in this country and may be configured manually.
Configured Country............................. United States
KEY: * = Channel is legal in this country and may be configured manually.
A = Channel is the Auto-RF default in this country.
. = Channel is not legal in this country.
C = Channel has been configured for use by Auto-RF.
x = Channel is available to be configured for use by Auto-RF.
---------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11BG :
Channels : 1 1 1 1 1
: 1 2 3 4 5 6 7 8 9 0 1 2 3 4
---------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
US : A * * * * A * * * * A . . .
---------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11A : 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Channels : 3 3 3 4 4 4 4 4 5 5 6 6 0 0 0 1 1 2 2 2 3 3 4 4 5 5 6 6
: 4 6 8 0 2 4 6 8 2 6 0 4 0 4 8 2 6 0 4 8 2 6 0 9 3 7 1 5
---------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
US : . A . A . A . A A A A A * * * * * . . . * * * A A A A *
---------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
1626
Cisco Wireless Controller Command Reference, Release 8.4
show country supported show country supported
To display a list of the supported country options, use the show country supported command.
show country supported
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a list of all the supported countries:
(Cisco Controller) >
show country supported
Configured Country............................. United States
Supported Country Codes
AR - Argentina................................. 802.11a / 802.11b / 802.11g
AT - Austria................................... 802.11a / 802.11b / 802.11g
AU - Australia................................. 802.11a / 802.11b / 802.11g
BR - Brazil.................................... 802.11a / 802.11b / 802.11g
BE - Belgium................................... 802.11a / 802.11b / 802.11g
BG - Bulgaria.................................. 802.11a / 802.11b / 802.11g
CA - Canada.................................... 802.11a / 802.11b / 802.11g
CH - Switzerland............................... 802.11a / 802.11b / 802.11g
CL - Chile.....................................
802.11b / 802.11g
CN - China..................................... 802.11a / 802.11b / 802.11g
CO - Colombia..................................
802.11b / 802.11g
CY - Cyprus.................................... 802.11a / 802.11b / 802.11g
CZ - Czech Republic............................ 802.11a / 802.11b
DE - Germany................................... 802.11a / 802.11b / 802.11g
DK - Denmark................................... 802.11a / 802.11b / 802.11g
EE - Estonia................................... 802.11a / 802.11b / 802.11g
ES - Spain..................................... 802.11a / 802.11b / 802.11g
FI - Finland................................... 802.11a / 802.11b / 802.11g
FR - France.................................... 802.11a / 802.11b / 802.11g
GB - United Kingdom............................ 802.11a / 802.11b / 802.11g
GI - Gibraltar................................. 802.11a / 802.11b / 802.11g
GR - Greece.................................... 802.11a / 802.11b / 802.11g
HK - Hong Kong................................. 802.11a / 802.11b / 802.11g
HU - Hungary................................... 802.11a / 802.11b / 802.11g
ID - Indonesia.................................
802.11b / 802.11g
IE - Ireland................................... 802.11a / 802.11b / 802.11g
IN - India..................................... 802.11a / 802.11b / 802.11g
IL - Israel.................................... 802.11a / 802.11b / 802.11g
ILO - Israel (outdoor)..........................
802.11b / 802.11g
IS - Iceland................................... 802.11a / 802.11b / 802.11g
IT - Italy..................................... 802.11a / 802.11b / 802.11g
JP - Japan (J)................................. 802.11a / 802.11b / 802.11g
J2 - Japan 2(P)................................ 802.11a / 802.11b / 802.11g
J3 - Japan 3(U)................................ 802.11a / 802.11b / 802.11g
KR - Korea Republic (C)........................ 802.11a / 802.11b / 802.11g
KE - Korea Extended (K)........................ 802.11a / 802.11b / 802.11g
Cisco Wireless Controller Command Reference, Release 8.4
1627
show country supported
LI - Liechtenstein............................. 802.11a / 802.11b / 802.11g
LT - Lithuania................................. 802.11a / 802.11b / 802.11g
LU - Luxembourg................................ 802.11a / 802.11b / 802.11g
LV - Latvia.................................... 802.11a / 802.11b / 802.11g
MC - Monaco.................................... 802.11a / 802.11b / 802.11g
MT - Malta..................................... 802.11a / 802.11b / 802.11g
MX - Mexico.................................... 802.11a / 802.11b / 802.11g
MY - Malaysia.................................. 802.11a / 802.11b / 802.11g
NL - Netherlands............................... 802.11a / 802.11b / 802.11g
NZ - New Zealand............................... 802.11a / 802.11b / 802.11g
NO - Norway.................................... 802.11a / 802.11b / 802.11g
PA - Panama....................................
802.11b / 802.11g
PE - Peru......................................
802.11b / 802.11g
PH - Philippines............................... 802.11a / 802.11b / 802.11g
PL - Poland.................................... 802.11a / 802.11b / 802.11g
PT - Portugal.................................. 802.11a / 802.11b / 802.11g
RU - Russian Federation........................ 802.11a / 802.11b / 802.11g
RO - Romania................................... 802.11a / 802.11b / 802.11g
SA - Saudi Arabia.............................. 802.11a / 802.11b / 802.11g
SE - Sweden.................................... 802.11a / 802.11b / 802.11g
SG - Singapore................................. 802.11a / 802.11b / 802.11g
SI - Slovenia.................................. 802.11a / 802.11b / 802.11g
SK - Slovak Republic........................... 802.11a / 802.11b / 802.11g
TH - Thailand..................................
TR - Turkey....................................
802.11b / 802.11g
802.11b / 802.11g
TW - Taiwan.................................... 802.11a / 802.11b / 802.11g
UA - Ukraine................................... 802.11a / 802.11b / 802.11g
US - United States............................. 802.11a / 802.11b / 802.11g
USL - United States (Legacy).................... 802.11a / 802.11b / 802.11g
USX - United States (US + chan165).............. 802.11a / 802.11b / 802.11g
VE - Venezuela.................................
802.11b / 802.11g
ZA - South Africa.............................. 802.11a / 802.11b / 802.11g
1628
Cisco Wireless Controller Command Reference, Release 8.4
show cpu
To display current WLAN controller CPU usage information, use the show cpu command.
show cpu
Syntax Description
This command has no arguments or keywords.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show cpu command:
(Cisco Controller) >
show cpu
Current CPU load: 2.50%
show cpu
Cisco Wireless Controller Command Reference, Release 8.4
1629
show custom-web show custom-web
To display all the web authentication customization information, use the show custom-web command.
show custom-web all remote-lan guest-lan sleep-client webauth-bundle wlan
Syntax Description all remote-lan guest-lan sleep-client webauth-bundle wlan
Display all Web-Auth customization information.
Display per WLAN Web-Auth customization information.
Display per Guest LAN Web-Auth customization information.
Display all Web-Auth Sleeping Client entries summary.
Display the content of Web-Auth Bundle.
Display per WLAN Web-Auth customization information.
Command History
Examples
Release
7.6
8.2
Modification
This command was introduced in the release earlier than 7.6.
This command was modified and the all, remote-lan, guest-lan, sleep-client, webauth-bundle, and wlan keywords are added.
The following is a sample output of the show custom-web all command:
(Cisco Controller) >
show custom-web all
Radius Authentication Method..................... PAP
Cisco Logo....................................... Enabled
CustomLogo....................................... None
Custom Title..................................... None
Custom Message................................... None
Custom Redirect URL.............................. None
Web Authentication Type.......................... Internal Default
Logout-popup..................................... Enabled
External Web Authentication URL.................. None
1630
Cisco Wireless Controller Command Reference, Release 8.4
show database summary show database summary
To display the maximum number of entries in the database, use the show database summary command.
show database summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following is a sample output of the show database summary command:
(Cisco Controller) >
show database summary
Maximum Database Entries......................... 2048
Maximum Database Entries On Next Reboot.......... 2048
Database Contents
MAC Filter Entries........................... 2
Exclusion List Entries....................... 0
AP Authorization List Entries................ 1
Management Users............................. 1
Local Network Users.......................... 1
Local Users.............................. 1
Guest Users.............................. 0
Total..................................... 5
Related Commands config database size
Cisco Wireless Controller Command Reference, Release 8.4
1631
show dhcp show dhcp
To display the internal Dynamic Host Configuration Protocol (DHCP) server configuration, use the show
dhcp command.
show dhcp {leases | summary | scope}
Syntax Description leases summary
scope
Displays allocated DHCP leases.
Displays DHCP summary information.
Name of a scope to display the DHCP information for that scope.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to display the allocated DHCP leases:
(Cisco Controller) >
show dhcp leases
No leases allocated.
The following example shows how to display the DHCP summary information:
(Cisco Controller) >
show dhcp summary
Scope Name Enabled
003 No
Address Range
0.0.0.0 -> 0.0.0.0
The following example shows how to display the DHCP information for the scope 003:
(Cisco Controller) >
show dhcp 003
Enabled....................................... No
Lease Time.................................... 0
Pool Start.................................... 0.0.0.0
Pool End...................................... 0.0.0.0
Network....................................... 0.0.0.0
Netmask....................................... 0.0.0.0
Default Routers............................... 0.0.0.0 0.0.0.0 0.0.0.0
DNS Domain....................................
DNS........................................... 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers.......................... 0.0.0.0 0.0.0.0 0.0.0.0
1632
Cisco Wireless Controller Command Reference, Release 8.4
show dhcp proxy show dhcp proxy
To display the status of DHCP proxy handling, use the show dhcp proxy command.
show dhcp proxy
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to display the status of DHCP proxy information:
(Cisco Controller) >
show dhcp proxy
DHCP Proxy Behavior: enabled
Cisco Wireless Controller Command Reference, Release 8.4
1633
show dhcp timeout show dhcp timeout
To display the DHCP timeout value, use the show dhcp timeout command.
show dhcp timeout
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to display the DHCP timeout value:
(Cisco Controller) >
show dhcp timeout
DHCP Timeout (seconds)................. 10
1634
Cisco Wireless Controller Command Reference, Release 8.4
show dtls connections show dtls connections
To display the Datagram Transport Layer Security (DTLS) server status, use the show dtls connections command.
show dtls connections
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following is a sample output of the show dtls connections command.
Device >
show dtls connections
AP Name Local Port Peer IP Peer Port Ciphersuite
--------------- ------------- --------------- ------------- -----------------------
1130
1130
1240
Capwap_Ctrl 1.100.163.210
23678
Capwap_Data 1.100.163.210
23678
Capwap_Ctrl 1.100.163.209
59674
TLS_RSA _WITH_AES_128_CBC_SHA
TLS_RSA _WITH_AES_128_CBC_SHA
TLS_RSA _WITH_AES_128_CBC_SHA
Cisco Wireless Controller Command Reference, Release 8.4
1635
show exclusionlist show exclusionlist
To display a summary of all clients on the manual exclusion list (blacklisted) from associating with this Cisco wireless LAN controller, use the show exclusionlist command.
show exclusionlist
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
This command displays all manually excluded MAC addresses.
Examples
The following example shows how to display the exclusion list:
(Cisco Controller) >
show exclusionlist
No manually disabled clients.
Dynamically Disabled Clients
----------------------------
MAC Address
-----------
00:40:96:b4:82:55
Exclusion Reason
----------------
802.1X Failure
Time Remaining (in secs)
------------------------
51
Related Commands config exclusionlist
1636
Cisco Wireless Controller Command Reference, Release 8.4
show flexconnect acl detailed show flexconnect acl detailed
To display a detailed summary of FlexConnect access control lists, use the show flexconnect acl detailed command.
show flexconnect acl detailed acl-name
Syntax Description
acl-name
Name of the access control list.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to display the FlexConnect detailed ACLs:
(Cisco Controller) >
show flexconnect acl detailed acl-2
Cisco Wireless Controller Command Reference, Release 8.4
1637
show flexconnect acl summary show flexconnect acl summary
To display a summary of all access control lists on FlexConnect access points, use the show flexconnect acl
summary command.
show flexconnect acl summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to display the FlexConnect ACL summary:
(Cisco Controller) >
show flexconnect acl summary
ACL Name Status
-------------------------------- ------acl1 Modified acl10 acl100 acl101 acl102 acl103 acl104 acl105 acl106
Modified
Modified
Modified
Modified
Modified
Modified
Modified
Modified
1638
Cisco Wireless Controller Command Reference, Release 8.4
show flexconnect group detail show flexconnect group detail
To display details of a FlexConnect group, use the show flexconnect group detail command.
show flexconnect group detail {group_name | default-flex-group} | [module-vlan | aps]
Syntax Description
group_name
module-vlan aps
default-flex-group
Name of the FlexConnect group.
Displays status of the FlexConnect local switching and VLAN
ID in the group
Displays list of APs that are part of the FlexConnect group
Displays configuration of the default-flexgroup and the APs that are part of it.
Command History
Examples
Release
7.6
8.1
8.3
Modification
This command was introduced in a release earlier than Release 7.6.
The module-vlan and aps parameters were added.
The default-flex-group option was added.
The following example shows how to display the detailed information for a specific FlexConnect group:
(Cisco Controller) >
show flexconnect group detail myflexgroup
Number of Ap
’s in Group:
1
00:0a:b8:3b:0b:c2 AP1200
Group Radius Auth Servers:
Joined
Primary Server Index ..................... Disabled
Secondary Server Index ................... Disabled
Cisco Wireless Controller Command Reference, Release 8.4
1639
show flexconnect group summary show flexconnect group summary
To display the current list of FlexConnect groups, use the show flexconnect group summary command.
show flexconnect group summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to display the current list of FlexConnect groups:
(Cisco Controller) >
show flexconnect group summary
flexconnect Group Summary: Count 1
Group Name
Group 1 1
# APs
1640
Cisco Wireless Controller Command Reference, Release 8.4
show flexconnect office-extend show flexconnect office-extend
To view information about OfficeExtend access points that in FlexConnect mode, use the show flexconnect
office-extend command.
show flexconnect office-extend {summary | latency}
Syntax Description summary latency
Displays a list of all OfficeExtend access points.
Displays the link delay for OfficeExtend access points.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to display information about the list of FlexConnect OfficeExtend access points:
(Cisco Controller) >
show flexconnect office-extend summary
Summary of OfficeExtend AP
AP Name Ethernet MAC Encryption Join-Mode Join-Time
------------------ ------------------------------------ ----------
AP1130
AP1140
00:22:90:e3:37:70 Enabled
01:40:91:b5:31:70 Enabled
Latency
Latency
Sun Jan 4 21:46:07 2009
Sat Jan 3 19:30:25 2009
The following example shows how to display the FlexConnect OfficeExtend access point’s link delay:
(Cisco Controller) >
show flexconnect office-extend latency
Summary of OfficeExtend AP link latency
AP Name Status Current Maximum Minimum
--------------------------------------------------------------------------
AP1130
AP1140
Enabled 15 ms
Enabled 14 ms
45 ms
179 ms
12 ms
12 ms
Cisco Wireless Controller Command Reference, Release 8.4
1641
show flow exporter show flow exporter
To display the details or the statistics of the flow exporter, use the show flow exporter command.
show flow exporter {summary | statistics}
Syntax Description summary statistics
Displays a summary of the flow exporter.
Displays the statistics of flow exporters such as the number of records sent, or the time when the last record was sent.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following is a sample output of the show flow exporter summary command:
(Cisco Controller) >
show flow exporter summary
Exporter-Name Exporter-IP Port
============= expo1
===========
9.9.120.115
=====
800
1642
Cisco Wireless Controller Command Reference, Release 8.4
show flow monitor summary show flow monitor summary
To display the details of the NetFlow monitor, use the show flow monitor summary command.
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Netflow record monitoring and export are used for integration with an NMS or any Netflow analysis tool.
Examples
The following is a sample output of the show flow monitor summary:
(Cisco Controller) >
show flow monitor summary
Monitor-Name Exporter-Name
============ mon1
============= expo1 ipv4_client_app_flow_record
Exporter-IP
===========
9.9.120.115
Port Record Name
==== ===========
800
Cisco Wireless Controller Command Reference, Release 8.4
1643
show guest-lan show guest-lan
To display the configuration of a specific wired guest LAN, use the show guest-lan command.
show guest-lan guest_lan_id
Syntax Description
guest_lan_id
ID of the selected wired guest LAN.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
To display all wired guest LANs configured on the controller, use the show guest-lan summary command.
Examples
The following is a sample output of the show guest-lan guest_lan_id command:
(Cisco Controller) >
show guest-lan 2
Guest LAN Identifier........................... 1
Profile Name................................... guestlan
Network Name (SSID)............................ guestlan
Status......................................... Enabled
AAA Policy Override............................ Disabled
Number of Active Clients....................... 1
Exclusionlist Timeout.......................... 60 seconds
Session Timeout................................ Infinity
Interface...................................... wired
Ingress Interface.............................. wired-guest
WLAN ACL....................................... unconfigured
DHCP Server.................................... 10.20.236.90
DHCP Address Assignment Required............... Disabled
Quality of Service............................. Silver (best effort)
Security
Web Based Authentication................... Enabled
ACL........................................ Unconfigured
Web-Passthrough............................ Disabled
Conditional Web Redirect................... Disabled
Auto Anchor................................ Disabled
Mobility Anchor List
GLAN ID IP Address Status
1644
Cisco Wireless Controller Command Reference, Release 8.4
show icons summary show icons summary
To display a summary of the icons present in the flash memory of the system, use the show icons summary command.
show icons summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
Release 8.2
Examples
Modification
This command was introduced.
The following is sample output from the show icons summary command::
Cisco Controller > show icons summary
Icon files (downloaded) in Flash memory
No.
Filename
-------------------------
Size
-----
1.
dhk_icon.png
2.
myIconCopy1.png
3.
myIconCopy2.png
120694
120694
120694
Cisco Wireless Controller Command Reference, Release 8.4
1645
show ike show ike
To display active Internet Key Exchange (IKE) security associations (SAs), use the show ike command.
show ike {brief | detailed} IP_or_MAC_address
Syntax Description brief detailed
IP_or_MAC_address
Displays a brief summary of all active IKE SAs.
Displays a detailed summary of all active IKE SAs.
IP or MAC address of active IKE SA.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the active Internet Key Exchange security associations:
(Cisco Controller) >
show ike brief 209.165.200.254
1646
Cisco Wireless Controller Command Reference, Release 8.4
show interface summary show interface summary
To display summary details of the system interfaces, use the show interface summary command.
show interface summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command was updated and displays IPv6 related details
Examples
Examples
The following example displays the summary of the local IPv4 interfaces:
(Cisco Controller) >
show interface summary
Number of Interfaces.......................... 6
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ ----dyn59 management redundancy-management redundancy-port service-port virtual
LAG 59
LAG 56
LAG 56
-
N/A
N/A untagged 0.0.0.0
N/A
N/A
9.10.59.66
9.10.56.60
0.0.0.0
2.2.2.2
1.2.3.4
Dynamic No
Static Yes
Static No
Static
Static
Static
No
No
No
No
No
No
No
No
No
The following example displays the summary of the local IPv6 interfaces: show ipv6 interface summary
Number of Interfaces.......................... 2
Interface Name Port Vlan Id IPv6 Address/Prefix Length
----------------------- ---- -------- -----------------------------------------management LAG 56 fe80::224:97ff:fe69:69af/64 service-port
LAG 56
N/A N/A
N/A N/A
2001:9:10:56::60/64 fe80::224:97ff:fe69:69a1/64
::/128
Cisco Wireless Controller Command Reference, Release 8.4
1647
show interface detailed show interface detailed
To display details of the system interfaces, use the show interface command.
show interfacedetailed {interface_name | management | redundancy-management | redundancy-port |
service-port | virtual}
Syntax Description detailed
interface_name
management redundancy-management redundancy-port service-port virtual
Displays detailed interface information.
Interface name for detailed display.
Displays detailed management interface information.
Displays detailed redundancy management interface information.
Displays detailed redundancy port information.
Displays detailed service port information.
Displays detailed virtual gateway interface information.
Command Default
None
Command History
Examples
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command was updated in Release 8.0 and displays IPv6 related details
The following example shows how to display the detailed interface information:
(Cisco Controller) >
show interface detailed management
Interface Name................................... management
MAC Address...................................... 00:24:97:69:69:af
IP Address....................................... 9.10.56.60
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 9.10.56.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
Link Local IPv6 Address.......................... fe80::224:97ff:fe69:69af/64
STATE ........................................... REACHABLE
Primary IPv6 Address............................. 2001:9:10:56::60/64
1648
Cisco Wireless Controller Command Reference, Release 8.4
show interface detailed
STATE ........................................... REACHABLE
Primary IPv6 Gateway............................. fe80::aea0:16ff:fe4f:2242
Primary IPv6 Gateway Mac Address................. ac:a0:16:4f:22:42
STATE ........................................... REACHABLE
VLAN............................................. 56
Quarantine-vlan.................................. 0
NAS-Identifier................................... Building1
Active Physical Port............................. LAG (13)
Primary Physical Port............................ LAG (13)
Backup Physical Port............................. Unconfigured
DHCP Proxy Mode.................................. Global
Primary DHCP Server.............................. 9.1.0.100
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
DHCP Option 82 bridge mode insertion............. Disabled
IPv4 ACL......................................... Unconfigured
IPv6 ACL......................................... Unconfigured mDNS Profile Name................................ Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
Note
Some WLAN controllers may have only one physical port listed because they have only one physical port.
The following example shows how to display the detailed redundancy management interface information:
(Cisco Controller) >
show interface detailed redundancy-management
Interface Name................................... redundancy-management
MAC Address...................................... 88:43:e1:7e:0b:20
IP Address....................................... 209.165.201.2
The following example shows how to display the detailed redundancy port information:
(Cisco Controller) >
show interface detailed redundancy-port
Interface Name................................... redundancy-port
MAC Address...................................... 88:43:e1:7e:0b:22
IP Address....................................... 169.254.120.5
The following example shows how to display the detailed service port information:
(Cisco Controller) >
show interface detailed service-port
Interface Name................................... redundancy-port
MAC Address...................................... 88:43:e1:7e:0b:22
IP Address....................................... 169.254.120.5
The following example shows how to display the detailed virtual gateway interface information:
(Cisco Controller) >
show interface detailed virtual
Interface Name................................... virtual
MAC Address...................................... 88:43:e1:7e:0b:20
IP Address....................................... 1.1.1.1
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No
Cisco Wireless Controller Command Reference, Release 8.4
1649
show interface group show interface group
To display details of system interface groups, use the show interface group command.
show interface group {summary | detailed interface_group_name}
Syntax Description summary detailed
interface_group_name
Displays a summary of the local interface groups.
Displays detailed interface group information.
Interface group name for a detailed display.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display a summary of local interface groups:
(Cisco Controller) >
show interface group summary
Interface Group Name Total Interfaces Total WLANs
Groups Quarantine
------------------------------------------mygroup1 1 0
--------------
0
Total AP
---------
No mygroup2 mygroup3
1
5
0
1
0
0
No
No
The following example shows how to display the detailed interface group information:
(Cisco Controller) >
show interface group detailed mygroup1
I nterface Group Name............................. mygroup1
Quarantine ...................................... No
Number of Wlans using the Interface Group........ 0
Number of AP Groups using the Interface Group.... 0
Number of Interfaces Contained................... 1 mDNS Profile Name................................ NCS12Prof
Interface Group Description...................... My Interface Group
Next interface for allocation to client.......... testabc
Interfaces Contained in this group .............. testabc
Interface marked with * indicates DHCP dirty interface
Interface list sorted based on vlan:
Index Vlan Interface Name
1650
Cisco Wireless Controller Command Reference, Release 8.4
--------
0 42
-------------------------------testabc
show interface group
Cisco Wireless Controller Command Reference, Release 8.4
1651
show invalid-config show invalid-config
To see any ignored commands or invalid configuration values in an edited configuration file, use the show
invalid-config command.
show invalid-config
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You can enter this command only before the clear config or save config command.
Examples
The following is a sample output of the show invalid-config command:
(Cisco Controller) >
show invalid-config
config wlan peer-blocking drop 3 config wlan dhcp_server 3 192.168.0.44 required
1652
Cisco Wireless Controller Command Reference, Release 8.4
show inventory show inventory
To display a physical inventory of the Cisco wireless LAN controller, use the show inventory command.
show inventory
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
Some wireless LAN controllers may have no crypto accelerator (VPN termination module) or power supplies listed because they have no provisions for VPN termination modules or power supplies.
Examples
The following is a sample output of the show inventory command:
(Cisco Controller) >
show inventory
Burned-in MAC Address............................ 50:3D:E5:1A:31:A0
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 500
NAME: "Chassis" , DESCR: "Cisco 5500 Series Wireless LAN Controller"
PID: AIR-CT5508-K9, VID: V01, SN: XXXXXXXXXXX
Cisco Wireless Controller Command Reference, Release 8.4
1653
show IPsec show IPsec
To display active Internet Protocol Security (IPsec) security associations (SAs), use the show IPsec command.
show IPsec {brief | detailed} IP_or_MAC_address
Syntax Description brief detailed
IP_or_MAC_address
Displays a brief summary of active IPsec SAs.
Displays a detailed summary of active IPsec SAs.
IP address or MAC address of a device.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display brief information about the active Internet Protocol Security
(IPsec) security associations (SAs):
(Cisco Controller) >
show IPsec brief 209.165.200.254
Related Commands config radius acct ipsec authentication config radius acct ipsec disable config radius acct ipsec enable config radius acct ipsec encryption config radius auth IPsec encryption config radius auth IPsec authentication config radius auth IPsec disable config radius auth IPsec encryption config radius auth IPsec ike config trapflags IPsec config wlan security IPsec disable config wlan security IPsec enable config wlan security IPsec authentication
1654
Cisco Wireless Controller Command Reference, Release 8.4
config wlan security IPsec encryption config wlan security IPsec config config wlan security IPsec ike authentication config wlan security IPsec ike dh-group config wlan security IPsec ike lifetime config wlan security IPsec ike phase1 config wlan security IPsec ike contivity show IPsec
Cisco Wireless Controller Command Reference, Release 8.4
1655
show ipv6 acl show ipv6 acl
To display the IPv6 access control lists (ACLs) that are configured on the controller, use the show ipv6 acl command.
show ipv6 acl detailed {acl_name | summary}
Syntax Description
acl_name
detailed
IPv6 ACL name. The name can be up to 32 alphanumeric characters.
Displays detailed information about a specific ACL.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to display the detailed information of the access control lists:
(Cisco Controller) >
show ipv6 acl detailed acl6
Rule Index....................................... 1
Direction........................................ Any
IPv6 source prefix............................... ::/0
IPv6 destination prefix.......................... ::/0
Protocol......................................... Any
Source Port Range................................ 0-65535
Destination Port Range........................... 0-65535
DSCP............................................. Any
Flow label....................................... 0
Action........................................... Permit
Counter.......................................... 0
Deny Counter................................... 0
1656
Cisco Wireless Controller Command Reference, Release 8.4
show ipv6 summary show ipv6 summary
To display the IPv6 configuration settings, use the show ipv6 summary command.
show ipv6 summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example displays the output of the show ipv6 summary command:
(Cisco Controller) >
show ipv6 summary
Global Config............................... Enabled
Reachable-lifetime value.................... 30
Stale-lifetime value........................ 300
Down-lifetime value......................... 300
RA Throttling............................... Disabled
RA Throttling allow at-least................ 1
RA Throttling allow at-most................. no-limit
RA Throttling max-through................... 5
RA Throttling throttle-period............... 600
RA Throttling interval-option............... ignore
NS Mulitcast CacheMiss Forwarding........... Enabled
NA Mulitcast Forwarding..................... Enabled
IPv6 Capwap UDP Lite........................ Enabled
Operating System IPv6 state ................ Enabled
Cisco Wireless Controller Command Reference, Release 8.4
1657
show guest-lan show guest-lan
To display the configuration of a specific wired guest LAN, use the show guest-lan command.
show guest-lan guest_lan_id
Syntax Description
guest_lan_id
ID of the selected wired guest LAN.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
To display all wired guest LANs configured on the controller, use the show guest-lan summary command.
Examples
The following is a sample output of the show guest-lan guest_lan_id command:
(Cisco Controller) >
show guest-lan 2
Guest LAN Identifier........................... 1
Profile Name................................... guestlan
Network Name (SSID)............................ guestlan
Status......................................... Enabled
AAA Policy Override............................ Disabled
Number of Active Clients....................... 1
Exclusionlist Timeout.......................... 60 seconds
Session Timeout................................ Infinity
Interface...................................... wired
Ingress Interface.............................. wired-guest
WLAN ACL....................................... unconfigured
DHCP Server.................................... 10.20.236.90
DHCP Address Assignment Required............... Disabled
Quality of Service............................. Silver (best effort)
Security
Web Based Authentication................... Enabled
ACL........................................ Unconfigured
Web-Passthrough............................ Disabled
Conditional Web Redirect................... Disabled
Auto Anchor................................ Disabled
Mobility Anchor List
GLAN ID IP Address Status
1658
Cisco Wireless Controller Command Reference, Release 8.4
show icons file-info
To display icon parameters, use the show icons file-info command.
show icons file-info
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
Release 8.2
Examples
Modification
This command was introduced.
The following is sample output from the show icons file-info command:
Cisco Controller > show icons file-info
ICON File Info:
No.
Filename
--------------------------
1
2
3 dhk_icon.png
myIconCopy2.png
myIconCopy1.png
Type
-----png png png
Lang Width Height
------------eng 200 eng 222 eng 555
300
333
444
show icons file-info
Cisco Wireless Controller Command Reference, Release 8.4
1659
show ipv6 acl show ipv6 acl
To display the IPv6 access control lists (ACLs) that are configured on the controller, use the show ipv6 acl command.
show ipv6 acl detailed {acl_name | summary}
Syntax Description
acl_name
detailed
IPv6 ACL name. The name can be up to 32 alphanumeric characters.
Displays detailed information about a specific ACL.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to display the detailed information of the access control lists:
(Cisco Controller) >
show ipv6 acl detailed acl6
Rule Index....................................... 1
Direction........................................ Any
IPv6 source prefix............................... ::/0
IPv6 destination prefix.......................... ::/0
Protocol......................................... Any
Source Port Range................................ 0-65535
Destination Port Range........................... 0-65535
DSCP............................................. Any
Flow label....................................... 0
Action........................................... Permit
Counter.......................................... 0
Deny Counter................................... 0
1660
Cisco Wireless Controller Command Reference, Release 8.4
show ipv6 acl cpu show ipv6 acl cpu
To display the IPv6 ACL CPU details, use the show ipv6 acl cpu command.
show ipv6 acl cpu
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports IPv6 address format.
Examples
The following is a sample output of the show ipv6 acl cpu command:
(Cisco Controller) > show ipv6 acl cpu
CPU Acl Name................................ NOT CONFIGURED
Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled
Cisco Wireless Controller Command Reference, Release 8.4
1661
show ipv6 acl detailed show ipv6 acl detailed
To display the IPv6 ACL details, use the show ipv6 acl detailed command.
show ipv6 acl detailed
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports IPv6 address format.
Examples
The following is a sample output of the show ipv6 acl detailed TestACL command:
(Cisco Controller) > show ipv6 acl detailed ddd
Rule Index....................................... 1
Direction........................................ Any
IPv6 source prefix............................... 2001:9:5:90::115/128
IPv6 destination prefix.......................... ::/0
Protocol......................................... 6
Source Port Range................................ 0-65535
Destination Port Range........................... 0-65535
DSCP............................................. Any
Action........................................... Permit
Counter.......................................... 0
Rule Index....................................... 2
Direction........................................ Any
IPv6 source prefix............................... ::/0
IPv6 destination prefix.......................... 2001:9:5:90::115/128
Protocol......................................... 6
Source Port Range................................ 0-65535
Destination Port Range........................... 0-65535
DSCP............................................. Any
Action........................................... Permit
Counter.......................................... 0
1662
Cisco Wireless Controller Command Reference, Release 8.4
show ipv6 neighbor-binding show ipv6 neighbor-binding
To display the IPv6 neighbor binding data that are configured on the controller, use the show ipv6
neighbor-binding command.
show ipv6 neighbor-binding {capture-policy| counters | detailed {mac mac_address| port port_number|
vlanvlan_id} | features | policies | ra-throttle {statistics vlan_id | routers vlan_id} | summary}
Syntax Description capture-policy counters detailed mac
mac_address
port
port_number
vlan
vlan_id
features policies ra-throttle statistics routers summary
Displays IPv6 next-hop message capture policies.
Displays IPv6 next-hop counters (Bridging mode only).
Displays the IPv6 neighbor binding table.
Displays the IPv6 binding table entries for a specific MAC address.
Displays the IPv6 binding table entries for a specific MAC address.
Displays the IPv6 binding table entries for a specific port.
Port Number. You can enter ap for an access point or LAG for a LAG port.
Displays the IPv6 neighbor binding table entries for a specific VLAN.
VLAN identifier.
Displays IPv6 next-hop registered features.
Displays IPv6 next-hop policies.
Displays RA throttle information.
Displays RA throttle statistics.
Displays RA throttle routers.
Displays the IPv6 neighbor binding table.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Cisco Wireless Controller Command Reference, Release 8.4
1663
show ipv6 neighbor-binding
Usage Guidelines
DHCPv6 counters are applicable only for IPv6 bridging mode.
Examples
The following is the output of the show ipv6 neighbor-binding summary command:
(Cisco Controller) >
show ipv6 neighbor-binding summary
Binding Table has 6 entries, 5 dynamic
Codes: L - Local, S - Static, ND - Neighbor Discovery, DH - DDCP
Preflevel flags (prlvl):
0001:MAC and LLA match 0002:Orig trunk
0008:Orig trusted access 0010:Orig trusted trunk
0040:Cga authenticated
IPv6 address
0004:Orig access
0020:DHCP assigned
0080:Cert authenticated 0100:Statically assigned
MAC Address Port VLAN Type state Time left
-- -------------------------------------------------------- ---- ---- -------- -----
---- --------- ----------
ND fe80::216:46ff:fe43:eb01 00:16:46:43:eb:01 1 980 wired prlvl age
0005
2 REACHABLE 157
ND fe80::9cf9:b009:b1b4:1ed9
2 REACHABLE 157
ND fe80::6233:4bff:fe05:25ef
2 REACHABLE 203
ND fe80::250:56ff:fe8b:4a8f
2 REACHABLE 157
ND 2001:410:0:1:51be:2219:56c6:a8ad
5 REACHABLE 157
S 2001:410:0:1::9
1 REACHABLE 205
70:f1:a1:dd:cb:d4
60:33:4b:05:25:ef
00:50:56:8b:4a:8f
70:f1:a1:dd:cb:d4
00:00:00:00:00:08
AP
AP
AP
AP
AP
980 wireless
980 wireless
980 wireless
980 wireless
980 wireless
0005
0005
0005
0005
0100
The following is the output of the show ipv6 neighbor-binding detailed command:
(Cisco Controller) >
show ipv6 neighbor-binding detailed mac 60:33:4b:05:25:ef
macDB has 3 entries for mac 60:33:4b:05:25:ef, 3 dynamic
Codes: L - Local, S - Static, ND - Neighbor Discovery, DH - DDCP
Preflevel flags (prlvl):
0001:MAC and LLA match 0002:Orig trunk
0008:Orig trusted access 0010:Orig trusted trunk
0004:Orig access
0020:DHCP assigned
0040:Cga authenticated
IPv6 address state Time left
0080:Cert authenticated 0100:Statically assigned
MAC Address Port VLAN Type prlvl age
-- -------------------------------------------------------- ---- ---- -------- -----
---- --------- ----------
ND fe80::6233:4bff:fe05:25ef
0 REACHABLE 303
ND 2001:420:0:1:6233:4bff:fe05:25ef
0 REACHABLE 300
ND 2001:410:0:1:6233:4bff:fe05:25ef
0 REACHABLE 301
60:33:4b:05:25:ef
60:33:4b:05:25:ef
60:33:4b:05:25:ef
AP
AP
AP
980 wireless
980 wireless
980 wireless
0009
0009
0009
The following is the output of the show ipv6 neighbor-binding counters command:
(Cisco Controller) >
show ipv6 neighbor-binding counters
Received Messages
NDP Router Solicitation
NDP Router Advertisement
NDP Neighbor Solicitation
NDP Neighbor Advertisement
NDP Redirect
NDP Certificate Solicit
NDP Certificate Advert
DHCPv6 Solicitation
DHCPv6 Advertisement
DHCPv6 Request
DHCPv6 Reply
DHCPv6 Inform
DHCPv6 Confirm
0
0
0
0
0
0
0
0
0
6
19
557
48
1664
Cisco Wireless Controller Command Reference, Release 8.4
show ipv6 neighbor-binding
DHCPv6 Renew
DHCPv6 Rebind
DHCPv6 Release
DHCPv6 Decline
DHCPv6 Reconfigure
DHCPv6 Relay Forward
DHCPv6 Relay Rep
Bridged Messages
NDP Router Solicitation
NDP Router Advertisement
NDP Neighbor Solicitation
NDP Neighbor Advertisement
NDP Redirect
NDP Certificate Solicit
NDP Certificate Advert
DHCPv6 Solicitation
DHCPv6 Advertisement
DHCPv6 Request
DHCPv6 Reply
DHCPv6 Inform
DHCPv6 Confirm
DHCPv6 Renew
DHCPv6 Rebind
DHCPv6 Release
DHCPv6 Decline
DHCPv6 Reconfigure
DHCPv6 Relay Forward
DHCPv6 Relay Rep
NDSUPRRESS Drop counters
0
0
0
0
0
0
0
6
19
471
16
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 total silent ns_in_out ns_dad unicast multicast internal
------------------------------------------------------------------------
0 0 0 0 0 0 0
SNOOPING Drop counters
Dropped Msgs total silent internal CGA_vfy RSA_vfy limit martian martian_mac no_trust not_auth stop
--------------------------------------------------------------------------------------------------------------------
NDP RS 0 0 0 0 0 0 0 0
NDP RA
0 0 0
0 0 0 0 0 0 0 0
0 0
NDP NS
0
0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 NDP NA
0
NDP Redirect
0
NDP CERT SOL
0
NDP CERT ADV
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 0
DHCPv6 Sol
0
DHCPv6 Adv
0
0
0
DHCPv6 Req
0
0
0
DHCPv6 Confirm
0 0
DHCPv6 Renew
0
DHCPv6 Rebind
0
0
0
DHCPv6 Reply
0 0
DHCPv6 Release
0 0
DHCPv6 Decline
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Cisco Wireless Controller Command Reference, Release 8.4
1665
show ipv6 neighbor-binding
0
DHCPv6 Recfg
0
0
DHCPv6 Infreq
0
0
0
DHCPv6 Relayfwd
0 0
DHCPv6 Relayreply
0 0
0
0
0
0
0
CacheMiss Statistics
Multicast NS Forwarded
To STA 0
To DS 0
Multicast NS Dropped
To STA 467
To DS 467
Multicast NA Statistics
Multicast NA Forwarded
To STA 0
To DS 0
Multicast NA Dropped
To STA 0
To DS 0
0
0
0
0
(Cisco Controller) > >
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1666
Cisco Wireless Controller Command Reference, Release 8.4
show ipv6 ra-guard show ipv6 ra-guard
To display the RA guard statistics, use the show ipv6 ra-guard command.
show ipv6 ra-guard {ap | wlc} summary
Syntax Description ap wlc summary
Displays Cisco access point details.
Displays Cisco controller details.
Displays RA guard statistics.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example show the output of the show ipv6 ra-guard ap summary command:
(Cisco Controller) >
show ipv6 ra-guard ap summary
IPv6 RA Guard on AP..................... Enabled
RA Dropped per client:
MAC Address AP Name WLAN/GLAN Number of RA Dropped
----------------- ----------------- -------------- ---------------------
00:40:96:b9:4b:89 Bhavik_1130_1_p13 2 19
----------------- ----------------- -------------- ---------------------
Total RA Dropped on AP......................
