100% found this document useful (1 vote)

1K views1,972 pages

Cisco Wireless LAN Controller Command Reference, Release 8.0

Command line reference guide for Cisco Wireless controllers.

Uploaded by

islandguy43452

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

1K views1,972 pages

Cisco Wireless LAN Controller Command Reference, Release 8.0

Command line reference guide for Cisco Wireless controllers.

Uploaded by

islandguy43452

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 1972

Cisco Wireless LAN Controller Command Reference, Release 8.

0
First Published: January 22, 2014
Last Modified: October 23, 2014

Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883

Text Part Number: OL-31334-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://

www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
2014

Cisco Systems, Inc. All rights reserved.

CONTENTS

Preface

Preface li
Audience li
Document Organization li
Document Conventions li
Related Documentation liv
Obtaining Documentation and Submitting a Service Request liv

CHAPTER 1

Using the Command-Line Interface 1

CLI Command Keyboard Shortcuts 1
Using the Interactive Help Feature 2
Using the help Command 3
Using the ? command 3
Using the partial? command 4
Using the partial command<tab> 4
Using the command ? 5
command keyword ? 6

PART I

CHAPTER 2

System Management Commands 7

CLI Commands 9
show Commands 9
show 802.11 cu-metrics 10
show advanced 802.11 l2roam 11
show advanced send-disassoc-on-handoff 12
show advanced sip-preferred-call-no 13
show advanced sip-snooping-ports 14
show arp kernel 15

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

OL-31334-01

vii

Contents

config 802.11 exp-bwreq 200

config 802.11 fragmentation 201
config 802.11 l2roam rf-params 202
config 802.11 max-clients 204
config 802.11 multicast data-rate 205
config 802.11 rate 206
config 802.11 rssi-check 207
config 802.11 rssi-threshold 208
config 802.11 tsm 209
config advanced 802.11 7920VSIEConfig 210
config advanced 802.11 edca-parameters 211
config advanced fastpath fastcache 213
config advanced fastpath pkt-capture 214
config advanced sip-preferred-call-no 215
config advanced sip-snooping-ports 216
config avc profile create 217
config avc profile delete 218
config avc profile rule 219
config band-select cycle-count 221
config band-select cycle-threshold 222
config band-select expire 223
config band-select client-rssi 224
config boot 225
config cdp 226
config certificate 227
config certificate lsc 228
config certificate ssc 230
config certificate use-device-certificate webadmin 232
config coredump 233
config coredump ftp 234
config coredump username 235
config custom-web ext-webauth-mode 236
config custom-web ext-webauth-url 237
config custom-web ext-webserver 238
config custom-web logout-popup 239

Cisco Wireless LAN Controller Command Reference, Release 8.0

viii

transfer download username 526

transfer encrypt 527
transfer upload datatype 528
transfer upload filename 530
transfer upload mode 531
transfer upload pac 532
transfer upload password 533
transfer upload path 534
transfer upload peer-start 535
transfer upload port 536
transfer upload serverip 537
transfer upload start 538
transfer upload username 539
Installing and Modifying Licenses on Cisco 5500 Series Controllers 539
license clear 540
license comment 541
license install 542
license modify priority 543
license revoke 545
license save 546
Right to Use Licensing Commands 546
license activate ap-count eval 547
license activate feature 548
license add ap-count 549
license add feature 550
license deactivate ap-count eval 551
license deactivate feature 552
license delete ap-count 553
license delete feature 554
Troubleshooting the Controller Settings 554
debug arp 555
debug avc 556
debug cac 557
debug cdp 558
debug crypto 559

Cisco Wireless LAN Controller Command Reference, Release 8.0

xvi

OL-31334-01

Contents

debug dhcp 560

debug dhcp service-port 561
debug disable-all 562
debug fastpath 563
debug l2age 568
debug mac 569
debug mdns all 570
debug mdns detail 571
debug mdns error 572
debug mdns message 573
debug mdns ha 574
debug memory 575
debug nmsp 576
debug ntp 577
debug packet error 578
debug packet logging 579
debug poe 582
debug rbcp 583
debug rfid 584
debug snmp 585
debug transfer 586
debug voice-diag 587
show debug 588
show eventlog 590
show memory monitor 591
show run-config 592
show process 593
show tech-support 594
config memory monitor errors 595
config memory monitor leaks 596
config msglog level critical 598
config msglog level error 599
config msglog level security 600
config msglog level verbose 601
config msglog level warning 602

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

xvii

Contents

ping 603

Ports and Interfaces Commands 605

PART II

CHAPTER 3

CLI Commands 607

show Commands 607
show advanced sip-snooping-ports 608
show interface summary 609
show interface detailed 610
show interface group 612
show lag eth-port-hash 614
show lag ip-port-hash 615
show lag summary 616
show port 617
show serial 619
show spanningtree port 620
show spanningtree switch 621
show stats port 622
show stats switch 624
config Commands 625
config interface acl 626
config interface address 627
config interface address redundancy-management 629
config interface ap-manager 630
config interface create 631
config interface delete 632
config interface dhcp 633
config interface dhcp 635
config interface address 636
config interface guest-lan 638
config interface hostname 639
config interface nasid 640
config interface nat-address 641
config interface port 642
config interface quarantine vlan 643

Cisco Wireless LAN Controller Command Reference, Release 8.0

xviii

OL-31334-01

Contents

config interface vlan 644

config interface group mdns-profile 645
config interface mdns-profile 647
config lag 649
config macfilter add/delete 650
config macfilter description 652
config macfilter interface 653
config macfilter ip-address 654
config macfilter mac-delimiter 655
config macfilter radius-compat 656
config macfilter wlan-id 657
config port adminmode 658
config port autoneg 659
config port linktrap 660
config port multicast appliance 661
config port power 662
config route add 663
config route delete 664
config serial baudrate 665
config serial timeout 666
config spanningtree port mode 667
config spanningtree port pathcost 668
config spanningtree port priority 669
config spanningtree switch bridgepriority 670
config spanningtree switch forwarddelay 671
config spanningtree switch hellotime 672
config spanningtree switch maxage 673
config spanningtree switch mode 674
clear Commands 674
clear stats port 675

debug wips 1019
debug wps sig 1020
debug wps mfp 1021

OL-31334-01

xxxiii

Contents

config wlan uapsd compliant client enable 1314

config wlan uapsd compliant-client disable 1315
config wlan user-idle-threshold 1316
config wlan usertimeout 1317
config wlan webauth-exclude 1318
config wlan wmm 1319
clear Commands 1319
clear ipv6 neighbor-binding 1320
debug Commands 1320
debug 11w-pmf 1322
debug call-control 1323
debug ccxdiag 1324
debug ccxrm 1325
debug ccxs69 1326
debug client 1327
debug dhcp 1328
debug dhcp service-port 1329
debug ft 1330
debug hotspot 1331
debug ipv6 1332
debug profiling 1334
debug wcp 1335
test Commands 1335
test pmk-cache delete 1336

PART VI

Lightweight Access Point Commands 1337

CHAPTER 7

CLI Commands 1339

show Commands 1339
show advanced backup-controller 1340
show advanced max-1x-sessions 1341
show advanced probe 1342
show advanced rate 1343
show advanced timers 1344
show ap auto-rf 1345

Cisco Wireless LAN Controller Command Reference, Release 8.0

xxxiv

OL-31334-01

Contents

show ap ccx rm 1347

show ap cdp 1348
show ap channel 1350
show ap config 1351
show ap config general 1357
show ap config global 1359
show ap core-dump 1360
show ap crash-file 1361
show ap data-plane 1362
show ap dtls-cipher-suite 1363
show ap ethernet tag 1364
show ap eventlog 1365
show ap image 1366
show ap inventory 1367
show ap join stats detailed 1368
show ap join stats summary 1369
show ap join stats summary all 1370
show ap led-state 1371
show ap led-flash 1372
show ap link-encryption 1373
show ap max-count summary 1374
show ap monitor-mode summary 1375
show ap packet-dump status 1376
show ap prefer-mode stats 1377
show ap retransmit 1378
show ap stats 1379
show ap summary 1382
show ap tcp-mss-adjust 1383
show ap wlan 1384
show auth-list 1385
show client ap 1386
show boot 1387
show call-control ap 1388
show country 1392
show country channels 1393

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

xxxv

Contents

show country supported 1394

show dtls connections 1396
show known ap 1397
show ipv6 ra-guard 1398
show msglog 1399
show network summary 1400
show redundancy summary 1402
show redundancy latency 1403
show redundancy interfaces 1404
show redundancy mobilitymac 1405
show redundancy peer-route summary 1406
show redundancy statistics 1407
show redundancy timers 1408
show watchlist 1409
capwap ap Commands 1410
capwap ap controller ip address 1411
capwap ap dot1x 1412
capwap ap hostname 1413
capwap ap ip address 1414
capwap ap ip default-gateway 1415
capwap ap log-server 1416
capwap ap mode 1417
capwap ap primary-base 1418
capwap ap primed-timer 1419
capwap ap secondary-base 1420
capwap ap tertiary-base 1421
lwapp ap controller ip address 1422
config Commands 1422
config 802.11-a antenna extAntGain 1423
config 802.11-a channel ap 1424
config 802.11-a txpower ap 1425
config 802.11 antenna diversity 1426
config 802.11 antenna extAntGain 1427
config 802.11 antenna mode 1428
config 802.11 antenna selection 1429

Cisco Wireless LAN Controller Command Reference, Release 8.0

xxxvi

OL-31334-01

Contents

config 802.11 beamforming 1430

config 802.11 disable 1432
config advanced 802.11 profile clients 1433
config advanced 802.11 profile customize 1434
config advanced 802.11 profile foreign 1435
config advanced 802.11 profile noise 1436
config advanced 802.11 profile throughput 1437
config advanced 802.11 profile utilization 1438
config advanced backup-controller primary 1439
config advanced backup-controller secondary 1440
config advanced client-handoff 1441
config advanced dot11-padding 1442
config advanced assoc-limit 1443
config advanced max-1x-sessions 1444
config advanced rate 1445
config advanced probe backoff 1446
config advanced probe filter 1447
config advanced probe limit 1448
config advanced timers 1449
config ap 1452
config ap autoconvert 1453
config ap bhrate 1454
config ap bridgegroupname 1455
config ap bridging 1456
config ap cdp 1457
config ap core-dump 1459
config ap crash-file clear-all 1460
config ap crash-file delete 1461
config ap crash-file get-crash-file 1462
config ap crash-file get-radio-core-dump 1463
config ap 802.1Xuser 1464
config ap 802.1Xuser delete 1465
config ap 802.1Xuser disable 1466
config ap dtls-cipher-suite 1467
config ap ethernet duplex 1468

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

xxxvii

Contents

Cisco Wireless LAN Controller Command Reference, Release 8.0

xxxviii

OL-31334-01

Contents

config ap syslog host specific 1520

config ap tcp-mss-adjust 1521
config ap telnet 1523
config ap tertiary-base 1524
config ap tftp-downgrade 1526
config ap username 1527
config ap venue 1528
config ap wlan 1532
config country 1533
config ipv6 ra-guard 1534
config known ap 1535
config network allow-old-bridge-aps 1536
config network ap-discovery 1537
config network ap-fallback 1538
config network ap-priority 1539
config network apple-talk 1540
config network bridging-shared-secret 1541
config network master-base 1542
config network oeap-600 dual-rlan-ports 1543
config network oeap-600 local-network 1544
config network otap-mode 1545
config network zero-config 1546
config redundancy interface address peer-service-port 1547
config redundancy mobilitymac 1548
config redundancy mode 1549
config redundancy peer-route 1550
config redundancy timer keep-alive-timer 1551
config redundancy timer peer-search-timer 1552
config redundancy unit 1553
redundancy force-switchover 1554
config slot 1555
config wgb vlan 1556
clear Commands 1556
clear ap config 1557
clear ap eventlog 1558

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

xxxix

Contents

clear ap join stats 1559

clear ap tsm 1560
clear lwapp private-config 1561
debug Commands 1561
debug ap 1562
debug ap enable 1563
debug ap packet-dump 1564
debug ap show stats 1565
debug ap show stats video 1567
debug capwap 1568
debug group 1569
debug lwapp console cli 1570
debug rfac 1571
debug rmgr 1572
debug rsyncmgr 1573
debug service ap-monitor 1574
transfer upload peer-start 1575
Resetting the System Reboot Time 1575
reset system at 1576
reset system in 1577
reset system cancel 1578
reset system notify-time 1579
reset peer-system 1580
test Commands 1580
test ap 1581
test capwap 1582

Mesh Access Point Commands 1585

PART VII

CHAPTER 8

CLI Commands 1587

show mesh Commands 1588
show mesh ap 1589
show mesh astools stats 1590
show mesh backhaul 1591
show mesh cac 1592

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

Contents

show mesh client-access 1594

show mesh config 1595
show mesh convergence 1596
show mesh env 1597
show mesh neigh 1598
show mesh path 1601
show mesh per-stats 1602
show mesh public-safety 1603
show mesh queue-stats 1604
show mesh security-stats 1605
show mesh stats 1607
config mesh Commands 1608
config mesh astools 1609
config mesh backhaul rate-adapt 1610
config mesh backhaul slot 1611
config mesh battery-state 1612
config mesh alarm 1613
config mesh client-access 1615
config mesh convergence 1617
config mesh ethernet-bridging vlan-transparent 1618
config mesh full-sector-dfs 1619
config mesh linkdata 1620
config mesh linktest 1623
config mesh lsc 1626
config mesh multicast 1627
config mesh parent preferred 1629
config mesh public-safety 1630
config mesh radius-server 1631
config mesh range 1632
config mesh secondary-backhaul 1633
config mesh security 1634
config mesh slot-bias 1635
config lsc mesh 1636
debug Commands 1636
debug mesh security 1637

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

xli

show assisted-roaming 1757
debug 11k 1758
debug Commands 1758
debug airewave-director 1760
debug dot11 1762

PART IX

CHAPTER 10

CleanAir Commands 1765

CLI Commands 1767

show Commands 1767
show 802.11 cleanair 1768
show 802.11 cleanair air-quality summary 1770
show 802.11 cleanair air-quality worst 1771
show 802.11 cleanair device ap 1772
show 802.11 cleanair device type 1773
show advanced 802.11 channel 1775
show ap auto-rf 1776
config Commands 1777
config 802.11 cleanair 1778
config 802.11 cleanair device 1780
config 802.11 cleanair alarm 1782
config advanced 802.11 channel cleanair-event 1784
config advanced 802.11 channel pda-prop 1785
config advanced 802.11 channel update 1786
test Commands 1786
test cleanair show 1787

PART X

CHAPTER 11

FlexConnect Commands 1789

CLI Commands 1791

show Commands 1791
show capwap reap association 1792
show capwap reap status 1793
show flexconnect acl detailed 1794

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

xlv

Contents

show flexconnect acl summary 1795

show flexconnect group detail 1796
show flexconnect group summary 1797
show flexconnect office-extend 1798
config Commands 1798
config ap autoconvert 1799
config ap flexconnect bridge 1800
config ap flexconnect central-dhcp 1801
config ap flexconnect local-split 1803
config ap flexconnect policy 1804
config ap flexconnect radius auth set 1805
config ap flexconnect vlan 1806
config ap flexconnect vlan add 1807
config ap flexconnect vlan native 1808
config ap flexconnect vlan wlan 1809
config ap flexconnect web-auth 1810
config ap flexconnect web-policy acl 1811
config ap flexconnect wlan 1812
config flexconnect acl 1813
config flexconnect acl rule 1814
config flexconnect arp-cache 1816
config flexconnect fallback-radio-shut 1817
config flexconnect group 1818
config flexconnect group vlan 1824
config flexconnect group flexgroup dhcp overridden-interface enable 1825
config flexconnect group web-auth 1826
config flexconnect group web-policy 1827
config flexconnect join min-latency 1828
config flexconnect office-extend 1829
config wlan flexconnect ap-auth 1831
config wlan flexconnect learn-ipaddr 1832
config wlan flexconnect local-switching 1833
config wlan flexconnect vlan-central-switching 1835
Integrated Management Module Commands in Cisco Flex 7500 Series Controllers 1835
imm address 1836

Cisco Wireless LAN Controller Command Reference, Release 8.0

xlvi

OL-31334-01

Contents

imm dhcp 1837

imm mode 1838
imm restart 1839
imm summary 1840
imm username 1841
debug Commands 1841
debug capwap reap 1842
debug dot11 mgmt interface 1843
debug dot11 mgmt msg 1844
debug dot11 mgmt ssid 1845
debug dot11 mgmt state-machine 1846
debug dot11 mgmt station 1847
debug flexconnect aaa 1848
debug flexconnect acl 1849
debug flexconnect cckm 1850
debug flexconnect group 1851
debug pem 1852

PART XI

CHAPTER 12

Mobility Commands 1853

CLI Commands 1855

show Commands 1855
show advanced client-handoff 1856
show l2tp 1857
show logging 1858
show mobility anchor 1860
show mobility ap-list 1861
show mobility foreign-map 1862
show mobility group member 1863
show mobility oracle 1864
show mobility statistics 1866
show mobility summary 1867
show pmipv6 domain 1869
show pmipv6 mag bindings 1870
show pmipv6 mag globals 1871

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

xlvii

Contents

show pmipv6 mag stats 1872

show pmipv6 profile summary 1874
config Commands 1874
config mobility dscp 1875
config mobility group anchor 1876
config mobility group domain 1877
config mobility group keepalive count 1878
config mobility group keepalive interval 1879
config mobility group member 1880
config mobility group multicast-address 1882
config mobility multicast-mode 1883
config mobility new-architecture 1884
config mobility oracle 1885
config mobility switchPeerGroup 1886
config mobility secure-mode 1887
config mobility statistics reset 1888
config pmipv6 domain 1889
config pmipv6 add profile 1890
config pmipv6 delete 1892
config pmipv6 mag apn 1893
config pmipv6 mag binding init-retx-time 1894
config pmipv6 mag binding lifetime 1895
config pmipv6 mag binding max-retx-time 1896
config pmipv6 mag binding maximum 1897
config pmipv6 mag binding refresh-time 1898
config pmipv6 mag bri delay 1899
config pmipv6 mag bri retries 1900
config pmipv6 mag lma 1901
config pmipv6 mag replay-protection 1902
config wlan mobility anchor 1903
config wlan mobility foreign-map 1904
config wlan pmipv6 default-realm 1905
config wlan pmipv6 mobility-type 1906
config wlan pmipv6 profile_name 1907
clear, debug and ping Commands 1907

Cisco Wireless LAN Controller Command Reference, Release 8.0

xlviii

OL-31334-01

Contents

clear stats mobility 1908

cping 1909
debug dot11 1910
debug client 1912
debug fmchs 1913
debug mobility 1914
eping 1916
mping 1917

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

xlix

Contents

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

Preface
This preface describes the audience, organization, and conventions of the Cisco Wireless LAN Controller
Command Reference Guide. It also provides information on how to obtain other documentation. This chapter
includes the following sections:
Audience, page li
Document Organization, page li
Document Conventions, page li
Related Documentation, page liv
Obtaining Documentation and Submitting a Service Request, page liv

Audience
This publication is for experienced network administrators who configure and maintain Cisco wireless LAN
controllers and Cisco lightweight access points.

Document Organization
This document is organized into the following chapters:
Chapter

Description

Overview

Describes how to use the command-line interface (CLI) on the controller.

CLI Commands

Provides detailed information about the CLI commands for the controller.

Document Conventions
This document uses the following conventions:

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

Preface
Document Conventions

Convention

Indication

bold font

Commands and keywords and user-entered text appear in bold font.

italic font

Document titles, new or emphasized terms, and arguments for which you supply
values are in italic font.

[]

Elements in square brackets are optional.

{x | y | z }

Required alternative keywords are grouped in braces and separated by vertical

bars.

[x|y|z]

Optional alternative keywords are grouped in brackets and separated by vertical

bars.

string

A nonquoted set of characters. Do not use quotation marks around the string or
the string will include the quotation marks.

courier

Note

Tip

font

Terminal sessions and information the system displays appear in courier font.

Nonprinting characters such as passwords are in angle brackets.

[]

Default responses to system prompts are in square brackets.

!, #

An exclamation point (!) or a pound sign (#) at the beginning of a line of code
indicates a comment line.

Means reader take note. Notes contain helpful suggestions or references to material not covered in the
manual.

Means the following information will help you solve a problem.

Caution

Means reader be careful. In this situation, you might perform an action that could result in equipment
damage or loss of data.

Warning

This warning symbol means danger. You are in a situation that could cause bodily injury. Before you
work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with
standard practices for preventing accidents. (To see translations of the warnings that appear in this
publication, refer to the appendix "Translated Safety Warnings.")

Cisco Wireless LAN Controller Command Reference, Release 8.0

lii

OL-31334-01

Preface
Document Conventions

Warning Title

Description

Waarschuwing

Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die

lichamelijk letsel kan veroorzaken. Voordat u aan enige apparatuur gaat werken,
dient u zich bewust te zijn van de bij elektrische schakelingen betrokken risico's
en dient u op de hoogte te zijn van standaard maatregelen om ongelukken te
voorkomen. (Voor vertalingen van de waarschuwingen die in deze publicatie
verschijnen, kunt u het aanhangsel "Translated Safety Warnings" (Vertalingen
van veiligheidsvoorschriften) raadplegen.)

Varoitus

Tm varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa

ruumiinvammaan. Ennen kuin tyskentelet minkn laitteiston parissa, ota selv
shkkytkentihin liittyvist vaaroista ja tavanomaisista onnettomuuksien
ehkisykeinoista. (Tss julkaisussa esiintyvien varoitusten knnkset lydt
liitteest "Translated Safety Warnings" (knnetyt turvallisuutta koskevat
varoitukset).)

Attention

Ce symbole d'avertissement indique un danger. Vous vous trouvez dans une

situation pouvant entraner des blessures. Avant d'accder cet quipement,
soyez conscient des dangers poss par les circuits lectriques et familiarisez-vous
avec les procdures courantes de prvention des accidents. Pour obtenir les
traductions des mises en garde figurant dans cette publication, veuillez consulter
l'annexe intitule Translated Safety Warnings (Traduction des avis de scurit).

Warnung

Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die
zu einer Krperverletzung fhren knnte. Bevor Sie mit der Arbeit an irgendeinem
Gert beginnen, seien Sie sich der mit elektrischen Stromkreisen verbundenen
Gefahren und der Standardpraktiken zur Vermeidung von Unfllen bewut.
(bersetzungen der in dieser Verffentlichung enthaltenen Warnhinweise finden
Sie im Anhang mit dem Titel "Translated Safety Warnings" (bersetzung der
Warnhinweise).)

Avvertenza

Questo simbolo di avvertenza indica un pericolo. Si in una situazione che pu

causare infortuni. Prima di lavorare su qualsiasi apparecchiatura, occorre
conoscere i pericoli relativi ai circuiti elettrici ed essere al corrente delle pratiche
standard per la prevenzione di incidenti. La traduzione delle avvertenze riportate
in questa pubblicazione si trova nell'appendice, "Translated Safety Warnings"
(Traduzione delle avvertenze di sicurezza).

Advarsel

Dette varselsymbolet betyr fare. Du befinner deg i en situasjon som kan fre til
personskade. Fr du utfrer arbeid p utstyr, m du vre oppmerksom p de
faremomentene som elektriske kretser innebrer, samt gjre deg kjent med vanlig
praksis nr det gjelder unng ulykker. (Hvis du vil se oversettelser av de
advarslene som finnes i denne publikasjonen, kan du se i vedlegget "Translated
Safety Warnings" [Oversatte sikkerhetsadvarsler].)

Aviso

Este smbolo de aviso indica perigo. Encontra-se numa situao que lhe poder
causar danos fisicos. Antes de comear a trabalhar com qualquer equipamento,
familiarize-se com os perigos relacionados com circuitos elctricos, e com
quaisquer prticas comuns que possam prevenir possveis acidentes. (Para ver
as tradues dos avisos que constam desta publicao, consulte o apndice
"Translated Safety Warnings" - "Tradues dos Avisos de Segurana").

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

liii

Preface
Related Documentation

Warning Title

Description

Advertencia!

Este smbolo de aviso significa peligro. Existe riesgo para su integridad fsica.
Antes de manipular cualquier equipo, considerar los riesgos que entraa la
corriente elctrica y familiarizarse con los procedimientos estndar de prevencin
de accidentes. (Para ver traducciones de las advertencias que aparecen en esta
publicacin, consultar el apndice titulado "Translated Safety Warnings.")

Varning

Denna varningssymbol signalerar fara. Du befinner dig i en situation som kan

leda till personskada. Innan du utfr arbete p ngon utrustning mste du vara
medveten om farorna med elkretsar och knna till vanligt frfarande fr att
frebygga skador. (Se frklaringar av de varningar som frekommer i denna
publikation i appendix "Translated Safety Warnings" [versatta
skerhetsvarningar].)

Related Documentation
These documents provide complete information about the Cisco Unified Wireless Network solution:
Cisco Wireless LAN Controller Configuration Guide
Cisco Wireless LAN Controller System Message Guide
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points

Obtaining Documentation and Submitting a Service Request

For information about obtaining documentation, submitting a service request, and gathering additional
information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised
Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as an RSS feed and set content to be delivered
directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports
RSS Version 2.0.

Cisco Wireless LAN Controller Command Reference, Release 8.0

liv

OL-31334-01

Using the Command-Line Interface

This chapter contains the following topics:
CLI Command Keyboard Shortcuts, page 1
Using the Interactive Help Feature, page 2

CLI Command Keyboard Shortcuts

The table below lists the CLI keyboard shortcuts to help you enter and edit command lines on the controller.
Table 1: CLI Command Keyboard Shortcuts

Action

Description

Keyboard Shortcut

Change

The word at the cursor to lowercase.

Esc I

The word at the cursor to uppercase.

Esc u

A character to the left of the cursor.

Ctrl-h, Delete, or Backspace

Delete

All characters from the cursor to the beginning of the Ctrl-u

line.
All characters from the cursor to the end of the line.

Ctrl-k

All characters from the cursor to the end of the word. Esc d

Display MORE
output

The word to the left of the cursor.

Ctrl-w or Esc Backspace

Exit from MORE output.

q, Q, or Ctrl-C

Next additional screen. The default is one screen. To

display more than one screen, enter a number before
pressing the Spacebar key.

Spacebar

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

Using the Command-Line Interface

Using the Interactive Help Feature

Action

Description

Keyboard Shortcut

Next line. The default is one line. To display more than Enter
one line, enter the number before pressing the Enter
key.
Enter an Enter or Return key character.

Ctrl-m

Expand the command or abbreviation.

Ctrl-t or Tab

Move the cursor

One character to the left (back).

Ctrl-b or Left Arrow

One character to the right (forward).

Ctrl-f or Right Arrow

One word to the left (back), to the beginning of the

current or previous word.

Esc b

One word to the right (forward), to the end of the

current or next word.

Esc f

To the beginning of the line.

Ctrl-a

To the end of the line.

Ctrl-e

Redraw the screen at the prompt.

Ctrl-l or Ctrl-r

Return to the EXEC mode from any configuration mode

Ctrl-z

Return to the previous mode or exit from the CLI from Exec mode.

exit command

Transpose a character at the cursor with a character to the left of the cursor. Ctrl-t

Using the Interactive Help Feature

The question mark (?) character allows you to get the following type of help about the command at the
command line. The table below lists the interactive help feature list.
Table 2: Interactive Help Feature List

Command
help

Provides a brief description of the Help feature in any command mode.

? at the command
prompt

Lists all commands available for a particular command mode.

partial command?

Provides a list of commands that begin with the character string.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

Using the Command-Line Interface

Using the help Command

Command
partial
command<Tab>

Completes a partial command name.

command ?

Lists the keywords, arguments, or both associated with a command.

command keyword ?

Lists the arguments that are associated with the keyword.

Using the help Command

Before You Begin
To look up keyboard commands, use the help command at the root level.
help
Help may be requested at any point in a command by entering a question mark ?. If nothing matches, the
help list will be empty and you must back up until entering a ? shows the available options. Two types of
help are available:
1 Full help is available when you are ready to enter a command argument (for example show ?) and describes
each possible argument.
2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments
match the input (for example show pr?).
Example:
> help
HELP:
Special keys:
DEL, BS... delete previous character
Ctrl-A .... go to beginning of line
Ctrl-E .... go to end of line
Ctrl-F .... go forward one character
Ctrl-B .... go backward one character
Ctrl-D .... delete current character
Ctrl-U, X. delete to beginning of line
Ctrl-K .... delete to end of line
Ctrl-W .... delete previous word
Ctrl-T .... transpose previous character
Ctrl-P .... go to previous line in history buffer
Ctrl-N .... go to next line in history buffer
Ctrl-Z .... return to root command prompt
Tab, <SPACE> command-line completion
Exit
.... go to next lower command prompt
?
.... list choices

Using the ? command

Before You Begin
To display all of the commands in your current level of the command tree, or to display more information
about a particular command, use the ? command.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

Using the Command-Line Interface

Using the partial? command

command name ?
When you enter a command information request, put a space between the command name and ?.

Examples

This command shows you all the commands and levels available from the root level.
> ?
clear
config
debug
help
linktest
logout
ping
reset
save
show
transfer

Clear selected configuration elements.

Configure switch options and settings.
Manages system debug options.
Help
Perform a link test to a specified MAC address.
Exit this session. Any unsaved changes are lost.
Send ICMP echo packets to a specified IP address.
Reset options.
Save switch configurations.
Display switch options and settings.
Transfer a file to or from the switch.

Using the partial? command

Before You Begin
To provide a list of commands that begin with the character string, use the partial command ?.
partial command?
There should be no space between the command and the question mark.
This example shows how to provide a command that begin with the character string ad:
> controller> config>ad?

The command that matches with the string ad is as follows:

advanced

Using the partial command<tab>

Before You Begin
To completes a partial command name, use the partial command<tab> command.
partial command<tab>
There should be no space between the command and <tab>.
This example shows how to complete a partial command name that begin with the character string ad:
Controller >config>cert<tab> certificate

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

Using the Command-Line Interface

Using the command ?

Examples

To list the keywords, arguments, or both associated with the command, use the command ?.
command-name ?

There should be a space between the command and the question mark.
This example shows how to list the arguments and keyword for the command acl:
Controller >config acl ?

Information similar to the following appears:

apply
counter
create
delete
rule
cpu

Applies the ACL to the data path.

Start/Stop the ACL Counters.
Create a new ACL.
Delete an ACL.
Configure rules in the ACL.
Configure the CPU Acl Information

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

Using the Command-Line Interface

command keyword ?

command keyword ?
To list the arguments that are associated with the keyword, use the command keyword ?:
command keyword ?

There should be space between the keyword and the question mark.
This example shows how to display the arguments associated with the keyword cpu:
Controller >config acl cpu ?

Information similar to the following appears:

none
<name>

None - Disable the CPU ACL

<name> - Name of the CPU ACL

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

PART

System Management Commands

CLI Commands, page 9

CLI Commands
The Cisco Wireless LAN solution command-line interface (CLI) enables operators to connect an ASCII
console to the Cisco wireless LAN controller and configure the controller and its associated access points.
show Commands, page 9
config Commands, page 146
Timeout Commands, page 446
Clearing Configurations, Log files, and Other Actions, page 473
Resetting the System Reboot Time, page 508
Uploading and Downloading Files and Configurations, page 513
Installing and Modifying Licenses on Cisco 5500 Series Controllers, page 539
Right to Use Licensing Commands, page 546
Troubleshooting the Controller Settings, page 554

show Commands
This section lists the show commands that you can use to display information about the controller settings
and user accounts.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show 802.11 cu-metrics

To display access point channel utilization metrics, use the show 802.11 cu-metrics command.
show 802.11{a | b} cu-metrics cisco_ap

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

cisco_ap

Access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show 802.11a cu-metrics command:

(Cisco Controller) > show 802.11a cu-metrics AP1
AP Interface Mac:
30:37:a6:c8:8a:50
Measurement Duration:
90sec
Timestamp
Thu Jan 27 09:08:48 2011
Channel Utilization stats
================
Picc (50th Percentile)......................
Pib (50th Percentile).......................
Picc (90th Percentile)......................
Pib (90th Percentile).......................
Timestamp
Thu Jan 27 09:34:34 2011

0
76
0
77

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show advanced 802.11 l2roam

To display 802.11a or 802.11b/g Layer 2 client roaming information, use the show advanced 802.11 l2roam
command.
show advanced 802.11{a | b} l2roam {rf-param | statistics} mac_address}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

rf-param

Specifies the Layer 2 frequency parameters.

statistics

Specifies the Layer 2 client roaming statistics.

mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show advanced 802.11b l2roam rf-param command:
(Cisco Controller) > show advanced 802.11b l2roam rf-param
L2Roam 802.11bg RF Parameters.....................
Config Mode.................................. Default
Minimum RSSI................................. -85
Roam Hysteresis.............................. 2
Scan Threshold............................... -72
Transition time.............................. 5

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show advanced send-disassoc-on-handoff

To display whether the WLAN controller disassociates clients after a handoff, use the show advanced
send-disassoc-on-handoff command.
show advanced send-disassoc-on-handoff

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show advanced send-disassoc-on-handoff command:

(Cisco Controller) > show advanced send-disassoc-on-handoff
Send Disassociate on Handoff..................... Disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show advanced sip-preferred-call-no

To display the list of preferred call numbers, use the show advanced sip-preferred-call-no command.
show advanced sip-preferred-call-no

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show advanced sip-preferred-call-no command:

(Cisco Controller) > show advanced sip-preferred-call-no
Preferred Call Numbers List
Call Index
Preferred Call No
---------------------------1
911
2
100
3
101
4
102
5
103
6
104

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show advanced sip-snooping-ports

To display the port range for call snooping, use the show advanced sip-snooping-ports command.
show advanced sip-snooping-ports

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show advanced sip-snooping-ports command:

(Cisco Controller) > show advanced sip-snooping-ports
SIP Call Snoop Ports: 1000 - 2000

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show arp kernel

To display the kernel Address Resolution Protocol (ARP) cache information, use the show arp kernel
command.
show arp kernel

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show arp kernel command:

(Cisco Controller) > show arp kernel
IP address
HW type
Flags
192.0.2.1
0x1
0x2
192.0.2.8
0x1
0x6

HW address
00:1A:6C:2A:09:C2
00:1E:E5:E6:DB:56

Mask
*
*

Device
dtl0
dtl0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show arp switch

To display the Cisco wireless LAN controller MAC addresses, IP addresses, and port types, use the show arp
switch command.
show arp switch

Syntax Description

Command History

Examples

This command has no arguments or keywords.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show arp switch command:

(Cisco Controller) > show arp switch
MAC Address
IP Address
------------------- ---------------xx:xx:xx:xx:xx:xx
xxx.xxx.xxx.xxx
xx:xx:xx:xx:xx:xx
xxx.xxx.xxx.xxx
xx:xx:xx:xx:xx:xx
xxx.xxx.xxx.xxx

Port
VLAN
Type
------------ ---- ------------------service port
1
service port
service port

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show avc applications

To display all the supported Application Visibility and Control (AVC) applications, use the show avc
applications command.
show avc applications

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release

Modification

7.4

This command was introduced.

Usage Guidelines

AVC uses the Network-Based Application Recognition (NBAR) deep packet inspection technology to classify
applications based on the protocol they use. Using AVC, the controller can detect more than 1500 Layer 4 to
Layer 7 protocols.

Examples

The following is a sample output of the show avc applications command:

(Cisco Controller) > show avc applications
Application-Name
================
3com-amp3
3com-tsmux
3pc
914c/g
9pfs
acap
acas
accessbuilder
accessnetwork
acp
acr-nema
active-directory
activesync
adobe-connect
aed-512
afpovertcp
agentx
alpes
aminet
an
----

App-ID Engine-ID Selector-ID

Application-Group-Name
====== ========= ===========
======================
538
3
629
other
977
3
106
obsolete
788
1
34
layer3-over-ip
1109
3
211
net-admin
479
3
564
net-admin
582
3
674
net-admin
939
3
62
other
662
3
888
other
607
3
699
other
513
3
599
other
975
3
104
industrial-protocols
1194
13
473
other
1419
13
490
business-and-productivity-tools
1441
963
1327

13
3
3

505
149
548

609
377
558
861
----

3
3
3
1
---

705
463
2639
107
-----

other
obsolete
business-and-productivity-tools
net-admin
net-admin
file-sharing
layer3-over-ip
-------------

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show avc engine

To display information about the Network-Based Application Recognition 2 (NBAR2) engine, use the show
avc engine command.
show avc engine version

Syntax Description

Command Default

Command History

version

Displays the version of the NBAR2 engine.

None

Release

Modification

7.5

This command was introduced.

Usage Guidelines

The Application Visibility and Control (AVC) protocol pack is not supported in the Cisco 2500 Series Wireless
Controllers.

Examples

The following is a sample output of the show avc engine command:

(Cisco Controller) > show avc engine version
AVC Engine Version: 13

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show avc profile

To display Application Visibility and Control (AVC) profiles, use the show avc profile command.
show avc profile {summary | detailed profile_name }

Syntax Description

Command Default

Command History

Examples

summary

Displays a summary of AVC profiles.

detailed

Displays the details of an AVC profile.

profile_name

Name of the AVC profile. The profile name can be up to 32 case-sensitive,

alphanumeric characters.

None

Release

Modification

7.4

This command was introduced.

The following is a sample output of the show avc profile summary command.
(Cisco Controller) > show avc profile summary
Profile-Name
============
profile 1
avc_profile2

Number of Rules
==============
3
1

The following is a sample output of the show avc profile detailed command.
(Cisco Controller) > show avc profile detailed
Application-Name
================
ftp
flash-video
facebook

Application-Group-Name
=======================
file-sharing
browsing
browsing

Action
======
Drop
Mark
Mark

DSCP
====
10
10

Associated WLAN IDs

:
Associated Remote LAN IDs :
Associated Guest LAN IDs :

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show avc protocol-pack

To display information about the Application Visibility and Control (AVC) protocol pack in the Cisco Wireless
LAN Controller (WLC), use the show avc protocol-pack command.
show avc protocol-pack version

Syntax Description

Command Default

Command History

version

Displays the version of the AVC protocol pack.

None

Release

Modification

7.5

This command was introduced.

Usage Guidelines

The AVC protocol pack is not supported in the Cisco 2500 Series Wireless Controllers.

Examples

The following is a sample output of the show avc protocol-pack command:

(Cisco Controller) > show avc protocol-pack version
AVC Protocol Pack Name: Advanced Protocol Pack
AVC Protocol Pack Version: 1.0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show avc statistics application

To display the statistics of an application, use the show avc statistics application command.
show avc statistics application application_name top-users [downstream wlan | upstream wlan | wlan]
[wlan_id ]}

Syntax Description

Command Default

Command History

Examples

application_name

Name of the application. The application name can be up to 32

case-sensitive, alphanumeric characters.

top-users

Displays AVC statistics for top application users.

downstream

(Optional) Displays statistics of top downstream applications.

wlan

(Optional) Displays AVC statistics of a WLAN.

wlan_id

WLAN identifier from 1 to 512.

upstream

(Optional) Displays statistics of top upstream applications.

None

Release

Modification

7.4

This command was introduced.

The following is a sample output of the show avc statistics application command:
(Cisco Controller) > show avc statistics application ftp top-users downstream wlan 1
Client MAC
Bytes
DSCP
(Up/Down)
(Total)
In Out
===========
=======
=== ===
00:0a:ab:15:00:9c(U)
338
0
0
(D)
6409
0
0
00:0a:ab:15:00:5a(U)
84
0
0
(D)
5869
0
0
00:0a:ab:15:00:60(U)
8666
0
0
(D)
9595
0
0
00:0a:ab:15:00:a4(U)
161
0
0
(D)

Client IP

WLAN ID

Packets

Bytes

(n secs) (n secs)
=========

======

=======

Avg Pkt

Packets

Size

(Total)

======

=======

172.16.31.156

5911

268

172.16.31.90

5723

476

172.16.31.96

117

172.16.31.96

4433

233

172.16.31.164

139

172.16.31.164

4409

191

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

4439
0
0
00:0a:ab:15:00:48(U)
2738
0
0
(D)
4367
0
0
00:0a:ab:15:00:87(U)
301
0
0
(D)
7755
0
0
00:0a:ab:15:00:92(U)
84
0
0
(D)
4201
0
0
00:0a:ab:15:00:31(U)
250
0
0
(D)
3755
0
0
00:0a:ab:15:00:46(U)
175
0
0
(D)
3448
0
0
00:0a:ab:15:00:b3(U)
241
0
0

172.16.31.72

2738

130

172.16.31.72

4367

198

172.16.31.135

4208

350

172.16.31.146

4168

463

172.16.31.49

3201

177

172.16.31.70

3162

316

172.16.31.179

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show avc statistics client

To display the client Application Visibility and Control (AVC) statistics, use the show avc statistics client
command.
show avc statistics client client_MAC {application application_name | top-apps [upstream | downstream]}

Syntax Description

Command Default

Command History

Examples

client_MAC

MAC address of the client.

application

Displays AVC statistics for an application.

application_name

Name of the application. The application name can be up to 32 case-sensitive,

alphanumeric characters.

top-apps

Displays AVC statistics for top applications.

upstream

(Optional) Displays statistics of top upstream applications.

downstream

(Optional) Displays statistics of top downstream applications.

None

Release

Modification

7.4

This command was introduced.

The following is a sample output of the show avc statistics client command:
(Cisco Controller) > show avc statistics client 00:0a:ab:15:00:01 application http
Description
===========
Number of Packtes(n secs)
Number of Bytes(n secs)
Average Packet size(n secs)
Total Number of Packtes
Total Number of Bytes
DSCP Incoming packet
DSCP Outgoing Packet

Upstream
========
5059
170144
33
131878
6054464
16
16

Downstream
==========
6369
8655115
1358
150169
205239972
0
0

The following is a sample output of the show avc statistics client command.
(Cisco Controller) > show avc statistics client 00:0a:ab:15:00:01 top-apps
Application-Name
(Up/Down)
================
http
ggp

Packets
(n secs)
=======
(U)
6035
(D)
5420
(U)
1331
(D)
0

Bytes
Avg Pkt
(n secs) Size
======
======
637728
105
7218796
1331
1362944
1024
0
0

Packets
(Total)
=======
6035
5420
1331
0

Bytes
(Total)
======
637728
7218796
1362944
0

DSCP DSCP
In
Out
==== ====
16
16
0
0
0
0
0
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

smp
vrrp
bittorrent
icmp
edonkey
dns
realmedia

(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)

1046
0
205
0
117
121
0
72
112
105
10
7
2
2

1071104
0
209920
0
1604
70469
0
40032
4620
33076
380
1743
158
65

1024
0
1024
0
13
582
0
556
41
315
38
249
79
32

1046
0
205
0
117
121
0
72
112
105
10
7
2
2

1071104
0
209920
0
1604
70469
0
40032
4620
33076
380
1743
158
65

0
0
0
0
0
0
0
48
0
0
0
0
24
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show avc statistics guest-lan

To display the Application Visibility and Control (AVC) statistics of a guest LAN, use the show avc statistics
guest-lan command.
show avc statistics guest-lan guest-lan_id {application application_name | top-app-groups [upstream |
downstream] | top-apps [upstream | downstream]}

Syntax Description

Command Default

Command History

Examples

guest-lan_id

Guest LAN identifier from 1 to 5.

application

Displays AVC statistics for an application.

application_name

Name of the application. The application name can be up to 32

case-sensitive, alphanumeric characters.

top-app-groups

Displays AVC statistics for top application groups.

upstream

(Optional) Displays statistics of top upstream applications.

downstream

(Optional) Displays statistics of top downstream applications.

top-apps

Displays AVC statistics for top applications.

None

Release

Modification

7.4

This command was introduced.

The following is a sample output of the show avc statistics command.

(Cisco Controller) > show avc statistics guest-lan 1
Application-Name
(Up/Down)
================
unclassified
ftp
http
gre
icmp
ipinip
imap

(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)

Packets
Bytes
Avg Pkt Packets
Bytes
(n secs) (n secs) Size
(Total)
(Total)
======= ======
======
======
=======
191464
208627
1
92208613 11138796586
63427 53440610
842
16295621
9657054635
805
72880
90
172939
11206202
911
58143
63
190900
17418653
264904 12508288
47
27493945
2837672192
319894 436915253 1365
29850934 36817587924
0
0
0
10158872 10402684928
0
0
0
0
0
1
40
40
323
98476
7262
4034576
555
2888266
1605133372
62565 64066560 1024
11992305 12280120320
0
0
0
0
0
1430
16798
11
305161
3795766

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

irc
nntp

(D)
(U)
(D)
(U)
(D)

1555
9
11
22
22

576371
74
371
158
372

370
8
33
7
16

332290
1736
1972
1705
2047

125799465
9133
173381
9612
214391

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show avc statistics remote-lan

To display the Application Visibility and Control (AVC) statistics of a remote LAN, use the show avc statistics
remote-lan command.
show avc statistics remote-lan remote-lan_id{application application_name | top-app-groups [upstream
| downstream] | top-apps [upstream | downstream]}

Syntax Description

Command Default

Command History

Examples

remote-lan_id

Remote LAN identifier from 1 to 512.

application

Displays AVC statistics for an application.

application_name

Name of the application. The application name can be up to 32

case-sensitive, alphanumeric characters.

top-app-groups

Displays AVC statistics for top application groups.

upstream

(Optional) Displays statistics of top upstream applications.

downstream

(Optional) Displays statistics of top downstream applications.

top-apps

Displays AVC statistics for top applications.

None

Release

Modification

7.4

This command was introduced.

The following is a sample output of the show avc statistics remote-lan command.
(Cisco Controller) > show avc statistics remote-lan 1
Application-Name
(Up/Down)
================
unclassified
ftp
http
gre
icmp
ipinip
imap

(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

irc
nntp

(D)
(U)
(D)
(U)
(D)

1555
9
11
22
22

576371
74
371
158
372

370
8
33
7
16

332290
1736
1972
1705
2047

125799465
9133
173381
9612
214391

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show avc statistics top-apps

To display the Application Visibility and Control (AVC) statistics for the most used applications, use the
show avc statistics top-apps command.
show avc statistics top-apps [upstream | downstream]

Syntax Description

Command Default

Command History

Examples

upstream

(Optional) Displays statistics of the most used upstream applications.

downstream

(Optional) Displays statistics of the most used downstream applications.

None

Release

Modification

7.4

This command was introduced.

The following is a sample output of the show avc statistics top-aps command:
(Cisco Controller) > show avc statistics top-apps
Application-Name
(Up/Down)
================
http
realmedia
mpls-in-ip
fire
pipe
gre
crudp
rtp
icmp

Related Commands

(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)

Packets
Bytes
Avg Pkt
(n secs)
(n secs) Size
=======
======= =======
204570
10610912
51
240936 327624221
1359
908
62154
68
166694 220522943
1322
77448
79306752
1024
0
0
0
70890
72591360
1024
0
0
0
68296
69935104
1024
0
0
0
60982
62445568
1024
0
0
0
26430
27064320
1024
0
0
0
0
0
0
7482
9936096
1328
0
0
0
10155
5640504
555

Packets
(Total)
=======
28272539
30750570
400698
35802836
10292787
0
10242484
0
10224255
0
10340221
0
10109812
0
0
2603923
323
2924693

Bytes
(Total)
========
2882294016
38026889010
26470359
47131836785
10539813888
0
10488303616
0
10469637120
0
10588386304
0
10352447488
0
0
3458009744
98476
1625363564

config avc profile delete

config avc profile create
config avc profile rule
config wlan avc
show avc profile

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show avc applications

show avc statistics client
show avc statistics wlan
show avc statistics applications
show avc statistics guest-lan
show avc statistics remote-lan
debug avc error
debug avc events

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show avc statistics wlan

To display the Application Visibility and Control (AVC) statistics of a WLAN, use the show avc statistics
wlan command.
show avc statistics wlan wlan_id {application application_name | top-app-groups [upstream | downstream]
| top-apps [upstream | downstream]}

Syntax Description

Command Default

Command History

Examples

wlan_id

WLAN identifier from 1 to 512.

application

Displays AVC statistics for an application.

application_name

Name of the application. The application name can be up to 32

case-sensitive, alphanumeric characters.

top-app-groups

Displays AVC statistics for top application groups.

upstream

(Optional) Displays statistics of top upstream applications.

downstream

(Optional) Displays statistics of top downstream applications.

top-apps

Displays AVC statistics for top applications.

None

Release

Modification

7.4

This command was introduced.

The following is a sample output of the show avc statistics command.

(Cisco Controller) >show avc statistics wlan 1
Application-Name
(Up/Down)
================
unclassified
ftp
http
gre
icmp
ipinip
imap

(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

irc
nntp

(D)
(U)
(D)
(U)
(D)

1555
9
11
22
22

576371
74
371
158
372

370
8
33
7
16

332290
1736
1972
1705
2047

125799465
9133
173381
9612
214391

The following is a sample output of the show avc statistics wlan command.
(Cisco Controller) >show avc statistics wlan 1 application ftp
Description
===========
Number of Packtes(n secs)
Number of Bytes(n secs)
Average Packet size(n secs)
Total Number of Packtes
Total Number of Bytes

Upstream
========
0
0
0
32459
274

Downstream
==========
0
0
0
64888
94673983

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show boot
To display the primary and backup software build numbers with an indication of which is active, use the show
boot command.
show boot

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Each Cisco wireless LAN controller retains one primary and one backup operating system software load in
nonvolatile RAM to allow controllers to boot off the primary load (default) or revert to the backup load when
desired.

Examples

The following is a sample output of the show boot command:

(Cisco Controller) > show boot
Primary Boot Image............................... 3.2.13.0 (active)
Backup Boot Image................................ 3.2.15.0

Related Commands

config boot

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show band-select
To display band selection information, use the show band-select command.
show band-select

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show band-select command:

(Cisco Controller) > show band-select
Band Select Probe Response.......................
Cycle Count...................................
Cycle Threshold...............................
Age Out Suppression...........................
Age Out Dual Band.............................
Client RSSI...................................

Related Commands

per WLAN enabling

3 cycles
200 milliseconds
20 seconds
60 seconds
-80 dBm

config band-select
config wlan band-select

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show buffers
To display buffer information of the controller, use the show buffers command.
show buffers

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show buffers command:

(Cisco Controller) > show buffers
Pool[00]: 16 byte chunks
chunks in pool:
50000
chunks in use:
9196
bytes in use:
147136
bytes requested:
73218 (73918 overhead bytes)
Pool[01]: 64 byte chunks
chunks in pool:
50100
chunks in use:
19222
bytes in use:
1230208
bytes requested:
729199 (501009 overhead bytes)
Pool[02]: 128 byte chunks
chunks in pool:
26200
chunks in use:
9861
bytes in use:
1262208
bytes requested:
848732 (413476 overhead bytes)
Pool[03]: 256 byte chunks
chunks in pool:
3000
chunks in use:
596
bytes in use:
152576
bytes requested:
93145 (59431 overhead bytes)
Pool[04]: 384 byte chunks
chunks in pool:
6000
chunks in use:
258
bytes in use:
99072
bytes requested:
68235 (30837 overhead bytes)
Pool[05]: 512 byte chunks
chunks in pool:
18700
chunks in use:
18667
bytes in use:
9557504
bytes requested:
7933814 (1623690 overhead bytes)
Pool[06]: 1024 byte chunks
chunks in pool:
3500
chunks in use:
94
bytes in use:
96256
bytes requested:
75598 (20658 overhead bytes)
Pool[07]: 2048 byte chunks
chunks in pool:
1000
chunks in use:
54
bytes in use:
110592
bytes requested:
76153 (34439 overhead bytes)
Pool[08]: 4096 byte chunks
chunks in pool:
1000

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

chunks in use:
bytes in use:
bytes requested:
Raw Pool:
chunks in use:
bytes requested:

47
192512
128258 (64254 overhead bytes)
256
289575125

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show cac voice stats

To view the detailed voice CAC statistics of the 802.11a or 802.11b radio, use the show cac voice stats
command.
show cac voice stats {802.11a | 802.11b}

Syntax Description

Command History

Examples

802.11a

Displays detailed voice CAC statistics for 802.11a.

802.11b

Displays detailed voice CAC statistics for 802.11b/g.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show cac voice stats 802.11b command:
(Cisco Controller) > show cac voice stats 802.11b
WLC Voice Call Statistics for 802.11b Radio
WMM TSPEC CAC Call Stats
Total num of Calls in progress.................
Num of Roam Calls in progress..................
Total Num of Calls Admitted....................
Total Num of Roam Calls Admitted...............
Total Num of exp bw requests received..........
Total Num of exp bw requests Admitted..........
Total Num of Calls Rejected....................
Total Num of Roam Calls Rejected...............
Num of Calls Rejected due to insufficent bw....
Num of Calls Rejected due to invalid params....
Num of Calls Rejected due to PHY rate..........
Num of Calls Rejected due to QoS policy........
SIP CAC Call Stats
Total Num of Calls in progress.................
Num of Roam Calls in progress..................
Total Num of Calls Admitted....................
Total Num of Roam Calls Admitted...............
Total Num of Preferred Calls Received..........
Total Num of Preferred Calls Admitted..........
Total Num of Ongoing Preferred Calls...........
Total Num of Calls Rejected(Insuff BW).........
Total Num of Roam Calls Rejected(Insuff BW)....
KTS based CAC Call Stats
Total Num of Calls in progress.................
Num of Roam Calls in progress..................
Total Num of Calls Admitted....................
Total Num of Roam Calls Admitted...............
Total Num of Calls Rejected(Insuff BW).........
Total Num of Roam Calls Rejected(Insuff BW)....

0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show cac voice summary

To view the list of all APs with brief voice statistics (includes bandwidth used, maximum bandwidth available,
and the number of calls information), use the show cac voice summary command.
show cac voice summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show cac voice summary command:
(Cisco Controller) > show cac voice summary
AP Name
Slot#
Radio BW Used/Max
----------------- ------- ----- ----------APc47d.4f3a.3547
0
11b/g
0/23437
1
11a
1072/23437
1

Calls
----0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show cac video stats

To view the detailed video CAC statistics of the 802.11a or 802.11b radio, use the show cac video stats
command.
show cac video stats {802.11a | 802.11b}

Syntax Description

Command History

Examples

802.11a

Displays detailed video CAC statistics for 802.11a.

802.11b

Displays detailed video CAC statistics for 802.11b/g.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show cac video stats 802.11b command:
(Cisco Controller) > show cac video stats 802.11b
WLC Video Call Statistics for 802.11b Radio
WMM TSPEC CAC Call Stats
Total num of Calls in progress.................
Num of Roam Calls in progress..................
Total Num of Calls Admitted....................
Total Num of Roam Calls Admitted...............
Total Num of Calls Rejected....................
Total Num of Roam Calls Rejected...............
Num of Calls Rejected due to insufficent bw....
Num of Calls Rejected due to invalid params....
Num of Calls Rejected due to PHY rate..........
Num of Calls Rejected due to QoS policy........
SIP CAC Call Stats
Total Num of Calls in progress.................
Num of Roam Calls in progress..................
Total Num of Calls Admitted....................
Total Num of Roam Calls Admitted...............
Total Num of Calls Rejected(Insuff BW).........
Total Num of Roam Calls Rejected(Insuff BW)....

Related Commands

0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

config 802.11 cac voice

config 802.11 cac defaults
config 802.11 cac video
config 802.11 cac multimedia
show cac voice stats
show cac voice summary
show cac video stats
show cac video summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

config 802.11 cac video load-based

config 802.11 cac video cac-method
config 802.11 cac video sip

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show cac video summary

To view the list of all access points with brief video statistics (includes bandwidth used, maximum bandwidth
available, and the number of calls information), use the show cac video summary command.
show cac video summary

Syntax Description

Command History

Examples

This command has no arguments or keywords.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show cac video summary command:
(Cisco Controller) > show cac video summary
AP Name
----------------AP001b.d571.88e0
AP5_1250

Related Commands

Slot#
------0
1
0
1

Radio
----11b/g
11a
11b/g
11a

BW Used/Max
----------0/10937
0/18750
0/10937
0/18750

Calls
----0
0
0
0

config 802.11 cac voice

config 802.11 cac defaults
config 802.11 cac video
config 802.11 cac multimedia
show cac voice stats
show cac voice summary
show cac video stats
show cac video summary
config 802.11 cac video load-based
config 802.11 cac video cac-method
config 802.11 cac video sip

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show cdp
To display the status and details of the Cisco Discovery Protocol (CDP), use the show cdp command.
show cdp {neighbors [detail] | entry all | traffic}

Syntax Description

Command Default

Command History

Examples

neighbors

Displays a list of all CDP neighbors on all interfaces.

detail

(Optional) Displays detailed information of the controllers CDP neighbors. This

command shows only the CDP neighbors of the controller; it does not show the
CDP neighbors of the controllers associated access points.

entry all

Displays all CDP entries in the database.

traffic

Displays CDP traffic information.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show cdp command:

(Cisco Controller) > show cdp
CDP counters :
Total packets output: 0, Input: 0
Chksum error: 0
No memory: 0, Invalid packet: 0,

Related Commands

config cdp
config ap cdp
show ap cdp

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show certificate compatibility

To display whether or not certificates are verified as compatible in the Cisco wireless LAN controller, use
the show certificate compatibility command.
show certificate compatibility

Syntax Description

Command History

Examples

This command has no arguments or keywords.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show certificate compatibility command:

(Cisco Controller) > show certificate compatibility
Certificate compatibility mode:................ off

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show certificate lsc

To verify that the controller has generated a Locally Significant Certificate (LSC), use the show certificate
lsc summary command.
show certificate lsc {summary | ap-provision}

Syntax Description

Command Default

Command History

Examples

summary

Displays a summary of LSC certificate settings and certificates.

ap-provision

Displays details about the access points that are provisioned using the LSC.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show certificate lsc summary command:
(Cisco Controller) > show certificate lsc summary
LSC Enabled...................................... Yes
LSC CA-Server.................................... http://10.0.0.1:8080/caserver
LSC AP-Provisioning.............................. Yes
Provision-List............................... Not Configured
LSC Revert Count in AP reboots............... 3
LSC Params:
Country...................................... 4
State........................................ ca
City......................................... ss
Orgn......................................... org
Dept......................................... dep
Email........................................ [email protected]
KeySize...................................... 390
LSC Certs:
CA Cert...................................... Not Configured
RA Cert...................................... Not Configured

This example shows how to display the details about the access points that are provisioned using the LSC:
(Cisco Controller) > show certificate lsc ap-provision
LSC AP-Provisioning.............................. Yes
Provision-List................................... Present
Idx Mac Address
--- ------------1 00:18:74:c7:c0:90

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show certificate ssc

To view the Self Signed Device Certificate (SSC) and hash key of the virtual controller, use the show certificate
ssc command.
show certificate ssc

Syntax Description

Command History

Examples

This command has no arguments or keywords.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show certificate ssc command :

(Cisco Controller) > show certificate ssc
SSC Hash validation.............................. Enabled.
SSC Device Certificate details:
Subject Name :
C=US, ST=California, L=San Jose, O=Cisco Virtual Wireless LAN Controller,
CN=DEVICE-vWLC-AIR-CTVM-K9-000C297F2CF7, [email protected]
Validity :
Start : 2012 Jul 23rd, 15:47:53 GMT
End
: 2022 Jun 1st, 15:47:53 GMT
Hash key : 5870ffabb15de2a617132bafcd73

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show certificate summary

To verify that the controller has generated a certificate, use the show certificate summary command.
show certificate summary

Syntax Description

Command History

Examples

This command has no arguments or keywords.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show certificate summary command:

(Cisco Controller) > show certificate summary
Web Administration Certificate................. Locally Generated
Web Authentication Certificate................. Locally Generated
Certificate compatibility mode:................ off

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show client calls

To display the total number of active or rejected calls on the controller, use the show client calls command.
show client calls {active | rejected} {802.11a | 802.11bg | all}

Syntax Description

Command Default

Command History

Examples

active

Specifies active calls.

rejected

Specifies rejected calls.

802.11a

Specifies the 802.11a network.

802.11bg

Specifies the 802.11b/g network.

all

Specifies both the 802.11a and 802.11b/g network.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show client calls active 802.11a command :
(Cisco Controller) > show client calls active 802.11a
Client MAC
Username
Total Call
AP Name
Duration (sec)
--------------------------------------------------00:09: ef: 02:65:70
abc
45
VJ-1240C-ed45cc
00:13: ce: cc: 51:39
xyz
45
AP1130-a416
00:40:96: af: 15:15
def
45
AP1130-a416
00:40:96:b2:69: df
def
45
AP1130-a416
Number of Active Calls ------------------------------------ 4

Radio Type
---------802.11a
802.11a
802.11a
802.11a

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show client roam-history

To display the roaming history of a specified client, use the show client roam-history command.
show client roam-history mac_address

Syntax Description

Command Default

Command History

Examples

mac_address

Client MAC address.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show client roam-history command:

(Cisco Controller) > show client roam-history 00:14:6c:0a:57:77

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show client summary

To display a summary of clients associated with a Cisco lightweight access point, use the show client summary
command.
show client summary [ssid / ip / username / devicetype]

Syntax Description

This command has no arguments or keywords up to Release 7.4.

ssid / ip / username / devicetype

(Optional) Displays active clients selective details on any of the

following parameters or all the parameters in any order:
SSID
IP addresss
Username
Device type (such as Samsung-Device or
WindowsXP-Workstation)

Command Default

Command History

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Use show client ap command to list the status of automatically disabled clients. Use the show exclusionlist
command to display clients on the exclusion list (blacklisted).

Examples

The following example shows how to display a summary of the active clients:
(Cisco Controller) > show client summary
Number of Clients................................ 24
Number of PMIPV6 Clients......................... 200
MAC Address
AP Name
Status
WLAN/GLAN/RLAN Auth Protocol
Port
Wired PMIPV6
----------------- ----------------- ------------- -------------- ---- ---------------- -------- -----00:00:15:01:00:01
No
Yes
00:00:15:01:00:02
No
No
00:00:15:01:00:03
No
Yes
00:00:15:01:00:04

NMSP-TalwarSIM1-2 Associated

Yes

802.11a

NMSP-TalwarSIM1-2 Associated

Yes

802.11a

NMSP-TalwarSIM1-2 Associated

Yes

802.11a

NMSP-TalwarSIM1-2 Associated

Yes

802.11a

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

Examples

The following example shows how to display all clients that are WindowsXP-Workstation device type:
(Cisco Controller) >show client summary WindowsXP-Workstation
Number of Clients in WLAN........................ 0
MAC Address

AP Name

Status

Auth Protocol

----------------- -------- ------------- ----------------

Port Wired Mobility Role

---------- --------------

Number of Clients with requested device type..... 0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show client summary guest-lan

To display the active wired guest LAN clients, use the show client summary guest-lan command.
show client summary guest-lan

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show client summary guest-lan command:
(Cisco Controller) > show client summary guest-lan
Number of Clients................................ 1
MAC Address
AP Name
Status
WLAN Auth
------------------------------- ---00:16:36:40:ac:58 N/A
Associated
1
No

Related Commands

Protocol
-------802.3

Port Wired
---- ----1
Yes

show client summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show client tsm

To display the client traffic stream metrics (TSM) statistics, use the show client tsm command.
show client tsm 802.11{a | b} client_mac {ap_mac | all}

Syntax Description

Command Default

Command History

Examples

802.11a

Specifies the 802.11a network.

802.11b

Specifies the 802.11 b/g network.

client_mac

MAC address of the client.

ap_mac

MAC address of the tsm access point.

all

Specifies the list of all access points to which the client has associations.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show client tsm 802.11a command:
(Cisco Controller) > show client tsm 802.11a xx:xx:xx:xx:xx:xx all
AP Interface MAC: 00:0b:85:01:02:03
Client Interface Mac:
00:01:02:03:04:05
Measurement Duration:
90 seconds
Timestamp
1st Jan 2006, 06:35:80
UpLink Stats
================
Average Delay (5sec intervals)............................35
Delay less than 10 ms.....................................20
Delay bet 10 - 20 ms......................................20
Delay bet 20 - 40 ms......................................20
Delay greater than 40 ms..................................20
Total packet Count.........................................80
Total packet lost count (5sec).............................10
Maximum Lost Packet count(5sec)............................5
Average Lost Packet count(5secs)...........................2
DownLink Stats
================
Average Delay (5sec intervals)............................35
Delay less than 10 ms.....................................20
Delay bet 10 - 20 ms......................................20
Delay bet 20 - 40 ms......................................20
Delay greater than 40 ms..................................20
Total packet Count.........................................80
Total packet lost count (5sec).............................10
Maximum Lost Packet count(5sec)............................5
Average Lost Packet count(5secs)...........................2

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

Related Commands

show client ap
show client detail
show client summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show client username

To display the client data by the username, use the show client username command.
show client username username

Syntax Description

username

Clients username.
You can view a list of the first eight clients that are in RUN state associated to
controller's access points.

Command Default

Command History

Examples

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show client username command:

(Cisco Controller) > show client username local
MAC Address
Device Type
---------------------------

AP Name

Status

WLAN

Auth

Protocol

Port

-----------------

-------------

----

----------------

----

12:22:64:64:00:01
Unknown
12:22:64:64:00:02
Unknown
12:22:64:64:00:03
Unknown
12:22:64:64:00:04
Unknown
12:22:64:64:00:05
Unknown
12:22:64:64:00:06
Unknown
12:22:64:64:00:07
Unknown
12:22:64:64:00:08
Unknown

WEB-AUTH-AP-1

Associated

Yes

802.11g

WEB-AUTH-AP-1

Associated

Yes

802.11g

WEB-AUTH-AP-1

Associated

Yes

802.11g

WEB-AUTH-AP-1

Associated

Yes

802.11g

WEB-AUTH-AP-1

Associated

Yes

802.11g

WEB-AUTH-AP-1

Associated

Yes

802.11g

WEB-AUTH-AP-1

Associated

Yes

802.11g

WEB-AUTH-AP-1

Associated

Yes

802.11g

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show client voice-diag

To display voice diagnostics statistics, use the show client voice-diag command.
show client voice-diag {quos-map | roam-history | rssi | status | tspec}

Syntax Description

Command Default

Command History

Examples

quos-map

Displays information about the QoS/DSCP mapping and packet statistics in each
of the four queues: VO, VI, BE, BK. The different DSCP values are also
displayed.

roam-history

Displays information about history of the last three roamings. The output contains
the timestamp, access point associated with the roaming, the roaming reason,
and if there is a roaming failure, the reason for the roaming failure.

rssi

Displays the clients RSSI values in the last 5 seconds when voice diagnostics
are enabled.

status

Displays the status of voice diagnostics for clients.

tspec

Displays TSPEC for the voice diagnostic for clients.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show client voice-diag status command:
(Cisco Controller) > show client voice-diag status
Voice Diagnostics Status: FALSE

Related Commands

show client ap
show client detail
show client summary
debug voice-diag

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show coredump summary

To display a summary of the controllers core dump file, use the show coredump summary command.
show coredump summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show coredump summary command:

(Cisco Controller) > show coredump summary
Core Dump is enabled
FTP Server IP.................................... 10.10.10.17
FTP Filename..................................... file1
FTP Username..................................... ftpuser
FTP Password.................................. *********

Related Commands

config coredump
config coredump ftp
config coredump username

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show cpu
To display current WLAN controller CPU usage information, use the show cpu command.
show cpu

Syntax Description

Command History

Examples

This command has no arguments or keywords.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show cpu command:

(Cisco Controller) > show cpu
Current CPU load: 2.50%

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show custom-web
To display web authentication customization information, use the show custom-web command.
show custom-web

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show custom-web command:

(Cisco Controller) > show custom-web
Radius Authentication Method.....................
Cisco Logo.......................................
CustomLogo.......................................
Custom Title.....................................
Custom Message...................................
Custom Redirect URL..............................
External web authentication Mode.................
External web authentication URL..................

Related Commands

PAP
Enabled
None
None
None
None
Disabled
None

config custom-web weblogo

config custom-web webmessage
config custom-web webtitle
config custom-web weblogo
config custom-web ext-webauth-mode
config custom-web redirectUrl
config custom-web ext-webauth-type
config custom-web ext-webauth-url
show custom-web

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show database summary

To display the maximum number of entries in the database, use the show database summary command.
show database summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Examples

The following is a sample output of the show database summary command:

(Cisco Controller) > show database summary
Maximum Database Entries.........................
Maximum Database Entries On Next Reboot..........
Database Contents
MAC Filter Entries...........................
Exclusion List Entries.......................
AP Authorization List Entries................
Management Users.............................
Local Network Users..........................
Local Users..............................
Guest Users..............................
Total..................................... 5

Related Commands

2048
2048
2
0
1
1
1
1
0

config database size

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show dhcp
To display the internal Dynamic Host Configuration Protocol (DHCP) server configuration, use the show
dhcp command.
show dhcp {leases | summary | scope}

Syntax Description

Command Default

Command History

Examples

leases

Displays allocated DHCP leases.

summary

Displays DHCP summary information.

scope

Name of a scope to display the DHCP information for that scope.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the allocated DHCP leases:
(Cisco Controller) >show dhcp leases
No leases allocated.

The following example shows how to display the DHCP summary information:
(Cisco Controller) >show dhcp summary
Scope Name
Enabled
Address Range
003
No
0.0.0.0 -> 0.0.0.0

The following example shows how to display the DHCP information for the scope 003:
(Cisco Controller) >show dhcp 003
Enabled.......................................
Lease Time....................................
Pool Start....................................
Pool End......................................
Network.......................................
Netmask.......................................
Default Routers...............................
DNS Domain....................................
DNS...........................................
Netbios Name Servers..........................

No
0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0 0.0.0.0 0.0.0.0
0.0.0.0 0.0.0.0 0.0.0.0
0.0.0.0 0.0.0.0 0.0.0.0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show dtls connections

To display the Datagram Transport Layer Security (DTLS) server status, use the show dtls connections
command.
show dtls connections

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following is a sample output of the show dtls connections command.

Device > show dtls connections
AP Name
--------------1130
1130
1240

Local Port
------------Capwap_Ctrl
Capwap_Data
Capwap_Ctrl

Peer IP
--------------1.100.163.210
1.100.163.210
1.100.163.209

Peer Port
------------23678
23678
59674

Ciphersuite
----------------------TLS_RSA _WITH_AES_128_CBC_SHA
TLS_RSA _WITH_AES_128_CBC_SHA
TLS_RSA _WITH_AES_128_CBC_SHA

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show dhcp proxy

To display the status of DHCP proxy handling, use the show dhcp proxy command.
show dhcp proxy

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the status of DHCP proxy information:
(Cisco Controller) >show dhcp proxy
DHCP Proxy Behavior: enabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show dhcp timeout

To display the DHCP timeout value, use the show dhcp timeout command.
show dhcp timeout

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the DHCP timeout value:
(Cisco Controller) >show dhcp timeout
DHCP Timeout (seconds)................. 10

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show flow exporter

To display the details or the statistics of the flow exporter, use the show flow exporter command.
show flow exporter {summary | statistics}

Syntax Description

Command Default

Command History

Examples

summary

Displays a summary of the flow exporter.

statistics

Displays the statistics of flow exporters such as the number of records sent,
or the time when the last record was sent.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show flow exporter summary command:
(Cisco Controller) > show flow exporter summary
Exporter-Name
Exporter-IP
Port
=============
===========
=====
expo1
9.9.120.115
800

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show flow monitor summary

To display the details of the NetFlow monitor, use the show flow monitor summary command.

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Netflow record monitoring and export are used for integration with an NMS or any Netflow analysis tool.

Examples

The following is a sample output of the show flow monitor summary:

(Cisco Controller) > show flow monitor summary
Monitor-Name
Exporter-Name
============
=============
mon1
expo1
ipv4_client_app_flow_record

Exporter-IP
===========
9.9.120.115

Port
====
800

Record Name
===========

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show guest-lan
To display the configuration of a specific wired guest LAN, use the show guest-lan command.
show guest-lan guest_lan_id

Syntax Description

Command Default

Command History

guest_lan_id

ID of the selected wired guest LAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

To display all wired guest LANs configured on the controller, use the show guest-lan summary command.

Examples

The following is a sample output of the show guest-lan guest_lan_id command:

(Cisco Controller) >show guest-lan 2
Guest LAN Identifier........................... 1
Profile Name................................... guestlan
Network Name (SSID)............................ guestlan
Status......................................... Enabled
AAA Policy Override............................ Disabled
Number of Active Clients....................... 1
Exclusionlist Timeout.......................... 60 seconds
Session Timeout................................ Infinity
Interface...................................... wired
Ingress Interface.............................. wired-guest
WLAN ACL....................................... unconfigured
DHCP Server.................................... 10.20.236.90
DHCP Address Assignment Required............... Disabled
Quality of Service............................. Silver (best effort)
Security
Web Based Authentication................... Enabled
ACL........................................ Unconfigured
Web-Passthrough............................ Disabled
Conditional Web Redirect................... Disabled
Auto Anchor................................ Disabled
Mobility Anchor List
GLAN ID IP Address Status

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show invalid-config
To see any ignored commands or invalid configuration values in an edited configuration file, use the show
invalid-config command.
show invalid-config

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You can enter this command only before the clear config or save config command.

Examples

The following is a sample output of the show invalid-config command:

(Cisco Controller) > show invalid-config
config wlan peer-blocking drop 3
config wlan dhcp_server 3 192.168.0.44 required

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show inventory
To display a physical inventory of the Cisco wireless LAN controller, use the show inventory command.
show inventory

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Some wireless LAN controllers may have no crypto accelerator (VPN termination module) or power supplies
listed because they have no provisions for VPN termination modules or power supplies.

Examples

The following is a sample output of the show inventory command:

(Cisco Controller) > show inventory
Burned-in MAC Address............................ 50:3D:E5:1A:31:A0
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 500
NAME: "Chassis"
, DESCR: "Cisco 5500 Series Wireless LAN Controller"
PID: AIR-CT5508-K9, VID: V01, SN: XXXXXXXXXXX

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show license all

To display information for all licenses on the Cisco 5500 Series Controller, use the show license all command.
show license all

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display all the licenses:

> show license all
License Store: Primary License Storage
StoreIndex: 0 Feature: wplus-ap-count
Version: 1.0
License Type: Permanent
License State: Inactive
License Count: 12/0/0
License Priority: Medium
StoreIndex: 1 Feature: base
Version: 1.0
License Type: Permanent
License State: Active, Not in Use
License Count: Non-Counted
License Priority: Medium
StoreIndex: 2 Feature: wplus
Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
License Store: Evaluation License Storage
StoreIndex: 0 Feature: wplus
Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 6 weeks 6 days
License Count: Non-Counted
License Priority: Low
StoreIndex: 1 Feature: wplus-ap-count
Version: 1.0
License Type: Evaluation
License State: Active, In Use
Evaluation total period: 8 weeks 4 days
Evaluation period left: 2 weeks 3 days
Expiry date: Thu Jun 25 18:09:43 2009
License Count: 250/250/0
License Priority: High
StoreIndex: 2 Feature: base
Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Count: Non-Counted
License Priority: Low
StoreIndex: 3 Feature: base-ap-count
Version: 1.0
License Type: Evaluation
License State: Active, Not in Use, EULA accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 3 days
License Count: 250/0/0
License Priority: Low

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

Related Commands

license install
show license agent
show license detail
show license feature
show license image-level
show license summary
license modify priority

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show license capacity

To display the maximum number of access points allowed for this license on the Cisco 5500 Series Controller,
the number of access points currently joined to the controller, and the number of access points that can still
join the controller, use the show license capacity command.
show license capacity

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display the license capacity:

> show license capacity
Licensed Feature
Max Count
Current Count
Remaining Count
----------------------------------------------------------------------AP Count
250
47
203

Related Commands

license install
show license all
show license detail
show license feature
show license image-level
show license summary
license modify priority
show license evaluation

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show license detail

To display details of a specific license on the Cisco 5500 Series Controller, use the show license detail
command.
show license detail license-name

Syntax Description

license-name

Name of a specific license.

Command Default

Command Default

None.

Examples

This example shows how to display the license-enabled features:

> show license feature
Feature name Enforcement
wplus
yes
wplus-ap-count
yes
base
no
base-ap-count
yes

Related Commands

Evaluation
yes
yes
yes
yes

Clear Allowed
yes
yes
yes
yes

Enabled
yes
yes
no
no

license install
show license all
show license detail
show license expiring
show license image-level
show license in-use
show license summary
show license modify priority
show license evaluation

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show license file

To display a summary of license-enabled features on the Cisco 5500 Series Controller, use the show license
file command.
show license file

Syntax Description

This command has no arguments or keywords.

Examples

This example shows how to display the license files:

> show license file
License Store: Primary License Storage
Store Index: 0
License: 11 wplus-ap-count 1.0 LONG NORMAL STANDALONE EXCL 12_KEYS INFINIT
E_KEYS NEVER NEVER NiL SLM_CODE CL_ND_LCK NiL *1AR5NS7M5AD8PPU400
NiL NiL NiL 5_MINS <UDI><PID>AIR-CT5508-K9</PID><SN>RFD000P2D27<
/SN></UDI> Pe0L7tv8KDUqo:zlPe423S5wasgM8G,tTs0i,7zLyA3VfxhnIe5aJa
m63lR5l8JM3DPkr4O2DI43iLlKn7jomo3RFl1LjMRqLkKhiLJ2tOyuftQSq2bCAO6
nR3wIb38xKi3t$<WLC>AQEBIQAB//++mCzRUbOhw28vz0czAY0iAm7ocDLUMb9ER0
+BD3w2PhNEYwsBN/T3xXBqJqfC+oKRqwInXo3s+nsLU7rOtdOxoIxYZAo3LYmUJ+M
FzsqlhKoJVlPyEvQ8H21MNUjVbhoN0gyIWsyiJaM8AQIkVBQFzhr10GYolVzdzfJf
EPQIx6tZ++/Vtc/q3SF/5Ko8XCY=</WLC>
Comment:
Hash: iOGjuLlXgLhcTB113ohIzxVioHA=
. . .

Related Commands

license install
show license all
show license detail
show license expiring
show license feature
show license image-level
show license in-use
show license summary
show license evaluation

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show license handle

To display the license handles on the Cisco 5500 Series Controller, use the show license handle command.
show license handle

Syntax Description

This command has no arguments or keywords.

Command Default

Command Default

None.

Examples

This example shows how to display the permanent licenses information:

This example shows how to display a brief summary of all licenses:

> show license summary
Index 1 Feature: wplus
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: wplus-ap-count
Period left: 2 weeks 3 days
License Type: Evaluation
License State: Active, In Use
License Count: 250/250/0
License Priority: High
Index 3 Feature: base
Period left: Life time
License Type: Permanent
License State: Active, Not in Use
License Count: Non-Counted
License Priority: Medium
Index 4 Feature: base-ap-count
Period left: 8 weeks 3 days
License Type: Evaluation
License State: Active, Not in Use, EULA accepted
License Count: 250/0/0
License Priority: Low

Related Commands

license install
show license all
show license detail
show license expiring
show license feature
show license image-level
show license in-use
show license permanent
license modify priority
show license evaluation

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show license udi

To display unique device identifier (UDI) values for licenses on the Cisco 5500 Series Controller, use the
show license udi command.
show license udi

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display the UDI values for licenses:
> show license udi
Device# PID
SN
UDI
------------------------------------------------------------------------------------*0
AIR-CT5508-K9
RFD000P2D27
AIR-CT5508-K9:RFD000P2D27

Related Commands

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show load-balancing
To display the status of the load-balancing feature, use the show load-balancing command.
show load-balancing

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display the load-balancing status:

> show load-balancing
Aggressive Load Balancing........................ Enabled
Aggressive Load Balancing Window................. 0 clients
Aggressive Load Balancing Denial Count........... 3
Statistics
Total Denied Count............................... 10 clients
Total Denial Sent................................ 20 messages
Exceeded Denial Max Limit Count.................. 0 times
None 5G Candidate Count.......................... 0 times
None 2.4G Candidate Count..................... 0 times

Related Commands

config load-balancing

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show local-auth certificates

To display local authentication certificate information, use the show local-auth certificates command:
show local-auth certificates

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the authentication certificate information stored locally:
(Cisco Controller) > show local-auth certificates

Related Commands

clear stats local-auth

config local-auth active-timeout
config local-auth eap-profile
config local-auth method fast
config local-auth user-credentials
debug aaa local-auth
show local-auth config
show local-auth statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show logging
To display the syslog facility logging parameters and buffer contents, use the show logging command.
show logging

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the current settings and buffer content details:
(Cisco Controller) >show logging
(Cisco Controller) > config logging syslog host 10.92.125.52
System logs will be sent to 10.92.125.52 from now on
(Cisco Controller) > config logging syslog host 2001:9:6:40::623
System logs will be sent to 2001:9:6:40::623 from now on
(Cisco Controller) > show logging
Logging to buffer :
- Logging of system messages to buffer :
- Logging filter level..........................
- Number of system messages logged..............
- Number of system messages dropped.............
- Logging of debug messages to buffer ...........
- Number of debug messages logged...............
- Number of debug messages dropped..............
- Cache of logging .............................
- Cache of logging time(mins) ...................
- Number of over cache time log dropped ........
Logging to console :
- Logging of system messages to console :
- Logging filter level..........................
- Number of system messages logged..............
- Number of system messages dropped.............
- Logging of debug messages to console ..........
- Number of debug messages logged...............
- Number of debug messages dropped..............
Logging to syslog :
- Syslog facility................................
- Logging of system messages to console :
- Logging filter level..........................
- Number of system messages logged..............
- Number of system messages dropped.............
- Logging of debug messages to console ..........
- Number of debug messages logged...............
- Number of debug messages dropped..............
- Logging of system messages to syslog :
- Logging filter level..........................
- Number of system messages logged..............
- Number of system messages dropped.............

errors
1316
6892
Disabled
0
0
Disabled
10080
0
disabled
0
8243
Enabled
0
0
local0
disabled
0
8208
Enabled
0
0
errors
1316
6892

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

- Logging of debug messages to syslog ...........

- Number of debug messages logged...............
- Number of debug messages dropped..............
- Number of remote syslog hosts..................
- syslog over tls................................
- Host 0.......................................
- Host 1.......................................
- Host 2.......................................
Logging of RFC 5424..............................
Logging of Debug messages to file :
- Logging of Debug messages to file..............
- Number of debug messages logged................
- Number of debug messages dropped...............
Logging of traceback.............................

Disabled
0
0
2
Disabled
10.92.125.52
2001:9:6:40::623
Disabled
Disabled
0
0
Enabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show loginsession
To display the existing sessions, use the show loginsession command.
show loginsession

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display the current session details:

> show loginsession
ID
username
Connection From
-- --------------- --------------00 admin
EIA-232

Related Commands

Idle Time
Session Time
------------ -----------00:00:00
00:19:04

config loginsession close

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show mesh cac

To display call admission control (CAC) topology and the bandwidth used or available in a mesh network,
use the show mesh cac command.
show mesh cac {summary | {bwused {voice | video} | access | callpath | rejected} cisco_ap}

Syntax Description

Command Default

Command History

Examples

summary

Displays the total number of voice calls and voice bandwidth used for each mesh access
point.

bwused

Displays the bandwidth for a selected access point in a tree topology.

voice

Displays the mesh topology and the voice bandwidth used or available.

video

Displays the mesh topology and the video bandwidth used or available.

access

Displays access voice calls in progress in a tree topology.

callpath

Displays the call bandwidth distributed across the mesh tree.

rejected

Displays voice calls rejected for insufficient bandwidth in a tree topology.

cisco_ap

Mesh access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display a summary of the call admission control settings:
(Cisco Controller) >show mesh cac summary
AP Name
Slot#
Radio BW Used/Max Calls
----------------- ------- ----- ----------- ----SB_RAP1
0
11b/g
0/23437
0
1
11a
0/23437
0
SB_MAP1
0
11b/g
0/23437
0
1
11a
0/23437
0
SB_MAP2
0
11b/g
0/23437
0
1
11a
0/23437
0
SB_MAP3
0
11b/g
0/23437
0
1
11a
0/23437
0

The following example shows how to display the mesh topology and the voice bandwidth used or available:
(Cisco Controller) >show mesh cac bwused voice SB_MAP1
AP Name
Slot#
Radio
BW Used/Max
------------------- --------------SB_RAP1
0
11b/g
0/23437
1
11a
0/23437

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

SB_MAP1

SB_MAP2

||| SB_MAP3

0
1
0
1
0
1

11b/g
11a
11b/g
11a
11b/g
11a

0/23437
0/23437
0/23437
0/23437
0/23437
0/23437

The following example shows how to display the access voice calls in progress in a tree topology:
(Cisco Controller) >show mesh cac access 1524_Map1
AP Name
Slot#
Radio
Calls
------------------- --------1524_Rap
0
11b/g
0
1
11a
0
2
11a
0
|
1524_Map1
0
11b/g
0
1
11a
0
2
11a
0
|| 1524_Map2
0
11b/g
0
1
11a
0
2
11a
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show mdns ap summary

To display all the access points for which multicast Domain Name System (mDNS) forwarding is enabled,
use the show mnds ap summary command.
show mdns ap summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.5

This command was introduced.

The following is a sample output of the show mnds ap summary command:

(Cisco Controller) > show mdns ap summary
Number of mDNS APs............................. 2
AP Name
--------ap-3500
ap-3600

Ethernet MAC
---------------cc:ef:48:72:0d:d9
00:22:bd:df:04:68

Number of Vlans
----------------0
2

VlanIdentifiers
-----------------Not applicable
124,122

The following table describes the significant fields shown in the display.
Table 3: show mdns ap summary Field Descriptions

Field

Description

AP Name

Name of the mDNS access point (access point for

which mDNS forwarding is enabled).

Ethernet MAC

MAC address of the mDNS access point.

Number of VLANs

Number of VLANs from which the access point

snoops the mDNS advertisements from the wired
side. An access point can snoop on a maximum of 10
VLANs.

VLAN Identifiers

Identifiers of the VLANs the access point snoops on.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show mdns domain-name-ip summary

To display the summary of the multicast Domain Name System (mDNS) domain names, use the show mdns
domain-name-ip summary command.
show mdns domain-name-ip summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release

Modification

7.5

This command was introduced.

Usage Guidelines

Each service advertisement contains a record that maps the domain name of the service provider to the IP
address. The mapping also contains details such as the client MAC address, VLAN ID, Time to Live (TTL),
and IPv4 address.

Examples

The following is a sample output of the show mdns domain-name-ip summary command:
(Cisco Controller) > show mdns domain-name-ip summary
Number of Domain Name-IP Entries................. 1
DomainName

MAC Address

IP Address

Vlan Id Type

-------------

-----------

tixp77.local.

00:50:b6:4f:69:70

209.165. 202.128

TTL

Time left

(in seconds) (in seconds)

-------------------- -----999

mDNSAP 4725

906

The following table describes the significant fields shown in the display.
Table 4: show mdns domain-name-ip summary Field Descriptions

Field

Description

Domain Name

Domain name of the service provider.

MAC Address

MAC address of the service provider.

IP Address

IP address of the service provider.

VLAN ID

VLAN ID of the service provider.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

Field

Description

Type

Origin of service that can be one of the following:

Wired
Wireless
Wired guest
mDNS AP

TTL

TTL value, in seconds, that determines the validity

of the service offered by the service provider. The
service provider is removed from the Cisco Wireless
LAN Controller when the TTL expires.

Time Left

Time remaining, in seconds, before the service

provider is removed from the Cisco WLC.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show mdns profile

To display mDNS profile information, use the show mdns profile command.
show mdns profile {summary | detailed profile-name}

Syntax Description

Command Default

Command History

Examples

summary

Displays the summary of the mDNS profiles.

detailed

Displays details of an mDNS profile.

profile-name

Name of the mDNS profile.

None

Release

Modification

7.4

This command was introduced.

This example shows how to display a summary of all the mDNS profiles:
> show mdns profile summary
Number of Profiles............................... 2
ProfileName
-------------------------------default-mdns-profile
profile1

No. Of Services
--------------5
2

This example shows how to display the detailed information of an mDNS profile:
> show mdns profile detailed default-mdns-profile

Related Commands

Profile Name.....................................
Profile Id.......................................
No of Services...................................
Services.........................................

default-mdns-profile
1
5
AirPrint
AppleTV
HP_Photosmart_Printer_1
HP_Photosmart_Printer_2
Printer

No. Interfaces Attached..........................

No. Interface Groups Attached....................
No. Wlans Attached...............................
Wlan Ids.........................................

0
0
1
1

config mdns query interval

config mdns service

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

config mdns snooping

config interface mdns-profile
config interface group mdns-profile
config wlan mdns
config mdns profile
show mdns ap
config mdns ap
show mnds service
clear mdns service-database
debug mdns all
debug mdns error
debug mdns detail
debug mdns message

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show mdns service

To display multicast Domain Name System (mDNS) service information, use the show mnds service command.
show mdns service {summary | detailed service-name | not-learnt}

Syntax Description

summary

Displays the summary of all mDNS services.

detailed

Displays the details of an mDNS service.

service-name

Name of the mDNS service.

not-learnt

Displays the summary of all the service advertisements that were

received by the controller but were not discovered because the service
query status was disabled.
Service advertisements for all VLANs and origin types that are not
learned are displayed in the output. The top 500 services appear in the
summary list.

Command Default

Command History

Examples

None

Release

Modification

7.4

This command was introduced.

7.5

The not-learnt keyword was added.

The following is a sample output of the show mnds summary command:

Device > show mdns service summary
Number of Services............................... 5
Service-Name
-----------------------AirPrint
AppleTV
HP_Photosmart_Printer_1
HP_Photosmart_Printer_2
Printer

LSS Origin
-------------Yes Wireless
Yes Wireless
Yes Wireless
No
Wired
No
Wired

No SP Service-string
------------1
_ipp._tcp.local.
1
_airplay._tcp.local.
1
_universal._sub._ipp._tcp.local.
0
_cups._sub._ipp._tcp.local.
0
_printer._tcp.local.

The following is a sample output of the show mnds service detailed command:
Device > show mdns service detailed AirPrint
Service
Service
Service
Service
Service

Name.....................................
Id.......................................
query status.............................
LSS status...............................
learn origin.............................

AirPrint
1
Enabled
Disabled
Wired

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

Number of Profiles............................... 2
Profile.......................................... student-profile, guest-profile
Number of Service Providers ..................... 2
Service Provider MAC-Address
AP Radio MAC
VLAN ID
---------------- ---------------------------user1
60:33:4b:2b:a6:9a ----104
laptopa
00:21:1b:ea:36:60 3c:ce:73:1e:69:20 105

Type
---Wired
Wireless

TTL
Time left
---------------4500
4484
4500
4484

Number of priority MAC addresses ................ 1

Sl.No
----1

MAC Address
------------------44:03:a7:a3:04:45

AP group name
-------------AP_floor1

The following is a sample output of the show mnds service not-learntcommand:

Device > show mdns service not-learnt
Number of Services............................... 4
Origin
VLAN
Service-string

TTL

---------- ------ --------------------------Wireless

106
120
100.106.11.9.in-addr.arpa.
Wireless
106
120
102.106.11.9.in-addr.arpa.
Wireless
106
120
108.104.11.9.in-addr.arpa.
Wireless
106
120
_airplayit._tcp.local.

TTL left
(sec)
------

Client MAC

AP-MAC

(sec)
------------------

------------------

105

00:21:6a:76:88:04

04:da:d2:b3:11:00

112

00:21:6a:78:ff:82

04:da:d2:b3:11:00

75
119

00:21:6a:78:ff:82
00:21:6a:78:ff:82

04:da:d2:b3:11:00
04:da:d2:b3:11:00

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show mgmtuser
To display the local management user accounts on the Cisco wireless LAN controller, use the show mgmtuser
command.
show mgmtuser

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display a list of management users:

> show mgmtuser
User Name
----------------------admin

Related Commands

Permissions
-----------read-write

Description
--------------

Password Strength
-----------------Weak

config mgmtuser add

config mgmtuser delete
config mgmtuser description
config mgmtuser password

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

show Commands

show mobility group member

To display the details of the mobility group members in the same domain, use the show mobility group
member command.
show mobility group member hash

Syntax Description

hash

Command Default

None

Command History

Examples

Displays the hash keys of the mobility group members in the same domain.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the hash keys of the mobility group members:
(Cisco Controller) >show mobility group member hash
Default Mobility Domain.......................... new-mob
IP Address
Hash Key
--------------------------------------------------------9.2.115.68

a819d479dcfeb3e0974421b6e8335582263d9169

9.6.99.10

0974421b6e8335582263d9169a819d479dcfeb3e

9.7.7.7

feb3e0974421b6e8335582263d9169a819d479dc

Cisco Wireless LAN Controller Command Reference, Release 8.0

100

OL-31334-01

show Commands

show netuser
To display the configuration of a particular user in the local user database, use the show netuser command.
show netuser {detail user_name | guest-roles | summary}

Syntax Description

Command Default

Command History

Examples

detail

Displays detailed information about the specified network user.

user_name

Network user.

guest_roles

Displays configured roles for guest users.

summary

Displays a summary of all users in the local user database.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show netuser summary command:

(Cisco Controller) > show netuser summary
Maximum logins allowed for a given username ........Unlimited

The following is a sample output of the show netuser detail command:

(Cisco Controller) > show netuser detail john10
username........................................... abc
WLAN Id............................................. Any
Lifetime............................................ Permanent
Description......................................... test user

Related Commands

config netuser add

config netuser delete
config netuser description
config netuser guest-role apply
config netuser wlan-id
config netuser guest-roles

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

101

show Commands

show netuser guest-roles

To display a list of the current quality of service (QoS) roles and their bandwidth parameters, use the show
netuser guest-roles command.
show netuser guest-roles

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display a QoS role for the guest network user:
> show netuser guest-roles
Role Name.............................. Contractor
Average Data Rate.................. 10
Burst Data Rate.................... 10
Average Realtime Rate.............. 100
Burst Realtime Rate................ 100
Role Name.............................. Vendor
Average Data Rate.................. unconfigured
Burst Data Rate.................... unconfigured
Average Realtime Rate.............. unconfigured
Burst Realtime Rate................ unconfigured

Related Commands

config netuser add

config netuser delete
config netuser description
config netuser guest-role apply
config netuser wlan-id
show netuser guest-roles
show netuser

Cisco Wireless LAN Controller Command Reference, Release 8.0

102

OL-31334-01

show Commands

show network
To display the current status of 802.3 bridging for all WLANs, use the show network command.
show network

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display the network details:

> show network

Related Commands

config network
show network summary
show network multicast mgid detail
show network multicast mgid summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

103

show Commands

show network summary

To display the network configuration of the Cisco wireless LAN controller, use the show network summary
command.
show network summary

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display a summary configuration:

> show network summary
RF-Network Name.............................
Web Mode....................................
Secure Web Mode.............................
Secure Web Mode Cipher-Option High..........
Secure Web Mode Cipher-Option SSLv2.........
Secure Web Mode RC4 Cipher Preference.......
OCSP........................................
OCSP responder URL..........................
Secure Shell (ssh)..........................
Telnet......................................
Ethernet Multicast Mode.....................
Ethernet Broadcast Mode.....................
Ethernet Multicast Forwarding...............
Ethernet Broadcast Forwarding...............
AP Multicast/Broadcast Mode.................
IGMP snooping...............................
IGMP timeout................................
IGMP Query Interval.........................
MLD snooping................................
MLD timeout.................................
MLD query interval..........................
User Idle Timeout...........................
AP Join Priority............................
ARP Idle Timeout............................
ARP Unicast Mode............................
Cisco AP Default Master.....................
Mgmt Via Wireless Interface.................
Mgmt Via Dynamic Interface..................
Bridge MAC filter Config....................
Bridge Security Mode........................
Over The Air Provisioning of AP's...........
Apple Talk .................................
Mesh Full Sector DFS........................
AP Fallback ................................
Web Auth CMCC Support ......................
Web Auth Redirect Ports ....................
Web Auth Proxy Redirect ...................
Web Auth Captive-Bypass
..................
Web Auth Secure Web .......................
Fast SSID Change ...........................
AP Discovery - NAT IP Only .................
IP/MAC Addr Binding Check ..................
CCX-lite status ............................
oeap-600 dual-rlan-ports ...................
oeap-600 local-network .....................
mDNS snooping...............................
mDNS Query Interval.........................
Web Color Theme.............................

RF
Disable
Enable
Disable
Disable
Disable
Disabled
Enable
Enable
Disable
Mode: Ucast
Disable
Disable
Disable
Unicast
Disabled
60 seconds
20 seconds
Disabled
60 seconds
20 seconds
300 seconds
Disable
300 seconds
Disabled
Disable
Disable
Disable
Enable
EAP
Enable
Disable
Enable
Disable
Disabled
80
Disable
Disable
Enable
Disabled
Enabled
Enabled
Disable
Disable
Enable
Disabled
15 minutes
Red

Cisco Wireless LAN Controller Command Reference, Release 8.0

104

OL-31334-01

show Commands

Web Color Theme............................. Default

CAPWAP Prefer Mode.......................... IPv4

Related Commands

config network
show network multicast mgid summary
show network multicast mgid detail
show network

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

105

show Commands

show network multicast mgid detail

To display all the clients joined to the multicast group in a specific multicast group identification (MGID),
use the show network multicast mgid detail command.
show network multicast mgid detail mgid_value

Syntax Description

mgid_value

Number between 550 and 4095.

Command Default

None.

Examples

This example shows how to display details of the multicast database:

> show network multicast mgid detail
Mgid ............................... 550
Multicast Group Address ............ 239.255.255.250
Vlan ............................... 0
Rx Packet Count .................... 807399588
No of clients ...................... 1
Client List ........................
Client MAC
Expire TIme (mm:ss)
00:13:02:23:82:ad
0:20

Related Commands

show network summary

show network multicast mgid detail
show network

Cisco Wireless LAN Controller Command Reference, Release 8.0

106

OL-31334-01

show Commands

show network multicast mgid summary

To display all the multicast groups and their corresponding multicast group identifications (MGIDs), use the
show network multicast mgid summary command.
show network multicast mgid summary

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display a summary of multicast groups and their MGIDs:
> show network multicast mgid summary
Layer2 MGID Mapping:
------------------InterfaceName
vlanId
MGID
----------------------------- ------ ----management
0
0
test
0
9
wired
20
8
Layer3 MGID Mapping:
------------------Number of Layer3 MGIDs ................ 1
Group address
Vlan
MGID
------------------ ---------239.255.255.250
0
550

Related Commands

show network summary

show network multicast mgid detail
show network

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

107

show Commands

show nmsp notify-interval summary

To display the Network Mobility Services Protocol (NMSP) configuration settings, use the show nmsp
notify-interval summary command.
show nmsp notify-interval summary

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display NMSP configuration settings:

> show nmsp notify-interval summary
NMSP Notification Interval Summary
Client
Measurement interval:
2 sec
RFID
Measurement interval:
8 sec
Rogue AP
Measurement interval:
2 sec
Rogue Client
Measurement interval:
2 sec

Related Commands

clear locp statistics

clear nmsp statistics
config nmsp notify-interval measurement
show nmsp statistics
show nmsp status

Cisco Wireless LAN Controller Command Reference, Release 8.0

108

OL-31334-01

show Commands

show nmsp statistics

To display Network Mobility Services Protocol (NMSP) counters, use the show nmsp statistics command.
show nmsp statistics {summary | connection all}

Syntax Description

summary

Displays common NMSP counters.

connection all

Displays all connection-specific counters.

Command Default

None.

Examples

This example shows how to display a summary of common NMSP counters:

> show nmsp statistics summary
Send RSSI with no entry:
Send too big msg:
Failed SSL write:
Partial SSL write:
SSL write attempts to want write:
Transmit Q full:0
Max Measure Notify Msg:
Max Info Notify Msg:
Max Tx Q Size:
Max Rx Size:
Max Info Notify Q Size:
Max Client Info Notify Delay:
Max Rogue AP Info Notify Delay:
Max Rogue Client Info Notify Delay:
Max Client Measure Notify Delay:
Max Tag Measure Notify Delay:
Max Rogue AP Measure Notify Delay:
Max Rogue Client Measure Notify Delay:
Max Client Stats Notify Delay:
Max Tag Stats Notify Delay:
RFID Measurement Periodic :
RFID Measurement Immediate :
Reconnect Before Conn Timeout:

0
0
0
0
0
0
2
1
0
0
0
0
0
0
0
0
0
0
0
0
0

This example shows how to display all the connection-specific NMSP counters:
> show nmsp statistics connection all
NMSP Connection Counters
Connection 1 :
Connection status: UP
Freed Connection:
0
Nmsp Subscr Req:
0
NMSP Subscr Resp:
Info Req:
1
Info Resp:
Measure Req:
2
Measure Resp:
Stats Req:
2
Stats Resp:
Info Notify:
0
Measure Notify:
Loc Capability:
2
Location Req:
0
Location Rsp:
Loc Subscr Req:
0
Loc Subscr Rsp:
Loc Notif:
0
Loc Unsubscr Req:
0
Loc Unsubscr Rsp:
IDS Get Req:
0
IDS Get Resp:

0
1
2
2
0
0
0
0
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

109

show Commands

IDS Notif:
IDS Set Req:

Related Commands

0
0

IDS Set Resp:

show nmsp notify-interval summary

clear nmsp statistics
config nmsp notify-interval measurement
show nmsp status

Cisco Wireless LAN Controller Command Reference, Release 8.0

110

OL-31334-01

show Commands

show nmsp status

To display the status of active Network Mobility Services Protocol (NMSP) connections, use the show nmsp
status command.
show nmsp status

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display the status of the active NMSP connections:
> show nmsp status
LocServer IP
TxEchoResp RxEchoReq TxData RxData
-------------- ----------- --------- ------- ------171.71.132.158 21642
21642
51278
21253

Related Commands

show nmsp notify-interval summary

clear nmsp statistics
config nmsp notify-interval measurement
show nmsp status
clear locp statistics
show nmsp statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

111

show Commands

show nmsp subscription

To display the Network Mobility Services Protocol (NMSP) services that are active on the controller, use the
show nmsp subscription command.
show nmsp subscription {summary | detail ip-addr}

Syntax Description

Command Default

Command History

Examples

summary

Displays all of the NMSP services to which the controller is subscribed.

detail

Displays details for all of the NMSP services to which the controller is subscribed.

ip-addr

Details only for the NMSP services subscribed to by a specific IPv4 or IPv6
address.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports both IPv4 and IPv6 address formats.

This example shows how to display a summary of all the NMSP services to which the controller is subscribed:
> show nmsp subscription summary
Mobility Services Subscribed:
Server IP
Services
---------------10.10.10.31
RSSI, Info, Statistics

This example shows how to display details of all the NMSP services:
> show nmsp subscription detail 10.10.10.31
Mobility Services Subscribed by 10.10.10.31
Services
Sub-services
------------------RSSI
Mobile Station, Tags,
Info
Mobile Station,
Statistics
Mobile Station, Tags,
> show nmsp subscription detail 2001:9:6:40::623
Mobility Services Subscribed by 2001:9:6:40::623
Services
Sub-services
------------------RSSI
Mobile Station, Tags,
Info
Mobile Station,
Statistics
Mobile Station, Tags,

Cisco Wireless LAN Controller Command Reference, Release 8.0

112

OL-31334-01

show Commands

show ntp-keys
To display network time protocol authentication key details, use the show ntp-keys command.
show ntp-keys

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display NTP authentication key details:

> show ntp-keys
Ntp Authentication Key Details...................
Key Index
----------1
3

Related Commands

config time ntp

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

113

show Commands

show qos
To display quality of service (QoS) information, use the show qos command.
show qos {bronze | gold | platinum | silver}

Syntax Description

bronze

Displays QoS information for the bronze profile of the WLAN.

gold

Displays QoS information for the gold profile of the WLAN.

platinum

Displays QoS information for the platinum profile of the WLAN.

silver

Displays QoS information for the silver profile of the WLAN.

Command Default

None.

Examples

This example shows how to display QoS information for the silver profile:
> show qos
Description......................................
Maximum Priority.................................
Unicast Default Priority.........................
Multicast Default Priority.......................
Per-SSID Rate Limits.............................
Average Data Rate................................
Average Realtime Data Rate.......................
Burst Data Rate..................................
Burst Realtime Data Rate.........................
Per-Client Rate Limits...........................
Average Data Rate................................
Average Realtime Data Rate.......................
Burst Data Rate..................................
Burst Realtime Data Rate.........................
protocol.........................................

Related Commands

For Best Effort

besteffort
besteffort
besteffort
Upstream
Downstream
0
0
0
0
0
0
0
0
Upstream
Downstream
0
0
0
0
0
0
0
0
none

config qos protocol-type

Cisco Wireless LAN Controller Command Reference, Release 8.0

114

OL-31334-01

show Commands

show queue-info
To display all the message queue information pertaining to the system, use the show queue-info command.
show queue-info

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.5

This command was introduced.

The following is a sample output of the show queue-info command.

(Cisco Controller) > show queue-info
Total message queue count = 123
Queue Name
Allocated
InUse
MaxUsed
--------------------------------------------------------------PRINTF-Q
256
0
0
dtlqueue
4096
0
6
GRE Queue
100
0
1
dtlarpqueue
4096
0
6
NIM-Q
116
0
1
SIM-Q
116
0
6
DHCP Client Queue
8
0
0
dhcpv6ProxyMsgQueue
250
0
0
FDQ-Q
30300
0
3
dot1d_Queue
512
0
29
Garp-Q
256
0
1
dot3ad_queue
1024
0
0
DEBUG-Q
8192
0
8
LOGGER-Q
8192
0
5
TS-Q
256
0
0

The following table describes the significant fields shown in the display.
Table 5: show queue-info Field Descriptions

Field

Description

Queue Name

Name of the task message queue.

Allocated

Memory size, in bytes, of the message queue.

InUse

Queue that is currently used. A value of 0 indicates

that there are no messages that have to be processed
by the task.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

115

show Commands

Field

Description

MaxUsed

Maximum number of messages processed by the task

after the controller is up.

Cisco Wireless LAN Controller Command Reference, Release 8.0

116

OL-31334-01

show Commands

show reset
To display the scheduled system reset parameters, use the show reset command.
show reset

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display the scheduled system reset parameters:
> show reset
System reset is scheduled for Mar 27 01 :01 :01 2010
Current local time and date is Mar 24 02:57:44 2010
A trap will be generated 10 minutes before each scheduled system reset.
Use reset system cancel to cancel the reset.
Configuration will be saved before the system reset.

Related Commands

reset system at
reset system in
reset system cancel
reset system notify-time

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

117

show Commands

show route kernel

To display the kernel route cache information, use the show route kernel command.
show route kernel

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display the kernel route cache information:
> show route kernel
Iface Destination
dtl0
14010100
dtl0
28282800
dtl0
34010100
eth0
02020200
dtl0
33010100
dtl0
0A010100
dtl0
32010100
dtl0
0A000000
lo
7F000000
dtl0
00000000

Related Commands

Gateway
00000000
00000000
00000000
00000000
00000000
00000000
00000000
0202020A
00000000
0A010109

Flags
0001
0001
0001
0001
0001
0001
0001
0003
0001
0003

RefCnt
0
0
0
0
0
0
0
0
0
0

Use
0
0
0
0
0
0
0
0
0
0

Metric
Mask
0
FFFFFF00
0
FFFFFF00
0
FFFFFF00
0
FFFFFF00
0
FFFFFF00
0
FFFFFF00
0
FFFFFF00
0
FF000000
0
FF000000
0
00000000

MTU
0
0
0
0
0
0
0
0
0
0

Window
0
0
0
0
0
0
0
0
0
0

IRTT
0
0
0
0
0
0
0
0
0
0

clear ap
debug arp
show arp kernel
config route add
config route delete

Cisco Wireless LAN Controller Command Reference, Release 8.0

118

OL-31334-01

show Commands

show route summary

To display the routes assigned to the Cisco wireless LAN controller service port, use the show route summary
command.
show route summary

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display all the configured routes:

> show route summary
Number of Routes............................... 1
Destination Network
Genmask
Gateway
------------------------------------------------------xxx.xxx.xxx.xxx
255.255.255.0
xxx.xxx.xxx.xxx

Related Commands

config route

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

119

show Commands

show run-config
To display a comprehensive view of the current Cisco wireless LAN controller configuration, use the show
run-config command.
show run-config [no-ap | commands]

Syntax Description

Command Default

Command History

Usage Guidelines

no-ap

(Optional) Excludes access point configuration settings.

commands

(Optional) Displays a list of user-configured commands on the controller.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

These commands have replaced the show running-config command.

Some WLAN controllers may have no Crypto Accelerator (VPN termination module) or power supplies listed
because they have no provisions for VPN termination modules or power supplies.
The show run-config command shows only values configured by the user. It does not show system-configured
default values.

Examples

The following is a sample output of the show run-config command:

(Cisco Controller) > show run-config
Press Enter to continue...
System Inventory
Switch Description...............................
Machine Model....................................
Serial Number....................................
Burned-in MAC Address............................
Crypto Accelerator 1.............................
Crypto Accelerator 2.............................
Power Supply 1...................................
Power Supply 2...................................
Press Enter to continue Or <Ctl Z> to abort...

Cisco Controller
FLS0923003B
xx:xx:xx:xx:xx:xx
Absent
Absent
Absent
Present, OK

Cisco Wireless LAN Controller Command Reference, Release 8.0

120

OL-31334-01

show Commands

show run-config startup-commands

To display a comprehensive view of the current Cisco wireless LAN controller configuration, use the
showrun-configstartup-commands command.
show run-configstartup-commands

Syntax Description

Command Default

Command History

run-config

Displays the running configuration commands.

startup-commands

Display list of configured startup commands on Wireless LAN

Controller.

None

Release

Modification

8.0

Usage Guidelines

The configuration commands on the Wireless LAN controller are uploaded to the TFTP or NCS servers using
the transfer upload process. The show run-config startup-commands command enables the Wireless LAN
controller to generate running-configuration in CLI format. The configuration commands generated can be
used as backup configuration to restore the network.

Examples

The following is a sample output of the show run-config startup-commands command:

show run-config startup-commands
(Cisco Controller) >show run-config
startup-commands
(Cisco Controller) >show run-config startup-commands
This may take some time.
Are you sure you want to proceed? (y/N) y
config
config
config
config
config
config
config
config

location expiry tags 5

mdns profile service add default-mdns-profile
mdns profile service add default-mdns-profile
mdns profile service add default-mdns-profile
mdns profile service add default-mdns-profile
mdns profile service add default-mdns-profile
mdns profile service add default-mdns-profile
mdns profile create default-

AirPrint
AirTunes
AppleTV
HP_Photosmart_Printer_1
HP_Photosmart_Printer_2
Printer

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

121

show Commands

show sessions
To display the console port login timeout and maximum number of simultaneous command-line interface
(CLI) sessions, use the show sessions command.
show sessions

Syntax Description

This command has no arguments or keywords.

Command Default

5 minutes, 5 sessions.

Examples

This example shows how to display the CLI session configuration setting:
> show sessions
CLI Login Timeout (minutes)............ 0
Maximum Number of CLI Sessions......... 5

The response indicates that the CLI sessions never time out and that the Cisco wireless LAN controller can
host up to five simultaneous CLI sessions.

Related Commands

config sessions maxsessions

config sessions timeout

Cisco Wireless LAN Controller Command Reference, Release 8.0

122

OL-31334-01

show Commands

show snmpcommunity
To display Simple Network Management Protocol (SNMP) community entries, use the show snmpcommunity
command.
show snmpcommunity

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display SNMP community entries:

> show snmpcommunity
SNMP Community Name Client IP Address
------------------- ----------------public
0.0.0.0
**********
0.0.0.0

Related Commands

Client IP Mask
----------------0.0.0.0
0.0.0.0

Access Mode
----------Read Only
Read/Write

Status
-------Enable
Enable

config snmp community accessmode

config snmp community create
config snmp community delete
config snmp community ipaddr
config snmp community mode
config snmp syscontact

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

123

show Commands

show snmpengineID
To display the SNMP engine ID, use the show snmpengineID command.
show snmpengineID

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display the SNMP engine ID:

> show snmpengineID
SNMP EngineId... ffffffffffff

Related Commands

config snmp engineID

Cisco Wireless LAN Controller Command Reference, Release 8.0

124

OL-31334-01

show Commands

show snmptrap
To display Cisco wireless LAN controller Simple Network Management Protocol (SNMP) trap receivers and
their status, use the show snmptrap command.
show snmptrap

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display SNMP trap receivers and their status:
> show snmptrap
SNMP Trap Receiver Name
-----------------------xxx.xxx.xxx.xxx

Related Commands

IP Address
Status
----------------- -------xxx.xxx.xxx.xxx
Enable

config snmp trapreceiver create

config snmp trapreceiver delete

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

125

show Commands

show snmpv3user
To display Simple Network Management Protocol (SNMP) version 3 configuration, use the show snmpv3user
command.
show snmpv3user

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display SNMP version 3 configuration information:

> show snmpv3user
SNMP v3 username
AccessMode Authentication Encryption
-------------------- ----------- -------------- ---------default
Read/Write HMAC-SHA
CFB-AES

Related Commands

config snmp v3user create

config snmp v3user delete

Cisco Wireless LAN Controller Command Reference, Release 8.0

126

OL-31334-01

show Commands

show snmpversion
To display which versions of Simple Network Management Protocol (SNMP) are enabled or disabled on your
controller, use the show snmpversion command.
show snmpversion

Syntax Description

This command has no arguments or keywords.

Command Default

Enable.

Examples

This example shows how to display the SNMP v1/v2/v3 status:

> show snmpversion
SNMP v1 Mode.................................. Disable
SNMP v2c Mode.................................. Enable
SNMP v3 Mode.................................. Enable

Related Commands

config snmp version

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

127

show Commands

show switchconfig
To display parameters that apply to the Cisco wireless LAN controller, use the show switchconfig command.
show switchconfig

Syntax Description

This command has no arguments or keywords.

Command Default

Enabled.

Examples

This example shows how to display parameters that apply to the Cisco wireless LAN controller:
> show switchconfig
802.3x Flow Control Mode.........................
FIPS prerequisite features.......................
Boot Break.......................................
secret obfuscation...............................
Strong Password Check Features:
case-check ...........Disabled
consecutive-check ....Disabled
default-check .......Disabled
username-check ......Disabled

Related Commands

Disabled
Enabled
Enabled
Enabled

config switchconfig mode

config switchconfig secret-obfuscation
config switchconfig strong-pwd
config switchconfig flowcontrol
config switchconfig fips-prerequisite
show stats switch

Cisco Wireless LAN Controller Command Reference, Release 8.0

128

OL-31334-01

show Commands

show sysinfo
To display high-level Cisco wireless LAN controller information, use the show sysinfo command.
show sysinfo

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display wireless LAN controller information:

> show sysinfo
Manufacturer's Name..............................
Product Name.....................................
Product Version..................................
Build Information................................
Bootloader Version...............................
Field Recovery Image Version.....................
Firmware Version.................................
Build Type.......................................
System Name......................................
System Location..................................
System Contact...................................
System ObjectID..................................
IP Address.......................................
Last Reset.......................................
System Up Time...................................
System Timezone Location....................
Current Boot License Level.......................
Current Boot License Type........................
Next Boot License Level..........................
Next Boot License Type...........................
Configured Country...............................
Operating Environment............................
Internal Temp Alarm Limits.......................
Internal Temperature.............................
External Temperature.............................
Fan Status.......................................
State of 802.11b Network.........................
State of 802.11a Network.........................
Number of WLANs..................................
3rd Party Access Point Support...................
Number of Active Clients.........................
Burned-in MAC Address............................
Power Supply 1...................................
Power Supply 2...................................
Maximum number of APs supported..................

Related Commands

Cisco Systems Inc.

Cisco Controller
6.0.133.0
Tue Mar 31 11:44:12 PDT 2009
0.14.0
5.3.38.0-BL-9-16
FPGA 1.0, Env 0.8, USB console 1.27
DATA + WPS
5500
1.3.6.1.4.1.9.1.1
10.10.10.7
Software reset
1 days 15 hrs 17 mins 48 secs
wplus
Permanent
wplus
Permanent
US - United States
Commercial (0 to 40 C)
0 to 65 C
+45 C
+29 C
OK
Enabled
Disabled
18
Disabled
1
00:00:1B:EE:12:E0
Not Available
Not Available
250

config sysname

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

129

show Commands

show system iostat

To display CPU statistics, input or output statistics for devices, and partitions with extended statistics of the
system, use the show system iostat command.
show system iostat {detail | summary}

Syntax Description

Command Default

Command History

Examples

detail

Provides CPU statistics, input or output statistics for

devices, and partitions with extended statistics of the
system.

summary

Provides CPU statistics, input or output statistics for

devices, and partitions of the system.

None

Release

Modification

8.0

This command was introduced.

The following is a sample output of the show system iostat summary command:
(Cisco Controller) >show system iostat summary
Linux 2.6.21_mvlcge500-octeon-mips64_octeon_v2_be (localhost)
avg-cpu:

%user
1.13

Device:
cfa

%nice %system %iowait

0.00
0.27
0.08
tps
1.21

MB_read/s
0.02

%steal
0.00

MB_wrtn/s
0.00

10/11/13

%idle
98.52
MB_read
15

MB_wrtn
0

The following is a sample output of the show system iostat detail command:
(Cisco Controller) >show system iostat detail
Linux 2.6.21_mvlcge500-octeon-mips64_octeon_v2_be (localhost)
avg-cpu:
Device:
svctm
cfa
7.20

%user
0.87

%nice %system %iowait

0.00
0.21
0.06

%steal
0.00

10/11/13

%idle
98.86

rrqm/s

wrqm/s

r/s

w/s

rMB/s

8.42

0.15

0.84

0.09

0.01

wMB/s avgrq-sz avgqu-sz

await

%util
0.00

28.79

0.02

23.41

0.67

Cisco Wireless LAN Controller Command Reference, Release 8.0

130

OL-31334-01

show Commands

show system top

To display a list of the most CPU-intensive tasks on the system, use the show system top command.
show system top

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

8.0

This command was introduced.

The following is a sample output of the show system top command:

(Cisco Controller) >show system top
top - 06:16:32 up 2 min, 0 users, load average: 2.68, 1.05, 0.38
Tasks: 180 total,
1 running, 179 sleeping,
0 stopped,
0 zombie
Cpu0 : 0.0%us, 0.9%sy, 0.0%ni, 99.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu1 : 0.7%us, 0.3%sy, 0.0%ni, 98.7%id, 0.2%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu2 : 0.3%us, 0.2%sy, 0.0%ni, 97.9%id, 0.7%wa, 0.0%hi, 0.9%si, 0.0%st
Cpu3 : 8.6%us, 1.0%sy, 0.0%ni, 89.1%id, 0.8%wa, 0.0%hi, 0.6%si, 0.0%st
Cpu4 : 13.8%us, 6.9%sy, 0.0%ni, 77.0%id, 0.6%wa, 0.0%hi, 1.7%si, 0.0%st
Cpu5 : 32.9%us, 0.2%sy, 0.0%ni, 65.1%id, 0.7%wa, 0.0%hi, 1.1%si, 0.0%st
Cpu6 : 0.4%us, 0.2%sy, 0.0%ni, 98.5%id, 0.7%wa, 0.0%hi, 0.2%si, 0.0%st
Cpu7 : 15.6%us, 0.6%sy, 0.0%ni, 82.4%id, 0.7%wa, 0.0%hi, 0.7%si, 0.0%st
Cpu8 : 3.8%us, 0.4%sy, 0.0%ni, 95.2%id, 0.6%wa, 0.0%hi, 0.1%si, 0.0%st
Cpu9 : 0.7%us, 0.3%sy, 0.0%ni, 97.9%id, 0.2%wa, 0.0%hi, 0.8%si, 0.0%st
Mem:
1004116k total,
681232k used,
322884k free,
220k buffers
Swap:
0k total,
0k used,
0k free,
138696k cached
PID
1555
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

USER
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root

PR NI
15
0
18
0
RT
0
RT
0
-51
0
-51
0
-51
0
-51
0
-51
0
-51
0
-51
0
-51
0
RT
0
15 -10
RT
0
RT
0
-51
0
-51
0
-51
0
-51
0
-51
0
-51
0
-51
0
-51
0

VIRT RES
2556 1116
4420 752
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

SHR
816
628
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

S %CPU %MEM
R
7 0.1
S
0 0.1
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0
S
0 0.0

TIME+
0:00.07
0:09.11
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.02
0:00.00
0:00.00

COMMAND
top
init
migration/0
posix_cpu_timer
softirq-high/0
softirq-timer/0
softirq-net-tx/
softirq-net-rx/
softirq-block/0
softirq-tasklet
softirq-sched/0
softirq-rcu/0
watchdog/0
desched/0
migration/1
posix_cpu_timer
softirq-high/1
softirq-timer/1
softirq-net-tx/
softirq-net-rx/
softirq-block/1
softirq-tasklet
softirq-sched/1
softirq-rcu/1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

131

show Commands

24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root

RT
5
RT
RT
-51
-51
-51
-51
-51
-51
-51
-51
RT
5
RT
RT
-51
-51
-51
-51
-51
-51
-51
-51
RT
5
RT
RT
-51
-51
-51
-51
-51
-51
-51
-51
RT
5
RT
RT
-51
-51
-51
-51
-51
-51
-51
-51
RT
5
RT
RT
-51
-51
-51
-51
-51
-51
-51
-51
RT
5
RT
RT
-51
-51
-51
-51
-51
-51
-51
-51
RT

0
-10
0
0
0
0
0
0
0
0
0
0
0
-10
0
0
0
0
0
0
0
0
0
0
0
-10
0
0
0
0
0
0
0
0
0
0
0
-10
0
0
0
0
0
0
0
0
0
0
0
-10
0
0
0
0
0
0
0
0
0
0
0
-10
0
0
0
0
0
0
0
0
0
0
0

0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S

0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0

0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:01.19
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.72
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:02.20
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:01.43
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.20
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.84
0:00.00
0:00.00
0:00.00

watchdog/1
desched/1
migration/2
posix_cpu_timer
softirq-high/2
softirq-timer/2
softirq-net-tx/
softirq-net-rx/
softirq-block/2
softirq-tasklet
softirq-sched/2
softirq-rcu/2
watchdog/2
desched/2
migration/3
posix_cpu_timer
softirq-high/3
softirq-timer/3
softirq-net-tx/
softirq-net-rx/
softirq-block/3
softirq-tasklet
softirq-sched/3
softirq-rcu/3
watchdog/3
desched/3
migration/4
posix_cpu_timer
softirq-high/4
softirq-timer/4
softirq-net-tx/
softirq-net-rx/
softirq-block/4
softirq-tasklet
softirq-sched/4
softirq-rcu/4
watchdog/4
desched/4
migration/5
posix_cpu_timer
softirq-high/5
softirq-timer/5
softirq-net-tx/
softirq-net-rx/
softirq-block/5
softirq-tasklet
softirq-sched/5
softirq-rcu/5
watchdog/5
desched/5
migration/6
posix_cpu_timer
softirq-high/6
softirq-timer/6
softirq-net-tx/
softirq-net-rx/
softirq-block/6
softirq-tasklet
softirq-sched/6
softirq-rcu/6
watchdog/6
desched/6
migration/7
posix_cpu_timer
softirq-high/7
softirq-timer/7
softirq-net-tx/
softirq-net-rx/
softirq-block/7
softirq-tasklet
softirq-sched/7
softirq-rcu/7
watchdog/7

Cisco Wireless LAN Controller Command Reference, Release 8.0

132

OL-31334-01

show Commands

97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
165
166
167
168
169
170
171
172
173
174
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
799
857
868

5
RT
RT
-51
-51
-51
-51
-51
-51
-51
-51
RT
5
RT
RT
-51
-51
-51
-51
-51
-51
-51
-51
RT
5
-2
-2
-2
-2
-2
-2
-2
-2
-2
-2
15
15
20
10
10
10
10
10
15
10
20
10
21
15
16
10
10
10
10
10
10
10
10
10
10
16
16
16
16
16
16
16
20
20
20
25
10
10

-10
0
0
0
0
0
0
0
0
0
0
0
-10
0
0
0
0
0
0
0
0
0
0
0
-10
-20
-20
-20
-20
-20
-20
-20
-20
-20
-20
-5
-5
-5
-5
-5
-5
-5
-5
-5
-5
-5
-5
0
0
-5
-5
-5
-5
-5
-5
-5
-5
-5
-5
-5
-5
-5
-5
-5
-5
-5
-5
-5
-5
-5
0
-5
-5

0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S

0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.07
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:01.10
0:00.00
0:00.00
0:00.00
0:00.00
0:01.14
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.03
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
0:00.04
0:00.00

desched/7
migration/8
posix_cpu_timer
softirq-high/8
softirq-timer/8
softirq-net-tx/
softirq-net-rx/
softirq-block/8
softirq-tasklet
softirq-sched/8
softirq-rcu/8
watchdog/8
desched/8
migration/9
posix_cpu_timer
softirq-high/9
softirq-timer/9
softirq-net-tx/
softirq-net-rx/
softirq-block/9
softirq-tasklet
softirq-sched/9
softirq-rcu/9
watchdog/9
desched/9
events/0
events/1
events/2
events/3
events/4
events/5
events/6
events/7
events/8
events/9
khelper
kthread
kblockd/0
kblockd/1
kblockd/2
kblockd/3
kblockd/4
kblockd/5
kblockd/6
kblockd/7
kblockd/8
kblockd/9
pdflush
pdflush
kswapd0
flush_filesd/0
flush_filesd/1
flush_filesd/2
flush_filesd/3
flush_filesd/4
flush_filesd/5
flush_filesd/6
flush_filesd/7
flush_filesd/8
flush_filesd/9
aio/0
aio/1
aio/2
aio/3
aio/4
aio/5
aio/6
aio/7
aio/8
aio/9
mtdblockd
kjournald
kjournald

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

133

show Commands

907
920
991
1014
1076
1079
1238
1245
1254
1554

root
root
root
root
root
root
root
root
root
root

15
0
0
0
0 S
18
0 4420 804 628 D
23
0
0
0
0 S
15
0 4560 992 748 S
19
0 4484 880 748 S
20
0 896m 480m 20m S
16 -5
0
0
0 S
0 -20
0
0
0 S
25
0 25880 3308 2556 S
16
0 4420 836 708 S

0 0.0
0 0.1
0 0.0
0 0.1
0 0.1
0 49.0
0 0.0
0 0.0
0 0.3
0 0.1

0:00.00
0:00.00
0:00.00
0:00.00
0:00.00
1:42.23
0:00.00
0:00.00
0:00.62
0:00.00

Octeon Poll Thr

insmod
HATHREAD
sshd
gettyOrMwar
switchdrvr
kjournald
loop3
licensed
sh

Cisco Wireless LAN Controller Command Reference, Release 8.0

134

OL-31334-01

show Commands

show tech-support
To display Cisco wireless LAN controller variables frequently requested by Cisco Technical Assistance Center
(TAC), use the show tech-support command.
show tech-support

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display system resource information:

> show tech-support
Current CPU Load.................................
System Buffers
Max Free Buffers..............................
Free Buffers..................................
Buffers In Use................................
Web Server Resources
Descriptors Allocated.........................
Descriptors Used..............................
Segments Allocated............................
Segments Used.................................
System Resources
Uptime........................................
Total Ram.....................................
Free Ram......................................
Shared Ram....................................
Buffer Ram....................................

0%
4608
4604
4
152
3
152
3
747040 Secs
127552 Kbytes
19540 Kbytes
0 Kbytes
460 Kbytes

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

135

show Commands

show time
To display the Cisco wireless LAN controller time and date, use the show time command.
show time

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display the controller time and date when authentication is not enabled:
> show time
Time............................................. Wed Apr 13 09:29:15 2011
Timezone delta................................... 0:0
Timezone location........................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata
NTP Servers
NTP Polling Interval.........................
3600
Index
NTP Key Index
NTP Server
NTP Msg Auth Status
------- --------------------------------------------------------------1
0
9.2.60.60
AUTH DISABLED

This example shows successful authentication of NTP Message results in the AUTH Success:
> show time
Time............................................. Thu Apr 7 13:56:37 2011
Timezone delta................................... 0:0
Timezone location........................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata
NTP Servers
NTP Polling Interval.........................
3600
Index
NTP Key Index
NTP Server
NTP Msg Auth Status
------- --------------------------------------------------------------1
1
9.2.60.60
AUTH SUCCESS

This example shows that if the packet received has errors, then the NTP Msg Auth status will show AUTH
Failure:
> show time
Time............................................. Thu Apr 7 13:56:37 2011
Timezone delta................................... 0:0
Timezone location........................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata
NTP Servers
NTP Polling Interval.........................
3600
Index
NTP Key Index
NTP Server
NTP Msg Auth Status
------- --------------------------------------------------------------1
10
9.2.60.60
AUTH FAILURE

This example shows that if there is no response from NTP server for the packets, the NTP Msg Auth status
will be blank:
> show time
Time............................................. Thu Apr 7 13:56:37 2011
Timezone delta................................... 0:0
Timezone location................................ (GMT +5:30) Colombo, New Delhi, Chennai,
Kolkata
NTP Servers
NTP Polling Interval.........................
3600
Index
NTP Key Index
NTP Server
NTP Msg Auth Status

Cisco Wireless LAN Controller Command Reference, Release 8.0

136

OL-31334-01

show Commands

------1

Related Commands

--------------------------------------------------------------11
9.2.60.60

config time manual

config time ntp
config time timezone
config time timezone location

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

137

show Commands

show trapflags
To display the Cisco wireless LAN controller Simple Network Management Protocol (SNMP) trap flags, use
the show trapflags command.
show trapflags

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display controller SNMP trap flags:

> show trapflags
Authentication Flag............................ Enable
Link Up/Down Flag.............................. Enable
Multiple Users Flag............................ Enable
Spanning Tree Flag............................. Enable
Client Related Traps
802.11 Disassociation......................... Disable
802.11 Association.............................Disabled
802.11 Deauthenticate......................... Disable
802.11 Authenticate Failure................... Disable
802.11 Association Failure.................... Disable
Authentication.................................Disabled
Excluded...................................... Disable
Max Client Warning Threshold.................. 90%
Nac-Alert Traps................................. Disabled
RFID Related Traps
Max RFIDs Warning Threshold..................... 90%
802.11 Security related traps
WEP Decrypt Error............................. Enable
IDS Signature Attack............................ Disable
Cisco AP
Register...................................... Enable
InterfaceUp................................... Enable
Auto-RF Profiles
Load.......................................... Enable
Noise......................................... Enable
Interference.................................. Enable
Coverage...................................... Enable
Auto-RF Thresholds
tx-power...................................... Enable
channel....................................... Enable
antenna....................................... Enable
AAA
auth.......................................... Enable
servers....................................... Enable
rogueap........................................ Enable
adjchannel-rogueap............................... Disabled
wps............................................ Enable
configsave..................................... Enable
IP Security
esp-auth...................................... Enable
esp-replay.................................... Enable
invalidSPI.................................... Enable
ike-neg....................................... Enable
suite-neg..................................... Enable
invalid-cookie................................ Enable
Mesh

Cisco Wireless LAN Controller Command Reference, Release 8.0

138

OL-31334-01

show Commands

auth failure....................................
child excluded parent...........................
parent change...................................
child moved.....................................
excessive parent change.........................
onset SNR.......................................
abate SNR.......................................
console login...................................
excessive association...........................
default bridge group name.......................
excessive hop count.............................
excessive children..............................
sec backhaul change.............................

Related Commands

Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Disabled
Enabled
Disabled

config trapflags 802.11-Security

config trapflags aaa
config trapflags ap
config trapflags authentication
config trapflags client
config trapflags configsave
config trapflags IPsec
config trapflags linkmode

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

139

show Commands

show traplog
To display the Cisco wireless LAN controller Simple Network Management Protocol (SNMP) trap log, use
the show traplog command.
show traplog

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show traplog command:

(Cisco Controller) > show traplog
Number of Traps Since Last Reset........... 2447
Number of Traps Since Log Last Displayed... 2447
Log System Time
Trap
--- ------------------------ ------------------------------------------------0 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:52:62:fe detected on Base Rad
io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11
b/g) with RSSI: -78 and SNR: 10
1 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:52:19:d8 detected on Base Rad
io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11
b/g) with RSSI: -72 and SNR: 16
2 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:26:a1:8d detected on Base Rad
io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11
b/g) with RSSI: -82 and SNR: 6
3 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:14:b3:4f detected on Base Rad
io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11
b/g) with RSSI: -56 and SNR: 30
Would you like to display more entries? (y/n)

Cisco Wireless LAN Controller Command Reference, Release 8.0

140

OL-31334-01

show Commands

show queue-info
To display all the message queue information pertaining to the system, use the show queue-info command.
show queue-info

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.5

This command was introduced.

The following is a sample output of the show queue-info command.