19
The following example shows how to display the RA guard statistics for a controller:
(Cisco Controller) >
show ipv6 ra-guard wlc summary
IPv6 RA Guard on WLC.................... Enabled
Cisco Wireless Controller Command Reference, Release 8.4
1667
show ipv6 route summary show ipv6 route summary
To display configuration information for IPv6 route, use the show ipv6 route summary command.
show ipv6 route summary
This command has no arguments or keywords.
Command Default
None
Command History
Release
8.0
Modification
This command was introduced in a Release 8.0.
Examples
The following is a sample output of the show ipv6 route summary command:
(Cisco Controller) >
show ipv6 route summary
Number of Routes................................. 1
Destination Network PrefixLength Gateway
------------------- ------------- -------------------
2001:9:5:90::115 /128 2001:9:5:91::1
1668
Cisco Wireless Controller Command Reference, Release 8.4
show ipv6 summary show ipv6 summary
To display the IPv6 configuration settings, use the show ipv6 summary command.
show ipv6 summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example displays the output of the show ipv6 summary command:
(Cisco Controller) >
show ipv6 summary
Global Config............................... Enabled
Reachable-lifetime value.................... 30
Stale-lifetime value........................ 300
Down-lifetime value......................... 300
RA Throttling............................... Disabled
RA Throttling allow at-least................ 1
RA Throttling allow at-most................. no-limit
RA Throttling max-through................... 5
RA Throttling throttle-period............... 600
RA Throttling interval-option............... ignore
NS Mulitcast CacheMiss Forwarding........... Enabled
NA Mulitcast Forwarding..................... Enabled
IPv6 Capwap UDP Lite........................ Enabled
Operating System IPv6 state ................ Enabled
Cisco Wireless Controller Command Reference, Release 8.4
1669
show known ap show known ap
To display known Cisco lightweight access point information, use the show known ap command.
show known ap {summary | detailed MAC}
Syntax Description summary detailed
MAC
Displays a list of all known access points.
Provides detailed information for all known access points.
MAC address of the known AP.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display a summary of all known access points:
(Cisco Controller) >
show known ap summary
MAC Address State # APs # Clients Last Heard
------------------------------------------------
1670
Cisco Wireless Controller Command Reference, Release 8.4
Show Commands: j to q
•
•
show lag eth-port-hash, page 1676
•
show lag ip-port-hash, page 1677
•
•
•
show ldap statistics, page 1680
•
•
•
show license capacity, page 1684
•
show license detail, page 1685
•
show license expiring, page 1686
•
show license evaluation, page 1687
•
show license feature, page 1688
•
•
show license handle, page 1690
•
show license image-level, page 1691
•
show license in-use, page 1692
•
show license permanent, page 1693
•
show license status, page 1694
•
show license statistics, page 1695
•
show license summary, page 1696
•
•
•
show load-balancing, page 1699
Cisco Wireless Controller Command Reference, Release 8.4
1671
•
show local-auth config, page 1700
•
show local-auth statistics, page 1702
•
show local-auth certificates, page 1704
•
•
show logging last-reset, page 1707
•
•
•
•
show mdns ap summary, page 1711
•
show mdns domain-name-ip summary, page 1712
•
•
•
show media-stream client, page 1718
•
show media-stream group detail, page 1719
•
show media-stream group summary, page 1720
•
•
show mesh astools stats, page 1722
•
•
•
•
show mesh client-access, page 1727
•
•
•
•
•
show mesh per-stats, page 1734
•
show mesh public-safety, page 1735
•
show mesh queue-stats, page 1736
•
show mesh security-stats, page 1737
•
•
•
show mobility anchor, page 1741
•
show mobility ap-list, page 1742
1672
Cisco Wireless Controller Command Reference, Release 8.4
•
show mobility foreign-map, page 1743
•
show mobility group member, page 1744
•
show mobility oracle, page 1745
•
show mobility statistics, page 1747
•
show mobility summary, page 1748
•
•
show nac statistics, page 1751
•
•
•
show network summary, page 1754
•
•
show netuser guest-roles, page 1757
•
show network multicast mgid detail, page 1758
•
show network multicast mgid summary, page 1759
•
show network summary, page 1760
•
show nmsp notify-interval summary, page 1762
•
•
show nmsp statistics, page 1764
•
show nmsp subscription, page 1766
•
show nmsp subscription summary, page 1767
•
•
•
show opendns summary, page 1770
•
•
•
show profiling policy summary, page 1775
•
•
•
•
•
•
show pmipv6 mag bindings, page 1783
•
show pmipv6 mag globals, page 1784
Cisco Wireless Controller Command Reference, Release 8.4
1673
•
show pmipv6 mag stats, page 1785
•
show pmipv6 profile summary, page 1787
1674
Cisco Wireless Controller Command Reference, Release 8.4
show l2tp show l2tp
To display Layer 2 Tunneling Protocol (L2TP) sessions, use the show l2tp command.
show l2tp {summary | ip_address}
Syntax Description summary
ip_address
Displays all L2TP sessions.
IP address.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display a summary of all L2TP sessions:
(Cisco Controller) >
show l2tp summary
LAC_IPaddr LTid LSid RTid RSid ATid ASid State
---------- ---- ---- ---- ---- ---- ---- -----
Cisco Wireless Controller Command Reference, Release 8.4
1675
show lag eth-port-hash show lag eth-port-hash
To display the physical port used for specific MAC addresses, use the show lag eth-port-hash command.
show lag eth-port-hash dest_MAC [source_MAC]
Syntax Description
dest_MAC source_MAC
MAC address to determine output port for non-IP packets.
(Optional) MAC address to determine output port for non-IP packets.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the physical port used for a specific MAC address:
(Cisco Controller) >
show lag eth-port-hash 11:11:11:11:11:11
Destination MAC 11:11:11:11:11:11 currently maps to port 1
1676
Cisco Wireless Controller Command Reference, Release 8.4
show lag ip-port-hash show lag ip-port-hash
To display the physical port used for specific IP addresses, use the show lag ip-port-hash command.
show lag ip-port-hash dest_IP [source_IP]
Syntax Description
dest_IP source_IP
IP address to determine the output port for IP packets.
(Optional) IP address to determine the output port for
IP packets.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both— IPv4 and IPv6 addresses.
Usage Guidelines
For CAPWAP packets, enter the IP address of the access points. For EOIP packets, enter the IP address of the controller. For WIRED_GUEST packets, enter its IP address. For non tunneled IP packets from WLC, enter the destination IP address. For other non tunneled IP packets, enter both destination and source IP addresses.
This command is applicable for both IPv4 and IPv6 addresses.
Examples
The following example shows how to display the physical port used for a specific IP address:
(Cisco Controller) >
show lag ip-port-hash 192.168.102.138
Destination IP 192.168.102.138 currently maps to port 1
Cisco Wireless Controller Command Reference, Release 8.4
1677
show lag summary show lag summary
To display the current link aggregation (LAG) status, use the show lag summary command.
show lag summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the current status of the LAG configuration:
(Cisco Controller) >
show lag summary
LAG Enabled
1678
Cisco Wireless Controller Command Reference, Release 8.4
show ldap show ldap
To display the Lightweight Directory Access Protocol (LDAP) server information for a particular LDAP server, use the show ldap command.
show ldap index
Syntax Description
index
LDAP server index. Valid values are from 1 to 17.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the detailed LDAP server information:
(Cisco Controller) >
show ldap 1
Server Index..................................... 1
Address.......................................... 2.3.1.4
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... name1
User Attribute................................... attr1
User Type........................................ username1
Retransmit Timeout............................... 3 seconds
Bind Method ..................................... Anonymous
Related Commands config ldap config ldap add config ldap simple-bind show ldap statistics show ldap summary
Cisco Wireless Controller Command Reference, Release 8.4
1679
show ldap statistics show ldap statistics
To display all Lightweight Directory Access Protocol (LDAP) server information, use the show ldap statistics command.
show ldap statistics
Syntax Description
This command has no arguments or keywords.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the LDAP server statistics:
(Cisco Controller) >
show ldap statistics
Server Index..................................... 1
Server statistics:
Initialized OK................................. 0
Initialization failed.......................... 0
Initialization retries......................... 0
Closed OK...................................... 0
Request statistics:
Received....................................... 0
Sent........................................... 0
OK............................................. 0
Success........................................ 0
Authentication failed.......................... 0
Server not found............................... 0
No received attributes......................... 0
No passed username............................. 0
Not connected to server........................ 0
Internal error................................. 0
Retries........................................ 0
Server Index..................................... 2
...
Related Commands config ldap config ldap add config ldap simple-bind show ldap show ldap summary
1680
Cisco Wireless Controller Command Reference, Release 8.4
show ldap summary show ldap summary
To display the current Lightweight Directory Access Protocol (LDAP) server status, use the show ldap
summary command.
show ldap summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a summary of configured LDAP servers:
(Cisco Controller) >
show ldap summary
Idx Server Address Port Enabled
--------------------------
1 2.3.1.4
389 Yes
2 10.10.20.22
389 Yes
Related Commands config ldap config ldap add config ldap simple-bind show ldap statistics show ldap
Cisco Wireless Controller Command Reference, Release 8.4
1681
show license all show license all
To display information for all licenses on the Cisco WLCs, use the show license all command.
show license all
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display all the licenses:
>
show license all
License Store: Primary License Storage
StoreIndex: 0 Feature: wplus-ap-count Version: 1.0
License Type: Permanent
License State: Inactive
License Count: 12/0/0
License Priority: Medium
StoreIndex: 1 Feature: base Version: 1.0
License Type: Permanent
License State: Active, Not in Use
License Count: Non-Counted
License Priority: Medium
StoreIndex: 2 Feature: wplus Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
License Store: Evaluation License Storage
StoreIndex: 0 Feature: wplus Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 6 weeks 6 days
License Count: Non-Counted
License Priority: Low
StoreIndex: 1 Feature: wplus-ap-count Version: 1.0
License Type: Evaluation
License State: Active, In Use
Evaluation total period: 8 weeks 4 days
Evaluation period left: 2 weeks 3 days
Expiry date: Thu Jun 25 18:09:43 2009
License Count: 250/250/0
License Priority: High
StoreIndex: 2 Feature: base Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Count: Non-Counted
License Priority: Low
StoreIndex: 3 Feature: base-ap-count Version: 1.0
License Type: Evaluation
License State: Active, Not in Use, EULA accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 3 days
License Count: 250/0/0
License Priority: Low
1682
Cisco Wireless Controller Command Reference, Release 8.4
Examples
This example shows how to view all the licenses on the Smart License mechanism:
(Cisco Controller) >
show license all
Smart Licensing Status
======================
Smart Licensing is ENABLED
Registration:
Status: REGISTERED
Smart Account: vWLC-Prod
Virtual Account: Default
Export-Controlled Functionality: Allowed
Initial Registration: SUCCEEDED on Dec 11 12:19:38 2015 UTC
Last Renewal Attempt: None
Next Renewal Attempt: Jun 08 12:19:37 2016 UTC
Registration Expires: Dec 10 12:16:56 2016 UTC
License Authorization:
Status: AUTHORIZED on Dec 11 12:20:12 2015 UTC
Last Communication Attempt: SUCCEEDED on Dec 11 12:20:12 2015 UTC
Next Communication Attempt: Jan 10 12:20:11 2016 UTC
Communication Deadline: Mar 10 12:17:43 2016 UTC
--More-- or (q)uit
License Usage
==============
No licenses in use
Product Information
===================
UDI: PID:AIR-CTVM-K9,SN:91U8NQ5XDBE
Agent Version
=============
Smart Agent for Licensing: 1.4.0_rel/25
Component Versions: SA:1.4, SI:0.1, CH:rel_1, PK:x.x
show license all
Cisco Wireless Controller Command Reference, Release 8.4
1683
show license capacity show license capacity
To display the maximum number of access points allowed for this license on the Cisco 5500 Series Controller, the number of access points currently joined to the controller, and the number of access points that can still join the controller, use the show license capacity command.
show license capacity
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the license capacity:
>
show license capacity
Licensed Feature Max Count Current Count Remaining Count
-----------------------------------------------------------------------
AP Count 250 47 203
Related Commands license install show license all show license detail show license feature show license image-level show license summary license modify priority show license evaluation
1684
Cisco Wireless Controller Command Reference, Release 8.4
show license detail show license detail
To display details of a specific license on the Cisco 5500 Series Controller, use the show license detail command.
show license detail license-name
Syntax Description
license-name
Name of a specific license.
Command Default
None.
Examples
This example shows how to display the license details:
>
show license detail wplus
Feature: wplus Period left: Life time
Index: 1 Feature: wplus Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Store Index: 2
Store Name: Primary License Storage
Index: 2 Feature: wplus Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 6 weeks 6 days
License Count: Non-Counted
License Priority: Low
Store Index: 0
Related Commands license install show license agent show license all show license feature show license image-level show license summary license modify priority
Cisco Wireless Controller Command Reference, Release 8.4
1685
show license expiring show license expiring
To display details of expiring licenses on the Cisco 5500 Series Controller, use the show license expiring command.
show license expiring
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the details of the expiring licenses:
>
show license expiring
StoreIndex: 0 Feature: wplus Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 6 weeks 6 days
License Count: Non-Counted
License Priority: Low
StoreIndex: 1 Feature: wplus-ap-count Version: 1.0
License Type: Evaluation
License State: Active, In Use
Evaluation total period: 8 weeks 4 days
Evaluation period left: 2 weeks 3 days
Expiry date: Thu Jun 25 18:09:43 2009
License Count: 250/250/0
License Priority: High
StoreIndex: 2 Feature: base Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Count: Non-Counted
License Priority: Low
StoreIndex: 3 Feature: base-ap-count Version: 1.0
License Type: Evaluation
License State: Active, Not in Use, EULA accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 3 days
License Count: 250/0/0
License Priority: Low
Related Commands license install show license all show license detail show license in-use show license summary license modify priority show license evaluation
1686
Cisco Wireless Controller Command Reference, Release 8.4
show license evaluation show license evaluation
To display details of evaluation licenses on the Cisco 5500 Series Controller, use the show license evaluation command.
show license evaluation
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the details of the evaluation licenses:
>
show license evaluation
StoreIndex: 0 Feature: wplus Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 6 weeks 6 days
License Count: Non-Counted
License Priority: Low
StoreIndex: 1 Feature: wplus-ap-count Version: 1.0
License Type: Evaluation
License State: Active, In Use
Evaluation total period: 8 weeks 4 days
Evaluation period left: 2 weeks 3 days
Expiry date: Thu Jun 25 18:09:43 2009
License Count: 250/250/0
License Priority: High
StoreIndex: 2 Feature: base Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Count: Non-Counted
License Priority: Low
StoreIndex: 3 Feature: base-ap-count Version: 1.0
License Type: Evaluation
License State: Active, Not in Use, EULA accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 3 days
License Count: 250/0/0
License Priority: Low
Related Commands license install show license all show license detail show license expiring show license in-use show license summary license modify priority
Cisco Wireless Controller Command Reference, Release 8.4
1687
show license feature show license feature
To display a summary of license-enabled features on the Cisco 5500 Series Controller, use the show license
feature command.
show license feature
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the license-enabled features:
>
show license feature
Feature name Enforcement Evaluation Clear Allowed Enabled wplus wplus-ap-count yes yes yes yes yes yes yes yes base base-ap-count no yes yes yes yes yes no no
Related Commands license install show license all show license detail show license expiring show license image-level show license in-use show license summary show license modify priority show license evaluation
1688
Cisco Wireless Controller Command Reference, Release 8.4
show license file show license file
To display a summary of license-enabled features on the Cisco 5500 Series Controller, use the show license
file command.
show license file
Syntax Description
This command has no arguments or keywords.
Examples
This example shows how to display the license files:
>
show license file
License Store: Primary License Storage
Store Index: 0
License: 11 wplus-ap-count 1.0 LONG NORMAL STANDALONE EXCL 12_KEYS INFINIT
E_KEYS NEVER NEVER NiL SLM_CODE CL_ND_LCK NiL *1AR5NS7M5AD8PPU400
NiL NiL NiL 5_MINS <UDI><PID>AIR-CT5508-K9</PID><SN>RFD000P2D27<
/SN></UDI> Pe0L7tv8KDUqo:zlPe423S5wasgM8G,tTs0i,7zLyA3VfxhnIe5aJa m63lR5l8JM3DPkr4O2DI43iLlKn7jomo3RFl1LjMRqLkKhiLJ2tOyuftQSq2bCAO6 nR3wIb38xKi3t$<WLC>AQEBIQAB//++mCzRUbOhw28vz0czAY0iAm7ocDLUMb9ER0
+BD3w2PhNEYwsBN/T3xXBqJqfC+oKRqwInXo3s+nsLU7rOtdOxoIxYZAo3LYmUJ+M
FzsqlhKoJVlPyEvQ8H21MNUjVbhoN0gyIWsyiJaM8AQIkVBQFzhr10GYolVzdzfJf
EPQIx6tZ++/Vtc/q3SF/5Ko8XCY=</WLC>
Comment:
Hash: iOGjuLlXgLhcTB113ohIzxVioHA=
. . .
Related Commands license install show license all show license detail show license expiring show license feature show license image-level show license in-use show license summary show license evaluation
Cisco Wireless Controller Command Reference, Release 8.4
1689
show license handle show license handle
To display the license handles on the Cisco 5500 Series Controller, use the show license handle command.
show license handle
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the license handles:
>
show license handle
Feature: wplus , Handle Count: 1
Units: 01( 0), ID: 0x5e000001, NotifyPC: 0x1001e8f4 LS-Handle (0x00000001),
Units: ( 1)
Registered clients: 1
Context 0x1051b610, epID 0x10029378
Feature: base , Handle Count: 0
Registered clients: 1
Context 0x1053ace0, epID 0x10029378
Feature: wplus-ap-count , Handle Count: 1
Units: 250( 0), ID: 0xd4000002, NotifyPC: 0x1001e8f4 LS-Handle (0x000
00002), Units: (250)
Registered clients: None
Feature: base-ap-count
Registered clients: None
Global Registered clients: 2
, Handle Count: 0
Context 0x10546270, epID 0x100294cc
Context 0x1053bae8, epID 0x100294cc
Related Commands license install show license all show license detail show license expiring show license feature show license image-level show license in-use show license summary
1690
Cisco Wireless Controller Command Reference, Release 8.4
show license image-level show license image-level
To display the license image level that is in use on the Cisco 5500 Series Controller, use the show license
image-level command.
show license image-level
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the image level license settings:
>
show license image-level
Module name Image level Priority Configured Valid license wnbu wplus base
1
2
YES
NO wplus
NOTE: wplus includes two additional features: Office Extend AP, Mesh AP.
Related Commands license install show license all show license detail show license expiring show license feature license modify priority show license in-use show license summary
Cisco Wireless Controller Command Reference, Release 8.4
1691
show license in-use show license in-use
To display the licenses that are in use on the Cisco 5500 Series Controller, use the show license in-use command.
show license in-use
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the licenses that are in use:
>
show license in-use
StoreIndex: 2 Feature: wplus Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
StoreIndex: 1 Feature: wplus-ap-count Version: 1.0
License Type: Evaluation
License State: Active, In Use
Evaluation total period: 8 weeks 4 days
Evaluation period left: 2 weeks 3 days
Expiry date: Thu Jun 25 18:09:43 2009
License Count: 250/250/0
License Priority: High
Related Commands license install show license all show license detail show license expiring show license feature show license image-level show license modify priority show license summary show license permanent show license evaluation
1692
Cisco Wireless Controller Command Reference, Release 8.4
show license permanent show license permanent
To display the permanent licenses on the Cisco 5500 Series Controller, use the show license permanent command.
show license permanent
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the permanent license’s information:
>
show license permanent
StoreIndex: 0 Feature: wplus-ap-count Version: 1.0
License Type: Permanent
License State: Inactive
License Count: 12/0/0
License Priority: Medium
StoreIndex: 1 Feature: base Version: 1.0
License Type: Permanent
License State: Active, Not in Use
License Count: Non-Counted
License Priority: Medium
StoreIndex: 2 Feature: wplus Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Related Commands license install show license all show license detail show license expiring show license feature show license image-level show license in-use show license summary license modify priority show license evaluation
Cisco Wireless Controller Command Reference, Release 8.4
1693
show license status show license status
To display the license status on the Cisco Wireless Controller, use the show license status command.
show license status
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
Examples
This example shows how to view the license status on the RTU license mechanism:
>
show license status
License Type Supported permanent Non-expiring node locked license extension Expiring node locked license evaluation Expiring non node locked license
License Operation Supported install clear
Install license
Clear license annotate Comment license save revoke
Save license
Revoke license
Device status
Device Credential type: DEVICE
Device Credential Verification: PASS
Rehost Type: DC_OR_IC
This example shows how to view the license status on the Smart License mechanism:
(Cisco Controller) >
show license status
Smart Licensing is ENABLED
Registration:
Status: REGISTERED
Smart Account: vWLC-Prod
Virtual Account: Default
Export-Controlled Functionality: Allowed
Initial Registration: SUCCEEDED on Dec 11 12:19:38 2015 UTC
Last Renewal Attempt: None
Next Renewal Attempt: Jun 08 12:19:37 2016 UTC
Registration Expires: Dec 10 12:16:56 2016 UTC
License Authorization:
Status: AUTHORIZED on Dec 11 12:20:12 2015 UTC
Last Communication Attempt: SUCCEEDED on Dec 11 12:20:12 2015 UTC
Next Communication Attempt: Jan 10 12:20:11 2016 UTC
Communication Deadline: Mar 10 12:17:43 2016 UTC
1694
Cisco Wireless Controller Command Reference, Release 8.4
show license statistics show license statistics
To display license statistics on the Cisco 5500 Series Controller, use the show license statistics command.
show license statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the license statistics:
>
show license statistics
Administrative statistics
Install success count:
Install failure count:
Install duplicate count:
0
0
0 c
Comment add count:
Comment delete count:
Clear count:
Save count:
Save cred count:
Client status
Request success count
Request failure count
Release count
Global Notify count
2
0
0
0
0
0
0
0
0
Related Commands license install show license all show license detail show license expiring show license feature show license image-level show license in-use show license summary license modify priority show license evaluation
Cisco Wireless Controller Command Reference, Release 8.4
1695
show license summary show license summary
To display a brief summary of all licenses on the Cisco WLCs, use the show license summary command.
show license summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
Examples
This example shows how to display a brief summary of all licenses:
>
show license summary
Index 1 Feature: wplus
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: wplus-ap-count
Period left: 2 weeks 3 days
License Type: Evaluation
License State: Active, In Use
License Count: 250/250/0
License Priority: High
Index 3 Feature: base
Period left: Life time
License Type: Permanent
License State: Active, Not in Use
License Count: Non-Counted
License Priority: Medium
Index 4 Feature: base-ap-count
Period left: 8 weeks 3 days
License Type: Evaluation
License State: Active, Not in Use, EULA accepted
License Count: 250/0/0
License Priority: Low
This example shows how to view the license summary on the Smart License mechanism:
(Cisco Controller) >
show license summary
Smart Licensing is ENABLED
Registration:
Status: REGISTERED
Smart Account: vWLC-Prod
Virtual Account: Default
Export-Controlled Functionality: Allowed
Last Renewal Attempt: None
Next Renewal Attempt: Jun 08 12:19:38 2016 UTC
License Authorization:
Status: AUTHORIZED
Last Communication Attempt: SUCCEEDED
Next Communication Attempt: Jan 10 12:20:11 2016 UTC
1696
Cisco Wireless Controller Command Reference, Release 8.4
show license udi show license udi
To display unique device identifier (UDI) values for licenses on the Cisco WLCs, use the show license udi command.
show license udi
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
Examples
This example shows how to view the UDI values for licenses on the RTU license mechanism:
(Cisco Controller) >
show license udi
Device# PID SN UDI
-------------------------------------------------------------------------------------
*0 AIR-CT5508-K9 RFD000P2D27 AIR-CT5508-K9:RFD000P2D27
This example shows how to view the UDI values for licenses on the Smart License mechanism:
(Cisco Controller) >
show license udi
UDI: PID:AIR-CTVM-K9,SN:91U8NQ5XDBE
Cisco Wireless Controller Command Reference, Release 8.4
1697
show license usage show license usage
To display the entitlement details and usage per handle and its entitlement tag, use the show license usage command.
show license usage
Command History
Release
8.2
Modification
This command was introduced in a 8.2 release.
Examples
This example shows how to display the entitlement details:
(Cisco Controller) >
show license usage
1698
Cisco Wireless Controller Command Reference, Release 8.4
show load-balancing show load-balancing
To display the status of the load-balancing feature, use the show load-balancing command.
show load-balancing
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the load-balancing status:
>
show load-balancing
Aggressive Load Balancing........................ Enabled
Aggressive Load Balancing Window................. 0 clients
Aggressive Load Balancing Denial Count........... 3
Statistics
Total Denied Count............................... 10 clients
Total Denial Sent................................ 20 messages
Exceeded Denial Max Limit Count.................. 0 times
None 5G Candidate Count.......................... 0 times
None 2.4G Candidate Count..................... 0 times
Related Commands config load-balancing
Cisco Wireless Controller Command Reference, Release 8.4
1699
show local-auth config show local-auth config
To display local authentication configuration information, use the show local-auth config command.
show local-auth config
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the local authentication configuration information:
(Cisco Controller) >
show local-auth config
User credentials database search order:
Primary ................................... Local DB
Configured EAP profiles:
Name ...................................... fast-test
Certificate issuer .................... default
Enabled methods ....................... fast
Configured on WLANs ................... 2
EAP Method configuration:
EAP-TLS:
Certificate issuer .................... default
Peer verification options:
Check against CA certificates ..... Enabled
Verify certificate CN identity .... Disabled
Check certificate date validity ... Enabled
EAP-FAST:
TTL for the PAC ....................... 3 600
Initial client message ................ <none>
Local certificate required ............ No
Client certificate required ........... No
Vendor certificate required ........... No
Anonymous provision allowed ........... Yes
Authenticator ID ...................... 7b7fffffff0000000000000000000000
Authority Information ................. Test
EAP Profile.................................... tls-prof
Enabled methods for this profile .......... tls
Active on WLANs ........................... 1 3EAP Method configuration:
EAP-TLS:
Certificate issuer used ............... cisco
Peer verification options:
Check against CA certificates ..... disabled
Verify certificate CN identity .... disabled
Check certificate date validity ... disabled
1700
Cisco Wireless Controller Command Reference, Release 8.4
Related Commands clear stats local-auth config local-auth active-timeout config local-auth eap-profile config local-auth method fast config local-auth user-credentials debug aaa local-auth show local-auth certificates show local-auth statistics show local-auth config
Cisco Wireless Controller Command Reference, Release 8.4
1701
show local-auth statistics show local-auth statistics
To display local Extensible Authentication Protocol (EAP) authentication statistics, use the show local-auth
statistics command:
show local-auth statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the local authentication certificate statistics:
(Cisco Controller) >
show local-auth statistics
Local EAP authentication DB statistics:
Requests received ............................... 14
Responses returned .............................. 14
Requests dropped (no EAP AVP) ................... 0
Requests dropped (other reasons) ................ 0
Authentication timeouts ......................... 0
Authentication statistics:
Method Success Fail
------------------------------------
Unknown 0 0
LEAP
EAP-FAST
0
2
0
0
EAP-TLS
PEAP
0
0
0
0
Local EAP credential request statistics:
Requests sent to LDAP DB ........................ 0
Requests sent to File DB ........................ 2
Requests failed (unable to send) ................ 0
Authentication results received:
Success ....................................... 2
Fail .......................................... 0
Certificate operations:
Local device certificate load failures .......... 0
Total peer certificates checked ................. 0
Failures:
CA issuer check ............................... 0
CN name not equal to identity ................. 0
Dates not valid or expired .................... 0
1702
Cisco Wireless Controller Command Reference, Release 8.4
Related Commands clear stats local-auth config local-auth active-timeout config local-auth eap-profile config local-auth method fast config local-auth user-credentials debug aaa local-auth show local-auth config show local-auth certificates show local-auth statistics
Cisco Wireless Controller Command Reference, Release 8.4
1703
show local-auth certificates show local-auth certificates
To display local authentication certificate information, use the show local-auth certificates command:
show local-auth certificates
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the authentication certificate information stored locally:
(Cisco Controller) >
show local-auth certificates
Related Commands clear stats local-auth config local-auth active-timeout config local-auth eap-profile config local-auth method fast config local-auth user-credentials debug aaa local-auth show local-auth config show local-auth statistics
1704
Cisco Wireless Controller Command Reference, Release 8.4
show logging show logging
To display the syslog facility logging parameters and buffer contents, use the show logging command.
show logging
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the current settings and buffer content details:
(Cisco Controller) >
show logging
(Cisco Controller) >
config logging syslog host 10.92.125.52
System logs will be sent to 10.92.125.52 from now on
(Cisco Controller) >
config logging syslog host 2001:9:6:40::623
System logs will be sent to 2001:9:6:40::623 from now on
(Cisco Controller) >
show logging
Logging to buffer :
- Logging of system messages to buffer :
- Logging filter level.......................... errors
- Number of system messages logged.............. 1316
- Number of system messages dropped............. 6892
- Logging of debug messages to buffer ........... Disabled
- Number of debug messages logged............... 0
- Number of debug messages dropped.............. 0
- Cache of logging ............................. Disabled
- Cache of logging time(mins) ................... 10080
- Number of over cache time log dropped ........ 0
Logging to console :
- Logging of system messages to console :
- Logging filter level.......................... disabled
- Number of system messages logged.............. 0
- Number of system messages dropped............. 8243
- Logging of debug messages to console .......... Enabled
- Number of debug messages logged............... 0
- Number of debug messages dropped.............. 0
Logging to syslog :
- Syslog facility................................ local0
- Logging of system messages to console :
- Logging filter level.......................... disabled
- Number of system messages logged.............. 0
- Number of system messages dropped............. 8208
- Logging of debug messages to console .......... Enabled
- Number of debug messages logged............... 0
- Number of debug messages dropped.............. 0
- Logging of system messages to syslog :
- Logging filter level.......................... errors
- Number of system messages logged.............. 1316
Cisco Wireless Controller Command Reference, Release 8.4
1705
show logging
- Number of system messages dropped............. 6892
- Logging of debug messages to syslog ........... Disabled
- Number of debug messages logged............... 0
- Number of debug messages dropped.............. 0
- Number of remote syslog hosts.................. 2
- syslog over tls................................ Disabled
- Host 0....................................... 10.92.125.52
- Host 1....................................... 2001:9:6:40::623
- Host 2.......................................
Logging of RFC 5424.............................. Disabled
Logging of Debug messages to file :
- Logging of Debug messages to file.............. Disabled
- Number of debug messages logged................ 0
- Number of debug messages dropped............... 0
Logging of traceback............................. Enabled
1706
Cisco Wireless Controller Command Reference, Release 8.4
show logging last-reset show logging last-reset
To display the logging buffer saved on last reset or power cycle of the controller, use the show logging
last-reset command.
show logging last-reset
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
8.0
Modification
This command was introduced in 8.0.140.0.
Cisco Wireless Controller Command Reference, Release 8.4
1707
show logging flags show logging flags
To display the existing flags, use the show logging flags command.
show logging flags AP |Cilent
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the current flags details:
>
show logging flags
ID username Connection From Idle Time Login Time
-- ---------------------------------------------------
00 admin EIA-232 00:00:00 00:19:04
Related Commands config logging flags close
1708
Cisco Wireless Controller Command Reference, Release 8.4
show loginsession
To display the existing sessions, use the show loginsession command.
show loginsession
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the current session details:
>
show loginsession
ID username Connection From Idle Time Session Time
-- ---------------------------------------------------
00 admin EIA-232 00:00:00 00:19:04
Related Commands config loginsession close show loginsession
Cisco Wireless Controller Command Reference, Release 8.4
1709
show macfilter show macfilter
To display the MAC filter parameters, use the show macfilter command.
show macfilter {summary | detailMAC | mesh | {wlan wlan-id}}
Syntax Description summary
detail MAC
mesh
wlan wlan-id
Displays a summary of all MAC filter entries.
Displays details of a MAC filter entry.
Display a summary of all MESH AP MAC filter entries.
Display a summary of all MAC filter entries on given wlan.
Command Default
None
Command History
Release
7.6
8.4
Modification
This command was introduced in a release earlier than Release 7.6.
wlan wlan-id was added.
Usage Guidelines
The MAC delimiter (none, colon, or hyphen) for MAC addresses sent to RADIUS servers is displayed. The
MAC filter table lists the clients that are always allowed to associate with a wireless LAN.
Examples
The following example shows how to display the detailed display of a MAC filter entry:
(Cisco Controller) >
show macfilter detail xx:xx:xx:xx:xx:xx
MAC Address...................................... xx:xx:xx:xx:xx:xx
WLAN Identifier.................................. Any
Interface Name................................... management
Description...................................... RAP
The following example shows how to display a summary of the MAC filter parameters:
(Cisco Controller) >
show macfilter summary
MAC Filter RADIUS Compatibility mode............. Cisco ACS
MAC Filter Delimiter............................. None
Local Mac Filter Table
MAC Address WLAN Id Description
------------------------------------------------------------------xx:xx:xx:xx:xx:xx xx:xx:xx:xx:xx:xx xx:xx:xx:xx:xx:xx
Any
Any
Any
RAP
PAP2 (2nd hop)
PAP1 (1st hop)
1710
Cisco Wireless Controller Command Reference, Release 8.4
show mdns ap summary show mdns ap summary
To display all the access points for which multicast Domain Name System (mDNS) forwarding is enabled, use the show mnds ap summary command.
show mdns ap summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.5
Modification
This command was introduced.
Examples
The following is a sample output of the show mnds ap summary command:
(Cisco Controller) >
show mdns ap summary
Number of mDNS APs............................. 2
AP Name
--------ap-3500 ap-3600
Ethernet MAC
---------------cc:ef:48:72:0d:d9
00:22:bd:df:04:68
Number of Vlans
-----------------
0
2
VlanIdentifiers
------------------
Not applicable
124,122
The following table describes the significant fields shown in the display.
Table 13: show mdns ap summary Field Descriptions
Field
AP Name
Ethernet MAC
Number of VLANs
VLAN Identifiers
Description
Name of the mDNS access point (access point for which mDNS forwarding is enabled).
MAC address of the mDNS access point.
Number of VLANs from which the access point snoops the mDNS advertisements from the wired side. An access point can snoop on a maximum of 10
VLANs.
Identifiers of the VLANs the access point snoops on.
Cisco Wireless Controller Command Reference, Release 8.4
1711
show mdns domain-name-ip summary show mdns domain-name-ip summary
To display the summary of the multicast Domain Name System (mDNS) domain names, use the show mdns
domain-name-ip summary command.
show mdns domain-name-ip summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.5
Modification
This command was introduced.
Usage Guidelines
Each service advertisement contains a record that maps the domain name of the service provider to the IP address. The mapping also contains details such as the client MAC address, VLAN ID, Time to Live (TTL), and IPv4 address.
Examples
The following is a sample output of the show mdns domain-name-ip summary command:
(Cisco Controller) >
show mdns domain-name-ip summary
Number of Domain Name-IP Entries................. 1
DomainName MAC Address IP Address Vlan Id Type TTL Time left
------------tixp77.local.
-------------
00:50:b6:4f:69:70
-----------
(in seconds) (in seconds)
-------------------- ------
209.165. 202.128
999 mDNSAP 4725 906
The following table describes the significant fields shown in the display.
Table 14: show mdns domain-name-ip summary Field Descriptions
Field
Domain Name
MAC Address
IP Address
VLAN ID
Description
Domain name of the service provider.
MAC address of the service provider.
IP address of the service provider.
VLAN ID of the service provider.
1712
Cisco Wireless Controller Command Reference, Release 8.4
Field
Type
TTL
Time Left
show mdns domain-name-ip summary
Description
Origin of service that can be one of the following:
• Wired
• Wireless
• Wired guest
• mDNS AP
TTL value, in seconds, that determines the validity of the service offered by the service provider. The service provider is removed from the Cisco Wireless
LAN Controller when the TTL expires.
Time remaining, in seconds, before the service provider is removed from the Cisco WLC.
Cisco Wireless Controller Command Reference, Release 8.4
1713
show mdns profile show mdns profile
To display mDNS profile information, use the show mdns profile command.
show mdns profile {summary | detailed profile-name}
Syntax Description summary detailed
profile-name
Displays the summary of the mDNS profiles.
Displays details of an mDNS profile.
Name of the mDNS profile.
Command Default
None
Command History
Release
7.4
Modification
This command was introduced.
Examples
This example shows how to display a summary of all the mDNS profiles:
>
show mdns profile summary
Number of Profiles............................... 2
ProfileName No. Of Services
---------------------------------------------default-mdns-profile profile1
5
2
This example shows how to display the detailed information of an mDNS profile:
>
show mdns profile detailed default-mdns-profile
Profile Name..................................... default-mdns-profile
Profile Id....................................... 1
No of Services................................... 5
Services......................................... AirPrint
AppleTV
HP_Photosmart_Printer_1
HP_Photosmart_Printer_2
Printer
No. Interfaces Attached.......................... 0
No. Interface Groups Attached.................... 0
No. Wlans Attached............................... 1
Wlan Ids......................................... 1
Related Commands config mdns query interval config mdns service
1714
Cisco Wireless Controller Command Reference, Release 8.4
config mdns snooping config interface mdns-profile config interface group mdns-profile config wlan mdns config mdns profile show mdns ap config mdns ap show mnds service clear mdns service-database debug mdns all debug mdns error debug mdns detail debug mdns message show mdns profile
Cisco Wireless Controller Command Reference, Release 8.4
1715
show mdns service show mdns service
To display multicast Domain Name System (mDNS) service information, use the show mnds service command.
show mdns service {summary | detailed service-name | not-learnt}
Syntax Description summary detailed
service-name
not-learnt
Displays the summary of all mDNS services.
Displays the details of an mDNS service.
Name of the mDNS service.
Displays the summary of all the service advertisements that were received by the controller but were not discovered because the service query status was disabled.
Service advertisements for all VLANs and origin types that are not learned are displayed in the output. The top 500 services appear in the summary list.
Command Default
None
Command History
Examples
Release
7.4
7.5
Modification
This command was introduced.
The not-learnt keyword was added.
The following is a sample output of the show mnds summary command:
Device >
show mdns service summary
Number of Services............................... 5
Service-Name LSS Origin No SP Service-string
-------------------------------------------------
AirPrint Yes Wireless
AppleTV Yes Wireless
HP_Photosmart_Printer_1 Yes Wireless
HP_Photosmart_Printer_2 No Wired
Printer No Wired
1
1
1
0
0
_ipp._tcp.local.
_airplay._tcp.local.
_universal._sub._ipp._tcp.local.
_cups._sub._ipp._tcp.local.
_printer._tcp.local.
The following is a sample output of the show mnds service detailed command:
Device >
show mdns service detailed AirPrint
Service Name..................................... AirPrint
Service Id....................................... 1
Service query status............................. Enabled
Service LSS status............................... Disabled
1716
Cisco Wireless Controller Command Reference, Release 8.4
show mdns service
Service learn origin............................. Wired
Number of Profiles............................... 2
Profile.......................................... student-profile, guest-profile
Number of Service Providers ..................... 2
Service Provider MAC-Address AP Radio MAC
---------------- ---------------------user1 laptopa
VLAN ID
-------
Type
----
TTL
60:33:4b:2b:a6:9a ----104 Wired 4500
00:21:1b:ea:36:60 3c:ce:73:1e:69:20 105 Wireless 4500
Time left
----------------
4484
4484
Number of priority MAC addresses ................ 1
Sl.No
-----
1
MAC Address
-------------------
44:03:a7:a3:04:45
AP group name
--------------
AP_floor1
The following is a sample output of the show mnds service not-learntcommand:
Device >
show mdns service not-learnt
Number of Services............................... 4
Origin VLAN
Service-string
TTL TTL left Client MAC AP-MAC
(sec) (sec)
-----------------------------------------------------------
----------------------
105 00:21:6a:76:88:04 04:da:d2:b3:11:00 Wireless 106 120
100.106.11.9.in-addr.arpa.
Wireless 106 120
102.106.11.9.in-addr.arpa.
Wireless 106 120
108.104.11.9.in-addr.arpa.
112
75
00:21:6a:78:ff:82
00:21:6a:78:ff:82
04:da:d2:b3:11:00
04:da:d2:b3:11:00
Wireless 106
_airplayit._tcp.local.
120 119 00:21:6a:78:ff:82 04:da:d2:b3:11:00
Cisco Wireless Controller Command Reference, Release 8.4
1717
show media-stream client show media-stream client
To display the details for a specific media-stream client or a set of clients, use the show media-stream client command.
show media-stream client {media-stream_name | summary}
Syntax Description
media-stream_name
summary
Name of the media-stream client of which the details is to be displayed.
Displays the details for a set of media-stream clients.
Command Default
None.
Examples
This example shows how to display a summary media-stream clients:
>
show media-stream client summary
Number of Clients................................ 1
Client Mac Stream Name Stream Type Radio WLAN QoS Status
------------------------------------------------ -------
00:1a:73:dd:b1:12 mountainview MC-direct 2.4
2 Video Admitted
Related Commands show media-stream group summary
1718
Cisco Wireless Controller Command Reference, Release 8.4
show media-stream group detail show media-stream group detail
To display the details for a specific media-stream group, use the show media-stream group detail command.
show media-stream group detail media-stream_name
Syntax Description
media-stream_name
Name of the media-stream group.
Command Default
None.
Examples
This example shows how to display media-stream group configuration details:
>
show media-stream group detail abc
Media Stream Name................................ abc
Start IP Address................................. 227.8.8.8
End IP Address................................... 227.9.9.9
RRC Parameters
Avg Packet Size(Bytes).......................... 1200
Expected Bandwidth(Kbps)........................ 300
Policy.......................................... Admit
RRC re-evaluation............................... periodic
QoS............................................. Video
Status.......................................... Multicast-direct
Usage Priority.................................. 5
Violation....................................... drop
Related Commands show media-stream group summary
Cisco Wireless Controller Command Reference, Release 8.4
1719
show media-stream group summary show media-stream group summary
To display the summary of the media stream and client information, use the show media-stream group
summary command.
show media-stream group summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
This example shows how to display a summary of the media-stream group:
(Cisco Controller) >
show media-stream group summary
Stream Name Start IP End IP Operation Status
------------- -------------- -------------- ---------------abc 227.8.8.8
227.9.9.9
Multicast-direct
Related Commands show 802.11 media-stream client show media-stream client show media-stream group detail
1720
Cisco Wireless Controller Command Reference, Release 8.4
show mesh ap show mesh ap
To display settings for mesh access points, use the show mesh ap command.
show mesh ap {summary | tree}
Syntax Description summary tree
Displays a summary of mesh access point information including the name, model, bridge virtual interface (BVI) MAC address, United States Computer Emergency
Response Team (US-CERT) MAC address, hop, and bridge group name.
Displays a summary of mesh access point information in a tree configuration, including the name, hop counter, link signal-to-noise ratio (SNR), and bridge group name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to display a summary format:
(Cisco Controller) >
show mesh ap summary
AP Name AP Model BVI MAC CERT MAC Hop Bridge Group Name
--------------------------------------------------------------------------
SB_RAP1 AIR-LAP1522AG-A-K9 00:1d:71:0e:d0:00 00:1d:71:0e:d0:00 0
SB_MAP1 AIR-LAP1522AG-A-K9 00:1d:71:0e:85:00 00:1d:71:0e:85:00 1 sbox sbox
SB_MAP2 AIR-LAP1522AG-A-K9
SB_MAP3 AIR-LAP1522AG-A-K9
00:1b:d4:a7:8b:00
00:1d:71:0d:ee:00
00:1b:d4:a7:8b:00
00:1d:71:0d:ee:00
Number of Mesh APs............................... 4
Number of RAPs................................... 1
Number of MAPs................................... 3
2
3 sbox sbox
The following example shows how to display settings in a hierarchical (tree) format:
(Cisco Controller) >
show mesh ap tree
=======================================================
|| AP Name [Hop Counter, Link SNR, Bridge Group Name] ||
=======================================================
[Sector 1]
----------
SB_RAP1[0,0,sbox]
|-SB_MAP1[1,32,sbox]
|-SB_MAP2[2,27,sbox]
|-SB_MAP3[3,30,sbox]
----------------------------------------------------
Number of Mesh APs............................... 4
Number of RAPs................................... 1
Number of MAPs................................... 3
----------------------------------------------------
Cisco Wireless Controller Command Reference, Release 8.4
1721
show mesh astools stats show mesh astools stats
To display antistranding statistics for outdoor mesh access points, use the show mesh astools stats command.
show mesh astools stats [cisco_ap]
Syntax Description
cisco_ap
(Optional) Antistranding feature statistics for a designated mesh access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to display anti-stranding statistics on all outdoor mesh access points:
(Cisco Controller) >
show mesh astools stats
Total No of Aps stranded : 0
The following example shows how to display anti-stranding statistics for access point sb_map1:
(Cisco Controller) >
show mesh astools stats sb_map1
Total No of Aps stranded : 0
1722
Cisco Wireless Controller Command Reference, Release 8.4
show mesh backhaul show mesh backhaul
To check the current backhaul information, use the show mesh backhaul command.
show mesh backhaul cisco_ap
Syntax Description
cisco_ap
Name of the access point.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to display the current backhaul:
(Cisco Controller) >
show mesh backhaul
If the current backhaul is 5 GHz, the output is as follows:
Basic Basic Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211g
Radio Role................................... DOWNLINK ACCESS
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Current Tx Power Level .................... 1
If the current backhaul is 2.4 GHz, the output is as follows:
Basic Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211a
Radio Subband................................ RADIO_SUBBAND_ALL
Radio Role................................... DOWNLINK ACCESS
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Current Tx Power Level .................... 1
Current Channel ........................... 165
Antenna Type............................... EXTERNAL_ANTENNA
External Antenna Gain (in .5 dBm units).... 0
Current Channel...................................6
Antenna Type......................................Externa_ANTENNA
External Antenna Gain (in .5 dBm units)...........0
Cisco Wireless Controller Command Reference, Release 8.4
1723
show mesh bgscan show mesh bgscan
To see the details of mesh background scan, use the show mesh bgscan command.
show mesh bgscan
Syntax Description
This command has no keywords or arguments.
Command Default
None
Command Modes
Privileged EXEC (#)
Command History
Release
8.3
Modification
This command was introduced.
Examples
Cisco Controller# show mesh bgscan
Background Scanning: enabled
Off Channel Neighbors
---------------------
Channel:165
Mac:5835.d9aa.9acf MissCnt:0 NDRespCnt:1078 HopCnt:1 AdjustedEase:4096
Flags: NEIGH BEACON
Mac:5017.ffdc.2eaf MissCnt:0 NDRespCnt:38 HopCnt:1 AdjustedEase:18648576 StickyEase:23448576
Flags: NEIGH PARENT BEACON
Channel:157
Mac:ece1.a930.bc8f MissCnt:0 NDRespCnt:5 HopCnt:1 AdjustedEase:3048576
Flags: NEIGH BEACON
Channel:161
Mac:f8c2.8883.fadf MissCnt:0 NDRespCnt:20 HopCnt:1 AdjustedEase:262144
Flags: NEIGH
Aligned Offchannel neighbors
----------------------------
Channel:165 (ON-CHANNEL)
Mac:5017.ffdc.2eaf Ease:18648576
Mac:5835.d9aa.9acf Ease:4096
Channel:157 (POTENTIAL OFFCHAN
NEL)
Mac:ece1.a930.bc8f Ease:3048576
Mac:0021.d8d6.a6cf Ease:0
Channel:161
Mac:f8c2.8883.fadf Ease:262144
1724
Cisco Wireless Controller Command Reference, Release 8.4
show mesh cac show mesh cac
To display call admission control (CAC) topology and the bandwidth used or available in a mesh network, use the show mesh cac command.
show mesh cac {summary | {bwused {voice | video} | access | callpath | rejected} cisco_ap}
Syntax Description summary bwused voice video access callpath rejected
cisco_ap
Displays the total number of voice calls and voice bandwidth used for each mesh access point.
Displays the bandwidth for a selected access point in a tree topology.
Displays the mesh topology and the voice bandwidth used or available.
Displays the mesh topology and the video bandwidth used or available.
Displays access voice calls in progress in a tree topology.
Displays the call bandwidth distributed across the mesh tree.
Displays voice calls rejected for insufficient bandwidth in a tree topology.
Mesh access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to display a summary of the call admission control settings:
(Cisco Controller) >
show mesh cac summary
AP Name Slot# Radio BW Used/Max Calls
-----------------------------------------
SB_RAP1 0 11b/g 0/23437 0
SB_MAP1
1
0
11a 0/23437
11b/g 0/23437
0
0
SB_MAP2
SB_MAP3
1
0
1
0
1
11a
11b/g
11a
11a
0/23437
0/23437
0/23437
11b/g 0/23437
0/23437
0
0
0
0
0
The following example shows how to display the mesh topology and the voice bandwidth used or available:
(Cisco Controller) >
show mesh cac bwused voice SB_MAP1
AP Name Slot# Radio BW Used/Max
-------------
SB_RAP1
-------
0
-----
11b/g
-----------
0/23437
Cisco Wireless Controller Command Reference, Release 8.4
1725
show mesh cac
| SB_MAP1
|| SB_MAP2
||| SB_MAP3
1
0
1
0
1
0
1
11a
11b/g
11a
11b/g
11a
11b/g
11a
0/23437
0/23437
0/23437
0/23437
0/23437
0/23437
0/23437
The following example shows how to display the access voice calls in progress in a tree topology:
(Cisco Controller) >
show mesh cac access 1524_Map1
AP Name Slot# Radio Calls
-------------
1524_Rap
-------
0
1
-----
11b/g
11a
-----
0
0
|
||
1524_Map1
1524_Map2
2
0
1
2
0
1
2
11a
11b/g
11a
11a
11b/g
11a
11a
0
0
0
0
0
0
0
1726
Cisco Wireless Controller Command Reference, Release 8.4
show mesh client-access show mesh client-access
To display the backhaul client access configuration setting, use the show mesh client-access command.
show mesh client-access
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to display backhaul client access configuration settings for a mesh access point:
(Cisco Controller) >
show mesh client-access
Backhaul with client access status: enabled
Backhaul with client access extended status(3 radio AP): disabled
Cisco Wireless Controller Command Reference, Release 8.4
1727
show mesh config show mesh config
To display mesh configuration settings, use the show mesh config command.
show mesh config
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to display global mesh configuration settings:
(Cisco Controller) >
show mesh config
Mesh Range....................................... 12000
Mesh Statistics update period.................... 3 minutes
Backhaul with client access status............... disabled
Backhaul with extended client access status...... disabled
Background Scanning State........................ enabled
Backhaul Amsdu State............................. disabled
Mesh Security
Security Mode................................. EAP
External-Auth................................. disabled
Use MAC Filter in External AAA server......... disabled
Force External Authentication................. disabled
Mesh Alarm Criteria
Max Hop Count................................. 4
Recommended Max Children for MAP.............. 10
Recommended Max Children for RAP.............. 20
Low Link SNR.................................. 12
High Link SNR................................. 60
Max Association Number........................ 10
Association Interval.......................... 60 minutes
Parent Change Numbers......................... 3
Parent Change Interval........................ 60 minutes
Mesh Multicast Mode.............................. In-Out
Mesh Full Sector DFS............................. enabled
Mesh Ethernet Bridging VLAN Transparent Mode..... disabled
Mesh DCA channels for serial backhaul APs........ enabled
Mesh Slot Bias................................... enabled
1728
Cisco Wireless Controller Command Reference, Release 8.4
show mesh env show mesh env
To display global or specific environment summary information for mesh networks, use the show mesh env command.
show mesh env {summary | cisco_ap}
Syntax Description summary
cisco_ap
Displays global environment summary information.
Name of access point for which environment summary information is requested.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to display global environment summary information:
(Cisco Controller) >
show mesh env summary
AP Name Temperature(C) Heater Ethernet Battery
------------------------------------------------ap1130:5f:be:90 N/A N/A DOWN N/A
AP1242:b2.31.ea
AP1131:f2.8d.92
N/A
N/A
N/A
N/A
DOWN
DOWN
N/A
N/A
AP1131:46f2.98ac
ap1500:62:39:70
N/A
-36
N/A
OFF
DOWN
UP
N/A
N/A
The following example shows how to display an environment summary for an access point:
(Cisco Controller) >
show mesh env SB_RAP1
AP Name.......................................... SB_RAP1
AP Model......................................... AIR-LAP1522AG-A-K9
AP Role.......................................... RootAP
Temperature...................................... 21 C, 69 F
Heater........................................... OFF
Backhaul......................................... GigabitEthernet0
GigabitEthernet0 Status.......................... UP
Duplex....................................... FULL
Speed........................................ 100
Rx Unicast Packets........................... 114754
Rx Non-Unicast Packets....................... 1464
Tx Unicast Packets........................... 9630
Tx Non-Unicast Packets....................... 3331
GigabitEthernet1 Status.......................... DOWN
POE Out........................................ OFF
Battery.......................................... N/A
Cisco Wireless Controller Command Reference, Release 8.4
1729
show mesh neigh show mesh neigh
To display summary or detailed information about the mesh neighbors of a mesh access point, use the show
mesh neigh command.
show mesh neigh {detail | summary} {cisco_ap | all}
Syntax Description detail summary
cisco_ap
all
Displays the channel and signal-to-noise ratio (SNR) details between the designated mesh access point and its neighbor.
Displays the mesh neighbors for a designated mesh access point.
Cisco lightweight access point name.
Displays all access points.
Note
If an AP itself is configured with the allkeyword, the allkeyword access points take precedence over the
AP that is named all.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to display a neighbor summary of an access point:
(Cisco Controller) >
show mesh neigh summary RAP1
AP Name/Radio Mac Channel Rate Link-Snr Flags State
----------------- ------- ----- -------- ---------------
00:1D:71:0F:CA:00 157 54 6 0x0 BEACON
00:1E:14:48:25:00 157
MAP1-BB00 157
24
54
1
41
0x0
0x11
BEACON
CHILD BEACON
The following example shows how to display the detailed neighbor statistics of an access point:
(Cisco Controller) >
show mesh neigh detail RAP1
AP MAC : 00:1E:BD:1A:1A:00 AP Name: HOR1522_MINE06_MAP_S_Dyke backhaul rate 54
FLAGS : 860 BEACON worstDv 255, Ant 0, channel 153, biters 0, ppiters 0
Numroutes 0, snr 0, snrUp 8, snrDown 8, linkSnr 8 adjustedEase 0, unadjustedEase 0 txParent 0, rxParent 0 poorSnr 0 lastUpdate 2483353214 (Sun Aug 4 23:51:58 1912) parentChange 0
Per antenna smoothed snr values: 0 0 0 0
Vector through 00:1E:BD:1A:1A:00
The following table lists the output flags displayed for the show mesh neigh detail command.
1730
Cisco Wireless Controller Command Reference, Release 8.4
show mesh neigh
worstDv
Ant channel biters ppiters
Numroutes snr snrUp snrDown linkSnr adjustedEase
Table 15: Output Flags for the show mesh neigh detail command
Output Flag
AP MAC
AP Name
FLAGS
Description
MAC address of a mesh neighbor for a designated mesh access point.
Name of the mesh access point.
Describes adjacency. The possible values are as follows:
• UPDATED—Recently updated neighbor.
• NEIGH—One of the top neighbors.
• EXCLUDED—Neighbor is currently excluded.
• WASEXCLUDED—Neighbor was recently removed from the exclusion list.
• PERMSNR—Permanent SNR neighbor.
• CHILD—A child neighbor.
• PARENT—A parent neighbor.
• NEEDUPDATE—Not a current neighbor and needs an update.
• BEACON—Heard a beacon from this neighbor.
• ETHER—Ethernet neighbor.
unadjustedEase
Worst distance vector through the neighbor.
Antenna on which the route was received.
Channel of the neighbor.
Number of black list timeouts left.
Number of potential parent timeouts left.
Number of distance routes.
Signal to Noise Ratio.
SNR of the link to the AP.
SNR of the link from the AP.
Calculated SNR of the link.
Ease to the root AP through this AP. It is based on the current SNR and threshold
SNR values.
Ease to the root AP through this AP after applying correct for number of hops.
Cisco Wireless Controller Command Reference, Release 8.4
1731
show mesh neigh
Output Flag
txParent rxparent poorSnr lastUpdate parentChange
Description
Packets sent to this node while it was a parent.
Packets received from this node while it was a parent.
Packets with poor SNR received from a node.
Timestamp of the last received message for this neighbor
When this node last became parent.
per antenna smoother
SNR values
SNR value is populated only for antenna 0.
1732
Cisco Wireless Controller Command Reference, Release 8.4
show mesh path show mesh path
To display the channel and signal-to-noise ratio (SNR) details for a link between a mesh access point and its neighbor, use the show mesh path command.
show mesh path cisco_ap
Syntax Description
cisco_ap
Mesh access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to display channel and SNR details for a designated link path:
(Cisco Controller) >
show mesh path mesh-45-rap1
AP Name/Radio Mac Channel Rate Link-Snr Flags State
----------------- ------- ----- -------- ---------------
MAP1-BB00
RAP1
157
157
54
54
32
37
0x0
0x0
UPDATED NEIGH PARENT BEACON
BEACON
Cisco Wireless Controller Command Reference, Release 8.4
1733
show mesh per-stats show mesh per-stats
To display the percentage of packet errors for packets transmitted by the neighbors of a specified mesh access point, use the show mesh per-stats command.
show mesh per-stats summary {cisco_ap | all}
Syntax Description summary
cisco_ap
all
Displays the packet error rate stats summary.
Name of mesh access point.
Displays all mesh access points.
Note
If an AP itself is configured with the allkeyword, the allkeyword access points take precedence over the
AP that is named all.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The packet error rate percentage equals 1, which is the number of successfully transmitted packets divided by the number of total packets transmitted.
Examples
The following example shows how to display the percentage of packet errors for packets transmitted by the neighbors to a mesh access point:
(Cisco Controller) >
show mesh per-stats summary ap_12
Neighbor MAC Address 00:0B:85:5F:FA:F0
Total Packets transmitted: 104833
Total Packets transmitted successfully: 104833
Total Packets retried for transmission: 33028
RTS Attempts: 0
RTS Success:
Neighbor MAC Address:
0
00:0B:85:80:ED:D0
Total Packets transmitted: 0
Total Packets transmitted successfully: 0
Total Packets retried for transmission: 0
Neighbor MAC Address:
Total Packets transmitted:
00:17:94:FE:C3:5F
0
Total Packets transmitted successfully: 0
Total Packets retried for transmission: 0
RTS Attempts:
RTS Success:
0
0
1734
Cisco Wireless Controller Command Reference, Release 8.4
show mesh public-safety show mesh public-safety
To display 4.8-GHz public safety settings, use the show mesh public-safety command.
show mesh public-safety
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to view 4.8-GHz public safety settings:
(Cisco Controller) >(Cisco Controller) >
show mesh public-safety
Global Public Safety status: disabled
Cisco Wireless Controller Command Reference, Release 8.4
1735
show mesh queue-stats show mesh queue-stats
To display the number of packets in a client access queue by type for a mesh access point, use the show mesh
queue-stats command.
show mesh queue-stats {cisco_ap | all}
Note
If an AP itself is configured with the allkeyword, the allkeyword access points take precedence over the
AP that is named all.
Syntax Description
cisco_ap
all
Name of access point for which you want packet queue statistics.
Displays all access points.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to display packet queue statistics for access point ap417:
(Cisco Controller) >
show mesh queue-stats ap417
Queue Type Overflows Peak length Average length
---------- --------- ----------- --------------
Silver 0 1 0.000
Gold 0
Platinum 0
Bronze 0
Management 0
4
4
0
0
0.004
0.001
0.000
0.000
1736
Cisco Wireless Controller Command Reference, Release 8.4
show mesh security-stats show mesh security-stats
To display packet error statistics for a specific access point, use the show mesh security-stats command.
show mesh security-stats {cisco_ap | all}
Syntax Description
cisco_ap
all
Name of access point for which you want packet error statistics.
Displays all access points.
Note
If an AP itself is configured with the all keyword, the all keyword access points take precedence over the
AP that is named all.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
This command shows packet error statistics and a count of failures, timeouts, and successes with respect to associations and authentications as well as reassociations and reauthentications for the specified access point and its child.
Examples
The following example shows how to view packet error statistics for access point ap417:
(Cisco Controller) >
show mesh security-stats ap417
AP MAC : 00:0B:85:5F:FA:F0
Packet/Error Statistics:
----------------------------x Packets 14, Rx Packets 19, Rx Error Packets 0
Parent-Side Statistics:
--------------------------
Unknown Association Requests 0
Invalid Association Requests 0
Unknown Re-Authentication Requests 0
Invalid Re-Authentication Requests 0
Unknown Re-Association Requests 0
Invalid Re-Association Requests 0
Child-Side Statistics:
--------------------------
Association Failures 0
Association Timeouts 0
Association Successes 0
Authentication Failures 0
Authentication Timeouts 0
Authentication Successes 0
Cisco Wireless Controller Command Reference, Release 8.4
1737
show mesh security-stats
Re-Association Failures 0
Re-Association Timeouts 0
Re-Association Successes 0
Re-Authentication Failures 0
Re-Authentication Timeouts 0
Re-Authentication Successes 0
1738
Cisco Wireless Controller Command Reference, Release 8.4
show mesh stats show mesh stats
To display the mesh statistics for an access point, use the show mesh stats command.
show mesh stats cisco_ap
Syntax Description
cisco_ap
Access point name.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to display statistics of an access point:
(Cisco Controller) >
show mesh stats RAP_AP1
RAP in state Maint rxNeighReq 759978, rxNeighRsp 568673 txNeighReq 115433, txNeighRsp 759978 rxNeighUpd 8266447 txNeighUpd 693062 tnextchan 0, nextant 0, downAnt 0, downChan 0, curAnts 0 tnextNeigh 0, malformedNeighPackets 244, poorNeighSnr 27901 blacklistPackets 0, insufficientMemory 0 authenticationFailures 0
Parent Changes 1, Neighbor Timeouts 16625
Cisco Wireless Controller Command Reference, Release 8.4
1739
show mgmtuser show mgmtuser
To display the local management user accounts on the Cisco wireless LAN controller, use the show mgmtuser command.
show mgmtuser
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display a list of management users:
>
show mgmtuser
User Name Permissions Description
----------------------------------------------admin read-write
Related Commands config mgmtuser add config mgmtuser delete config mgmtuser description config mgmtuser password
Password Strength
------------------
Weak
1740
Cisco Wireless Controller Command Reference, Release 8.4
show mobility anchor show mobility anchor
To display the wireless LAN anchor export list for the Cisco wireless LAN controller mobility groups or to display a list and status of controllers configured as mobility anchors for a specific WLAN or wired guest
LAN, use the show mobility anchor command.
show mobility anchor [wlan wlan_id | guest-lan guest_lan_id]
Syntax Description wlan
wlan_id
guest-lan
guest_lan_id
(Optional) Displays wireless LAN mobility group settings.
Wireless LAN identifier from 1 to 512 (inclusive).
(Optional) Displays guest LAN mobility group settings.
Guest LAN identifier from 1 to 5 (inclusive).
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
The status field display (see example) shows one of the following values:
• UP—The controller is reachable and able to pass data.
• CNTRL_PATH_DOWN—The mpings failed. The controller cannot be reached through the control path and is considered failed.
• DATA_PATH_DOWN—The epings failed. The controller cannot be reached and is considered failed.
• CNTRL_DATA_PATH_DOWN—Both the mpings and epings failed. The controller cannot be reached and is considered failed.
Examples
The following example shows how to display a mobility wireless LAN anchor list:
(Cisco Controller) >
show mobility anchor
Mobility Anchor Export List
WLAN ID IP Address
-------
12
---------------
192.168.0.15
Status
------
UP
GLAN ID
-------
1
IP Address
---------------
192.168.0.9
Status
-------
CNTRL_DATA_PATH_DOWN
Cisco Wireless Controller Command Reference, Release 8.4
1741
show mobility ap-list show mobility ap-list
To display the mobility AP list, use the show mobility ap-list command.
show mobility ap-list
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the mobility AP list:
Note
The AP name is displayed only with New Mobility. With Old Mobility, the AP name is displayed as
Unknown
.
(Cisco Controller) >
show mobility ap-list
AP Name AP Radio MAC address Controller
---------------------------------------------------------------
AP30e4.dbc5.38ab
b8:62:1f:e5:33:10 9.7.104.10
Learnt From
----------------
Self
1742
Cisco Wireless Controller Command Reference, Release 8.4
show mobility foreign-map show mobility foreign-map
To display a mobility wireless LAN foreign map list, use the show mobility foreign-map command.
show mobility foreign-map wlan wlan_id
Syntax Description wlan
wlan_id
Displays the mobility WLAN foreign-map list.
Wireless LAN identifier between 1 and 512.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to get a mobility wireless LAN foreign map list:
(Cisco Controller) >
show mobility foreign-map wlan 2
Mobility Foreign Map List
WLAN ID
-------
2
Foreign MAC Address
-------------------
00:1b:d4:6b:87:20
Interface
--------dynamic-105
Cisco Wireless Controller Command Reference, Release 8.4
1743
show mobility group member show mobility group member
To display the details of the mobility group members in the same domain, use the show mobility group
member command.
show mobility group member hash
Syntax Description hash
Displays the hash keys of the mobility group members in the same domain.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the hash keys of the mobility group members:
(Cisco Controller) >
show mobility group member hash
Default Mobility Domain.......................... new-mob
IP Address Hash Key
---------------------------------------------------------
9.2.115.68
9.6.99.10
a819d479dcfeb3e0974421b6e8335582263d9169
0974421b6e8335582263d9169a819d479dcfeb3e
9.7.7.7
feb3e0974421b6e8335582263d9169a819d479dc
1744
Cisco Wireless Controller Command Reference, Release 8.4
show mobility oracle show mobility oracle
To display the status of the mobility controllers known to the Mobility Oracle (MO) or display the details of the MO client database, use the show mobility oracle command.
show mobility oracle {client {detail | summary} | summary}
Syntax Description client detail summary
Displays the MO client database.
Displays details pertaining to a client in MO client database.
Displays the summary of the MO database.
Command Default
None
Command History
Release
7.3.112.0
Examples
Modification
This command was introduced.
The following is a sample output of the show mobility oracle summary command:
(Cisco Controller) >
show mobility oracle summary
Number of MCs.................................... 2
IP Address MAC Address Link Status Client Count
-----------------------------------------------------------
9.71.104.10
9.71.104.250
88:43:e1:7d:fe:00 e8:b7:48:a2:16:e0
Control Path Down
Up
0
2
The following is a sample output of the show mobility oracle client summary command:
(Cisco Controller) >
show mobility oracle client summary
Number of Clients................................ 2
MAC Address Anchor MC Foreign MC AssocTime
----------------- --------------------- ----------------- --------------
00:18:de:b0:5c:91 9.72.104.250
00:1e:e5:f9:c9:e2 9.72.104.250
-
-
0
0
The following is a sample output of the show mobility oracle client detail command:
(Cisco Controller) >
show mobility oracle client detail 00:1e:e5:f9:c9:e2
Client MAC Address : ............................ 00:1e:e5:f9:c9:e2
Client IP address : ............................. 0.0.0.0
Anchor MC IP address : .......................... 9.71.104.250
Anchor MC NAT IP address : ...................... 9.71.104.250
Foreign MC IP address : ......................... -
Cisco Wireless Controller Command Reference, Release 8.4
1745
show mobility oracle
Foreign MC NAT IP address : ..................... -
Client Association Time : ....................... 0
Client Entry update timestamp : ................. 1278543135.0
1746
Cisco Wireless Controller Command Reference, Release 8.4
show mobility statistics show mobility statistics
To display the statistics information for the Cisco wireless LAN controller mobility groups, use the show
mobility statistics command.
show mobility statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display statistics of the mobility manager:
(Cisco Controller) >
show mobility statistics
Global Mobility Statistics
Rx Errors..................................... 0
Tx Errors..................................... 0
Responses Retransmitted....................... 0
Handoff Requests Received..................... 0
Handoff End Requests Received................. 0
State Transitions Disallowed.................. 0
Resource Unavailable.......................... 0
Mobility Initiator Statistics
Handoff Requests Sent......................... 0
Handoff Replies Received...................... 0
Handoff as Local Received..................... 2
Handoff as Foreign Received................... 0
Handoff Denys Received........................ 0
Anchor Request Sent........................... 0
Anchor Deny Received.......................... 0
Anchor Grant Received......................... 0
Anchor Transfer Received...................... 0
Mobility Responder Statistics
Handoff Requests Ignored...................... 0
Ping Pong Handoff Requests Dropped............ 0
Handoff Requests Dropped...................... 0
Handoff Requests Denied....................... 0
Client Handoff as Local....................... 0
Client Handoff as Foreign ................... 0
Client Handoff Inter Group ................... 0
Anchor Requests Received...................... 0
Anchor Requests Denied........................ 0
Anchor Requests Granted....................... 0
Anchor Transferred............................ 0
Cisco Wireless Controller Command Reference, Release 8.4
1747
show mobility summary show mobility summary
To display the summary information for the Cisco WLC mobility groups, use the show mobility summary command.
show mobility summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Some WLAN controllers may list no mobility security mode.
Examples
The following is a sample output of the show mobility summary command.
(Cisco Controller) >
show mobility summary
Symmetric Mobility Tunneling (current) .......... Disabled
Symmetric Mobility Tunneling (after reboot) ..... Disabled
Mobility Protocol Port........................... 16666
Mobility Security Mode........................... Disabled
Default Mobility Domain.......................... snmp_gui
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x66bd
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 1
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name
00:1b:d4:6b:87:20 1.100.163.70
snmp_gui
Multicast IP
0.0.0.0
Status
Up
The following is a sample output of the show mobility summary command with new mobility architecture.
(Cisco Controller) >
show mobility summary
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... Mobility
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0xb348
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 3
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
IP Address Public IP Address Group Name
Status
9.71.106.2
9.72.106.2
Data Path Down
Mobility
Multicast IP
0.0.0.0
MAC Address
00:00:00:00:00:00 Control and
1748
Cisco Wireless Controller Command Reference, Release 8.4
show mobility summary
9.71.106.3
9.72.106.3
Data Path Down
9.71.106.69 9.72.106.69
Mobility
Mobility
0.0.0.0
0.0.0.0
00:00:00:00:00:00 Control and
68:ef:bd:8e:5f:20 Up
Cisco Wireless Controller Command Reference, Release 8.4
1749
show msglog show msglog
To display the message logs written to the Cisco WLC database, use the show msglog command.
show msglog
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
If there are more that 15 entries, you are prompted to display the messages shown in the example.
Examples
The following example shows how to display message logs:
(Cisco Controller) >
show msglog
Message Log Severity Level..................... ERROR
Thu Aug 4 14:30:08 2005 [ERROR] spam_lrad.c 1540: AP 00:0b:85:18:b6:50 associated. Last
AP failure was due to Link Failure
Thu Aug 4 14:30:08 2005 [ERROR] spam_lrad.c 13840: Updating IP info for AP 00:
0b:85:18:b6:50 -- static 0, 1.100.49.240/255.255.255.0, gtw 1.100.49.1
Thu Aug 4 14:29:32 2005 [ERROR] dhcpd.c 78: dhcp server: binding to 0.0.0.0
Thu Aug 4 14:29:32 2005 [ERROR] rrmgroup.c 733: Airewave Director: 802.11a switch group reset
Thu Aug 4 14:29:32 2005 [ERROR] rrmgroup.c 733: Airewave Director: 802.11bg sw itch group reset
Thu Aug 4 14:29:22 2005 [ERROR] sim.c 2841: Unable to get link state for primary port 0 of interface ap-manager
Thu Aug 4 14:29:22 2005 [ERROR] dtl_l2_dot1q.c 767: Unable to get USP
Thu Aug 4 14:29:22 2005 Previous message occurred 2 times
Thu Aug 4 14:29:14 2005 [CRITICAL] osapi_sem.c 794: Error!
osapiMutexTake called with
NULL pointer: osapi_bsntime.c:927
Thu Aug 4 14:29:14 2005 [CRITICAL] osapi_sem.c 794: Error!
osapiMutexTake called with
NULL pointer: osapi_bsntime.c:919
Thu Aug 4 14:29:14 2005 [CRITICAL] hwutils.c 1861: Security Module not found
Thu Aug 4 14:29:13 2005 [CRITICAL] bootos.c 791: Starting code...
1750
Cisco Wireless Controller Command Reference, Release 8.4
show nac statistics show nac statistics
To display detailed Network Access Control (NAC) information about a Cisco wireless LAN controller, use the show nac statistics command.
show nac statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display detailed statistics of network access control settings:
(Cisco Controller) >
show nac statistics
Server Index....................................................... 1
Server Address.....................................................
xxx.xxx.xxx.xxx
Number of requests sent............................................ 0
Number of retransmissions.......................................... 0
Number of requests received........................................ 0
Number of malformed requests received.............................. 0
Number of bad auth requests received............................... 0
Number of pending requests......................................... 0
Number of timed out requests....................................... 0
Number of misc dropped request received............................ 0
Number of requests sent............................................ 0
Related Commands show nac summary config guest-lan nac config wlan nac debug nac
Cisco Wireless Controller Command Reference, Release 8.4
1751
show nac summary show nac summary
To display NAC summary information for a Cisco wireless LAN controller, use the show nac summary command.
show nac summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a summary information of network access control settings:
(Cisco Controller) >
show nac summary
NAC ACL Name ...............................................
Index Server Address Port
-----------------------------------------------
1 xxx.xxx.xxx.xxx
13336
State
-----
Enabled
Related Commands show nac statistics config guest-lan nac config wlan nac debug nac
1752
Cisco Wireless Controller Command Reference, Release 8.4
show network show network
To display the current status of 802.3 bridging for all WLANs, use the show network command.
show network
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the network details:
(Cisco Controller) >
show network
Related Commands config network show network summary show network multicast mgid detail show network multicast mgid summary
Cisco Wireless Controller Command Reference, Release 8.4
1753
show network summary show network summary
To display the network configuration of the Cisco wireless LAN controller, use the show network summary command.
show network summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display a summary configuration:
(Cisco Controller) >
show network summary
RF-Network Name............................. RF
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Enable
Ethernet Multicast Mode..................... Disable Mode: Ucast
Ethernet Broadcast Mode..................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
MLD snooping................................ Disabled
MLD timeout................................. 60 seconds
MLD query interval.......................... 20 seconds
User Idle Timeout........................... 300 seconds
AP Join Priority............................ Disable
ARP Idle Timeout............................ 300 seconds
ARP Unicast Mode............................ Disabled
Cisco AP Default Master..................... Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Over The Air Provisioning of AP's........... Enable
Apple Talk ................................. Disable
Mesh Full Sector DFS........................ Enable
AP Fallback ................................ Disable
Web Auth CMCC Support ...................... Disabled
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Web Auth Captive-Bypass .................. Disable
Web Auth Secure Web ....................... Enable
Fast SSID Change ........................... Disabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
CCX-lite status ............................ Disable oeap-600 dual-rlan-ports ................... Disable oeap-600 local-network ..................... Enable mDNS snooping............................... Disabled mDNS Query Interval......................... 15 minutes
1754
Cisco Wireless Controller Command Reference, Release 8.4
Web Color Theme............................. Default
CAPWAP Prefer Mode.......................... IPv4
show network summary
Cisco Wireless Controller Command Reference, Release 8.4
1755
show netuser show netuser
To display the configuration of a particular user in the local user database, use the show netuser command.
show netuser {detail user_name | guest-roles | summary}
Syntax Description detail
user_name
guest_roles summary
Displays detailed information about the specified network user.
Network user.
Displays configured roles for guest users.
Displays a summary of all users in the local user database.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show netuser summary command:
(Cisco Controller) >
show netuser summary
Maximum logins allowed for a given username ........Unlimited
The following is a sample output of the show netuser detail command:
(Cisco Controller) >
show netuser detail john10
username........................................... abc
WLAN Id............................................. Any
Lifetime............................................ Permanent
Description......................................... test user
Related Commands config netuser add config netuser delete config netuser description config netuser guest-role apply config netuser wlan-id config netuser guest-roles
1756
Cisco Wireless Controller Command Reference, Release 8.4
show netuser guest-roles show netuser guest-roles
To display a list of the current quality of service (QoS) roles and their bandwidth parameters, use the show
netuser guest-roles command.
show netuser guest-roles
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
This example shows how to display a QoS role for the guest network user:
(Cisco Controller) >
show netuser guest-roles
Role Name.............................. Contractor
Average Data Rate.................. 10
Burst Data Rate.................... 10
Average Realtime Rate.............. 100
Burst Realtime Rate................ 100
Role Name.............................. Vendor
Average Data Rate.................. unconfigured
Burst Data Rate.................... unconfigured
Average Realtime Rate.............. unconfigured
Burst Realtime Rate................ unconfigured
Related Commands config netuser add config netuser delete config netuser description config netuser guest-role apply config netuser wlan-id show netuser guest-roles show netuser
Cisco Wireless Controller Command Reference, Release 8.4
1757
show network multicast mgid detail show network multicast mgid detail
To display all the clients joined to the multicast group in a specific multicast group identification (MGID), use the show network multicast mgid detail command.
show network multicast mgid detail mgid_value
Syntax Description
mgid_value
Number between 550 and 4095.
Command Default
None.
Examples
This example shows how to display details of the multicast database:
>
show network multicast mgid detail
Mgid ............................... 550
Multicast Group Address ............ 239.255.255.250
Vlan ............................... 0
Rx Packet Count .................... 807399588
No of clients ...................... 1
Client List ........................
Client MAC Expire TIme (mm:ss)
00:13:02:23:82:ad 0:20
Related Commands show network summary show network multicast mgid detail show network
1758
Cisco Wireless Controller Command Reference, Release 8.4
show network multicast mgid summary show network multicast mgid summary
To display all the multicast groups and their corresponding multicast group identifications (MGIDs), use the
show network multicast mgid summary command.
show network multicast mgid summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display a summary of multicast groups and their MGIDs:
>
show network multicast mgid summary
Layer2 MGID Mapping:
-------------------
InterfaceName vlanId MGID
----------------------------- ----------
0 0 management test wired
0
20
Layer3 MGID Mapping:
9
8
-------------------
Number of Layer3 MGIDs ................ 1
Group address Vlan MGID
---------------------------
239.255.255.250
0 550
Related Commands show network summary show network multicast mgid detail show network
Cisco Wireless Controller Command Reference, Release 8.4
1759
show network summary show network summary
To display the network configuration settings, use the show network summary command.
show network summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command updated to display the IPv6 multicast details in the network summary.