The following table describes the significant fields shown in the display.
Table 6: show queue-info Field Descriptions

Field

Description

Queue Name

Name of the task message queue.

Allocated

Memory size, in bytes, of the message queue.

InUse

Queue that is currently used. A value of 0 indicates

that there are no messages that have to be processed
by the task.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

141

show Commands

Field

Description

MaxUsed

Maximum number of messages processed by the task

after the controller is up.

Cisco Wireless LAN Controller Command Reference, Release 8.0

142

OL-31334-01

show Commands

show rfid client

To display the radio frequency identification (RFID) tags that are associated to the controller as clients, use
the show rfid client command.
show rfid client

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Usage Guidelines

When the RFID tag is not in client mode, the above fields are blank.

Examples

This example shows how to display the RFID tag that is associated to the controller as clients:
> show rfid client
-----------------RFID Mac
-----------------00:14:7e:00:0b:b1

Related Commands

-------- --------- ----------------- ------ ---------------Heard

VENDOR
Sec Ago
Associated AP
Chnl
Client State
-------- --------- ----------------- ------ ---------------Pango
35
AP0019.e75c.fef4
1
Probing

config rfid status

config rfid timeout
show rfid config
show rfid detail
show rfid summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

143

show Commands

show rfid config

To display the current radio frequency identification (RFID) configuration settings, use the show rfid config
command.
show rfid config

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display the current RFID configuration settings:
> show rfid config
RFID Tag Data Collection ...............................
RFID Tag Auto-Timeout ..................................
RFID Client Data Collection ............................
RFID Data Timeout ......................................

Related Commands

Enabled
Enabled
Disabled
200 seconds

config rfid status

config rfid timeout
show rfid client
show rfid detail
show rfid summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

144

OL-31334-01

show Commands

show rfid detail

To display detailed radio frequency identification (RFID) information for a specified tag, use the show rfid
detail command.
show rfid detail mac_address

Syntax Description

mac_address

MAC address of an RFID tag.

Command Default

None.

Examples

This example shows how to display detailed RFID information:

> show rfid detail 00:12:b8:00:20:52
RFID address..................................... 00:12:b8:00:20:52
Vendor........................................... G2
Last Heard....................................... 51 seconds ago
Packets Received................................. 2
Bytes Received................................... 324
Cisco Type.......................................
Content Header
=================
Version.......................................... 0
Tx Power......................................... 12 dBm
Channel.......................................... 1
Reg Class........................................ 12
Burst Length..................................... 1
CCX Payload
===========
Last Sequence Control............................ 0
Payload length................................... 127
Last Sequence Control............................ 0
Payload length................................... 127
Payload Data Hex Dump
01 09 00 00 00 00 0b 85 52 52 52 02 07 4b ff ff
7f ff ff ff 03 14 00 12 7b 10 48 53 c1 f7 51 4b
50 ba 5b 97 27 80 00 67 00 01 03 05 01 42 34 00
00 03 05 02 42 5c 00 00 03 05 03 42 82 00 00 03
05 04 42 96 00 00 03 05 05 00 00 00 55 03 05 06
42 be 00 00 03 02 07 05 03 12 08 10 00 01 02 03
04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 03 0d 09 03
08 05 07 a8 02 00 10 00 23 b2 4e 03 02 0a 03
Nearby AP Statistics:
lap1242-2(slot 0, chan 1) 50 seconds ag.... -76 dBm
lap1242(slot 0, chan 1) 50 seconds ago..... -65 dBm

Related Commands

config rfid status

config rfid timeout
show rfid config
show rfid client
show rfid summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

145

config Commands

show rfid summary

To display a summary of the radio frequency identification (RFID) information for a specified tag, use the
show rfid summary command.
show rfid summary

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display a summary of RFID information:

> show rfid summary
Total Number of RFID
: 5
----------------- -------RFID ID
VENDOR
----------------- -------00:04:f1:00:00:04 Wherenet
00:0c:cc:5c:06:d3 Aerosct
00:0c:cc:5c:08:45 Aerosct
00:0c:cc:5c:08:4b Aerosct
00:0c:cc:5c:08:52 Aerosct

Related Commands

------------------ ------ --------------------Closest AP

RSSI Time Since Last Heard
------------------ ------ --------------------ap:1120
-51
858 seconds ago
ap:1120
-51
68 seconds ago
AP_1130
-54
477 seconds ago
wolverine
-54
332 seconds ago
ap:1120
-51
699 seconds ago

config rfid status

config rfid timeout
show rfid client
show rfid detail
show rfid config

config Commands
This section lists the config commands that you can use to configure the controller settings, and manage user
accounts.

Cisco Wireless LAN Controller Command Reference, Release 8.0

146

OL-31334-01

config Commands

config 802.11h channelswitch

To configure an 802.11h channel switch announcement, use the config 802.11h channelswitch command.
config 802.11h channelswitch {enable {loud | quiet} | disable}

Syntax Description

Command Default

Command History

enable

Enables the 802.11h channel switch announcement.

loud

Enables the 802.11h channel switch announcement in the loud

mode. The 802.11h-enabled clients can send packets while
switching channel.

quiet

Enables 802.11h-enabled clients to stop transmitting packets

immediately because the AP has detected radar and client devices
should also quit transmitting to reduce interference.

disable

Disables the 802.11h channel switch announcement.

None

Release
7.6

Modification
This command was introduced in a release earlier than Release 7.6.
The loud and quiet parameters were introduced in Release 7.6.

Examples

The following example shows how to disable an 802.11h switch announcement:

(Cisco Controller) > config 802.11h channelswitch disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

147

config Commands

config 802.11h powerconstraint

To configure the 802.11h power constraint value, use the config 802.11h powerconstraint command.
config 802.11h powerconstraint value

Syntax Description

Command Default

Command History

Examples

value

802.11h power constraint value.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the 802.11h power constraint to 5:
(Cisco Controller) > config 802.11h powerconstraint 5

Related Commands

show 802.11h

Cisco Wireless LAN Controller Command Reference, Release 8.0

148

OL-31334-01

config Commands

config 802.11h setchannel

To configure a new channel using 802.11h channel announcement, use the config 802.11h setchannel
command.
config 802.11h setchannel cisco_ap

Syntax Description

Command Default

Command History

Examples

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure a new channel using the 802.11h channel:
(Cisco Controller) > config 802.11h setchannel ap02

Related Commands

show 802.11h

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

149

config Commands

config 802.11 11nsupport

To enable 802.11n support on the network, use the config 802.11 11nsupport command.
config 802.11{a | b} 11nsupport {enable | disable}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network settings.

Specifies the 802.11b/g network settings.

enable

Enables the 802.11n support.

disable

Disables the 802.11n support.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the 802.11n support on an 802.11a network:
(Cisco Controller) > config 802.11a 11nsupport enable

Related Commands

config 802.11 11nsupport mcs tx

config 802.11 11nsupport a-mpdu tx priority
config 802.11a disable network
config 802.11a disable
config 802.11a channel ap
config 802.11a txpower ap
config 802.11a chan_width

Cisco Wireless LAN Controller Command Reference, Release 8.0

150

OL-31334-01

config Commands

config 802.11 11nsupport a-mpdu tx priority

To specify the aggregation method used for 802.11n packets, use the config 802.11 11nsupport a-mpdu tx
priority command.
config 802.11{a | b} 11nsupport a-mpdu tx priority {0-7 | all} {enable | disable}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

0-7

Specifies the aggregated MAC protocol data unit priority level between 0 through
7.

all

Configures all of the priority levels at once.

enable

Specifies the traffic associated with the priority level uses A-MPDU transmission.

disable

Specifies the traffic associated with the priority level uses A-MSDU transmission.

Command Default

By default, Priority 0 is enabled.

Usage Guidelines

Aggregation is the process of grouping packet data frames together rather than transmitting them separately.
Two aggregation methods are available: Aggregated MAC Protocol Data Unit (A-MPDU) and Aggregated
MAC Service Data Unit (A-MSDU). A-MPDU is performed in the software whereas A-MSDU is performed
in the hardware.
Aggregated MAC Protocol Data Unit priority levels assigned per traffic type are as follows:
1Background
2Spare
0Best effort
3Excellent effort
4Controlled load
5Video, less than 100-ms latency and jitter
6Voice, less than 10-ms latency and jitter
7Network control
allConfigure all of the priority levels at once.

Note

Configure the priority levels to match the aggregation method used by the clients.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

151

config Commands

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure all the priority levels at once so that the traffic associated
with the priority level uses A-MSDU transmission:
(Cisco Controller) > config 802.11a 11nsupport a-mpdu tx priority all enable

Related Commands

config 802.11 11nsupport mcs tx

config 802.11a disable network
config 802.11a disable
config 802.11a channel ap
config 802.11a txpower ap

Cisco Wireless LAN Controller Command Reference, Release 8.0

152

OL-31334-01

config Commands

config 802.11 11nsupport a-mpdu tx scheduler

To configure the 802.11n-5 GHz A-MPDU transmit aggregation scheduler, use the config 802.11 11nsupport
a-mpdu tx scheduler command.
config 802.11{a | b} 11nsupport a-mpdu tx scheduler {enable | disable | timeout rt timeout-value}

Syntax Description

enable

Enables the 802.11n-5 GHz A-MPDU transmit aggregation scheduler.

disable

Disables the 802.11n-5 GHz A-MPDU transmit aggregation scheduler.

timeout rt

Configures the A-MPDU transmit aggregation scheduler realtime traffic timeout.

timeout-value

Timeout value in milliseconds. The valid range is between 1 millisecond to 1000

milliseconds.

Command Default

None

Usage Guidelines

Ensure that the 802.11 network is disabled before you enter this command.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the A-MPDU transmit aggregation scheduler realtime traffic
timeout of 100 milliseconds:
(Cisco Controller) > config 802.11 11nsupport a-mpdu tx scheduler timeout rt 100

Related Commands

config 802.11 11nsupport mcs tx

config 802.11a disable network
config 802.11a channel ap
config 802.11a txpower ap
config 802.11a chan_width

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

153

config Commands

config 802.11 11nsupport antenna

To configure an access point to use a specific antenna, use the config 802.11 11nsupport antenna command.
config 802.11{a | b} 11nsupport antenna cisco_ap {A | B | C | D} {enable | disable}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a/n network.

Specifies the 802.11b/g/n network.

cisco_ap

Access point.

A/B/C/D

Specifies an antenna port.

enable

Enables the configuration.

disable

Disables the configuration.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure transmission to a single antenna for legacy orthogonal
frequency-division multiplexing:
(Cisco Controller) > config 802.11 11nsupport antenna AP1 C enable

Related Commands

config 802.11 11nsupport mcs tx

config 802.11a disable network
config 802.11a disable
config 802.11a channel ap
config 802.11a txpower ap
config 802.11a chan_width

Cisco Wireless LAN Controller Command Reference, Release 8.0

154

OL-31334-01

config Commands

config 802.11 11nsupport guard-interval

To configure the guard interval, use the config 802.11 11nsupport guard-interval command.
config 802.11 {a | b} 11nsupport guard-interval {any | long}

Syntax Description

Command Default

Command History

Examples

any

Enables either a short or a long guard interval.

long

Enables only a long guard interval.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure a long guard interval:

(Cisco Controller) > config 802.11 11nsupport guard-interval long

Related Commands

config 802.11 11nsupport mcs tx

config 802.11a disable network
config 802.11a channel ap
config 802.11a txpower ap
config 802.11a chan_width

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

155

config Commands

config 802.11 11nsupport mcs tx

To specify the modulation and coding scheme (MCS) rates at which data can be transmitted between the
access point and the client, use the config 802.11 11nsupport mcs tx command.
config 802.11{a | b} 11nsupport mcs tx {0-15} {enable | disable}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

11nsupport

Specifies support for 802.11n devices.

mcs tx

Specifies the modulation and coding scheme data rates as follows:

0 (7 Mbps)
1 (14 Mbps)
2 (21 Mbps)
3 (29 Mbps)
4 (43 Mbps)
5 (58 Mbps)
6 (65 Mbps)
7 (72 Mbps)
8 (14 Mbps)
9 (29 Mbps)
10 (43 Mbps)
11 (58 Mbps)
12 (87 Mbps)
13 (116 Mbps)
14 (130 Mbps)
15 (144 Mbps)

Command Default

enable

Enables this configuration.

disable

Disables this configuration.

None

Cisco Wireless LAN Controller Command Reference, Release 8.0

156

OL-31334-01

config Commands

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to specify MCS rates:

(Cisco Controller) > config 802.11a 11nsupport mcs tx 5 enable

Related Commands

config 802.11 11nsupport

config wlan wmm required
config 802.11 11nsupport a-mpdu tx priority
config 802.11a disable network
config 802.11a disable
config 802.11a channel ap
config 802.11a txpower ap
config 802.11a chan_width

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

157

config Commands

config 802.11 11nsupport rifs

To configure the Reduced Interframe Space (RIFS) between data frames and its acknowledgment, use the
config 802.11 11nsupport rifs command.
config 802.11{a | b} 11nsupport rifs {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables RIFS for the 802.11 network.

disable

Disables RIFS for the 802.11 network.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This example shows how to enable RIFS:

(Cisco Controller) > config 802.11a 11nsupport rifs enable

Related Commands

config 802.11 11nsupport mcs tx

config 802.11a disable network
config 802.11a disable
config 802.11a channel ap
config 802.11a txpower ap
config 802.11a chan_width

Cisco Wireless LAN Controller Command Reference, Release 8.0

158

OL-31334-01

config Commands

config 802.11 beacon period

To change the beacon period globally for an 802.11a, 802.11b, or other supported 802.11 network, use the
config 802.11 beacon period command.
config 802.11{a | b} beacon period time_units

Note

Syntax Description

Disable the 802.11 network before using this command. See the Usage Guidelines section.

Specifies the 802.11a network.

Specifies the 802.11b/g network.

time_units

Beacon interval in time units (TU). One TU is 1024 microseconds.

Command Default

None

Usage Guidelines

In Cisco wireless LAN solution 802.11 networks, all Cisco lightweight access point wireless LANs broadcast
a beacon at regular intervals. This beacon notifies clients that the 802.11a service is available and allows the
clients to synchronize with the lightweight access point.
Before you change the beacon period, make sure that you have disabled the 802.11 network by using the
config 802.11 disable command. After changing the beacon period, enable the 802.11 network by using the
config 802.11 enable command.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This example shows how to configure an 802.11a network for a beacon period of 120 time units:
(Cisco Controller) > config 802.11 beacon period 120

Related Commands

show 802.11a
config 802.11b beaconperiod
config 802.11a disable
config 802.11a enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

159

config Commands

config 802.11 cac defaults

To configure the default Call Admission Control (CAC) parameters for the 802.11a and 802.11b/g network,
use the config 802.11 cac defaults command.
config 802.11 {a | b} cac defaults

Syntax Description

Usage Guidelines

Specifies the 802.11a network.

Specifies the 802.11b/g network.

CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are
planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS)
level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable command.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This example shows how to configure the default CAC parameters for the 802.11a network:
(Cisco Controller) > config 802.11 cac defaults

Related Commands

show cac voice stats

show cac voice summary
show cac video stats
show cac video summary
config 802.11 cac video tspec-inactivity-timeout

Cisco Wireless LAN Controller Command Reference, Release 8.0

160

OL-31334-01

config Commands

config 802.11 cac video max-bandwidth

config 802.11 cac video acm
config 802.11 cac video sip
config 802.11 cac video roam-bandwidth
config 802.11 cac load-based
config 802.11 cac media-stream
config 802.11 cac multimedia
config 802.11 cac video cac-method
debug cac

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

161

config Commands

config 802.11 cac video acm

To enable or disable video Call Admission Control (CAC) for the 802.11a or 802.11b/g network, use the
config 802.11 cac video acm command.
config 802.11{a | b} cac video acm {enable | disable}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables video CAC settings.

disable

Disables video CAC settings.

Command Default

The default video CAC settings for the 802.11a or 802.11b/g network is disabled.

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable, or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the video CAC for the 802.11a network:
(Cisco Controller) > config 802.11 cac video acm enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

162

OL-31334-01

config Commands

The following example shows how to disable the video CAC for the 802.11b network:
(Cisco Controller) > config 802.11 cac video acm disable

Related Commands

config 802.11 cac video max-bandwidth

config 802.11 cac video roam-bandwidth
config 802.11 cac video tspec-inactivity-timeout

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

163

config Commands

config 802.11 cac video cac-method

To configure the Call Admission Control (CAC) method for video applications on the 802.11a or 802.11b/g
network, use the config 802.11 cac video cac-method command.
config 802.11 {a | b} cac video cac-method {static | load-based}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

static

Enables the static CAC method for video applications on the 802.11a
or 802.11b/g network.
Static or bandwidth-based CAC enables the client to specify how much
bandwidth or shared medium time is required to accept a new video
request and in turn enables the access point to determine whether it is
capable of accommodating the request.

load-based

Enables the load-based CAC method for video applications on the

802.11a or 802.11b/g network.
Load-based or dynamic CAC incorporates a measurement scheme that
takes into account the bandwidth consumed by all traffic types from
itself, from co-channel access points, and by collocated channel
interference. Load-based CAC also covers the additional bandwidth
consumption results from PHY and channel impairment. The access
point admits a new call only if the channel has enough unused
bandwidth to support that call.
Load-based CAC is not supported if SIP-CAC is enabled.

Command Default

Static.

Usage Guidelines

Cisco Wireless LAN Controller Command Reference, Release 8.0

164

OL-31334-01

config Commands

For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Video CAC consists of two parts: Unicast Video-CAC and MC2UC CAC. If you need only Unicast Video-CAC,
you must configure only static mode. If you need only MC2UC CAC, you must configure Static or Load-based
CAC. Load-based CAC is not supported if SIP-CAC is enabled.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This example shows how to enable the static CAC method for video applications on the 802.11a network:
(Cisco Controller) > config 802.11 cac video cac-method static

Related Commands

show cac voice stats

show cac voice summary
show cac video stats
show cac video summary
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video sip
config 802.11 cac video roam-bandwidth
config 802.11 cac load-based
config 802.11 cac defaults
config 802.11 cac media-stream
config 802.11 cac multimedia
debug cac

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

165

config Commands

config 802.11 cac video load-based

To enable or disable load-based Call Admission Control (CAC) for video applications on the 802.11a or
802.11b/g network, use the config 802.11 cac video load-based command.
config 802.11 {a | b} cac video load-based {enable | disable}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables load-based CAC for video applications on the 802.11a or

802.11b/g network.
Load-based or dynamic CAC incorporates a measurement scheme that
takes into account the bandwidth consumed by all traffic types from
itself, from co-channel access points, and by collocated channel
interference. Load-based CAC also covers the additional bandwidth
consumption results from PHY and channel impairment. The access
point admits a new call only if the channel has enough unused
bandwidth to support that call.

disable

Disables load-based CAC method for video applications on the 802.11a

or 802.11b/g network.

Command Default

Disabled.

Usage Guidelines

Cisco Wireless LAN Controller Command Reference, Release 8.0

166

OL-31334-01

config Commands

Note

Command History

Examples

Load-based CAC is not supported if SIP-CAC is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This example shows how to enable load-based CAC method for video applications on the 802.11a network:
(Cisco Controller) > config 802.11 cac video load-based enable

Related Commands

show cac voice stats

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

167

config Commands

config 802.11 cac video max-bandwidth

To set the percentage of the maximum bandwidth allocated to clients for video applications on the 802.11a
or 802.11b/g network, use the config 802.11 cac video max-bandwidth command.
config 802.11{a | b} cac video max-bandwidth bandwidth

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

bandwidth

Bandwidth percentage value from 5 to 85%.

Command Default

The default maximum bandwidth allocated to clients for video applications on the 802.11a or 802.11b/g
network is 0%.

Usage Guidelines

The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. Once the client
reaches the value specified, the access point rejects new calls on this network.

Note

If this parameter is set to zero (0), the controller assumes that you do not want to allocate any bandwidth
and allows all bandwidth requests.
Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured
for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable, or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

168

OL-31334-01

config Commands

Examples

The following example shows how to specify the percentage of the maximum allocated bandwidth for video
applications on the selected radio band:
(Cisco Controller) > config 802.11 cac video max-bandwidth 50

Related Commands

config 802.11 cac video acm

config 802.11 cac video roam-bandwidth
config 802.11 cac voice stream-size
config 802.11 cac voice roam-bandwidth

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

169

config Commands

config 802.11 cac media-stream

To configure media stream Call Admission Control (CAC) voice and video quality parameters for 802.11a
and 802.11b networks, use the config 802.11 cac media-stream command.
config 802.11 {a | b} cac media-stream multicast-direct {max-retry-percent retry-percentage |
min-client-rate dot11-rate}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

multicast-direct

Configures CAC parameters for multicast-direct media streams.

max-retry-percent

Configures the percentage of maximum retries that are allowed

for multicast-direct media streams.

retry-percentage

Percentage of maximum retries that are allowed for

multicast-direct media streams.

min-client-rate

Configures the minimum transmission data rate to the client

for multicast-direct media streams.

dot11-rate

Minimum transmission data rate to the client for multicast-direct

media streams. Rate in kbps at which the client can operate.
If the transmission data rate is below this rate, either the video
will not start or the client may be classified as a bad client. The
bad client video can be demoted for better effort QoS or subject
to denial. The available data rates are 6000, 9000, 12000,
18000, 24000, 36000, 48000, 54000, and 11n rates.

Command Default

The default value for the maximum retry percent is 80. If it exceeds 80, either the video will not start or the
client might be classified as a bad client. The bad client video will be demoted for better effort QoS or is
subject to denial.

Usage Guidelines

CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are
planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS)
level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.

Cisco Wireless LAN Controller Command Reference, Release 8.0

170

OL-31334-01

config Commands

Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable command.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the maximum retry percent for multicast-direct media streams
as 90 on a 802.11a network:
(Cisco Controller) > config 802.11 cac media-stream multicast-direct max-retry-percent 90

Related Commands

show cac voice stats

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

171

config Commands

config 802.11 cac multimedia

To configure the CAC media voice and video quality parameters for 802.11a and 802.11b networks, use the
config 802.11 cac multimedia command.
config 802.11 {a | b} cac multimedia max-bandwidth bandwidth

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

max-bandwidth

Configures the percentage of maximum bandwidth

allocated to Wi-Fi Multimedia (WMM) clients for
voice and video applications on the 802.11a or
802.11b/g network.

bandwidth

Percentage of the maximum bandwidth allocated

to WMM clients for voice and video applications
on the 802.11a or 802.11b/g network. Once the
client reaches the specified value, the access point
rejects new calls on this radio band. The range is
from 5 to 85%.

Command Default

The default maximum bandwidth allocated to Wi-Fi Multimedia (WMM) clients for voice and video applications
on the 802.11a or 802.11b/g network is 85%.

Usage Guidelines

Call Admission Control (CAC) commands for video applications on the 802.11a or 802.11b/g network require
that the WLAN you are planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the
quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable command.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Cisco Wireless LAN Controller Command Reference, Release 8.0

172

OL-31334-01

config Commands

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the percentage of the maximum bandwidth allocated to WMM
clients for voice and video applications on the 802.11a network:
(Cisco Controller) > config 802.11 cac multimedia max-bandwidth 80

Related Commands

show cac voice stats

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

173

config Commands

config 802.11 cac video roam-bandwidth

To configure the percentage of the maximum allocated bandwidth reserved for roaming video clients on the
802.11a or 802.11b/g network, use the config 802.11 cac video roam-bandwidth command.
config 802.11{a | b} cac video roam-bandwidth bandwidth

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

bandwidth

Bandwidth percentage value from 5 to 85%.

Command Default

The maximum allocated bandwidth reserved for roaming video clients on the 802.11a or 802.11b/g network
is 0%.

Usage Guidelines

The controller reserves the specified bandwidth from the maximum allocated bandwidth for roaming video
clients.

Note

If this parameter is set to zero (0), the controller assumes that you do not want to do any bandwidth
allocation and, therefore, allows all bandwidth requests.
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11 {a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11 {a |
b} cac voice acm enable or config 802.11 {a | b} cac video acm enable command.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Examples

The following example shows how to specify the percentage of the maximum allocated bandwidth reserved
for roaming video clients on the selected radio band:
(Cisco Controller) > config 802.11 cac video roam-bandwidth 10

Cisco Wireless LAN Controller Command Reference, Release 8.0

174

OL-31334-01

config Commands

Related Commands

config 802.11 cac video tspec-inactivity-timeout

config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video cac-method
config 802.11 cac video sip
config 802.11 cac video load-based

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

175

config Commands

config 802.11 cac video sip

To enable or disable video Call Admission Control (CAC) for nontraffic specifications (TSPEC) SIP clients
using video applications on the 802.11a or 802.11b/g network, use the config 802.11 cac video sip command.
config 802.11 {a | b} cac video sip {enable | disable}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables video CAC for non-TSPEC SIP clients using video applications
on the 802.11a or 802.11b/g network.
When you enable video CAC for non-TSPEC SIP clients, you can use
applications like Facetime and CIUS video calls.

disable

Disables video CAC for non-TSPEC SIP clients using video

applications on the 802.11a or 802.11b/g network.

Command Default

None

Usage Guidelines

CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are
planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS)
level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11 {a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable command.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Enable call snooping on the WLAN on which the SIP client is present by entering the config wlan
call-snoop enable wlan_id command.

Examples

The following example shows how to enable video CAC for non-TSPEC SIP clients using video applications
on the 802.11a network:
(Cisco Controller) > config 802.11 cac video sip enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

176

OL-31334-01

config Commands

Related Commands

config 802.11 cac video tspec-inactivity-timeout

config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video cac-method
config 802.11 cac video load-based
config 802.11 cac video roam-bandwidth

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

177

config Commands

config 802.11 cac video tspec-inactivity-timeout

To process or ignore the Call Admission Control (CAC) Wi-Fi Multimedia (WMM) traffic specifications
(TSPEC) inactivity timeout received from an access point, use the config 802.11 cac video
tspec-inactivity-timeout command.
config 802.11{a | b} cac video tspec-inactivity-timeout {enable | ignore}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Processes the TSPEC inactivity timeout messages.

ignore

Ignores the TSPEC inactivity timeout messages.

Command Default

The default CAC WMM TSPEC inactivity timeout received from an access point is disabled (ignore).

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Examples

This example shows how to process the response to TSPEC inactivity timeout messages received from an
access point:
(Cisco Controller) > config 802.11a cac video tspec-inactivity-timeout enable

This example shows how to ignore the response to TSPEC inactivity timeout messages received from an
access point:
(Cisco Controller) > config 802.11a cac video tspec-inactivity-timeout ignore

Related Commands

config 802.11 cac video acm

Cisco Wireless LAN Controller Command Reference, Release 8.0

178

OL-31334-01

config Commands

config 802.11 cac video max-bandwidth

config 802.11 cac video roam-bandwidth

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

179

config Commands

config 802.11 cac voice acm

To enable or disable bandwidth-based voice Call Admission Control (CAC) for the 802.11a or 802.11b/g
network, use the config 802.11 cac voice acm command.
config 802.11{a | b} cac voice acm {enable | disable}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the bandwidth-based CAC.

disable

Disables the bandwidth-based CAC.

Command Default

The default bandwidth-based voice CAC for the 802.11a or 802.11b/g network id disabled.

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Examples

This example shows how to enable the bandwidth-based CAC:

(Cisco Controller) > config 802.11c cac voice acm enable

This example shows how to disable the bandwidth-based CAC:

(Cisco Controller) > config 802.11b cac voice acm disable

Related Commands

config 802.11 cac video acm

Cisco Wireless LAN Controller Command Reference, Release 8.0

180

OL-31334-01

config Commands

config 802.11 cac voice max-bandwidth

To set the percentage of the maximum bandwidth allocated to clients for voice applications on the 802.11a
or 802.11b/g network, use the config 802.11 cac voice max-bandwidth command.
config 802.11{a | b} cac voice max-bandwidth bandwidth

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

bandwidth

Bandwidth percentage value from 5 to 85%.

Command Default

The default maximum bandwidth allocated to clients for voice applications on the 802.11a or 802.11b/g
network is 0%.

Usage Guidelines

The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. Once the client
reaches the value specified, the access point rejects new calls on this network.
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to specify the percentage of the maximum allocated bandwidth for voice
applications on the selected radio band:
(Cisco Controller) > config 802.11a cac voice max-bandwidth 50

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

181

config Commands

Related Commands

config 802.11 cac voice roam-bandwidth

config 802.11 cac voice stream-size
config 802.11 exp-bwreq
config 802.11 tsm
config wlan save
show wlan
show wlan summary
config 802.11 cac voice tspec-inactivity-timeout
config 802.11 cac voice load-based
config 802.11 cac video acm

Cisco Wireless LAN Controller Command Reference, Release 8.0

182

OL-31334-01

config Commands

config 802.11 cac voice roam-bandwidth

To configure the percentage of the Call Admission Control (CAC) maximum allocated bandwidth reserved
for roaming voice clients on the 802.11a or 802.11b/g network, use the config 802.11 cac voice
roam-bandwidth command.
config 802.11{a | b} cac voice roam-bandwidth bandwidth

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

bandwidth

Bandwidth percentage value from 0 to 85%.

Command Default

The default CAC maximum allocated bandwidth reserved for roaming voice clients on the 802.11a or 802.11b/g
network is 85%.

Usage Guidelines

The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. The controller reserves
the specified bandwidth from the maximum allocated bandwidth for roaming voice clients.

Note

If this parameter is set to zero (0), the controller assumes you do not want to allocate any bandwidth and
therefore allows all bandwidth requests.
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

183

config Commands

Examples

The following example shows how to configure the percentage of the maximum allocated bandwidth reserved
for roaming voice clients on the selected radio band:
(Cisco Controller) > config 802.11 cac voice roam-bandwidth 10

Related Commands

config 802.11 cac voice acm

config 802.11cac voice max-bandwidth
config 802.11 cac voice stream-size

Cisco Wireless LAN Controller Command Reference, Release 8.0

184

OL-31334-01

config Commands

config 802.11 cac voice tspec-inactivity-timeout

To process or ignore the Wi-Fi Multimedia (WMM) traffic specifications (TSPEC) inactivity timeout received
from an access point, use the config 802.11 cac voice tspec-inactivity-timeout command.
config 802.11{a | b} cac voice tspec-inactivity-timeout {enable | ignore}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Processes the TSPEC inactivity timeout messages.

ignore

Ignores the TSPEC inactivity timeout messages.

Command Default

The default WMM TSPEC inactivity timeout received from an access point is disabled (ignore).

Usage Guidelines

Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured
for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the voice TSPEC inactivity timeout messages received from an
access point:
(Cisco Controller) > config 802.11 cac voice tspec-inactivity-timeout enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

185

config Commands

Related Commands

config 802.11 cac voice load-based

config 802.11 cac voice roam-bandwidth
config 802.11 cac voice acm
config 802.11cac voice max-bandwidth
config 802.11 cac voice stream-size

Cisco Wireless LAN Controller Command Reference, Release 8.0

186

OL-31334-01

config Commands

config 802.11 cac voice load-based

To enable or disable load-based Call Admission Control (CAC) for the 802.11a or 802.11b/g network, use
the config 802.11 cac voice load-based command.
config 802.11{a | b} cac voice load-based {enable | disable}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables load-based CAC.

disable

Disables load-based CAC.

Command Default

The default load-based CAC for the 802.11a or 802.11b/g network is disabled.

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the voice load-based CAC parameters:
(Cisco Controller) > config 802.11a cac voice load-based enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

187

config Commands

The following example shows how to disable the voice load-based CAC parameters:
(Cisco Controller) > config 802.11a cac voice load-based disable

Related Commands

config 802.11 cac voice tspec-inactivity-timeout

config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac voice stream-size

Cisco Wireless LAN Controller Command Reference, Release 8.0

188

OL-31334-01

config Commands

config 802.11 cac voice max-calls

Note

Do not use the config 802.11 cac voice max-calls command if the SIP call snooping feature is disabled
and if the SIP based Call Admission Control (CAC) requirements are not met.
To configure the maximum number of voice call supported by the radio, use the config 802.11 cac voice
max-calls command.
config 802.11{a | b} cac voice max-calls number

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

number

Number of calls to be allowed per radio.

Command Default

The default maximum number of voice call supported by the radio is 0, which means that there is no maximum
limit check for the number of calls.

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

189

config Commands

Examples

The following example shows how to configure the maximum number of voice calls supported by radio:
(Cisco Controller) > config 802.11 cac voice max-calls 10

Related Commands

config 802.11 cac voice roam-bandwidth

config 802.11 cac voice stream-size
config 802.11 exp-bwreq
config 802.11 cac voice tspec-inactivity-timeout
config 802.11 cac voice load-based
config 802.11 cac video acm

Cisco Wireless LAN Controller Command Reference, Release 8.0

190

OL-31334-01

config Commands

config 802.11 cac voice sip bandwidth

Note

SIP bandwidth and sample intervals are used to compute per call bandwidth for the SIP-based Call
Admission Control (CAC).
To configure the bandwidth that is required per call for the 802.11a or 802.11b/g network, use the config
802.11 cac voice sip bandwidth command.
config 802.11{a | b} cac voice sip bandwidth bw_kbps sample-interval number_msecs

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

bw_kbps

Bandwidth in kbps.

sample-interval

Specifies the packetization interval for SIP codec.

number_msecs

Packetization sample interval in msecs. The sample interval for SIP codec is 20
seconds.

Command Default

None

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

191

config Commands

Examples

The following example shows how to configure the bandwidth and voice packetization interval for a SIP
codec:
(Cisco Controller) > config 802.11 cac voice sip bandwidth 10 sample-interval 40

Related Commands

config 802.11 cac voice acm

config 802.11 cac voice load-based
config 802.11 cac voice max-bandwidth
config 802.11 cac voice roam-bandwidth
config 802.11 cac voice tspec-inactivity-timeout
config 802.11 exp-bwreq

Cisco Wireless LAN Controller Command Reference, Release 8.0

192

OL-31334-01

config Commands

config 802.11 cac voice sip codec

To configure the Call Admission Control (CAC) codec name and sample interval as parameters and to calculate
the required bandwidth per call for the 802.11a or 802.11b/g network, use the config 802.11 cac voice sip
codec command.
config 802.11{a | b} cac voice sip codec {g711 | g729} sample-interval number_msecs

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

g711

Specifies CAC parameters for the SIP G711 codec.

g729

Specifies CAC parameters for the SIP G729 codec.

sample-interval

Specifies the packetization interval for SIP codec.

number_msecs

Packetization interval in msecs. The sample interval for SIP codec value is 20
seconds.

Command Default

The default CAC codec parameter is g711.

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

193

config Commands

Examples

The following example shows how to configure the codec name and sample interval as parameters for SIP
G711 codec:
(Cisco Controller) >

config 802.11a cac voice sip codec g711 sample-interval 40

This example shows how to configure the codec name and sample interval as parameters for SIP G729 codec:
(Cisco Controller) > config 802.11a cac voice sip codec g729 sample-interval 40

Related Commands

config 802.11 cac voice acm

config 802.11 cac voice load-based
config 802.11 cac voice max-bandwidth
config 802.11 cac voice roam-bandwidth
config 802.11 cac voice tspec-inactivity-timeout
config 802.11 exp-bwreq

Cisco Wireless LAN Controller Command Reference, Release 8.0

194

OL-31334-01

config Commands

config 802.11 cac voice stream-size

To configure the number of aggregated voice Wi-Fi Multimedia (WMM) traffic specification (TSPEC) streams
at a specified data rate for the 802.11a or 802.11b/g network, use the config 802.11 cac voice stream-size
command.
config 802.11{a | b} cac voice stream-size stream_size number mean_datarate max-streams mean_datarate

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

stream-size

Configures the maximum data rate for the stream.

stream_size

Range of stream size is between 84000 and 92100.

number

Number (1 to 5) of voice streams.

mean_datarate

Configures the mean data rate.

max-streams

Configures the mean data rate of a voice stream.

mean_datarate

Mean data rate (84 to 91.2 kbps) of a voice stream.

Command Default

The default number of streams is 2 and the mean data rate of a stream is 84 kbps.

Usage Guidelines

Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured
for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

195

config Commands

Examples

The following example shows how to configure the number of aggregated voice traffic specifications stream
with the stream size 5 and the mean data rate of 85000 kbps:
(Cisco Controller) > config 802.11 cac voice stream-size 5 max-streams size 85

Related Commands

config 802.11 cac voice acm

config 802.11 cac voice load-based
config 802.11 cac voice max-bandwidth
config 802.11 cac voice roam-bandwidth
config 802.11 cac voice tspec-inactivity-timeout
config 802.11 exp-bwreq

Cisco Wireless LAN Controller Command Reference, Release 8.0

196

OL-31334-01

config Commands

config 802.11 disable

To disable radio transmission for an entire 802.11 network or for an individual Cisco radio, use the
config 802.11 disable command.
config 802.11{a | b} disable {network | cisco_ap}

Syntax Description

Command Default

Command History

Usage Guidelines

Configures the 802.11a on slot 1 and 802.11ac radio on slot 2.

radio.

Specifies the 802.11b/g network.

network

Disables transmission for the entire 802.11a network.

cisco_ap

Individual Cisco lightweight access point radio.

The transmission is enabled for the entire network by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

You must use this command to disable the network before using many config 802.11 commands.
This command can be used any time that the CLI interface is active.

Examples

The following example shows how to disable the entire 802.11a network:
(Cisco Controller) >config 802.11a disable network

The following example shows how to disable access point AP01 802.11b transmissions:
(Cisco Controller) >config 802.11b disable AP01

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

197

config Commands

config 802.11 dtpc

To enable or disable the Dynamic Transmit Power Control (DTPC) setting for an 802.11 network, use the
config 802.11 dtpc command.
config 802.11{a | b} dtpc {enable | disable}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the support for this command.

disable

Disables the support for this command.

The default DTPC setting for an 802.11 network is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable DTPC for an 802.11a network:
(Cisco Controller) > config 802.11a dtpc disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

198

OL-31334-01

config Commands

config 802.11 enable

To enable radio transmission for an entire 802.11 network or for an individual Cisco radio, use the config 802.11
enable command.
config 802.11{a | b} enable {network | cisco_ap}

Syntax Description

Configures the 802.11a radioon slot 1 and 802.11ac on slot 2.

Specifies the 802.11b/g network.

network

Disables transmission for the entire 802.11a network.

cisco_ap

Individual Cisco lightweight access point radio.

Command Default

The transmission is enabled for the entire network by default.

Usage Guidelines

Use this command with the config 802.11 disable command when configuring 802.11 settings.
This command can be used any time that the CLI interface is active.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable radio transmission for the entire 802.11a network:
(Cisco Controller) > config 802.11a enable network

The following example shows how to enable radio transmission for AP1 on an 802.11b network:
(Cisco Controller) > config 802.11b enable AP1

Related Commands

show sysinfo show 802.11a

config wlan radio
config 802.11a disable
config 802.11b disable
config 802.11b enable
config 802.11b 11gSupport enable
config 802.11b 11gSupport disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

199

config Commands

config 802.11 exp-bwreq

To enable or disable the Cisco Client eXtension (CCX) version 5 expedited bandwidth request feature for an
802.11 radio, use the config 802.11 exp-bwreq command.
config 802.11{a | b} exp-bwreq {enable | disable}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the expedited bandwidth request feature.

disable

Disables the expedited bandwidth request feature.

Command Default

The expedited bandwidth request feature is disabled by default.

Usage Guidelines

When this command is enabled, the controller configures all joining access points for this feature.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the CCX expedited bandwidth settings:
(Cisco Controller) > config 802.11a exp-bwreq enable
Cannot change Exp Bw Req mode while 802.11a network is operational.

The following example shows how to disable the CCX expedited bandwidth settings:
(Cisco Controller) > config 802.11a exp-bwreq disable

Related Commands

show 802.11a
show ap stats 802.11a

Cisco Wireless LAN Controller Command Reference, Release 8.0

200

OL-31334-01

config Commands

config 802.11 fragmentation

To configure the fragmentation threshold on an 802.11 network, use the config 802.11 fragmentation
command.
config 802.11{a | b} fragmentation threshold

Note

Syntax Description

Command Default

Command History

Examples

This command can only be used when the network is disabled using the config 802.11 disable command.

Specifies the 802.11a network.

Specifies the 802.11b/g network.

threshold

Number between 256 and 2346 bytes (inclusive).

None.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This example shows how to configure the fragmentation threshold on an 802.11a network with the threshold
number of 6500 bytes:
(Cisco Controller) > config 802.11a fragmentation 6500

Related Commands

config 802.11b fragmentation

show 802.11b
show ap auto-rtf

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

201

config Commands

config 802.11 l2roam rf-params

To configure 802.11a or 802.11b/g Layer 2 client roaming parameters, use the config 802.11 l2roam rf-params
command.
config 802.11{a | b} l2roam rf-params {default | custom min_rssi roam_hyst scan_thresh trans_time}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

default

Restores Layer 2 client roaming RF parameters to default values.

custom

Configures custom Layer 2 client roaming RF parameters.

min_rssi

Minimum received signal strength indicator (RSSI) that is

required for the client to associate to the access point. If the
clients average received signal power dips below this threshold,
reliable communication is usually impossible. Clients must
already have found and roamed to another access point with a
stronger signal before the minimum RSSI value is reached. The
valid range is 80 to 90 dBm, and the default value is 85 dBm.

roam_hyst

How much greater the signal strength of a neighboring access

point must be in order for the client to roam to it. This parameter
is intended to reduce the amount of roaming between access
points if the client is physically located on or near the border
between the two access points. The valid range is 2 to 4 dB, and
the default value is 2 dB.

scan_thresh

Minimum RSSI that is allowed before the client should roam

to a better access point. When the RSSI drops below the
specified value, the client must be able to roam to a better access
point within the specified transition time. This parameter also
provides a power-save method to minimize the time that the
client spends in active or passive scanning. For example, the
client can scan slowly when the RSSI is above the threshold
and scan more rapidly when the RSSI is below the threshold.
The valid range is 70 to 77 dBm, and the default value is 72
dBm.

trans_time

Maximum time allowed for the client to detect a suitable

neighboring access point to roam to and to complete the roam,
whenever the RSSI from the clients associated access point is
below the scan threshold. The valid range is 1 to 10 seconds,
and the default value is 5 seconds.
Note

For high-speed client roaming applications in outdoor

mesh environments, we recommend that you set the
transition time to 1 second.

Cisco Wireless LAN Controller Command Reference, Release 8.0

202

OL-31334-01

config Commands

Command Default

The default minimum RSSI is -85 dBm. The default signal strength of a neighboring access point is 2 dB.
The default scan threshold value is -72 dBm. The default time allowed for the client to detect a suitable
neighboring access point to roam to and to complete the roam is 5 seconds.

Usage Guidelines

For high-speed client roaming applications in outdoor mesh environments, we recommend that you set the
trans_time to 1 second.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure custom Layer 2 client roaming parameters on an 802.11a
network:
(Cisco Controller) > config 802.11 l2roam rf-params custom 80 2 70 7

Related Commands

show advanced 802.11 l2roam

show l2tp

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

203

config Commands

config 802.11 max-clients

To configure the maximum number of clients per access point, use the config 802.11 max-clients command.
config 802.11{a | b} max-clients max-clients

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

max-clients

Configures the maximum number of client connections per access point.

max-clients

Maximum number of client connections per access point. The range is from 1
to 200.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the maximum number of clients at 22:
(Cisco Controller) > config 802.11 max-clients 22

Related Commands

show ap config 802.11a

config 802.11b rate

Cisco Wireless LAN Controller Command Reference, Release 8.0

204

OL-31334-01

config Commands

config 802.11 multicast data-rate

To configure the minimum multicast data rate, use the config 802.11 multicast data-rate command.
config 802.11{a | b} multicast data-rate data_rate [ap ap_name | default]

Syntax Description

data_rate

Minimum multicast data rates. The options are 6, 9, 12, 18, 24, 36, 48, 54. Enter
0 to specify that APs will dynamically adjust the number of the buffer allocated
for multicast.

ap_name

Specific AP radio in this data rate.

default

Configures all APs radio in this data rate.

Command Default

The default is 0 where the configuration is disabled and the multicast rate is the lowest mandatory data rate
and unicast client data rate.

Usage Guidelines

When you configure the data rate without the AP name or default keyword, you globally reset all the APs to
the new value and update the controller global default with this new data rate value. If you configure the data
rate with default keyword, you only update the controller global default value and do not reset the value of
the APs that are already joined to the controller. The APs that join the controller after the new data rate value
is set receives the new data rate value.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure minimum multicast data rate settings:
(Cisco Controller) > config 802.11 multicast data-rate 12

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

205

config Commands

config 802.11 rate

To set mandatory and supported operational data rates for an 802.11 network, use the config 802.11 rate
command.
config 802.11{a | b} rate {disabled | mandatory | supported} rate

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

disabled

Disables a specific data rate.

mandatory

Specifies that a client supports the data rate in order to use the network.

supported

Specifies to allow any associated client that supports the data rate to use the
network.

rate

Rate value of 6, 9, 12, 18, 24, 36, 48, or 54 Mbps.

Command Default

None

Usage Guidelines

The data rates set with this command are negotiated between the client and the Cisco wireless LAN controller.
If the data rate is set to mandatory, the client must support it in order to use the network. If a data rate is set
as supported by the Cisco wireless LAN controller, any associated client that also supports that rate may
communicate with the Cisco lightweight access point using that rate. It is not required that a client is able to
use all the rates marked supported in order to associate.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the 802.11b transmission at a mandatory rate at 12 Mbps:
(Cisco Controller) > config 802.11b rate mandatory 12

Related Commands

show ap config 802.11a

config 802.11b rate

Cisco Wireless LAN Controller Command Reference, Release 8.0

206

OL-31334-01

config Commands

config 802.11 rssi-check

To configure the 802.11 RSSI Low Check feature, use the config 802.11 rssi-check command.
config 802.11{a| b}rssi-check{enable| disable}

Syntax Description

Command Default

Command History

Usage Guidelines

rssi-check

Configures the RSSI Low Check feature.

enable

Enables the RSSI Low Check feature.

disable

Disables the RSSI Low Check feature.

None

Release

Modification

7.5

This command was introduced.

Service providers can use the RSSI Low Check feature to prevent clients from connecting to their Wi-Fi
network unless the client has a viable connection. In many scenarios, even though clients can hear beacons
and connect to Wi-Fi, the signal might not be strong enough to support a stable connection. Use this feature
to determine how strong a client must be heard for it to associate with the Wi-Fi network.
If you enable the RSSI Low Check feature, when a client sends an association request to the AP, the controller
gets the RSSI value from the association message and compares it with the RSSI threshold that is configured.
If the RSSI value from the association message is less than the RSSI threshold value, the controller rejects
the association request. Note that this is only for association frames, and not for other messages.
The default RSSI Low Check value is 80 dBm, which means an association request from a client can be
rejected if the AP hears a client with a signal that is weaker than 80 dBm. If you lower the value to 90 dBm,
clients are allowed to connect at a further distance, but there is also a higher probability of the connection
quality being poor. We recommend that you do not go higher than 80 dBm, for example 70 dBm, because
this makes the cell size significantly smaller.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

207

config Commands

config 802.11 rssi-threshold

To configure the 802.11 RSSI Low Check threshold, use the config 802.11 rssi-threshold command.
config 802.11{a| b} rssi-threshold value-in-dBm

Syntax Description

Command Default

Command History

Usage Guidelines

rssi-threshold

Configures the RSSI Low Check threshold value.

value-in-dBm

RSSI threshold value in dBm. The default value is 80 dBm.

The default value of the RSSI Low Check threshold is 80 dBm.

Release

Modification

7.5

This command was introduced.

Examples

The following example shows how to configure the RSSI threshold value to 70 dBm for an 802.11a network:
(Cisco Controller) > config 802.11a rssi-threshold 70

Cisco Wireless LAN Controller Command Reference, Release 8.0

208

OL-31334-01

config Commands

config 802.11 tsm

To enable or disable the video Traffic Stream Metric (TSM) option for the 802.11a or 802.11b/g network,
use the config 802.11 tsm command.
config 802.11{a | b} tsm {enable | disable}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the video TSM settings.

disable

Disables the video TSM settings.

By default, the TSM for the 802.11a or 802.11b/g network is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the video TSM option for the 802.11b/g network:
(Cisco Controller) > config 802.11b tsm enable

The following example shows how to disable the video TSM option for the 802.11b/g network:
(Cisco Controller) > config 802.11b tsm disable

Related Commands

show ap stats
show client tsm

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

209

config Commands

config advanced 802.11 7920VSIEConfig

To configure the Cisco unified wireless IP phone 7920 VISE parameters, use the config advanced 802.11
7920VSIEConfig command.
config advanced 802.11{a | b} 7920VSIEConfig {call-admission-limit limit | G711-CU-Quantum quantum}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

call-admission-limit

Configures the call admission limit for the 7920s.

G711-CU-Quantum

Configures the value supplied by the infrastructure indicating the current number
of channel utilization units that would be used by a single G.711-20ms call.

limit

Call admission limit (from 0 to 255). The default value is 105.

quantum

G711 quantum value. The default value is 15.

None.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This example shows how to configure the call admission limit for 7920 VISE parameters:
(Cisco Controller) > config advanced 802.11 7920VSIEConfig call-admission-limit 4

Cisco Wireless LAN Controller Command Reference, Release 8.0

210

OL-31334-01

config Commands

config advanced 802.11 edca-parameters

To enable a specific enhanced distributed channel access (EDCA) profile on the 802.11a network, use the
config advanced 802.11 edca-parameters command.
config advanced 802.11{a | b} edca-parameters {wmm-default | svp-voice | optimized-voice |
optimized-video-voice | custom-voice}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

wmm-default

Enables the Wi-Fi Multimedia (WMM) default

parameters. Choose this option when voice or video
services are not deployed on your network.

svp-voice

Enables Spectralink voice priority parameters. Choose

this option if Spectralink phones are deployed on your
network to improve the quality of calls.

optimized-voice

Enables EDCA voice-optimized profile parameters.

Choose this option when voice services other than
Spectralink are deployed on your network.

optimized-video-voice

Enables EDCA voice- and video-optimized profile

parameters. Choose this option when both voice and
video services are deployed on your network.
Note

Enables custom voice EDCA parameters for 802.11a.

The EDCA parameters under this option also match the
6.0 WMM EDCA parameters when this profile is
applied.

custom-voice

Command Default

Command History

If you deploy video services, admission control

(ACM) must be disabled.

The default EDCA parameter is wmm-default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

211

config Commands

Examples

This example shows how to enable Spectralink voice priority parameters:

(Cisco Controller) > config advanced 802.11 edca-parameters svp-voice

Related Commands

show 802.11a
config advanced 802.11b edca-parameters

Cisco Wireless LAN Controller Command Reference, Release 8.0

212

OL-31334-01

config Commands

config advanced fastpath fastcache

To configure the fastpath fast cache control, use the config advanced fastpath fastcache command.
config advanced fastpath fastcache {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the fastpath fast cache control.

disable

Disables the fastpath fast cache control.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the fastpath fast cache control:
(Cisco Controller) > config advanced fastpath fastcache enable

Related Commands

config advanced fastpath pkt-capture

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

213

config Commands

config advanced fastpath pkt-capture

To configure the fastpath packet capture, use the config advanced fastpath pkt-capture command.
config advanced fastpath pkt-capture {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the fastpath packet capture.

disable

Disables the fastpath packet capture.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the fastpath packet capture:
(Cisco Controller) > config advanced fastpath pkt-capture enable

Related Commands

config advanced fastpath fastcache

Cisco Wireless LAN Controller Command Reference, Release 8.0

214

OL-31334-01

config Commands

config advanced sip-preferred-call-no

To configure voice prioritization, use the config advanced sip-preferred-call-no command.
config advanced sip-preferred-call-no call_index {call_number | none}

Syntax Description

call_index

Call index with valid values between 1 and 6.

call_number

Preferred call number that can contain up to 27 characters.

none

Deletes the preferred call set for the specified index.

Command Default

None

Usage Guidelines

Before you configure voice prioritization, you must complete the following prerequisites:
Set the voice to the platinum QoS level by entering the config wlan qos wlan-id platinum command.
Enable the admission control (ACM) to this radio by entering the config 802.11 {a | b} cac {voice |
video} acm enable command.
Enable the call-snooping feature for a particular WLAN by entering the config wlan call-snoop enable
wlan-id command.
To view statistics about preferred calls, enter the show ap stats {802.11{a | b} | wlan} cisco_ap command.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add a new preferred call for index 2:
(Cisco Controller) > config advanced sip-preferred-call-no 2 0123456789

Related Commands

config wlan qos

config 802.11 cac video acm
config 802.11 cac voice acm
config wlan call-snoop
show ap stats

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

215

config Commands

config advanced sip-snooping-ports

To configure call snooping ports, use the config advanced sip-snooping-ports command.
config advanced sip-snooping-ports start_port end_port

Syntax Description

Usage Guidelines

start_port

Starting port for call snooping. The range is from 0 to 65535.

end_port

Ending port for call snooping. The range is from 0 to 65535.

If you need only a single port for call snooping, configure the start and end port with the same number.
The port used by the CIUS tablet is 5060 and the port range used by Facetime is from 16384 to16402.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the call snooping ports:
(Cisco Controller) > config advanced sip-snooping-ports 4000 4500

Related Commands

show cac voice stats

show cac voice summary
show cac video stats
show cac video summary
config 802.11 cac video sip
config 802.11 cac voice sip
show advanced sip-preferred-call-no
show advanced sip-snooping-ports
debug cac

Cisco Wireless LAN Controller Command Reference, Release 8.0

216

OL-31334-01

config Commands

config avc profile create

To create a new Application Visibility and Control (AVC) profile, use the config avc profile create command.
config avc profile profile_name create

Syntax Description

Command Default

Command History

profile_name

Name of the AVC profile. The profile name can be up to 32 case-sensitive,

alphanumeric characters.

create

Creates a new AVC profile.

None

Release

Modification

7.4

This command was introduced.

Usage Guidelines

You can configure up to 16 AVC profiles on a controller and associate an AVC profile with multiple WLANs.
You can configure only one AVC profile per WLAN and each AVC profile can have up to 32 rules. Each
rule states a Mark or Drop action for an application, which allows you to configure up to 32 application actions
per WLAN.

Examples

The following example shows how to create a new AVC profile:

(Cisco Controller) > config avc profile avcprofile1 create

Related Commands

config avc profile delete

config avc profile rule
config wlan avc
show avc profile
show avc applications
show avc statistics
debug avc error
debug avc events

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

217

config Commands

config avc profile delete

To delete an Application Visibility and Control (AVC) profile, use the config avc profile delete command.
config avc profile profile_name delete

Syntax Description

Command Default

Command History

Examples

profile_name

Name of the AVC profile.

delete

Deletes an AVC profile.

The AVC profile is not deleted.

Release

Modification

7.4

This command was introduced.

The following example shows how to delete an AVC profile:

(Cisco Controller) > config avc profile avcprofile1 delete

Related Commands

config avc profile create

config avc profile rule
config wlan avc
show avc profile summary
show avc profile detailed
debug avc error
debug avc events

Cisco Wireless LAN Controller Command Reference, Release 8.0

218

OL-31334-01

config Commands

config avc profile rule

To configure a rule for an Application Visibility and Control (AVC) profile, use the config avc profile rule
command.
config avc profile profile_name rule {add | remove} application application_name {drop | mark dscp}

Syntax Description

Command Default

Command History

Examples

profile_name

Name of the AVC profile.

rule

Configures a rule for the AVC profile.

add

Creates a rule for the AVC profile.

remove

Deletes a rule for the AVC profile.

application

Specifies the application that has to be dropped or marked.

application_name

Name of the application. The application name can be up to 32 case-sensitive,

alphanumeric characters.

drop

Drops the upstream and downstream packets that correspond to the chosen
application.

mark

Marks the upstream and downstream packets that correspond to the chosen
application with the Differentiated Services Code Point (DSCP) value that you
specify in the drop-down list. The DSCP value helps you provide differentiated
services based on the QoS levels.

dscp

Packet header code that is used to define the QoS across the Internet. The range
is from 0 to 63.

None

Release

Modification

7.4

This command was introduced.

The following example shows how to configure a rule for an AVC profile:
(Cisco Controller) > config avc profile avcprofile1 rule add application gmail mark 10

Related Commands

config avc profile delete

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

219

config Commands

config avc profile create

config wlan avc
show avc profile
show avc applications
show avc statistics
debug avc error
debug avc events

Cisco Wireless LAN Controller Command Reference, Release 8.0

220

OL-31334-01

config Commands

config band-select cycle-count

To set the band select probe cycle count, use the config band-select cycle-count command.
config band-select cycle-count count

Syntax Description

Command Default

Command History

Examples

count

Value for the cycle count between 1 to 10.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the probe cycle count for band select to 8:
(Cisco Controller) > config band-select cycle-count 8

Related Commands

config band-select cycle-threshold

config band-select expire
config band-select client-rssi

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

221

config Commands

config band-select cycle-threshold

To set the time threshold for a new scanning cycle, use the config band-select cycle-threshold command.
config band-select cycle-threshold threshold

Syntax Description

Command Default

Command History

Examples

threshold

Value for the cycle threshold between 1 and 1000

milliseconds.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the time threshold for a new scanning cycle with threshold value of
700 milliseconds:
(Cisco Controller) > config band-select cycle-threshold 700

Related Commands

config band-select cycle-count

config band-select expire
config band-select client-rssi

Cisco Wireless LAN Controller Command Reference, Release 8.0

222

OL-31334-01

config Commands

config band-select expire

To set the entry expire for band select, use the config band-select expire command.
config band-select expire {suppression | dual-band} seconds

Syntax Description

suppression

Sets the suppression expire to the band select.

dual-band

Sets the dual band expire to the band select.

seconds

Value for suppression between 10 to 200 seconds.

Value for a dual-band between 10 to 300 seconds.

Command Default

Command History

Examples

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the suppression expire to 70 seconds:
(Cisco Controller) > config band-select expire suppression 70

Related Commands

config band-select cycle-threshold

config band-select client-rssi
config band-select cycle-count

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

223

config Commands

config band-select client-rssi

To set the client received signal strength indicator (RSSI) threshold for band select, use the config band-select
client-rssi command.
config band-select client-rssi rssi

Syntax Description

rssi

Command Default

None

Command History

Examples

Minimum dBM of a client RSSI to respond to probe between

20 and 90.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the RSSI threshold for band select to 70:
(Cisco Controller) > config band-select client-rssi 70

Related Commands

config band-select cycle-threshold

config band-select expire
config band-select cycle-count

Cisco Wireless LAN Controller Command Reference, Release 8.0

224

OL-31334-01

config Commands

config boot
To change a Cisco wireless LAN controller boot option, use the config boot command.
config boot {primary | backup}

Syntax Description

Command Default

Command History

primary

Sets the primary image as active.

backup

Sets the backup image as active.

The default boot option is primary.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Each Cisco wireless LAN controller can boot off the primary, last-loaded operating system image (OS) or
boot off the backup, earlier-loaded OS image.

Examples

The following example shows how to set the primary image as active so that the LAN controller can boot off
the primary, last loaded image:
(Cisco Controller) > config boot primary

The following example shows how to set the backup image as active so that the LAN controller can boot off
the backup, earlier loaded OS image:
(Cisco Controller) > config boot backup

Related Commands

show boot

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

225

config Commands

config cdp
To configure the Cisco Discovery Protocol (CDP) on the controller, use the config cdp command.
config cdp {enable | disable | advertise-v2 {enable | disable} | timerseconds | holdtime holdtime_interval}

Syntax Description

Command Default

enable

Enables CDP on the controller.

disable

Disables CDP on the controller.

advertise-v2

Configures CDP version 2 advertisements.

timer

Configures the interval at which CDP messages

are to be generated.

seconds

Time interval at which CDP messages are to be

generated. The range is from 5 to 254 seconds.

holdtime

Configures the amount of time to be advertised

as the time-to-live value in generated CDP
packets.

holdtime_interval

Maximum hold timer value. The range is from

10 to 255 seconds.

The default value for CDP timer is 60 seconds.

The default value for CDP holdtime is 180 seconds.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the CDP maximum hold timer to 150 seconds:
(Cisco Controller) > config cdp timer 150

Related Commands

config ap cdp
show cdp
show ap cdp

Cisco Wireless LAN Controller Command Reference, Release 8.0

226

OL-31334-01

config Commands

config certificate
To configure Secure Sockets Layer (SSL) certificates, use the config certificate command.
config certificate {generate {webadmin | webauth} | compatibility {on | off}}

Syntax Description

Command Default

Command History

Examples

generate

Specifies authentication certificate generation settings.

webadmin

Generates a new web administration certificate.

webauth

Generates a new web authentication certificate.

compatibility

Specifies the compatibility mode for inter-Cisco wireless LAN controller IPsec settings.

Enables the compatibility mode.

off

Disables the compatibility mode.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to generate a new web administration SSL certificate:
(Cisco Controller) > config certificate generate webadmin
Creating a certificate may take some time. Do you wish to continue? (y/n)

The following example shows how to configure the compatibility mode for inter-Cisco wireless LAN controller
IPsec settings:
(Cisco Controller) > config certificate compatibility

Related Commands

config certificate lsc

show certificate compatibility
show certificate lsc
show certificate summary
show local-auth certificates

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

227

config Commands

config certificate lsc

To configure Locally Significant Certificate (LSC) certificates, use the config certificate lsc command.
config certificate lsc {enable | disable | ca-server http://url:port/path | ca-cert {add | delete} |
subject-params country state city orgn dept email | other-params keysize} | ap-provision {auth-list {add
| delete} ap_mac | revert-cert retries}

Syntax Description

enable

Enables LSC certificates on the controller.

disable

Disables LSC certificates on the controller.

ca-server

Specifies the Certificate Authority (CA) server settings.

http://url:port/path

Domain name or IP address of the CA server.

ca-cert

Specifies CA certificate database settings.

add

Obtains a CA certificate from the CA server and adds it to the controllers

certificate database.

delete

Deletes a CA certificate from the controllers certificate database.

subject-params

Specifies the device certificate settings.

country state city orgn

dept email

Country, state, city, organization, department, and email of the certificate

authority.
Note

The common name (CN) is generated automatically on the access point

using the current MIC/SSC format Cxxxx-MacAddr, where xxxx is the
product number.

other-params

Specifies the device certificate key size settings.

keysize

Value from 384 to 2048 (in bits); the default value is 2048.

ap-provision

Specifies the access point provision list settings.

auth-list

Specifies the provision list authorization settings.

ap_mac

MAC address of access point to be added or deleted from the provision list.

revert-cert

Specifies the number of times the access point attempts to join the controller
using an LSC before reverting to the default certificate.

retries

Value from 0 to 255; the default value is 3.

Note

If you set the number of retries to 0 and the access point fails to join the
controller using an LSC, the access point does not attempt to join the
controller using the default certificate. If you are configuring LSC for
the first time, we recommend that you configure a nonzero value.

Cisco Wireless LAN Controller Command Reference, Release 8.0

228

OL-31334-01

config Commands

Command Default

Command History

Usage Guidelines

The default value of keysize is 2048 bits. The default value of retries is 3.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

You can configure only one CA server. To configure a different CA server, delete the configured CA server
by using the config certificate lsc ca-server delete command, and then configure a different CA server.
If you configure an access point provision list, only the access points in the provision list are provisioned
when you enable AP provisioning (in Step 8). If you do not configure an access point provision list, all access
points with an MIC or SSC certificate that join the controller are LSC provisioned.

Examples

The following example shows how to enable the LSC settings:

(Cisco Controller) >config certificate lsc enable

This example shows how to enable the LSC settings for Certificate Authority (CA) server settings:
(Cisco Controller) >config certificate lsc ca-server http://10.0.0.1:8080/caserver

The following example shows how to add a CA certificate from the CA server and add it to the controllers
certificate database:
(Cisco Controller) >config certificate lsc ca-cert add

The following example shows how to configure an LSC certificate with the keysize of 2048 bits:
(Cisco Controller) >config certificate lsc keysize 2048

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

229

config Commands

config certificate ssc

To configure Self Signed Certificates (SSC) certificates, use the config certificate ssc command.
config certificate ssc hash validation {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

hash

Configures the SSC hash key.

validation

Configures hash validation of the SSC certificate.

enable

Enables hash validation of the SSC certificate.

disable

Disables hash validation of the SSC certificate.

The SSC certificate is enabled by default..

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

When you enable the SSC hash validation, an AP validates the SSC certificate of the virtual controller. When
an AP validates the SSC certificate, it checks if the hash key of the virtual controller matches the hash key
stored in its flash. If a match is found, the validation passes and the AP moves to the Run state. If a match is
not found, the validation fails and the AP disconnects from the controller and restarts the discovery process.
By default, hash validation is enabled. Hence, an AP must have the virtual controller hash key in its flash
before associating with the virtual controller. If you disable hash validation of the SSC certificate, the AP
bypasses the hash validation and directly moves to the Run state.
APs can associate with a physical controller, download the hash keys and then associate with a virtual controller.
If the AP is associated to a physical controller and if hash validation is disabled, it joins any virtual controller
without hash validation.

Examples

The following example shows how to enable hash validation of the SSC certificate:
(Cisco Controller) > config certificate ssc hash validation enable

Related Commands

show certificate ssc

show mobility group member
config mobility group member hash
config certificate

Cisco Wireless LAN Controller Command Reference, Release 8.0

230

OL-31334-01

config Commands

show certificate compatibility

show certificate lsc
show certificate summary
show local-auth certificates

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

231

config Commands

config certificate use-device-certificate webadmin

To use a device certificate for web administration, use the config certificate use-device-certificate webadmin
command.
config certificate use-device-certificate webadmin

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to use a device certificate for web administration:
(Cisco Controller) > config certificate use-device-certificate webadmin
Use device certificate for web administration. Do you wish to continue? (y/n) y
Using device certificate for web administration.
Save configuration and restart controller to use new certificate.

Related Commands

config certificate
show certificate compatibility
show certificate lsc
show certificate ssc
show certificate summary
show local-auth certificates

Cisco Wireless LAN Controller Command Reference, Release 8.0

232

OL-31334-01

config Commands

config coredump
To enable or disable the controller to generate a core dump file following a crash, use the config cordump
command.
config coredump {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the controller to generate a core dump file.

disable

Disables the controller to generate a core dump file.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the controller to generate a core dump file following a crash:
(Cisco Controller) > config coredump enable

Related Commands

config coredump ftp

config coredump username
show coredump summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

233

config Commands

config coredump ftp

To automatically upload a controller core dump file to an FTP server after experiencing a crash, use the config
coredump ftp command.
config coredump ftp server_ip_address filename

Syntax Description

Command Default

Command History

server_ip_address

IP address of the FTP server to which the controller sends its core dump file.

filename

Name given to the controller core dump file.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports only IPv4 address format.

Usage Guidelines

The controller must be able to reach the FTP server to use this command.

Examples

The following example shows how to configure the controller to upload a core dump file named
core_dump_controller to an FTP server at network address 192.168.0.13:
(Cisco Controller) > config coredump ftp 192.168.0.13 core_dump_controller

Related Commands

config coredump
config coredump username
show coredump summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

234

OL-31334-01

config Commands

config coredump username

To specify the FTP server username and password when uploading a controller core dump file after experiencing
a crash, use the config coredump username command.
config coredump username ftp_username password ftp_password

Syntax Description

Command Default

Command History

ftp_username

FTP server login username.

ftp_password

FTP server login password.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The controller must be able to reach the FTP server to use this command.

Examples

The following example shows how to specify a FTP server username of admin and password adminpassword
for the core dump file upload:
(Cisco Controller) > config coredump username admin password adminpassword

Related Commands

config coredump ftp

config coredump
show coredump summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

235

config Commands

config custom-web ext-webauth-mode

To configure external URL web-based client authorization for the custom-web authentication page, use the
config custom-web ext-webauth-mode command.
config custom-web ext-webauth-mode {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the external URL web-based client authorization.

disable

Disables the external URL we-based client authentication.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the external URL web-based client authorization:
(Cisco Controller) > config custom-web ext-webauth-mode enable

Related Commands

config custom-web redirectUrl

config custom-web weblogo
config custom-web webmessage
config custom-web webtitle
config custom-web ext-webauth-url show custom-web

Cisco Wireless LAN Controller Command Reference, Release 8.0

236

OL-31334-01

config Commands

config custom-web ext-webauth-url

To configure the complete external web authentication URL for the custom-web authentication page, use the
config custom-web ext-webauth-url command.
config custom-web ext-webauth-url URL

Syntax Description

URL

Command Default

None

Command History

Examples

URL used for web-based client authorization.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the complete external web authentication URL
http://www.AuthorizationURL.com/ for the web-based client authorization:
(Cisco Controller) > config custom-web ext-webauth-url http://www.AuthorizationURL.com/

Related Commands

config custom-web redirectUrl

config custom-web weblogo
config custom-web webmessage
config custom-web webtitle
config custom-web ext-webauth-mode show custom-web

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

237

config Commands

config custom-web ext-webserver

To configure an external web server, use the config custom-web ext-webserver command.
config custom-web ext-webserver {add index IP_address | delete index}

Syntax Description

Command Default

Command History

Examples

add

Adds an external web server.

index

Index of the external web server in the list of external web server. The index
must be a number between 1 and 20.

IP_address

IP address of the external web server.

delete

Deletes an external web server.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports only IPv4 address format.

The following example shows how to add the index of the external web server 2 to the IP address of the
external web server 192.23.32.19:
(Cisco Controller) > config custom-web ext-webserver add 2 192.23.32.19

Related Commands

config custom-web redirectUrl

config custom-web weblogo
config custom-web webmessage
config custom-web webtitle
config custom-web ext-webauth-mode
config custom-web ext-webauth-url
show custom-web

Cisco Wireless LAN Controller Command Reference, Release 8.0

238

OL-31334-01

config Commands

config custom-web logout-popup

To enable or disable the custom web authentication logout popup, use the config custom-web logout-popup
command.
config custom-web logout-popup {enable| disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the custom web authentication logout popup. This page appears after a
successful login or a redirect of the custom web authentication page.

disable

Disables the custom web authentication logout popup.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable the custom web authentication logout popup:
(Cisco Controller) > config custom-web logout-popup disable

Related Commands

config custom-web redirectUrl

config custom-web weblogo
config custom-web webmessage
config custom-web webtitle
config custom-web ext-webauth-url show custom-web

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

239

config Commands

config custom-web radiusauth

To configure the RADIUS web authentication method, use the config custom-web radiusauth command.
config custom-web radiusauth {chap | md5chap | pap}

Syntax Description

Command Default

Command History

Examples

chap

Configures the RADIUS web authentication method as Challenge Handshake

Authentication Protocol (CHAP).

md5chap

Configures the RADIUS web authentication method as Message Digest 5 CHAP

(MD5-CHAP).

pap

Configures the RADIUS web authentication method as Password Authentication

Protocol (PAP).

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the RADIUS web authentication method as MD5-CHAP:
(Cisco Controller) > config custom-web radiusauth md5chap

Related Commands

config custom-web redirectUrl

config custom-web webmessage
config custom-web webtitle
config custom-web ext-webauth-mode
config custom-web ext-webauth-url
show custom-web

Cisco Wireless LAN Controller Command Reference, Release 8.0

240

OL-31334-01

config Commands

config custom-web redirectUrl

To configure the redirect URL for the custom-web authentication page, use the config custom-web redirectUrl
command.
config custom-web redirectUrl URL

Syntax Description

URL

Command Default

None

Command History

Examples

URL that is redirected to the specified address.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the URL that is redirected to abc.com:
(Cisco Controller) > config custom-web redirectUrl abc.com

Related Commands

config custom-web weblogo

config custom-web webmessage
config custom-web webtitle
config custom-web ext-webauth-mode
config custom-web ext-webauth-url
show custom-web

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

241

config Commands

config custom-web sleep-client

To delete a web-authenticated sleeping client, use the config custom-web sleep-client command.
config custom-web sleep-client delete mac_address

Syntax Description

Command Default

Command History

Examples

delete

Deletes a web-authenticated sleeping client with the help of the client MAC
address.

mac_address

MAC address of the sleeping client.

The web-authenticated sleeping client is not deleted.

Release

Modification

7.5

This command was introduced.

The following example shows how to delete a web-authenticated sleeping client:

(Cisco Controller) > config custom-web sleep-client delete 0:18:74:c7:c0:90

Cisco Wireless LAN Controller Command Reference, Release 8.0

242

OL-31334-01

config Commands

config custom-web webauth-type

To configure the type of web authentication, use the config custom-web webauth-type command.
config custom-web webauth-type {internal | customized | external}

Syntax Description

Command Default

Command History

Examples

internal

Configures the web authentication type to internal.

customized

Configures the web authentication type to customized.

external

Configures the web authentication type to external.

The default web authentication type is internal.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the type of the web authentication type to internal:
(Cisco Controller) > config custom-web webauth-type internal

Related Commands

config custom-web redirectUrl

config custom-web webmessage
config custom-web webtitle
config custom-web ext-webauth-mode
config custom-web ext-webauth-url
show custom-web

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

243

config Commands

config custom-web weblogo

To configure the web authentication logo for the custom-web authentication page, use the config custom-web
weblogo command.
config custom-web weblogo {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the web authentication logo settings.

disable

Enable or disable the web authentication logo settings.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the web authentication logo:
(Cisco Controller) > config custom-web weblogo enable

Related Commands

config custom-web redirectUrl

config custom-web webmessage
config custom-web webtitle
config custom-web ext-webauth-mode
config custom-web ext-webauth-url
show custom-web

Cisco Wireless LAN Controller Command Reference, Release 8.0

244

OL-31334-01

config Commands

config custom-web webmessage

To configure the custom web authentication message text for the custom-web authentication page, use the
config custom-web webmessage command.
config custom-web webmessage message

Syntax Description

Command Default

Command History

Examples

message

Message text for web authentication.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the message text Thisistheplace for webauthentication:
(Cisco Controller) > config custom-web webmessage Thisistheplace

Related Commands

config custom-web redirectUrl

config custom-web weblogo
config custom-web webtitle
config custom-web ext-webauth-mode
config custom-web ext-webauth-url
show custom-web

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

245

config Commands

config custom-web webtitle

To configure the web authentication title text for the custom-web authentication page, use the config
custom-web webtitle command.
config custom-web webtitle title

Syntax Description

title

Command Default

None

Command History

Examples

Custom title text for web authentication.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the custom title text Helpdesk for web authentication:
(Cisco Controller) > config custom-web webtitle Helpdesk

Related Commands

config custom-web redirectUrl

config custom-web weblogo
config custom-web webmessage
config custom-web ext-webauth-mode
config custom-web ext-webauth-url
show custom-web

Cisco Wireless LAN Controller Command Reference, Release 8.0

246

OL-31334-01

config Commands

config dhcp
To configure the internal DHCP, use the config dhcp command.
config dhcp {address-pool scope start end | create-scope scope | default-router scope router_1 [router_2]
[router_3] | delete-scope scope | disable scope | dns-servers scope dns1 [dns2] [dns3] | domain scope
domain | enable scope | lease scope lease_duration | netbios-name-server scope wins1 [wins2] [wins3] |
networkscope network netmask}
config dhcpopt-82 remote-id {ap_mac | ap_mac:ssid | ap-ethmac | apname:ssid | ap-group-name |
flex-group-name | ap-location | apmac-vlan_id | apname-vlan_id | ap-ethmac-ssid }

Syntax Description

address-pool scope start end

Configures an address range to allocate.

You must specify the scope name and
the first and last addresses of the
address range.

create-scope name

Creates a new DHCP scope. You must

specify the scope name.

default-router scope router_1 [router_2] [router_3]

Configures the default routers for the

specified scope and specify the
IP address of a router. Optionally, you
can specify the IP addresses of
secondary and tertiary routers.

delete-scope scope

Deletes the specified DHCP scope.

disable scope

Disables the specified DHCP scope.

dns-servers scope dns1 [dns2] [dns3]

Configures the name servers for the

given scope. You must also specify at
least one name server. Optionally, you
can specify secondary and tertiary name
servers.

domain scope domain

Configures the DNS domain name. You

must specify the scope and domain
names.

enable scope

Enables the specified dhcp scope.

lease scope lease_duration

Configures the lease duration (in

seconds) for the specified scope.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

247

config Commands

netbios-name-server scope wins1 [wins2] [wins3]

Configures the netbios name servers.

You must specify the scope name and
the IP address of a name server.
Optionally, you can specify the IP
addresses of secondary and tertiary
name servers.

network scope network netmask

Configures the network and netmask.

You must specify the scope name, the
network address, and the network mask.

opt-82 remote-id

Configures the DHCP option 82 remote

ID field format.
DHCP option 82 provides additional
security when DHCP is used to allocate
network addresses. The controller acts
as a DHCP relay agent to prevent
DHCP client requests from untrusted
sources. The controller adds option 82
information to DHCP requests from
clients before forwarding the requests
to the DHCP server.

ap_mac

MAC address of the access point to the

DHCP option 82 payload.

ap_mac:ssid

MAC address and SSID of the access

point to the DHCP option 82 payload.

ap-ethmac

Remote ID format as AP Ethernet MAC

address.

apname:ssid

Remote ID format as AP name:SSID.

ap-group-name

Remote ID format as AP group name.

flex-group-name

Remote ID format as FlexConnect

group name .

ap-location

Remote ID format as AP location.

apmac-vlan_id

Remote ID format as AP radio MAC

address:VLAN_ID.

apname-vlan_id

Remote ID format as AP
Name:VLAN_ID.

ap-ethmac-ssid

Remote ID format as AP Ethernet

MAC:SSID address.

Cisco Wireless LAN Controller Command Reference, Release 8.0

248

OL-31334-01

config Commands

Command Default

The default value for ap-group-name is default-group, and for ap-location, the default value is default location.
If ap-group-name and flex-group-name are null, the system MAC is sent as the remote ID field.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Use the show dhcp command to display the internal DHCP configuration.

Examples

The following example shows how to configure the DHCP lease for the scope 003:
(Cisco Controller) >config dhcp lease 003

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

249

config Commands

config dhcp proxy

To specify the level at which DHCP packets are modified, use the config dhcp proxy command.
config dhcp proxy {enable | disable {bootp-broadcast [enable | disable]}

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Allows the controller to modify the DHCP packets without a limit.

disable

Reduces the DHCP packet modification to the level of a relay.

bootp-broadcast

Configures DHCP BootP broadcast option.

DHCP is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Use the show dhcp proxy command to display the status of DHCP proxy handling.
To enable third-party WGB support, you must enable the passive-client feature on the wirless LAN by entering
the config wlan passive-client enable command.

Examples

The following example shows how to disable the DHCP packet modification:
(Cisco Controller) >config dhcp proxy disable

The following example shows how to enable the DHCP BootP broadcast option:
(Cisco Controller) >config dhcp proxy disable bootp-broadcast enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

250

OL-31334-01

config Commands

config dhcp timeout

To configure a DHCP timeout value, use the config dhcp timeout command. If you have configured a WLAN
to be in DHCP required state, this timer controls how long the WLC will wait for a client to get a DHCP lease
through DHCP.
config dhcp timeout timeout-value

Syntax Description

Command Default

Command History

Examples

timeout-value

Timeout value in the range of 5 to 120 seconds.

The default timeout value is 120 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the DHCP timeout to 10 seconds:
(Cisco Controller) >config dhcp timeout 10

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

251

config Commands

config flow
To configure the NetFlow monitor and exporter, use the config flow command.
config flow {add | delete} monitor monitor_name {exporter exporter_name| recordrecord_name}

Syntax Description

Command Default

Command History

add

Associates a NetFlow monitor with an exporter, or a NetFlow record with a

NetFlow monitor.

delete

Dissociates a NetFlow monitor from an exporter, or a NetFlow record from a

NetFlow monitor.

monitor

Configures a NetFlow monitor.

monitor_name

Name of the NetFlow monitor. The monitor name can be up to 32

case-sensitive, alphanumeric characters. You cannot include spaces for a
monitor name.

exporter

Configures a NetFlow exporter.

exporter_name

Name of the NetFlow exporter. The exporter name can be up to 32

case-sensitive, alphanumeric characters. You cannot include spaces for an
exporter name.

record

Associates a NetFlow record to the NetFlow monitor.

record_name

Name of the IPv4 NetFlow record of the client application.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

An exporter is a network entity that exports the template with the IP traffic information. The controller acts
as an exporter. A NetFlow record in the controller contains the information about the traffic in a given flow
such as client MAC address, client source IP address, WLAN ID, incoming and outgoing bytes of data,
incoming and outgoing packets, incoming and outgoing DSCP.

Examples

The following example shows how to configure the flow monitor and exporter:
(Cisco Controller) > config flow add monitor monitor1 exporter exporter1

Cisco Wireless LAN Controller Command Reference, Release 8.0

252

OL-31334-01

config Commands

Related Commands

show flow exporter

show flow monitor
config wlan flow

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

253

config Commands

config guest-lan
To create, delete, enable or disable a wireless LAN, use the config guest-lan command.
config guest-lan {create | delete} guest_lan_id interface_name | {enable | disable} guest_lan_id

Syntax Description

Command Default

Command History

Examples

create

Creates a wired LAN settings.

delete

Deletes a wired LAN settings:

guest_lan_id

LAN identifier between 1 and 5 (inclusive).

interface_name

Interface name up to 32 alphanumeric characters.

enable

Enables a wireless LAN.

disable

Disables a wireless LAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable a wireless LAN with the LAN ID 16:
(Cisco Controller) > config guest-lan enable 16

Related Commands

show wlan

Cisco Wireless LAN Controller Command Reference, Release 8.0

254

OL-31334-01

config Commands

config guest-lan custom-web ext-webauth-url

To redirect guest users to an external server before accessing the web login page, use the config guest-lan
custom-web ext-webauth-url command.
config guest-lan custom-web ext-webauth-url ext_web_url guest_lan_id

Syntax Description

Command Default

Command History

Examples

ext_web_url

URL for the external server.

guest_lan_id

Guest LAN identifier between 1 and 5 (inclusive).

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable a wireless LAN with the LAN ID 16:
(Cisco Controller) > config guest-lan custom-web ext-webauth-url
http://www.AuthorizationURL.com/ 1

Related Commands

config guest-lan
config guest-lan create
config guest-lan custom-web login_page

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

255

config Commands

config guest-lan custom-web global disable

To use a guest-LAN specific custom web configuration rather than a global custom web configuration, use
the config guest-lan custom-web global disable command.
config guest-lan custom-web global disable guest_lan_id

Syntax Description

Command Default

Command History

guest_lan_id

Guest LAN identifier between 1 and 5 (inclusive).

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

If you enter the config guest-lan custom-web global enable guest_lan_id command, the custom web
authentication configuration at the global level is used.

Examples

The following example shows how to disable the global web configuration for guest LAN ID 1:
(Cisco Controller) > config guest-lan custom-web global disable 1

Related Commands

config guest-lan
config guest-lan create
config guest-lan custom-web ext-webauth-url
config guest-lan custom-web login_page
config guest-lan custom-web webauth-type

Cisco Wireless LAN Controller Command Reference, Release 8.0

256

OL-31334-01

config Commands

config guest-lan custom-web login_page

To enable wired guest users to log into a customized web login page, use the config guest-lan custom-web
login_page command.
config guest-lan custom-web login_page page_name guest_lan_id

Syntax Description

Command Default

Command History

Examples

page_name

Name of the customized web login page.

guest_lan_id

Guest LAN identifier between 1 and 5 (inclusive).

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to customize a web login page custompage1 for guest LAN ID 1:
(Cisco Controller) > config guest-lan custom-web login_page custompage1 1

Related Commands

config guest-lan
config guest-lan create
config guest-lan custom-web ext-webauth-url

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

257

config Commands

config guest-lan custom-web webauth-type

To define the web login page for wired guest users, use the config guest-lan custom-web webauth-type
command.
config guest-lan custom-web webauth-type {internal | customized | external} guest_lan_id

Syntax Description

Command Default

Command History

Examples

internal

Displays the default web login page for the controller. This is the default value.

customized

Displays the custom web login page that was previously configured.

external

Redirects users to the URL that was previously configured.

guest_lan_id

Guest LAN identifier between 1 and 5 (inclusive).

The default web login page for the controller is internal.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the guest LAN with the webauth-type as internal for guest
LAN ID 1:
(Cisco Controller) > config guest-lan custom-web webauth-type internal 1

Related Commands

config guest-lan
config guest-lan create
config guest-lan custom-web ext-webauth-url

Cisco Wireless LAN Controller Command Reference, Release 8.0

258

OL-31334-01

config Commands

config guest-lan ingress-interface

To configure the wired guest VLANs ingress interface that provides a path between the wired guest client
and the controller through the Layer 2 access switch, use the config guest-lan ingress-interface command.
config guest-lan ingress-interface guest_lan_id interface_name

Syntax Description

Command Default

Command History

Examples

guest_lan_id

Guest LAN identifier from 1 to 5 (inclusive).

interface_name

Interface name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to provide a path between the wired guest client and the controller with
guest LAN ID 1 and the interface name guest01:
(Cisco Controller) > config guest-lan ingress-interface 1 guest01

Related Commands

config interface guest-lan

config guest-lan create

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

259

config Commands

config guest-lan interface

To configure an egress interface to transmit wired guest traffic out of the controller, use the config guest-lan
interface command.
config guest-lan interface guest_lan_id interface_name

Syntax Description

Command Default

Command History

Examples

guest_lan_id

Guest LAN identifier between 1 and 5 (inclusive).

interface_name

Interface name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure an egress interface to transmit guest traffic out of the controller
for guest LAN ID 1 and interface name guest01:
(Cisco Controller) > config guest-lan interface 1 guest01

Related Commands

config ingress-interface guest-lan

config guest-lan create

Cisco Wireless LAN Controller Command Reference, Release 8.0

260

OL-31334-01

config Commands

config guest-lan mobility anchor

To add or delete mobility anchor, use the config guest-lan mobility anchor command.
config guest-lan mobility anchor {add | delete} Guest LAN Id IP addr

Syntax Description

Command Default

Command History

Examples

add

Adds a mobility anchor to a WLAN.

delete

Deletes a mobility anchor from a WLAN.

Guest LAN Id

Guest LAN identifier between 1 and 5.

IP addr

Member switch IPv4 or IPv6 address to anchor WLAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports both IPv4 and IPv6 address formats.

The following example shows how to delete a mobility anchor for WAN ID 4 and the anchor IP 192.168.0.14:
(Cisco Controller) > config guest-lan mobility anchor delete 4 192.168.0.14

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

261

config Commands

config guest-lan nac

To enable or disable Network Admission Control (NAC) out-of-band support for a guest LAN, use the config
guest-lan nac command:
config guest-lan nac {enable | disable} guest_lan_id

Syntax Description

Command Default

Command History

Examples

enable

Enables the NAC out-of-band support.

disable

Disables the NAC out-of-band support.

guest_lan_id

Guest LAN identifier between 1 and 5 (inclusive).

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the NAC out-of-band support for guest LAN ID 3:
(Cisco Controller) > config guest-lan nac enable 3

Related Commands

show nac statistics

show nac summary
config wlan nac
debug nac

Cisco Wireless LAN Controller Command Reference, Release 8.0

262

OL-31334-01

config Commands

config guest-lan security

To configure the security policy for the wired guest LAN, use the config guest-lan security command.
config guest-lan security {web-auth {enable | disable | acl | server-precedence} guest_lan_id |
web-passthrough {acl | email-input | disable | enable} guest_lan_id}

Syntax Description

Command Default

Command History

Examples

web-auth

Specifies web authentication.

enable

Enables the web authentication settings.

disable

Disables the web authentication settings.

acl

Configures an access control list.

server-precedence

Configures the authentication server precedence order for web

authentication users.

guest_lan_id

LAN identifier between 1 and 5 (inclusive).

web-passthrough

Specifies the web captive portal with no authentication required.

email-input

Configures the web captive portal using an e-mail address.

The default security policy for the wired guest LAN is web authentication.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the security web authentication policy for guest LAN ID 1:
(Cisco Controller) > config guest-lan security web-auth enable 1

Related Commands

config ingress-interface guest-lan

config guest-lan create
config interface guest-lan

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

263

config Commands

config license boot

To specify the license level to be used on the next reboot of the Cisco 5500 Series Controller, use the config
license boot command.
config license boot {base | wplus | auto}

Syntax Description

Command Default

Command History

Usage Guidelines

Examples

base

Specifies the base boot level.

wplus

Specifies the wplus boot level.

auto

Specifies the auto boot level.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

If you enter auto, the licensing software automatically chooses the license level to use on the next reboot. It
generally chooses permanent licenses over evaluation licenses and wplus licenses over base licenses.

Note

If you are considering upgrading from a base license to a wplus license, you can try an evaluation wplus
license before upgrading to a permanent wplus license. To activate the evaluation license, you need to set
the image level to wplus in order for the controller to use the wplus evaluation license instead of the base
permanent license.

Note

To prevent disruptions in operation, the controller does not switch licenses when an evaluation license
expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the
controller defaults to the same feature set level as the expired evaluation license. If no permanent license
at the same feature set level is installed, the controller uses a permanent license at another level or an
unexpired evaluation license.

The following example shows how to set the license boot settings to wplus:
(Cisco Controller) > config license boot wplus

Cisco Wireless LAN Controller Command Reference, Release 8.0

264

OL-31334-01

config Commands

Related Commands

license install
show license in-use
license modify priority

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

265

config Commands

config load-balancing
To globally configure aggressive load balancing on the controller, use the config load-balancing command.
config load-balancing {window client_count | status {enable | disable} | denial denial_count}
config load-balancing uplink-threshold traffic_threshold

Syntax Description

Command Default

Command History

Usage Guidelines

window

Specifies the aggressive load balancing client window.

client_count

Aggressive load balancing client window with the number of clients

from 1 to 20.

status

Sets the load balancing status.

enable

Enables load balancing feature.

disable

Disables load balancing feature.

denial

Specifies the number of association denials during load balancing.

denial_count

Maximum number of association denials during load balancing.

from 0 to 10.

uplink-threshold

Specifies the threshold traffic for an access point to deny new

associations.

traffic_threshold

Threshold traffic for an access point to deny new associations. This

value is a percentage of the WAN utilization measured over a 90
second interval. For example, the default threshold value of 50
triggers the load balancing upon detecting an utilization of 50% or
more on an access point WAN interface.

By default, the aggressive load balancing is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Load-balancing-enabled WLANs do not support time-sensitive applications like voice and video because of
roaming delays.

Cisco Wireless LAN Controller Command Reference, Release 8.0

266

OL-31334-01

config Commands

When you use Cisco 7921 and 7920 Wireless IP Phones with controllers, make sure that aggressive load
balancing is disabled on the voice WLANs for each controller. Otherwise, the initial roam attempt by the
phone might fail, causing a disruption in the audio path.
Clients can only be load balanced across access points joined to the same controller. The WAN utilization is
calculated as a percentage using the following formula: (Transmitted Data Rate (per second) + Received Data
Rate (per second))/(1000Mbps TX + 1000Mbps RX) * 100

Examples

The following example shows how to enable the aggressive load-balancing settings:
(Cisco Controller) > config load-balancing aggressive enable

Related Commands

show load-balancing
config wlan load-balance

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

267

config Commands

config location
To configure a location-based system, use the config location command.
config location {add location [description] | delete location | enable | disable | description location
description | algorithm {simple | rssi-average} | {rssi-half-life | expiry} [client | calibrating-client | tags
| rogue-aps] seconds | notify-threshold [client | tags | rogue-aps] threshold | interface-mapping {add |
delete} location wlan_id interface_name | plm {client {enable | disable} burst_interval | calibrating {enable
| disable} {uniband | multiband}}}

Syntax Description

add

Adds a location element.

location

Location element name.

description

Element description. Optional with the add command, and required with the
description command.

delete

Deletes a location element.

enable

Enables the access point location-based overrides.

disable

Disables the access point location-based overrides.

algorithm

Note

simple

Specifies a faster algorithm that requires low CPU overhead but provides less
accuracy.

rssi-average

Specifies a more accurate algorithm but requires more CPU overhead.

rssi-half-life

Note

expiry

Note

client

(Optional) Specifies the parameter applies to client devices.

calibrating-client

(Optional) Specifies the parameter is used for calibrating client devices.

(Optional) Specifies the parameter applies to radio frequency identification (RFID)

tags.

rogue-aps

(Optional) Specifies the parameter applies to rogue access points.

We recommend that you do not use or modify the config location

algorithm command. It is set to optimal default values.
Configures the algorithm used to average RSSI and SNR values.

We recommend that you do not use or modify the config location

rssi-half-life command. It is set to optimal default values.
Configures the half-life when averaging two RSSI readings.
We recommend that you do not use or modify the config location expiry
command. It is set to optimal default values.
Configures the timeout for RSSI values.

Cisco Wireless LAN Controller Command Reference, Release 8.0

268

OL-31334-01

config Commands

Command Default

Command History

Examples

seconds

Time value (0, 1, 2, 5, 10, 20, 30, 60, 90, 120, 180, 300 seconds).

notify-threshold

Note

threshold

Threshold parameter. The range is 0 to 10 dB, and the default value is 0 dB.

interface-mapping

Adds or deletes a new location, wireless LAN, or interface mapping element.

wlan_id

WLAN identification name.

interface_name

Name of interface to which mapping element applies.

plm

Specifies the path loss measurement (S60) request for normal clients or calibrating
clients.

client

Specifies normal, noncalibrating clients.

burst_interval

Burst interval. The range is from 1 to 3600 seconds, and the default value is 60
seconds.

calibrating

Specifies calibrating clients.

uniband

Specifies the associated 802.11a or 802.11b/g radio (uniband).

multiband

Specifies the associated 802.11a/b/g radio (multiband).

We recommend that you do not use or modify the config location

notify-threshold command. It is set to optimal default values.
Specifies the NMSP notification threshold for RSSI measurements.

See the Syntax Description section for default values of individual arguments and keywords.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to specify the simple algorithm for averaging RSSI and SNR values on a
location-based controller:
(Cisco Controller) > config location algorithm simple

Related Commands

clear location rfid

clear location statistics rfid
show location
show location statistics rfid

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

269

config Commands

config logging buffered

To set the severity level for logging messages to the controller buffer, use the config logging buffered
command.
config logging buffered security_level

Syntax Description

security_level

Security level. Choose one of the following:

emergenciesSeverity level 0
alertsSeverity level 1
criticalSeverity level 2
errorsSeverity level 3
warningsSeverity level 4
notificationsSeverity level 5
informationalSeverity level 6
debuggingSeverity level 7

Command Default

Command History

Examples

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the controller buffer severity level for logging messages to 4:
(Cisco Controller) > config logging buffered 4

Related Commands

config logging syslog facility

config logging syslog level
show logging

Cisco Wireless LAN Controller Command Reference, Release 8.0

270

OL-31334-01

config Commands

config logging console

To set the severity level for logging messages to the controller console, use the config logging console
command.
config logging console security_level

Syntax Description

security_level

Severity level. Choose one of the following:

Command Default

Command History

Examples

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the controller console severity level for logging messages to 3:
(Cisco Controller) > config logging console 3

Related Commands

config logging syslog facility

config logging syslog level
show logging

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

271

config Commands

config logging debug

To save debug messages to the controller buffer, the controller console, or a syslog server, use the config
logging debug command.
config logging debug {buffered | console | syslog} {enable | disable}

Syntax Description

Command Default

Command History

Examples

buffered

Saves debug messages to the controller buffer.

console

Saves debug messages to the controller console.

syslog

Saves debug messages to the syslog server.

enable

Enables logging of debug messages.

disable

Disables logging of debug messages.

The console command is enabled and the buffered and syslog commands are disabled by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to save the debug messages to the controller console:
(Cisco Controller) > config logging debug console enable

Related Commands

show logging

Cisco Wireless LAN Controller Command Reference, Release 8.0

272

OL-31334-01

config Commands

config logging fileinfo

To cause the controller to include information about the source file in the message logs or to prevent the
controller from displaying this information, use the config logging fileinfo command.
config logging fileinfo {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Includes information about the source file in the message logs.

disable

Prevents the controller from displaying information about the source file in the
message logs.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the controller to include information about the source file in the
message logs:
(Cisco Controller) > config logging fileinfo enable

Related Commands

show logging

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

273

config Commands

config logging procinfo

To cause the controller to include process information in the message logs or to prevent the controller from
displaying this information, use the config logging procinfo command.
config logging procinfo {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Includes process information in the message logs.

disable

Prevents the controller from displaying process information in the message logs.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the controller to include the process information in the message
logs:
(Cisco Controller) > config logging procinfo enable

Related Commands

show logging

Cisco Wireless LAN Controller Command Reference, Release 8.0

274

OL-31334-01

config Commands

config logging traceinfo

To cause the controller to include traceback information in the message logs or to prevent the controller from
displaying this information, use the config logging traceinfo command.
config logging traceinfo {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Includes traceback information in the message logs.

disable

Prevents the controller from displaying traceback information in the message

logs.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable the controller to include the traceback information in the message
logs:
(Cisco Controller) > config logging traceinfo disable

Related Commands

show logging

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

275

config Commands

config logging syslog host

To configure a remote host for sending syslog messages, use the config logging syslog host command.
config logging syslog host ip_addr

Syntax Description

Command Default

Command History

Usage Guidelines

ip_addr

IP address for the remote host.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports both IPv4 and IPv6 address formats.

To configure a remote host for sending syslog messages, use the config logging syslog host ip_addr
command.
To remove a remote host that was configured for sending syslog messages, use the config logging syslog
host ip_addr delete command.
To display the configured syslog servers on the controller, use the show logging command.

Examples

The following example shows how to configure two remote hosts 10.92.125.52 and 2001:9:6:40::623 for
sending the syslog messages and displaying the configured syslog servers on the controller:
(Cisco Controller) > config logging syslog host 10.92.125.52
System logs will be sent to 10.92.125.52 from now on
(Cisco Controller) > config logging syslog host 2001:9:6:40::623
System logs will be sent to 2001:9:6:40::623 from now on
(Cisco Controller) > show logging
Logging to buffer :
- Logging of system messages to buffer :
- Logging filter level..........................
- Number of system messages logged..............
- Number of system messages dropped.............
- Logging of debug messages to buffer ...........
- Number of debug messages logged...............
- Number of debug messages dropped..............
- Cache of logging .............................
- Cache of logging time(mins) ...................
- Number of over cache time log dropped ........
Logging to console :
- Logging of system messages to console :
- Logging filter level..........................

errors
1316
6892
Disabled
0
0
Disabled
10080
0
disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

276

OL-31334-01

config Commands

- Number of system messages logged..............

- Number of system messages dropped.............
- Logging of debug messages to console ..........
- Number of debug messages logged...............
- Number of debug messages dropped..............
Logging to syslog :
- Syslog facility................................
- Logging of system messages to console :
- Logging filter level..........................
- Number of system messages logged..............
- Number of system messages dropped.............
- Logging of debug messages to console ..........
- Number of debug messages logged...............
- Number of debug messages dropped..............
- Logging of system messages to syslog :
- Logging filter level..........................
- Number of system messages logged..............
- Number of system messages dropped.............
- Logging of debug messages to syslog ...........
- Number of debug messages logged...............
- Number of debug messages dropped..............
- Number of remote syslog hosts..................
- syslog over tls................................
- Host 0.......................................
- Host 1.......................................
- Host 2.......................................
Logging of RFC 5424..............................
Logging of Debug messages to file :
- Logging of Debug messages to file..............
- Number of debug messages logged................
- Number of debug messages dropped...............
Logging of traceback.............................

0
8243
Enabled
0
0
local0
disabled
0
8208
Enabled
0
0
errors
1316
6892
Disabled
0
0
2
Disabled
10.92.125.52
2001:9:6:40::623
Disabled
Disabled
0
0
Enabled

The following example shows how to remove two remote hosts 10.92.125.52 and 2001:9:6:40::623 that were
configured for sending syslog messages and displaying that the configured syslog servers were removed from
the controller:
(Cisco Controller) > config logging syslog host 10.92.125.52 delete
System logs will not be sent to 10.92.125.52 anymore
(Cisco Controller) > config logging syslog host 2001:9:6:40::623 delete
System logs will not be sent to 2001:9:6:40::623 anymore
(Cisco Controller) > show logging
Logging to buffer :
- Logging of system messages to buffer :
- Logging filter level..........................
- Number of system messages logged..............
- Number of system messages dropped.............
- Logging of debug messages to buffer ...........
- Number of debug messages logged...............
- Number of debug messages dropped..............
- Cache of logging .............................
- Cache of logging time(mins) ...................
- Number of over cache time log dropped ........
Logging to console :
- Logging of system messages to console :
- Logging filter level..........................
- Number of system messages logged..............
- Number of system messages dropped.............
- Logging of debug messages to console ..........
- Number of debug messages logged...............
- Number of debug messages dropped..............
Logging to syslog :
- Syslog facility................................
- Logging of system messages to syslog :
- Logging filter level..........................
- Number of system messages logged..............
- Number of system messages dropped.............
- Logging of debug messages to syslog ...........
- Number of debug messages logged...............

errors
1316
6895
Disabled
0
0
Disabled
10080
0
disabled
0
8211
Enabled
0
0
local0
errors
1316
6895
Disabled
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

277

config Commands

- Number of debug messages dropped..............

- Number of remote syslog hosts..................
- syslog over tls................................
- Host 0.......................................
- Host 1.......................................
- Host 2.......................................
Logging of RFC 5424..............................
Logging of Debug messages to file :
- Logging of Debug messages to file..............
- Number of debug messages logged................
- Number of debug messages dropped...............
Logging of traceback.............................
- Traceback logging level........................
Logging of source file informational.............
Timestamping of messages.........................
- Timestamping of system messages................
- Timestamp format..............................

0
0
Disabled

Disabled
Disabled
0
0
Enabled
errors
Enabled
Enabled
Date and Time

Cisco Wireless LAN Controller Command Reference, Release 8.0

278

OL-31334-01

config Commands

config logging syslog facility

To set the facility for outgoing syslog messages to the remote host, use the config logging syslog facility
command.
config logging syslog facility facility_code

Syntax Description

facility_code

Facility code. Choose one of the following:

authorizationAuthorization system. Facility level4.
auth-privateAuthorization system (private). Facility level10.
cronCron/at facility. Facility level9.
daemonSystem daemons. Facility level3.
ftpFTP daemon. Facility level11.
kernKernel. Facility level0.
local0Local use. Facility level16.
local1Local use. Facility level17.
local2Local use. Facility level18.
local3Local use. Facility level19.
local4Local use. Facility level20.
local5Local use. Facility level21.
local6Local use. Facility level22.
local7Local use. Facility level23.
lprLine printer system. Facility level6.
mailMail system. Facility level2.
newsUSENET news. Facility level7.
sys12System use. Facility level12.
sys13System use. Facility level13.
sys14System use. Facility level14.
sys15System use. Facility level15.
syslogThe syslog itself. Facility level5.
userUser process. Facility level1.
uucpUNIX-to-UNIX copy system. Facility level8.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

279

config Commands

Command Default

Command History

Examples

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the facility for outgoing syslog messages to authorization:
(Cisco Controller) > config logging syslog facility authorization

Related Commands

config logging syslog host

config logging syslog level
show logging

Cisco Wireless LAN Controller Command Reference, Release 8.0

280

OL-31334-01

config Commands

config logging syslog level

To set the severity level for filtering syslog messages to the remote host, use the config logging syslog level
command.
config logging syslog level severity_level

Syntax Description

severity_level

Severity level. Choose one of the following:

Command Default

Command History

Examples

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the severity level for syslog messages to 3:
(Cisco Controller) > config logging syslog level 3

Related Commands

config logging syslog host

config logging syslog facility
show logging

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

281

config Commands

config loginsession close

To close all active Telnet sessions, use the config loginsession close command.
config loginsession close {session_id | all}

Syntax Description

Command Default

Command History

Examples

session_id

ID of the session to close.

all

Closes all Telnet sessions.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to close all active Telnet sessions:
(Cisco Controller) > config loginsession close all

Related Commands

show loginsession

Cisco Wireless LAN Controller Command Reference, Release 8.0

282

OL-31334-01

config Commands

config mdns ap
To configure multicast Domain Name System (mDNS) snooping on an access point, use the config mdns ap
command.
config mdns ap {enable {ap_name | all} [vlan vlan_id] | disable {ap_name | all} | vlan {add | delete} vlan
ap_name}

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables mDNS snooping on an access point.

ap_name

Name of the access point on which mDNS snooping has to be configured.

all

Configures mDNS snooping on all access points.

vlan

(Optional) Configures the VLAN on which the access point snoops and
forwards the mDNS packets.

vlan_id

VLAN identifier.

disable

Disables mDNS snooping on an access point.

add

Adds a VLAN from which the access point snoops and forwards the mDNS
packets to the Cisco Wireless LAN Controller (WLC). You can configure
up to 10 VLANs for an mDNS access point.

delete

Deletes a VLAN from which the access point snoops and forwards the
mDNS packets to the Cisco WLC.

The mDNS-enabled access point snoops the access or native VLANs by default.

Release

Modification

7.5

This command was introduced.

Enabling mDNS snooping on access points allows the access points to snoop the wired services on VLANs
that are invisible to the Cisco WLC. mDNS snooping is supported only on local-mode and monitor-mode
access points. The access point must be in the access mode or trunk mode. If the access point is in the trunk
mode, you must configure the VLAN on the Cisco WLC on which the access point snoops and forwards the
mDNS packets. You must also configure the native VLAN from the Cisco WLC for the access point to snoop
and send mDNS queries on. The access point also tags the packets with the native VLAN.
Global mDNS snooping overrides mDNS access point snooping.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

283

config Commands

Examples

The following example shows how to enable mDNS snooping on an access point and the VLAN on which it
must snoop for mDNS packets:
(Cisco Controller) > config mdns ap enable vlan 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

284

OL-31334-01

config Commands

config mdns profile

To configure a multicast DNS (mDNS) profile and associate a service with the profile, use the config mdns
profile command.
config mdns profile {create | delete | service {add | delete} service _name profile_name

Syntax Description

Command Default

Command History

Usage Guidelines

create

Creates an mDNS profile.

delete

Deletes an mDNS profile. If the profile is associated to an interface group,

an interface, or a WLAN, an error appears.

service

Configures an mDNS service.

add

Adds an mDNS service to an mDNS profile.

delete

Deletes an mDNS service from an mDNS profile.

service -name

Name of the mDNS service.

profile_name

Name of the mDNS profile. You can create a maximum of 16 profiles.

By default, the controller has an mDNS profile, default-mdns-profile. You cannot delete this default profile.

Release

Modification

7.4

This command was introduced.

After creating a new profile, you must map the profile to an interface group, an interface, or a WLAN. Clients
receive service advertisements only for the services associated with the profile. The controller gives the highest
priority to the profiles associated to interface groups, followed by the interface profiles, and then the WLAN
profiles. Each client is mapped to a profile based on the order of priority.
By default, the controller has an mDNS profile, default-mdns-profile. You cannot delete this default profile.

Examples

The following example shows how to add the Apple TV mDNS service to the mDNS profile1.
(Cisco Controller) > config mdns profile create profile1 Apple TV

Related Commands

config mdns query interval

config mdns service

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

285

config Commands

config mdns snooping

config interface mdns-profile
config interface group mdns-profile
config wlan mdns
show mdns profile
show mnds service
clear mdns service-database
debug mdns all
debug mdns error
debug mdns detail
debug mdns message

Cisco Wireless LAN Controller Command Reference, Release 8.0

286

OL-31334-01

config Commands

config mdns query interval

To configure the query interval for multicast DNS (mDNS) services, use the config mdns query interval
command.
config mdns query interval interval_value

Syntax Description

Command Default

Command History

interval_value

mDNS query interval, in minutes, that you can set. The query interval is the frequency
at which the controller sends periodic queries to all the services defined in the Master
Services database. The range is from 10 to 120.

The default query interval for an mDNS service is 15 minutes.

Release

Modification

7.4

This command was introduced.

Usage Guidelines

The controller snoops and learns about the mDNS service advertisements only if the service is available in
the Master Services database. mDNS uses the multicast IP address 224.0.0.251 as the destination address and
5353 as UDP destination port.

Examples

The following example shows how to configure the query interval for mDNS services as 20 minutes.
(Cisco Controller) > config mdns query interval 20

Related Commands

config mdns profile

config mdns service
config mdns snooping
config interface mdns-profile
config interface group mdns-profile
config wlan mdns
show mdns profile
show mnds service
clear mdns service-database
debug mdns all
debug mdns error

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

287

config Commands

debug mdns detail

debug mdns message

Cisco Wireless LAN Controller Command Reference, Release 8.0

288

OL-31334-01

config Commands

config mdns service

To configure multicast DNS (mDNS) services in the master services database, use the config mdns service
command.
The following command is valid in Release 7.5 and later releases:
config mdns service {create service_name service_string origin {Wireless | Wired | All} lss {enable |
disable} [query {enable | disable}] | lss {enable | disable} {service_name | all} | priority-mac {add |
delete} priority-mac service_name [ap-group ap-group-name] | origin {Wireless | Wired | All} {service_name
| all}}

Syntax Description

create

Adds a new mDNS service to the Master Services database.

service_name

Name of the mDNS service, for example, Air Tunes, iTunes Music Sharing,
FTP, Apple File Sharing Protocol (AFP).

service_string

Unique string associated to an mDNS service, for example,

_airplay._tcp.local. is the service string associated with Apple TV.

delete

Deletes an mDNS service from the Master Services database. Before

deleting the service, the controller checks if any profile is using the service.
Note
You must delete the service from all profiles before deleting
it.

query

Configures the query status for the mDNS service.

enable

Enables periodic query for an mDNS service by the controller.

disable

Disables periodic query for an mDNS service by the controller.

origin

Configures the origin of the mDNS service. You can restrict the origin of
the service as wired or wireless.

Wireless

Configures the origin of the mDNS service as wireless.

Wired

Configures the origin of the mDNS service as wired.

All

Configures the origin of the mDNS service as wireless or wired.

lss

Configures Location Specific Services (LSS) for a service or all mDNS

services. LSS is not applicable for registered service providers. The
registered service providers are always included if the querying client
corresponds to the user. You cannot configure LSS on the services
configured as only wired.

all

Configures LSS for all mDNS services.

priority-mac

Configures the MAC address of a service provider device. This device gets
a priority even if the service provider database is full.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

289

config Commands

add

Adds the MAC address of a service provider device for priority.

You can configure up to 50 MAC addresses for a service.

Command Default

Command History

Usage Guidelines

delete

Deletes the MAC address of a service provider device from the priority
list.

priority-mac

MAC address of a service provider device that needs priority. The MAC
address must be unique for each service.

ap-group

Configures the access point group for wired service providers. These service
providers get priority over others. When a client mNDS query originates
from this AP group, the wired entries with priority MAC addresses and
access point groups are listed first in the aggregated response.

ap-group-name

Name of the access point group to which the service provider belongs.

By default, LSS is disabled, but it is enabled for all the discovered services.

Release

Modification

7.4

This command was introduced.

7.5

This command was modified. The origin, Wireless, Wired, All, lss, priority-mac,
add, delete, ap-group keywords and priority-mac ap-group-name arguments were
added.

In Release 7.5 and later releases, the maximum number of service providers for different controller models
are as follows:
Cisco 5500 Series Controller and Cisco 2500 Series Controller6400
Cisco Wireless Services Module 26400
Cisco 8500 Series Controller and Cisco 7500 Series Controller16000
You cannot change the services with the origin set to Wireless to Wired if LSS is enabled for the service.

Examples

The following example shows how to add the HTTP mDNS service to the Master Services database, configure
the origin as wireless, and enable LSS for the service:
(Cisco Controller) > config mdns service create http _http._tcp.local. origin wireless lss
enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

290

OL-31334-01

config Commands

The following example shows how to add a priority MAC address of a HTTP service provider device:
(Cisco Controller) >config mdns service priority-mac add 44:03:a7:a3:04:45 http

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

291

config Commands

config mdns snooping

To enable or disable global multicast DNS (mDNS) snooping on the Cisco WLC, use the config mdns
snooping command.
config mdns snooping {enable | disable}

Syntax Description

Command Default

Command History

enable

Enables mDNS snooping on the Cisco WLC.

disable

Disables mDNS snooping on the Cisco WLC.

By default, mDNS snooping is enabled on the Cisco WLC.

Release

Modification

7.4

This command was introduced.

Usage Guidelines

mDNS service discovery provides a way to announce and discover services on the local network. mDNS
perform DNS queries over IP multicast. mDNS supports zero configuration IP networking.

Examples

The following example shows how to enable mDNS snooping:

(Cisco Controller) > config mdns snooping enable

Related Commands

config mdns query interval

config mdns service
config mdns profile
config interface mdns-profile
config interface group mdns-profile
config wlan mdns
show mdns profile
show mnds service
clear mdns service-database
debug mdns all
debug mdns error
debug mdns detail

Cisco Wireless LAN Controller Command Reference, Release 8.0

292

OL-31334-01

config Commands

debug mdns message

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

293

config Commands

config mdns policy enable

To configure the mDNS policy use the config mdns policy enable | disable command.
config mdnspolicyenable | disable

Syntax Description

Command Default

Command History

policy

Name of the mDNS policy.

enable

Enables the policy for an mDNS service by the controller.

disable

Disables the policy for an mDNS service by the controller.

None

Release

Modification

8.0

This command was introduced.

Usage Guidelines

This command is valid for 8.0 release onwards.

Examples

The following example show how to configure the mDNS policy.

(Cisco Controller) >config mdns
policy enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

294

OL-31334-01

config Commands

config mdns policy service-group create | delete

To create or delete mDNS policy service group use the config mdns policy service-group create | delete
command.
config mdnspolicyservice-groupcreate | delete service-group-name

Syntax Description

Command Default

Command History

Examples

create

Creates the mDNS service group.

delete

Deletes the mDNS service group.

service-group-name

Name of the service group.

None

Release

Modification

8.0

This command was introduced.

The following example shows how to delete a mDNS service group.

(Cisco Controller) >config mdns policy service-group create <service-group-name>

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

295

config Commands

config mdns policy service-group parameters

To configure the parameters of a service group, use the config mdns policy service-group command.
config mdnspolicyservice-group device-mac add service-group-name mac-addr device name location-type
[AP_LOCATION | AP_NAME |AP_GROUP] device-location [location string |any | same]

Syntax Description

Command Default

Command History

Examples

device-mac

Configures MAC address of a service provider device.

add

Adds the service group name of the service provider device.

service-group-name

Name of a mDNS service group.

device-name

Name of a device to which the service provider belongs.

location type

Configures a location type of a service provider device.

[AP_LOCATION | AP_NAME |
AP_GROUP]

Name, location, group of the access point.

device-location

Configures location of a device to which the service provider

belongs.

[location string |any | same]

location string of a device.

None

Release

Modification

8.0

This command was introduced.

The following example shows how to configure a location type of a service provider device.
(Cisco Controller) >config mdns policy service-group location type [AP_LOCATION | AP_NAME
| AP_GROUP]

Cisco Wireless LAN Controller Command Reference, Release 8.0

296

OL-31334-01

config Commands

config mdns policy service-group user-name

To configure a user role for a mDNS service group, use the config mdns policy service-group user-name
add | delete <service-group-name> <user-role-name>command
config mdnspolicyservice-groupuser-nameadd | deleteservice-group-name user-name

Syntax Description

Command Default

Command History

Examples

user-name

Configures name of a user for mDNS service group.

service-group-name

Name of a mDNS service group

user-name

Name of the user role for mDNS service group

None

Release

Modification

8.0

This command was introduced.

The following example show how to add user name for a mDNS service group
(Cisco Controller) >config mdns policy service-group user-name add <service-group-name>
<user-role-name>

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

297

config Commands

config mdns policy service-group user-role

To configure a user role for a mDNS service group, use the config mdns policy service-group user-role add
| delete <service-group-name> <user-role-name>command.
config mdnspolicyservice-groupuser-roleadd | deleteservice-group-name user-role-name

Syntax Description

Command Default

Command History

Examples

user-role

Configures a user role for mDNS service group.

service-group-name

Name of a mDNS service group

user-role-name

Name of the user role for mDNS service group

None

Release

Modification

8.0

This command was introduced.

The following example show how to add user role details for a mDNS service group
(Cisco Controller) >config mdns policy service-group user-role add <service-group-name>
<user-role-name>

Cisco Wireless LAN Controller Command Reference, Release 8.0

298

OL-31334-01

config Commands

config memory monitor errors

To enable or disable monitoring for memory errors and leaks, use the config memory monitor errors
command.
config memory monitor errors {enable | disable}

Caution

Syntax Description

Command Default

Command History

The config memory monitor commands can be disruptive to your system and should be run only when
you are advised to do so by the Cisco TAC.

enable

Enables the monitoring for memory settings.

disable

Disables the monitoring for memory settings.

Monitoring for memory errors and leaks is disabled by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Be cautious about changing the defaults for the config memory monitor command unless you know what
you are doing, you have detected a problem, or you are collecting troubleshooting information.

Examples

The following example shows how to enable monitoring for memory errors and leaks for a controller:
(Cisco Controller) > config memory monitor errors enable

Related Commands

config memory monitor leaks

debug memory
show memory monitor

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

299

config Commands

config memory monitor leaks

To configure the controller to perform an auto-leak analysis between two memory thresholds, use the config
memory monitor leaks command.
config memory monitor leaks low_thresh high_thresh

Caution

Syntax Description

Command Default

Command History

The config memory monitor commands can be disruptive to your system and should be run only when
you are advised to do so by the Cisco TAC.

low_thresh

Value below which free memory cannot fall without crashing. This value cannot
be set lower than 10000 KB.

high_thresh

Value below which the controller enters auto-leak-analysis mode. See the Usage
Guidelines section.

The default value for low_thresh is 10000 KB; the default value for high_thresh is 30000 KB.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines
Note

Be cautious about changing the defaults for the config memory monitor command unless you know what
you are doing, you have detected a problem, or you are collecting troubleshooting information.
Use this command if you suspect that a memory leak has occurred.
If the free memory is lower than the low_thresh threshold, the system crashes, generating a crash file. The
default value for this parameter is 10000 KB, and you cannot set it below this value.
Set the high_thresh threshold to the current free memory level or higher so that the system enters
auto-leak-analysis mode. After the free memory reaches a level lower than the specified high_thresh threshold,
the process of tracking and freeing memory allocation begins. As a result, the debug memory events enable
command shows all allocations and frees, and the show memory monitor detail command starts to detect
any suspected memory leaks.

Cisco Wireless LAN Controller Command Reference, Release 8.0

300

OL-31334-01

config Commands

Examples

The following example shows how to set the threshold values for auto-leak-analysis mode to 12000 KB for
the low threshold and 35000 KB for the high threshold:
(Cisco Controller) > config memory monitor leaks 12000 35000

Related Commands

config memory monitor leaks

debug memory
show memory monitor

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

301

config Commands

config mgmtuser add

To add a local management user to the controller, use the config mgmtuser add command.
config mgmtuser add username password {read-write | read-only} [description]

Syntax Description

Command Default

Command History

Examples

username

Account username. The username can be up to 24 alphanumeric characters.

password

Account password. The password can be up to 24 alphanumeric characters.

read-write

Creates a management user with read-write access.

read-only

Creates a management user with read-only access.

description

(Optional) Description of the account. The description can be up to 32

alphanumeric characters within double quotes.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to create a management user account with read-write access.
(Cisco Controller) > config mgmtuser add admin admin read-write Main account

Related Commands

show mgmtuser

Cisco Wireless LAN Controller Command Reference, Release 8.0

302

OL-31334-01

config Commands

config mgmtuser delete

To delete a management user from the controller, use the config mgmtuser delete command.
config mgmtuser delete username

Syntax Description

Command Default

Command History

Examples

username

Account username. The username can be up to 24 alphanumeric characters.

The management user is not deleted by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to delete a management user account admin from the controller.
(Cisco Controller) > config mgmtuser delete admin
Deleted user admin

Related Commands

show mgmtuser

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

303

config Commands

config mgmtuser description

To add a description to an existing management user login to the controller, use the config mgmtuser
description command.
config mgmtuser description username description

Syntax Description

Command Default

Command History

Examples

username

Account username. The username can be up to 24 alphanumeric characters.

description

Description of the account. The description can be up to 32 alphanumeric

characters within double quotes.

No description is added to the management user.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add a description master-user to the management user admin:
(Cisco Controller) > config mgmtuser description admin "master user"

Related Commands

config mgmtuser add

config mgmtuser delete
config mgmtuser password
show mgmtuser

Cisco Wireless LAN Controller Command Reference, Release 8.0

304

OL-31334-01

config Commands

config mgmtuser password

To configure a management user password, use the config mgmtuser password command.
config mgmtuser password username password

Syntax Description

Command Default

Command History

Examples

username

Account username. The username can be up to 24 alphanumeric characters.

password

Account password. The password can be up to 24 alphanumeric characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to change the password of the management user admin with the new
password 5rTfm:
(Cisco Controller) > config mgmtuser password admin 5rTfm

Related Commands

show mgmtuser

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

305

config Commands

config mgmtuser telnet

To enable local management users to use Telnet to connect to the Cisco Wireless LAN Controller, use the
config mgmtuser telnet command.
config mgmtuser telnet user_name {enable | disable}

Syntax Description

Command Default

Command History

user_name

Username of a local management user.

enable

Enables a local management user to use Telnet to connect to the Cisco WLC.
You can enter up to 24 alphanumeric characters.

disable

Disables a local management user from using Telnet to connect to the Cisco
WLC.

Local management users can use Telnet to connect to the Cisco WLC.

Release

Modification

7.5

This command was introduced.

Usage Guidelines

You must enable global Telnet to enable this command. Secure Shell (SSH) connection is not affected when
you enable this option.

Examples

The following example shows how to enable a local management user to use Telnet to connect to the Cisco
WLC:
(Cisco Controller) > config mgmtuser telnet admin1 enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

306

OL-31334-01

config Commands

config mobility group member

To add or delete users from the mobility group member list, use the config mobility group member command.
config mobility group member {add MAC-addr IP-addr [group_name] | delete MAC-addr | hash IP-addr
{key | none}}

Syntax Description

Command Default

Command History

Examples

add

Adds or changes a mobility group member to

the list.

MAC-addr

Member switch MAC address.

IP-addr

Member switch IP address.

group_name

(Optional) Member switch group name (if

different from the default group name).

delete

(Optional) Deletes a mobility group member

from the list.

hash

Configures the hash key for authorization. You

can configure the hash key only if the member
is a virtual controller in the same domain.

key

Hash key of the virtual controller. For example,

a819d479dcfeb3e0974421b6e8335582263d9169

none

Clears the previous hash key of the virtual

controller.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

The following example shows how to add a mobility group member with an IPv4 address to the list:
(Cisco Controller) >config mobility group member add 11:11:11:11:11:11 209.165.200.225

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

307

config Commands

The following example shows how to add a mobility group member with an IPv6 address to the list:
(Cisco Controller) >config mobility group member add 11:11:11:11:11:11 2001:DB8::1

The following example shows how to configure the hash key of a virtual controller in the same domain:

Note

The IP address in this example can be in either IPv4 or IPv6 format.

(Cisco Controller) >config mobility group member hash 209.165.201.1
a819d479dcfeb3e0974421b6e8335582263d9169

Cisco Wireless LAN Controller Command Reference, Release 8.0

308

OL-31334-01

config Commands

config netuser add

To add a guest user on a WLAN or wired guest LAN to the local user database on the controller, use the
config netuser add command.
config netuser add username password {wlan wlan_id | guestlan guestlan_id} userType guest lifetime
lifetime description description

Syntax Description

username

Guest username. The username can be up to 50 alphanumeric characters.

password

User password. The password can be up to 24 alphanumeric characters.

wlan

Specifies the wireless LAN identifier to associate with or zero for any wireless
LAN.

wlan_id

Wireless LAN identifier assigned to the user. A zero value associates the user
with any wireless LAN.

guestlan

Specifies the guest LAN identifier to associate with or zero for any wireless
LAN.

guestlan_id

Guest LAN ID.

userType

Specifies the user type.

guest

Specifies the guest for the guest user.

lifetime

Specifies the lifetime.

lifetime

Lifetime value (60 to 259200 or 0) in seconds for the guest user.

Note

description

Command Default

Command History

Usage Guidelines

A value of 0 indicates an unlimited

lifetime.

Short description of user. The description can be up to 32 characters enclosed in

double-quotes.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Local network usernames must be unique because they are stored in the same database.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

309

config Commands

Examples

The following example shows how to add a permanent username Jane to the wireless network for 1 hour:
(Cisco Controller) > config netuser add jane able2 1 wlan_id 1 userType permanent

The following example shows how to add a guest username George to the wireless network for 1 hour:
(Cisco Controller) > config netuser add george able1 guestlan 1 3600

Related Commands

show netuser
config netuser delete

Cisco Wireless LAN Controller Command Reference, Release 8.0

310

OL-31334-01

config Commands

config netuser delete

To delete an existing user from the local network, use the config netuser delete command.
config netuser delete { username username | wlan-id wlan-id}

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

username

Network username. The username can be up to 24 alphanumeric characters.

wlan-id

WLAN identification number.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Local network usernames must be unique because they are stored in the same database.

When a WLAN associated with network users is deleted, the system prompts to delete all network users
associated with the WLAN first. After deleting the network users, you can delete the WLAN.

The following example shows how to delete an existing username named able1 from the network:
(Cisco Controller) > config netuser delete able1
Deleted user able1

Related Commands

show netuser

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

311

config Commands

config netuser description

To add a description to an existing net user, use the config netuser description command.
config netuser description username description

Syntax Description

Command Default

Command History

Examples

username

Network username. The username can contain up to 24 alphanumeric characters.

description

(Optional) User description. The description can be up to 32 alphanumeric characters

enclosed in double quotes.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add a user description HQ1 Contact to an existing network user named
able 1:
(Cisco Controller) > config netuser description able1 HQ1 Contact

Related Commands

show netuser

Cisco Wireless LAN Controller Command Reference, Release 8.0

312

OL-31334-01

config Commands

config netuser guest-lan-id

To configure a wired guest LAN ID for a network user, use the config netuser guest-lan-id command.
config netuser guest-lan-id username lan_id

Syntax Description

Command Default

Command History

Examples

username

Network username. The username can be 24 alphanumeric characters.

lan_id

Wired guest LAN identifier to associate with the user. A zero value associates
the user with any wired LAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure a wired LAN ID 2 to associate with the user named aire1:
(Cisco Controller) > config netuser guest- lan-id aire1 2

Related Commands

show netuser
show wlan summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

313

config Commands

config netuser guest-role apply

To apply a quality of service (QoS) role to a guest user, use the config netuser guest-role apply command.
config netuser guest-role apply username role_name

Syntax Description

Command Default

Command History

Usage Guidelines

username

Name of the user.

role_name

QoS guest role name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

If you do not assign a QoS role to a guest user, the Role field in the User Details shows the role as default.
The bandwidth contracts for this user are defined in the QoS profile for the WLAN.
If you want to unassign a QoS role from a guest user, use the config netuser guest-role apply username
default. This user now uses the bandwidth contracts defined in the QoS profile for the WLAN.

Examples

The following example shows how to apply a QoS role to a guest user jsmith with the QoS guest role named
Contractor:
(Cisco Controller) > config netuser guest-role apply jsmith Contractor

Related Commands

config netuser guest-role create

config netuser guest-role delete

Cisco Wireless LAN Controller Command Reference, Release 8.0

314

OL-31334-01

config Commands

config netuser guest-role create

To create a quality of service (QoS) role for a guest user, use the config netuser guest-role create command.
config netuser guest-role create role_name

Syntax Description

Command Default

Command History

role name

QoS guest role name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

To delete a QoS role, use the config netuser guest-role delete role-name .

Examples

The following example shows how to create a QoS role for the guest user named guestuser1:
(Cisco Controller) > config netuser guest-role create guestuser1

Related Commands

config netuser guest-role delete

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

315

config Commands

config netuser guest-role delete

To delete a quality of service (QoS) role for a guest user, use the config netuser guest-role delete command.
config netuser guest-role delete role_name

Syntax Description

Command Default

Command History

Examples

role name

Quality of service (QoS) guest role name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to delete a quality of service (QoS) role for guestuser1:
(Cisco Controller) > config netuser guest-role delete guestuser1

Related Commands

config netuser guest-role create

Cisco Wireless LAN Controller Command Reference, Release 8.0

316

OL-31334-01

config Commands

config netuser guest-role qos data-rate average-data-rate

To configure the average data rate for TCP traffic on a per user basis, use the config netuser guest-role qos
data-rate average-data-rate command.
config netuser guest-role qos data-rate average-data-rate role_name rate

Syntax Description

role_name

Quality of service (QoS) guest role name.

rate

Rate for TCP traffic on a per user basis.

Command Default

None

Usage Guidelines

For the role_name parameter in each of these commands, enter a name for the new QoS role. The name
uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter,
you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction
on the QoS role.

Examples

The following example shows how to configure an average rate for the QoS guest named guestuser1:
(Cisco Controller) > config netuser guest-role qos data-rate average-data-rate guestuser1
0

Related Commands

config netuser guest-role create

config netuser guest-role delete
config netuser guest-role qos data-rate burst-data-rate

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

317

config Commands

config netuser guest-role qos data-rate average-realtime-rate

To configure the average data rate for TCP traffic on a per user basis, use the config netuser guest-role qos
data-rate average-realtime-rate command.
config netuser guest-role qos data-rate average-realtime-rate role_name rate

Syntax Description

role_name

Quality of service (QoS) guest role name.

rate

Rate for TCP traffic on a per user basis.

Command Default

None

Usage Guidelines

Examples

The following example shows how to configure an average data rate for the QoS guest user named guestuser1
with the rate for TCP traffic of 0 Kbps:
(Cisco Controller) > config netuser guest-role qos data-rate average-realtime-rate guestuser1
0

Related Commands

config netuser guest-role

config netuser guest-role qos data-rate average-data-rate

Cisco Wireless LAN Controller Command Reference, Release 8.0

318

OL-31334-01

config Commands

config netuser guest-role qos data-rate burst-data-rate

To configure the peak data rate for TCP traffic on a per user basis, use the config netuser guest-role qos
data-rate burst-data-rate command.
config netuser guest-role qos data-rate burst-data-rate role_name rate

Syntax Description

Command Default

Command History

Usage Guidelines

role_name

Quality of service (QoS) guest role name.

rate

Rate for TCP traffic on a per user basis.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The burst data rate should be greater than or equal to the average data rate. Otherwise, the QoS policy may
block traffic to and from the wireless client.
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name
uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter,
you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction
on the QoS role.

Examples

The following example shows how to configure the peak data rate for the QoS guest named guestuser1 with
the rate for TCP traffic of 0 Kbps:
(Cisco Controller) > config netuser guest-role qos data-rate burst-data-rate guestuser1 0

Related Commands

config netuser guest-role create

config netuser guest-role delete
config netuser guest-role qos data-rate average-data-rate

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

319

config Commands

config netuser guest-role qos data-rate burst-realtime-rate

To configure the burst real-time data rate for UDP traffic on a per user basis, use the config netuser guest-role
qos data-rate burst-realtime-rate command.
config netuser guest-role qos data-rate burst-realtime-rate role_name rate

Syntax Description

Command Default

Command History

Usage Guidelines

role_name

Quality of service (QoS) guest role name.

rate

Rate for TCP traffic on a per user basis.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The burst real-time rate should be greater than or equal to the average real-time rate. Otherwise, the quality
of service (QoS) policy may block traffic to and from the wireless client.
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name
uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter,
you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction
on the QoS role.

Examples

The following example shows how to configure a burst real-time rate for the QoS guest user named guestuser1
with the rate for TCP traffic of 0 Kbps:
(Cisco Controller) > config netuser guest-role qos data-rate burst-realtime-rate guestuser1
0

Related Commands

config netuser guest-role

config netuser guest-role qos data-rate average-data-rate
config netuser guest-role qos data-rate burst-data-rate

Cisco Wireless LAN Controller Command Reference, Release 8.0

320

OL-31334-01

config Commands

config netuser lifetime

To configure the lifetime for a guest network user, use the config netuser lifetime command.
config netuser lifetime username time

Syntax Description

Command Default

Command History

Examples

username

Network username. The username can be up to 50 alphanumeric characters.

time

Llifetime between 60 to 2592000 seconds or 0 for no limit.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure lifetime for a guest network user:
(Cisco Controller) > config netuser lifetime guestuser1 22450

Related Commands

show netuser
show wlan summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

321

config Commands

config netuser maxUserLogin

To configure the maximum number of login sessions allowed for a network user, use the config netuser
maxUserLogin command.
config netuser maxUserLogin count

Syntax Description

Command Default

Command History

Examples

count

Maximum number of login sessions for a single user. The allowed values are
from 0 (unlimited) to 8.