Examples
The following example displays the output of the show ipv6 summary command:
(Cisco Controller) >
show network summary
RF-Network Name............................. johnny
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Enable
Ethernet Multicast Forwarding............... Enable
Ethernet Broadcast Forwarding............... Enable
IPv4 AP Multicast/Broadcast Mode............ Multicast Address : 239.9.9.9
IPv6 AP Multicast/Broadcast Mode............ Multicast Address : ff1e::6:9
IGMP snooping............................... Enabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
MLD snooping................................ Enabled
MLD timeout................................. 60 seconds
MLD query interval.......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Disable
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Enable
Mgmt Via Dynamic Interface.................. Enable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
AP Fallback ................................ Enable
Web Auth CMCC Support ...................... Disabled
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Web Auth Captive-Bypass .................. Disable
Web Auth Secure Web ....................... Enable
Fast SSID Change ........................... Disabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
1760
Cisco Wireless Controller Command Reference, Release 8.4
Link Local Bridging Status ................. Disabled
CCX-lite status ............................ Disable oeap-600 dual-rlan-ports ................... Disable oeap-600 local-network ..................... Enable oeap-600 Split Tunneling (Printers)......... Disable
WebPortal Online Client .................... 0
WebPortal NTF_LOGOUT Client ................ 0 mDNS snooping............................... Disabled mDNS Query Interval......................... 15 minutes
Web Color Theme............................. Default
L3 Prefer Mode.............................. IPv4 show network summary
Cisco Wireless Controller Command Reference, Release 8.4
1761
show nmsp notify-interval summary show nmsp notify-interval summary
To display the Network Mobility Services Protocol (NMSP) configuration settings, use the show nmsp
notify-interval summary command.
show nmsp notify-interval summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display NMSP configuration settings:
>
show nmsp notify-interval summary
NMSP Notification Interval Summary
Client
Measurement interval: 2 sec
RFID
Measurement interval:
Rogue AP
Measurement interval:
Rogue Client
Measurement interval:
8 sec
2 sec
2 sec
Related Commands clear locp statistics clear nmsp statistics config nmsp notify-interval measurement show nmsp statistics show nmsp status
1762
Cisco Wireless Controller Command Reference, Release 8.4
show nmsp status
To view the active NMSP connections status, use the show nmsp statuscommand.
show nmsp status
This command has no arguments or keywords.
Command Default
None
Command History
Release
8.3
Modification
This command was introduced.
Examples
This example shows the active nmsp connections status:
(Cisco Controller) >
show nmsp status show nmsp status
Cisco Wireless Controller Command Reference, Release 8.4
1763
show nmsp statistics show nmsp statistics
To display Network Mobility Services Protocol (NMSP) counters, use the show nmsp statistics command.
show nmsp statistics {summary | connection all}
Syntax Description summary connection all
Displays common NMSP counters.
Displays all connection-specific counters.
Command Default
None.
Examples
This example shows how to display a summary of common NMSP counters:
>
show nmsp statistics summary
Send RSSI with no entry:
Send too big msg:
Failed SSL write:
Partial SSL write:
SSL write attempts to want write:
Transmit Q full:0
Max Measure Notify Msg:
Max Info Notify Msg:
Max Tx Q Size:
Max Rx Size:
Max Info Notify Q Size:
Max Client Info Notify Delay:
Max Rogue AP Info Notify Delay:
Max Rogue Client Info Notify Delay:
Max Client Measure Notify Delay:
Max Tag Measure Notify Delay:
Max Rogue AP Measure Notify Delay:
Max Rogue Client Measure Notify Delay: 0
Max Client Stats Notify Delay: 0
Max Tag Stats Notify Delay:
RFID Measurement Periodic :
RFID Measurement Immediate :
Reconnect Before Conn Timeout:
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
1
0
0
0
This example shows how to display all the connection-specific NMSP counters:
>
show nmsp statistics connection all
NMSP Connection Counters
Connection 1 :
Connection status: UP
Freed Connection: 0
Nmsp Subscr Req:
Info Req:
0
1
NMSP Subscr Resp:
Info Resp:
0
1
Measure Req:
Stats Req:
Info Notify:
Loc Capability:
Location Req:
Loc Subscr Req:
Loc Notif:
Loc Unsubscr Req:
IDS Get Req:
2
2
0
2
0
0
0
0
0
Measure Resp:
Stats Resp:
Measure Notify:
Location Rsp:
Loc Subscr Rsp:
Loc Unsubscr Rsp:
IDS Get Resp:
2
2
0
0
0
0
0
1764
Cisco Wireless Controller Command Reference, Release 8.4
IDS Notif:
IDS Set Req:
0
0 IDS Set Resp:
Related Commands show nmsp notify-interval summary clear nmsp statistics config nmsp notify-interval measurement show nmsp status
0
show nmsp statistics
Cisco Wireless Controller Command Reference, Release 8.4
1765
show nmsp subscription show nmsp subscription
To display the Network Mobility Services Protocol (NMSP) services that are active on the controller, use the
show nmsp subscription command.
show nmsp subscription {summary | detail ip-addr}
Syntax Description summary detail
ip-addr
Displays all of the NMSP services to which the controller is subscribed.
Displays details for all of the NMSP services to which the controller is subscribed.
Details only for the NMSP services subscribed to by a specific IPv4 or IPv6 address.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Examples
This example shows how to display a summary of all the NMSP services to which the controller is subscribed:
>
show nmsp subscription summary
Mobility Services Subscribed:
Server IP
---------
10.10.10.31
Services
--------
RSSI, Info, Statistics
This example shows how to display details of all the NMSP services:
>
show nmsp subscription detail 10.10.10.31
Mobility Services Subscribed by 10.10.10.31
Services
--------
Sub-services
------------
RSSI
Info
Statistics
Mobile Station, Tags,
Mobile Station,
Mobile Station, Tags,
>
show nmsp subscription detail 2001:9:6:40::623
Mobility Services Subscribed by 2001:9:6:40::623
Services
--------
RSSI
Info
Statistics
Sub-services
------------
Mobile Station, Tags,
Mobile Station,
Mobile Station, Tags,
1766
Cisco Wireless Controller Command Reference, Release 8.4
show nmsp subscription summary show nmsp subscription summary
To view the mobility services subscribed on controller by Mobility Services Engine, use the show nmsp
subscription summary command.
show nmsp subscription summary
This command has no arguments or keywords.
Command Default
None
Command History
Release
8.3
Modification
This command was introduced.
Examples
This example shows the subscribed mobility services on controller:
(Cisco Controller) >
show nmsp subscription summary
Cisco Wireless Controller Command Reference, Release 8.4
1767
show ntp-keys show ntp-keys
To display network time protocol authentication key details, use the show ntp-keys command.
show ntp-keys
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
This example shows how to display NTP authentication key details:
(Cisco Controller) >
show ntp-keys
Ntp Authentication Key Details...................
Key Index
-----------
1
3
Related Commands config time ntp
1768
Cisco Wireless Controller Command Reference, Release 8.4
show ntp-keys show ntp-keys
To display network time protocol authentication key details, use the show ntp-keys command.
show ntp-keys
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
This example shows how to display NTP authentication key details:
(Cisco Controller) >
show ntp-keys
Ntp Authentication Key Details...................
Key Index
-----------
1
3
Related Commands config time ntp
Cisco Wireless Controller Command Reference, Release 8.4
1769
show opendns summary show opendns summary
To display OpenDNS configuration details, use the show opendns summary command.
show opendns summary
Syntax Description
This command has no keywords or arguments.
Command Default
None
Command History
Release
8.4
Examples
Modification
This command was introduced.
The following example shows how to view an OpenDNS configuration:
(Cisco Controller) >
show opendns summary
OpenDnsGlobalStatus.............................. Enabled
OpenDns-ApiToken................................. 12
Profile-Name
============ guest1
Device ID
==============
010a8501693bf162
State
=============
Profile Registered
Profiles Mapped to WLANIDs
=========================
Profile Name
---------------guest1
WLAN IDs (Mapped)
-----------------
7
Profiles Mapped to APGroup WLAN-IDs
===============================
Profile Name
---------------guest1
Site Name / WLAN IDs (Mapped)
------------------
NONE
Profiles Mapped to Local Policies
--More-- or (q)uit
=========================
Profile Name
---------------guest1 NONE
Local Policies (Mapped)
-----------------
1770
Cisco Wireless Controller Command Reference, Release 8.4
show policy show policy
To display the summary of the configured policies, and the details and statistics of a policy, use the show
policy command.
show policy {summary | policy-name [statistics]}
Syntax Description summary
policy-name
statistics
Displays the summary of configured policies.
Name of the policy.
(Optional) Displays the statistics of a policy.
Command Default
None
Command History
Release
7.5
Examples
Modification
This command was introduced.
The following is a sample output of the show policy summary command:
(Cisco Controller) >
show policy summary
Number of Policies............................. 2
Policy Index Policy Name
------------ ----------------
1 student-FullAccess
2 teacher-FullAccess
The following example shows how to display the details of a policy:
(Cisco Controller) >
show policy student-FullAccess
Policy Index..................................... 1
Match Role....................................... <none>
Match Eap Type................................... EAP-TLS
ACL.............................................. <none>
QOS.............................................. <none>
Average Data Rate................................ 0
Average Real Time Rate........................... 0
Burst Data Rate.................................. 0
Burst Real Time Rate............................. 0
Vlan Id.......................................... 155
Session Timeout.................................. 1800
Sleeping client timeout.......................... 12
Active Hours
------------
Start Time End Time Day
Cisco Wireless Controller Command Reference, Release 8.4
1771
show policy
-------------------
Match Device Types
------------------
Android
The following example shows how to display the statistics of a policy:
(Cisco Controller) >
show policy student-FullAccess statistics
Policy Index..................................... student-FullAccess
Matching Attributes None......................... 619
No Policy Match.................................. 224
Device Type Match................................ 0
EAP Type Match................................... 0
Role Type Match.................................. 0
Client Disconnected.............................. 4
Acl Applied...................................... 0
Vlan changed..................................... 614
Session Timeout Applied.......................... 4
QoS Applied...................................... 0
Avg Data Rate Applied............................ 0
Avg Real Time Rate Applied....................... 0
Burst Data Rate Applied.......................... 0
Burst Real Time Rate Applied..................... 0
Sleeping-Client-Timeout Applied.................. 0
1772
Cisco Wireless Controller Command Reference, Release 8.4
show port show port
To display the Cisco wireless LAN controller port settings on an individual or global basis, use the show port command.
show port {port | summary}
Syntax Description
port
summary
Information on the individual ports.
Displays all ports.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display information about an individual wireless LAN controller port:
(Cisco Controller) >
show port 1
Pr Type
STP
Stat
Admin
Mode
Physical
Mode
Physical Link Link Mcast
Status Status Trap Appliance POE
-- ------- ---- ------- ---------- ---------- ------ ------- ---------
-------
1 Normal Disa Enable Auto 1000 Full Down Enable Enable N/A
Note
Some WLAN controllers may not have multicast or Power over Ethernet (PoE) listed because they do not support those features.
The following example shows how to display a summary of all ports:
(Cisco Controller) >
show port summary
STP Admin Physical Physical Link Link Mcast
Pr Type Stat Mode
SFPType
1 Normal
NotPresent
Forw Enable
Mode
Auto
Status Status Trap Appliance POE
-- ------- ---- ------- ---------- ---------- ------ ------- ---------
-------------
1000 Full Up Enable Enable N/A
2 Normal Disa Enable Auto
NotPresent
1000 Full Down Enable Enable N/A
3 Normal Disa Enable Auto 1000 Full Down Enable Enable N/A
Cisco Wireless Controller Command Reference, Release 8.4
1773
show port
NotPresent
4 Normal Disa Enable Auto
NotPresent
1000 Full Down Enable Enable
Note
Some WLAN controllers may have only one port listed because they have only one physical port.
N/A
1774
Cisco Wireless Controller Command Reference, Release 8.4
show profiling policy summary show profiling policy summary
To display local device classification of the Cisco Wireless LAN Controller (WLC), use the show profiling
policy summary command.
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.5
Modification
This command was introduced.
Examples
The following is a sample output of the show profiling policy summary command:
(Cisco Controller) >
show profiling policy summary
Number of Builtin Classification Profiles: 88
ID Name Parent Min CM Valid
==== ================================================ ====== ====== =====
0 Android
1 Apple-Device
None
None
30
10
Yes
Yes
2 Apple-MacBook
3 Apple-iPad
4 Apple-iPhone
5 Apple-iPod
1
1
1
1
20
20
20
20
Yes
Yes
Yes
Yes
6 Aruba-Device
7 Avaya-Device
8 Avaya-IP-Phone
9 BlackBerry
10 Brother-Device
11 Canon-Device
12 Cisco-Device
13 Cisco-IP-Phone
14 Cisco-IP-Phone-7945G
None
None
7
None
None
None
None
12
13
10 Yes
10 Yes
20 Yes
20 Yes
10 Yes
10 Yes
10 Yes
20 Yes
70 Yes
Cisco Wireless Controller Command Reference, Release 8.4
1775
show profiling policy summary
15 Cisco-IP-Phone-7975
16 Cisco-IP-Phone-9971
17 Cisco-DMP
18 Cisco-DMP-4400
19 Cisco-DMP-4310
20 Cisco-DMP-4305
21 DLink-Device
22 Enterasys-Device
23 HP-Device
24 HP-JetDirect-Printer
25 Lexmark-Device
26 Lexmark-Printer-E260dn
27 Microsoft-Device
28 Netgear-Device
29 NintendoWII
30 Nortel-Device
31 Nortel-IP-Phone-2000-Series
32 SonyPS3
33 XBOX360
34 Xerox-Device
35 Xerox-Printer-Phaser3250
36 Aruba-AP
37 Cisco-Access-Point
38 Cisco-IP-Conference-Station-7935
39 Cisco-IP-Conference-Station-7936
40 Cisco-IP-Conference-Station-7937
10 Yes
10 Yes
20 Yes
10 Yes
20 Yes
10 Yes
30 Yes
20 Yes
10 Yes
70 Yes
70 Yes
70 Yes
70 Yes
70 Yes
20 Yes
70 Yes
70 Yes
70 Yes
10 Yes
10 Yes
10 Yes
30 Yes
10 Yes
30 Yes
10 Yes
10 Yes
None
None
30
None
27
None
34
6
12
13
13
13
None
None
None
23
None
25
None
None
13
13
12
17
17
17
1776
Cisco Wireless Controller Command Reference, Release 8.4
show qos
To display quality of service (QoS) information, use the show qos command.
show qos {bronze | gold | platinum | silver}
Syntax Description bronze gold platinum silver
Displays QoS information for the bronze profile of the WLAN.
Displays QoS information for the gold profile of the WLAN.
Displays QoS information for the platinum profile of the WLAN.
Displays QoS information for the silver profile of the WLAN.
Command Default
None.
Examples
This example shows how to display QoS information for the gold profile:
>
show qos gold
Description...................................... For Video Applications
Maximum Priority................................. video
Unicast Default Priority......................... video
Multicast Default Priority....................... video
Per-SSID Rate Limits............................. UpstreamDownstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... UpstreamDownstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0 protocol......................................... none
802.11a Customized EDCA Settings: ecwmin....................................... 3 ecwmax....................................... 4 aifs......................................... 7 txop......................................... 94
802.11a Customized packet parameter Settings:
Packet retry time............................ 3
Not retrying threshold....................... 100
Disassociating threshold..................... 500
Time out value............................... 35
Related Commands config qos protocol-type show qos
Cisco Wireless Controller Command Reference, Release 8.4
1777
show qos qosmap show qos qosmap
To see the current QoS map configuration, use the show qos command.
show qos qosmap
Syntax Description qosmap
Displays the current QoS map
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows the current QoS map configuration:
show qos qosmap
1778
Cisco Wireless Controller Command Reference, Release 8.4
show queue-info show queue-info
To display all the message queue information pertaining to the system, use the show queue-info command.
show queue-info
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.5
Modification
This command was introduced.
Examples
The following is a sample output of the show queue-info command.
(Cisco Controller) >
show queue-info
Total message queue count = 123
Queue Name Allocated InUse MaxUsed
---------------------------------------------------------------
PRINTF-Q dtlqueue
256
4096
0
0
0
6
GRE Queue dtlarpqueue
NIM-Q
SIM-Q
DHCP Client Queue
100
4096
116
116
8
0
0
0
0
0
1
6
1
6
0 dhcpv6ProxyMsgQueue
FDQ-Q dot1d_Queue
Garp-Q dot3ad_queue
DEBUG-Q
LOGGER-Q
TS-Q
250
30300
512
256
1024
8192
8192
256
0
0
0
0
0
0
0
0
0
3
29
1
0
8
5
0
The following table describes the significant fields shown in the display.
Table 16: show queue-info Field Descriptions
Field
Queue Name
Allocated
Description
Name of the task message queue.
Memory size, in bytes, of the message queue.
Cisco Wireless Controller Command Reference, Release 8.4
1779
show queue-info
Field
InUse
MaxUsed
Description
Queue that is currently used. A value of 0 indicates that there are no messages that have to be processed by the task.
Maximum number of messages processed by the task after the controller is up.
1780
Cisco Wireless Controller Command Reference, Release 8.4
show pmk-cache show pmk-cache
To display information about the pairwise master key (PMK) cache, use the show pmk-cache command.
show pmk-cache {all | MAC}
Syntax Description all
MAC
Displays information about all entries in the PMK cache.
Information about a single entry in the PMK cache.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to display information about a single entry in the PMK cache:
(Cisco Controller) >
show pmk-cache xx:xx:xx:xx:xx:xx
The following example shows how to display information about all entries in the PMK cache:
(Cisco Controller) >
show pmk-cache all
PMK Cache
Entry
Station Lifetime VLAN Override IP Override
---------------------------------------------------------
Cisco Wireless Controller Command Reference, Release 8.4
1781
show pmipv6 domain show pmipv6 domain
To display the summary information of a PMIPv6 domain, use the show pmipv6 domain command.
show pmipv6 domain domain_name profile profile_name
Syntax Description
domain_name
profile
profile_name
Name of the PMIPv6 domain. The domain name can be up to 127 case-sensitive alphanumeric characters.
Specifies the PMIPv6 profile.
Name of the profile associated with the PMIPv6 domain.
The profile name can be up to 127 case-sensitive alphanumeric characters.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the summary information of a PMIPv6 domain:
(Cisco Controller) >
show pmipv6 domain floor1 profile profile1
NAI: @example.com
APN: Example
LMA: Examplelma
NAI: *
APN: ciscoapn
LMA: ciscolma
1782
Cisco Wireless Controller Command Reference, Release 8.4
show pmipv6 mag bindings show pmipv6 mag bindings
To display the binding information of a Mobile Access Gateway (MAG), use the show pmipv6 mag binding command.
show pmipv6 mag bindings [lma lma_name | nai nai_string]
Syntax Description lma
lma_name
nai
nai_string
(Optional) Displays the binding details of the MAG to an Local Mobility Anchor (LMA).
Name of the LMA. The LMA name is case-sensitive and can be up to 127 alphanumeric characters.
(Optional) Displays the binding details of the MAG to a client.
Network Access Identifier (NAI) of the client. The NAI is case-sensitive and can be up to 127 alphanumeric characters. You can use all special characters except a colon.
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the MAG bindings:
(Cisco Controller) >
show pmipv6 mag binding
[Binding][MN]: Domain: D1, Nai: [email protected]
[Binding][MN]: State: ACTIVE
[Binding][MN]: Interface: Management
[Binding][MN]: Hoa: 0xE0E0E02, att: 3, llid: aabb.cc00.c800
[Binding][MN][LMA]: Id: LMA1
[Binding][MN][LMA]: lifetime: 3600
[Binding][MN][GREKEY]: Upstream: 102, Downstream: 1
Cisco Wireless Controller Command Reference, Release 8.4
1783
show pmipv6 mag globals show pmipv6 mag globals
To display the global PMIPv6 parameters of the Mobile Access Gateway (MAG), use the show pmipv6 mag
globals command.
show pmipv6 mag globals
Syntax Description
This command has no arguments or keywords.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the global PMIPv6 parameters of a MAG:
(Cisco Controller) >
show pmipv6 mag globals
Domain : D1
MAG Identifier : M1
MAG Interface
Max Bindings
Registration Lifetime
BRI Init-delay time
BRI Max-delay time
BRI Max retries
Refresh time
Refresh RetxInit time
Refresh RetxMax time
Timestamp option
Validity Window
Peer#1:
LMA Name: AN-LMA-5K
Peer#2:
LMA Name: AN-LMA
Peer#3:
LMA Name: AN-LMA
: Management
: 10000
: 3600 (sec)
: 1000 (msec)
: 2000 (msec)
: 1
: 300 (sec)
: 1000 (msec)
: 32000 (msec)
: Enabled
: 7
LMA IP: 209.165.201.10
LMA IP: 209.165.201.4
LMA IP: 209.165.201.4
1784
Cisco Wireless Controller Command Reference, Release 8.4
show pmipv6 mag stats show pmipv6 mag stats
To display the statistics of the Mobile Access Gateway (MAG), use the show pmipv6 mag stats command.
show pmipv6 mag stats [domain domain_name peer lma_name]
Syntax Description domain
domain_name
peer
lma_name
(Optional) Displays the MAG statistics for a Local Mobility Anchor
(LMA) in the domain.
Name of the PMIPv6 domain. The domain name is case-sensitive and can be up to 127 alphanumeric characters.
(Optional) Displays the MAG statistics for an LMA.
Name of the LMA. The LMA name is case sensitive and can be up to 127 alphanumeric characters.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
This table lists the descriptions of the LMA statistics.
Table 17: Descriptions of the LMA Statistics:
LMA Statistics
PBU Sent
PBA Received
PBRI Sent
Description
Total number of Proxy Binding Updates (PBUs) sent to the LMA by the MAG.
PBU is a request message sent by the MAG to a mobile node’s LMA for establishing a binding between the mobile node’s interface and its current care-of address (Proxy-CoA).
Total number of Proxy Binding Acknowledgements
(PBAs) received by the MAG from the LMA.
PBA is a reply message sent by an LMA in response to a PBU message that it receives from a MAG.
Total number of Proxy Binding Revocation
Indications (PBRIs) sent by the MAG to the LMA.
Cisco Wireless Controller Command Reference, Release 8.4
1785
show pmipv6 mag stats
Examples
LMA Statistics
PBRI Received
PBRA Sent
PBRA Received
Number of Handoff
Description
Total number of PBRIs received from the LMA by the MAG.
Total number of Proxy Binding Revocation
Acknowledgements (PBRAs) sent by the MAG to the LMA.
Total number of PBRAs that the MAG receives from the LMA.
Number of handoffs between the MAG and the LMA.
The following example shows how to display the LMA statistics:
(Cisco Controller) >
show pmipv6 mag stats
[M1]: Total Bindings : 1
[M1]: PBU Sent
[M1]: PBA Rcvd
: 7
: 4
[M1]: PBRI Sent
[M1]: PBRI Rcvd
[M1]: PBRA Sent
[M1]: PBRA Rcvd
[M1]: No Of handoff
: 0
: 0
: 0
: 0
: 0
1786
Cisco Wireless Controller Command Reference, Release 8.4
show pmipv6 profile summary show pmipv6 profile summary
To display the summary of the PMIPv6 profiles, use the show pmipv6 profile summary command.
show pmipv6 profile summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the summary of the PMIPv6 profiles:
(Cisco Controller) >
show pmipv6 profile summary
Profile Name WLAN IDS (Mapped)
------------
Group1
-----------------
6
Cisco Wireless Controller Command Reference, Release 8.4
1787
show pmipv6 profile summary
1788
Cisco Wireless Controller Command Reference, Release 8.4
Show Commands: r to z
•
show radius acct detailed, page 1792
•
show radius acct statistics, page 1793
•
show radius auth detailed, page 1794
•
show radius auth statistics, page 1795
•
show radius avp-list, page 1796
•
show radius summary, page 1797
•
show redundancy interfaces, page 1798
•
show redundancy latency, page 1799
•
show redundancy mobilitymac, page 1800
•
show redundancy peer-route summary, page 1801
•
show redundancy statistics, page 1802
•
show redundancy summary, page 1803
•
show redundancy timers, page 1804
•
•
•
•
•
•
•
show rf-profile summary, page 1812
•
show rf-profile details, page 1813
•
show rogue adhoc custom summary, page 1814
•
show rogue adhoc detailed, page 1815
•
show rogue adhoc friendly summary , page 1817
Cisco Wireless Controller Command Reference, Release 8.4
1789
•
show rogue adhoc malicious summary, page 1818
•
show rogue adhoc unclassified summary , page 1819
•
show rogue adhoc summary, page 1820
•
show rogue ap clients, page 1821
•
show rogue ap custom summary , page 1823
•
show rogue ap detailed, page 1825
•
show rogue ap friendly summary, page 1827
•
show rogue ap malicious summary, page 1829
•
show rogue ap summary, page 1831
•
show rogue ap unclassified summary, page 1834
•
show rogue auto-contain, page 1835
•
show rogue client detailed, page 1836
•
show rogue client summary, page 1837
•
show rogue ignore-list, page 1838
•
show rogue rule detailed, page 1840
•
show rogue rule summary, page 1842
•
•
•
•
•
show run-config startup-commands , page 1847
•
•
•
•
•
•
•
•
show spanningtree port, page 1855
•
show spanningtree switch, page 1856
•
•
•
1790
Cisco Wireless Controller Command Reference, Release 8.4
•
•
show tacacs acct statistics, page 1864
•
show tacacs athr statistics, page 1865
•
show tacacs auth statistics, page 1866
•
show tacacs summary, page 1867
•
•
•
•
•
show tunnel profile-summary, page 1874
•
show tunnel profile-detail, page 1875
•
show tunnel eogre-summary, page 1876
•
show tunnel eogre-statistics, page 1877
•
show tunnel eogre-domain-summary, page 1878
•
show tunnel eogre gateway, page 1879
•
•
•
show wps ap-authentication summary, page 1886
•
show wps cids-sensor, page 1887
•
•
•
show wps signature detail, page 1890
•
show wps signature events, page 1892
•
show wps signature summary, page 1894
•
•
show wps wips statistics, page 1898
•
show wps wips summary, page 1899
•
show wps ap-authentication summary, page 1900
Cisco Wireless Controller Command Reference, Release 8.4
1791
show radius acct detailed show radius acct detailed
To display RADIUS accounting server information, use the show radius acct detailed command.
show radius acct detailed radius_index
Syntax Description
radius_index
Radius server index. The range is from 1 to 17.
Command Default
None
Command History
Release
8.0
Examples
Modification
This command was introduced.
The following example shows how to display RADIUS accounting server information:
(Cisco Controller) >
show radius acct detailed 5
Radius Index........5
NAI Realms..........LAB.VTV.BLR.cisco.co.in
1792
Cisco Wireless Controller Command Reference, Release 8.4
show radius acct statistics show radius acct statistics
To display the RADIUS accounting server statistics for the Cisco wireless LAN controller, use the show
radius acct statistics command.
show radius acct statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display RADIUS accounting server statistics:
(Cisco Controller) >
show radius acct statistics
Accounting Servers:
Server Index..................................... 1
Server Address................................... 10.1.17.10
Msg Round Trip Time.............................. 0 (1/100 second)
First Requests................................... 0
Retry Requests................................... 0
Accounting Responses............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
Related Commands config radius acct config radius acct ipsec authentication config radius acct ipsec disable config radius acct network show radius auth statistics show radius summary
Cisco Wireless Controller Command Reference, Release 8.4
1793
show radius auth detailed show radius auth detailed
To display RADIUS authentication server information, use the show radius auth detailed command.
show radius auth detailed radius_index
Syntax Description
radius_index
Radius server index. The range is from 1 to 17.
Command Default
None
Command History
Release
8.0
Examples
Modification
This command was introduced.
The following example shows how to display RADIUS authentication server information:
(Cisco Controller) >
show radius auth detailed 1
Radius Index........1
NAI Realms..........LAB.VTV.BLR.cisco.co.in
1794
Cisco Wireless Controller Command Reference, Release 8.4
show radius auth statistics show radius auth statistics
To display the RADIUS authentication server statistics for the Cisco wireless LAN controller, use the show
radius auth statistics command.
show radius auth statistics
This command has no arguments or keyword.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display RADIUS authentication server statistics:
(Cisco Controller) >
show radius auth statistics
Authentication Servers:
Server Index..................................... 1
Server Address................................... 1.1.1.1
Msg Round Trip Time.............................. 0 (1/100 second)
First Requests................................... 0
Retry Requests................................... 0
Accept Responses................................. 0
Reject Responses................................. 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
Related Commands config radius auth config radius auth management config radius auth network show radius summary
Cisco Wireless Controller Command Reference, Release 8.4
1795
show radius avp-list show radius avp-list
To display RADIUS VSA AVPs, use the show radius avp-list command.
show radius avp-list profile-name
Syntax Description
profile-name
Profile name for which downloaded AVPs to be shown.
Command Default
None
Command History
Release
8.0
Examples
Modification
This command was introduced.
The following example shows how to display RADIUS VSA AVPs:
(Cisco Controller) >
show radius avp-list
1796
Cisco Wireless Controller Command Reference, Release 8.4
show radius summary show radius summary
To display the RADIUS authentication and accounting server summary, use the show radius summary command.
show radius summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a RADIUS authentication server summary:
(Cisco Controller) >
show radius summary
Vendor Id Backward Compatibility................. Disabled
Credentials Caching.............................. Disabled
Call Station Id Type............................. IP Address
Administrative Authentication via RADIUS......... Enabled
Authentication Servers
Index Type
AuthMod
Server Address Port State Tout RFC-3576 IPsec e/Phase1/Group/Lifetime/Auth/Encr
-----------------------------------------------------------
---------------------------------
Accounting Servers
Index Type Server Address Port State Tout RFC-3576 IPsec -
AuthMod e/Phase1/Group/Lifetime/Auth/Encr
-----------------------------------------------------------
---------------------------------
Related Commands show radius auth statistics show radius acct statistics
Cisco Wireless Controller Command Reference, Release 8.4
1797
show redundancy interfaces show redundancy interfaces
To display details of redundancy and service port IP addresses, use the show redundancy interfaces command.
show redundancy interfaces
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the redundancy and service port IP addresses information:
(Cisco Controller) >
show redundancy interfaces
Redundancy Management IP Address................. 9.4.120.5
Peer Redundancy Management IP Address............ 9.4.120.3
Redundancy Port IP Address....................... 169.254.120.5
Peer Redundancy Port IP Address.................. 169.254.120.3
Peer Service Port IP Address..................... 10.104.175.189
1798
Cisco Wireless Controller Command Reference, Release 8.4
show redundancy latency show redundancy latency
To display the average latency to reach the management gateway and the peer redundancy management IP address, use the show redundancy latency command .
show redundancy latency
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the average latency to reach the management gateway and the peer redundancy management IP address:
(Cisco Controller) >
show redundancy latency
Network Latencies (RTT) for the Peer Reachability on the Redundancy Port in micro seconds for the past 10 intervals
Peer Reachability Latency[ 1 ] : 524 usecs
Peer Reachability Latency[ 2 ]
Peer Reachability Latency[ 3 ]
Peer Reachability Latency[ 4 ]
Peer Reachability Latency[ 5 ]
: 524 usecs
: 522 usecs
: 526 usecs
: 524 usecs
Peer Reachability Latency[ 6 ]
Peer Reachability Latency[ 7 ]
Peer Reachability Latency[ 8 ]
Peer Reachability Latency[ 9 ]
Peer Reachability Latency[ 10 ]
: 524 usecs
: 522 usecs
: 522 usecs
: 526 usecs
: 523 usecs
Network Latencies (RTT) for the Management Gateway Reachability in micro seconds for the past 10 intervals
Gateway Reachability Latency[ 1 ]
Gateway Reachability Latency[ 2 ]
: 1347 usecs
: 2427 usecs
Gateway Reachability Latency[ 3 ]
Gateway Reachability Latency[ 4 ]
Gateway Reachability Latency[ 5 ]
Gateway Reachability Latency[ 6 ]
Gateway Reachability Latency[ 7 ]
Gateway Reachability Latency[ 8 ]
Gateway Reachability Latency[ 9 ]
Gateway Reachability Latency[ 10 ]
: 1329 usecs
: 2014 usecs
: 2675 usecs
: 731 usecs
: 1882 usecs
: 2853 usecs
: 832 usecs
: 3708 usecs
Cisco Wireless Controller Command Reference, Release 8.4
1799
show redundancy mobilitymac show redundancy mobilitymac
To display the High Availability (HA) mobility MAC address that is used to communicate with the peer, use the show redundancy mobilitymac command.
show redundancy mobilitymac
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the HA mobility MAC address used to communicate with the peer:
(Cisco Controller) >
show redundancy mobilitymac
ff:ff:ff:ff:ff:ff
1800
Cisco Wireless Controller Command Reference, Release 8.4
show redundancy peer-route summary show redundancy peer-route summary
To display the routes assigned to the standby WLC, use the show redundancy peer-route summary command.
show redundancy peer-route summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display all the configured routes of the standby WLC:
(Cisco Controller) >
show redundancy peer-route summary
Number of Routes................................. 1
Destination Network
------------------xxx.xxx.xxx.xxx
Netmask Gateway
-------------------------------------
255.255.255.0
xxx.xxx.xxx.xxx
Cisco Wireless Controller Command Reference, Release 8.4
1801
show redundancy statistics show redundancy statistics
To display the statistics information of the Redundancy Manager, use the show redundancy statistics command.
show redundancy statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
This command displays the statistics of different redundancy counters.
Local Physical Ports - Connectivity status of each physical port of the controller. 1 indicates that the port is up and 0 indicates that the port is down.
Peer Physical Ports - Connectivity status of each physical port of the peer controller. 1 indicates that the port is up and 0 indicates that the port is down.
Examples
The following example shows how to display the statistics information of the Redundancy Manager:
(Cisco Controller) >
show redundancy statistics
Redundancy Manager Statistics
Keep Alive Request Send Counter
Keep Alive Response Receive Counter
Keep Alive Request Receive Counter
Keep Alive Response Send Counter
Ping Request to Default GW Counter
Ping Response from Default GW Counter
Ping Request to Peer Counter
Ping Response from Peer Counter
Keep Alive Loss Counter
Default GW Loss Counter
Local Physical Ports 1...8
Peer Physical Ports 1...8
: 16
: 16
: 500322
: 500322
: 63360
: 63360
: 12
: 3
: 0
: 0
: 10000000
: 10000000
1802
Cisco Wireless Controller Command Reference, Release 8.4
show redundancy summary show redundancy summary
To display the redundancy summary information, use the show redundancy summary command.
show redundancy summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the redundancy summary information of the controller:
(Cisco Controller) >
show redundancy summary
Redundancy Mode = SSO DISABLED
Local State = ACTIVE
Peer State = N/A
Unit = Primary
Unit ID = 88:43:E1:7E:03:80
Redundancy State = N/A
Mobility MAC = 88:43:E1:7E:03:80
Network Monitor = ENABLED
Link Encryption = DISABLED
BulkSync Status = <Status>
Average Redundancy Peer Reachability Latency = 1390 usecs
Average Management Gateway Reachability Latency = 1165 usecs
Redundancy Management IP Address................. 9.4.92.12
Peer Redundancy Management IP Address............ 9.4.92.14
Redundancy Port IP Address....................... 169.254.92.12
Peer Redundancy Port IP Address.................. 169.254.92.14
Cisco Wireless Controller Command Reference, Release 8.4
1803
show redundancy timers show redundancy timers
To display details of the Redundancy Manager timers, use the show redundancy timers command.
show redundancy timers
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the details of the Redundancy Manager timers:
(Cisco Controller) >
show redundancy timers
Keep Alive Timer
Peer Search Timer
: 100 msecs
: 120 secs
1804
Cisco Wireless Controller Command Reference, Release 8.4
show remote-lan show remote-lan
To display information about remote LAN configuration, use the show remote-lan command.
show remote-lan { summary | remote-lan-id }
Syntax Description summary
remote-lan-id
Displays a summary of all remote LANs.
Remote LAN identifier.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to display a summary of all remote LANs:
(Cisco Controller) >
show remote-lan summary
Number of Remote LANS............................ 2
RLAN ID RLAN Profile Name Status Interface Name
---------------------------------------------------------------------
2 remote Disabled management
8 test Disabled management
The following example shows configuration information about the remote LAN with the remote-lan-id 2:
(Cisco Controller) >
show remote-lan 2
Remote LAN Identifier............................ 2
Profile Name..................................... remote
Status........................................... Disabled
MAC Filtering.................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 0
Exclusionlist.................................... Disabled
Session Timeout.................................. Infinity
CHD per Remote LAN............................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Remote LAN ACL................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Dynamic Interface............................. Disabled
Cisco Wireless Controller Command Reference, Release 8.4
1805
show remote-lan
Security
Web Based Authentication...................... Enabled
ACL............................................. Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
1806
Cisco Wireless Controller Command Reference, Release 8.4
show reset
To display the scheduled system reset parameters, use the show reset command.
show reset
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the scheduled system reset parameters:
>
show reset
System reset is scheduled for Mar 27 01 :01 :01 2010
Current local time and date is Mar 24 02:57:44 2010
A trap will be generated 10 minutes before each scheduled system reset.
Use
‘reset system cancel’ to cancel the reset.
Configuration will be saved before the system reset.
Related Commands reset system at reset system in reset system cancel reset system notify-time show reset
Cisco Wireless Controller Command Reference, Release 8.4
1807
show rfid client show rfid client
To display the radio frequency identification (RFID) tags that are associated to the controller as clients, use the show rfid client command.
show rfid client
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Usage Guidelines
When the RFID tag is not in client mode, the above fields are blank.
Examples
This example shows how to display the RFID tag that is associated to the controller as clients:
>
show rfid client
------------------------- --------- ----------------- ------ ----------------
RFID Mac VENDOR
Heard
Sec Ago Associated AP Chnl Client State
------------------------- --------- ----------------- ------ ----------------
00:14:7e:00:0b:b1 Pango 35 AP0019.e75c.fef4
1 Probing
Related Commands config rfid status config rfid timeout show rfid config show rfid detail show rfid summary
1808
Cisco Wireless Controller Command Reference, Release 8.4
show rfid config show rfid config
To display the current radio frequency identification (RFID) configuration settings, use the show rfid config command.
show rfid config
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the current RFID configuration settings:
>
show rfid config
RFID Tag Data Collection ............................... Enabled
RFID Tag Auto-Timeout .................................. Enabled
RFID Client Data Collection ............................ Disabled
RFID Data Timeout ...................................... 200 seconds
Related Commands config rfid status config rfid timeout show rfid client show rfid detail show rfid summary
Cisco Wireless Controller Command Reference, Release 8.4
1809
show rfid detail show rfid detail
To display detailed radio frequency identification (RFID) information for a specified tag, use the show rfid
detail command.
show rfid detail mac_address
Syntax Description
mac_address
MAC address of an RFID tag.
Command Default
None.
Examples
This example shows how to display detailed RFID information:
>
show rfid detail 00:12:b8:00:20:52
RFID address..................................... 00:12:b8:00:20:52
Vendor........................................... G2
Last Heard....................................... 51 seconds ago
Packets Received................................. 2
Bytes Received................................... 324
Cisco Type.......................................
Content Header
=================
Version.......................................... 0
Tx Power......................................... 12 dBm
Channel.......................................... 1
Reg Class........................................ 12
Burst Length..................................... 1
CCX Payload
===========
Last Sequence Control............................ 0
Payload length................................... 127
Last Sequence Control............................ 0
Payload length................................... 127
Payload Data Hex Dump
01 09 00 00 00 00 0b 85 52 52 52 02 07 4b ff ff
7f ff ff ff 03 14 00 12 7b 10 48 53 c1 f7 51 4b
50 ba 5b 97 27 80 00 67 00 01 03 05 01 42 34 00
00 03 05 02 42 5c 00 00 03 05 03 42 82 00 00 03
05 04 42 96 00 00 03 05 05 00 00 00 55 03 05 06
42 be 00 00 03 02 07 05 03 12 08 10 00 01 02 03
04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 03 0d 09 03
08 05 07 a8 02 00 10 00 23 b2 4e 03 02 0a 03
Nearby AP Statistics: lap1242-2(slot 0, chan 1) 50 seconds ag.... -76 dBm lap1242(slot 0, chan 1) 50 seconds ago..... -65 dBm
Related Commands config rfid status config rfid timeout show rfid config show rfid client show rfid summary
1810
Cisco Wireless Controller Command Reference, Release 8.4
show rfid summary show rfid summary
To display a summary of the radio frequency identification (RFID) information for a specified tag, use the
show rfid summary command.
show rfid summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display a summary of RFID information:
>
show rfid summary
Total Number of RFID : 5
----------------- -------- ------------------ ------ ---------------------
RFID ID VENDOR Closest AP RSSI Time Since Last Heard
----------------- -------- ------------------ ------ ---------------------
00:04:f1:00:00:04 Wherenet ap:1120
00:0c:cc:5c:06:d3 Aerosct ap:1120
00:0c:cc:5c:08:45 Aerosct AP_1130
00:0c:cc:5c:08:4b Aerosct wolverine
00:0c:cc:5c:08:52 Aerosct ap:1120
-51
-51
-54
-54
-51
858 seconds ago
68 seconds ago
477 seconds ago
332 seconds ago
699 seconds ago
Related Commands config rfid status config rfid timeout show rfid client show rfid detail show rfid config
Cisco Wireless Controller Command Reference, Release 8.4
1811
show rf-profile summary show rf-profile summary
To display a summary of RF profiles in the controller, use the show rf-profile summary command.
show rf-profile summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is the output of the show rf-profile summary command:
(Cisco Controller) >
show rf-profile summary
Number of RF Profiles............................ 2
Out Of Box State................................. Disabled
RF Profile Name Band Description Applied
-------------------------------------------------------------
T1a
T1b
5 GHz <none>
2.4 GHz <none>
No
No
1812
Cisco Wireless Controller Command Reference, Release 8.4
show rf-profile details show rf-profile details
To display the RF profile details in the Cisco wireless LAN controller, use the show rf-profile details command.
show rf-profile details rf-profile-name
Syntax Description
rf-profile-name
Name of the RF profile.
Command Default
None
Command History
Release
7.6
8.0
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The output was updated to include the Rx SOP threshold.
The following is the output of the show rf-profile details command::
(Cisco Controller) >
show rf-profile details T1a
Description...................................... <none>
Radio policy..................................... 5 GHz
Transmit Power Threshold v1...................... -70 dBm
Transmit Power Threshold v2...................... -67 dBm
Min Transmit Power............................... -10 dBm
Max Transmit Power............................... 30 dBm
Rx Sop Threshold................................. Medium
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
Max Clients...................................... 200
Client Trap Threshold............................ 50
Multicast Data Rate.............................. 0
Rx Sop Threshold................................. 0 dBm
Cca Threshold.................................... 0 dBm
Slot Admin State:................................ Enabled
Band Select Probe Response....................... Disabled
Band Select Cycle Count.......................... 2 cycles
Band Select Cycle Threshold...................... 200 milliseconds
Band Select Expire Suppression................... 20 seconds
Band Select Expire Dual Band..................... 60 seconds
Band Select Client Rssi.......................... -80 dBm
Load Balancing Denial............................ 3 count
Load Balancing Window............................ 5 clients
Coverage Data.................................... -80 dBm
Coverage Voice................................... -80 dBm
Coverage Exception............................... 3 clients
Coverage Level................................... 25 %
Cisco Wireless Controller Command Reference, Release 8.4
1813
show rogue adhoc custom summary show rogue adhoc custom summary
To display information about custom rogue ad-hoc rogue access points, use the show rogue adhoc custom
summary command.
show rogue adhoc custom summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display details of custom rogue ad-hoc rogue access points:
(Cisco Controller) >
show rogue adhoc custom summary
Number of Adhocs............................0
MAC Address State # APs # Clients Last Heard
---------------------------------- ----- ---------
-----------------------
Related Commands show rogue adhoc detailed show rogue adhoc summary show rogue adhoc friendly summary show rogue adhoc malicious summary show rogue adhoc unclassified summary config rogue adhoc
1814
Cisco Wireless Controller Command Reference, Release 8.4
show rogue adhoc detailed show rogue adhoc detailed
To display details of an ad-hoc rogue access point detected by the Cisco wireless LAN controller, use the
show rogue adhoc client detailed command.
show rogue adhoc detailed MAC_address
Syntax Description
MAC_address
Adhoc rogue MAC address.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display detailed ad-hoc rogue MAC address information:
(Cisco Controller) >
show rogue adhoc client detailed 02:61:ce:8e:a8:8c
Adhoc Rogue MAC address.......................... 02:61:ce:8e:a8:8c
Adhoc Rogue BSSID................................ 02:61:ce:8e:a8:8c
State............................................ Alert
First Time Adhoc Rogue was Reported.............. Tue Dec 11 20:45:45
2007
Last Time Adhoc Rogue was Reported............... Tue Dec 11 20:45:45
2007
Reported By
AP 1
MAC Address.............................. 00:14:1b:58:4a:e0
Name..................................... AP0014.1ced.2a60
Radio Type............................... 802.11b
SSID..................................... rf4k3ap
Channel.................................. 3
RSSI..................................... -56 dBm
SNR...................................... 15 dB
Encryption............................... Disabled
ShortPreamble............................ Disabled
WPA Support.............................. Disabled
Last reported by this AP............... Tue Dec 11 20:45:45 2007
Related Commands config rogue adhoc show rogue ignore-list show rogue rule summary show rogue rule detailed
Cisco Wireless Controller Command Reference, Release 8.4
1815
show rogue adhoc detailed config rogue rule show rogue adhoc summary
1816
Cisco Wireless Controller Command Reference, Release 8.4
show rogue adhoc friendly summary show rogue adhoc friendly summary
To display information about friendly rogue ad-hoc rogue access points, use the show rogue adhoc friendly
summary command.
show rogue adhoc friendly summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display information about friendly rogue ad-hoc rogue access points:
(Cisco Controller) >
show rogue adhoc friendly summary
Number of Adhocs............................0
MAC Address State # APs # Clients Last Heard
---------------------------------- ----- ---------
-----------------------
Related Commands show rogue adhoc custom summary show rogue adhoc detailed show rogue adhoc summary show rogue adhoc malicious summary show rogue adhoc unclassified summary config rogue adhoc
Cisco Wireless Controller Command Reference, Release 8.4
1817
show rogue adhoc malicious summary show rogue adhoc malicious summary
To display information about malicious rogue ad-hoc rogue access points, use the show rogue adhoc malicious
summary command.
show rogue adhoc malicious summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display details of malicious rogue ad-hoc rogue access points:
(Cisco Controller) >
show rogue adhoc malicious summary
Number of Adhocs............................0
MAC Address State # APs # Clients Last Heard
---------------------------------- ----- ---------
-----------------------
Related Commands show rogue adhoc custom summary show rogue adhoc detailed show rogue adhoc summary show rogue adhoc friendly summary show rogue adhoc unclassified summary config rogue adhoc
1818
Cisco Wireless Controller Command Reference, Release 8.4
show rogue adhoc unclassified summary show rogue adhoc unclassified summary
To display information about unclassified rogue ad-hoc rogue access points, use the show rogue adhoc
unclassified summary command.
show rogue adhoc unclassified summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display information about unclassified rogue ad-hoc rogue access points:
(Cisco Controller) >
show rogue adhoc unclassified summary
Number of Adhocs............................0
MAC Address State # APs # Clients Last Heard
---------------------------------- ----- ---------
-----------------------
Related Commands show rogue adhoc custom summary show rogue adhoc detailed show rogue adhoc summary show rogue adhoc friendly summary show rogue adhoc malicious summary config rogue adhoc
Cisco Wireless Controller Command Reference, Release 8.4
1819
show rogue adhoc summary show rogue adhoc summary
To display a summary of the ad-hoc rogue access points detected by the Cisco wireless LAN controller, use the show rogue adhoc summary command.
show rogue adhoc summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a summary of all ad-hoc rogues:
(Cisco Controller) >
show rogue adhoc summary
Detect and report Ad-Hoc Networks................ Enabled
Client MAC Address Adhoc BSSID
---------------------------xx:xx:xx:xx:xx:xx
2004 super
State
-----
Alert
# APs
1
---
Last Heard
-------
Sat Aug 9 21:12:50
Alert 1 Aug 9 21:12:50 xx:xx:xx:xx:xx:xx
2003 xx:xx:xx:xx:xx:xx Alert 1 Sat Aug 9 21:10:50
2003
Related Commands config rogue adhoc show rogue ignore-list show rogue rule summary show rogue rule detailed config rogue rule show rogue adhoc detailed
1820
Cisco Wireless Controller Command Reference, Release 8.4
show rogue ap clients show rogue ap clients
To display details of rogue access point clients detected by the Cisco wireless LAN controller, use the show
rogue ap clients command.
show rogue ap clients ap_mac_address
Syntax Description
ap_mac_address
Rogue access point MAC address.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display details of rogue access point clients:
(Cisco Controller) >
show rogue ap clients xx:xx:xx:xx:xx:xx
MAC Address State # APs Last Heard
----------------- ------------------ ----- -------------------------
00:bb:cd:12:ab:ff Alert 1 Fri Nov 30 11:26:23 2007
Related Commands config rogue adhoc config rogue ap classify config rogue ap friendly config rogue ap rldp config rogue ap timeout config rogue ap valid-client config rogue client config trapflags rogueap show rogue ap detailed show rogue ap summary show rogue ap friendly summary show rogue ap malicious summary show rogue ap unclassified summary show rogue client detailed
Cisco Wireless Controller Command Reference, Release 8.4
1821
show rogue ap clients show rogue client summary show rogue ignore-list show rogue rule detailed show rogue rule summary
1822
Cisco Wireless Controller Command Reference, Release 8.4
show rogue ap custom summary show rogue ap custom summary
To display information about custom rogue ad-hoc rogue access points, use the show rogue ap custom
summary command.
show rogue ap custom summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display details of custom rogue ad-hoc rogue access points:
(Cisco Controller) >
show rogue ap custom summary
Number of APs............................0
MAC Address State # APs # Clients Last Heard
---------------------------------- ----- ---------
-----------------------
Related Commands config rogue adhoc config rogue ap classify config rogue ap friendly config rogue ap rldp config rogue ap timeout config rogue ap valid-client config rogue client config trapflags rogueap show rogue ap clients show rogue ap detailed show rogue ap summary show rogue ap malicious summary show rogue ap unclassified summary show rogue client detailed
Cisco Wireless Controller Command Reference, Release 8.4
1823
show rogue ap custom summary show rogue client summary show rogue ignore-list show rogue rule detailed show rogue rule summary
1824
Cisco Wireless Controller Command Reference, Release 8.4
show rogue ap detailed show rogue ap detailed
To display details of a rogue access point detected by the Cisco wireless LAN controller, use the show rogue-ap
detailed command.
show rogue ap detailed ap_mac_address
Syntax Description
ap_mac_address
Rogue access point MAC address.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display detailed information of a rogue access point:
(Cisco Controller) >
show rogue ap detailed xx:xx:xx:xx:xx:xx
Rogue BSSID...................................... 00:0b:85:63:d1:94
Is Rogue on Wired Network........................ No
Classification................................... Unclassified
State............................................ Alert
First Time Rogue was Reported.................... Fri Nov 30 11:24:56
2007
Last Time Rogue was Reported..................... Fri Nov 30 11:24:56
2007
Reported By
AP 1
MAC Address.............................. 00:12:44:bb:25:d0
Name..................................... flexconnect
Radio Type............................... 802.11g
SSID..................................... edu-eap
Channel.................................. 6
RSSI..................................... -61 dBm
SNR...................................... -1 dB
Encryption............................... Enabled
ShortPreamble............................ Enabled
WPA Support.............................. Disabled
Last reported by this AP.............. Fri Nov 30 11:24:56 2007
This example shows how to display detailed information of a rogue access point with a customized classification:
(Cisco Controller) >
show rogue ap detailed xx:xx:xx:xx:xx:xx
Rogue BSSID...................................... 00:17:0f:34:48:a0
Is Rogue on Wired Network........................ No
Cisco Wireless Controller Command Reference, Release 8.4
1825
show rogue ap detailed
Classification................................... custom
Severity Score .................................. 1
Class Name........................................VeryMalicious
Class Change by.................................. Rogue Rule
Classified at ................................... -60 dBm
Classified by.................................... c4:0a:cb:a1:18:80
State............................................ Contained
State change by.................................. Rogue Rule
First Time Rogue was Reported.................... Mon Jun 4 10:31:18
2012
Last Time Rogue was Reported..................... Mon Jun 4 10:31:18
2012
Reported By
AP 1
MAC Address.............................. c4:0a:cb:a1:18:80
Name..................................... SHIELD-3600-2027
Radio Type............................... 802.11g
SSID..................................... sri
Channel.................................. 11
RSSI..................................... -87 dBm
SNR...................................... 4 dB
Encryption............................... Enabled
ShortPreamble............................ Enabled
WPA Support.............................. Enabled
Last reported by this AP................. Mon Jun 4 10:31:18
2012
Related Commands config rogue adhoc config rogue ap classify config rogue ap friendly config rogue ap rldp config rogue ap timeout config rogue ap valid-client config rogue client config trapflags rogueap show rogue ap clients show rogue ap summary show rogue ap friendly summary show rogue ap malicious summary show rogue ap unclassified summary show rogue client detailed show rogue client summary show rogue ignore-list show rogue rule detailed show rogue rule summary
1826
Cisco Wireless Controller Command Reference, Release 8.4
show rogue ap friendly summary show rogue ap friendly summary
To display a list of the friendly rogue access points detected by the controller, use the show rogue ap friendly
summary command.
show rogue ap friendly summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a summary of all friendly rogue access points:
(Cisco Controller) >
show rogue ap friendly summary
Number of APs.................................... 1
MAC Address State # APs # Clients Last Heard
----------------- ------------------ ----- ---------
---------------------------
XX:XX:XX:XX:XX:XX Internal 1 0 Tue Nov 27 13:52:04 2007
Related Commands config rogue adhoc config rogue ap classify config rogue ap friendly config rogue ap rldp config rogue ap timeout config rogue ap valid-client config rogue client config trapflags rogueap show rogue ap clients show rogue ap detailed show rogue ap summary show rogue ap malicious summary show rogue ap unclassified summary show rogue client detailed
Cisco Wireless Controller Command Reference, Release 8.4
1827
show rogue ap friendly summary show rogue client summary show rogue ignore-list show rogue rule detailed show rogue rule summary
1828
Cisco Wireless Controller Command Reference, Release 8.4
show rogue ap malicious summary show rogue ap malicious summary
To display a list of the malicious rogue access points detected by the controller, use the show rogue ap
malicious summary command.
show rogue ap malicious summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a summary of all malicious rogue access points:
(Cisco Controller) >
show rogue ap malicious summary
Number of APs.................................... 2
MAC Address State # APs # Clients Last Heard
----------------- ------------------ ----- ---------
---------------------------
XX:XX:XX:XX:XX:XX Alert
XX:XX:XX:XX:XX:XX Alert
1
1
0
0
Tue Nov 27 13:52:04 2007
Tue Nov 27 13:52:04 2007
Related Commands config rogue adhoc config rogue ap classify config rogue ap friendly config rogue ap rldp config rogue ap timeout config rogue ap valid-client config rogue client config trapflags rogueap show rogue ap clients show rogue ap detailed show rogue ap summary show rogue ap friendly summary show rogue ap unclassified summary
Cisco Wireless Controller Command Reference, Release 8.4
1829
show rogue ap malicious summary show rogue client detailed show rogue client summary show rogue ignore-list show rogue rule detailed show rogue rule summary
1830
Cisco Wireless Controller Command Reference, Release 8.4
show rogue ap summary show rogue ap summary
To display a summary of the rogue access points detected by the Cisco wireless LAN controller, use the show
rogue-ap summary command.
show rogue ap summary{ssid | channel}
Syntax Description
ssid channel
Displays specific user-configured SSID of the rogue access point.
Displays specific user-configured radio type and channel of the rogue access point.
Command Default
None
Command History
Examples
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
The new keywords SSID and channel are added.
The following example shows how to display a summary of all rogue access points:
(Cisco Controller) >
show rogue ap summary
Rogue Location Discovery Protocol................
Disabled
Rogue ap timeout.................................
1200
Rogue on wire Auto-Contain....................... Disabled
Rogue using our SSID Auto-Contain................ Disabled
Valid client on rogue AP Auto-Contain............ Disabled
Rogue AP timeout................................. 1200
Rogue Detection Report Interval.................. 10
Rogue Detection Min Rssi......................... -128
Rogue Detection Transient Interval............... 0
Rogue Detection Client Num Thershold............. 0
Total Rogues(AP+Ad-hoc) supported................ 2000
Total Rogues classified.......................... 729
MAC Address Classification # APs # Clients Last Heard
---------------------------------- ----- --------- ----------------------xx:xx:xx:xx:xx:xx friendly xx:xx:xx:xx:xx:xx malicious
1
1
0
0
Thu Aug 4 18:57:11 2005
Thu Aug 4 19:00:11 2005 xx:xx:xx:xx:xx:xx malicious xx:xx:xx:xx:xx:xx malicious
1
1
0
0
Thu Aug 4 18:57:11 2005
Thu Aug 4 18:57:11 2005
The following example shows how to display a summary of all rogue access points with SSID as extended parameter.
(Cisco Controller) >
show rogue ap summary ssid
Cisco Wireless Controller Command Reference, Release 8.4
1831
show rogue ap summary
MAC Address Class State SSID Security
-------------------------------------------------------------------------------------xx:xx:xx:xx:xx:xx Unclassified xx:xx:xx:xx:xx:xx Unclassified xx:xx:xx:xx:xx:xx Pending xx:xx:xx:xx:xx:xx Unclassified
Alert
Alert
Pending
Alert
The following example shows how to display a summary of all rogue access points with channel as extended parameter.
(Cisco Controller) >
show rogue ap summary channel
xxx Open xxx Open xxx Open xxx WEP/WPA
MAC Address Class State Det RadioType Channel RSSIlast/Max)
-------------------------------------------------------------------------------------------------------------------xx:xx:xx:xx:xx:xx Unclassified xx:xx:xx:xx:xx:xx Unclassified xx:xx:xx:xx:xx:xx Unclassified xx:xx:xx:xx:xx:xx Unclassified xx:xx:xx:xx:xx:xx Unclassified
Alert 802.11g
Alert 802.11g
Alert 802.11a
Alert 802.11a
Alert 802.11a
11
11
149
149
149
-53 / -48
-53 / -48
-74 / -69
-74 / -69
-74 / -69
The following example shows how to display a summary of all rogue access points with both SSID and channel as extended parameters.
(Cisco Controller) >
show rogue ap summary ssid channel
MAC Address Class
Channel RSSI(last/Max)
State SSID Security Det RadioType
----------------------------------------------------------------------------------------------------------------xx:xx:xx:xx:xx:xx Unclassified Alert dd WEP/WPA 802.11n5G
56 -73 / -62 xx:xx:xx:xx:xx:xx Unclassified Alert SSID IS HIDDEN
149 -68 / -66 xx:xx:xx:xx:xx:xx Unclassified Alert wlan16
149 -71 / -71
Open
WEP/WPA
802.11a
802.11n5G
xx:xx:xx:xx:xx:xx Unclassified Alert wlan15
149 -71 / -71 xx:xx:xx:xx:xx:xx Unclassified Alert wlan14
149 -71 / -71 xx:xx:xx:xx:xx:xx Unclassified Alert wlan13
149 -71 / -70 xx:xx:xx:xx:xx:xx Unclassified Alert wlan12
149 -71 / -71
WEP/WPA
WEP/WPA
WEP/WPA
WEP/WPA
802.11n5G
802.11n5G
802.11n5G
802.11n5G
Related Commands config rogue adhoc config rogue ap classify config rogue ap friendly config rogue ap rldp config rogue ap timeout config rogue ap valid-client config rogue client config trapflags rogueap show rogue ap clients show rogue ap detailed show rogue ap friendly summary show rogue ap malicious summary show rogue ap unclassified summary
1832
Cisco Wireless Controller Command Reference, Release 8.4
show rogue client detailed show rogue client summary show rogue ignore-list show rogue rule detailed show rogue rule summary show rogue ap summary
Cisco Wireless Controller Command Reference, Release 8.4
1833
show rogue ap unclassified summary show rogue ap unclassified summary
To display a list of the unclassified rogue access points detected by the controller, use the show rogue ap
unclassified summary command.
show rogue ap unclassified summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a list of all unclassified rogue access points:
(Cisco Controller) >
show rogue ap unclassified summary
Number of APs.................................... 164
MAC Address State # APs # Clients Last Heard
----------------- ------------- ----- --------- ---------------
XX:XX:XX:XX:XX:XX Alert 1 0 Fri Nov 30 11:12:52 2007
XX:XX:XX:XX:XX:XX Alert 1
XX:XX:XX:XX:XX:XX Alert 1
XX:XX:XX:XX:XX:XX Alert 1
0
0
0
Fri Nov 30 11:29:01 2007
Fri Nov 30 11:26:23 2007
Fri Nov 30 11:26:23 2007
1834
Cisco Wireless Controller Command Reference, Release 8.4
show rogue auto-contain show rogue auto-contain
To display information about rogue auto-containment, use the show rogue auto-contain command.
show rogue auto-contain
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display information about rogue auto-containment:
(Cisco Controller) >
show rogue auto-contain
Containment Level................................ 3 monitor_ap_only.................................. false
Related Commands config rogue adhoc config rogue auto-contain level
Cisco Wireless Controller Command Reference, Release 8.4
1835
show rogue client detailed show rogue client detailed
To display details of a rogue client detected by a Cisco wireless LAN controller, use the show rogue client
detailed command.
show rogue client detailed Rogue_AP MAC_address
Syntax Description
Rogue_AP
MAC_address
Rogue AP address.
Rogue client MAC address.
Command Default
None
Command History
Release
7.6
8.1
Modification
This command was introduced in a release earlier than
Release 7.6.
The Rogue_AP parameter to the show rogue client
detailed command is added.
Examples
The following example shows how to display detailed information for a rogue client:
(Cisco Controller) >
show rogue client detailed xx:xx:xx:xx:xx:xx
Rogue BSSID...................................... 00:0b:85:23:ea:d1
State............................................ Alert
First Time Rogue was Reported.................... Mon Dec 3 21:50:36 2007
Last Time Rogue was Reported..................... Mon Dec 3 21:50:36 2007
Rogue Client IP address.......................... Not known
Reported By
AP 1
MAC Address.............................. 00:15:c7:82:b6:b0
Name..................................... AP0016.47b2.31ea
Radio Type............................... 802.11a
RSSI..................................... -71 dBm
SNR...................................... 23 dB
Channel.................................. 149
Last reported by this AP.............. Mon Dec 3 21:50:36 2007
Related Commands show rogue client summary show rogue ignore-list config rogue rule client config rogue rule
1836
Cisco Wireless Controller Command Reference, Release 8.4
show rogue client summary show rogue client summary
To display a summary of the rogue clients detected by the Cisco wireless LAN controller, use the show rogue
client summary command.
show rogue client summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a list of all rogue clients:
(Cisco Controller) >
show rogue client summary
Validate rogue clients against AAA............... Disabled
Total Rogue Clients supported.................... 2500
Total Rogue Clients present...................... 3
MAC Address State # APs Last Heard
---------------------------------- ----- ----------------------xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:00:08 2005 xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:00:08 2005 xx:xx:xx:xx:xx:xx Alert xx:xx:xx:xx:xx:xx Alert xx:xx:xx:xx:xx:xx Alert xx:xx:xx:xx:xx:xx Alert
1
1
1
1
Thu Aug
Thu Aug
Thu Aug
Thu Aug
4 19:00:08 2005
4 19:00:08 2005
4 19:00:08 2005
4 19:00:08 2005 xx:xx:xx:xx:xx:xx Alert xx:xx:xx:xx:xx:xx Alert xx:xx:xx:xx:xx:xx Alert xx:xx:xx:xx:xx:xx Alert xx:xx:xx:xx:xx:xx Alert xx:xx:xx:xx:xx:xx Alert
1
1
1
1
1
1
Thu Aug 4 19:09:11 2005
Thu Aug 4 19:03:11 2005
Thu Aug 4 19:03:11 2005
Thu Aug 4 19:09:11 2005
Thu Aug 4 18:57:08 2005
Thu Aug 4 19:12:08 2005
Related Commands show rogue client detailed show rogue ignore-list config rogue client config rogue rule
Cisco Wireless Controller Command Reference, Release 8.4
1837
show rogue ignore-list show rogue ignore-list
To display a list of rogue access points that are configured to be ignored, use the show rogue ignore-list command.
show rogue ignore-list
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a list of all rogue access points that are configured to be ignored.
(Cisco Controller) >
show rogue ignore-list
MAC Address
----------------xx:xx:xx:xx:xx:xx
Related Commands config rogue adhoc config rogue ap classify config rogue ap friendly config rogue ap rldp config rogue ap ssid config rogue ap timeout config rogue ap valid-client config rogue rule config trapflags rogueap show rogue client detailed show rogue ignore-list show rogue rule summary show rogue client summary show rogue ap unclassified summary show rogue ap malicious summary
1838
Cisco Wireless Controller Command Reference, Release 8.4
show rogue ap friendly summary config rogue client show rogue ap summary show rogue ap clients show rogue ap detailed config rogue rule show rogue ignore-list
Cisco Wireless Controller Command Reference, Release 8.4
1839
show rogue rule detailed show rogue rule detailed
To display detailed information for a specific rogue classification rule, use the show rogue rule detailed command.
show rogue rule detailed rule_name
Syntax Description
rule_name
Rogue rule name.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display detailed information on a specific rogue classification rule:
(Cisco Controller) >
show rogue rule detailed Rule2
Priority......................................... 2
Rule Name........................................ Rule2
State............................................ Enabled
Type............................................. Malicious
Severity Score................................... 1
Class Name....................................... Very_Malicious
Notify........................................... All
State ........................................... Contain
Match Operation.................................. Any
Hit Count........................................ 352
Total Conditions................................. 2
Condition 1 type......................................... Client-count value........................................ 10
Condition 2 type......................................... Duration value (seconds).............................. 2000
Condition 3 type......................................... Managed-ssid value........................................ Enabled
Condition 4 type......................................... No-encryption value........................................ Enabled
Condition 5 type......................................... Rssi value (dBm).................................. -50
Condition 6 type......................................... Ssid
SSID Count................................... 1
SSID 1.................................... test
Related Commands config rogue rule
1840
Cisco Wireless Controller Command Reference, Release 8.4
show rogue ignore-list show rogue rule summary show rogue rule detailed
Cisco Wireless Controller Command Reference, Release 8.4
1841
show rogue rule summary show rogue rule summary
To display the rogue classification rules that are configured on the controller, use the show rogue rule
summary command.
show rogue rule summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a list of all rogue rules that are configured on the controller:
(Cisco Controller) >
show rogue rule summary
Priority Rule Name State Type Match Hit Count
-------- ----------------------- -------- ------------- ----- ---------
1
2 mtest asdfasdf
Enabled
Enabled
Malicious
Malicious
All
All
0
0
The following example shows how to display a list of all rogue rules that are configured on the controller:
(Cisco Controller) >
show rogue rule summary
Priority Rule Name
State Match Hit Count
Rule state Class Type Notify
-------- -------------------------------- ----------- ----------- --------
-------- ------ ---------
1
Alert rule2
All 234
Enabled Friendly Global
2
Alert rule1
All 0
Enabled Custom Global
Related Commands config rogue rule show rogue ignore-list show rogue rule detailed
1842
Cisco Wireless Controller Command Reference, Release 8.4
show route kernel show route kernel
To display the kernel route cache information, use the show route kernel command.
show route kernel
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the kernel route cache information:
>
show route kernel
Iface Destination Gateway Flags dtl0 dtl0 dtl0
14010100
28282800
34010100
00000000
00000000
00000000
0001
0001
0001 eth0 dtl0 dtl0 dtl0 dtl0 lo dtl0
02020200
33010100
0A010100
32010100
0A000000
7F000000
00000000
00000000
00000000
00000000
00000000
0202020A
00000000
0A010109
0001
0001
0001
0001
0003
0001
0003
0
0
0
0
RefCnt Use Metric Mask MTU Window IRTT
0
0
0
0
0
0
0
0
0
FFFFFF00
FFFFFF00
FFFFFF00
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
FFFFFF00
FFFFFF00
FFFFFF00
FFFFFF00
FF000000
FF000000
00000000
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Related Commands clear ap debug arp show arp kernel config route add config route delete
Cisco Wireless Controller Command Reference, Release 8.4
1843
show route summary show route summary
To display the routes assigned to the Cisco wireless LAN controller service port, use the show route summary command.
show route summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display all the configured routes:
>
show route summary
Number of Routes............................... 1
Destination Network
------------------xxx.xxx.xxx.xxx
Genmask Gateway
-------------------------------------
255.255.255.0
xxx.xxx.xxx.xxx
Related Commands config route
1844
Cisco Wireless Controller Command Reference, Release 8.4
show rules show rules
To display the active internal firewall rules, use the show rules command.
show rules
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display active internal firewall rules:
(Cisco Controller) >
show rules
--------------------------------------------------------
Rule ID.............: 3
Ref count...........: 0
Precedence..........: 99999999
Flags...............: 00000001 ( PASS )
Source IP range:
(Local stack)
Destination IP range:
(Local stack)
--------------------------------------------------------
Rule ID.............: 25
Ref count...........: 0
Precedence..........: 99999999
Flags...............: 00000001 ( PASS )
Service Info
Service name........: GDB
Protocol............: 6
Source port low.....: 0
Source port high....: 0
Dest port low.......: 1000
Dest port high......: 1000
Source IP range:
IP High............: 0.0.0.0
Interface..........: ANY
Destination IP range:
(Local stack)
--------------------------------------------------------
Cisco Wireless Controller Command Reference, Release 8.4
1845
show run-config show run-config
To display a comprehensive view of the current Cisco wireless LAN controller configuration, use the show
run-config all command.
show run-config {all | commands} [no-ap | commands]
Syntax Description all no-ap commands
Shows all the commands under the show run-config.
(Optional) Excludes access point configuration settings.
(Optional) Displays a list of user-configured commands on the controller.
Command Default
None
Command History
Release
7.6
8.2
Modification
This command was introduced in a release earlier than Release 7.6.
This command was introduced .
Usage Guidelines
These commands have replaced the show running-config command.
Some WLAN controllers may have no Crypto Accelerator (VPN termination module) or power supplies listed because they have no provisions for VPN termination modules or power supplies.
The show run-config all command shows only values configured by the user. It does not show system-configured default values.
Examples
The following is a sample output of the show run-config all command:
(Cisco Controller) >
show run-config all
Press Enter to continue...
System Inventory
Switch Description............................... Cisco Controller
Machine Model....................................
Serial Number.................................... FLS0923003B
Burned-in MAC Address............................ xx:xx:xx:xx:xx:xx
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Press Enter to continue Or <Ctl Z> to abort...
1846
Cisco Wireless Controller Command Reference, Release 8.4
show run-config startup-commands show run-config startup-commands
To display a comprehensive view of the current Cisco wireless LAN controller configuration, use the
showrun-configstartup-commands command.
show run-configstartup-commands
Syntax Description run-config startup-commands
Displays the running configuration commands.
Display list of configured startup commands on Wireless LAN
Controller.
Command Default
None
Command History
Release
8.0
Modification
Usage Guidelines
The configuration commands on the Wireless LAN controller are uploaded to the TFTP or NCS servers using the transfer upload process. The show run-config startup-commands command enables the Wireless LAN controller to generate running-configuration in CLI format. The configuration commands generated can be used as backup configuration to restore the network.
Examples
The following is a sample output of the show run-config startup-commands command:
show run-config startup-commands
(Cisco Controller) >
show run-config startup-commands
(Cisco Controller) >show run-config startup-commands
This may take some time.
Are you sure you want to proceed? (y/N) y config location expiry tags 5 config mdns profile service add default-mdns-profile AirPrint config mdns profile service add default-mdns-profile AirTunes config mdns profile service add default-mdns-profile AppleTV config mdns profile service add default-mdns-profile HP_Photosmart_Printer_1 config mdns profile service add default-mdns-profile HP_Photosmart_Printer_2 config mdns profile service add default-mdns-profile Printer config mdns profile create default-
Cisco Wireless Controller Command Reference, Release 8.4
1847
show serial show serial
To display the serial (console) port configuration, use the show serial command.
show serial
Syntax Description
This command has no arguments or keywords.
Command Default
The default values for Baud rate, Character, Flow Control, Stop Bits, Parity type of the port configuration are
9600, 8, off, 1, none.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display EIA-232 parameters and the serial port inactivity timeout:
(Cisco Controller) >
show serial
Serial Port Login Timeout (minutes)......... 45
Baud Rate................................... 9600
Character Size.............................. 8
Flow Control:............................... Disable
Stop Bits................................... 1
Parity Type:................................ none
1848
Cisco Wireless Controller Command Reference, Release 8.4
show sessions show sessions
To display the console port login timeout and maximum number of simultaneous command-line interface
(CLI) sessions, use the show sessions command.
show sessions
Syntax Description
This command has no arguments or keywords.
Command Default
5 minutes, 5 sessions.
Examples
This example shows how to display the CLI session configuration setting:
>
show sessions
CLI Login Timeout (minutes)............ 0
Maximum Number of CLI Sessions......... 5
The response indicates that the CLI sessions never time out and that the Cisco wireless LAN controller can host up to five simultaneous CLI sessions.
Related Commands config sessions maxsessions config sessions timeout
Cisco Wireless Controller Command Reference, Release 8.4
1849
show snmpcommunity show snmpcommunity
To display Simple Network Management Protocol (SNMP) community entries, use the show snmpcommunity command.
show snmpcommunity
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display SNMP community entries:
>
show snmpcommunity
SNMP Community Name Client IP Address Client IP Mask Access Mode Status
------------------- ----------------- ----------------- ----------- -------public 0.0.0.0
0.0.0.0
Read Only Enable
********** 0.0.0.0
0.0.0.0
Read/Write Enable
Related Commands config snmp community accessmode config snmp community create config snmp community delete config snmp community ipaddr config snmp community mode config snmp syscontact
1850
Cisco Wireless Controller Command Reference, Release 8.4
show snmpengineID
To display the SNMP engine ID, use the show snmpengineID command.
show snmpengineID
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the SNMP engine ID:
>
show snmpengineID
SNMP EngineId... ffffffffffff
Related Commands config snmp engineID show snmpengineID
Cisco Wireless Controller Command Reference, Release 8.4
1851
show snmptrap show snmptrap
To display Cisco wireless LAN controller Simple Network Management Protocol (SNMP) trap receivers and their status, use the show snmptrap command.
show snmptrap
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display SNMP trap receivers and their status:
>
show snmptrap
SNMP Trap Receiver Name IP Address Status
---------------------------------------- -------xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
Enable
1852
Cisco Wireless Controller Command Reference, Release 8.4
show snmpv3user show snmpv3user
To display Simple Network Management Protocol (SNMP) version 3 configuration, use the show snmpv3user command.
show snmpv3user
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display SNMP version 3 configuration information:
>
show snmpv3user
SNMP v3 username AccessMode Authentication Encryption
-------------------- ----------- -------------- ---------default Read/Write HMAC-SHA CFB-AES
Related Commands config snmp v3user create config snmp v3user delete
Cisco Wireless Controller Command Reference, Release 8.4
1853
show snmpversion show snmpversion
To display which versions of Simple Network Management Protocol (SNMP) are enabled or disabled on your controller, use the show snmpversion command.
show snmpversion
Syntax Description
This command has no arguments or keywords.
Command Default
Enable.
Examples
This example shows how to display the SNMP v1/v2/v3 status:
>
show snmpversion
SNMP v1 Mode.................................. Disable
SNMP v2c Mode.................................. Enable
SNMP v3 Mode.................................. Enable
Related Commands config snmp version
1854
Cisco Wireless Controller Command Reference, Release 8.4
show spanningtree port show spanningtree port
To display the Cisco wireless LAN controller spanning tree port configuration, use the show spanningtree
port command.
show spanningtree port port
Syntax Description
port
Physical port number:
• 1 through 4 on Cisco 2100 Series Wireless LAN
Controller.
• 1 or 2 on Cisco 4402 Series Wireless LAN
Controller.
• 1 through 4 on Cisco 4404 Series Wireless LAN
Controller.
Command Default
The default SPT configuration output values are 800C, Disabled, 802.1D, 128, 100, Auto.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
When the a Cisco 4400 Series wireless LAN controller is configured for port redundancy, the Spanning Tree
Protocol (STP) must be disabled for all ports on the Cisco 4400 Series Wireless LAN Controller. STP can remain enabled on the switch connected to the Cisco 4400 Series Wireless LAN Controller.
Note
Some WLAN controllers do not support the spanning tree function.
Examples
The following example shows how to display spanning tree values on a per port basis:
(Cisco Controller) >
show spanningtree port 3
STP Port ID................................. 800C
STP Port State.............................. Disabled
STP Port Administrative Mode................ 802.1D
STP Port Priority........................... 128
STP Port Path Cost.......................... 100
STP Port Path Cost Mode..................... Auto
Cisco Wireless Controller Command Reference, Release 8.4
1855
show spanningtree switch show spanningtree switch
To display the Cisco wireless LAN controller network (DS port) spanning tree configuration, use the show
spanningtree switch command.
show spanningtree switch
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
Some WLAN controllers do not support the spanning tree function.
Examples
The following example shows how to display spanning tree values on a per switch basis:
(Cisco Controller) >
show spanningtree switch
STP Specification...................... IEEE 802.1D
STP Base MAC Address................... 00:0B:85:02:0D:20
Spanning Tree Algorithm................ Disable
STP Bridge Priority.................... 32768
STP Bridge Max. Age (seconds).......... 20
STP Bridge Hello Time (seconds)........ 2
STP Bridge Forward Delay (seconds)..... 15
1856
Cisco Wireless Controller Command Reference, Release 8.4
show stats port show stats port
To display physical port receive and transmit statistics, use the show stats port command.
show stats port {detailed port | summary port}
Syntax Description detailed summary
port
Displays detailed port statistics.
Displays port summary statistics.
Physical port number:
• 1 through 4 on Cisco 2100 Series Wireless LAN
Controllers.
• 1 or 2 on Cisco 4402 Series Wireless LAN
Controllers.
• 1 through 4 on Cisco 4404 Series Wireless LAN
Controllers.
• 1 on Cisco WLCM Series Wireless LAN
Controllers.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the port summary information:
(Cisco Controller) >
show stats port summary
Packets Received Without Error................. 399958
Packets Received With Error.................... 0
Broadcast Packets Received..................... 8350
Packets Transmitted Without Error.............. 106060
Transmit Packets Errors........................ 0
Collisions Frames.............................. 0
Time Since Counters Last Cleared............... 2 day 11 hr 16 min 23 sec
The following example shows how to display the detailed port information:
(Cisco Controller) >
show stats port detailed 1
Cisco Wireless Controller Command Reference, Release 8.4
1857
show stats port
PACKETS RECEIVED (OCTETS)
Total Bytes...................................... 267799881
64 byte pkts
65-127 byte pkts
:918281
:354016 128-255 byte pkts :1283092
256-511 byte pkts :8406
1024-1518 byte pkts :1184
> 1530 byte pkts :2
PACKETS RECEIVED SUCCESSFULLY
512-1023 byte pkts :3006
1519-1530 byte pkts :0
Total............................................ 2567987
Unicast Pkts :2547844 Multicast Pkts:0 Broadcast Pkts:20143
PACKETS RECEIVED WITH MAC ERRORS
Total............................................ 0
Jabbers :0
FCS Errors:0
Undersize :0
Overruns :0
RECEIVED PACKETS NOT FORWARDED
Total............................................ 0
Local Traffic Frames:0
Unacceptable Frames :0
VLAN Viable Discards:0
ReserveAddr Discards:0
Alignment :0
RX Pause Frames
VLAN Membership
:0
:0
MulticastTree Viable:0
CFI Discards :0
PACKETS TRANSMITTED (OCTETS)
Upstream Threshold :0
Total Bytes...................................... 353831
64 byte pkts :0 65-127 byte pkts :0
128-255 byte pkts
512-1023 byte pkts
:0
:0
1519-1530 byte pkts :0
PACKETS TRANSMITTED SUCCESSFULLY
256-511 byte pkts :0
1024-1518 byte pkts :2
Max Info :1522
Total............................................ 5875
Unicast Pkts :5868 Multicast Pkts:0
TRANSMIT ERRORS
Total Errors..................................... 0
FCS Error :0
TRANSMIT DISCARDS
TX Oversized :0
Broadcast Pkts:7
Underrun Error:0
Total Discards................................... 0
Single Coll Frames :0 Multiple Coll Frames:0
Excessive Coll Frame:0
VLAN Viable Discards:0
PROTOCOL STATISTICS
BPDUs Received :6
802.3x RX PauseFrame:0
Port Membership
BPDUs Transmitted
:0
:0
Time Since Counters Last Cleared............... 2 day 0 hr 39 min 59 sec
1858
Cisco Wireless Controller Command Reference, Release 8.4
show stats switch show stats switch
To display the network (DS port) receive and transmit statistics, use the show stats switch command.
show stats switch {detailed | summary}
Syntax Description detailed summary
Displays detailed switch statistics.