By default, the maximum number of login sessions for a single user is 0 (unlimited).

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the maximum number of login sessions for a single user to
8:
(Cisco Controller) > config netuser maxUserLogin 8

Related Commands

show netuser

Cisco Wireless LAN Controller Command Reference, Release 8.0

322

OL-31334-01

config Commands

config netuser password

To change a local network user password, use the config netuser password command.
config netuser password username password

Syntax Description

Command Default

Command History

Examples

username

Network username. The username can be up to 24 alphanumeric characters.

password

Network user password. The password can contain up to 24 alphanumeric

characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to change the network user password from aire1 to aire2:
(Cisco Controller) > config netuser password aire1 aire2

Related Commands

show netuser

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

323

config Commands

config netuser wlan-id

To configure a wireless LAN ID for a network user, use the config netuser wlan-id command.
config netuser wlan-id username wlan_id

Syntax Description

Command Default

Command History

Examples

username

Network username. The username can be 24 alphanumeric characters.

wlan_id

Wireless LAN identifier to associate with the user. A zero value associates the
user with any wireless LAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure a wireless LAN ID 2 to associate with the user named aire1:
(Cisco Controller) > config netuser wlan-id aire1 2

Related Commands

show netuser
show wlan summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

324

OL-31334-01

config Commands

config network 802.3-bridging

To enable or disable 802.3 bridging on a controller, use the config network 802.3-bridging command.
config network 802.3-bridging {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables the 802.3 bridging.

disable

Disables the 802.3 bridging.

By default, 802.3 bridging on the controller is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

In controller software release 5.2, the software-based forwarding architecture for Cisco 2100 Series Controllers
is being replaced with a new forwarding plane architecture. As a result, Cisco 2100 Series Controllers and
the Cisco wireless LAN controller Network Module for Cisco Integrated Services Routers bridge 802.3 packets
by default. Therefore, 802.3 bridging can now be disabled only on Cisco 4400 Series Controllers, the Cisco
WiSM, and the Catalyst 3750G Wireless LAN Controller Switch.
To determine the status of 802.3 bridging, enter the show netuser guest-roles command.

Examples

The following example shows how to enable the 802.3 bridging:

(Cisco Controller) > config network 802.3-bridging enable

Related Commands

show netuser guest-roles

show network

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

325

config Commands

config network allow-old-bridge-aps

To configure an old bridge access points ability to associate with a switch, use the config network
allow-old-bridge-aps command.
config network allow-old-bridge-aps {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the switch association.

disable

Disables the switch association.

Switch association is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure an old bridge access point to associate with the switch:
> config network allow-old-bridge-aps enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

326

OL-31334-01

config Commands

config network ap-discovery

To enable or disable NAT IP in an AP discovery response, use the config network ap-discovery command.
config network ap-discovery nat-ip-only {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables use of NAT IP only in discovery response.

disable

Enables use of both NAT IP and non NAT IP in discovery response.

The use of NAT IP only in discovery response is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

If the config interface nat-address management command is set, this command controls which address(es)
are sent in the CAPWAP discovery responses.
If all APs are on the outside of the NAT gateway of the controller, enter the config network ap-discovery
nat-ip-only enable command, and only the management NAT address is sent.
If the controller has both APs on the outside and the inside of its NAT gateway, enter the config network
ap-discovery nat-ip-only disable command, and both the management NAT address and the management
inside address are sent. Ensure that you have entered the config ap link-latency disable all command to avoid
stranding APs.

Examples

The following example shows how to enable NAT IP in an AP discovery response:

> config network ap-discovery nat-ip-only enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

327

config Commands

config network ap-fallback

To configure Cisco lightweight access point fallback, use the config network ap-fallback command.
config network ap-fallback {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the Cisco lightweight access point fallback.

disable

Disables the Cisco lightweight access point fallback.

The Cisco lightweight access point fallback is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the Cisco lightweight access point fallback:
> config network ap-fallback enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

328

OL-31334-01

config Commands

config network ap-priority

To enable or disable the option to prioritize lightweight access points so that after a controller failure they
reauthenticate by priority rather than on a first-come-until-full basis, use the config network ap-priority
command.
config network ap-priority {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the lightweight access point priority reauthentication.

disable

Disables the lightweight access point priority reauthentication.

The lightweight access point priority reauthentication is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the lightweight access point priority reauthorization:
> config network ap-priority enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

329

config Commands

config network apple-talk

To configure AppleTalk bridging, use the config network apple-talk command.
config network apple-talk {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the AppleTalk bridging.

disable

Disables the AppleTalk bridging.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure AppleTalk bridging:

> config network apple-talk enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

330

OL-31334-01

config Commands

config network arptimeout

To set the Address Resolution Protocol (ARP) entry timeout value, use the config network arptimeout
command.
config network arptimeout seconds

Syntax Description

Command Default

Command History

Examples

seconds

Timeout in seconds. The minimum value is 10 seconds. The default value is 300
seconds.

The default ARP entry timeout value is 300 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This example shows how to set the ARP entry timeout value to 240 seconds:
(Cisco Controller) > config network arptimeout 240

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

331

config Commands

config network bridging-shared-secret

To configure the bridging shared secret, use the config network bridging-shared-secret command.
config network bridging-shared-secret shared_secret

Syntax Description

Command Default

Command History

Usage Guidelines

shared_secret

Bridging shared secret string. The string can contain up to 10 bytes.

The bridging shared secret is enabled by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This command creates a secret that encrypts backhaul user data for the mesh access points that connect to the
switch.
The zero-touch configuration must be enabled for this command to work.

Examples

The following example shows how to configure the bridging shared secret string shhh1:
(Cisco Controller) > config network bridging-shared-secret shhh1

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

332

OL-31334-01

config Commands

config network broadcast

To enable or disable broadcast packet forwarding, use the config network broadcast command.
config network broadcast {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

enable

Enables the broadcast packet forwarding.

disable

Disables the broadcast packet forwarding.

The broadcast packet forwarding is disabled by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This command allows you to enable or disable broadcasting. You must enable multicast mode before enabling
broadcast forwarding. Use the config network multicast mode command to configure multicast mode on
the controller.

The default multicast mode is unicast in case of all controllers except for Cisco 2106 Controllers. The
broadcast packets and multicast packets can be independently controlled. If multicast is off and broadcast
is on, broadcast packets still reach the access points, based on the configured multicast mode.

The following example shows how to enable broadcast packet forwarding:

(Cisco Controller) > config network broadcast enable

Related Commands

show network summary

config network multicast global
config network multicast mode

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

333

config Commands

config network fast-ssid-change

To enable or disable fast Service Set Identifier (SSID) changing for mobile stations, use the config network
fast-ssid-change command.
config network fast-ssid-change {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables the fast SSID changing for mobile stations

disable

Disables the fast SSID changing for mobile stations.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

When you enable the Fast SSID Change feature, the controller allows clients to move between SSIDs. When
the client sends a new association for a different SSID, the client entry in the controller connection table is
cleared before the client is added to the new SSID.
When you disable the FastSSID Change feature, the controller enforces a delay before clients are allowed to
move to a new SSID.

Examples

The following example shows how to enable the fast SSID changing for mobile stations:
(Cisco Controller) > config network fast-ssid-change enable

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

334

OL-31334-01

config Commands

config network ip-mac-binding

To validate the source IP address and MAC address binding within client packets, use the config network
ip-mac-binding command.
config network ip-network-binding {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

enable

Enables the validation of the source IP address to MAC address binding in clients
packets.

disable

Disables the validation of the source IP address to MAC address binding in clients
packets.

The validation of the source IP address to MAC address binding in clients packets is enabled by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

In controller software release 5.2, the controller enforces strict IP address-to-MAC address binding in client
packets. The controller checks the IP address and MAC address in a packet, compares them to the addresses
that are registered with the controller, and forwards the packet only if they both match. In previous releases,
the controller checks only the MAC address of the client and ignores the IP address.

You might want to disable this binding check if you have a routed network behind a workgroup bridge
(WGB).

The following example shows how to validate the source IP and MAC address within client packets:
(Cisco Controller) > config network ip-mac-binding enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

335

config Commands

config network link local bridging

To configure bridging of link local traffic at the local site, use the config network link-local-bridging
command.
config network link-local-bridging {enable | disable}

Syntax Description

enable

Enables bridging of link local traffic at the local site

disable

Disables bridging of link local traffic at the local site

Command Default

Disabled

Command History

Release

Modification

8.0

This command was introduced

Cisco Wireless LAN Controller Command Reference, Release 8.0

336

OL-31334-01

config Commands

config network master-base

To enable or disable the Cisco wireless LAN controller as an access point default master, use the config
network master-base command.
config network master-base {enable | disable}

Syntax Description

Command Default

Command History

enable

Enables the Cisco wireless LAN controller acting as a Cisco lightweight access
point default master.

disable

Disables the Cisco wireless LAN controller acting as a Cisco lightweight access
point default master.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This setting is only used upon network installation and should be disabled after the initial network configuration.
Because the Master Cisco wireless LAN controller is normally not used in a deployed network, the Master
Cisco wireless LAN controller setting can be saved from 6.0.199.0 or later releases.

Examples

The following example shows how to enable the Cisco wireless LAN controller as a default master:
(Cisco Controller) > config network master-base enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

337

config Commands

config network mgmt-via-wireless

To enable Cisco wireless LAN controller management from an associated wireless client, use the config
network mgmt-via-wireless command.
config network mgmt-via-wireless {enable | disable}

Syntax Description

Command Default

Command History

enable

Enables the switch management from a wireless interface.

disable

Disables the switch management from a wireless interface.

The switch management from a wireless interface is disabled by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This feature allows wireless clients to manage only the Cisco wireless LAN controller associated with the
client and the associated Cisco lightweight access point. That is, clients cannot manage another Cisco wireless
LAN controller with which they are not associated.

Examples

This example shows how to configure switch management from a wireless interface:
(Cisco Controller) > config network mgmt-via-wireless enable

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

338

OL-31334-01

config Commands

config network multicast global

To enable or disable multicasting on the controller, use the config network multicast global command.
config network multicast global {enable | disable}

Syntax Description

Command Default

Command History

enable

Enables the multicast global support.

disable

Disables the multicast global support.

Multicasting on the controller is disabled by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The config network broadcast {enable | disable} command allows you to enable or disable broadcasting
without enabling or disabling multicasting as well. This command uses the multicast mode configured on the
controller (by using the config network multicast mode command) to operate.

Examples

The following example shows how to enable the global multicast support:
(Cisco Controller) > config network multicast global enable

Related Commands

show network summary

config network broadcast
config network multicast mode

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

339

config Commands

config network multicast igmp query interval

To configure the IGMP query interval, use the config network multicast igmp query interval command.
config network multicast igmp query interval value

Syntax Description

Command Default

Command History

Usage Guidelines

value

Frequency at which controller sends IGMP query messages. The range is from
15 to 2400 seconds.

The default IGMP query interval is 20 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

To configure IGMP query interval, ensure that you do the following:

Enable the global multicast by entering the config network multicast global enable command.
Enable IGMP snooping by entering the config network multicast igmp snooping enable command.

Examples

The following example shows how to configure the IGMP query interval at 20 seconds:
(Cisco Controller) > config network multicast igmp query interval 20

Related Commands

config network multicast global

config network multicast igmp snooping
config network multicast igmp timeout

Cisco Wireless LAN Controller Command Reference, Release 8.0

340

OL-31334-01

config Commands

config network multicast igmp snooping

To enable or disable IGMP snooping, use the config network multicast igmp snooping command.
config network multicast igmp snooping {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables IGMP snooping.

disable

Disables IGMP snooping.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable internet IGMP snooping settings:
(Cisco Controller) > config network multicast igmp snooping enable

Related Commands

config network multicast global

config network multicast igmp query interval
config network multicast igmp timeout

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

341

config Commands

config network multicast igmp timeout

To set the IGMP timeout value, use the config network multicast igmp timeout command.
config network multicast igmp timeout value

Syntax Description

Command Default

Command History

value

Timeout range from 30 to 7200 seconds.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You can enter a timeout value between 30 and 7200 seconds. The controller sends three queries in one timeout
value at an interval of timeout/3 to see if any clients exist for a particular multicast group. If the controller
does not receive a response through an IGMP report from the client, the controller times out the client entry
from the MGID table. When no clients are left for a particular multicast group, the controller waits for the
IGMP timeout value to expire and then deletes the MGID entry from the controller. The controller always
generates a general IGMP query (to destination address 224.0.0.1) and sends it on all WLANs with an MGID
value of 1.

Examples

The following example shows how to configure the timeout value 50 for IGMP network settings:
(Cisco Controller) > config network multicast igmp timeout 50

Related Commands

config network multicast global

config network igmp snooping
config network multicast igmp query interval

Cisco Wireless LAN Controller Command Reference, Release 8.0

342

OL-31334-01

config Commands

config network multicast l2mcast

To configure the Layer 2 multicast on an interface or all interfaces, use the config network multicast l2mcast
command.
config network multicast l2mcast {enable| disable {all | interface-name}

Syntax Description

Command Default

Command History

Examples

enable

Enables Layer 2 multicast.

disable

Disables Layer 2 multicast.

all

Applies to all interfaces.

interface-name

Interface name for which the Layer 2 multicast is to enabled or disabled.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable Layer 2 multicast for all interfaces:
(Cisco Controller) > config network multicast l2mcast enable all

Related Commands

config network multicast global

config network multicast igmp snooping
config network multicast igmp query interval
config network multicast mld

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

343

config Commands

config network multicast mld

To configure the Multicast Listener Discovery (MLD) parameters, use the config network multicast mld
command.
config network multicast mld {query interval interval-value | snooping {enable | disable} | timeout
timeout-value}

Syntax Description

Command Default

Command History

Examples

query interval

Configures query interval to send MLD query

messages.

interval-value

Query interval in seconds. The range is from 15 to 2400

seconds.

snooping

Configures MLD snooping.

enable

Enables MLD snooping.

disable

Disables MLD snooping.

timeout

Configures MLD timeout.

timeout-value

Timeout value in seconds. The range is from 30 seconds

to 7200 seconds.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set a query interval of 20 seconds for MLD query messages:
(Cisco Controller) > config network multicast mld query interval 20

Related Commands

config network multicast global

config network multicast igmp snooping
config network multicast igmp query interval
config network multicast l2mcast

Cisco Wireless LAN Controller Command Reference, Release 8.0

344

OL-31334-01

config Commands

config network multicast mode multicast

To configure the controller to use the multicast method to send broadcast or multicast packets to an access
point, use the config network multicast mode multicast command.
config network multicast mode multicast

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the multicast mode to send a single copy of data to multiple
receivers:
(Cisco Controller) > config network multicast mode multicast

Related Commands

config network multicast global

config network broadcast
config network multicast mode unicast

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

345

config Commands

config network multicast mode unicast

To configure the controller to use the unicast method to send broadcast or multicast packets to an access point,
use the config network multicast mode unicast command.
config network multicast mode unicast

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the controller to use the unicast mode:
(Cisco Controller) > config network multicast mode unicast

Related Commands

config network multicast global

config network broadcast
config network multicast mode multicast

Cisco Wireless LAN Controller Command Reference, Release 8.0

346

OL-31334-01

config Commands

config network oeap-600 dual-rlan-ports

To configure the Ethernet port 3 of Cisco OfficeExtend 600 Series access points to operate as a remote LAN
port in addition to port 4, use the config network oeap-600 dual-rlan-ports command.
config network oeap-600 dual-rlan-ports {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables Ethernet port 3 of Cisco OfficeExtend 600 Series access points to operate
as a remote LAN port in addition to port 4.

disable

Resets the Ethernet port 3 Cisco OfficeExtend 600 Series access points to function
as a local LAN port.

The Ethernet port 3 Cisco 600 Series OEAP is reset.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the Ethernet port 3 of Cisco OfficeExtend 600 Series access
points to operate as a remote LAN port:
> config network oeap-600 dual-rlan-ports enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

347

config Commands

config network oeap-600 local-network

To configure access to the local network for the Cisco 600 Series OfficeExtend access points, use the config
network oeap-600 local-network command.
config network oeap-600 local-network {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables access to the local network for the Cisco 600 Series OfficeExtend access
points.

disable

Disables access to the local network for the Cisco 600 Series OfficeExtend access
points.

Access to the local network for the Cisco 600 Series OEAPs is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable access to the local network for the Cisco 600 Series OfficeExtend
access points:
> config network oeap-600 local-network enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

348

OL-31334-01

config Commands

config network otap-mode

To enable or disable over-the-air provisioning (OTAP) of Cisco lightweight access points, use the config
network otap-mode command.
config network otap-mode {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the OTAP provisioning.

disable

Disables the OTAP provisioning.

The OTAP provisioning is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to disable the OTAP provisioning:

> config network otap-mode disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

349

config Commands

config network rf-network-name

To set the RF-Network name, use the config network rf-network-name command.
config network rf-network-name name

Syntax Description

Command Default

Command History

Examples

name

RF-Network name. The name can contain up to 19

characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set the RF-network name to travelers:
(Cisco Controller) > config network rf-network-name travelers

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

350

OL-31334-01

config Commands

config network secureweb

To change the state of the secure web (https is http and SSL) interface for management users, use the config
network secureweb command.
config network secureweb {enable | disable}

Syntax Description

Command Default

Command History

enable

Enables the secure web interface for management users.

disable

Disables the secure web interface for management users.

The secure web interface for management users is enabled by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This command allows management users to access the controller GUI using an http://ip-address. Web mode
is not a secure connection.

Examples

The following example shows how to enable the secure web interface settings for management users:
(Cisco Controller) > config network secureweb enable
You must reboot for the change to take effect.

Related Commands

config network secureweb cipher-option

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

351

config Commands

config network secureweb cipher-option

To enable or disable secure web mode with increased security, or to enable or disable Secure Sockets Layer
(SSL v2) for web administration and web authentication, use the config network secureweb cipher-option
command.
config network secureweb cipher-option {high | sslv2 | rc4-preference} {enable | disable}

Syntax Description

Command Default

Command History

high

Configures whether or not 128-bit ciphers are required for web

administration and web authentication.

sslv2

Configures SSLv2 for both web administration and web authentication.

rc4-preference

Configures preference for RC4-SHA (Rivest Cipher 4-Secure Hash

Algorithm) cipher suites (over CBC cipher suites) for web authentication
and web administration.

enable

Enables the secure web interface.

disable

Disables the secure web interface.

The default is disable for secure web mode with increased security and enable for SSL v2.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines
Note

The config network secureweb cipher-option command allows users to access the controller GUI using
an http://ip-address but only from browsers that support 128-bit (or larger) ciphers.
When cipher-option sslv2 is disabled, users cannot connect using a browser configured with SSLv2 only.
They must use a browser that is configured to use a more secure protocol such as SSLv3 or later.
In RC4-SHA based cipher suites, RC4 is used for encryption and SHA is used for message authentication.

Examples

The following example shows how to enable secure web mode with increased security:
(Cisco Controller) > config network secureweb cipher-option

Cisco Wireless LAN Controller Command Reference, Release 8.0

352

OL-31334-01

config Commands

The following example shows how to disable SSL v2:

(Cisco Controller) > config network secureweb cipher-option sslv2 disable

Related Commands

config network secureweb

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

353

config Commands

config network ssh

To allow or disallow new Secure Shell (SSH) sessions, use the config network ssh command.
config network ssh {enable | disable}

Syntax Description

enable

Allows the new SSH sessions.

disable

Disallows the new SSH sessions.

Command Default

The default value for the new SSH session is disable.

Examples

The following example shows how to enable the new SSH session:
(Cisco Controller) > config network ssh enable

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

354

OL-31334-01

config Commands

config network telnet

To allow or disallow new Telnet sessions, use the config network telnet command.
config network telnet {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Allows new Telnet sessions.

disable

Disallows new Telnet sessions.

By default, the new Telnet session is disallowed and the value is disable.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the new Telnet sessions:
(Cisco Controller) > config network telnet enable

Related Commands

config ap telnet
show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

355

config Commands

config network usertimeout

To change the timeout for idle client sessions, use the config network usertimeout command.
config network usertimeout seconds

Syntax Description

seconds

Timeout duration in seconds. The minimum value is 90 seconds. The default

value is 300 seconds.

Command Default

The default timeout value for idle client session is 300 seconds.

Usage Guidelines

Use this command to set the idle client session duration on the Cisco wireless LAN controller. The minimum
duration is 90 seconds.

Examples

The following example shows how to configure the idle session timeout to 1200 seconds:
(Cisco Controller) > config network usertimeout 1200

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

356

OL-31334-01

config Commands

config network web-auth captive-bypass

To configure the controller to support bypass of captive portals at the network level, use the config network
web-auth captive-bypass command.
config network web-auth captive-bypass {enable | disable}

Syntax Description

enable

Allows the controller to support bypass of captive portals.

disable

Disallows the controller to support bypass of captive portals.

Command Default

None

Examples

The following example shows how to configure the controller to support bypass of captive portals:
(Cisco Controller) > config network web-auth captive-bypass enable

Related Commands

show network summary

config network web-auth cmcc-support

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

357

config Commands

config network web-auth cmcc-support

To configure eWalk on the controller, use the config network web-auth cmcc-support command.
config network web-auth cmcc-support {enable | disable}

Syntax Description

enable

Enables eWalk on the controller.

disable

Disables eWalk on the controller.

Command Default

None

Examples

The following example shows how to enable eWalk on the controller:

(Cisco Controller) > config network web-auth cmcc-support enable

Related Commands

show network summary

config network web-auth captive-bypass

Cisco Wireless LAN Controller Command Reference, Release 8.0

358

OL-31334-01

config Commands

config network web-auth port

To configure an additional port to be redirected for web authentication at the network level, use the config
network web-auth port command.
config network web-auth port port

Syntax Description

port

Command Default

None

Command History

Examples

Port number. The valid range is from 0 to 65535.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure an additional port number 1200 to be redirected for web
authentication:
(Cisco Controller) > config network web-auth port 1200

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

359

config Commands

config network web-auth proxy-redirect

To configure proxy redirect support for web authentication clients, use the config network web-auth
proxy-redirect command.
config network web-auth proxy-redirect {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Allows proxy redirect support for web authentication

clients.

disable

Disallows proxy redirect support for web

authentication clients.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable proxy redirect support for web authentication clients:
(Cisco Controller) > config network web-auth proxy-redirect enable

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

360

OL-31334-01

config Commands

config network web-auth secureweb

To configure the secure web (https) authentication for clients, use the config network web-auth secureweb
command.
config network web-auth secureweb {enable | disable}

Syntax Description

Command Default

Command History

enable

Allows secure web (https) authentication for clients.

disable

Disallows secure web (https) authentication for clients.

Enables http web authentication for clients.

The default secure web (https) authentication for clients is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines
Note

Examples

If you configure the secure web (https) authentication for clients using the config network web-auth
secureweb disable command, then you must reboot the Cisco WLC to implement the change.

The following example shows how to enable the secure web (https) authentication for clients:
(Cisco Controller) > config network web-auth secureweb enable

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

361

config Commands

config network web-auth https-redirect

To configure https redirect support for web authentication clients, use the config network web-auth
https-redirect command.
config network web-auth https-redirect {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the secure redirection(https) for

web-authentication clients.

disable

Disables the secure redirection(https) for

web-authentication clients.

This command is by default disabled.

Release

Modification

8.0

This command was introduced in Release 8.0

The following example shows how to enable proxy redirect support for web authentication clients:
(Cisco Controller) > config network web-auth https-redirect enable

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

362

OL-31334-01

config Commands

config network webcolor

To configure the web color theme for the controller GUI, use the config network webcolor command.
config network webcolor {default | red}

Syntax Description

Command Default

Command History

default

Specifies the default web color theme for the controller GUI.

red

Specifies the web color theme as red for the controller GUI.

Default

Release

Modification

8.0

This command was introduced.

Usage Guidelines

If you are changing the web color theme from the controller CLI, you need to reload the controller GUI to
apply your changes.

Examples

The following example shows how to configure the web interface color as red for the controller GUI:
(Cisco Controller) > config network webcolor red

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

363

config Commands

config network webmode

To enable or disable the web mode, use the config network webmode command.
config network webmode {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the web interface.

disable

Disables the web interface.

The default value for the web mode is enable.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable the web interface mode:
(Cisco Controller) > config network webmode disable

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

364

OL-31334-01

config Commands

config network web-auth

To configure the network-level web authentication options, use the config network web-auth command.
config network web-auth {port port-number} | {proxy-redirect {enable | disable}}

Syntax Description

port

Configures additional ports for web authentication

redirection.

port-number

Port number (between 0 and 65535).

proxy-redirect

Configures proxy redirect support for web

authentication clients.

enable

Enables proxy redirect support for web authentication

clients.
Note

disable

Command Default

Command History

Web-auth proxy redirection will be enabled

for ports 80, 8080, and 3128, along with user
defined port 345.

Disables proxy redirect support for web authentication

clients.

The default network-level web authentication value is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

You must reset the system for the configuration to take effect.

Examples

The following example shows how to enable proxy redirect support for web authentication clients:
(Cisco Controller) > config network web-auth proxy-redirect enable

Related Commands

show network summary

show run-config
config qos protocol-type

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

365

config Commands

config network zero-config

To configure bridge access point ZeroConfig support, use the config network zero-config command.
config network zero-config {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the bridge access point ZeroConfig support.

disable

Disables the bridge access point ZeroConfig support.

The bridge access point ZeroConfig support is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the bridge access point ZeroConfig support:
> config network zero-config enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

366

OL-31334-01

config Commands

config nmsp notify-interval measurement

To modify the Network Mobility Services Protocol (NMSP) notification interval value on the controller to
address latency in the network, use the config nmsp notify-interval measurement command.
config nmsp notify-interval measurement {client | rfid | rogue} interval

Syntax Description

Command Default

Command History

client

Modifies the interval for clients.

rfid

Modifies the interval for active radio frequency identification (RFID) tags.

rogue

Modifies the interval for rogue access points and rogue clients.

interval

Time interval. The range is from 1 to 30 seconds.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The TCP port (16113) that the controller and location appliance communicate over must be open (not blocked)
on any firewall that exists between the controller and the location appliance for NMSP to function.

Examples

The following example shows how to modify the NMSP notification interval for the active RFID tags to 25
seconds:
(Cisco Controller) > config nmsp notify-interval measurement rfid 25

Related Commands

clear locp statistics

clear nmsp statistics
show nmsp notify-interval summary
show nmsp statistics
show nmsp status

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

367

config Commands

config paging
To enable or disable scrolling of the page, use the config paging command.
config paging {enable | disable}

Syntax Description

enable

Enables the scrolling of the page.

disable

Disables the scrolling of the page.

Command Default

By default, scrolling of the page is enabled.

Usage Guidelines

Commands that produce a huge number of lines of output with the scrolling of the page disabled might result
in the termination of SSH/Telnet connection or user session on the console.

Examples

The following example shows how to enable scrolling of the page:

(Cisco Controller) > config paging enable

Related Commands

show run-config

Cisco Wireless LAN Controller Command Reference, Release 8.0

368

OL-31334-01

config Commands

config passwd-cleartext
To enable or disable temporary display of passwords in plain text, use the config passwd-cleartext command.
config passwd-cleartext {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables the display of passwords in plain text.

disable

Disables the display of passwords in plain text.

By default, temporary display of passwords in plain text is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This command must be enabled if you want to see user-assigned passwords displayed in clear text when using
the show run-config command.
To execute this command, you must enter an admin password. This command is valid only for this particular
session. It is not saved following a reboot.

Examples

The following example shows how to enable display of passwords in plain text:
(Cisco Controller) > config passwd-cleartext enable
The way you see your passwds will be changed
You are being warned.
Enter admin password:

Related Commands

show run-config

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

369

config Commands

config prompt
To change the CLI system prompt, use the config prompt command.
config prompt prompt

Syntax Description

Command Default

Command History

prompt

New CLI system prompt enclosed in double quotes. The prompt can be up to 31 alphanumeric
characters and is case sensitive.

The system prompt is configured using the startup wizard.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Because the system prompt is a user-defined variable, it is omitted from the rest of this documentation.

Examples

The following example shows how to change the CLI system prompt to Cisco 4400:
(Cisco Controller) > config prompt Cisco 4400

Cisco Wireless LAN Controller Command Reference, Release 8.0

370

OL-31334-01

config Commands

config qos average-data-rate

To define the average data rate in Kbps for TCP traffic per user or per service set identifier (SSID), use the
config qos average-data-rate command.
config qos average-data-rate {bronze | silver | gold | platinum} {per-ssid | per-client} {downstream |
upstream} rate

Syntax Description

Command Default

Command History

Examples

bronze

Specifies the average data rate for the queue bronze.

silver

Specifies the average data rate for the queue silver.

gold

Specifies the average data rate for the queue gold.

platinum

Specifies the average data rate for the queue platinum.

per-ssid

Configures the rate limit for an SSID per radio. The combined traffic
of all clients will not exceed this limit.

per-client

Configures the rate limit for each client associated with the SSID.

downstream

Configures the rate limit for downstream traffic.

upstream

Configures the rate limit for upstream traffic.

rate

Average data rate for TCP traffic per user. A value between 0 and
51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth
restriction on the QoS profile.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the average data rate 0 Kbps for the queue gold per SSID:
(Cisco Controller) > config qos average-data-rate gold per ssid downstream 0

Related Commands

config qos burst-data-rate

config qos average-realtime-rate
config qos burst-realtime-rate

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

371

config Commands

config wlan override-rate-limit

Cisco Wireless LAN Controller Command Reference, Release 8.0

372

OL-31334-01

config Commands

config qos average-realtime-rate

To define the average real-time data rate in Kbps for UDP traffic per user or per service set identifier (SSID),
use the config qos average-realtime-rate command.
config qos average-realtime-rate {bronze | silver | gold | platinum} {per-ssid | per-client} {downstream
| upstream} rate

Syntax Description

Command Default

Command History

Examples

bronze

Specifies the average real-time data rate for the queue bronze.

silver

Specifies the average real-time data rate for the queue silver.

gold

Specifies the average real-time data rate for the queue gold.

platinum

Specifies the average real-time data rate for the queue platinum.

per-ssid

Configures the rate limit for an SSID per radio. The combined traffic of all
clients will not exceed this limit.

per-client

Configures the rate limit for each client associated with the SSID.

downstream

Configures the rate limit for downstream traffic.

upstream

Configures the rate limit for upstream traffic.

rate

Average real-time data rate for UDP traffic per user. A value between 0 and
51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on
the QoS profile.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the average real-time actual rate for queue gold:
(Cisco Controller) > config qos average-realtime-rate gold per ssid downstream 10

Related Commands

config qos average-data-rate

config qos burst-data-rate
config qos burst-realtime-rate

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

373

config Commands

config wlan override-rate-limit

Cisco Wireless LAN Controller Command Reference, Release 8.0

374

OL-31334-01

config Commands

config qos burst-data-rate

To define the peak data rate in Kbps for TCP traffic per user or per service set identifier (SSID), use the config
qos burst-data-rate command.
config qos burst-data-rate {bronze | silver | gold | platinum} {per-ssid | per-client} {downstream |
upstream} rate

Syntax Description

Command Default

Command History

Examples

bronze

Specifies the peak data rate for the queue bronze.

silver

Specifies the peak data rate for the queue silver.

gold

Specifies the peak data rate for the queue gold.

platinum

Specifies the peak data rate for the queue platinum.

per-ssid

Configures the rate limit for an SSID per radio. The combined traffic
of all clients will not exceed this limit.

per-client

Configures the rate limit for each client associated with the SSID.

downstream

Configures the rate limit for downstream traffic.

upstream

Configures the rate limit for upstream traffic.

rate

Peak data rate for TCP traffic per user. A value between 0 and
51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth
restriction on the QoS profile.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the peak rate 30000 Kbps for the queue gold:
(Cisco Controller) > config qos burst-data-rate gold per ssid downstream 30000

Related Commands

config qos average-data-rate

config qos average-realtime-rate
config qos burst-realtime-rate

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

375

config Commands

config wlan override-rate-limit

Cisco Wireless LAN Controller Command Reference, Release 8.0

376

OL-31334-01

config Commands

config qos burst-realtime-rate

To define the burst real-time data rate in Kbps for UDP traffic per user or per service set identifier (SSID),
use the config qos burst-realtime-rate command.
config qos burst-realtime-rate {bronze | silver | gold | platinum} { per-ssid | per-client } { downstream
| upstream } rate

Syntax Description

Command Default

Command History

Examples

bronze

Specifies the burst real-time data rate for the queue

bronze.

silver

Specifies the burst real-time data rate for the queue silver.

gold

Specifies the burst real-time data rate for the queue gold.

platinum

Specifies the burst real-time data rate for the queue

platinum.

per-ssid

Configures the rate limit for an SSID per radio. The

combined traffic of all clients will not exceed this limit.

per-client

Configures the rate limit for each client associated with

the SSID.

downstream

Configures the rate limit for downstream traffic.

upstream

Configures the rate limit for upstream traffic.

rate

Burst real-time data rate for UDP traffic per user. A value
between 0 and 51,2000 Kbps (inclusive). A value of 0
imposes no bandwidth restriction on the QoS profile.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the burst real-time actual rate 2000 Kbps for the queue gold:
(Cisco Controller) > config qos burst-realtime-rate gold per ssid downstream

Related Commands

2000

config qos average-data-rate

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

377

config Commands

config qos burst-data-rate

config qos average-realtime-rate
config wlan override-rate-limit

Cisco Wireless LAN Controller Command Reference, Release 8.0

378

OL-31334-01

config Commands

config qos description

To change the profile description, use the config qos description command.
config qos description {bronze | silver | gold | platinum} description

Syntax Description

Command Default

Command History

Examples

bronze

Specifies the QoS profile description for the queue bronze.

silver

Specifies the QoS profile description for the queue silver.

gold

Specifies the QoS profile description for the queue gold.

platinum

Specifies the QoS profile description for the queue platinum.

description

QoS profile description.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the QoS profile description description for the queue gold:
(Cisco Controller) > config qos description gold abc

Related Commands

show qos average-data-rate

config qos burst-data-rate
config qos average-realtime-rate
config qos burst-realtime-rate
config qos max-rf-usage

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

379

config Commands

config qos max-rf-usage

To specify the maximum percentage of RF usage per access point, use the config qos max-rf-usage command.
config qos max-rf-usage {bronze | silver | gold | platinum} usage_percentage

Syntax Description

Command Default

Command History

Examples

bronze

Specifies the maximum percentage of RF usage for the queue bronze.

silver

Specifies the maximum percentage of RF usage for the queue silver.

gold

Specifies the maximum percentage of RF usage for the queue gold.

platinum

Specifies the maximum percentage of RF usage for the queue platinum.

usage-percentage

Maximum percentage of RF usage.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to specify the maximum percentage of RF usage for the queue gold:
(Cisco Controller) > config qos max-rf-usage gold 20

Related Commands

show qos description

config qos average-data-rate
config qos burst-data-rate
config qos average-realtime-rate
config qos burst-realtime-rate

Cisco Wireless LAN Controller Command Reference, Release 8.0

380

OL-31334-01

config Commands

config qos dot1p-tag

To define the maximum value (0 to 7) for the priority tag associated with packets that fall within the profile,
use the config qos dot1p-tag command.
config qos dot1p-tag {bronze | silver | gold | platinum} dot1p_tag

Syntax Description

Command Default

Command History

Examples

bronze

Specifies the QoS 802.1p tag for the queue bronze.

silver

Specifies the QoS 802.1p tag for the queue silver.

gold

Specifies the QoS 802.1p tag for the queue gold.

platinum

Specifies the QoS 802.1p tag for the queue platinum.

dot1p_tag

Dot1p tag value between 1 and 7.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the a QoS 802.1p tag for the queue gold with the dot1p tag
value of 5:
(Cisco Controller) > config qos dot1p-tag gold 5

Related Commands

show qos queue_length all

config qos protocol-type

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

381

config Commands

config qos priority

To define the maximum and default QoS levels for unicast and multicast traffic when you assign a QoS profile
to a WLAN, use the config qos priority command.
config qos priority {bronze | silver | gold | platinum} {maximum-priority | default-unicast-priority |
default-multicast-priority}

Syntax Description

bronze

Specifies a Bronze profile of the WLAN.

silver

Specifies a Silver profile of the WLAN.

gold

Specifies a Gold profile of the WLAN.

platinum

Specifies a Platinum profile of the WLAN.

maximum-priority

Maximum QoS priority as one of the following:

besteffort
background
video
voice

default-unicast-priority

Default unicast priority as one of the following:

besteffort
background
video
voice

default-multicast-priority

Default multicast priority as one of the following:

besteffort
background
video
voice

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

382

OL-31334-01

config Commands

Usage Guidelines

The maximum priority level should not be lower than the default unicast and multicast priority levels.

Examples

The following example shows how to configure the QoS priority for a gold profile of the WLAN with voice
as the maximum priority, video as the default unicast priority, and besteffort as the default multicast priority.
(Cisco Controller) > config qos priority gold voice video besteffort

Related Commands

config qos protocol-type

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

383

config Commands

config qos protocol-type

To define the maximum value (0 to 7) for the priority tag associated with packets that fall within the profile,
use the config qos protocol-type command.
config qos protocol-type {bronze | silver | gold | platinum} {none | dot1p}

Syntax Description

Command Default

Command History

Examples

bronze

Specifies the QoS 802.1p tag for the queue bronze.

silver

Specifies the QoS 802.1p tag for the queue silver.

gold

Specifies the QoS 802.1p tag for the queue gold.

platinum

Specifies the QoS 802.1p tag for the queue platinum.

none

Specifies when no specific protocol is assigned.

dot1p

Specifies when dot1p type protocol is assigned.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the QoS protocol type silver:
(Cisco Controller) > config qos protocol-type silver dot1p

Related Commands

show qos queue_length all

config qos dot1p-tag

Cisco Wireless LAN Controller Command Reference, Release 8.0

384

OL-31334-01

config Commands

config qos queue_length

To specify the maximum number of packets that access points keep in their queues, use the config qos
queue_length command.
config qos queue_length {bronze | silver | gold | platinum} queue_length

Syntax Description

Command Default

Command History

Examples

bronze

Specifies the QoS length for the queue bronze.

silver

Specifies the QoS length for the queue silver.

gold

Specifies the QoS length for the queue gold.

platinum

Specifies the QoS length for the queue platinum.

queue_length

Maximum queue length values (10 to 255).

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the QoS length for the queue gold with the maximum queue
length value as 12:
(Cisco Controller) > config qos queue_length gold 12

Related Commands

show qos

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

385

config Commands

config rfid auto-timeout

To configure an automatic timeout of radio frequency identification (RFID) tags, use the config rfid
auto-timeout command.
config rfid auto-timeout {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables an automatic timeout.

disable

Disables an automatic timeout.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable an automatic timeout of RFID tags:
(Cisco Controller) > config rfid auto-timeout enable

Related Commands

show rfid summary

config rfid status
config rfid timeout

Cisco Wireless LAN Controller Command Reference, Release 8.0

386

OL-31334-01

config Commands

config rfid status

To configure radio frequency identification (RFID) tag data tracking, use the config rfid status command.
config rfid status {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables RFID tag tracking.

disable

Enables RFID tag tracking.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure RFID tag tracking settings:
(Cisco Controller) > config rfid status enable

Related Commands

show rfid summary

config rfid auto-timeout
config rfid timeout

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

387

config Commands

config rfid timeout

To configure a static radio frequency identification (RFID) tag data timeout, use the config rfid timeout
command.
config rfid timeout seconds

Syntax Description

Command Default

Command History

Examples

seconds

Timeout in seconds (from 60 to 7200).

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure a static RFID tag data timeout of 60 seconds:
(Cisco Controller) > config rfid timeout 60

Related Commands

show rfid summary

config rfid statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

388

OL-31334-01

config Commands

config service timestamps

To enable or disable time stamps in message logs, use the config service timestamps command.
config service timestamps {debug | log} {datetime | disable}

Syntax Description

Command Default

Command History

Examples

debug

Configures time stamps in debug messages.

log

Configures time stamps in log messages.

datetime

Specifies to time-stamp message logs with the standard date

and time.

disable

Specifies to prevent message logs being time-stamped.

By default, the time stamps in message logs are disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure time-stamp message logs with the standard date and time:
(Cisco Controller) > config service timestamps log datetime

The following example shows how to prevent message logs being time-stamped:
(Cisco Controller) > config service timestamps debug disable

Related Commands

show logging

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

389

config Commands

config sessions maxsessions

To configure the number of Telnet CLI sessions allowed by the Cisco wireless LAN controller, use the config
sessions maxsessions command.
config sessions maxsessions session_num

Syntax Description

Command Default

Command History

session_num

Number of sessions from 0 to 5.

The default number of Telnet CLI sessions allowed by the Cisco WLC is 5.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Up to five sessions are possible while a setting of zero prohibits any Telnet CLI sessions.

Examples

The following example shows how to configure the number of allowed CLI sessions to 2:
(Cisco Controller) > config sessions maxsessions 2

Related Commands

show sessions

Cisco Wireless LAN Controller Command Reference, Release 8.0

390

OL-31334-01

config Commands

config sessions timeout

To configure the inactivity timeout for Telnet CLI sessions, use the config sessions timeout command.
config sessions timeout timeout

Syntax Description

Command Default

Command History

Examples

timeout

Timeout of Telnet session in minutes (from 0 to 160). A value of 0 indicates no

timeout.

The default inactivity timeout for Telnet CLI sessions is 5 minutes.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the inactivity timeout for Telnet sessions to 20 minutes:
(Cisco Controller) > config sessions timeout 20

Related Commands

show sessions

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

391

config Commands

config switchconfig boot-break

To enable or disable the breaking into boot prompt by pressing the Esc key at system startup, use the config
switchconfig boot-break command.
config switchconfig boot-break {enable | disable}

Syntax Description

enable

Enables the breaking into boot prompt by pressing the Esc key at system startup.

disable

Disables the breaking into boot prompt by pressing the Esc key at system startup.

Command Default

By default, the breaking into boot prompt by pressing the Esc key at system startup is disabled.

Usage Guidelines

You must enable the features that are prerequisites for the Federal Information Processing Standard (FIPS)
mode before enabling or disabling the breaking into boot prompt.

Examples

The following example shows how to enable the breaking into boot prompt by pressing the Esc key at system
startup:
(Cisco Controller) > config switchconfig boot-break enable

Related Commands

show switchconfig
config switchconfig flowcontrol
config switchconfig mode
config switchconfig secret-obfuscation
config switchconfig fips-prerequisite
config switchconfig strong-pwd

Cisco Wireless LAN Controller Command Reference, Release 8.0

392

OL-31334-01

config Commands

config switchconfig fips-prerequisite

To enable or disable the features that are prerequisites for the Federal Information Processing Standard (FIPS)
mode, use the config switchconfig fips-prerequisite command.
config switchconfig fips-prerequisite {enable | disable}

Syntax Description

enable

Enables the features that are prerequisites for the FIPS mode.

disable

Disables the features that are prerequisites for the FIPS mode.

Command Default

By default, the features that are prerequisites for the FIPS mode are disabled.

Usage Guidelines

You must configure the FIPS authorization secret before you can enable or disable the FIPS prerequisite
features.

Examples

The following example shows how to enable the features that are prerequisites for the FIPS mode:
(Cisco Controller) > config switchconfig fips-prerequisite enable

Related Commands

show switchconfig
config switchconfig flowcontrol
config switchconfig mode
config switchconfig secret-obfuscation
config switchconfig boot-break
config switchconfig strong-pwd

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

393

config Commands

config switchconfig strong-pwd

To enable or disable your controller to check the strength of newly created passwords, use the config
switchconfig strong-pwd command.
config switchconfig strong-pwd {case-check | consecutive-check | default-check | username-check |
position-check | case-digit-check | minimum {upper-case | lower-case | digits | special-chars}
no._of_characters | min-length | password_length | lockout{mgmtuser | snmpv3user | time | attempts} |
lifetime {mgmtuser | snmpv3user} lifetime | all-checks} {enable | disable}

Syntax Description

case-check

Checks at least three combinations: lowercase

characters, uppercase characters, digits, or special
characters.

consecutive-check

Checks the occurrence of the same character three

times.

default-check

Checks for default values or use of their variants.

username-check

Checks whether the username is specified or not.

position-check

Checks whether the password has a four-character

change from the old password.

case-digit-check

Checks whether the password has all the four

combinations: lower, upper, digits, or special
characters.

minimum

Checks whether the password has a minimum number

of upper case and lower case characters, digits, or
special characters.

upper-case

Checks whether the password has a minimum number

of upper case characters.

lower-case

Checks whether the password has a minimum number

of lower case characters.

digits

Checks whether the password has a minimum number

of digits.

special-chars

Checks whether the password has a minimum number

of special characters.

min-length

Configures the minimum length for the password.

password_length

Minimum length for the password. The range is from

3 to 24 case-sensitive characters.

Cisco Wireless LAN Controller Command Reference, Release 8.0

394

OL-31334-01

config Commands

Command Default

Command History

lockout

Configures the lockout feature for a management user

or Simple Network Management Protocol version 3
(SNMPv3) user.

mgmtuser

Locks out a management user when the number of

successive failed attempts exceed the management user
lockout attempts.

snmpv3user

Locks out a SNMPv3 user when the number of

successive failed attempts exceeds the SNMPv3 user
lockout attempts.

time

Configures the time duration after the lockout attempts

when the management user or SNMPv3 user is locked.

attempts

Configures the number of successive incorrect

password attempts after which the management user
or SNMPv3 user is locked.

lifetime

Configures the number of days before the management

user or SNMPv3 user requires a change of password
due to the age of the password.

mgmtuser

Configures the number of days before the management

user requires a change of password due to the password
age.

snmpv3user

Configures the number of days before the SNMPv3

user requires a change of password due to the age of
the password.

lifetime

Number of days before the management user or

SNMPv3 user requirlifetimees a change of password
due to the age of the password.

all-checks

Checks all the cases.

enable

Enables a strong password check for the access point

and Cisco WLC.

disable

Disables a strong password check for the access point

and Cisco WLC.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

395

config Commands

Examples

The following example shows how to enable the Strong Password Check feature:
(Cisco Controller) > config switchconfig strong-pwd case-check enable

Related Commands

show switchconfig
config switchconfig flowcontrol
config switchconfig mode
config switchconfig secret-obfuscation
config switchconfig fips-prerequisite
config switchconfig boot-break

Cisco Wireless LAN Controller Command Reference, Release 8.0

396

OL-31334-01

config Commands

config switchconfig flowcontrol

To enable or disable 802.3x flow control, use the config switchconfig flowcontrol command.
config switchconfig flowcontrol {enable | disable}

Syntax Description

enable

Enables 802.3x flow control.

disable

Disables 802.3x flow control.

Command Default

By default, 802.3x flow control is disabled.

Examples

The following example shows how to enable 802.3x flow control on Cisco wireless LAN controller parameters:
(Cisco Controller) > config switchconfig flowcontrol enable

Related Commands

show switchconfig

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

397

config Commands

config switchconfig mode

To configure Lightweight Access Port Protocol (LWAPP) transport mode for Layer 2 or Layer 3, use the
config switchconfig mode command.
config switchconfig mode {L2 | L3}

Syntax Description

Command Default

Command History

Examples

Specifies Layer 2 as the transport mode.

Specifies Layer 3 as the transport mode.

The default transport mode is L3.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure LWAPP transport mode to Layer 3:
(Cisco Controller) > config switchconfig mode L3

Related Commands

show switchconfig

Cisco Wireless LAN Controller Command Reference, Release 8.0

398

OL-31334-01

config Commands

config switchconfig secret-obfuscation

To enable or disable secret obfuscation, use the config switchconfig secret-obfuscation command.
config switchconfig secret-obfuscation {enable | disable}

Syntax Description

Command Default

Command History

enable

Enables secret obfuscation.

disable

Disables secret obfuscation.

Secrets and user passwords are obfuscated in the exported XML configuration file.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

To keep the secret contents of your configuration file secure, do not disable secret obfuscation. To further
enhance the security of the configuration file, enable configuration file encryption.

Examples

The following example shows how to enable secret obfuscation:

(Cisco Controller) > config switchconfig secret-obfuscation enable

Related Commands

show switchconfig

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

399

config Commands

config sysname
To set the Cisco wireless LAN controller system name, use the config sysname command.
config sysname name

Syntax Description

Command Default

Command History

Examples

name

System name. The name can contain up to 31 alphanumeric characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the system named Ent_01:
(Cisco Controller) > config sysname Ent_01

Related Commands

show sysinfo

Cisco Wireless LAN Controller Command Reference, Release 8.0

400

OL-31334-01

config Commands

config snmp community accessmode

To modify the access mode (read only or read/write) of an SNMP community, use the config snmp community
accessmode command.
config snmp community accessmode {ro | rw} name

Syntax Description

Command Default

Specifies a read-only mode.

Specifies a read/write mode.

name

SNMP community name.

Two communities are provided by default with the following settings:

SNMP Community Name
------------------public
private

Command History

Examples

Client IP Address
----------------0.0.0.0
0.0.0.0

Client IP Mask
---------------0.0.0.0
0.0.0.0

Access Mode
----------Read Only
Read/Write

Status
-----Enable
Enable

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure read/write access mode for SNMP community:
(Cisco Controller) > config snmp community accessmode rw private

Related Commands

show snmp community

config snmp community mode
config snmp community create
config snmp community delete
config snmp community ipaddr

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

401

config Commands

config snmp community create

To create a new SNMP community, use the config snmp community create command.
config snmp community create name

Syntax Description

Command Default

Command History

name

SNMP community name of up to 16 characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Use this command to create a new community with the default configuration.

Examples

The following example shows how to create a new SNMP community named test:
(Cisco Controller) > config snmp community create test

Related Commands

show snmp community

config snmp community mode
config snmp community accessmode
config snmp community delete
config snmp community ipaddr

Cisco Wireless LAN Controller Command Reference, Release 8.0

402

OL-31334-01

config Commands

config snmp community delete

To delete an SNMP community, use the config snmp community delete command.
config snmp community delete name

Syntax Description

Command Default

Command History

Examples

name

SNMP community name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to delete an SNMP community named test:
(Cisco Controller) > config snmp community delete test

Related Commands

show snmp community

config snmp community mode
config snmp community accessmode
config snmp community create
config snmp community ipaddr

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

403

config Commands

config snmp community ipaddr

To configure the IPv4 or IPv6 address of an SNMP community, use the config snmp community ipaddr
command.
config snmp community ipaddr IP addr IPv4 mask/IPv6 Prefix lengthname

Syntax Description

Command Default

Command History

Usage Guidelines

IP addr

SNMP community IPv4 or IPv6 address.

IPv4 mask/IPv6 Prefix

length

SNMP community IP mask (IPv4 mask or IPv6 Prefix length). The IPv6 prefix
length is from 0 to 128.

name

SNMP community name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports both IPv4 and IPv6 address formats.

This command is applicable for both IPv4 and IPv6 addresses.

This command is not applicable for default SNMP community (public, private).

Examples

The following example shows how to configure an SNMP community with the IPv4 address 10.10.10.10,
IPv4 mask 255.255.255.0, and SNMP community named comaccess:
(Cisco Controller) > config snmp community ipaddr 10.10.10.10 255.255.255.0 comaccess

The following example shows how to configure an SNMP community with the IPv6 address 2001:9:2:16::1,
IPv6 prefix length 64, and SNMP community named comaccess:
(Cisco Controller) > config snmp community ipaddr 2001:9:2:16::1 64 comaccess

Cisco Wireless LAN Controller Command Reference, Release 8.0

404

OL-31334-01

config Commands

config snmp community mode

To enable or disable an SNMP community, use the config snmp community mode command.
config snmp community mode {enable | disable} name

Syntax Description

Command Default

Command History

Examples

enable

Enables the community.

disable

Disables the community.

name

SNMP community name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the SNMP community named public:
(Cisco Controller) > config snmp community mode disable public

Related Commands

show snmp community

config snmp community delete
config snmp community accessmode
config snmp community create
config snmp community ipaddr

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

405

config Commands

config snmp engineID

To configure the SNMP engine ID, use the config snmp engineID command.
config snmp engineID {engine_id | default}

Syntax Description

Command Default

Command History

Usage Guidelines

engine_id

Engine ID in hexadecimal characters (a minimum of 10 and a maximum of 24

characters are allowed).

default

Restores the default engine ID.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The SNMP engine ID is a unique string used to identify the device for administration purposes. You do need
to specify an engine ID for the device because a default string is automatically generated using Ciscos
enterprise number and the MAC address of the first interface on the device.
If you change the engine ID, then a reboot is required for the change to take effect.
Caution If you change the value of the SNMP engine ID, then the password of the user entered on the command
line is converted to an MD5 (Message-Digest algorithm 5) or SHA (Secure Hash Algorithm) security digest.
This digest is based on both the password and the local engine ID. The command line password is then deleted.
Because of this deletion, if the local value of the engine ID changes, the security digests of the SNMP users
will become invalid, and the users will have to be reconfigured.

Examples

The following example shows how to configure the SNMP engine ID with the value fffffffffff:
(Cisco Controller) > config snmp engineID fffffffffff

Related Commands

show snmpengineID

Cisco Wireless LAN Controller Command Reference, Release 8.0

406

OL-31334-01

config Commands

config snmp syscontact

To set the SNMP system contact name, use the config snmp syscontact command.
config snmp syscontact contact

Syntax Description

Command Default

Command History

Examples

contact

SNMP system contact name. The contact can be up to 31 alphanumeric characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the SMNP system contact named Cisco WLAN
Solution_administrator:
(Cisco Controller) > config snmp syscontact Cisco WLAN Solution_administrator

Related Commands

show snmpcommunity

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

407

config Commands

config snmp syslocation

To configure the SNMP system location name, use the config snmp syslocation command.
config snmp syslocation location

Syntax Description

Command Default

Command History

Examples

location

SNMP system location name. The location can be up to 31 alphanumeric

characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the SNMP system location name to Building_2a:
(Cisco Controller) > config snmp syslocation Building_2a

Related Commands

show snmpcommunity

Cisco Wireless LAN Controller Command Reference, Release 8.0

408

OL-31334-01

config Commands

config snmp trapreceiver create

To configure a server to receive SNMP traps, use the config snmp trapreceiver create command.
config snmp trapreceiver create name IP addr

Syntax Description

Command Default

Command History

name

SNMP community name. The name contain up to 16 characters.

IP addr

Configure the IPv4 or IPv6 address of where to send SNMP traps.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports both IPv4 and IPv6 address formats.

Usage Guidelines

The IPv4 or IPv6 address must be valid for the command to add the new server.

Examples

The following example shows how to add a new SNMP trap receiver with the SNMP trap receiver named
test and IP address 10.1.1.1:
(Cisco Controller) > config snmp trapreceiver create test 10.1.1.1

The following example shows how to add a new SNMP trap receiver with the SNMP trap receiver named
test and IP address 2001:10:1:1::1:
(Cisco Controller) > config snmp trapreceiver create test 2001:10:1:1::1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

409

config Commands

config snmp trapreceiver delete

To delete a server from the trap receiver list, use the config snmp trapreceiver delete command.
config snmp trapreceiver delete name

Syntax Description

Command Default

Command History

Examples

name

SNMP community name. The name can contain up to 16 characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to delete a server named test from the SNMP trap receiver list:
(Cisco Controller) > config snmp trapreceiver delete test

Related Commands

show snmp trap

Cisco Wireless LAN Controller Command Reference, Release 8.0

410

OL-31334-01

config Commands

config snmp trapreceiver mode

To send or disable sending traps to a selected server, use the config snmp trapreceiver mode command.
config snmp trapreceiver mode {enable | disable} name

Syntax Description

Command Default

Command History

enable

Enables an SNMP trap receiver.

disable

Disables an SNMP trap receiver.

name

SNMP community name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This command enables or disables the Cisco wireless LAN controller from sending the traps to the selected
server.

Examples

The following example shows how to disable an SNMP trap receiver from sending traps to a server named
server1:
(Cisco Controller) > config snmp trapreceiver mode disable server1

Related Commands

show snmp trap

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

411

config Commands

config snmp v3user create

To create a version 3 SNMP user, use the config snmp v3user create command.
config snmp v3user create username {ro | rw} {none | hmacmd5 | hmacsha} {none | des | aescfb128}
[auth_key] [encrypt_key]

Syntax Description

Command Default

username

Version 3 SNMP username.

Specifies a read-only user privilege.

Specifies a read-write user privilege.

none

Specifies if no authentication is required.

hmacmd5

Specifies Hashed Message Authentication

Coding Message Digest 5 (HMAC-MD5) for
authentication.

hmacsha

Specifies Hashed Message Authentication

Coding-Secure Hashing Algorithm
(HMAC-SHA) for authentication.

none

Specifies if no encryption is required.

des

Specifies to use Cipher Block

Chaining-Digital Encryption Standard
(CBC-DES) encryption.

aescfb128

Specifies to use Cipher Feedback

Mode-Advanced Encryption Standard-128
(CFB-AES-128) encryption.

auth_key

(Optional) Authentication key for the

HMAC-MD5 or HMAC-SHA authentication
protocol.

encrypt_key

(Optional) Encryption key for the CBC-DES

or CFB-AES-128 encryption protocol.

SNMP v3 username AccessMode Authentication Encryption

-------------------- ------------- -------------- ----------default
Read/Write
HMAC-SHA
CFB-AES

Cisco Wireless LAN Controller Command Reference, Release 8.0

412

OL-31334-01

config Commands

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add an SNMP username named test with read-only privileges and no
encryption or authentication:
(Cisco Controller) > config snmp v3user create test ro none none

Related Commands

show snmpv3user

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

413

config Commands

config snmp v3user delete

To delete a version 3 SNMP user, use the config snmp v3user delete command.
config snmp v3user delete username

Syntax Description

Command Default

Command History

Examples

username

Username to delete.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to remove an SNMP user named test:
(Cisco Controller) > config snmp v3user delete test

Related Commands

show snmp v3user

Cisco Wireless LAN Controller Command Reference, Release 8.0

414

OL-31334-01

config Commands

config snmp version

To enable or disable selected SNMP versions, use the config snmp version command.
config snmp version {v1 | v2 | v3} {enable | disable}

Syntax Description

Command Default

Command History

Examples

Specifies an SNMP version to enable or disable.

enable

Enables a specified version.

disable

Disables a specified version.

By default, all the SNMP versions are enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable SNMP version v1:

(Cisco Controller) > config snmp version v1 enable

Related Commands

show snmpversion

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

415

config Commands

config time manual

To set the system time, use the config time manual command.
config time manual MM |DD | YY HH:MM:SS

Syntax Description

Command Default

Command History

Examples

MM/DD/YY

Date.

HH:MM:SS

Time.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the system date to 04/04/2010 and time to 15:29:00:
(Cisco Controller) > config time manual 04/04/2010 15:29:00

Related Commands

show time

Cisco Wireless LAN Controller Command Reference, Release 8.0

416

OL-31334-01

config Commands

config time ntp

To set the Network Time Protocol (NTP), use the config time ntp command.
config time ntp {auth {enable server-index key-index | disable server-index} | interval interval | key-auth
{add key-index md5 {ascii | hex} key} | delete key-index} | server index IP Address}

Syntax Description

Command Default

Command History

auth

Configures the NTP authentication.

enable

Enables the NTP authentication.

server-index

NTP server index.

key-index

Key index between 1 and 4294967295.

disable

Disables the NTP authentication.

interval

Configures the NTP polling interval.

interval

NTP polling interval in seconds. The range is from 3600 and 604800 seconds.

key-auth

Configures the NTP authentication key.

add

Adds an NTP authentication key.

md5

Specifies the authentication protocol.

ascii

Specifies the ASCII key type.

hex

Specifies the hexadecimal key type.

key

Specifies the ASCII key format with a maximum of 16 characters or the

hexadecimal key format with a maximum of 32 digits.

delete

Deletes an NTP authentication key.

server

Configures the NTP servers.

IP Address

NTP server's IP address. Use 0.0.0.0 or :: to delete entry.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

417

config Commands

Usage Guidelines

Release

Modification

8.0

This command supports both IPv4 and IPv6 address formats.

To add the NTP server to the controller, use the config time ntp server index IP Address command.
To delete the NTP server (IPv4) from the controller, use the config time ntp serverindex 0.0.0.0
command.
To delete the NTP server (IPv6) from the controller, use the config time ntp serverindex :: command.
To display configured NTP server on the controller, use the show time command.

Examples

The following example shows how to configure the NTP polling interval to 7000 seconds:
(Cisco Controller) > config time ntp interval 7000

The following example shows how to enable NTP authentication where the server index is 4 and the key index
is 1:
(Cisco Controller) > config time ntp auth enable 4 1

The following example shows how to add an NTP authentication key of value ff where the key format is in
hexadecimal characters and the key index is 1:
(Cisco Controller) > config time ntp key-auth add 1 md5 hex ff

The following example shows how to add an NTP authentication key of value ff where the key format is in
ASCII characters and the key index is 1:
(Cisco Controller) > config time ntp key-auth add 1 md5 ascii ciscokey

The following example shows how to add NTP servers and display the servers configured to controllers:
(Cisco Controller) > config time ntp server 1 10.92.125.52
(Cisco Controller) > config time ntp server 2 2001:9:6:40::623
(Cisco Controller) > show time
Time............................................. Fri May 23 12:04:18 2014
Timezone delta................................... 0:0
Timezone location................................ (GMT +5:30) Colombo, New Delhi, Chennai,
Kolkata
NTP Servers
NTP Polling Interval......................... 3600
Index NTP Key Index NTP Server NTP
Msg Auth Status
------- -------------------------------------------------1
1
10.92.125.52
AUTH SUCCESS
2
1
2001:9:6:40::623
AUTH SUCCESS

The following example shows how to delete NTP servers and verify that the servers are deleted removed from
the NTP server list:
(Cisco Controller) > config time ntp server
(Cisco Controller) > config time ntp server
(Cisco Controller) > show time

1 0.0.0.0
2 ::

Cisco Wireless LAN Controller Command Reference, Release 8.0

418

OL-31334-01

config Commands

Time............................................. Fri May 23 12:04:18 2014

Timezone delta................................... 0:0
Timezone location................................ (GMT +5:30) Colombo, New Delhi, Chennai,
Kolkata
NTP Servers
NTP Polling Interval......................... 3600
Index NTP Key Index NTP Server NTP
Msg Auth Status
------- --------------------------------------------------

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

419

config Commands

config time timezone

To configure the system time zone, use the config time timezone command.
config time timezone {enable | disable} delta_hours delta_mins

Syntax Description

Command Default

Command History

Examples

enable

Enables daylight saving time.

disable

Disables daylight saving time.

delta_hours

Local hour difference from the Universal Coordinated Time (UCT).

delta_mins

Local minute difference from UCT.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the daylight saving time:
(Cisco Controller) > config time timezone enable 2 0

Related Commands

show time

Cisco Wireless LAN Controller Command Reference, Release 8.0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

423

config Commands

config trapflags 802.11-Security

To enable or disable sending 802.11 security-related traps, use the config trapflags 802.11-Security command.
config trapflags 802.11-Security wepDecryptError {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables sending 802.11 security-related traps.

disable

Disables sending 802.11 security-related traps.

By default, sending the 802.11 security-related traps is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable the 802.11 security related traps:
(Cisco Controller) > config trapflags 802.11-Security wepDecryptError disable

Related Commands

show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

424

OL-31334-01

config Commands

config trapflags aaa

To enable or disable the sending of AAA server-related traps, use the config trapflags aaa command.
config trapflags aaa {auth | servers} {enable | disable}

Syntax Description

Command Default

Command History

Examples

auth

Enables trap sending when an AAA authentication failure occurs for management
user, net user, or MAC filter.

servers

Enables trap sending when no RADIUS servers are responding.

enable

Enables the sending of AAA server-related traps.

disable

Disables the sending of AAA server-related traps.

By default, the sending of AAA server-related traps is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the sending of AAA server-related traps:
(Cisco Controller) > config trapflags aaa auth enable

Related Commands

show watchlist

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

425

config Commands

config trapflags adjchannel-rogueap

To configure trap notifications when a rogue access point is detected at the adjacent channel, use the config
trapflags adjchannel-rogueap command.
config trapflags adjchannel-rogueap {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables trap notifications when a rogue access point is detected at the adjacent
channel.

disable

Disables trap notifications when a rogue access point is detected at the adjacent
channel.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable trap notifications when a rogue access point is detected at the
adjacent channel:
(Cisco Controller) > config trapflags adjchannel-rogueap enable

Related Commands

config trapflags 802.11-Security

config trapflags aaa
config trapflags ap
config trapflags authentication
config trapflags client
config trapflags configsave
config trapflags IPsec
config trapflags linkmode
config trapflags multiusers
config trapflags mesh
config trapflags strong-pwdcheck
config trapflags rfid
config trapflags rogueap

Cisco Wireless LAN Controller Command Reference, Release 8.0

426

OL-31334-01

config Commands

show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

427

config Commands

config trapflags ap
To enable or disable the sending of Cisco lightweight access point traps, use the config trapflags ap command.
config trapflags ap {register | interfaceUp} {enable | disable}

Syntax Description

Command Default

Command History

Examples

Enables sending a trap when a Cisco lightweight access point registers with Cisco
switch.

interfaceUp

Enables sending a trap when a Cisco lightweight access point interface (A or B)

comes up.

enable

Enables sending access point-related traps.

disable

Disables sending access point-related traps.

By default, the sending of Cisco lightweight access point traps is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to prevent traps from sending access point-related traps:
(Cisco Controller) > config trapflags ap register disable

Related Commands

show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

428

OL-31334-01

config Commands

config trapflags authentication

To enable or disable sending traps with invalid SNMP access, use the config trapflags authentication
command.
config trapflags authentication {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables sending traps with invalid SNMP access.

disable

Disables sending traps with invalid SNMP access.

By default, the sending traps with invalid SNMP access is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to prevent sending traps on invalid SNMP access:
(Cisco Controller) > config trapflags authentication disable

Related Commands

show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

429

config Commands

config trapflags client

To enable or disable the sending of client-related DOT11 traps, use the config trapflags client command.
config trapflags client {802.11-associate 802.11-disassociate | 802.11-deauthenticate | 802.11-authfail |
802.11-assocfail | authentication | excluded} {enable | disable}

Syntax Description

Command Default

Command History

Examples

802.11-associate

Enables the sending of Dot11 association traps to clients.

802.11-disassociate

Enables the sending of Dot11 disassociation traps to clients.

802.11-deauthenticate

Enables the sending of Dot11 deauthentication traps to clients.

802.11-authfail

Enables the sending of Dot11 authentication fail traps to

clients.

802.11-assocfail

Enables the sending of Dot11 association fail traps to clients.

authentication

Enables the sending of authentication success traps to clients.

excluded

Enables the sending of excluded trap to clients.

enable

Enables sending of client-related DOT11 traps.

disable

Disables sending of client-related DOT11 traps.

By default, the sending of client-related DOT11 traps is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the sending of Dot11 disassociation trap to clients:
(Cisco Controller) > config trapflags client 802.11-disassociate enable

Related Commands

show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

430

OL-31334-01

config Commands

config trapflags client max-warning-threshold

To configure the threshold value of the number of clients that associate with the controller, after which an
SNMP trap and a syslog message is sent to the controller, use the config trapflags client
max-warning-threshold command.
config trapflags client max-warning-threshold {threshold | enable | disable}

Syntax Description

threshold

Configures the threshold percentage value of the number of clients that associate
with the controller, after which an SNMP trap and a syslog message is sent to the
controller. The range is from 80 to 100.
The minimum interval between two warnings is 10 mins You cannot configure this
interval.

Command Default

Command History

Usage Guidelines

enable

Enables the generation of the traps and syslog messages.

disable

Disables the generation of the traps and syslog messages.

The default threshold value of the number of clients that associate with the controller is 90 %.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This table lists the maximum number of clients for different controllers.
Table 7: Maximum Number of Clients Supported on Different Controllers

Controller

Maximum Number of Supported Clients

Cisco 5500 Series Controllers

7000

Cisco 2500 Series Controllers

500

Cisco Wireless Services Module 2

15000

Cisco Flex 7500 Series Controllers

64000

Cisco 8500 Series Controllers

64000

Cisco Virtual Wireless LAN Controllers

30000

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

431

config Commands

Examples

The following example shows how to configure the threshold value of the number of clients that associate
with the controller:
(Cisco Controller) > config trapflags client max-warning-threshold 80

Related Commands

show trapflags
config trapflags client

Cisco Wireless LAN Controller Command Reference, Release 8.0

432

OL-31334-01

config Commands

config trapflags configsave

To enable or disable the sending of configuration-saved traps, use the config trapflags configsave command.
config trapflags configsave {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables sending of configuration-saved traps.

disable

Disables the sending of configuration-saved traps.

By default, the sending of configuration-saved traps is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the sending of configuration-saved traps:
(Cisco Controller) > config trapflags configsave enable

Related Commands

show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

433

config Commands

config trapflags IPsec

To enable or disable the sending of IPsec traps, use the config trapflags IPsec command.
config trapflags IPsec {esp-auth | esp-reply | invalidSPI | ike-neg | suite-neg | invalid-cookie} {enable |
disable}

Syntax Description

Command Default

Command History

Examples

esp-auth

Enables the sending of IPsec traps when an ESP authentication failure occurs.

esp-reply

Enables the sending of IPsec traps when an ESP replay failure occurs.

invalidSPI

Enables the sending of IPsec traps when an ESP invalid SPI is detected.

ike-neg

Enables the sending of IPsec traps when an IKE negotiation failure occurs.

suite-neg

Enables the sending of IPsec traps when a suite negotiation failure occurs.

invalid-cookie

Enables the sending of IPsec traps when a Isakamp invalid cookie is detected.

enable

Enables sending of IPsec traps.

disable

Disables sending of IPsec traps.

By default, the sending of IPsec traps is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the sending of IPsec traps when ESP authentication failure
occurs:
(Cisco Controller) > config trapflags IPsec esp-auth enable

Related Commands

show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

434

OL-31334-01

config Commands

config trapflags linkmode

To enable or disable Cisco wireless LAN controller level link up/down trap flags, use the config trapflags
linkmode command.
config trapflags linkmode {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables Cisco wireless LAN controller level link up/down trap flags.

disable

Disables Cisco wireless LAN controller level link up/down trap flags.

By default, the Cisco WLC level link up/down trap flags are enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the Cisco wireless LAN controller level link up/down trap:
(Cisco Controller) > config trapflags linkmode disable

Related Commands

show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

435

config Commands

config trapflags mesh

To configure trap notifications when a mesh access point is detected, use the config trapflags mesh command.
config trapflags mesh {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables trap notifications when a mesh access point is detected.

disable

Disables trap notifications when a mesh access point is detected.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable trap notifications when a mesh access point is detected:
(Cisco Controller) > config trapflags mesh enable

Related Commands

config trapflags 802.11-Security

config trapflags aaa
config trapflags ap
config trapflags adjchannel-rogueap
config trapflags authentication
config trapflags client
config trapflags configsave
config trapflags IPsec
config trapflags linkmode
config trapflags multiusers
config trapflags strong-pwdcheck
config trapflags rfid
config trapflags rogueap
show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

436

OL-31334-01

config Commands

config trapflags multiusers

To enable or disable the sending of traps when multiple logins are active, use the config trapflags multiusers
command.
config trapflags multiusers {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the sending of traps when multiple logins are active.

disable

Disables the sending of traps when multiple logins are active.

By default, the sending of traps when multiple logins are active is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable the sending of traps when multiple logins are active:
(Cisco Controller) > config trapflags multiusers disable

Related Commands

show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

437

config Commands

config trapflags rfid

To configure the threshold value of the maximum number of radio frequency identification (RFID) tags, after
which an SNMP trap and a syslog message is sent to the controller, use the config trapflags rfid command.
config trapflags rfid {threshold | enable | disable}

Syntax Description

threshold

Configures the threshold percentage value of the maximum number of RFID tags,
after which an SNMP trap and a syslog message is sent to the controller. The range
is from 80 to 100.
The traps and syslog messages are generated every 10 minutes. You cannot configure
this interval.

Command Default

Command History

Usage Guidelines

enable

Enables the generation of the traps and syslog messages.

disable

Disables the generation of the traps and syslog messages.

The default threshold value of the maximum number of RFID tags is 90 %.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following table shows the maximum number of RFID tags supported on different controllers:
Table 8: Maximum Number of RFID Tags Supported on Different Controllers

Controller

Maximum Number of Supported Clients

Cisco 5500 Series Controllers

5000

Cisco 2500 Series Controllers

500

Cisco Wireless Services Module 2

10000

Cisco Flex 7500 Series Controllers

50000

Cisco 8500 Series Controllers

50000

Cisco Virtual Wireless LAN Controllers

3000

Cisco Wireless LAN Controller Command Reference, Release 8.0

438

OL-31334-01

config Commands

Examples

The following example shows how to configure the threshold value of the maximum number of RFID tags:
(Cisco Controller) > config trapflags rfid 80

Related Commands

config trapflags 802.11-Security

config trapflags aaa
config trapflags ap
config trapflags adjchannel-rogueap
config trapflags authentication
config trapflags client
config trapflags configsave
config trapflags IPsec
config trapflags linkmode
config trapflags multiusers
config trapflags mesh
config trapflags strong-pwdcheck
config trapflags rogueap
config trapflags mesh
show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

439

config Commands

config trapflags rogueap

To enable or disable sending rogue access point detection traps, use the config trapflags rogueap command.
config trapflags rogueap {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the sending of rogue access point detection traps.

disable

Disables the sending of rogue access point detection traps.

By default, the sending of rogue access point detection traps is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable the sending of rogue access point detection traps:
(Cisco Controller) > config trapflags rogueap disable

Related Commands

config rogue ap classify

config rogue ap friendly
config rogue ap rldp
config rogue ap ssid
config rogue ap timeout
config rogue ap valid-client
show rogue ap clients
show rogue ap detailed
show rogue ap summary
show rogue ap friendly summary
show rogue ap malicious summary
show rogue ap unclassified summary
show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

440

OL-31334-01

config Commands

config trapflags rrm-params

To enable or disable the sending of Radio Resource Management (RRM) parameters traps, use the config
trapflags rrm-params command.
config trapflags rrm-params {tx-power | channel | antenna} {enable | disable}

Syntax Description

Command Default

Command History

Examples

tx-power

Enables trap sending when the RF manager automatically changes the tx-power
level for the Cisco lightweight access point interface.

channel

Enables trap sending when the RF manager automatically changes the channel
for the Cisco lightweight access point interface.

antenna

Enables trap sending when the RF manager automatically changes the antenna
for the Cisco lightweight access point interface.

enable

Enables the sending of RRM parameter-related traps.

disable

Disables the sending of RRM parameter-related traps.

By default, the sending of RRM parameters traps is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the sending of RRM parameter-related traps:
(Cisco Controller) > config trapflags rrm-params tx-power enable

Related Commands

show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

441

config Commands

config trapflags rrm-profile

To enable or disable the sending of Radio Resource Management (RRM) profile-related traps, use the config
trapflags rrm-profile command.
config trapflags rrm-profile {load | noise | interference | coverage} {enable | disable}

Syntax Description

Command Default

Command History

Examples

load

Enables trap sending when the load profile maintained by the RF manager fails.

noise

Enables trap sending when the noise profile maintained by the RF manager fails.

interference

Enables trap sending when the interference profile maintained by the RF manager
fails.

coverage

Enables trap sending when the coverage profile maintained by the RF manager
fails.

enable

Enables the sending of RRM profile-related traps.

disable

Disables the sending of RRM profile-related traps.

By default, the sending of RRM profile-related traps is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable the sending of RRM profile-related traps:
(Cisco Controller) > config trapflags rrm-profile load disable

Related Commands

show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

442

OL-31334-01

config Commands

config trapflags stpmode

To enable or disable the sending of spanning tree traps, use the config trapflags stpmode command.
config trapflags stpmode {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the sending of spanning tree traps.

disable

Disables the sending of spanning tree traps.

By default, the sending of spanning tree traps is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable the sending of spanning tree traps:
(Cisco Controller) > config trapflags stpmode disable

Related Commands

show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

443

config Commands

config trapflags strong-pwdcheck

To configure trap notifications for strong password checks, use the config trapflags strong-pwdcheck
command.
config trapflags strong-pwdcheck {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables trap notifications for strong password checks.

disable

Disables trap notifications for strong password checks.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable trap notifications for strong password checks:
(Cisco Controller) > config trapflags strong-pwdcheck enable

Related Commands

config trapflags 802.11-Security

config trapflags aaa
config trapflags ap
config trapflags adjchannel-rogueap
config trapflags authentication
config trapflags client
config trapflags configsave
config trapflags IPsec
config trapflags linkmode
config trapflags multiusers
config trapflags mesh
config trapflags rfid
config trapflags rogueap
show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

444

OL-31334-01

config Commands

config trapflags wps

To enable or disable Wireless Protection System (WPS) trap sending, use the config trapflags wps command.
config trapflags wps {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables WPS trap sending.

disable

Disables WPS trap sending.

By default, the WPS trap sending is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable the WPS traps sending:
(Cisco Controller) > config trapflags wps disable

Related Commands

show trapflags

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

445

Timeout Commands

save config
To save the controller configurations, use the save config command.
save config

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to save the controller settings:

(Cisco Controller) > save config
Are you sure you want to save? (y/n) y
Configuration Saved!

Timeout Commands
This section lists the timeout commands of the controller:

Cisco Wireless LAN Controller Command Reference, Release 8.0

446

OL-31334-01

Timeout Commands

config 802.11 cac video tspec-inactivity-timeout

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Processes the TSPEC inactivity timeout messages.

ignore

Ignores the TSPEC inactivity timeout messages.

Command Default

The default CAC WMM TSPEC inactivity timeout received from an access point is disabled (ignore).

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Examples

This example shows how to process the response to TSPEC inactivity timeout messages received from an
access point:
(Cisco Controller) > config 802.11a cac video tspec-inactivity-timeout enable

This example shows how to ignore the response to TSPEC inactivity timeout messages received from an
access point:
(Cisco Controller) > config 802.11a cac video tspec-inactivity-timeout ignore

Related Commands

config 802.11 cac video acm

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

447

Timeout Commands

config 802.11 cac video max-bandwidth

config 802.11 cac video roam-bandwidth

Cisco Wireless LAN Controller Command Reference, Release 8.0

448

OL-31334-01

Timeout Commands

config 802.11 cac voice tspec-inactivity-timeout

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Processes the TSPEC inactivity timeout messages.

ignore

Ignores the TSPEC inactivity timeout messages.

Command Default

The default WMM TSPEC inactivity timeout received from an access point is disabled (ignore).

Usage Guidelines

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the voice TSPEC inactivity timeout messages received from an
access point:
(Cisco Controller) > config 802.11 cac voice tspec-inactivity-timeout enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

449

Timeout Commands

Related Commands

config 802.11 cac voice load-based

config 802.11 cac voice roam-bandwidth
config 802.11 cac voice acm
config 802.11cac voice max-bandwidth
config 802.11 cac voice stream-size

Cisco Wireless LAN Controller Command Reference, Release 8.0

450

OL-31334-01

Timeout Commands

config advanced timers

To configure an advanced system timer, use the config advanced timers command.
config advanced timers {ap-discovery-timeout discovery-timeout | ap-fast-heartbeat {local | flexconnect
| all} {enable | disable} fast_heartbeat_seconds | ap-heartbeat-timeout heartbeat_seconds |
ap-primary-discovery-timeout primary_discovery_timeout | ap-primed-join-timeout primed_join_timeout
| auth-timeout auth_timeout | pkt-fwd-watchdog {enable | disable} {watchdog_timer | default} |
eap-identity-request-delay eap_identity_request_delay | eap-timeout eap_timeout}

Syntax Description

ap-discovery-timeout

Configures the Cisco lightweight access point discovery timeout value.

discovery-timeout

Cisco lightweight access point discovery timeout value, in seconds. The

range is from 1 to 10.

ap-fast-heartbeat

Configures the fast heartbeat timer, which reduces the amount of time it
takes to detect a controller failure in access points.

local

Configures the fast heartbeat interval for access points in local mode.

flexconnect

Configures the fast heartbeat interval for access points in FlexConnect

mode.

all

Configures the fast heartbeat interval for all the access points.

enable

Enables the fast heartbeat interval.

disable

Disables the fast heartbeat interval.

fast_heartbeat_seconds

Small heartbeat interval, which reduces the amount of time it takes to

detect a controller failure, in seconds. The range is from 1 to 10.

ap-heartbeat-timeout

Configures Cisco lightweight access point heartbeat timeout value.

heartbeat_seconds

Cisco the Cisco lightweight access point heartbeat timeout value, in

seconds. The range is from 1 to 30. This value should be at least three
times larger than the fast heartbeat timer.

ap-primary-discovery-timeout Configures the access point primary discovery request timer.

primary_discovery_timeout

Access point primary discovery request time, in seconds. The range is

from 30 to 3600.

ap-primed-join-timeout

Configures the access point primed discovery timeout value.

primed_join_timeout

Access point primed discovery timeout value, in seconds. The range is

from 120 to 43200.

auth-timeout

Configures the authentication timeout.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

451

Timeout Commands

auth_timeout

Authentication response timeout value, in seconds. The range is from 10

to 600.

pkt-fwd-watchdog

Configures the packet forwarding watchdog timer to protect from fastpath

deadlock.

watchdog_timer

Packet forwarding watchdog timer, in seconds. The range is from 60 to

300.

default

Configures the watchdog timer to the default value of 240 seconds.

eap-identity-request-delay

Configures the advanced Extensible Authentication Protocol (EAP)

identity request delay, in seconds.

eap_identity_request_delay

Advanced EAP identity request delay, in seconds. The range is from 0

to 10.

eap-timeout

Configures the EAP expiration timeout.

eap_timeout

EAP timeout value, in seconds. The range is from 8 to 120.

Command Default

The default access point discovery timeout is 10 seconds.

The default access point heartbeat timeout is 30 seconds.
The default access point primary discovery request timer is 120 seconds.
The default authentication timeout is 10 seconds.
The default packet forwarding watchdog timer is 240 seconds.

Command History

Usage Guidelines

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The Cisco lightweight access point discovery timeout indicates how often a Cisco WLC attempts to discover
unconnected Cisco lightweight access points.
The Cisco lightweight access point heartbeat timeout controls how often the Cisco lightweight access point
sends a heartbeat keepalive signal to the Cisco Wireless LAN Controller.

Examples

The following example shows how to configure an access point discovery timeout with a timeout value of
20:
(Cisco Controller) >config advanced timers ap-discovery-timeout 20

Cisco Wireless LAN Controller Command Reference, Release 8.0

452

OL-31334-01

Timeout Commands

The following example shows how to enable the fast heartbeat interval for an access point in FlexConnect
mode:
(Cisco Controller) >config advanced timers ap-fast-heartbeat flexconnect enable 8

The following example shows how to configure the authentication timeout to 20 seconds:
(Cisco Controller) >config advanced timers auth-timeout 20

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

453

Timeout Commands

config dhcp timeout

Syntax Description

Command Default

Command History

Examples

timeout-value

Timeout value in the range of 5 to 120 seconds.

The default timeout value is 120 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the DHCP timeout to 10 seconds:
(Cisco Controller) >config dhcp timeout 10

Cisco Wireless LAN Controller Command Reference, Release 8.0

454

OL-31334-01

Timeout Commands

config ldap
To configure the Lightweight Directory Access Protocol (LDAP) server settings, use the config ldap command.
config ldap {add | delete | enable | disable | retransmit-timeout | retry | user | security-mode | simple-bind}
index
config ldap add index server_ip_address port user_base user_attr user_type[ secure]
config ldap retransmit-timeout index retransmit-timeout
config ldap retry attempts
config ldap user {attr index user-attr | base index user-base | typeindex user-type}
config ldap security-mode {enable | disable}index
config ldap simple-bind {anonymous index | authenticated index username password}

Syntax Description

add

Specifies that an LDAP server is being added.

delete

Specifies that an LDAP server is being deleted.

enable

Specifies that an LDAP serve is enabled.

disable

Specifies that an LDAP server is disabled.

retransmit-timeout

Changes the default retransmit timeout for an LDAP

server.

retry

Configures the retry attempts for an LDAP server.

user

Configures the user search parameters.

security-mode

Configures the security mode.

simple-bind

Configures the local authentication bind method.

anonymous

Allows anonymous access to the LDAP server.

authenticated

Specifies that a username and password be entered to

secure access to the LDAP server.

index

LDAP server index. The range is from 1 to 17.

server_ip_address

IP address of the LDAP server.

port

Port number.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

455

Timeout Commands

Command Default

Command History

user_base

Distinguished name for the subtree that contains all

of the users.

user_attr

Attribute that contains the username.

user_type

ObjectType that identifies the user.

secure

(Optional) Specifies that Transport Layer Security

(TLS) is used.

retransmit-timeout

Retransmit timeout for an LDAP server. The range is

from 2 to 30.

attempts

Number of attempts that each LDAP server is retried.

attr

Configures the attribute that contains the username.

base

Configures the distinguished name of the subtree that

contains all the users.

type

Configures the user type.

username

Username for the authenticated bind method.

password

Password for the authenticated bind method.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

7.6

The secure keyword was added to support secure

LDAP.

Usage Guidelines

When you enable secure LDAP, the controller does not validate the server certificate.

Examples

The following example shows how to enable LDAP server index 10:
(Cisco Controller) > config ldap enable 10

Related Commands

config ldap add

config ldap simple-bind

Cisco Wireless LAN Controller Command Reference, Release 8.0

456

OL-31334-01

Timeout Commands

show ldap summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

457

Timeout Commands

config remote-lan session-timeout

To configure client session timeout, use the config remote-lan session-timeout command.
config remote-lan session-timeout remote-lan-id seconds

Syntax Description

Command Default

Command History

Examples

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

seconds

Timeout or session duration in seconds. A value of zero is equivalent to no

timeout.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the client session timeout to 6000 seconds for a remote LAN
with ID 1:
(Cisco Controller) >config remote-lan session-timeout 1 6000

Cisco Wireless LAN Controller Command Reference, Release 8.0

458

OL-31334-01

Timeout Commands

config network usertimeout

To change the timeout for idle client sessions, use the config network usertimeout command.
config network usertimeout seconds

Syntax Description

seconds

Timeout duration in seconds. The minimum value is 90 seconds. The default

value is 300 seconds.

Command Default

The default timeout value for idle client session is 300 seconds.

Usage Guidelines

Use this command to set the idle client session duration on the Cisco wireless LAN controller. The minimum
duration is 90 seconds.

Examples

The following example shows how to configure the idle session timeout to 1200 seconds:
(Cisco Controller) > config network usertimeout 1200

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

459

Timeout Commands

config radius acct retransmit-timeout

To change the default transmission timeout for a RADIUS accounting server for the Cisco wireless LAN
controller, use the config radius acct retransmit-timeout command.
config radius acct retransmit-timeout index timeout

Syntax Description

Command Default

Command History

Examples

index

RADIUS server index.

timeout

Number of seconds (from 2 to 30) between

retransmissions.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure retransmission timeout value 5 seconds between the
retransmission:
(Cisco Controller) > config radius acct retransmit-timeout 5

Related Commands

show radius acct statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

460

OL-31334-01

Timeout Commands

config radius auth mgmt-retransmit-timeout

To configure a default RADIUS server retransmission timeout for management users, use the config radius
auth mgmt-retransmit-timeout command.
config radius auth mgmt-retransmit-timeout index retransmit-timeout

Syntax Description

Command Default

Command History

Examples

index

RADIUS server index.

retransmit-timeout

Timeout value. The range is from 1 to 30 seconds.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a default RADIUS server retransmission timeout for
management users:
(Cisco Controller) > config radius auth mgmt-retransmit-timeout 1 10

Related Commands

config radius auth management

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

461

Timeout Commands

config radius auth retransmit-timeout

To change a default transmission timeout for a RADIUS authentication server for the Cisco wireless LAN
controller, use the config radius auth retransmit-timeout command.
config radius auth retransmit-timeout index timeout

Syntax Description

Command Default

Command History

Examples

index

RADIUS server index.

timeout

Number of seconds (from 2 to 30) between

retransmissions.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a retransmission timeout of 5 seconds for a RADIUS
authentication server:
(Cisco Controller) > config radius auth retransmit-timeout 5

Related Commands

show radius auth statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

462

OL-31334-01

Timeout Commands

config radius auth retransmit-timeout

To configure a retransmission timeout value for a RADIUS accounting server, use the config radius auth
server-timeout command.
config radius auth retransmit-timeout index timeout

Syntax Description

Command Default

Command History

Examples

index

RADIUS server index.

timeout

Timeout value. The range is from 2 to 30 seconds.

The default timeout is 2 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a server timeout value of 2 seconds for RADIUS authentication
server index 10:
(Cisco Controller) > config radius auth retransmit-timeout 2 10

Related Commands

show radius auth statistics

show radius summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

463

Timeout Commands

config rogue ap timeout

To specify the number of seconds after which the rogue access point and client entries expire and are removed
from the list, use the config rogue ap timeout command.
config rogue ap timeout seconds

Syntax Description

Command Default

Command History

Examples

seconds

Value of 240 to 3600 seconds (inclusive), with a

default value of 1200 seconds.

The default number of seconds after which the rogue access point and client entries expire is 1200 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set an expiration time for entries in the rogue access point and client
list to 2400 seconds:
(Cisco Controller) > config rogue ap timeout 2400

Related Commands

config rogue ap classify

config rogue ap friendly
config rogue ap rldp
config rogue ap ssid
config rogue rule
config trapflags rogueap
show rogue ap clients
show rogue ap detailed
show rogue ap summary
show rogue ap friendly summary
show rogue ap malicious summary
show rogue ap unclassified summary
show rogue ignore-list
show rogue rule detailed

Cisco Wireless LAN Controller Command Reference, Release 8.0

464

OL-31334-01

Timeout Commands

show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

465

Timeout Commands

config tacacs athr mgmt-server-timeout

To configure a default TACACS+ authorization server timeout for management users, use the config tacacs
athr mgmt-server-timeout command.
config tacacs athr mgmt-server-timeout index timeout

Syntax Description

Command Default

Command History

Examples

index

TACACS+ authorization server index.

timeout

Timeout value. The range is 1 to 30 seconds.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a default TACACS+ authorization server timeout for
management users:
(Cisco Controller) > config tacacs athr mgmt-server-timeout 1 10

Related Commands

config tacacs athr

Cisco Wireless LAN Controller Command Reference, Release 8.0

466

OL-31334-01

Timeout Commands

config tacacs auth mgmt-server-timeout

To configure a default TACACS+ authentication server timeout for management users, use the config tacacs
auth mgmt-server-timeout command.
config tacacs auth mgmt-server-timeout index timeout

Syntax Description

Command Default

Command History

Examples

index

TACACS+ authentication server index.

timeout

Timeout value. The range is 1 to 30 seconds.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a default TACACS+ authentication server timeout for
management users:
(Cisco Controller) > config tacacs auth mgmt-server-timeout 1 10

Related Commands

config tacacs auth

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

467

Timeout Commands

config rfid auto-timeout

To configure an automatic timeout of radio frequency identification (RFID) tags, use the config rfid
auto-timeout command.
config rfid auto-timeout {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables an automatic timeout.

disable

Disables an automatic timeout.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable an automatic timeout of RFID tags:
(Cisco Controller) > config rfid auto-timeout enable

Related Commands

show rfid summary

config rfid status
config rfid timeout

Cisco Wireless LAN Controller Command Reference, Release 8.0

468

OL-31334-01

Timeout Commands

config rfid timeout

To configure a static radio frequency identification (RFID) tag data timeout, use the config rfid timeout
command.
config rfid timeout seconds

Syntax Description

Command Default

Command History

Examples

seconds

Timeout in seconds (from 60 to 7200).

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure a static RFID tag data timeout of 60 seconds:
(Cisco Controller) > config rfid timeout 60

Related Commands

show rfid summary

config rfid statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

469

Timeout Commands

config wlan session-timeout

To change the timeout of wireless LAN clients, use the config wlan session-timeout command.
config wlan session-timeout {wlan_id | foreignAp} seconds

Syntax Description

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

seconds

Timeout or session duration in seconds. A value of zero is equivalent to no timeout.

Note

The range of session timeout depends on the security

type:
Open system: 0-65535 (sec)
802.1x: 300-86400 (sec)
static wep: 0-65535 (sec)
cranite: 0-65535 (sec)
fortress: 0-65535 (sec)
CKIP: 0-65535 (sec)
open+web auth: 0-65535 (sec)
web pass-thru: 0-65535 (sec)
wpa-psk: 0-65535 (sec)
disable: To disable reauth/session-timeout timers.

Command Default

Command History

Examples

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the client timeout to 6000 seconds for WLAN ID 1:
(Cisco Controller) >config wlan session-timeout 1 6000

Cisco Wireless LAN Controller Command Reference, Release 8.0

470

OL-31334-01

Timeout Commands

config wlan usertimeout

To configure the timeout for idle client sessions for a WLAN, use the config wlan usertimeout command.
config wlan usertimeout timeout wlan_id

Syntax Description

Command Default

Command History

timeout

Timeout for idle client sessions for a WLAN. If the client sends traffic less than
the threshold, the client is removed on timeout. The range is from 15 to 100000
seconds.

wlan_id

Wireless LAN identifier between 1 and 512.

The default client session idle timeout is 300 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The timeout value that you configure here overrides the global timeout that you define using the command
config network usertimeout.

Examples

The following example shows how to configure the idle client sessions for a WLAN:
(Cisco Controller) >config wlan usertimeout 100 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

471

Timeout Commands

config wlan security wpa akm ft

To configure authentication key-management using 802.11r fast transition 802.1X, use the config wlan
security wpa akm ft command.
config wlan security wpa akm ft [over-the-air | over-the-ds | psk | [reassociation-timeout seconds]] {enable
| disable} wlan_id

Syntax Description

over-the-air

(Optional) Configures 802.11r fast transition roaming over-the-air support.

over-the-ds

(Optional) Configures 802.11r fast transition roaming DS support.

psk

(Optional) Configures 802.11r fast transition PSK support.

reassociation-timeout

(Optional) Configures the reassociation deadline interval.

The valid range is between 1 to 100 seconds. The default value is 20 seconds.

Command Default

Command History

Examples

seconds

Reassociation deadline interval in seconds.

enable

Enables 802.11r fast transition 802.1X support.

disable

Disables 802.11r fast transition 802.1X support.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure authentication key-management using 802.11r fast transition:
(Cisco Controller) >config wlan security wpa akm ft reassociation-timeout 25 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

472

OL-31334-01

Clearing Configurations, Log files, and Other Actions

config wlan security ft

To configure 802.11r fast transition parameters, use the config wlan security ft command.
config wlan security ft {enable | disable | reassociation-timeout timeout-in-seconds} wlan_id

Syntax Description

Command Default

Command History

enable

Enables 802.11r fast transition roaming support.

disable

Disables 802.11r fast transition roaming support.

reassociation-timeout

Configures reassociation deadline interval.

timeout-in-seconds

Reassociation timeout value in seconds. The valid range

is 1 to 100 seconds.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Ensure that you have disabled the WLAN before you proceed.

Examples

The following example shows how to enable 802.11r fast transition roaming support on WLAN 2:
(Cisco Controller) >config wlan security ft enable 2

The following example shows how to set the reassociation timeout value of 20 seconds for 802.11r fast
transition roaming support on WLAN 2:
(Cisco Controller) >config wlan security ft reassociation-timeout 20 2

Clearing Configurations, Log files, and Other Actions

Use the clear command to clear existing configurations, log files, and other functions.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

473

Clearing Configurations, Log files, and Other Actions

clear acl counters

To clear the current counters for an access control list (ACL), use the clear acl counters command.
clear acl counters acl_name

Syntax Description

Command Default

Command History

acl_name

ACL name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines
Note

Examples

ACL counters are available only on the following controllers: Cisco 4400 Series Controller, Cisco WiSM,
and Catalyst 3750G Integrated Wireless LAN Controller Switch.

The following example shows how to clear the current counters for acl1:
(Cisco Controller) > clear acl counters acl1

Related Commands

config acl counter

show acl

Cisco Wireless LAN Controller Command Reference, Release 8.0

474

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear ap config
To clear (reset to the default values) a lightweight access points configuration settings, use the clear ap config
command.
clear ap config ap_name

Syntax Description

Command Default

Command History

ap_name

Access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Entering this command does not clear the static IP address of the access point.

Examples

The following example shows how to clear the access points configuration settings for the access point named
ap1240_322115:
(Cisco Controller) >clear ap config ap1240_322115
Clear ap-config will clear ap config and reboot the AP. Are you sure you want continue?
(y/n)

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

475

Clearing Configurations, Log files, and Other Actions

clear ap eventlog
To delete the existing event log and create an empty event log file for a specific access point or for all access
points joined to the controller, use the clear ap eventlog command.
clear ap eventlog {specific ap_name | all}

Syntax Description

Command Default

Command History

Examples

specific

Specifies a specific access point log file.

ap_name

Name of the access point for which the event log file will be emptied.

all

Deletes the event log for all access points joined to the controller.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to delete the event log for all access points:
(Cisco Controller) >clear ap eventlog all
This will clear event log contents for all APs. Do you want continue? (y/n) :y
Any AP event log contents have been successfully cleared.

Cisco Wireless LAN Controller Command Reference, Release 8.0

476

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear ap join stats

To clear the join statistics for all access points or for a specific access point, use the clear ap join stats
command.
clear ap join stats {all | ap_mac}

Syntax Description

Command Default

Command History

Examples

all

Specifies all access points.

ap_mac

Access point MAC address.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear the join statistics of all the access points:
(Cisco Controller) >clear ap join stats all

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

477

Clearing Configurations, Log files, and Other Actions

clear arp
To clear the Address Resolution Protocol (ARP) table, use the clear arp command.
clear arp

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear the ARP table:

(Cisco Controller) > clear arp
Are you sure you want to clear the ARP cache? (y/n)

Related Commands

clear transfer
clear download datatype
clear download filename
clear download mode
clear download serverip
clear download start
clear upload datatype
clear upload filename
clear upload mode
clear upload path
clear upload serverip
clear upload start
clear stats port

Cisco Wireless LAN Controller Command Reference, Release 8.0

478

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear avc statistics

To clear Application Visibility and Control (AVC) statistics of a client, guest LAN, remote LAN, or a WLAN
use the clear avc statistics command.
clear avc statistics {client {all | client-mac} | guest-lan {all | guest-lan-id} | remote-lan {all | remote-lan-id}
| wlan {all | wlan-id}}

Syntax Description

Command Default

wlan-id

WLAN Identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear the AVC statistics of a client:
(Cisco Controller) > clear avc statistics client 00:21:1b:ea:36:60

Related Commands

config avc profile create

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

479

Clearing Configurations, Log files, and Other Actions

config avc profile delete

config avc profile rule
config wlan avc
show avc profile
show avc applications
show avc statistics
debug avc error
debug avc events

Cisco Wireless LAN Controller Command Reference, Release 8.0

480

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear client tsm

To clear the traffic stream metrics (TSM) statistics for a particular access point or all the access points to
which this client is associated, use the clear client tsm command.
clear client tsm {802.11a | 802.11b} client_mac {ap_mac | all}

Syntax Description

Command Default

Command History

Examples

802.11a

Specifies the 802.11a network.

802.11b

Specifies the 802.11b network.

client_mac

MAC address of the client.

ap_mac

MAC address of a Cisco lightweight access point.

all

Specifies all access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear the TSM for the MAC address 00:40:96:a8:f7:98:
(Cisco Controller) > clear client tsm 802.11a 00:40:96:a8:f7:98 all

Related Commands

clear upload start

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

481

Clearing Configurations, Log files, and Other Actions

clear config
To reset configuration data to factory defaults, use the clear config command.
clear config

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to reset the configuration data to factory defaults:
(Cisco Controller) > clear config
Are you sure you want to clear the configuration? (y/n)
n
Configuration not cleared!

Related Commands

Cisco Wireless LAN Controller Command Reference, Release 8.0

482

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear ext-webauth-url
To clear the external web authentication URL, use the clear ext-webauth-url command.
clear ext-webauth-url

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear the external web authentication URL:
(Cisco Controller) > clear ext-webauth-url
URL cleared.

Related Commands

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

483

Clearing Configurations, Log files, and Other Actions

clear location rfid

To clear a specific radio frequency identification (RFID) tag or all of the RFID tags in the entire database,
use the clear location rfid command.
clear location rfid {mac_address | all}

Syntax Description

Command Default

Command History

Examples

mac_address

MAC address of a specific RFID tag.

all

Specifies all of the RFID tags in the database.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear all of the RFID tags in the database:
(Cisco Controller) > clear location rfid all

Related Commands

clear location statistics rfid

config location
show location
show location statistics rfid

Cisco Wireless LAN Controller Command Reference, Release 8.0

484

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear location statistics rfid

To clear radio frequency identification (RFID) statistics, use the clear location statistics rfid command.
clear location statistics rfid

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear RFID statistics:

(Cisco Controller) > clear location statistics rfid

Related Commands

config location
show location
show location statistics rfid

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

485

Clearing Configurations, Log files, and Other Actions

clear locp statistics

To clear the Location Protocol (LOCP) statistics, use the clear locp statistics command.
clear locp statistics

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear the statistics related to LOCP:
(Cisco Controller) > clear locp statistics

Related Commands

clear nmsp statistics

config nmsp notify-interval measurement
show nmsp notify-interval summary
show nmsp statistics
show nmsp status

Cisco Wireless LAN Controller Command Reference, Release 8.0

486

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear login-banner
To remove the login banner file from the controller, use the clear login-banner command.
clear login-banner

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear the login banner file:
(Cisco Controller) > clear login-banner

Related Commands

transfer download datatype

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

487

Clearing Configurations, Log files, and Other Actions

clear lwapp private-config

To clear (reset to default values) an access points current Lightweight Access Point Protocol (LWAPP) private
configuration, which contains static IP addressing and controller IP address configurations, use the clear
lwapp private-config command.
clear lwapp private-config

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Usage Guidelines

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Enter the command on the access point console port.

Prior to changing the FlexConnect configuration on an access point using the access points console port, the
access point must be in standalone mode (not connected to a Cisco WLC ) and you must remove the current
LWAPP private configuration by using the clear lwapp private-config command.

Note

Examples

The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.

The following example shows how to clear an access points current LWAPP private configuration:
ap_console >clear lwapp private-config
removing the reap config file flash:/lwapp_reap.cfg

Cisco Wireless LAN Controller Command Reference, Release 8.0

488

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear mdns service-database

To clear the multicast DNS service database, use the clear mdns service-databasecommand.
clear mdns service-database {all | service-name

Syntax Description

Command Default

Command History

all

Clears the mDNS service database.

service-name

Name of the mDNS service. The Cisco WLC clears the details of the mDNS
service.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The Cisco WLC snoops and learns about the mDNS service advertisements only if the service is available in
the Master Services database.

Examples

The following example shows how to clear the mDNS service database:
(Cisco Controller) > clear mdns service-database all

Related Commands

config mdns query interval

config mdns service
config mdns snooping
config interface mdns-profile
config interface group mdns-profile
config wlan mdns
show mdns profile
show mnds service
config mdns profile
debug mdns all
debug mdns error
debug mdns detail

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

489

Clearing Configurations, Log files, and Other Actions

debug mdns message

Cisco Wireless LAN Controller Command Reference, Release 8.0

490

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear nmsp statistics

To clear the Network Mobility Services Protocol (NMSP) statistics, use the clear nmsp statistics command.
clear nmsp statistics

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to delete the NMSP statistics log file:
(Cisco Controller) >

Related Commands

clear nmsp statistics

clear locp statistics

config nmsp notify-interval measurement
show nmsp notify-interval summary
show nmsp status

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

491

Clearing Configurations, Log files, and Other Actions

clear radius acct statistics

To clear the RADIUS accounting statistics on the controller, use the clear radius acc statistics command.
clear radius acct statistics [index | all]

Syntax Description

Command Default

Command History

Examples

index

(Optional) Specifies the index of the RADIUS

accounting server.

all

(Optional) Specifies all RADIUS accounting servers.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear the RADIUS accounting statistics:
(Cisco Controller) > clear radius acc statistics

Related Commands

show radius acct statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

492

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear session
To clear the sessions that are created when user logs in through Telnet or SSH, use the clear session command.
clear sessionsession-id

Command Default

Command History

None

Release

Modification

8.0

This command was introduced.

Usage Guidelines

The session ID for clearing the session should be taken from the show login-session command.

Examples

The following example shows how to clear Telnet or SSH sesion:

(Cisco Controller) > clear session 3

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

493

Clearing Configurations, Log files, and Other Actions

clear tacacs auth statistics

To clear the RADIUS authentication server statistics in the controller, use the clear tacacs auth statistics
command.
clear tacacs auth statistics [index | all]

Syntax Description

Command Default

Command History

Examples

index

(Optional) Specifies the index of the RADIUS

authentication server.

all

(Optional) Specifies all RADIUS authentication

servers.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear the RADIUS authentication server statistics:
(Cisco Controller) > clear tacacs auth statistics

Related Commands

show tacacs auth statistics

show tacacs summary
config tacacs auth

Cisco Wireless LAN Controller Command Reference, Release 8.0

494

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear redirect-url
To clear the custom web authentication redirect URL on the Cisco Wireless LAN Controller, use the clear
redirect-url command.
clear redirect-url

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear the custom web authentication redirect URL:
(Cisco Controller) >
URL cleared.

Related Commands

clear redirect-url

clear transfer
clear download datatype
clear download filename
clear download mode
clear download path
clear download start
clear upload datatype
clear upload filename
clear upload mode
clear upload path
clear upload serverip
clear upload start

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

495

Clearing Configurations, Log files, and Other Actions

clear stats ap wlan

To clear the WLAN statistics, use the clear stats ap wlan command.
clear stats ap wlan cisco_ap

Syntax Description

Command Default

Command History

Examples

cisco_ap

Selected configuration elements.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear the WLAN configuration elements of the access point cisco_ap:
(Cisco Controller) >clear stats ap wlan cisco_ap
WLAN statistics cleared.

Cisco Wireless LAN Controller Command Reference, Release 8.0

496

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear stats local-auth

To clear the local Extensible Authentication Protocol (EAP) statistics, use the clear stats local-auth command.
clear stats local-auth

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear the local EAP statistics:
(Cisco Controller) > clear stats local-auth
Local EAP Authentication Stats Cleared.

Related Commands

config local-auth active-timeout

config local-auth eap-profile
config local-auth method fast
config local-auth user-credentials
debug aaa local-auth
show local-auth certificates
show local-auth config
show local-auth statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

497

Clearing Configurations, Log files, and Other Actions

clear stats mobility

To clear mobility manager statistics, use the clear stats mobility command.
clear stats mobility

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear mobility manager statistics:

(Cisco Controller) >clear stats mobility
Mobility stats cleared.

Cisco Wireless LAN Controller Command Reference, Release 8.0

498

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear stats port

To clear statistics counters for a specific port, use the clear stats port command.
clear stats port port

Syntax Description

port

Command Default

None

Command History

Examples

Physical interface port number.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear the statistics counters for port 9:
(Cisco Controller) > clear stats port 9

Related Commands

clear transfer
clear download datatype
clear download datatype
clear download filename
clear download mode
clear download serverip
clear download start
clear upload datatype
clear upload filename
clear upload mode
clear upload path
clear upload serverip
clear upload start
clear stats port

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

499

Clearing Configurations, Log files, and Other Actions

clear stats radius

To clear the statistics for one or more RADIUS servers, use the clear stats radius command.
clear stats radius {auth | acct} {index | all}

Syntax Description

Command Default

Command History

Examples

auth

Clears statistics regarding authentication.

acct

Clears statistics regarding accounting.

index

Specifies the index number of the RADIUS server to

be cleared.

all

Clears statistics for all RADIUS servers.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear the statistics for all RADIUS authentication servers:
(Cisco Controller) > clear stats radius auth all

Related Commands

Cisco Wireless LAN Controller Command Reference, Release 8.0

500

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear stats port

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

501

Clearing Configurations, Log files, and Other Actions

clear stats switch

To clear all switch statistics counters on a Cisco wireless LAN controller, use the clear stats switch command.
clear stats switch

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear all switch statistics counters:
(Cisco Controller) > clear stats switch

Related Commands

Cisco Wireless LAN Controller Command Reference, Release 8.0

502

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear stats tacacs

To clear the TACACS+ server statistics on the controller, use the clear stats tacacs command.
clear stats tacacs [auth | athr | acct] [index | all]

Syntax Description

Command Default

Command History

Examples

auth

(Optional) Clears the TACACS+ authentication server

statistics.

athr

(Optional) Clears the TACACS+ authorization server

statistics.

acct

(Optional) Clears the TACACS+ accounting server

statistics.

index

(Optional) Specifies index of the TACACS+ server.

all

(Optional) Specifies all TACACS+ servers.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear the TACACS+ accounting server statistics for index 1:
(Cisco Controller) > clear stats tacacs acct 1

Related Commands

show tacacs summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

503

Clearing Configurations, Log files, and Other Actions

clear transfer
To clear the transfer information, use the clear transfer command.
clear transfer

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear the transfer information:

(Cisco Controller) > clear transfer
Are you sure you want to clear the transfer information? (y/n) y
Transfer Information Cleared.

Related Commands

transfer upload datatype

transfer upload pac
transfer upload password
transfer upload port
transfer upload path
transfer upload username
transfer upload datatype
transfer upload serverip
transfer upload start

Cisco Wireless LAN Controller Command Reference, Release 8.0

504

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear traplog
To clear the trap log, use the clear traplog command.
clear traplog

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear the trap log:

(Cisco Controller) > clear traplog
Are you sure you want to clear the trap log? (y/n) y
Trap Log Cleared.

Related Commands

clear transfer
clear download datatype
clear download filename
clear download mode
clear download path
clear download serverip
clear download start
clear upload filename
clear upload mode
clear upload path
clear upload serverip
clear upload start

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

505

Clearing Configurations, Log files, and Other Actions

clear webimage
To clear the custom web authentication image, use the clear webimage command.
clear webimage

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear the custom web authentication image:
(Cisco Controller) > clear webimage

Related Commands

Cisco Wireless LAN Controller Command Reference, Release 8.0

506

OL-31334-01

Clearing Configurations, Log files, and Other Actions

clear webmessage
To clear the custom web authentication message, use the clear webmessage command.
clear webmessage

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear the custom web authentication message:
(Cisco Controller) > clear webmessage
Message cleared.

Related Commands

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

507

Resetting the System Reboot Time

clear webtitle
To clear the custom web authentication title, use the clear webtitle command.
clear webtitle

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear the custom web authentication title:
(Cisco Controller) > clear webtitle
Title cleared.

Related Commands

Resetting the System Reboot Time

Use the reset command to schedule a reboot of the controller and access points.

Cisco Wireless LAN Controller Command Reference, Release 8.0

508

OL-31334-01

Resetting the System Reboot Time

reset system at
To reset the system at a specified time, use the reset system at command.
reset system at YYYY-MM-DD HH:MM:SS image {no-swap|swap} reset-aps [save-config]

Syntax Description

Command Default

Command History

Examples

YYYY-MM-DD

Specifies the date.

HH: MM: SS

Specifies the time in a 24-hour format.

image

Configures the image to be rebooted.

swap

Changes the active boot image.

no-swap

Boots from the active image.

reset-aps

Resets all access points during the system reset.

save-config

(Optional) Saves the configuration before the system reset.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to reset the system at 2010-03-29 and 12:01:01 time:
(Cisco Controller) > reset system at 2010-03-29 12:01:01 image swap reset-aps save-config

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

509

Resetting the System Reboot Time

reset system in
To specify the amount of time delay before the devices reboot, use the reset system in command.
reset system in HH:MM:SS image {swap | no-swap} reset-aps save-config

Syntax Description

Command Default

Command History

Examples

HH :MM :SS

Specifies a delay in duration.

image

Configures the image to be rebooted.

swap

Changes the active boot image.

no-swap

Boots from the active image.

reset-aps

Resets all access points during the system reset.

save-config

Saves the configuration before the system reset.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to reset the system after a delay of 00:01:01:
(Cisco Controller) > reset system in 00:01:01 image swap reset-aps save-config

Cisco Wireless LAN Controller Command Reference, Release 8.0

510

OL-31334-01

Resetting the System Reboot Time

reset system cancel

To cancel a scheduled reset, use the reset system cancel command.
reset system cancel

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to cancel a scheduled reset:

(Cisco Controller) > reset system cancel

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

511

Resetting the System Reboot Time

reset system notify-time

To configure the trap generation prior to scheduled resets, use the reset system notify-time command.
reset system notify-time minutes

Syntax Description

Command Default

Command History

Examples

minutes

Number of minutes before each scheduled reset at which to generate a trap.

The default time period to configure the trap generation prior to scheduled resets is 10 minutes.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the trap generation to 10 minutes before the scheduled resets:
(Cisco Controller) > reset system notify-time 55

Cisco Wireless LAN Controller Command Reference, Release 8.0

512

OL-31334-01

Uploading and Downloading Files and Configurations

reset peer-system
To reset the peer controller, use the reset peer-system command.
reset peer-system

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to reset the peer controller:

> reset peer-system

Uploading and Downloading Files and Configurations

Use the transfer command to transfer files to or from the Cisco Wireless LAN controller.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

513

Uploading and Downloading Files and Configurations

transfer download certpasswor

To set the password for the .PEM file so that the operating system can decrypt the web administration SSL
key and certificate, use the transfer download certpassword command.
transfer download certpassword private_key_password

Syntax Description

Command Default

Command History

Examples

private_key_password

Certificates private key password.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to transfer a file to the switch with the certificates private key password
certpassword:
(Cisco Controller) > transfer download certpassword
Clearing password

Cisco Wireless LAN Controller Command Reference, Release 8.0

514

OL-31334-01

Uploading and Downloading Files and Configurations

transfer download datatype

To set the download file type, use the transfer download datatype command.
transfer download datatype {avc-protocol-pack | code | config | eapdevcert | eapcacert | icon | image |
ipseccacert | ipsecdevcert| login-banner | radius-avplist |signature | webadmincert | webauthbundle |
webauthcert}

Syntax Description

Command Default

Command History

avc-protocol-pack

Downloads an AVC protocol pack to the system.

code

Downloads an executable image to the system.

config

Downloads the configuration file.

eapcacert

Downloads an EAP ca certificate to the system.

eapdevcert

Downloads an EAP dev certificate to the system.

icon

Downloads an executable image to the system.

image

Downloads a web page login to the system.

ipseccacert

Downloads an IPSec Certificate Authority (CA) certificate to the

system.

ipsecdevcert

Downloads an IPSec dev certificate to the system.

Downloads the controller login banner. Only text file is supported

with a maximum of 1500 bytes.

radius-avplist

Downloads the RADIUS AVPs in the XML file format from the
FTP server.

signature

Downloads a signature file to the system.

webadmincert

Downloads a certificate for web administration to the system.

webauthbundle

Downloads a custom webauth bundle to the system.

webauthcert

Downloads a web certificate for the web portal to the system.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

515

Uploading and Downloading Files and Configurations

Examples

Release

Modification

8.0

The ipseccacert, ipsecdevcert, and radius-avplist options were introduced.

The following example shows how to download an executable image to the system:
(Cisco Controller) > transfer download datatype code

Cisco Wireless LAN Controller Command Reference, Release 8.0

516

OL-31334-01

Uploading and Downloading Files and Configurations

transfer download filename

To download a specific file, use the transfer download filename command.
transfer download filename filename

Syntax Description

Command Default

Command History

filename

Filename that contains up to 512 alphanumeric characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You cannot use special characters such as \ : * ? " < > | for the filename.

Examples

The following example shows how to transfer a file named build603:

(Cisco Controller) > transfer download filename build603

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

517

Uploading and Downloading Files and Configurations

transfer download mode

To set the transfer mode, use the transfer download mode command.
transfer upload mode {ftp | tftp | sftp}

Syntax Description

Command Default

Command History

Examples

ftp

Sets the transfer mode to FTP.

tftp

Sets the transfer mode to TFTP.

sftp

Sets the transfer mode to SFTP.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to transfer a file using the TFTP mode:
(Cisco Controller) > transfer download mode tftp

Cisco Wireless LAN Controller Command Reference, Release 8.0

518

OL-31334-01

Uploading and Downloading Files and Configurations

transfer download password

To set the password for an FTP transfer, use the transfer download password command.
transfer download password password

Syntax Description

Command Default

Command History

Examples

password

Password.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the password for FTP transfer to pass01:
(Cisco Controller) > transfer download password pass01

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

519

Uploading and Downloading Files and Configurations

transfer download path

To set a specific FTP or TFTP path, use the transfer download path command.
transfer download path path

Syntax Description

path

Directory path.
Note

Command Default

Command History

Path names on a TFTP or FTP server are relative to the servers default
or root directory. For example, in the case of the Solarwinds TFTP
server, the path is /.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You cannot use special characters such as \ : * ? " < > | for the file path.

Examples

The following example shows how to transfer a file to the path c:\install\version2:
(Cisco Controller) > transfer download path c:\install\version2

Cisco Wireless LAN Controller Command Reference, Release 8.0

520

OL-31334-01

Uploading and Downloading Files and Configurations

transfer download port

To specify the FTP port, use the transfer download port command.
transfer download port port

Syntax Description

Command Default

Command History

Examples

port

FTP port.

The default FTP port is 21.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to specify FTP port number 23:
(Cisco Controller) > transfer download port 23

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

521

Uploading and Downloading Files and Configurations

transfer download serverip

To configure the IPv4 or IPv6 address of the TFTP server from which to download information, use the
transfer download serverip command.
transfer download serverip IP addr

Syntax Description

Command Default

Command History

Examples

IP addr

TFTP server IPv4 or IPv6 address.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports both IPv4 and IPv6 address formats.

The following example shows how to configure the IPv4 address of the TFTP server:
(Cisco Controller) > transfer download serverip 175.34.56.78

The following example shows how to configure the IPv6 address of the TFTP server:
(Cisco Controller) > transfer download serverip 2001:10:1:1::1

Cisco Wireless LAN Controller Command Reference, Release 8.0

522

OL-31334-01

Uploading and Downloading Files and Configurations

transfer download start

To initiate a download, use the transfer download start command.
transfer download start

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to initiate a download:

(Cisco Controller) > transfer download start
Mode...........................................
Data Type......................................
TFTP Server IP.................................
TFTP Path......................................
TFTP Filename..................................
This may take some time.
Are you sure you want to start? (y/n) Y
TFTP Webadmin cert transfer starting.
Certificate installed.
Please restart the switch (reset system) to use

TFTP
Site Cert
172.16.16.78
directory path
webadmincert_name

the new certificate.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

523

Uploading and Downloading Files and Configurations

transfer download tftpPktTimeout

To specify the TFTP packet timeout, use the transfer download tftpPktTimeout command.
transfer download tftpPktTimeout timeout

Syntax Description

Command Default

Command History

Examples

timeout

Timeout in seconds between 1 and 254.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to transfer a file with the TFTP packet timeout of 55 seconds:
(Cisco Controller) > transfer download tftpPktTimeout 55

Cisco Wireless LAN Controller Command Reference, Release 8.0

524

OL-31334-01

Uploading and Downloading Files and Configurations

transfer download tftpMaxRetries

To specify the number of allowed TFTP packet retries, use the transfer download tftpMaxRetries command.
transfer download tftpMaxRetries retries

Syntax Description

Command Default

Command History

Examples

retries

Number of allowed TFTP packet retries between 1 and 254 seconds.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the number of allowed TFTP packet retries to 55:
(Cisco Controller) > transfer download tftpMaxRetries 55

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

525

Uploading and Downloading Files and Configurations

transfer download username

To specify the FTP username, use the transfer download username command.
transfer download username username

Syntax Description

Command Default

Command History

Examples

username

Username.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the FTP username to ftp_username:
(Cisco Controller) > transfer download username ftp_username

Cisco Wireless LAN Controller Command Reference, Release 8.0

526

OL-31334-01

Uploading and Downloading Files and Configurations

transfer encrypt
To configure encryption for configuration file transfers, use the transfer encrypt command.
transfer encrypt {enable | disable | set-key key}

Syntax Description

Command Default

Command History

Examples

enable

Enables the encryption settings.

disable

Disables the encryption settings.

set-key

Specifies the encryption key for configuration file transfers.

key

Encryption key for config file transfers.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the encryption settings:

(Cisco Controller) > transfer encrypt enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

527

Uploading and Downloading Files and Configurations

transfer upload datatype

To set the controller to upload specified log and crash files, use the transfer upload datatype command.
transfer upload datatype {ap-crash-data | config | coredump | crashfile | debug-file | eapcacert | eapdevcert
| errorlog | invalid-config | ipseccacert | ipsecdevcert | pac | packet-capture | panic-crash-file |
radio-core-dump | radius-avplist | rrm-log | run-config | signature | systemtrace | traplog |
watchdog-crash-filewebadmincert | webauthbundle | webauthcert}

Syntax Description

ap-crash-data

Uploads the AP crash files.

config

Uploads the system configuration file.

coredump

Uploads the core-dump file.

crashfile

Uploads the system crash file.

debug-file

Uploads the system's debug log file.

eapcacert

Uploads an EAP CA certificate.

eapdevcert

Uploads an EAP Dev certificate.

errorlog

Uploads the system error log file.

invalid-config

Uploads the system invalid-config file.

ipseccacert

Uploads CA certificate file.

ipsecdevcert

Uploads device certificate file.

pac

Uploads a Protected Access Credential (PAC).

packet-capture

Uploads a packet capture file.

panic-crash-file

Uploads the kernel panic information file.

radio-core-dump

Uploads the system error log.

radius-avplist

Uploads the XML file from the controller to the RADIUS server.

rrm-log

Uploads the system's trap log.

run-config

Upload the WLC's running configuration

signature

Uploads the system signature file.

systemtrace

Uploads the system trace file.

traplog

Uploads the system trap log.

Cisco Wireless LAN Controller Command Reference, Release 8.0

528

OL-31334-01

Uploading and Downloading Files and Configurations

Command Default

Command History

Examples

watchdog-crash-file

Uploads a console dump file resulting from a

software-watchdog-initiated controller reboot following a crash.

webadmincert

Uploads Web Admin certificate.

webauthbundle

Uploads a Web Auth bundle.

webauthcert

Upload a web certificate

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

The ipseccacert, ipsecdevcert, and radius-avplist options were introduced.

The following example shows how to upload the system error log file:
(Cisco Controller) > transfer upload datatype errorlog

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

529

Uploading and Downloading Files and Configurations

transfer upload filename

To upload a specific file, use the transfer upload filename command.
transfer upload filename filename

Syntax Description

Command Default

Command History

filename

Filename that contains up to 16 alphanumeric characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You cannot use special characters such as \ : * ? " < > | for the filename.

Examples

The following example shows how to upload a file build603:

(Cisco Controller) > transfer upload filename build603

Cisco Wireless LAN Controller Command Reference, Release 8.0

530

OL-31334-01

Uploading and Downloading Files and Configurations

transfer upload mode

To configure the transfer mode, use the transfer upload mode command.
transfer upload mode {ftp | tftp | sftp}

Syntax Description

Command Default

Command History

Examples

ftp

Sets the transfer mode to FTP.

tftp

Sets the transfer mode to TFTP.

sftp

Sets the transfer mode to SFTP.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the transfer mode to TFTP:
(Cisco Controller) > transfer upload mode tftp

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

531

Uploading and Downloading Files and Configurations

transfer upload pac

To load a Protected Access Credential (PAC) to support the local authentication feature and allow a client to
import the PAC, use the transfer upload pac command.
transfer upload pac username validity password

Syntax Description

Command Default

Command History

username

User identity of the PAC.

validity

Validity period (days) of the PAC.

password

Password to protect the PAC.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The client upload process uses a TFTP or FTP server.

Examples

The following example shows how to upload a PAC with the username user1, validity period 53, and password
pass01:
(Cisco Controller) > transfer upload pac user1 53 pass01

Cisco Wireless LAN Controller Command Reference, Release 8.0

532

OL-31334-01

Uploading and Downloading Files and Configurations

transfer upload password

To configure the password for FTP transfer, use the transfer upload password command.

Syntax Description

password

Password needed to access the FTP server.

transfer upload password password

Command Default

Command History

Examples

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the password for the FTP transfer to pass01:
(Cisco Controller) > transfer upload password pass01

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

533

Uploading and Downloading Files and Configurations

transfer upload path

To set a specific upload path, use the transfer upload path command.
transfer upload path path

Syntax Description

path

Command Default

None

Command History

Server path to file.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You cannot use special characters such as \ : * ? " < > | for the file path.

Examples

The following example shows how to set the upload path to c:\install\version2:
(Cisco Controller) > transfer upload path c:\install\version2

Cisco Wireless LAN Controller Command Reference, Release 8.0

534

OL-31334-01

Uploading and Downloading Files and Configurations

transfer upload peer-start

To upload a file to the peer WLC, use the transfer upload peer-start command.
transfer upload peer-start

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to start uploading a file to the peer controller:
> transfer upload peer-start
Mode.............................................
FTP Server IP....................................
FTP Server Port..................................
FTP Path.........................................
FTP Filename.....................................
FTP Username.....................................
FTP Password.....................................
Data Type........................................

FTP
209.165.201.1
21
/builds/nimm/
AS_5500_7_4_1_20.aes
wnbu
*********
Error Log

Are you sure you want to start upload from standby? (y/N) n
Transfer Canceled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

535

Uploading and Downloading Files and Configurations

transfer upload port

To specify the FTP port, use the transfer upload port command.
transfer upload port port

Syntax Description

Command Default

Command History

Examples

port

Port number.

The default FTP port is 21.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to specify FTP port 23:

(Cisco Controller) > transfer upload port 23

Cisco Wireless LAN Controller Command Reference, Release 8.0

536

OL-31334-01

Uploading and Downloading Files and Configurations

transfer upload serverip

To configure the IPv4 or IPv6 address of the TFTP server to upload files to, use the transfer upload serverip
command.
transfer upload serverip IP addr

Syntax Description

Command Default

Command History

Examples

IP addr

TFTP Server IPv4 or IPv6 address.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports both IPv4 and IPv6 address formats.

The following example shows how to set the IPv4 address of the TFTP server to 175.31.56.78:
(Cisco Controller) > transfer upload serverip 175.31.56.78

The following example shows how to set the IPv6 address of the TFTP server to 175.31.56.78:
(Cisco Controller) > transfer upload serverip 2001:10:1:1::1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

537

Uploading and Downloading Files and Configurations

transfer upload start

To initiate an upload, use the transfer upload start command.
transfer upload start

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to initiate an upload of a file:

(Cisco Controller) > transfer upload start
Mode...........................................
TFTP Server IP.................................
TFTP Path......................................
TFTP Filename..................................
Data Type......................................
Are you sure you want to start? (y/n) n
Transfer Cancelled

TFTP
172.16.16.78
c:\find\off/
wps_2_0_75_0.aes
Code

Cisco Wireless LAN Controller Command Reference, Release 8.0

538

OL-31334-01

Installing and Modifying Licenses on Cisco 5500 Series Controllers

transfer upload username

To specify the FTP username, use the transfer upload username command.
transfer upload username

Syntax Description

Command Default

Command History

Examples

username

Username required to access the FTP server. The username can contain up to 31
characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the FTP username to ftp_username:
(Cisco Controller) > transfer upload username ftp_username

Installing and Modifying Licenses on Cisco 5500 Series Controllers

Use the license commands to install, remove, modify, or rehost licenses.

Note

Some license commands are available only on the Cisco 5500 Series Controller. Right to Use (RTU)
licensing is not supported on Cisco 5500 Series Controllers.

Note

For detailed information on installing and rehosting licenses on the Cisco 5500 Series Controller, see the
Installing and Configuring Licenses section in Chapter 4 of the Cisco Wireless LAN Controller
Configuration Guide.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

539

Installing and Modifying Licenses on Cisco 5500 Series Controllers

license clear
To remove a license from the Cisco 5500 Series Controller, use the license clear command.
license clear license_name

Syntax Description

Command Default

Command History

license_name

Name of the license.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You can delete an expired evaluation license or any unused license. You cannot delete unexpired evaluation
licenses, the permanent base image license, or licenses that are in use by the controller.

Examples

The following example shows how to remove the license settings of the license named wplus-ap-count:
(Cisco Controller) > license clear wplus-ap-count

Cisco Wireless LAN Controller Command Reference, Release 8.0

540

OL-31334-01

Installing and Modifying Licenses on Cisco 5500 Series Controllers

license comment
To add comments to a license or delete comments from a license on the Cisco 5500 Series Controller, use the
license comment command.
license comment {add | delete} license_name comment_string

Syntax Description

Command Default

Command History

Examples

add

Adds a comment.

delete

Deletes a comment.

license_name

Name of the license.

comment_string

License comment.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add a comment wplus ap count license to the license name
wplus-ap-count:
(Cisco Controller) > license comment add wplus-ap-count Comment for wplus ap count license

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

541

Installing and Modifying Licenses on Cisco 5500 Series Controllers

license install
To install a license on the Cisco 5500 Series Controller, use the license install command.
license install url

Syntax Description

url

Command Default

None

Command History

Usage Guidelines

URL of the TFTP server (tftp://server_ip/path/filename).

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

We recommend that the access point count be the same for the base-ap-count and wplus-ap-count licenses
installed on your controller. If your controller has a base-ap-count license of 100 and you install a
wplus-ap-count license of 12, the controller supports up to 100 access points when the base license is in use
but only a maximum of 12 access points when the wplus license is in use.
You cannot install a wplus license that has an access point count greater than the controller's base license. For
example, you cannot apply a wplus-ap-count 100 license to a controller with an existing base-ap-count 12
license. If you attempt to register for such a license, an error message appears indicating that the license
registration has failed. Before upgrading to a wplus-ap-count 100 license, you would first have to upgrade
the controller to a base-ap-count 100 or 250 license.

Examples

The following example shows how to install a license on the controller from the URL
tftp://10.10.10.10/path/license.lic:
(Cisco Controller) > license install tftp://10.10.10.10/path/license.lic

Cisco Wireless LAN Controller Command Reference, Release 8.0

542

OL-31334-01

Installing and Modifying Licenses on Cisco 5500 Series Controllers

license modify priority

To raise or lower the priority of the base-ap-count or wplus-ap-count evaluation license on a Cisco 5500 Series
Controller, use the license modify priority command.
license modify priority license_name {high | low}

Syntax Description

Command Default

Command History

Usage Guidelines

license_name

Ap-count evaluation license.

high

Modifies the priority of an ap-count evaluation license.

low

Modifies the priority of an ap-count evaluation license.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

If you are considering upgrading to a license with a higher access point count, you can try an evaluation license
before upgrading to a permanent version of the license. For example, if you are using a permanent license
with a 50 access point count and want to try an evaluation license with a 100 access point count, you can try
out the evaluation license for 60 days.
AP-count evaluation licenses are set to low priority by default so that the controller uses the ap-count permanent
license. If you want to try an evaluation license with an increased access point count, you must change its
priority to high. If you no longer want to have this higher capacity, you can lower the priority of the ap-count
evaluation license, which forces the controller to use the permanent license.

Note

You can set the priority only for ap-count evaluation licenses. AP-count permanent licenses always have
a medium priority, which cannot be configured.

Note

If the ap-count evaluation license is a wplus license and the ap-count permanent license is a base license,
you must also change the feature set to wplus.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

543

Installing and Modifying Licenses on Cisco 5500 Series Controllers

Note

Examples

The following example shows how to set the priority of the wplus-ap-count to high:
(Cisco Controller) > license modify priority wplus-ap-count high

Cisco Wireless LAN Controller Command Reference, Release 8.0

544

OL-31334-01

Installing and Modifying Licenses on Cisco 5500 Series Controllers

license revoke
To rehost a license on a Cisco 5500 Series WLC, use the license revoke command.
license revoke {permission_ticket_url | rehost rehost_ticket_url}

Syntax Description

Command Default

Command History

Usage Guidelines

permission_ticket_url

URL of the TFTP server (tftp://server_ip/path/filename) where you saved the

permission ticket.

rehost

Specifies the rehost license settings.

rehost_ticket_url

URL of the TFTP server (tftp://server_ip/path/filename) where you saved the

rehost ticket.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Before you revoke a license, save the device credentials by using the license save credential url command.
You can rehost all permanent licenses except the permanent base image license. Evaluation licenses and the
permanent base image license cannot be rehosted.
In order to rehost a license, you must generate credential information from the controller and use it to obtain
a permission ticket to revoke the license from the Cisco licensing site, https://tools.cisco.com/SWIFT/
LicensingUI/Quickstart. Next, you must obtain a rehost ticket and use it to obtain a license installation file
for the controller on which you want to install the license.
For detailed information on rehosting licenses, see the Installing and Configuring Licenses section in the
Cisco Wireless LAN Controller Configuration Guide.