Displays switch summary statistics.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display switch summary statistics:
(Cisco Controller) >
show stats switch summary
Packets Received Without Error................. 136410
Broadcast Packets Received..................... 18805
Packets Received With Error.................... 0
Packets Transmitted Without Error.............. 78002
Broadcast Packets Transmitted.................. 3340
Transmit Packet Errors......................... 2
Address Entries Currently In Use............... 26
VLAN Entries Currently In Use.................. 1
Time Since Counters Last Cleared............... 2 day 11 hr 22 min 17 sec
The following example shows how to display detailed switch statistics:
(Cisco Controller) >
show stats switch detailed
RECEIVE
Octets........................................... 19351718
Total Pkts....................................... 183468
Unicast Pkts..................................... 180230
Multicast Pkts................................... 3219
Broadcast Pkts................................... 19
Pkts Discarded................................... 0
TRANSMIT
Octets........................................... 354251
Total Pkts....................................... 5882
Unicast Pkts..................................... 5875
Multicast Pkts................................... 0
Broadcast Pkts................................... 7
Pkts Discarded................................... 0
Cisco Wireless Controller Command Reference, Release 8.4
1859
show stats switch
ADDRESS ENTRIES
Most Ever Used................................... 1
Currently In Use................................. 1
VLAN ENTRIES
Maximum.......................................... 128
Most Ever Used................................... 1
Static In Use.................................... 1
Dynamic In Use................................... 0
VLANs Deleted.................................... 0
Time Since Ctrs Last Cleared..................... 2 day 0 hr 43 min 22 sec
1860
Cisco Wireless Controller Command Reference, Release 8.4
show switchconfig show switchconfig
To display parameters that apply to the Cisco wireless LAN controller, use the show switchconfig command.
show switchconfig
Syntax Description
This command has no arguments or keywords.
Command Default
Enabled.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
This example shows how to display parameters that apply to the Cisco wireless LAN controller:
(Cisco Controller) >>
show switchconfig
802.3x Flow Control Mode......................... Disabled
FIPS prerequisite features....................... Enabled
Boot Break....................................... Enabled secret obfuscation............................... Enabled
Strong Password Check Features: case-check ...........Disabled
consecutive-check ....Disabled
default-check .......Disabled
username-check ......Disabled
Related Commands config switchconfig mode config switchconfig secret-obfuscation config switchconfig strong-pwd config switchconfig flowcontrol config switchconfig fips-prerequisite show stats switch
Cisco Wireless Controller Command Reference, Release 8.4
1861
show sysinfo show sysinfo
To display high-level Cisco WLC information, use the show sysinfo command.
show sysinfo
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
This example shows a sample output of the command run on Cisco 8540 Wireless Controller using Release
8.3:
(Cisco Controller) >
show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.3.100.0
RTOS Version..................................... 8.3.100.0
Bootloader Version............................... 8.0.110.0
Emergency Image Version.......................... 8.0.110.0
OUI File Last Update Time........................ Sun Sep 07 10:44:07 IST 2014
Build Type....................................... DATA + WPS
System Name...................................... TestSpartan8500Dev1
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1615
Redundancy Mode.................................. Disabled
IP Address....................................... 8.1.4.2
IPv6 Address..................................... ::
System Up Time................................... 0 days 17 hrs 20 mins 58 secs
--More-- or (q)uit
System Timezone Location.........................
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... Multiple Countries : IN,US
Operating Environment............................ Commercial (10 to 35 C)
Internal Temp Alarm Limits....................... 10 to 38 C
Internal Temperature............................. +21 C
Fan Status....................................... OK
RAID Volume Status
Drive 0.......................................... Good
Drive 1.......................................... Good
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 7
Number of Active Clients......................... 1
OUI Classification Failure Count................. 0
Burned-in MAC Address............................ F4:CF:E2:0A:27:00
Power Supply 1................................... Present, OK
1862
Cisco Wireless Controller Command Reference, Release 8.4
--More-- or (q)uit
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 6000
System Nas-Id....................................
WLC MIC Certificate Types........................ SHA1/SHA2
Licensing Type................................... RTU
show sysinfo
Cisco Wireless Controller Command Reference, Release 8.4
1863
show tacacs acct statistics show tacacs acct statistics
To display detailed radio frequency identification (RFID) information for a specified tag, use the show tacacs
acct statistics command.
show tacacs acct statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display detailed RFID information:
(Cisco Controller) >
show tacacs acct statistics
Accounting Servers:
Server Index..................................... 1
Server Address................................... 10.0.0.0
Msg Round Trip Time.............................. 0 (1/100 second)
First Requests................................... 1
Retry Requests................................... 0
Accounting Response.............................. 0
Accounting Request Success....................... 0
Accounting Request Failure....................... 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. -1
Timeout Requests................................. 1
Unknowntype Msgs................................. 0
Other Drops...................................... 0
Related Commands config tacacs acct config tacacs athr config tacacs auth show tacacs summary
1864
Cisco Wireless Controller Command Reference, Release 8.4
show tacacs athr statistics show tacacs athr statistics
To display TACACS+ server authorization statistics, use the show tacacs athr statistics command.
show tacacs athr statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display TACACS server authorization statistics:
(Cisco Controller) >
show tacacs athr statistics
Authorization Servers:
Server Index..................................... 3
Server Address................................... 10.0.0.3
Msg Round Trip Time.............................. 0 (1/100 second)
First Requests................................... 0
Retry Requests................................... 0
Received Responses............................... 0
Authorization Success............................ 0
Authorization Failure............................ 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
Related Commands config tacacs acct config tacacs athr config tacacs auth show tacacs auth statistics show tacacs summary
Cisco Wireless Controller Command Reference, Release 8.4
1865
show tacacs auth statistics show tacacs auth statistics
To display TACACS+ server authentication statistics, use the show tacacs auth statistics command.
show tacacs auth statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display TACACS server authentication statistics:
(Cisco Controller) >
show tacacs auth statistics
Authentication Servers:
Server Index..................................... 2
Server Address................................... 10.0.0.2
Msg Round Trip Time.............................. 0 (msec)
First Requests................................... 0
Retry Requests................................... 0
Accept Responses................................. 0
Reject Responses................................. 0
Error Responses.................................. 0
Restart Responses................................ 0
Follow Responses................................. 0
GetData Responses................................ 0
Encrypt no secret Responses...................... 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
Related Commands config tacacs acct config tacacs athr config tacacs auth show tacacs summary
1866
Cisco Wireless Controller Command Reference, Release 8.4
show tacacs summary show tacacs summary
To display TACACS+ server summary information, use the show tacacs summary command.
show tacacs summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display TACACS server summary information:
(Cisco Controller) >
show tacacs summary
Authentication Servers
Idx Server Address Port State Tout
---------------------------------
2 10.0.0.1
Accounting Servers
49 Enabled 30
Idx Server Address Port State Tout
---------------------------------
1 10.0.0.0
49 Enabled 5
Authorization Servers
Idx Server Address Port State Tout
---------------------------------
3 10.0.0.3
Idx Server Address
49
Port
Enabled
State
5
Tout
---------------------------------
4 2001:9:6:40::623 49 Enabled 5
...
Related Commands config tacacs acct config tacacs athr config tacacs auth show tacacs summary show tacacs athr statistics show tacacs auth statistics
Cisco Wireless Controller Command Reference, Release 8.4
1867
show tech-support show tech-support
To display Cisco wireless LAN controller variables frequently requested by Cisco Technical Assistance Center
(TAC), use the show tech-support command.
show tech-support
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display system resource information:
>
show tech-support
Current CPU Load................................. 0%
System Buffers
Max Free Buffers.............................. 4608
Free Buffers.................................. 4604
Buffers In Use................................ 4
Web Server Resources
Descriptors Allocated......................... 152
Descriptors Used.............................. 3
Segments Allocated............................ 152
Segments Used................................. 3
System Resources
Uptime........................................ 747040 Secs
Total Ram..................................... 127552 Kbytes
Free Ram...................................... 19540 Kbytes
Shared Ram.................................... 0 Kbytes
Buffer Ram.................................... 460 Kbytes
1868
Cisco Wireless Controller Command Reference, Release 8.4
show time show time
To display the Cisco wireless LAN controller time and date, use the show time command.
show time
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the controller time and date when authentication is not enabled:
>
show time
Time............................................. Wed Apr 13 09:29:15 2011
Timezone delta................................... 0:0
Timezone location........................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata
NTP Servers
NTP Polling Interval.........................
Index NTP Key Index NTP Server
3600
NTP Msg Auth Status
---------------------------------------------------------------------
1 0 9.2.60.60
AUTH DISABLED
This example shows successful authentication of NTP Message results in the AUTH Success:
>
show time
Time............................................. Thu Apr 7 13:56:37 2011
Timezone delta................................... 0:0
Timezone location........................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata
NTP Servers
NTP Polling Interval.........................
Index NTP Key Index NTP Server
3600
NTP Msg Auth Status
---------------------------------------------------------------------
1 1 9.2.60.60
AUTH SUCCESS
This example shows that if the packet received has errors, then the NTP Msg Auth status will show AUTH
Failure:
>
show time
Time............................................. Thu Apr 7 13:56:37 2011
Timezone delta................................... 0:0
Timezone location........................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata
NTP Servers
NTP Polling Interval.........................
Index NTP Key Index NTP Server
3600
NTP Msg Auth Status
---------------------------------------------------------------------
1 10 9.2.60.60
AUTH FAILURE
This example shows that if there is no response from NTP server for the packets, the NTP Msg Auth status will be blank:
>
show time
Time............................................. Thu Apr 7 13:56:37 2011
Timezone delta................................... 0:0
Timezone location................................ (GMT +5:30) Colombo, New Delhi, Chennai,
Kolkata
NTP Servers
NTP Polling Interval.........................
Index NTP Key Index NTP Server
3600
NTP Msg Auth Status
Cisco Wireless Controller Command Reference, Release 8.4
1869
show time
---------------------------------------------------------------------
1 11 9.2.60.60
Related Commands config time manual config time ntp config time timezone config time timezone location
1870
Cisco Wireless Controller Command Reference, Release 8.4
show trapflags show trapflags
To display the Cisco wireless LAN controller Simple Network Management Protocol (SNMP) trap flags, use the show trapflags command.
show trapflags
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display controller SNMP trap flags:
>
show trapflags
Authentication Flag............................ Enable
Link Up/Down Flag.............................. Enable
Multiple Users Flag............................ Enable
Spanning Tree Flag............................. Enable
Client Related Traps
802.11 Disassociation......................... Disable
802.11 Association.............................Disabled
802.11 Deauthenticate......................... Disable
802.11 Authenticate Failure................... Disable
802.11 Association Failure.................... Disable
Authentication.................................Disabled
Excluded...................................... Disable
Max Client Warning Threshold.................. 90%
Nac-Alert Traps................................. Disabled
RFID Related Traps
Max RFIDs Warning Threshold..................... 90%
802.11 Security related traps
WEP Decrypt Error............................. Enable
IDS Signature Attack............................ Disable
Cisco AP
Register...................................... Enable
InterfaceUp................................... Enable
Auto-RF Profiles
Load.......................................... Enable
Noise......................................... Enable
Interference.................................. Enable
Coverage...................................... Enable
Auto-RF Thresholds tx-power...................................... Enable channel....................................... Enable antenna....................................... Enable
AAA auth.......................................... Enable servers....................................... Enable rogueap........................................ Enable adjchannel-rogueap............................... Disabled wps............................................ Enable configsave..................................... Enable
IP Security esp-auth...................................... Enable esp-replay.................................... Enable invalidSPI.................................... Enable ike-neg....................................... Enable suite-neg..................................... Enable invalid-cookie................................ Enable
Cisco Wireless Controller Command Reference, Release 8.4
1871
show trapflags
Mesh auth failure.................................... Enabled child excluded parent........................... Enabled parent change................................... Enabled child moved..................................... Enabled excessive parent change......................... Enabled onset SNR....................................... Enabled abate SNR....................................... Enabled console login................................... Enabled excessive association........................... Enabled default bridge group name....................... Enabled excessive hop count............................. Disabled excessive children.............................. Enabled sec backhaul change............................. Disabled
Related Commands config trapflags 802.11-Security config trapflags aaa config trapflags ap config trapflags authentication config trapflags client config trapflags configsave config trapflags IPsec config trapflags linkmode
1872
Cisco Wireless Controller Command Reference, Release 8.4
show traplog show traplog
To display the Cisco wireless LAN controller Simple Network Management Protocol (SNMP) trap log, use the show traplog command.
show traplog
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following is a sample output of the show traplog command:
(Cisco Controller) >
show traplog
Number of Traps Since Last Reset........... 2447
Number of Traps Since Log Last Displayed... 2447
Log System Time Trap
--- ------------------------ -------------------------------------------------
0 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:52:62:fe detected on Base Rad io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11
b/g) with RSSI: -78 and SNR: 10
1 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:52:19:d8 detected on Base Rad io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11
b/g) with RSSI: -72 and SNR: 16
2 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:26:a1:8d detected on Base Rad io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11
b/g) with RSSI: -82 and SNR: 6
3 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:14:b3:4f detected on Base Rad io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11
b/g) with RSSI: -56 and SNR: 30
Would you like to display more entries? (y/n)
Cisco Wireless Controller Command Reference, Release 8.4
1873
show tunnel profile-summary show tunnel profile-summary
To show the summary of all the profiles, use the show tunnel profile command.
show tunnel profilesummary
Syntax Description summary
Displays the summary of all the profiles.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to display the summary of all the profiles:
show tunnel profile summary
1874
Cisco Wireless Controller Command Reference, Release 8.4
show tunnel profile-detail
To show details of a specific profile, use the show tunnel profile command.
show tunnel profiledetailprofile-name
Syntax Description detail
profile-name
Displays details of a specific profile.
Name of the profile.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to display specific profile details:
show tunnel profile detail test show tunnel profile-detail
Cisco Wireless Controller Command Reference, Release 8.4
1875
show tunnel eogre-summary show tunnel eogre-summary
To show the global configuration summary, use the show tunnel eogre command.
show tunnel eogre summary
Syntax Description summary
Displays the global configuration summary.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to display the global configuration details:
(Cisco Controller) >
show tunnel eogre summary
1876
Cisco Wireless Controller Command Reference, Release 8.4
show tunnel eogre-statistics show tunnel eogre-statistics
To display the EoGRE Tunnel statistics, use the show tunnel eogre command.
show tunnel eogrestatistics
Syntax Description statistics
Displays the EoGRE Tunnel statistics.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to display the EoGRE Tunnel statistics details:
show tunnel eogre statistics
Cisco Wireless Controller Command Reference, Release 8.4
1877
show tunnel eogre-domain-summary show tunnel eogre-domain-summary
To display the EoGRE domain summary, use the show tunnel eogre command.
show tunnel eogredomainsummary
Syntax Description summary
Displays the EoGRE domain summary.
Command Default
None
Command History
Examples
Release
8.1
Modification
This command was introduced.
The following example shows how to display the EoGRE domain summary:
show tunnel eogre domain summary
1878
Cisco Wireless Controller Command Reference, Release 8.4
show tunnel eogre gateway show tunnel eogre gateway
To view the EoGRE tunnel gateway summary and statistics, use the show tunnel eogre command.
show tunnel eogre gateway {summary | statistics}
Syntax Description summary statistics
Displays the EoGRE tunnel gateway summary.
Displays the EoGRE tunnel gateway statistics.
Command Default
None
Usage Guidelines
The show tunnel eogre gateway summary command lists details of only the FlexConnect central switching clients and Local Mode AP clients. To view the details of FlexConnect local switching clients, use the show
ap eogre gateway ap-name command.
Command History
Release
8.1
8.5
Modification
This command was introduced.
The statistics parameter was added.
Cisco Wireless Controller Command Reference, Release 8.4
1879
show watchlist show watchlist
To display the client watchlist, use the show watchlist command.
show watchlist
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the client watchlist information:
(Cisco Controller) >
show watchlist
client watchlist state is disabled
1880
Cisco Wireless Controller Command Reference, Release 8.4
show wlan show wlan
To display configuration information for a specified wireless LAN or a foreign access point, or to display wireless LAN summary information, use the show wlan command.
show wlan { apgroups | summary | wlan_id | foreignAp | lobby-admin-access}
Syntax Description apgroups summary
wlan_id
foreignAp lobby-admin-access
Displays access point group information.
Displays a summary of all wireless LANs.
Displays the configuration of a WLAN. The Wireless LAN identifier range is from 1 to 512.
Displays the configuration for support of foreign access points.
Display all wlans that have lobby-admin-access enabled.
Command Default
None
Usage Guidelines
For 802.1X client security type, which creates the PMK cache, the maximum session timeout that can be set is 86400 seconds when the session timeout is disabled. For other client security such as open, WebAuth, and
PSK for which the PMK cache is not created, the session timeout value is shown as infinite when session timeout is disabled.
Command History
Release
7.6
8.4
Modification
This command was introduced in a release earlier than Release 7.6.
Shows WLANs which have lobby-admin-access enabled.
Examples
The following example shows how to display a summary of wireless LANs for wlan_id 1:
(Cisco Controller) >
show wlan 1
WLAN Identifier.................................. 1
Profile Name..................................... aicha
Network Name (SSID).............................. aicha
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
RADIUS Profiling Status ...................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Client Profiling Status ...................... Disabled
Cisco Wireless Controller Command Reference, Release 8.4
1881
show wlan
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State.............................. Enabled
SNMP-NAC State................................ Enabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ 300 seconds
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... Talwar1
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured mDNS Status...................................... Disabled mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Enabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver (best effort)
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................
0
Average Realtime Data Rate.......................
0
Burst Data Rate..................................
0
0
0
0
Burst Realtime Data Rate.........................
Average Data Rate................................
Average Realtime Data Rate.......................
Burst Data Rate..................................
Burst Realtime Data Rate.........................
0
Per-Client Rate Limits........................... Upstream
0
0
0
0
Scan Defer Priority.............................. 4,5,6
0
Downstream
0
0
0
0
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Enabled (Profile 'Controller_Local_EAP')
Radius NAI-Realm................................. Enabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
1882
Cisco Wireless Controller Command Reference, Release 8.4
show wlan
PSK..................................... Disabled
CCKM.................................... Enabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Enabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
IP Security................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled flexconnect Central Dhcp Flag................. Disabled flexconnect nat-pat Flag...................... Disabled flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Mobility Anchor List
WLAN ID
-------
IP Address
---------------
Status
------
802.11u........................................ Enabled
Network Access type............................ Chargeable Public Network
Internet service............................... Enabled
Network Authentication type.................... Not Applicable
HESSID......................................... 00:00:00:00:00:00
IP Address Type Configuration
IPv4 Address type............................
Available
IPv6 Address type............................
Not Known
Roaming Consortium List
Index OUI List In Beacon
--------------------------
1 313131 Yes
2
3
DDBBCC
DDDDDD
No
Yes
Realm configuration summary
Realm index.................................. 1
Realm name................................... jobin
EAP index.................................. 1
EAP method................................. Unsupported
Index Inner Authentication
------------------------
1 Credential Type
2 Tunneled Eap Credential Type
Authentication Method
---------------------
SIM
SIM
3
4
Credential Type
Credential Type
5
6
Credential Type
Credential Type
Domain name configuration summary
SIM
USIM
Hardware Token
SoftToken
Cisco Wireless Controller Command Reference, Release 8.4
1883
show wlan
Index Domain name
-------------------
1 rom3
2 ram
3 rom1
Hotspot 2.0.................................... Enabled
Operator name configuration summary
Index Language Operator name
------------------------
1 ros Robin
Port config summary
Index IP protocol Port number Status
-------------------------------
1
2
1
1
0
0
Closed
Closed
3
4
1
1
0
0
Closed
Closed
5
6
7
1
1
1
0
0
0
Closed
Closed
Closed
WAN Metrics Info
Link status.................................. Up
Symmetric Link............................... No
Downlink speed............................... 4 kbps
Uplink speed................................. 4 kbps
MSAP Services.................................. Disabled
Local Policy
----------------
Priority Policy Name
----------------------
1 Teacher_access_policy
The following example shows how to display a summary of all WLANs:
(Cisco Controller) >
show wlan summary
Number of WLANs.................................. 1
WLAN ID WLAN Profile Name / SSID Status Interface Name
Mobility
---------------------------------------------------------------------
---------------
1 apsso / apsso Disabled management
PMIPv6 none
The following example shows how to display the configuration for support of foreign access points:
(Cisco Controller) >
show wlan foreignap
Foreign AP support is not enabled.
The following example shows how to display the AP groups:
(Cisco Controller) >
show wlan apgroups
Total Number of AP Groups........................ 1
Site Name........................................ APuser
Site Description................................. <none>
Venue Name....................................... Not configured
Venue Group Code..................................Unspecified
Venue Type Code...................................Unspecified
Language Code.................................... Not configured
AP Operating Class............................... 83,84,112,113,115,116,117,118,123
RF Profile
----------
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID
-------
14
Interface
----------int_4
Network Admission Control
--------------------------
Disabled
Radio Policy
------------
All
1884
Cisco Wireless Controller Command Reference, Release 8.4
show wlan
AP Name
Country Priority
Slots AP Model Ethernet MAC Location Port
--------------------------------------------------------------------------
--------------
Ibiza 2 AIR-CAP2602I-A-K9 44:2b:03:9a:8a:73 default location 1
1 US
Larch
US 1
2 AIR-CAP3502E-A-K9 f8:66:f2:ab:23:95 default location 1
Zest
US 1
2 AIR-CAP3502I-A-K9 00:22:90:91:6d:b6 ren 1
Number of Clients................................ 1
MAC Address AP Name Status Device Type
----------------- ------------- ------------- -----------------
24:77:03:89:9b:f8 ap2 Associated Android
Cisco Wireless Controller Command Reference, Release 8.4
1885
show wps ap-authentication summary show wps ap-authentication summary
To display the access point neighbor authentication configuration on the controller, use the show wps
ap-authentication summary command.
show wps ap-authentication summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a summary of the Wireless Protection System (WPS) access point neighbor authentication:
(Cisco Controller) >
show wps ap-authentication summary
AP neighbor authentication is <disabled>.
Authentication alarm threshold is 1.
RF-Network Name: <B1>
Related Commands config wps ap-authentication
1886
Cisco Wireless Controller Command Reference, Release 8.4
show wps cids-sensor show wps cids-sensor
To display Intrusion Detection System (IDS) sensor summary information or detailed information on a specified
Wireless Protection System (WPS) IDS sensor, use the show wps cids-sensor command.
show wps cids-sensor {summary | detail index}
Syntax Description summary detail
index
Displays a summary of sensor settings.
Displays all settings for the selected sensor.
IDS sensor identifier.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display all settings for the selected sensor:
(Cisco Controller) >
show wps cids-sensor detail1
IP Address....................................... 10.0.0.51
Port............................................. 443
Query Interval................................... 60
Username......................................... Sensor_user1
Cert Fingerprint................................. SHA1:
00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00
Query State...................................... Disabled
Last Query Result................................ Unknown
Number of Queries Sent........................... 0
Related Commands config wps ap-authentication
Cisco Wireless Controller Command Reference, Release 8.4
1887
show wps mfp show wps mfp
To display Management Frame Protection (MFP) information, use the show wps mfp command.
show wps mfp {summary | statistics}
Syntax Description summary statistics
Displays the MFP configuration and status.
Displays MFP statistics.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a summary of the MFP configuration and status:
(Cisco Controller) >
show wps mfp summary
Global Infrastructure MFP state.................. DISABLED (*all infrastructure settings are overridden)
Controller Time Source Valid..................... False
WLAN ID WLAN Name
WLAN
Status
Infra.
Client
Protection Protection
---------------------------------------------------------
1 homeap Disabled *Enabled Optional but inactive
2
(WPA2 not configured)
7921
3
(WPA2 not configured) open1
Enabled
Enabled
*Enabled
*Enabled
Optional but inactive
Optional but inactive
4
(WPA2 not configured)
7920
(WPA2 not configured)
AP Name
Infra.
Enabled *Enabled
Operational
Validation Radio State
Optional but inactive
--Infra. Capability--
Protection Validation
----------------------------------------------------------------
AP1252AG-EW *Enabled b/g Down Full Full a Down Full Full
The following example shows how to display the MFP statistics:
(Cisco Controller) >
show wps mfp statistics
BSSID Radio Validator AP Last Source Addr Found Error Type
Count Frame Types
----------------- ----- -------------------- ----------------- ------ ----------
---- ---------- ----------no errors
Related Commands config wps mfp
1888
Cisco Wireless Controller Command Reference, Release 8.4
show wps shun-list show wps shun-list
To display the Intrusion Detection System (IDS) sensor shun list, use the show wps shun-list command.
show wps shun-list
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the IDS system sensor shun list:
(Cisco Controller) >
show wps shun-list
Related Commands config wps shun-list re-sync
Cisco Wireless Controller Command Reference, Release 8.4
1889
show wps signature detail show wps signature detail
To display installed signatures, use the show wps signature detail command.
show wps signature detail sig-id
Syntax Description
sig-id
Signature ID of an installed signature.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
This example shows how to display information on the attacks detected by standard signature 1:
(Cisco Controller) >
show wps signature detail 1
Signature-ID..................................... 1
Precedence....................................... 1
Signature Name................................... Bcast deauth
Type............................................. standard
FrameType........................................ management
State............................................ enabled
Action........................................... report
Tracking......................................... per Signature and Mac
Signature Frequency.............................. 500 pkts/interval
Signature Mac Frequency.......................... 300 pkts/interval
Interval......................................... 10 sec
Quiet Time....................................... 300 sec
Description...................................... Broadcast Deauthentication Frame
Patterns:
0(Header):0x0:0x0
4(Header):0x0:0x0
Related Commands config wps signature config wps signature frequency config wps signature mac-frequency config wps signature interval config wps signature quiet-time config wps signature reset show wps signature events show wps signature summary
1890
Cisco Wireless Controller Command Reference, Release 8.4
show wps summary show wps signature detail
Cisco Wireless Controller Command Reference, Release 8.4
1891
show wps signature events show wps signature events
To display more information about the attacks detected by a particular standard or custom signature, use the
show wps signature events command.
show wps signature events {summary | {standard | custom} precedenceID {summary | detailed}
Syntax Description summary standard custom
precedenceID
detailed
Displays all tracking signature summary information.
Displays Standard Intrusion Detection System (IDS) signature settings.
Displays custom IDS signature settings.
Signature precedence identification value.
Displays tracking source MAC address details.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
The following example shows how to display the number of attacks detected by all enabled signatures:
(Cisco Controller) >
show wps signature events summary
Precedence Signature Name Type # Events
----------------------------- ---------------
1 Bcast deauth Standard 2
2 NULL probe resp 1 Standard 1
This example shows how to display a summary of information on the attacks detected by standard signature
1:
(Cisco Controller) >
show wps signature events standard 1 summary
Precedence....................................... 1
Signature Name................................... Bcast deauth
Type............................................. Standard
Number of active events.......................... 2
Source MAC Addr Track Method Frequency # APs Last Heard
------------------------------ --------- ----- ------------------------
00:a0:f8:58:60:dd Per Signature 50 1 Wed Oct 25 15:03:05
2006
1892
Cisco Wireless Controller Command Reference, Release 8.4
show wps signature events
00:a0:f8:58:60:dd Per Mac
2006
Related Commands config wps signature frequency config wps signature mac-frequency config wps signature interval config wps signature quiet-time config wps signature reset config wps signature show wps signature summary show wps summary
30 1 Wed Oct 25 15:02:53
Cisco Wireless Controller Command Reference, Release 8.4
1893
show wps signature summary show wps signature summary
To see individual summaries of all of the standard and custom signatures installed on the controller, use the
show wps signature summary command.
show wps signature summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a summary of all of the standard and custom signatures:
(Cisco Controller) >
show wps signature summary
Signature-ID..................................... 1
Precedence....................................... 1
Signature Name................................... Bcast deauth
Type............................................. standard
FrameType........................................ management
State............................................ enabled
Action........................................... report
Tracking......................................... per Signature and Mac
Signature Frequency.............................. 50 pkts/interval
Signature Mac Frequency.......................... 30 pkts/interval
Interval......................................... 1 sec
Quiet Time....................................... 300 sec
Description...................................... Broadcast
Deauthentication Frame
Patterns:
0(Header):0x00c0:0x00ff
4(Header):0x01:0x01
...
Related Commands config wps signature frequency config wps signature interval config wps signature quiet-time config wps signature reset show wps signature events show wps summary
1894
Cisco Wireless Controller Command Reference, Release 8.4
config wps signature mac-frequency config wps signature show wps signature summary
Cisco Wireless Controller Command Reference, Release 8.4
1895
show wps summary show wps summary
To display Wireless Protection System (WPS) summary information, use the show wps summary command.
show wps summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display WPS summary information:
(Cisco Controller) >
show wps summary
Auto-Immune
Auto-Immune.................................... Disabled
Client Exclusion Policy
Excessive 802.11-association failures.......... Enabled
Excessive 802.11-authentication failures....... Enabled
Excessive 802.1x-authentication................ Enabled
IP-theft....................................... Enabled
Excessive Web authentication failure........... Enabled
Trusted AP Policy
Management Frame Protection.................... Disabled
Mis-configured AP Action....................... Alarm Only
Enforced encryption policy................... none
Enforced preamble policy..................... none
Enforced radio type policy................... none
Validate SSID................................ Disabled
Alert if Trusted AP is missing................. Disabled
Trusted AP timeout............................. 120
Untrusted AP Policy
Rogue Location Discovery Protocol.............. Disabled
RLDP Action.................................. Alarm Only
Rogue APs
Rogues AP advertising my SSID................ Alarm Only
Detect and report Ad-Hoc Networks............ Enabled
Rogue Clients
Validate rogue clients against AAA........... Enabled
Detect trusted clients on rogue APs.......... Alarm Only
Rogue AP timeout............................... 1300
Signature Policy
Signature Processing........................... Enabled
...
1896
Cisco Wireless Controller Command Reference, Release 8.4
Related Commands config wps signature frequency config wps signature interval config wps signature quiet-time config wps signature reset show wps signature events show wps signature mac-frequency show wps summary config wps signature config wps signature interval show wps summary
Cisco Wireless Controller Command Reference, Release 8.4
1897
show wps wips statistics show wps wips statistics
To display the current state of the Cisco Wireless Intrusion Prevention System (wIPS) operation on the controller, use the show wps wips statistics command.
show wps wips statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display the statistics of the wIPS operation:
(Cisco Controller) >
show wps wips statistics
Policy Assignment Requests............ 1
Policy Assignment Responses........... 1
Policy Update Requests................ 0
Policy Update Responses............... 0
Policy Delete Requests................ 0
Policy Delete Responses............... 0
Alarm Updates......................... 13572
Device Updates........................ 8376
Device Update Requests................ 0
Device Update Responses............... 0
Forensic Updates...................... 1001
Invalid WIPS Payloads................. 0
Invalid Messages Received............. 0
NMSP Transmitted Packets.............. 22950
NMSP Transmit Packets Dropped......... 0
NMSP Largest Packet................... 1377
Related Commands config 802.11 enable config ap mode config ap monitor-mode show ap config show ap monitor-mode summary show wps wips summary
1898
Cisco Wireless Controller Command Reference, Release 8.4
show wps wips summary show wps wips summary
To display the adaptive Cisco Wireless Intrusion Prevention System (wIPS) configuration that the Wireless
Control System (WCS) forwards to the controller, use the show wps wips summary command.
show wps wips summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a summary of the wIPS configuration:
(Cisco Controller) >
show wps wips summary
Policy Name...................................... Default
Policy Version................................... 3
Related Commands config 802.11 enable config ap mode config ap monitor-mode show ap config show ap monitor-mode summary show wps wips statistics
Cisco Wireless Controller Command Reference, Release 8.4
1899
show wps ap-authentication summary show wps ap-authentication summary
To display the access point neighbor authentication configuration on the controller, use the show wps
ap-authentication summary command.
show wps ap-authentication summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to display a summary of the Wireless Protection System (WPS) access point neighbor authentication:
(Cisco Controller) >
show wps ap-authentication summary
AP neighbor authentication is <disabled>.
Authentication alarm threshold is 1.
RF-Network Name: <B1>
Related Commands config wps ap-authentication
1900
Cisco Wireless Controller Command Reference, Release 8.4
P A R T
VIII
Miscellaneous Commands
•
Miscellaneous Commands: 1, page 1903
•
Miscellaneous Commands: 2, page 1909
Miscellaneous Commands: 1
•
•
•
•
Cisco Wireless Controller Command Reference, Release 8.4
1903
cping cping
To test mobility data traffic using CAPWAP, use the cping command.
cping mobility_peer_IP_address
Syntax Description
mobility_peer_IP_address
IP address of a peer mobility controller.
Command Default
None
Command History
Release
7.5
Modification
This command was introduced in the controller 7.5
Release.
Usage Guidelines
This command tests the mobility data traffic using the new mobility architecture.
Examples
The following example shows how to test the data traffic of a controller with peer mobility IP address as
172.12.35.31:
(Cisco Controller) >
cping 172.12.35.31
1904
Cisco Wireless Controller Command Reference, Release 8.4
eping eping
To test the mobility Ethernet over IP (EoIP) data packet communication between two Cisco WLCs, use the
eping command.
eping mobility_peer_IP_address
Syntax Description
mobility_peer_IP_address
IP address of a controller that belongs to a mobility group.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports only IPv4 address format.
Usage Guidelines
This command tests the mobility data traffic over the management interface.
Examples
Note
This ping test is not Internet Control Message Protocol (ICMP) based. The term “ping” is used to indicate an echo request and an echo reply message.
The IPv6 address format for this command is not supported.
The following example shows how to test EoIP data packets and to set the IP address of a controller that belongs to a mobility group to 172.12.35.31:
(Cisco Controller) >
eping 172.12.35.31
Cisco Wireless Controller Command Reference, Release 8.4
1905
mping mping
To test mobility UDP control packet communication between two Cisco WLCs, use the mping command.
mping mobility_peer_IP_address
Syntax Description
mobility_peer_IP_address
IP address of a controller that belongs to a mobility group.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports both IPv4 and IPv6 address formats.
Usage Guidelines
This test runs over mobility UDP port 16666. It tests whether the mobility control packet can be reached over the management interface.
Note
This ping test is not Internet Control Message Protocol (ICMP) based. The term “ping” is used to indicate an echo request and an echo reply message.
Examples
The following example shows how to test mobility UDP control packet communications and to set the IP address of a Cisco WLC that belongs to a mobility group to 172.12.35.31:
(Cisco Controller) >
mping 172.12.35.31
1906
Cisco Wireless Controller Command Reference, Release 8.4
ping ping
To send ICMP echo packets to a specified IP address, use the ping command:
ping ip-addr interface-name
Syntax Description
ip-addr interface-name
IP address of the interface that you are trying to send ICMP echo packets to
Name of the interface to which you are trying to send ICMP echo packets
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
When you run the ping command, the CPU spikes up to 98 percent in the “osapi_ping_rx process”. While the
ping command is running, the terminal and web activity on the Cisco WLC is blocked.
Examples
The following example shows how to send ICMP echo packets to an interface:
(Cisco Controller) >ping 209.165.200.225 dyn-interface-1
Cisco Wireless Controller Command Reference, Release 8.4
1907
ping
1908
Cisco Wireless Controller Command Reference, Release 8.4
Miscellaneous Commands: 2
•
capwap ap controller ip address, page 1911
•
config ap dhcp release-override, page 1912
•
•
•
capwap ap ip address, page 1915
•
capwap ap ip default-gateway, page 1916
•
capwap ap log-server, page 1917
•
capwap ap primary-base, page 1918
•
capwap ap primed-timer, page 1919
•
capwap ap secondary-base, page 1920
•
capwap ap tertiary-base, page 1921
•
lwapp ap controller ip address, page 1922
•
•
•
reset system cancel, page 1925
•
reset system notify-time, page 1926
•
•
•
transfer download certpasswor, page 1929
•
transfer download datatype, page 1930
•
transfer download datatype icon, page 1932
•
transfer download filename, page 1933
•
transfer download mode, page 1934
•
transfer download password, page 1935
Cisco Wireless Controller Command Reference, Release 8.4
1909
•
transfer download path, page 1936
•
transfer download port, page 1937
•
transfer download serverip, page 1938
•
transfer download start, page 1939
•
transfer download tftpPktTimeout, page 1940
•
transfer download tftpMaxRetries, page 1941
•
transfer download username, page 1942
•
•
transfer upload datatype, page 1944
•
transfer upload filename, page 1946
•
transfer upload mode, page 1947
•
transfer upload pac, page 1948
•
transfer upload password, page 1949
•
transfer upload path, page 1950
•
transfer upload peer-start, page 1951
•
transfer upload port, page 1952
•
transfer upload serverip, page 1953
•
transfer upload start, page 1954
•
transfer upload username, page 1955
1910
Cisco Wireless Controller Command Reference, Release 8.4
capwap ap controller ip address capwap ap controller ip address
To configure the controller IP address into the CAPWAP access point from the access point’s console port, use the capwap ap controller ip address command.
capwap ap controller ip address A.B.C.D
Syntax Description
A.B.C.D
IP address of the controller.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports only IPv4 address format .
Usage Guidelines
This command must be entered from an access point’s console port. This command is applicable for IPv4 addresses only.
Note
The access point must be running Cisco IOS Release 12.3(11)JX1 or later releases.
Examples
The following example shows how to configure the controller IP address 10.23.90.81 into the CAPWAP access point: ap_console >
capwap ap controller ip address 10.23.90.81
Cisco Wireless Controller Command Reference, Release 8.4
1911
config ap dhcp release-override config ap dhcp release-override
To configure DHCP release override on Cisco APs, use the config ap dhcp release-override command.
config ap dhcp release-override {enable | disable} {cisco-ap-name | all}
Syntax Description enable disable
cisco-ap-name
all
Enables DHCP release override and sets number of DHCP releases sent by AP to 1.
To be used as a workaround for a few DHCP servers that mark the AP's IP address as bad. We recommend that you use this configuration only in highly reliable networks.
Disables DHCP release override and sets number of DHCP releases sent by AP to 3, which is the default value. This ensures that the DHCP server receives the release message even if one of the packets is lost.
Configuration is applied to the Cisco AP that you enter
Configuration is applied to all Cisco APs
Command Default
Disabled
Command History
Release
8.2
Modification
This command was introduced.
Usage Guidelines
Use this command when you are using Cisco lightweight APs with Windows Server 2008 R2 or 2012 as the
DHCP server.