Examples

The following example shows how to revoke the license settings from the saved permission ticket URL
tftp://10.10.10.10/path/permit_ticket.lic:
(Cisco Controller) > license revoke tftp://10.10.10.10/path/permit_ticket.lic

The following example shows how to revoke the license settings from the saved rehost ticket URL
tftp://10.10.10.10/path/rehost_ticket.lic:
(Cisco Controller) > license revoke rehost tftp://10.10.10.10/path/rehost_ticket.lic

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

545

Right to Use Licensing Commands

license save
To save a backup copy of all installed licenses or license credentials on the Cisco 5500 Series Controller, use
the license save command.
license save credential url

Syntax Description

Command Default

Command History

credential

Device credential information.

url

URL of the TFTP server (tftp://server_ip/path/filename).

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Save the device credentials before you revoke the license by using the license revoke command.

Examples

The following example shows how to save a backup copy of all installed licenses or license credentials on
tftp://10.10.10.10/path/cred.lic:
(Cisco Controller) > license save credential tftp://10.10.10.10/path/cred.lic

Right to Use Licensing Commands

Use the license commands to configure Right to Use (RTU) licensing on Cisco Flex 7500 Series and 8500
Series controllers. This feature allows you to enable an AP license count on the controller without using any
external tools after accepting an End User License Agreement (EULA).

Cisco Wireless LAN Controller Command Reference, Release 8.0

546

OL-31334-01

Right to Use Licensing Commands

license activate ap-count eval

To activate an evaluation access point license on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless
LAN Controllers, use the license activate ap-count eval command.
license activate ap-count eval

Syntax Description

This command has no arguments or keywords.

Command Default

By default, in release 7.3 Cisco Flex 7500 Series Controllers and Cisco 8500 Series Wireless LAN Controllers
support 6000 APs.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When you activate this license, the controller prompts you to accept or reject the End User License Agreement
(EULA) for the given license. If you activate a license that supports a smaller number of APs than the current
number of APs connected to the controller, the activation command fails.

Examples

The following example shows how to activate an evaluation AP-count license on a Cisco Flex 7500 Series
controller:
(Cisco Controller) > license activate ap-count eval

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

547

Right to Use Licensing Commands

license activate feature

To activate a feature license on Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN Controllers, use
the license activate feature command.
license activate feature license_name

Syntax Description

Command Default

Command History

Examples

license_name

Name of the feature license. The license name can be up to 50 case-sensitive

characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to activate a data DTLS feature license on a Cisco Flex 7500 Series
controller:
(Cisco Controller) > license activate feature data-DTLS

Cisco Wireless LAN Controller Command Reference, Release 8.0

548

OL-31334-01

Right to Use Licensing Commands

license add ap-count

To configure the number of access points (APs) that an AP license can support on Cisco Flex 7500 and 8500
Series Wireless LAN controllers, use the license add ap-count command.
license add ap-count count

Syntax Description

Command Default

Command History

Usage Guidelines

count

Number of APs that the AP license supports. The range is from 1 to the maximum
number of APs that the controller can support. The count must be a multiple of 5.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Right to Use (RTU) licensing allows you to enable a desired AP license count on the controller after accepting
the End User License Agreement (EULA). You can now easily add AP counts on a controller without using
external tools. RTU licensing is available only on Cisco Flex 7500 and 8500 series Wireless LAN controllers.
You can use this command to increase the count of an existing AP license. When you activate a license that
supports a smaller number of APs than the current number of APs connected to the controller, the activation
command fails.

Examples

The following example shows how to configure the count of an AP license on a Cisco Flex 7500 Series
controller:
(Cisco Controller) > license add ap-count 5000

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

549

Right to Use Licensing Commands

license add feature

To add a license for a feature on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN controllers,
use the license add feature command.
license add feature license_name

Syntax Description

Command Default

Command History

Examples

license_name

Name of the feature license. The license name can be up to 50 case-sensitive

characters. For example, data_DTLS.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add a DTLS feature license on a Cisco Flex 7500 Series controller:
(Cisco Controller) > license add feature data_DTLS

Cisco Wireless LAN Controller Command Reference, Release 8.0

550

OL-31334-01

Right to Use Licensing Commands

license deactivate ap-count eval

To deactivate an evaluation access point license on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless
LAN Controllers, use the license deactivate ap-count eval command.
license deactivate ap-count eval

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to deactivate an evaluation AP license on a Cisco Flex 7500 Series
controller:
(Cisco Controller) > license deactivate ap-count eval

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

551

Right to Use Licensing Commands

license deactivate feature

To deactivate a feature license on Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN controllers,
use the license deactivate feature command.
license deactivate feature license_name

Syntax Description

Command Default

Command History

Examples

license_name

Name of the feature license. The license name can be up to 50 case-sensitive

characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to deactivate a data DTLS feature license on a Cisco Flex 7500 Series
controller:
(Cisco Controller) > license deactivate feature data_DTLS

Cisco Wireless LAN Controller Command Reference, Release 8.0

552

OL-31334-01

Right to Use Licensing Commands

license delete ap-count

To delete an access point (AP) count license on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless
LAN Controllers, use the license delete ap-count command.
license delete ap-count count

Syntax Description

Command Default

Command History

Examples

count

Number of APs that the AP license supports. The range is from 1 to the maximum
number of APs that the controller can support. The count must be a multiple of 5.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to delete an AP count license on a Cisco Flex 7500 Series controller:
(Cisco Controller) > license delete ap-count 5000

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

553

Troubleshooting the Controller Settings

license delete feature

To delete a license for a feature on Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN controllers,
use the license delete feature command.
license delete feature license_name

Syntax Description

Command Default

Command History

Examples

license_name

Name of the feature license.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to delete the High Availability feature license on a Cisco Flex 7500 Series
controller:
(Cisco Controller) > license delete feature high_availability

Troubleshooting the Controller Settings

This section describes the debug and config commands that you can use to troubleshoot the controller.

Cisco Wireless LAN Controller Command Reference, Release 8.0

554

OL-31334-01

Troubleshooting the Controller Settings

debug arp
To configure the debugging of Address Resolution Protocol (ARP) options, use the debug arp command.
debug arp {all | detail | events | message} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures the debugging of all ARP logs.

detail

Configures the debugging of ARP detail messages.

error

Configures the debugging of ARP errors.

message

Configures the debugging of ARP messages.

enable

Enables the ARP debugging.

disable

Disables the ARP debugging.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable ARP debug settings:

(Cisco Controller) > debug arp error enable

The following example shows how to disable ARP debug settings:

(Cisco Controller) > debug arp error disable

Related Commands

debug disable-all
show sysinfo

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

555

Troubleshooting the Controller Settings

debug avc
To configure the debugging of Application Visibility and Control (AVC) options, use the debug avc error
command.
debug avc {events | error} {enable | disable}

Syntax Description

Command Default

Command History

Examples

events

Configures the debugging of AVC events.

error

Configures the debugging of AVC errors.

enable

Enables the debugging of AVC events or errors.

disable

Disables the debugging of AVC events or errors.

By default, the debugging of AVC options is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of AVC errors:
(Cisco Controller) > debug avc error enable

Related Commands

config avc profile delete

config avc profile rule
config wlan avc
show avc profile
show avc applications
show avc statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

556

OL-31334-01

Troubleshooting the Controller Settings

debug cac
To configure the debugging of Call Admission Control (CAC) options, use the debug cac command.
debug cac {all | event | packet} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures the debugging options for all CAC messages.

event

Configures the debugging options for CAC events.

packet

Configures the debugging options for selected CAC packets.

kts

Configures the debugging options for KTS-based CAC messages.

enable

Enables the debugging of CAC settings.

disable

Disables the debugging of CAC settings.

By default, the debugging of CAC options is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable debugging of CAC settings:

(Cisco Controller) > debug cac event enable
(Cisco Controller) > debug cac packet enable

Related Commands

config 802.11 cac video acm

config 802.11 cac video max-bandwidth
config 802.11 video roam-bandwidth
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac voice load-based
config 802.11 cac voice roam-bandwidth
config 802.11cac voice stream-size
config 802.11cac voice tspec-inactivity-timeout

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

557

Troubleshooting the Controller Settings

debug cdp
To configure debugging of CDP, use the debug cdp command.
debug cdp {events | packets} {enable | disable}

Syntax Description

Command Default

Command History

Examples

events

Configures debugging of the CDP events.

packets

Configures debugging of the CDP packets.

enable

Enables debugging of the CDP options.

disable

Disables debugging of the CDP options.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable CDP event debugging in a Cisco controller:
(Cisco Controller) > debug cdp

Cisco Wireless LAN Controller Command Reference, Release 8.0

558

OL-31334-01

Troubleshooting the Controller Settings

debug crypto
To configure the debugging of the hardware cryptographic options, use the debug crypto command.
debug crypto {all | sessions | trace | warning} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures the debugging of all hardware crypto messages.

sessions

Configures the debugging of hardware crypto sessions.

trace

Configures the debugging of hardware crypto sessions.

warning

Configures the debugging of hardware crypto sessions.

enable

Enables the debugging of hardware cryptographic sessions.

disable

Disables the debugging of hardware cryptographic sessions.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of hardware crypto sessions:
(Cisco Controller) > debug crypto sessions enable

Related Commands

debug disable-all
show sysinfo

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

559

Troubleshooting the Controller Settings

debug dhcp
To configure the debugging of DHCP, use the debug dhcp command.
debug dhcp {message | packet} {enable | disable}

Syntax Description

message

Configures the debugging of DHCP error messages.

packet

Configures the debugging of DHCP packets.

enable

Enables the debugging DHCP messages or packets.

disable

Disables the debugging of DHCP messages or packets.

Command Default

None

Examples

The following example shows how to enable the debugging of DHCP messages:
(Cisco Controller) >debug dhcp message enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

560

OL-31334-01

Troubleshooting the Controller Settings

debug dhcp service-port

To enable or disable debugging of the Dynamic Host Configuration Protocol (DHCP) packets on the service
port, use the debug dhcp service-port command.
debug dhcp service-port {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the debugging of DHCP packets on the service port.

disable

Disables the debugging of DHCP packets on the service port.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of DHCP packets on a service port:
(Cisco Controller) >debug dhcp service-port enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

561

Troubleshooting the Controller Settings

debug disable-all
To disable all debug messages, use the debug disable-all command.
debug disable-all

Syntax Description

This command has no arguments or keywords.

Command Default

Disabled.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to disable all debug messages:

(Cisco Controller) > debug disable-all

Cisco Wireless LAN Controller Command Reference, Release 8.0

562

OL-31334-01

Troubleshooting the Controller Settings

debug fastpath
To debug the issues in the 10-Gigabit Ethernet interface of the controller and to view details of all the
management and control features of the controller, use the debug fastpath command.
debug fastpath [disable| enable| errors| events| warning| log| status| dump| audit| clear]
debug fastpath log [{error | events | show}]
debug fastpath dump [{stats DP_number} | {fpapoolDP_number} | {ownerdb}|{portdb} |{tun4db| index|
DP_number} | {scbdb| index| DP_number} | {cfgtool -- dump.sfp} |{vlandb} | { dpcp-stats} | { clear|
stats} | {systemdb} | {debug| {wlanappstats| wlan_id}} | { appqosdb}]

Syntax Description

disable

Enables debug of fastpath messages.

enable

Disables debug of fastpath messages.

errors

Displays the debug messages related to the fastpath

errors.

events

Displays the debug messages related to the fastpath

events.

warnings

Displays the debug messages related to the fastpath

warnings.

log

Configures debug of log messages.

errors

Configures debug of fastpath errors.

events

Configures debug of fastpath events.

show

Displays log of most recent events related to fastpath.

status

Displays status of fastpath configuration.

dump

Displays the CLI dump commands.

stats

Displays the debug statistics from the data plane.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

563

Troubleshooting the Controller Settings

DP_number

Displays the statistic counters at data plane based on

selected data plane number. Values include 0, 1, and
All. The default option is All. You must select:
The index 0 for the Cisco Wireless LAN
Controller 2504 Series, Cisco Wireless LAN
Controller 5508 Series, Cisco Wireless LAN
Controller 7500 Series, Cisco Wireless LAN
Controller 8500 Series.
The index 0 and/or 1 respectively for the two
data planes in WiSM2 to view statistics of
individual data plane or from both.

fpapool

Displays statistics of packet buffer in data plane.

DP_number

Displays statistics of packet buffer based on data plane

number. Values include 0, 1, and All. The default
option is All. You must select:
The index 0 for the Cisco Wireless LAN
Controller 2504 Series, Cisco Wireless LAN
Controller 5508 Series, Cisco Wireless LAN
Controller 7500 Series, Cisco Wireless LAN
Controller 8500 Series.
The index 0 and/or 1 respectively for the two
data planes in WiSM2 to view statistics of
individual data plane or from both.

ownerdb

Displays the data plane owner information.

portdb

Displays the port database at data plane.

tun4db

Dumps the first 20 tunnels from the data plane.

index

Dumps 20 tunnel entries from index provided. You

must use data plane number 0/1 to denote WISM2
data plane processor.

DP_number

Dumps the first twenty client entries from the data

plane. Values include 0, 1, and All. The default option
is All. You must select:
The index 0 for the Cisco Wireless LAN
Controller 2504 Series, Cisco Wireless LAN
Controller 5508 Series, Cisco Wireless LAN
Controller 7500 Series, Cisco Wireless LAN
Controller 8500 Series.
The index 0 and/or 1 respectively for the two
data planes in WiSM2 to view statistics of
individual data plane or from both.

Cisco Wireless LAN Controller Command Reference, Release 8.0

564

OL-31334-01

Troubleshooting the Controller Settings

scbdb

Dumps 20 client entries starting from index provided.

You must use data plane number 0/1 to denote
WISM2 data plane processor.

index

Dumps client information for the selected MAC

address.

DP_number

Dumps the first twenty client entries from the data

Command Default

cfgtool -- dump.sfp

Displays the model/type of SX/LC/T small

form-factor plug-in (SFP) modules with the OUI
Partnumber.

vlandb

Dumps the VLAN database in the dataplane.

dpcp-stats

Displays the dataplane to controlplane message

statistics.

clear stats

Clears the data plane statistic counters.

systemdb

Displays the global data plane configuration.

debug

Displays the few latest messages of the data plane to

enable troubleshooting.

wlanappstats

Displays Application Visibility and Control (AVC)

statistics of a WLAN.

wlan_id

The WLAN identifier of the WLAN you need identify

the AVC statistics.

appqosdb

Displays Application Visibility and Control (AVC)

database statistics of the data plane.

clear

Clear command.

None

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

565

Troubleshooting the Controller Settings

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

None

Examples

Examples
The following is an example of the SX/LC/T small form-factor plug-in (SFP) modules model/type with the
respective OUI Partnumber.
(Cisco Controller) >debug fastpath status

Pr Type
SFPType
-- ---------------1 Normal
1000BaseTX
2 Normal
1000BaseTX

STP
Stat

Admin
Mode

Physical
Mode

Physical
Status

Link
Status

Link
Trap

POE

---- ------- ---------- ---------- ------ ------- ------Forw Enable

Auto

1000 Full

Enable

N/A

Forw Enable

Auto

1000 Full

Enable

N/A

The following is an example of the fastpath status displayed while you execute the status command.
(Cisco Controller) >debug fastpath status

FP0.03:(119115)Received
FP0.00:(119115)Received
FP0.06:(119115)Received
FP0.05:(119115)Received
FP0.06:(119115)Received
FP0.03:(119115)Received
FP0.06:(119115)Received
FP0.07:(119125)Received
FP0.04:(119125)Received
FP0.03:(119125)Received

command:
command:
command:
command:
command:
command:
command:
command:
command:
command:

FP_CMD_ACL_COUNTER_GET
FP_CMD_ACL_COUNTER_GET
FP_CMD_ACL_COUNTER_GET
FP_CMD_ACL_COUNTER_GET
FP_CMD_ACL_COUNTER_GET
FP_CMD_ACL_COUNTER_GET
FP_CMD_ACL_COUNTER_GET
FP_CMD_ACL_COUNTER_GET
FP_CMD_ACL_COUNTER_GET
FP_CMD_ACL_COUNTER_GET

The following is an example of the fastpath errors displayed while you execute the debug fastpath log errors
command.
(Cisco Controller) >debug fastpath log errors

FP0.04:(873365)[fp_ingress_capwap:429]Discarding Control/Data
Plane DTLS-Application packets after Lookup Failed
FP0.02:(873418)Change logDebugLevel from: 0x1e to 0x9
The following is an example of the fastpath events displayed while you execute the debug fastpath log events
command.
(Cisco Controller) >debug fastpath log events

FP0.09:(873796)[fp_ingress_capwap:429]Discarding Control/Dat
a Plane DTLS-Application packets after Lookup Failed
FP0.06:(873921)Change logDebugLevel from: 0x9 to 0x1e

Cisco Wireless LAN Controller Command Reference, Release 8.0

566

OL-31334-01

Troubleshooting the Controller Settings

The following is an example displayed while you execute the debug fastpath log show command.
(Cisco Controller) >debug fastpath log show

FP0.07:(874033)Change logDebugLevel from: 0x1e to 0x9

Fastpath CPU0.02: FAST CACHE DISABLED
Fastpath CPU0.02: FAST CACHE ENABLED
Fastpath CPU0.00: Received command: FP_CMD_ADD_AP
Fastpath CPU0.05: Received command: FP_CMD_DEL_TUN4 ifTun=1113
Fastpath CPU0.03: Received command: FP_CMD_DEL_TUN4 ifTun=3161
Fastpath CPU0.03: Received command: FP_CMD_DEL_AP
FP0.02:[cmdDelMcastRgTun:6733]failed to delete mcast rg tun 0 ifTun=3161
FP0.07:[fp_ingress_capwap:429]Discarding Control/Data Plane
DTLS-Application packets after Lookup Failed
FP0.01:[fp_ingress_capwap:429]Discarding Control/Data Plane
DTLS-Application packets after Lookup Failed
Fastpath CPU0.01: Received command: FP_CMD_ADD_TUN4 type=CAPWAP ifTun=1114
dstIP
=9.4.110.100 dstMac=2037.06e2.5ec4 dstIPv6=
0000:0000:0000:0000:0000:0000:0000:0000
Fastpath CPU0.01: Tunnel 1114 srcip=9041820 dstip=9046e64 xor=0x7644(30276)
LAG Offset=0,0,0,0,1,0,1,4
Fastpath CPU0.09: Received command: FP_CMD_ADD_TUN4 type=CAPWAP ifTun=3162
dstIP
=9.4.110.100 dstMac=2037.06e2.5ec4 dstIPv6=
0000:0000:0000:0000:0000:0000:0000:0000
Fastpath CPU0.09: Tunnel 3162 srcip=9041820 dstip=9046e64 xor=0x7644(30276)
LAG Offset=0,0,0,0,1,0,1,4
Fastpath CPU0.00: Received command: FP_CMD_SET_INTERFACE_MTU
Fastpath CPU0.00: FAST CACHE DISABLED
Fastpath CPU0.00: FAST CACHE ENABLED
Fastpath CPU0.00: Received command: FP_CMD_ADD_AP
Fastpath CPU0.03: Received command: FP_CMD_UPDATE_EOIP for index=5122
Fastpath CPU0.02: Received command: FP_CMD_UPDATE_EOIP for index=5122
Fastpath CPU0.00: Received command: FP_CMD_DEL_TUN4 ifTun=1114
Fastpath CPU0.03: Received command: FP_CMD_DEL_TUN4 ifTun=3162
Fastpath CPU0.03: Received command: FP_CMD_DEL_AP
FP0.04:[cmdDelMcastRgTun:6733]failed to delete mcast rg tun 0 ifTun=3162

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

567

Troubleshooting the Controller Settings

debug l2age
To configure the debugging of Layer 2 age timeout messages, use the debug l2age command.
debug l2age {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the debugging of Layer2 age settings.

disable

Disables the debugging Layer2 age settings.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of Layer2 age settings:
(Cisco Controller) > debug l2age enable

Related Commands

debug disable-all

Cisco Wireless LAN Controller Command Reference, Release 8.0

568

OL-31334-01

Troubleshooting the Controller Settings

debug mac
To configure the debugging of the client MAC address, use the debug mac command.
debug mac {disable | addr MAC}

Syntax Description

Command Default

Command History

Examples

disable

Disables the debugging of the client using the MAC address.

addr

Configures the debugging of the client using the MAC address.

MAC

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the debugging of the client using the MAC address:
(Cisco Controller) > debug mac addr 00.0c.41.07.33.a6

Related Commands

debug disable-all

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

569

Troubleshooting the Controller Settings

debug mdns all

To debug all multicast DNS (mDNS) messages, details, and errors, use the debug mdns all command.
debug mdns all {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the debugging of all mDNS messages, details, and errors.

disable

Disables the debugging of all mDNS messages, details, and errors.

By default, the debugging of all mDNS messages, details, and errors is disabled.

Release

Modification

7.4

This command was introduced.

The following example shows how to enable debugging of all mDNS messages, details, and errors:
(Cisco Controller) > debug mdns all enable

Related Commands

config mdns profile

config mdns query interval
config mdns service
config mdns snooping
config interface mdns-profile
config interface group mdns-profile
config wlan mdns
show mdns profile
show mnds service
clear mdns service-database
debug mdns error
debug mdns detail

Cisco Wireless LAN Controller Command Reference, Release 8.0

570

OL-31334-01

Troubleshooting the Controller Settings

debug mdns detail

To debug multicast DNS (mDNS) details, use the debug mdns detail command.
debug mdns detail {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the debugging of mDNS details.

disable

Disables the debugging of mDNS details.

This command is disabled by default.

Release

Modification

7.4

This command was introduced.

The following example shows how to enable the debugging of mDNS details:
(Cisco Controller) > debug mdns detail enable

Related Commands

config mdns profile

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

571

Troubleshooting the Controller Settings

debug mdns error

To debug multicast DNS (mDNS) errors, use the debug mdns error command.
debug mdns error {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the debugging of mDNS errors.

disable

Disables the debugging of mDNS errors.

This command is disabled by default.

Release

Modification

7.4

This command was introduced.

The following example shows how to enable the debugging of mDNS errors.
(Cisco Controller) > debug mdns error enable

Related Commands

config mdns profile

Cisco Wireless LAN Controller Command Reference, Release 8.0

572

OL-31334-01

Troubleshooting the Controller Settings

debug mdns message

To debug multicast DNS (mDNS) messages, use the debug mdns message command.
debug mdns message {enable | disable}

Syntax Description

enable

Enables the debugging of mDNS messages.

disable

Disables the debugging of mDNS messages.

Command Default

Disabled.

Command History

Release

Modification

7.4

This command was introduced.

Examples

The following example shows how to enable the debugging of mDNS messages:
(Cisco Controller) > debug mdns message enable

Related Commands

config mdns profile

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

573

Troubleshooting the Controller Settings

debug mdns ha
To debug all the multicast Domain Name System (mDNS) High Availability (HA) messages, use the debug
mdns ha command.
debug mdns ha {enable | disable}

Syntax Description

Command Default

Command History

enable

Enables debugging of all the mDNS HA messages.

disable

Disables debugging of all the mDNS HA messages.

This command is disabled by default.

Release

Modification

7.5

This command was introduced.

Usage Guidelines

This command is automatically enabled when the debug mdns all command is enabled.

Examples

The following example shows how to enable debugging of all the mDNS HA messages:
(Cisco Controller) > debug mdns ha enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

574

OL-31334-01

Troubleshooting the Controller Settings

debug memory
To enable or disable the debugging of errors or events during the memory allocation of the Cisco WLC, use
the debug memory command.
debug memory {errors | events} {enable | disable}

Syntax Description

Command Default

Command History

Examples

errors

Configures the debugging of memory leak errors.

events

Configures debugging of memory leak events.

enable

Enables the debugging of memory leak events.

disable

Disables the debugging of memory leak events.

By default, the debugging of errors or events during the memory allocation of the Cisco WLC is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of memory leak events:
(Cisco Controller) > debug memory events enable

Related Commands

config memory monitor errors

show memory monitor
config memory monitor leaks

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

575

Troubleshooting the Controller Settings

debug nmsp
To configure the debugging of the Network Mobility Services Protocol (NMSP), use the debug nmsp command.
debug nmsp {all | connection | detail | error | event | message | packet}

Syntax Description

Command Default

Command History

Examples

all

Configures the debugging for all NMSP messages.

connection

Configures the debugging for NMSP connection events.

detail

Configures the debugging for NMSP events in detail.

error

Configures the debugging for NMSP error messages.

event

Configures the debugging for NMSP events.

message

Configures the debugging for NMSP transmit and receive

messages.

packet

Configures the debugging for NMSP packet events.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the debugging of NMSP connection events:
(Cisco Controller) > debug nmsp connection

Related Commands

clear nmsp statistics

debug disable-all
config nmsp notify-interval measurement

Cisco Wireless LAN Controller Command Reference, Release 8.0

576

OL-31334-01

Troubleshooting the Controller Settings

debug ntp
To configure the debugging of the Network Time Protocol (NTP), use the debug ntp command.
debug ntp {detail | low | packet} {enable | disable}

Syntax Description

Command Default

Command History

Examples

detail

Configures the debugging of detailed NTP messages.

low

Configures the debugging of NTP messages.

packet

Configures the debugging of NTP packets.

enable

Enables the NTP debugging.

disable

Disables the NTP debugging.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of NTP settings:
(Cisco Controller) > debug ntp packet enable

Related Commands

debug disable-all

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

577

Troubleshooting the Controller Settings

debug packet error

To configure debugging of the packets sent to the Cisco Wireless LAN Controller (WLC) CPU , use the debug
packet error command.
debug packet error {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables debugging of the packets sent to the Cisco WLC CPU.

disable

Disables debugging of the packets sent to the Cisco WLC CPU.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of the packets sent to the Cisco WLC CPU:
(Cisco Controller) > debug packet error enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

578

OL-31334-01

Troubleshooting the Controller Settings

debug packet logging

To configure logging of the packets sent to the Cisco Wireless LAN Controller CPU, use the debug packet
logging command.
debug packet logging {acl | disable | enable {rx | tx | all} packet_count display_size | format {hex2pcap |
text2pcap}}
debug packet logging acl {clear-all | driver rule_index action npu_encap port | eoip-eth rule_index action
dst src type vlan | eoip-ip rule_index action src dst proto src_port dst_port | eth rule_index action dst src
type vlan | ip rule_index action src dst proto src_port dst_port | lwapp-dot11rule_index action dst src bssid
type | lwapp-ip rule_index action src dst proto src_port dst_port}

Syntax Description

acl

Filters the displayed packets according to a rule.

disable

Disables logging of all the packets.

enable

Enables logging of all the packets.

Displays all the received packets.

Displays all the transmitted packets.

all

Displays both the transmitted and the received packets.

packet_count

Maximum number of packets to be logged. The range is from 1 to

65535. The default value is 25.

display_size

Number of bytes to be displayed when printing a packet. By default,

the entire packet is displayed.

format

Configures the format of the debug output.

hex2pcap

Configures the output format to be compatible with the hex2pcap

format. The standard format used by Cisco IOS supports the use
of hex2pcap and can be decoded using an HTML front end.

text2pcap

Configures the output format to be compatible with the text2pcap

format. In this format, the sequence of packets can be decoded from
the same console log file. .

clear-all

Clears all the existing rules pertaining to the packets.

driver

Filters the packets based on an incoming port or a Network

Processing Unit (NPU) encapsulation type.

rule_index

Index of the rule that is a value between 1 and 6 (inclusive).

action

Action for the rule, which can be permit, deny, or disable.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

579

Troubleshooting the Controller Settings

npu_encap

NPU encapsulation type that determines how the packets are

filtered. The possible values are dhcp, dot11-mgmt, dot11-probe,
dot1x, eoip-ping, iapp, ip, lwapp, multicast, orphan-from-sta,
orphan-to-sta, rbcp, wired-guest, or any.

port

Physical port for packet transmission or reception.

eoip-eth

Filters packets based on the Ethernet II header in the Ethernet over

IP (EoIP) payload.

dst

Destination MAC address.

src

Source MAC address.

type

Two-byte type code, such as 0x800 for IP, 0x806 for Address
Resolution Protocol (ARP). You can also enter a few common
string values such as ip (for 0x800) or arp (for 0x806).

vlan

Two-byte VLAN identifier.

eoip-ip

Filters packets based on the IP header in the EoIP payload.

proto

Protocol. Valide values are: ip, icmp, igmp, ggp, ipencap, st, tcp,
egp, pup, udp, hmp, xns-idp, rdp, iso-tp4, xtp, ddp, idpr-cmtp, rspf,
vmtp, ospf, ipip, and encap.

src_port

User Datagram Protocol or Transmission Control Protocol (UDP

or TCP) two-byte source port, such as telnet, 23 , or any. The Cisco
WLC supports the following strings: tcpmux, echo, discard, systat,
daytime, netstat, qotd, msp, chargen, ftp-data, ftp, fsp, ssh, telnet,
smtp, time, rlp, nameserver, whois, re-mail-ck, domain, mtp, bootps,
bootpc, tftp, gopher, rje, finger, www, link, kerberos, supdup,
hostnames, iso-tsap, csnet-ns, 3com-tsmux, rtelnet, pop-2, pop-3,
sunrpc, auth, sftp, uucp-path, nntp, ntp, netbios-ns, netbios-dgm,
netbios-ssn, imap2, snmp, snmp-trap, cmip-man, cmip-agent, xdmcp,
nextstep, bgp, prospero, irc, smux, at-rtmp, at-nbp, at-echo, at-zis,
qmtp, z3950, ipx, imap3, ulistserv, https, snpp, saft, npmp-local,
npmp-gui, and hmmp-ind.

dst_port

UDP or TCP two-byte destination port, such as telnet, 23, or any.

The Cisco WLC supports the same strings as those for the src_port.

eth

Filters packets based on the values in the Ethernet II header.

Filters packets based on the values in the IP header.

lwapp-dot11

Filters packets based on the 802.11 header in the Lightweight

Access Point Protocol (LWAPP) payload.

bssid

Basic Service Set Identifier of the VLAN.

lwapp-ip

Filters packets based on the IP header in the LWAPP payload.

Cisco Wireless LAN Controller Command Reference, Release 8.0

580

OL-31334-01

Troubleshooting the Controller Settings

Command Default

Command History

Examples

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable logging of a packet:

(Cisco Controller) > debug packet logging enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

581

Troubleshooting the Controller Settings

debug poe
To configure the debugging of Power over Ethernet (PoE), use the debug poe command.
debug poe {detail | message | error} {enable | disable}

Syntax Description

Command Default

Command History

Examples

detail

Configures the debugging of PoE detail logs.

error

Configures the debugging of PoE error logs.

message

Configures the debugging of PoE messages.

enable

Enables the debugging of PoE logs.

disable

Disables the debugging of PoE logs.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the PoE debugging:

(Cisco Controller) > debug poe message enable

Related Commands

debug disable-all

Cisco Wireless LAN Controller Command Reference, Release 8.0

582

OL-31334-01

Troubleshooting the Controller Settings

debug rbcp
To configure Router Blade Control (RBCP) debug options, use the debug rbcp command.
debug rbcp {all | detail | errors | packet} {enable | disable}

Syntax Description

all

Configures the debugging of RBCP.

detail

Configures the debugging of RBCP detail.

errors

Configures the debugging of RBCP errors.

packet

Configures the debugging of RBCP packet trace.

enable

Enables the RBCP debugging.

disable

Disables the RBCP debugging.

Command Default

None

Examples

The following example shows how to enable the debugging of RBCP settings:
(Cisco Controller) > debug rbcp packet enable

Related Commands

debug disable-all

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

583

Troubleshooting the Controller Settings

debug rfid
To configure radio frequency identification (RFID) debug options, use the debug rfid command.
debug rfid {all | detail | errors | nmsp | receive} {enable | disable}

Syntax Description

all

Configures the debugging of all RFID.

detail

Configures the debugging of RFID detail.

errors

Configures the debugging of RFID error messages.

nmsp

Configures the debugging of RFID Network Mobility Services

Protocol (NMSP) messages.

receive

Configures the debugging of incoming RFID tag messages.

enable

Enables the RFID debugging.

disable

Disables the RFID debugging.

Command Default

None

Examples

The following example shows how to enable the debugging of RFID error messages:
(Cisco Controller) > debug rfid errors enable

Related Commands

debug disable-all

Cisco Wireless LAN Controller Command Reference, Release 8.0

584

OL-31334-01

Troubleshooting the Controller Settings

debug snmp
To configure SNMP debug options, use the debug snmp command.
debug snmp {agent | all | mib | trap} {enable | disable}

Syntax Description

agent

Configures the debugging of the SNMP agent.

all

Configures the debugging of all SNMP messages.

mib

Configures the debugging of the SNMP MIB.

trap

Configures the debugging of SNMP traps.

enable

Enables the SNMP debugging.

disable

Disables the SNMP debugging.

Command Default

None

Examples

The following example shows how to enable the SNMP debugging:

(Cisco Controller) > debug snmp trap enable

Related Commands

debug disable-all

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

585

Troubleshooting the Controller Settings

debug transfer
To configure transfer debug options, use the debug transfer command.
debug transfer {all | tftp | trace} {enable | disable}

Syntax Description

all

Configures the debugging of all transfer messages.

tftp

Configures the debugging of TFTP transfers.

trace

Configures the debugging of transfer messages.

enable

Enables the debugging of transfer messages.

disable

Disables the debugging of transfer messages.

Command Default

None

Examples

The following example shows how to enable the debugging of transfer messages:
(Cisco Controller) > debug transfer trace enable

Related Commands

debug disable-all

Cisco Wireless LAN Controller Command Reference, Release 8.0

586

OL-31334-01

Troubleshooting the Controller Settings

debug voice-diag
To trace call or packet flow, use the debug voice-diag command.
debug voice-diag {enable client_mac1 [client_mac2] [verbose] | disable}

Syntax Description

enable

Enables the debugging of voice diagnostics for voice clients involved in a call.

client_mac1

MAC address of a voice client.

client_mac2

(Optional) MAC address of an additional voice client.

Note

Voice diagnostics can be enabled or disabled for a maximum of two

voice clients at a time.

(Optional) Enables debug information to be displayed on the console.

verbose

Note

When voice diagnostics is enabled from the NCS or Prime Infrastructure,

the verbose option is not available.

Disables the debugging of voice diagnostics for voice clients involved in a call.

disable

Command Default

None

Usage Guidelines

Follow these guidelines when you use the debug voice-diag command:
When the command is entered, the validity of the clients is not checked.
A few output messages of the command are sent to the NCS or Prime Infrastructure.
The command expires automatically after 60 minutes.
The command provides the details of the call flow between a pair of client MACs involved in an active
call.

Note

Examples

Voice diagnostics can be enabled for a maximum of two voice clients at a time.

The following example shows how to enable transfer/upgrade settings:

(Cisco Controller) > debug voice-diag enable 00:1a:a1:92:b9:5c 00:1a:a1:92:b5:9c verbose

Related Commands

show client voice-diag

show client calls

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

587

Troubleshooting the Controller Settings

show debug
To determine if the MAC address and other flag debugging is enabled or disabled, sse the show debug
command.
show debug [packet]

Syntax Description

packet

Displays information about packet debugs.

Command Default

None.

Examples

This example shows how to display if debugging is enabled:

> show debug
MAC debugging............................... disabled
Debug Flags Enabled:
arp error enabled.
bcast error enabled.

This example shows how to display if debugging is enabled:

> show debug packet
Status...........................................
Number of packets to display.....................
Bytes/packet to display..........................
Packet display format............................
Driver ACL:
[1]: disabled
[2]: disabled
[3]: disabled
[4]: disabled
[5]: disabled
[6]: disabled
Ethernet ACL:
[1]: disabled
[2]: disabled
[3]: disabled
[4]: disabled
[5]: disabled
[6]: disabled
IP ACL:
[1]: disabled
[2]: disabled
[3]: disabled
[4]: disabled
[5]: disabled
[6]: disabled
EoIP-Ethernet ACL:
[1]: disabled
[2]: disabled
[3]: disabled
[4]: disabled
[5]: disabled
[6]: disabled
EoIP-IP ACL:
[1]: disabled
[2]: disabled
[3]: disabled
[4]: disabled

disabled
0
0
text2pcap

Cisco Wireless LAN Controller Command Reference, Release 8.0

588

OL-31334-01

Troubleshooting the Controller Settings

[5]: disabled
[6]: disabled
LWAPP-Dot11 ACL:
[1]: disabled
[2]: disabled
[3]: disabled
[4]: disabled
[5]: disabled
[6]: disabled
LWAPP-IP ACL:
[1]: disabled
[2]: disabled
[3]: disabled
[4]: disabled
[5]: disabled
[6]: disabled

Related Commands

debug mac

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

589

Troubleshooting the Controller Settings

show eventlog
To display the event log, use the show eventlog command.
show eventlog

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show eventlog command:

(Cisco Controller) > show eventlog
EVENT>
EVENT>
EVENT>
EVENT>
EVENT>
EVENT>
EVENT>
EVENT>
EVENT>
EVENT>
EVENT>
EVENT>

File
Line TaskID
Code
bootos.c 788 125CEBCC AAAAAAAA
bootos.c 788 125CEBCC AAAAAAAA
bootos.c 788 125C597C AAAAAAAA
bootos.c 788 125C597C AAAAAAAA
bootos.c 788 125C597C AAAAAAAA
bootos.c 788 125C597C AAAAAAAA
bootos.c 788 125C597C AAAAAAAA
bootos.c 788 125C597C AAAAAAAA
bootos.c 788 1216C36C AAAAAAAA
bootos.c 788 1216C36C AAAAAAAA
bootos.c 788 1216C36C AAAAAAAA
bootos.c 788 1216C36C AAAAAAAA

d
0
0
0
0
0
0
0
0
0
0
0
0

Time
h m s
0 0 6
0 0 6
0 0 6
0 0 6
0 0 6
0 0 6
0 0 6
0 0 6
0 0 6
0 0 6
0 0 6
0 0 11

Cisco Wireless LAN Controller Command Reference, Release 8.0

590

OL-31334-01

Troubleshooting the Controller Settings

show memory monitor

To display a summary of memory analysis settings and any discovered memory issues, use the show memory
monitor command.
show memory monitor [detail]

Syntax Description

Command Default

Command History

detail

(Optional) Displays details of any memory leaks or corruption.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Be careful when changing the defaults for the config memory monitor command unless you know what you
are doing, you have detected a problem, or you are collecting troubleshooting information.

Examples

The following is a sample output of the show buffers command:

(Cisco Controller) > show memory monitor
Memory Leak Monitor Status:
low_threshold(10000), high_threshold(30000), current status(disabled)
------------------------------------------Memory Error Monitor Status:
Crash-on-error flag currently set to (disabled)
No memory error detected.

The following is a sample output of the show memory monitor detail command:
(Cisco Controller) > show memory monitor detail
Memory error detected. Details:
------------------------------------------------ Corruption detected at pmalloc entry address:
(0x179a7ec0)
- Corrupt entry:headerMagic(0xdeadf00d),trailer(0xabcd),poison(0xreadceef),
entrysize(128),bytes(100),thread(Unknown task name,task id = (332096592)),
file(pmalloc.c),line(1736),time(1027)
Previous 1K memory dump from error location.
-----------------------------------------------(179a7ac0): 00000000 00000000 00000000 ceeff00d readf00d 00000080 00000000 00000000
(179a7ae0): 17958b20 00000000 1175608c 00000078 00000000 readceef 179a7afc 00000001
(179a7b00): 00000003 00000006 00000001 00000004 00000001 00000009 00000009 0000020d
(179a7b20): 00000001 00000002 00000002 00000001 00000004 00000000 00000000 5d7b9aba
(179a7b40): cbddf004 192f465e 7791acc8 e5032242 5365788c a1b7cee6 00000000 00000000
(179a7b60): 00000000 00000000 00000000 00000000 00000000 ceeff00d readf00d 00000080
(179a7b80): 00000000 00000000 17958dc0 00000000 1175608c 00000078 00000000 readceef
(179a7ba0): 179a7ba4 00000001 00000003 00000006 00000001 00000004 00000001 00003763
(179a7c00): 1722246c 1722246c 00000000 00000000 00000000 00000000 00000000 ceeff00d
(179a7c20): readf00d 00000080 00000000 00000000 179a7b78 00000000 1175608c 00000078
...

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

591

Troubleshooting the Controller Settings

show run-config
To display a comprehensive view of the current Cisco wireless LAN controller configuration, use the show
run-config command.
show run-config [no-ap | commands]

Syntax Description

Command Default

Command History

Usage Guidelines

no-ap

(Optional) Excludes access point configuration settings.

commands

(Optional) Displays a list of user-configured commands on the controller.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

These commands have replaced the show running-config command.

Examples

The following is a sample output of the show run-config command:

Cisco Controller
FLS0923003B
xx:xx:xx:xx:xx:xx
Absent
Absent
Absent
Present, OK

Cisco Wireless LAN Controller Command Reference, Release 8.0

592

OL-31334-01

Troubleshooting the Controller Settings

show process
To display how various processes in the system are using the CPU at that instant in time, use the show process
command.
show process {cpu | memory}

Syntax Description

cpu

Displays how various system tasks are using the CPU at that moment.

memory

Displays the allocation and deallocation of memory from various processes in

the system at that moment.

Command Default

None.

Usage Guidelines

This command is helpful in understanding if any single task is monopolizing the CPU and preventing other
tasks from being performed.

Examples

This example shows how to display various tasks in the system that are using the CPU at a given moment:
> show process cpu
Name
Priority
CPU Use
Reaper
reaperWatcher
( 3/124)
0 %
( 0/ 0)%
I
osapiReaper
(10/121)
0 %
( 0/ 0)%
I
TempStatus
(255/ 1)
0 %
( 0/ 0)%
I
emWeb
(255/ 1)
0 %
( 0/ 0)%
T 300
cliWebTask
(255/ 1)
0 %
( 0/ 0)%
I
UtilTask
(255/ 1)
0 %
( 0/ 0)%
T 300

This example shows how to display the allocation and deallocation of memory from various processes at a
given moment:
> show process memory
Name
Priority
BytesinUse
Reaper
reaperWatcher
( 3/124)
0
( 0/ 0)%
osapiReaper
(10/121)
0
( 0/ 0)%
TempStatus
(255/ 1)
308
( 0/ 0)%
emWeb
(255/ 1)
294440
( 0/ 0)%
cliWebTask
(255/ 1)
738
( 0/ 0)%
UtilTask
(255/ 1)
308
( 0/ 0)%

Related Commands

I
I
I
T 300
I
T 300

debug memory
transfer upload datatype

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

593

Troubleshooting the Controller Settings

show tech-support
To display Cisco wireless LAN controller variables frequently requested by Cisco Technical Assistance Center
(TAC), use the show tech-support command.
show tech-support

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display system resource information:

0%
4608
4604
4
152
3
152
3
747040 Secs
127552 Kbytes
19540 Kbytes
0 Kbytes
460 Kbytes

Cisco Wireless LAN Controller Command Reference, Release 8.0

594

OL-31334-01

Troubleshooting the Controller Settings

config memory monitor errors

To enable or disable monitoring for memory errors and leaks, use the config memory monitor errors
command.
config memory monitor errors {enable | disable}

Caution

Syntax Description

Command Default

Command History

The config memory monitor commands can be disruptive to your system and should be run only when
you are advised to do so by the Cisco TAC.

enable

Enables the monitoring for memory settings.

disable

Disables the monitoring for memory settings.

Monitoring for memory errors and leaks is disabled by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Be cautious about changing the defaults for the config memory monitor command unless you know what
you are doing, you have detected a problem, or you are collecting troubleshooting information.

Examples

The following example shows how to enable monitoring for memory errors and leaks for a controller:
(Cisco Controller) > config memory monitor errors enable

Related Commands

config memory monitor leaks

debug memory
show memory monitor

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

595

Troubleshooting the Controller Settings

config memory monitor leaks

To configure the controller to perform an auto-leak analysis between two memory thresholds, use the config
memory monitor leaks command.
config memory monitor leaks low_thresh high_thresh

Caution

Syntax Description

Command Default

Command History

The config memory monitor commands can be disruptive to your system and should be run only when
you are advised to do so by the Cisco TAC.

low_thresh

Value below which free memory cannot fall without crashing. This value cannot
be set lower than 10000 KB.

high_thresh

Value below which the controller enters auto-leak-analysis mode. See the Usage
Guidelines section.

The default value for low_thresh is 10000 KB; the default value for high_thresh is 30000 KB.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines
Note

Cisco Wireless LAN Controller Command Reference, Release 8.0

596

OL-31334-01

Troubleshooting the Controller Settings

Examples

Related Commands

config memory monitor leaks

debug memory
show memory monitor

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

597

Troubleshooting the Controller Settings

config msglog level critical

To reset the message log so that it collects and displays only critical (highest-level) messages, use the config
msglog level critical command.
config msglog level critical

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The message log always collects and displays critical messages, regardless of the message log level setting.

Examples

The following example shows how to configure the message log severity level and display critical messages:
(Cisco Controller) > config msglog level critical

Related Commands

show msglog

Cisco Wireless LAN Controller Command Reference, Release 8.0

598

OL-31334-01

Troubleshooting the Controller Settings

config msglog level error

To reset the message log so that it collects and displays both critical (highest-level) and error (second-highest)
messages, use the config msglog level error command.
config msglog level error

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to reset the message log to collect and display critical and noncritical error
messages:
(Cisco Controller) > config msglog level error

Related Commands

show msglog

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

599

Troubleshooting the Controller Settings

config msglog level security

To reset the message log so that it collects and displays critical (highest-level), error (second-highest), and
security (third-highest) messages, use the config msglog level security command.
config msglog level security

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to reset the message log so that it collects and display critical, noncritical,
and authentication or security-related errors:
(Cisco Controller) > config msglog level security

Related Commands

show msglog

Cisco Wireless LAN Controller Command Reference, Release 8.0

600

OL-31334-01

Troubleshooting the Controller Settings

config msglog level verbose

To reset the message log so that it collects and displays all messages, use the config msglog level verbose
command.
config msglog level verbose

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to reset the message logs so that it collects and display all messages:
(Cisco Controller) > config msglog level verbose

Related Commands

show msglog

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

601

Troubleshooting the Controller Settings

config msglog level warning

To reset the message log so that it collects and displays critical (highest-level), error (second-highest), security
(third-highest), and warning (fourth-highest) messages, use the config msglog level warning command.
config msglog level warning

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to reset the message log so that it collects and displays warning messages
in addition to critical, noncritical, and authentication or security-related errors:
(Cisco Controller) > config msglog level warning

Related Commands

show msglog

Cisco Wireless LAN Controller Command Reference, Release 8.0

602

OL-31334-01

Troubleshooting the Controller Settings

ping
To send ICMP echo packets to a specified IP address, use the ping command:
ping ip-addr interface-name

Syntax Description

Command Default

Command History

Examples

ip-addr

IP address of the interface that you are trying to send ICMP echo packets
to

interface-name

Name of the interface to which you are trying to send ICMP echo packets

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to send ICMP echo packets to an interface:
(Cisco Controller) >ping 209.165.200.225 dyn-interface-1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

603

Troubleshooting the Controller Settings

Cisco Wireless LAN Controller Command Reference, Release 8.0

604

OL-31334-01

PART

Ports and Interfaces Commands

CLI Commands, page 607

show Commands
This section lists the show commands that you can use to display information about the controller ports and
interfaces.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

607

show Commands

show advanced sip-snooping-ports

To display the port range for call snooping, use the show advanced sip-snooping-ports command.
show advanced sip-snooping-ports

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show advanced sip-snooping-ports command:

(Cisco Controller) > show advanced sip-snooping-ports
SIP Call Snoop Ports: 1000 - 2000

Cisco Wireless LAN Controller Command Reference, Release 8.0

608

OL-31334-01

show Commands

show interface summary

To display summary details of the system interfaces, use the show interface summary command.
show interfacesummary

Syntax Description

Command Default

Command History

Examples

Displays a summary of the local interfaces.

summary

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command was updated in Release 8.0 and

displays IPv6 related details

The following example displays the summary of the local IPv4 interfaces:
(Cisco Controller) > show interface summary
Number of Interfaces.......................... 6
Interface Name
-------------------------------dyn59
management
redundancy-management
redundancy-port
service-port
virtual

Examples

Port
---LAG
LAG
LAG
N/A
N/A

Vlan Id
-------59
56
56
untagged
N/A
N/A

IP Address
--------------9.10.59.66
9.10.56.60
0.0.0.0
0.0.0.0
2.2.2.2
1.2.3.4

Type
------Dynamic
Static
Static
Static
Static
Static

Ap Mgr
-----No
Yes
No
No
No
No

Guest
----No
No
No
No
No
No

The following example displays the summary of the local IPv6 interfaces:
show ipv6 interface summary
Number of Interfaces.......................... 2
Interface Name
Port Vlan Id IPv6 Address/Prefix Length
----------------------- ---- -------- -----------------------------------------management
LAG 56
fe80::224:97ff:fe69:69af/64
LAG 56
2001:9:10:56::60/64
service-port
N/A N/A
fe80::224:97ff:fe69:69a1/64
N/A N/A
::/128

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

609

show Commands

show interface detailed

To display details of the system interfaces, use the show interface command.
show interfacedetailed {interface_name | management | redundancy-management | redundancy-port |
service-port | virtual}

Syntax Description

Command Default

Command History

Examples

detailed

Displays detailed interface information.

interface_name

Interface name for detailed display.

management

Displays detailed management interface information.

redundancy-management

Displays detailed redundancy management interface

information.

redundancy-port

Displays detailed redundancy port information.

service-port

Displays detailed service port information.

virtual

Displays detailed virtual gateway interface

information.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command was updated in Release 8.0 and

displays IPv6 related details

The following example shows how to display the detailed interface information:
(Cisco Controller) > show interface detailed management
Interface Name...................................
MAC Address......................................
IP Address.......................................
IP Netmask.......................................
IP Gateway.......................................
External NAT IP State............................
External NAT IP Address..........................
Link Local IPv6 Address..........................
STATE ...........................................
Primary IPv6 Address.............................
STATE ...........................................

management
00:24:97:69:69:af
9.10.56.60
255.255.255.0
9.10.56.1
Disabled
0.0.0.0
fe80::224:97ff:fe69:69af/64
REACHABLE
2001:9:10:56::60/64
REACHABLE

Cisco Wireless LAN Controller Command Reference, Release 8.0

610

OL-31334-01

show Commands

Primary IPv6 Gateway.............................

Primary IPv6 Gateway Mac Address.................
STATE ...........................................
VLAN.............................................
Quarantine-vlan..................................
NAS-Identifier...................................
Active Physical Port.............................
Primary Physical Port............................
Backup Physical Port.............................
DHCP Proxy Mode..................................
Primary DHCP Server..............................
Secondary DHCP Server............................
DHCP Option 82...................................
DHCP Option 82 bridge mode insertion.............
IPv4 ACL.........................................
IPv6 ACL.........................................
mDNS Profile Name................................
AP Manager.......................................
Guest Interface..................................
L2 Multicast.....................................

Note

fe80::aea0:16ff:fe4f:2242
ac:a0:16:4f:22:42
REACHABLE
56
0
Building1
LAG (13)
LAG (13)
Unconfigured
Global
9.1.0.100
Unconfigured
Disabled
Disabled
Unconfigured
Unconfigured
Unconfigured
Yes
No
Enabled

Some WLAN controllers may have only one physical port listed because they have only one physical
port.
The following example shows how to display the detailed redundancy management interface information:
(Cisco Controller) > show interface detailed redundancy-management

Interface Name................................... redundancy-management

MAC Address...................................... 88:43:e1:7e:0b:20
IP Address....................................... 209.165.201.2
The following example shows how to display the detailed redundancy port information:
(Cisco Controller) > show interface detailed redundancy-port

Interface Name................................... redundancy-port

MAC Address...................................... 88:43:e1:7e:0b:22
IP Address....................................... 169.254.120.5
The following example shows how to display the detailed service port information:
(Cisco Controller) > show interface detailed service-port

Interface Name................................... redundancy-port

MAC Address...................................... 88:43:e1:7e:0b:22
IP Address....................................... 169.254.120.5
The following example shows how to display the detailed virtual gateway interface information:
(Cisco Controller) > show interface detailed virtual

Interface Name...................................
MAC Address......................................
IP Address.......................................
Virtual DNS Host Name............................
AP Manager.......................................
Guest Interface..................................

virtual
88:43:e1:7e:0b:20
1.1.1.1
Disabled
No
No

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

611

show Commands

show interface group

To display details of system interface groups, use the show interface group command.
show interface group {summary | detailed interface_group_name}

Syntax Description

Command Default

Command History

Examples

summary

Displays a summary of the local interface groups.

detailed

Displays detailed interface group information.

interface_group_name

Interface group name for a detailed display.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of local interface groups:
(Cisco Controller) > show interface group summary

Interface Group Name

Total Interfaces
Total WLANs
Total AP
Groups
Quarantine
---------------------------------------------------------------mygroup1
1
0
0
No
mygroup2
1
0
0
No
mygroup3
5
1
0
No

The following example shows how to display the detailed interface group information:
(Cisco Controller) > show interface group detailed mygroup1
Interface Group Name.............................

Quarantine ......................................
Number of Wlans using the Interface Group........
Number of AP Groups using the Interface Group....
Number of Interfaces Contained...................

mygroup1
No
0
0
1

mDNS Profile Name................................ NCS12Prof

Interface Group Description...................... My Interface Group

Next interface for allocation to client.......... testabc
Interfaces Contained in this group .............. testabc
Interface marked with * indicates DHCP dirty interface
Interface list sorted based on vlan:
Index
-----

Vlan
----

Interface Name
--------------------------------

Cisco Wireless LAN Controller Command Reference, Release 8.0

612

OL-31334-01

show Commands

testabc

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

613

show Commands

show lag eth-port-hash

To display the physical port used for specific MAC addresses, use the show lag eth-port-hash command.
show lag eth-port-hash dest_MAC [source_MAC]

Syntax Description

Command Default

Command History

Examples

dest_MAC

MAC address to determine output port for non-IP

packets.

source_MAC

(Optional) MAC address to determine output port for

non-IP packets.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the physical port used for a specific MAC address:
(Cisco Controller) > show lag eth-port-hash 11:11:11:11:11:11

Destination MAC 11:11:11:11:11:11 currently maps to port 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

614

OL-31334-01

show Commands

show lag ip-port-hash

To display the physical port used for specific IP addresses, use the show lag ip-port-hash command.
show lag ip-port-hash dest_IP [source_IP]

Syntax Description

Command Default

Command History

Usage Guidelines

dest_IP

IP address to determine the output port for IP packets.

source_IP

(Optional) IP address to determine the output port for

IP packets.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6

addresses.

For CAPWAP packets, enter the IP address of the access points. For EOIP packets, enter the IP address of
the controller. For WIRED_GUEST packets, enter its IP address. For non tunneled IP packets from WLC,
enter the destination IP address. For other non tunneled IP packets, enter both destination and source IP
addresses.
This command is applicable for both IPv4 and IPv6 addresses.

Examples

The following example shows how to display the physical port used for a specific IP address:
(Cisco Controller) > show lag ip-port-hash 192.168.102.138

Destination IP 192.168.102.138 currently maps to port 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

615

show Commands

show lag summary

To display the current link aggregation (LAG) status, use the show lag summary command.
show lag summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the current status of the LAG configuration:
(Cisco Controller) > show lag summary

LAG Enabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

616

OL-31334-01

show Commands

show port
To display the Cisco wireless LAN controller port settings on an individual or global basis, use the show port
command.
show port {port | summary}

Syntax Description

Command Default

Command History

Examples

port

Information on the individual ports.

summary

Displays all ports.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display information about an individual wireless LAN controller port:
(Cisco Controller) > show port 1

STP
Admin
Physical
Physical
Link
Link
Mcast
Pr Type
Stat
Mode
Mode
Status
Status Trap
Appliance
POE
-- ------- ---- ------- ---------- ---------- ------ ------- --------------1 Normal Disa Enable Auto
1000 Full Down
Enable Enable
N/A

Note

Some WLAN controllers may not have multicast or Power over Ethernet (PoE) listed because they do not
support those features.
The following example shows how to display a summary of all ports:
(Cisco Controller) > show port summary

STP
Admin
Physical
Physical
Link
Link
Mcast
Pr Type
Stat
Mode
Mode
Status
Status Trap
Appliance
POE
SFPType
-- ------- ---- ------- ---------- ---------- ------ ------- --------------------1 Normal Forw Enable Auto
1000 Full Up
Enable Enable
N/A
NotPresent
2 Normal Disa Enable Auto
1000 Full Down
Enable Enable
N/A
NotPresent
3 Normal Disa Enable Auto
1000 Full Down
Enable Enable
N/A
NotPresent

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

617

show Commands

4 Normal Disa Enable

NotPresent

Note

Auto

1000 Full

Down

Enable

N/A

Some WLAN controllers may have only one port listed because they have only one physical port.

Cisco Wireless LAN Controller Command Reference, Release 8.0

618

OL-31334-01

show Commands

show serial
To display the serial (console) port configuration, use the show serial command.
show serial

Syntax Description

This command has no arguments or keywords.

Command Default

The default values for Baud rate, Character, Flow Control, Stop Bits, Parity type of the port configuration are
9600, 8, off, 1, none.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display EIA-232 parameters and the serial port inactivity timeout:
(Cisco Controller) > show serial

Serial Port Login Timeout (minutes).........

Baud Rate...................................
Character Size..............................
Flow Control:...............................
Stop Bits...................................
Parity Type:................................

45
9600
8
Disable
1
none

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

619

show Commands

show spanningtree port

To display the Cisco wireless LAN controller spanning tree port configuration, use the show spanningtree
port command.
show spanningtree port port

Syntax Description

port

Physical port number:

1 through 4 on Cisco 2100 Series Wireless LAN
Controller.
1 or 2 on Cisco 4402 Series Wireless LAN
Controller.
1 through 4 on Cisco 4404 Series Wireless LAN
Controller.

Command Default

Command History

Usage Guidelines

Note

Examples

The default SPT configuration output values are 800C, Disabled, 802.1D, 128, 100, Auto.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

When the a Cisco 4400 Series wireless LAN controller is configured for port redundancy, the Spanning Tree
Protocol (STP) must be disabled for all ports on the Cisco 4400 Series Wireless LAN Controller. STP can
remain enabled on the switch connected to the Cisco 4400 Series Wireless LAN Controller.

Some WLAN controllers do not support the spanning tree function.

The following example shows how to display spanning tree values on a per port basis:
(Cisco Controller) > show spanningtree port 3

STP
STP
STP
STP
STP
STP

Port
Port
Port
Port
Port
Port

ID.................................
State..............................
Administrative Mode................
Priority...........................
Path Cost..........................
Path Cost Mode.....................

800C
Disabled
802.1D
128
100
Auto

Cisco Wireless LAN Controller Command Reference, Release 8.0

620

OL-31334-01

show Commands

show spanningtree switch

To display the Cisco wireless LAN controller network (DS port) spanning tree configuration, use the show
spanningtree switch command.
show spanningtree switch

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Some WLAN controllers do not support the spanning tree function.

Examples

The following example shows how to display spanning tree values on a per switch basis:
(Cisco Controller) > show spanningtree switch

STP Specification......................
STP Base MAC Address...................
Spanning Tree Algorithm................
STP Bridge Priority....................
STP Bridge Max. Age (seconds)..........
STP Bridge Hello Time (seconds)........
STP Bridge Forward Delay (seconds).....

IEEE 802.1D
00:0B:85:02:0D:20
Disable
32768
20
2
15

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

621

show Commands

show stats port

To display physical port receive and transmit statistics, use the show stats port command.
show stats port {detailed port | summary port}

Syntax Description

detailed

Displays detailed port statistics.

summary

Displays port summary statistics.

port

Physical port number:

1 through 4 on Cisco 2100 Series Wireless LAN
Controllers.
1 or 2 on Cisco 4402 Series Wireless LAN
Controllers.
1 through 4 on Cisco 4404 Series Wireless LAN
Controllers.
1 on Cisco WLCM Series Wireless LAN
Controllers.

Command Default

Command History

Examples

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the port summary information:
(Cisco Controller) > show stats port summary

Packets Received Without Error.................

Packets Received With Error....................
Broadcast Packets Received.....................
Packets Transmitted Without Error..............
Transmit Packets Errors........................
Collisions Frames..............................
Time Since Counters Last Cleared...............

399958
0
8350
106060
0
0
2 day 11 hr 16 min 23 sec

The following example shows how to display the detailed port information:
(Cisco Controller) > show stats port detailed 1

PACKETS RECEIVED (OCTETS)

Cisco Wireless LAN Controller Command Reference, Release 8.0

622

OL-31334-01

show Commands

Total Bytes...................................... 267799881

64 byte pkts
:918281
65-127 byte pkts
:354016
128-255 byte pkts
:1283092
256-511 byte pkts
:8406
512-1023 byte pkts :3006
1024-1518 byte pkts :1184
1519-1530 byte pkts :0
> 1530 byte pkts
:2
PACKETS RECEIVED SUCCESSFULLY
Total............................................ 2567987
Unicast Pkts :2547844
Multicast Pkts:0
Broadcast Pkts:20143
PACKETS RECEIVED WITH MAC ERRORS
Total............................................ 0
Jabbers
:0
Undersize :0
Alignment :0
FCS Errors:0
Overruns :0
RECEIVED PACKETS NOT FORWARDED
Total............................................ 0
Local Traffic Frames:0
RX Pause Frames
:0
Unacceptable Frames :0
VLAN Membership
:0
VLAN Viable Discards:0
MulticastTree Viable:0
ReserveAddr Discards:0
CFI Discards
:0
Upstream Threshold :0
PACKETS TRANSMITTED (OCTETS)
Total Bytes...................................... 353831
64 byte pkts
:0
65-127 byte pkts
:0
128-255 byte pkts
:0
256-511 byte pkts
:0
512-1023 byte pkts :0
1024-1518 byte pkts :2
1519-1530 byte pkts :0
Max Info
:1522
PACKETS TRANSMITTED SUCCESSFULLY
Total............................................ 5875
Unicast Pkts :5868
Multicast Pkts:0
Broadcast Pkts:7
TRANSMIT ERRORS
Total Errors..................................... 0
FCS Error
:0
TX Oversized :0
Underrun Error:0
TRANSMIT DISCARDS
Total Discards................................... 0
Single Coll Frames :0
Multiple Coll Frames:0
Excessive Coll Frame:0
Port Membership
:0
VLAN Viable Discards:0
PROTOCOL STATISTICS
BPDUs Received
:6
BPDUs Transmitted
:0
802.3x RX PauseFrame:0
Time Since Counters Last Cleared............... 2 day 0 hr 39 min 59 sec

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

623

show Commands

show stats switch

To display the network (DS port) receive and transmit statistics, use the show stats switch command.
show stats switch {detailed | summary}

Syntax Description

Command Default

Command History

Examples

detailed

Displays detailed switch statistics.

summary

Displays switch summary statistics.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display switch summary statistics:

(Cisco Controller) > show stats switch summary

Packets Received Without Error.................

Broadcast Packets Received.....................
Packets Received With Error....................
Packets Transmitted Without Error..............
Broadcast Packets Transmitted..................
Transmit Packet Errors.........................
Address Entries Currently In Use...............
VLAN Entries Currently In Use..................
Time Since Counters Last Cleared...............

136410
18805
0
78002
3340
2
26
1
2 day 11 hr 22 min 17 sec

The following example shows how to display detailed switch statistics:

(Cisco Controller) > show stats switch detailed

RECEIVE
Octets...........................................
Total Pkts.......................................
Unicast Pkts.....................................
Multicast Pkts...................................
Broadcast Pkts...................................
Pkts Discarded...................................
TRANSMIT
Octets...........................................
Total Pkts.......................................
Unicast Pkts.....................................
Multicast Pkts...................................
Broadcast Pkts...................................
Pkts Discarded...................................

19351718
183468
180230
3219
19
0
354251
5882
5875
0
7
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

624

OL-31334-01

config Commands

ADDRESS ENTRIES
Most Ever Used...................................
Currently In Use.................................
VLAN ENTRIES
Maximum..........................................
Most Ever Used...................................
Static In Use....................................
Dynamic In Use...................................
VLANs Deleted....................................
Time Since Ctrs Last Cleared.....................
sec

1
1
128
1
1
0
0
2 day 0 hr 43 min 22

config Commands
This section lists the config commands to configure controller ports and interfaces.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

625

config Commands

config interface acl

To configure access control list of an interface, use the config interface acl command.
config interface acl {ap-manager | management | interface_name} {ACL | none}

Syntax Description

Command Default

Command History

ap-manager

Configures the access point manager interface.

management

Configures the management interface.

interface_name

Interface name.

ACL

ACL name up to 32 alphanumeric characters.

none

Specifies none.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

For a Cisco 2100 Series Wireless LAN Controller, you must configure a preauthentication ACL on the wireless
LAN for the external web server. This ACL should then be set as a wireless LAN preauthentication ACL
under Web Policy. However, you do not need to configure any preauthentication ACL for Cisco 4400 Series
Wireless LAN Controllers.

Examples

The following example shows how to configure an access control list with a value None:
(Cisco Controller) > config interface acl management none

Cisco Wireless LAN Controller Command Reference, Release 8.0

626

OL-31334-01

config Commands

config interface address

To configure address information for an interface, use the config interface address command.
config interface address {ap-manager IP_address netmask gateway | management IP_address netmask
gateway | service-port IP_address netmask | virtual IP_address | dynamic-interface IP_address
dynamic_interface netmask gateway | redundancy-management IP_address peer-redundancy-management
IP_address }

Syntax Description

Command Default

Command History

Usage Guidelines

ap-manager

Specifies the access point manager interface.

IP_address

IP address IPv4 only.

netmask

Network mask.

gateway

IP address of the gateway.

management

Specifies the management interface.

service-port

Specifies the out-of-band service port interface.

virtual

Specifies the virtual gateway interface.

interface-name

Specifies the interface identified by the interface-name

parameter.

interface-name

Interface name.

redundancy-management

Configures redundancy management interface IP

address.

peer-redundancy-management

Configures the peer redundancy management interface

IP address.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

For Cisco 5500 Series Controllers, you are not required to configure an AP-manager interface. The management
interface acts like an AP-manager interface by default.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

627

config Commands

This command is applicable for IPv4 addresses only.

Usage Guidelines

Ensure that the management interfaces of both controllers are in the same subnet. Ensure that the Redundant
Management IP address for both controllers is the same. Likewise, ensure that the Peer Redundant Management
IP address for both the controllers is the same.

Examples

The following example shows how to configure an access point manager interface with IP address
209.165.201.31, network mask 255.255.0.0, and gateway address 209.165.201.30:
(Cisco Controller) > config interface address ap-manager 209.165.201.31 255.255.0.0
209.165.201.30

The following example shows how to configure a redundancy management interface on the controller:
(Cisco Controller) > config interface address redundancy-management 209.4.120.5
peer-redundancy-management 209.4.120.6

The following example shows how to configure a virtual interface:

(Cisco Controller) > config interface address virtual 1.1.1.1

Related Commands

show interface

Cisco Wireless LAN Controller Command Reference, Release 8.0

628

OL-31334-01

config Commands

config interface address redundancy-management

To configure the management interface IP address, subnet and gateway of the controller, use the config
interface address redundancy-management command.
config interface address redundancy-management IP_address netmask gateway

Syntax Description

Command Default

Command History

IP_address

Management interface IP address of the active

controller.

netmask

Network mask.

gateway

IP address of the gateway.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

You can use this command to check the Active-Standby reachability when the keep-alive fails.

Examples

The following example shows how to configure the management IP addresses of the controller:
(Cisco Controller) > config interface address redundancy-management 209.165.201.31 255.255.0.0
209.165.201.30

Related Commands

config redundancy mobilitymac

config redundancy interface address peer-service-port
config redundancy peer-route
config redundancy unit
config redundancy timer
show redundancy timers
show redundancy summary
debug rmgr
debug rsyncmgr

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

629

config Commands

config interface ap-manager

To enable or disable access point manager features on the management or dynamic interface, use the config
interface ap-manager command.
config interface ap-manager {management | interface_name} {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

management

Specifies the management interface.

interface_name

Dynamic interface name.

enable

Enables access point manager features on a dynamic

interface.

disable

Disables access point manager features on a dynamic

interface.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Use the management option to enable or disable dynamic AP management for the management interface.
For Cisco 5500 Series Controllers, the management interface acts like an AP-manager interface by default.
If desired, you can disable the management interface as an AP-manager interface and create another dynamic
interface as an AP manager.
When you enable this feature for a dynamic interface, the dynamic interface is configured as an AP-manager
interface (only one AP-manager interface is allowed per physical port). A dynamic interface that is marked
as an AP-manager interface cannot be used as a WLAN interface.

Examples

The following example shows how to disable an access point manager myinterface:
(Cisco Controller) > config interface ap-manager myinterface disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

630

OL-31334-01

config Commands

config interface create

To create a dynamic interface (VLAN) for wired guest user access, use the config interface create command.
config interface create interface_name vlan-id

Syntax Description

Command Default

Command History

Examples

interface_name

Interface name.

vlan-id

VLAN identifier.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to create a dynamic interface with the interface named lab2 and VLAN
ID 6:
(Cisco Controller) > config interface create lab2 6

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

631

config Commands

config interface delete

To delete a dynamic interface, use the config interface delete command.
config interface delete interface-name

Syntax Description

Command Default

Command History

Examples

interface-name

interface-nameInterface name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to delete a dynamic interface named VLAN501:
(Cisco Controller) > config interface delete VLAN501

Cisco Wireless LAN Controller Command Reference, Release 8.0

632

OL-31334-01

config Commands

config interface dhcp

To configure DHCP options on an interface, use the config interface dhcp command.
config interface dhcp {ap-manager {primary dhcp_server secondary dhcp_server | option-82 {enable
| disable}} | management {primary dhcp_server secondary dhcp_server | option-82 {enable | disable
|linksel {enable | disable | relaysrc} interface-name | vpnsel {enable | disable | vrfname vrf-name | vpnid
vpn-id } } | service-port {enable | disable} | dynamic-interface interface_name {primary dhcp_server
secondary dhcp_server | option-82 {enable | disable | linksel {enable | disable | relaysrc} | vpnsel {enable
| disable | vrfname vrf-name | vpnid vpn-id } | proxy-mode {enable | disable | global}}}

Syntax Description

ap-manager

Configures the access point manager interface.

primary

(Optional) Specifies the primary DHCP server.

dhcp_server

IP address of the server.

secondary

(Optional) Specifies the secondary DHCP server.

option-82

(Optional) Configures DHCP Option 82 on the

interface.

enable

(Optional) Enables the feature.

disable

(Optional) Disables the feature.

management

Configures the management interface.

service-port

Specifies the DHCP for the out-of-band service port.

dynamic-interface

Specifies the interface and the primary DHCP server.

Optionally, you can also enter the address of the
alternate DHCP server.

name

Specifies the interface name

Command Default

Command History

Usage Guidelines

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

The new keywords linksel and vpnsel are added.

8.0

This command supports only IPv6.

This command is applicable for IPv4 addresses only.

DHCP proxy is not supported for IPv6 and it works in disabled mode.

Examples

The following example shows how to configure ap-manager server with the primary DHCP server 10.21.15.01
and secondary DHCP server 10.21.15.25:
(Cisco Controller) > config interface dhcp ap-manager server-1 10.21.15.01 server-2
10.21.15.25

The following example shows how to configure DHCP option 82 on the ap-manager:
(Cisco Controller) > config interface dhcp ap-manager option-82 enable

The following example shows how to enable the DHCP for the out-of-band service port:
(Cisco Controller) > config interface dhcp service-port enable

Related Commands

config dhcp
config dhcp proxy
config interface dhcp
config wlan dhcp_server
debug dhcp
debug dhcp service-port
debug disable-all
show dhcp
show dhcp proxy
show interface

Cisco Wireless LAN Controller Command Reference, Release 8.0

634

OL-31334-01

config Commands

config interface dhcp

Configure DHCP Option 82 insertion in Bridge mode on either management interface or dynamic interface
by entering the config interface dhcp command:
config interface dhcp {management | dynamic-interface dynamic-interface-name} option-82
bridge-mode-insertion {enable | disable}

Syntax Description

Command Default

Command History

management

Management interface

dynamic-interface

Dynamic interface

dynamic-interface-name

Dynamic interface name

option-82

DHCP Option 82 on the interface

bridge-mode-insertion

To configure Bridge mode insertion

DHCP option 82 insertion in Bridge mode is disabled.

Release

Modification

8.0

The Bridge mode insertion parameter was introduced in this release.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

635

config Commands

config interface address

To configure interface addresses, use the config interface address command.
config interface address {dynamic-interface dynamic_interface netmask gateway | management |
redundancy-management IP_address peer-redundancy-management | service-port netmask | virtual}
IP_address

Syntax Description

Command Default

Command History

Usage Guidelines

dynamic-interface

Configures the dynamic interface of the controller.

dynamic_interface

Dynamic interface of the controller.

IP_address

IP address of the interface.

netmask

Netmask of the interface.

gateway

Gateway of the interface.

management

Configures the management interface IP address.

redundancy-management

Configures redundancy management interface IP

address.

peer-redundancy-management

Configures the peer redundancy management interface

IP address.

service-port

Configures the out-of-band service port.

virtual

Configures the virtual gateway interface.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Ensure that the management interfaces of both controllers are in the same subnet. Ensure that the redundant
management IP address for both controllers is the same and that the peer redundant management IP address
for both the controllers is the same.

Cisco Wireless LAN Controller Command Reference, Release 8.0

636

OL-31334-01

config Commands

Examples

The following example shows how to configure a redundancy management interface on the controller:
(Cisco Controller) >config interface address redundancy-management 209.4.120.5
peer-redundancy-management 209.4.120.6

The following example shows how to configure a virtual interface:

(Cisco Controller) > config interface address virtual 1.1.1.1

Related Commands

show interface group summary

show interface summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

637

config Commands

config interface guest-lan

To enable or disable the guest LAN VLAN, use the config interface guest-lan command.
config interface guest-lan interface_name {enable | disable}

Syntax Description

Command Default

Command History

Examples

interface_name

Interface name.

enable

Enables the guest LAN.

disable

Disables the guest LAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the guest LAN feature on the interface named myinterface:
(Cisco Controller) > config interface guest-lan myinterface enable

Related Commands

config guest-lan create

Cisco Wireless LAN Controller Command Reference, Release 8.0

638

OL-31334-01

config Commands

config interface hostname

To configure the Domain Name System (DNS) hostname of the virtual gateway interface, use the config
interface hostname command.
config interface hostname virtual DNS_host

Syntax Description

virtual

Specifies the virtual gateway interface to use the

specified virtual address of the fully qualified DNS
name.
The virtual gateway IP address is any fictitious,
unassigned IP address, such as 1.1.1.1, to be used by
Layer 3 security and mobility managers.

DNS_host

Command Default

Command History

Examples

DNS hostname.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure virtual gateway interface to use the specified virtual address
of the fully qualified DNS hostname DNS_Host:
(Cisco Controller) > config interface hostname virtual DNS_Host

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

639

config Commands

config interface nasid

To configure the Network Access Server identifier (NAS-ID) for the interface, use the config interface nasid
command.
config interface nasid {NAS-ID | none} interface_name

Syntax Description

NAS-ID

Network Access Server identifier (NAS-ID) for the

interface. The NAS-ID is sent to the RADIUS server
by the controller (as a RADIUS client) using the
authentication request, which is used to classify users
to different groups. You can enter up to 32
alphanumeric characters.
Beginning in Release 7.4 and later releases, you can
configure the NAS-ID on the interface, WLAN, or an
access point group. The order of priority is AP group
NAS-ID > WLAN NAS-ID > Interface NAS-ID.

Command Default

Command History

none

Configures the controller system name as the NAS-ID.

interface_name

Interface name up to 32 alphanumeric characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

The NAS-ID configured on the controller for AP group or WLAN or interface is used for authentication. The
NAS-ID is not propagated across controllers.

Examples

The following example shows how to configure the NAS-ID for the interface:
(Cisco Controller) > config interface nasid

Related Commands

config wlan nasid

config wlan apgroup

Cisco Wireless LAN Controller Command Reference, Release 8.0

640

OL-31334-01

config Commands

config interface nat-address

To deploy your Cisco 5500 Series Controller behind a router or other gateway device that is using one-to-one
mapping network address translation (NAT), use the config interface nat-address command.
config interface nat-address {management | dynamic-interface interface_name} {{enable | disable} | {set
public_IP_address}}

Syntax Description

Command Default

Command History

Usage Guidelines

management

Specifies the management interface.

dynamic-interface interface_name

Specifies the dynamic interface name.

enable

Enables one-to-one mapping NAT on the interface.

disable

Disables one-to-one mapping NAT on the interface.

public_IP_address

External NAT IP address.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

These NAT commands can be used only on Cisco 5500 Series Controllers and only if the management interface
is configured for dynamic AP management.
These commands are supported for use only with one-to-one-mapping NAT, where each private client has a
direct and fixed mapping to a global address. They do not support one-to-many NAT, which uses source port
mapping to enable a group of clients to be represented by a single IP address.

Examples

The following example shows how to enable one-to-one mapping NAT on the management interface:
(Cisco Controller) > config interface nat-address management enable

The following example shows how to set the external NAP IP address 10.10.10.10 on the management
interface:
(Cisco Controller) > config interface nat-address management set 10.10.10.10

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

641

config Commands

config interface port

To map a physical port to the interface (if a link aggregation trunk is not configured), use the config interface
port command.
config interface port {management | interface_name | redundancy-management} primary_port
[secondary_port]

Syntax Description

Command Default

Command History

management

Specifies the management interface.

interface_name

Interface name.

redundancy-management

Specifies the redundancy management interface.

primary_port

Primary physical port number.

secondary_port

(Optional) Secondary physical port number.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

You can use the management option for all controllers except the Cisco 5500 Series Controllers.

Examples

The following example shows how to configure the primary port number of the LAb02 interface to 3:
(Cisco Controller) > config interface port lab02 3

Cisco Wireless LAN Controller Command Reference, Release 8.0

642

OL-31334-01

config Commands

config interface quarantine vlan

To configure a quarantine VLAN on any dynamic interface, use the config interface quarantine vlan
command.
config interface quarantine vlan interface-name vlan_id

Syntax Description

interface-name

Interfaces name.

vlan_id

VLAN identifier.
Note

Command Default

Command History

Examples

Enter 0 to disable quarantine

processing.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a quarantine VLAN on the quarantine interface with the
VLAN ID 10:
(Cisco Controller) > config interface quarantine vlan quarantine 10

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

643

config Commands

config interface vlan

To configure an interface VLAN identifier, use the config interface vlan command.
config interface vlan {ap-manager | management | interface-name | redundancy-management} vlan

Syntax Description

Command Default

Command History

ap-manager

Configures the access point manager interface.

management

Configures the management interface.

interface_name

Interface name.

vlan

VLAN identifier.

redundancy-management

Specifies the redundancy management interface.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

You cannot change the redundancy management VLAN when the system redundancy management interface
is mapped to the redundancy port. You must configure the redundancy management port first.

Examples

The following example shows how to configure VLAN ID 10 on the management interface:
(Cisco Controller) > config interface vlan management 10

Cisco Wireless LAN Controller Command Reference, Release 8.0

644

OL-31334-01

config Commands

config interface group mdns-profile

To configure an mDNS (multicast DNS) profile for an interface group, use the config interface group
mdns-profile command.
config interface group mdns-profile {all | interface-group-name} {profile-name | none}

Syntax Description

Command Default

Command History

all

Configures an mDNS profile for all interface groups.

interface-group-name

Name of the interface group to which the mDNS profile has to be associated.
The interface group name can be up to 32 case-sensitive, alphanumeric
characters.

profile-name

Name of the mDNS profile.

none

Removes all existing mDNS profiles from the interface group. You cannot
configure mDNS profiles on the interface group.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

If the mDNS profile is associated to a WLAN, an error appears.

Examples

The following example shows how to configure an mDNS profile for an interface group floor1:
(Cisco Controller) > config interface group mdns-profile floor1 profile1

Related Commands

config mdns query interval

config mdns service
config mdns snooping
config interface mdns-profile
config mdns profile
config wlan mdns
show mdns profile
show mnds service

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

645

config Commands

clear mdns service-database

debug mdns all
debug mdns error
debug mdns detail
debug mdns message

Cisco Wireless LAN Controller Command Reference, Release 8.0

646

OL-31334-01

config Commands

config interface mdns-profile

To configure an mDNS (multicast DNS) profile for an interface, use the config interface mdns-profile
command.
config interface mdns-profile {management | all interface-name} {profile-name | none}

Syntax Description

Command Default

Command History

management

Configures an mDNS profile for the management interface.

all

Configures an mDNS profile for all interfaces.

interface-name

Name of the interface on which the mDNS profile has to be configured. The
interface name can be up to 32 case-sensitive, alphanumeric characters.

profile-name

Name of the mDNS profile.

none

Removes all existing mDNS profiles from the interface. You cannot configure
mDNS profiles on the interface.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

If the mDNS profile is associated to a WLAN, an error appears.

Examples

The following example shows how to configure an mDNS profile for an interface lab1:
(Cisco Controller) > config interface mdns-profile lab1 profile1

Related Commands

config mdns query interval

config mdns service
config mdns snooping
config mdns profile
config interface group mdns-profile
config wlan mdns
show mdns profile
show mnds service

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

647

config Commands

clear mdns service-database

debug mdns all
debug mdns error
debug mdns detail
debug mdns message

Cisco Wireless LAN Controller Command Reference, Release 8.0

648

OL-31334-01

config Commands

config lag
To enable or disable link aggregation (LAG), use the config lag command.
config lag {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the link aggregation (LAG) settings.

disable

Disables the link aggregation (LAG) settings.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable LAG settings:

(Cisco Controller) > config lag enable

Enabling LAG will map your current interfaces setting to LAG interface,
All dynamic AP Manager interfaces and Untagged interfaces will be deleted
All WLANs will be disabled and mapped to Mgmt interface
Are you sure you want to continue? (y/n)
You must now reboot for the settings to take effect.
The following example shows how to disable LAG settings:
(Cisco Controller) > config lag disable

Disabling LAG will map all existing interfaces to port 1.

Are you sure you want to continue? (y/n)
You must now reboot for the settings to take effect.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

649

config Commands

config macfilter add/delete

To create or delete a MAC filter entry on the Cisco wireless LAN controller, use the config macfilter {add
|delete}command.
config macfilter {add client_MAC wlan_id [interface_name] [description] [macfilter_IP] | delete client_MAC}

Syntax Description

add

Adds a MAC filter entry on the controller.

MAC_addr

Client MAC address.

wlan_id

Wireless LAN identifier with which the MAC filter

entry should associate. A zero value associates the
entry with any wireless LAN.

interface_name

(Optional) Name of the interface. Enter 0 to specify

no interface.

description

(Optional) Short description of the interface (up to 32

characters) in double quotes.
Note

IP Address

Command Default

Command History

Usage Guidelines

A description is mandatory if macfilterIP is

specified.

(Optional) IPv4 address of the local MAC filter

database.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports only IPv4.

Use the config macfilter add command to add a client locally to a wireless LAN on the Cisco wireless LAN
controller. This filter bypasses the RADIUS authentication process.
As on release 7.6, the optional macfilter_IP supports only IPv4 address.

Examples

The following example shows how to add a MAC filter entry 00:E0:77:31:A3:55 with the wireless LAN ID
1, interface name labconnect, and MAC filter IP 10.92.125.51 on the controller:
(Cisco Controller) > config macfilter add 00:E0:77:31:A3:55 1 lab02 labconnect 10.92.125.51

Cisco Wireless LAN Controller Command Reference, Release 8.0

650

OL-31334-01

config Commands

Related Commands

show macfilter
config macfilter ip-address

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

651

config Commands

config macfilter description

To add a description to a MAC filter, use the config macfilter description command.
config macfilter description MAC addrdescription

Syntax Description

Command Default

Command History

Examples

MAC addr

Client MAC address.

description

(Optional) Description within double quotes (up to

32 characters).

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the description MAC filter 01 to MAC address
11:11:11:11:11:11:
(Cisco Controller) > config macfilter description 11:11:11:11:11:11 MAC Filter 01

Related Commands

show macfilter

Cisco Wireless LAN Controller Command Reference, Release 8.0

652

OL-31334-01

config Commands

config macfilter interface

To create a MAC filter client interface, use the config macfilter interface command.
config macfilter interface MAC_addr interface

Syntax Description

Command Default

Command History

Examples

MAC addr

Client MAC address.

interface

Interface name. A value of zero is equivalent to no

name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a MAC filer interface Lab01 on client 11:11:11:11:11:11:
(Cisco Controller) > config macfilter interface 11:11:11:11:11:11 Lab01

Related Commands

show macfilter

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

653

config Commands

config macfilter ip-address

To enter passive client IP address , use the config macfilter ip-address command.
config macfilterip-address MAC_addr IP Address

Syntax Description

Command Default

Command History

Examples

MAC_addr

MAC address of the client.

IP Address

Adds an IP address for passive clients.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports only IPv4.

The following example shows how to add an IP address for a passive client:
(Cisco Controller) > config macfilter ip-address aa-bb-cc-dd-ee-ff 10.92.125.51

Related Commands

show macfilter

Cisco Wireless LAN Controller Command Reference, Release 8.0

654

OL-31334-01

config Commands

config macfilter mac-delimiter

To set the MAC delimiter (colon, hyphen, none, and single-hyphen) for MAC addresses sent to RADIUS
servers, use the config macfilter mac-delimiter command.
config macfilter mac-delimiter {none | colon | hyphen | single-hyphen}

Syntax Description

Command Default

Command History

Examples

none

Disables the delimiters (for example, xxxxxxxxxx).

colon

Sets the delimiter to a colon (for example,

xx:xx:xx:xx:xx:xx).

hyphen

Sets the delimiter to a hyphen (for example,

xx-xx-xx-xx-xx-xx).

single-hyphen

Sets the delimiter to a single hyphen (for example,

xxxxxx-xxxxxx).

The default delimiter is hyphen.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to have the operating system send MAC addresses to the RADIUS server
in the form aa:bb:cc:dd:ee:ff:
(Cisco Controller) > config macfilter mac-delimiter colon

The following example shows how to have the operating system send MAC addresses to the RADIUS server
in the form aa-bb-cc-dd-ee-ff:
(Cisco Controller) > config macfilter mac-delimiter hyphen

The following example shows how to have the operating system send MAC addresses to the RADIUS server
in the form aabbccddeeff:
(Cisco Controller) > config macfilter mac-delimiter none

Related Commands

show macfilter

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

655

config Commands

config macfilter radius-compat

To configure the Cisco wireless LAN controller for compatibility with selected RADIUS servers, use the
config macfilter radius-compat command.
config macfilter radius-compat {cisco | free | other}

Syntax Description

Command Default

Command History

Examples

cisco

Configures the Cisco ACS compatibility mode

(password is the MAC address of the server).

free

Configures the Free RADIUS server compatibility

mode (password is secret).

other

Configures for other server behaviors (no password

is necessary).

Other

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports only IPv4.

The following example shows how to configure the Cisco ACS compatibility mode to other:
(Cisco Controller) > config macfilter radius-compat other

Related Commands

show macfilter

Cisco Wireless LAN Controller Command Reference, Release 8.0

656

OL-31334-01

config Commands

config macfilter wlan-id

To modify a wireless LAN ID for a MAC filter, use the config macfilter wlan-id command.
config macfilter wlan-id MAC_addr WLAN_id

Syntax Description

Command Default

Command History

Examples

MAC addr

Client MAC address.

WLAN_id

Wireless LAN identifier to associate with. A value of

zero is not allowed.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to modify client wireless LAN ID 2 for a MAC filter 11:11:11:11:11:11:
(Cisco Controller) > config macfilter wlan-id 11:11:11:11:11:11 2

Related Commands

show macfilter
show wlan

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

657

config Commands

config port adminmode

To enable or disable the administrative mode for a specific controller port or for all ports, use the config port
adminmode command.
config port adminmode {all | port} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures all ports.

port

Number of the port.

enable

Enables the specified ports.

disable

Disables the specified ports.

Enabled

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to disable port 8:

(Cisco Controller) > config port adminmode 8 disable

The following example shows how to enable all ports:

(Cisco Controller) > config port adminmode all enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

658

OL-31334-01

config Commands

config port autoneg

To configure 10/100BASE-T Ethernet ports for physical port autonegotiation, use the config port autoneg
command.
config port autoneg {all | port} {enable | disable}

Syntax Description

Command Default

Command History

all

Configures all ports.

port

Number of the port.

enable

Enables the specified ports.

disable

Disables the specified ports.

The default for all ports is that auto-negotiation is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

You must disable port auto-configuration before you make physical mode manual settings by using the config
port physicalmode command. The config port autoneg command overrides settings that you made using
the config port physicalmode command.

Examples

The following example shows how to turn on physical port autonegotiation for all front-panel Ethernet ports:
(Cisco Controller) > config port autoneg all enable

The following example shows how to disable physical port autonegotiation for front-panel Ethernet port 19:
(Cisco Controller) > config port autoneg 19 disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

659

config Commands

config port linktrap

To enable or disable the up and down link traps for a specific controller port or for all ports, use the config
port linktrap command.
config port linktrap {all | port} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures all ports.

port

Number of the port.

enable

Enables the specified ports.

disable

Disables the specified ports.

The default value for down link traps for a specific controller port or for all ports is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to disable port 8 traps:

(Cisco Controller) > config port linktrap 8 disable

The following example shows how to enable all port traps:

(Cisco Controller) > config port linktrap all enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

660

OL-31334-01

config Commands

config port multicast appliance

To enable or disable the multicast appliance service for a specific controller port or for all ports, use the config
port multicast appliance commands.
config port multicast appliance {all | port} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures all ports.

port

Number of the port.

enable

Enables the specified ports.

disable

Disables the specified ports.

The default multicast appliance service for a specific controller port or for all ports is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable multicast appliance service on all ports:
(Cisco Controller) > config port multicast appliance all enable

The following example shows how to disable multicast appliance service on port 8:
(Cisco Controller) > config port multicast appliance 8 disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

661

config Commands

config port power

To enable or disable Power over Ethernet (PoE) for a specific controller port or for all ports, use the config
port power command.
config port power {all | port} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures all ports.

port

Port number.

enable

Enables the specified ports.

disable

Disables the specified ports.

Enabled

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable PoE on all ports:

(Cisco Controller) > config port power all enable

The following example shows how to disable PoE on port 8:

(Cisco Controller) > config port power 8 disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

662

OL-31334-01

config Commands

config route add

To configure a network route from the service port to a dedicated workstation IP address range, use the config
route add command.
config route add ip_address netmask gateway

Syntax Description

ip_address

Network IP address.

netmask

Subnet mask for the network.

gateway

IP address of the gateway for the route network.

Command Default

None

Usage Guidelines

As on release 7.6, IP_address supports only IPv4 addresses.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.
This command supports only IPv4 address format.

The following example shows how to configure a network route to a dedicated workstation IP address 10.1.1.0,
subnet mask 255.255.255.0, and gateway 10.1.1.1:
(Cisco Controller) > config route add 10.1.1.0 255.255.255.0 10.1.1.1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

663

config Commands

config route delete

To remove a network route from the service port, use the config route delete command.
config route delete ip_address

Syntax Description

ip_address

Network IP address.

Command Default

None

Usage Guidelines

As on release 7.6, IP_address supports only IPv4 addresses.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports only IPv6 address format.

The following example shows how to delete a route from the network IP address 10.1.1.0:
(Cisco Controller) > config route delete 10.1.1.0

Cisco Wireless LAN Controller Command Reference, Release 8.0

664

OL-31334-01

config Commands

config serial baudrate

To set the serial port baud rate, use the config serial baudrate command.
config serial baudrate {1200 | 2400 | 4800 | 9600 | 19200 | 38400 | 57600}

Syntax Description

Command Default

Command History

Examples

1200

Specifies the supported connection speeds to 1200.

2400

Specifies the supported connection speeds to 2400.

4800

Specifies the supported connection speeds to 4800.

9600

Specifies the supported connection speeds to 9600.

19200

Specifies the supported connection speeds to 19200.

38400

Specifies the supported connection speeds to 38400.

57600

Specifies the supported connection speeds to 57600.

The default serial port baud rate is 9600.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a serial baud rate with the default connection speed of 9600:
(Cisco Controller) > config serial baudrate 9600

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

665

config Commands

config serial timeout

To set the timeout of a serial port session, use the config serial timeout command.
config serial timeout minutes

Syntax Description

Command Default

Command History

minutes

Timeout in minutes from 0 to 160. A value of 0

indicates no timeout.

0 (no timeout)

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Use this command to set the timeout for a serial connection to the front of the Cisco wireless LAN controller
from 0 to 160 minutes where 0 is no timeout.

Examples

The following example shows how to configure the timeout of a serial port session to 10 minutes:
(Cisco Controller) > config serial timeout 10

Cisco Wireless LAN Controller Command Reference, Release 8.0

666

OL-31334-01

config Commands

config spanningtree port mode

To turn fast or 802.1D Spanning Tree Protocol (STP) on or off for one or all Cisco wireless LAN controller
ports, use the config spanningtree port mode command.
config spanningtree port mode {off | 802.1d | fast} {port | all}

Syntax Description

Command Default

Command History

Usage Guidelines

off

Disables STP for the specified ports.

802.1d

Specifies a supported port mode as 802.1D.

fast

Specifies a supported port mode as fast.

port

Port number (1 through 12 or 1 through 24).

all

Configures all ports.

The default is that port STP is off.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

When the Cisco 4400 Series Wireless LAN Controller is configured for port redundancy, STP must be disabled
for all ports on the controller. STP can remain enabled on the switch connected to the controller.
Entering this command allows the controller to set up STP, detect logical network loops, place redundant
ports on standby, and build a network with the most efficient pathways.

Examples

The following example shows how to disable STP for all Ethernet ports:
(Cisco Controller) > config spanningtree port mode off all

The following example shows how to turn on STP 802.1D mode for Ethernet port 24:
(Cisco Controller) > config spanningtree port mode 802.1d 24

The following example shows how to turn on fast STP mode for Ethernet port 2:
(Cisco Controller) > config spanningtree port mode fast 2

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

667

config Commands

config spanningtree port pathcost

To set the Spanning Tree Protocol (STP) path cost for an Ethernet port, use the config spanningtree port
pathcost command.
config spanningtree port pathcost {cost | auto} {port | all}

Syntax Description

Command Default

Command History

cost

Cost in decimal as determined by the network planner.

auto

Specifies the default cost.

port

Port number (1 through 12 or 1 through 24), or all to

configure all ports.

all

Specifies to configure all ports.

The default STP path cost for an Ethernet port is auto.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

When the Cisco 4400 Series Wireless LAN Controller is configured for port redundancy, STP must be disabled
for all ports on the controller. STP can remain enabled on the switch that is connected to the controller.

Examples

The following example shows how to have the STP algorithm automatically assign a path cost for all ports:
(Cisco Controller) > config spanningtree port pathcost auto all

The following example shows how to have the STP algorithm use a port cost of 200 for port 22:
(Cisco Controller) > config spanningtree port pathcost 200 22

Cisco Wireless LAN Controller Command Reference, Release 8.0

668

OL-31334-01

config Commands

config spanningtree port priority

To configure the Spanning Tree Protocol (STP) port priority, use the config spanningtree port priority
command.
config spanningtree port priority priority_num port

Syntax Description

Command Default

Command History

priority_num

Priority number from 0 to 255.

port

Port number (1 through 12 or 1 through 24).

The default STP priority value is 128.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Examples

The following example shows how to set Ethernet port 2 to STP priority 100:
(Cisco Controller) > config spanningtree port priority 100 2

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

669

config Commands

config spanningtree switch bridgepriority

To set the bridge ID, use the config spanningtree switch bridgepriority command.
config spanningtree switch bridgepriority priority_num

Syntax Description

Command Default

Command History

priority_num

Priority number between 0 and 65535.

The default priority number value to set the bridge ID is 32768.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines
Note

When the Cisco 4400 Series Wireless LAN Controller is configured for port redundancy, STP must be
disabled for all ports on the controller. STP can remain enabled on the switch connected to the controller.
The value of the writable portion of the Bridge ID, that is, the first two octets of the (8 octet long) Bridge ID.
The other (last) 6 octets of the Bridge ID are given by the value of Bridge MAC address. The value may be
specified as a number between 0 and 65535.

Examples

The following example shows how to configure spanning tree values on a per switch basis with the bridge
priority 40230:
(Cisco Controller) > config spanningtree switch bridgepriority 40230

Cisco Wireless LAN Controller Command Reference, Release 8.0

670

OL-31334-01

config Commands

config spanningtree switch forwarddelay

To set the bridge timeout, use the config spanningtree switch forwarddelay command.
config spanningtree switch forwarddelay seconds

Syntax Description

Command Default

Command History

seconds

Timeout in seconds (between 4 and 30).

The default value to set a bridge timeout is 15 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

The value that all bridges use for forward delay when this bridge is acting as the root. 802.1D-1990 specifies
that the range for this setting is related to the value of the STP bridge maximum age. The granularity of this
timer is specified by 802.1D-1990 to be 1 second. An agent may return a badValue error if a set is attempted
to a value that is not a whole number of seconds. The default is 15. Valid values are 4 through 30 seconds.

Examples

The following example shows how to configure spanning tree values on a per switch basis with the bridge
timeout as 20 seconds:
(Cisco Controller) > config spanningtree switch forwarddelay 20

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

671

config Commands

config spanningtree switch hellotime

To set the hello time, use the config spanningtree switch hellotime command.
config spanningtree switch hellotime seconds

Syntax Description

Command Default

Command History

seconds

STP hello time in seconds.

The default hello time value is 15.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

All bridges use this value for HelloTime when this bridge is acting as the root. The granularity of this timer
is specified by 802.1D- 1990 to be 1 second. Valid values are 1 through 10 seconds.

Examples

The following example shows how to configure the STP hello time to 4 seconds:
(Cisco Controller) > config spanningtree switch hellotime 4

Related Commands

show spanningtree switch

show spanningtree switch bridgepriority
config spanningtree switch forwarddelay
config spanningtree switch maxage
config spanningtree switch mode

Cisco Wireless LAN Controller Command Reference, Release 8.0

672

OL-31334-01

config Commands

config spanningtree switch maxage

To set the maximum age, use the config spanningtree switch maxage command.
config spanningtree switch maxage seconds

Syntax Description

Command Default

Command History

seconds

STP bridge maximum age in seconds.

The default value for maximum age is 20.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

All bridges use this value for MaxAge when this bridge is acting as the root. 802.1D-1990 specifies that the
range for this parameter is related to the value of Stp Bridge Hello Time. The granularity of this timer is
specified by 802.1D-1990 to be 1 second. Valid values are 6 through 40 seconds.

Examples

The following example shows how to configure the STP bridge maximum age to 30 seconds:
(Cisco Controller) > config spanningtree switch maxage 30

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

673

config Commands

config spanningtree switch mode

To turn the Cisco wireless LAN controller Spanning Tree Protocol (STP) on or off, use the config spanningtree
switch mode command.
config spanningtree switch mode {enable | disable}

Syntax Description

Command Default

Command History

enable

Enables STP on the switch.

disable

Disables STP on the switch.

The default is that STP is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Using this command allows the controller to set up STP, detect logical network loops, place redundant ports
on standby, and build a network with the most efficient pathways.

Examples

The following example shows how to support STP on all Cisco wireless LAN controller ports:
(Cisco Controller) > config spanningtree switch mode enable

clear Commands
This section lists the clear commands to clear the configurations on the controller ports and interfaces.

Cisco Wireless LAN Controller Command Reference, Release 8.0

674

OL-31334-01

config Commands

clear stats port

To clear statistics counters for a specific port, use the clear stats port command.
clear stats port port

Syntax Description

port

Command Default

None

Command History

Examples

Physical interface port number.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear the statistics counters for port 9:
(Cisco Controller) > clear stats port 9

Related Commands

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

675

config Commands

Cisco Wireless LAN Controller Command Reference, Release 8.0

676

OL-31334-01

PART

III

VideoStream Commands
CLI Commands, page 679

show Commands
This section lists the show commands to display information about your VideoStream configuration settings.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

679

show Commands

show 802.11
To display basic 802.11a, 802.11b/g, or 802.11h network settings, use the show 802.11 command.
show 802.11{a | b | h}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

Specifies the 802.11h network.

Command Default

None.

Examples

This example shows to display basic 802.11a network settings:

> show 802.11a
802.11a Network..................................
11nSupport.......................................
802.11a Low Band...........................
802.11a Mid Band...........................
802.11a High Band..........................
802.11a Operational Rates
802.11a 6M Rate..............................
802.11a 9M Rate..............................
802.11a 12M Rate.............................
802.11a 18M Rate.............................
802.11a 24M Rate.............................
802.11a 36M Rate.............................
802.11a 48M Rate.............................
802.11a 54M Rate.............................
802.11n MCS Settings:
MCS 0........................................
MCS 1........................................
MCS 2........................................
MCS 3........................................
MCS 4........................................
MCS 5........................................
MCS 6........................................
MCS 7........................................
MCS 8........................................
MCS 9........................................
MCS 10.......................................
MCS 11.......................................
MCS 12.......................................
MCS 13.......................................
MCS 14.......................................
MCS 15.......................................
802.11n Status:
A-MPDU Tx:
Priority 0...............................
Priority 1...............................
Priority 2...............................
Priority 3...............................
Priority 4...............................
Priority 5...............................
Priority 6...............................
Priority 7...............................

Enabled
Enabled
Enabled
Enabled
Enabled
Mandatory
Supported
Mandatory
Supported
Mandatory
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Enabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

680

OL-31334-01

show Commands

Beacon Interval.................................. 100

CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
--More-- or (q)uit
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Enabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admission Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0

This example shows how to display basic 802.11h network settings:

> show
802.11h
802.11h
802.11h

Related Commands

802.11h
......................................... powerconstraint : 0
......................................... channelswitch : Disable
......................................... channelswitch mode : 0

show ap stats
show ap summary
show client summary
show network
show network summary
show port
show wlan

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

681

show Commands

show 802.11 media-stream

To display the multicast-direct configuration state, use the show 802.11 media-stream command.
show 802.11 {a | b | h} media-stream media_stream_name

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

Specifies the 802.11h network.

media_stream_name

Specified media stream name.

Command Default

None.

Examples

This example shows how to display the media-stream configuration:

> show 802.11a media-stream rrc
Multicast-direct.................................
Best Effort......................................
Video Re-Direct..................................
Max Allowed Streams Per Radio....................
Max Allowed Streams Per Client...................
Max Video Bandwidth..............................
Max Voice Bandwidth..............................
Max Media Bandwidth..............................
Min PHY Rate.....................................
Max Retry Percentage.............................

Related Commands

Enabled
Disabled
Enabled
Auto
Auto
0
75
85
6000
80

show media-stream group summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

682

OL-31334-01

show Commands

show media-stream client

To display the details for a specific media-stream client or a set of clients, use the show media-stream client
command.
show media-stream client {media-stream_name | summary}

Syntax Description

media-stream_name

Name of the media-stream client of which the details is to be displayed.

summary

Displays the details for a set of media-stream clients.

Command Default

None.

Examples

This example shows how to display a summary media-stream clients:

> show media-stream client summary
Number of Clients................................ 1
Client Mac
Stream Name Stream Type Radio WLAN
----------------- ----------- ----------- ---- ---00:1a:73:dd:b1:12 mountainview MC-direct
2.4
2

Related Commands

QoS
Status
------ ------Video Admitted

show media-stream group summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

683

show Commands

show media-stream group detail

To display the details for a specific media-stream group, use the show media-stream group detail command.
show media-stream group detail media-stream_name

Syntax Description

media-stream_name

Name of the media-stream group.

Command Default

None.

Examples

This example shows how to display media-stream group configuration details:

> show media-stream group detail abc
Media Stream Name................................
Start IP Address.................................
End IP Address...................................
RRC Parameters
Avg Packet Size(Bytes)..........................
Expected Bandwidth(Kbps)........................
Policy..........................................
RRC re-evaluation...............................
QoS.............................................
Status..........................................
Usage Priority..................................
Violation.......................................

Related Commands

abc
227.8.8.8
227.9.9.9
1200
300
Admit
periodic
Video
Multicast-direct
5
drop

show media-stream group summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

684

OL-31334-01

config Commands

show media-stream group summary

To display the summary of the media stream and client information, use the show media-stream group
summary command.
show media-stream group summary

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display a summary of the media-stream group:

> show media-stream group summary
Stream Name
Start IP
End IP
Operation Status
------------- -------------- -------------- ---------------abc
227.8.8.8
227.9.9.9
Multicast-direct

Related Commands

show 802.11 media-stream client

show media-stream client
show media-stream group detail

config Commands
This section lists the config commands to configure VideoStream settings on the controller.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

685

config Commands

config 802.11 cac video acm

To enable or disable video Call Admission Control (CAC) for the 802.11a or 802.11b/g network, use the
config 802.11 cac video acm command.
config 802.11{a | b} cac video acm {enable | disable}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables video CAC settings.

disable

Disables video CAC settings.

Command Default

The default video CAC settings for the 802.11a or 802.11b/g network is disabled.

Usage Guidelines

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the video CAC for the 802.11a network:
(Cisco Controller) > config 802.11 cac video acm enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

686

OL-31334-01

config Commands

The following example shows how to disable the video CAC for the 802.11b network:
(Cisco Controller) > config 802.11 cac video acm disable

Related Commands

config 802.11 cac video max-bandwidth

config 802.11 cac video roam-bandwidth
config 802.11 cac video tspec-inactivity-timeout

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

687

config Commands

config 802.11 cac video cac-method

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

static

load-based

Enables the load-based CAC method for video applications on the

Command Default

Static.

Usage Guidelines

Cisco Wireless LAN Controller Command Reference, Release 8.0

688

OL-31334-01

config Commands

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This example shows how to enable the static CAC method for video applications on the 802.11a network:
(Cisco Controller) > config 802.11 cac video cac-method static

Related Commands

show cac voice stats

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

689

config Commands

config 802.11 cac video load-based

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables load-based CAC for video applications on the 802.11a or

disable

Disables load-based CAC method for video applications on the 802.11a

or 802.11b/g network.

Command Default

Disabled.

Usage Guidelines

Cisco Wireless LAN Controller Command Reference, Release 8.0

690

OL-31334-01

config Commands

Note

Command History

Examples

Load-based CAC is not supported if SIP-CAC is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This example shows how to enable load-based CAC method for video applications on the 802.11a network:
(Cisco Controller) > config 802.11 cac video load-based enable

Related Commands

show cac voice stats

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

691

config Commands

config 802.11 cac video max-bandwidth

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

bandwidth

Bandwidth percentage value from 5 to 85%.

Command Default

The default maximum bandwidth allocated to clients for video applications on the 802.11a or 802.11b/g
network is 0%.

Usage Guidelines

The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. Once the client
reaches the value specified, the access point rejects new calls on this network.

Note

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

692

OL-31334-01

config Commands

Examples

Related Commands

config 802.11 cac video acm

config 802.11 cac video roam-bandwidth
config 802.11 cac voice stream-size
config 802.11 cac voice roam-bandwidth

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

693

config Commands

config 802.11 cac media-stream

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

multicast-direct

Configures CAC parameters for multicast-direct media streams.

max-retry-percent

Configures the percentage of maximum retries that are allowed

for multicast-direct media streams.

retry-percentage

Percentage of maximum retries that are allowed for

multicast-direct media streams.

min-client-rate

Configures the minimum transmission data rate to the client

for multicast-direct media streams.

dot11-rate

Minimum transmission data rate to the client for multicast-direct

Command Default

Usage Guidelines

Cisco Wireless LAN Controller Command Reference, Release 8.0

694

OL-31334-01

config Commands

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Related Commands

show cac voice stats

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

695

config Commands

config 802.11 cac multimedia

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

max-bandwidth

Configures the percentage of maximum bandwidth

allocated to Wi-Fi Multimedia (WMM) clients for
voice and video applications on the 802.11a or
802.11b/g network.

bandwidth

Percentage of the maximum bandwidth allocated

Command Default

The default maximum bandwidth allocated to Wi-Fi Multimedia (WMM) clients for voice and video applications
on the 802.11a or 802.11b/g network is 85%.

Usage Guidelines

Cisco Wireless LAN Controller Command Reference, Release 8.0

696

OL-31334-01

config Commands

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Related Commands

show cac voice stats

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

697

config Commands

config 802.11 cac video roam-bandwidth

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

bandwidth

Bandwidth percentage value from 5 to 85%.

Command Default

The maximum allocated bandwidth reserved for roaming video clients on the 802.11a or 802.11b/g network
is 0%.

Usage Guidelines

The controller reserves the specified bandwidth from the maximum allocated bandwidth for roaming video
clients.

Note

Examples

Cisco Wireless LAN Controller Command Reference, Release 8.0

698

OL-31334-01

config Commands

Related Commands

config 802.11 cac video tspec-inactivity-timeout

config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video cac-method
config 802.11 cac video sip
config 802.11 cac video load-based

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

699

config Commands

config 802.11 cac video sip

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

disable

Disables video CAC for non-TSPEC SIP clients using video

applications on the 802.11a or 802.11b/g network.

Command Default

None

Usage Guidelines

CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are
planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS)
level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11 {a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable command.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Enable call snooping on the WLAN on which the SIP client is present by entering the config wlan
call-snoop enable wlan_id command.

Examples

The following example shows how to enable video CAC for non-TSPEC SIP clients using video applications
on the 802.11a network:
(Cisco Controller) > config 802.11 cac video sip enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

700

OL-31334-01

config Commands

Related Commands

config 802.11 cac video tspec-inactivity-timeout

config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video cac-method
config 802.11 cac video load-based
config 802.11 cac video roam-bandwidth

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

701

config Commands

config 802.11 cac video tspec-inactivity-timeout

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Processes the TSPEC inactivity timeout messages.

ignore

Ignores the TSPEC inactivity timeout messages.

Command Default

The default CAC WMM TSPEC inactivity timeout received from an access point is disabled (ignore).

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Examples

This example shows how to process the response to TSPEC inactivity timeout messages received from an
access point:
(Cisco Controller) > config 802.11a cac video tspec-inactivity-timeout enable

This example shows how to ignore the response to TSPEC inactivity timeout messages received from an
access point:
(Cisco Controller) > config 802.11a cac video tspec-inactivity-timeout ignore

Related Commands

config 802.11 cac video acm

Cisco Wireless LAN Controller Command Reference, Release 8.0

702

OL-31334-01

config Commands

config 802.11 cac video max-bandwidth

config 802.11 cac video roam-bandwidth

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

703

config Commands

config 802.11 cac voice acm

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the bandwidth-based CAC.

disable

Disables the bandwidth-based CAC.

Command Default

The default bandwidth-based voice CAC for the 802.11a or 802.11b/g network id disabled.

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Examples

This example shows how to enable the bandwidth-based CAC:

(Cisco Controller) > config 802.11c cac voice acm enable

This example shows how to disable the bandwidth-based CAC:

(Cisco Controller) > config 802.11b cac voice acm disable

Related Commands

config 802.11 cac video acm

Cisco Wireless LAN Controller Command Reference, Release 8.0

704

OL-31334-01

config Commands

config 802.11 cac voice max-bandwidth

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

bandwidth

Bandwidth percentage value from 5 to 85%.

Command Default

The default maximum bandwidth allocated to clients for voice applications on the 802.11a or 802.11b/g
network is 0%.

Usage Guidelines

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

705

config Commands

Related Commands

config 802.11 cac voice roam-bandwidth

Cisco Wireless LAN Controller Command Reference, Release 8.0

706

OL-31334-01

config Commands

config 802.11 cac voice roam-bandwidth

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

bandwidth

Bandwidth percentage value from 0 to 85%.

Command Default

The default CAC maximum allocated bandwidth reserved for roaming voice clients on the 802.11a or 802.11b/g
network is 85%.

Usage Guidelines

The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. The controller reserves
the specified bandwidth from the maximum allocated bandwidth for roaming voice clients.

Note

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

707

config Commands

Examples

Related Commands

config 802.11 cac voice acm

config 802.11cac voice max-bandwidth
config 802.11 cac voice stream-size

Cisco Wireless LAN Controller Command Reference, Release 8.0

708

OL-31334-01

config Commands

config 802.11 cac voice tspec-inactivity-timeout

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Processes the TSPEC inactivity timeout messages.

ignore

Ignores the TSPEC inactivity timeout messages.

Command Default

The default WMM TSPEC inactivity timeout received from an access point is disabled (ignore).

Usage Guidelines

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the voice TSPEC inactivity timeout messages received from an
access point:
(Cisco Controller) > config 802.11 cac voice tspec-inactivity-timeout enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

709

config Commands

Related Commands

config 802.11 cac voice load-based

config 802.11 cac voice roam-bandwidth
config 802.11 cac voice acm
config 802.11cac voice max-bandwidth
config 802.11 cac voice stream-size

Cisco Wireless LAN Controller Command Reference, Release 8.0

710

OL-31334-01

config Commands

config 802.11 cac voice load-based

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables load-based CAC.

disable

Disables load-based CAC.

Command Default

The default load-based CAC for the 802.11a or 802.11b/g network is disabled.

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the voice load-based CAC parameters:
(Cisco Controller) > config 802.11a cac voice load-based enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

711

config Commands

The following example shows how to disable the voice load-based CAC parameters:
(Cisco Controller) > config 802.11a cac voice load-based disable

Related Commands

config 802.11 cac voice tspec-inactivity-timeout

config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac voice stream-size

Cisco Wireless LAN Controller Command Reference, Release 8.0

712

OL-31334-01

config Commands

config 802.11 cac voice max-calls

Note

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

number

Number of calls to be allowed per radio.

Command Default

The default maximum number of voice call supported by the radio is 0, which means that there is no maximum
limit check for the number of calls.

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

713

config Commands

Examples

The following example shows how to configure the maximum number of voice calls supported by radio:
(Cisco Controller) > config 802.11 cac voice max-calls 10

Related Commands

config 802.11 cac voice roam-bandwidth

config 802.11 cac voice stream-size
config 802.11 exp-bwreq
config 802.11 cac voice tspec-inactivity-timeout
config 802.11 cac voice load-based
config 802.11 cac video acm

Cisco Wireless LAN Controller Command Reference, Release 8.0

714

OL-31334-01

config Commands

config 802.11 cac voice sip bandwidth

Note

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

bw_kbps

Bandwidth in kbps.

sample-interval

Specifies the packetization interval for SIP codec.

number_msecs

Packetization sample interval in msecs. The sample interval for SIP codec is 20
seconds.

Command Default

None

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

715

config Commands

Examples

The following example shows how to configure the bandwidth and voice packetization interval for a SIP
codec:
(Cisco Controller) > config 802.11 cac voice sip bandwidth 10 sample-interval 40

Related Commands

config 802.11 cac voice acm

config 802.11 cac voice load-based
config 802.11 cac voice max-bandwidth
config 802.11 cac voice roam-bandwidth
config 802.11 cac voice tspec-inactivity-timeout
config 802.11 exp-bwreq

Cisco Wireless LAN Controller Command Reference, Release 8.0

716

OL-31334-01

config Commands

config 802.11 cac voice sip codec

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

g711

Specifies CAC parameters for the SIP G711 codec.

g729

Specifies CAC parameters for the SIP G729 codec.

sample-interval

Specifies the packetization interval for SIP codec.

number_msecs

Packetization interval in msecs. The sample interval for SIP codec value is 20
seconds.

Command Default

The default CAC codec parameter is g711.

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia
(WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b} disable network
command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a |
b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands.
For complete instructions, see the Configuring Voice and Video Parameters section in the Configuring
Controller Settings chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

717

config Commands

Examples

The following example shows how to configure the codec name and sample interval as parameters for SIP
G711 codec:
(Cisco Controller) >

config 802.11a cac voice sip codec g711 sample-interval 40

This example shows how to configure the codec name and sample interval as parameters for SIP G729 codec:
(Cisco Controller) > config 802.11a cac voice sip codec g729 sample-interval 40

Related Commands

config 802.11 cac voice acm

config 802.11 cac voice load-based
config 802.11 cac voice max-bandwidth
config 802.11 cac voice roam-bandwidth
config 802.11 cac voice tspec-inactivity-timeout
config 802.11 exp-bwreq

Cisco Wireless LAN Controller Command Reference, Release 8.0

718

OL-31334-01

config Commands

config 802.11 cac voice stream-size

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

stream-size

Configures the maximum data rate for the stream.

stream_size

Range of stream size is between 84000 and 92100.

number

Number (1 to 5) of voice streams.

mean_datarate

Configures the mean data rate.

max-streams

Configures the mean data rate of a voice stream.

mean_datarate

Mean data rate (84 to 91.2 kbps) of a voice stream.

Command Default

The default number of streams is 2 and the mean data rate of a stream is 84 kbps.

Usage Guidelines

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

719

config Commands

Examples

Related Commands

config 802.11 cac voice acm

config 802.11 cac voice load-based
config 802.11 cac voice max-bandwidth
config 802.11 cac voice roam-bandwidth
config 802.11 cac voice tspec-inactivity-timeout
config 802.11 exp-bwreq

Cisco Wireless LAN Controller Command Reference, Release 8.0

720

OL-31334-01

config Commands

config advanced 802.11 edca-parameters

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

wmm-default

Enables the Wi-Fi Multimedia (WMM) default

parameters. Choose this option when voice or video
services are not deployed on your network.

svp-voice

Enables Spectralink voice priority parameters. Choose

this option if Spectralink phones are deployed on your
network to improve the quality of calls.

optimized-voice

Enables EDCA voice-optimized profile parameters.

Choose this option when voice services other than
Spectralink are deployed on your network.

optimized-video-voice

Enables EDCA voice- and video-optimized profile

parameters. Choose this option when both voice and
video services are deployed on your network.
Note

Enables custom voice EDCA parameters for 802.11a.

The EDCA parameters under this option also match the
6.0 WMM EDCA parameters when this profile is
applied.

custom-voice

Command Default

Command History

If you deploy video services, admission control

(ACM) must be disabled.

The default EDCA parameter is wmm-default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

721

config Commands

Examples

This example shows how to enable Spectralink voice priority parameters:

(Cisco Controller) > config advanced 802.11 edca-parameters svp-voice

Related Commands

show 802.11a
config advanced 802.11b edca-parameters

Cisco Wireless LAN Controller Command Reference, Release 8.0

722

OL-31334-01

config Commands

config 802.11 media-stream multicast-direct

To configure the media stream multicast-direct parameters for the 802.11 networks, use the config 802.11
media-stream multicast-direct command.
config 802.11{a | b} media-stream multicast-direct {admission-besteffort {enable | disable} |
{client-maximum | radio-maximum} {value | no-limit } | enable | disable}

Syntax Description

802.11a

Specifies the 802.11a network.

802.11b

Specifies the 802.11b/g network.

admission-besteffort

Admits media stream to best-effort queue.

enable

Enables multicast-direct on a 2.4-GHz or a 5-GHz band.

disable

Disables multicast-direct on a 2.4-GHz or a 5-GHz band.

client-maximum

Specifies the maximum number of streams allowed on a client.

radio-maximum

Specifies the maximum number of streams allowed on a 2.4-GHz or a 5-GHz

band.

value

Number of streams allowed on a client or on a 2.4-GHz or a 5-GHz band, between

1 to 20.

no-limit

Specifies the unlimited number of streams allowed on a client or on a 2.4-GHz

or a 5-GHz band.

Command Default

None.

Usage Guidelines

Before you configure the media stream multicast-direct parameters on a 802.11 network, ensure that the
network is nonoperational.

Examples

This example shows how to enable a media stream multicast-direct settings on an 802.11a network:
> config 802.11a media-stream multicast-direct enable

This example shows how to admit the media stream to the best-effort queue:
> config 802.11a media-stream multicast-direct admission-besteffort enable

This example shows how to set the maximum number of streams allowed on a client:
> config 802.11a media-stream multicast-direct client-maximum 10

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

723

config Commands

Related Commands

config 802.11 media-stream video-redirect

show 802.11a media-stream name
show media-stream group summary
show media-stream group detail

Cisco Wireless LAN Controller Command Reference, Release 8.0

724

OL-31334-01

config Commands

config 802.11 media-stream video-redirect

To configure the media stream video-redirect for the 802.11 networks, use the config 802.11 media-stream
video-redirect command.
config 802.11{a | b} media-stream video-redirect {enable | disable}

Syntax Description

802.11a

Specifies the 802.11a network.

802.11b

Specifies the 802.11b/g network.

enable

Enables traffic redirection.

disable

Disables traffic redirection.

Command Default

None.

Usage Guidelines

Before you configure the media stream video-redirect on a 802.11 network, ensure that the network is
nonoperational.

Examples

This example shows how to enable media stream traffic redirection on an 802.11a network:
> config 802.11a media-stream video-redirect enable

Related Commands

config 802.11 media-stream multicast-redirect

show 802.11a media-stream name
show media-stream group summary
show media-stream group detail

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

725

config Commands

config media-stream multicast-direct

To configure the media-stream multicast direct, use the config media-stream multicast direct command.
config media-stream multicast-direct {enable | disable}

Syntax Description

enable

Enables a media stream.

disable

Disables a media stream.

Command Default

None.

Usage Guidelines

Media-stream multicast-direct requires load based Call Admission Control (CAC) to run.

Examples

This example shows how to enable media-stream multicast-direct settings:

> config media-stream multicast-direct enable

This example shows how to disable media-stream multicast-direct settings:

> config media-stream multicast-direct disable

Related Commands

config 802.11 media-stream video-redirect

show 802.11a media-stream name
show media-stream group summary
show media-stream group detail

Cisco Wireless LAN Controller Command Reference, Release 8.0

726

OL-31334-01

config Commands

config media-stream message

To configure various parameters of message configuration, use the config media-stream message command.
config media-stream message {state [enable | disable] | url url | email email | phone phone_number |note
note}

Syntax Description

state

Specifies the media stream message state.

enable

(Optional) Enables the session announcement message state.

disable

(Optional) Disables the session announcement message state.

url

Configures the URL.

url

Session announcement URL.

Configures the email ID.

Specifies the session announcement e-mail.

phone

Configures the phone number.

phone_number

Session announcement phone number.

note

Configures the notes.

note

Session announcement notes.

Command Default

Disabled.

Usage Guidelines

Media-stream multicast-direct requires load-based Call Admission Control (CAC) to run.

Examples

This example shows how to enable the session announcement message state:
config media-stream message state enable
This example shows how to configure the session announcement e-mail address:
>

Related Commands

config media-stream message mail [email protected]

config media-stream
show 802.11a media-stream name
show media-stream group summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

727

config Commands

show media-stream group detail

Cisco Wireless LAN Controller Command Reference, Release 8.0

728

OL-31334-01

config Commands

config media-stream add

To configure the various global media-stream configurations, use the config media-stream add command.
config media-stream add multicast-direct media_stream_name start-IP end-IP [template {very coarse |
coarse | ordinary | low-resolution | med-resolution | high-resolution} | detail {bandwidth packet-size
{periodic| initial}} qos priority {drop | fallback}

Syntax Description

multicast-direct

Specifies the media stream for the multicast-direct setting.

media_stream_name

Media-stream name.

start-IP

IP multicast destination start address.

end-IP

IP multicast destination end address.

template

(Optional) Configures the media stream from templates.

very coarse

Applies a very-coarse template.

coarse

Applies a coarse template.

ordinary

Applies an ordinary template.

low-resolution

Applies a low-resolution template.

med-resolution

Applies a medium-resolution template.

high-resolution

Applies a high-resolution template.

detail

Configures the media stream with specific parameters.

bandwidth

Maximum expected stream bandwidth.

packet-size

Average packet size.

periodic

Specifies the periodic admission evaluation.

initial

Specifies the Initial admission evaluation.

qos

AIR QoS class (video only).

priority

Media-stream priority.

drop

Specifies that the stream is dropped on a periodic

reevaluation.

fallback

Specifies if the stream is demoted to the best-effort class

on a periodic reevaluation.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

729

config Commands

Command Default

None.

Usage Guidelines

Media-stream multicast-direct requires load-based Call Admission Control (CAC) to run.

Examples

This example shows how to configure a new media stream:

> config media-stream add multicast-direct abc 227.8.8.8 227.9.9.9 detail 2 150 periodic
video 1 drop

Related Commands

show 802.11a media-stream name

show media-stream group summary
show media-stream group detail

Cisco Wireless LAN Controller Command Reference, Release 8.0

730

OL-31334-01

config Commands

config media-stream admit

To allow traffic for a media stream group, use the config media-stream admit command.
config media-stream admit media_stream_name

Syntax Description

media_stream_name

Media-stream group name.

Command Default

None.

Usage Guidelines

When you try to allow traffic for the media stream group, you will be prompted that IGMP snooping will be
disabled and enabled again, and all clients might observe a glitch on the multicast traffic.

Examples

This example shows how to allow traffic for a media stream group:
> config media-stream admit MymediaStream

Related Commands

show 802.11a media-stream name

show media-stream group summary
show media-stream group detail

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

731

config Commands

config media-stream deny

To block traffic for a media stream group, use the config media-stream deny command.

Syntax Description

media_stream_name

Media-stream group name.

config media-stream deny media_stream_name

Command Default

None.

Usage Guidelines

When you try to block traffic for the media stream group, you will be prompted that IGMP snooping will be
disabled and enabled again, and all clients might observe a glitch on the multicast traffic.

Examples

This example shows how to block traffic for a media stream group:
> config media-stream deny MymediaStream

Related Commands

show 802.11a media-stream name

show media-stream group summary
show media-stream group detail

Cisco Wireless LAN Controller Command Reference, Release 8.0

732

OL-31334-01

config Commands

config media-stream delete

To configure the various global media-stream configurations, use the config media-stream delete command.
config media-stream delete media_stream_name

Syntax Description

media_stream_name

Media-stream name.

Command Default

None.

Usage Guidelines

Media-stream multicast-direct requires load-based Call Admission Control (CAC) to run.

Examples

This example shows how to configure the media stream named abc:
> config media-stream delete abc

Related Commands

show 802.11a media-stream name

show media-stream group summary
show media-stream group detail

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

733

config Commands

config wlan media-stream

To configure multicast-direct for a wireless LAN media stream, use the config wlan media-stream command.
config wlan media-stream multicast-direct {wlan_id | all} {enable | disable}

Syntax Description

Command Default

Command History

multicast-direct

Configures multicast-direct for a wireless LAN media stream.

wlan_id

Wireless LAN identifier between 1 and 512.

all

Configures the wireless LAN on all media streams.

enable

Enables global multicast to unicast conversion.

disable

Disables global multicast to unicast conversion.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Media stream multicast-direct requires load based Call Admission Control (CAC) to run. WLAN quality of
service (QoS) needs to be set to either gold or platinum.

Examples

The following example shows how to enable the global multicast-direct media stream with WLAN ID 2:
(Cisco Controller) >config wlan media-stream multicast-direct 2 enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

734

OL-31334-01

PART

Security Commands
CLI Commands, page 737

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

737

show Commands

show Commands
This section lists the show commands to display information about your security configuration settings for
the controller.

Cisco Wireless LAN Controller Command Reference, Release 8.0

738

OL-31334-01

show Commands

show 802.11
To display basic 802.11a, 802.11b/g, or 802.11h network settings, use the show 802.11 command.
show 802.11{a | b | h}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

Specifies the 802.11h network.

Command Default

None.

Examples

This example shows to display basic 802.11a network settings:

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

739

show Commands

Beacon Interval.................................. 100

This example shows how to display basic 802.11h network settings:

> show
802.11h
802.11h
802.11h

Related Commands

show ap stats
show ap summary
show client summary
show network
show network summary
show port
show wlan

Cisco Wireless LAN Controller Command Reference, Release 8.0

740

OL-31334-01

show Commands

show aaa auth

To display the configuration settings for the AAA authentication server database, use the show aaa auth
command.
show aaa auth

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the configuration settings for the AAA authentication server
database:
(Cisco Controller) > show aaa auth

Management authentication server order:

1............................................ local
2............................................ tacacs

Related Commands

config aaa auth

config aaa auth mgmt

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

741

show Commands

show acl
To display the access control lists (ACLs) that are configured on the controller, use the show acl command.
show acl {cpu | detailed acl_name | summary | layer2 { summary | detailed acl_name } }

Syntax Description

Command Default

Command History

Examples

cpu

Displays the ACLs configured on the Cisco WLC's

central processing unit (CPU).

detailed

Displays detailed information about a specific ACL.

acl_name

ACL name. The name can be up to 32 alphanumeric

characters.

summary

Displays a summary of all ACLs configured on the

controller.

layer2

Displays the Layer 2 ACLs.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the access control lists on the CPU.
(Cisco Controller) >show acl cpu

CPU Acl Name................................

Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled
Applied to NPU.............................. No
The following example shows how to display a summary of the access control lists.
(Cisco Controller) > show acl summary

ACL Counter Status

Disabled
---------------------------------------IPv4 ACL Name
Applied
-------------------------------- ------acl1
Yes
acl2
Yes
acl3
Yes
----------------------------------------

Cisco Wireless LAN Controller Command Reference, Release 8.0

742

OL-31334-01

show Commands

IPv6 ACL Name

Applied
-------------------------------- ------acl6
No
The following example shows how to display the detailed information of the access control lists.
(Cisco Controller) > show acl detailed acl_name

Source
Destination
Source Port Dest Port
I Dir IP Address/Netmask IP Address/Netmask Prot
Range
Range
DSCP
Action Counter
- --- ------------------ ------------------ ---- --------- --------- ---------- ------1
Any 0.0.0.0/0.0.0.0
0.0.0.0/0.0.0.0
Any 0-65535 0-65535
0
Deny
0
2
In 0.0.0.0/0.0.0.0
200.200.200.0/
6
80-80 0-65535
Any Permit
0
255.255.255.0
DenyCounter :
0

Note

Related Commands

The Counter field increments each time a packet matches an ACL rule, and the DenyCounter field
increments each time a packet does not match any of the rules.

clear acl counters

config acl apply
config acl counter
config acl cpu
config acl create
config acl delete
config interface acl
config acl rule

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

743

show Commands

show acl detailed

To display detailed DNS-based ACL information, use the show acl detailed command.
show acl detailedacl_name

Syntax Description

Command Default

Command History

Examples

acl_name

Name of the access control list.

None

Release

Modification

7.6

This command was introduced.

The following is a sample output of the show acl detailed acl_name command.
(Cisco Controller) > show acl detailed android

No rules are configured for this ACL.

DenyCounter : 0
URLs configured in this ACL
--------------------------*.play.google.com
*.store.google.com

Cisco Wireless LAN Controller Command Reference, Release 8.0

744

OL-31334-01

show Commands

show acl summary

To display DNS-based ACL information, use the show acl summary command.
show aclsummary

Syntax Description

Command Default

Command History

Examples

summary

Displays DNS-based ACL information.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following is a sample output of the show acl summary command.

(Cisco Controller) > show acl summary

ACL Counter Status

Disabled
---------------------------------------IPv4 ACL Name
Applied
-------------------------------- ------android
No
StoreACL
Yes
---------------------------------------IPv6 ACL Name
Applied
-------------------------------- -------

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

745

show Commands

show advanced eap

To display Extensible Authentication Protocol (EAP) settings, use the show advanced eap command.
show advanced eap

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the EAP settings:

(Cisco Controller) > show advanced eap

EAP-Identity-Request Timeout (seconds)...........

EAP-Identity-Request Max Retries.................
EAP Key-Index for Dynamic WEP....................
EAP Max-Login Ignore Identity Response...........
EAP-Request Timeout (seconds)....................
EAP-Request Max Retries..........................
EAPOL-Key Timeout (milliseconds).................
EAPOL-Key Max Retries............................

Related Commands

1
20
0
enable
1
20
1000
2

config advanced eap

config advanced timers eap-identity-request-delay
config advanced timers eap-timeout

Cisco Wireless LAN Controller Command Reference, Release 8.0

746

OL-31334-01

show Commands

show client detail

To display IP addresses per client learned through DNS snooping (DNS-based ACL), use the show client
detail mac_address command.
show client detail mac_address

Syntax Description

Command Default

Command History

Examples

mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced.

The following is a sample output of the show client detail mac_address command.
(Cisco Controller) > show client detail 01:35:6x:yy:21:00

Client MAC Address............................... 01:35:6x:yy:21:00

Client Username ................................. test
AP MAC Address................................... 00:11:22:33:44:x0
AP Name.......................................... AP0011.2020.x111
AP radio slot Id................................. 1
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 7
Hotspot (802.11u)................................ Not Supported
BSSID............................................ 00:11:22:33:44:xx
Connected For ................................... 28 secs
Channel.......................................... 56
IP Address....................................... 10.0.0.1
Gateway Address.................................. Unknown
Netmask.......................................... Unknown
IPv6 Address..................................... xx20::222:6xyy:zeeb:2233
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Client CCX version............................... No CCX support
Re-Authentication Timeout........................ 1756
QoS Level........................................ Silver
Avg data Rate.................................... 0
Burst data Rate.................................. 0
Avg Real time data Rate.......................... 0
Burst Real Time data Rate........................ 0
802.1P Priority Tag.............................. disabled
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Enabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

747

show Commands

APSD ACs....................................... BK BE VI VO
Power Save....................................... ON
Current Rate..................................... m7
Supported Rates..................................
6.0,9.0,12.0,18.0,24.0,36.0,
............................................. 48.0,54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ No
Policy Manager State............................. SUPPLICANT_PROVISIONING
Policy Manager Rule Created...................... Yes
AAA Override ACL Name............................ android
AAA Override ACL Applied Status.................. Yes
AAA Override Flex ACL Name....................... none
AAA Override Flex ACL Applied Status............. Unavailable
AAA URL redirect.................................
https://10.0.0.3:8443/guestportal/gateway?sessionId=0a68aa72000000015272404e&action=nsp
Audit Session ID................................. 0a68aa72000000015272404e
AAA Role Type.................................... none
Local Policy Applied............................. p1
IPv4 ACL Name.................................... none
FlexConnect ACL Applied Status................... Unavailable
IPv4 ACL Applied Status.......................... Unavailable
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Layer2 ACL Name.................................. none
Layer2 ACL Applied Status........................ Unavailable
Client Type...................................... SimpleIP
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
No. of mDNS Services Advertised.................. 0
Policy Type...................................... WPA2
Authentication Key Management.................... 802.1x
Encryption Cipher................................ CCMP (AES)
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... PEAP
Interface......................................
.. management
VLAN............................................. 0
Quarantine VLAN.................................. 0
Access VLAN...................................... 0
Client Capabilities:
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Not implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 10
Fast BSS Transition........................ Not implemented
Client Wifi Direct Capabilities:
WFD capable................................ No
Manged WFD capable......................... No
Cross Connection Capable................... No
Support Concurrent Operation............... No
Fast BSS Transition Details:
Client Statistics:
Number of Bytes Received................... 123659
Number of Bytes Sent....................... 120564
Number of Packets Received................. 1375
Number of Packets Sent..................... 276

Cisco Wireless LAN Controller Command Reference, Release 8.0

748

OL-31334-01

show database summary

To display the maximum number of entries in the database, use the show database summary command.
show database summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Examples

The following is a sample output of the show database summary command:

Related Commands

2048
2048
2
0
1
1
1
1
0

config database size

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

751

show Commands

show exclusionlist
To display a summary of all clients on the manual exclusion list (blacklisted) from associating with this Cisco
wireless LAN controller, use the show exclusionlist command.
show exclusionlist

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

This command displays all manually excluded MAC addresses.

Examples

The following example shows how to display the exclusion list:

(Cisco Controller) > show exclusionlist

Related Commands

No manually disabled clients.

Dynamically Disabled Clients
---------------------------MAC Address
Exclusion Reason

Time Remaining (in secs)

----------00:40:96:b4:82:55

-----------------------51

---------------802.1X Failure

config exclusionlist

Cisco Wireless LAN Controller Command Reference, Release 8.0

752

OL-31334-01

show Commands

show ike
To display active Internet Key Exchange (IKE) security associations (SAs), use the show ike command.
show ike {brief | detailed} IP_or_MAC_address

Syntax Description

Command Default

Command History

Examples

brief

Displays a brief summary of all active IKE SAs.

detailed

Displays a detailed summary of all active IKE SAs.

IP_or_MAC_address

IP or MAC address of active IKE SA.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the active Internet Key Exchange security associations:
(Cisco Controller) > show ike brief 209.165.200.254

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

753

show Commands

show IPsec
To display active Internet Protocol Security (IPsec) security associations (SAs), use the show IPsec command.
show IPsec {brief | detailed} IP_or_MAC_address

Syntax Description

Command Default

Command History

Examples

brief

Displays a brief summary of active IPsec SAs.

detailed

Displays a detailed summary of active IPsec SAs.

IP_or_MAC_address

IP address or MAC address of a device.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display brief information about the active Internet Protocol Security
(IPsec) security associations (SAs):
(Cisco Controller) > show IPsec brief 209.165.200.254

Related Commands

config radius acct ipsec authentication

config radius acct ipsec disable
config radius acct ipsec enable
config radius acct ipsec encryption
config radius auth IPsec encryption
config radius auth IPsec authentication
config radius auth IPsec disable
config radius auth IPsec encryption
config radius auth IPsec ike
config trapflags IPsec
config wlan security IPsec disable
config wlan security IPsec enable
config wlan security IPsec authentication

Cisco Wireless LAN Controller Command Reference, Release 8.0

754

OL-31334-01

show Commands

config wlan security IPsec encryption

config wlan security IPsec config
config wlan security IPsec ike authentication
config wlan security IPsec ike dh-group
config wlan security IPsec ike lifetime
config wlan security IPsec ike phase1
config wlan security IPsec ike contivity

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

755

show Commands

show ipv6 acl

To display the IPv6 access control lists (ACLs) that are configured on the controller, use the show ipv6 acl
command.
show ipv6 acl detailed {acl_name | summary}

Syntax Description

Command Default

Command History

Examples

acl_name

IPv6 ACL name. The name can be up to 32 alphanumeric characters.

detailed

Displays detailed information about a specific ACL.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the detailed information of the access control lists:
(Cisco Controller) >show ipv6 acl detailed acl6
Rule Index.......................................
Direction........................................
IPv6 source prefix...............................
IPv6 destination prefix..........................
Protocol.........................................
Source Port Range................................
Destination Port Range...........................
DSCP.............................................
Flow label.......................................
Action...........................................
Counter..........................................
Deny Counter................................... 0

1
Any
::/0
::/0
Any
0-65535
0-65535
Any
0
Permit
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

756

OL-31334-01

show Commands

show ipv6 summary

To display the IPv6 configuration settings, use the show ipv6 summary command.
show ipv6 summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example displays the output of the show ipv6 summary command:
(Cisco Controller) >show ipv6 summary
Global Config...............................
Reachable-lifetime value....................
Stale-lifetime value........................
Down-lifetime value.........................
RA Throttling...............................
RA Throttling allow at-least................
RA Throttling allow at-most.................
RA Throttling max-through...................
RA Throttling throttle-period...............
RA Throttling interval-option...............
NS Mulitcast CacheMiss Forwarding...........
NA Mulitcast Forwarding.....................
IPv6 Capwap UDP Lite........................
Operating System IPv6 state ................

Enabled
30
300
300
Disabled
1
no-limit
5
600
ignore
Enabled
Enabled
Enabled
Enabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

757

show Commands

show l2tp
To display Layer 2 Tunneling Protocol (L2TP) sessions, use the show l2tp command.
show l2tp {summary | ip_address}

Syntax Description

Command Default

Command History

Examples

summary

Displays all L2TP sessions.

ip_address

IP address.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of all L2TP sessions:
(Cisco Controller) > show l2tp summary

LAC_IPaddr LTid LSid RTid RSid ATid ASid State

---------- ---- ---- ---- ---- ---- ---- -----

Cisco Wireless LAN Controller Command Reference, Release 8.0

758

OL-31334-01

show Commands

show ldap
To display the Lightweight Directory Access Protocol (LDAP) server information for a particular LDAP
server, use the show ldap command.
show ldap index

Syntax Description

Command Default

Command History

Examples

index

LDAP server index. Valid values are from 1 to 17.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the detailed LDAP server information:
(Cisco Controller) > show ldap 1

Server Index.....................................
Address..........................................
Port.............................................
Enabled..........................................
User DN..........................................
User Attribute...................................
User Type........................................
Retransmit Timeout...............................
Bind Method .....................................

Related Commands

1
2.3.1.4
389
Yes
name1
attr1
username1
3 seconds
Anonymous

config ldap
config ldap add
config ldap simple-bind
show ldap statistics
show ldap summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

759

show Commands

show ldap statistics

To display all Lightweight Directory Access Protocol (LDAP) server information, use the show ldap statistics
command.
show ldap statistics

Syntax Description

Command History

Examples

This command has no arguments or keywords.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the LDAP server statistics:
(Cisco Controller) > show ldap statistics

Server Index.....................................
Server statistics:
Initialized OK.................................
Initialization failed..........................
Initialization retries.........................
Closed OK......................................
Request statistics:
Received.......................................
Sent...........................................
OK.............................................
Success........................................
Authentication failed..........................
Server not found...............................
No received attributes.........................
No passed username.............................
Not connected to server........................
Internal error.................................
Retries........................................
Server Index.....................................
...

Related Commands

1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2

config ldap
config ldap add
config ldap simple-bind
show ldap
show ldap summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

760

OL-31334-01

show Commands

show ldap summary

To display the current Lightweight Directory Access Protocol (LDAP) server status, use the show ldap
summary command.
show ldap summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of configured LDAP servers:
(Cisco Controller) > show ldap summary

Idx
--1
2

Related Commands

Server Address
--------------2.3.1.4
10.10.20.22

Port
---389
389

Enabled
------Yes
Yes

config ldap
config ldap add
config ldap simple-bind
show ldap statistics
show ldap

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

761

show Commands

show local-auth certificates

To display local authentication certificate information, use the show local-auth certificates command:
show local-auth certificates

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the authentication certificate information stored locally:
(Cisco Controller) > show local-auth certificates

Related Commands

clear stats local-auth

config local-auth active-timeout
config local-auth eap-profile
config local-auth method fast
config local-auth user-credentials
debug aaa local-auth
show local-auth config
show local-auth statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

762

OL-31334-01

show Commands

show local-auth config

To display local authentication configuration information, use the show local-auth config command.
show local-auth config

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the local authentication configuration information:
(Cisco Controller) > show local-auth config

User credentials database search order:

Primary ................................... Local DB
Configured EAP profiles:
Name ...................................... fast-test
Certificate issuer .................... default
Enabled methods ....................... fast
Configured on WLANs ................... 2
EAP Method configuration:
EAP-TLS:
Certificate issuer .................... default
Peer verification options:
Check against CA certificates ..... Enabled
Verify certificate CN identity .... Disabled
Check certificate date validity ... Enabled
EAP-FAST:
TTL for the PAC ....................... 3 600
Initial client message ................ <none>
Local certificate required ............ No
Client certificate required ........... No
Vendor certificate required ........... No
Anonymous provision allowed ........... Yes
Authenticator ID ...................... 7b7fffffff0000000000000000000000
Authority Information ................. Test
EAP Profile.................................... tls-prof
Enabled methods for this profile .......... tls
Active on WLANs ........................... 1 3EAP Method configuration:
EAP-TLS:
Certificate issuer used ............... cisco
Peer verification options:
Check against CA certificates ..... disabled
Verify certificate CN identity .... disabled
Check certificate date validity ... disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

763

show Commands

Related Commands

clear stats local-auth

config local-auth active-timeout
config local-auth eap-profile
config local-auth method fast
config local-auth user-credentials
debug aaa local-auth
show local-auth certificates
show local-auth statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

764

OL-31334-01

show Commands

show local-auth statistics

To display local Extensible Authentication Protocol (EAP) authentication statistics, use the show local-auth
statistics command:
show local-auth statistics

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the local authentication certificate statistics:
(Cisco Controller) > show local-auth statistics

Local EAP authentication DB statistics:

Requests received ...............................
Responses returned ..............................
Requests dropped (no EAP AVP) ...................
Requests dropped (other reasons) ................
Authentication timeouts .........................
Authentication statistics:
Method
Success
Fail
-----------------------------------Unknown
0
0
LEAP
0
0
EAP-FAST
2
0
EAP-TLS
0
0
PEAP
0
0
Local EAP credential request statistics:
Requests sent to LDAP DB ........................
Requests sent to File DB ........................
Requests failed (unable to send) ................
Authentication results received:
Success .......................................
Fail ..........................................
Certificate operations:
Local device certificate load failures ..........
Total peer certificates checked .................
Failures:
CA issuer check ...............................
CN name not equal to identity .................
Dates not valid or expired ....................

Related Commands

14
14
0
0
0

0
2
0
2
0
0
0
0
0
0

clear stats local-auth

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

765

show Commands

config local-auth active-timeout

config local-auth eap-profile
config local-auth method fast
config local-auth user-credentials
debug aaa local-auth
show local-auth config
show local-auth certificates

Cisco Wireless LAN Controller Command Reference, Release 8.0

766

OL-31334-01

show Commands

show nac statistics

To display detailed Network Access Control (NAC) information about a Cisco wireless LAN controller, use
the show nac statistics command.
show nac statistics

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display detailed statistics of network access control settings:
(Cisco Controller) > show nac statistics

Server Index.......................................................
Server Address.....................................................
xxx.xxx.xxx.xxx
Number of requests sent............................................
Number of retransmissions..........................................
Number of requests received........................................
Number of malformed requests received..............................
Number of bad auth requests received...............................
Number of pending requests.........................................
Number of timed out requests.......................................
Number of misc dropped request received............................
Number of requests sent............................................

Related Commands

1
0
0
0
0
0
0
0
0
0

show nac summary

config guest-lan nac
config wlan nac
debug nac

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

767

show Commands

show nac summary

To display NAC summary information for a Cisco wireless LAN controller, use the show nac summary
command.
show nac summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary information of network access control settings:
(Cisco Controller) > show nac summary

NAC ACL Name ...............................................

Index Server Address
Port
State
----- ---------------------------------------- -------1
xxx.xxx.xxx.xxx
13336
Enabled

Related Commands

show nac statistics

config guest-lan nac
config wlan nac
debug nac

Cisco Wireless LAN Controller Command Reference, Release 8.0

768

OL-31334-01

show Commands

show netuser
To display the configuration of a particular user in the local user database, use the show netuser command.
show netuser {detail user_name | guest-roles | summary}

Syntax Description

Command Default

Command History

Examples

detail

Displays detailed information about the specified network user.

user_name

Network user.

guest_roles

Displays configured roles for guest users.

summary

Displays a summary of all users in the local user database.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show netuser summary command:

(Cisco Controller) > show netuser summary
Maximum logins allowed for a given username ........Unlimited

The following is a sample output of the show netuser detail command:

Related Commands

config netuser add

config netuser delete
config netuser description
config netuser guest-role apply
config netuser wlan-id
config netuser guest-roles

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

769

show Commands

show netuser guest-roles

To display a list of the current quality of service (QoS) roles and their bandwidth parameters, use the show
netuser guest-roles command.
show netuser guest-roles

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

Related Commands

config netuser add

config netuser delete
config netuser description
config netuser guest-role apply
config netuser wlan-id
show netuser guest-roles
show netuser

Cisco Wireless LAN Controller Command Reference, Release 8.0

770

OL-31334-01

show Commands

show network
To display the current status of 802.3 bridging for all WLANs, use the show network command.
show network

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display the network details:

> show network

Related Commands

config network
show network summary
show network multicast mgid detail
show network multicast mgid summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

771

show Commands

show network summary

To display the network configuration of the Cisco wireless LAN controller, use the show network summary
command.
show network summary

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display a summary configuration:

Cisco Wireless LAN Controller Command Reference, Release 8.0

772

OL-31334-01

show Commands

Web Color Theme............................. Default

CAPWAP Prefer Mode.......................... IPv4

Related Commands

config network
show network multicast mgid summary
show network multicast mgid detail
show network

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

773

show Commands

show ntp-keys
To display network time protocol authentication key details, use the show ntp-keys command.
show ntp-keys

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display NTP authentication key details:

> show ntp-keys
Ntp Authentication Key Details...................
Key Index
----------1
3

Related Commands

config time ntp

Cisco Wireless LAN Controller Command Reference, Release 8.0

774

OL-31334-01

show Commands

show policy
To display the summary of the configured policies, and the details and statistics of a policy, use the show
policy command.
show policy {summary | policy-name [statistics]}

Syntax Description

Command Default

Command History

Examples

summary

Displays the summary of configured policies.

policy-name

Name of the policy.

statistics

(Optional) Displays the statistics of a policy.

None

Release

Modification

7.5

This command was introduced.

The following is a sample output of the show policy summary command:

(Cisco Controller) > show policy summary

Number of Policies............................. 2
Policy Index
-----------1
2

Policy Name
---------------student-FullAccess
teacher-FullAccess

The following example shows how to display the details of a policy:

(Cisco Controller) > show policy student-FullAccess

Policy Index.....................................
Match Role.......................................
Match Eap Type...................................
ACL..............................................
QOS..............................................
Average Data Rate................................
Average Real Time Rate...........................
Burst Data Rate..................................
Burst Real Time Rate.............................
Vlan Id..........................................
Session Timeout..................................
Sleeping client timeout..........................

1
<none>
EAP-TLS
<none>
<none>
0
0
0
0
155
1800
12

Active Hours
------------

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

775

show Commands

Start Time
----------

End Time
--------

Day
---

Match Device Types

-----------------Android
The following example shows how to display the statistics of a policy:
(Cisco Controller) > show policy student-FullAccess statistics

Policy Index.....................................
Matching Attributes None.........................
No Policy Match..................................
Device Type Match................................
EAP Type Match...................................
Role Type Match..................................
Client Disconnected..............................
Acl Applied......................................
Vlan changed.....................................
Session Timeout Applied..........................
QoS Applied......................................
Avg Data Rate Applied............................
Avg Real Time Rate Applied.......................
Burst Data Rate Applied..........................
Burst Real Time Rate Applied.....................
Sleeping-Client-Timeout Applied..................

student-FullAccess
619
224
0
0
0
4
0
614
4
0
0
0
0
0
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

776

OL-31334-01

show Commands

show profiling policy summary

To display local device classification of the Cisco Wireless LAN Controller (WLC), use the show profiling
policy summary command.

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.5

This command was introduced.

The following is a sample output of the show profiling policy summary command:
(Cisco Controller) > show profiling policy summary

Number of Builtin Classification Profiles: 88

ID
Name
Parent Min CM Valid
==== ================================================ ====== ====== =====
0 Android

None

Yes

1 Apple-Device

None

Yes

2 Apple-MacBook

Yes

3 Apple-iPad

Yes

4 Apple-iPhone

Yes

5 Apple-iPod

Yes

6 Aruba-Device

None

Yes

7 Avaya-Device

None

Yes

None

Yes

10 Brother-Device

None

Yes

11 Canon-Device

None

Yes

12 Cisco-Device

None

Yes

13 Cisco-IP-Phone

Yes

14 Cisco-IP-Phone-7945G

Yes

15 Cisco-IP-Phone-7975

Yes

8 Avaya-IP-Phone
9 BlackBerry

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

777

show Commands

16 Cisco-IP-Phone-9971

Yes

17 Cisco-DMP

Yes

18 Cisco-DMP-4400

Yes

19 Cisco-DMP-4310

Yes

20 Cisco-DMP-4305

Yes

21 DLink-Device

None

Yes

22 Enterasys-Device

None

Yes

23 HP-Device

None

Yes

None

Yes

27 Microsoft-Device

None

Yes

28 Netgear-Device

None

Yes

29 NintendoWII

None

Yes

30 Nortel-Device

None

Yes

32 SonyPS3

None

Yes

33 XBOX360

Yes

None

Yes

37 Cisco-Access-Point

Yes

38 Cisco-IP-Conference-Station-7935

Yes

39 Cisco-IP-Conference-Station-7936

Yes

40 Cisco-IP-Conference-Station-7937

Yes

24 HP-JetDirect-Printer
25 Lexmark-Device
26 Lexmark-Printer-E260dn

31 Nortel-IP-Phone-2000-Series

34 Xerox-Device
35 Xerox-Printer-Phaser3250
36 Aruba-AP

Cisco Wireless LAN Controller Command Reference, Release 8.0

778

OL-31334-01

show Commands

show radius acct detailed

To display RADIUS accounting server information, use the show radius acct detailed command.
show radius acct detailed radius_index

Syntax Description

Command Default

Command History

Examples

radius_index

Radius server index. The range is from 1 to 17.

None

Release

Modification

8.0

This command was introduced.

The following example shows how to display RADIUS accounting server information:
(Cisco Controller) > show radius acct detailed 5

Radius Index........5
NAI Realms..........LAB.VTV.BLR.cisco.co.in

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

779

show Commands

show radius acct statistics

To display the RADIUS accounting server statistics for the Cisco wireless LAN controller, use the show
radius acct statistics command.
show radius acct statistics

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display RADIUS accounting server statistics:
(Cisco Controller) > show radius acct statistics

Accounting Servers:
Server Index.....................................
Server Address...................................
Msg Round Trip Time..............................
First Requests...................................
Retry Requests...................................
Accounting Responses.............................
Malformed Msgs...................................
Bad Authenticator Msgs...........................
Pending Requests.................................
Timeout Requests.................................
Unknowntype Msgs.................................
Other Drops......................................

Related Commands

1
10.1.17.10
0 (1/100 second)
0
0
0
0
0
0
0
0
0

config radius acct

config radius acct ipsec authentication
config radius acct ipsec disable
config radius acct network
show radius auth statistics
show radius summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

780

OL-31334-01

show Commands

show radius auth detailed

To display RADIUS authentication server information, use the show radius auth detailed command.
show radius auth detailed radius_index

Syntax Description

Command Default

Command History

Examples

radius_index

Radius server index. The range is from 1 to 17.

None

Release

Modification

8.0

This command was introduced.

The following example shows how to display RADIUS authentication server information:
(Cisco Controller) > show radius auth detailed 1

Radius Index........1
NAI Realms..........LAB.VTV.BLR.cisco.co.in

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

781

show Commands

show radius auth statistics

To display the RADIUS authentication server statistics for the Cisco wireless LAN controller, use the show
radius auth statistics command.
show radius auth statistics
This command has no arguments or keyword.

Command Default

Command History

Examples

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display RADIUS authentication server statistics:
(Cisco Controller) > show radius auth statistics

Authentication Servers:
Server Index.....................................
Server Address...................................
Msg Round Trip Time..............................
First Requests...................................
Retry Requests...................................
Accept Responses.................................
Reject Responses.................................
Challenge Responses..............................
Malformed Msgs...................................
Bad Authenticator Msgs...........................
Pending Requests.................................
Timeout Requests.................................
Unknowntype Msgs.................................
Other Drops......................................

Related Commands

1
1.1.1.1
0 (1/100 second)
0
0
0
0
0
0
0
0
0
0
0

config radius auth

config radius auth management
config radius auth network
show radius summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

782

OL-31334-01

show Commands

show radius avp-list

To display RADIUS VSA AVPs, use the show radius avp-list command.
show radius avp-list profile-name

Syntax Description

Command Default

Command History

Examples

profile-name

Profile name for which downloaded AVPs to be

shown.

None

Release

Modification

8.0

This command was introduced.

The following example shows how to display RADIUS VSA AVPs:

(Cisco Controller) > show radius avp-list

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

783

show Commands

show radius summary

To display the RADIUS authentication and accounting server summary, use the show radius summary
command.
show radius summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a RADIUS authentication server summary:
(Cisco Controller) > show radius summary

Vendor Id Backward Compatibility................. Disabled

Credentials Caching.............................. Disabled
Call Station Id Type............................. IP Address
Administrative Authentication via RADIUS......... Enabled
Authentication Servers
Index Type Server Address
Port
State
Tout RFC-3576 IPsec AuthMod
e/Phase1/Group/Lifetime/Auth/Encr
----- ---- ---------------- ------ -------- ---- -------- ----------------------------------------------Accounting Servers
Index Type Server Address
Port
State
Tout RFC-3576 IPsec AuthMod
e/Phase1/Group/Lifetime/Auth/Encr
----- ---- ---------------- ------ -------- ---- -------- -----------------------------------------------

Related Commands

show radius auth statistics

show radius acct statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

784

OL-31334-01

show Commands

show rules
To display the active internal firewall rules, use the show rules command.
show rules

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display active internal firewall rules:
(Cisco Controller) > show rules

-------------------------------------------------------Rule ID.............: 3
Ref count...........: 0
Precedence..........: 99999999
Flags...............: 00000001 ( PASS )
Source IP range:
(Local stack)
Destination IP range:
(Local stack)
-------------------------------------------------------Rule ID.............: 25
Ref count...........: 0
Precedence..........: 99999999
Flags...............: 00000001 ( PASS )
Service Info
Service name........: GDB
Protocol............: 6
Source port low.....: 0
Source port high....: 0
Dest port low.......: 1000
Dest port high......: 1000
Source IP range:
IP High............: 0.0.0.0
Interface..........: ANY
Destination IP range:
(Local stack)
--------------------------------------------------------

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

785

show Commands

show switchconfig
To display parameters that apply to the Cisco wireless LAN controller, use the show switchconfig command.
show switchconfig

Syntax Description

This command has no arguments or keywords.

Command Default

Enabled.

Examples

Related Commands

Disabled
Enabled
Enabled
Enabled

config switchconfig mode

config switchconfig secret-obfuscation
config switchconfig strong-pwd
config switchconfig flowcontrol
config switchconfig fips-prerequisite
show stats switch

Cisco Wireless LAN Controller Command Reference, Release 8.0

786

OL-31334-01

show Commands

show rogue adhoc custom summary

To display information about custom rogue ad-hoc rogue access points, use the show rogue adhoc custom
summary command.
show rogue adhoc custom summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display details of custom rogue ad-hoc rogue access points:
(Cisco Controller) > show rogue adhoc custom summary

Number of Adhocs............................0
MAC Address
State
# APs # Clients Last Heard
----------------- ------------------ ----- -------------------------------

Related Commands

show rogue adhoc detailed

show rogue adhoc summary
show rogue adhoc friendly summary
show rogue adhoc malicious summary
show rogue adhoc unclassified summary
config rogue adhoc

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

787

show Commands

show rogue adhoc detailed

To display details of an ad-hoc rogue access point detected by the Cisco wireless LAN controller, use the
show rogue adhoc client detailed command.
show rogue adhoc detailed MAC_address

Syntax Description

Command Default

Command History

Examples

MAC_address

Adhoc rogue MAC address.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display detailed ad-hoc rogue MAC address information:
(Cisco Controller) > show rogue adhoc client detailed 02:61:ce:8e:a8:8c

Adhoc Rogue MAC address.......................... 02:61:ce:8e:a8:8c

Adhoc Rogue BSSID................................ 02:61:ce:8e:a8:8c
State............................................ Alert
First Time Adhoc Rogue was Reported.............. Tue Dec 11 20:45:45
2007
Last Time Adhoc Rogue was Reported............... Tue Dec 11 20:45:45
2007
Reported By
AP 1
MAC Address.............................. 00:14:1b:58:4a:e0
Name..................................... AP0014.1ced.2a60
Radio Type............................... 802.11b
SSID..................................... rf4k3ap
Channel.................................. 3
RSSI..................................... -56 dBm
SNR...................................... 15 dB
Encryption............................... Disabled
ShortPreamble............................ Disabled
WPA Support.............................. Disabled
Last reported by this AP............... Tue Dec 11 20:45:45 2007

Related Commands

config rogue adhoc

show rogue ignore-list
show rogue rule summary
show rogue rule detailed

Cisco Wireless LAN Controller Command Reference, Release 8.0

788

OL-31334-01

show Commands

config rogue rule

show rogue adhoc summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

789

show Commands

show rogue adhoc friendly summary

To display information about friendly rogue ad-hoc rogue access points, use the show rogue adhoc friendly
summary command.
show rogue adhoc friendly summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display information about friendly rogue ad-hoc rogue access points:
(Cisco Controller) > show rogue adhoc friendly summary

Number of Adhocs............................0
MAC Address
State
# APs # Clients Last Heard
----------------- ------------------ ----- -------------------------------

Related Commands

show rogue adhoc custom summary

show rogue adhoc detailed
show rogue adhoc summary
show rogue adhoc malicious summary
show rogue adhoc unclassified summary
config rogue adhoc

Cisco Wireless LAN Controller Command Reference, Release 8.0

790

OL-31334-01

show Commands

show rogue adhoc malicious summary

To display information about malicious rogue ad-hoc rogue access points, use the show rogue adhoc malicious
summary command.
show rogue adhoc malicious summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display details of malicious rogue ad-hoc rogue access points:
(Cisco Controller) > show rogue adhoc malicious summary

Number of Adhocs............................0
MAC Address
State
# APs # Clients Last Heard
----------------- ------------------ ----- -------------------------------

Related Commands

show rogue adhoc custom summary

show rogue adhoc detailed
show rogue adhoc summary
show rogue adhoc friendly summary
show rogue adhoc unclassified summary
config rogue adhoc

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

791

show Commands

show rogue adhoc unclassified summary

To display information about unclassified rogue ad-hoc rogue access points, use the show rogue adhoc
unclassified summary command.
show rogue adhoc unclassified summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display information about unclassified rogue ad-hoc rogue access points:
(Cisco Controller) > show rogue adhoc unclassified summary

Number of Adhocs............................0
MAC Address
State
# APs # Clients Last Heard
----------------- ------------------ ----- -------------------------------

Related Commands

show rogue adhoc custom summary

show rogue adhoc detailed
show rogue adhoc summary
show rogue adhoc friendly summary
show rogue adhoc malicious summary
config rogue adhoc

Cisco Wireless LAN Controller Command Reference, Release 8.0

792

OL-31334-01

show Commands

show rogue adhoc summary

To display a summary of the ad-hoc rogue access points detected by the Cisco wireless LAN controller, use
the show rogue adhoc summary command.
show rogue adhoc summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of all ad-hoc rogues:
(Cisco Controller) > show rogue adhoc summary

Detect and report Ad-Hoc Networks................ Enabled

Client MAC Address
Adhoc BSSID
State # APs
Last Heard
---------------------------------------xx:xx:xx:xx:xx:xx
super
Alert
1
Sat Aug 9 21:12:50
2004
xx:xx:xx:xx:xx:xx
Alert
1
Aug 9 21:12:50
2003
xx:xx:xx:xx:xx:xx
Alert
1
Sat Aug 9 21:10:50
2003

Related Commands

config rogue adhoc

show rogue ignore-list
show rogue rule summary
show rogue rule detailed
config rogue rule
show rogue adhoc detailed

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

793

show Commands

show rogue ap custom summary

To display information about custom rogue ad-hoc rogue access points, use the show rogue ap custom
summary command.
show rogue ap custom summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display details of custom rogue ad-hoc rogue access points:
(Cisco Controller) > show rogue ap custom summary

Number of APs............................0
MAC Address
State
# APs # Clients Last Heard
----------------- ------------------ ----- -------------------------------

Related Commands

config rogue adhoc

config rogue ap classify
config rogue ap friendly
config rogue ap rldp
config rogue ap timeout
config rogue ap valid-client
config rogue client
config trapflags rogueap
show rogue ap clients
show rogue ap detailed
show rogue ap summary
show rogue ap malicious summary
show rogue ap unclassified summary
show rogue client detailed

Cisco Wireless LAN Controller Command Reference, Release 8.0

794

OL-31334-01

show Commands

show rogue client summary

show rogue ignore-list
show rogue rule detailed
show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

795

show Commands

show rogue ap clients

To display details of rogue access point clients detected by the Cisco wireless LAN controller, use the show
rogue ap clients command.
show rogue ap clients ap_mac_address

Syntax Description

Command Default

Command History

Examples

ap_mac_address

Rogue access point MAC address.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display details of rogue access point clients:
(Cisco Controller) > show rogue ap clients xx:xx:xx:xx:xx:xx

MAC Address State # APs Last Heard

----------------- ------------------ ----- ------------------------00:bb:cd:12:ab:ff Alert 1 Fri Nov 30 11:26:23 2007

Related Commands

config rogue adhoc

config rogue ap classify
config rogue ap friendly
config rogue ap rldp
config rogue ap timeout
config rogue ap valid-client
config rogue client
config trapflags rogueap
show rogue ap detailed
show rogue ap summary
show rogue ap friendly summary
show rogue ap malicious summary
show rogue ap unclassified summary
show rogue client detailed

Cisco Wireless LAN Controller Command Reference, Release 8.0

796

OL-31334-01

show Commands

show rogue client summary

show rogue ignore-list
show rogue rule detailed
show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

797

show Commands

show rogue ap detailed

To display details of a rogue access point detected by the Cisco wireless LAN controller, use the show rogue-ap
detailed command.
show rogue ap detailed ap_mac_address

Syntax Description

Command Default

Command History

Examples

ap_mac_address

Rogue access point MAC address.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display detailed information of a rogue access point:
(Cisco Controller) > show rogue ap detailed xx:xx:xx:xx:xx:xx

Rogue BSSID...................................... 00:0b:85:63:d1:94

Is Rogue on Wired Network........................ No
Classification................................... Unclassified
State............................................ Alert
First Time Rogue was Reported.................... Fri Nov 30 11:24:56
2007
Last Time Rogue was Reported..................... Fri Nov 30 11:24:56
2007
Reported By
AP 1
MAC Address.............................. 00:12:44:bb:25:d0
Name..................................... flexconnect
Radio Type............................... 802.11g
SSID..................................... edu-eap
Channel.................................. 6
RSSI..................................... -61 dBm
SNR...................................... -1 dB
Encryption............................... Enabled
ShortPreamble............................ Enabled
WPA Support.............................. Disabled
Last reported by this AP.............. Fri Nov 30 11:24:56 2007
This example shows how to display detailed information of a rogue access point with a customized
classification:
(Cisco Controller) > show rogue ap detailed xx:xx:xx:xx:xx:xx

Rogue BSSID...................................... 00:17:0f:34:48:a0

Is Rogue on Wired Network........................ No
Classification................................... custom

Cisco Wireless LAN Controller Command Reference, Release 8.0

798

OL-31334-01

show Commands

Severity Score .................................. 1

Class Name........................................VeryMalicious
Class Change by.................................. Rogue Rule
Classified at ................................... -60 dBm
Classified by.................................... c4:0a:cb:a1:18:80
State............................................
State change by..................................
First Time Rogue was Reported....................
2012
Last Time Rogue was Reported.....................
2012
Reported By
AP 1
MAC Address..............................
Name.....................................
Radio Type...............................
SSID.....................................
Channel..................................
RSSI.....................................
SNR......................................
Encryption...............................
ShortPreamble............................
WPA Support..............................
Last reported by this AP.................
2012

Related Commands

Contained
Rogue Rule
Mon Jun 4 10:31:18
Mon Jun

4 10:31:18

c4:0a:cb:a1:18:80
SHIELD-3600-2027
802.11g
sri
11
-87 dBm
4 dB
Enabled
Enabled
Enabled
Mon Jun 4 10:31:18

config rogue adhoc

config rogue ap classify
config rogue ap friendly
config rogue ap rldp
config rogue ap timeout
config rogue ap valid-client
config rogue client
config trapflags rogueap
show rogue ap clients
show rogue ap summary
show rogue ap friendly summary
show rogue ap malicious summary
show rogue ap unclassified summary
show rogue client detailed
show rogue client summary
show rogue ignore-list
show rogue rule detailed
show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

799

show Commands

show rogue ap summary

To display a summary of the rogue access points detected by the Cisco wireless LAN controller, use the show
rogue-ap summary command.
show rogue ap summary{ssid| channel}

Syntax Description

Command Default

Command History

Examples

ssid

Displays specific user-configured SSID of the rogue

access point.

channel

Displays specific user-configured radio type and

channel of the rogue access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

Location Discovery Protocol................

ap timeout.................................
on wire Auto-Contain.......................
using our SSID Auto-Contain................
client on rogue AP Auto-Contain............
AP timeout.................................
Detection Report Interval..................
Detection Min Rssi.........................
Detection Transient Interval...............
Detection Client Num Thershold.............
Rogues(AP+Ad-hoc) supported................
Rogues classified..........................

MAC Address
----------------xx:xx:xx:xx:xx:xx
xx:xx:xx:xx:xx:xx
xx:xx:xx:xx:xx:xx
xx:xx:xx:xx:xx:xx

Classification
-----------------friendly
malicious
malicious
malicious

# APs
----1
1
1
1

Disabled
1200
Disabled
Disabled
Disabled
1200
10
-128
0
0
2000
729

# Clients
--------0
0
0
0

Last Heard
----------------------Thu Aug 4 18:57:11 2005
Thu Aug 4 19:00:11 2005
Thu Aug 4 18:57:11 2005
Thu Aug 4 18:57:11 2005

The following example shows how to display a summary of all rogue access points with SSID as extended
parameter.
(Cisco Controller) > show rogue ap summary ssid
MAC Address

Class

State

SSID

Security

Cisco Wireless LAN Controller Command Reference, Release 8.0

800

OL-31334-01

show Commands

-------------------------------------------------------------------------------------xx:xx:xx:xx:xx:xx
xx:xx:xx:xx:xx:xx
xx:xx:xx:xx:xx:xx
xx:xx:xx:xx:xx:xx

Unclassified
Unclassified
Pending
Unclassified

Alert
Alert
Pending
Alert

xxx
xxx
xxx
xxx

Open
Open
Open
WEP/WPA

The following example shows how to display a summary of all rogue access points with channel as extended
parameter.
(Cisco Controller) > show rogue ap summary channel
MAC Address
Class
State Det RadioType
Channel RSSIlast/Max)
-------------------------------------------------------------------------------------------------------------------xx:xx:xx:xx:xx:xx
xx:xx:xx:xx:xx:xx
xx:xx:xx:xx:xx:xx
xx:xx:xx:xx:xx:xx
xx:xx:xx:xx:xx:xx

Unclassified
Unclassified
Unclassified
Unclassified
Unclassified

Alert
Alert
Alert
Alert
Alert

802.11g
802.11g
802.11a
802.11a
802.11a

11
11
149
149
149

-53 / -48
-53 / -48
-74 / -69
-74 / -69
-74 / -69

The following example shows how to display a summary of all rogue access points with both SSID and channel
as extended parameters.
(Cisco Controller) > show rogue ap summary ssid channel
MAC Address
Class
State
SSID
Security Det RadioType
Channel RSSI(last/Max)
----------------------------------------------------------------------------------------------------------------xx:xx:xx:xx:xx:xx Unclassified Alert
dd
WEP/WPA
802.11n5G
56
-73 / -62
xx:xx:xx:xx:xx:xx Unclassified Alert
SSID IS HIDDEN
Open
802.11a
149
-68 / -66
xx:xx:xx:xx:xx:xx Unclassified Alert
wlan16
WEP/WPA
802.11n5G
149
-71 / -71
xx:xx:xx:xx:xx:xx Unclassified Alert
wlan15
WEP/WPA
802.11n5G
149
-71 / -71
xx:xx:xx:xx:xx:xx Unclassified Alert
wlan14
WEP/WPA
802.11n5G
149
-71 / -71
xx:xx:xx:xx:xx:xx Unclassified Alert
wlan13
WEP/WPA
802.11n5G
149
-71 / -70
xx:xx:xx:xx:xx:xx Unclassified Alert
wlan12
WEP/WPA
802.11n5G
149
-71 / -71

Related Commands

config rogue adhoc

config rogue ap classify
config rogue ap friendly
config rogue ap rldp
config rogue ap timeout
config rogue ap valid-client
config rogue client
config trapflags rogueap
show rogue ap clients
show rogue ap detailed
show rogue ap friendly summary
show rogue ap malicious summary
show rogue ap unclassified summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

801

show Commands

show rogue client detailed

show rogue client summary
show rogue ignore-list
show rogue rule detailed
show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

802

OL-31334-01

show Commands

show rogue ap friendly summary

To display a list of the friendly rogue access points detected by the controller, use the show rogue ap friendly
summary command.
show rogue ap friendly summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of all friendly rogue access points:
(Cisco Controller) > show rogue ap friendly summary

Number of APs.................................... 1
MAC Address
State
# APs # Clients Last Heard
----------------- ------------------ ----- ----------------------------------XX:XX:XX:XX:XX:XX Internal
1
0 Tue Nov 27 13:52:04 2007

Related Commands

config rogue adhoc

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

803

show Commands

show rogue client summary

show rogue ignore-list
show rogue rule detailed
show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

804

OL-31334-01

show Commands

show rogue ap malicious summary

To display a list of the malicious rogue access points detected by the controller, use the show rogue ap
malicious summary command.
show rogue ap malicious summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of all malicious rogue access points:
(Cisco Controller) > show rogue ap malicious summary

Number of APs.................................... 2
MAC Address
State
# APs # Clients Last Heard
----------------- ------------------ ----- ----------------------------------XX:XX:XX:XX:XX:XX Alert
1
0 Tue Nov 27 13:52:04 2007
XX:XX:XX:XX:XX:XX Alert
1
0 Tue Nov 27 13:52:04 2007

Related Commands

config rogue adhoc

config rogue ap classify
config rogue ap friendly
config rogue ap rldp
config rogue ap timeout
config rogue ap valid-client
config rogue client
config trapflags rogueap
show rogue ap clients
show rogue ap detailed
show rogue ap summary
show rogue ap friendly summary
show rogue ap unclassified summary
show rogue client detailed

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

805

show Commands

show rogue client summary

show rogue ignore-list
show rogue rule detailed
show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

806

OL-31334-01

show Commands

show rogue ap unclassified summary

To display a list of the unclassified rogue access points detected by the controller, use the show rogue ap
unclassified summary command.
show rogue ap unclassified summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a list of all unclassified rogue access points:
(Cisco Controller) > show rogue ap unclassified summary
Number of APs.................................... 164
MAC Address
State # APs # Clients Last Heard
----------------- ------------- ----- --------- --------------XX:XX:XX:XX:XX:XX Alert
1
0
Fri Nov 30 11:12:52 2007
XX:XX:XX:XX:XX:XX Alert
1
0
Fri Nov 30 11:29:01 2007
XX:XX:XX:XX:XX:XX Alert
1
0
Fri Nov 30 11:26:23 2007
XX:XX:XX:XX:XX:XX Alert
1
0
Fri Nov 30 11:26:23 2007

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

807

show Commands

show rogue auto-contain

To display information about rogue auto-containment, use the show rogue auto-contain command.
show rogue auto-contain

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display information about rogue auto-containment:
(Cisco Controller) > show rogue auto-contain

Containment Level................................ 3
monitor_ap_only.................................. false

Related Commands

config rogue adhoc

config rogue auto-contain level

Cisco Wireless LAN Controller Command Reference, Release 8.0

808

OL-31334-01

show Commands

show rogue client detailed

To display details of a rogue client detected by a Cisco wireless LAN controller, use the show rogue client
detailed command.
show rogue client detailed MAC_address

Syntax Description

Command Default

Command History

Examples

MAC_address

Rogue client MAC address.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display detailed information for a rogue client:
(Cisco Controller) > show rogue client detailed xx:xx:xx:xx:xx:xx
Rogue BSSID...................................... 00:0b:85:23:ea:d1
State............................................ Alert
First Time Rogue was Reported.................... Mon Dec 3 21:50:36 2007
Last Time Rogue was Reported..................... Mon Dec 3 21:50:36 2007
Rogue Client IP address.......................... Not known
Reported By
AP 1
MAC Address.............................. 00:15:c7:82:b6:b0
Name..................................... AP0016.47b2.31ea
Radio Type............................... 802.11a
RSSI..................................... -71 dBm
SNR...................................... 23 dB
Channel.................................. 149
Last reported by this AP.............. Mon Dec 3 21:50:36 2007

Related Commands

show rogue client summary

show rogue ignore-list
config rogue rule client
config rogue rule

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

809

show Commands

show rogue client summary

To display a summary of the rogue clients detected by the Cisco wireless LAN controller, use the show rogue
client summary command.
show rogue client summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a list of all rogue clients:
(Cisco Controller) > show rogue client summary
Validate rogue clients against AAA............... Disabled
Total Rogue Clients supported.................... 2500
Total Rogue Clients present...................... 3
MAC Address
State
# APs Last Heard
----------------- ------------------ ----- ----------------------xx:xx:xx:xx:xx:xx Alert
1
Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert
1
Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert
1
Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert
1
Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert
1
Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert
1
Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert
1
Thu Aug 4 19:09:11 2005
xx:xx:xx:xx:xx:xx Alert
1
Thu Aug 4 19:03:11 2005
xx:xx:xx:xx:xx:xx Alert
1
Thu Aug 4 19:03:11 2005
xx:xx:xx:xx:xx:xx Alert
1
Thu Aug 4 19:09:11 2005
xx:xx:xx:xx:xx:xx Alert
1
Thu Aug 4 18:57:08 2005
xx:xx:xx:xx:xx:xx Alert
1
Thu Aug 4 19:12:08 2005

Related Commands

show rogue client detailed

show rogue ignore-list
config rogue client
config rogue rule

Cisco Wireless LAN Controller Command Reference, Release 8.0

810

OL-31334-01

show Commands

show rogue ignore-list

To display a list of rogue access points that are configured to be ignored, use the show rogue ignore-list
command.
show rogue ignore-list

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a list of all rogue access points that are configured to be ignored.
(Cisco Controller) > show rogue ignore-list

MAC Address
----------------xx:xx:xx:xx:xx:xx

Related Commands

config rogue adhoc

config rogue ap classify
config rogue ap friendly
config rogue ap rldp
config rogue ap ssid
config rogue ap timeout
config rogue ap valid-client
config rogue rule
config trapflags rogueap
show rogue client detailed
show rogue ignore-list
show rogue rule summary
show rogue client summary
show rogue ap unclassified summary
show rogue ap malicious summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

811

show Commands

show rogue ap friendly summary

config rogue client
show rogue ap summary
show rogue ap clients
show rogue ap detailed
config rogue rule

Cisco Wireless LAN Controller Command Reference, Release 8.0

812

OL-31334-01

show Commands

show rogue rule detailed

To display detailed information for a specific rogue classification rule, use the show rogue rule detailed
command.
show rogue rule detailed rule_name

Syntax Description

Command Default

Command History

Examples

rule_name

Rogue rule name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display detailed information on a specific rogue classification rule:
(Cisco Controller) > show rogue rule detailed Rule2
Priority......................................... 2
Rule Name........................................ Rule2
State............................................ Enabled
Type............................................. Malicious
Severity Score................................... 1
Class Name....................................... Very_Malicious
Notify........................................... All
State ........................................... Contain
Match Operation.................................. Any
Hit Count........................................ 352
Total Conditions................................. 2
Condition 1
type......................................... Client-count
value........................................ 10
Condition 2
type......................................... Duration
value (seconds).............................. 2000
Condition 3
type......................................... Managed-ssid
value........................................ Enabled
Condition 4
type......................................... No-encryption
value........................................ Enabled
Condition 5
type......................................... Rssi
value (dBm).................................. -50
Condition 6
type......................................... Ssid
SSID Count................................... 1
SSID 1.................................... test

Related Commands

config rogue rule

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

813

show Commands

show rogue ignore-list

show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

814

OL-31334-01

show Commands

show rogue rule summary

To display the rogue classification rules that are configured on the controller, use the show rogue rule
summary command.
show rogue rule summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a list of all rogue rules that are configured on the controller:
(Cisco Controller) > show rogue rule summary

Priority
-------1
2

Rule Name
----------------------mtest
asdfasdf

State
-------Enabled
Enabled

Type
------------Malicious
Malicious

Match
----All
All

Hit Count
--------0
0

The following example shows how to display a list of all rogue rules that are configured on the controller:
(Cisco Controller) > show rogue rule summary

Priority
Rule Name
Rule state Class Type
Notify
State
Match Hit Count
-------- -------------------------------- ----------- ----------- --------------- ------ --------1
rule2
Enabled
Friendly
Global
Alert
All
234
2
rule1
Enabled
Custom
Global
Alert
All
0

Related Commands

config rogue rule

show rogue ignore-list
show rogue rule detailed

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

815

show Commands

show tacacs acct statistics

To display detailed radio frequency identification (RFID) information for a specified tag, use the show tacacs
acct statistics command.
show tacacs acct statistics

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display detailed RFID information:

(Cisco Controller) > show tacacs acct statistics

Accounting Servers:
Server Index.....................................
Server Address...................................
Msg Round Trip Time..............................
First Requests...................................
Retry Requests...................................
Accounting Response..............................
Accounting Request Success.......................
Accounting Request Failure.......................
Malformed Msgs...................................
Bad Authenticator Msgs...........................
Pending Requests.................................
Timeout Requests.................................
Unknowntype Msgs.................................
Other Drops......................................

Related Commands

1
10.0.0.0
0 (1/100 second)
1
0
0
0
0
0
0
-1
1
0
0

config tacacs acct

config tacacs athr
config tacacs auth
show tacacs summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

816

OL-31334-01

show Commands

show tacacs athr statistics

To display TACACS+ server authorization statistics, use the show tacacs athr statistics command.
show tacacs athr statistics

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display TACACS server authorization statistics:
(Cisco Controller) > show tacacs athr statistics

Authorization Servers:
Server Index.....................................
Server Address...................................
Msg Round Trip Time..............................
First Requests...................................
Retry Requests...................................
Received Responses...............................
Authorization Success............................
Authorization Failure............................
Challenge Responses..............................
Malformed Msgs...................................
Bad Authenticator Msgs...........................
Pending Requests.................................
Timeout Requests.................................
Unknowntype Msgs.................................
Other Drops......................................

Related Commands

3
10.0.0.3
0 (1/100 second)
0
0
0
0
0
0
0
0
0
0
0
0

config tacacs acct

config tacacs athr
config tacacs auth
show tacacs auth statistics
show tacacs summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

817

show Commands

show tacacs auth statistics

To display TACACS+ server authentication statistics, use the show tacacs auth statistics command.
show tacacs auth statistics

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display TACACS server authentication statistics:
(Cisco Controller) > show tacacs auth statistics

Authentication Servers:
Server Index.....................................
Server Address...................................
Msg Round Trip Time..............................
First Requests...................................
Retry Requests...................................
Accept Responses.................................
Reject Responses.................................
Error Responses..................................
Restart Responses................................
Follow Responses.................................
GetData Responses................................
Encrypt no secret Responses......................
Challenge Responses..............................
Malformed Msgs...................................
Bad Authenticator Msgs...........................
Pending Requests.................................
Timeout Requests.................................
Unknowntype Msgs.................................
Other Drops......................................

Related Commands

2
10.0.0.2
0 (msec)
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

config tacacs acct

config tacacs athr
config tacacs auth
show tacacs summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

818

OL-31334-01

show Commands

show tacacs summary

To display TACACS+ server summary information, use the show tacacs summary command.
show tacacs summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display TACACS server summary information:
(Cisco Controller) > show tacacs summary

Authentication Servers
Idx Server Address
--- ---------------2
10.0.0.1
Accounting Servers
Idx Server Address
--- ---------------1
10.0.0.0
Authorization Servers
Idx Server Address
--- ---------------3
10.0.0.3
Idx Server Address
--- ---------------4
2001:9:6:40::623
...

Related Commands

Port
-----49

State
-------Enabled

Tout
---30

Port
-----49

State
-------Enabled

Tout
---5

Port
-----49
Port
-----49

State
-------Enabled
State
-------Enabled

Tout
---5
Tout
---5

config tacacs acct

config tacacs athr
config tacacs auth
show tacacs summary
show tacacs athr statistics
show tacacs auth statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

819

show Commands

show wps ap-authentication summary

To display the access point neighbor authentication configuration on the controller, use the show wps
ap-authentication summary command.
show wps ap-authentication summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of the Wireless Protection System (WPS) access
point neighbor authentication:
(Cisco Controller) > show wps ap-authentication summary

AP neighbor authentication is <disabled>.

Authentication alarm threshold is 1.
RF-Network Name: <B1>

Related Commands

config wps ap-authentication

Cisco Wireless LAN Controller Command Reference, Release 8.0

820

OL-31334-01

show Commands

show wps cids-sensor

To display Intrusion Detection System (IDS) sensor summary information or detailed information on a specified
Wireless Protection System (WPS) IDS sensor, use the show wps cids-sensor command.
show wps cids-sensor {summary | detail index}

Syntax Description

Command Default

Command History

Examples

summary

Displays a summary of sensor settings.

detail

Displays all settings for the selected sensor.

index

IDS sensor identifier.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display all settings for the selected sensor:
(Cisco Controller) > show wps cids-sensor detail1

IP Address.......................................
Port.............................................
Query Interval...................................
Username.........................................
Cert Fingerprint.................................
00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00
Query State......................................
Last Query Result................................
Number of Queries Sent...........................

Related Commands

10.0.0.51
443
60
Sensor_user1
SHA1:
Disabled
Unknown
0

config wps ap-authentication

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

821

show Commands

show wps mfp

To display Management Frame Protection (MFP) information, use the show wps mfp command.
show wps mfp {summary | statistics}

Syntax Description

Command Default

Command History

Examples

summary

Displays the MFP configuration and status.

statistics

Displays MFP statistics.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of the MFP configuration and status:
(Cisco Controller) > show wps mfp summary

Global Infrastructure MFP state.................. DISABLED (*all

infrastructure
settings are overridden)
Controller Time Source Valid..................... False
WLAN
Infra.
Client
WLAN ID WLAN Name
Status
Protection Protection
------- ------------------------- --------- ---------- ---------1
homeap
Disabled
*Enabled
Optional but
inactive
(WPA2 not configured)
2
7921
Enabled
*Enabled
Optional but
inactive
(WPA2 not configured)
3
open1
Enabled
*Enabled
Optional but
inactive
(WPA2 not configured)
4
7920
Enabled
*Enabled
Optional but
inactive
(WPA2 not configured)
Infra.
Operational
--Infra.
Capability-AP Name
Validation Radio State
Protection
Validation
-------------------- ---------- ----- -------------- ------------------AP1252AG-EW
*Enabled
b/g
Down
Full
Full
a

Down

Full

Cisco Wireless LAN Controller Command Reference, Release 8.0

822

OL-31334-01

show Commands

The following example shows how to display the MFP statistics:

(Cisco Controller) > show wps mfp statistics

BSSID
Radio Validator AP
Last Source Addr Found
Error Type
Count
Frame Types
----------------- ----- -------------------- ----------------- ------------------ ---------- ----------no errors

Related Commands

config wps mfp

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

823

show Commands

show wps shun-list

To display the Intrusion Detection System (IDS) sensor shun list, use the show wps shun-list command.
show wps shun-list

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the IDS system sensor shun list:
(Cisco Controller) > show wps shun-list

Related Commands

config wps shun-list re-sync

Cisco Wireless LAN Controller Command Reference, Release 8.0

824

OL-31334-01

show Commands

show wps signature detail

To display installed signatures, use the show wps signature detail command.
show wps signature detail sig-id

Syntax Description

Command Default

Command History

Examples

sig-id

Signature ID of an installed signature.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

This example shows how to display information on the attacks detected by standard signature 1:
(Cisco Controller) > show wps signature detail 1
Signature-ID.....................................
Precedence.......................................
Signature Name...................................
Type.............................................
FrameType........................................
State............................................
Action...........................................
Tracking.........................................
Signature Frequency..............................
Signature Mac Frequency..........................
Interval.........................................
Quiet Time.......................................
Description......................................
Patterns:
0(Header):0x0:0x0
4(Header):0x0:0x0

Related Commands

1
1
Bcast deauth
standard
management
enabled
report
per Signature and Mac
500 pkts/interval
300 pkts/interval
10 sec
300 sec
Broadcast Deauthentication Frame

config wps signature

config wps signature frequency
config wps signature mac-frequency
config wps signature interval
config wps signature quiet-time
config wps signature reset
show wps signature events
show wps signature summary
show wps summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

825

show Commands

show wps signature events

To display more information about the attacks detected by a particular standard or custom signature, use the
show wps signature events command.
show wps signature events {summary | {standard | custom} precedenceID {summary | detailed}

Syntax Description

Command Default

Command History

Examples

summary

Displays all tracking signature summary information.

standard

Displays Standard Intrusion Detection System (IDS)

signature settings.

custom

Displays custom IDS signature settings.

precedenceID

Signature precedence identification value.

detailed

Displays tracking source MAC address details.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the number of attacks detected by all enabled signatures:
(Cisco Controller) > show wps signature events summary

Precedence
---------1
2

Signature Name
-------------------Bcast deauth
NULL probe resp 1

Type
-------Standard
Standard

# Events
-------2
1

This example shows how to display a summary of information on the attacks detected by standard signature
1:
(Cisco Controller) > show wps signature events standard 1 summary

Precedence....................................... 1
Signature Name................................... Bcast deauth
Type............................................. Standard
Number of active events.......................... 2
Source MAC Addr
Track Method
Frequency # APs Last Heard
----------------- -------------- --------- ----- -----------------------00:a0:f8:58:60:dd Per Signature 50
1
Wed Oct 25 15:03:05
2006

Cisco Wireless LAN Controller Command Reference, Release 8.0

826

OL-31334-01

show Commands

00:a0:f8:58:60:dd
2006

Related Commands

Per Mac

Wed Oct 25 15:02:53

config wps signature frequency

config wps signature mac-frequency
config wps signature interval
config wps signature quiet-time
config wps signature reset
config wps signature
show wps signature summary
show wps summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

827

show Commands

show wps signature summary

To see individual summaries of all of the standard and custom signatures installed on the controller, use the
show wps signature summary command.
show wps signature summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of all of the standard and custom signatures:
(Cisco Controller) > show wps signature summary

Signature-ID.....................................
Precedence.......................................
Signature Name...................................
Type.............................................
FrameType........................................
State............................................
Action...........................................
Tracking.........................................
Signature Frequency..............................
Signature Mac Frequency..........................
Interval.........................................
Quiet Time.......................................
Description......................................
Deauthentication Frame
Patterns:
0(Header):0x00c0:0x00ff
4(Header):0x01:0x01
...

Related Commands

1
1
Bcast deauth
standard
management
enabled
report
per Signature and Mac
50 pkts/interval
30 pkts/interval
1 sec
300 sec
Broadcast

config wps signature frequency

config wps signature interval
config wps signature quiet-time
config wps signature reset
show wps signature events
show wps summary
config wps signature mac-frequency

Cisco Wireless LAN Controller Command Reference, Release 8.0

828

OL-31334-01

show Commands

config wps signature

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

829

show Commands

show wps summary

To display Wireless Protection System (WPS) summary information, use the show wps summary command.
show wps summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display WPS summary information:

(Cisco Controller) > show wps summary

Auto-Immune
Auto-Immune....................................
Client Exclusion Policy
Excessive 802.11-association failures..........
Excessive 802.11-authentication failures.......
Excessive 802.1x-authentication................
IP-theft.......................................
Excessive Web authentication failure...........
Trusted AP Policy
Management Frame Protection....................
Mis-configured AP Action.......................
Enforced encryption policy...................
Enforced preamble policy.....................
Enforced radio type policy...................
Validate SSID................................
Alert if Trusted AP is missing.................
Trusted AP timeout.............................
Untrusted AP Policy
Rogue Location Discovery Protocol..............
RLDP Action..................................
Rogue APs
Rogues AP advertising my SSID................
Detect and report Ad-Hoc Networks............
Rogue Clients
Validate rogue clients against AAA...........
Detect trusted clients on rogue APs..........
Rogue AP timeout...............................
Signature Policy
Signature Processing...........................
...

Disabled
Enabled
Enabled
Enabled
Enabled
Enabled
Disabled
Alarm Only
none
none
none
Disabled
Disabled
120
Disabled
Alarm Only
Alarm Only
Enabled
Enabled
Alarm Only
1300
Enabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

830

OL-31334-01

show Commands

Related Commands

config wps signature frequency

config wps signature interval
config wps signature quiet-time
config wps signature reset
show wps signature events
show wps signature mac-frequency
show wps summary
config wps signature
config wps signature interval

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

831

show Commands

show wps wips statistics

To display the current state of the Cisco Wireless Intrusion Prevention System (wIPS) operation on the
controller, use the show wps wips statistics command.
show wps wips statistics

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the statistics of the wIPS operation:
(Cisco Controller) > show wps wips statistics

Policy Assignment Requests............

Policy Assignment Responses...........
Policy Update Requests................
Policy Update Responses...............
Policy Delete Requests................
Policy Delete Responses...............
Alarm Updates.........................
Device Updates........................
Device Update Requests................
Device Update Responses...............
Forensic Updates......................
Invalid WIPS Payloads.................
Invalid Messages Received.............
NMSP Transmitted Packets..............
NMSP Transmit Packets Dropped.........
NMSP Largest Packet...................

Related Commands

1
1
0
0
0
0
13572
8376
0
0
1001
0
0
22950
0
1377

config 802.11 enable

config ap mode
config ap monitor-mode
show ap config
show ap monitor-mode summary
show wps wips summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

832

OL-31334-01

show Commands

show wps wips summary

To display the adaptive Cisco Wireless Intrusion Prevention System (wIPS) configuration that the Wireless
Control System (WCS) forwards to the controller, use the show wps wips summary command.
show wps wips summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of the wIPS configuration:
(Cisco Controller) > show wps wips summary

Policy Name...................................... Default

Policy Version................................... 3

Related Commands

config 802.11 enable

config ap mode
config ap monitor-mode
show ap config
show ap monitor-mode summary
show wps wips statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

833

config Commands

config Commands
This section lists the config commands to configure security settings for the controller.

Cisco Wireless LAN Controller Command Reference, Release 8.0

834

OL-31334-01

config Commands

config 802.11b preamble

To change the 802.11b preamble as defined in subclause 18.2.2.2 to long (slower, but more reliable) or short
(faster, but less reliable), use the config 802.11b preamble command.
config 802.11b preamble {long | short}

Syntax Description

Command Default

Command History

long

Specifies the long 802.11b preamble.

short

Specifies the short 802.11b preamble.

The default 802.11b preamble value is short.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines
Note

You must reboot the Cisco Wireless LAN Controller (reset system) with save to implement this command.
This parameter must be set to long to optimize this Cisco wireless LAN controller for some clients, including
SpectraLink NetLink telephones.
This command can be used any time that the CLI interface is active.

Examples

The following example shows how to change the 802.11b preamble to short:
(Cisco Controller) > config 802.11b preamble short
(Cisco Controller) > (reset system with save)

Related Commands

show 802.11b

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

835

config Commands

config aaa auth

To configure the AAA authentication search order for management users, use the config aaa auth command.
config aaa auth mgmt [aaa_server_type1 | aaa_server_type2]

Syntax Description

Command Default

Command History

mgmt

Configures the AAA authentication search order for

controller management users by specifying up to three
AAA authentication server types. The order that the
server types are entered specifies the AAA
authentication search order.

aaa_server_type

(Optional) AAA authentication server type (local,

radius, or tacacs). The local setting specifies the local
database, the radius setting specifies the RADIUS
server, and the tacacs setting specifies the TACACS+
server.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

You can enter two AAA server types as long as one of the server types is local. You cannot enter radius and
tacacs together.

Examples

The following example shows how to configure the AAA authentication search order for controller management
users by the authentication server type local:
(Cisco Controller) > config aaa auth radius local

Related Commands

show aaa auth

Cisco Wireless LAN Controller Command Reference, Release 8.0

836

OL-31334-01

config Commands

config aaa auth mgmt

To configure the order of authentication when multiple databases are configured, use the config aaa auth
mgmt command.
config aaa auth mgmt [radius | tacacs]

Syntax Description

Command Default

Command History

Examples

radius

(Optional) Configures the order of authentication for

RADIUS servers.

tacacs

(Optional) Configures the order of authentication for

TACACS servers.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the order of authentication for the RADIUS server:
(Cisco Controller) > config aaa auth mgmt radius

The following example shows how to configure the order of authentication for the TACACS server:
(Cisco Controller) > config aaa auth mgmt tacacs

Related Commands

show aaa auth order

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

837

config Commands

config acl apply

To apply an access control list (ACL) to the data path, use the config acl apply command.
config acl apply rule_name

Syntax Description

Command Default

Command History

rule_name

ACL name that contains up to 32 alphanumeric

characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Examples

The following example shows how to apply an ACL to the data path:
(Cisco Controller) > config acl apply acl01

Related Commands

show acl

Cisco Wireless LAN Controller Command Reference, Release 8.0

838

OL-31334-01

config Commands

config acl counter

To see if packets are hitting any of the access control lists (ACLs) configured on your controller, use the
config acl counter command.
config acl counter {start | stop}

Syntax Description

Command Default

Command History

start

Enables ACL counters on your controller.

stop

Disables ACL counters on your controller.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

ACL counters are available only on the following controllers: 4400 series, Cisco WiSM, and Catalyst 3750G
Integrated Wireless LAN Controller Switch.

Examples

The following example shows how to enable ACL counters on your controller:
(Cisco Controller) > config acl counter start

Related Commands

clear acl counters

show acl detailed

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

839

config Commands

config acl create

To create a new access control list (ACL), use the config acl create command.
config acl create rule_name

Syntax Description

Command Default

Command History

rule_name

ACL name that contains up to 32 alphanumeric

characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Examples

The following example shows how to create a new ACL:

(Cisco Controller) > config acl create acl01

Related Commands

show acl

Cisco Wireless LAN Controller Command Reference, Release 8.0

840

OL-31334-01

config Commands

config acl cpu

To create a new access control list (ACL) rule that restricts the traffic reaching the CPU, use the config acl
cpu command.
config acl cpu rule_name {wired | wireless | both}

Syntax Description

Command Default

Command History

rule_name

Specifies the ACL name.

wired

Specifies an ACL on wired traffic.

wireless

Specifies an ACL on wireless traffic.

both

Specifies an ACL on both wired and wireless traffic.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

This command allows you to control the type of packets reaching the CPU.

Examples

The following example shows how to create an ACL named acl101 on the CPU and apply it to wired traffic:
(Cisco Controller) > config acl cpu acl01 wired

Related Commands

show acl cpu

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

841

config Commands

config acl delete

To delete an access control list (ACL), use the config acl delete command.
config acl delete rule_name

Syntax Description

Command Default

Command History

rule_name

ACL name that contains up to 32 alphanumeric

characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Examples

The following example shows how to delete an ACL named acl101 on the CPU:
(Cisco Controller) > config acl delete acl01

Related Commands

show acl

Cisco Wireless LAN Controller Command Reference, Release 8.0

842

OL-31334-01

config Commands

config acl layer2

To configure a Layer 2 access control list (ACL), use the config acl layer2 command.
config acl layer2 {apply acl_name | create acl_name | delete acl_name | rule {action acl_name index
{permit | deny} | add acl_name index | change index acl_name old_index new_index | delete acl_name
index | etherType acl_name index etherType etherTypeMask | swap index acl_name index1 index2}}

Syntax Description

apply

Applies a Layer 2 ACL to the data path.

acl_name

Layer 2 ACL name. The name can be up to 32

alphanumeric characters.

create

Creates a Layer 2 ACL.

delete

Deletes a Layer 2 ACL.

rule

Configures a Layer 2 ACL rule.

action

Configures the action for the Layer 2 ACL rule.

index

Index of the Layer 2 ACL rule.

permit

Permits rule action.

deny

Denies rule action.

add

Creates a Layer 2 ACL rule.

change index

Changes the index of the Layer 2 ACL rule.

old_index

Old index of the Layer 2 ACL rule.

new_index

New index of the Layer 2 ACL rule.

delete

Deletes a Layer 2 ACL rule.

etherType

Configures the EtherType of a Layer 2 ACL rule.

etherType

EtherType of a Layer 2 ACL rule. EtherType is used

to indicate the protocol that is encapsulated in the
payload of an Ethernet frame. The range is a
hexadecimal value from 0x0 to 0xffff.

etherTypeMask

Netmask of the EtherType. The range is a hexadecimal

value from 0x0 to 0xffff.

swap index

Swaps the index values of two rules.

index1 index2

Index values of two Layer 2 ACL rules.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

843

config Commands

Command Default

Command History

Usage Guidelines

The Cisco WLC does not have any Layer2 ACLs.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Release

Modification

7.5

This command was introduced.

You can create a maximum of 16 rules for a Layer 2 ACL.

You can create a maximum of 64 Layer 2 ACLs on a Cisco WLC.
A maximum of 16 Layer 2 ACLs are supported per access point because an access point supports a maximum
of 16 WLANs.
Ensure that the Layer 2 ACL names do not conflict with the FlexConnect ACL names because an access point
does not support the same Layer 2 and Layer 3 ACL names.

Examples

The following example shows how to apply a Layer 2 ACL:

(Cisco Controller) >config acl layer2 apply acl_l2_1

Cisco Wireless LAN Controller Command Reference, Release 8.0

844

OL-31334-01

config Commands

config acl rule

To configure ACL rules, use the config acl rule command.
config acl rule {action rule_name rule_index {permit | deny} | add rule_name rule_index | change index
rule_name old_index new_index | delete rule_name rule_index | destination address rule_name rule_index
ip_address netmask | destination port range rule_name rule_index start_port end_port | direction rule_name
rule_index {in | out | any} | dscp rule_name rule_index dscp | protocol rule_name rule_index protocol |
source address rule_name rule_index ip_address netmask | source port range rule_name rule_index
start_port end_port | swap index rule_name index_1 index_2}

Syntax Description

action

Configures whether to permit or deny access.

rule_name

ACL name that contains up to 32 alphanumeric

characters.

rule_index

Rule index between 1 and 32.

permit

Permits the rule action.

deny

Denies the rule action.

add

Adds a new rule.

change

Changes a rules index.

index

Specifies a rule index.

delete

Deletes a rule.

destination address

Configures a rules destination IP address and

netmask.

destination port range

Configure a rule's destination port range.

ip_address

IP address of the rule.

netmask

Netmask of the rule.

start_port

Start port number (between 0 and 65535).

end_port

End port number (between 0 and 65535).

direction

Configures a rules direction to in, out, or any.

Configures a rules direction to in.

out

Configures a rules direction to out.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

845

config Commands

Command Default

Command History

any

Configures a rules direction to any.

dscp

Configures a rules DSCP.

dscp

Number between 0 and 63, or any.

protocol

Configures a rules DSCP.

protocol

Number between 0 and 255, or any.

source address

Configures a rules source IP address and netmask.

source port range

Configures a rules source port range.

swap

Swaps two rules indices.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

For a Cisco 2100 Series Wireless LAN Controller, you must configure a preauthentication ACL on the wireless
LAN for the external web server. This ACL should then be set as a wireless LAN pre-authentication ACL
under Web Policy. However, you do not need to configure any preauthentication ACL for Cisco 4400 Series
Wireless LAN Controllers.

Examples

The following example shows how to configure an ACL to permit access:

(Cisco Controller) > config acl rule action lab1 4 permit

Related Commands

show acl

Cisco Wireless LAN Controller Command Reference, Release 8.0

846

OL-31334-01

config Commands

config acl url-domain

To add or delete an URL domain for the access control list, use the config acl url-domain command.
config acl url-domain{add| delete} domain_name acl_name

Syntax Description

Command Default

Command History

Examples

domain_name

URL domain name for the access control list

acl_name

Name of the access control list.

None

Release

Modification

7.6

This command was introduced.

The following example shows how to add a new URL domain for the access control list:
(Cisco Controller) > config acl url-domain add cisco.com android

The following example shows how to delete an existing URL domain from the access control list:
(Cisco Controller) > config acl url-domain delete play.google.com android

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

847

config Commands

config auth-list add

To create an authorized access point entry, use the config auth-list add command.
config auth-list add {mic | ssc} AP_MAC [AP_key]

Syntax Description

Command Default

Command History

Examples

mic

Specifies that the access point has a

manufacture-installed certificate.

ssc

Specifies that the access point has a self-signed

certificate.

AP_MAC

MAC address of a Cisco lightweight access point.

AP_key

(Optional) Key hash value that is equal to 20 bytes or

40 digits.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to create an authorized access point entry with a manufacturer-installed
certificate on MAC address 00:0b:85:02:0d:20:
(Cisco Controller) > config auth-list add 00:0b:85:02:0d:20

Related Commands

config auth-list delete

config auth-list ap-policy

Cisco Wireless LAN Controller Command Reference, Release 8.0

848

OL-31334-01

config Commands

config auth-list ap-policy

To configure an access point authorization policy, use the config auth-list ap-policy command.
config auth-list ap-policy {authorize-ap {enable | disable} | ssc {enable | disable}}

Syntax Description

Command Default

Command History

Examples

authorize-ap enable

Enables the authorization policy.

authorize-ap disable

Disables the AP authorization policy.

ssc enable

Allows the APs with self-signed certificates to

connect.

ssc disable

Disallows the APs with self-signed certificates to

connect.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable an access point authorization policy:
(Cisco Controller) > config auth-list ap-policy authorize-ap enable

The following example shows how to enable an access point with a self-signed certificate to connect:
(Cisco Controller) > config auth-list ap-policy ssc disable

Related Commands

config auth-list delete

config auth-list add

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

849

config Commands

config auth-list delete

To delete an access point entry, use the config auth-list delete command.
config auth-list delete AP_MAC

Syntax Description

Command Default

Command History

Examples

AP_MAC

MAC address of a Cisco lightweight access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to delete an access point entry for MAC address 00:1f:ca:cf:b6:60:
(Cisco Controller) > config auth-list delete 00:1f:ca:cf:b6:60

Related Commands

config auth-list delete

config auth-list add
config auth-list ap-policy

Cisco Wireless LAN Controller Command Reference, Release 8.0

850

OL-31334-01

config Commands

config advanced eap

To configure advanced extensible authentication protocol (EAP) settings, use the config advanced eap
command.
config advanced eap {bcast-key-interval seconds | eapol-key-timeout timeout | eapol-key-retries retries
| identity-request-timeout timeout | identity-request-retries retries | key-index index |
max-login-ignore-identity-response {enable | disable} request-timeout timeout | request-retries retries}

Syntax Description

bcast-key-interval seconds

Specifies the EAP-broadcast key renew interval time

in seconds.
The range is from 120 to 86400 seconds.

eapol-key-timeout timeout

Specifies the amount of time (200 to 5000

milliseconds) that the controller waits before
retransmitting an EAPOL (WPA) key message to a
wireless client using EAP or WPA/WPA-2 PSK.
The default value is 1000 milliseconds.

eapol-key-retries retries

Specifies the maximum number of times (0 to 4

retries) that the controller retransmits an EAPOL
(WPA) key message to a wireless client.
The default value is 2.

identity-request- timeout timeout

Specifies the amount of time (1 to 120 seconds) that

the controller waits before retransmitting an EAP
Identity Request message to a wireless client.
The default value is 30 seconds.

identity-request- retries

Specifies the maximum number of times (0 to 4

retries) that the controller retransmits an EAPOL
(WPA) key message to a wireless client.
The default value is 2.

key-index index

Specifies the key index (0 or 3) used for dynamic

wired equivalent privacy (WEP).

max-login-ignore- identity-response

When enabled, this command ignores the limit set for

the number of devices that can be connected to the
controller with the same username using
802.1xauthentication. When disabled, this command
limits the number of devices that can be connected to
the controller with the same username. This option is
not applicable for Web auth user.
Use the command config netuser maxUserLogin to
set the limit of maximum number of devices per same
username

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

851

config Commands

enable

Ignores the same username reaching the maximum

EAP identity response.

disable

Checks the same username reaching the maximum

EAP identity response.

request-timeout

For EAP messages other than Identity Requests or

EAPOL (WPA) key messages, specifies the amount
of time (1 to 120 seconds) that the controller waits
before retransmitting the message to a wireless client.
The default value is 30 seconds.

request-retries

(Optional) For EAP messages other than Identity

Requests or EAPOL (WPA) key messages, specifies
the maximum number of times (0 to 20 retries) that
the controller retransmits the message to a wireless
client.
The default value is 2.

Command Default

The default value for eapol-key-timeout: 1 second.

The default value for eapol-key-retries: 2 retries.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the key index used for dynamic wired equivalent privacy
(WEP):
(Cisco Controller) > config advanced eap key-index 0

Related Commands

show advanced eap

Cisco Wireless LAN Controller Command Reference, Release 8.0

852

OL-31334-01

config Commands

config advanced timers auth-timeout

To configure the authentication timeout, use the config advanced timers auth-timeout command.
config advanced timers auth-timeout seconds

Syntax Description

Command Default

Command History

Examples

seconds

Authentication response timeout value in seconds between 10 and 600.

The default authentication timeout value is 10 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the authentication timeout to 20 seconds:
(Cisco Controller) >config advanced timers auth-timeout 20

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

853

config Commands

config advanced timers eap-timeout

To configure the Extensible Authentication Protocol (EAP) expiration timeout, use the config advanced
timers eap-timeout command.
config advanced timers eap-timeout seconds

Syntax Description

Command Default

Command History

Examples

seconds

EAP timeout value in seconds between 8 and 120.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the EAP expiration timeout to 10 seconds:
(Cisco Controller) >config advanced timers eap-timeout 10

Cisco Wireless LAN Controller Command Reference, Release 8.0

854

OL-31334-01

config Commands

config advanced timers eap-identity-request-delay

To configure the advanced Extensible Authentication Protocol (EAP) identity request delay in seconds, use
the config advanced timers eap-identity-request-delay command.
config advanced timers eap-identity-request-delay seconds

Syntax Description

Command Default

Command History

Examples

seconds

Advanced EAP identity request delay in number of seconds

between 0 and 10.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the advanced EAP identity request delay to 8 seconds:
(Cisco Controller) >config advanced timers eap-identity-request-delay 8

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

855

config Commands

config cts sxp

To configure Cisco TrustSec SXP (CTS) connections on the controller, use the config cts sxp command.
config cts sxp {enable | disable | connection {delete | peer} | default password password | retry period
time-in-seconds}

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables CTS connections on the controller.

disable

Disables CTS connections on the controller.

connection

Configures CTS connection on the controller.

delete

Deletes the CTS connection on the controller.

peer

Configures the next hop switch with which the

controller is connected.

ip-address

Only IPv4 address of the peer.

default password

Configures the default password for MD5

authentication of SXP messages.

password

Default password for MD5 Authentication of SXP

messages. The password should contain a minimum
of six characters.

retry period

Configures the SXP retry period.

time-in-seconds

Time after which a CTS connection should be again

tried for after a failure to connect.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

For release 8.0, only IPv4 is supported for TrustSec SXP configuration.

Cisco Wireless LAN Controller Command Reference, Release 8.0

856

OL-31334-01

config Commands

Examples

The following example shows how to enable CTS on the controller:

(Cisco Controller) > config cts sxp enable

The following example shows how to configure a peer for a CTS connection:
> config cts sxp connection peer 209.165.200.224

Related Commands

debug cts sxp

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

857

config Commands

config database size

To configure the local database, use the config database size command.
config database size count

Syntax Description

Command Default

Command History

count

Database size value between 512 and 2040

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Use the show database command to display local database configuration.

Examples

The following example shows how to configure the size of the local database:
(Cisco Controller) > config database size 1024

Related Commands

show database

Cisco Wireless LAN Controller Command Reference, Release 8.0

858

OL-31334-01

config Commands

config dhcp opt-82 format

To configure the DHCP option 82 format, use the config dhcp opt-82 format command.
config dhcp opt-82 format{binary | ascii}

Syntax Description

Command Default

Command History

Examples

binary

Specifies the DHCP option 82 format as binary.

ascii

Specifies the DHCP option 82 format as ASCII.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the format of DHCP option 82 payload:
(Cisco Controller) > config dhcp opt-82 format binary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

859

config Commands

config dhcp opt-82 remote-id

To configure the format of the DHCP option 82 payload, use the config dhcp opt-82 remote-id command.
config dhcp opt-82 remote-id {ap_mac | ap_mac:ssid | ap-ethmac | apname:ssid | ap-group-name |
flex-group-name | ap-location | apmac-vlan-id | apname-vlan-id | ap-ethmac-ssid}

Syntax Description

Command Default

Command History

ap_mac

Specifies the radio MAC address of the access point

to the DHCP option 82 payload.

ap_mac:ssid

Specifies the radio MAC address and SSID of the

access point to the DHCP option 82 payload.

ap-ethmac

Specifies the Ethernet MAC address of the access

point to the DHCP option 82 payload.

apname:ssid

Specifies the AP name and SSID of the access point

to the DHCP option 82 payload.

ap-group-name

Specifies the AP group name to the DHCP option 82

payload.

flex-group-name

Specifies the FlexConnect group name to the DHCP

option 82 payload.

ap-location

Specifies the AP location to the DHCP option 82

payload.

apmac-vlan-id

Specifies the radio MAC address of the access point

and the VLAN ID to the DHCP option 82 payload.

apname-vlan-id

Specifies the AP name and its VLAN ID to the DHCP

option 82 payload.

ap-ethmac-ssid

Specifies the Ethernet MAC address of the access

point and the SSID to the DHCP option 82 payload.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

860

OL-31334-01

config Commands

Examples

The following example shows how to configure the remote ID of DHCP option 82 payload:
(Cisco Controller) > config dhcp opt-82 remote-id apgroup1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

861

config Commands

config exclusionlist
To create or delete an exclusion list entry, use the config exclusionlist command.
config exclusionlist {add MAC [description] | delete MAC | description MAC [description]}

Syntax Description

Command Default

Command History

Examples

config exclusionlist

Configures the exclusion list.

add

Creates a local exclusion-list entry.

delete

Deletes a local exclusion-list entry

description

Specifies the description for an exclusion-list entry.

MAC

MAC address of the local Excluded entry.

description

(Optional) Description, up to 32 characters, for an

excluded entry.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to create a local exclusion list entry for the MAC address xx:xx:xx:xx:xx:xx:
(Cisco Controller) > config exclusionlist add xx:xx:xx:xx:xx:xx lab

The following example shows how to delete a local exclusion list entry for the MAC address xx:xx:xx:xx:xx:xx:
(Cisco Controller) > config exclusionlist delete xx:xx:xx:xx:xx:xx lab

Related Commands

show exclusionlist

Cisco Wireless LAN Controller Command Reference, Release 8.0

862

OL-31334-01

config Commands

Syntax Description

add

Specifies that an LDAP server is being added.

delete

Specifies that an LDAP server is being deleted.

enable

Specifies that an LDAP serve is enabled.

disable

Specifies that an LDAP server is disabled.

retransmit-timeout

Changes the default retransmit timeout for an LDAP

server.

retry

Configures the retry attempts for an LDAP server.

user

Configures the user search parameters.

security-mode

Configures the security mode.

simple-bind

Configures the local authentication bind method.

anonymous

Allows anonymous access to the LDAP server.

authenticated

Specifies that a username and password be entered to

secure access to the LDAP server.

index

LDAP server index. The range is from 1 to 17.

server_ip_address

IP address of the LDAP server.

port

Port number.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

863

config Commands

Command Default

Command History

user_base

Distinguished name for the subtree that contains all

of the users.

user_attr

Attribute that contains the username.

user_type

ObjectType that identifies the user.

secure

(Optional) Specifies that Transport Layer Security

(TLS) is used.

retransmit-timeout

Retransmit timeout for an LDAP server. The range is

from 2 to 30.

attempts

Number of attempts that each LDAP server is retried.

attr

Configures the attribute that contains the username.

base

Configures the distinguished name of the subtree that

contains all the users.

type

Configures the user type.

username

Username for the authenticated bind method.

password

Password for the authenticated bind method.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

7.6

The secure keyword was added to support secure

LDAP.

Usage Guidelines

When you enable secure LDAP, the controller does not validate the server certificate.

Examples

The following example shows how to enable LDAP server index 10:
(Cisco Controller) > config ldap enable 10

Related Commands

config ldap add

config ldap simple-bind

Cisco Wireless LAN Controller Command Reference, Release 8.0

864

OL-31334-01

config Commands

show ldap summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

865

config Commands

config local-auth active-timeout

To specify the amount of time in which the controller attempts to authenticate wireless clients using local
Extensible Authentication Protocol (EAP) after any pair of configured RADIUS servers fails, use the config
local-auth active-timeout command.
config local-auth active-timeout timeout

Syntax Description

Command Default

Command History

Examples

timeout

Timeout measured in seconds. The range is from 1 to

3600.

The default timeout value is 100 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to specify the active timeout to authenticate wireless clients using EAP
to 500 seconds:
(Cisco Controller) > config local-auth active-timeout 500

Related Commands

clear stats local-auth

config local-auth eap-profile
config local-auth method fast
config local-auth user-credentials
debug aaa local-auth
show local-auth certificates
show local-auth config
show local-auth statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

866

OL-31334-01

config Commands

config local-auth eap-profile

To configure local Extensible Authentication Protocol (EAP) authentication profiles, use the config local-auth
eap-profile command.
config local-auth eap-profile {[add | delete] profile_name | cert-issuer {cisco | vendor} | method method
local-cert {enable | disable} profile_name | method method client-cert {enable | disable} profile_name |
method method peer-verify ca-issuer {enable | disable} | method method peer-verify cn-verify{enable |
disable} | method method peer-verify date-valid {enable | disable}

Syntax Description

add

(Optional) Specifies that an EAP profile or method

is being added.

delete

(Optional) Specifies that an EAP profile or method

is being deleted.

profile_name

EAP profile name (up to 63 alphanumeric characters).

Do not include spaces within a profile name.

cert-issuer

(For use with EAP-TLS, PEAP, or EAP-FAST with

certificates) Specifies the issuer of the certificates that
will be sent to the client. The supported certificate
issuers are Cisco or a third-party vendor.

cisco

Specifies the Cisco certificate issuer.

vendor

Specifies the third-party vendor.

method

Configures an EAP profile method.

method

EAP profile method name. The supported methods

are leap, fast, tls, and peap.

local-cert

(For use with EAP-FAST) Specifies whether the

device certificate on the controller is required for
authentication.

enable

Specifies that the parameter is enabled.

disable

Specifies that the parameter is disabled.

client-cert

(For use with EAP-FAST) Specifies whether wireless

clients are required to send their device certificates to
the controller in order to authenticate.

peer-verify

Configures the peer certificate verification options.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

867

config Commands

Command Default

Command History

Examples

ca-issuer

(For use with EAP-TLS or EAP-FAST with

certificates) Specifies whether the incoming certificate
from the client is to be validated against the Certificate
Authority (CA) certificates on the controller.

cn-verify

(For use with EAP-TLS or EAP-FAST with

certificates) Specifies whether the common name
(CN) in the incoming certificate is to be validated
against the CA certificates CN on the controller.

date-valid

(For use with EAP-TLS or EAP-FAST with

certificates) Specifies whether the controller is to
verify that the incoming device certificate is still valid
and has not expired.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to create a local EAP profile named FAST01:
(Cisco Controller) > config local-auth eap-profile add FAST01

The following example shows how to add the EAP-FAST method to a local EAP profile:
(Cisco Controller) > config local-auth eap-profile method add fast FAST01

The following example shows how to specify Cisco as the issuer of the certificates that will be sent to the
client for an EAP-FAST profile:
(Cisco Controller) > config local-auth eap-profile method fast cert-issuer cisco

The following example shows how to specify that the incoming certificate from the client be validated against
the CA certificates on the controller:
(Cisco Controller) > config local-auth eap-profile method fast peer-verify ca-issuer enable

Related Commands

config local-auth active-timeout

config local-auth method fast
config local-auth user-credentials
debug aaa local-auth
show local-auth certificates

Cisco Wireless LAN Controller Command Reference, Release 8.0

868

OL-31334-01

config Commands

show local-auth config

show local-auth statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

869

config Commands

config local-auth method fast

To configure an EAP-FAST profile, use the config local-auth method fast command.
config local-auth method fast {anon-prov [enable | disable] | authority-id auth_id pac-ttl days | server-key
key_value}

Syntax Description

Command Default

Command History

Examples

anon-prov

Configures the controller to allow anonymous

provisioning, which allows PACs to be sent
automatically to clients that do not have one during
Protected Access Credentials (PAC) provisioning.

enable

(Optional) Specifies that the parameter is enabled.

disable

(Optional) Specifies that the parameter is disabled.

authority-id

Configures the authority identifier of the local

EAP-FAST server.

auth_id

Authority identifier of the local EAP-FAST server (2

to 32 hexadecimal digits).

pac-ttl

Configures the number of days for the Protected

Access Credentials (PAC) to remain viable (also
known as the time-to-live [TTL] value).

days

Time-to-live value (TTL) value (1 to 1000 days).

server-key

Configures the server key to encrypt or decrypt PACs.

key_value

Encryption key value (2 to 32 hexadecimal digits).

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to disable the controller to allows anonymous provisioning:
(Cisco Controller) > config local-auth method fast anon-prov disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

870

OL-31334-01

config Commands

The following example shows how to configure the authority identifier 0125631177 of the local EAP-FAST
server:
(Cisco Controller) > config local-auth method fast authority-id 0125631177

The following example shows how to configure the number of days to 10 for the PAC to remain viable:
(Cisco Controller) > config local-auth method fast pac-ttl 10

Related Commands

clear stats local-auth

config local-auth eap-profile
config local-auth active-timeout
config local-auth user-credentials
debug aaa local-auth
show local-auth certificates
show local-auth config
show local-auth statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

871

config Commands

config local-auth user-credentials

To configure the local Extensible Authentication Protocol (EAP) authentication database search order for user
credentials, use the config local-auth user credentials command.
config local-auth user-credentials {local [ldap] | ldap [local] }

Syntax Description

Command Default

Command History

local

Specifies that the local database is searched for the

user credentials.

ldap

(Optional) Specifies that the Lightweight Directory

Access Protocol (LDAP) database is searched for the
user credentials.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

The order of the specified database parameters indicate the database search order.

Examples

The following example shows how to specify the order in which the local EAP authentication database is
searched:
(Cisco Controller) > config local-auth user credentials local lda

In the above example, the local database is searched first and then the LDAP database.

Related Commands

clear stats local-auth

config local-auth eap-profile
config local-auth method fast
config local-auth active-timeout
debug aaa local-auth
show local-auth certificates
show local-auth config
show local-auth statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

872

OL-31334-01

config Commands

config ipv6 acl

To create or delete an IPv6 ACL on the Cisco wireless LAN controller, apply ACL to data path, and configure
rules in the IPv6 ACL, use the config ipv6 acl command.
config ipv6 acl [apply|cpu |create|delete|rule]
config ipv6 acl apply name
config ipv6 acl cpu {name |none}
config ipv6 acl create name
config ipv6 acl delete name
config ipv6 acl rule [action|add|change|delete|destination|direction|dscp|protocol|source|swap]
config ipv6 acl rule action name index {permit | deny}
config ipv6 acl rule add name index
config ipv6 acl rule change index name old_index new_index
config ipv6 acl rule delete name index
config ipv6 acl rule destination {address name index ip_address prefix-len | port range name index }
config ipv6 acl rule direction name index {in | out | any}
config ipv6 acl rule dscp name dscp
config ipv6 acl rule protocol name index protocol
config ipv6 acl rule source {address name index ip_address prefix-len | port range name index start_port
end_port}
config ipv6 acl rule swap index name index_1index_2

Syntax Description

apply name

Applies an IPv6 ACL. An IPv6 ACL can contain up to 32 alphanumeric

characters.

cpu name

Applies the IPv6 ACL to the CPU.

cpu none

Configure none if you wish not to have a IPV6 ACL.

create

Creates an IPv6 ACL.

delete

Deletes an IPv6 ACL.

rule (action) (name) (index)

Configures rules in the IPv6 ACL to either permit or deny access. IPv6
ACL name can contains up to 32 alphanumeric characters and IPv6 ACL
rule index can be between 1 and 32.

{permit|deny}

Permit or deny the IPv6 rule action.

add name index

Adds a new rule and rule index.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

873

config Commands

change name old_index

new_index

Changes a rules index.

delete name index

Deletes a rule and rule index.

destination address name

index ip_addr prefix-len

Configures a rules destination IP address and prefix length (between 0 and

128).

destination port name index

Configure a rule's destination port range. Enter IPv6 ACL name and set an
rule index for it.

direction name index

{in|out|any}

Configures a rules direction to in, out, or any.

dscp name index dscp

Configures a rules DSCP. For rule index of DSCP, select a number between
0 and 63, or any.

protocol name index protocol Configures a rules protocol. Enter a name and set an index between 0 and
255 or any
source address name index
ip_address prefix-len

Configures a rules source IP address and netmask.

source port range name index Configures a rules source port range.
start_port end_port
swap index name index_1
index_2

Command Default

Command History

Swaps two rules indices.

After adding an ACL, the config ipv6 acl cpu is by default configured as enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6..

8.0

Updated this command, added cpu {ipv6_acl_name |none}.

Usage Guidelines

Examples

The following example shows how to configure an IPv6 ACL to permit access:
(Cisco Controller) >config ipv6 acl rule action lab1 4 permit

Cisco Wireless LAN Controller Command Reference, Release 8.0

874

OL-31334-01

config Commands

Examples

The following example shows how to configure an interface ACL:

(Cisco Controller) > config ipv6 interface acl management IPv6-Acl

Related Commands

show ipv6 acl detailed

show ipv6 acl cpu

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

875

config Commands

config netuser add

Syntax Description

username

Guest username. The username can be up to 50 alphanumeric characters.

password

User password. The password can be up to 24 alphanumeric characters.

wlan

Specifies the wireless LAN identifier to associate with or zero for any wireless
LAN.

wlan_id

Wireless LAN identifier assigned to the user. A zero value associates the user
with any wireless LAN.

guestlan

Specifies the guest LAN identifier to associate with or zero for any wireless
LAN.

guestlan_id

Guest LAN ID.

userType

Specifies the user type.

guest

Specifies the guest for the guest user.

lifetime

Specifies the lifetime.

lifetime

Lifetime value (60 to 259200 or 0) in seconds for the guest user.

Note

description

Command Default

Command History

Usage Guidelines

A value of 0 indicates an unlimited

lifetime.

Short description of user. The description can be up to 32 characters enclosed in

double-quotes.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Local network usernames must be unique because they are stored in the same database.

Cisco Wireless LAN Controller Command Reference, Release 8.0

876

OL-31334-01

config Commands

Examples

The following example shows how to add a permanent username Jane to the wireless network for 1 hour:
(Cisco Controller) > config netuser add jane able2 1 wlan_id 1 userType permanent

The following example shows how to add a guest username George to the wireless network for 1 hour:
(Cisco Controller) > config netuser add george able1 guestlan 1 3600

Related Commands

show netuser
config netuser delete

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

877

config Commands

config netuser delete

To delete an existing user from the local network, use the config netuser delete command.
config netuser delete { username username | wlan-id wlan-id}

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

username

Network username. The username can be up to 24 alphanumeric characters.

wlan-id

WLAN identification number.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Local network usernames must be unique because they are stored in the same database.

When a WLAN associated with network users is deleted, the system prompts to delete all network users
associated with the WLAN first. After deleting the network users, you can delete the WLAN.

The following example shows how to delete an existing username named able1 from the network:
(Cisco Controller) > config netuser delete able1
Deleted user able1

Related Commands

show netuser

Cisco Wireless LAN Controller Command Reference, Release 8.0

878

OL-31334-01

config Commands

config netuser description

To add a description to an existing net user, use the config netuser description command.
config netuser description username description

Syntax Description

Command Default

Command History

Examples

username

Network username. The username can contain up to 24 alphanumeric characters.

description

(Optional) User description. The description can be up to 32 alphanumeric characters

enclosed in double quotes.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add a user description HQ1 Contact to an existing network user named
able 1:
(Cisco Controller) > config netuser description able1 HQ1 Contact

Related Commands

show netuser

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

879

config Commands

config network bridging-shared-secret

To configure the bridging shared secret, use the config network bridging-shared-secret command.
config network bridging-shared-secret shared_secret

Syntax Description

Command Default

Command History

Usage Guidelines

shared_secret

Bridging shared secret string. The string can contain up to 10 bytes.

The bridging shared secret is enabled by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This command creates a secret that encrypts backhaul user data for the mesh access points that connect to the
switch.
The zero-touch configuration must be enabled for this command to work.

Examples

The following example shows how to configure the bridging shared secret string shhh1:
(Cisco Controller) > config network bridging-shared-secret shhh1

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

880

OL-31334-01

config Commands

config network web-auth captive-bypass

Syntax Description

enable

Allows the controller to support bypass of captive portals.

disable

Disallows the controller to support bypass of captive portals.

Command Default

None

Examples

The following example shows how to configure the controller to support bypass of captive portals:
(Cisco Controller) > config network web-auth captive-bypass enable

Related Commands

show network summary

config network web-auth cmcc-support

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

881

config Commands

config network web-auth port

To configure an additional port to be redirected for web authentication at the network level, use the config
network web-auth port command.
config network web-auth port port

Syntax Description

port

Command Default

None

Command History

Examples

Port number. The valid range is from 0 to 65535.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure an additional port number 1200 to be redirected for web
authentication:
(Cisco Controller) > config network web-auth port 1200

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

882

OL-31334-01

config Commands

config network web-auth proxy-redirect

To configure proxy redirect support for web authentication clients, use the config network web-auth
proxy-redirect command.
config network web-auth proxy-redirect {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Allows proxy redirect support for web authentication

clients.

disable

Disallows proxy redirect support for web

authentication clients.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable proxy redirect support for web authentication clients:
(Cisco Controller) > config network web-auth proxy-redirect enable

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

883

config Commands

config network web-auth secureweb

To configure the secure web (https) authentication for clients, use the config network web-auth secureweb
command.
config network web-auth secureweb {enable | disable}

Syntax Description

Command Default

Command History

enable

Allows secure web (https) authentication for clients.

disable

Disallows secure web (https) authentication for clients.

Enables http web authentication for clients.

The default secure web (https) authentication for clients is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines
Note

Examples

If you configure the secure web (https) authentication for clients using the config network web-auth
secureweb disable command, then you must reboot the Cisco WLC to implement the change.

The following example shows how to enable the secure web (https) authentication for clients:
(Cisco Controller) > config network web-auth secureweb enable

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

884

OL-31334-01

config Commands

config network webmode

To enable or disable the web mode, use the config network webmode command.
config network webmode {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the web interface.

disable

Disables the web interface.

The default value for the web mode is enable.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable the web interface mode:
(Cisco Controller) > config network webmode disable

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

885

config Commands

config network web-auth

To configure the network-level web authentication options, use the config network web-auth command.
config network web-auth {port port-number} | {proxy-redirect {enable | disable}}

Syntax Description

port

Configures additional ports for web authentication

redirection.

port-number

Port number (between 0 and 65535).

proxy-redirect

Configures proxy redirect support for web

authentication clients.

enable

Enables proxy redirect support for web authentication

clients.
Note

disable

Command Default

Command History

Web-auth proxy redirection will be enabled

for ports 80, 8080, and 3128, along with user
defined port 345.

Disables proxy redirect support for web authentication

clients.

The default network-level web authentication value is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

You must reset the system for the configuration to take effect.

Examples

The following example shows how to enable proxy redirect support for web authentication clients:
(Cisco Controller) > config network web-auth proxy-redirect enable

Related Commands

show network summary

show run-config
config qos protocol-type

Cisco Wireless LAN Controller Command Reference, Release 8.0

886

OL-31334-01

config Commands

config policy
To configure a native profiling policy on the Cisco Wireless LAN Controller (WLC), use the config policy
command.
config policypolicy_name {action {acl {enable | disable} acl_name | {average-data-rate |
average-realtime-rate | burst-data-rate | burst-realtime-rate | qos | session-timeout | sleeping-client-timeout
| avc-profile-name {enable avc_profile_name | disable} | vlan} {enable | disable}}} | active {add hours
start _time end _time days day | delete days day} | create | delete | match {device-type {add | delete}
device-type | eap-type {add | delete} {eap-fast | eap-tls | leap | peap} | role {role_name | none}}

Syntax Description

policy_name

Name of a profiling policy.

action

Configures an action for the policy.

acl

Configures an ACL for the policy

enable

Enables an action for the policy.

disable

Disables an action for the policy.

acl_name

Name of an ACL.

average-data-rate

Configures the QoS average data rate.

average-realtime-rate

Configures the QoS average real-time rate.

burst-data-rate

Configures the QoS burst data rate.

burst-realtime-rate

Configures the QoS burst real-time rate.

qos

Configures a QoS action for the policy.

session-timeout

Configures a session timeout action for the policy.

sleeping-client-timeout

Configures a sleeping client timeout for the policy.

avc-profile-name

Configures AVC profile on a policy.

vlan

Configures a VLAN action for the policy.

active

Configures the active hours and days for the policy.

add

Adds active hours and days.

hours

Configures active hours for the policy.

start _time

Start time for the policy.

end _time

End time for the policy.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

887

config Commands

days

Configures the day on the policy must work.

day

Day of the week, such as mon, tue, wed, thu, fri, sat,
sun. You can also specify daily or weekdays for the
policy to occur daily or on all weekdays.

delete

Deletes active hours and days.

create

Creates a policy.

match

Configures a match criteria for the policy.

device-type

Configures a device type match.

device-type

Device type on which the policy must be applied. You

can configure up to 16 devices types for a policy.

eap-type

Configures the Extensible Authentication Protocol (EAP)

type as a match criteria.

eap-fast

Configures the EAP type as EAP Flexible Authentication

via Secure Tunneling (FAST).

eap-tls

Configures the EAP type as EAP Transport Layer

Security (TLS).

leap

Configures the EAP type as Lightweight EAP (LEAP).

peap

Configures the EAP type as Protected EAP (PEAP).

role

Configures the user type or user group for the user.

role_name

User type or user group of the user, for example, student,

employee.
You can configure only one role per policy.
Configures no user type or user group for the user.

none

Command Default

Command History

Usage Guidelines

There is no native profiling policy on the Cisco WLC.

Release

Modification

7.5

This command was introduced.

The maximum number of policies that you can configure is 64.

Cisco Wireless LAN Controller Command Reference, Release 8.0

888

OL-31334-01

config Commands

Examples

The following example shows how to configure a role for a policy:

(Cisco Controller) > config policy student_policy role student

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

889

config Commands

config radius acct

To configure settings for a RADIUS accounting server for the Cisco wireless LAN controller, use the config
radius acct command.
config radius acct{ {add index IP addr port {ascii | hex} secret} | delete index | disable index | enable
index | ipsec {authentication {hmac-md5 index | hmac-sha1 index } | disable index | enable index |
encryption {256-aes | 3des | aes | des} index | ike {auth-mode {pre-shared-key index type shared_secret_key
| certificate index } | dh-group { 2048bit-group-14 | group-1 | group-2 | group-5} index | lifetime seconds
index | phase1 {aggressive | main} index } } | {mac-delimiter {colon | hyphen | none | single-hyphen}}
| {network index {disable | enable}} | {region {group | none | provincial}} | retransmit-timeout index
seconds | realm {add | delete} index realm-string}

Syntax Description

add

Adds a RADIUS accounting server (IPv4 or IPv6).

index

RADIUS server index (1 to 17).

IP addr

RADIUS server IP address (IPv4 or IPv6).

port

RADIUS servers UDP port number for the interface

protocols.

ascii

Specifies the RADIUS servers secret type: ascii.

hex

Specifies the RADIUS servers secret type: hex.

secret

RADIUS servers secret.

enable

Enables a RADIUS accounting server.

disable

Disables a RADIUS accounting server.

delete

Deletes a RADIUS accounting server.

ipsec

Enables or disables IPSec support for an accounting

server.
Note
IPSec is not supported for
IPv6.

authentication

Configures IPSec Authentication.

hmac-md5

Enables IPSec HMAC-MD5 authentication.

hmac-sha1

Enables IPSec HMAC-SHA1 authentication.

disable

Disables IPSec support for an accounting server.

enable

Enables IPSec support for an accounting server.

encryption

Configures IPSec encryption.

Cisco Wireless LAN Controller Command Reference, Release 8.0

890

OL-31334-01

config Commands

256-aes

Enables IPSec AES-256 encryption.

3des

Enables IPSec 3DES encryption.

aes

Enables IPSec AES-128 encryption.

des

Enables IPSec DES encryption.

ike

Configures Internet Key Exchange (IKE).

auth-mode

Configures IKE authentication method.

pre-shared-key

Pre-shared key for authentication.

certificate

Certificate used for authentication.

dh-group

Configures IKE Diffie-Hellman group.

2048bit-group-14

Configures DH group 14 (2048 bits).

group-1

Configures DH group 1 (768 bits).

group-2

Configures DH group 2 (1024 bits).

group-5

Configures DH group 5 (1536 bits).

lifetime seconds

Configures IKE lifetime in seconds. The range is from

1800 to 57600 seconds and the default is 28800.

phase1

Configures IKE phase1 mode.

aggressive

Enables IKE aggressive mode.

main

Enables IKE main mode.

mac-delimiter

Configures MAC delimiter for caller station ID and

calling station ID.

colon

Sets the delimiter to colon (For example:

xx:xx:xx:xx:xx:xx).

hyphen

Sets the delimiter to hyphen (For example:

xx-xx-xx-xx-xx-xx).

none

Disables delimiters (For example: xxxxxxxxxx).

single-hyphen

Sets the delimiters to single hyphen (For example:

xxxxxx-xxxxxx).

network

Configures a default RADIUS server for network

users.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

891

config Commands

group

Specifies RADIUS server type group.

none

Specifies RADIUS server type none.

provincial

Specifies RADIUS server type provincial.

retransmit-timeout

Changes the default retransmit timeout for the server.

seconds

The number of seconds between retransmissions.

realm

Specifies radius acct realm.

add

Adds radius acct realm.

delete

Deletes radius acct realm.

Command Default

When adding a RADIUS server, the port number defaults to 1813 and the state is enabled.

Usage Guidelines

IPSec is not supported for IPv6.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

The following example shows how to configure a priority 1 RADIUS accounting server at 10.10.10.10 using
port 1813 with a login password of admin:
(Cisco Controller) > config radius acct add 1 10.10.10.10 1813 ascii admin

The following example shows how to configure a priority 1 RADIUS accounting server at 2001:9:6:40::623
using port 1813 with a login password of admin:
(Cisco Controller) > config radius acct add 1 2001:9:6:40::623 1813 ascii admin

Cisco Wireless LAN Controller Command Reference, Release 8.0

892

OL-31334-01

config Commands

config radius acct ipsec authentication

To configure IPsec authentication for the Cisco wireless LAN controller, use the config radius acct ipsec
authentication command.
config radius acct ipsec authentication {hmac-md5 | hmac-sha1} index

Syntax Description

Command Default

Command History

Examples

hmac-md5

Enables IPsec HMAC-MD5 authentication.

hmac-sha1

Enables IPsec HMAC-SHA1 authentication.

index

RADIUS server index.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the IPsec hmac-md5 authentication service on the RADIUS
accounting server index 1:
(Cisco Controller) > config radius acct ipsec authentication hmac-md5 1

Related Commands

show radius acct statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

893

config Commands

config radius acct ipsec disable

To disable IPsec support for an accounting server for the Cisco wireless LAN controller, use the config radius
acct ipsec disable command.
config radius acct ipsec disable index

Syntax Description

Command Default

Command History

Examples

index

RADIUS server index.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to disable the IPsec support for RADIUS accounting server index 1:
(Cisco Controller) > config radius acct ipsec disable 1

Related Commands

show radius acct statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

894

OL-31334-01

config Commands

config radius acct ipsec enable

To enable IPsec support for an accounting server for the Cisco wireless LAN controller, use the config radius
acct ipsec enable command.
config radius acct ipsec enable index

Syntax Description

Command Default

Command History

Examples

index

RADIUS server index.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the IPsec support for RADIUS accounting server index 1:
(Cisco Controller) > config radius acct ipsec enable 1

Related Commands

show radius acct statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

895

config Commands

config radius acct ipsec encryption

To configure IPsec encryption for an accounting server for the Cisco wireless LAN controller, use the config
radius acct ipsec encryption command.
config radius acct ipsec encryption {3des | aes | des} index

Syntax Description

Command Default

Command History

Examples

256-aes

Enables IPSec AES-256 encryption.

3des

Enables IPsec 3DES encryption.

aes

Enables IPsec AES encryption.

des

Enables IPsec DES encryption.

index

RADIUS server index value of between 1 and 17.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the IPsec 3DES encryption for RADIUS server index value
3:
(Cisco Controller) > config radius acct ipsec encryption 3des 3

Cisco Wireless LAN Controller Command Reference, Release 8.0

896

OL-31334-01

config Commands

config radius acct ipsec ike

To configure Internet Key Exchange (IKE) for the Cisco WLC, use the config radius acct ipsec ike command.
config radius acct ipsec ike dh-group {group-1 | group-2 | group-5 | group-14} | lifetime seconds | phase1
{aggressive | main}} index

Syntax Description

Command Default

Command History

Examples

dh-group

Specifies the Dixie-Hellman (DH) group.

group-1

Configures the DH Group 1 (768 bits).

group-2

Configures the DH Group 2 (1024 bits).

group-5

Configures the DH Group 5 (1024 bits).

group-5

Configures the DH Group 14 (2048 bits).

lifetime

Configures the IKE lifetime.

seconds

IKE lifetime in seconds.

phase1

Configures the IKE phase1 node.

aggressive

Enables the aggressive mode.

main

Enables the main mode.

index

RADIUS server index.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure an IKE lifetime of 23 seconds for RADIUS server index 1:
(Cisco Controller) > config radius acct ipsec ike lifetime 23 1

Related Commands

show radius acct statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

897

config Commands

config radius acct mac-delimiter

To specify the delimiter to be used in the MAC addresses that are sent to the RADIUS accounting server, use
the config radius acct mac-delimiter command.
config radius acct mac-delimiter {colon | hyphen | single-hyphen | none}

Syntax Description

Command Default

Command History

Examples

colon

Sets the delimiter to a colon (for example,

xx:xx:xx:xx:xx:xx).

hyphen

Sets the delimiter to a hyphen (for example,

xx-xx-xx-xx-xx-xx).

single-hyphen

Sets the delimiter to a single hyphen (for example,

xxxxxx-xxxxxx).

none

Disables the delimiter (for example, xxxxxxxxxxxx).

The default delimiter is a hyphen.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set the delimiter hyphen to be used in the MAC addresses that are sent
to the RADIUS accounting server for the network users:
(Cisco Controller) > config radius acct mac-delimiter hyphen

Related Commands

show radius acct statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

898

OL-31334-01

config Commands

config radius acct network

To configure a default RADIUS server for network users, use the config radius acct network command.
config radius acct network index {enable | disable}

Syntax Description

Command Default

Command History

Examples

index

RADIUS server index.

enable

Enables the server as a network users default

RADIUS server.

disable

Disables the server as a network users default

RADIUS server.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a default RADIUS accounting server for the network users
with RADIUS server index1:
(Cisco Controller) > config radius acct network 1 enable

Related Commands

show radius acct statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

899

config Commands

config radius acct realm

To configure realm on RADIUS accounting server, use the config radius acct realm command.
config radius acct realm{add | delete} radius_index realm_string

Syntax Description

Command Default

Command History

Examples

radius_server

Radius server index. The range is from 1 to 17.

add

Add realm to RADIUS accounting server.

delete

Delete realm from RADIUS accounting server.

realm_string

Unique string associated to RADIUS accounting

realm.

None

Release

Modification

8.0

This command was introduced.

The following example shows how add realm to the RADIUS accounting server:
(Cisco Controller) > config radius acct realm add 3 test

Cisco Wireless LAN Controller Command Reference, Release 8.0

900

OL-31334-01

config Commands

config radius acct retransmit-timeout

Syntax Description

Command Default

Command History

Examples

index

RADIUS server index.

timeout

Number of seconds (from 2 to 30) between

retransmissions.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure retransmission timeout value 5 seconds between the
retransmission:
(Cisco Controller) > config radius acct retransmit-timeout 5

Related Commands

show radius acct statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

901

config Commands

config radius auth

To configure settings for a RADIUS authentication server for the Cisco wireless LAN controller, use the
config radius auth command.
config radius auth {add index IP addr portascii/hexsecret} | {callStationIdType {ap-ethmac-only |
ap-ethmac-ssid | ap-group-name | ap-label-address | ap-label-address-ssid| ap-location | ap-macaddr-only
| ap-macaddr-ssid | ap-name | ap-name-ssid | flex-group-name | ipaddr | macaddr| vlan-id}} | delete
index | disable index | enable index | { ipsec {authentication {hmac-md5 index | hmac-sha1 index } |
disable index | enable index | encryption {256-aes | 3des | aes | des} index | ike {auth-mode
{pre-shared-key index ascii/hex shared_secret | certificate index } | dh-group { 2048bit-group-14 | group-1
| group-2 | group-5} index | lifetime seconds index | phase1 {aggressive | main} index } } | { { keywrap{add
ascii/hex kek mack index } | delete index | disable | enable} } | {mac-delimiter {colon | hyphen | none |
single-hyphen}} | {{management index {enable | disable}} | { mgmt-retransmit-timeout index Retransmit
Timeout } | { network index {enable | disable}} | {realm {add | delete} radius-index realm-string} } |
{region {group | none | provincial}} | {retransmit-timeout index Retransmit Timeout} | { rfc3576 {enable
| disable} index }

Syntax Description

enable

Enables a RADIUS authentication server.

disable

Disables a RADIUS authentication server.

delete

Deletes a RADIUS authentication server.

index

RADIUS server index. The controller begins the

search with 1. The server index range is from 1 to 17.

add

Adds a RADIUS authentication server. See the

Defaults section.

IP addr

IP address (IPv4 or IPv6) of the RADIUS server.

port

RADIUS servers UDP port number for the interface

protocols.

ascii/hex

Specifies RADIUS servers secret type: ascii or hex.

secret

RADIUS servers secret.

callStationIdType

Configures Called Station Id information sent in

RADIUS authentication messages.

ipsec

Enables or disables IPSEC support for an

authentication server.
Note
IPSec is not supported for
IPv6.

keywrap

Configures RADIUS keywrap.

ascii/hex

Specifies the input format of the keywrap keys.

Cisco Wireless LAN Controller Command Reference, Release 8.0

902

OL-31334-01

config Commands

kek

Enters the 16-byte key-encryption-key.

mack

Enters the 20-byte message-authenticator-code-key.

mac-delimiter

Configures MAC delimiter for caller station ID and

calling station ID.

management

Configures a RADIUS Server for management users.

mgmt-retransmit-timeout

Changes the default management login retransmission

timeout for the server.

network

Configures a default RADIUS server for network

users.

realm

Configures radius auth realm.

region

Configures RADIUS region property.

retransmit-timeout

Changes the default network login retransmission

timeout for the server.

rfc3576

Enables or disables RFC-3576 support for an

authentication server.

Command Default

When adding a RADIUS server, the port number defaults to 1812 and the state is enabled.

Usage Guidelines

IPSec is not supported for IPv6.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

The following example shows how to configure a priority 3 RADIUS authentication server at 10.10.10.10
using port 1812 with a login password of admin:
(Cisco Controller) > config radius auth add 3 10.10.10.10 1812 ascii admin

The following example shows how to configure a priority 3 RADIUS authentication server at 2001:9:6:40::623
using port 1812 with a login password of admin:
(Cisco Controller) > config radius auth add 3 2001:9:6:40::623 1812 ascii admin

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

903

config Commands

config radius auth IPsec authentication

To configure IPsec support for an authentication server for the Cisco wireless LAN controller, use the config
radius auth IPsec authentication command.
config radius auth IPsec authentication {hmac-md5 | hmac-sha1} index

Syntax Description

Command Default

Command History

Examples

hmac-md5

Enables IPsec HMAC-MD5 authentication.

hmac-shal

Enables IPsec HMAC-SHA1 authentication.

index

RADIUS server index.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the IPsec hmac-md5 support for RADIUS authentication
server index 1:
(Cisco Controller) > config radius auth IPsec authentication hmac-md5 1

Related Commands

show radius acct statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

904

OL-31334-01

config Commands

config radius auth ipsec disable

To disable IPsec support for an authentication server for the Cisco wireless LAN controller, use the config
radius auth IPsec disable command.
config radius auth ipsec {enable | disable} index

Syntax Description

Command Default

Command History

Examples

enable

Enables the IPsec support for an authentication server.

disable

Disables the IPsec support for an authentication

server.

index

RADIUS server index.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

This example shows how to enable the IPsec support for RADIUS authentication server index 1:
(Cisco Controller) > config radius auth ipsec enable 1

This example shows how to disable the IPsec support for RADIUS authentication server index 1:
(Cisco Controller) > config radius auth ipsec disable 1

Related Commands

show radius acct statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

905

config Commands

config radius auth ipsec encryption

To configure IPsec encryption support for an authentication server for the Cisco wireless LAN controller, use
the config radius auth ipsec encryption command.
config radius auth IPsec encryption {256-aes | 3des | aes | des} index

Syntax Description

Command Default

Command History

Examples

256-aes

Enables the IPsec 256 AES encryption.

3des

Enables the IPsec 3DES encryption.

aes

Enables the IPsec AES encryption.

des

Enables the IPsec DES encryption.

index

RADIUS server index.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

The keyword 256-aes was added.

The following example shows how to configure IPsec 3dec encryption RADIUS authentication server index
3:
(Cisco Controller) > config radius auth ipsec encryption 3des 3

Related Commands

show radius acct statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

906

OL-31334-01

config Commands

config radius auth ipsec ike

To configure Internet Key Exchange (IKE) for the Cisco wireless LAN controller, use the config radius auth
IPsec ike command.
config radius auth ipsec ike {auth-mode {pre-shared-keyindex {ascii | hex shared-secret} | certificate
index } dh-group {2048bit-group-14 | group-1 | group-2 | group-5} | lifetime seconds | phase1 {aggressive
| main}} index

Syntax Description

auth-mode

Configures the IKE authentication method.

pre-shared-key

Configures the preshared key for IKE authentication

method.

index

RADIUS server index between 1 and 17.

ascii

Configures RADIUS IPsec IKE secret in an ASCII

format.

hex

Configures RADIUS IPsec IKE secret in a

hexadecimal format.

shared-secret

Configures the shared RADIUS IPsec secret.

certificate

Configures the certificate for IKE authentication.

dh-group

Configures the IKE Diffe-Hellman group.

2048bit-group-14

Configures the DH Group14 (2048 bits).

group-1

Configures the DH Group 1 (768 bits).

group-2

Configures the DH Group 2 (1024 bits).

group-5

Configures the DH Group 2 (1024 bits).

lifetime

Configures the IKE lifetime.

seconds

IKE lifetime in seconds. The range is from 1800 to

57600 seconds.

phase1

Configures the IKE phase1 mode.

aggressive

Enables the aggressive mode.

main

Enables the main mode.

index

RADIUS server index.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

907

config Commands

Command Default

Command History

Examples

By default, preshared key is used for IPsec sessions and IKE lifetime is 28800 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure IKE lifetime of 23 seconds for RADIUS authentication server
index 1:
(Cisco Controller) > config radius auth ipsec ike lifetime 23 1

Related Commands

show radius acct statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

908

OL-31334-01

config Commands

config radius auth keywrap

To enable and configure Advanced Encryption Standard (AES) key wrap, which makes the shared secret
between the controller and the RADIUS server more secure, use the config radius auth keywrap command.
config radius auth keywrap {enable | disable | add {ascii | hex} kek mack | delete} index

Syntax Description

Command Default

Command History

Examples

enable

Enables AES key wrap.

disable

Disables AES key wrap.

add

Configures AES key wrap attributes.

ascii

Configures key wrap in an ASCII format.

hex

Configures key wrap in a hexadecimal format.

kek

16-byte Key Encryption Key (KEK).

mack

20-byte Message Authentication Code Key (MACK).

delete

Deletes AES key wrap attributes.

index

Index of the RADIUS authentication server on which

to configure the AES key wrap.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the AES key wrap for a RADIUS authentication server:
(Cisco Controller) > config radius auth keywrap enable

Related Commands

show radius auth statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

909

config Commands

config radius auth mac-delimiter

To specify a delimiter to be used in the MAC addresses that are sent to the RADIUS authentication server,
use the config radius auth mac-delimiter command.
config radius auth mac-delimiter {colon | hyphen | single-hyphen | none}

Syntax Description

Command Default

Command History

Examples

colon

Sets a delimiter to a colon (for example,

xx:xx:xx:xx:xx:xx).

hyphen

Sets a delimiter to a hyphen (for example,

xx-xx-xx-xx-xx-xx).

single-hyphen

Sets a delimiter to a single hyphen (for example,

xxxxxx-xxxxxx).

none

Disables the delimiter (for example, xxxxxxxxxxxx).

The default delimiter is a hyphen.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to specify a delimiter hyphen to be used for a RADIUS authentication
server:
(Cisco Controller) > config radius auth mac-delimiter hyphen

Related Commands

show radius auth statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

910

OL-31334-01

config Commands

config radius auth management

To configure a default RADIUS server for management users, use the config radius auth management
command.
config radius auth management index {enable | disable}

Syntax Description

Command Default

Command History

Examples

index

RADIUS server index.

enable

Enables the server as a management users default

RADIUS server.

disable

Disables the server as a management users default

RADIUS server.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a RADIUS server for management users:
(Cisco Controller) > config radius auth management 1 enable

Related Commands

show radius acct statistics

config radius acct network
config radius auth mgmt-retransmit-timeout

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

911

config Commands

config radius auth mgmt-retransmit-timeout

Syntax Description

Command Default

Command History

Examples

index

RADIUS server index.

retransmit-timeout

Timeout value. The range is from 1 to 30 seconds.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a default RADIUS server retransmission timeout for
management users:
(Cisco Controller) > config radius auth mgmt-retransmit-timeout 1 10

Related Commands

config radius auth management

Cisco Wireless LAN Controller Command Reference, Release 8.0

912

OL-31334-01

config Commands

config radius auth network

To configure a default RADIUS server for network users, use the config radius auth network command.
config radius auth network index {enable | disable}

Syntax Description

Command Default

Command History

Examples

index

RADIUS server index.

enable

Enables the server as a network user default RADIUS

server.

disable

Disables the server as a network user default RADIUS

server.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a default RADIUS server for network users:
(Cisco Controller) > config radius auth network 1 enable

Related Commands

show radius acct statistics

config radius acct network

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

913

config Commands

config radius auth realm

To configure realm on RADIUS authentication server, use the config radius auth realm command.
config radius auth realm{add | delete} radius_index realm_string

Syntax Description

Command Default

Command History

Examples

radius_server

Radius server index. The range is from 1 to 17.

add

Add realm to RADIUS authentication server.

delete

Delete realm from RADIUS authentication server.

realm_string

Unique string associated to RADIUS authentication

realm.

None

Release

Modification

8.0

This command was introduced.

The following example shows how add realm to the RADIUS authentication server:
(Cisco Controller) > config radius auth realm add 3 test

Cisco Wireless LAN Controller Command Reference, Release 8.0

914

OL-31334-01

config Commands

config radius auth retransmit-timeout

Syntax Description

Command Default

Command History

Examples

index

RADIUS server index.

timeout

Number of seconds (from 2 to 30) between

retransmissions.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a retransmission timeout of 5 seconds for a RADIUS
authentication server:
(Cisco Controller) > config radius auth retransmit-timeout 5

Related Commands

show radius auth statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

915

config Commands

config radius auth rfc3576

To configure RADIUS RFC-3576 support for the authentication server for the Cisco wireless LAN controller,
use the config radius auth rfc3576 command.
config radius auth rfc3576 {enable | disable} index

Syntax Description

Command Default

Command History

enable

Enables RFC-3576 support for an authentication

server.

disable

Disables RFC-3576 support for an authentication

server.

index

RADIUS server index.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

RFC 3576, which is an extension to the RADIUS protocol, allows dynamic changes to a user session. RFC
3576 includes support for disconnecting users and changing authorizations applicable to a user session.
Disconnect messages cause a user session to be terminated immediately; CoA messages modify session
authorization attributes such as data filters.

Examples

The following example shows how to enable the RADIUS RFC-3576 support for a RADIUS authentication
server:
(Cisco Controller) > config radius auth rfc3576 enable 2

Related Commands

show radius auth statistics

show radius summary
show radius rfc3576

Cisco Wireless LAN Controller Command Reference, Release 8.0

916

OL-31334-01

config Commands

config radius auth retransmit-timeout

To configure a retransmission timeout value for a RADIUS accounting server, use the config radius auth
server-timeout command.
config radius auth retransmit-timeout index timeout

Syntax Description

Command Default

Command History

Examples

index

RADIUS server index.

timeout

Timeout value. The range is from 2 to 30 seconds.

The default timeout is 2 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a server timeout value of 2 seconds for RADIUS authentication
server index 10:
(Cisco Controller) > config radius auth retransmit-timeout 2 10

Related Commands

show radius auth statistics

show radius summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

917

config Commands

config radius aggressive-failover disabled

To configure the controller to mark a RADIUS server as down (not responding) after the server does not reply
to three consecutive clients, use the config radius aggressive-failover disabled command.
config radius aggressive-failover disabled

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the controller to mark a RADIUS server as down:
(Cisco Controller) > config radius aggressive-failover disabled

Related Commands

show radius summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

918

OL-31334-01

config Commands

config radius backward compatibility

To configure RADIUS backward compatibility for the Cisco wireless LAN controller, use the config radius
backward compatibility command.
config radius backward compatibility {enable | disable}

Syntax Description

enable

Enables RADIUS vendor ID backward compatibility.

disable

Disables RADIUS vendor ID backward compatibility.

Command Default

Enabled.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Examples

The following example shows how to enable the RADIUS backward compatibility settings:
(Cisco Controller) > config radius backward compatibility disable

Related Commands

show radius summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

919

config Commands

config radius callStationIdCase

To configure callStationIdCase information sent in RADIUS messages for the Cisco WLC, use the config
radius callStationIdCase command.
config radius callStationIdCase {legacy | lower | upper}

Syntax Description

legacy

Configures Call Station IDs for Layer 2 authentication

to RADIUS in uppercase.

lower

Configures all Call Station IDs to RADIUS in

lowercase.

upper

Configures all Call Station IDs to RADIUS in

uppercase.

Command Default

Enabled.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Examples

The following example shows how to send the call station ID in lowercase:
(Cisco Controller) > config radius callStationIdCase lower

Related Commands

show radius summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

920

OL-31334-01

config Commands

config radius callStationIdType

To configure the Called Station ID type information sent in RADIUS accounting messages for the Cisco
wireless LAN controller, use the config radius callStationIdType command.
config radius callStationIdType {ap-ethmac-only | ap-ethmac-ssid | ap-group-name | ap-label-address
| ap-label-address-ssid| ap-location | ap-macaddr-only | ap-macaddr-ssid | ap-name | ap-name-ssid |
flex-group-name | ipaddr | macaddr| vlan-id}

Syntax Description

ipaddr

Configures the Call Station ID type to use the IP

address (only Layer 3).

macaddr

Configures the Call Station ID type to use the systems

MAC address (Layers 2 and 3).

ap-macaddr-only

Configures the Call Station ID type to use the access

points MAC address (Layers 2 and 3).

ap-macaddr-ssid

Configures the Call Station ID type to use the access

points MAC address (Layers 2 and 3) in the format
AP MAC address:SSID.

ap-ethmac-only

Configures the Called Station ID type to use the access

points Ethernet MAC address.

ap-ethmac-ssid

Configures the Called Station ID type to use the access

points Ethernet MAC address in the format AP
Ethernet MAC address:SSID.

ap-group-name

Configures the Call Station ID type to use the AP

group name. If the AP is not part of any AP group,
default-group is taken as the AP group name.

flex-group-name

Configures the Call Station ID type to use the

FlexConnect group name. If the FlexConnect AP is
not part of any FlexConnect group, the system MAC
address is taken as the Call Station ID.

ap-name

Configures the Call Station ID type to use the access

points name.

ap-name-ssid

Configures the Call Station ID type to use the access

points name in the format AP name:SSID

ap-location

Configures the Call Station ID type to use the access

points location.

vlan-id

Configures the Call Station ID type to use the systems

VLAN-ID.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

921

config Commands

ap-label-address

Configures the Call Station ID type to the AP MAC

address that is printed on the AP label, for the
accounting messages.

ap-label-address-ssid

Configures the Call Station ID type to the AP MAC

address:SSID format.

Command Default

The IP address of the system.

Usage Guidelines

The controller sends the Called Station ID attribute to the RADIUS server in all authentication and accounting
packets. The Called Station ID attribute can be used to classify users to different groups based on the attribute
value. The command is applicable only for the Called Station and not for the Calling Station.
You cannot send only the SSID as the Called-Station-ID, you can only combine the SSID with either the
access point MAC address or the access point name.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

7.6

The ap-ethmac-only and ap-ethmac-ssid keywords

were added to support the access points Ethernet
MAC address.
The ap-label-address and ap-label-address-ssid
keywords were added.

8.0

Examples

This command supports both IPv4 and IPv6 address

formats.

The following example shows how to configure the call station ID type to use the IP address:
(Cisco Controller) > config radius callStationIdType ipaddr

The following example shows how to configure the call station ID type to use the systems MAC address:
(Cisco Controller) > config radius callStationIdType macaddr

The following example shows how to configure the call station ID type to use the access points MAC address:
(Cisco Controller) > config radius callStationIdType ap-macaddr-only

Cisco Wireless LAN Controller Command Reference, Release 8.0

922

OL-31334-01

config Commands

config radius dns

To retrieve the RADIUS IP information from a DNS server, use the config radius dns command.
config radius dns {global port {ascii | hex} secret | queryurl timeout | serverip ip_address | disable | enable}

Syntax Description

global

Configures the global port and secret to retrieve the RADIUS IP information from
a DNS server.

port

Port number for authentication. The range is from 1 to 65535. All the DNS servers
should use the same authentication port.

ascii

Format of the shared secret that you should set to ASCII.

hex

Format of the shared secret that you should set to hexadecimal.

secret

RADIUS server login secret.

query

Configures the fully qualified domain name (FQDN) of the RADIUS server and
DNS timeout.

url

FQDN of the RADIUS server. The FQDN can be up to 63 case-sensitive,

alphanumeric characters.

timeout

Maximum time that the Cisco WLC waits for, in days, before timing out the request
and resending it. The range is from 1 to 180.

serverip

Configures the DNS server IP address.

ip_address

DNS server IP address.

disable

Disables the RADIUS DNS feature. By default, this feature is disabled.

enable

Enables the Cisco WLC to retrieve the RADIUS IP information from a DNS
server.
When you enable a DNS query, the static configurations are overridden, that is,
the DNS list overrides the static AAA list.

Command Default

Command History

You cannot configure the global port and secret to retrieve the RADIUS IP information.

Release

Modification

7.5

This command was introduced.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

923

config Commands

Usage Guidelines

The accounting port is derived from the authentication port. All the DNS servers should use the same secret.

Examples

The following example shows how to enable the RADIUS DNS feature on the Cisco WLC:
(Cisco Controller) > config radius dns enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

924

OL-31334-01

config Commands

config radius fallback-test

To configure the RADIUS server fallback behavior, use the config radius fallback-test command.
config radius fallback-test mode {off | passive | active} | username username} | {interval interval}

Syntax Description

Command Default

Command History

Examples

mode

Specifies the mode.

off

Disables RADIUS server fallback.

passive

Causes the controller to revert to a preferable server

(with a lower server index) from the available backup
servers without using extraneous probe messages. The
controller ignores all inactive servers for a time period
and retries later when a RADIUS message needs to
be sent.

active

Causes the controller to revert to a preferable server

(with a lower server index) from the available backup
servers by using RADIUS probe messages to
proactively determine whether a server that has been
marked inactive is back online. The controller ignores
all inactive servers for all active RADIUS requests.

username

Specifies the username.

username

Username. The username can be up to 16

alphanumeric characters.

interval

Specifies the probe interval value.

interval

Probe interval. The range is 180 to 3600.

The default probe interval is 300.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to disable the RADIUS accounting server fallback behavior:
(Cisco Controller) > config radius fallback-test mode off

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

925

config Commands

The following example shows how to configure the controller to revert to a preferable server from the available
backup servers without using the extraneous probe messages:
(Cisco Controller) > config radius fallback-test mode passive

The following example shows how to configure the controller to revert to a preferable server from the available
backup servers by using RADIUS probe messages:
(Cisco Controller) > config radius fallback-test mode active

Related Commands

config advanced probe filter

config advanced probe limit
show advanced probe
show radius acct statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

926

OL-31334-01

config Commands

config rogue adhoc

To globally or individually configure the status of an Independent Basic Service Set (IBSS or ad-hoc) rogue
access point, use the config rogue adhoc command.
config rogue adhoc {enable | disable | external rogue_MAC | alert {rogue_MAC | all} | auto-contain
[monitor_ap] | contain rogue_MAC 1234_aps| }
config rogue adhoc {delete {all | mac-address mac-address} | classify {friendly state {external | internal}
mac-address | malicious state {alert | contain} mac-address | unclassified state {alert | contain }
mac-address}

Syntax Description

enable

Globally enables detection and reporting of ad-hoc

rogues.

disable

Globally disables detection and reporting of ad-hoc

rogues.

external

Configure external state on the rogue access point that

is outside the network and poses no threat to WLAN
security. The controller acknowledges the presence
of this rogue access point.

rogue_MAC

MAC address of the ad-hoc rogue access point.

alert

Generates an SMNP trap upon detection of the ad-hoc

rogue, and generates an immediate alert to the system
administrator for further action.

all

Enables alerts for all ad-hoc rogue access points.

auto-contain

Contains all wired ad-hoc rogues detected by the

controller.

monitor_ap

(Optional) IP address of the ad-hoc rogue access point.

contain

Contains the offending device so that its signals no

longer interfere with authorized clients.