1912
Cisco Wireless Controller Command Reference, Release 8.4
capwap ap dot1x capwap ap dot1x
To configure the dot1x username and password into the CAPWAP access point from the access point’s console port, use the capwap ap dot1x command.
capwap ap dot1x username user_name password password
Syntax Description
user_name password
Dot1x username.
Dot1x password.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
This command must be entered from an access point’s console port.
Note
The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.
Examples
This example shows how to configure the dot1x username ABC and password pass01: ap_console >
capwap ap dot1x username ABC password pass01
Cisco Wireless Controller Command Reference, Release 8.4
1913
capwap ap hostname capwap ap hostname
To configure the access point host name from the access point’s console port, use the capwap ap hostname command.
capwap ap hostname host_name
Syntax Description
host_name
Hostname of the access point.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
This command must be entered from an access point’s console port.
Note
The access point must be running Cisco IOS Release 12.3(11)JX1 or later releases. This command is available only for the Cisco Lightweight AP IOS Software recovery image (rcvk9w8) without any private-config. You can remove the private-config by using the clear capwap private-config command.
Examples
This example shows how to configure the hostname WLC into the capwap access point: ap_console >
capwap ap hostname WLC
1914
Cisco Wireless Controller Command Reference, Release 8.4
capwap ap ip address capwap ap ip address
To configure the IP address into the CAPWAP access point from the access point’s console port, use the
capwap ap ip address command.
capwap ap ip address A.B.C.D
Syntax Description
A.B.C.D
IP address.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports only IPv4 address format.
Usage Guidelines
This command must be entered from an access point’s console port. This command supports only IPv4 address format.
Note
The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.
Examples
This example shows how to configure the IP address 10.0.0.1 into CAPWAP access point: ap_console >
capwap ap ip address 10.0.0.1
Cisco Wireless Controller Command Reference, Release 8.4
1915
capwap ap ip default-gateway capwap ap ip default-gateway
To configure the default gateway from the access point’s console port, use the capwap ap ip default-gateway command.
capwap ap ip default-gateway A.B.C.D
Syntax Description
A.B.C.D
Default gateway address of the capwap access point.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports only IPv4 address format.
Usage Guidelines
This command must be entered from an access point’s console port. This command supports only IPv4 address format.
Note
The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.
Examples
This example shows how to configure the CAPWAP access point with the default gateway address 10.0.0.1: ap_console >
capwap ap ip default-gateway 10.0.0.1
1916
Cisco Wireless Controller Command Reference, Release 8.4
capwap ap log-server capwap ap log-server
To configure the system log server to log all the CAPWAP errors, use the capwap ap log-server command.
capwap ap log-server A.B.C.D
Syntax Description
A.B.C.D
IP address of the syslog server.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports only IPv4 address format.
Usage Guidelines
This command must be entered from an access point’s console port. This command supports only IPv4 address format.
Note
The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.
Examples
This example shows how to configure the syslog server with the IP address 10.0.0.1: ap_console >
capwap ap log-server 10.0.0.1
Cisco Wireless Controller Command Reference, Release 8.4
1917
capwap ap primary-base capwap ap primary-base
To configure the primary controller name and IP address into the CAPWAP access point from the access point’s console port, use the capwap ap primary-base command.
capwap ap primary-base WORD A.B.C.D
Syntax Description
WORD
A.B.C.D
Name of the primary controller.
IP address of the primary controller.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports only IPv4 address format.
Usage Guidelines
This command must be entered from an access point’s console port. This command supports only IPv4 address format.
Note
The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.
Examples
This example shows how to configure the primary controller name WLC1 and primary controller IP address
209.165.200.225 into the CAPWAP access point: ap_console >
capwap ap primary-base WLC1 209.165.200.225
1918
Cisco Wireless Controller Command Reference, Release 8.4
capwap ap primed-timer capwap ap primed-timer
To configure the primed timer into the CAPWAP access point, use the capwap ap primed-timer command.
capwap ap primed-timer {enable | disable}
Syntax Description enable disable
Enables the primed timer settings
Disables the primed timer settings.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Usage Guidelines
This command must be entered from an access point’s console port.
Note
The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.
Examples
This example shows how to enable the primed-timer settings: ap_console >
capwap ap primed-timer enable
Cisco Wireless Controller Command Reference, Release 8.4
1919
capwap ap secondary-base capwap ap secondary-base
To configure the name and IP address of the secondary Cisco WLC into the CAPWAP access point from the access point’s console port, use the capwap ap secondary-base command.
capwap ap secondary-base controller_name controller_ip_address
Syntax Description
controller_name controller_ip_address
Name of the secondary Cisco WLC.
IP address of the secondary Cisco WLC.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports only IPv4 address format.
Usage Guidelines
This command must be entered from an access point’s console port. This command supports only IPv4 address format.
Note
The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.
Examples
This example shows how to configure the secondary Cisco WLC name as WLC2 and secondary Cisco WLC
IP address 209.165.200.226 into the CAPWAP access point: ap_console >
capwap ap secondary-base WLC2 209.165.200.226
1920
Cisco Wireless Controller Command Reference, Release 8.4
capwap ap tertiary-base capwap ap tertiary-base
To configure the name and IP address of the tertiary Cisco WLC into the CAPWAP access point from the access point’s console port, use the capwap ap tertiary-base command.
capwap ap tertiary-base WORDA.B.C.D
Syntax Description
WORD
A.B.C.D
Name of the tertiary Cisco WLC.
IP address of the tertiary Cisco WLC.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports only IPv4 address format.
Usage Guidelines
This command must be entered from an access point’s console port. This command supports only IPv4 address format.
Note
The access point must be running Cisco IOS Release 12.3(11)JX1 or later releases.
Examples
This example shows how to configure the tertiary Cisco WLC with the name WLC3 and secondary Cisco
WLC IP address 209.165.200.227 into the CAPWAP access point: ap_console >
capwap ap tertiary-base WLC3 209.165.200.227
Cisco Wireless Controller Command Reference, Release 8.4
1921
lwapp ap controller ip address lwapp ap controller ip address
To configure the Cisco WLC IP address into the FlexConnect access point from the access point’s console port, use the lwapp ap controller ip address command.
lwapp ap controller ip address A.B.C.D
Syntax Description
A.B.C.D
IP address of the controller.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than
Release 7.6.
This command supports only IPv4 address format.
Usage Guidelines
This command must be entered from an access point’s console port. This command is applicable for IPv4 addresses only.
Prior to changing the FlexConnect configuration on an access point using the access point’s console port, the access point must be in standalone mode (not connected to a controller) and you must remove the current
LWAPP private configuration by using the clear lwapp private-config command.
Note
The access point must be running Cisco IOS Release 12.3(11)JX1 or higher releases.
Examples
The following example shows how to configure the controller IP address 10.92.109.1 into the FlexConnect access point: ap_console >
lwapp ap controller ip address 10.92.109.1
1922
Cisco Wireless Controller Command Reference, Release 8.4
reset system at reset system at
To reset the system at a specified time, use the reset system at command.
reset system at YYYY-MM-DD HH:MM:SS image {no-swap|swap} reset-aps [save-config]
Syntax Description
YYYY-MM-DD
HH: MM: SS image swap no-swap reset-aps save-config
Specifies the date.
Specifies the time in a 24-hour format.
Configures the image to be rebooted.
Changes the active boot image.
Boots from the active image.
Resets all access points during the system reset.
(Optional) Saves the configuration before the system reset.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to reset the system at 2010-03-29 and 12:01:01 time:
(Cisco Controller) >
reset system at 2010-03-29 12:01:01 image swap reset-aps save-config
Cisco Wireless Controller Command Reference, Release 8.4
1923
reset system in reset system in
To specify the amount of time delay before the devices reboot, use the reset system in command.
reset system in HH:MM:SS image {swap | no-swap} reset-aps save-config
Syntax Description
HH :MM :SS image swap no-swap reset-aps save-config
Specifies a delay in duration.
Configures the image to be rebooted.
Changes the active boot image.
Boots from the active image.
Resets all access points during the system reset.
Saves the configuration before the system reset.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to reset the system after a delay of 00:01:01:
(Cisco Controller) >
reset system in 00:01:01 image swap reset-aps save-config
1924
Cisco Wireless Controller Command Reference, Release 8.4
reset system cancel reset system cancel
To cancel a scheduled reset, use the reset system cancel command.
reset system cancel
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to cancel a scheduled reset:
(Cisco Controller) >
reset system cancel
Cisco Wireless Controller Command Reference, Release 8.4
1925
reset system notify-time reset system notify-time
To configure the trap generation prior to scheduled resets, use the reset system notify-time command.
reset system notify-time minutes
Syntax Description
minutes
Number of minutes before each scheduled reset at which to generate a trap.
Command Default
The default time period to configure the trap generation prior to scheduled resets is 10 minutes.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the trap generation to 10 minutes before the scheduled resets:
(Cisco Controller) >
reset system notify-time 55
1926
Cisco Wireless Controller Command Reference, Release 8.4
reset peer-system reset peer-system
To reset the peer controller, use the reset peer-system command.
reset peer-system
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to reset the peer controller:
>
reset peer-system
Cisco Wireless Controller Command Reference, Release 8.4
1927
save config save config
To save the controller configurations, use the save config command.
save config
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to save the controller settings:
(Cisco Controller) >
save config
Are you sure you want to save? (y/n) y
Configuration Saved!
1928
Cisco Wireless Controller Command Reference, Release 8.4
transfer download certpasswor transfer download certpasswor
To set the password for the .PEM file so that the operating system can decrypt the web administration SSL key and certificate, use the transfer download certpassword command.
transfer download certpassword private_key_password
Syntax Description
private_key_password
Certificate’s private key password.
Command Default
None
Command History
Release
7.6
Examples
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to transfer a file to the switch with the certificate’s private key password certpassword:
(Cisco Controller) >
transfer download certpassword
Clearing password
Cisco Wireless Controller Command Reference, Release 8.4
1929
transfer download datatype transfer download datatype
To set the download file type, use the transfer download datatype command.
transfer download datatype {code | config | eapdevcert | eapcacert | icon | image | ipseccacert |
ipsecdevcert| login-banner | radius-avplist |signature | webadmincert | webauthbundle | webauthcert}
Syntax Description code config eapcacert eapdevcert icon image ipseccacert ipsecdevcert login-banner radius-avplist signature webadmincert webauthbundle webauthcert
Downloads an executable image to the system.
Downloads the configuration file.
Downloads an EAP ca certificate to the system.
Downloads an EAP dev certificate to the system.
Downloads an executable image to the system.
Downloads a web page login to the system.
Downloads an IPSec Certificate Authority (CA) certificate to the system.
Downloads an IPSec dev certificate to the system.
Downloads the controller login banner. Only text file is supported with a maximum of 1500 bytes.
Downloads the RADIUS AVPs in the XML file format from the
FTP server.
Downloads a signature file to the system.
Downloads a certificate for web administration to the system.
Downloads a custom webauth bundle to the system.
Downloads a web certificate for the web portal to the system.
Command Default
None
Command History
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
The ipseccacert, ipsecdevcert, and radius-avplist options were introduced.
1930
Cisco Wireless Controller Command Reference, Release 8.4
transfer download datatype
Examples
The following example shows how to download an executable image to the system:
(Cisco Controller) >
transfer download datatype code
Cisco Wireless Controller Command Reference, Release 8.4
1931
transfer download datatype icon transfer download datatype icon
To download icon from TFTP or FTP server onto the controller, use the transfer download datatype icon command.
transfer download datatype icon
Syntax Description
None
Command Default
None
Command Modes
WLAN configuration
Command History
Release
Release 8.2
Modification
This command was introduced.
Usage Guidelines
Examples
This example shows how to download icon from TFTP or FTP server onto the controller:
Cisco Controller > transfer download datatype icon
1932
Cisco Wireless Controller Command Reference, Release 8.4
transfer download filename transfer download filename
To download a specific file, use the transfer download filename command.
transfer download filename filename
Syntax Description
filename
Filename that contains up to 512 alphanumeric characters.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You cannot use special characters such as \ : * ? " < > | for the filename.
Examples
The following example shows how to transfer a file named build603:
(Cisco Controller) >
transfer download filename build603
Cisco Wireless Controller Command Reference, Release 8.4
1933
transfer download mode transfer download mode
To set the transfer mode, use the transfer download mode command.
transfer upload mode {ftp | tftp | sftp}
Syntax Description ftp tftp sftp
Sets the transfer mode to FTP.
Sets the transfer mode to TFTP.
Sets the transfer mode to SFTP.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to transfer a file using the TFTP mode:
(Cisco Controller) >
transfer download mode tftp
1934
Cisco Wireless Controller Command Reference, Release 8.4
transfer download password transfer download password
To set the password for an FTP transfer, use the transfer download password command.
transfer download password password
Syntax Description
password
Password.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to set the password for FTP transfer to pass01:
(Cisco Controller) >
transfer download password pass01
Cisco Wireless Controller Command Reference, Release 8.4
1935
transfer download path transfer download path
To set a specific FTP or TFTP path, use the transfer download path command.
transfer download path path
Syntax Description
path
Directory path.
Note
Path names on a TFTP or FTP server are relative to the server’s default or root directory. For example, in the case of the Solarwinds TFTP server, the path is “/”.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You cannot use special characters such as \ : * ? " < > | for the file path.
Examples
The following example shows how to transfer a file to the path c:\install\version2:
(Cisco Controller) >
transfer download path c:\install\version2
1936
Cisco Wireless Controller Command Reference, Release 8.4
transfer download port transfer download port
To specify the FTP port, use the transfer download port command.
transfer download port port
Syntax Description
port
FTP port.
Command Default
The default FTP port is 21.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
Examples
ch
The following example shows how to specify FTP port number 23:
(Cisco Controller) >
transfer download port 23
Cisco Wireless Controller Command Reference, Release 8.4
1937
transfer download serverip transfer download serverip
To configure the IPv4 or IPv6 address of the TFTP server from which to download information, use the
transfer download serverip command.
transfer download serverip IP addr
Syntax Description
IP addr
TFTP server IPv4 or IPv6 address.
Command Default
None
Command History
Examples
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports both IPv4 and IPv6 address formats.
The following example shows how to configure the IPv4 address of the TFTP server:
(Cisco Controller) >
transfer download serverip 175.34.56.78
The following example shows how to configure the IPv6 address of the TFTP server:
(Cisco Controller) >
transfer download serverip 2001:10:1:1::1
1938
Cisco Wireless Controller Command Reference, Release 8.4
transfer download start transfer download start
To initiate a download, use the transfer download start command.
transfer download start
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to initiate a download:
(Cisco Controller) >
transfer download start
Mode........................................... TFTP
Data Type...................................... Site Cert
TFTP Server IP................................. 172.16.16.78
TFTP Path...................................... directory path
TFTP Filename.................................. webadmincert_name
This may take some time.
Are you sure you want to start? (y/n) Y
TFTP Webadmin cert transfer starting.
Certificate installed.
Please restart the switch (reset system) to use the new certificate.
Cisco Wireless Controller Command Reference, Release 8.4
1939
transfer download tftpPktTimeout transfer download tftpPktTimeout
To specify the TFTP packet timeout, use the transfer download tftpPktTimeout command.
transfer download tftpPktTimeout timeout
Syntax Description
timeout
Timeout in seconds between 1 and 254.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to transfer a file with the TFTP packet timeout of 55 seconds:
(Cisco Controller) >
transfer download tftpPktTimeout 55
1940
Cisco Wireless Controller Command Reference, Release 8.4
transfer download tftpMaxRetries transfer download tftpMaxRetries
To specify the number of allowed TFTP packet retries, use the transfer download tftpMaxRetries command.
transfer download tftpMaxRetries retries
Syntax Description
retries
Number of allowed TFTP packet retries between 1 and 254 seconds.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to set the number of allowed TFTP packet retries to 55:
(Cisco Controller) >
transfer download tftpMaxRetries 55
Cisco Wireless Controller Command Reference, Release 8.4
1941
transfer download username transfer download username
To specify the FTP username, use the transfer download username command.
transfer download username username
Syntax Description
username
Username.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to set the FTP username to ftp_username:
(Cisco Controller) >
transfer download username ftp_username
1942
Cisco Wireless Controller Command Reference, Release 8.4
transfer encrypt transfer encrypt
To configure encryption for configuration file transfers, use the transfer encrypt command.
transfer encrypt {enable | disable | set-key key}
Syntax Description enable disable set-key
key
Enables the encryption settings.
Disables the encryption settings.
Specifies the encryption key for configuration file transfers.
Encryption key for config file transfers.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to enable the encryption settings:
(Cisco Controller) >
transfer encrypt enable
Cisco Wireless Controller Command Reference, Release 8.4
1943
transfer upload datatype transfer upload datatype
To set the controller to upload specified log and crash files, use the transfer upload datatype command.
transfer upload datatype {ap-crash-data | config | coredump | crashfile | debug-file | eapcacert | eapdevcert
| errorlog | invalid-config | pac | packet-capture | panic-crash-file | radio-core-dump | radius-avplist |
rrm-log | run-config | signature | systemtrace | traplog | watchdog-crash-filewebadmincert | webauthbundle
| webauthcert}
Syntax Description ap-crash-data config coredump crashfile debug-file eapcacert eapdevcert errorlog invalid-config pac packet-capture panic-crash-file radio-core-dump radius-avplist rrm-log run-config signature systemtrace traplog watchdog-crash-file
Uploads the AP crash files.
Uploads the system configuration file.
Uploads the core-dump file.
Uploads the system crash file.
Uploads the system's debug log file.
Uploads an EAP CA certificate.
Uploads an EAP Dev certificate.
Uploads the system error log file.
Uploads the system invalid-config file.
Uploads a Protected Access Credential (PAC).
Uploads a packet capture file.
Uploads the kernel panic information file.
Uploads the system error log.
Uploads the XML file from the controller to the RADIUS server.
Uploads the system's trap log.
Upload the WLC's running configuration
Uploads the system signature file.
Uploads the system trace file.
Uploads the system trap log.
Uploads a console dump file resulting from a software-watchdog-initiated controller reboot following a crash.
1944
Cisco Wireless Controller Command Reference, Release 8.4
transfer upload datatype webadmincert webauthbundle webauthcert
Uploads Web Admin certificate.
Uploads a Web Auth bundle.
Upload a web certificate
Command Default
None
Command History
Examples
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
The ipseccacert, ipsecdevcert, and radius-avplist options were introduced.
The following example shows how to upload the system error log file:
(Cisco Controller) >
transfer upload datatype errorlog
Cisco Wireless Controller Command Reference, Release 8.4
1945
transfer upload filename transfer upload filename
To upload a specific file, use the transfer upload filename command.
transfer upload filename filename
Syntax Description
filename
Filename that contains up to 16 alphanumeric characters.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You cannot use special characters such as \ : * ? " < > | for the filename.
Examples
The following example shows how to upload a file build603:
(Cisco Controller) >
transfer upload filename build603
1946
Cisco Wireless Controller Command Reference, Release 8.4
transfer upload mode transfer upload mode
To configure the transfer mode, use the transfer upload mode command.
transfer upload mode {ftp | tftp | sftp}
Syntax Description ftp tftp sftp
Sets the transfer mode to FTP.
Sets the transfer mode to TFTP.
Sets the transfer mode to SFTP.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to set the transfer mode to TFTP:
(Cisco Controller) >
transfer upload mode tftp
Cisco Wireless Controller Command Reference, Release 8.4
1947
transfer upload pac transfer upload pac
To load a Protected Access Credential (PAC) to support the local authentication feature and allow a client to import the PAC, use the transfer upload pac command.
transfer upload pac username validity password
Syntax Description
username validity password
User identity of the PAC.
Validity period (days) of the PAC.
Password to protect the PAC.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
The client upload process uses a TFTP or FTP server.
Examples
The following example shows how to upload a PAC with the username user1, validity period 53, and password pass01:
(Cisco Controller) >
transfer upload pac user1 53 pass01
1948
Cisco Wireless Controller Command Reference, Release 8.4
transfer upload password transfer upload password
To configure the password for FTP transfer, use the transfer upload password command.
Syntax Description
password
Password needed to access the FTP server.
transfer upload password password
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to configure the password for the FTP transfer to pass01:
(Cisco Controller) >
transfer upload password pass01
Cisco Wireless Controller Command Reference, Release 8.4
1949
transfer upload path transfer upload path
To set a specific upload path, use the transfer upload path command.
transfer upload path path
Syntax Description
path
Server path to file.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Usage Guidelines
You cannot use special characters such as \ : * ? " < > | for the file path.
Examples
The following example shows how to set the upload path to c:\install\version2:
(Cisco Controller) >
transfer upload path c:\install\version2
1950
Cisco Wireless Controller Command Reference, Release 8.4
transfer upload peer-start transfer upload peer-start
To upload a file to the peer WLC, use the transfer upload peer-start command.
transfer upload peer-start
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than
Release 7.6.
Examples
The following example shows how to start uploading a file to the peer controller:
(Cisco Controller) >
transfer upload peer-start
Mode............................................. FTP
FTP Server IP.................................... 209.165.201.1
FTP Server Port.................................. 21
FTP Path......................................... /builds/nimm/
FTP Filename..................................... AS_5500_7_4_1_20.aes
FTP Username..................................... wnbu
FTP Password..................................... *********
Data Type........................................ Error Log
Are you sure you want to start upload from standby? (y/N) n
Transfer Canceled
Cisco Wireless Controller Command Reference, Release 8.4
1951
transfer upload port transfer upload port
To specify the FTP port, use the transfer upload port command.
transfer upload port port
Syntax Description
port
Port number.
Command Default
The default FTP port is 21.
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to specify FTP port 23:
(Cisco Controller) >
transfer upload port 23
1952
Cisco Wireless Controller Command Reference, Release 8.4
transfer upload serverip transfer upload serverip
To configure the IPv4 or IPv6 address of the TFTP server to upload files to, use the transfer upload serverip command.
transfer upload serverip IP addr
Syntax Description
IP addr
TFTP Server IPv4 or IPv6 address.
Command Default
None
Command History
Examples
Release
7.6
8.0
Modification
This command was introduced in a release earlier than Release 7.6.
This command supports both IPv4 and IPv6 address formats.
The following example shows how to set the IPv4 address of the TFTP server to 175.31.56.78:
(Cisco Controller) >
transfer upload serverip 175.31.56.78
The following example shows how to set the IPv6 address of the TFTP server to 175.31.56.78:
(Cisco Controller) >
transfer upload serverip 2001:10:1:1::1
Cisco Wireless Controller Command Reference, Release 8.4
1953
transfer upload start transfer upload start
To initiate an upload, use the transfer upload start command.
transfer upload start
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
Examples
The following example shows how to initiate an upload of a file:
(Cisco Controller) >
transfer upload start
Mode........................................... TFTP
TFTP Server IP................................. 172.16.16.78
TFTP Path...................................... c:\find\off/
TFTP Filename.................................. wps_2_0_75_0.aes
Data Type...................................... Code
Are you sure you want to start? (y/n) n
Transfer Cancelled
1954
Cisco Wireless Controller Command Reference, Release 8.4
transfer upload username transfer upload username
To specify the FTP username, use the transfer upload username command.
transfer upload username
Syntax Description
username
Username required to access the FTP server. The username can contain up to 31 characters.
Command Default
None
Command History
Examples
Release
7.6
Modification
This command was introduced in a release earlier than Release 7.6.
The following example shows how to set the FTP username to ftp_username:
(Cisco Controller) >
transfer upload username ftp_username
Cisco Wireless Controller Command Reference, Release 8.4
1955
transfer upload username
1956
Cisco Wireless Controller Command Reference, Release 8.4
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 1 Cisco Wireless Controller Command Reference, Release 8.4
- 3 Contents
- 51 Preface
- 51 Audience
- 51 Document Conventions
- 54 Related Documentation
- 54 Obtaining Documentation and Submitting a Service Request
- 55 Using the Command-Line Interface
- 57 Using the Command-Line Interface
- 57 CLI Command Keyboard Shortcuts
- 58 Using the Interactive Help Feature
- 59 Using the help Command
- 59 Using the ? command
- 60 Using the partial? command
- 60 Using the partial command<tab>
- 61 Using the command ?
- 62 command keyword ?
- 63 Clear Commands
- 65 Clear Commands: a to l
- 66 clear advanced
- 67 clear acl counters
- 68 clear ap config
- 69 clear ap eventlog
- 70 clear ap join stats
- 71 clear arp
- 72 clear ap tsm
- 73 clear atf
- 74 clear avc statistics
- 76 clear client tsm
- 77 clear config
- 78 clear ext-webauth-url
- 79 clear location rfid
- 80 clear location statistics rfid
- 81 clear locp statistics
- 82 clear login-banner
- 83 clear lwapp private-config
- 85 Clear Commands: m to z
- 86 clear mdns service-database
- 88 clear nmsp statistics
- 89 clear radius acct statistics
- 90 clear tacacs auth statistics
- 91 clear redirect-url
- 92 clear stats ap wlan
- 93 clear stats local-auth
- 94 clear stats mobility
- 95 clear stats port
- 96 clear stats radius
- 98 clear stats smart-lic
- 99 clear stats switch
- 100 clear stats tacacs
- 101 clear transfer
- 102 clear traplog
- 103 clear webimage
- 104 clear webmessage
- 105 clear webtitle
- 107 Config Commands
- 109 Config Commands: 802.11
- 112 config 802.11-abgn
- 113 config 802.11a 11acsupport
- 114 config 802.11-a antenna extAntGain
- 115 config 802.11-a channel ap
- 116 config 802.11-a txpower ap
- 117 config 802.11 antenna diversity
- 118 config 802.11 antenna extAntGain
- 119 config 802.11 antenna mode
- 120 config 802.11 antenna selection
- 121 config 802.11b 11gSupport
- 122 config 802.11b preamble
- 123 config 802.11h channelswitch
- 124 config 802.11h powerconstraint
- 125 config 802.11h setchannel
- 126 config 802.11 11nsupport
- 127 config 802.11 11nsupport a-mpdu tx priority
- 129 config 802.11 11nsupport a-mpdu tx scheduler
- 130 config 802.11 11nsupport antenna
- 131 config 802.11 11nsupport guard-interval
- 132 config 802.11 11nsupport mcs tx
- 134 config 802.11 11nsupport rifs
- 135 config 802.11 antenna diversity
- 136 config 802.11 antenna extAntGain
- 137 config 802.11 antenna mode
- 138 config 802.11 antenna selection
- 139 config 802.11 channel
- 141 config 802.11 channel ap
- 142 config 802.11 chan_width
- 144 config 802.11 rx-sop threshold
- 146 config 802.11 txPower
- 148 config 802.11 beamforming
- 150 config 802.11h channelswitch
- 151 config 802.11h powerconstraint
- 152 config 802.11h setchannel
- 153 config 802.11h smart dfs
- 154 config 802.11 11nsupport
- 155 config 802.11 11nsupport a-mpdu tx priority
- 157 config 802.11 11nsupport a-mpdu tx scheduler
- 158 config 802.11 11nsupport antenna
- 159 config 802.11 11nsupport guard-interval
- 160 config 802.11 11nsupport mcs tx
- 162 config 802.11 11nsupport rifs
- 163 config 802.11 beacon period
- 164 config 802.11 cac defaults
- 166 config 802.11 cac video acm
- 168 config 802.11 cac video cac-method
- 170 config 802.11 cac video load-based
- 172 config 802.11 cac video max-bandwidth
- 174 config 802.11 cac media-stream
- 176 config 802.11 cac multimedia
- 178 config 802.11 cac video roam-bandwidth
- 180 config 802.11 cac video sip
- 182 config 802.11 cac video tspec-inactivity-timeout
- 184 config 802.11 cac voice acm
- 185 config 802.11 cac voice max-bandwidth
- 187 config 802.11 cac voice roam-bandwidth
- 189 config 802.11 cac voice tspec-inactivity-timeout
- 191 config 802.11 cac voice load-based
- 193 config 802.11 cac voice max-calls
- 195 config 802.11 cac voice sip bandwidth
- 197 config 802.11 cac voice sip codec
- 199 config 802.11 cac voice stream-size
- 201 config 802.11 cleanair
- 203 config 802.11 cleanair device
- 205 config 802.11 cleanair alarm
- 207 config 802.11 disable
- 208 config 802.11 dtpc
- 209 config 802.11 enable
- 211 config 802.11 exp-bwreq
- 212 config 802.11 fragmentation
- 213 config 802.11 l2roam rf-params
- 215 config 802.11 max-clients
- 216 config 802.11 media-stream multicast-direct
- 218 config 802.11 media-stream video-redirect
- 219 config 802.11 multicast data-rate
- 220 config 802.11 rate
- 221 config 802.11 rssi-check
- 222 config 802.11 rssi-threshold
- 223 config 802.11 tsm
- 224 config 802.11b preamble
- 225 Config Commands: a to i
- 236 config aaa auth
- 237 config aaa auth mgmt
- 238 config acl apply
- 239 config acl counter
- 240 config acl create
- 241 config acl cpu
- 242 config acl delete
- 243 config acl layer2
- 245 config acl rule
- 247 config acl url-acl
- 249 config acl url-acl external-server-ip
- 250 config acl url-acl list-type
- 251 config acl url-domain
- 252 config advanced eap
- 254 config advanced hotspot
- 256 config advanced timers auth-timeout
- 257 config advanced timers eap-timeout
- 258 config advanced timers eap-identity-request-delay
- 259 config advanced 802.11 7920VSIEConfig
- 260 config advanced 802.11 edca-parameters
- 263 config advanced timers
- 266 config advanced fastpath fastcache
- 267 config advanced fastpath pkt-capture
- 268 config advanced sip-preferred-call-no
- 269 config advanced sip-snooping-ports
- 270 config advanced 802.11 packet
- 272 config advanced 802.11 profile clients
- 273 config advanced 802.11 profile customize
- 274 config advanced 802.11 profile foreign
- 275 config advanced 802.11 profile noise
- 276 config advanced 802.11 profile throughput
- 277 config advanced 802.11 profile utilization
- 278 config advanced backup-controller primary
- 279 config advanced backup-controller secondary
- 280 config advanced client-handoff
- 281 config advanced dot11-padding
- 282 config advanced assoc-limit
- 283 config advanced max-1x-sessions
- 284 config advanced rate
- 285 config advanced probe filter
- 286 config advanced probe limit
- 287 config advanced timers
- 290 config advanced 802.11 7920VSIEConfig
- 291 config advanced 802.11 channel add
- 292 config advanced 802.11 channel cleanair-event
- 293 config advanced 802.11 channel dca anchor-time
- 294 config advanced 802.11 channel dca chan-width-11n
- 295 config advanced 802.11 channel dca interval
- 296 config advanced 802.11 channel dca min-metric
- 297 config advanced 802.11 channel dca sensitivity
- 299 config advanced 802.11 channel foreign
- 300 config advanced 802.11 channel load
- 301 config advanced 802.11 channel noise
- 302 config advanced 802.11 channel outdoor-ap-dca
- 303 config advanced 802.11 channel pda-prop
- 304 config advanced 802.11 channel update
- 305 config advanced 802.11 coverage
- 307 config advanced 802.11 coverage exception global
- 309 config advanced 802.11 coverage fail-rate
- 311 config advanced 802.11 coverage level global
- 313 config advanced 802.11 coverage packet-count
- 315 config advanced 802.11 coverage rssi-threshold
- 317 config advanced 802.11 edca-parameters
- 320 config advanced 802.11 factory
- 321 config advanced 802.11 group-member
- 322 config advanced 802.11 group-mode
- 323 config advanced 802.11 logging channel
- 324 config advanced 802.11 logging coverage
- 325 config advanced 802.11 logging foreign
- 326 config advanced 802.11 logging load
- 327 config advanced 802.11 logging noise
- 328 config advanced 802.11 logging performance
- 329 config advanced 802.11 logging txpower
- 330 config advanced 802.11 monitor channel-list
- 331 config advanced 802.11 monitor coverage
- 332 config advanced 802.11 monitor load
- 333 config advanced 802.11 monitor mode
- 334 config advanced 802.11 monitor ndp-type
- 335 config advanced 802.11 monitor noise
- 336 config advanced 802.11 monitor signal
- 337 config advanced 802.11 monitor timeout-factor
- 338 config advanced 802.11 optimized roaming
- 340 config advanced 802.11 profile foreign
- 341 config advanced 802.11 profile noise
- 342 config advanced 802.11 profile throughput
- 343 config advanced 802.11 profile utilization
- 344 config advanced 802.11 receiver
- 345 config advanced 802.11 tpc-version
- 346 config advanced 802.11 tpcv1-thresh
- 347 config advanced 802.11 tpcv2-intense
- 348 config advanced 802.11 tpcv2-per-chan
- 349 config advanced 802.11 tpcv2-thresh
- 350 config advanced 802.11 txpower-update
- 351 config ap 802.1Xuser
- 352 config ap 802.1Xuser delete
- 353 config ap 802.1Xuser disable
- 354 config advanced dot11-padding
- 355 config ap
- 356 config ap atf 802.11
- 357 config ap atf 802.11 client-access airtime-allocation
- 358 config ap atf 802.11 policy
- 359 config ap autoconvert
- 360 config ap bhrate
- 361 config ap bridgegroupname
- 362 config ap bridging
- 363 config ap cdp
- 365 config ap core-dump
- 366 config ap crash-file clear-all
- 367 config ap crash-file delete
- 368 config ap crash-file get-crash-file
- 369 config ap crash-file get-radio-core-dump
- 370 config ap dhcp release-override
- 371 config ap dtls-cipher-suite
- 372 config ap dtls-version
- 373 config ap ethernet duplex
- 375 config ap ethernet tag
- 376 config ap autoconvert
- 377 config ap flexconnect central-dhcp
- 379 config ap flexconnect local-split
- 380 config ap flexconnect module-vlan
- 381 config ap flexconnect policy
- 382 config ap flexconnect radius auth set
- 383 config ap flexconnect vlan
- 384 config ap flexconnect vlan add
- 385 config ap flexconnect vlan native
- 386 config ap flexconnect vlan wlan
- 387 config ap flexconnect web-auth
- 388 config ap flexconnect web-policy acl
- 389 config ap flexconnect wlan
- 390 config ap group-name
- 391 config ap hotspot
- 398 config ap image predownload
- 399 config ap image swap
- 400 config ap led-state
- 402 config ap link-encryption
- 403 config ap link-latency
- 404 config ap location
- 405 config ap logging syslog level
- 407 config ap logging syslog facility
- 409 config ap max-count
- 410 config ap mgmtuser add
- 412 config ap mgmtuser delete
- 413 config ap mode
- 415 config ap module3g
- 416 config ap monitor-mode
- 417 config ap name
- 418 config ap packet-dump
- 421 config ap port
- 422 config ap power injector
- 423 config ap power pre-standard
- 424 config ap preferred-mode
- 425 config ap primary-base
- 427 config ap priority
- 428 config ap reporting-period
- 429 config ap reset
- 430 config ap retransmit interval
- 431 config ap retransmit count
- 432 config ap role
- 433 config ap rst-button
- 434 config ap secondary-base
- 436 config ap sniff
- 438 config ap ssh
- 439 config ap static-ip
- 441 config ap stats-timer
- 442 config ap syslog host global
- 443 config ap syslog host specific
- 444 config ap tcp-mss-adjust
- 446 config ap telnet
- 447 config ap tertiary-base
- 449 config ap tftp-downgrade
- 450 config ap username
- 451 config ap venue
- 455 config ap wlan
- 456 config atf 802.11
- 457 config atf policy
- 458 config auth-list add
- 459 config auth-list ap-policy
- 460 config auth-list delete
- 461 config avc profile create
- 462 config avc profile delete
- 463 config avc profile rule
- 465 config band-select cycle-count
- 466 config band-select cycle-threshold
- 467 config band-select expire
- 468 config band-select client-rssi
- 469 config boot
- 470 config call-home contact email address
- 471 config call-home events
- 472 config call-home http-proxy ipaddr
- 473 config call-home http-proxy ipaddr 0.0.0.0