1234_aps

Maximum number of Cisco access points assigned to

actively contain the ad-hoc rogue access point (1
through 4, inclusive).

delete

Deletes ad-hoc rogue access points.

all

Deletes all ad-hoc rogue access points.

mac-address

Deletes ad-hoc rogue access point with the specified

MAC address.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

927

config Commands

Command Default

Command History

Usage Guidelines

Note

mac-address

MAC address of the ad-hoc rogue access point.

classify

Configures ad-hoc rogue access point classification.

friendly state

Classifies ad-hoc rogue access points as friendly.

internal

Configures alert state on rogue access point that is

inside the network and poses no threat to WLAN
security. The controller trusts this rogue access point.

malicious state

Classifies ad-hoc rogue access points as malicious.

alert

Configures alert state on the rogue access point that

is not in the neighbor list or in the user configured
friendly MAC list. The controller forwards an
immediate alert to the system administrator for further
action.

contain

Configures contain state on the rogue access point.

Controller contains the offending device so that its
signals no longer interfere with authorized clients.

unclassified state

Classifies ad-hoc rogue access points as unclassified.

The default for this command is enabled and is set to alert. The default for auto-containment is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

RLDP is not supported for use with Cisco autonomous rogue access points. These access points drop the
DHCP Discover request sent by the RLDP client. Also, RLDP is not supported if the rogue access point
channel requires dynamic frequency selection (DFS).
When you enter any of the containment commands, the following warning appears:
Using this feature may have legal consequences. Do you want to continue? (y/n) :

Cisco Wireless LAN Controller Command Reference, Release 8.0

928

OL-31334-01

config Commands

The 2.4- and 5-GHz frequencies in the Industrial, Scientific, and Medical (ISM) band are open to the public
and can be used without a license. As such, containing devices on another partys network could have legal
consequences.
Enter the auto-contain command with the monitor_ap argument to monitor the rogue access point without
containing it. Enter the auto-contain command without the optional monitor_ap to automatically contain all
wired ad-hoc rogues detected by the controller.

Examples

The following example shows how to enable the detection and reporting of ad-hoc rogues:
(Cisco Controller) > config rogue adhoc enable

The following example shows how to enable alerts for all ad-hoc rogue access points:
(Cisco Controller) > config rogue adhoc alert all

The following example shows how to classify an ad-hoc rogue access point as friendly and configure external
state on it:
(Cisco Controller) > config rogue adhoc classify friendly state internal 11:11:11:11:11:11

Related Commands

config rogue auto-contain level

show rogue ignore-list
show rogue rule detailed
show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

929

config Commands

config rogue ap classify

To classify the status of a rogue access point, use the config rogue ap classify command.
config rogue ap classify {friendly state {internal | external} ap_mac }
config rogue ap classify {malicious | unclassified} state {alert | contain} ap_mac

Syntax Description

Command Default

Command History

Usage Guidelines

friendly

Classifies a rogue access point as friendly.

state

Specifies a response to classification.

internal

Configures the controller to trust this rogue access

point.

external

Configures the controller to acknowledge the presence

of this access point.

ap_mac

MAC address of the rogue access point.

malicious

Classifies a rogue access point as potentially

malicious.

unclassified

Classifies a rogue access point as unknown.

alert

Configures the controller to forward an immediate

alert to the system administrator for further action.

contain

Configures the controller to contain the offending

device so that its signals no longer interfere with
authorized clients.

These commands are disabled by default. Therefore, all unknown access points are categorized as unclassified
by default.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

A rogue access point cannot be moved to the unclassified class if its current state is contain.
When you enter any of the containment commands, the following warning appears: Using this feature may
have legal consequences. Do you want to continue? The 2.4- and 5-GHz frequencies in the Industrial,

Cisco Wireless LAN Controller Command Reference, Release 8.0

930

OL-31334-01

config Commands

Scientific, and Medical (ISM) band are open to the public and can be used without a license. As such, containing
devices on another partys network could have legal consequences.

Examples

The following example shows how to classify a rogue access point as friendly and can be trusted:
(Cisco Controller) > config rogue ap classify friendly state internal 11:11:11:11:11:11

The following example shows how to classify a rogue access point as malicious and to send an alert:
(Cisco Controller) > config rogue ap classify malicious state alert 11:11:11:11:11:11

The following example shows how to classify a rogue access point as unclassified and to contain it:
(Cisco Controller) > config rogue ap classify unclassified state contain 11:11:11:11:11:11

Related Commands

config rogue adhoc

config rogue ap friendly
config rogue ap rldp
config rogue ap ssid
config rogue ap timeout
config rogue ap valid-client
config rogue client
config trapflags rogueap
show rogue ap clients
show rogue ap detailed
show rogue ap summary
show rogue ap friendly summary
show rogue ap malicious summary
show rogue ap unclassified summary
show rogue client detailed
show rogue client summary
show rogue ignore-list
show rogue rule detailed
show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

931

config Commands

config rogue ap friendly

To add a new friendly access point entry to the friendly MAC address list, or delete an existing friendly access
point entry from the list, use the config rogue ap friendly command.
config rogue ap friendly {add | delete} ap_mac

Syntax Description

Command Default

Command History

Examples

add

Adds this rogue access point from the friendly MAC

address list.

delete

Deletes this rogue access point from the friendly MAC

address list.

ap_mac

MAC address of the rogue access point that you want

to add or delete.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to add a new friendly access point with MAC address 11:11:11:11:11:11
to the friendly MAC address list.
(Cisco Controller) > config rogue ap friendly add 11:11:11:11:11:11

Related Commands

config rogue adhoc

config rogue ap classify
config rogue ap rldp
config rogue ap ssid
config rogue ap timeout
config rogue ap valid-client
config rogue client
config trapflags rogueap
show rogue ap clients
show rogue ap detailed

Cisco Wireless LAN Controller Command Reference, Release 8.0

932

OL-31334-01

config Commands

show rogue ap summary

show rogue ap friendly summary
show rogue ap malicious summary
show rogue ap unclassified summary
show rogue client detailed
show rogue client summary
show rogue ignore-list
show rogue rule detailed
show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

933

config Commands

config rogue ap rldp

To enable, disable, or initiate the Rogue Location Discovery Protocol (RLDP), use the config rogue ap rldp
command.
config rogue ap rldp enable {alarm-only | auto-contain} [monitor_ap_only]
config rogue ap rldp initiate rogue_mac_address
config rogue ap rldp disable

Syntax Description

Command Default

Command History

Usage Guidelines

alarm-only

When entered without the optional argument

monitor_ap_only, enables RLDP on all access points.

auto-contain

When entered without the optional argument

monitor_ap_only, automatically contains all rogue
access points.

monitor_ap_only

(Optional) RLDP is enabled (when used with

alarm-only keyword), or automatically contained
(when used with auto-contain keyword) is enabled
only on the designated monitor access point.

initiate

Initiates RLDP on a specific rogue access point.

rogue_mac_address

MAC address of specific rogue access point.

disable

Disables RLDP on all access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

When you enter any of the containment commands, the following warning appears: Using this feature may
have legal consequences. Do you want to continue? The 2.4- and 5-GHz frequencies in the Industrial,
Scientific, and Medical (ISM) band are open to the public and can be used without a license. As such, containing
devices on another partys network could have legal consequences.

Cisco Wireless LAN Controller Command Reference, Release 8.0

934

OL-31334-01

config Commands

Examples

The following example shows how to enable RLDP on all access points:
(Cisco Controller) > config rogue ap rldp enable alarm-only

The following example shows how to enable RLDP on monitor-mode access point ap_1:
(Cisco Controller) > config rogue ap rldp enable alarm-only ap_1

The following example shows how to start RLDP on the rogue access point with MAC address 123.456.789.000:
(Cisco Controller) > config rogue ap rldp initiate 123.456.789.000

The following example shows how to disable RLDP on all access points:
(Cisco Controller) > config rogue ap rldp disable

Related Commands

config rogue adhoc

config rogue ap classify
config rogue ap friendly
config rogue ap ssid
config rogue ap timeout
config rogue ap valid-client
config rogue client
config trapflags rogueap
show rogue ap clients
show rogue ap detailed
show rogue ap summary
show rogue ap friendly summary
show rogue ap malicious summary
show rogue ap unclassified summary
show rogue client detailed
show rogue client summary
show rogue ignore-list
show rogue rule detailed
show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

935

config Commands

config rogue ap ssid

To generate an alarm only, or to automatically contain a rogue access point that is advertising your networks
service set identifier (SSID), use the config rogue ap ssid command.
config rogue ap ssid {alarm | auto-contain}

Syntax Description

Command Default

Command History

alarm

Generates only an alarm when a rogue access point

is discovered to be advertising your networks SSID.

auto-contain

Automatically contains the rogue access point that is

advertising your networks SSID.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Examples

The following example shows how to automatically contain a rogue access point that is advertising your
networks SSID:
(Cisco Controller) > config rogue ap ssid auto-contain

Related Commands

config rogue adhoc

config rogue ap classify
config rogue ap friendly
config rogue ap rldp
config rogue ap timeout
config rogue ap valid-client
config rogue client
config trapflags rogueap

Cisco Wireless LAN Controller Command Reference, Release 8.0

936

OL-31334-01

config Commands

show rogue ap clients

show rogue ap detailed
show rogue ap summary
show rogue ap friendly summary
show rogue ap malicious summary
show rogue ap unclassified summary
show rogue client detailed
show rogue client summary
show rogue ignore-list
show rogue rule detailed
show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

937

config Commands

config rogue ap timeout

To specify the number of seconds after which the rogue access point and client entries expire and are removed
from the list, use the config rogue ap timeout command.
config rogue ap timeout seconds

Syntax Description

Command Default

Command History

Examples

seconds

Value of 240 to 3600 seconds (inclusive), with a

default value of 1200 seconds.

The default number of seconds after which the rogue access point and client entries expire is 1200 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set an expiration time for entries in the rogue access point and client
list to 2400 seconds:
(Cisco Controller) > config rogue ap timeout 2400

Related Commands

config rogue ap classify

Cisco Wireless LAN Controller Command Reference, Release 8.0

938

OL-31334-01

config Commands

show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

939

config Commands

config rogue auto-contain level

To configure rogue the auto-containment level, use the config rogue auto-contain level command.
config rogue auto-contain level level [monitor_ap_only]

Syntax Description

level

Rogue auto-containment level in the range of 1 to 4.

You can enter a value of 0 to enable the Cisco WLC
to automatically select the number of APs used for
auto containment. The controller chooses the required
number of APs based on the RSSI for effective
containment.
Note

(Optional) Configures auto-containment using only

monitor AP mode.

monitor_ap_only

Command Default

Command History

Usage Guidelines

Up to four APs can be used to auto-contain

when a rogue AP is moved to contained state
through any of the auto-containment policies.

The default auto-containment level is 1.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The controller continuously monitors all nearby access points and automatically discovers and collects
information on rogue access points and clients. When the controller discovers a rogue access point, it uses
any of the configured auto-containment policies to start autocontainment. The policies for initiating
autocontainment are rogue on wire (detected through RLDP or rogue detector AP), rogue using managed
SSID, Valid client on Rogue AP, and AdHoc Rogue.
This table lists the RSSI value associated with each containment level.
Table 9: RSSI Associated with Each Containment Level

Auto-containment
Level

RSSI

0 to 55 dBm

75 to 55 dBm

85 to 75 dBm

Cisco Wireless LAN Controller Command Reference, Release 8.0

940

OL-31334-01

config Commands

Note

Auto-containment
Level

RSSI

Less than 85 dBm

The 2.4-GHz and 5-GHz frequencies in the Industrial, Scientific, and Medical (ISM) band are open to the
public and can be used without a license. As such, containing devices on another partys network could have
legal consequences.

Examples

The following example shows how to configure the auto-contain level to 3:

(Cisco Controller) > config rogue auto-contain level 3

Related Commands

config rogue adhoc

show rogue adhoc summary
show rogue client summary
show rogue ignore-list
show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

941

config Commands

config rogue ap valid-client

To generate an alarm only, or to automatically contain a rogue access point to which a trusted client is
associated, use the config rogue ap valid-client command.
config rogue ap valid-client {alarm | auto-contain}

Syntax Description

Command Default

Command History

alarm

Generates only an alarm when a rogue access point

is discovered to be associated with a valid client.

auto-contain

Automatically contains a rogue access point to which

a trusted client is associated.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Examples

The following example shows how to automatically contain a rogue access point that is associated with a
valid client:
(Cisco Controller) > config rogue ap valid-client auto-contain

Related Commands

config rogue ap classify

config rogue ap friendly
config rogue ap rldp
config rogue ap timeout
config rogue ap ssid
config rogue rule
config trapflags rogueap
show rogue ap clients

Cisco Wireless LAN Controller Command Reference, Release 8.0

942

OL-31334-01

config Commands

show rogue ap detailed

show rogue ap summary
show rogue ap friendly summary
show rogue ap malicious summary
show rogue ap unclassified summary
show rogue ignore-list
show rogue rule detailed
show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

943

config Commands

config rogue client

To configure rogue clients, use the config rogue client command.
config rogue client {aaa {enable | disable} | alert ap_mac | contain client_mac | delete {state {alert | any
| contained | contained-pending} | all | mac-address client_mac} | mse{enable | disable} } }

Syntax Description

aaa

Configures AAA server or local database to validate

whether rogue clients are valid clients. The default is
disabled.

enable

Enables the AAA server or local database to check

rogue client MAC addresses for validity.

disable

Disables the AAA server or local database to check

rogue client MAC addresses for validity.

alert

Configures the controller to forward an immediate

alert to the system administrator for further action.

ap_mac

Access point MAC address.

contain

Configures the controller to contain the offending

device so that its signals no longer interfere with
authorized clients.

client_mac

MAC address of the rogue client.

delete

Deletes the rogue client.

state

Deletes the rogue clients according to their state.

alert

Deletes the rogue clients in alert state.

any

Deletes the rogue clients in any state.

contained

Deletes all rogue clients that are in contained state.

contained-pending

Deletes all rogue clients that are in contained pending

state.

all

Deletes all rogue clients.

mac-address

Deletes a rogue client with the configured MAC

address.

mse

Validates if the rogue clients are valid clients using

MSE. The default is disabled.

Cisco Wireless LAN Controller Command Reference, Release 8.0

944

OL-31334-01

config Commands

Command Default

Command History

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

You cannot validate rogue clients against MSE and AAA at the same time.

Examples

The following example shows how to enable the AAA server or local database to check MAC addresses:
(Cisco Controller) > config rogue client aaa enable

The following example shows how to disable the AAA server or local database from checking MAC addresses:
(Cisco Controller) > config rogue client aaa disable

Related Commands

config rogue rule

config trapflags rogueap
show rogue ap clients
show rogue ap detailed
show rogue client summary
show rogue ignore-list
show rogue rule detailed
show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

945

config Commands

config rogue containment

To configure rogue containment, use the config rogue containment command.
config rogue containment {flexconnect | auto-rate} {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

flexconnect

Configures rogue containment for standalone FlexConnect APs.

auto-rate

Configures automatic rate selection for rogue containment.

enable

Enables the rogue containment.

disable

Disables the rogue containment.

None

Release

Modification

7.5

This command was introduced.

The following table lists the rogue containment automatic rate selection details.
Table 10: Rogue Containment Automatic Rate Selection

Examples

RSSI (dBm)

802.11b/g Tx Rate (Mbps)

802.11a Tx Rate (Mbps)

5.5

< 40

5.5

The following example shows how to enable automatic rate selection for rogue containment:
(Cisco Controller) > config rogue containment auto-rate enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

946

OL-31334-01

config Commands

config rogue detection

To enable or disable rogue detection, use the config rogue detection command.

Note

If an AP itself is configured with the keyword all, the all access points case takes precedence over the
AP that is with the keyword all.

config rogue detection {enable | disable} {cisco_ap | all}

Syntax Description

Command Default

Command History

enable

Enables rogue detection on this access point.

disable

Disables rogue detection on this access point.

cisco_ap

Cisco access point.

all

Specifies all access points.

The default rogue detection value is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Rogue detection is enabled by default for all access points joined to the controller except for OfficeExtend
access points. OfficeExtend access points are deployed in a home environment and are likely to detect a large
number of rogue devices.

Examples

The following example shows how to enable rogue detection on the access point Cisco_AP:
(Cisco Controller) > config rogue detection enable Cisco_AP

Related Commands

config rogue rule

config trapflags rogueap
show rogue client detailed
show rogue client summary
show rogue ignore-list

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

947

config Commands

show rogue rule detailed

show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

948

OL-31334-01

config Commands

config rogue detection client-threshold

To configure the rogue client threshold for access points, use the config rogue detection client-threshold
command.
config rogue detection client-threshold value

Syntax Description

Command Default

Command History

Examples

value

Threshold rogue client count on an access point after which a trap is sent from the Cisco
Wireless LAN Controller (WLC). The range is from 1 to 256. Enter 0 to disable the
feature.

The default rogue client threshold is 0.

Release

Modification

7.5

This command was introduced.

The following example shows how to configure the rogue client threshold:
(Cisco Controller) >config rogue detection client-threshold 200

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

949

config Commands

config rogue detection min-rssi

To configure the minimum Received Signal Strength Indicator (RSSI) value at which APs can detect rogues
and create a rogue entry in the controller, use the config rogue detection min-rssi command.
config rogue detection min-rssi rssi-in-dBm

Syntax Description

Command Default

Command History

Usage Guidelines

rssi-in-dBm

Minimum RSSI value. The valid range is from 70

dBm to 128 dBm, and the default value is 128 dBm.

The default RSSI value to detect rogues in APs is -128 dBm.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

This feature is applicable to all the AP modes.

There can be many rogues with very weak RSSI values that do not provide any valuable information in rogue
analysis. Therefore, you can use this option to filter rogues by specifying the minimum RSSI value at which
APs should detect rogues.

Examples

The following example shows how to configure the minimum RSSI value:
(Cisco Controller) > config rogue detection min-rssi 80

Related Commands

config rogue detection

show rogue ap clients
config rogue rule
config trapflags rogueap
show rogue client detailed
show rogue client summary
show rogue ignore-list
show rogue rule detailed
show rogue rule summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

950

OL-31334-01

config Commands

config rogue detection monitor-ap

To configure the rogue report interval for all monitor mode Cisco APs, use the config rogue detection
monitor-ap command.
config rogue detection monitor-ap {report-interval | transient-rogue-interval} time-in-seconds

Syntax Description

report-interval

Specifies the interval at which rogue reports are sent.

transient-rogue-interval

Specifies the interval at which rogues are consistently

scanned for by APs after the first time the rogues are
scanned.

time-in-seconds

Time in seconds. The valid range is as follows:

10 to 300 for report-interval
120 to 1800 for transient-rogue-interval

Command History

Usage Guidelines

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

This feature is applicable to APs that are in monitor mode only.

Using the transient interval values, you can control the time interval at which APs should scan for rogues.
APs can also filter the rogues based on their transient interval values.
This feature has the following advantages:
Rogue reports from APs to the controller are shorter.
Transient rogue entries are avoided in the controller.
Unnecessary memory allocation for transient rogues are avoided.

config Commands

config rogue detection security-level

To configure the rogue detection security level, use the config rogue detection security-level command.
config rogue detection security-level {critical | custom | high | low}

Syntax Description

Command Default

Command History

Examples

critical

Configures the rogue detection security level to critical.

custom

Configures the rogue detection security level to custom, and allows you to configure
the rogue policy parameters.

high

Configures the rogue detection security level to high. This security level configures
basic rogue detection and auto containment for medium-scale or less critical deployments.
The Rogue Location Discovery Protocol (RLDP) is disabled for this security level.

low

Configures the rogue detection security level to low. This security level configures basic
rogue detection for small-scale deployments. Auto containment is not supported for this
security level.

The default rogue detection security level is custom.

Release

Modification

7.5

This command was introduced.

The following example shows how to configure the rogue detection security level to high:
(Cisco Controller) > config rogue detection security-level high

Cisco Wireless LAN Controller Command Reference, Release 8.0

954

OL-31334-01

config Commands

config rogue detection transient-rogue-interval

To configure the rogue-detection transient interval, use the config rogue detection transient-rogue-interval
command.
config rogue detection transient-rogue-interval time

Syntax Description

Command Default

time

Time interval, in seconds, at which a rogue should be consistently scanned by the access
point after the rogue is scanned for the first time. The range is from 120 to 1800.

The default rogue-detection transient interval for each security level is as follows:
Low120 seconds
High300 seconds
Critical600 seconds

Command History

Usage Guidelines

Release

Modification

7.5

This command was introduced.

This feature applies only to the access points that are in the monitor mode.
After the rogue is scanned consistently, updates are sent periodically to the Cisco Wireless LAN Controller
(WLC). The access points filter the active transient rogues for a very short period and are then silent.

Examples

The following example shows how to configure the rogue detection transient interval:
(Cisco Controller) > config rogue detection transient-rogue-interval 200

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

955

config Commands

config rogue rule

To add and configure rogue classification rules, use the config rogue rule command.
config rogue rule {add ap priority priority classify {custom severity-score classification-name | friendly
| malicious} notify {all | global | none | local} state {alert | contain | delete | internal | external} rule_name
| classify {custom severity-score classification-name | friendly | malicious} rule_name | condition ap {set
| delete} condition_type condition_value rule_name | {enable | delete | disable} {all | rule_name} | match
{all | any} | priority priority| notify {all | global | none | local} rule_name |state {alert | contain | internal
| external}rule_name}

Syntax Description

add ap priority

Adds a rule with match any criteria and the priority

that you specify.

priority

Priority of this rule within the list of rules.

classify

Specifies the classification of a rule.

custom

Classifies devices matching the rule as custom.

severity-score

Custom classification severity score of the rule. The

range is from 1 to 100.

classification-name

Custom classification name. The name can be up to

32 case-sensitive, alphanumeric characters.

friendly

Classifies a rule as friendly.

malicious

Classifies a rule as malicious.

notify

Configures type of notification upon rule match.

all

Notifies the controller and a trap receiver such as

Cisco Prime Infrastructure.

global

Notifies only a trap receiver such as Cisco Prime

Infrastructure.

local

Notifies only the controller.

none

Notifies neither the controller nor a trap receiver such

as Cisco Prime Infrastructure.

state

Configures state of the rogue access point after a rule

match.

Cisco Wireless LAN Controller Command Reference, Release 8.0

956

OL-31334-01

config Commands

alert

Configures alert state on the rogue access point that

is not in the neighbor list or in the user configured
friendly MAC list. The controller forwards an
immediate alert to the system administrator for further
action.

contain

Configures contain state on the rogue access point.

Controller contains the offending device so that its
signals no longer interfere with authorized clients.

delete

Configures delete state on the rogue access point.

external

Configures external state on the rogue access point

that is outside the network and poses no threat to
WLAN security. The controller acknowledges the
presence of this rogue access point.

internal

Configures alert state on rogue access point that is

inside the network and poses no threat to WLAN
security. The controller trusts this rogue access point.

rule_name

Rule to which the command applies, or the name of

a new rule.

condition ap

Specifies the conditions for a rule that the rogue access

point must meet.

set

Adds conditions to a rule that the rogue access point

must meet.

delete

Removes conditions to a rule that the rogue access

point must meet.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

957

config Commands

condition_type

Type of the condition to be configured. The condition

types are listed below:
client-countRequires that a minimum number
of clients be associated to a rogue access point.
The valid range is 1 to 10 (inclusive).
durationRequires that a rogue access point be
detected for a minimum period of time. The
valid range is 0 to 3600 seconds (inclusive).
managed-ssidRequires that a rogue access
points SSID be known to the controller.
no-encryptionRequires that a rogue access
points advertised WLAN does not have
encryption enabled.
rssiRequires that a rogue access point have a
minimum RSSI value. The range is from 95 to
50 dBm (inclusive).
ssidRequires that a rogue access point have
a specific SSID.
substring-ssidRequires that a rogue access
point have a substring of a user-configured
SSID.

condition_value

Value of the condition. This value is dependent upon

the condition_type. For instance, if the condition type
is ssid, then the condition value is either the SSID
name or all.

enable

Enables all rules or a single specific rule.

delete

Deletes all rules or a single specific rule.

disable

Deletes all rules or a single specific rule.

match

Specifies whether a detected rogue access point must

meet all or any of the conditions specified by the rule
in order for the rule to be matched and the rogue
access point to adopt the classification type of the
rule.

all

Specifies all rules defined.

any

Specifies any rule meeting certain criteria.

priority

Changes the priority of a specific rule and shifts others

in the list accordingly.

Cisco Wireless LAN Controller Command Reference, Release 8.0

958

OL-31334-01

config Commands

Command Default

Command History

Usage Guidelines

No rogue rules are configured.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

For your changes to be effective, you must enable the rule. You can configure up to 64 rules.
Reclassification of rogue APs according to the RSSI condition of the rogue rule occurs only when the RSSI
changes more than +/- 2 dBm of the configured RSSI value. Manual and automatic classification override
custom rogue rules. Rules are applied to manually changed rogues if their class type changes to unclassified
and state changes to alert. Adhoc rogues are classified and do not go to the pending state. You can have up
to 50 classification types.

Examples

The following example shows how to create a rule called rule_1 with a priority of 1 and a classification as
friendly.
(Cisco Controller) > config rogue rule add ap priority 1 classify friendly rule_1

The following example shows how to enable rule_1.

(Cisco Controller) > config rogue rule enable rule_1

The following example shows how to change the priority of the last command.
(Cisco Controller) > config rogue rule priority 2 rule_1

The following example shows how to change the classification of the last command.
(Cisco Controller) > config rogue rule classify malicious rule_1

The following example shows how to disable the last command.

(Cisco Controller) > config rogue rule disable rule_1

The following example shows how to delete SSID_2 from the user-configured SSID list in rule-5.
(Cisco Controller) > config rogue rule condition ap delete ssid ssid_2 rule-5

The following example shows how to create a custom rogue rule.

(Cisco Controller) > config rogue rule classify custom 1 VeryMalicious rule6

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

959

config Commands

config rogue rule condition ap

To configure a condition of a rogue rule for rogue access points, use the config rogue rule condition ap
command.
config rogue rule condition ap {set {client-count count | duration time | managed-ssid | no-encryption |
rssi rssi | ssid ssid | substring-ssid substring-ssid} | delete {all | client-count | duration | managed-ssid |
no-encryption | rssi | ssid | substring-ssid} rule_name

Syntax Description

set

Configures conditions to a rule that the rogue access point must meet.

client-count

Enables a minimum number of clients to be associated to the rogue access point.

count

Minimum number of clients to be associated to the rogue access point. The range
is from 1 to 10 (inclusive). For example, if the number of clients associated to a
rogue access point is greater than or equal to the configured value, the access point
is classified as malicious.

duration

Enables a rogue access point to be detected for a minimum period of time.

time

Minimum time period, in seconds, to detect the rogue access point. The range is
from 0 to 3600.

managed-ssid

Enables a rogue access points SSID to be known to the controller.

no-encryption

Enables a rogue access points advertised WLAN to not have encryption enabled.
If a rogue access point has encryption disabled, it is likely that more clients will
try to associate to it.

rssi

Enables a rogue access point to have a minimum Received Signal Strength Indicator
(RSSI) value.

rssi

Minimum RSSI value, in dBm, required for the access point. The range is from
95 to 50 (inclusive). For example, if the rogue access point has an RSSI that is
greater than the configured value, the access point is classified as malicious.

ssid

Enables a rogue access point have a specific SSID.

ssid

SSID of the rogue access point.

substring-ssid

Enables a rogue access point to have a substring of a user-configured SSID.

substring-ssid

Substring of a user-configured SSID. For example, if you have an SSID as ABCDE,

you can specify the substring as ABCD or ABC. You can classify multiple SSIDs
with matching patterns.

delete

Removes the conditions to a rule that a rogue access point must comply with.

all

Deletes all the rogue rule conditions.

Cisco Wireless LAN Controller Command Reference, Release 8.0

960

OL-31334-01

config Commands

rule_name

Command Default

Rogue rule to which the command applies.

The default value for RSSI is 0 dBm.

The default value for duration is 0 seconds.
The default value for client count is 0.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

You can configure up to 25 SSIDs per rogue rule. You can configure up to 25 SSID substrings per rogue rule.

Examples

The following example shows how to configure the RSSI rogue rule condition:
(Cisco Controller) > config rogue rule condition ap set rssi 50

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

961

config Commands

config switchconfig fips-prerequisite

To configure Federal Information Processing Standard (FIPS) on the controller, use the config switchconfig
wlancc command.
config switchconfig fips-prerequisite {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables FIPS on the controller.

disable

Disables FIPS on the controller.

None

Release

Modification

8.0

This command was introduced.

The following example shows how to enable FIPS on the controller:

(Cisco Controller) > config switchconfig fips-prerequisite enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

962

OL-31334-01

config Commands

config switchconfig ucapl

To configure US Department of Defense (DoD) Unified Capabilities Approved Product List (APL) certification
on the controller, use the config switchconfig wlancc command.
config switchconfig ucapl {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables UCAPL on the controller.

disable

Disables UCAPL on the controller.

None

Release

Modification

8.0

This command was introduced.

The following example shows how to enable UCAPL on the controller:

(Cisco Controller) > config switchconfig ucapl enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

963

config Commands

config switchconfig wlancc

To configure WLAN Common Criteria (CC) on the controller, use the config switchconfig wlancc command.
config switchconfig wlancc {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables WLAN CC on the controller.

disable

Disables WLAN CC on the controller.

None

Release

Modification

8.0

This command was introduced.

The following example shows how to enable WLAN CC on the controller:

(Cisco Controller) > config switchconfig wlancc enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

964

OL-31334-01

config Commands

config tacacs acct

To configure TACACS+ accounting server settings, use the config tacacs acct command.
config tacacs acct {add1-3 IP addr port ascii/hex secret | delete 1-3 | disable 1-3 | enable 1-3 |
server-timeout 1-3 seconds}

Syntax Description

Command Default

Command History

add

Adds a new TACACS+ accounting server.

1-3

Specifies TACACS+ accounting server index from 1

to 3.

IP addr

Specifies IPv4 or IPv6 address of the TACACS+

accounting server.

port

Specifies TACACS+ Server's TCP port.

ascii/hex

Specifies type of TACACS+ server's secret being used

(ASCII or HEX).

secret

Specifies secret key in ASCII or hexadecimal

characters.

delete

Deletes a TACACS+ server.

disable

Disables a TACACS+ server.

enable

Enables a TACACS+ server.

server-timeout

Changes the default server timeout for the TACACS+

server.

seconds

Specifies the number of seconds before the TACACS+

server times out. The server timeout range is from 5
to 30 seconds.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

965

config Commands

Examples

The following example shows how to add a new TACACS+ accounting server index 1 with the IPv4 address
10.0.0.0, port number 49, and secret key 12345678 in ASCII:
(Cisco Controller) > config tacacs acct add 1 10.0.0.0 10 ascii 12345678

The following example shows how to add a new TACACS+ accounting server index 1 with the IPv6 address
2001:9:6:40::623, port number 49, and secret key 12345678 in ASCII:
(Cisco Controller) > config tacacs acct add 1

2001:9:6:40::623 10 ascii 12345678

The following example shows how to configure the server timeout of 5 seconds for the TACACS+ accounting
server:
(Cisco Controller) > config tacacs acct server-timeout 1 5

Cisco Wireless LAN Controller Command Reference, Release 8.0

966

OL-31334-01

config Commands

config tacacs athr

To configure TACACS+ authorization server settings, use the config tacacs athr command.
config tacacs athr {add1-3 IP addr port ascii/hex secret | delete 1-3 | disable 1-3 | enable 1-3 |
mgmt-server-timeout 1-3 seconds | server-timeout 1-3 seconds}

Syntax Description

Command Default

Command History

add

Adds a new TACACS+ authorization server (IPv4 or

IPv6).

1-3

TACACS+ server index from 1 to 3.

IP addr

TACACS+ authorization server IP address (IPv4 or

IPv6).

port

TACACS+ server TCP port.

ascii/hex

Type of secret key being used (ASCII or HEX).

secret

Secret key in ASCII or hexadecimal characters.

delete

Deletes a TACACS+ server.

disable

Disables a TACACS+ server.

enable

Enables a TACACS+ server.

mgmt-server-timeout 1-3seconds

Changes the default management login server timeout

for the server. The number of seconds before server
times out is from 1 to 30 seconds.

server-timeout 1-3 seconds

Changes the default network login server timeout for

the server. The number of seconds before server times
out is from 5 to 30 seconds.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

967

config Commands

Examples

The following example shows how to add a new TACACS+ authorization server index 1 with the IPv4 address
10.0.0.0, port number 49, and secret key 12345678 in ASCII:
(Cisco Controller) > config tacacs athr add 1 10.0.0.0 49 ascii 12345678

The following example shows how to add a new TACACS+ authorization server index 1 with the IPv6 address
2001:9:6:40::623, port number 49, and secret key 12345678 in ASCII:
(Cisco Controller) > config tacacs athr add 1 2001:9:6:40::623 49 ascii 12345678

The following example shows how to configure the retransmit timeout of 5 seconds for the TACACS+
authorization server:
(Cisco Controller) > config tacacs athr server-timeout 1 5

Cisco Wireless LAN Controller Command Reference, Release 8.0

968

OL-31334-01

config Commands

config tacacs athr mgmt-server-timeout

To configure a default TACACS+ authorization server timeout for management users, use the config tacacs
athr mgmt-server-timeout command.
config tacacs athr mgmt-server-timeout index timeout

Syntax Description

Command Default

Command History

Examples

index

TACACS+ authorization server index.

timeout

Timeout value. The range is 1 to 30 seconds.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a default TACACS+ authorization server timeout for
management users:
(Cisco Controller) > config tacacs athr mgmt-server-timeout 1 10

Related Commands

config tacacs athr

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

969

config Commands

config tacacs auth

To configure TACACS+ authentication server settings, use the config tacacs auth command.
config tacacs auth{ add1-3 IP addr port ascii/hex secret | delete 1-3 | disable 1-3 | enable 1-3 |
mgmt-server-timeout 1-3 seconds | server-timeout 1-3seconds}

Syntax Description

Command Default

Command History

add

Adds a new TACACS+ accounting server.

1-3

TACACS+ accounting server index from 1 to 3.

IP addr

IP address for the TACACS+ accounting server.

port

Controller port used for the TACACS+ accounting

server.

ascii/hex

Type of secret key being used (ASCII or HEX).

secret

Secret key in ASCII or hexadecimal characters.

delete

Deletes a TACACS+ server.

disable

Disables a TACACS+ server.

enable

Enables a TACACS+ server.

mgmt-server-timeout 1-3 seconds

Changes the default management login server timeout

for the server. The number of seconds before server
times out is from 1 to 30 seconds.

server-timeout 1-3 seconds

Changes the default network login server timeout for

the server. The number of seconds before server times
out is from 5 to 30 seconds.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

Cisco Wireless LAN Controller Command Reference, Release 8.0

970

OL-31334-01

config Commands

Examples

The following example shows how to add a new TACACS+ authentication server index 1 with the IPv4
address 10.0.0.3, port number 49, and secret key 12345678 in ASCII:
(Cisco Controller) > config tacacs auth add 1 10.0.0.3 49 ascii 12345678

The following example shows how to add a new TACACS+ authentication server index 1 with the IPv6
address 2001:9:6:40::623, port number 49, and secret key 12345678 in ASCII:
(Cisco Controller) > config tacacs auth add 1 2001:9:6:40::623 49 ascii 12345678

The following example shows how to configure the server timeout for TACACS+ authentication server:
(Cisco Controller) > config tacacs auth server-timeout 1 5

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

971

config Commands

config tacacs auth mgmt-server-timeout

To configure a default TACACS+ authentication server timeout for management users, use the config tacacs
auth mgmt-server-timeout command.
config tacacs auth mgmt-server-timeout index timeout

Syntax Description

Command Default

Command History

Examples

index

TACACS+ authentication server index.

timeout

Timeout value. The range is 1 to 30 seconds.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a default TACACS+ authentication server timeout for
management users:
(Cisco Controller) > config tacacs auth mgmt-server-timeout 1 10

Related Commands

config tacacs auth

Cisco Wireless LAN Controller Command Reference, Release 8.0

972

OL-31334-01

config Commands

config tacacs dns

To retrieve the TACACS IP information from a DNS server, use the config radius dns command.
config radius dns {global port {ascii | hex} secret | query url timeout | serverip ip_address | disable |
enable}

Syntax Description

Command Default

Command History

global

Configures the global port and secret to retrieve the TACACS IP information
from a DNS server.

port

Port number for authentication. The range is from 1 to 65535. All the DNS servers
should use the same authentication port.

ascii

Format of the shared secret that you should set to ASCII.

hex

Format of the shared secret that you should set to hexadecimal.

secret

TACACS server login secret.

query

Configures the fully qualified domain name (FQDN) of the TACACS server and
DNS timeout.

url

FQDN of the TACACS server. The FQDN can be up to 63 case-sensitive,

alphanumeric characters.

timeout

Maximum time that the Cisco Wireless LAN Controller (WLC) waits for, in
days, before timing out a request and resending it. The range is from 1 to 180.

serverip

Configures the DNS server IP address.

ip_address

DNS server IP address.

disable

Disables the TACACS DNS feature. The default is disabled.

enable

Enables the Cisco WLC to retrieve the TACACS IP information from a DNS
server.

You cannot retrieve the TACACS IP information from a DNS server.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

973

config Commands

Usage Guidelines

The accounting port is derived from the authentication port. All the DNS servers should use the same secret.
When you enable a DNS query, the static configurations will be overridden. The DNS list overrides the static
AAA list.

Examples

The following example shows how to enable the TACACS DNS feature on the Cisco WLC:
(Cisco Controller) > config tacacs dns enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

974

OL-31334-01

config Commands

config wlan radius_server realm

To configure realm on a WLAN, use the config wlan radius_server realm command.
config wlan radius_serverrealm{enable | disable} wlan-id

Syntax Description

Command Default

Command History

Examples

radius_server

Radius server index. The range is from 1 to 17.

enable

Enable realm on a WLAN.

disable

Disable realm on a WLAN.

wlan-id

WLAN ID. The range is from 1 to 512.

None

Release

Modification

8.0

This command was introduced.

The following example shows how to enable realm on a WLAN:

(Cisco Controller) > config wlan 2 realm enable 50

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

975

config Commands

config wlan security eap-params

To configure local EAP timers on a WLAN, use the config wlan security eap-params command.
config wlan security eap-params{ {enable| disbale} | eapol-key-timeouttimeout| eap-key-retries retries
| identity-request-timeout timeout | identity-request-retries retries | request-timeout timeout | request-retries
retries}wlan_id

Syntax Description

{enable |disable }

Specifies to enable or disable SSID specific EAP

timeouts or retries. The default value is disabled.

eapol-key-timeout timeout

Specifies the amount of time (200 to 5000

milliseconds) that the controller attempts to send an
EAP key over the WLAN to wireless clients using
local EAP. The valid range is 200 to 5000
milliseconds.
The default value is 1000 milliseconds.

eapol-key-retries retries

Specifies the maximum number of times (0 to 4

retries) that the controller attempts to send an EAP
key over the WLAN to wireless clients using local
EAP.
The default value is 2.

identity-request- timeout timeout

Specifies the amount of time (1 to 120 seconds) that

the controller attempts to send an EAP identity request
to wireless clients within WLAN using local EAP.
The default value is 30 seconds.

identity-request-retries retries

Specifies the maximum number of times (0 to 4

retries) that the controller attempts to retransmit the
EAP identity request to wireless clients within WLAN
using local EAP.
The default value is 2.

request-timeout

Specifies the amount of time (1 to 120 seconds) in

which the controller attempts to send an EAP
parameter request to wireless clients within WLAN
using local EAP.
The default value is 30 seconds.

request-retriesretries

Specifies the maximum number of times (0 to 20

retries) that the controller attempts to retransmit the
EAP parameter request to wireless clients within
WLAN using local EAP.
The default value is 2.

Cisco Wireless LAN Controller Command Reference, Release 8.0

976

OL-31334-01

config Commands

wlan-id

Command Default

WLAN identification number.

The default EAPOL key timeout is 1000 milliseconds.

The default for EAPOL key retries is 2.
The default identity request timeout is 30 seconds.
The default identity request retries is 2.
The default request timeout is 30 seconds.
The default request retries is 2.

Command History

Examples

Release

Modification

7.6

This command was introduced.

The following example shows how to enable SSID specific EAP parameters on a WLAN:
(Cisco Controller) > config wlan security eap-params enable 4

The following example shows how to set EAPOL key timeout parameter on a WLAN:
(Cisco Controller) > config wlan security eap-params eapol-key-retries 4

The following example shows how to set EAPOL key retries on a WLAN:
(Cisco Controller) > config wlan security eap-params eapol-key-retries 4

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

977

config Commands

config wps ap-authentication

To configure access point neighbor authentication, use the config wps ap-authentication command.
config wps ap-authentication [enable | disable threshold threshold_value]

Syntax Description

Command Default

Command History

Examples

enable

(Optional) Enables WMM on the wireless LAN.

disable

(Optional) Disables WMM on the wireless LAN.

threshold

(Optional) Specifies that WMM-enabled clients are

on the wireless LAN.

threshold_value

Threshold value (1 to 255).

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the access point neighbor authentication:
(Cisco Controller) > config wps ap-authentication threshold 25

Related Commands

show wps ap-authentication summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

978

OL-31334-01

config Commands

config wps auto-immune

To enable or disable protection from Denial of Service (DoS) attacks, use the config wps auto-immune
command.
config wps auto-immune {enable | disable | stop}

Syntax Description

enable

Enables the auto-immune feature.

disable

Disables the auto-immune feature.

stop

Stops dynamic auto-immune feature.

Command Default

Disabled

Command History

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

A potential attacker can use specially crafted packets to mislead the Intrusion Detection System (IDS) into
treating a legitimate client as an attacker. It causes the controller to disconnect this legitimate client and launch
a DoS attack. The auto-immune feature, when enabled, is designed to protect against such attacks. However,
conversations using Cisco 792x phones might be interrupted intermittently when the auto-immune feature is
enabled. If you experience frequent disruptions when using 792x phones, you might want to disable this
feature.

Examples

The following example shows how to configure the auto-immune mode:

(Cisco Controller) > config wps auto-immune enable

The following example shows how to stop the auto-immune mode:

(Cisco Controller) > config wps auto-immune stop
Dynamic Auto Immune by WIPS is stopped

Related Commands

show wps summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

979

config Commands

config wps cids-sensor

To configure Intrusion Detection System (IDS) sensors for the Wireless Protection System (WPS), use the
config wps cids-sensor command.
config wps cids-sensor { [add index ip_address username password] | [delete index] | [enable index] |
[disable index] | [port index port] | [interval index query_interval] | [fingerprint sha1 fingerprint] }

Syntax Description

Command Default

add

(Optional) Configures a new IDS sensor.

index

IDS sensor internal index.

ip_address

IDS sensor IP address.

username

IDS sensor username.

password

IDS sensor password.

delete

(Optional) Deletes an IDS sensor.

enable

(Optional) Enables an IDS sensor.

disable

(Optional) Disables an IDS sensor.

port

(Optional) Configures the IDS sensors port number.

port

Port number.

interval

(Optional) Specifies the IDS sensors query interval.

query_interval

Query interval setting.

fingerprint

(Optional) Specifies the IDS sensors TLS fingerprint.

sha1

(Optional) Specifies the TLS fingerprint.

fingerprint

TLS fingerprint.

Command defaults are listed below as follows:

Port

443

Query interval

Certification fingerprint

00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Query state

Disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

980

OL-31334-01

config Commands

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the intrusion detection system with the IDS index 1, IDS
sensor IP address 10.0.0.51, IDS username Sensor_user0doc1, and IDS password passowrd01:
(Cisco Controller) > config wps cids-sensor add 1 10.0.0.51 Sensor_user0doc1 password01

Related Commands

show wps cids-sensor detail

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

981

config Commands

config wps client-exclusion

To configure client exclusion policies, use the config wps client-exclusion command.
config wps client-exclusion {802.11-assoc | 802.11-auth | 802.11x-auth | ip-theft | web-auth | all} {enable
| disable}

Syntax Description

Command Default

Command History

Examples

802.11-assoc

Specifies that the controller excludes clients on the

sixth 802.11 association attempt, after five consecutive
failures.

802.11-auth

Specifies that the controller excludes clients on the

sixth 802.11 authentication attempt, after five
consecutive failures.

802.1x-auth

Specifies that the controller excludes clients on the

sixth 802.11X authentication attempt, after five
consecutive failures.

ip-theft

Specifies that the control excludes clients if the IP

address is already assigned to another device.

web-auth

Specifies that the controller excludes clients on the

fourth web authentication attempt, after three
consecutive failures.

all

Specifies that the controller excludes clients for all of

the above reasons.

enable

Enables client exclusion policies.

disable

Disables client exclusion policies.

All policies are enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to disable clients on the 802.11 association attempt after five consecutive
failures:
(Cisco Controller) > config wps client-exclusion 802.11-assoc disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

982

OL-31334-01

config Commands

Related Commands

show wps summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

983

config Commands

config wps mfp

To configure Management Frame Protection (MFP), use the config wps mfp command.
config wps mfp {infrastructure| ap-impersonation} {enable | disable}

Syntax Description

Command Default

Command History

Examples

infrastructure

Configures the MFP infrastructure.

ap-impersonation

Configures ap impersonation detection by MFP.

enable

Enables the MFP feature.

disable

Disables the MFP feature.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the infrastructure MFP:

(Cisco Controller) > config wps mfp infrastructure enable

Related Commands

show wps mfp

Cisco Wireless LAN Controller Command Reference, Release 8.0

984

OL-31334-01

config Commands

config wps shun-list re-sync

To force the controller to synchronization with other controllers in the mobility group for the shun list, use
the config wps shun-list re-sync command.
config wps shun-list re-sync

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the controller to synchronize with other controllers for the
shun list:
(Cisco Controller) > config wps shun-list re-sync

Related Commands

show wps shun-list

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

985

config Commands

config wps signature

To enable or disable Intrusion Detection System (IDS) signature processing, or to enable or disable a specific
IDS signature, use the config wps signature command.
config wps signature {standard | custom} state signature_id {enable | disable}

Syntax Description

Command Default

Command History

standard

Configures a standard IDS signature.

custom

Configures a standard IDS signature.

state

Specifies the state of the IDS signature.

signature_id

Identifier for the signature to be enabled or disabled.

enable

Enables the IDS signature processing or a specific

IDS signature.

disable

Disables IDS signature processing or a specific IDS

signature.

IDS signature processing is enabled by default.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

If IDS signature processing is disabled, all signatures are disabled, regardless of the state configured for
individual signatures.

Examples

The following example shows how to enable IDS signature processing, which enables the processing of all
IDS signatures:
(Cisco Controller) >config wps signature enable

The following example shows how to disable a standard individual IDS signature:
(Cisco Controller) > config wps signature standard state 15 disable

Related Commands

config wps signature frequency

config wps signature interval

Cisco Wireless LAN Controller Command Reference, Release 8.0

986

OL-31334-01

config Commands

config wps signature mac-frequency

config wps signature quiet-time
config wps signature reset
show wps signature events
show wps signature summary
show wps summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

987

config Commands

config wps signature frequency

To specify the number of matching packets per interval that must be identified at the individual access point
level before an attack is detected, use the config wps signature frequency command.
config wps signature frequency signature_id frequency

Syntax Description

Command Default

Command History

signature_id

Identifier for the signature to be configured.

frequency

Number of matching packets per interval that must

be at the individual access point level before an attack
is detected. The range is 1 to 32,000 packets per
interval.

The frequency default value varies per signature.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

If IDS signature processing is disabled, all signatures are disabled, regardless of the state configured for
individual signatures.

Examples

The following example shows how to set the number of matching packets per interval per access point before
an attack is detected to 1800 for signature ID 4:
(Cisco Controller) > config wps signature frequency 4 1800

Related Commands

config wps signature frequency

config wps signature interval
config wps signature quiet-time
config wps signature reset
show wps signature events
show wps signature summary
show wps summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

988

OL-31334-01

config Commands

config wps signature interval

To specify the number of seconds that must elapse before the signature frequency threshold is reached within
the configured interval, use the config wps signature interval command.
config wps signature interval signature_id interval

Syntax Description

Command Default

Command History

signature_id

Identifier for the signature to be configured.

interval

Number of seconds that must elapse before the

signature frequency threshold is reached. The range
is 1 to 3,600 seconds.

The default value of interval varies per signature.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

If IDS signature processing is disabled, all signatures are disabled, regardless of the state configured for
individual signatures.

Examples

The following example shows how to set the number of seconds to elapse before reaching the signature
frequency threshold to 200 for signature ID 1:
(Cisco Controller) > config wps signature interval 1 200

Related Commands

config wps signature frequency

config wps signature
config wps signature mac-frequency
config wps signature quiet-time
config wps signature reset
show wps signature events
show wps signature summary
show wps summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

989

config Commands

config wps signature mac-frequency

To specify the number of matching packets per interval that must be identified per client per access point
before an attack is detected, use the config wps signature mac-frequency command.
config wps signature mac-frequency signature_id mac_frequency

Syntax Description

Command Default

Command History

signature_id

Identifier for the signature to be configured.

mac_frequency

Number of matching packets per interval that must

be identified per client per access point before an
attack is detected. The range is 1 to 32,000 packets
per interval.

The mac_frequency default value varies per signature.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

If IDS signature processing is disabled, all signatures are disabled, regardless of the state configured for
individual signatures.

Examples

The following example shows how to set the number of matching packets per interval per client before an
attack is detected to 50 for signature ID 3:
(Cisco Controller) > config wps signature mac-frequency 3 50

Related Commands

config wps signature frequency

config wps signature interval
config wps signature
config wps signature quiet-time
config wps signature reset
show wps signature events
show wps signature summary
show wps summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

990

OL-31334-01

config Commands

config wps signature quiet-time

To specify the length of time after which no attacks have been detected at the individual access point level
and the alarm can stop, use the config wps signature quiet-time command.
config wps signature quiet-time signature_id quiet_time

Syntax Description

Command Default

Command History

signature_id

Identifier for the signature to be configured.

quiet_time

Length of time after which no attacks have been

detected at the individual access point level and the
alarm can stop. The range is 60 to 32,000 seconds.

The default value of quiet_time varies per signature.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

If IDS signature processing is disabled, all signatures are disabled, regardless of the state configured for
individual signatures.

Examples

The following example shows how to set the number of seconds after which no attacks have been detected
per access point to 60 for signature ID 1:
(Cisco Controller) > config wps signature quiet-time 1 60

Related Commands

config wps signature

config wps signature frequency
config wps signature interval
config wps signature mac-frequency
config wps signature reset
show wps signature events
show wps signature summary
show wps summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

991

config Commands

config wps signature reset

To reset a specific Intrusion Detection System (IDS) signature or all IDS signatures to default values, use the
config wps signature reset command.
config wps signature reset {signature_id | all}

Syntax Description

Command Default

Command History

signature_id

Identifier for the specific IDS signature to be reset.

all

Resets all IDS signatures.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

If IDS signature processing is disabled, all signatures are disabled, regardless of the state configured for
individual signatures.

Examples

The following example shows how to reset the IDS signature 1 to default values:
(Cisco Controller) > config wps signature reset 1

Related Commands

config wps signature

config wps signature frequency
config wps signature interval
config wps signature mac-frequency
config wps signature quiet-time
show wps signature events
show wps signature summary
show wps summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

992

OL-31334-01

clear Commands

clear Commands
This section lists the clear commands to clear existing security configurations of the controller.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

993

clear Commands

clear acl counters

To clear the current counters for an access control list (ACL), use the clear acl counters command.
clear acl counters acl_name

Syntax Description

Command Default

Command History

acl_name

ACL name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines
Note

Examples

ACL counters are available only on the following controllers: Cisco 4400 Series Controller, Cisco WiSM,
and Catalyst 3750G Integrated Wireless LAN Controller Switch.

The following example shows how to clear the current counters for acl1:
(Cisco Controller) > clear acl counters acl1

Related Commands

config acl counter

show acl

Cisco Wireless LAN Controller Command Reference, Release 8.0

994

OL-31334-01

clear Commands

clear radius acct statistics

To clear the RADIUS accounting statistics on the controller, use the clear radius acc statistics command.
clear radius acct statistics [index | all]

Syntax Description

Command Default

Command History

Examples

index

(Optional) Specifies the index of the RADIUS

accounting server.

all

(Optional) Specifies all RADIUS accounting servers.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear the RADIUS accounting statistics:
(Cisco Controller) > clear radius acc statistics

Related Commands

show radius acct statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

995

clear Commands

clear tacacs auth statistics

To clear the RADIUS authentication server statistics in the controller, use the clear tacacs auth statistics
command.
clear tacacs auth statistics [index | all]

Syntax Description

Command Default

Command History

Examples

index

(Optional) Specifies the index of the RADIUS

authentication server.

all

(Optional) Specifies all RADIUS authentication

servers.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear the RADIUS authentication server statistics:
(Cisco Controller) > clear tacacs auth statistics

Related Commands

show tacacs auth statistics

show tacacs summary
config tacacs auth

Cisco Wireless LAN Controller Command Reference, Release 8.0

996

OL-31334-01

clear Commands

clear stats local-auth

To clear the local Extensible Authentication Protocol (EAP) statistics, use the clear stats local-auth command.
clear stats local-auth

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear the local EAP statistics:
(Cisco Controller) > clear stats local-auth
Local EAP Authentication Stats Cleared.

Related Commands

config local-auth active-timeout

config local-auth eap-profile
config local-auth method fast
config local-auth user-credentials
debug aaa local-auth
show local-auth certificates
show local-auth config
show local-auth statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

997

clear Commands

clear stats radius

To clear the statistics for one or more RADIUS servers, use the clear stats radius command.
clear stats radius {auth | acct} {index | all}

Syntax Description

Command Default

Command History

Examples

auth

Clears statistics regarding authentication.

acct

Clears statistics regarding accounting.

index

Specifies the index number of the RADIUS server to

be cleared.

all

Clears statistics for all RADIUS servers.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear the statistics for all RADIUS authentication servers:
(Cisco Controller) > clear stats radius auth all

Related Commands

Cisco Wireless LAN Controller Command Reference, Release 8.0

998

OL-31334-01

clear Commands

clear stats port

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

999

clear Commands

clear stats tacacs

To clear the TACACS+ server statistics on the controller, use the clear stats tacacs command.
clear stats tacacs [auth | athr | acct] [index | all]

Syntax Description

Command Default

Command History

Examples

auth

(Optional) Clears the TACACS+ authentication server

statistics.

athr

(Optional) Clears the TACACS+ authorization server

statistics.

acct

(Optional) Clears the TACACS+ accounting server

statistics.

index

(Optional) Specifies index of the TACACS+ server.

all

(Optional) Specifies all TACACS+ servers.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear the TACACS+ accounting server statistics for index 1:
(Cisco Controller) > clear stats tacacs acct 1

Related Commands

show tacacs summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

1000

OL-31334-01

debug Commands

debug Commands
This section lists the debug commands to manage debugging of security settings of the controller.

Caution

Debug commands are reserved for use only under the direction of Cisco personnel. Do not use these
commands without direction from Cisco-certified staff.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1001

debug Commands

debug 11w-pmf
To configure the debugging of 802.11w, use the debug 11w-pmf command.
debug 11w-pmf {all | events| keys} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures the debugging of all 802.11w messages.

keys

Configures the debugging of 802.11w keys.

events

Configures the debugging of 802.11w events.

enable

Enables the debugging of 802.1w options.

disable

Disables the debugging of 802.1w options.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of 802.11w keys:
(Cisco Controller) >debug 11w-pmf keys enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1002

OL-31334-01

debug Commands

debug aaa
To configure the debugging of AAA settings, use the debug aaa command.
debug aaa {[all | detail | events | packet | ldap | local-auth | tacacs] [enable | disable]}

Syntax Description

Command Default

Command History

Examples

all

(Optional) Configures the debugging of all AAA

messages.

detail

(Optional) Configures the debugging of AAA errors.

events

(Optional) Configures the debugging of AAA events.

packet

(Optional) Configures the debugging of AAA packets.

ldap

(Optional) Configures the debugging of the AAA

Lightweight Directory Access Protocol (LDAP)
events.

local-auth

(Optional) Configures the debugging of the AAA

local Extensible Authentication Protocol (EAP)
events.

tacacs

(Optional) Configures the debugging of the AAA

TACACS+ events.

enable

(Optional) Enables the debugging.

disable

(Optional) Disables the debugging.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the debugging of AAA LDAP events:
(Cisco Controller) > debug aaa ldap enable

Related Commands

debug aaa local-auth eap

show running-config

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1003

debug Commands

debug aaa events

To configure the debugging related to DNS-based ACLs, use the debug aaa events enable command.
debug aaa events enable

Syntax Description

events

Command History

Release

Modification

7.6

This command is introduced.

Examples

Configures the debugging of DNS-based ACLs.

The following example shows how to enable the debugging for DNS-based ACLs:
(Cisco Controller) > debug aaa events enble

Cisco Wireless LAN Controller Command Reference, Release 8.0

1004

OL-31334-01

debug Commands

debug aaa local-auth

To configure the debugging of AAA local authentication on the Cisco WLC, use the debug aaa local-auth
command.
debug aaa local-auth {db | shim | eap {framework | method} {all | errors | events | packets | sm}} {enable
| disable}

Syntax Description

Command Default

Command History

Configures the debugging of the AAA local

authentication back-end messages and events.

shim

Configures the debugging of the AAA local

authentication shim layer events.

eap

Configures the debugging of the AAA local Extensible

Authentication Protocol (EAP) authentication.

framework

Configures the debugging of the local EAP

framework.

method

Configures the debugging of local EAP methods.

all

Configures the debugging of local EAP messages.

errors

Configures the debugging of local EAP errors.

events

Configures the debugging of local EAP events.

packets

Configures the debugging of local EAP packets.

Configures the debugging of the local EAP state

machine.

enable

Starts the debugging.

disable

Stops the debugging.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1005

debug Commands

Examples

The following example shows how to enable the debugging of the AAA local EAP authentication:
(Cisco Controller) > debug aaa local-auth eap method all enable

Related Commands

clear stats local-auth

config local-auth active-timeout
config local-auth eap-profile
config local-auth method fast
config local-auth user-credentials
show local-auth certificates
show local-auth config
show local-auth statistics

Cisco Wireless LAN Controller Command Reference, Release 8.0

1006

OL-31334-01

debug Commands

debug bcast
To configure the debugging of broadcast options, use the debug bcast command.
debug bcast {all | error | message | igmp | detail} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures the debugging of all broadcast logs.

error

Configures the debugging of broadcast errors.

message

Configures the debugging of broadcast messages.

igmp

Configures the debugging of broadcast IGMP

messages.

detail

Configures the debugging of broadcast detailed

messages.

enable

Enables the broadcast debugging.

disable

Disables the broadcast debugging.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the debugging of broadcast messages:
(Cisco Controller) > debug bcast message enable

The following example shows how to disable the debugging of broadcast mesages:
(Cisco Controller) > debug bcast message disable

Related Commands

debug disable-all
show sysinfo

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1007

debug Commands

debug cckm
To configure the debugging of the Cisco Centralized Key Management options, use the debug cckm
debug cckm {client | detailed} {enable| disable}

Syntax Description

Command Default

Command History

Examples

client

Configures debugging of the Cisco Centralized Key Management of clients.

detailed

Configures detailed debugging of Cisco Centralized Key Management.

enable

Enables debugging of Cisco Centralized Key Management.

disable

Disables debugging of Cisco Centralized Key Management.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable detailed debugging of Cisco Centralized Key Management:
(Cisco Controller) > debug cckm detailed enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1008

OL-31334-01

debug Commands

debug client
To configure the debugging for a specific client, use the debug client command.
debug client mac_address

Syntax Description

mac_address

MAC address of the client.

Command Default

None

Usage Guidelines

After entering the debug client mac_address command, if you enter the debug aaa events enable command,
then the AAA events logs are displayed for that particular client MAC address.

Command History

Examples

Release

Modification

7.6

This command was introduced.

The following example shows how to debug a specific client:

(Cisco Controller) > debug client 01:35:6x:yy:21:00

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1009

debug Commands

debug cts sxp

To configure debugging of Cisco TrustSec (CTS) Security Group Tag (SGT) Exchange Protocol (SXP)
options, use the debug cts sxp command.
debug cts sxp {all | errors | events | framework | message} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures debugging of all the CTS SXP options.

errors

Configures debugging of the CTS SXP errors.

events

Configures debugging of the CTS SXP events.

framework

Configures debugging of the CTS SXP framework.

message

Configures debugging of the CTS SXP messages.

enable

Enables debugging of the CTS SXP options.

disable

Disables debugging of the CTS SXP options.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable CTS SXP event debugging:
(Cisco Controller) > debug cts sxp

Cisco Wireless LAN Controller Command Reference, Release 8.0

1010

OL-31334-01

debug Commands

debug dns
To configure debugging of Domain Name System (DNS) options, use the debug dns command.
debug dns {all | detail | error | message} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures debugging of all the DNS options.

detail

Configures debugging of the DNS details.

error

Configures debugging of the DNS errors.

message

Configures debugging of the DNS messages.

enable

Enables debugging of the DNS options.

disable

Disables debugging of the DNS options.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable DNS error debugging:

(Cisco Controller) > debug dns error enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1011

debug Commands

debug dot1x
To configure debugging of the 802.1X options, use the debug dot1x command.
debug dot1x {aaa | all | events | packets | states} {enable | disable}

Syntax Description

Command Default

Command History

Examples

aaa

Configures debugging of the 802.1X AAA interactions.

all

Configures debugging of all the 802.1X messages.

events

Configures debugging of the 802.1X events.

packets

Configures debugging of the 802.1X packets.

states

Configures debugging of the 802.1X state transitions.

enable

Enables debugging of the 802.1X options.

disable

Disables debugging of the 802.1X options.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable 802.1X state transitions debugging:
(Cisco Controller) > debug dot1x states enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1012

OL-31334-01

debug Commands

debug dtls
To configure debugging of the Datagram Transport Layer Security (DTLS) options, use the debug dtls
command.
debug dtls {all | event | packet | trace} {enable | disable}

Syntax Description

Command Default

Command History

all

Configures debugging of all the DTLS messages.

event

Configures debugging of the DTLS events.

packet

Configures debugging of the DTLS packets.

trace

Configures debugging of the DTLS trace messages.

enable

Enables debugging of the DTLS options.

disable

Disables debugging of the DTLS options.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

The debug actions described here are used in conjunction with CAPWAP troubleshooting.

Examples

The following example shows how to enable DTLS packet debugging:

(Cisco Controller) > debug dtls packet enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1013

debug Commands

debug nac
To configure the debugging of Network Access Control (NAC), use the debug nac command.
debug nac {events | packet} {enable | disable}

Syntax Description

Command Default

Command History

Examples

events

Configures the debugging of NAC events.

packet

Configures the debugging of NAC packets.

enable

Enables the NAC debugging.

disable

Disables the NAC debugging.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the debugging of NAC settings:
(Cisco Controller) > debug nac events enable

Related Commands

show nac statistics

show nac summary
config guest-lan nac
config wlan nac

Cisco Wireless LAN Controller Command Reference, Release 8.0

1014

OL-31334-01

debug Commands

debug policy
To configure debugging of policy settings, use the debug policy command.
debug policy {errors | events} {enable | disable}

Syntax Description

Command Default

Command History

Examples

errors

Configures debugging of policy errors.

events

Configures debugging of policy events.

enable

Enables debugging of policy events.

disable

Disables debugging of policy events.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable debugging of policy errors:

(Cisco Controller) >

debug policy errors enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1015

debug Commands

debug pm
To configure the debugging of the security policy manager module, use the debug pm command.
debug pm {all disable | {config | hwcrypto | ikemsg | init | list | message | pki | rng | rules | sa-export |
sa-import | ssh-l2tp | ssh-appgw | ssh-engine | ssh-int | ssh-pmgr | ssh-ppp | ssh-tcp} {enable | disable}}

Syntax Description

all disable

Disables all debugging in the policy manager module.

config

Configures the debugging of the policy manager

configuration.

hwcrypto

Configures the debugging of hardware offload events.

ikemsg

Configures the debugging of Internet Key Exchange

(IKE) messages.

init

Configures the debugging of policy manager

initialization events.

list

Configures the debugging of policy manager list

mgmt.

message

Configures the debugging of policy manager message

queue events.

pki

Configures the debugging of Public Key Infrastructure

(PKI) related events.

rng

Configures the debugging of random number

generation.

rules

Configures the debugging of Layer 3 policy events.

sa-export

Configures the debugging of SA export (mobility).

sa-import

Configures the debugging of SA import (mobility).

ssh-l2tp

Configures the debugging of policy manager Layer

2 Tunneling Protocol (l2TP) handling.

ssh-appgw

Configures the debugging of application gateways.

ssh-engine

Configures the debugging of the policy manager

engine.

ssh-int

Configures the debugging of the policy manager

intercepter.

ssh-pmgr

Configures the debugging of the policy manager.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1016

OL-31334-01

debug Commands

Command Default

Command History

Examples

ssh-ppp

Configures the debugging of policy manager Point

To Point Protocol (PPP) handling.

ssh-tcp

Configures the debugging of policy manager TCP

handling.

enable

Enables the debugging.

disable

Disables the debugging.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the debugging of PKI-related events:
(Cisco Controller) > debug pm pki enable

Related Commands

debug disable-all

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1017

debug Commands

debug web-auth
To configure debugging of web-authenticated clients, use the debug web-auth command.
debug web-auth {redirect{ enable mac mac_address | disable} | webportal-server {enable | disable}}

Syntax Description

Command Default

Command History

Examples

redirect

Configures debugging of web-authenticated and redirected

clients.

enable

Enables the debugging of web-authenticated clients.

mac

Configures the MAC address of the web-authenticated client.

mac_address

MAC address of the web-authenticated client.

disable

Disables the debugging of web-authenticated clients.

webportal-server

Configures the debugging of portal authentication of clients.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the debugging of a web authenticated and redirected client:
(Cisco Controller) > debug web-auth redirect enable mac xx:xx:xx:xx:xx:xx

Cisco Wireless LAN Controller Command Reference, Release 8.0

1018

OL-31334-01

debug Commands

debug wips
To configure debugging of wireless intrusion prevention system (WIPS), use the debug wips command.
debug wips {all | error | event | nmsp | packet} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures debugging of all WIPS messages.

error

Configures debugging of WIPS errors.

event

Configures debugging of WIPS events.

nmsp

Configures debugging of WIPS Network Mobility

Services Protocol (NMSP) events.

packet

Configures debugging of WIPS packets.

enable

Enables debugging of WIPS.

disable

Disables debugging of WIPS.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable debugging of all WIPS messages:
(Cisco Controller) > debug wips all enable

Related Commands

debug client
debug dot11 rogue
show wps summary
show wps wips

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1019

debug Commands

debug wps sig

To configure the debugging of Wireless Provisioning Service (WPS) signature settings, use the debug wps
sig command.
debug wps sig {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the debugging for WPS settings.

disable

Disables the debugging for WPS settings.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the debugging of WPS signature settings:
(Cisco Controller) > debug wps sig enable

Related Commands

debug wps mfp

debug disable-all

Cisco Wireless LAN Controller Command Reference, Release 8.0

1020

OL-31334-01

debug Commands

debug wps mfp

To configure the debugging of WPS Management Frame Protection (MFP) settings, use the debug wps mfp
command.
debug wps mfp {client | capwap | detail | report | mm} {enable | disable}

Syntax Description

Command Default

Command History

Examples

client

Configures the debugging for client MFP messages.

capwap

Configures the debugging for MFP messages between

the controller and access points.

detail

Configures the detailed debugging for MFP messages.

report

Configures the debugging for MFP reporting.

Configures the debugging for MFP mobility

(inter-Cisco WLC) messages.

enable

Enables the debugging for WPS MFP settings.

disable

Disables the debugging for WPS MFP settings.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the debugging of WPS MFP settings:
(Cisco Controller) > debug wps mfp detail enable

Related Commands

debug disable-all
debug wps sig

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1021

debug Commands

Cisco Wireless LAN Controller Command Reference, Release 8.0

1022

OL-31334-01

PART

WLAN Commands
CLI Commands, page 1025

CLI Commands
The Cisco Wireless LAN solution command-line interface (CLI) enables operators to connect an ASCII
console to the Cisco Wireless LAN Controller and configure the controller and its associated access points.
show Commands, page 1025
config Commands, page 1082
clear Commands, page 1319
debug Commands, page 1320
test Commands, page 1335

show Commands
This section lists the show commands to display information about your WLAN configuration settings.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1025

show Commands

show advanced hotspot

To display the advanced HotSpot parameters, use the show advanced hotspot command.
show advanced hotspot

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the advanced HotSpot parameters:
(Cisco Controller) >show advanced hotspot
ANQP 4-way state.................................
GARP Broadcast state: ...........................
GAS request rate limit ..........................
ANQP comeback delay in TUs(TU=1024usec)..........

Disabled
Enabled
Disabled
50

Cisco Wireless LAN Controller Command Reference, Release 8.0

1026

OL-31334-01

show Commands

show avc statistics wlan

Syntax Description

Command Default

Command History

Examples

wlan_id

WLAN identifier from 1 to 512.

application

Displays AVC statistics for an application.

application_name

Name of the application. The application name can be up to 32

case-sensitive, alphanumeric characters.

top-app-groups

Displays AVC statistics for top application groups.

upstream

(Optional) Displays statistics of top upstream applications.

downstream

(Optional) Displays statistics of top downstream applications.

top-apps

Displays AVC statistics for top applications.

None

Release

Modification

7.4

This command was introduced.

The following is a sample output of the show avc statistics command.

(Cisco Controller) >show avc statistics wlan 1
Application-Name
(Up/Down)
================
unclassified
ftp
http
gre
icmp
ipinip
imap

(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)
(D)
(U)

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1027

show Commands

irc
nntp

(D)
(U)
(D)
(U)
(D)

1555
9
11
22
22

576371
74
371
158
372

370
8
33
7
16

332290
1736
1972
1705
2047

125799465
9133
173381
9612
214391

Upstream
========
0
0
0
32459
274

Downstream
==========
0
0
0
64888
94673983

Cisco Wireless LAN Controller Command Reference, Release 8.0

1028

OL-31334-01

show Commands

show call-control ap
Note

The show call-control ap command is applicable only for SIP based calls.
To see the metrics for successful calls or the traps generated for failed calls, use the show call-control ap
command.
show call-control ap {802.11a | 802.11b} cisco_ap {metrics | traps}

Syntax Description

Command Default

Command History

Usage Guidelines

802.11a

Specifies the 802.11a network

802.11b

Specifies the 802.11b/g network.

cisco_ap

Cisco access point name.

metrics

Specifies the call metrics information.

traps

Specifies the trap information for call control.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

To aid in troubleshooting, the output of this command shows an error code for any failed calls. This table
explains the possible error codes for failed calls.
Table 11: Error Codes for Failed VoIP Calls

Error Code Integer

Description

unknown

Unknown error.

400

badRequest

The request could not be understood because of malformed

syntax.

401

unauthorized

The request requires user authentication.

402

paymentRequired

Reserved for future use.

403

forbidden

The server understood the request but refuses to fulfill it.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1029

show Commands

Error Code Integer

Description

404

notFound

The server has information that the user does not exist at the
domain specified in the Request-URI.

405

methodNotallowed

The method specified in the Request-Line is understood but

not allowed for the address identified by the Request-URI.

406

notAcceptable

The resource identified by the request is only capable of

generating response entities with content characteristics that
are not acceptable according to the Accept header field sent
in the request.

407

proxyAuthenticationRequired

The client must first authenticate with the proxy.

408

requestTimeout

The server could not produce a response within a suitable

amount of time.

409

conflict

The request could not be completed due to a conflict with

the current state of the resource.

410

gone

The requested resource is no longer available at the server,

and no forwarding address is known.

411

lengthRequired

The server is refusing to process a request because the

request entity-body is larger than the server is willing or able
to process.

413

requestEntityTooLarge

The server is refusing to process a request because the

request entity-body is larger than the server is willing or able
to process.

414

requestURITooLarge

The server is refusing to service the request because the

Request-URI is longer than the server is willing to interpret.

415

unsupportedMediaType

The server is refusing to service the request because the

message body of the request is in a format not supported by
the server for the requested method.

420

badExtension

The server did not understand the protocol extension

specified in a Proxy-Require or Require header field.

480

temporarilyNotAvailable

The callees end system was contacted successfully, but the

callee is currently unavailable.

481

callLegDoesNotExist

The UAS received a request that does not match any existing
dialog or transaction.

482

loopDetected

The server has detected a loop.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1030

OL-31334-01

show Commands

Error Code Integer

Description

483

tooManyHops

The server received a request that contains a Max-Forwards

header field with the value zero.

484

addressIncomplete

The server received a request with a Request-URI that was

incomplete.

485

ambiguous

The Request-URI was ambiguous.

486

busy

The callees end system was contacted successfully, but the

callee is currently not willing or able to take additional calls
at this end system.

500

internalServerError

The server encountered an unexpected condition that

prevented it from fulfilling the request.

501

notImplemented

The server does not support the functionality required to

fulfill the request.

502

badGateway

The server, while acting as a gateway or proxy, received an

invalid response from the downstream server it accessed in
attempting to fulfill the request.

503

serviceUnavailable

The server is temporarily unable to process the request

because of a temporary overloading or maintenance of the
server.

504

serverTimeout

The server did not receive a timely response from an external

server it accessed in attempting to process the request.

505

versionNotSupported

The server does not support or refuses to support the SIP

protocol version that was used in the request.

600

busyEverywhere

The callees end system was contacted successfully, but the

callee is busy or does not want to take the call at this time.

603

decline

The callees machine was contacted successfully, but the

user does not want to or cannot participate.

604

doesNotExistAnywhere

The server has information that the user indicated in the

Request-URI does not exist anywhere.

606

notAcceptable

The users agent was contacted successfully, but some

aspects of the session description (such as the requested
media, bandwidth, or addressing style) were not acceptable.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1031

show Commands

Examples

The following is a sample output of the show call-controller ap command that displays successful calls
generated for an access point:
(Cisco Controller) >show call-control ap 802.11a Cisco_AP metrics
Total Call Duration in Seconds................... 120
Number of Calls.................................. 10
Number of calls for given client is................. 1

The following is a sample output of the show call-control ap command that displays metrics of traps generated
for an AP.
(Cisco Controller) >show call-control ap 802.11a Cisco_AP traps
Number of traps sent in one min.................. 2
Last SIP error code.............................. 404
Last sent trap timestamp...................... Jun 20 10:05:06

Cisco Wireless LAN Controller Command Reference, Release 8.0

1032

OL-31334-01

show Commands

show call-control client

To see call information for a call-aware client when Voice-over-IP (VoIP) snooping is enabled and the call
is active, use the show call-control client command
show call-control client callInfo client_MAC_address

Syntax Description

Command Default

Command History

Examples

callInfo

Specifies the call-control information.

client_MAC_address

Client MAC address.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example is a sample output of the show call-controller client command:
> show call-control client callInfo 10.10.10.10.10.10
Uplink IP/port................................... 0.0.0.0 /
0
Downlink IP/port................................ 9.47.96.107 / 5006
UP...............................................
6
Calling Party.................................... sip:1021
Called Party..................................... sip:1000
Call ID.......................................... 38423970c3fca477
Call on hold: ................................... FALSE
Number of calls for given client is.............. 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1033

show Commands

show client ccx client-capability

To display the clients capability information, use the show client ccx client-capability command.
show client ccx client-capability client_mac_address

Syntax Description

Command Default

Command History

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This command displays the clients available capabilities, not the current settings for the capabilities.

Examples

The following is a sample output of the show client ccx client-capability command:
(Cisco Controller) >show client ccx client-capability 00:40:96:a8:f7:98
Service Capability.................................. Voice, Streaming(uni-directional)
Video, Interactive(bi-directional) Video
Radio Type.......................................... DSSS OFDM(802.11a) HRDSSS(802.11b)
ERP(802.11g)
Radio Type.......................................... DSSS
Radio Channels.................................. 1 2 3 4 5 6 7 8 9 10 11
Tx Power Mode................................... Automatic
Rate List(MB)................................... 1.0 2.0
Radio Type.......................................... HRDSSS(802.11b)
Radio Channels.................................. 1 2 3 4 5 6 7 8 9 10 11
Tx Power Mode................................... Automatic
Rate List(MB)................................... 5.5 11.0
Radio Type.......................................... ERP(802.11g)
Radio Channels.................................. 1 2 3 4 5 6 7 8 9 10 11
Tx Power Mode................................... Automatic
Rate List(MB)................................... 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
Are you sure you want to start? (y/N)y Are you sure you want to start? (y/N)

Cisco Wireless LAN Controller Command Reference, Release 8.0

1034

OL-31334-01

show Commands

show client ccx frame-data

To display the data frames sent from the client for the last test, use the show client ccx frame-data command.
show client ccx frame-data client_mac_address

Syntax Description

Command Default

Command History

Examples

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show client ccx frame-data command:
(Cisco Controller) >show client ccx frame-data
xx:xx:xx:xx:xx:xx

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1035

show Commands

show client ccx last-response-status

To display the status of the last test response, use the show client ccx last-response-status command.
show client ccx last-response-status client_mac_address

Syntax Description

Command Default

Command History

Examples

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show client ccx last-response-status command:
(Cisco Controller) >show client ccx last-response-status
Test Status ........................ Success
Response Dialog Token.............. 87
Response Status.................... Successful
Response Test Type................. 802.1x Authentication Test
Response Time...................... 3476 seconds since system boot

Cisco Wireless LAN Controller Command Reference, Release 8.0

1036

OL-31334-01

show Commands

show client ccx last-test-status

To display the status of the last test, use the show client ccx last-test-status command.
show client ccx last-test-status client_mac_address

Syntax Description

Command Default

Command History

Examples

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show client ccx last-test-status command:
(Cisco Controller) >show client ccx last-test-status
Test Type ........................
Test Status ......................
Dialog Token .....................
Timeout ..........................
Request Time .....................

Gateway Ping Test

Pending/Success/Timeout
15
15000 ms
1329 seconds since system boot

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1037

show Commands

show client ccx log-response

To display a log response, use the show client ccx log-response command.
show client ccx log-response {roam | rsna | syslog} client_mac_address

Syntax Description

Command Default

Command History

Examples

roam

(Optional) Displays the CCX client roaming log response.

rsna

(Optional) Displays the CCX client RSNA log response.

syslog

(Optional) Displays the CCX client system log response.

client_mac_address

Inventory for the specified access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show client ccx log-response syslog command:
(Cisco Controller) >show client ccx log-response syslog 00:40:96:a8:f7:98
Tue Jun 26 18:07:48 2007
Syslog Response LogID=131: Status=Successful
Event Timestamp=0d 00h 19m 42s 278987us
Client SysLog = <11> Jun 19 11:49:47 unraval13777 Mandatory elements
OID response
Event Timestamp=0d 00h 19m 42s 278990us
Client SysLog = <11> Jun 19 11:49:47 unraval13777 Mandatory elements
OID response
Tue Jun 26 18:07:48 2007
Syslog Response LogID=131: Status=Successful
Event Timestamp=0d 00h 19m 42s 278987us
Client SysLog = <11> Jun 19 11:49:47 unraval13777 Mandatory elements
OID response
Event Timestamp=0d 00h 19m 42s 278990us
Client SysLog = <11> Jun 19 11:49:47 unraval13777 Mandatory elements
OID response

missing in the

The following example shows how to display the client roaming log response:
(Cisco Controller) >show client ccx log-response roam 00:40:96:a8:f7:98
Thu Jun 22 11:55:14 2007
Roaming Response LogID=20: Status=Successful
Event Timestamp=0d 00h 00m 13s 322396us
Source BSSID=00:40:96:a8:f7:98
Target BSSID=00:0b:85:23:26:70,
Transition Time=100(ms)
Transition Reason: Normal roam, poor link
Transition Result: Success
Thu Jun 22 11:55:14 2007
Roaming Response LogID=133: Status=Successful
Event Timestamp=0d 00h 00m 16s 599006us
Source BSSID=00:0b:85:81:06:c2
Target BSSID=00:0b:85:81:06:c2,
Transition Time=3235(ms)
Transition Reason: Normal roam, poor link
Transition Result: Success
Thu Jun 22 18:28:48 2007
Roaming Response LogID=133: Status=Successful
Event Timestamp=0d 00h 00m 08s 815477us
Source BSSID=00:0b:85:81:06:c2

Cisco Wireless LAN Controller Command Reference, Release 8.0

1038

OL-31334-01

show Commands

Target BSSID=00:0b:85:81:06:d2,
Transition Time=3281(ms)
Transition Reason: First association to WLAN
Transition Result: Success

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1039

show Commands

show client ccx manufacturer-info

To display the client manufacturing information, use the show client ccx manufacturer-info command.
show client ccx manufacturer-info client_mac_address

Syntax Description

Command Default

Command History

Examples

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show client ccx manufacturer-info command:
(Cisco Controller) >show client ccx manufacturer-info 00:40:96:a8:f7:98
Manufacturer OUI .............................. 00:40:96
Manufacturer ID ............................... Cisco
Manufacturer Model ............................ Cisco Aironet 802.11a/b/g Wireless Adapter
Manufacturer Serial ........................... FOC1046N3SX
Mac Address ................................... 00:40:96:b2:8d:5e
Radio Type .................................... DSSS OFDM(802.11a) HRDSSS(802.11b)
ERP(802.11g)
Antenna Type .................................. Omni-directional diversity
Antenna Gain .................................. 2 dBi
Rx Sensitivity:
Radio Type ...................................... DSSS
Rx Sensitivity .................................. Rate:1.0 Mbps, MinRssi:-95, MaxRss1:-30
Rx Sensitivity .................................. Rate:2.0 Mbps, MinRssi:-95, MaxRss1:-30
Radio Type ...................................... HRDSSS(802.11b)
Rx Sensitivity .................................. Rate:5.5 Mbps, MinRssi:-95, MaxRss1:-30
Rx Sensitivity .................................. Rate:11.0 Mbps, MinRssi:-95, MaxRss1:-30
Radio Type ...................................... ERP(802.11g)
Rx Sensitivity .................................. Rate:6.0 Mbps, MinRssi:-95, MaxRss1:-30
Rx Sensitivity .................................. Rate:9.0 Mbps, MinRssi:-95, MaxRss1:-30
Rx Sensitivity .................................. Rate:12.0 Mbps, MinRssi:-95, MaxRss1:-30
Rx Sensitivity .................................. Rate:18.0 Mbps, MinRss1:-95, MaxRss1:-30

Cisco Wireless LAN Controller Command Reference, Release 8.0

1040

OL-31334-01

show Commands

show client ccx operating-parameters

To display the client operating-parameters, use the show client ccx operating-parameters command.
show client ccx operating-parameters client_mac_address

Syntax Description

Command Default

Command History

Examples

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show client ccx operating-parameters command:
(Cisco Controller) >show client ccx operating-parameters 00:40:96:b2:8d:5e
Client Mac ......................................... 00:40:96:b2:8d:5e
Radio Type ......................................... OFDM(802.11a)
Radio Type ......................................... OFDM(802.11a)
Radio Channels ................................. 36 40 44 48 52 56 60 64 100 104 108 112
116 120 124 128 132 136 140 149 153 157 161 165
Tx Power Mode .................................. Automatic
Rate List(MB)................................... 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
Power Save Mode .................................... Normal Power Save
SSID ............................................... wifi
Security Parameters[EAP Method, Credential]......... None
Auth Method ........................................ None
Key Management...................................... None
Encryption ......................................... None
Device Name ........................................ Wireless Network Connection 15
Device Type ........................................ 0
OS Id .............................................. Windows XP
OS Version ......................................... 5.1.6.2600 Service Pack 2
IP Type ............................................ DHCP address
IPv4 Address ....................................... Available
IP Address ......................................... 70.0.4.66
Subnet Mask ........................................ 255.0.0.0
Default Gateway .................................... 70.1.0.1
IPv6 Address ....................................... Not Available
IPv6 Address ....................................... 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:
IPv6 Subnet Mask ................................... 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:
DNS Servers ........................................ 103.0.48.0
WINS Servers .......................................
System Name ........................................ URAVAL3777
Firmware Version ................................... 4.0.0.187
Driver Version ..................................... 4.0.0.187

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1041

show Commands

show client ccx profiles

To display the client profiles, use the show client ccx profiles command.
show client ccx profiles client_mac_address

Syntax Description

Command Default

Command History

Examples

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show client ccx profiles command:
(Cisco Controller) >show client ccx profiles 00:40:96:15:21:ac
Number of Profiles .................................. 1
Current Profile ..................................... 1
Profile ID .......................................... 1
Profile Name ........................................ wifiEAP
SSID ................................................ wifiEAP
Security Parameters [EAP Method, Credential]......... EAP-TLS, Host OS Login Credentials
Auth Method ......................................... EAP
Key Management ...................................... WPA2+CCKM
Encryption .......................................... AES-CCMP
Power Save Mode ..................................... Constantly Awake
Radio Configuration:
Radio Type........................................... DSSS
Preamble Type.................................... Long preamble
CCA Method....................................... Energy Detect + Carrier
Detect/Correlation
Data Retries..................................... 6
Fragment Threshold............................... 2342
Radio Channels................................... 1 2 3 4 5 6 7 8 9 10 11
Tx Power Mode.................................... Automatic
Rate List (MB)................................... 1.0 2.0
Radio Type........................................... HRDSSS(802.11b)
Preamble Type.................................... Long preamble
CCA Method....................................... Energy Detect + Carrier
Detect/Correlation
Data Retries..................................... 6
Fragment Threshold............................... 2342
Radio Channels................................... 1 2 3 4 5 6 7 8 9 10 11
Tx Power Mode.................................... Automatic
Rate List(MB).................................... 5.5 11.0
Radio Type........................................... ERP(802.11g)
Preamble Type.................................... Long preamble
CCA Method....................................... Energy Detect + Carrier
Detect/Correlation
Data Retries..................................... 6
Fragment Threshold............................... 2342
Radio Channels................................... 1 2 3 4 5 6 7 8 9 10 11
Tx Power Mode.................................... Automatic
Rate List (MB)................................... 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
Radio Type........................................... OFDM(802.11a)

Cisco Wireless LAN Controller Command Reference, Release 8.0

1042

OL-31334-01

show Commands

Preamble Type....................................
CCA Method.......................................
Detect/Correlation
Data Retries.....................................
Fragment Threshold...............................
Radio Channels...................................
165
Tx Power Mode....................................
Rate List (MB)...................................

Long preamble
Energy Detect + Carrier
6
2342
36 40 44 48 52 56 60 64 149 153 157 161
Automatic
6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1043

show Commands

show client ccx results

To display the results from the last successful diagnostic test, use the show client ccx results command.
show client ccx results client_mac_address

Syntax Description

Command Default

Command History

Examples

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show client ccx results command:
(Cisco Controller) >show client ccx results xx.xx.xx.xx
dot1x Complete....................................... Success
EAP Method........................................... *1,Host OS Login Credentials
dot1x Status......................................... 255

Cisco Wireless LAN Controller Command Reference, Release 8.0

1044

OL-31334-01

show Commands

show client ccx rm

To display Cisco Client eXtension (CCX) client radio management report information, use the show client
ccx rm command.
show client ccx rm client_MAC {status | {report {chan-load | noise-hist | frame | beacon | pathloss}}}

Syntax Description

Command Default

Command History

Examples

client_MAC

Client MAC address.

status

Displays the client CCX radio management status

information.

report

Displays the client CCX radio management report.

chan-load

Displays radio management channel load reports.

noise-hist

Displays radio management noise histogram reports.

beacon

Displays radio management beacon load reports.

frame

Displays radio management frame reports.

pathloss

Displays radio management path loss reports.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the client radio management status information:
(Cisco Controller) >show client ccx rm 00:40:96:15:21:ac status
Client Mac Address............................... 00:40:96:15:21:ac
Channel Load Request............................. Enabled
Noise Histogram Request.......................... Enabled
Beacon Request................................... Enabled
Frame Request.................................... Enabled
Interval......................................... 30
Iteration........................................... 10

The following example shows how to display the client radio management load reports:
(Cisco Controller) >show client ccx rm 00:40:96:15:21:ac report chan-load
Channel Load Report
Client Mac Address............................... 00:40:96:ae:53:bc
Timestamp........................................ 788751121
Incapable Flag................................... On

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1045

show Commands

Refused Flag........................................ On
Chan CCA Busy Fraction
----------------------1 194
2 86
3 103
4 0
5 178
6 82
7 103
8 95
9 13
10 222
11 75

The following example shows how to display the client radio management noise histogram reports:
(Cisco Controller) >show client ccx rm 00:40:96:15:21:ac report noise-hist
Noise Histogram Report
Client Mac Address............................... 00:40:96:15:21:ac
Timestamp........................................ 4294967295
Incapable Flag................................... Off
Refused Flag........................................ Off
Chan RPI0 RPI1 RPI2 RPI3 RPI4 RPI5 RPI6 RPI7

Cisco Wireless LAN Controller Command Reference, Release 8.0

1046

OL-31334-01

show Commands

show client ccx stats-report

To display the Cisco Client eXtensions (CCX) statistics report from a specified client device, use the show
client ccx stats-report command.
show client ccx stats-report client_mac_address

Syntax Description

Command Default

Command History

Examples

client_mac_address

Client MAC address.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show client ccx stats-report command:
(Cisco Controller) > show client ccx stats-report 00:0c:41:07:33:a6
Measurement duration = 1
dot11TransmittedFragmentCount
= 1
dot11MulticastTransmittedFrameCount = 2
dot11FailedCount
= 3
dot11RetryCount
= 4
dot11MultipleRetryCount
= 5
dot11FrameDuplicateCount
= 6
dot11RTSSuccessCount
= 7
dot11RTSFailureCount
= 8
dot11ACKFailureCount
= 9
dot11ReceivedFragmentCount
= 10
dot11MulticastReceivedFrameCount
= 11
dot11FCSErrorCount
= 12
dot11TransmittedFrameCount
= 13

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1047

show Commands

show client detail

To display detailed information for a client on a Cisco lightweight access point, use the show client detail
command.
show client detail mac_address

Syntax Description

Command Default

Command History

mac_address

Client MAC address.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The show client ap command may list the status of automatically disabled clients. Use the show exclusionlist
command to display clients on the exclusion list (blacklisted).

Examples

The following example shows how to display the client detailed information:
(Cisco Controller) >show client detail 00:0c:41:07:33:a6
Policy Manager State..............................POSTURE_REQD
Policy Manager Rule Created.......................Yes
Client MAC Address............................... 00:16:36:40:ac:58
Client Username.................................. N/A
Client State..................................... Associated
Client NAC OOB State............................. QUARANTINE
Guest LAN Id..................................... 1
IP Address....................................... Unknown
Session Timeout.................................. 0
QoS Level........................................ Platinum
802.1P Priority Tag.............................. disabled
KTS CAC Capability............................... Yes
WMM Support...................................... Enabled
Power Save....................................... ON
Diff Serv Code Point (DSPC)...................... disabled
Mobility State................................... Local
Internal Mobility State.......................... apfMsMmInitial
Security Policy Completed........................ No
Policy Manager State............................. WEBAUTH_REQD
Policy Manager Rule Created...................... Yes
NPU Fast Fast Notified........................... Yes
Last Policy Manager State........................ WEBAUTH_REQD
Client Entry Create Time......................... 460 seconds
Interface........................................ wired-guest
FlexConnect Authentication....................... Local
FlexConnect Data Switching....................... Local
VLAN............................................. 236
Quarantine VLAN.................................. 0
Client Statistics:
Number of Bytes Received................... 66806
Number of Data Bytes Received................... 160783
Number of Realtime Bytes Received............... 160783

Cisco Wireless LAN Controller Command Reference, Release 8.0

1048

OL-31334-01

show Commands

Number of Data Bytes Sent....................... 23436

Number of Realtime Bytes Sent................... 23436
Number of Data Packets Received................. 592
Number of Realtime Packets Received............. 592
Number of Data Packets Sent..................... 131
Number of Realtime Packets Sent................. 131
Number of Interim-Update Sent.............. 0
Number of EAP Id Request Msg Timeouts...... 0
Number of EAP Request Msg Timeouts......... 0
Number of EAP Key Msg Timeouts............. 0
Number of Data Retries..................... 0
Number of RTS Retries...................... 0
Number of Duplicate Received Packets....... 3
Number of Decrypt Failed Packets........... 0
Number of Mic Failured Packets............. 0
Number of Mic Missing Packets.............. 0
Number of RA Packets Dropped............... 6
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -50 dBm
Signal to Noise Ratio...................... 43 dB
...

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1049

show Commands

show client location-calibration summary

To display client location calibration summary information, use the show client location-calibration summary
command.
show client location-calibration summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the location calibration summary information:
(Cisco Controller) >show client location-calibration summary

MAC Address Interval

----------- ---------10:10:10:10:10:10 60
21:21:21:21:21:21 45

Cisco Wireless LAN Controller Command Reference, Release 8.0

1050

OL-31334-01

show Commands

show client probing

To display the number of probing clients, use the show client probing command.
show client probing

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the number of probing clients:
(Cisco Controller) >show client probing
Number of Probing Clients........................ 0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1051

show Commands

show client roam-history

To display the roaming history of a specified client, use the show client roam-history command.
show client roam-history mac_address

Syntax Description

Command Default

Command History

Examples

mac_address

Client MAC address.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is a sample output of the show client roam-history command:

(Cisco Controller) > show client roam-history 00:14:6c:0a:57:77

Cisco Wireless LAN Controller Command Reference, Release 8.0

1052

OL-31334-01

show Commands

show client summary

To display a summary of clients associated with a Cisco lightweight access point, use the show client summary
command.
show client summary [ssid / ip / username / devicetype]

Syntax Description

This command has no arguments or keywords up to Release 7.4.

ssid / ip / username / devicetype

(Optional) Displays active clients selective details on any of the

following parameters or all the parameters in any order:
SSID
IP addresss
Username
Device type (such as Samsung-Device or
WindowsXP-Workstation)

Command Default

Command History

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Use show client ap command to list the status of automatically disabled clients. Use the show exclusionlist
command to display clients on the exclusion list (blacklisted).

Examples

NMSP-TalwarSIM1-2 Associated

Yes

802.11a

NMSP-TalwarSIM1-2 Associated

Yes

802.11a

NMSP-TalwarSIM1-2 Associated

Yes

802.11a

NMSP-TalwarSIM1-2 Associated

Yes

802.11a

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1053

show Commands

Examples

AP Name

Status

Auth Protocol

----------------- -------- ------------- ----------------

Port Wired Mobility Role

---------- --------------

Number of Clients with requested device type..... 0

Cisco Wireless LAN Controller Command Reference, Release 8.0

1054

OL-31334-01

show Commands

show client wlan

To display the summary of clients associated with a WLAN, use the show client wlan command.
show client wlan wlan_id [devicetype device]

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier from 1 to 512.

devicetype

(Optional) Displays all clients with the specified device type.

device

Device type. For example, Samsung-Device or

WindowsXP-Workstation.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following are sample outputs of the show client wlan command:
(Cisco Controller) > show client wlan 1
Number of Clients in WLAN........................ 0
(Cisco Controller) > show client devicetype WindowsXP-Workstation
Number of Clients in WLAN........................ 0
MAC Address

AP Name

Status

Auth Protocol

----------------- -------- ------------- ----------------

Port Wired Mobility Role

---------- --------------

Number of Clients with requested device type..... 0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1055

show Commands

show dhcp
To display the internal Dynamic Host Configuration Protocol (DHCP) server configuration, use the show
dhcp command.
show dhcp {leases | summary | scope}

Syntax Description

Command Default

Command History

Examples

leases

Displays allocated DHCP leases.

summary

Displays DHCP summary information.

scope

Name of a scope to display the DHCP information for that scope.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the allocated DHCP leases:
(Cisco Controller) >show dhcp leases
No leases allocated.

The following example shows how to display the DHCP summary information:
(Cisco Controller) >show dhcp summary
Scope Name
Enabled
Address Range
003
No
0.0.0.0 -> 0.0.0.0

No
0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0 0.0.0.0 0.0.0.0
0.0.0.0 0.0.0.0 0.0.0.0
0.0.0.0 0.0.0.0 0.0.0.0

Cisco Wireless LAN Controller Command Reference, Release 8.0

1056

OL-31334-01

show Commands

show dhcp proxy

To display the status of DHCP proxy handling, use the show dhcp proxy command.
show dhcp proxy

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the status of DHCP proxy information:
(Cisco Controller) >show dhcp proxy
DHCP Proxy Behavior: enabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1057

show Commands

show dhcp timeout

To display the DHCP timeout value, use the show dhcp timeout command.
show dhcp timeout

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the DHCP timeout value:
(Cisco Controller) >show dhcp timeout
DHCP Timeout (seconds)................. 10

Cisco Wireless LAN Controller Command Reference, Release 8.0

1058

OL-31334-01

show Commands

show guest-lan
To display the configuration of a specific wired guest LAN, use the show guest-lan command.
show guest-lan guest_lan_id

Syntax Description

Command Default

Command History

guest_lan_id

ID of the selected wired guest LAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

To display all wired guest LANs configured on the controller, use the show guest-lan summary command.

Examples

The following is a sample output of the show guest-lan guest_lan_id command:

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1059

show Commands

show ipv6 acl

To display the IPv6 access control lists (ACLs) that are configured on the controller, use the show ipv6 acl
command.
show ipv6 acl detailed {acl_name | summary}

Syntax Description

Command Default

Command History

Examples

acl_name

IPv6 ACL name. The name can be up to 32 alphanumeric characters.

detailed

Displays detailed information about a specific ACL.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

1
Any
::/0
::/0
Any
0-65535
0-65535
Any
0
Permit
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

1060

OL-31334-01

show Commands

show ipv6 acl detailed

To display the IPv6 ACL details, use the show ipv6 acl detailed command.
show ipv6 acl detailed

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports IPv6 address format.

The following is a sample output of the show ipv6 acl detailed TestACL command:
(Cisco Controller) > show ipv6 acl detailed ddd
Rule Index.......................................
Direction........................................
IPv6 source prefix...............................
IPv6 destination prefix..........................
Protocol.........................................
Source Port Range................................
Destination Port Range...........................
DSCP.............................................
Action...........................................
Counter..........................................

1
Any
2001:9:5:90::115/128
::/0
6
0-65535
0-65535
Any
Permit
0

Rule Index.......................................
Direction........................................
IPv6 source prefix...............................
IPv6 destination prefix..........................
Protocol.........................................
Source Port Range................................
Destination Port Range...........................
DSCP.............................................
Action...........................................
Counter..........................................

2
Any
::/0
2001:9:5:90::115/128
6
0-65535
0-65535
Any
Permit
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1061

show Commands

show ipv6 acl cpu

To display the IPv6 ACL CPU details, use the show ipv6 acl cpu command.
show ipv6 acl cpu

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports IPv6 address format.

The following is a sample output of the show ipv6 acl cpu command:
(Cisco Controller) > show ipv6 acl cpu
CPU Acl Name................................ NOT CONFIGURED
Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

1062

OL-31334-01

show Commands

show ipv6 neighbor-binding

To display the IPv6 neighbor binding data that are configured on the controller, use the show ipv6
neighbor-binding command.
show ipv6 neighbor-binding {capture-policy| counters | detailed {mac mac_address| port port_number|
vlanvlan_id} | features | policies | ra-throttle {statistics vlan_id | routers vlan_id} | summary}

Syntax Description

Command Default

Command History

capture-policy

Displays IPv6 next-hop message capture policies.

counters

Displays IPv6 next-hop counters (Bridging mode only).

detailed

Displays the IPv6 neighbor binding table.

mac

Displays the IPv6 binding table entries for a specific MAC address.

mac_address

Displays the IPv6 binding table entries for a specific MAC address.

port

Displays the IPv6 binding table entries for a specific port.

port_number

Port Number. You can enter ap for an access point or LAG for a LAG port.

vlan

Displays the IPv6 neighbor binding table entries for a specific VLAN.

vlan_id

VLAN identifier.

features

Displays IPv6 next-hop registered features.

policies

Displays IPv6 next-hop policies.

ra-throttle

Displays RA throttle information.

statistics

Displays RA throttle statistics.

routers

Displays RA throttle routers.

summary

Displays the IPv6 neighbor binding table.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1063

show Commands

Usage Guidelines

DHCPv6 counters are applicable only for IPv6 bridging mode.

Examples

The following is the output of the show ipv6 neighbor-binding summary command:
(Cisco Controller) >show ipv6 neighbor-binding summary
Binding Table has 6 entries, 5 dynamic
Codes: L - Local, S - Static, ND - Neighbor Discovery, DH - DDCP
Preflevel flags (prlvl):
0001:MAC and LLA match
0002:Orig trunk
0004:Orig access
0008:Orig trusted access
0010:Orig trusted trunk
0020:DHCP assigned
0040:Cga authenticated
0080:Cert authenticated
0100:Statically assigned
IPv6 address
MAC Address
Port VLAN Type
prlvl age
state
Time left
-- ---------------------------------------- ----------------- ---- ---- -------- -------- --------- ---------ND fe80::216:46ff:fe43:eb01
00:16:46:43:eb:01
1 980 wired
0005
2 REACHABLE 157
ND fe80::9cf9:b009:b1b4:1ed9
70:f1:a1:dd:cb:d4
AP 980 wireless 0005
2 REACHABLE 157
ND fe80::6233:4bff:fe05:25ef
60:33:4b:05:25:ef
AP 980 wireless 0005
2 REACHABLE 203
ND fe80::250:56ff:fe8b:4a8f
00:50:56:8b:4a:8f
AP 980 wireless 0005
2 REACHABLE 157
ND 2001:410:0:1:51be:2219:56c6:a8ad
70:f1:a1:dd:cb:d4
AP 980 wireless 0005
5 REACHABLE 157
S
2001:410:0:1::9
00:00:00:00:00:08
AP 980 wireless 0100
1 REACHABLE 205

The following is the output of the show ipv6 neighbor-binding detailed command:
(Cisco Controller) >show ipv6 neighbor-binding detailed mac 60:33:4b:05:25:ef
macDB has 3 entries for mac 60:33:4b:05:25:ef, 3 dynamic
Codes: L - Local, S - Static, ND - Neighbor Discovery, DH - DDCP
Preflevel flags (prlvl):
0001:MAC and LLA match
0002:Orig trunk
0004:Orig access
0008:Orig trusted access
0010:Orig trusted trunk
0020:DHCP assigned
0040:Cga authenticated
0080:Cert authenticated
0100:Statically assigned
IPv6 address
MAC Address
Port VLAN Type
prlvl age
state
Time left
-- ---------------------------------------- ----------------- ---- ---- -------- -------- --------- ---------ND fe80::6233:4bff:fe05:25ef
60:33:4b:05:25:ef
AP 980 wireless 0009
0 REACHABLE 303
ND 2001:420:0:1:6233:4bff:fe05:25ef
60:33:4b:05:25:ef
AP 980 wireless 0009
0 REACHABLE 300
ND 2001:410:0:1:6233:4bff:fe05:25ef
60:33:4b:05:25:ef
AP 980 wireless 0009
0 REACHABLE 301

The following is the output of the show ipv6 neighbor-binding counters command:
(Cisco Controller) >show ipv6 neighbor-binding counters
Received Messages
NDP Router Solicitation
NDP Router Advertisement
NDP Neighbor Solicitation
NDP Neighbor Advertisement
NDP Redirect
NDP Certificate Solicit
NDP Certificate Advert
DHCPv6 Solicitation
DHCPv6 Advertisement
DHCPv6 Request
DHCPv6 Reply
DHCPv6 Inform
DHCPv6 Confirm

6
19
557
48
0
0
0
0
0
0
0
0
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

1064

summary

Displays RA guard statistics.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example show the output of the show ipv6 ra-guard ap summary command:
(Cisco Controller) >show ipv6 ra-guard ap summary
IPv6 RA Guard on AP..................... Enabled
RA Dropped per client:
MAC Address
AP Name
WLAN/GLAN
Number of RA Dropped
----------------- ----------------- -------------- --------------------00:40:96:b9:4b:89 Bhavik_1130_1_p13 2
19
----------------- ----------------- -------------- --------------------Total RA Dropped on AP......................
19

The following example shows how to display the RA guard statistics for a controller:
(Cisco Controller) >show ipv6 ra-guard wlc summary
IPv6 RA Guard on WLC.................... Enabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1067

show Commands

show ipv6 route summary

To display configuration information for IPv6 route, use the show ipv6 route summary command.
show ipv6 route summary
This command has no arguments or keywords.

Command Default

Command History

Examples

None

Release

Modification

8.0

This command was introduced in a Release 8.0.

The following is a sample output of the show ipv6 route summary command:
(Cisco Controller) > show ipv6 route summary
Number of Routes................................. 1
Destination Network PrefixLength Gateway
------------------- ------------- ------------------2001:9:5:90::115 /128 2001:9:5:91::1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1068

OL-31334-01

show Commands

show ipv6 summary

To display the IPv6 configuration settings, use the show ipv6 summary command.
show ipv6 summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Enabled
30
300
300
Disabled
1
no-limit
5
600
ignore
Enabled
Enabled
Enabled
Enabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1069

show Commands

show macfilter
To display the MAC filter parameters, use the show macfilter command.
show macfilter {summary | detail MAC}

Syntax Description

Command Default

Command History

summary

Displays a summary of all MAC filter entries.

detail MAC

Displays details of a MAC filter entry.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The MAC delimiter (none, colon, or hyphen) for MAC addresses sent to RADIUS servers is displayed. The
MAC filter table lists the clients that are always allowed to associate with a wireless LAN.

Examples

The following example shows how to display the detailed display of a MAC filter entry:
(Cisco Controller) >show macfilter detail xx:xx:xx:xx:xx:xx
MAC Address...................................... xx:xx:xx:xx:xx:xx
WLAN Identifier.................................. Any
Interface Name................................... management
Description...................................... RAP

The following example shows how to display a summary of the MAC filter parameters:
(Cisco Controller) > show macfilter summary
MAC Filter RADIUS Compatibility mode............. Cisco ACS
MAC Filter Delimiter............................. None
Local Mac Filter Table
MAC Address
WLAN Id
Description
------------------------------------------------------------------xx:xx:xx:xx:xx:xx
Any
RAP
xx:xx:xx:xx:xx:xx
Any
PAP2 (2nd hop)
xx:xx:xx:xx:xx:xx
Any
PAP1 (1st hop)

Cisco Wireless LAN Controller Command Reference, Release 8.0

1070

OL-31334-01

show Commands

show network summary

To display the network configuration settings, use the show network summary command.
show network summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command updated to display the IPv6 multicast details in the network summary.

The following example displays the output of the show ipv6 summary command:
(Cisco Controller) >show network summary
RF-Network Name.............................
Web Mode....................................
Secure Web Mode.............................
Secure Web Mode Cipher-Option High..........
Secure Web Mode Cipher-Option SSLv2.........
Secure Web Mode RC4 Cipher Preference.......
OCSP........................................
OCSP responder URL..........................
Secure Shell (ssh)..........................
Telnet......................................
Ethernet Multicast Forwarding...............
Ethernet Broadcast Forwarding...............
IPv4 AP Multicast/Broadcast Mode............
IPv6 AP Multicast/Broadcast Mode............
IGMP snooping...............................
IGMP timeout................................
IGMP Query Interval.........................
MLD snooping................................
MLD timeout.................................
MLD query interval..........................
User Idle Timeout...........................
ARP Idle Timeout............................
Cisco AP Default Master.....................
AP Join Priority............................
Mgmt Via Wireless Interface.................
Mgmt Via Dynamic Interface..................
Bridge MAC filter Config....................
Bridge Security Mode........................
Mesh Full Sector DFS........................
AP Fallback ................................
Web Auth CMCC Support ......................
Web Auth Redirect Ports ....................
Web Auth Proxy Redirect ...................
Web Auth Captive-Bypass
..................
Web Auth Secure Web .......................
Fast SSID Change ...........................
AP Discovery - NAT IP Only .................
IP/MAC Addr Binding Check ..................

johnny
Enable
Enable
Disable
Disable
Disable
Disabled
Enable
Enable
Enable
Enable
Multicast
Address : 239.9.9.9
Multicast
Address : ff1e::6:9
Enabled
60 seconds
20 seconds
Enabled
60 seconds
20 seconds
300 seconds
300 seconds
Disable
Disable
Enable
Enable
Enable
EAP
Enable
Enable
Disabled
80
Disable
Disable
Enable
Disabled
Enabled
Enabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1071

show Commands

Link Local Bridging Status .................

CCX-lite status ............................
oeap-600 dual-rlan-ports ...................
oeap-600 local-network .....................
oeap-600 Split Tunneling (Printers).........
WebPortal Online Client ....................
WebPortal NTF_LOGOUT Client ................
mDNS snooping...............................
mDNS Query Interval.........................
Web Color Theme.............................
L3 Prefer Mode..............................

Disabled
Disable
Disable
Enable
Disable
0
0
Disabled
15 minutes
Default
IPv4

Cisco Wireless LAN Controller Command Reference, Release 8.0

1072

OL-31334-01

show Commands

show pmk-cache
To display information about the pairwise master key (PMK) cache, use the show pmk-cache command.
show pmk-cache {all | MAC}

Syntax Description

Command Default

Command History

Examples

all

Displays information about all entries in the PMK cache.

MAC

Information about a single entry in the PMK cache.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display information about a single entry in the PMK cache:
(Cisco Controller) >show pmk-cache xx:xx:xx:xx:xx:xx

The following example shows how to display information about all entries in the PMK cache:
(Cisco Controller) >show pmk-cache all
PMK Cache
Entry
Station
Lifetime
VLAN Override
-------------------------------------------

IP Override
---------------

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1073

show Commands

show remote-lan
To display information about remote LAN configuration, use the show remote-lan command.
show remote-lan { summary | remote-lan-id }

Syntax Description

Command Default

Command History

Examples

summary

Displays a summary of all remote LANs.

remote-lan-id

Remote LAN identifier.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display a summary of all remote LANs:
(Cisco Controller) >show remote-lan summary
Number of Remote LANS............................ 2
RLAN ID RLAN Profile Name
Status
------- ------------------------------------- -------2
remote
Disabled
8
test
Disabled

Interface Name
-------------------management
management

The following example shows configuration information about the remote LAN with the remote-lan-id 2:
(Cisco Controller) >show remote-lan 2
Remote LAN Identifier............................
Profile Name.....................................
Status...........................................
MAC Filtering....................................
AAA Policy Override..............................
Network Admission Control
Radius-NAC State...............................
SNMP-NAC State.................................
Quarantine VLAN................................
Maximum number of Associated Clients.............
Number of Active Clients.........................
Exclusionlist....................................
Session Timeout..................................
CHD per Remote LAN...............................
Webauth DHCP exclusion...........................
Interface........................................
Remote LAN ACL...................................
DHCP Server......................................
DHCP Address Assignment Required.................
Static IP client tunneling.......................
Radius Servers
Authentication................................
Accounting....................................
Dynamic Interface.............................
Security

2
remote
Disabled
Disabled
Disabled
Disabled
Disabled
0
0
0
Disabled
Infinity
Enabled
Disabled
management
unconfigured
Default
Disabled
Disabled
Global Servers
Global Servers
Disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

1074

OL-31334-01

show Commands

Web Based Authentication...................... Enabled

ACL............................................. Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1075

show Commands

show rf-profile summary

To display a summary of RF profiles in the controller, use the show rf-profile summary command.
show rf-profile summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following is the output of the show rf-profile summary command:

(Cisco Controller) >show rf-profile summary
Number of RF Profiles............................ 2
Out Of Box State................................. Disabled
RF Profile Name
Band
Description
------------------------- ------- ------------------------T1a
5 GHz
<none>
T1b
2.4 GHz <none>

Applied
------No
No

Cisco Wireless LAN Controller Command Reference, Release 8.0

1076

OL-31334-01

show Commands

show rf-profile details

To display the RF profile details in the Cisco wireless LAN controller, use the show rf-profile details
command.
show rf-profile details rf-profile-name

Syntax Description

Command Default

Command History

Examples

rf-profile-name

Name of the RF profile.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

The output was updated to include the Rx SOP threshold.

The following is the output of the show rf-profile details command::

(Cisco Controller) >show rf-profile details T1a
Description......................................
Radio policy.....................................
Transmit Power Threshold v1......................
Transmit Power Threshold v2......................
Min Transmit Power...............................
Max Transmit Power...............................
Rx Sop Threshold.................................
802.11a Operational Rates
802.11a 6M Rate..............................
802.11a 9M Rate..............................
802.11a 12M Rate.............................
802.11a 18M Rate.............................
802.11a 24M Rate.............................
802.11a 36M Rate.............................
802.11a 48M Rate.............................
802.11a 54M Rate.............................
Max Clients......................................
Client Trap Threshold............................
Multicast Data Rate..............................
Rx Sop Threshold.................................
Cca Threshold....................................
Slot Admin State:................................
Band Select Probe Response.......................
Band Select Cycle Count..........................
Band Select Cycle Threshold......................
Band Select Expire Suppression...................
Band Select Expire Dual Band.....................
Band Select Client Rssi..........................
Load Balancing Denial............................
Load Balancing Window............................
Coverage Data....................................
Coverage Voice...................................
Coverage Exception...............................
Coverage Level...................................

<none>
5 GHz
-70 dBm
-67 dBm
-10 dBm
30 dBm
Medium
Mandatory
Supported
Mandatory
Supported
Mandatory
Supported
Supported
Supported
200
50
0
0 dBm
0 dBm
Enabled
Disabled
2 cycles
200 milliseconds
20 seconds
60 seconds
-80 dBm
3 count
5 clients
-80 dBm
-80 dBm
3 clients
25 %

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1077

show Commands

show wlan
To display configuration information for a specified wireless LAN or a foreign access point, or to display
wireless LAN summary information, use the show wlan command.
show wlan { apgroups | summary | wlan_id | foreignAp }

Syntax Description

Command Default

Command History

Examples

apgroups

Displays access point group information.

summary

Displays a summary of all wireless LANs.

wlan_id

Wireless LAN identifier from 1 to 512.

foreignAp

Displays the configuration for support of foreign access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display a summary of wireless LANs for wlan_id 1:
(Cisco Controller) >show wlan 1
WLAN Identifier.................................. 1
Profile Name..................................... aicha
Network Name (SSID).............................. aicha
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
RADIUS Profiling Status ...................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Client Profiling Status ...................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State.............................. Enabled
SNMP-NAC State................................ Enabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ 300 seconds
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... Talwar1
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management

Cisco Wireless LAN Controller Command Reference, Release 8.0

1078

OL-31334-01

show Commands

Multicast Interface.............................. Not Configured

WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Enabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver (best effort)
Per-SSID Rate Limits............................. Upstream
Downstream
Average Data Rate................................
0
0
Average Realtime Data Rate.......................
0
0
Burst Data Rate..................................
0
0
Burst Realtime Data Rate.........................
0
0
Per-Client Rate Limits........................... Upstream
Downstream
Average Data Rate................................
0
0
Average Realtime Data Rate.......................
0
0
Burst Data Rate..................................
0
0
Burst Realtime Data Rate.........................
0
0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Enabled (Profile 'Controller_Local_EAP')
Radius NAI-Realm................................. Enabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Enabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Enabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
IP Security................................... Disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1079

show Commands

IP Security Passthru.......................... Disabled

Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Mobility Anchor List
WLAN ID
IP Address
Status
-------------------------802.11u........................................ Enabled
Network Access type............................ Chargeable Public Network
Internet service............................... Enabled
Network Authentication type.................... Not Applicable
HESSID......................................... 00:00:00:00:00:00
IP Address Type Configuration
IPv4 Address type............................ Available
IPv6 Address type............................ Not Known
Roaming Consortium List
Index
OUI List
In Beacon
-------------------------1
313131
Yes
2
DDBBCC
No
3
DDDDDD
Yes
Realm configuration summary
Realm index.................................. 1
Realm name................................... jobin
EAP index.................................. 1
EAP method................................. Unsupported
Index
Inner Authentication
Authentication Method
-------------------------------------------1
Credential Type
SIM
2
Tunneled Eap Credential Type
SIM
3
Credential Type
SIM
4
Credential Type
USIM
5
Credential Type
Hardware Token
6
Credential Type
SoftToken
Domain name configuration summary
Index Domain name
------------------1
rom3
2
ram
3
rom1
Hotspot 2.0.................................... Enabled
Operator name configuration summary
Index
Language
Operator name
-----------------------1
ros
Robin
Port config summary
Index
IP protocol
Port number
Status
-------------------------------

Cisco Wireless LAN Controller Command Reference, Release 8.0

1080

OL-31334-01

show Commands

1
1
0
Closed
2
1
0
Closed
3
1
0
Closed
4
1
0
Closed
5
1
0
Closed
6
1
0
Closed
7
1
0
Closed
WAN Metrics Info
Link status..................................
Symmetric Link...............................
Downlink speed...............................
Uplink speed.................................

Up
No
4 kbps
4 kbps

MSAP Services.................................. Disabled

Local Policy
---------------Priority Policy Name
-------- --------------1
Teacher_access_policy

The following example shows how to display a summary of all WLANs:

(Cisco Controller) >show wlan summary
Number of WLANs.................................. 1
WLAN ID WLAN Profile Name / SSID
Mobility
------- --------------------------------------------------1
apsso / apsso

Status

Interface Name

--------

--------------------

Disabled

management

PMIPv6

none

The following example shows how to display the configuration for support of foreign access points:
(Cisco Controller) >show wlan foreignap
Foreign AP support is not enabled.

The following example shows how to display the AP groups:

(Cisco Controller) >show wlan apgroups
Total Number of AP Groups........................ 1
Site Name........................................ APuser
Site Description................................. <none>
Venue Name....................................... Not configured
Venue Group Code..................................Unspecified
Venue Type Code...................................Unspecified
Language Code.................................... Not configured
AP Operating Class............................... 83,84,112,113,115,116,117,118,123
RF Profile
---------2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID
Interface
Network Admission Control
Radio Policy
----------------------------------------------------14
int_4
Disabled
All
AP Name
Slots AP Model
Ethernet MAC
Location
Country Priority
------------------ ----- ------------------- ----------------- ---------------------- -------Ibiza
2
AIR-CAP2602I-A-K9
44:2b:03:9a:8a:73 default location
US
1
Larch
2
AIR-CAP3502E-A-K9
f8:66:f2:ab:23:95 default location
US
1
Zest
US

AIR-CAP3502I-A-K9

00:22:90:91:6d:b6

ren

Port
---1
1
1

Number of Clients................................ 1
MAC Address
AP Name
Status
Device Type
----------------- ------------- ------------- -----------------

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1081

config Commands

24:77:03:89:9b:f8

ap2

Associated

Android

config Commands
This section lists the config commands to configure WLANs.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1082

OL-31334-01

config Commands

config 802.11 dtpc

To enable or disable the Dynamic Transmit Power Control (DTPC) setting for an 802.11 network, use the
config 802.11 dtpc command.
config 802.11{a | b} dtpc {enable | disable}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the support for this command.

disable

Disables the support for this command.

The default DTPC setting for an 802.11 network is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable DTPC for an 802.11a network:
(Cisco Controller) > config 802.11a dtpc disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1083

config Commands

config advanced hotspot

To configure advanced HotSpot configurations, use the config advanced hotspot command.
config advanced hotspot {anqp-4way {disable | enable | threshold value } | cmbk-delay value | garp
{disable | enable } | gas-limit {disable | enable }}

Syntax Description

Command Default

Command History

anqp-4way

Enables, disables, or, configures the Access Network Query Protocol (ANQP)
four way fragment threshold.

disable

Disables the ANQP four way message.

enable

Enables the ANQP four way message.

threshold

Configures the ANQP fourway fragment threshold.

value

ANQP four way fragment threshold value in bytes. The range is from 10 to
1500. The default value is 1500.

cmbk-delay

Configures the ANQP comeback delay in TUs,

value

ANQP comeback delay in Time Units (TUs). 1 TU is defined by 802.11 as

1024 usec. The range is from 1 milliseconds to 30 seconds.

garp

Disables or enables the Gratuitous ARP (GARP) forwarding to wireless network.

disable

Disables the Gratuitous ARP (GARP) forwarding to wireless network.

enable

Enables the Gratuitous ARP (GARP) forwarding to wireless network.

gas-limit

Limits the number of Generic Advertisement Service (GAS) request action

frames sent to the switch by an access point in a given interval.

disable

Disables the GAS request action frame limit on access points.

enable

Enables the GAS request action frame limit on access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1084

OL-31334-01

config Commands

Examples

The following example shows how to configure the ANQP four way fragment threshold value:
(Cisco Controller) >config advanced hotspot anqp-4way threshold 200

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1085

config Commands

config auto-configure voice

To auto-configure voice deployment in WLANs, use the config auto-configure voice command.
config auto-configure voice cisco wlan_id radio {802.11a | 802.11b | all}

Syntax Description

Command Default

Command History

cisco

Auto-configure WLAN for voice deployment of Cisco end points.

wlan_id

Wireless LAN identifier from 1 to 512 (inclusive).

radio

Auto-configures voice deployment for a radio in a WLAN.

802.11a

Auto-configures voice deployment for 802.11a in a WLAN.

802.11b

Auto-configures voice deployment for 802.11b in a WLAN.

all

Auto-configures voice deployment for all radios in a WLAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When you configure this command, all WLANs and radios are automatically disabled. After the completion
of the configuration, the previous state of the WLANs and radios is restored.

Examples

The following example shows how to auto-configure voice deployment for all radios in a WLAN:
(Cisco Controller) >config auto-configure voice cisco 2 radio all
Warning! This command will automatically disable all WLAN's and Radio's.
It will be reverted to the previous state once configuration is complete.
Are you sure you want to continue? (y/N)y
Auto-Configuring these commands in WLAN for Voice..
wlan qos 2 platinum
- Success
wlan call-snoop enable 2
- Success
wlan wmm allow 2
- Success
wlan session-timeout 2 86400
- Success
wlan peer-blocking disable 2
- Success
wlan security tkip hold-down 0 2
- Success
wlan exclusionlist 2 disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1086

OL-31334-01

Command Default

Command History

Examples

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear the reporting information of the client MAC address
00:1f:ca:cf:b6:60:
(Cisco Controller) >config client ccx clear-reports 00:1f:ca:cf:b6:60

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1089

config Commands

config client ccx clear-results

To clear the test results on the controller, use the config client ccx clear-results command.
config client ccx clear-results client_mac_address

Syntax Description

Command Default

Command History

Examples

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear the test results of the client MAC address 00:1f:ca:cf:b6:60:
(Cisco Controller) >config client ccx clear-results 00:1f:ca:cf:b6:60

Cisco Wireless LAN Controller Command Reference, Release 8.0

1090

OL-31334-01

config Commands

config client ccx default-gw-ping

To send a request to the client to perform the default gateway ping test, use the config client ccx
default-gw-ping command.
config client ccx default-gw-ping client_mac_address

Syntax Description

Command Default

Command History

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This test does not require the client to use the diagnostic channel.

Examples

The following example shows how to send a request to the client00:0b:85:02:0d:20 to perform the default
gateway ping test:
(Cisco Controller) >config client ccx default-gw-ping 00:0b:85:02:0d:20

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1091

config Commands

config client ccx dhcp-test

To send a request to the client to perform the DHCP test, use the config client ccx dhcp-test command.
config client ccx dhcp-test client_mac_address

Syntax Description

Command Default

Command History

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This test does not require the client to use the diagnostic channel.

Examples

The following example shows how to send a request to the client 00:E0:77:31:A3:55 to perform the DHCP
test:
(Cisco Controller) >config client ccx dhcp-test 00:E0:77:31:A3:55

Cisco Wireless LAN Controller Command Reference, Release 8.0

1092

OL-31334-01

config Commands

config client ccx dns-ping

To send a request to the client to perform the Domain Name System (DNS) server IP address ping test, use
the config client ccx dns-ping command.
config client ccx dns-ping client_mac_address

Syntax Description

Command Default

Command History

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This test does not require the client to use the diagnostic channel.

Examples

The following example shows how to send a request to the client 00:E0:77:31:A3:55 to perform the DNS
server IP address ping test:
(Cisco Controller) >config client ccx dns-ping 00:E0:77:31:A3:55

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1093

config Commands

config client ccx dns-resolve

To send a request to the client to perform the Domain Name System (DNS) resolution test to the specified
hostname, use the config client ccx dns-resolve command.
config client ccx dns-resolve client_mac_address host_name

Syntax Description

Command Default

Command History

client_mac_address

MAC address of the client.

host_name

Hostname of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This test does not require the client to use the diagnostic channel.

Examples

The following example shows how to send a request to the client 00:E0:77:31:A3:55 to perform the DNS
name resolution test to the specified hostname:
(Cisco Controller) >config client ccx dns-resolve 00:E0:77:31:A3:55 host_name

Cisco Wireless LAN Controller Command Reference, Release 8.0

1094

OL-31334-01

config Commands

config client ccx get-client-capability

To send a request to the client to send its capability information, use the config client ccx get-client-capability
command.
config client ccx get-client-capability client_mac_address

Syntax Description

Command Default

Command History

Examples

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to send a request to the client 172.19.28.40 to send its capability information:
(Cisco Controller) >config client ccx get-client-capability 172.19.28.40

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1095

config Commands

config client ccx get-manufacturer-info

To send a request to the client to send the manufacturers information, use the config client ccx
get-manufacturer-info command.
config client ccx get-manufacturer-info client_mac_address

Syntax Description

Command Default

Command History

Examples

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to send a request to the client 172.19.28.40 to send the manufacturers
information:
(Cisco Controller) >config client ccx get-manufacturer-info 172.19.28.40

Cisco Wireless LAN Controller Command Reference, Release 8.0

1096

OL-31334-01

config Commands

config client ccx get-operating-parameters

To send a request to the client to send its current operating parameters, use the config client ccx
get-operating-parameters command.
config client ccx get-operating-parameters client_mac_address

Syntax Description

Command Default

Command History

Examples

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to send a request to the client 172.19.28.40 to send its current operating
parameters:
(Cisco Controller) >config client ccx get-operating-parameters 172.19.28.40

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1097

config Commands

config client ccx get-profiles

To send a request to the client to send its profiles, use the config client ccx get-profiles command.
config client ccx get-profiles client_mac_address

Syntax Description

Command Default

Command History

Examples

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to send a request to the client 172.19.28.40 to send its profile details:
(Cisco Controller) >config client ccx get-profiles 172.19.28.40

Cisco Wireless LAN Controller Command Reference, Release 8.0

1098

OL-31334-01

config Commands

config client ccx log-request

To configure a Cisco client eXtension (CCX) log request for a specified client device, use the config client
ccx log-request command.
config client ccx log-request {roam | rsna | syslog} client_mac_address

Syntax Description

Command Default

Command History

Examples

roam

(Optional) Specifies the request to specify

the client CCX roaming log.

rsna

(Optional) Specifies the request to specify

the client CCX RSNA log.

syslog

(Optional) Specifies the request to specify

the client CCX system log.

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to specify the request to specify the client CCS system log:
(Cisco Controller) >config client ccx log-request syslog 00:40:96:a8:f7:98
Tue Oct 05 13:05:21 2006
SysLog Response LogID=1: Status=Successful
Event Timestamp=121212121212
Client SysLog = 'This is a test syslog 2'
Event Timestamp=121212121212
Client SysLog = 'This is a test syslog 1'
Tue Oct 05 13:04:04 2006
SysLog Request LogID=1

The following example shows how to specify the client CCX roaming log:
(Cisco Controller) >config client ccx log-request roam 00:40:96:a8:f7:98
Thu Jun 22 11:55:14 2006
Roaming Response LogID=20: Status=Successful
Event Timestamp=121212121212
Source BSSID=00:40:96:a8:f7:98, Target BSSID=00:0b:85:23:26:70,
Transition Time=100(ms)
Transition Reason: Unspecified Transition Result: Success
Thu Jun 22 11:55:04 2006
Roaming Request LogID=20
Thu Jun 22 11:54:54 2006
Roaming Response LogID=19: Status=Successful
Event Timestamp=121212121212
Source BSSID=00:40:96:a8:f7:98, Target BSSID=00:0b:85:23:26:70,
Transition Time=100(ms)

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1099

config Commands

Transition Reason: Unspecified Transition Result: Success

Thu Jun 22 11:54:33 2006 Roaming Request LogID=19

The following example shows how to specify the client CCX RSNA log:
(Cisco Controller) >config client ccx log-request rsna 00:40:96:a8:f7:98
Tue Oct 05 11:06:48 2006
RSNA Response LogID=2: Status=Successful
Event Timestamp=242424242424
Target BSSID=00:0b:85:23:26:70
RSNA Version=1
Group Cipher Suite=00-x0f-ac-01
Pairwise Cipher Suite Count = 2
Pairwise Cipher Suite 0 = 00-0f-ac-02
Pairwise Cipher Suite 1 = 00-0f-ac-04
AKM Suite Count = 2
KM Suite 0 = 00-0f-ac-01
KM Suite 1 = 00-0f-ac-02
SN Capability = 0x1
PMKID Count = 2
PMKID 0 = 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16
PMKID 1 = 0a 0b 0c 0d 0e 0f 17 18 19 20 1a 1b 1c 1d 1e 1f
802.11i Auth Type: EAP_FAST
RSNA Result: Success

Cisco Wireless LAN Controller Command Reference, Release 8.0

1100

OL-31334-01

config Commands

config client ccx send-message

To send a message to the client, use the config client ccx send-message command.
config client ccx send-message client_mac_address message_id

Syntax Description

client_mac_address

MAC address of the client.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1101

config Commands

message_id

Message type that involves one of the following:

1The SSID is invalid.
2The network settings are invalid.
3There is a WLAN credibility mismatch.
4The user credentials are incorrect.
5Please call support.
6The problem is resolved.
7The problem has not been resolved.
8Please try again later.
9Please correct the indicated problem.
10Troubleshooting is refused by the network.
11Retrieving client reports.
12Retrieving client logs.
13Retrieval complete.
14Beginning association test.
15Beginning DHCP test.
16Beginning network connectivity test.
17Beginning DNS ping test.
18Beginning name resolution test.
19Beginning 802.1X authentication test.
20Redirecting client to a specific profile.
21Test complete.
22Test passed.
23Test failed.
24Cancel diagnostic channel operation or select a WLAN profile to resume
normal operation.
25Log retrieval refused by the client.
26Client report retrieval refused by the client.
27Test request refused by the client.
28Invalid network (IP) setting.
29There is a known outage or problem with the network.
30Scheduled maintenance period.
(continued on next page)

Cisco Wireless LAN Controller Command Reference, Release 8.0

1102

OL-31334-01

config Commands

message_type (cont.)

31The WLAN security method is not correct.

32The WLAN encryption method is not correct.
33The WLAN authentication method is not correct.

Command Default

Command History

Examples

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to send a message to the client MAC address 172.19.28.40 with the message
user-action-required:
(Cisco Controller) >config client ccx send-message 172.19.28.40 user-action-required

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1103

config Commands

config client ccx stats-request

To send a request for statistics, use the config client ccx stats-request command.
config client ccx stats-request measurement_duration [dot11 | security] client_mac_address

Syntax Description

Command Default

Command History

Examples

measurement_duration

Measurement duration in seconds.

dot11

(Optional) Specifies dot11 counters.

security

(Optional) Specifies security counters.

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to specify dot11 counter settings:

(Cisco Controller) >config client ccx
Measurement duration = 1
dot11TransmittedFragmentCount
=
dot11MulticastTransmittedFrameCount =
dot11FailedCount
=
dot11RetryCount
=
dot11MultipleRetryCount
=
dot11FrameDuplicateCount
=
dot11RTSSuccessCount
=
dot11RTSFailureCount
=
dot11ACKFailureCount
=
dot11ReceivedFragmentCount
=
dot11MulticastReceivedFrameCount
=
dot11FCSErrorCount
=
dot11TransmittedFrameCount
=

stats-request 1 dot11 00:40:96:a8:f7:98

1
2
3
4
5
6
7
8
9
10
11
12
13

Cisco Wireless LAN Controller Command Reference, Release 8.0

1104

OL-31334-01

config Commands

config client ccx test-abort

To send a request to the client to abort the current test, use the config client ccx test-abort command.
config client ccx test-abort client_mac_address

Syntax Description

Command Default

Command History

client_mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Only one test can be pending at a time.

Examples

The following example shows how to send a request to the client 11:11:11:11:11:11 to abort the correct test
settings:
(Cisco Controller) >config client ccx test-abort 11:11:11:11:11:11

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1105

config Commands

config client ccx test-association

To send a request to the client to perform the association test, use the config client ccx test-association
command.
config client ccx test-association client_mac_address ssid bssid 802.11{a | b | g} channel

Syntax Description

Command Default

Command History

Examples

client_mac_address

MAC address of the client.

ssid

Network name.

bssid

Basic SSID.

802.11a

Specifies the 802.11a network.

802.11b

Specifies the 802.11b network.

802.11g

Specifies the 802.11g network.

channel

Channel number.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to send a request to the client MAC address 00:0E:77:31:A3:55 to perform
the basic SSID association test:
(Cisco Controller) >config client ccx test-association 00:E0:77:31:A3:55 ssid bssid 802.11a

Cisco Wireless LAN Controller Command Reference, Release 8.0

1106

OL-31334-01

config Commands

config client ccx test-dot1x

To send a request to the client to perform the 802.1x test, use the config client ccx test-dot1x command.
config client ccx test-dot1x client_mac_address profile_id bssid 802.11 {a | b | g} channel

Syntax Description

Command Default

Command History

Examples

client_mac_address

MAC address of the client.

profile_id

Test profile name.

bssid

Basic SSID.

802.11a

Specifies the 802.11a network.

802.11b

Specifies the 802.11b network.

802.11g

Specifies the 802.11g network.

channel

Channel number.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to send a request to the client to perform the 802.11b test with the profile
name profile_01:
(Cisco Controller) >config client ccx test-dot1x 172.19.28.40 profile_01 bssid 802.11b

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1107

config Commands

config client ccx test-profile

To send a request to the client to perform the profile redirect test, use the config client ccx test-profile
command.
config client ccx test-profile client_mac_address profile_id

Syntax Description

client_mac_address

MAC address of the client.

profile_id

Test profile name.

Note

Command Default

Command History

Examples

The profile_id should be from one of the client profiles for which client
reporting is enabled.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to send a request to the client to perform the profile redirect test with the
profile name profile_01:
(Cisco Controller) >config client ccx test-profile 11:11:11:11:11:11 profile_01

Cisco Wireless LAN Controller Command Reference, Release 8.0

1108

OL-31334-01

config Commands

config client deauthenticate

To disconnect a client, use the config client deauthenticate command.
config client deauthenticate {MAC | IPv4/v6_address | user_name}

Syntax Description

Command Default

Command History

Examples

MAC

Client MAC address.

IPv4/v6_address

IPv4 or IPv6 address.

user_name

Client user name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to deauthenticate a client using its MAC address:
(Cisco Controller) >config client deauthenticate 11:11:11:11:11

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1109

config Commands

config ipv6 disable

To disable IPv6 globally on the Cisco WLC, use the config ipv6 disable command .
config ipv6 disable

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When you use this command, the controller drops all IPv6 packets and the clients will not receive any IPv6
address.

Examples

The following example shows how to disable IPv6 on the controller:

(Cisco Controller) >config ipv6 disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1110

OL-31334-01

config Commands

config ipv6 enable

To enable IPv6 globally on the Cisco WLC, use the config ipv6 enable command.
config ipv6 enable

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable IPv6 on the Cisco WLC:
(Cisco Controller) >config ipv6 enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1111

config Commands

config ipv6 acl

Syntax Description

apply name

Applies an IPv6 ACL. An IPv6 ACL can contain up to 32 alphanumeric

characters.

cpu name

Applies the IPv6 ACL to the CPU.

cpu none

Configure none if you wish not to have a IPV6 ACL.

create

Creates an IPv6 ACL.

delete

Deletes an IPv6 ACL.

rule (action) (name) (index)

Configures rules in the IPv6 ACL to either permit or deny access. IPv6
ACL name can contains up to 32 alphanumeric characters and IPv6 ACL
rule index can be between 1 and 32.

{permit|deny}

Permit or deny the IPv6 rule action.

add name index

Adds a new rule and rule index.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1112

OL-31334-01

config Commands

change name old_index

new_index

Changes a rules index.

delete name index

Deletes a rule and rule index.

destination address name

index ip_addr prefix-len

Configures a rules destination IP address and prefix length (between 0 and

128).

destination port name index

Configure a rule's destination port range. Enter IPv6 ACL name and set an
rule index for it.

direction name index

{in|out|any}

Configures a rules direction to in, out, or any.

dscp name index dscp

Configures a rules DSCP. For rule index of DSCP, select a number between
0 and 63, or any.

protocol name index protocol Configures a rules protocol. Enter a name and set an index between 0 and
255 or any
source address name index
ip_address prefix-len

Configures a rules source IP address and netmask.

source port range name index Configures a rules source port range.
start_port end_port
swap index name index_1
index_2

Command Default

Command History

Swaps two rules indices.

After adding an ACL, the config ipv6 acl cpu is by default configured as enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6..

8.0

Updated this command, added cpu {ipv6_acl_name |none}.

Usage Guidelines

Examples

The following example shows how to configure an IPv6 ACL to permit access:
(Cisco Controller) >config ipv6 acl rule action lab1 4 permit

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1113

config Commands

Examples

The following example shows how to configure an interface ACL:

(Cisco Controller) > config ipv6 interface acl management IPv6-Acl

Related Commands

show ipv6 acl detailed

show ipv6 acl cpu

Cisco Wireless LAN Controller Command Reference, Release 8.0

1114

OL-31334-01

config Commands

config ipv6 capwap

To enable or disable an IPv6 CAPWAP UDPLite for CAPWAP AP on the Cisco Wireless LAN Controller,
use the config ipv6 capwap command.
config ipv6 capwap udplite {enable|disable} [all|<Cisco AP>]

Syntax Description

Command Default

Command History

Usage Guidelines

updlite

Configure IPv6 for CAPWAP UDP Lite.

enable

Enables IPv6 CAPWAP UDP Lite.

disable

Disables IPv6 CAPWAP UDP Lite.

all

Enables or disables IPv6 CAPWAP UDP Lite on all Cisco

APs.

Enables or disables IPv6 CAPWAP UDP Lite on the user

defined Cisco AP.

The config ipv6 capwap udplite command is by default configured as enabled.

Release

Modification

8.0

This command was introduced in Release 8.0

IPv6 CAPWAP UDP Lite configuration applies only to APs that are connected to controller using IPv6
tunnel.
For APs connected to WLC using IPv4 Tunnel, IPv6 CAPWAP UDPLite command will not apply on
either global configuration or on Per AP.
IPv6 mandates complete payload checksum for UDP and this will have performance implications. To
minimize the impact, UDPLite (mandates only header checksum) will be used for data traffic and UDP
for control traffic.
Usage UDP Lite will have an impact on the firewall. Intermediate firewall must be configured to allow
UDP Lite protocol (protocol ID of 136) packets.
Turning off UDP Lite will cause performance issues on packet handling.
Changing from UDP to UDPLite or vice-versa will enforce the AP to dis-join and re-join.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1115

config Commands

Examples

The following example shows how to configure an IPv6 CAPWAP UDP Lite on All Cisco APs or on a
particular Cisco AP:
(Cisco Controller) >config ipv6 capwap udplite enable all
Changing AP's IPv6 Capwap UDP Lite mode will cause the AP to rejoin.
Are you sure you want to continue? (y/n)

Related Commands

show ipv6 summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

1116

OL-31334-01

config Commands

config ipv6 interface

To configure IPv6 system interfaces, use the config ipv6 interfacecommand.
config ipv6 interface {acl|address|slaac}
config ipv6 interface acl management acl_name
config ipv6 interface address {management primary ipv6_address prefix_length ipv6_gateway_address
|service-port ipv6_address prefix-length}
config ipv6 interface slacc service-port [enable|disable]

Syntax Description

acl

Configures IPv6 on an interface's Access Control List.

management

Configures the management interface.

acl_name

Enter IPv6 ACL name for the management ACL. It supports

up to 32 alphanumeric characters.

address

Configures IPv6 on an interface's address information.

management

Configures the management interface.

primary

Configures the primary IPv6 Address for an interface

ipv6_address

Configures an interface with IPv6 address information.

prefix_length

Configures IPv6 Prefix length. The range for prefix length is

1 to 127.

ipv6_gateway_address

Configures the Link Layer IPv6 gateway Address.

service-port

Configures IPv6 on the out-of-band service Port.

ipv6_address

Configures an interface with IPv6 address information.

prefix_length

Configures IPv6 Prefix length. The range for prefix length is

1 to 127.

slacc

Configures SLAAC options on an interface.

service-port

Configures IPv6 on the out-of-band service Port.

enable

Enables SLAAC Option

disable

Disables SLAAC Option

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1117

config Commands

Command Default

Command History

Examples

None.

Release

Modification

8.0

This command was introduced in Release 8.0.

The following example shows how to configure an IPv6 ACL management interface:
(Cisco Controller) >config ipv6 interface acl management Test_ACL

Examples

The following example shows how to configure an IPv6 address and primary interface:
(Cisco Controller) > config ipv6 interface address management primary 2001:9:10:56::44 64
fe80::aea0:16ff:fe4f:2244

Related Commands

show interface detailed management

show ipv6 interface summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

1118

OL-31334-01

config Commands

config ipv6 multicast

To configure IPv6 multicast, use the config ipv6 multicastcommand.
config ipv6 multicast mode {unicast|multicast ipv6_address}

Syntax Description

mode

Configure the controller to AP Multicast or Broadcast IPv6

traffic forwarding mode.

unicast

Multicast/Broadcasted IPv6 packets are encapsulated in unicast

CAPWAP tunnel to AP.

multicast

Multicast/Broadcasted IPv6 packets are encapsulated in

multicast CAPWAP tunnel to AP.

ipv6_address

Configures IPv6 multicast address.

Command Default

By default, multicast is enabled on Cisco WLC 8500 and Cisco WLC 2500.
By default, unicast is enabled on Cisco WLC 5500.

Command History

Release

Modification

8.0

This command was introduced in Release 8.0.

Usage Guidelines

none...

Examples

The following example shows how to configure an IPv6 multicast on Cisco WLC, to permit access:
(Cisco Controller) >config ipv6 multicast 2001:DB8:0000:0000:0000:0000:0000:0001

Examples

The following example shows how to configure an IPv6 unicast on Cisco WLC, to permit access:
(Cisco Controller) > config ipv6 multicast mode unicast

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1119

config Commands

config ipv6 neighbor-binding

To configure the Neighbor Binding table on the Cisco wireless LAN controller, use the config ipv6
neighbor-binding command.
config ipv6 neighbor-binding {timers {down-lifetime down_time | reachable-lifetime reachable_time |
stale-lifetime stale_time } | { ra-throttle {allow at-least at_least_value} | enable | disable | interval-option
{ ignore | passthrough | throttle } | max-through {no_mcast_RA | no-limit} | throttle-period
throttle_period}}

Syntax Description

timers

Configures the neighbor binding table timeout

timers.

down-lifetime

Configures the down lifetime.

down_time

Down lifetime in seconds. The range is from 0 to

86400. The default is 30 seconds.

reachable-lifetime

Configures the reachable lifetime.

reachable_time

Reachable lifetime in seconds. The range is from 0

to 86400. The default is 300 seconds.

stale-lifetime

Configures the stale lifetime.

stale_time

Stale lifetime in seconds. The range is from 0 to

86400. The default is 86400 seconds.

ra-throttle

Configures IPv6 RA throttling options.

allow

Specifies the number of multicast RAs per router

per throttle period.

at_least_value

Number of multicast RAs from router before

throttling. The range is from 0 to 32. The default is
1.

enable

Enables IPv6 RA throttling.

disable

Disables IPv6 RA throttling.

interval-option

Adjusts the behavior on RA with RFC3775 interval

option.

ignore

Indicates interval option has no influence on

throttling.

passthrough

Indicates all RAs with RFC3775 interval option will

be forwarded (default).

Cisco Wireless LAN Controller Command Reference, Release 8.0

1120

OL-31334-01

config Commands

Command Default

Command History

Examples

throttle

Indicates all RAs with RFC3775 interval option will

be throttled.

max-through

Specifies unthrottled multicast RAs per VLAN per

throttle period.

no_mcast_RA

Number of multicast RAs on VLAN by which

throttling is enforced. The default multicast RAs on
vlan is 10.

no-limit

Configures no upper bound at the VLAN level.

throttle-period

Configures the throttle period.

throttle_period

Duration of the throttle period in seconds. The range

is from 10 to 86400 seconds. The default is 600
seconds.

This command is disabled by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the Neighbor Binding table:
(Cisco Controller) >config ipv6 neighbor-binding ra-throttle enable

Related Commands

show ipv6 neighbor-binding

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1121

config Commands

config ipv6 na-mcast-fwd

To configure the Neighbor Advertisement multicast forwarding, use the config ipv6 na-mcast-fwd command.
config ipv6 na-mcast-fwd {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables Neighbor Advertisement multicast

forwarding.

disable

Disables Neighbor Advertisement multicast

forwarding.

None

Release

Modification

7.5

This command was introduced.

If you enable Neighbor Advertisement multicast forwarding, all the unsolicited multicast Neighbor
Advertisement from wired or wireless is not forwarded to wireless.
If you disable Neighbor Advertisement multicast forwarding, IPv6 Duplicate Address Detection (DAD) of
the controller is affected.

Examples

The following example shows how to configure an Neighbor Advertisement multicast forwarding:
(Cisco Controller) >config ipv6 na-mcast-fwd enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1122

OL-31334-01

config Commands

config ipv6 ns-mcast-fwd

To configure the nonstop multicast cache miss forwarding, use the config ipv6 ns-mcast-fwd command.
config ipv6 ns-mcast-fwd {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables nonstop multicast forwarding on a cache

miss.

disable

Disables nonstop multicast forwarding on a cache

miss.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure an nonstop multicast forwarding:

(Cisco Controller) >config ipv6 ns-mcast-fwd enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1123

config Commands

config ipv6 ra-guard

To configure the filter for Router Advertisement (RA) packets that originate from a client on an AP, use the
config ipv6 ra-guard command.
config ipv6 ra-guard ap {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables RA guard on an AP.

disable

Disables RA guard on an AP.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable IPv6 RA guard:

(Cisco Controller) >config ipv6 ra-guard enable

Related Commands

show ipv6 ra-guard

Cisco Wireless LAN Controller Command Reference, Release 8.0

1124

OL-31334-01

config Commands

config ipv6 route

To add or delete an IPv6 network route, use the config ipv6 routecommand.
config ipv6 route {add network_ipv6_addr prefix-len ipv6_gw_addr |delete network _ipv6 addr }

Syntax Description

Command Default

Command History

Usage Guidelines

add

Adds an IPv6 network route.

network_ipv6_addr

Enter the networks IPv6 address.

prefix-len

Enter the prefix length for the network.

ipv6_gw_addr

Configures the system interfaces.

delete

Deletes an IPv6 network route.

network_ipv6_addr

Enter the networks IPv6 address.

None

Release

Modification

8.0

This command was introduced in Release 8.0.

This command is used to add and delete an IPv6 network route to access service interface over IPv6
from different network.
While adding IPv6 route, IPv6 Gateway Address must be a link local scope (FE80::/64).

Examples

The following example shows how to add an IPv6 route:

(Cisco Controller) > config ipv6 route add 3010:1111:2222:abcd:abcd:abcd:abcd:1111 64
fe80::6616:8dff:fed3:c0cf

Examples

The following example shows how to delete an IPv6 route:

(Cisco Controller) > config ipv6 route delete 2001:9:5:90::115

Related Commands

show ipv6 route summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1125

config Commands

config remote-lan
To configure a remote LAN, use the config remote-lan command.
config remote-lan {enable | disable} {remote-lan-id | all}

Syntax Description

Command Default

Command History

Examples

enable

Enables a remote LAN.

disable

Disables a remote LAN.

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

all

Configures all wireless LANs.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable a remote LAN with ID 2:

(Cisco Controller) >config remote-lan enable 2

Cisco Wireless LAN Controller Command Reference, Release 8.0

1126

OL-31334-01

config Commands

config remote-lan aaa-override

To configure user policy override through AAA on a remote LAN, use the config remote-lan aaa-override
command.
config remote-lan aaa-override {enable | disable} remote-lan-id

Syntax Description

Command Default

Command History

Examples

enable

Enables user policy override through AAA on a remote LAN.

disable

Disables user policy override through AAA on a remote LAN.

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable user policy override through AAA on a remote LAN where the
remote LAN ID is 2:
(Cisco Controller) >config remote-lan aaa-override enable 2

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1127

config Commands

config remote-lan acl

To specify an access control list (ACL) for a remote LAN, use the config remote-lan acl command.
config remote-lan acl remote-lan-id acl_name

Syntax Description

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

acl_name

ACL name.
Note

Command Default

Command History

Examples

Use the show acl summary command to know the ACLs

available.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to specify ACL1 for a remote LAN whose ID is 2:
(Cisco Controller) >config remote-lan acl 2 ACL1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1128

OL-31334-01

config Commands

config remote-lan create

To configure a new remote LAN connection, use the config remote-lan create command.
config remote-lan create remote-lan-id name

Syntax Description

Command Default

Command History

Examples

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

name

Remote LAN name. Valid values are up to 32 alphanumeric characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure a new remote LAN, MyRemoteLAN, with the LAN ID as
3:
(Cisco Controller) >config remote-lan create 3 MyRemoteLAN

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1129

config Commands

config remote-lan custom-web

To configure web authentication for a remote LAN, use the config remote-lan custom-web command.
config remote-lan custom-web {ext-webauth-url URL } | global {enable | disable} | login-page page-name
| loginfailure-page {page-name | none} | logout-page {page-name | none} | webauth-type {internal
|customized | external}} remote-lan-id

Syntax Description

Command Default

Command History

ext-webauth-url

Configures an external web authentication URL.

URL

Web authentication URL for the Login page.

global

Configures the global status for the remote LAN.

enable

Enables the global status for the remote LAN.

disable

Disables the global status for the remote LAN.

Configures a login page.

page-name

Login page name.

none

Configures no login page.

logout-page

Configures a logout page.

none

Configures no logout page.

webauth-type

Configures the web authentication type for the remote LAN.

internal

Displays the default login page.

customized

Displays a downloaded login page.

external

Displays a login page that is on an external server.

name

Remote LAN name. Valid values are up to 32 alphanumeric characters.

remote-lan-id

Remote LAN identifier. Valid values are from 1 to 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1130

OL-31334-01

config Commands

Usage Guidelines

Follow these guidelines when you use the config remote-lan custom-web command:
When you configure the external Web-Auth URL, do the following:
Ensure that Web-Auth or Web-Passthrough Security is in enabled state. To enable Web-Auth, use
the config remote-lan security web-auth enable command. To enable Web-Passthrough, use the
config remote-lan security web-passthrough enable command.
Ensure that the global status of the remote LAN is in disabled state. To enable the global status of
the remote LAN, use the config remote-lan custom-web global disable command.
Ensure that the remote LAN is in disabled state. To disable a remote LAN, use the config remote-lan
disable command.
When you configure the Web-Auth type for the remote LAN, do the following:
When you configure a customized login page, ensure that you have a login page configured. To
configure a login page, use the config remote-lan custom-web login-page command.
When you configure an external login page, ensure that you have configured preauthentication
ACL for external web authentication to function.

Examples

The following example shows how to configure an external web authentication URL for a remote LAN with
ID 3:
(Cisco Controller) >config remote-lan custom-web ext-webauth-url
http://www.AuthorizationURL.com/ 3

The following example shows how to enable the global status of a remote LAN with ID 3:
(Cisco Controller) >config remote-lan custom-web global enable 3

The following example shows how to configure the login page for a remote LAN with ID 3:
(Cisco Controller) >config remote-lan custom-web login-page custompage1 3

The following example shows how to configure a web authentication type with the default login page for a
remote LAN with ID 3:
(Cisco Controller) >config remote-lan custom-web webauth-type internal 3

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1131

config Commands

config remote-lan delete

To delete a remote LAN connection, use the config remote-lan delete command.
config remote-lan delete remote-lan-id

Syntax Description

Command Default

Command History

Examples

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to delete a remote LAN with ID 3:

(Cisco Controller) >config remote-lan delete 3

Cisco Wireless LAN Controller Command Reference, Release 8.0

1132

OL-31334-01

config Commands

config remote-lan dhcp_server

To configure a dynamic host configuration protocol (DHCP) server for a remote LAN, use the config
remote-lan dhcp_server command.
config remote-lan dhcp_server remote-lan-id ip_address

Syntax Description

Command Default

Command History

Examples

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

ip_addr

IPv4 address of the override DHCP server.

0.0.0.0 is set as the default interface value.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports only IPv4 address format.

The following example shows how to configure a DHCP server for a remote LAN with ID 3:
(Cisco Controller) >config remote-lan dhcp_server 3 209.165.200.225

Related Commands

show remote-lan

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1133

config Commands

config remote-lan exclusionlist

To configure the exclusion list timeout on a remote LAN, use the config remote-lan exclusionlist command.
config remote-lan exclusionlist remote-lan-id {seconds | disabled | enabled}

Syntax Description

Command Default

Command History

Examples

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

seconds

Exclusion list timeout in seconds. A value of 0 requires an

administrator override.

disabled

Disables exclusion listing.

enabled

Enables exclusion listing.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the exclusion list timeout to 20 seconds on a remote LAN
with ID 3:
(Cisco Controller) >config remote-lan exclusionlist 3 20

Cisco Wireless LAN Controller Command Reference, Release 8.0

1134

OL-31334-01

config Commands

config remote-lan interface

To configure an interface for a remote LAN, use the config remote-lan interface command.
config remote-lan interface remote-lan-id interface_name

Syntax Description

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

interface_name

Interface name.
Note

Command Default

Command History

Examples

Interface name should not be in upper case

characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure an interface myinterface for a remote LAN with ID 3:
(Cisco Controller) >config remote-lan interface 3 myinterface

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1135

config Commands

config remote-lan ldap

To configure a remote LANs LDAP servers, use the config remote-lan ldap command.
config remote-lan ldap {add | delete} remote-lan-id index

Syntax Description

Command Default

Command History

Examples

add

Adds a link to a configured LDAP server (maximum of three).

delete

Deletes a link to a configured LDAP server.

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

index

LDAP server index.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add an LDAP server with the index number 10 for a remote LAN with
ID 3:
(Cisco Controller) >config remote-lan ldap add 3 10

Cisco Wireless LAN Controller Command Reference, Release 8.0

1136

OL-31334-01

config Commands

config remote-lan mac-filtering

To configure MAC filtering on a remote LAN, use the config remote-lan mac-filtering command.
config remote-lan mac-filtering {enable | disable} remote-lan-id

Syntax Description

Command Default

Command History

Examples

enable

Enables MAC filtering on a remote LAN.

disable

Disables MAC filtering on a remote LAN.

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

MAC filtering on a remote LAN is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable MAC filtering on a remote LAN with ID 3:
(Cisco Controller) >config remote-lan mac-filtering disable 3

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1137

config Commands

config remote-lan max-associated-clients

To configure the maximum number of client connections on a remote LAN, use the config remote-lan
max-associated-clients command.
config remote-lan max-associated-clients remote-lan-id max-clients

Syntax Description

Command Default

Command History

Examples

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

max-clients

Configures the maximum number of client connections on a

remote LAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure 10 client connections on a remote LAN with ID 3:
(Cisco Controller) >config remote-lan max-associated-clients 3 10

Cisco Wireless LAN Controller Command Reference, Release 8.0

1138

OL-31334-01

config Commands

config remote-lan radius_server

To configure the RADIUS servers on a remote LAN, use the config remote-lan radius_server command.
config remote-lan radius_server {acct {{add | delete} server-index | {enable | disable} | interim-update
{interval | enable | disable}} | auth {{add | delete} server-index | {enable | disable }} | overwrite-interface
{enable | disable}} remote-lan-id

Syntax Description

Command Default

acct

Configures a RADIUS accounting server.

add

Adds a link to a configured RADIUS server.

delete

Deletes a link to a configured RADIUS server.

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

server-index

RADIUS server index.

enable

Enables RADIUS accounting for this remote LAN.

disable

Disables RADIUS accounting for this remote LAN.

interim-update

Enables RADIUS accounting for this remote LAN.

interval

Accounting interim interval. The range is from 180 to 3600

seconds.

OL-31334-01

1139

config Commands

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable RADIUS accounting for a remote LAN with ID 3:
(Cisco Controller) >config remote-lan radius_server acct enable 3

Cisco Wireless LAN Controller Command Reference, Release 8.0

1140

OL-31334-01

config Commands

config remote-lan security

To configure security policy for a remote LAN, use the config remote-lan security command.
config remote-lan security {{web-auth {enable | disable | acl | server-precedence} remote-lan-id |
{web-passthrough {enable | disable | acl | email-input} remote-lan-id}}

Syntax Description

Command Default

Command History

Examples

web-auth

Specifies web authentication.

enable

Enables the web authentication settings.

disable

Disables the web authentication settings.

acl

Configures an access control list.

server-precedence

Configures the authentication server precedence order for web authentication

users.

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

email-input

Configures the web captive portal using an e-mail address.

web-passthrough

Specifies the web captive portal with no authentication required.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the security web authentication policy for remote LAN ID
1:
(Cisco Controller) >config remote-lan security web-auth enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1141

config Commands

config remote-lan session-timeout

To configure client session timeout, use the config remote-lan session-timeout command.
config remote-lan session-timeout remote-lan-id seconds

Syntax Description

Command Default

Command History

Examples

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

seconds

Timeout or session duration in seconds. A value of zero is equivalent to no

timeout.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the client session timeout to 6000 seconds for a remote LAN
with ID 1:
(Cisco Controller) >config remote-lan session-timeout 1 6000

Cisco Wireless LAN Controller Command Reference, Release 8.0

1142

OL-31334-01

config Commands

config remote-lan webauth-exclude

To configure web authentication exclusion on a remote LAN, use the config remote-lan webauth-exclude
command.
config remote-lan webauth-exclude remote-lan-id {enable | disable}

Syntax Description

Command Default

Command History

Examples

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

enable

Enables web authentication exclusion on the remote LAN.

disable

Disables web authentication exclusion on the remote LAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

probe-response

Configures the probe response for a RF profile.

enable

Enables probe response suppression on clients operating in the 2.4-GHz band

for a RF profile.

disable

Disables probe response suppression on clients operating in the 2.4-GHz band

for a RF profile.

profile name

Name of the RF profile. The profile name can be up to 32 case-sensitive,

alphanumeric characters.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1144

OL-31334-01

config Commands

Command Default

The default value for client RSSI is 80 dBm.

The default cycle count is 2.
The default cycle threshold is 200 milliseconds.
The default value for dual-band expiration is 60 seconds.
The default value for suppression expiration is 20 seconds.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When you enable band select on a WLAN, the access point suppresses client probes on 2.4-GHz and moves
the dual band clients to the 5-Ghz spectrum. The band-selection algorithm directs dual-band clients only from
the 2.4-GHz radio to the 5-GHz radio of the same access point, and it only runs on an access point when both
the 2.4-GHz and 5-GHz radios are up and running. Band selection can be used only with Cisco Aironet 1040,
1140, and 1250 Series and the 3500 series access points.

Examples

The following example shows how to configure the client RSSI:

(Cisco Controller) >config rf-profile band-select client-rssi -70

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1145

config Commands

config rf-profile channel

To configure the RF profile DCA settings, use the config rf-profile channel command.
config rf-profile channel {add chan profile name | delete chan profile name | foreign {enable | disable}
profile name | chan-width {20 | 40 | 80} profile name}

Syntax Description

Command Default

Command History

Examples

add

Adds channel to the RF profile DCA channel list.

delete

Removes channel from the RF profile DCA channel list.

foreign

Configures the RF profile DCA foreign AP contribution.

chan-width

Configures the RF profile DCA channel width.

chan

Specifies channel number.

profile name

Specifies the name of the RF profile. The profile name can be up to 32

case-sensitive, alphanumeric characters.

enable

Enables foreign AP interference.

disable

Disables foreign AP interference.

{20 | 40 | 80}

Specifies RF Profile DCA channel width.

None

Release

Modification

8.0

This command was introduced.

The following example shows how to add a channel to the RF profile DCA channel list:
(Cisco Controller) >config rf-profile channel add 40 admin1

The following example shows how to configure the RF profile DCA channel width:
(Cisco Controller) >config rf-profile channel chan-width 40 admin1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1146

OL-31334-01

config Commands

config rf-profile client-trap-threshold

To configure the threshold value of the number of clients that associate with an access point, after which an
SNMP trap is sent to the controller, use the config rf-profile client-trap-threshold command.
config rf-profile client-trap-threshold threshold profile_name

Syntax Description

Command Default

Command History

Examples

threshold

Threshold value of the number of clients that associate with an access point, after
which an SNMP trap is sent to the controller. The range is from 0 to 200. Traps are
disabled if the threshold value is configured as zero.

profile_name

Name of the RF profile. The profile name can be up to 32 case-sensitive,

alphanumeric characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the threshold value of the number of clients that associate
with an access point:
(Cisco Controller) >config rf-profile client-trap-threshold 150

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1147

config Commands

config rf-profile create

To create a RF profile, use the config rf-profile create command.
config rf-profile create {802.11a | 802.11b/g} profile-name

Syntax Description

Command Default

Command History

Examples

802.11a

Configures the RF profile for the 2.4GHz band.

802.11b/g

Configures the RF profile for the 5GHz band.

profile-name

Name of the RF profile.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to create a new RF profile:

(Cisco Controller) >config rf-profile create 802.11a RFtestgroup1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1148

OL-31334-01

config Commands

config rf-profile coverage

To configure the RF profile coverage hole detection parameters, use the config rf-profile coverage command.
config rf-profile coverage {data coverage_level | exception clients | level value | voice coverage_level }
profile_name

Syntax Description

data

Configures the threshold value of the data RSSI.

coverage_level

Minimum receive signal strength indication (RSSI) value of data packets received by
the access point. The value that you configure is used to identify coverage holes within
the network. If the access point receives a packet in the data queue with an RSSI value
below the value that you enter here, a potential coverage hole is detected. The range is
from 90 to 60 dBm. The access point takes voice RSSI measurements every 5 seconds
and reports them to the controller in 90-second intervals.

exception

Configures the coverage exception per access point.

clients

Minimum number of clients on an access point with an RSSI value at or below the data
or voice RSSI threshold. The range is from 1 to 75. The default value is 3.

voice

Configures the threshold value of the voice RSSI.

coverage_level

Minimum receive signal strength indication (RSSI) value of voice packets received by
the access point. The value that you configure is used to identify coverage holes within
the network. If the access point receives a packet in the data queue with an RSSI value
below the value that you enter here, a potential coverage hole is detected. The range is
from 90 to 60 dBm. The access point takes voice RSSI measurements every 5 seconds
and reports them to the controller in 90-second intervals.

level

Configures the coverage exception level per AP.

value

Coverage exception level per AP. Percentage of clients on an access point that are
experiencing a low signal level but cannot roam to another access point.
The controller determines if the coverage hole can be corrected and, if appropriate,
mitigates the coverage hole by increasing the transmit power level for that specific
access point.

profile_name

Command Default

Name of the RF profile. The profile name can be up to 32 case-sensitive, alphanumeric

characters.

The default value of the data coverage level is 80 dBm.

The default value of the minimum number of clients on an access point with an RSSI value at or below the
data or voice RSSI threshold is 3.
The default value of the percentage of clients on an access point that are experiencing a low signal level is
25%.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1149

config Commands

The default value of the voice coverage level is 80 dBm.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the threshold value of the data RSSI:
(Cisco Controller) >config rf-profile coverage data -80

The following example shows how to configure the minimum client coverage exception level:
(Cisco Controller) >config rf-profile coverage exception 10

The following example shows how to configure the coverage exception level per AP:
(Cisco Controller) >config rf-profile coverage level 30

Cisco Wireless LAN Controller Command Reference, Release 8.0

1150

OL-31334-01

config Commands

config rf-profile data-rates

To configure the data rate on a RF profile, use the config rf-profile data-rates command.
config rf-profile data-rates {802.11a |802.11b } {disabled | mandatory | supported} data-rate profile-name

Syntax Description

Command Default

802.11a

Specifies 802.11a as the radio policy of the RF profile.

802.11b

Specifies 802.11b as the radio policy of the RF profile.

disabled

Disables a rate.

mandatory

Sets a rate to mandatory.

supported

Sets a rate to supported.

data-rate

802.11 operational rates, which are 1, 2, 5.5, 6, 9, 11,

12, 18, 24, 36, 48 and 54, where * denotes 802.11b only rates.

profile-name

Name of the RF profile.

Default data rates for RF profiles are derived from the controller system defaults, the global data rate
configurations. For example, if the RF profile's radio policy is mapped to 802.11a then the global 802.11a
data rates are copied into the RF profiles at the time of creation.
The data rates set with this command are negotiated between the client and the Cisco wireless LAN controller.
If the data rate is set to mandatory, the client must support it in order to use the network. If a data rate is set
as supported by the Cisco wireless LAN controller, any associated client that also supports that rate may
communicate with the Cisco lightweight access point using that rate. It is not required that a client is able to
use all the rates marked supported in order to associate.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the 802.11b transmission of an RF profile at a mandatory rate at 12
Mbps:
(Cisco Controller) >config rf-profile 802.11b data-rates mandatory 12 RFGroup1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1151

config Commands

config rf-profile delete

To delete a RF profile, use the config rf-profile delete command.
config rf-profile delete profile-name

Syntax Description

Command Default

Command History

Examples

profile-name

Name of the RF profile.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to delete a RF profile:

(Cisco Controller) >config rf-profile delete RFGroup1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1152

OL-31334-01

config Commands

config rf-profile description

To provide a description to a RF profile, use the config rf-profile description command.
config rf-profile description description profile-name

Syntax Description

Command Default

Command History

Examples

description

Description of the RF profile.

profile-name

Name of the RF profile.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add a description to a RF profile:

(Cisco Controller) >config rf-profile description This is a demo desciption RFGroup1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1153

config Commands

config rf-profile load-balancing

To configure load balancing on an RF profile, use the config rf-profile load-balancing command.
config rf-profile load-balancing {window clients | denial value} profile_name

Syntax Description

window

Configures the client window for load balancing of an RF profile.

clients

Client window size that limits the number of client associations with an access point. The
range is from 0 to 20. The default value is 5.
The window size is part of the algorithm that determines whether an access point is too
heavily loaded to accept more client associations:
load-balancing window + client associations on AP with lightest load = load-balancing
threshold
Access points with more client associations than this threshold are considered busy, and
clients can associate only to access points with client counts lower than the threshold. This
window also helps to disassociate sticky clients.

denial

Configures the client denial count for load balancing of an RF profile.

value

Maximum number of association denials during load balancing. The range is from 1 to 10.
The default value is 3.
When a client tries to associate on a wireless network, it sends an association request to
the access point. If the access point is overloaded and load balancing is enabled on the
controller, the access point sends a denial to the association request. If there are no other
access points in the range of the client, the client tries to associate the same access point
again. After the maximum denial count is reached, the client is able to associate. Association
attempts on an access point from any client before associating any AP is called a sequence
of association. The default is 3.

profile_name

Command Default

Command History

Examples

Name of the RF profile. The profile name can be up to 32 case-sensitive, alphanumeric

characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the client window size for an RF profile:
(Cisco Controller) >config rf-profile load-balancing window 15

Cisco Wireless LAN Controller Command Reference, Release 8.0

1154

OL-31334-01

config Commands

config rf-profile max-clients

To configure the maximum number of client connections per access point of an RF profile, use the config
rf-profile max-clients commands.
config rf-profile max-clients clients

Syntax Description

Command Default

Command History

clients

Maximum number of client connections per access point of an RF profile. The

range is from 1 to 200.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You can use this command to configure the maximum number of clients on access points that are in client
dense areas, or serving high bandwidth video or mission critical voice applications.

Examples

The following example shows how to set the maximum number of clients at 50:
(Cisco Controller) >config rf-profile max-clients 50

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1155

config Commands

config rf-profile multicast data-rate

To configure the minimum RF profile multicast data rate, use the config rf-profile multicast data-rate
command.
config rf-profile multicast data-rate value profile_name

Syntax Description

Command Default

Command History

Examples

value

Minimum RF profile multicast data rate. The options are 6, 9, 12, 18, 24, 36, 48,
54. Enter 0 to specify that access points will dynamically adjust the data rate.

profile_name

Name of the RF profile. The profile name can be up to 32 case-sensitive,

alphanumeric characters.

The minimum RF profile multicast data rate is 0.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the multicast data rate for an RF profile:
(Cisco Controller) >config rf-profile multicast data-rate 24

Cisco Wireless LAN Controller Command Reference, Release 8.0

1156

OL-31334-01

config Commands

config rf-profile out-of-box

To create an out-of-box AP group consisting of newly installed access points, use the config rf-profile
out-of-box command.
config rf-profile out-of-box {enable | disable}

Syntax Description

enable

Enables the creation of an out-of-box AP group. When you enable this command, the following
occurs:
Newly installed access points that are part of the default AP group will be part of the
out-of-box AP group and their radios will be switched off, which eliminates any RF
instability caused by the new access points.
All access points that do not have a group name become part of the out-of-box AP group.
Special RF profiles are created per 802.11 band. These RF profiles have default-settings
for all the existing RF parameters and additional new configurations.

disable

Command Default

Command History

Disables the out-of-box AP group. When you disable this feature, only the subscription of
new APs to the out-of-box AP group stops. All APs that are subscribed to the out-of-box AP
group remain in this AP group. You can move APs to the default group or a custom AP group
upon network convergence.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When an out-of-box AP associates with the controller for the first time, it will be redirected to a special AP
group and the RF profiles applicable to this AP Group will control the radio admin state configuration of the
AP. You can move APs to the default group or a custom group upon network convergence.

Examples

The following example shows how to enable the creation of an out-of-box AP group:
(Cisco Controller) >config rf-profile out-of-box enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1157

config Commands

config rf-profile rx-sop threshold

To configure high, medium or low Rx SOP threshold values for each 802.11 band, use the config rf-profile
rx-sop threshold command.
config rf-profile rx-sop threshold {high | medium | low | auto} profile_name

Syntax Description

Command Default

Command History

Examples

high

Configures the high Rx SOP threshold value for an RF profile.

medium

Configures the medium Rx SOP threshold value for an RF profile.

low

Configures the low Rx SOP threshold value for an RF profile.

auto

Configures an auto Rx SOP threshold value for an RF profile. When you choose
auto, the access point determines the best Rx SOP threshold value.

profile_name

RF profile on which the Rx SOP threshold value will be configured.

The default Rx SOP threshold option is auto.

Release

Modification

8.0

This command was introduced.

The following example shows how to configure the high Rx SOP threshold value on an RF profile:
(Cisco Controller) > config 802.11 rx-sop threshold high T1a

Cisco Wireless LAN Controller Command Reference, Release 8.0

1158

OL-31334-01

config Commands

config rf-profile trap-threshold

To configure the RF profile trap threshold, use the config rf-profile trap-threshold command.
config rf-profile trap-threshold {clients clients profile name | interference percent profile name | noise
dBm profile name | utilization percent profile name}

Syntax Description

Command Default

Command History

Examples

clients

Configures the RF profile trap threshold for clients.

clients

The number of clients on an access point's radio for the trap is between 1 and
200. The default is 12 clients.

profile name

Specifies the name of the RF profile. The profile name can be up to 32

case-sensitive, alphanumeric characters.

interference

Configures the RF profile trap threshold for interference.

percent

The percentage of interference threshold for the trap is from 0 to 100 %. The
default is 10 %.

noise

Configures the RF profile trap threshold for noise.

dBM

The level of noise threshold for the trap is from -127 to 0 dBm. The default is
-17 dBm.

utilization

Configures the RF profile trap threshold for utilization.

percent

The percentage of bandwidth being used by an access point threshold for the
trap is from 0 to 100 %. The default is 80 %.

None

Release

Modification

8.0

This command was introduced.

The following example shows how to configure the RF profile trap threshold for clients:
(Cisco Controller) >config rf-profile trap-threshold clients 50 admin1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1159

config Commands

config rf-profile tx-power-control-thresh-v1

To configure Transmit Power Control version1 (TPCv1) to an RF profile, use the config rf-profile
tx-power-control-thresh-v1 command.
config rf-profile tx-power-control-thresh-v1 tpc-threshold profile_name

Syntax Description

Command Default

Command History

Examples

tpc-threshold

TPC threshold.

profile-name

Name of the RF profile.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure TPCv1 on an RF profile:

(Cisco Controller) >config rf-profile tx-power-control-thresh-v1 RFGroup1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1160

OL-31334-01

config Commands

config rf-profile tx-power-control-thresh-v2

To configure Transmit Power Control version 2 (TPCv2) to an RF profile, use the config rf-profile
tx-power-control-thresh-v2 command.
config rf-profile tx-power-control-thresh-v2 tpc-threshold profile-name

Syntax Description

Command Default

Command History

Examples

tpc-threshold

TPC threshold.

profile-name

Name of the RF profile.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure TPCv2 on an RF profile:

(Cisco Controller) >config rf-profile tx-power-control-thresh-v2 RFGroup1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1161

config Commands

config rf-profile tx-power-max

To configure maximum auto-rf to an RF profile, use the config rf-profile tx-power-max command.
config rf-profile tx-power-max profile-name

Syntax Description

Command Default

Command History

Examples

tx-power-max

Maximum auto-rf tx power.

profile-name

Name of the RF profile.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure tx-power-max on an RF profile:

(Cisco Controller) >config rf-profile tx-power-max RFGroup1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1162

OL-31334-01

config Commands

config rf-profile tx-power-min

To configure minimum auto-rf to an RF profile, use the config rf-profile tx-power-min command.
config rf-profile tx-power-min tx-power-min profile-name

Syntax Description

Command Default

Command History

Examples

tx-power-min

Minimum auto-rf tx power.

profile-name

Name of the RF profile.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure tx-power-min on an RF profile:

(Cisco Controller) >config rf-profile tx-power-min RFGroup1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1163

config Commands

config watchlist add

To add a watchlist entry for a wireless LAN, use the config watchlist add command.
config watchlist add {mac MAC | username username}

Syntax Description

Command Default

Command History

Examples

mac MAC

Specifies the MAC address of the wireless LAN.

username username

Specifies the name of the user to watch.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add a watchlist entry for the MAC address a5:6b:ac:10:01:6b:
(Cisco Controller) >config watchlist add mac a5:6b:ac:10:01:6b

Cisco Wireless LAN Controller Command Reference, Release 8.0

1164

OL-31334-01

config Commands

config watchlist delete

To delete a watchlist entry for a wireless LAN, use the config watchlist delete command.
config watchlist delete {mac MAC | username username}

Syntax Description

Command Default

Command History

Examples

mac MAC

Specifies the MAC address of the wireless LAN to delete from the list.

username username

Specifies the name of the user to delete from the list.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to delete a watchlist entry for the MAC address a5:6b:ac:10:01:6b:
(Cisco Controller) >config watchlist delete mac a5:6b:ac:10:01:6b

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1165

config Commands

config watchlist disable

To disable the client watchlist, use the config watchlist disable command.
config watchlist disable

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable the client watchlist:

(Cisco Controller) >config watchlist disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1166

OL-31334-01

config Commands

config watchlist enable

To enable a watchlist entry for a wireless LAN, use the config watchlist enable command.
config watchlist enable

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable a watchlist entry:

(Cisco Controller) >config watchlist enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1167

config Commands

config wlan
To create, delete, enable, or disable a wireless LAN, use the config wlan command.
config wlan {enable | disable | create | delete} wlan_id [name | foreignAp name ssid | all]

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables a wireless LAN.

disable

Disables a wireless LAN.

create

Creates a wireless LAN.

delete

Deletes a wireless LAN.

wlan_id

Wireless LAN identifier between 1 and 512.

name

(Optional) WLAN profile name up to 32 alphanumeric

characters.

foreignAp

(Optional) Specifies the third-party access point

settings.

ssid

SSID (network name) up to 32 alphanumeric

characters.

all

(Optional) Specifies all wireless LANs.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

When you create a new WLAN using the config wlan create command, it is created in disabled mode. Leave
it disabled until you have finished configuring it.
If you do not specify an SSID, the profile name parameter is used for both the profile name and the SSID.
If the management and AP-manager interfaces are mapped to the same port and are members of the same
VLAN, you must disable the WLAN before making a port-mapping change to either interface. If the
management and AP-manager interfaces are assigned to different VLANs, you do not need to disable the
WLAN.
An error message appears if you try to delete a WLAN that is assigned to an access point group. If you proceed,
the WLAN is removed from the access point group and from the access points radio.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1168

OL-31334-01

config Commands

Examples

The following example shows how to enable wireless LAN identifier 16:
(Cisco Controller) >config wlan enable 16

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1169

config Commands

config wlan 7920-support

To configure support for phones, use the config wlan 7920-support command.
config wlan 7920-support {client-cac-limit | ap-cac-limit} {enable | disable} wlan_id

Syntax Description

Command Default

Command History

ap-cac-limit

Supports phones that require client-controlled Call Admission Control (CAC)

that expect the Cisco vendor-specific information element (IE).

client-cac-limit

Supports phones that require access point-controlled CAC that expect the IEEE
802.11e Draft 6 QBSS-load.

enable

Enables phone support.

disable

Disables phone support.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You cannot enable both WMM mode and client-controlled CAC mode on the same WLAN.

Examples

The following example shows how to enable the phone support that requires client-controlled CAC with
wireless LAN ID 8:
(Cisco Controller) >config wlan 7920-support ap-cac-limit enable 8

Cisco Wireless LAN Controller Command Reference, Release 8.0

1170

OL-31334-01

config Commands

config wlan 802.11e

To configure 802.11e support on a wireless LAN, use the config wlan 802.11e command.
config wlan 802.11e {allow | disable | require} wlan_id

Syntax Description

Command Default

Command History

Usage Guidelines

allow

Allows 802.11e-enabled clients on the wireless LAN.

disable

Disables 802.11e on the wireless LAN.

require

Requires 802.11e-enabled clients on the wireless LAN.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

802.11e provides quality of service (QoS) support for LAN applications, which are critical for delay sensitive
applications such as Voice over Wireless IP (VoWIP).
802.11e enhances the 802.11 Media Access Control layer (MAC layer) with a coordinated time division
multiple access (TDMA) construct, and adds error-correcting mechanisms for delay sensitive applications
such as voice and video. The 802.11e specification provides seamless interoperability and is especially well
suited for use in networks that include a multimedia capability.

Examples

The following example shows how to allow 802.11e on the wireless LAN with LAN ID 1:
(Cisco Controller) >config wlan 802.11e allow 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1171

config Commands

config wlan aaa-override

To configure a user policy override via AAA on a wireless LAN, use the config wlan aaa-override command.
config wlan aaa-override {enable | disable} {wlan_id | foreignAp}

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables a policy override.

disable

Disables a policy override.

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

AAA is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

When AAA override is enabled and a client has conflicting AAA and Cisco wireless LAN controller wireless
LAN authentication parameters, client authentication is performed by the AAA server. As part of this
authentication, the operating system will move clients from the default Cisco wireless LAN VLAN to a VLAN
returned by the AAA server and predefined in the controller interface configuration (only when configured
for MAC filtering, 802.1X, and/or WPA operation). In all cases, the operating system will also use QoS,
DSCP, 802.1p priority tag values, and ACLs provided by the AAA server, as long as they are predefined in
the controller interface configuration. (This VLAN switching by AAA override is also referred to as Identity
Networking.)
If the corporate wireless LAN uses a management interface assigned to VLAN 2, and if AAA override returns
a redirect to VLAN 100, the operating system redirects all client transmissions to VLAN 100, regardless of
the physical port to which VLAN 100 is assigned.
When AAA override is disabled, all client authentication defaults to the controller authentication parameter
settings, and authentication is performed by the AAA server if the controller wireless LAN does not contain
any client-specific authentication parameters.
The AAA override values might come from a RADIUS server.

Examples

The following example shows how to configure user policy override via AAA on WLAN ID 1:
(Cisco Controller) >config wlan aaa-override enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1172

OL-31334-01

config Commands

config wlan acl

To configure a wireless LAN access control list (ACL), use the config wlan acl command.
config wlan acl [acl_name | none]

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier (1 to 512).

acl_name

(Optional) ACL name.

none

(Optional) Clears the ACL settings for the specified wireless LAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure a WLAN access control list with WLAN ID 1 and ACL
named office_1:
(Cisco Controller) >config wlan acl 1 office_1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1173

config Commands

config wlan assisted-roaming

To configure assisted roaming on a WLAN, use the config wlan assisted-roaming command.
config wlan assisted-roaming {neighbor-list | dual-list | prediction} {enable | disable} wlan_id

Syntax Description

Command Default

neighbor-list

Configures an 802.11k neighbor list for a WLAN.

dual-list

Configures a dual band 802.11k neighbor list for a WLAN. The default is
the band that the client is currently associated with.

prediction

Configures an assisted roaming optimization prediction for a WLAN.

enable

Enables the configuration on the WLAN.

disable

Disables the configuration on the WLAN.

wlan_id

Wireless LAN identifier between 1 and 512 (inclusive).

The 802.11k neighbor list is enabled for all WLANs.

By default, dual band list is enabled if the neighbor list feature is enabled for the WLAN.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When you enable the assisted roaming prediction list, a warning appears and load balancing is disabled for
the WLAN, if load balancing is already enabled on the WLAN.

Examples

The following example shows how to enable an 802.11k neighbor list for a WLAN:
(Cisco Controller) >config wlan assisted-roaming neighbor-list enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1174

OL-31334-01

config Commands

config wlan avc

To configure Application Visibility and Control (AVC) on a WLAN, use the config wlan avc command.
config wlan avc wlan_id {profile profile_name | visibility} {enable | disable}

Syntax Description

wlan_id

Wireless LAN identifier from 1 to 512.

profile

Associates or removes an AVC profile from a WLAN.

profile_name

Name of the AVC profile. The profile name can be up to 32

case-sensitive, alphanumeric characters.

visibility

Configures application visibility on a WLAN.

enable

Enables application visibility on a WLAN. You can view

the classification of applications based on the Network Based
Application Recognition (NBAR) deep packet inspection
technology.
Use the show avc statistics client command to view the
client AVC statistics.
Disables application visibility on a WLAN.

disable

Command Default

Command History

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You can configure only one AVC profile per WLAN and each AVC profile can have up to 32 rules. Each
rule states a Mark or Drop action for an application, which allows you to configure up to 32 application actions
per WLAN. You can configure up to 16 AVC profiles on a controller and associate an AVC profile with
multiple WLANs.

Examples

The following example shows how to associate an AVC profile with a WLAN:
(Cisco Controller) >config wlan avc 5 profile profile1 enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1175

config Commands

config wlan apgroup

To manage access point group VLAN features, use the config wlan apgroup command.
config wlan apgroup {add apgroup_name [description] | delete apgroup_name | description apgroup_name
description | interface-mapping {add | delete} apgroup_name wlan_id interface_name | nac-snmp {enable
| disable} apgroup_name wlan_id | nasid NAS-ID apgroup_name | profile-mapping {add | delete}
apgroup_name profile_name | wlan-radio-policy apgroup_name wlan-id {802.11a-only | 802.11bg |
802.11g-only | all} | hotspot {venue {type apgroup_name group_codetype_code| name apgroup_name
language_codevenue_name } | operating-class {add | delete} apgroup_name operating_class_value}}

Syntax Description

add

Creates a new access point group (AP group).

apgroup_name

Access point group name.

wlan_id

Wireless LAN identifier from 1 to 512.

delete

Removes a wireless LAN from an AP group.

description

Describes an AP group.

description

Description of the AP group.

interface-mapping

(Optional) Assigns or removes a Wireless LAN from

an AP group.

interface_name

(Optional) Interface to which you want to map an AP

group.

nac-snmp

Configures NAC SNMP functionality on given AP

group. Enables or disables Network Admission Control
(NAC) out-of-band support on an access point group.

enable

Enables NAC out-of-band support on an AP group.

disable

Disables NAC out-of-band support on an AP group.

NAS-ID

Network Access Server identifier (NAS-ID) for the AP

group. The NAS-ID is sent to the RADIUS server by
the controller (as a RADIUS client) using the
authentication request, which is used to classify users
to different groups. You can enter up to 32 alphanumeric
characters. Beginning in Release 7.4 and later releases,
you can configure the NAS-ID on the interface, WLAN,
or an access point group. The order of priority is AP
group NAS-ID > WLAN NAS-ID > Interface NAS-ID.

none

Configures the controller system name as the NAS-ID.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1176

OL-31334-01

config Commands

profile-mapping

Configures RF profile mapping on an AP group.

profile_name

RF profile name for a specified AP group.

wlan-radio-policy

Configures WLAN radio policy on an AP group.

802.11a-only

Configures WLAN radio policy on an AP group.

802.11bg

Configures WLAN radio policy on an AP group.

802.11g-only

Configures WLAN radio policy on an AP group.

all

Configures WLAN radio policy on an AP group.

hotspot

Configures a HotSpot on an AP group.

venue

Configures venue information for an AP group.

type

Configures the type of venue for an AP group.

group_code

Venue group information for an AP group.

The following options are available:
0 : UNSPECIFIED
1 : ASSEMBLY
2 : BUSINESS
3 : EDUCATIONAL
4 : FACTORY-INDUSTRIAL
5 : INSTITUTIONAL
6 : MERCANTILE
7 : RESIDENTIAL
8 : STORAGE
9 : UTILITY-MISC
10 : VEHICULAR
11 : OUTDOOR

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1177

config Commands

type_code

Cisco Wireless LAN Controller Command Reference, Release 8.0

1178

OL-31334-01

config Commands

Venue type information for an AP group.

For venue group 1 (ASSEMBLY), the following options
are available:
0 : UNSPECIFIED ASSEMBLY
1 : ARENA
2 : STADIUM
3 : PASSENGER TERMINAL
4 : AMPHITHEATER
5 : AMUSEMENT PARK
6 : PLACE OF WORSHIP
7 : CONVENTION CENTER
8 : LIBRARY
9 : MUSEUM
10 : RESTAURANT
11 : THEATER
12 : BAR
13 : COFFEE SHOP
14 : ZOO OR AQUARIUM
15 : EMERGENCY COORDINATION CENTER
For venue group 2 (BUSINESS), the following options
are available:
0 : UNSPECIFIED BUSINESS
1 : DOCTOR OR DENTIST OFFICE
2 : BANK
3 : FIRE STATION
4 : POLICE STATION
6 : POST OFFICE
7 : PROFESSIONAL OFFICE
8 : RESEARCH AND DEVELOPMENT
FACILITY
9 : ATTORNEY OFFICE
For venue group 3 (EDUCATIONAL), the following
options are available:
0 : UNSPECIFIED EDUCATIONAL

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1179

config Commands

1 : PRIMARY SCHOOL
2 : SECONDARY SCHOOL
3 : UNIVERSITY OR COLLEGE
For venue group 4 (FACTORY-INDUSTRIAL), the
following options are available:
0 : UNSPECIFIED FACTORY AND
INDUSTRIAL
1 : FACTORY
For venue group 5 (INSTITUTIONAL), the following
options are available:
0 : UNSPECIFIED INSTITUTIONAL
1 : HOSPITAL
2 : LONG-TERM CARE FACILITY
3 : ALCOHOL AND DRUG RE-HABILITATION
CENTER
4 :GROUP HOME
5 :PRISON OR JAIL
For venue group 6 (MERCANTILE), the following
options are available:
0 : UNSPECIFIED MERCANTILE
1 : RETAIL STORE
2 : GROCERY MARKET
3 : AUTOMOTIVE SERVICE STATION
4 : SHOPPING MALL
5 : GAS STATION
For venue group 7 (RESIDENTIAL), the following
options are available:
0 : UNSPECIFIED RESIDENTIAL
1 : PRIVATE RESIDENCE
2 : HOTEL OR MOTEL
3 : DORMITORY
4 : BOARDING HOUSE

Cisco Wireless LAN Controller Command Reference, Release 8.0

1180

OL-31334-01

config Commands

For venue group 8 (STORAGE), the following options

are available:
0 : UNSPECIFIED STORAGE
For venue group 9 (UTILITY-MISC), the following
options are available:
0 : UNSPECIFIED UTILITY AND
MISCELLANEOUS
For venue group 10 (VEHICULAR), the following
options are available:
0 : UNSPECIFIED VEHICULAR
1 : AUTOMOBILE OR TRUCK
2 : AIRPLANE
3 : BUS
4 : FERRY
5 : SHIP OR BOAT
6 : TRAIN
7 : MOTOR BIKE
For venue group 11 (OUTDOOR), the following options
are available:
0 : UNSPECIFIED OUTDOOR
1 : MINI-MESH NETWORK
2 : CITY PARK
3 : REST AREA
4 : TRAFFIC CONTROL
5 : BUS STOP
6 : KIOSK
name

Configures the name of venue for an AP group.

language_code

An ISO-639 encoded string defining the language used

at the venue. This string is a three character language
code. For example, you can enter ENG for English.

venue_name

Venue name for this AP group. This name is associated

with the basic service set (BSS) and is used in cases
where the SSID does not provide enough information
about the venue. The venue name is case-sensitive and
can be up to 252 alphanumeric characters.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1181

config Commands

Command Default

Command History

Usage Guidelines

add

Adds an operating class for an AP group.

delete

Deletes an operating class for an AP group.

operating_class_value

Operating class for an AP group. The available operating

classes are 81, 83, 84, 112, 113, 115, 116, 117, 118, 119,
120, 121, 122, 123, 124, 125, 126, 127.

AP Group VLAN is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

An error message appears if you try to delete an access point group that is used by at least one access point.
Before you can delete an AP group in controller software release 6.0, move all APs in this group to another
group. The access points are not moved to the default-group access point group as in previous releases. To
see the APs, enter the show wlan apgroups command. To move APs, enter the config ap group-name
groupname cisco_ap command.
The NAS-ID configured on the controller for AP group or WLAN or interface is used for authentication. The
NAS-ID is not propagated across controllers.

Examples

The following example shows how to enable the NAC out-of band support on access point group 4:
(Cisco Controller) >config wlan apgroup nac enable apgroup 4

Cisco Wireless LAN Controller Command Reference, Release 8.0

1182

OL-31334-01

config Commands

config wlan apgroup qinq

To configure 802.1Q-in-Q VLAN tagging of traffic for an AP group, use the config wlan apgroup qinq
command.
config wlan apgroup qinq {tagging {client-traffic | dhcp-v4 | eap-sim-aka} apgroup_name {enable |
disable}| service-vlan apgroup_name vlan_id}

Syntax Description

Command Default

Command History

tagging

Configures 802.1Q-in-Q VLAN tagging of traffic.

client-traffic

Configures 802.1Q-in-Q tagging of client traffic for an AP group.

dhcp-v4

Configures 802.1Q-in-Q tagging of DHCPv4 traffic for an AP group.

eap-sim-aka

Configures 802.1Q-in-Q tagging of Extensible Authentication Protocol for

Authentication and Key Agreement (EAP-AKA) and EAP for Global System
for Mobile Communications Subscriber Identity Module (EAP-SIM) traffic
for an AP group.

enable

Enables 802.1Q-in-Q tagging of traffic.

disable

Disables 802.1Q-in-Q tagging of traffic.

service-vlan

Configures service VLAN for an AP group.

apgroup_name

Name of the access point group.

vlan_id

VLAN identifier.

By default, 802.1Q-in-Q tagging of client and DHCPv4 traffic for an AP group is disabled.

Release

Modification

8.0

This command was introduced.

Usage Guidelines
Note

You must enable 802.1Q-in-Q tagging of client traffic before you enable 802.1Q-in-Q tagging of DHCPv4
traffic.
When you enable 802.1Q-in-Q tagging of client traffic, the 802.1Q-in-Q tagging of EAP-AKA and EAP-SIM
traffic is also enabled.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1183

config Commands

Examples

The following example shows how to enable 802.1Q-in-Q tagging of client traffic for an AP group:
(Cisco Controller) >config wlan apgroup qinq tagging client-traffic APg1 enable

The following example shows how to configure the service VLAN for an AP group:
(Cisco Controller) >config wlan apgroup qinq service-vlan APg1 10

Cisco Wireless LAN Controller Command Reference, Release 8.0

1184

OL-31334-01

config Commands

config wlan band-select allow

To configure band selection on a WLAN, use the config wlan band-select allow command.
config wlan band-select allow {enable | disable} wlan_id

Syntax Description

Command Default

Command History

enable

Enables band selection on a WLAN.

disable

Disables band selection on a WLAN.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Examples

The following example shows how to enable band selection on a WLAN:

(Cisco Controller) >config wlan band-select allow enable 6

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1185

config Commands

config wlan broadcast-ssid

To configure an Service Set Identifier (SSID) broadcast on a wireless LAN, use the config wlan broadcast-ssid
command.
config wlan broadcast-ssid {enable | disable} wlan_id

Syntax Description

Command Default

Command History

Examples

enable

Enables SSID broadcasts on a wireless LAN.

disable

Disables SSID broadcasts on a wireless LAN.

wlan_id

Wireless LAN identifier between 1 and 512.

Broadcasting of SSID is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure an SSID broadcast on wireless LAN ID 1:
(Cisco Controller) >config wlan broadcast-ssid enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1186

OL-31334-01

config Commands

config wlan call-snoop

To enable or disable Voice-over-IP (VoIP) snooping for a particular WLAN, use the config wlan call-snoop
command.
config wlan call-snoop {enable | disable} wlan_id

Syntax Description

Command Default

Command History

enable

Enables VoIP snooping on a wireless LAN.

disable

Disables VoIP snooping on a wireless LAN.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

WLAN should be with Platinum QoS and it needs to be disabled while invoking this CLI

Examples

The following example shows how to enable VoIP snooping for WLAN 3:
(Cisco Controller) >config wlan call-snoop 3 enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1187

config Commands

config wlan chd

To enable or disable Coverage Hole Detection (CHD) for a wireless LAN, use the config wlan chd command.
config wlan chd wlan_id {enable | disable}

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

enable

Enables SSID broadcasts on a wireless LAN.

disable

Disables SSID broadcasts on a wireless LAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable CHD for WLAN 3:

(Cisco Controller) >config wlan chd 3 enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1188

OL-31334-01

config Commands

config wlan ccx aironet-ie

To enable or disable Aironet information elements (IEs) for a WLAN, use the config wlan ccx aironet-ie
command.
config wlan ccx aironet-ie {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the Aironet information elements.

disable

Disables the Aironet information elements.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable Aironet information elements for a WLAN:
(Cisco Controller) >config wlan ccx aironet-ie enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1189

config Commands

config wlan channel-scan defer-priority

To configure the controller to defer priority markings for packets that can defer off channel scanning, use the
config wlan channel-scan defer-priority command.
config wlan channel-scan defer-priority priority [enable | disable] wlan_id

Syntax Description

Command Default

Command History

priority

User priority value (0 to 7).

enable

(Optional) Enables packet at given priority to defer off channel scanning.

disable

(Optional) Disables packet at gven priority to defer off channel scanning.

wlan_id

Wireless LAN identifier (1 to 512).

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The priority value should be set to 6 on the client and on the WLAN.

Examples

The following example shows how to enable the controller to defer priority markings that can defer off channel
scanning with user priority value 6 and WLAN id 30:
(Cisco Controller) >config wlan channel-scan defer-priority 6 enable 30

Cisco Wireless LAN Controller Command Reference, Release 8.0

1190

OL-31334-01

config Commands

config wlan channel-scan defer-time

To assign the channel scan defer time in milliseconds, use the config wlan channel-scan defer-time command.
config wlan channel-scan defer-time msecs wlan_id

Syntax Description

Command Default

Command History

msecs

Deferral time in milliseconds (0 to 60000 milliseconds).

wlan_id

Wireless LAN identifier from 1 to 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The time value in milliseconds should match the requirements of the equipment on your WLAN.

Examples

The following example shows how to assign the scan defer time to 40 milliseconds for WLAN with ID 50:
(Cisco Controller) >config wlan channel-scan defer-time 40 50

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1191

config Commands

config wlan custom-web

To configure the web authentication page for a WLAN, use the config wlan custom-web command.
config wlan custom-web {ext-webauth-url ext-webauth-url wlan_id | global {enable | disable} login-page
page-name | loginfailure-page {page-name | none} | logout-page {page-name | none} | sleep-client {enable
wlan_id | disable wlan_id | timeout duration } | webauth-type {internal | customized | external} wlan_id}

Syntax Description

ext-webauth-url

Configures an external web authentication URL.

ext-webauth-url

External web authentication URL.

wlan_id

WLAN identifier from 1 to 512.

global

Configures the global status for a WLAN.

enable

Enables the global status for a WLAN.

disable

Disables the global status for a WLAN.

Configures the name of the login page for an external web authentication
URL.

page-name

Login page name for an external web authentication URL.

loginfailure-page

Configures the name of the login failure page for an external web
authentication URL.

none

Does not configure a login failure page for an external web authentication
URL.

logout-page

Configures the name of the logout page for an external web authentication
URL.

sleep-client

Configures the sleep client feature on the WLAN.

timeout

Configures the sleep client timeout on the WLAN.

duration

Maximum amount of time after the idle timeout, in hours, before a sleeping
client is forced to reauthenticate. The range is from 1 to 720. The default
value is 12. When the sleep client feature is enabled, the clients need not
provide the login credentials when they move from one Cisco WLC to
another (if Cisco WLCs are in the same mobility group) between the sleep
and wake up times.

webauth-type

Configures the type of web authentication for the WLAN.

internal

Displays the default login page.

customized

Displays a customized login page.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1192

OL-31334-01

config Commands

external

Command Default

Command History

Examples

Displays a login page on an external web server.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the web authentication type as an external.
(Cisco Controller) >config wlan custom-web webauth-type external

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1193

config Commands

config wlan dhcp_server

To configure the internal DHCP server for a wireless LAN, use the config wlan dhcp_server command.
config wlan dhcp_server {wlan_id | foreignAp} ip_address [required]

Syntax Description

Command Default

Command History

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

ip_address

IP address of the internal DHCP server (this parameter is required).

required

(Optional) Specifies whether DHCP address assignment is required.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The preferred method for configuring DHCP is to use the primary DHCP address assigned to a particular
interface instead of the DHCP server override. If you enable the override, you can use the show wlan command
to verify that the DHCP server has been assigned to the WLAN.

Examples

The following example shows how to configure an IP address 10.10.2.1 of the internal DHCP server for
wireless LAN ID 16:
(Cisco Controller) >config wlan dhcp_server 16 10.10.2.1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1194

OL-31334-01

config Commands

config wlan diag-channel

To enable the diagnostic channel troubleshooting on a particular WLAN, use the config wlan diag-channel
command.
config wlan diag-channel [enable | disable] wlan_id

Syntax Description

Command Default

Command History

Examples

enable

(Optional) Enables the wireless LAN diagnostic channel.

disable

(Optional) Disables the wireless LAN diagnostic channel.

wlan_id

Wireless LAN identifier (1 to 512).

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the wireless LAN diagnostic channel for WLAN ID 1:
(Cisco Controller) >config wlan diag-channel enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1195

config Commands

config wlan dtim

To configure a Delivery Traffic Indicator Message (DTIM) for 802.11 radio network config wlan dtim
command.
config wlan dtim {802.11a | 802.11b} dtim wlan_id

Syntax Description

Command Default

Command History

Examples

802.11a

Configures DTIM for the 802.11a radio network.

802.11b

Configures DTIM for the 802.11b radio network.

dtim

Value for DTIM (between 1 to 255 inclusive).

wlan_id

Number of the WLAN to be configured.

The default is DTIM 1.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure DTIM for 802.11a radio network with DTIM value 128 and
WLAN ID 1:
(Cisco Controller) >config wlan dtim 802.11a 128 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1196

OL-31334-01

config Commands

config wlan exclusionlist

To configure the wireless LAN exclusion list, use the config wlan exclusionlist command.
config wlan exclusionlist {wlan_id [enabled | disabled | time] | foreignAp [enabled | disabled | time]}

Syntax Description

Command Default

Command History

wlan_id

Wireless LAN identifier (1 to 512).

enabled

(Optional) Enables the exclusion list for the specified wireless LAN or foreign
access point.

disabled

(Optional) Disables the exclusion list for the specified wireless LAN or a foreign
access point.

time

(Optional) Exclusion list timeout in seconds. A value of zero (0) specifies infinite
time.

foreignAp

Specifies a third-party access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This command replaces the config wlan blacklist command.

Examples

The following example shows how to enable the exclusion list for WLAN ID 1:
(Cisco Controller) >config wlan exclusionlist 1 enabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1197

config Commands

config wlan flow

To associate a NetFlow monitor with a WLAN, use the config wlan flow command.
config wlan flow wlan_id monitor monitor_name {enable | disable}

Syntax Description

Command Default

Command History

wlan_id

Wireless LAN identifier from 1 to 512 (inclusive).

monitor

Configures a NetFlow monitor.

monitor_name

Name of the NetFlow monitor. The monitor name can be up to 32

case-sensitive, alphanumeric characters. You cannot include spaces for a
monitor name.

enable

Associates a NetFlow monitor with a WLAN.

disable

Dissociates a NetFlow monitor from a WLAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You can use the config flow command to create a new NetFlow monitor.

Examples

The following example shows how to associate a NetFlow monitor with a WLAN:
(Cisco Controller) >config wlan flow 5 monitor monitor1 enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1198

OL-31334-01

config Commands

config wlan flexconnect ap-auth

To configure local authentication of clients associated with FlexConnect on a locally switched WLAN, use
the config wlan flexconnect ap-auth command.
config wlan flexconnect ap-auth wlan_id {enable | disable}

Syntax Description

Command Default

Command History

ap-auth

Configures local authentication of clients associated with an FlexConnect on a

locally switched WLAN.

wlan_id

Wireless LAN identifier between 1 and 512.

enable

Enables AP authentication on a WLAN.

disable

Disables AP authentication on a WLAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Local switching must be enabled on the WLAN where you want to configure local authentication of clients
associated with FlexConnect.

Examples

The following example shows how to enable authentication of clients associated with FlexConnect on a
specified WLAN:
(Cisco Controller) >config wlan flexconnect ap-auth 6 enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1199

config Commands

config wlan flexconnect central-assoc

To configure client reassociation and security key caching on the Cisco WLC, use the config wlan flexconnect
central-assoc command.
config wlan flexconnect central-assoc wlan-id {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

wlan-id

ID of the WLAN

enable

Enables client reassociation and

security key caching on the Cisco
WLC

disable

Disables client reassociation and

security key caching on the Cisco
WLC

Client reassociation and security key caching on the Cisco WLC is in disabled state.

Release

Modification

8.0

This command was introduced.

A use case for this configuration is a large-scale deployment with fast roaming.
Configuration of central association with local authentication is not supported for the WLAN. After the
PMIPv6 tunnel is set up, all data traffic from the PMIPv6 clients are forwarded from the Cisco AP to the local
mobility anchor (LMA) in the Generic Routing Encapsulation (GRE) tunnel. If the connectivity between the
Cisco AP and the Cisco WLC is lost, the data traffic for the existing PMIPv6 clients continue to flow until
the connectivity between the Cisco AP and the client is lost. When the AP is in stand-alone mode, no new
client associations are accepted on the PMIPv6 enabled WLAN.

Examples

The following example shows how to enable client reassociation and security key caching on the Cisco WLC
for a WLAN whose ID is 2:
(Cisco Controller) >config wlan flexconnect central-assoc 2 enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1200

OL-31334-01

config Commands

config wlan flexconnect learn-ipaddr

To enable or disable client IP address learning for the Cisco WLAN controller, use the config wlan flexconnect
learn-ipaddr command.
config wlan flexconnect learn-ipaddr wlan_id {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

wlan_id

Wireless LAN identifier between 1 and 512.

enable

Enables client IPv4 address learning on a wireless LAN.

disable

Disables client IPv4 address learning on a wireless LAN.

Disabled when the config wlan flexconnect local-switching command is disabled. Enabled when the config
wlan flexconnect local-switching command is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports only IPv4 address format.

If the client is configured with Layer 2 encryption, the controller cannot learn the client IP address, and the
controller will periodically drop the client. Disable this option to keep the client connection without waiting
to learn the client IP address.

Note

This command is valid only for IPv4.

Note

The ability to disable IP address learning is not supported with FlexConnect central switching.

Examples

The following example shows how to disable client IP address learning for WLAN 6:
(Cisco Controller) >config wlan flexconnect learn-ipaddr disable 6

Related Commands

show wlan

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1201

config Commands

config wlan flexconnect local-switching

To configure local switching, central DHCP, NAT-PAT, or the override DNS option on a FlexConnect WLAN,
use the config wlan flexconnect local switching command.
config wlan flexconnect local-switching wlan_id {enable | disable} { {central-dhcp {enable | disable}
nat-pat {enable | disable} } | {override option dns { enable | disable} } }

Syntax Description

Command Default

Command History

wlan_id

option dns

Specifies the override DNS option on the FlexConnect WLAN.

When you override this option, the clients get their DNS server IP
address from the AP, not from the controller.

enable

Enables the override DNS option on the FlexConnect WLAN.

disable

Disables the override DNS option on the FlexConnect WLAN.

This feature is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1202

OL-31334-01

config Commands

Usage Guidelines

Examples

Release

Modification

8.0

This command supports only IPv4 address format.

When you enable the config wlan flexconnect local-switching command, the config wlan flexconnect
learn-ipaddr command is enabled by default.

Note

This command is valid only for IPv4.

Note

The ability to disable IP address learning is not supported with FlexConnect central switching.

The following example shows how to enable WLAN 6 for local switching and enable central DHCP and
NAT-PAT:
(Cisco Controller) >config wlan flexconnect local-switching 6 enable central-dhcp enable
nat-pat enable

The following example shows how to enable the override DNS option on WLAN 6:
(Cisco Controller) >config wlan flexconnect local-switching 6 override option dns enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1203

config Commands

config wlan flexconnect vlan-central-switching

To configure central switching on a locally switched WLAN, use the config wlan flexconnect
vlan-central-switching command.
config wlan flexconnect vlan-central-switching wlan_id { enable | disable }

Syntax Description

Command Default

Command History

Usage Guidelines

wlan_id

Wireless LAN identifier between 1 and 512.

enable

Enables central switching on a locally switched wireless LAN.

disable

Disables central switching on a locally switched wireless LAN.

Central switching is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

You must enable Flexconnect local switching to enable VLAN central switching. When you enable WLAN
central switching, the access point bridges the traffic locally if the WLAN is configured on the local IEEE
802.1Q link. If the VLAN is not configured on the access point, the AP tunnels the traffic back to the controller
and the controller bridges the traffic to the corresponding VLAN.
WLAN central switching does not support:
FlexConnect local authentication.
Layer 3 roaming of local switching client.

Examples

The following example shows how to enable WLAN 6 for central switching:
(Cisco Controller) >config wlan flexconnect vlan-central-switching 6 enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1204

OL-31334-01

config Commands

config wlan hotspot

To configure a HotSpot on a WLAN, use the config wlan hotspot command.
config wlan hotspot {clear-all wlan_id | dot11u | hs2 | msap}

Syntax Description

Command Default

Command History

clear-all

Clears the HotSpot configurations on a WLAN.

wlan_id

Wireless LAN identifier from 1 to 512.

dot11u

Configures an 802.11u HotSpot on a WLAN.

hs2

Configures HotSpot2 on a WLAN.

msap

Configures the Mobility Services Advertisement Protocol (MSAP) on a

WLAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You can configure up to 32 HotSpot WLANs.

Examples

The following example shows how to configure HotSpot2 for a WLAN:

(Cisco Controller) >config wlan hotspot hs2 enable 2

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1205

config Commands

config wlan hotspot dot11u

To configure an 802.11u HotSpot on a WLAN, use the config wlan hotspot dot11u command.
config wlan hotspot dot11u {3gpp-info | auth-type | enable | disable | domain | hessid | ipaddr-type |
nai-realm | network-type | roam-oi}

Syntax Description

Command Default

Command History

Examples

3gpp-info

Configures 3GPP cellular network information.

auth-type

Configures the network authentication type.

disable

Disables 802.11u on the HotSpot profile.

domain

Configures a domain.

enable

Enables 802.11u on the HotSpot profile. IEEE 802.11u enables automatic

WLAN offload for 802.1X devices at the HotSpot of mobile or roaming
partners.

hessid

Configures the Homogenous Extended Service Set Identifier (HESSID). The

HESSID is a 6-octet MAC address that uniquely identifies the network.

ipaddr-type

Configures the IPv4 address availability type.

nai-realm

Configures a realm for 802.11u enabled WLANs.

network-type

Configures the 802.11u network type and Internet access.

roam-oi

Configures the roaming consortium Organizational Identifier (OI) list.

None.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports only IPv4 address format.

The following example shows how to enable 802.11u on a HotSpot profile:

(Cisco Controller) >config wlan hotspot dot11u enable 6

Cisco Wireless LAN Controller Command Reference, Release 8.0

1206

OL-31334-01

config Commands

config wlan hotspot dot11u 3gpp-info

To configure 3GPP cellular network information on an 802.11u HotSpot WLAN, use the config wlan hotspot
dot11u 3gpp-info command.
config wlan hotspot dot11u 3gpp-info {add | delete} index country_code network_code wlan_id

Syntax Description

Command Default

Command History

add

Adds mobile cellular network information.

delete

Deletes mobile cellular network information.

index

Cellular index. The range is from 1 to 32.

country_code

Mobile Country Code (MCC) in Binary Coded Decimal (BCD) format. The
country code can be up to 3 characters. For example, the MCC for USA is 310.

network_code

Mobile Network Code (MNC) in BCD format. An MNC is used in combination

with a Mobile Country Code (MCC) to uniquely identify a mobile phone operator
or carrier. The network code can be up to 3 characters. For example, the MNC
for T- Mobile is 026.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Number of mobile network codes supported is 32 per WLAN.

Examples

The following example shows how to configure 3GPP cellular network information on a WLAN:
(Cisco Controller) >config wlan hotspot dot11u 3gpp-info add

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1207

config Commands

config wlan hotspot dot11u auth-type

To configure the network authentication type on an 802.11u HotSpot WLAN, use the config wlan hotspot
dot11u auth-type command.
config wlan hotspot dot11u auth-type network-auth wlan_id

Syntax Description

network-auth

Network authentication that you would like to configure on the WLAN. The
available values are as follows:
0Acceptance of terms and conditions
1On-line enrollment
2HTTP/HTTPS redirection
3DNS Redirection
4Not Applicable

wlan_id

Command Default

Command History

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The DNS redirection option is not supported in Release 7.3.

Examples

The following example shows how to configure HTTP/HTTPS redirection as the network authentication type
on an 802.11u HotSpot WLAN:
(Cisco Controller) >config wlan hotspot dot11u auth-type 2 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1208

OL-31334-01

config Commands

config wlan hotspot dot11u disable

To disable an 802.11u HotSpot on a WLAN, use the config wlan hotspot dot11u disable command.
config wlan hotspot dot11u disable wlan_id

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable an 802.11u HotSpot on a WLAN:

(Cisco Controller) >config wlan hotspot dot11u disable 6

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1209

config Commands

config wlan hotspot dot11u domain

To configure a domain operating in the 802.11 access network, use the config wlan hotspot dot11u domain
command.
config wlan hotspot dot11u domain {add wlan_id domain-index domain_name | delete wlan_id domain-index
| modify wlan_id domain-index domain_name}

Syntax Description

Command Default

Command History

Examples

add

Adds a domain.

wlan_id

Wireless LAN identifier between 1 and 512.

domain-index

Domain index in the range 1 to 32.

domain_name

Domain name. The domain name is case sensitive and can be up to

255 alphanumeric characters.

delete

Deletes a domain.

modify

Modifies a domain.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add a domain in the 802.11 access network:
(Cisco Controller) >config wlan hotspot dot11u domain add 6 30 domain1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1210

OL-31334-01

config Commands

config wlan hotspot dot11u enable

To enable an 802.11u HotSpot on a WLAN, use the config wlan hotspot dot11u enable command.
config wlan hotspot dot11u enable wlan_id

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable an 802.11u HotSpot on a WLAN:

(Cisco Controller) >config wlan hotspot dot11u enable 6

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1211

config Commands

config wlan hotspot dot11u hessid

To configure a Homogenous Extended Service Set Identifier (HESSID) on an 802.11u HotSpot WLAN, use
the config wlan hotspot dot11u hessid command.
config wlan hotspot dot11u hessid hessid wlan_id

Syntax Description

Command Default

Command History

Examples

hessid

MAC address that can be configured as an HESSID. The HESSID is a 6-octet MAC
address that uniquely identifies the network. For example, Basic Service Set
Identification (BSSID) of the WLAN can be used as the HESSID.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure an HESSID on an 802.11u HotSpot WLAN:
(Cisco Controller) >config wlan hotspot dot11u hessid 00:21:1b:ea:36:60 6

Cisco Wireless LAN Controller Command Reference, Release 8.0

1212

OL-31334-01

config Commands

config wlan hotspot dot11u ipaddr-type

To configure the type of IP address available on an 802.11u HotSpot WLAN, use the config wlan hotspot
dot11u ipaddr-type command.
config wlan hotspot dot11u ipaddr-type IPv4Type {0 - 7} IPv6Type {0 - 2}wlan_id

Syntax Description

IPv4Type

IPv4 type address. Enter one of the following values:

0IPv4 address not available.
1Public IPv4 address available.
2Port restricted IPv4 address available.
3Single NAT enabled private IPv4 address available.
4Double NAT enabled private IPv4 address available.
5Port restricted IPv4 address and single NAT enabled IPv4 address available.
6Port restricted IPv4 address and double NAT enabled IPv4 address available.
7 Availability of the IPv4 address is not known.

IPv6Type

IPv6 type address. Enter one of the following values:

0IPv6 address not available.
1IPv6 address available.
2Availability of the IPv6 address is not known.

wlan_id

Command Default

Command History

Examples

Wireless LAN identifier between 1 and 512.

The default values for IPv4 type address is 1.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports only IPv4 address format.

The following example shows how to configure the IP address availability type on an 802.11u HotSpot WLAN:
(Cisco Controller) >config wlan hotspot dot11u ipaddr-type 6 2 6

Related Commands

show wlan

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1213

config Commands

config wlan hotspot dot11u nai-realm

To configure realms for an 802.11u HotSpot WLANs, use the config wlan hotspot dot11u nai-realm
command.
config wlan hotspot dot11u nai-realm {add | delete | modify} {auth-method wlan_id realm-index eap-index
auth-index auth-method auth-parameter | eap-method wlan_id realm-index eap-index eap-method |
realm-name wlan_id realm-index realm}

Syntax Description

add

Adds a realm.

delete

Deletes a realm.

modify

Modifies a realm.

auth-method

Specifies the authentication method used.

wlan_id

Wireless LAN identifier from 1 to 512.

realm-index

Realm index. The range is from 1 to 32.

eap-index

EAP index. The range is from 1 to 4.

auth-index

Authentication index value. The range is from 1 to 10.

auth-method

Authentication method to be used. The range is from 1 to 4. The following options

are available:
1Non-EAP Inner Auth Method
2Inner Auth Type
3Credential Type
4Tunneled EAP Method Credential Type

auth-parameter

Authentication parameter to use. This value depends on the authentication method

used. See the following table for more details.

eap-method

Specifies the Extensible Authentication Protocol (EAP) method used.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1214

OL-31334-01

config Commands

eap-method

EAP Method. The range is from 0 to 7. The following options are available:
0Not Applicable
1Lightweight Extensible Authentication Protocol (LEAP)
2Protected EAP (PEAP)
3EAP-Transport Layer Security (EAP-TLS)
4EAP-FAST (Flexible Authentication via Secure Tunneling)
5EAP for GSM Subscriber Identity Module (EAP-SIM)
6EAP-Tunneled Transport Layer Security (EAP-TTLS)
7EAP for UMTS Authentication and Key Agreement (EAP-AKA)

Command Default

Command History

Usage Guidelines

realm-name

Specifies the name of the realm.

realm

Name of the realm. The realm name should be RFC 4282 compliant. For example,
Cisco. The realm name is case-sensitive and can be up to 255 alphanumeric
characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This table lists the authentication parameters.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1215

config Commands

Table 12: Authentication Parameters

Non-EAP Inner Method(1)

Inner Authentication EAP Method Credential Type(3)/Tunneled EAP

Type(2)
Credential Type(4)

0Reserved

1LEAP

1SIM

1Password authentication
protocol (PAP)

2PEAP

2USIM

3EAP-TLS

3NFC Secure Element

4EAP-FAST

4Hardware Token

2Challenge-Handshake
Authentication Protocol (CHAP)

5EAP-SIM
3Microsoft Challenge
Handshake Authentication Protocol 6EAP-TTLS
(MS-CHAP)
7EAP-AKA
4MSCHAPV2

5Soft Token
6Certificate
7Username/Password
8Reserver
9Anonymous
10Vendor Specific

Examples

The following example shows how to add the Tunneled EAP Method Credential authentication method on
WLAN 4:
(Cisco Controller) >config wlan hotspot dot11u nai-realm add auth-method 4 10 3 5 4 6

Cisco Wireless LAN Controller Command Reference, Release 8.0

1216

OL-31334-01

config Commands

config wlan hotspot dot11u network-type

To configure the network type and internet availability on an 802.11u HotSpot WLAN, use the config wlan
hotspot dot11u network-type command.
config wlan hotspot dot11u network-type wlan_id network-type internet-access

Syntax Description

wlan_id

Wireless LAN identifier from 1 to 512.

network-type

internet-access

Command Default

Command History

Examples

Internet availability status. A value of zero indicates no Internet availability and

1 indicates Internet availability.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the network type and Internet availability on an 802.11u
HotSpot WLAN:
(Cisco Controller) >config wlan hotspot dot11u network-type 2 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1217

config Commands

config wlan hotspot dot11u roam-oi

To configure a roaming consortium Organizational Identifier (OI) list on a 802.11u HotSpot WLAN, use the
config wlan hotspot dot11u roam-oi command.
config wlan hotspot dot11u roam-oi {add wlan_id oi-index oi is-beacon | modify wlan_id oi-index oi
is-beacon | delete wlan_id oi-index}

Syntax Description

Command Default

Command History

Examples

add

Adds an OI.

wlan-id

Wireless LAN identifier from 1 to 512.

oi-index

Index in the range 1 to 32.

Number that must be a valid 6 digit hexadecimal number and 6 bytes in

length. For example, 004096 or AABBDF.

is-beacon

Beacon flag used to add an OI to the beacon. 0 indicates disable and 1

indicates enable. You can add a maximum of 3 OIs for a WLAN with this
flag set.

modify

Modifies an OI.

delete

Deletes an OI.

None.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the roaming consortium OI list:
(Cisco Controller) >config wlan hotspot dot11u roam-oi add 4 10 004096 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1218

OL-31334-01

config Commands

config wlan hotspot hs2

To configure the HotSpot2 parameters, use the config wlan hotspot hs2 command.
config wlan hotspot hs2 {disable wlan_id | enable wlan_id | operator-name {add wlan_id index
operator_name language-code | delete wlan_id index | modify wlan_id index operator-name language-code}
| port-config {add wlan_id port_config_index ip-protocol port-number status | delete wlan_id
port-config-index | modify wlan_id port-config-index ip-protocol port-number status} | wan-metrics wlan_id
link-status symet-link downlink-speed uplink-speed }

Syntax Description

disable

Disables HotSpot2.

wlan-id

Wireless LAN identifier from 1 to 512.

enable

Enables HotSpot2.

operator-name

Specifies the name of the 802.11 operator.

add

Adds the operator name, port configuration, or WAN metrics

parameters to the WLAN configuration.

index

Index of the operator. The range is from 1 to 32.

operator-name

Name of the operator.

language-code

Language used. An ISO-14962-1997 encoded string that

defines the language. This string is a three character
language code. Enter the first three letters of the language
in English. For example, eng for English.

delete

Deletes the operator name, port configuration, or WAN

metrics parameters from the WLAN.

modify

Modifies the operator name, port configuration, or WAN

metrics parameters of the WLAN.

port-config

Configures the port configuration values.

port_config_index

Port configuration index. The range is from 1 to 32. The

default value is 1.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1219

config Commands

ip-protocol

Protocol to use. This parameter provides information on the

connection status of the most commonly used
communication protocols and ports. The following options
are available:
1ICMP
6FTP/SSH/TLS/PPTP-VPN/VoIP
17IKEv2 (IPSec-VPN/VoIP/ESP)
50ESP (IPSec-VPN)

port-number

Port number. The following options are available:

0ICMP/ESP (IPSec-VPN)
20FTP
22SSH
443TLS-VPN
500IKEv2
1723PPTP-VPN
4500IKEv2
5060VoIP

status

Status of the IP port. The following options are available:

0Closed
1Open
2Unknown

wan-metrics

Configures the WAN metrics.

link-status

Link status. The following options are available:

0Unknown
1Link up
2Link down
3Link in test state

symet-link

Symmetric link status. The following options are available:

0Link speed is different for uplink and downlink.
For example: ADSL
1Link speed is the same for uplink and downlink.
For example: DS1

downlink-speed

Downlink speed of the WAN backhaul link in kbps.

Maximum value is 4,194,304 kbps.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1220

OL-31334-01

config Commands

uplink-speed

Command Default

Command History

Examples

Uplink speed of the WAN backhaul link in kbps. The

maximum value is 4,194,304 kbps.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the WAN metrics parameters:
(Cisco Controller) >config wlan hotspot hs2 wan-metrics add 345 1 0 3333

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1221

config Commands

config wlan hotspot msap

To configure the Mobility Service Advertisement Protocol (MSAP) parameters on a WLAN, use the config
wlan hotspot msap command.
config wlan hotspot msap {enable | disable | server-id server_id} wlan_id

Syntax Description

Command Default

Command History

Examples

enable

Enables MSAP on the WLAN.

disable

Disables MSAP on the WLAN.

server-id

Specifies the MSAP server id.

server_id

MSAP server ID. The range is from 1 to 10.

wlan_id

Wireless LAN identifier from 1 to 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable MSAP on a WLAN:

(Cisco Controller) >config wlan hotspot msap enable 4

Cisco Wireless LAN Controller Command Reference, Release 8.0

1222

OL-31334-01

config Commands

config wlan interface

To configure a wireless LAN interface or an interface group, use the config wlan interface command.
config wlan interface {wlan_id | foreignAp} {interface-name | interface-group-name}

Syntax Description

Command Default

Command History

Examples

wlan_id

(Optional) Wireless LAN identifier (1 to 512).

foreignAp

Specifies third-party access points.

interface-name

Interface name.

interface-group-name

Interface group name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure an interface named VLAN901:

(Cisco Controller) >config wlan interface 16 VLAN901

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1223

config Commands

config wlan ipv6 acl

To configure IPv6 access control list (ACL) on a wireless LAN, use the config wlan ipv6 acl command.
config wlan ipv6 acl wlan_id acl_name

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

acl_name

IPv6 ACL name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure an IPv6 ACL for local switching:
(Cisco Controller) >config wlan ipv6 acl 22 acl_sample

Cisco Wireless LAN Controller Command Reference, Release 8.0

1224

OL-31334-01

config Commands

config wlan kts-cac

To configure the Key Telephone System-based CAC policy for a WLAN, use the config wlan kts-cac
command.
config wlan kts-cac {enable | disable} wlan_id

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables the KTS-based CAC policy.

disable

Disables the KTS-based CAC policy.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

To enable the KTS-based CAC policy for a WLAN, ensure that you do the following:
Configure the QoS profile for the WLAN to Platinum by entering the following command:
config wlan qos wlan-id platinum
Disable the WLAN by entering the following command:
config wlan disable wlan-id
Disable FlexConnect local switching for the WLAN by entering the following command:
config wlan flexconnect local-switching wlan-id disable

Examples

The following example shows how to enable the KTS-based CAC policy for a WLAN with the ID 4:
(Cisco Controller) >config wlan kts-cac enable 4

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1225

config Commands

config wlan layer2 acl

To configure a Layer 2 access control list (ACL) on a centrally switched WLAN, use the config wlan acl
layer2 command.
config wlan layer2 aclwlan_id {acl_name | none}

Syntax Description

Command Default

Command History

Usage Guidelines

wlan_id

Wireless LAN identifier. The range is from 1 to 512.

acl_name

Layer2 ACL name. The name can be up to 32 alphanumeric characters.

none

Clears any Layer2 ACL mapped to the WLAN.

None

Release

Modification

7.5

This command was introduced.

You can create a maximum of 16 rules for a Layer 2 ACL.

Examples

The following example shows how to apply a Layer 2 ACL on a WLAN:

(Cisco Controller) >config wlan layer2 acl 1 acl_l2_1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1226

OL-31334-01

config Commands

config wlan learn-ipaddr-cswlan

To configure client IP address learning on a centrally switched WLAN, use theconfig wlan
learn-ipaddr-cswlan command.
config wlan learn-ipaddr-cswlan wlan_id {enable | disable}

Syntax Description

Command Default

Command History

wlan_id

Wireless LAN identifier from 1 to 512.

enable

Enables client IPv4 address learning on the centrally switched WLAN

disable

Disables client IPv4 address learning on the centrally switched WLAN

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports only IPv4 address format.

Usage Guidelines

If the client is configured with Layer 2 encryption, the Cisco WLC cannot learn the client IP address and will
periodically drop the client. Disable this option so that the Cisco WLC maintains the client connection without
waiting to learn the client IP address.

Examples

The following example shows how to enable client IP address learning on a centrally switched WLAN:
(Cisco Controller) >config wlan learn-ipaddr-cswlan 2 enable

Related Commands

show wlan

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1227

config Commands

config wlan ldap

To add or delete a link to a configured Lightweight Directory Access Protocol (LDAP) server, use the config
wlan ldap command.
config wlan ldap {add wlan_id server_id | delete wlan_id {all | server_id}}

Syntax Description

Command Default

Command History

Usage Guidelines

add

Adds a link to a configured LDAP server.

wlan_id

Wireless LAN identifier between 1 and 512.

server_id

LDAP server index.

delete

Removes the link to a configured LDAP server.

all

Specifies all LDAP servers.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Use this command to specify the LDAP server priority for the WLAN.
To specify the LDAP server priority, one of the following must be configured and enabled:
802.1X authentication and Local EAP
Web authentication and LDAP

Note

Examples

Local EAP was introduced in controller software release 4.1; LDAP support on Web
authentication was introduced in controller software release 4.2.

The following example shows how to add a link to a configured LDAP server with the WLAN ID 100 and
server ID 4:
(Cisco Controller) >config wlan ldap add 100 4

Cisco Wireless LAN Controller Command Reference, Release 8.0

1228

OL-31334-01

config Commands

config wlan load-balance

To override the global load balance configuration and enable or disable load balancing on a particular WLAN,
use the config wlan load-balance command.
config wlan load-balance allow {enable | disable} wlan_id

Syntax Description

Command Default

Command History

Examples

enable

Enables band selection on a wireless LAN.

disable

Disables band selection on a wireless LAN.

wlan_id

Wireless LAN identifier between 1 and 512.

Load balancing is enabled by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable band selection on a wireless LAN with WLAN ID 3:
(Cisco Controller) >config wlan load-balance allow enable 3

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1229

config Commands

config wlan mac-filtering

To change the state of MAC filtering on a wireless LAN, use the config wlan mac-filtering command.
config wlan mac-filtering {enable | disable} {wlan_id | foreignAp}

Syntax Description

Command Default

Command History

Examples

enable

Enables MAC filtering on a wireless LAN.

disable

Disables MAC filtering on a wireless LAN.

wlan_id

Wireless LAN identifier from 1 to 512.

foreignAp

Specifies third-party access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the MAC filtering on WLAN ID 1:
(Cisco Controller) >config wlan mac-filtering enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1230

OL-31334-01

config Commands

config wlan max-associated-clients

To configure the maximum number of client connections on a wireless LAN, guest LAN, or remote LAN,
use the config wlan max-associated-clients command.
config wlan max-associated-clients max_clients wlan_id

Syntax Description

Command Default

Command History

Examples

max_clients

Maximum number of client connections to be accepted.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to specify the maximum number of client connections on WLAN ID 2:
(Cisco Controller) >config wlan max-associated-clients 25 2

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1231

config Commands

config wlan max-radio-clients

To configure the maximum number of WLAN client per access point, use the config wlan max-radio-clients
command.
config wlan max-radio-clients max_radio_clients wlan_id

Syntax Description

Command Default

Command History

Examples

max_radio_clients

Maximum number of client connections to be accepted per access point radio.

The valid range is from 1 to 200.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to specify the maximum number of client connections per access point
radio on WLAN ID 2:
(Cisco Controller) >config wlan max-radio-clients 25 2

Cisco Wireless LAN Controller Command Reference, Release 8.0

1232

OL-31334-01

config Commands

config wlan mdns

To configure an multicast DNS (mDNS) profile for a WLAN, use the config wlan mdns command.
config wlan mdns {enable | disable | profile {profile-name | none}} {wlan_id | all}

Syntax Description

Command Default

Command History

enable

Enables mDNS snooping on a WLAN.

disable

Disables mDNS snooping on a WLAN.

profile

Configures an mDNS profile for a WLAN.

profile-name

Name of the mDNS profile to be associated with a WLAN.

none

Removes all existing mDNS profiles from the WLAN. You cannot configure
mDNS profiles on the WLAN.

wlan_id

Wireless LAN identifier from 1 to 512.

all

Configures the mDNS profile for all WLANs.

By default, mDNS snooping is enabled on WLANs.

Release

Modification

7.4

This command was introduced.

Usage Guidelines

You must disable the WLAN before you use this command. Clients receive service advertisements only for
the services associated with the profile. The controller gives the highest priority to the profiles associated to
interface groups, followed by the interface profiles, and then the WLAN profiles. Each client is mapped to a
profile based on the order of priority.

Examples

The following example shows how to configure an mDNS profile for a WLAN.
(Cisco Controller) >config wlan mdns profile profile1 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1233

config Commands

config wlan media-stream

To configure multicast-direct for a wireless LAN media stream, use the config wlan media-stream command.
config wlan media-stream multicast-direct {wlan_id | all} {enable | disable}

Syntax Description

Command Default

Command History

multicast-direct

Configures multicast-direct for a wireless LAN media stream.

wlan_id

Wireless LAN identifier between 1 and 512.

all

Configures the wireless LAN on all media streams.

enable

Enables global multicast to unicast conversion.

disable

Disables global multicast to unicast conversion.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Media stream multicast-direct requires load based Call Admission Control (CAC) to run. WLAN quality of
service (QoS) needs to be set to either gold or platinum.

Examples

The following example shows how to enable the global multicast-direct media stream with WLAN ID 2:
(Cisco Controller) >config wlan media-stream multicast-direct 2 enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1234

OL-31334-01

config Commands

config wlan mfp

To configure management frame protection (MFP) options for the wireless LAN, use the config wlan mfp
command.
config wlan mfp {client [enable | disable] wlan_id | infrastructure protection [enable | disable] wlan_id}

Syntax Description

Command Default

Command History

Examples

client

Configures client MFP for the wireless LAN.

enable

(Optional) Enables the feature.

disable

(Optional) Disables the feature.

wlan_id

Wireless LAN identifier (1 to 512).

infrastructure protection

(Optional) Configures the infrastructure MFP for the wireless LAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure client management frame protection for WLAN ID 1:
(Cisco Controller) >config wlan mfp client enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1235

config Commands

config wlan mobility anchor

To change the state of MAC filtering on a wireless LAN, use the config wlan mobility anchor command.
config wlan mobility anchor {add | delete} wlan_id ip_addr

Syntax Description

Command Default

Command History

Examples

add

Enables MAC filtering on a wireless LAN.

delete

Disables MAC filtering on a wireless LAN.

wlan_id

Wireless LAN identifier between 1 and 512.

ip_addr

Member switch IPv4 address for anchoring the wireless LAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports only IPv4 address format.

The following example shows how to configure the mobility wireless LAN anchor list with WLAN ID 4 and
IPv4 address 192.168.0.14
(Cisco Controller) >config wlan mobility anchor add 4 192.168.0.14

Related Commands

show wlan

Cisco Wireless LAN Controller Command Reference, Release 8.0

1236

OL-31334-01

config Commands

config wlan mobility foreign-map

To configure interfaces or interface groups for foreign Cisco WLCs, use the config wlan mobility foreign-map
command.
config wlan mobility foreign-map {add | delete} wlan_id foreign_mac_address {interface_name |
interface_group_name}

Syntax Description

Command Default

Command History

Examples

add

Adds an interface or interface group to the map of foreign controllers.

delete

Deletes an interface or interface group from the map of foreign controllers.

wlan_id

Wireless LAN identifier from 1 to 512.

foreign_mac_address

Foreign switch MAC address on a WLAN.

interface_name

Interface name up to 32 alphanumeric characters.

interface_group_name

Interface group name up to 32 alphanumeric characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add an interface group for foreign Cisco WLCs with WLAN ID 4 and
a foreign switch MAC address on WLAN 00:21:1b:ea:36:60:
(Cisco Controller) >config wlan mobility foreign-map add 4 00:21:1b:ea:36:60 mygroup1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1237

config Commands

config wlan multicast buffer

To configure the radio multicast packet buffer size, use the config wlan multicast buffer command.
config wlan multicast buffer {enable | disable} buffer-size

Syntax Description

Command Default

Command History

Examples

enable

Enables the multicast interface feature for a wireless LAN.

disable

Disables the multicast interface feature on a wireless LAN.

buffer-size

Radio multicast packet buffer size. The range is from 30 to 60. Enter 0 to indicate
APs will dynamically adjust the number of buffers allocated for multicast.

wlan_id

Wireless LAN identifier between 1 and 512.

The default buffer size is 30

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure radio multicast buffer settings:
(Cisco Controller) >config wlan multicast buffer enable 45 222

Cisco Wireless LAN Controller Command Reference, Release 8.0

1238

OL-31334-01

config Commands

config wlan multicast interface

To configure a multicast interface for a wireless LAN, use the config wlan multicast interface command.
config wlan multicast interface wlan_id {enable | disable} interface_name

Syntax Description

wlan_id

Wireless LAN identifier between 1 and 512.

enable

Enables multicast interface feature for a wireless LAN.

delete

Disables multicast interface feature on a wireless LAN.

interface_name

Interface name.
Note

Command Default

Command History

Examples

The interface name can only be specified in lower case

characters.

Multicast is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the multicast interface feature for a wireless LAN with WLAN
ID 4 and interface name myinterface1:
(Cisco Controller) >config wlan multicast interface 4 enable myinterface1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1239

config Commands

config wlan nac

To enable or disable Network Admission Control (NAC) out-of-band support for a WLAN, use the config
wlan nac command.
config wlan nac {snmp | radius} {enable | disable} wlan_id

Syntax Description

Command Default

Command History

snmp

Configures SNMP NAC support.

radius

Configures RADIUS NAC support.

enable

Enables NAC for the WLAN.

disable

Disables NAC for the WLAN.

wlan_id

WLAN identifier from 1 to 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You should enable AAA override before you enable the RADIUS NAC state. You also should disable
FlexConnect local switching before you enable the RADIUS NAC state.

Examples

The following example shows how to configure SNMP NAC support for WLAN 13:
(Cisco Controller) >config wlan nac snmp enable 13

The following example shows how to configure RADIUS NAC support for WLAN 34:
(Cisco Controller) >config wlan nac radius enable 20

Cisco Wireless LAN Controller Command Reference, Release 8.0

1240

OL-31334-01

config Commands

config wlan override-rate-limit

To override the bandwidth limits for upstream and downstream traffic per user and per service set identifier
(SSID) defined in the QoS profile, use the config wlan override-rate-limit command.
config wlan override-rate-limit wlan_id { average-data-rate | average-realtime-rate | burst-data-rate |
burst-realtime-rate } { per-ssid | per-client } { downstream | upstream } rate

Syntax Description

Command Default

Command History

Usage Guidelines

wlan_id

Wireless LAN identifier between 1 and 512.

average-data-rate

Specifies the average data rate for TCP traffic per user or
per SSID. The range is from 0 to 51,2000 Kbps.

average-realtime-rate

Specifies the average real-time data rate for UDP traffic

per user or per SSID. The range is from 0 to 51,2000 Kbps.

burst-data-rate

Specifies the peak data rate for TCP traffic per user or per
SSID. The range is from 0 to 51,2000 Kbps.

burst-realtime-rate

Specifies the peak real-time data rate for UDP traffic per
user or per SSID. The range is from 0 to 51,2000 Kbps.

per-ssid

Configures the rate limit for an SSID per radio. The

combined traffic of all clients will not exceed this limit.

per-client

Configures the rate limit for each client associated with the
SSID.

downstream

Configures the rate limit for downstream traffic.

upstream

Configures the rate limit for upstream traffic.

rate

Data rate for TCP or UDP traffic per user or per SSID. The
range is form 0 to 51,2000 Kbps. A value of 0 imposes no
bandwidth restriction on the QoS profile.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The rate limits are enforced by the controller and the AP. For central switching, the controller handles the
downstream enforcement of per-client rate limit and the AP handles the enforcement of the upstream traffic

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1241

config Commands

and per-SSID rate limit for downstream traffic. When the AP enters standalone mode it handles the downstream
enforcement of per-client rate limits too.
In FlexConnect local switching and standalone modes, per-client and per-SSID rate limiting is done by the
AP for downstream and upstream traffic. However, in FlexConnect standalone mode, the configuration is not
saved on the AP, so when the AP reloads, the configuration is lost and rate limiting does not happen after
reboot.
For roaming clients, if the client roams between the APs on the same controller, same rate limit parameters
are applied on the client. However, if the client roams from an anchor to a foreign controller, the per-client
downstream rate limiting uses the parameters configured on the anchor controller while upstream rate limiting
uses the parameters of the foreign controller.

Examples

The following example shows how to configure the burst real-time actual rate 2000 Kbps for the upstream
traffic per SSID:
(Cisco Controller) >config wlan override-rate-limit 2 burst-realtime-rate per-ssid upstream
2000

Cisco Wireless LAN Controller Command Reference, Release 8.0

1242

OL-31334-01

config Commands

config wlan passive-client

To configure passive-client feature on a wireless LAN, use the config wlan passive-client command.
config wlan passive-client {enable | disable} wlan_id

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

enable

Enables the passive-client feature on a WLAN.

disable

Disables the passive-client feature on a WLAN.

wlan_id

WLAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

You need to enable the global multicast mode and multicast-multicast mode by using the config network
multicast global and config network multicast mode commands before entering this command.

You should configure the multicast in multicast-multicast mode only not in unicast mode. The passive
client feature does not work with multicast-unicast mode in this release.

The following example shows how to configure the passive client on wireless LAN ID 2:
(Cisco Controller) >config wlan passive-client enable 2

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1243

config Commands

config wlan peer-blocking

To configure peer-to-peer blocking on a WLAN, use the config wlan peer-blocking command.
config wlan peer-blocking {disable | drop | forward-upstream} wlan_id

Syntax Description

Command Default

Command History

Examples

disable

Disables peer-to-peer blocking and bridge traffic locally within the controller
whenever possible.

drop

Causes the controller to discard the packets.

forward-upstream

Causes the packets to be forwarded on the upstream VLAN. The device above
the controller decides what action to take regarding the packets.

wlan_id

WLAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable the peer-to-peer blocking for WLAN ID 1:
(Cisco Controller) >config wlan peer-blocking disable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1244

OL-31334-01

config Commands

config wlan pmipv6 default-realm

To configure a default realm for a PMIPv6 WLAN, use the config wlan pmipv6 default-realm command.
config wlan pmipv6 default-realm { default-realm-name | none } wlan_id

Syntax Description

Command Default

Command History

Examples

default-realm-name Default realm name for the WLAN.

none

Clears the realm name for the WLAN.

wlan_id

Wireless LAN identifier between 1 and 512.

None.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure a default realm name on a PMIPv6 WLAN:
(Cisco Controller) >config wlan pmipv6 default-realm XYZ 6

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1245

config Commands

config wlan pmipv6 mobility-type

To configure the mobility type on a WLAN, use the config wlan pmipv6 mobility-type command.
config wlan pmipv6 mobility-type {none | pmipv6 } { wlan_id | all }

Syntax Description

Command Default

Command History

none

Configures a WLAN with Simple IP mobility.

pmipv6

Configures a WLAN with PMIPv6 mobility.

all

Enables the specified type of mobility for all WLANs.

wlan_id

WLAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You must disable the WLAN when you configure the mobility type.

Examples

The following example shows how to configure the mobility type as PMIPv6 on a WLAN:
(Cisco Controller) >config wlan pmipv6 mobility-type pmipv6 16

Cisco Wireless LAN Controller Command Reference, Release 8.0

1246

OL-31334-01

config Commands

config wlan pmipv6 profile_name

To configure a profile name for the PMIPv6 WLAN, use the config wlan pmipv6 profile_name command.
config wlan pmipv6 profile_name profile_name wlan_id

Syntax Description

Command Default

Command History

profile_name

Profile name for the PMIPv6 WLAN.

wlan_id

Wireless LAN identifier from 1 to 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This command binds a profile name to the PMIPv6 WLAN or SSID. Each time that a mobile node associates
with the controller, it uses the profile name and NAI in the trigger to the PMIPV6 module. The PMIPV6
module extracts all the profile specific parameters such as LMA IP, APN, and NAI and sends the PBU to the
ASR5K.

Examples

The following example shows how to create a profile named ABC01 on a PMIPv6 WLAN:
(Cisco Controller) >config wlan pmipv6 profile_name ABC01 16

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1247

config Commands

config wlan policy

To configure a policy on a WLAN, use the config wlan policy command.
config wlan policy {add | delete} priority-index wlan-id

Syntax Description

Command Default

Command History

add

Adds a policy on a WLAN.

delete

Deletes an existing policy from a WLAN.

priority-index

Priority index of the policy to be configured on the WLAN. The

policies are applied to the clients according to the priority index.
The range is from 1 to 16.

policy_name

Name of the profiling policy.

wlan-id

WLAN identifier from 1 to 512.

There is no WLAN policy.

Release

Modification

7.5

This command was introduced.

Usage Guidelines

You can apply up to 16 policies on a WLAN.

Examples

The following example shows how to configure a policy on a WLAN:

(Cisco Controller) >config wlan policy add 1 teacher_policy 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1248

OL-31334-01

config Commands

config wlan profile

To edit a profile associated to a WLAN, use the config wlan profile command.
config wlan profile wlan_id profile-name

Syntax Description

Command Default

Command History

Examples

wlan_id

WLAN identifier from 1 to 512.

profile-name

Name of the WLAN profile.

None

Release

Modification

8.0

This command was introduced.

The following example shows how to edit a profile associated to a WLAN:

(Cisco Controller) > config wlan disable 1
(Cisco Controller) > config wlan profile 1 new_sample
(Cisco Controller) > show wlan summary
Number of WLANs.................................. 1
WLAN ID
------1

WLAN Profile Name / SSID

------------------------new_sample / new_samp

Status
-------Disabled

Interface Name
--------------management

PMIPv6 Mobility
--------------none

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1249

config Commands

config wlan profiling

To configure client profiling on a WLAN, use the config wlan profiling command.
config wlan profiling {local | radius} {all | dhcp | http} {enable | disable} wlan_id

Syntax Description

local

Configures client profiling in Local mode for a WLAN.

radius

Configures client profiling in RADIUS mode on a WLAN.

all

Configures DHCP and HTTP client profiling in a WLAN.

dhcp

Configures DHCP client profiling alone in a WLAN.

http

Configures HTTP client profiling in a WLAN.

enable

Enables the specific type of client profiling in a WLAN.

When you enable HTTP profiling, the Cisco WLC collects
the HTTP attributes of clients for profiling.
When you enable DHCP profiling, the Cisco WLC collects
the DHCP attributes of clients for profiling.

disable

Disables the specific type of client profiling in a WLAN.

wlan_id

Wireless LAN identifier from 1 to 512.

Usage Guidelines

Ensure that you have disabled the WLAN before configuring client profiling on the WLAN.

Command Default

Client profiling is disabled.

Command History

Usage Guidelines

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Only clients connected to port 80 for HTTP can be profiled. IPv6 only clients are not profiled.
If a session timeout is configured for a WLAN, clients must send the HTTP traffic before the configured
timeout to get profiled.
This feature is not supported on the following:
FlexConnect Standalone mode
FlexConnect Local Authentication

Cisco Wireless LAN Controller Command Reference, Release 8.0

1250

OL-31334-01

config Commands

Examples

The following example shows how to enable both DHCP and HTTP profiling on a WLAN:
(Cisco Controller) >config wlan profiling radius all enable 6
HTTP Profiling successfully enabled.
DHCP Profiling successfully enabled.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1251

config Commands

config wlan qos

To change the quality of service (QoS) for a wireless LAN, use the config wlan qos command.
config wlan qos wlan_id {bronze | silver | gold | platinum}
config wlan qos foreignAp {bronze | silver | gold | platinum}

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

bronze

Specifies the bronze QoS policy.

silver

Specifies the silver QoS policy.

gold

Specifies the gold QoS policy.

platinum

Specifies the platinum QoS policy.

foreignAp

Specifies third-party access points.

The default QoS policy is silver.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the highest level of service on wireless LAN 1:
(Cisco Controller) >config wlan qos 1 gold

Cisco Wireless LAN Controller Command Reference, Release 8.0

1252

OL-31334-01

config Commands

config wlan radio

To set the Cisco radio policy on a wireless LAN, use the config wlan radio command.
config wlan radio wlan_id {all | 802.11a | 802.11bg | 802.11g | 802.11ag}

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

all

Configures the wireless LAN on all radio bands.

802.11a

Configures the wireless LAN on only 802.11a.

802.11bg

Configures the wireless LAN on only 802.11b/g (only 802.11b if 802.11g is

disabled).

802.11g

Configures the wireless LAN on 802.11g only.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the wireless LAN on all radio bands:
(Cisco Controller) >config wlan radio 1 all

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1253

config Commands

config wlan radius_server acct

To configure RADIUS accounting servers of a WLAN, use the config wlan radius_server acct command.
config wlan radius_server acct {enable | disable} wlan_id | add wlan_id server_id | delete wlan_id {all |
server_id} | framed-ipv6 { address | both | prefix } wlan_id}

Syntax Description

Command Default

Command History

Examples

enable

Enables RADIUS accounting for the WLAN.

disable

Disables RADIUS accounting for the WLAN.

wlan_id

Wireless LAN identifier from 1 to 512.

add

Adds a link to a configured RADIUS accounting server.

server_id

RADIUS server index.

delete

Deletes a link to a configured RADIUS accounting server.

address

Configures an accounting framed IPv6 attribute to an IPv6 address.

both

Configures the accounting framed IPv6 attribute to an IPv6 address and prefix.

prefix

Configures the accounting framed IPv6 attribute to an IPv6 prefix.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable RADIUS accounting for the WLAN 2:
(Cisco Controller) >config wlan radius_server acct enable 2

The following example shows how to add a link to a configured RADIUS accounting server:
(Cisco Controller) > config wlan radius_server acct add 2 5

Cisco Wireless LAN Controller Command Reference, Release 8.0

1254

OL-31334-01

config Commands

config wlan radius_server acct interim-update

To configure the interim update of a RADIUS accounting server of a WLAN, use the config wlan
radius_server acct interim-update command.
config wlan radius_serveracctinterim-update {interval | enable | disable} wlan_id

Syntax Description

Command Default

Command History

Examples

interim-update

Configures the interim update of the RADIUS accounting server.

interval

Interim update interval that you specify. The valid range is 180 seconds to 3600
seconds.

enable

Enables interim update of the RADIUS accounting server for the WLAN.

disable

Disables interim update of the RADIUS accounting server for the WLAN.

wlan_id

Wireless LAN identifier between 1 and 512.

Interim update of a RADIUS accounting sever is set at 600 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to specify an interim update of 200 seconds to a RADIUS accounting
server of WLAN 2:
(Cisco Controller) >config wlan radius_server acct interim-update 200 2

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1255

config Commands

config wlan radius_server auth

To configure RADIUS authentication servers of a WLAN, use the config wlan radius_server auth command.
config wlan radius_server auth {enable wlan_id | disable wlan_id} {add wlan_id server_id | delete wlan_id
{all | server_id}}

Syntax Description

Command Default

Command History

Examples

auth

Configures a RADIUS authentication

enable

Enables RADIUS authentication for this WLAN.

wlan_id

Wireless LAN identifier from 1 to 512.

disable

Disables RADIUS authentication for this WLAN.

add

Adds a link to a configured RADIUS server.

server_id

RADIUS server index.

delete

Deletes a link to a configured RADIUS server.

all

Deletes all links to configured RADIUS servers.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add a link to a configured RADIUS authentication server with WLAN
ID 1 and Server ID 1:
(Cisco Controller) >config wlan radius_server auth add 1 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1256

OL-31334-01

config Commands

config wlan radius_server acct interim-update

To configure a wireless LANs RADIUS servers, use the config wlan radius_server acct interim-update
command.
config wlan radius_serveracct interim-update {enable wlan_id | disable wlan_id} {interval wlan_id}

Syntax Description

Command Default

Command History

enable

Enables RADIUS authentication or accounting for this WLAN.

wlan_id

Wireless LAN identifier between 1 and 512.

disable

Disables RADIUS authentication or accounting for this WLAN.

interval

Accounting interim interval between 180 to 3600 seconds.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This command helps to set some time as a default if the timeout interval is not specified.

Examples

The following example shows how to force the 10 minutes as the default, if timeout interval is not specified:
(Cisco Controller) >config wlan radius_server acct interim-update 600 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1257

config Commands

config wlan radius_server overwrite-interface

To configure a wireless LANs RADIUS dynamic interface, use the config wlan radius_server
overwrite-interface command.
config wlan radius_server overwrite-interface {apgroup | enable | disable | wlan} wlan_id

Syntax Description

Command Default

Command History

Usage Guidelines

apgroup

Enables AP group's interface for all RADIUS traffic on the WLAN.

enable

Enables RADIUS dynamic interface for this WLAN.

disable

Disables RADIUS dynamic interface for this WLAN.

wlan

Enables WLAN's interface for all RADIUS traffic on the WLAN.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The controller uses the management interface as identity. If the RADIUS server is on a directly connected
dynamic interface, the traffic is sourced from the dynamic interface. Otherwise, the management IP address
is used.
If the feature is enabled, controller uses the interface specified on the WLAN configuration as identity and
source for all RADIUS related traffic on the WLAN.

Examples

The following example shows how to enable RADIUS dynamic interface for a WLAN with an ID 1:
(Cisco Controller) >config wlan radius_server overwrite-interface enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1258

OL-31334-01

config Commands

config wlan roamed-voice-client re-anchor

To configure a roamed voice clients reanchor policy, use the config wlan roamed-voice-client re-anchor
command.
config wlan roamed-voice-client re-anchor {enable | disable} wlan_id

Syntax Description

Command Default

Command History

Examples

enable

Enables the roamed clients reanchor policy.

disable

Disables the roamed clients reanchor policy.

wlan_id

Wireless LAN identifier between 1 and 512.

The roamed client reanchor policy is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable a roamed voice clients reanchor policy where WLAN ID is 1:
(Cisco Controller) >config wlan roamed-voice-client re-anchor enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1259

config Commands

config wlan security 802.1X

To change the state of 802.1X security on the wireless LAN Cisco radios, use the config wlan security 802.1X
command.
config wlan security 802.1X {enable {wlan_id | foreignAp} | disable {wlan_id | foreignAp} | encryption
{wlan_id | foreignAp} {0 | 40 | 104} | on-macfilter-failure {enable | disable}}

Syntax Description

enable

Enables the 802.1X settings.

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

disable

Disables the 802.1X settings.

encryption

Specifies the static WEP keys and indexes.

Specifies a WEP key size of 0 (no encryption) bits. The default

value is 104.
Note

Specifies a WEP key size of 40 bits. The default value is 104.

Note

Cisco Wireless LAN Controller Command Reference, Release 8.0

1260

OL-31334-01

config Commands

Usage Guidelines

To change the encryption level of 802.1X security on the wireless LAN Cisco radios, use the following key
sizes:
0no 802.1X encryption.
4040/64-bit encryption.
104104/128-bit encryption. (This is the default encryption setting.)

Examples

The following example shows how to configure 802.1X security on WLAN ID 16.
(Cisco Controller) >config wlan security 802.1X enable 16

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1261

config Commands

config wlan security ckip

To configure Cisco Key Integrity Protocol (CKIP) security options for the wireless LAN, use the config wlan
security ckip command.
config wlan security ckip {enable | disable} wlan_id [akm psk set-key {hex | ascii} {40 | 104} key
key_index wlan_id | mmh-mic {enable | disable} wlan_id | kp {enable | disable} wlan_id]

Syntax Description

Command Default

Command History

enable

Enables CKIP security.

disable

Disables CKIP security.

wlan_id

Wireless LAN identifier from 1 to 512.

akm psk set-key

(Optional) Configures encryption key management for the CKIP wireless LAN.

hex

Specifies a hexadecimal encryption key.

ascii

Specifies an ASCII encryption key.

Sets the static encryption key length to 40 bits for the CKIP WLAN. 40-bit keys must
contain 5 ASCII text characters or 10 hexadecimal characters.

104

Sets the static encryption key length to 104 bits for the CKIP WLAN. 104-bit keys must
contain 13 ASCII text characters or 26 hexadecimal characters.

key

Specifies the CKIP WLAN key settings.

key_index

Configured PSK key index.

mmh-mic

(Optional) Configures multi-modular hash message integrity check (MMH MIC)

validation for the CKIP wireless LAN.

(Optional) Configures key-permutation for the CKIP wireless LAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

Syntax Description

Command Default

Command History

enable

Enables 802.11r fast transition roaming support.

disable

Disables 802.11r fast transition roaming support.

reassociation-timeout

Configures reassociation deadline interval.

timeout-in-seconds

Reassociation timeout value in seconds. The valid range

is 1 to 100 seconds.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Ensure that you have disabled the WLAN before you proceed.

Examples

The following example shows how to enable 802.11r fast transition roaming support on WLAN 2:
(Cisco Controller) >config wlan security ft enable 2

Cisco Wireless LAN Controller Command Reference, Release 8.0

1266

OL-31334-01

config Commands

config wlan security ft over-the-ds

To configure 802.11r fast transition parameters over a distributed system, use the config wlan security ft
over-the-ds command.
config wlan security ft over-the-ds {enable | disable} wlan_id

Syntax Description

enable

Enables 802.11r fast transition roaming support over a distributed system.

disable

Disables 802.11r fast transition roaming support over a distributed system.

wlan_id

Wireless LAN identifier between 1 and 512.

Command Default

Enabled.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Ensure that you have disabled the WLAN before you proceed.
Ensure that 802.11r fast transition is enabled on the WLAN.

Examples

The following example shows how to enable 802.11r fast transition roaming support over a distributed system
on WLAN ID 2:
(Cisco Controller) >config wlan security ft over-the-ds enable 2

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1267

config Commands

config wlan security IPsec disable

To disable IPsec security, use the config wlan security IPsec disable command.
config wlan security IPsec disable {wlan_id | foreignAp}

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable the IPsec for WLAN ID 16:
(Cisco Controller) >config wlan security IPsec disable 16

Cisco Wireless LAN Controller Command Reference, Release 8.0

1268

OL-31334-01

config Commands

config wlan security IPsec enable

To enable IPsec security, use the config wlan security IPsec enable command.
config wlan security IPsec enable {wlan_id | foreignAp}

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the IPsec for WLAN ID 16:
(Cisco Controller) >config wlan security IPsec enable 16

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1269

config Commands

config wlan security IPsec authentication

To modify the IPsec security authentication protocol used on the wireless LAN, use the config wlan security
IPsec authentication command.
config wlan security IPsec authentication {hmac-md5 | hmac-sha-1} {wlan_id | foreignAp}

Syntax Description

Command Default

Command History

Examples

hmac-md5

Specifies the IPsec HMAC-MD5 authentication protocol.

hmac-sha-1

Specifies the IPsec HMAC-SHA-1 authentication protocol.

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the IPsec HMAC-SHA-1 security authentication parameter
for WLAN ID 1:
(Cisco Controller) >config wlan security IPsec authentication hmac-sha-1 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1270

OL-31334-01

config Commands

config wlan security IPsec encryption

To modify the IPsec security encryption protocol used on the wireless LAN, use the config wlan security
IPsec encryption command.
config wlan security IPsec encryption {3des | aes | des} {wlan_id | foreignAp}

Syntax Description

Command Default

Command History

Examples

3des

Enables IPsec 3DES encryption.

aes

Enables IPsec AES 128-bit encryption.

des

Enables IPsec DES encryption.

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the IPsec AES encryption:
(Cisco Controller) >config wlan security IPsec encryption aes 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1271

config Commands

config wlan security IPsec config

To configure the proprietary Internet Key Exchange (IKE) CFG-Mode parameters used on the wireless LAN,
use the config wlan security IPsec config command.
config wlan security IPsec config qotd ip_address {wlan_id | foreignAp}

Syntax Description

Command Default

Command History

qotd

Configures the quote-of-the day server IP for cfg-mode.

ip_address

Quote-of-the-day server IP for cfg-mode.

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

IKE is used as a method of distributing the session keys (encryption and authentication), as well as providing
a way for the VPN endpoints to agree on how the data should be protected. IKE keeps track of connections
by assigning a bundle of Security Associations (SAs), to each connection.

Examples

The following example shows how to configure the quote-of-the-day server IP 44.55.66.77 for cfg-mode for
WLAN 1:
(Cisco Controller) >config wlan security IPsec config qotd 44.55.66.77 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1272

OL-31334-01

config Commands

config wlan security IPsec ike authentication

To modify the IPsec Internet Key Exchange (IKE) authentication protocol used on the wireless LAN, use the
config wlan security IPsec ike authentication command.
config wlan security IPsec ike authentication {certificates {wlan_id | foreignAp} | pre-share-key {wlan_id
| foreignAp} key | xauth-psk {wlan_id | foreignAp} key}

Syntax Description

Command Default

Command History

Examples

certificates

Enables the IKE certificate mode.

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

pre-share-key

Enables the IKE Xauth with preshared keys.

xauth-psk

Enables the IKE preshared key.

key

Key required for preshare and xauth-psk.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the IKE certification mode:
(Cisco Controller) >config wlan security IPsec ike authentication certificates 16

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1273

config Commands

config wlan security IPsec ike dh-group

To modify the IPsec Internet Key Exchange (IKE) Diffie Hellman group used on the wireless LAN, use the
config wlan security IPsec ike dh-group command.
config wlan security IPsec ike dh-group {wlan_id | foreignAp} {group-1 | group-2 | group-5}

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

group-1

Specifies DH group 1 (768 bits).

group-2

Specifies DH group 2 (1024 bits).

group-5

Specifies DH group 5 (1536 bits).

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the Diffe Hellman group parameter for group-1:
(Cisco Controller) >config wlan security IPsec ike dh-group 1 group-1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1274

OL-31334-01

config Commands

config wlan security IPsec ike lifetime

To modify the IPsec Internet Key Exchange (IKE) lifetime used on the wireless LAN, use the config wlan
security IPsec ike lifetime command.
config wlan security IPsec ike lifetime {wlan_id | foreignAp} seconds

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

seconds

IKE lifetime in seconds, between 1800 and 345600.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the IPsec IKE lifetime use on the wireless LAN:
(Cisco Controller) >config wlan security IPsec ike lifetime 1 1900

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1275

config Commands

config wlan security IPsec ike phase1

To modify IPsec Internet Key Exchange (IKE) Phase 1 used on the wireless LAN, use the config wlan security
IPsec ike phase1 command.
config wlan security IPsec ike phase1 {aggressive | main} {wlan_id | foreignAp}

Syntax Description

Command Default

Command History

Examples

aggressive

Enables the IKE aggressive mode.

main

Enables the IKE main mode.

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to modify IPsec IKE Phase 1:

(Cisco Controller) >config wlan security IPsec ike phase1 aggressive 16

Cisco Wireless LAN Controller Command Reference, Release 8.0

1276

OL-31334-01

config Commands

config wlan security IPsec ike contivity

To modify Nortels Contivity VPN client support on the wireless LAN, use the config wlan security IPsec
ike contivity command.
config wlan security IPsec ike contivity {enable | disable} {wlan_id | foreignAp}

Syntax Description

Command Default

Command History

Examples

enable

Enables contivity support for this WLAN.

disable

Disables contivity support for this WLAN.

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to modify Contivity VPN client support:
(Cisco Controller) >config wlan security IPsec ike contivity enable 14

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1277

config Commands

config wlan security passthru

To modify the IPsec pass-through used on the wireless LAN, use the config wlan security passthru command.
config wlan security passthru {enable | disable} {wlan_id | foreignAp} [ip_address]

Syntax Description

Command Default

Command History

Examples

enable

Enables IPsec pass-through.

disable

Disables IPsec pass-through.

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

ip_address

(Optional) IP address of the IPsec gateway (router) that is terminating the VPN
tunnel.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to modify IPsec pass-through used on the wireless LAN:
(Cisco Controller) >config wlan security passthru enable 3 192.12.1.1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1278

OL-31334-01

config Commands

config wlan security pmf

To configure 802.11w Management Frame Protection (MFP) on a WLAN, use the config wlan security pmf
command.
config wlan security pmf {disable | optional | required | association-comeback
association-comeback_timeout | saquery-retrytimeout saquery-retry_timeout} wlan_id

Syntax Description

disable

Disables 802.11w MFP protection on a WLAN.

optional

Enables 802.11w MFP protection on a WLAN.

required

Requires clients to negotiate 802.11w MFP protection on a WLAN.

association-comeback

Configures the 802.11w association comeback time.

association-comeback_timeout Association comeback interval in seconds. Time interval that an associated

client must wait before the association is tried again after it is denied with a
status code 30. The status code 30 message is "Association request rejected
temporarily; Try again later.
The range is from 1 to 20 seconds.

Command Default

saquery-retrytimeout

Configures the 802.11w Security Association (SA) query retry timeout.

saquery-retry_timeout

Time interval identified in the association response to an already associated

client before the association can be tried again. This time interval checks if
the client is a real client and not a rogue client during the association
comeback time. If the client does not respond within this time, the client
association is deleted from the controller. The range is from 100 to 500 ms.

wlan_id

Wireless LAN identifier from 1 to 512.

Default SA query retry timeout is 200 milliseconds.

Default association comeback timeout is 1 second.

Command History

Usage Guidelines

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

802.11w introduces an Integrity Group Temporal Key (IGTK) that is used to protect broadcast or multicast
robust management frames. IGTK is a random value, assigned by the authenticator station (controller) used
to protect MAC management protocol data units (MMPDUs) from the source STA. The 802.11w IGTK key

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1279

config Commands

is derived using the four way handshake and is used only on WLANs that are configured with WPA or WPA2
security at Layer 2.

Examples

The following example shows how to enable 802.11w MFP protection on a WLAN:
(Cisco Controller) > config wlan security pmf optional 1

Examples

The following example shows how to configure the SA query retry timeout on a WLAN:
(Cisco Controller) > config wlan security pmf saquery-retrytimeout 300 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1280

OL-31334-01

config Commands

config wlan security splash-page-web-redir

To enable or disable splash page web redirect, use the config wlan security splash-page-web-redir command.
config wlan security splash-page-web-redir {enable | disable} wlan_id

Syntax Description

Command Default

Command History

Examples

enable

Enables splash page web redirect.

disable

Disables splash page web redirect.

wlan_id

Wireless LAN identifier between 1 and 512.

Splash page web redirect is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable spash page web redirect:
(Cisco Controller) >config wlan security splash-page-web-redir enable 2

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1281

config Commands

config wlan security static-wep-key authentication

To configure static Wired Equivalent Privacy (WEP) key 802.11 authentication on a wireless LAN, use the
config wlan security static-wep-key authentication command.
config wlan security static-wep-key authentication {shared-key | open} wlan_id

Syntax Description

Command Default

Command History

Examples

shared-key

Enables shared key authentication.

open

Enables open system authentication.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the static WEP shared key authentication for WLAN ID 1:
(Cisco Controller) >config wlan security static-wep-key authentication shared-key 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1282

OL-31334-01

config Commands

config wlan security static-wep-key disable

To disable the use of static Wired Equivalent Privacy (WEP) keys, use the config wlan security static-wep-key
disable command.
config wlan security static-wep-key disable wlan_id

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable the static WEP keys for WLAN ID 1:
(Cisco Controller) >config wlan security static-wep-key disable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1283

config Commands

config wlan security static-wep-key enable

To enable the use of static Wired Equivalent Privacy (WEP) keys, use the config wlan security static-wep-key
enable command.
config wlan security static-wep-key enable wlan_id

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the use of static WEK keys for WLAN ID 1:
(Cisco Controller) >config wlan security static-wep-key enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1284

OL-31334-01

config Commands

config wlan security static-wep-key encryption

To configure the static Wired Equivalent Privacy (WEP) keys and indexes, use the config wlan security
static-wep-key encryption command.
config wlan security static-wep-key encryption wlan_id {40 | 104} {hex | ascii} key key-index

Syntax Description

Command Default

Command History

Usage Guidelines

wlan_id

Wireless LAN identifier from 1 to 512.