- 474 config call-home profile
- 475 config call-home profile delete
- 476 config call-home profile status
- 477 config call-home reporting
- 478 config call-home tac-profile
- 479 config cdp
- 480 config certificate
- 481 config certificate lsc
- 483 config certificate ssc
- 485 config certificate use-device-certificate webadmin
- 486 config client ccx clear-reports
- 487 config client ccx clear-results
- 488 config client ccx default-gw-ping
- 489 config client ccx dhcp-test
- 490 config client ccx dns-ping
- 491 config client ccx dns-resolve
- 492 config client ccx get-client-capability
- 493 config client ccx get-manufacturer-info
- 494 config client ccx get-operating-parameters
- 495 config client ccx get-profiles
- 496 config client ccx log-request
- 498 config client ccx send-message
- 501 config client ccx stats-request
- 502 config client ccx test-abort
- 503 config client ccx test-association
- 504 config client ccx test-dot1x
- 505 config client ccx test-profile
- 506 config client deauthenticate
- 507 config client location-calibration
- 508 config client profiling delete
- 509 config cloud-services cmx
- 510 config cloud-services server url
- 511 config cloud-services server id-token
- 512 config coredump
- 513 config coredump ftp
- 514 config coredump username
- 515 config country
- 516 config cts
- 517 config cts ap
- 518 config cts inline-tag
- 519 config cts ap override
- 520 config cts device-id
- 521 config cts refresh
- 522 config cts sxp ap connection delete
- 523 config cts sxp ap connection peer
- 524 config cts sxp ap default password
- 525 config cts sxp ap listener
- 526 config cts sxp ap reconciliation period
- 527 config cts sxp ap retry period
- 528 config cts sxp ap speaker
- 529 config cts sxp
- 530 config cts sxp connection
- 531 config cts sxp default password
- 532 config cts sxp retry period
- 533 config cts sxp version
- 534 config cts sxp
- 536 config custom-web ext-webauth-mode
- 537 config custom-web ext-webauth-url
- 538 config custom-web ext-webserver
- 539 config custom-web logout-popup
- 540 config custom-web qrscan-bypass-opt
- 541 config custom-web radiusauth
- 542 config custom-web redirectUrl
- 543 config custom-web sleep-client
- 544 config custom-web webauth-type
- 545 config custom-web weblogo
- 546 config custom-web webmessage
- 547 config custom-web webtitle
- 548 config database size
- 549 config dhcp
- 552 config dhcp opt-82 format
- 553 config dhcp opt-82 remote-id
- 555 config dhcp proxy
- 556 config dhcp timeout
- 557 config exclusionlist
- 558 config flexconnect acl
- 559 config flexconnect acl rule
- 561 config flexconnect arp-caching
- 562 config flexconnect avc profile
- 563 config flexconnect fallback-radio-shut
- 564 config flexconnect group
- 570 config flexconnect group vlan
- 571 config flexconnect group group-name dhcp overridden-interface
- 572 config flexconnect group web-auth
- 573 config flexconnect group web-policy
- 574 config flexconnect join min-latency
- 575 config flexconnect office-extend
- 577 config flow
- 579 config guest-lan
- 580 config guest-lan custom-web ext-webauth-url
- 581 config guest-lan custom-web global disable
- 582 config guest-lan custom-web login_page
- 583 config guest-lan custom-web webauth-type
- 584 config guest-lan ingress-interface
- 585 config guest-lan interface
- 586 config guest-lan mobility anchor
- 587 config guest-lan nac
- 588 config guest-lan security
- 589 config interface 3g-vlan
- 590 config interface acl
- 591 config interface address
- 593 config interface address redundancy-management
- 594 config interface ap-manager
- 595 config interface create
- 596 config interface delete
- 597 config interface dhcp management
- 599 config interface dhcp
- 600 config interface dhcp dynamic-interface
- 601 config interface dhcp management option-6-opendns
- 602 config interface address
- 604 config interface guest-lan
- 605 config interface hostname
- 606 config interface nasid
- 607 config interface nat-address
- 608 config interface port
- 609 config interface quarantine vlan
- 610 config interface url-acl
- 611 config interface vlan
- 612 config interface group mdns-profile
- 614 config interface mdns-profile
- 616 config icons delete
- 617 config icons file-info
- 618 config ipv6 disable
- 619 config ipv6 enable
- 620 config ipv6 acl
- 623 config ipv6 capwap
- 625 config ipv6 interface
- 627 config ipv6 multicast
- 628 config ipv6 neighbor-binding
- 630 config ipv6 ns-mcast-fwd
- 631 config ipv6 ra-guard
- 632 config ipv6 route
- 633 Config Commands: j to q
- 640 config known ap
- 641 config lag
- 642 config ldap
- 645 config local-auth active-timeout
- 646 config local-auth eap-profile
- 649 config local-auth method fast
- 651 config local-auth user-credentials
- 652 config lync-sdn
- 653 config licensing
- 654 config license boot
- 656 config load-balancing
- 658 config location
- 660 config location info rogue
- 661 config logging buffered
- 662 config logging console
- 663 config logging debug
- 664 config logging fileinfo
- 665 config logging procinfo
- 666 config logging traceinfo
- 667 config logging syslog host
- 670 config logging syslog facility
- 672 config logging syslog facility client
- 673 config logging syslog facility ap
- 674 config logging syslog level
- 675 config loginsession close
- 676 config macfilter
- 678 config macfilter description
- 679 config macfilter interface
- 680 config macfilter ip-address
- 681 config macfilter mac-delimiter
- 682 config macfilter radius-compat
- 683 config macfilter wlan-id
- 684 config mdns ap
- 686 config mdns profile
- 688 config mdns query interval
- 690 config mdns service
- 693 config mdns snooping
- 695 config mdns policy enable
- 696 config mdns policy service-group
- 697 config mdns policy service-group parameters
- 698 config mdns policy service-group user-name
- 699 config mdns policy service-group user-role
- 700 config media-stream multicast-direct
- 701 config media-stream message
- 703 config media-stream add
- 705 config media-stream admit
- 706 config media-stream deny
- 707 config media-stream delete
- 708 config memory monitor errors
- 709 config memory monitor leaks
- 711 config mesh alarm
- 712 config mesh astools
- 713 config mesh backhaul rate-adapt
- 714 config mesh backhaul slot
- 715 config mesh battery-state
- 716 config mesh client-access
- 718 config mesh ethernet-bridging allow-bpdu
- 719 config mesh ethernet-bridging vlan-transparent
- 720 config mesh full-sector-dfs
- 721 config mesh linkdata
- 723 config mesh linktest
- 726 config mesh lsc
- 727 config mesh lsc advanced
- 728 config mesh lsc advanced ap-provision
- 729 config mesh multicast
- 731 config mesh parent preferred
- 732 config mesh public-safety
- 733 config mesh radius-server
- 734 config mesh range
- 735 config mesh secondary-backhaul
- 736 config mesh security
- 738 config mesh slot-bias
- 739 config mgmtuser add
- 740 config mgmtuser delete
- 741 config mgmtuser description
- 742 config mgmtuser password
- 743 config mgmtuser telnet
- 744 config mgmtuser termination-interval
- 745 config mobility dscp
- 746 config mobility group anchor
- 747 config mobility group domain
- 748 config mobility group keepalive count
- 749 config mobility group keepalive interval
- 750 config mobility group member
- 752 config mobility group multicast-address
- 753 config mobility multicast-mode
- 754 config mobility new-architecture
- 755 config mobility oracle
- 756 config mobility secure-mode
- 757 config mobility statistics reset
- 758 config netuser add
- 760 config netuser delete
- 761 config netuser description
- 762 config network dns serverip
- 763 config netuser guest-lan-id
- 764 config netuser guest-role apply
- 765 config netuser guest-role create
- 766 config netuser guest-role delete
- 767 config netuser guest-role qos data-rate average-data-rate
- 768 config netuser guest-role qos data-rate average-realtime-rate
- 769 config netuser guest-role qos data-rate burst-data-rate
- 770 config netuser guest-role qos data-rate burst-realtime-rate
- 771 config netuser lifetime
- 772 config netuser maxUserLogin
- 773 config netuser password
- 774 config netuser wlan-id
- 775 config network client-ip-conflict-detection
- 776 config network http-proxy ip-address
- 777 config network bridging-shared-secret
- 778 config network web-auth captive-bypass
- 779 config network web-auth port
- 780 config network web-auth proxy-redirect
- 781 config network web-auth secureweb
- 782 config network webmode
- 783 config network web-auth
- 784 config network 802.3-bridging
- 785 config network allow-old-bridge-aps
- 786 config network ap-discovery
- 787 config network ap-easyadmin
- 788 config network ap-fallback
- 789 config network ap-priority
- 790 config network apple-talk
- 791 config network arptimeout
- 792 config assisted-roaming
- 793 config network bridging-shared-secret
- 794 config network broadcast
- 795 config network fast-ssid-change
- 796 config network ip-mac-binding
- 797 config network link local bridging
- 798 config network master-base
- 799 config network mgmt-via-wireless
- 800 config network multicast global
- 801 config network multicast igmp query interval
- 802 config network multicast igmp snooping
- 803 config network multicast igmp timeout
- 804 config network multicast l2mcast
- 805 config network multicast mld
- 806 config network multicast mode multicast
- 807 config network multicast mode unicast
- 808 config network oeap-600 dual-rlan-ports
- 809 config network oeap-600 local-network
- 810 config network otap-mode
- 811 config network profiling
- 812 config opendns
- 813 config opendns api-token
- 814 config opendns forced
- 815 config opendns profile
- 816 config pmipv6 domain
- 817 config pmipv6 add profile
- 819 config pmipv6 delete
- 820 config pmipv6 mag apn
- 821 config pmipv6 mag binding init-retx-time
- 822 config pmipv6 mag binding lifetime
- 823 config pmipv6 mag binding max-retx-time
- 824 config pmipv6 mag binding maximum
- 825 config pmipv6 mag binding refresh-time
- 826 config pmipv6 mag bri delay
- 827 config pmipv6 mag bri retries
- 828 config pmipv6 mag lma
- 829 config pmipv6 mag replay-protection
- 830 config port power
- 831 config policy action opendns-profile-name
- 832 config network rf-network-name
- 833 config network secureweb
- 834 config network secureweb cipher-option
- 836 config network ssh
- 837 config network telnet
- 838 config network usertimeout
- 839 config network web-auth captive-bypass
- 840 config network web-auth cmcc-support
- 841 config network web-auth port
- 842 config network web-auth proxy-redirect
- 843 config network web-auth secureweb
- 844 config network web-auth https-redirect
- 845 config network webmode
- 846 config network web-auth
- 847 config network zero-config
- 848 config network allow-old-bridge-aps
- 849 config network ap-discovery
- 850 config network ap-fallback
- 851 config network ap-priority
- 852 config network apple-talk
- 853 config network bridging-shared-secret
- 854 config network master-base
- 855 config network oeap-600 dual-rlan-ports
- 856 config network oeap-600 local-network
- 857 config network otap-mode
- 858 config network zero-config
- 859 config nmsp notify-interval measurement
- 860 config paging
- 861 config passwd-cleartext
- 862 config policy
- 865 config port adminmode
- 866 config port autoneg
- 867 config port linktrap
- 868 config port multicast appliance
- 869 config prompt
- 870 config qos average-data-rate
- 872 config qos average-realtime-rate
- 874 config qos burst-data-rate
- 876 config qos burst-realtime-rate
- 878 config qos description
- 879 config qos fastlane
- 880 config qos fastlane disable global
- 881 config qos max-rf-usage
- 882 config qos dot1p-tag
- 883 config qos priority
- 885 config qos protocol-type
- 886 config qos queue_length
- 887 config qos qosmap
- 888 config qos qosmap up-to-dscp-map
- 889 config qos qosmap dscp-to-up-exception
- 890 config qos qosmap delete-dscp-exception
- 891 config qos qosmap clear-all
- 892 config qos qosmap trust dscp upstream
- 893 Config Commands: r to z
- 905 config radius acct
- 908 config radius acct ipsec authentication
- 909 config radius acct ipsec disable
- 910 config radius acct ipsec enable
- 911 config radius acct ipsec encryption
- 912 config radius acct ipsec ike
- 913 config radius acct mac-delimiter
- 914 config radius acct network
- 915 config radius acct realm
- 916 config radius acct retransmit-timeout
- 917 config radius auth
- 920 config radius auth callStationIdType
- 922 config radius auth framed-mtu
- 923 config radius auth IPsec authentication
- 924 config radius auth ipsec disable
- 925 config radius auth ipsec encryption
- 926 config radius auth ipsec ike
- 928 config radius auth keywrap
- 929 config radius auth mac-delimiter
- 930 config radius auth management
- 931 config radius auth mgmt-retransmit-timeout
- 932 config radius auth network
- 933 config radius auth realm
- 934 config radius auth retransmit-timeout
- 935 config radius auth rfc3576
- 936 config radius auth retransmit-timeout
- 937 config radius aggressive-failover disabled
- 938 config radius backward compatibility
- 939 config radius callStationIdCase
- 940 config radius callStationIdType
- 942 config radius dns
- 944 config radius fallback-test
- 946 config radius ext-source-ports
- 947 config radius acct retransmit-timeout
- 948 config radius auth mgmt-retransmit-timeout
- 949 config radius auth retransmit-timeout
- 950 config radius auth retransmit-timeout
- 951 config redundancy interface address peer-service-port
- 952 config redundancy mobilitymac
- 953 config redundancy mode
- 954 config redundancy peer-route
- 955 config redundancy timer keep-alive-timer
- 956 config redundancy timer peer-search-timer
- 957 config redundancy unit
- 958 config remote-lan
- 959 config remote-lan aaa-override
- 960 config remote-lan acl
- 961 config remote-lan apgroup
- 962 config remote-lan create
- 963 config remote-lan custom-web
- 965 config remote-lan delete
- 966 config remote-lan dhcp_server
- 967 config remote-lan exclusionlist
- 968 config remote-lan host-mode
- 969 config remote-lan interface
- 970 config remote-lan ldap
- 971 config remote-lan mac-filtering
- 972 config remote-lan mab
- 973 config remote-lan max-associated-clients
- 974 config remote-lan pre-auth
- 975 config remote-lan radius_server
- 977 config remote-lan security
- 978 config remote-lan session-timeout
- 979 config remote-lan violation-mode
- 980 config remote-lan webauth-exclude
- 981 config rf-profile band-select
- 983 config rf-profile client-trap-threshold
- 984 config rf-profile create
- 985 config rf-profile fra client-aware
- 986 config rf-profile data-rates
- 987 config rf-profile delete
- 988 config rf-profile description
- 989 config rf-profile load-balancing
- 990 config rf-profile max-clients
- 991 config rf-profile multicast data-rate
- 992 config rf-profile out-of-box
- 993 config rf-profile rx-sop threshold
- 994 config rf-profile tx-power-control-thresh-v1
- 995 config rf-profile tx-power-control-thresh-v2
- 996 config rf-profile tx-power-max
- 997 config rf-profile tx-power-min
- 998 config rogue ap timeout
- 1000 config rogue adhoc
- 1003 config rogue ap classify
- 1005 config rogue ap friendly
- 1007 config rogue ap rldp
- 1009 config rogue ap ssid
- 1011 config rogue ap timeout
- 1013 config rogue auto-contain level
- 1015 config rogue ap valid-client
- 1017 config rogue client
- 1019 config rogue containment
- 1020 config rogue detection
- 1022 config rogue detection client-threshold
- 1023 config rogue detection min-rssi
- 1024 config rogue detection monitor-ap
- 1026 config rogue detection report-interval
- 1027 config rogue detection security-level
- 1028 config rogue detection transient-rogue-interval
- 1029 config rogue rule
- 1033 config rogue rule condition ap
- 1035 config remote-lan session-timeout
- 1036 config rfid auto-timeout
- 1037 config rfid status
- 1038 config rfid timeout
- 1039 config rogue ap timeout
- 1041 config route add
- 1042 config route delete
- 1043 config serial baudrate
- 1044 config serial timeout
- 1045 config service timestamps
- 1046 config sessions maxsessions
- 1047 config sessions timeout
- 1048 config slot
- 1049 config switchconfig boot-break
- 1050 config switchconfig fips-prerequisite
- 1051 config switchconfig ucapl
- 1052 config switchconfig wlancc
- 1053 config switchconfig strong-pwd
- 1056 config switchconfig flowcontrol
- 1057 config switchconfig mode
- 1058 config switchconfig secret-obfuscation
- 1059 config sysname
- 1060 config snmp community accessmode
- 1061 config snmp community create
- 1062 config snmp community delete
- 1063 config snmp community ipaddr
- 1064 config snmp community mode
- 1065 config snmp engineID
- 1066 config snmp syscontact
- 1067 config snmp syslocation
- 1068 config snmp trapreceiver create
- 1069 config snmp trapreceiver delete
- 1070 config snmp trapreceiver mode
- 1071 config snmp v3user create
- 1073 config snmp v3user delete
- 1074 config snmp version
- 1075 config tacacs acct
- 1077 config tacacs athr
- 1079 config tacacs athr mgmt-server-timeout
- 1080 config tacacs auth
- 1082 config tacacs auth mgmt-server-timeout
- 1083 config tacacs dns
- 1085 config tacacs fallback-test interval
- 1086 config time manual
- 1087 config time ntp
- 1090 config time timezone
- 1091 config time timezone location
- 1094 config trapflags 802.11-Security
- 1095 config trapflags aaa
- 1096 config trapflags adjchannel-rogueap
- 1098 config trapflags ap
- 1099 config trapflags authentication
- 1100 config trapflags client
- 1101 config trapflags client max-warning-threshold
- 1103 config trapflags configsave
- 1104 config trapflags IPsec
- 1105 config trapflags linkmode
- 1106 config trapflags mesh
- 1107 config trapflags multiusers
- 1108 config trapflags rfid
- 1110 config trapflags rogueap
- 1111 config trapflags rrm-params
- 1112 config trapflags rrm-profile
- 1113 config trapflags stpmode
- 1114 config trapflags strong-pwdcheck
- 1115 config trapflags wps
- 1116 config tunnel eogre heart-beat
- 1117 config tunnel eogre gateway
- 1118 config tunnel eogre domain
- 1119 config tunnel profile
- 1120 config tunnel profile_rule
- 1121 config tunnel profile_rule-delete
- 1122 config tunnel profile eogre-DHCP82
- 1123 config tunnel profile eogre-gateway-radius-proxy
- 1124 config tunnel profile eogre-gateway-radius-proxy-accounting
- 1125 config tunnel profile eogre-DHCP82
- 1126 config tunnel profile eogre-DHCP82-circuit-id
- 1127 config tunnel profile eogre-DHCP82-delimiter
- 1128 config tunnel profile eogre-DHCP82-format
- 1129 config tunnel profile eogre-DHCP82-remote-id
- 1130 config watchlist add
- 1131 config watchlist delete
- 1132 config watchlist disable
- 1133 config watchlist enable
- 1134 config wgb vlan
- 1135 config wlan
- 1137 config wlan 7920-support
- 1138 config wlan 802.11e
- 1139 config wlan aaa-override
- 1140 config wlan acl
- 1141 config wlan apgroup
- 1148 config wlan apgroup atf 802.11
- 1149 config wlan apgroup atf 802.11 policy
- 1150 config wlan apgroup opendns-profile
- 1151 config wlan apgroup qinq
- 1153 config wlan assisted-roaming
- 1154 config wlan atf
- 1155 config wlan avc
- 1156 config wlan band-select allow
- 1157 config wlan broadcast-ssid
- 1158 config wlan call-snoop
- 1159 config wlan chd
- 1160 config wlan ccx aironet-ie
- 1161 config wlan channel-scan defer-priority
- 1162 config wlan channel-scan defer-time
- 1163 config wlan custom-web
- 1165 config wlan dhcp_server
- 1166 config wlan diag-channel
- 1167 config wlan dtim
- 1168 config wlan exclusionlist
- 1169 config wlan fabric
- 1170 config wlan flexconnect ap-auth
- 1171 config wlan flexconnect central-assoc
- 1172 config wlan flexconnect learn-ipaddr
- 1173 config wlan flexconnect local-switching
- 1175 config wlan flexconnect vlan-central-switching
- 1176 config wlan flow
- 1177 config wlan hotspot
- 1178 config wlan hotspot dot11u
- 1179 config wlan hotspot dot11u 3gpp-info
- 1180 config wlan hotspot dot11u auth-type
- 1181 config wlan hotspot dot11u disable
- 1182 config wlan hotspot dot11u domain
- 1183 config wlan hotspot dot11u enable
- 1184 config wlan hotspot dot11u hessid
- 1185 config wlan hotspot dot11u ipaddr-type
- 1186 config wlan hotspot dot11u nai-realm
- 1189 config wlan hotspot dot11u network-type
- 1190 config wlan hotspot dot11u roam-oi
- 1191 config wlan hotspot hs2
- 1194 config wlan hotspot hs2 domain-id
- 1195 config wlan hotspot hs2 osu legacy-ssid
- 1196 config wlan hotspot hs2 osu sp create
- 1197 config wlan hotspot hs2 osu sp delete
- 1198 config wlan hotspot hs2 osu sp icon-file add
- 1199 config wlan hotspot hs2 osu sp icon-file delete
- 1200 config wlan hotspot hs2 osu sp method add
- 1201 config wlan hotspot hs2 osu sp method delete
- 1202 config wlan hotspot hs2 osu sp nai add
- 1203 config wlan hotspot hs2 osu sp nai delete
- 1204 config wlan hotspot hs2 osu sp uri add
- 1205 config wlan hotspot hs2 osu sp uri delete
- 1206 config wlan hotspot hs2 wan-metrics downlink
- 1207 config wlan hotspot hs2 wan-metrics link-status
- 1208 config wlan hotspot hs2 wan-metrics lmd
- 1209 config wlan hotspot hs2 wan-metrics uplink
- 1210 config wlan hotspot msap
- 1211 config wlan interface
- 1212 config wlan ipv6 acl
- 1213 config wlan kts-cac
- 1214 config wlan layer2 acl
- 1215 config wlan ldap
- 1216 config wlan learn-ipaddr-cswlan
- 1217 config wlan load-balance
- 1218 config wlan lobby-admin-access
- 1219 config wlan mac-filtering
- 1220 config wlan max-associated-clients
- 1221 config wlan max-radio-clients
- 1222 config wlan mdns
- 1223 config wlan media-stream
- 1224 config wlan mfp
- 1225 config wlan mobility anchor
- 1226 config wlan mobility foreign-map
- 1227 config wlan multicast buffer
- 1228 config wlan multicast interface
- 1229 config wlan mu-mimo
- 1230 config wlan nac
- 1231 config wlan override-rate-limit
- 1233 config wlan opendns-mode
- 1234 config wlan opendns-profile
- 1235 config wlan passive-client
- 1236 config wlan peer-blocking
- 1237 config wlan pmipv6 default-realm
- 1238 config wlan pmipv6 mobility-type
- 1239 config wlan pmipv6 profile_name
- 1240 config wlan policy
- 1241 config wlan profiling
- 1243 config wlan qos
- 1244 config wlan radio
- 1245 config wlan radius_server acct
- 1246 config wlan radius_server acct interim-update
- 1247 config wlan radius_server auth
- 1248 config wlan radius_server acct interim-update
- 1249 config wlan radius_server overwrite-interface
- 1250 config wlan radius_server realm
- 1251 config wlan roamed-voice-client re-anchor
- 1252 config wlan security 802.1X
- 1254 config wlan security ckip
- 1256 config wlan security cond-web-redir
- 1257 config wlan security eap-params
- 1259 config wlan security eap-passthru
- 1260 config wlan security ft
- 1261 config wlan security ft over-the-ds
- 1262 config wlan security IPsec disable
- 1263 config wlan security IPsec enable
- 1264 config wlan security IPsec authentication
- 1265 config wlan security IPsec encryption
- 1266 config wlan security IPsec config
- 1267 config wlan security IPsec ike authentication
- 1268 config wlan security IPsec ike dh-group
- 1269 config wlan security IPsec ike lifetime
- 1270 config wlan security IPsec ike phase1
- 1271 config wlan security IPsec ike contivity
- 1272 config wlan security wpa akm ft
- 1273 config wlan security ft
- 1274 config wlan security passthru
- 1275 config wlan security pmf
- 1277 config wlan security sgt
- 1278 config wlan security splash-page-web-redir
- 1279 config wlan security static-wep-key authentication
- 1280 config wlan security static-wep-key disable
- 1281 config wlan security static-wep-key enable
- 1282 config wlan security static-wep-key encryption
- 1283 config wlan security tkip
- 1284 config wlan usertimeout
- 1285 config wlan security web-auth
- 1287 config wlan security web-auth captive-bypass
- 1288 config wlan security web-auth qrscan-des-key
- 1289 config wlan security web-passthrough acl
- 1290 config wlan security web-passthrough disable
- 1291 config wlan security web-passthrough email-input
- 1292 config wlan security web-passthrough enable
- 1293 config wlan security web-passthrough qr-scan
- 1294 config wlan security wpa akm 802.1x
- 1295 config wlan security wpa akm cckm
- 1296 config wlan security wpa akm ft
- 1297 config wlan security wpa akm pmf
- 1298 config wlan security wpa akm psk
- 1299 config wlan security wpa disable
- 1300 config wlan security wpa enable
- 1301 config wlan security wpa ciphers
- 1302 config wlan security wpa gtk-random
- 1303 config wlan security wpa osen disable
- 1304 config wlan security wpa osen enable
- 1305 config wlan security wpa wpa1 disable
- 1306 config wlan security wpa wpa1 enable
- 1307 config wlan security wpa wpa2 disable
- 1308 config wlan security wpa wpa2 enable
- 1309 config wlan security wpa wpa2 cache
- 1310 config wlan security wpa wpa2 cache sticky
- 1311 config wlan security wpa wpa2 ciphers
- 1312 config wlan session-timeout
- 1314 config wlan sip-cac disassoc-client
- 1315 config wlan sip-cac send-486busy
- 1316 config wlan static-ip tunneling
- 1317 config wlan uapsd compliant client enable
- 1318 config wlan uapsd compliant-client disable
- 1319 config wlan url-acl
- 1320 config wlan user-idle-threshold
- 1321 config wlan usertimeout
- 1322 config wlan webauth-exclude
- 1323 config wlan wifidirect
- 1324 config wlan wmm
- 1325 config wps ap-authentication
- 1326 config wps auto-immune
- 1327 config wps cids-sensor
- 1329 config wps client-exclusion
- 1331 config wps mfp
- 1332 config wps shun-list re-sync
- 1333 config wps signature
- 1335 config wps signature frequency
- 1336 config wps signature interval
- 1337 config wps signature mac-frequency
- 1338 config wps signature quiet-time
- 1339 config wps signature reset
- 1341 Debug Commands
- 1343 Debug Commands: 802.11
- 1344 debug 11k
- 1345 debug 11w-pmf
- 1346 debug 11v all
- 1347 debug 11v detail
- 1348 debug 11v error
- 1349 debug 11w-pmf
- 1351 Debug Commands: a to i
- 1354 debug aaa
- 1356 debug aaa events
- 1357 debug aaa local-auth
- 1359 debug airewave-director
- 1361 debug ap
- 1362 debug ap enable
- 1363 debug ap packet-dump
- 1364 debug ap show stats
- 1366 debug ap show stats video
- 1367 debug arp
- 1368 debug avc
- 1369 debug bcast
- 1370 debug call-control
- 1371 debug capwap
- 1372 debug capwap reap
- 1373 debug ccxdiag
- 1374 debug ccxrm
- 1375 debug ccxs69
- 1376 debug cckm
- 1377 debug client
- 1378 debug cts aaa
- 1379 debug cts authz
- 1380 debug cts capwap
- 1381 debug cts env-data
- 1382 debug cts ha
- 1383 debug cts key-store
- 1384 debug cts provisioning
- 1385 debug cts sgt
- 1386 debug cts sxp
- 1387 debug cac
- 1388 debug cdp
- 1389 debug crypto
- 1390 debug dhcp
- 1391 debug dhcp service-port
- 1392 debug disable-all
- 1393 debug dns
- 1394 debug dot11
- 1396 debug dot11
- 1398 debug dot11 mgmt interface
- 1399 debug dot11 mgmt msg
- 1400 debug dot11 mgmt ssid
- 1401 debug dot11 mgmt state-machine
- 1402 debug dot11 mgmt station
- 1403 debug dot1x
- 1404 debug dtls
- 1405 debug fastpath
- 1410 debug flexconnect avc
- 1411 debug flexconnect aaa
- 1412 debug flexconnect acl
- 1413 debug flexconnect cckm
- 1414 debug group
- 1415 debug fmchs
- 1416 debug flexconnect client ap
- 1417 debug flexconnect client ap syslog
- 1418 debug flexconnect client group
- 1419 debug flexconnect client group syslog
- 1420 debug flexconnect group
- 1421 debug ft
- 1422 debug hotspot
- 1423 debug ipv6
- 1425 Debug Commands: j to q
- 1426 debug l2age
- 1427 debug mac
- 1428 debug mdns all
- 1429 debug mdns detail
- 1430 debug mdns error
- 1431 debug mdns message
- 1432 debug mdns ha
- 1433 debug memory
- 1434 debug mesh security
- 1435 debug mobility
- 1437 debug nac
- 1438 debug nmsp
- 1439 debug ntp
- 1440 debug packet error
- 1441 debug packet logging
- 1444 debug pem
- 1445 debug pm
- 1447 debug poe
- 1448 debug policy
- 1449 debug profiling
- 1451 Debug Commands: r to z
- 1452 debug rbcp
- 1453 debug rfid
- 1454 debug snmp
- 1455 debug transfer
- 1456 debug voice-diag
- 1457 debug wcp
- 1458 debug web-auth
- 1459 debug wips
- 1460 debug wps sig
- 1461 debug wps mfp
- 1463 IMM Commands
- 1465 IMM Commands
- 1466 imm address
- 1467 imm dhcp
- 1468 imm mode
- 1469 imm restart
- 1470 imm summary
- 1471 imm username
- 1473 License Commands
- 1475 License Commands
- 1476 license activate ap-count eval
- 1477 license activate feature
- 1478 license add ap-count
- 1479 license add feature
- 1480 license clear
- 1481 license comment
- 1482 license deactivate ap-count eval
- 1483 license deactivate feature
- 1484 license delete ap-count
- 1485 license delete feature
- 1486 license install
- 1487 license modify priority
- 1489 license revoke
- 1490 license save
- 1491 license smart
- 1493 Show Commands
- 1495 Show Commands: 802.11
- 1496 show 802.11
- 1498 show 802.11
- 1500 show 802.11 cleanair
- 1502 show 802.11 cleanair air-quality summary
- 1503 show 802.11 cleanair air-quality worst
- 1504 show 802.11 cleanair device ap
- 1505 show 802.11 cleanair device type
- 1507 show 802.11 cu-metrics
- 1508 show 802.11 extended
- 1510 show 802.11 media-stream
- 1511 Show Commands: a to i
- 1517 show aaa auth
- 1518 show acl
- 1520 show acl detailed
- 1521 show acl url-acl detailed
- 1522 show acl summary
- 1523 show acl url-acl summary
- 1524 show advanced 802.11 channel
- 1525 show advanced 802.11 coverage
- 1526 show advanced 802.11 group
- 1527 show advanced 802.11 l2roam
- 1528 show advanced 802.11 logging
- 1529 show advanced 802.11 monitor
- 1530 show advanced 802.11 optimized roaming
- 1531 show advanced 802.11 profile
- 1532 show advanced 802.11 receiver
- 1533 show advanced 802.11 summary
- 1534 show advanced 802.11 txpower
- 1535 show advanced backup-controller
- 1536 show advanced dot11-padding
- 1537 show advanced hotspot
- 1538 show advanced max-1x-sessions
- 1539 show advanced probe
- 1540 show advanced rate
- 1541 show advanced timers
- 1542 show advanced client-handoff
- 1543 show advanced eap
- 1544 show advanced send-disassoc-on-handoff
- 1545 show advanced sip-preferred-call-no
- 1546 show advanced sip-snooping-ports
- 1547 show arp kernel
- 1548 show arp switch
- 1549 show ap auto-rf
- 1551 show ap ccx rm
- 1552 show ap cdp
- 1554 show ap channel
- 1555 show ap config
- 1561 show ap config general
- 1563 show ap config global
- 1564 show ap core-dump
- 1565 show ap crash-file
- 1566 show ap data-plane
- 1567 show ap dtls-cipher-suite
- 1568 show ap ethernet tag
- 1569 show ap eventlog
- 1570 show ap flexconnect
- 1571 show ap image
- 1572 show ap inventory
- 1573 show ap join stats detailed
- 1575 show ap join stats summary
- 1576 show ap join stats summary all
- 1577 show ap led-state
- 1578 show ap led-flash
- 1579 show ap link-encryption
- 1580 show ap max-count summary
- 1581 show ap monitor-mode summary
- 1582 show ap module summary
- 1583 show ap packet-dump status
- 1584 show ap prefer-mode stats
- 1585 show ap retransmit
- 1586 show ap stats
- 1589 show ap summary
- 1590 show ap tcp-mss-adjust
- 1591 show ap wlan
- 1592 show assisted-roaming
- 1593 show atf config
- 1594 show atf statistics ap
- 1595 show auth-list
- 1596 show avc applications
- 1597 show avc profile
- 1598 show avc statistics application
- 1600 show avc statistics client
- 1602 show avc statistics guest-lan
- 1604 show avc statistics remote-lan
- 1606 show avc statistics top-apps
- 1608 show avc statistics wlan
- 1610 show boot
- 1611 show band-select
- 1612 show buffers
- 1614 show cac voice stats
- 1615 show cac voice summary
- 1616 show cac video stats
- 1618 show cac video summary
- 1619 show call-control ap
- 1623 show call-control client
- 1624 show call-home summary
- 1625 show capwap reap association
- 1626 show capwap reap status
- 1627 show cdp
- 1628 show certificate compatibility
- 1629 show certificate lsc
- 1630 show certificate ssc
- 1631 show certificate summary
- 1632 show client ap
- 1633 show client calls
- 1634 show client ccx client-capability
- 1635 show client ccx frame-data
- 1636 show client ccx last-response-status
- 1637 show client ccx last-test-status
- 1638 show client ccx log-response
- 1640 show client ccx manufacturer-info
- 1641 show client ccx operating-parameters
- 1642 show client ccx profiles
- 1644 show client ccx results
- 1645 show client ccx rm
- 1647 show client ccx stats-report
- 1648 show client detail
- 1652 show client location-calibration summary
- 1653 show client roam-history
- 1654 show client summary
- 1656 show client summary guest-lan
- 1657 show client tsm
- 1659 show client username
- 1660 show client voice-diag
- 1661 show client detail
- 1663 show client location-calibration summary
- 1664 show client probing
- 1665 show client roam-history
- 1666 show client summary
- 1668 show client wlan
- 1669 show cloud-services cmx summary
- 1670 show cloud-services cmx statistics
- 1671 show cts ap
- 1672 show cts environment-data
- 1673 show cts pacs
- 1674 show cts policy
- 1675 show cts sgacl
- 1676 show cts summary
- 1677 show cts sxp
- 1678 show coredump summary
- 1679 show country
- 1680 show country channels
- 1681 show country supported
- 1683 show cpu
- 1684 show custom-web
- 1685 show database summary
- 1686 show dhcp
- 1687 show dhcp proxy
- 1688 show dhcp timeout
- 1689 show dtls connections
- 1690 show exclusionlist
- 1691 show flexconnect acl detailed
- 1692 show flexconnect acl summary
- 1693 show flexconnect group detail
- 1694 show flexconnect group summary
- 1695 show flexconnect office-extend
- 1696 show flow exporter
- 1697 show flow monitor summary
- 1698 show guest-lan
- 1699 show icons summary
- 1700 show ike
- 1701 show interface summary
- 1702 show interface detailed
- 1704 show interface group
- 1706 show invalid-config
- 1707 show inventory
- 1708 show IPsec
- 1710 show ipv6 acl
- 1711 show ipv6 summary
- 1712 show guest-lan
- 1713 show icons file-info
- 1714 show ipv6 acl
- 1715 show ipv6 acl cpu
- 1716 show ipv6 acl detailed
- 1717 show ipv6 neighbor-binding
- 1721 show ipv6 ra-guard
- 1722 show ipv6 route summary
- 1723 show ipv6 summary
- 1724 show known ap
- 1725 Show Commands: j to q
- 1729 show l2tp
- 1730 show lag eth-port-hash
- 1731 show lag ip-port-hash
- 1732 show lag summary
- 1733 show ldap
- 1734 show ldap statistics
- 1735 show ldap summary
- 1736 show license all
- 1738 show license capacity
- 1739 show license detail
- 1740 show license expiring
- 1741 show license evaluation
- 1742 show license feature
- 1743 show license file
- 1744 show license handle
- 1745 show license image-level
- 1746 show license in-use
- 1747 show license permanent
- 1748 show license status
- 1749 show license statistics
- 1750 show license summary
- 1751 show license udi
- 1752 show license usage
- 1753 show load-balancing
- 1754 show local-auth config
- 1756 show local-auth statistics
- 1758 show local-auth certificates
- 1759 show logging
- 1761 show logging last-reset
- 1762 show logging flags
- 1763 show loginsession
- 1764 show macfilter
- 1765 show mdns ap summary
- 1766 show mdns domain-name-ip summary
- 1768 show mdns profile
- 1770 show mdns service
- 1772 show media-stream client
- 1773 show media-stream group detail
- 1774 show media-stream group summary
- 1775 show mesh ap
- 1776 show mesh astools stats
- 1777 show mesh backhaul
- 1778 show mesh bgscan
- 1779 show mesh cac
- 1781 show mesh client-access
- 1782 show mesh config
- 1783 show mesh env
- 1784 show mesh neigh
- 1787 show mesh path
- 1788 show mesh per-stats
- 1789 show mesh public-safety
- 1790 show mesh queue-stats
- 1791 show mesh security-stats
- 1793 show mesh stats
- 1794 show mgmtuser
- 1795 show mobility anchor
- 1796 show mobility ap-list
- 1797 show mobility foreign-map
- 1798 show mobility group member
- 1799 show mobility oracle
- 1801 show mobility statistics
- 1802 show mobility summary
- 1804 show msglog
- 1805 show nac statistics
- 1806 show nac summary
- 1807 show network
- 1808 show network summary
- 1810 show netuser
- 1811 show netuser guest-roles
- 1812 show network multicast mgid detail
- 1813 show network multicast mgid summary
- 1814 show network summary
- 1816 show nmsp notify-interval summary
- 1817 show nmsp status
- 1818 show nmsp statistics
- 1820 show nmsp subscription
- 1821 show nmsp subscription summary
- 1822 show ntp-keys
- 1823 show ntp-keys
- 1824 show opendns summary
- 1825 show policy
- 1827 show port
- 1829 show profiling policy summary
- 1831 show qos
- 1832 show qos qosmap
- 1833 show queue-info
- 1835 show pmk-cache
- 1836 show pmipv6 domain
- 1837 show pmipv6 mag bindings
- 1838 show pmipv6 mag globals
- 1839 show pmipv6 mag stats
- 1841 show pmipv6 profile summary
- 1843 Show Commands: r to z
- 1846 show radius acct detailed
- 1847 show radius acct statistics
- 1848 show radius auth detailed
- 1849 show radius auth statistics
- 1850 show radius avp-list
- 1851 show radius summary
- 1852 show redundancy interfaces
- 1853 show redundancy latency
- 1854 show redundancy mobilitymac
- 1855 show redundancy peer-route summary
- 1856 show redundancy statistics
- 1857 show redundancy summary
- 1858 show redundancy timers
- 1859 show remote-lan
- 1861 show reset
- 1862 show rfid client
- 1863 show rfid config
- 1864 show rfid detail
- 1865 show rfid summary
- 1866 show rf-profile summary
- 1867 show rf-profile details
- 1868 show rogue adhoc custom summary
- 1869 show rogue adhoc detailed
- 1871 show rogue adhoc friendly summary
- 1872 show rogue adhoc malicious summary
- 1873 show rogue adhoc unclassified summary
- 1874 show rogue adhoc summary
- 1875 show rogue ap clients
- 1877 show rogue ap custom summary
- 1879 show rogue ap detailed
- 1881 show rogue ap friendly summary
- 1883 show rogue ap malicious summary
- 1885 show rogue ap summary
- 1888 show rogue ap unclassified summary
- 1889 show rogue auto-contain
- 1890 show rogue client detailed
- 1891 show rogue client summary
- 1892 show rogue ignore-list
- 1894 show rogue rule detailed
- 1896 show rogue rule summary
- 1897 show route kernel
- 1898 show route summary
- 1899 show rules
- 1900 show run-config
- 1901 show run-config startup-commands
- 1902 show serial
- 1903 show sessions
- 1904 show snmpcommunity
- 1905 show snmpengineID
- 1906 show snmptrap
- 1907 show snmpv3user
- 1908 show snmpversion
- 1909 show spanningtree port
- 1910 show spanningtree switch
- 1911 show stats port
- 1913 show stats switch
- 1915 show switchconfig
- 1916 show sysinfo
- 1918 show tacacs acct statistics
- 1919 show tacacs athr statistics
- 1920 show tacacs auth statistics
- 1921 show tacacs summary
- 1922 show tech-support
- 1923 show time
- 1925 show trapflags
- 1927 show traplog
- 1928 show tunnel profile-summary
- 1929 show tunnel profile-detail
- 1930 show tunnel eogre-summary
- 1931 show tunnel eogre-statistics
- 1932 show tunnel eogre-domain-summary
- 1933 show tunnel eogre gateway
- 1934 show watchlist
- 1935 show wlan
- 1940 show wps ap-authentication summary
- 1941 show wps cids-sensor
- 1942 show wps mfp
- 1943 show wps shun-list
- 1944 show wps signature detail
- 1946 show wps signature events
- 1948 show wps signature summary
- 1950 show wps summary
- 1952 show wps wips statistics
- 1953 show wps wips summary
- 1954 show wps ap-authentication summary
- 1955 Miscellaneous Commands
- 1957 Miscellaneous Commands: 1
- 1958 cping
- 1959 eping
- 1960 mping
- 1961 ping
- 1963 Miscellaneous Commands: 2
- 1965 capwap ap controller ip address
- 1966 config ap dhcp release-override
- 1967 capwap ap dot1x
- 1968 capwap ap hostname
- 1969 capwap ap ip address
- 1970 capwap ap ip default-gateway
- 1971 capwap ap log-server
- 1972 capwap ap primary-base
- 1973 capwap ap primed-timer
- 1974 capwap ap secondary-base
- 1975 capwap ap tertiary-base
- 1976 lwapp ap controller ip address
- 1977 reset system at
- 1978 reset system in
- 1979 reset system cancel
- 1980 reset system notify-time
- 1981 reset peer-system
- 1982 save config
- 1983 transfer download certpasswor
- 1984 transfer download datatype
- 1986 transfer download datatype icon
- 1987 transfer download filename
- 1988 transfer download mode
- 1989 transfer download password
- 1990 transfer download path
- 1991 transfer download port
- 1992 transfer download serverip
- 1993 transfer download start
- 1994 transfer download tftpPktTimeout
- 1995 transfer download tftpMaxRetries
- 1996 transfer download username
- 1997 transfer encrypt
- 1998 transfer upload datatype
- 2000 transfer upload filename
- 2001 transfer upload mode
- 2002 transfer upload pac
- 2003 transfer upload password
- 2004 transfer upload path
- 2005 transfer upload peer-start
- 2006 transfer upload port
- 2007 transfer upload serverip
- 2008 transfer upload start
- 2009 transfer upload username