Specifies the encryption level of 40.

104

Specifies the encryption level of 104.

hex

Specifies to use hexadecimal characters to enter key.

ascii

Specifies whether to use ASCII characters to enter key.

key

WEP key in ASCII.

key-index

Key index (1 to 4).

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

One unique WEP key index can be applied to each wireless LAN. Because there are only four WEP key
indexes, only four wireless LANs can be configured for static WEP Layer 2 encryption.
Make sure to disable 802.1X before using this command.

Examples

The following example shows how to configure the static WEP keys for WLAN ID 1 that uses hexadecimal
character 0201702001 and key index 2:
(Cisco Controller) >config wlan security static-wep-key encryption 1 40 hex 0201702001 2

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1285

config Commands

config wlan security tkip

To configure the Temporal Key Integrity Protocol (TKIP) Message Integrity Check (MIC) countermeasure
hold-down timer, use the config wlan security tkip command.
config wlan security tkip hold-down time wlan_id

Syntax Description

Command Default

Command History

hold-down

Configures the TKIP MIC countermeasure hold-down timer.

time

TKIP MIC countermeasure hold-down time in seconds. The range is from 0

to 60 seconds.

wlan_id

Wireless LAN identifier from 1 to 512.

The default TKIP countermeasure is set to 60 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

TKIP countermeasure mode can occur if the access point receives 2 MIC errors within a 60 second period.
When this situation occurs, the access point deauthenticates all TKIP clients that are associated to that 802.11
radio and holds off any clients for the countermeasure holdoff time.

Examples

The following example shows how to configure the TKIP MIC countermeasure hold-down timer:
(Cisco Controller) >config wlan security tkip

Cisco Wireless LAN Controller Command Reference, Release 8.0

1286

OL-31334-01

config Commands

config wlan security web-auth

To change the status of web authentication used on a wireless LAN, use the config wlan security web-auth
command.
config wlan security web-auth {{acl | enable | disable} {wlan_id | foreignAp} [acl_name | none]} |
{on-macfilter-failure wlan_id} | {server-precedence wlan_id | local | ldap | radius} | {flexacl wlan_id
[ipv4_acl_name | none]} | {ipv6 acl wlan_id [ipv6_acl_name | none]}

Syntax Description

Command Default

acl

Configures the access control list.

enable

Enables web authentication.

disable

flexacl

Specifies the IPv4 ACL name. You can enter up to

32 alphanumeric characters.

ipv4_acl_name

(Optional) IPv4 ACL name. You can enter up to 32

alphanumeric characters.

ipv6_acl_name

(Optional) IPv6 ACL name. You can enter up to 32

alphanumeric characters.

None

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1287

config Commands

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the security policy for WLAN ID 1 and an ACL named
ACL03:
(Cisco Controller) >config wlan security web-auth acl 1 ACL03

Cisco Wireless LAN Controller Command Reference, Release 8.0

1288

OL-31334-01

config Commands

config wlan security web-passthrough acl

To add an access control list (ACL) to the wireless LAN definition, use the config wlan security
web-passthrough acl command.
config wlan security web-passthrough acl {wlan_id | foreignAp} {acl_name | none}

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

acl_name

ACL name (up to 32 alphanumeric characters).

none

Specifies that there is no ACL.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add an ACL to the wireless LAN definition:
(Cisco Controller) >config wlan security web-passthrough acl 1 ACL03

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1289

config Commands

config wlan security web-passthrough disable

To disable a web captive portal with no authentication required on a wireless LAN, use the config wlan
security web-passthrough disable command.
config wlan security web-passthrough disable {wlan_id | foreignAp}

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable a web captive portal with no authentication required on wireless
LAN ID 1:
(Cisco Controller) >config wlan security web-passthrough disable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1290

OL-31334-01

config Commands

config wlan security web-passthrough email-input

To configure a web captive portal using an e-mail address, use the config wlan security web-passthrough
email-input command.
config wlan security web-passthrough email-input {enable | disable} {wlan_id | foreignAp}

Syntax Description

Command Default

Command History

Examples

email-input

Configures a web captive portal using an e-mail address.

enable

Enables a web captive portal using an e-mail address.

disable

Disables a web captive portal using an e-mail address.

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure a web captive portal using an e-mail address:
(Cisco Controller) >config wlan security web-passthrough email-input enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1291

config Commands

config wlan security web-passthrough enable

To enable a web captive portal with no authentication required on the wireless LAN, use the config wlan
security web-passthrough enable command.
config wlan security web-passthrough enable {wlan_id | foreignAp}

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable a web captive portal with no authentication required on wireless
LAN ID 1:
Controllerconfig wlan security web-passthrough enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1292

OL-31334-01

config Commands

config wlan security wpa akm 802.1x

To configure authentication key-management (AKM) using 802.1X, use the config wlan security wpa akm
802.1x command.
config wlan security wpa akm 802.1x {enable | disable} wlan_id

Syntax Description

Command Default

Command History

Examples

enable

Enables the 802.1X support.

disable

Disables the 802.1X support.

wlan_id

Wireless LAN identifier from 1 to 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure authentication using 802.1X.

Controllerconfig wlan security wpa akm 802.1x enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1293

config Commands

config wlan security wpa akm cckm

To configure authentication key-management using Cisco Centralized Key Management (CCKM), use the
config wlan security wpa akm cckm command.
config wlan security wpa akm cckm {enable wlan_id | disable wlan_id | timestamp-tolerance }

Syntax Description

Command Default

Command History

Examples

enable

Enables CCKM support.

disable

Disables CCKM support.

wlan_id

Wireless LAN identifier between 1 and 512.

timestamp-tolerance

CCKM IE time-stamp tolerance. The range is between 1000 to 5000 milliseconds;

the default is 1000 milliseconds.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure authentication key-management using CCKM.
(Cisco Controller) >config wlan security wpa akm cckm 1500

Cisco Wireless LAN Controller Command Reference, Release 8.0

1294

OL-31334-01

config Commands

config wlan security wpa akm ft

Syntax Description

over-the-air

(Optional) Configures 802.11r fast transition roaming over-the-air support.

over-the-ds

(Optional) Configures 802.11r fast transition roaming DS support.

psk

(Optional) Configures 802.11r fast transition PSK support.

reassociation-timeout

(Optional) Configures the reassociation deadline interval.

The valid range is between 1 to 100 seconds. The default value is 20 seconds.

Command Default

Command History

Examples

seconds

Reassociation deadline interval in seconds.

enable

Enables 802.11r fast transition 802.1X support.

disable

Disables 802.11r fast transition 802.1X support.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure authentication key-management using 802.11r fast transition:
(Cisco Controller) >config wlan security wpa akm ft reassociation-timeout 25 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1295

config Commands

config wlan security wpa akm pmf

To configure Authenticated Key Management (AKM) of management frames, use the config wlan security
wpa akm pmf command.
config wlan security wpa akm pmf {802.1x | psk} {enable | disable}wlan_id

Syntax Description

802.1x

Configures 802.1X authentication for protection of management frames

(PMF).

psk

Configures preshared keys (PSK) for PMF.

enable

Enables 802.1X authentication or PSK for PMF.

disable

Disables 802.1X authentication or PSK for PMF.

wlan_id

Wireless LAN identifier from 1 to 512.

Command Default

Disabled.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

802.11w has two new AKM suites: 00-0F-AC:5 or 00-0F-AC:6. You must enable WPA and then disable the
WLAN to configure PMF on the WLAN.

Examples

The following example shows how to enable 802.1X authentication for PMF in a WLAN:
(Cisco Controller) >config wlan security wpa akm pmf 802.1x enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1296

OL-31334-01

config Commands

config wlan security wpa akm psk

To configure the Wi-Fi protected access (WPA) preshared key mode, use the config wlan security wpa akm
psk command.
config wlan security wpa akm psk {enable | disable | set-key key-format key} wlan_id

Syntax Description

Command Default

Command History

Examples

enable

Enables WPA-PSK.

disable

Disables WPA-PSK.

set-key

Configures a preshared key.

key-format

Specifies key format. Either ASCII or hexadecimal.

key

WPA preshared key.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the WPA preshared key mode:
(Cisco Controller) >config wlan security wpa akm psk disable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1297

config Commands

config wlan security wpa disable

To disable WPA1, use the config wlan security wpa disable command.
config wlan security wpa disable wlan_id

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable WPA:

(Cisco Controller) >config wlan security wpa disable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1298

OL-31334-01

config Commands

config wlan security wpa enable

To enable WPA1, use the config wlan security wpa enable command.
config wlan security wpa enable wlan_id

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the WPA on WLAN ID 1:

(Cisco Controller) >config wlan security wpa enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1299

config Commands

config wlan security wpa ciphers

To configure the Wi-Fi protected authentication (WPA1) or Wi-Fi protected authentication (WPA2), use the
config wlan security wpa ciphers command.
config wlan security wpa {wpa1 | wpa2} ciphers {aes | tkip} {enable | disable} wlan_id

Syntax Description

Command Default

Command History

Usage Guidelines

wpa1

Configures WPA1 support.

wpa2

Configures WPA2 support.

ciphers

Configures WPA ciphers.

aes

Configures AES encryption support.

tkip

Configures TKIP encryption support.

enable

Enables WPA AES/TKIP mode.

disable

Disables WPA AES/TKIP mode.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

If you are not specifying the WPA versions, it implies the following:
If the cipher enabled is AES, you are configuring WPA2/AES.
If the ciphers enabled is AES+TKIP, you are configuring WPA/TKIP, WPA2/AES,or WPA/TKIP.
If the cipher enabled is TKIP, you are configuring WPA/TKIP or WPA2/TKIP.
From Release 8.0, you cannot configure TKIP as a standalone encryption method. TKIP can be used only
with the AES encryption method.

Examples

The following example shows how to encrypt the WPA:

(Cisco Controller) >config wlan security wpa wpa1 ciphers aes enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1300

OL-31334-01

config Commands

config wlan security wpa gtk-random

To enable the randomization of group temporal keys (GTK) between access points and clients on a WLAN,
use the config wlan security wpa gtk-random command.
config wlan security wpa gtk-random {enable | disable} wlan_id

Syntax Description

Command Default

Command History

enable

Enables the randomization of GTK keys between the access point and clients.

disable

Disables the randomization of GTK keys between the access point and clients.

wlan_id

WLAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When you enable this command, the clients in the Basic Service Set (BSS) get a unique GTK key. The clients
do not receive multicast or broadcast traffic.

Examples

The following example shows how to enable the GTK randomization for each client associated on a WLAN:
(Cisco Controller) >config wlan security wpa gtk-random enable 3

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1301

config Commands

config wlan security wpa wpa1 disable

To disable WPA1, use the config wlan security wpa wpa1 disable command.
config wlan security wpa wpa1 disable wlan_id

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable WPA1:

(Cisco Controller) >config wlan security wpa wpa1 disable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1302

OL-31334-01

config Commands

config wlan security wpa wpa1 enable

To enable WPA1, use the config wlan security wpa wpa1 enable command.
config wlan security wpa wpa1 enable wlan_id

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable WPA1:

(Cisco Controller) >config wlan security wpa wpa1 enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1303

config Commands

config wlan security wpa wpa2 disable

To disable WPA2, use the config wlan security wpa wpa2 disable command.
config wlan security wpa wpa2 disable wlan_id

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to disable WPA2:

(Cisco Controller) >config wlan security wpa wpa2 disable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1304

OL-31334-01

config Commands

config wlan security wpa wpa2 enable

To enable WPA2, use the config wlan security wpa wpa2 enable command.
config wlan security wpa wpa2 enable wlan_id

Syntax Description

Command Default

Command History

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable WPA2:

(Cisco Controller) >config wlan security wpa wpa2 enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1305

config Commands

config wlan security wpa wpa2 cache

To configure caching methods on a WLAN, use the config wlan security wpa wpa2 cache command.
config wlan security wpa wpa2 cache sticky {enable | disable} wlan_id

Syntax Description

Command Default

Command History

sticky

Configures Sticky Key Caching (SKC) roaming support on the WLAN.

enable

Enables SKC roaming support on the WLAN.

disable

Disables SKC roaming support on the WLAN.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

In SKC (Sticky Key caching) also known as PKC (Pro Active Key caching), the client stores each Pairwise
Master Key (PMK) ID (PMKID) against a Pairwise Master Key Security Association (PMKSA). When a
client finds an AP for which it has a PMKSA, it sends the PMKID in the association request to the AP. If the
PMKSA is alive in the AP, the AP provides support for fast roaming. In SKC, full authentication is done on
each new AP to which the client associates and the client must keep the PMKSA associated with all APs.

Examples

The following example shows how to enable SKC roaming support on a WLAN:
(Cisco Controller) >config wlan security wpa wpa2 cache sticky enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1306

OL-31334-01

config Commands

config wlan security wpa wpa2 cache sticky

To configure Sticky PMKID Caching (SKC) on a WLAN, use the config wlan security wpa wpa2 cache
sticky command.
config wlan security wpa wpa2 cache sticky {enable |disable} wlan_id

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables SKC on a WLAN.

disable

Disables SKC on a WLAN.

wlan_id

Wireless LAN identifier between 1 and 512 (inclusive).

Stkcky PMKID Caching is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Beginning in Release 7.2 and later releases, the controller supports Sticky PMKID Caching (SKC). With
sticky PMKID caching, the client receives and stores a different PMKID for every AP it associates with. The
APs also maintain a database of the PMKID issued to the client. In SKC also known as PKC (Pro Active Key
caching), the client stores each Pairwise Master Key (PMK) ID (PMKID) against a Pairwise Master Key
Security Association (PMKSA). When a client finds an AP for which it has the PMKSA, it sends the PMKID
in the association request to the AP. If the PMKSA is alive in the AP, the AP provides support for fast roaming.
In SKC, full authentication is done on each new AP to which the client associates and the client must keep
the PMKSA associated with all APs. For SKC, PMKSA is a per AP cache that the client stores and PMKSA
is precalculated based on the BSSID of the new AP.
You cannot use SKC for large scale deployments as the controller supports SKC only up to eight APs.
SKC does not work across controllers in a mobility group.
SKC works only on WPA2-enabled WLANs.
SKC works only on local mode APs.

Examples

The following example shows how to enable Sticky PMKID Caching on WLAN 5:
(Cisco Controller) >config wlan security wpa wpa2 cache sticky enable 5

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1307

config Commands

config wlan security wpa wpa2 ciphers

To configure WPA2 ciphers and enable or disable Advanced Encryption Standard (AES) or Temporal Key
Integrity Protocol (TKIP) data encryption for WPA2, use the config wlan security wpa wpa2 ciphers
command
config wlan security wpa wpa2 ciphers {aes | tkip} {enable | disable} wlan_id

Syntax Description

Command Default

Command History

Examples

(Cisco Controller) > aes

Configures AES data encryption for WPA2.

tkip

Configures TKIP data encryption for WPA2.

enable

Enables AES or TKIP data encryption for WPA2.

disable

Disables AES or TKIP data encryption for WPA2.

wlan_id

Wireless LAN identifier between 1 and 512.

AES is enabled by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable AES data encryption for WPA2:
(Cisco Controller) >config wlan security wpa wpa2 ciphers aes enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1308

OL-31334-01

config Commands

config wlan sip-cac disassoc-client

To enable client disassociation in case of session initiation protocol (SIP) call admission control (CAC) failure,
use the config wlan sip-cac disassoc-client command.
config wlan sip-cac disassoc-client {enable | disable} wlan_id

Syntax Description

Command Default

Command History

Examples

enable

Enables a client disassociation on a SIP CAC failure.

disable

Disables a client disassociation on a SIP CAC failure.

wlan_id

Wireless LAN identifier between 1 and 512.

Client disassociation for SIP CAC is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable a client disassociation on a SIP CAC failure where the WLAN
ID is 1:
(Cisco Controller) >config wlan sip-cac disassoc-client enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1309

config Commands

config wlan sip-cac send-486busy

To configure sending session initiation protocol (SIP) 486 busy message if a SIP call admission control (CAC)
failure occurs, use the config wlan sip-cac send-486busy command:
config wlan sip-cac send-486busy {enable | disable} wlan_id

Syntax Description

Command Default

Command History

Examples

enable

Enables sending a SIP 486 busy message upon a SIP CAC failure.

disable

Disables sending a SIP 486 busy message upon a SIP CAC failure.

wlan_id

Wireless LAN identifier between 1 and 512.

Session initiation protocol is enabled by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable sending a SIP 486 busy message upon a SIP CAC failure where
the WLAN ID is 1:
(Cisco Controller) >config wlan sip-cac send-busy486 enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1310

OL-31334-01

config Commands

config wlan ssid

To edit an SSID associated to a WLAN, use the config wlan ssid command.
config wlan ssid wlan_id ssid

Syntax Description

Command Default

Command History

Examples

wlan_id

WLAN identifier from 1 to 512.

ssid

Service Set Identifier (SSID) associated to a WLAN.

None

Release

Modification

8.0

This command was introduced.

The following example shows how to edit an SSID associated to a WLAN:

(Cisco
(Cisco
(Cisco
Number

Controller) >config wlan disable 1

Controller) >config wlan ssid 1 new_samp
Controller) >show wlan summary
of WLANs.................................. 1

WLAN ID
------1

WLAN Profile Name / SSID

------------------------sample / new_samp

Status
Interface Name
------- ---------------Disabled
management

PMIPv6 Mobility
--------------none

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1311

config Commands

config wlan static-ip tunneling

To configure static IP client tunneling support on a WLAN, use the config wlan static-ip tunneling command.
config wlan static-ip tunneling {enable | disable} wlan_id

Syntax Description

Command Default

Command History

Examples

tunneling

Configures static IP client tunneling support on a WLAN.

enable

Enables static IP client tunneling support on a WLAN.

disable

Disables static IP client tunneling support on a WLAN.

wlan_id

Wireless LAN identifier from 1 to 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable static IP client tunneling support for WLAN ID 3:
(Cisco Controller) >config wlan static-ip tunneling enable 34

Cisco Wireless LAN Controller Command Reference, Release 8.0

1312

OL-31334-01

config Commands

config wlan session-timeout

To change the timeout of wireless LAN clients, use the config wlan session-timeout command.
config wlan session-timeout {wlan_id | foreignAp} seconds

Syntax Description

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

seconds

Timeout or session duration in seconds. A value of zero is equivalent to no timeout.

Note

The range of session timeout depends on the security

Command Default

Command History

Examples

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the client timeout to 6000 seconds for WLAN ID 1:
(Cisco Controller) >config wlan session-timeout 1 6000

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1313

config Commands

config wlan uapsd compliant client enable

To enable WPA1, use the config wlan uapsd compliant-client enable command.

Note

This was introduced for Ascom non-wmm capable phones and is not applicable for Cisco 792x/9971 IP
phones.

config wlan uapsd compliant-client enablewlan-id

Syntax Description

Command Default

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

None
Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable WPA1:

(Cisco Controller) >config wlan uapsd compliant-client enable 1

Property Type

Property Value

Property Description

Cisco Wireless LAN Controller Command Reference, Release 8.0

1314

OL-31334-01

config Commands

config wlan uapsd compliant-client disable

To disable WPA1, use the config wlan uapsd compliant-client disable command.

Note

This was introduced for Ascom non-wmm capable phones and is not applicable for Cisco 792x/9971 IP
phones.

config wlan uapsd compliant-client disablewlan-id

Syntax Description

Command Default

Examples

wlan_id

Wireless LAN identifier between 1 and 512.

None
Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable WPA1:

(Cisco Controller) >config wlan uapsd compliant-client disable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1315

config Commands

config wlan user-idle-threshold

To configure the threshold data sent by the client during the idle timeout for client sessions for a WLAN, use
the config wlan user-idle-threshold command.
config wlan user-idle-threshold bytes wlan_id

Syntax Description

Command Default

Command History

Examples

bytes

Threshold data sent by the client during the idle timeout for the client session for a
WLAN. If the client send traffic less than the defined threshold, the client is removed
on timeout. The range is from 0 to 10000000 bytes.

wlan_id

Wireless LAN identifier between 1 and 512.

The default timeout for threshold data sent by client during the idle timeout is 0 bytes.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the threshold data sent by the client during the idle timeout
for client sessions for a WLAN:
(Cisco Controller) >config wlan user-idle-threshold 100 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1316

OL-31334-01

config Commands

config wlan usertimeout

To configure the timeout for idle client sessions for a WLAN, use the config wlan usertimeout command.
config wlan usertimeout timeout wlan_id

Syntax Description

Command Default

Command History

timeout

Timeout for idle client sessions for a WLAN. If the client sends traffic less than
the threshold, the client is removed on timeout. The range is from 15 to 100000
seconds.

wlan_id

Wireless LAN identifier between 1 and 512.

The default client session idle timeout is 300 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The timeout value that you configure here overrides the global timeout that you define using the command
config network usertimeout.

Examples

The following example shows how to configure the idle client sessions for a WLAN:
(Cisco Controller) >config wlan usertimeout 100 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1317

config Commands

config wlan webauth-exclude

To release the guest user IP address when the web authentication policy time expires and exclude the guest
user from acquiring an IP address for three minutes, use the config wlan webauth-exclude command.
config wlan webauth-exclude wlan_id {enable | disable}

Syntax Description

wlan_id

Wireless LAN identifier (1 to 512).

enable

Enables web authentication exclusion.

disable

Disables web authentication exclusion.

Command Default

Disabled.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You can use this command for guest WLANs that are configured with web authentication.
This command is applicable when you configure the internal DHCP scope on the controller.
By default, when the web authentication timer expires for a guest user, the guest user can immediately
reassociate with the same IP address before another guest user can acquire the IP address. If there are many
guest users or limited IP address in the DHCP pool, some guest users might not be able to acquire an IP
address.
When you enable this feature on the guest WLAN, the guest users IP address is released when the web
authentication policy time expires and the guest user is excluded from acquiring an IP address for three minutes.
The IP address is available for another guest user to use. After three minutes, the excluded guest user can
reassociate and acquire an IP address, if available.

Examples

The following example shows how to enable the web authentication exclusion for WLAN ID 5:
(Cisco Controller) >config wlan webauth-exclude 5 enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1318

OL-31334-01

clear Commands

config wlan wmm

To configure Wi-Fi Multimedia (WMM) mode on a wireless LAN, use the config wlan wmm command.
config wlan wmm {allow | disable | require} wlan_id

Syntax Description

Command Default

Command History

allow

Allows WMM on the wireless LAN.

disable

Disables WMM on the wireless LAN.

require

Specifies that clients use WMM on the specified wireless LAN.

wlan_id

Wireless LAN identifier (1 to 512).

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When the controller is in Layer 2 mode and WMM is enabled, you must put the access points on a trunk port
in order to allow them to join the controller.

Examples

The following example shows how to configure wireless LAN ID 1 to allow WMM:
(Cisco Controller) >config wlan wmm allow 1

The following example shows how to configure wireless LAN ID 1 to specify that clients use WMM:
(Cisco Controller) >config wlan wmm require 1

clear Commands
This section lists the clear commands to clear existing configurations, log files, and other functions for WLANs
.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1319

debug Commands

clear ipv6 neighbor-binding

To clear the IPv6 neighbor binding table entries or counters, use the clear ipv6 neighbor-binding command.
clear ipv6 neighbor-binding {table {mac mac_address | vlan vlan_id | port port | ipv6 ipv6-address | all}
| counters}

Syntax Description

Command Default

Command History

Examples

table

Clears the IPv6 neighbor binding table.

mac

Clears the neighbor binding table entries for a MAC address.

mac_address

MAC address of the client.

vlan

Clears the neighbor binding table entries for a VLAN.

vlan_id

VLAN identifier.

port

Clears the neighbor binding table entries for a port.

port

Port number.

ipv6

Clears the neighbor binding table entries for an IPv6 address.

ipv6_address

IPv6 address of the client.

all

Clears the entire neighbor binding table.

counters

Clears IPv6 neighbor binding counters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to clear the IPv6 neighbor binding table entries for a VLAN:
(Cisco Controller) >clear ipv6 neighbor-binding table vlan 1

debug Commands
This section lists the debug commands to manage debugging of WLANs managed by the controller.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1320

OL-31334-01

debug Commands

Caution

Debug commands are reserved for use only under the direction of Cisco personnel. Do not use these
commands without direction from Cisco-certified staff.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1321

debug Commands

debug 11w-pmf
To configure the debugging of 802.11w, use the debug 11w-pmf command.
debug 11w-pmf {all | events| keys} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures the debugging of all 802.11w messages.

keys

Configures the debugging of 802.11w keys.

events

Configures the debugging of 802.11w events.

enable

Enables the debugging of 802.1w options.

disable

Disables the debugging of 802.1w options.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of 802.11w keys:
(Cisco Controller) >debug 11w-pmf keys enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1322

OL-31334-01

debug Commands

debug call-control
To configure the debugging of the SIP call control settings, use the debug call-control command.
debug call-control {all | event} {enable | disable}

Syntax Description

all

Configures the debugging options for all SIP call control messages.

event

Configures the debugging options for SIP call control events.

enable

Enables the debugging of SIP call control messages or events.

disable

Disables the debugging of SIP call control messages or events.

Command Default

Disabled.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable the debugging of all SIP call control messages:
(Cisco Controller) >debug call-control all enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1323

debug Commands

debug ccxdiag
To configure debugging of Cisco Compatible Extensions (CCX) diagnostic options, use the debug ccxdiag
command.
debug ccxdiag {all | error | event | packet} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures debugging of all the CCX S69 messages.

error

Configures debugging of the CCX S69 errors.

event

Configures debugging of the CCX S69 events.

packet

Configures debugging of the CCX S69 packets.

enable

Enables debugging of the CCX S69 options.

disable

Disables debugging of the CCX S69 options.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable CCX S69 packets debugging:
(Cisco Controller) >debug ccxdiag packets enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1324

OL-31334-01

debug Commands

debug ccxrm
To configure debugging of the CCX Cisco Client eXtension (CCX) Radio Management (RM), use the debug
ccxrm command.
debug ccxrm {all | detail | error | location-calibration | message | packet | warning} {enable| disable}

Syntax Description

Command Default

Command History

Examples

all

Configures debugging of all CCX RM messages.

detail

Configures detailed debugging of CCX RM.

error

Configures debugging of the CCX RM errors.

location-calibration

Configures debugging of the CCX RM location calibration.

message

Configures debugging of CCX RM messages.

packet

Configures debugging of the CCX RM packets.

warning

Configures debugging of the CCX RM warnings.

enable

Enables debugging of the CCX RM options.

disable

Disables debugging of the CCX RM options.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable CCX RM debugging:

(Cisco Controller) >

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1325

debug Commands

debug ccxs69
To configure debugging of CCX S69 tasks, use the debug ccxs69 command.
debug ccxs69 {all | error | event} {enable| disable}

Syntax Description

Command Default

Command History

Examples

all

Configures debugging of all the CCX S69 messages.

error

Configures debugging of the CCX S69 errors.

event

Configures debugging of the CCX S69 events.

enable

Enables debugging of the CCX S69 options.

disable

Disables debugging of the CCX S69 options.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable CCX S69 debugging:

(Cisco Controller) >debug ccxs69 all enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1326

OL-31334-01

debug Commands

debug client
To configure the debugging of a passive client that is associated correctly with the access point, use the debug
client command.
debug client mac_address

Syntax Description

mac_address

MAC address of the client.

Command Default

None

Examples

The following example shows how to debug a passive client with MAC address 00:0d:28:f4:c0:45:
(Cisco Controller) >debug client 00:0d:28:f4:c0:45

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1327

debug Commands

debug dhcp
To configure the debugging of DHCP, use the debug dhcp command.
debug dhcp {message | packet} {enable | disable}

Syntax Description

message

Configures the debugging of DHCP error messages.

packet

Configures the debugging of DHCP packets.

enable

Enables the debugging DHCP messages or packets.

disable

Disables the debugging of DHCP messages or packets.

Command Default

None

Examples

The following example shows how to enable the debugging of DHCP messages:
(Cisco Controller) >debug dhcp message enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1328

OL-31334-01

debug Commands

debug dhcp service-port

To enable or disable debugging of the Dynamic Host Configuration Protocol (DHCP) packets on the service
port, use the debug dhcp service-port command.
debug dhcp service-port {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the debugging of DHCP packets on the service port.

disable

Disables the debugging of DHCP packets on the service port.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of DHCP packets on a service port:
(Cisco Controller) >debug dhcp service-port enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1329

debug Commands

debug ft
To configure debugging of 802.11r, use the debug ft command.
debug ft {events | keys} {enable | disable}

Syntax Description

Command Default

Command History

Examples

events

Configures debugging of the 802.11r events.

keys

Configures debugging of the 802.11r keys.

enable

Enables debugging of the 802.11r options.

disable

Disables debugging of the 802.11r options.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable 802.11r debugging:

(Cisco Controller) >debug ft events enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1330

OL-31334-01

debug Commands

debug hotspot
To configure debugging of HotSpot events or packets, use the debug hotspot command.
debug hotspot {events | packets} {enable | disable} {enable | disable}

Syntax Description

Command Default

Command History

Examples

events

Configures debugging of HotSpot events.

packets

Configures debugging of HotSpot packets.

enable

Enables the debugging of HotSpot options.

disable

Disables the debugging of HotSpot options.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable debugging of HotSpot events:

(Cisco Controller) >debug hotspot events enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1331

debug Commands

debug ipv6
To configure debugging of IPv6 options, use the debug ipv6 command.
debug ipv6 {all | bt | classifier | errors | events | filter | fsm | gleaner | hwapi | memory | ndsuppress |
parser | policy | ra_throttler | switcher} {enable | disable}

Syntax Description

Command Default

all

Configures debugging of all the IPv6 information.

Configures debugging of the IPv6 neighbor binding table.

classifier

Configures debugging of the IPv6 packet classifiers.

errors

Configures debugging of the IPv6 errors.

events

Configures debugging of the IPv6 events.

filter

Configures filters for the IPv6 debugs.

fsm

Configures debugging of the IPv6 finite state machine (FSM).

gleaner

Configures debugging of the IPv6 gleaner. Learning of entries is called

gleaning.

hwapi

Configures debugging of the IPv6 hardware APIs.

memory

Configures debugging of the IPv6 binding table memory usage.

ndsuppress

Configures debugging of the suppressed IPv6 neighbor discoveries.

parser

Configures debugging of the IPv6 parser.

policy

Configures debugging of the IPv6 policies.

ra_throttler

Configures debugging of the IPv6 router advertising throttler.

switcher

Configures debugging of the IPv6 switcher.

enable

Enables debugging of the IPv6 options.

disable

Disables debugging of the IPv6 options.

None

Cisco Wireless LAN Controller Command Reference, Release 8.0

1332

OL-31334-01

debug Commands

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the debugging of IPv6 policies:
(Cisco Controller) >debug ipv6 policy enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1333

debug Commands

debug profiling
To configure the debugging of client profiling, use the debug profiling command.
debug profiling {enable | disable}

Syntax Description

enable

Enables the debugging of client profiling (HTTP and DHCP profiling).

disable

Disables the debugging of client profiling (HTTP and DHCP profiling).

Command Default

Disabled.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable the debugging of client profiling:
(Cisco Controller) >debug profiling enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1334

OL-31334-01

test Commands

debug wcp
To configure the debugging of WLAN Control Protocol (WCP), use the debug wcp command.
debug wcp {events | packet} {enable | disable}

Syntax Description

Command Default

Command History

Examples

events

Configures the debugging of WCP events.

packet

Configures the debugging of WCP packets.

enable

Enables the debugging of WCP settings.

disable

Disables the debugging of WCP settings.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of WCP settings:
(Cisco Controller) >debug wcp packet enable

test Commands
This section lists the test commands for WLANs.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1335

test Commands

test pmk-cache delete

To delete an entry in the Pairwise Master Key (PMK) cache from all Cisco wireless LAN controllers in the
mobility group, use the test pmk-cache delete command.
test pmk-cache delete [all | mac_address] {local | global}

Syntax Description

Command Default

Command History

Examples

all

Deletes PMK cache entries from all Cisco wireless LAN controllers.

mac_address

MAC address of the Cisco wireless LAN controller from which PMK cache
entries have to be deleted.

local

Deletes PMK cache entries only on this WLC (default)

global

Deletes PMK cache entries, for clients currently connected to this WLC, across
the mobility group

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to delete all entries in the PMK cache:
(Cisco Controller) >test pmk-cache delete all

Cisco Wireless LAN Controller Command Reference, Release 8.0

1336

OL-31334-01

PART

Lightweight Access Point Commands

CLI Commands, page 1339

CLI Commands
The Cisco Wireless LAN solution command-line interface (CLI) enables operators to connect an ASCII
console to the Cisco Wireless LAN Controller and configure the controller and its associated access points.
show Commands, page 1339
capwap ap Commands, page 1410
config Commands, page 1422
clear Commands, page 1556
debug Commands, page 1561
transfer upload peer-start, page 1575
Resetting the System Reboot Time, page 1575
test Commands, page 1580

show Commands
This section lists the show commands to display information about your configuration settings for access
points.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1339

show Commands

show advanced backup-controller

To display a list of primary and secondary backup WLCs, use the show advanced backup-controller
command.
show advanced backup-controller

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the backup controller information:
> show advanced backup-controller
AP primary Backup Controller ....................
AP secondary Backup Controller ..................

controller 10.10.10.10
0.0.0.0

Cisco Wireless LAN Controller Command Reference, Release 8.0

1340

OL-31334-01

show Commands

show advanced max-1x-sessions

To display the maximum number of simultaneous 802.1X sessions allowed per access point, use the show
advanced max-1x-sessions command.
show advanced max-1x-sessions

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the maximum 802.1X sessions per access point:
> show advanced max-1x-sessions
Max 802.1x session per AP at a given time........ 0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1341

show Commands

show advanced probe

To display the number of probes sent to the Cisco WLC per access point per client and the probe interval in
milliseconds, use the show advanced probe command.

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the probe settings for the WLAN controller:
> show advanced probe
Probe request filtering.......................... Enabled
Probes fwd to controller per client per radio.... 12
Probe request rate-limiting interval............. 100 msec

Cisco Wireless LAN Controller Command Reference, Release 8.0

1342

OL-31334-01

show Commands

show advanced rate

To display whether control path rate limiting is enabled or disabled, use the show advanced rate command.
show advanced rate

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the switch control path rate limiting mode:
> show advanced rate
Control Path Rate Limiting.......................

Disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1343

show Commands

show advanced timers

To display the mobility anchor, authentication response, and rogue access point entry timers, use the show
advanced timers command.
show advanced timers

Syntax Description

This command has no arguments or keywords.

Command Default

The defaults are shown in the Examples section.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the system timers setting:
> show advanced timers
Authentication Response Timeout (seconds)........ 10
Rogue Entry Timeout (seconds).................... 1200
AP Heart Beat Timeout (seconds).................. 30
AP Discovery Timeout (seconds)................... 10
AP Local mode Fast Heartbeat (seconds)........... disable
AP flexconnect mode Fast Heartbeat (seconds)........... disable
AP Primary Discovery Timeout (seconds)........... 120

Cisco Wireless LAN Controller Command Reference, Release 8.0

1344

OL-31334-01

show Commands

show ap auto-rf
To display the auto-RF settings for a Cisco lightweight access point, use the show ap auto-rf command.
show ap auto-rf 802.11{a | b} cisco_ap

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display auto-RF information for an access point:
(Cisco Controller) > show ap auto-rf 802.11a AP1

Number Of Slots..................................
AP Name..........................................
MAC Address......................................
Radio Type.....................................
Noise Information
Noise Profile................................
Channel 36...................................
Channel 40...................................
Channel 44...................................
Channel 48...................................
Channel 52...................................
Channel 56...................................
Channel 60...................................
Channel 64...................................
Interference Information
Interference Profile.........................
Channel 36...................................
Channel 40...................................
Channel 44...................................
Channel 48...................................
Channel 52...................................
Channel 56...................................
Channel 60...................................
Channel 64...................................
Rogue Histogram (20/40_ABOVE/40_BELOW)
Channel 36...................................
Channel 40...................................

2
AP03
00:0b:85:01:18:b7
RADIO_TYPE_80211a
PASSED
-88 dBm
-86 dBm
-87 dBm
-85 dBm
-84 dBm
-83 dBm
-84 dBm
-85 dBm
PASSED
-66 dBm
-128 dBm
-128 dBm
-128 dBm
-128 dBm
-73 dBm
-55 dBm
-69 dBm

@
@
@
@
@
@
@
@

1%
0%
0%
0%
0%
1%
1%
1%

busy
busy
busy
busy
busy
busy
busy
busy

16/ 0/ 0
28/ 0/ 0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1345

show Commands

Channel 44...................................
Channel 48...................................
Channel 52...................................
Channel 56...................................
Channel 60...................................
Channel 64...................................
Load Information
Load Profile.................................
Receive Utilization..........................
Transmit Utilization.........................
Channel Utilization..........................
Attached Clients.............................
Coverage Information
Coverage Profile.............................
Failed Clients...............................
Client Signal Strengths
RSSI -100 dBm................................
RSSI -92 dBm................................
RSSI -84 dBm................................
RSSI -76 dBm................................
RSSI -68 dBm................................
RSSI -60 dBm................................
RSSI -52 dBm................................
Client Signal To Noise Ratios
SNR
0 dBm.................................
SNR
5 dBm.................................
SNR
10 dBm.................................
SNR
15 dBm.................................
SNR
20 dBm.................................
SNR
25 dBm.................................
SNR
30 dBm.................................
SNR
35 dBm.................................
SNR
40 dBm.................................
SNR
45 dBm.................................
Nearby RADs
RAD 00:0b:85:01:05:08 slot 0.................
RAD 00:0b:85:01:12:65 slot 0.................
Channel Assignment Information
Current Channel Average Energy...............
Previous Channel Average Energy..............
Channel Change Count.........................
Last Channel Change Time.....................
2004
Recommended Best Channel.....................
RF Parameter Recommendations
Power Level..................................
RTS/CTS Threshold............................
Fragmentation Threshold......................
Antenna Pattern..............................

9/
9/
3/
4/
7/
2/

0/
0/
0/
0/
1/
0/

0
0
0
0
0
0

PASSED
0%
0%
1%
1 clients
PASSED
0 clients
0
0
0
0
0
0
0

clients
clients
clients
clients
clients
clients
clients

0
0
0
0
0
0
0
0
0
0

clients
clients
clients
clients
clients
clients
clients
clients
clients
clients

-46 dBm on 10.1.30.170

-24 dBm on 10.1.30.170
-86 dBm
-75 dBm
109
Wed Sep 29 12:53e:34
44
1
2347
2346
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

1346

OL-31334-01

show Commands

show ap ccx rm
To display an access points Cisco Client eXtensions (CCX) radio management status information, use the
show ap ccx rm command.
show ap ccx rm ap_name status

Syntax Description

Command Default

Command History

Examples

ap_name

Specified access point name.

status

Displays the CCX radio management status information for an access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the status of the CCX radio management:
> show ap ccx rm AP1240-21ac status
A Radio
Channel Load Request .....................
Noise Histogram Request ..................
Beacon Request ...........................
Frame Request ............................
Interval .................................
Iteration ................................
G Radio
Channel Load Request .....................
Noise Histogram Request ..................
Beacon Request ...........................
Frame Request ............................
Interval .................................
Iteration ................................

Disabled
Disabled
Disabled
Disabled
60
10
Disabled
Disabled
Disabled
Disabled
60
10

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1347

show Commands

show ap cdp
To display the Cisco Discovery Protocol (CDP) information for an access point, use the show ap cdp command.
show ap cdp {all | ap-name cisco_ap | neighbors {all | ap-name cisco_ap | detail cisco_ap}}

Syntax Description

Command Default

Command History

Examples

all

Displays the CDP status on all access points.

ap-name

Displays the CDP status for a specified access point.

cisco_ap

Specified access point name.

neighbors

Displays neighbors using CDP.

detail

Displays details about a specific access point neighbor using CDP.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the CDP status of all access points:
> show ap cdp all
AP CDP State
AP Name
-----------------SB_RAP1
SB_MAP1
SB_MAP2
SB_MAP3

AP CDP State
---------enable
enable
enable
enable

The following example shows how to display the CDP status of a specified access point:
> show ap cdp ap-name SB_RAP1
AP CDP State
AP Name
AP CDP State
------------------ ---------AP CDP State.......................Enabled
AP Interface-Based CDP state
Ethernet 0.....................Enabled
Slot 0.........................Enabled
Slot 1.........................Enabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

1348

OL-31334-01

show Commands

The following example shows how to display details about all neighbors using CDP:
> show ap cdp neighbor all
AP Name
AP IP
----------------------SB_RAP1
192.168.102.154
SB_RAP1
192.168.102.154
SB_MAP1
192.168.102.137
SB_MAP1
192.168.102.137
SB_MAP2
192.168.102.138
SB_MAP2
192.168.102.138
SB_MAP3
192.168.102.139

Neighbor Name
-----------------sjc14-41a-sw1
SB_MAP1
SB_RAP1
SB_MAP2
SB_MAP1
SB_MAP3
SB_MAP2

Neighbor IP
Neighbor Port
-------------- ------------192.168.102.2
GigabitEthernet1/0/13
192.168.102.137 Virtual-Dot11Radio0
192.168.102.154 Virtual-Dot11Radio0
192.168.102.138 Virtual-Dot11Radio0
192.168.102.137 Virtual-Dot11Radio1
192.168.102.139 Virtual-Dot11Radio0
192.168.102.138 Virtual-Dot11Radio1

The following example shows how to display details about a specific neighbor with a specified access point
using CDP:
> show ap cdp neighbors ap-name SB_MAP2
AP Name
AP IP
Neighbor Name
----------- --------------- --------------SB_MAP2
192.168.102.138 SB_MAP1
SB_MAP2
192.168.102.138 SB_MAP3

Neighbor IP
Neighbor Port
-------------- ------------192.168.102.137 Virtual-Dot11Radio1
192.168.102.139 Virtual-Dot11Radio0

The following example shows how to display details about neighbors using CDP:
> show ap cdp neighbors detail SB_MAP2
AP Name:SB_MAP2
AP IP address:192.168.102.138
------------------------Device ID: SB_MAP1
Entry address(es): 192.168.102.137
Platform: cisco AIR-LAP1522AG-A-K9 , Cap
Interface: Virtual-Dot11Radio0, Port ID (outgoing port): Virtual-Dot11Radio1
Holdtime : 180 sec
Version :
Cisco IOS Software, C1520 Software (C1520-K9W8-M), Experimental Version 12.4(200
81114:084420) [BLD-v124_18a_ja_throttle.20081114 208] Copyright (c) 1986-2008 by
Cisco Systems, Inc. Compiled Fri 14-Nov-08 23:08 by
advertisement version: 2
------------------------Device ID: SB_MAP3
Entry address(es): 192.168.102.139
Platform: cisco AIR-LAP1522AG-A-K9 , Capabilities: Trans-Bridge
Interface: Virtual-Dot11Radio1, Port ID (outgoing port): Virtual-Dot11Radio0
Holdtime : 180 sec
Version :
Cisco IOS Software, C1520 Software (C1520-K9W8-M), Experimental Version 12.4(200
81114:084420) [BLD-v124_18a_ja_throttle.20081114 208] Copyright (c) 1986-2008 by
Cisco Systems, Inc. Compiled Fri 14-Nov-08 23:08 by
advertisement version: 2

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1349

show Commands

show ap channel
To display the available channels for a specific mesh access point, use the show ap channel command.
show ap channel ap_name

Syntax Description

Command Default

Command History

Examples

ap_name

Name of the mesh access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the available channels for a particular access point:
> show ap channel AP47
802.11b/g Current Channel ...........1
Allowed Channel List.....................1,2,3,4,5,6,7,8,9,10,11
802.11a Current Channel .................161
Allowed Channel List.....................36,40,44,48,52,56,60,64,100,
.........................................104,108,112,116,132,136,140,
.........................................149,153,157,161

Cisco Wireless LAN Controller Command Reference, Release 8.0

1350

OL-31334-01

show Commands

show ap config
To display the detailed configuration for a lightweight access point, use the show ap config command.
show ap config 802.11{a | b} [summary] cisco_ap

Syntax Description

Command Default

Command History

Examples

802.11a

Specifies the 802.11a or 802.11b/g network.

802.11b

Specifies the 802.11b/g network.

summary

(Optional) Displays radio summary of all APs

cisco_ap

Lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the detailed configuration for an access point:
> show ap config 802.11a AP02
Cisco AP Identifier.............................. 0
Cisco AP Name.................................... AP02
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A
802.11a:-A
AP Regulatory Domain............................. Unconfigured
Switch Port Number .............................. 1
MAC Address...................................... 00:0b:85:18:b6:50
IP Address Configuration......................... DHCP
IP Address....................................... 1.100.49.240
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 1.100.49.1
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ default-location
Cisco AP Group Name.............................. default-group
Primary Cisco Switch............................. Cisco_32:ab:63
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch...........................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch............................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ........................................... Sniffer
Public Safety ..................................... Global: Disabled, Local: Disabled
AP SubMode ...................................... Not Configured

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1351

show Commands

Remote AP Debug .................................

Logging trap severity level .....................
Logging syslog facility .........................
S/W Version ....................................
Boot Version ...................................
Mini IOS Version ................................
Stats Reporting Period ..........................
Stats Re--More-- or (q)uit
LED State........................................
PoE Pre-Standard Switch..........................
PoE Power Injector MAC Addr......................
Power Type/Mode..................................
Number Of Slots..................................
AP Model.........................................
AP Image.........................................
IOS Version......................................
Reset Button.....................................
AP Serial Number.................................
AP Certificate Type..............................
AP User Mode.....................................
AP User Name.....................................
AP Dot1x User Mode...............................
AP Dot1x User Name...............................
Cisco AP system logging host.....................
AP Up Time.......................................
AP LWAPP Up Time.................................
Join Date and Time...............................
Join Taken Time..................................
Attributes for Slot 1
Radio Type...................................
Radio Subband................................
Administrative State ........................
Operation State .............................
Radio Role ..................................
CellId ......................................
Station Configuration
Configuration .............................
Number Of WLANs ...........................
Medium Occupancy Limit ....................
CFP Period ................................
CFP MaxDuration ...........................
BSSID .....................................
Operation Rate Set
6000 Kilo Bits...........................
9000 Kilo Bits...........................
12000 Kilo Bits..........................
18000 Kilo Bits..........................
24000 Kilo Bits..........................
36000 Kilo Bits..........................
48000 Kilo Bits..........................
54000 Kilo Bits..........................
MCS Set
MCS 0....................................
MCS 1....................................
MCS 2....................................
MCS 3....................................
MCS 4....................................
MCS 5....................................
MCS 6....................................
MCS 7....................................
MCS 8....................................
MCS 9....................................
MCS 10...................................
MCS 11...................................
MCS 12...................................
MCS 13...................................
MCS 14...................................
MCS 15...................................
Beacon Period .............................
Fragmentation Threshold ...................
Multi Domain Capability Implemented .......
Multi Domain Capability Enabled ...........
Country String ............................

Disabled
informational
kern
7.0.110.6
12.4.18.0
3.0.51.0
180
Enabled
Enabled
Disabled
Power injector / Normal mode
2
AIR-LAP1142N-A-K9
C1140-K9W8-M
12.4(20100502:031212)
Enabled
FTX1305S180
Manufacture Installed
AUTOMATIC
Not Configured
Not Configured
Not Configured
255.255.255.255
47 days, 23 h 47 m 47 s
47 days, 23 h 10 m 37 s
Tue May 4 16:05:00 2010
0 days, 00 h 01 m 37 s
RADIO_TYPE_80211n-5
RADIO_SUBBAND_ALL
ADMIN_ENABLED
UP
ACCESS
0
AUTOMATIC
2
100
4
60
00:24:97:88:99:60
MANDATORY
SUPPORTED
MANDATORY
SUPPORTED
MANDATORY
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
100
2346
TRUE
TRUE
US

Cisco Wireless LAN Controller Command Reference, Release 8.0

1352

OL-31334-01

show Commands

Multi Domain Capability

Configuration .............................
First Chan Num ............................
Number Of Channels ........................
MAC Operation Parameters
Configuration .............................
Fragmentation Threshold ...................
Packet Retry Limit ........................
Tx Power
Num Of Supported Power Levels .............
Tx Power Level 1 ..........................
Tx Power Level 2 ..........................
Tx Power Level 3 ..........................
Tx Power Level 4 ..........................
Tx Power Level 5 ..........................
Tx Power Level 6 ..........................
Tx Power Configuration ....................
Current Tx Power Level ....................
Phy OFDM parameters
Configuration .............................
Current Channel ...........................
Extension Channel .........................
Channel Width..............................
Allowed Channel List.......................
.........................................
.........................................
TI Threshold ..............................
Legacy Tx Beamforming Configuration .......
Legacy Tx Beamforming .....................
Antenna Type...............................
Internal Antenna Gain (in .5 dBi units)....
Diversity..................................
802.11n Antennas
Tx
A.......................................
B.......................................
Rx
A.......................................
B.......................................
C.......................................
Performance Profile Parameters
Configuration .............................
Interference threshold.....................
Noise threshold............................
RF utilization threshold...................
Data-rate threshold........................
Client threshold...........................
Coverage SNR threshold.....................
Coverage exception level...................
Client minimum exception level.............
Rogue Containment Information
Containment Count............................
CleanAir Management Information
CleanAir Capable.........................
Radio Extended Configurations:
Buffer size .30
Data-rate..0
Beacon strt ..90 ms
Rx-Sensitivity SOP threshold .. -80
CCA threshold . -60 dB

AUTOMATIC
36
21
AUTOMATIC
2346
64
6
14 dBm
11 dBm
8 dBm
5 dBm
2 dBm
-1 dBm
AUTOMATIC
0
AUTOMATIC
36
NONE
20 Mhz
36,40,44,48,52,56,60,64,100,
104,108,112,116,132,136,140,
149,153,157,161,165
-50
AUTOMATIC
DISABLED
INTERNAL_ANTENNA
6
DIVERSITY_ENABLED
ENABLED
ENABLED
ENABLED
ENABLED
ENABLED
AUTOMATIC
10 %
-70 dBm
80 %
1000000 bps
12 clients
16 dB
25 %
3 clients
0
No

The following example shows how to display the detailed configuration for another access point:
> show ap config 802.11b AP02
Cisco AP Identifier..............................
Cisco AP Name....................................
AP Regulatory Domain.............................
Switch Port Number ..............................
MAC Address......................................
IP Address Configuration.........................
IP Address.......................................

0
AP02
Unconfigured
1
00:0b:85:18:b6:50
DHCP
1.100.49.240

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1353

show Commands

IP NetMask.......................................
Gateway IP Addr..................................
Cisco AP Location................................
Cisco AP Group Name..............................
Primary Cisco Switch.............................
Secondary Cisco Switch...........................
Tertiary Cisco Switch............................
Administrative State ............................
Operation State .................................
Mirroring Mode ..................................
AP Mode .........................................
Remote AP Debug .................................
S/W Version ....................................
Boot Version ...................................
Stats Reporting Period ..........................
LED State........................................
ILP Pre Standard Switch..........................
ILP Power Injector...............................
Number Of Slots..................................
AP Model.........................................
AP Serial Number.................................
AP Certificate Type..............................
Attributes for Slot 1
Radio Type...................................
Administrative State ........................
Operation State .............................
CellId ......................................
Station Configuration
Configuration .............................
Number Of WLANs ...........................
Medium Occupancy Limit ....................
CFP Period ................................
CFP MaxDuration ...........................
BSSID .....................................
Operation Rate Set
1000 Kilo Bits...........................
2000 Kilo Bits...........................
5500 Kilo Bits...........................
11000 Kilo Bits..........................
6000 Kilo Bits...........................
9000 Kilo Bits...........................
12000 Kilo Bits..........................
18000 Kilo Bits..........................
24000 Kilo Bits..........................
36000 Kilo Bits..........................
48000 Kilo Bits..........................
54000 Kilo Bits..........................
Beacon Period .............................
DTIM Period ...............................
Fragmentation Threshold ...................
Multi Domain Capability Implemented .......
Multi Domain Capability Enabled ...........
Country String ............................
Multi Domain Capability
Configuration .............................
First Chan Num ............................
Number Of Channels ........................
MAC Operation Parameters
Configuration .............................
RTS Threshold .............................
Short Retry Limit .........................
Long Retry Limit ..........................
Fragmentation Threshold ...................
Maximum Tx MSDU Life Time .................
Maximum Rx Life Time.......................
Tx Power
Num Of Supported Power Levels..............
Tx Power Level 1 ..........................
Tx Power Level 2...........................
Tx Power Level 3...........................
Tx Power Level 4...........................
Tx Power Level 5...........................
Tx Power Configuration.....................

255.255.255.0
1.100.49.1
default-location
default-group
Cisco_32:ab:63
ADMIN_ENABLED
REGISTERED
Disabled
Local
Disabled
3.1.61.0
1.2.59.6
180
Enabled
Disabled
Disabled
2
AS-1200
044110223A
Manufacture Installed
RADIO_TYPE_80211g
ADMIN_ENABLED
UP
0
AUTOMATIC
1
100
4
60
00:0b:85:18:b6:50
MANDATORY
MANDATORY
MANDATORY
MANDATORY
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
SUPPORTED
100
1
2346
TRUE
TRUE
US
AUTOMATIC
1
11
AUTOMATIC
2347
7
4
2346
512
512
5
17 dBm
14 dBm
11 dBm
8 dBm
5 dBm
CUSTOMIZED

Cisco Wireless LAN Controller Command Reference, Release 8.0

1354

OL-31334-01

show Commands

Current Tx Power Level.....................

Phy OFDM parameters
Configuration..............................
Current Channel............................
TI Threshold...............................
Legacy Tx Beamforming Configuration .......
Legacy Tx Beamforming .....................
Antenna Type...............................
Internal Antenna Gain (in5 dBm units)......
Diversity..................................
Performance Profile Parameters
Configuration..............................
Interference threshold.....................
Noise threshold............................
RF utilization threshold...................
Data-rate threshold........................
Client threshold...........................
Coverage SNR threshold.....................
Coverage exception level...................
Client minimum exception level.............
Rogue Containment Information
Containment Count............................

5
CUSTOMIZED
1
-50
CUSTOMIZED
ENABLED
INTERNAL_ANTENNA
11
DIVERSITY_ENABLED
AUTOMATIC
10%
-70 dBm
80%
1000000 bps
12 clients
12 dB
25%
3 clients
0

The following example shows how to display the general configuration of a Cisco access point:
> show ap config general cisco-ap
Cisco AP Identifier..............................
Cisco AP Name....................................
Country code.....................................
Regulatory Domain allowed by Country.............
AP Country code..................................
AP Regulatory Domain.............................
Switch Port Number ..............................
MAC Address......................................
IP Address Configuration.........................
IP Address.......................................
IP NetMask.......................................
CAPWAP Path MTU..................................
Domain...........................................
Name Server......................................
Telnet State.....................................
Ssh State........................................
Cisco AP Location................................
Cisco AP Group Name..............................
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address..................
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address.................
Administrative State ............................
Operation State .................................
Mirroring Mode ..................................
AP Mode .........................................
Public Safety ...................................
AP subMode ......................................
Remote AP Debug .................................
S/W Version ....................................
Boot Version ...................................
Mini IOS Version ................................
Stats Reporting Period ..........................
LED State........................................
PoE Pre-Standard Switch..........................
PoE Power Injector MAC Addr......................
Power Type/Mode..................................
Number Of Slots..................................
AP Model.........................................
IOS Version......................................
Reset Button.....................................
AP Serial Number.................................
AP Certificate Type..............................
Management Frame Protection Validation...........

9
cisco-ap
US - United States
802.11bg:-A 802.11a:-A
US - United States
802.11bg:-A 802.11a:-A
1
12:12:12:12:12:12
DHCP
10.10.10.21
255.255.255.0
1485
Disabled
Disabled
default location
default-group
4404
10.10.10.32
Not Configured
4404
3.3.3.3
ADMIN_ENABLED
REGISTERED
Disabled
Local
Global: Disabled, Local: Disabled
WIPS
Disabled
5.1.0.0
12.4.10.0
0.0.0.0
180
Enabled
Enabled
Disabled
PoE/Low Power (degraded mode)
2
AIR-LAP1252AG-A-K9
12.4(10:0)
Enabled
serial_number
Manufacture Installed
Enabled (Global MFP Disabled)

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1355

show Commands

AP User Mode..................................... CUSTOMIZED

AP username..................................... maria
AP Dot1x User Mode............................... Not Configured
AP Dot1x username............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 4 days, 06 h 17 m 22 s
AP LWAPP Up Time................................. 4 days, 06 h 15 m 00 s
Join Date and Time............................... Mon Mar 3 06:19:47 2008
Ethernet Port Duplex............................. Auto
Ethernet Port Speed.............................. Auto
AP Link Latency.................................. Enabled
Current Delay................................... 0 ms
Maximum Delay................................... 240 ms
Minimum Delay................................... 0 ms
Last updated (based on AP Up Time).............. 4 days, 06 h 17 m 20 s
Rogue Detection.................................. Enabled
AP TCP MSS Adjust................................ Disabled
Mesh preferred parent............................ 00:24:13:0f:92:00

Cisco Wireless LAN Controller Command Reference, Release 8.0

1356

OL-31334-01

show Commands

show ap config general

To display the access point specific syslog server settings for all access points, use the show ap config general
command.
show ap config general

Syntax Description

Command History

Examples

This command has no arguments and keywords.

Release

Modification

8.0

This command was introduced in the Release 8.0

The following example shows how to display AP specific server settings:

ap_console >show ap config general APc89c.1d53.6799
Cisco AP Identifier.............................. 76
Cisco AP Name.................................... APc89c.1d53.6799
Country code..................................... Multiple Countries:IN,JP,US
Regulatory Domain allowed by Country............. 802.11bg:-AJPU 802.11a:-AJN
AP Country code.................................. US - United States
AP Regulatory Domain............................. 802.11bg:-A 802.11a:-A
Switch Port Number .............................. 1
MAC Address...................................... c8:9c:1d:53:67:99
IP Address Configuration......................... DHCP
IP Address....................................... 10.8.77.103
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 10.8.77.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Globally Disabled
Ssh State........................................ Globally Disabled
Cisco AP Location................................ default location
Cisco AP Floor Label............................. 0
Cisco AP Group Name.............................. apGroup2
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... Local
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... system
S/W Version .................................... 8.0.72.132
Boot Version ................................... 12.4.23.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
Stats Collection Mode ........................... normal
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. PoE/Full Power
Number Of Slots.................................. 2

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1357

show Commands

AP Model......................................... AIR-LAP1142N-A-K9
AP Image......................................... C1140-K9W8-M
IOS Version...................................... 15.3(20140302:180954)$
Reset Button..................................... Enabled
AP Serial Number................................. FGL1510S3VZ
AP Certificate Type.............................. Manufacture Installed
AP User Mode..................................... AUTOMATIC
AP User Name..................................... cisco
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 0 days, 18 h 43 m 35 s
AP LWAPP Up Time................................. 0 days, 18 h 42 m 23 s
Join Date and Time............................... Wed Mar 5 07:26:07 2014
Join Taken Time.................................. 0 days, 00 h 01 m 11 s
Memory Type...................................... DDR3
Memory Size...................................... 98294 KBytes
CPU Type......................................... PowerPC405ex CPU at 586Mhz, revision
number 0x147E
Flash Type....................................... Onboard Flash
Flash Size....................................... 31374 KBytes
GPS Present...................................... NO
Ethernet Vlan Tag................................ Disabled
Ethernet Port Duplex............................. Auto
Ethernet Port Speed.............................. Auto
AP Link Latency.................................. Disabled
Rogue Detection.................................. Enabled
AP TCP MSS Adjust................................ Disabled
Hotspot Venue Group.............................. Unspecified
Hotspot Venue Type............................... Unspecified
DNS server IP ............................. Not Available

Cisco Wireless LAN Controller Command Reference, Release 8.0

1358

OL-31334-01

show Commands

show ap config global

To display the global syslog server settings for all access points that join the controller, use the show ap config
global command.
show ap config global

Syntax Description

Command History

Examples

This command has no arguments and keywords.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display global syslog server settings:
> show ap config global
AP global system logging host.............................. 255.255.255.255

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1359

show Commands

show ap core-dump
To display the memory core dump information for a lightweight access point, use the show ap core-dump
command.
show ap core-dump cisco_ap

Syntax Description

Command Default

Command History

Examples

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display memory core dump information:
> show ap core-dump AP02
Memory core dump is disabled.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1360

OL-31334-01

show Commands

show ap crash-file
To display the list of both crash and radio core dump files generated by lightweight access points, use the
show ap crash-file command.
show ap crash-file

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the crash file generated by the access point:
> show ap crash-file

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1361

show Commands

show ap data-plane
To display the data plane status for all access points or a specific access point, use the show ap data-plane
command.
show ap data-plane {all | cisco_ap}

Syntax Description

Command Default

Command History

Examples

all

Specifies all Cisco lightweight access points.

cisco_ap

Name of a Cisco lightweight access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the data plane status of all access points:
> show ap data-plane all
Min Data
Data
Max Data
Last
AP Name
Round Trip
Round Trip
------------------ -------------- -------------1130
0.000s
0.000s
1240
0.000s
0.000s

Round Trip
Update
-------------- -----0.002s
18:51:23
0.000s
18:50:45

Cisco Wireless LAN Controller Command Reference, Release 8.0

1362

OL-31334-01

show Commands

show ap dtls-cipher-suite
To display the DTLS show cipher suite information, use the show ap dtls-cipher-suite command.
show ap dtls-cipher-suite

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

8.0

This command was introduced.

The following example shows how to display DTLS cipher suite information:
(Cisco Controller) > show ap dtls-cipher-suite
DTLS Cipher Suite................................ RSA-AES256-SHA

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1363

show Commands

show ap ethernet tag

To display the VLAN tagging information of an Ethernet interface, use the show ap ethernet tag command.
show ap ethernet tag {summary | cisco_ap}

Syntax Description

Command Default

Command History

summary

Displays the VLAN tagging information for all access points associated to the
controller.

cisco_ap

Name of the Cisco lightweight access point. Displays the VLAN tagging
information for a specific access point associated to the controller.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

If the access point is unable to route traffic or reach the controller using the specified trunk VLAN, it falls
back to the untagged configuration. If the access point joins the controller using this fallback configuration,
the controller sends a trap to a trap server such as the WCS, which indicates the failure of the trunk VLAN.
In this scenario, the "Failover to untagged" message appears in show command output.

Examples

The following example shows how to display the VLAN tagging information for all access points associated
to the controller:
> show ap ethernet tag summary
AP Name
-----------------AP2
charan.AP1140.II

Vlan Tag Configuration

------7 (Failover to untagged)
disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

1364

OL-31334-01

show Commands

show ap eventlog
To display the contents of the event log file for an access point that is joined to the controller, use the show ap
eventlog command.
show ap eventlog ap_name

Syntax Description

Command Default

Command History

Examples

ap_name

Event log for the specified access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the event log of an access point:
> show ap eventlog ciscoAP
AP event log download has been initiated
Waiting for download to complete
AP event log download completed.
======================= AP Event log Contents =====================
*Feb 13 11:54:17.146: %CAPWAP-3-CLIENTEVENTLOG: AP event log has been cleared from the
contoller 'admin'
*Feb 13 11:54:32.874: *** Access point reloading. Reason: Reload Command ***
*Mar 1 00:00:39.134: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:00:39.174: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:00:39.211: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:00:49.947: %CAPWAP-3-CLIENTEVENTLOG: Did not get vendor specific options from
DHCP.
...

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1365

show Commands

show ap image
To display the detailed information about the predownloaded image for specified access points, use the show
ap image command.
show ap image {cisco_ap | all}

Syntax Description

Note

Command History

cisco_ap

Name of the lightweight access point.

all

Specifies all access points.

If you have an AP that has the name all, it conflicts with the keyword all that specifies all access points.
In this scenario, the keyword all takes precedence over the AP that is named all.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1366

OL-31334-01

show Commands

show ap inventory
To display inventory information for an access point, use the show ap inventory command.
show ap inventory ap_name

Syntax Description

Command Default

Command History

Examples

ap_name

Inventory for the specified access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the inventory of an access point:
> show ap inventory test101
NAME: "test101"
, DESCR: "Cisco Wireless Access Point"
PID: AIR-LAP1131AG-A-K9 , VID: V01, SN: FTX1123T2XX

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1367

show Commands

show ap join stats detailed

To display all join-related statistics collected for a specific access point, use the show ap join stats detailed
command.
show ap join stats detailed ap_mac

Syntax Description

Command Default

Command History

Examples

ap_mac

Access point Ethernet MAC address or the MAC address of the 802.11 radio
interface.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display join information for a specific access point trying to join the
controller:
> show ap join stats detailed 00:0b:85:02:0d:20
Discovery phase statistics
- Discovery requests received.......................... 2
- Successful discovery responses sent.................. 2
- Unsuccessful discovery request processing............ 0
- Reason for last unsuccessful discovery attempt....... Not applicable
- Time at last successful discovery attempt............ Aug 21 12:50:23:335
- Time at last unsuccessful discovery attempt.......... Not applicable
Join phase statistics
- Join requests received............................... 1
- Successful join responses sent....................... 1
- Unsuccessful join request processing................. 1
- Reason for last unsuccessful join attempt.............RADIUS authorization is pending for
the AP
- Time at last successful join attempt................. Aug 21 12:50:34:481
- Time at last unsuccessful join attempt............... Aug 21 12:50:34:374
Configuration phase statistics
- Configuration requests received...................... 1
- Successful configuration responses sent.............. 1
- Unsuccessful configuration request processing........ 0
- Reason for last unsuccessful configuration attempt... Not applicable
- Time at last successful configuration attempt........ Aug 21 12:50:34:374
- Time at last unsuccessful configuration attempt...... Not applicable
Last AP message decryption failure details
- Reason for last message decryption failure........... Not applicable
Last AP disconnect details
- Reason for last AP connection failure................ Not applicable
Last join error summary
- Type of error that occurred last..................... Lwapp join request rejected
- Reason for error that occurred last.................. RADIUS authorization is pending for
the AP
- Time at which the last join error occurred........... Aug 21 12:50:34:374

Cisco Wireless LAN Controller Command Reference, Release 8.0

1368

OL-31334-01

show Commands

show ap join stats summary

To display the last join error detail for a specific access point, use the show ap join stats summary command.
show ap join stats summary ap_mac

Syntax Description

Command Default

Command History

ap_mac

Access point Ethernet MAC address or the MAC address of the 802.11 radio
interface.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

To obtain the MAC address of the 802.11 radio interface, enter the show interface command on the access
point.

Examples

The following example shows how to display specific join information for an access point:
> show ap join stats summary 00:0b:85:02:0d:20
Is the AP currently connected to controller..........................
Time at which the AP joined this controller last time................
Type of error that occurred last.....................................
rejected
Reason for error that occurred last..................................
is pending for the AP
Time at which the last join error occurred...........................

No
Aug 21 12:50:36:061
Lwapp join request
RADIUS authorization
Aug 21 12:50:34:374

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1369

show Commands

show ap join stats summary all

To display the MAC addresses of all the access points that are joined to the controller or that have tried to
join, use the show ap join stats summary all command.
show ap join stats summary all

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of join information for all access points:
> show ap join stats summary all
Number of APs.............................................. 4
Base Mac
AP EthernetMac
AP Name
IP Address
00:0b:85:57:bc:c0
00:0b:85:57:bc:c0
AP1130
10.10.163.217
00:1c:0f:81:db:80
00:1c:63:23:ac:a0
AP1140
10.10.163.216
00:1c:0f:81:fc:20
00:1b:d5:9f:7d:b2
AP1
10.10.163.215
00:21:1b:ea:36:60
00:0c:d4:8a:6b:c1
AP2
10.10.163.214

Status
Joined
Not joined
Joined
Not joined

Cisco Wireless LAN Controller Command Reference, Release 8.0

1370

OL-31334-01

show Commands

show ap led-state
To view the LED state of all access points or a specific access point, use the show ap led-state command.
show ap led-state {all | cisco_ap}

Syntax Description

Command Default

Command History

Examples

all

Shows the LED state for all access points.

cisco_ap

Name of the access point whose LED state is to be shown.

The AP LED state is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to get the LED state of all access points:
> show ap led-state all
Global LED State: Enabled (default)

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1371

show Commands

show ap led-flash
To display the LED flash status of an access point, use the show ap led-flash command.
show ap led-flash cisco_ap

Syntax Description

Command Default

Command History

Examples

cisco_ap

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the LED flash status of an access point:
> show ap led-flash

Cisco Wireless LAN Controller Command Reference, Release 8.0

1372

OL-31334-01

show Commands

show ap link-encryption
To display the MAC addresses of all the access points that are joined to the controller or that have tried to
join, use the show ap link-encryption command.
show ap link-encryption {all | cisco_ap}

Syntax Description

Command Default

Command History

Examples

all

Specifies all access points.

cisco_ap

Name of the lightweight access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the link encryption status of all access points:
> show ap link-encryption all
Encryption Dnstream
AP Name
State
Count
------------------ --- -------1240
Dis
4406
1130
En
2484

Upstream
Count
-------237553
276308

Last
Update
-----Never
19:31

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1373

show Commands

show ap max-count summary

To display the maximum number of access points supported by the Cisco WLC, use the show ap max-count
summarycommand.
show ap max-count summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.5

This command was introduced.

The following is a sample output of the show ap max-count summarycommand:

Device > show ap max-count
The max number of AP's supported................. 500

Cisco Wireless LAN Controller Command Reference, Release 8.0

1374

OL-31334-01

show Commands

show ap monitor-mode summary

To display the current channel-optimized monitor mode settings, use the show ap monitor-mode summary
command.
show ap monitor-mode summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display current channel-optimized monitor mode settings:
> show ap monitor-mode summary
AP Name
Ethernet MAC
Status
Scanning Channel List
--- ----------------- ---------- ---------------------AP_004
xx:xx:xx:xx:xx:xx Tracking
1, 6, 11, 4

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1375

show Commands

show ap packet-dump status

To display access point Packet Capture configurations, use the show ap packet-dump status command.
show ap packet-dump status

Syntax Description

Command History

Usage Guidelines

This command has no arguments or keywords.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Packet Capture does not work during intercontroller roaming.

The controller does not capture packets created in the radio firmware and sent out of the access point, such
as the beacon or probe response. Only packets that flow through the Radio driver in the Tx path are captured.

Examples

The following example shows how to display the access point Packet Capture configurations:
> show ap packet-dump status
Packet Capture Status............................
FTP Server IP Address............................
FTP Server Path..................................
FTP Server Username..............................
FTP Server Password..............................
Buffer Size for Capture..........................
Packet Capture Time..............................
Packet Truncate Length...........................
Packet Capture Classifier........................

Stopped
0.0.0.0
********
2048 KB
45 Minutes
Unspecified
None

Cisco Wireless LAN Controller Command Reference, Release 8.0

1376

OL-31334-01

show Commands

show ap prefer-mode stats

Syntax Description

Command Default
Command Modes
Command History

Release

Modification

Task ID

Operation

Usage Guidelines
Task ID

Examples

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1377

show Commands

show ap retransmit
To display access point control packet retransmission parameters, use theshow ap retransmit command.
show ap retransmit {all | cisco_ap}

Syntax Description

Command Default

Command History

Examples

all

Specifies all access points.

cisco_ap

Name of the access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the control packet retransmission parameters of all access points
on a network:
> show ap retransmit all
Global control packet retransmit interval: 3 (default)
Global control packet retransmit count: 5 (default)
AP Name
Retransmit Interval Retransmit count
------------------ ------------------- ------------------AP_004
3 (default)
5 (WLC default),5 (AP default)

Cisco Wireless LAN Controller Command Reference, Release 8.0

1378

OL-31334-01

show Commands

show ap stats
To display the statistics for a Cisco lightweight access point, use the show ap stats command.
show ap stats {802.11{a | b} | wlan | ethernet summary} cisco_ap [tsm {client_mac | all}]

Syntax Description

Command Default

Command History

Examples

802.11a

Specifies the 802.11a network

802.11b

Specifies the 802.11b/g network.

wlan

Specifies WLAN statistics.

ethernet

Specifies AP ethernet interface statistics.

summary

Displays ethernet interface summary of all the connected

Cisco access points.

cisco_ap

Name of the lightweight access point.

tsm

(Optional) Specifies the traffic stream metrics.

client_mac

(Optional) MAC address of the client.

all

(Optional) Specifies all access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command was modified. The OEAP WMM

Counters were added to the output.

The following example shows how to display statistics of an access point for the 802.11b network:
> show ap stats 802.11a Ibiza
Number Of Slots..................................
AP Name..........................................
MAC Address......................................
Radio Type.......................................
Stats Information
Number of Users................................
TxFragmentCount................................
MulticastTxFrameCnt............................

2
Ibiza
44:2b:03:9a:8a:73
RADIO_TYPE_80211a
0
84628
84628

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1379

show Commands

FailedCount....................................
RetryCount.....................................
MultipleRetryCount.............................
FrameDuplicateCount............................
RtsSuccessCount................................
RtsFailureCount................................
AckFailureCount................................
RxIncompleteFragment...........................
MulticastRxFrameCnt............................
FcsErrorCount..................................
TxFrameCount...................................
WepUndecryptableCount..........................
TxFramesDropped................................
OEAP WMM Stats :
Best Effort:
Tx Frame Count...............................
Tx Failed Frame Count........................
Tx Expired Count.............................
Tx Overflow Count............................
Tx Queue Count...............................
Tx Queue Max Count...........................
Rx Frame Count...............................
Rx Failed Frame Count........................
Background:
Tx Frame Count...............................
Tx Failed Frame Count........................
Tx Expired Count.............................
Tx Overflow Count............................
Tx Queue Count...............................
Tx Queue Max Count...........................
Rx Frame Count...............................
Rx Failed Frame Count........................
Video:
Tx Frame Count...............................
Tx Failed Frame Count........................
Tx Expired Count.............................
Tx Overflow Count............................
Tx Queue Count...............................
Tx Queue Max Count...........................
Rx Frame Count...............................
Rx Failed Frame Count........................
Voice:
Tx Frame Count...............................
Tx Failed Frame Count........................
Tx Expired Count.............................
Tx Overflow Count............................
Tx Queue Count...............................
Tx Queue Max Count...........................
Rx Frame Count...............................
Rx Failed Frame Count........................
Rate Limiting Stats:
Wlan 1:
Number of Data Packets Received..............
Number of Data Rx Packets Dropped............
Number of Data Bytes Received................
Number of Data Rx Bytes Dropped..............
Number of Realtime Packets Received..........
Number of Realtime Rx Packets Dropped........
Number of Realtime Bytes Received............
Number of Realtime Rx Bytes Dropped..........
Number of Data Packets Sent..................
Number of Data Tx Packets Dropped............
Number of Data Bytes Sent....................
Number of Data Tx Bytes Dropped..............
Number of Realtime Packets Sent..............
Number of Realtime Tx Packets Dropped........
Number of Realtime Bytes Sent................
Number of Realtime Tx Bytes Dropped..........
Call Admission Control (CAC) Stats
Voice Bandwidth in use(% of config bw).........
Voice Roam Bandwidth in use(% of config bw)....
Total channel MT free........................

0
0
0
0
1
0
0
0
0
20348857
84628
19907
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

592
160
160783
0
592
0
160783
0
131
0
23436
0
131
0
23436
0
0
0
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

1380

OL-31334-01

show Commands

Total voice MT free..........................

Na Direct....................................
Na Roam......................................
Video Bandwidth in use(% of config bw).........
Video Roam Bandwidth in use(% of config bw)....
Total BW in use for Voice(%)...................
Total BW in use for SIP Preferred call(%)......
WMM TSPEC CAC Call Stats
Total num of voice calls in progress...........
Num of roaming voice calls in progress.........
Total Num of voice calls since AP joined.......
Total Num of roaming calls since AP joined.....
Total Num of exp bw requests received..........
Total Num of exp bw requests admitted..........
Num of voice calls rejected since AP joined....
Num of roam calls rejected since AP joined.....
Num of calls rejected due to insufficent bw....
Num of calls rejected due to invalid params....
Num of calls rejected due to PHY rate..........
Num of calls rejected due to QoS policy........
SIP CAC Call Stats
Total Num of calls in progress.................
Num of roaming calls in progress...............
Total Num of calls since AP joined.............
Total Num of roaming calls since AP joined.....
Total Num of Preferred calls received..........
Total Num of Preferred calls accepted..........
Total Num of ongoing Preferred calls...........
Total Num of calls rejected(Insuff BW).........
Total Num of roam calls rejected(Insuff BW)....
WMM Video TSPEC CAC Call Stats
Total num of video calls in progress...........
Num of roaming video calls in progress.........
Total Num of video calls since AP joined.......
Total Num of video roaming calls since AP j....
Num of video calls rejected since AP joined....
Num of video roam calls rejected since AP j....
Num of video calls rejected due to insuffic....
Num of video calls rejected due to invalid ....
Num of video calls rejected due to PHY rate....
Num of video calls rejected due to QoS poli....
SIP Video CAC Call Stats
Total Num of video calls in progress...........
Num of video roaming calls in progress.........
Total Num of video calls since AP joined.......
Total Num of video roaming calls since AP j....
Total Num of video calls rejected(Insuff BW....
Total Num of video roam calls rejected(Insu....
Band Select Stats
Num of dual band client .......................
Num of dual band client added..................
Num of dual band client expired ...............
Num of dual band client replaced...............
Num of dual band client detected ..............
Num of suppressed client ......................
Num of suppressed client expired...............
Num of suppressed client replaced..............

0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1381

show Commands

show ap summary
To display a summary of all lightweight access points attached to the controller, use the show ap summary
command.
show ap summary [cisco_ap]

Syntax Description

Command Default

Command History

cisco_ap

(Optional) Type sequence of characters that make up the name of a specific AP

or a group of APs, or enter a wild character search pattern.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

A list that contains each lightweight access point name, number of slots, manufacturer, MAC address, location,
and the controller port number appears. When you specify

Examples

The following example shows how to display a summary of all connected access points:
> show
Number
Global
Global
Number
Global
Global

ap
of
AP
AP
of
AP
AP

summary
APs.................................... 2
username.............................. user
Dot1x username........................ Not Configured
APs.................................... 2
username.............................. user
Dot1x username........................ Not Configured

AP Name
Slots AP Model
Ethernet MAC
Location
Country IP Address
Clients
------------------ ----- -------------------- ----------------- ---------------- --------------------- ------AP1140
2
AIR-LAP1142N-A-K9
f0:f7:55:75:f3:29
default
location
US
192.168.0.0
0
Access Points using IPv6 transport:
AP Name
Slots
AP Model
Ethernet MAC
Location
Country
IPv6
Address
Clients
------------------ ----- ------------------------------------- ----------------------------- ----- ---------------------------- -----AP1040
2
AIR-LAP1042N-A-K9
00:40:96:b9:4b:89
default location US
2001:DB8:0:1::1
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

1382

OL-31334-01

show Commands

show ap tcp-mss-adjust
To display the Basic Service Set Identifier (BSSID) value for each WLAN defined on an access point, use
the show ap tcp-mss-adjust command.
show ap tcp-mss-adjust {cisco_ap | all}

Syntax Description

Note

Command History

Examples

cisco_ap

Specified lightweight access point name.

all

Specifies all access points.

If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP
that is with the keyword all.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display Transmission Control Protocol (TCP) maximum segment size
(MSS) information of all access points:
> show ap tcp-mss-adjust all
AP Name
TCP State
------------------ --------AP-1140
enabled
AP-1240
disabled
AP-1130
disabled

MSS Size
------536
-

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1383

show Commands

show ap wlan
To display the Basic Service Set Identifier (BSSID) value for each WLAN defined on an access point, use
the show ap wlan command.
show ap wlan 802.11{a | b} cisco_ap

Syntax Description

Command Default

Command History

Examples

802.11a

Specifies the 802.11a network.

802.11b

Specifies the 802.11b/g network.

ap_name

Lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display BSSIDs of an access point for the 802.11b network:
> show ap wlan 802.11b AP01
Site Name........................................ MY_AP_GROUP1
Site Description................................. MY_AP_GROUP1
WLAN ID
Interface
BSSID
-----------------------------------------1
management
00:1c:0f:81:fc:20
2
dynamic
00:1c:0f:81:fc:21

Cisco Wireless LAN Controller Command Reference, Release 8.0

1384

OL-31334-01

show Commands

show auth-list
To display the access point authorization list, use the show auth-list command.
show auth-list

Syntax Description

Command History

Examples

This command has no arguments or keywords.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the access point authorization list:
> show auth-list
Authorize APs against AAA...................... disabled
Allow APs with Self-signed Certificate (SSC)... disabled
Mac Addr
Cert Type
Key Hash
------------------------------------------------------------------------xx:xx:xx:xx:xx:xx
MIC

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1385

show Commands

show client ap
To display the clients on a Cisco lightweight access point, use the show client ap command.
show client ap 802.11{a | b} cisco_ap

Syntax Description

802.11a

Specifies the 802.11a network.

802.11b

Specifies the 802.11b/g network.

cisco_ap

Cisco lightweight access point name.

Command Default

None.

Usage Guidelines

The show client ap command may list the status of automatically disabled clients. Use the show exclusionlist
command to view clients on the exclusion list (blacklisted).

Examples

This example shows how to display client information on an access point:

> show client ap 802.11b AP1
MAC Address
AP Id
Status
----------------- ------ ------------xx:xx:xx:xx:xx:xx
1
Associated

Related Commands

WLAN Id
--------1

Authenticated
------------No

show client detail

show client summary
show client username
show country
show exclusionlist

Cisco Wireless LAN Controller Command Reference, Release 8.0

1386

OL-31334-01

show Commands

show boot
To display the primary and backup software build numbers with an indication of which is active, use the show
boot command.
show boot

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Examples

The following is a sample output of the show boot command:

(Cisco Controller) > show boot
Primary Boot Image............................... 3.2.13.0 (active)
Backup Boot Image................................ 3.2.15.0

Related Commands

config boot

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1387

show Commands

show call-control ap
Note

Syntax Description

Command Default

Command History

Usage Guidelines

802.11a

Specifies the 802.11a network

802.11b

Specifies the 802.11b/g network.

cisco_ap

Cisco access point name.

metrics

Specifies the call metrics information.

traps

Specifies the trap information for call control.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

To aid in troubleshooting, the output of this command shows an error code for any failed calls. This table
explains the possible error codes for failed calls.
Table 13: Error Codes for Failed VoIP Calls

Error Code Integer

Description

unknown

Unknown error.

400

badRequest

The request could not be understood because of malformed

syntax.

401

unauthorized

The request requires user authentication.

402

paymentRequired

Reserved for future use.

403

forbidden

The server understood the request but refuses to fulfill it.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1388

OL-31334-01

show Commands

Error Code Integer

Description

404

notFound

The server has information that the user does not exist at the
domain specified in the Request-URI.

405

methodNotallowed

The method specified in the Request-Line is understood but

not allowed for the address identified by the Request-URI.

406

notAcceptable

The resource identified by the request is only capable of

generating response entities with content characteristics that
are not acceptable according to the Accept header field sent
in the request.

407

proxyAuthenticationRequired

The client must first authenticate with the proxy.

408

requestTimeout

The server could not produce a response within a suitable

amount of time.

409

conflict

The request could not be completed due to a conflict with

the current state of the resource.

410

gone

The requested resource is no longer available at the server,

and no forwarding address is known.

411

lengthRequired

The server is refusing to process a request because the

request entity-body is larger than the server is willing or able
to process.

413

requestEntityTooLarge

The server is refusing to process a request because the

request entity-body is larger than the server is willing or able
to process.

414

requestURITooLarge

The server is refusing to service the request because the

Request-URI is longer than the server is willing to interpret.

415

unsupportedMediaType

The server is refusing to service the request because the

message body of the request is in a format not supported by
the server for the requested method.

420

badExtension

The server did not understand the protocol extension

specified in a Proxy-Require or Require header field.

480

temporarilyNotAvailable

The callees end system was contacted successfully, but the

callee is currently unavailable.

481

callLegDoesNotExist

The UAS received a request that does not match any existing
dialog or transaction.

482

loopDetected

The server has detected a loop.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1389

show Commands

Error Code Integer

Description

483

tooManyHops

The server received a request that contains a Max-Forwards

header field with the value zero.

484

addressIncomplete

The server received a request with a Request-URI that was

incomplete.

485

ambiguous

The Request-URI was ambiguous.

486

busy

The callees end system was contacted successfully, but the

callee is currently not willing or able to take additional calls
at this end system.

500

internalServerError

The server encountered an unexpected condition that

prevented it from fulfilling the request.

501

notImplemented

The server does not support the functionality required to

fulfill the request.

502

badGateway

The server, while acting as a gateway or proxy, received an

invalid response from the downstream server it accessed in
attempting to fulfill the request.

503

serviceUnavailable

The server is temporarily unable to process the request

because of a temporary overloading or maintenance of the
server.

504

serverTimeout

The server did not receive a timely response from an external

server it accessed in attempting to process the request.

505

versionNotSupported

The server does not support or refuses to support the SIP

protocol version that was used in the request.

600

busyEverywhere

The callees end system was contacted successfully, but the

callee is busy or does not want to take the call at this time.

603

decline

The callees machine was contacted successfully, but the

user does not want to or cannot participate.

604

doesNotExistAnywhere

The server has information that the user indicated in the

Request-URI does not exist anywhere.

606

notAcceptable

The users agent was contacted successfully, but some

aspects of the session description (such as the requested
media, bandwidth, or addressing style) were not acceptable.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1390

OL-31334-01

show Commands

Examples

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1391

show Commands

show country
To display the configured country and the radio types that are supported, use the show country command.
show country

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the configured countries and supported radio types:
> show country
Configured Country............................. United States
Configured Country Codes
US - United States............................. 802.11a / 802.11b / 802.11g

Cisco Wireless LAN Controller Command Reference, Release 8.0

1392

OL-31334-01

show Commands

show country channels

To display the radio channels supported in the configured country, use the show country channels command.
show country channels

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the auto-RF channels for the configured countries:
> show country channels
Configured Country............................. United States
KEY: * = Channel is legal in this country and may be configured manually.
Configured Country............................. United States
KEY: * = Channel is legal in this country and may be configured manually.
A = Channel is the Auto-RF default in this country.
. = Channel is not legal in this country.
C = Channel has been configured for use by Auto-RF.
x = Channel is available to be configured for use by Auto-RF.
---------:+-+-+-+-+-+-+-+-+-+-+-+-+-+802.11BG :
Channels :
1 1 1 1 1
: 1 2 3 4 5 6 7 8 9 0 1 2 3 4
---------:+-+-+-+-+-+-+-+-+-+-+-+-+-+US : A * * * * A * * * * A . . .
---------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+802.11A : 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Channels : 3 3 3 4 4 4 4 4 5 5 6 6 0 0 0 1 1 2 2 2 3 3 4 4 5 5 6 6
: 4 6 8 0 2 4 6 8 2 6 0 4 0 4 8 2 6 0 4 8 2 6 0 9 3 7 1 5
---------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+US : . A . A . A . A A A A A * * * * * . . . * * * A A A A *
---------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1393

show Commands

show country supported

To display a list of the supported country options, use the show country supported command.
show country supported

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a list of all the supported countries:
> show country supported
Configured Country............................. United States
Supported Country Codes
AR - Argentina................................. 802.11a / 802.11b
AT - Austria................................... 802.11a / 802.11b
AU - Australia................................. 802.11a / 802.11b
BR - Brazil.................................... 802.11a / 802.11b
BE - Belgium................................... 802.11a / 802.11b
BG - Bulgaria.................................. 802.11a / 802.11b
CA - Canada.................................... 802.11a / 802.11b
CH - Switzerland............................... 802.11a / 802.11b
CL - Chile.....................................
802.11b
CN - China..................................... 802.11a / 802.11b
CO - Colombia..................................
802.11b
CY - Cyprus.................................... 802.11a / 802.11b
CZ - Czech Republic............................ 802.11a / 802.11b
DE - Germany................................... 802.11a / 802.11b
DK - Denmark................................... 802.11a / 802.11b
EE - Estonia................................... 802.11a / 802.11b
ES - Spain..................................... 802.11a / 802.11b
FI - Finland................................... 802.11a / 802.11b
FR - France.................................... 802.11a / 802.11b
GB - United Kingdom............................ 802.11a / 802.11b
GI - Gibraltar................................. 802.11a / 802.11b
GR - Greece.................................... 802.11a / 802.11b
HK - Hong Kong................................. 802.11a / 802.11b
HU - Hungary................................... 802.11a / 802.11b
ID - Indonesia.................................
802.11b
IE - Ireland................................... 802.11a / 802.11b
IN - India..................................... 802.11a / 802.11b
IL - Israel.................................... 802.11a / 802.11b
ILO - Israel (outdoor)..........................
802.11b
IS - Iceland................................... 802.11a / 802.11b
IT - Italy..................................... 802.11a / 802.11b
JP - Japan (J)................................. 802.11a / 802.11b
J2 - Japan 2(P)................................ 802.11a / 802.11b
J3 - Japan 3(U)................................ 802.11a / 802.11b
KR - Korea Republic (C)........................ 802.11a / 802.11b
KE - Korea Extended (K)........................ 802.11a / 802.11b
LI - Liechtenstein............................. 802.11a / 802.11b

/
/
/
/
/
/
/
/
/
/
/
/

802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g

/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/

802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g

Cisco Wireless LAN Controller Command Reference, Release 8.0

1394

OL-31334-01

show Commands

LT
LU
LV
MC
MT
MX
MY
NL
NZ
NO
PA
PE
PH
PL
PT
RU
RO
SA
SE
SG
SI
SK
TH
TR
TW
UA
US
USL
USX
VE
ZA

Lithuania.................................
Luxembourg................................
Latvia....................................
Monaco....................................
Malta.....................................
Mexico....................................
Malaysia..................................
Netherlands...............................
New Zealand...............................
Norway....................................
Panama....................................
Peru......................................
Philippines...............................
Poland....................................
Portugal..................................
Russian Federation........................
Romania...................................
Saudi Arabia..............................
Sweden....................................
Singapore.................................
Slovenia..................................
Slovak Republic...........................
Thailand..................................
Turkey....................................
Taiwan....................................
Ukraine...................................
United States.............................
United States (Legacy)....................
United States (US + chan165)..............
Venezuela.................................
South Africa..............................

802.11a
802.11a
802.11a
802.11a
802.11a
802.11a
802.11a
802.11a
802.11a
802.11a

/
/
/
/
/
/
/
/
/
/

802.11a
802.11a
802.11a
802.11a
802.11a
802.11a
802.11a
802.11a
802.11a
802.11a

/
/
/
/
/
/
/
/
/
/

802.11a
802.11a
802.11a
802.11a
802.11a

/
/
/
/
/

802.11a /

802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b
802.11b

/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/

802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g
802.11g

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1395

show Commands

show dtls connections

To display the Datagram Transport Layer Security (DTLS) server status, use the show dtls connections
command.
show dtls connections

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following is a sample output of the show dtls connections command.

Device > show dtls connections
AP Name
--------------1130
1130
1240

Local Port
------------Capwap_Ctrl
Capwap_Data
Capwap_Ctrl

Peer IP
--------------1.100.163.210
1.100.163.210
1.100.163.209

Peer Port
------------23678
23678
59674

Ciphersuite
----------------------TLS_RSA _WITH_AES_128_CBC_SHA
TLS_RSA _WITH_AES_128_CBC_SHA
TLS_RSA _WITH_AES_128_CBC_SHA

Cisco Wireless LAN Controller Command Reference, Release 8.0

1396

OL-31334-01

show Commands

show known ap
To display known Cisco lightweight access point information, use the show known ap command.
show known ap {summary | detailed MAC}

Syntax Description

Command Default

Command History

Examples

summary

Displays a list of all known access points.

detailed

Provides detailed information for all known access points.

MAC

MAC address of the known AP.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of all known access points:
> show known ap summary
MAC Address
State
---------------------

# APs
-----

# Clients
--------

Last Heard
-----------------

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1397

show Commands

show ipv6 ra-guard

To display the RA guard statistics, use the show ipv6 ra-guard command.
show ipv6 ra-guard {ap | wlc} summary

Syntax Description

Command Default

Command History

Examples

Displays Cisco access point details.

wlc

Displays Cisco controller details.

summary

Displays RA guard statistics.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the RA guard statistics for a controller:
(Cisco Controller) >show ipv6 ra-guard wlc summary
IPv6 RA Guard on WLC.................... Enabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

1398

OL-31334-01

show Commands

show msglog
To display the message logs written to the Cisco WLC database, use the show msglog command.
show msglog

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

If there are more that 15 entries, you are prompted to display the messages shown in the example.

Examples

The following example shows how to display message logs:

> show msglog
Message Log Severity Level..................... ERROR
Thu Aug 4 14:30:08 2005 [ERROR] spam_lrad.c 1540: AP 00:0b:85:18:b6:50 associated. Last
AP failure was due to Link Failure
Thu Aug 4 14:30:08 2005 [ERROR] spam_lrad.c 13840: Updating IP info for AP 00:
0b:85:18:b6:50 -- static 0, 1.100.49.240/255.255.255.0, gtw 1.100.49.1
Thu Aug 4 14:29:32 2005 [ERROR] dhcpd.c 78: dhcp server: binding to 0.0.0.0
Thu Aug 4 14:29:32 2005 [ERROR] rrmgroup.c 733: Airewave Director: 802.11a switch group
reset
Thu Aug 4 14:29:32 2005 [ERROR] rrmgroup.c 733: Airewave Director: 802.11bg sw
itch group reset
Thu Aug 4 14:29:22 2005 [ERROR] sim.c 2841: Unable to get link state for primary port 0
of interface ap-manager
Thu Aug 4 14:29:22 2005 [ERROR] dtl_l2_dot1q.c 767: Unable to get USP
Thu Aug 4 14:29:22 2005 Previous message occurred 2 times
Thu Aug 4 14:29:14 2005 [CRITICAL] osapi_sem.c 794: Error! osapiMutexTake called with
NULL pointer: osapi_bsntime.c:927
Thu Aug 4 14:29:14 2005 [CRITICAL] osapi_sem.c 794: Error! osapiMutexTake called with
NULL pointer: osapi_bsntime.c:919
Thu Aug 4 14:29:14 2005 [CRITICAL] hwutils.c 1861: Security Module not found
Thu Aug 4 14:29:13 2005 [CRITICAL] bootos.c 791: Starting code...

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1399

show Commands

show network summary

To display the network configuration of the Cisco wireless LAN controller, use the show network summary
command.
show network summary

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display a summary configuration:

Cisco Wireless LAN Controller Command Reference, Release 8.0

1400

OL-31334-01

show Commands

Web Color Theme............................. Default

CAPWAP Prefer Mode.......................... IPv4

Related Commands

config network
show network multicast mgid summary
show network multicast mgid detail
show network

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1401

show Commands

show redundancy summary

To display the redundancy summary information, use the show redundancy summary command.
show redundancy summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the redundancy summary information of the controller:
> show redundancy summary
Redundancy Mode = SSO DISABLED
Local State = ACTIVE
Peer State = N/A
Unit = Primary
Unit ID = 88:43:E1:7E:03:80
Redundancy State = N/A
Mobility MAC = 88:43:E1:7E:03:80
Network Monitor = ENABLED
Link Encryption = DISABLED
BulkSync Status = <Status>
Average Redundancy Peer Reachability Latency = 1390 usecs
Average Management Gateway Reachability Latency = 1165 usecs
Redundancy Management IP Address.................
Peer Redundancy Management IP Address............
Redundancy Port IP Address.......................
Peer Redundancy Port IP Address..................

9.4.92.12
9.4.92.14
169.254.92.12
169.254.92.14

Cisco Wireless LAN Controller Command Reference, Release 8.0

1402

OL-31334-01

show Commands

show redundancy latency

To display the average latency to reach the management gateway and the peer redundancy management IP
address, use the show redundancy latency command .
show redundancy latency

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the average latency to reach the management gateway and the
peer redundancy management IP address:
> show redundancy latency
Network Latencies (RTT) for the Peer Reachability on the Redundancy Port in micro seconds
for the past 10 intervals
Peer Reachability Latency[ 1 ]
: 524 usecs
Peer Reachability Latency[ 2 ]
: 524 usecs
Peer Reachability Latency[ 3 ]
: 522 usecs
Peer Reachability Latency[ 4 ]
: 526 usecs
Peer Reachability Latency[ 5 ]
: 524 usecs
Peer Reachability Latency[ 6 ]
: 524 usecs
Peer Reachability Latency[ 7 ]
: 522 usecs
Peer Reachability Latency[ 8 ]
: 522 usecs
Peer Reachability Latency[ 9 ]
: 526 usecs
Peer Reachability Latency[ 10 ]
: 523 usecs
Network
past 10
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway

Latencies (RTT) for the Management Gateway Reachability in micro seconds for the
intervals
Reachability Latency[ 1 ]
: 1347 usecs
Reachability Latency[ 2 ]
: 2427 usecs
Reachability Latency[ 3 ]
: 1329 usecs
Reachability Latency[ 4 ]
: 2014 usecs
Reachability Latency[ 5 ]
: 2675 usecs
Reachability Latency[ 6 ]
: 731 usecs
Reachability Latency[ 7 ]
: 1882 usecs
Reachability Latency[ 8 ]
: 2853 usecs
Reachability Latency[ 9 ]
: 832 usecs
Reachability Latency[ 10 ]
: 3708 usecs

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1403

show Commands

show redundancy interfaces

To display details of redundancy and service port IP addresses, use the show redundancy interfaces
command.
show redundancy interfaces

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the redundancy and service port IP addresses information:
> show redundancy interfaces
Redundancy Management IP Address.................
Peer Redundancy Management IP Address............
Redundancy Port IP Address.......................
Peer Redundancy Port IP Address..................
Peer Service Port IP Address.....................

9.4.120.5
9.4.120.3
169.254.120.5
169.254.120.3
10.104.175.189

Cisco Wireless LAN Controller Command Reference, Release 8.0

1404

OL-31334-01

show Commands

show redundancy mobilitymac

To display the High Availability (HA) mobility MAC address that is used to communicate with the peer, use
the show redundancy mobilitymac command.
show redundancy mobilitymac

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the HA mobility MAC address used to communicate with the
peer:
> show redundancy mobilitymac
ff:ff:ff:ff:ff:ff

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1405

show Commands

show redundancy peer-route summary

To display the routes assigned to the standby WLC, use the show redundancy peer-route summary command.
show redundancy peer-route summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display all the configured routes of the standby WLC:
> show redundancy peer-route summary
Number of Routes................................. 1
Destination Network
------------------xxx.xxx.xxx.xxx

Netmask
------------------255.255.255.0

Gateway
------------------xxx.xxx.xxx.xxx

Cisco Wireless LAN Controller Command Reference, Release 8.0

1406

OL-31334-01

show Commands

show redundancy statistics

To display the statistics information of the Redundancy Manager, use the show redundancy statistics
command.
show redundancy statistics

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Usage Guidelines

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

This command displays the statistics of different redundancy counters.

Local Physical Ports - Connectivity status of each physical port of the controller. 1 indicates that the port is
up and 0 indicates that the port is down.
Peer Physical Ports - Connectivity status of each physical port of the peer controller. 1 indicates that the port
is up and 0 indicates that the port is down.

Examples

The following example shows how to display the statistics information of the Redundancy Manager:
> show redundancy statistics
Redundancy Manager Statistics
Keep Alive Request Send Counter
Keep Alive Response Receive Counter

: 16
: 16

Keep Alive Request Receive Counter

Keep Alive Response Send Counter

: 500322
: 500322

Ping Request to Default GW Counter

Ping Response from Default GW Counter

: 63360
: 63360

Ping Request to Peer Counter

Ping Response from Peer Counter

: 12
: 3

Keep Alive Loss Counter

Default GW Loss Counter

: 0
: 0

Local Physical Ports 1...8

Peer Physical Ports 1...8

: 10000000
: 10000000

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1407

show Commands

show redundancy timers

To display details of the Redundancy Manager timers, use the show redundancy timers command.
show redundancy timers

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the details of the Redundancy Manager timers:
> show redundancy timers
Keep Alive Timer

: 100 msecs

Peer Search Timer

: 120 secs

Cisco Wireless LAN Controller Command Reference, Release 8.0

1408

OL-31334-01

show Commands

show watchlist
To display the client watchlist, use the show watchlist command.
show watchlist

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the client watchlist information:
> show watchlist
client watchlist state is disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1409

capwap ap Commands

capwap ap Commands
Use the capwap ap commands to configure CAPWAP access point settings.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1410

OL-31334-01

capwap ap Commands

capwap ap controller ip address

To configure the controller IP address into the CAPWAP access point from the access points console port,
use the capwap ap controller ip address command.
capwap ap controller ip address A.B.C.D

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

A.B.C.D

IP address of the controller.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports only IPv4 address format .

This command must be entered from an access points console port. This command is applicable for IPv4
addresses only.

The access point must be running Cisco IOS Release 12.3(11)JX1 or later releases.

The following example shows how to configure the controller IP address 10.23.90.81 into the CAPWAP
access point:
ap_console >capwap ap controller ip address 10.23.90.81

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1411

capwap ap Commands

capwap ap dot1x
To configure the dot1x username and password into the CAPWAP access point from the access points console
port, use the capwap ap dot1x command.
capwap ap dot1x username user_name password password

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

user_name

Dot1x username.

password

Dot1x password.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

This command must be entered from an access points console port.

The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.

This example shows how to configure the dot1x username ABC and password pass01:
ap_console >capwap ap dot1x username ABC password pass01

Cisco Wireless LAN Controller Command Reference, Release 8.0

1412

OL-31334-01

capwap ap Commands

capwap ap hostname
To configure the access point host name from the access points console port, use the capwap ap hostname
command.
capwap ap hostname host_name

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

host_name

Hostname of the access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

This command must be entered from an access points console port.

The access point must be running Cisco IOS Release 12.3(11)JX1 or later releases. This command is
available only for the Cisco Lightweight AP IOS Software recovery image (rcvk9w8) without any
private-config. You can remove the private-config by using the clear capwap private-config command.

This example shows how to configure the hostname WLC into the capwap access point:
ap_console >capwap ap hostname WLC

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1413

capwap ap Commands

capwap ap ip address
To configure the IP address into the CAPWAP access point from the access points console port, use the
capwap ap ip address command.
capwap ap ip address A.B.C.D

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

A.B.C.D

IP address.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports only IPv4 address format.

This command must be entered from an access points console port. This command supports only IPv4 address
format.

The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.

This example shows how to configure the IP address 10.0.0.1 into CAPWAP access point:
ap_console >capwap ap ip address 10.0.0.1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1414

OL-31334-01

capwap ap Commands

capwap ap ip default-gateway
To configure the default gateway from the access points console port, use the capwap ap ip default-gateway
command.
capwap ap ip default-gateway A.B.C.D

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

A.B.C.D

Default gateway address of the capwap access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports only IPv4 address format.

This command must be entered from an access points console port. This command supports only IPv4 address
format.

The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.

This example shows how to configure the CAPWAP access point with the default gateway address 10.0.0.1:
ap_console >capwap ap ip default-gateway 10.0.0.1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1415

capwap ap Commands

capwap ap log-server
To configure the system log server to log all the CAPWAP errors, use the capwap ap log-server command.
capwap ap log-server A.B.C.D

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

A.B.C.D

IP address of the syslog server.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports only IPv4 address format.

This command must be entered from an access points console port. This command supports only IPv4 address
format.

The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.

This example shows how to configure the syslog server with the IP address 10.0.0.1:
ap_console >capwap ap log-server 10.0.0.1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1416

OL-31334-01

capwap ap Commands

capwap ap mode
To configure the local or bridge mode on the access point, use the capwap ap mode command.
capwap ap mode local | bridge

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

local

Configures the access point in local mode.

bridge

Configures the access point in bridge mode.

None

Release

Modification

8.0

The command was introduced.

This command must be entered from an access points console port.

When you execute this command, the access point reboots.

The following example shows how to configure an access point in bridge mode:
ap_console #capwap ap mode bridge

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1417

capwap ap Commands

capwap ap primary-base
To configure the primary controller name and IP address into the CAPWAP access point from the access
points console port, use the capwap ap primary-base command.
capwap ap primary-base WORD A.B.C.D

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

WORD

Name of the primary controller.

A.B.C.D

IP address of the primary controller.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports only IPv4 address format.

This command must be entered from an access points console port. This command supports only IPv4 address
format.

The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.

This example shows how to configure the primary controller name WLC1 and primary controller IP address
209.165.200.225 into the CAPWAP access point:
ap_console >capwap ap primary-base WLC1 209.165.200.225

Cisco Wireless LAN Controller Command Reference, Release 8.0

1418

OL-31334-01

capwap ap Commands

capwap ap primed-timer
To configure the primed timer into the CAPWAP access point, use the capwap ap primed-timer command.
capwap ap primed-timer {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

enable

Enables the primed timer settings

disable

Disables the primed timer settings.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

This command must be entered from an access points console port.

The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.

This example shows how to enable the primed-timer settings:

ap_console >capwap ap primed-timer enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1419

capwap ap Commands

capwap ap secondary-base
To configure the name and IP address of the secondary Cisco WLC into the CAPWAP access point from the
access points console port, use the capwap ap secondary-base command.
capwap ap secondary-base controller_name controller_ip_address

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

controller_name

Name of the secondary Cisco WLC.

controller_ip_address

IP address of the secondary Cisco WLC.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports only IPv4 address format.

This command must be entered from an access points console port. This command supports only IPv4 address
format.

The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.

This example shows how to configure the secondary Cisco WLC name as WLC2 and secondary Cisco WLC
IP address 209.165.200.226 into the CAPWAP access point:
ap_console >capwap ap secondary-base WLC2 209.165.200.226

Cisco Wireless LAN Controller Command Reference, Release 8.0

1420

OL-31334-01

capwap ap Commands

capwap ap tertiary-base
To configure the name and IP address of the tertiary Cisco WLC into the CAPWAP access point from the
access points console port, use the capwap ap tertiary-base command.
capwap ap tertiary-base WORDA.B.C.D

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

WORD

Name of the tertiary Cisco WLC.

A.B.C.D

IP address of the tertiary Cisco WLC.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports only IPv4 address format.

This command must be entered from an access points console port. This command supports only IPv4 address
format.

The access point must be running Cisco IOS Release 12.3(11)JX1 or later releases.

This example shows how to configure the tertiary Cisco WLC with the name WLC3 and secondary Cisco
WLC IP address 209.165.200.227 into the CAPWAP access point:
ap_console >capwap ap tertiary-base WLC3 209.165.200.227

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1421

config Commands

lwapp ap controller ip address

To configure the Cisco WLC IP address into the FlexConnect access point from the access points console
port, use the lwapp ap controller ip address command.
lwapp ap controller ip address A.B.C.D

Syntax Description

Command Default

Command History

Usage Guidelines

A.B.C.D

IP address of the controller.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports only IPv4 address format.

This command must be entered from an access points console port. This command is applicable for IPv4
addresses only.
Prior to changing the FlexConnect configuration on an access point using the access points console port, the
access point must be in standalone mode (not connected to a controller) and you must remove the current
LWAPP private configuration by using the clear lwapp private-config command.

Note

Examples

The access point must be running Cisco IOS Release 12.3(11)JX1 or higher releases.

The following example shows how to configure the controller IP address 10.92.109.1 into the FlexConnect
access point:
(Cisco Controller) > lwapp ap controller ip address 10.92.109.1

config Commands
This section lists the config commands to configure access points.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1422

OL-31334-01

config Commands

config 802.11-a antenna extAntGain

To configure the external antenna gain for the 4.9-GHz and 5.8-GHz public safety channels on an access
point, use the config 802.11-a antenna extAntGain commands.
config {802.11-a49 | 802.11-a58} antenna extAntGain ant_gain cisco_ap {global | channel_no}

Syntax Description

Command Default

Command History

Usage Guidelines

802.11-a49

Specifies the 4.9-GHz public safety channel.

802.11-a58

Specifies the 5.8-GHz public safety channel.

ant_gain

Value in .5-dBi units (for instance, 2.5 dBi = 5).

cisco_ap

Name of the access point to which the command applies.

global

Specifies the antenna gain value to all channels.

channel_no

Antenna gain value for a specific channel.

Channel properties are disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Before you enter the config 802.11-a antenna extAntGain command, disable the 802.11 Cisco radio with
the config 802.11-a disable command.
After you configure the external antenna gain, use the config 802.11-a enable command to reenable the 802.11
Cisco radio.

Examples

The following example shows how to configure an 802.11-a49 external antenna gain of 10 dBi for AP1:
(Cisco Controller) >config 802.11-a antenna extAntGain 10 AP1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1423

config Commands

config 802.11-a channel ap

To configure the channel properties for the 4.9-GHz and 5.8-GHz public safety channels on an access point,
use the config 802.11-a channel ap command.
config {802.11-a49 | 802.11-a58} channel ap cisco_ap {global | channel_no}

Syntax Description

Command Default

Command History

Examples

802.11-a49

Specifies the 4.9-GHz public safety channel.

802.11-a58

Specifies the 5.8-GHz public safety channel.

cisco_ap

Name of the access point to which the command applies.

global

Enables the Dynamic Channel Assignment (DCA) on all 4.9-GHz and

5.8-GHz subband radios.

channel_no

Custom channel for a specific mesh access point. The range is 1 through
26, inclusive, for a 4.9-GHz band and 149 through 165, inclusive, for a
5.8-GHz band.

Channel properties are disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the channel properties:

(Cisco Controller) >config 802.11-a channel ap

Cisco Wireless LAN Controller Command Reference, Release 8.0

1424

OL-31334-01

config Commands

config 802.11-a txpower ap

To configure the transmission power properties for the 4.9-GHz and 5.8-GHz public safety channels on an
access point, use the config 802.11-a txpower ap command.
config {802.11-a49 | 802.11-a58} txpower ap cisco_ap {global | power_level}

Syntax Description

Command Default

Command History

Examples

802.11-a49

Specifies the 4.9-GHz public safety channel.

802.11-a58

Specifies the 5.8-GHz public safety channel.

txpower

Configures transmission power properties.

Configures access point channel settings.

cisco_ap

Name of the access point to which the command

applies.

global

Applies the transmission power value to all channels.

power_level

Transmission power value to the designated mesh

access point. The range is from 1 to 5.

The default transmission power properties for the 4.9-GHz and 5.8-GHz public safety channels on an access
point is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure an 802.11-a49 transmission power level of 4 for AP1:
(Cisco Controller) > config 802.11-a txpower ap 4 AP1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1425

config Commands

config 802.11 antenna diversity

To configure the diversity option for 802.11 antennas, use the config 802.11 antenna diversity command.
config 802.11{a | b} antenna diversity {enable | sideA | sideB} cisco_ap

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the diversity.

sideA

Specifies the diversity between the internal antennas and an external antenna
connected to the Cisco lightweight access point left port.

sideB

Specifies the diversity between the internal antennas and an external antenna
connected to the Cisco lightweight access point right port.

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable antenna diversity for AP01 on an 802.11b network:
(Cisco Controller) >config 802.11a antenna diversity enable AP01

The following example shows how to enable diversity for AP01 on an 802.11a network, using an external
antenna connected to the Cisco lightweight access point left port (sideA):
(Cisco Controller) >config 802.11a antenna diversity sideA AP01

Cisco Wireless LAN Controller Command Reference, Release 8.0

1426

OL-31334-01

config Commands

config 802.11 antenna extAntGain

To configure external antenna gain for an 802.11 network, use the config 802.11 antenna extAntGain
command.
config 802.11{a | b} antenna extAntGain antenna_gain cisco_ap

Syntax Description

Command Default

Command History

Usage Guidelines

Specifies the 802.11a network.

Specifies the 802.11b/g network.

antenna_gain

Antenna gain in 0.5 dBm units (for example, 2.5 dBm = 5).

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Before you enter the config 802.11 antenna extAntGain command, disable the 802.11 Cisco radio with the
config 802.11 disable command.
After you configure the external antenna gain, use the config 802.11 enable command to enable the 802.11
Cisco radio.

Examples

The following example shows how to configure an 802.11a external antenna gain of 0.5 dBm for AP1:
(Cisco Controller) >config 802.11 antenna extAntGain 1 AP1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1427

config Commands

config 802.11 antenna mode

To configure the Cisco lightweight access point to use one internal antenna for an 802.11 sectorized 180-degree
coverage pattern or both internal antennas for an 802.11 360-degree omnidirectional pattern, use the config
802.11 antenna mode command.
config 802.11{a | b} antenna mode {omni | sectorA | sectorB} cisco_ap

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

omni

Specifies to use both internal antennas.

sectorA

Specifies to use only the side A internal antenna.

sectorB

Specifies to use only the side B internal antenna.

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure access point AP01 antennas for a 360-degree omnidirectional
pattern on an 802.11b network:
(Cisco Controller) >config 802.11 antenna mode omni AP01

Cisco Wireless LAN Controller Command Reference, Release 8.0

1428

OL-31334-01

config Commands

config 802.11 antenna selection

To select the internal or external antenna selection for a Cisco lightweight access point on an 802.11 network,
use the config 802.11 antenna selection command.
config 802.11{a | b} antenna selection {internal | external} cisco_ap

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

internal

Specifies the internal antenna.

external

Specifies the external antenna.

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure access point AP02 on an 802.11b network to use the internal
antenna:
(Cisco Controller) >config 802.11a antenna selection internal AP02

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1429

config Commands

config 802.11 beamforming

To enable or disable Beamforming (ClientLink) on the network or on individual radios, enter the config 802.11
beamforming command.
config 802.11{a | b} beamforming {global | ap ap_name} {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

Specifies the 802.11a network.

Specifies the 802.11b/g network.

global

Specifies all lightweight access points.

ap ap_name

Specifies the Cisco access point name.

enable

Enables beamforming.

disable

Disables beamforming.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

When you enable Beamforming on the network, it is automatically enabled for all the radios applicable to
that network type.
Follow these guidelines for using Beamforming:
Beamforming is supported only for legacy orthogonal frequency-division multiplexing (OFDM) data
rates (6, 9, 12, 18, 24, 36, 48, and 54 mbps).

Note

Beamforming is not supported for complementary-code keying (CCK) data rates (1, 2,
5.5, and 11 Mbps).

Beamforming is supported only on access points that support 802.11n (AP1250 and AP1140).
Two or more antennas must be enabled for transmission.
All three antennas must be enabled for reception.
OFDM rates must be enabled.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1430

OL-31334-01

config Commands

If the antenna configuration restricts operation to a single transmit antenna, or if OFDM rates are disabled,
Beamforming is not used.

Examples

The following example shows how to enable Beamforming on the 802.11a network:
(Cisco Controller) >config 802.11 beamforming global enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1431

config Commands

config 802.11 disable

To disable radio transmission for an entire 802.11 network or for an individual Cisco radio, use the
config 802.11 disable command.
config 802.11{a | b} disable {network | cisco_ap}

Syntax Description

Command Default

Command History

Usage Guidelines

Configures the 802.11a on slot 1 and 802.11ac radio on slot 2.

radio.

Specifies the 802.11b/g network.

network

Disables transmission for the entire 802.11a network.

cisco_ap

Individual Cisco lightweight access point radio.

The transmission is enabled for the entire network by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

You must use this command to disable the network before using many config 802.11 commands.
This command can be used any time that the CLI interface is active.

Examples

The following example shows how to disable the entire 802.11a network:
(Cisco Controller) >config 802.11a disable network

The following example shows how to disable access point AP01 802.11b transmissions:
(Cisco Controller) >config 802.11b disable AP01

Cisco Wireless LAN Controller Command Reference, Release 8.0

1432

OL-31334-01

config Commands

config advanced 802.11 profile clients

To set the Cisco lightweight access point clients threshold between 1 and 75 clients, use the config advanced
802.11 profile clients command.
config advanced 802.11{a | b} profile clients {global | cisco_ap} clients

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

global

Configures all 802.11a Cisco lightweight access points.

cisco_ap

Cisco lightweight access point name.

clients

802.11a Cisco lightweight access point client threshold between 1 and 75 clients.

The default Cisco lightweight access point clients threshold is 12 clients.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set all Cisco lightweight access point clients thresholds to 25 clients:
(Cisco Controller) >config advanced 802.11 profile clients global 25
Global client count profile set.

The following example shows how to set the AP1 clients threshold to 75 clients:
(Cisco Controller) >config advanced 802.11 profile clients AP1 75
Global client count profile set.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1433

config Commands

config advanced 802.11 profile customize

To turn customizing on or off for an 802.11a Cisco lightweight access point performance profile, use the
config advanced 802.11 profile customize command.
config advanced 802.11{a | b} profile customize cisco_ap {on | off}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a/n network.

Specifies the 802.11b/g/n network.

cisco_ap

Cisco lightweight access point.

Customizes performance profiles for this Cisco lightweight access point.

off

Uses global default performance profiles for this Cisco lightweight access point.

The default state of performance profile customization is Off.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to turn performance profile customization on for 802.11a Cisco lightweight
access point AP1:
(Cisco Controller) >config advanced 802.11 profile customize AP1 on

Cisco Wireless LAN Controller Command Reference, Release 8.0

1434

OL-31334-01

config Commands

config advanced 802.11 profile foreign

To set the foreign 802.11a transmitter interference threshold between 0 and 100 percent, use the config
advanced 802.11 profile foreign command.
config advanced 802.11{a | b} profile foreign {global | cisco_ap} percent

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

global

Configures all 802.11a Cisco lightweight access points.

cisco_ap

Cisco lightweight access point name.

percent

802.11a foreign 802.11a interference threshold between 0 and 100 percent.

The default foreign 802.11a transmitter interference threshold value is 10.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set the foreign 802.11a transmitter interference threshold for all Cisco
lightweight access points to 50 percent:
(Cisco Controller) >config advanced 802.11a profile foreign global 50

The following example shows how to set the foreign 802.11a transmitter interference threshold for AP1 to 0
percent:
(Cisco Controller) >config advanced 802.11 profile foreign AP1 0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1435

config Commands

config advanced 802.11 profile noise

To set the 802.11a foreign noise threshold between 127 and 0 dBm, use the config advanced 802.11 profile
noise command.
config advanced 802.11{a | b} profile noise {global | cisco_ap} dBm

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a/n network.

Specifies the 802.11b/g/n network.

global

Configures all 802.11a Cisco lightweight access point specific profiles.

cisco_ap

Cisco lightweight access point name.

dBm

802.11a foreign noise threshold between 127 and 0 dBm.

The default foreign noise threshold value is 70 dBm.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set the 802.11a foreign noise threshold for all Cisco lightweight access
points to 127 dBm:
(Cisco Controller) >config advanced 802.11a profile noise global -127

The following example shows how to set the 802.11a foreign noise threshold for AP1 to 0 dBm:
(Cisco Controller) >config advanced 802.11a profile noise AP1 0

Cisco Wireless LAN Controller Command Reference, Release 8.0

1436

OL-31334-01

config Commands

config advanced 802.11 profile throughput

To set the Cisco lightweight access point data-rate throughput threshold between 1000 and 10000000 bytes
per second, use the config advanced 802.11 profile throughput command.
config advanced 802.11{a | b} profile throughput {global | cisco_ap} value

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

global

Configures all 802.11a Cisco lightweight access point specific profiles.

cisco_ap

Cisco lightweight access point name.

value

802.11a Cisco lightweight access point throughput threshold between 1000 and
10000000 bytes per second.

The default Cisco lightweight access point data-rate throughput threshold value is 1,000,000 bytes per second.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set all Cisco lightweight access point data-rate thresholds to 1000 bytes
per second:
(Cisco Controller) >config advanced 802.11 profile throughput global 1000

The following example shows how to set the AP1 data-rate threshold to 10000000 bytes per second:
(Cisco Controller) >config advanced 802.11 profile throughput AP1 10000000

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1437

config Commands

config advanced 802.11 profile utilization

To set the RF utilization threshold between 0 and 100 percent, use the config advanced 802.11 profile
utilization command. The operating system generates a trap when this threshold is exceeded.
config advanced 802.11{a | b} profile utilization {global | cisco_ap} percent

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

global

Configures a global Cisco lightweight access point specific profile.

cisco_ap

Cisco lightweight access point name.

percent

802.11a RF utilization threshold between 0 and 100 percent.

The default RF utilization threshold value is 80 percent.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set the RF utilization threshold for all Cisco lightweight access points
to 0 percent:
(Cisco Controller) >config advanced 802.11 profile utilization global 0

The following example shows how to set the RF utilization threshold for AP1 to 100 percent:
(Cisco Controller) >config advanced 802.11 profile utilization AP1 100

Cisco Wireless LAN Controller Command Reference, Release 8.0

1438

OL-31334-01

config Commands

config advanced backup-controller primary

To configure a primary backup controller, use the config advanced backup-controller primary command.
config advanced backup-controller primary system name IP addr

Syntax Description

Command Default

Command History

system name

Configures primary|secondary backup controller.

IP addr

IP address of the backup controller.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports both IPv4 and IPv6 address formats.

Usage Guidelines

To delete a primary backup controller entry (IPv6 or IPv4), enter 0.0.0.0 for the controller IP address.

Examples

The following example shows how to configure the IPv4 primary backup controller:
(Cisco Controller) >config advanced backup-controller primary Controller_1 10.10.10.10

The following example shows how to configure the IPv6 primary backup controller:
(Cisco Controller) >config advanced backup-controller primary systemname 2001:9:6:40::623

The following example shows how to remove the IPv4 primary backup controller:
(Cisco Controller) >config advanced backup-controller primary Controller_1 10.10.10.10

The following example shows how to remove the IPv6 primary backup controller:
(Cisco Controller) >config advanced backup-controller primary Controller_1 0.0.0.0

Related Commands

show advanced back-up controller

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1439

config Commands

config advanced backup-controller secondary

To configure a secondary backup controller, use the config advanced backup-controller secondary command.
config advanced backup-controller secondary system name IP addr

Syntax Description

Command Default

Command History

system name

Configures primary|secondary backup controller.

IP addr

IP address of the backup controller.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports both IPv4 and IPv6 address formats.

Usage Guidelines

To delete a secondary backup controller entry (IPv4 or IPv6), enter 0.0.0.0 for the controller IP address.

Examples

The following example shows how to configure an IPv4 secondary backup controller:
(Cisco Controller) >config advanced backup-controller secondary Controller_2 10.10.10.10

The following example shows how to configure an IPv6 secondary backup controller:
(Cisco Controller) >config advanced backup-controller secondary Controller_2 2001:9:6:40::623

The following example shows how to remove an IPv4 secondary backup controller:
(Cisco Controller) >config advanced backup-controller secondary Controller_2 0.0.0.0

The following example shows how to remove an IPv6 secondary backup controller:
(Cisco Controller) >config advanced backup-controller secondary Controller_2 0.0.0.0

Related Commands

show advanced back-up controller

Cisco Wireless LAN Controller Command Reference, Release 8.0

1440

OL-31334-01

config Commands

config advanced client-handoff

To set the client handoff to occur after a selected number of 802.11 data packet excessive retries, use the
config advanced client-handoff command.
config advanced client-handoff num_of_retries

Syntax Description

Command Default

Command History

num_of_retries

Number of excessive retries before client handoff (from 0 to 255).

The default value for the number of 802.11 data packet excessive retries is 0.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This command is supported only for the 1000/1510 series access points.

Examples

This example shows how to set the client handoff to 100 excessive retries:
(Cisco Controller) >config advanced client-handoff 100

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1441

config Commands

config advanced dot11-padding

To enable or disable over-the-air frame padding, use the config advanced dot11-padding command.
config advanced dot11-padding {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the over-the-air frame padding.

disable

Disables the over-the-air frame padding.

The default over-the-air frame padding is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable over-the-air frame padding:

(Cisco Controller) > config advanced dot11-padding enable

Related Commands

debug dot11
debug dot11 mgmt interface
debug dot11 mgmt msg
debug dot11 mgmt ssid
debug dot11 mgmt state-machine
debug dot11 mgmt station
show advanced dot11-padding

Cisco Wireless LAN Controller Command Reference, Release 8.0

1442

OL-31334-01

config Commands

config advanced assoc-limit

To configure the rate at which access point radios send association and authentication requests to the controller,
use the config advanced assoc-limit command.
config advanced assoc-limit {enable [number of associations per interval | interval ] | disable}

Syntax Description

Command Default

Command History

enable

Enables the configuration of the association requests per access point.

disable

Disables the configuration of the association requests per access point.

number of associations
per interval

(Optional) Number of association request per access point slot in a given interval.
The range is from 1 to 100.

interval

(Optional) Association request limit interval. The range is from 100 to 10000
milliseconds.

The default state of the command is disabled state.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

When 200 or more wireless clients try to associate to a controller at the same time, the clients no longer become
stuck in the DHCP_REQD state when you use the config advanced assoc-limit command to limit association
requests from access points.

Examples

The following example shows how to configure the number of association requests per access point slot in a
given interval of 20 with the association request limit interval of 250:
(Cisco Controller) >config advanced assoc-limit enable 20 250

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1443

config Commands

config advanced max-1x-sessions

To configure the maximum number of simultaneous 802.1X sessions allowed per access point, use the config
advanced max-1x-sessions command.
config advanced max-1x-sessions no_of_sessions

Syntax Description

Command Default

Command History

Examples

no_of_sessions

Number of maximum 802.1x session initiation per AP at a time. The range is

from 0 to 255, where 0 indicates unlimited.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the maximum number of simultaneous 802.1X sessions:
(Cisco Controller) >config advanced max-1x-sessions 200

Cisco Wireless LAN Controller Command Reference, Release 8.0

1444

OL-31334-01

config Commands

config advanced rate

To configure switch control path rate limiting, use the config advanced rate command.
config advanced rate {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the switch control path rate limiting feature.

disable

Disables the switch control path rate limiting feature.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable switch control path rate limiting:
(Cisco Controller) >config advanced rate enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1445

config Commands

config advanced probe backoff

To configure the backoff parameters for probe queue in a Cisco AP, use the config advanced probe backoff
command.
config advanced probe backoff {enable | disable}

Syntax Description

enable

To use default backoff parameter value for probe response.

disable

To use increased backoff parameters for probe response.

Command Default

Disabled

Command History

Release

Modification

7.5

This command was introduced.

Examples

The following example shows how to use increased backoff parameters for probe response:
(Cisco Controller) >config advanced probe backoff enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1446

OL-31334-01

config Commands

config advanced probe filter

To configure the filtering of probe requests forwarded from an access point to the controller, use the config
advanced probe filter command.
config advanced probe filter {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the filtering of probe requests.

disable

Disables the filtering of probe requests.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the filtering of probe requests forwarded from an access point
to the controller:
(Cisco Controller) >config advanced probe filter enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1447

config Commands

config advanced probe limit

To limit the number of probes sent to the WLAN controller per access point per client in a given interval, use
the config advanced probe limit command.
config advanced probe limit num_probes interval

Syntax Description

Command Default

Command History

Examples

num_probes

Number of probe requests (from 1 to 100) forwarded to the controller per client
per access point radio in a given interval.

interval

Probe limit interval (from 100 to 10000 milliseconds).

The default number of probe requests is 2. The default interval is 500 milliseconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

This example shows how to set the number of probes per access point per client to 5 and the probe interval
to 800 milliseconds:
(Cisco Controller) >config advanced probe limit 5 800

Cisco Wireless LAN Controller Command Reference, Release 8.0

1448

OL-31334-01

config Commands

config advanced timers

Syntax Description

ap-discovery-timeout

Configures the Cisco lightweight access point discovery timeout value.

discovery-timeout

Cisco lightweight access point discovery timeout value, in seconds. The

range is from 1 to 10.

ap-fast-heartbeat

Configures the fast heartbeat timer, which reduces the amount of time it
takes to detect a controller failure in access points.

local

Configures the fast heartbeat interval for access points in local mode.

flexconnect

Configures the fast heartbeat interval for access points in FlexConnect

mode.

all

Configures the fast heartbeat interval for all the access points.

enable

Enables the fast heartbeat interval.

disable

Disables the fast heartbeat interval.

fast_heartbeat_seconds

Small heartbeat interval, which reduces the amount of time it takes to

detect a controller failure, in seconds. The range is from 1 to 10.

ap-heartbeat-timeout

Configures Cisco lightweight access point heartbeat timeout value.

heartbeat_seconds

Cisco the Cisco lightweight access point heartbeat timeout value, in

seconds. The range is from 1 to 30. This value should be at least three
times larger than the fast heartbeat timer.

ap-primary-discovery-timeout Configures the access point primary discovery request timer.

primary_discovery_timeout

Access point primary discovery request time, in seconds. The range is

from 30 to 3600.

ap-primed-join-timeout

Configures the access point primed discovery timeout value.

primed_join_timeout

Access point primed discovery timeout value, in seconds. The range is

from 120 to 43200.

auth-timeout

Configures the authentication timeout.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1449

config Commands

auth_timeout

Authentication response timeout value, in seconds. The range is from 10

to 600.

pkt-fwd-watchdog

Configures the packet forwarding watchdog timer to protect from fastpath

deadlock.

watchdog_timer

Packet forwarding watchdog timer, in seconds. The range is from 60 to

300.

default

Configures the watchdog timer to the default value of 240 seconds.

eap-identity-request-delay

Configures the advanced Extensible Authentication Protocol (EAP)

identity request delay, in seconds.

eap_identity_request_delay

Advanced EAP identity request delay, in seconds. The range is from 0

to 10.

eap-timeout

Configures the EAP expiration timeout.

eap_timeout

EAP timeout value, in seconds. The range is from 8 to 120.

Command Default

The default access point discovery timeout is 10 seconds.

Command History

Usage Guidelines

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Examples

The following example shows how to configure an access point discovery timeout with a timeout value of
20:
(Cisco Controller) >config advanced timers ap-discovery-timeout 20

Cisco Wireless LAN Controller Command Reference, Release 8.0

1450

OL-31334-01

config Commands

The following example shows how to enable the fast heartbeat interval for an access point in FlexConnect
mode:
(Cisco Controller) >config advanced timers ap-fast-heartbeat flexconnect enable 8

The following example shows how to configure the authentication timeout to 20 seconds:
(Cisco Controller) >config advanced timers auth-timeout 20

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1451

config Commands

config ap
To configure a Cisco lightweight access point or to add or delete a third-party (foreign) access point, use the
config ap command.
config ap {{enable | disable} cisco_ap | {add | delete} MAC port {enable | disable} IP_address}

Syntax Description

Command Default

Command History

Examples

enable

Enables the Cisco lightweight access point.

disable

Disables the Cisco lightweight access point.

cisco_ap

Name of the Cisco lightweight access point.

add

Adds foreign access points.

delete

Deletes foreign access points.

MAC

MAC address of a foreign access point.

port

Port number through which the foreign access point can be reached.

IP_address

IP address of the foreign access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6.

The following example shows how to disable lightweight access point AP1:
(Cisco Controller) >config ap disable AP1

The following example shows how to add a foreign access point with MAC address 12:12:12:12:12:12 and
IP address 192.12.12.1 from port 2033:
(Cisco Controller) >config ap add 12:12:12:12:12:12 2033 enable 192.12.12.1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1452

OL-31334-01

config Commands

config ap autoconvert
To automatically convert all access points to FlexConnect mode or Monitor mode upon associating with the
Cisco WLC, use the config ap autoconvert command.
config ap autoconvert {flexconnect | monitor | disable}

Syntax Description

Command Default

Command History

flexconnect

Configures all the access points automatically to FlexConnect mode.

monitor

Configures all the access points automatically to monitor mode.

disable

Disables the autoconvert option on the access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

When access points in local mode connect to a Cisco 7500 Series Wireless Controller, they do not serve
clients. The access point details are available in the controller. To enable access points to serve clients or
perform monitoring related tasks when connected to the Cisco 7500 Series Wireless Controller, the access
points must be in FlexConnect mode or Monitor mode.

Examples

The following example shows how to automatically convert all access points to the FlexConnect mode:
(Cisco Controller) >config ap autoconvert flexconnect

The following example shows how to disable the autoconvert option on the APs:
(Cisco Controller) >config ap autoconvert disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1453

config Commands

config ap bhrate
To configure the Cisco bridge backhaul Tx rate, use the config ap bhrate command.
config ap bhrate {rate | auto} cisco_ap

Syntax Description

Command Default

Command History

Usage Guidelines

rate

Cisco bridge backhaul Tx rate in kbps. The valid values are 6000, 12000, 18000, 24000,
36000, 48000, and 54000.

auto

Configures the auto data rate.

cisco_ap

Name of a Cisco lightweight access point.

The default status of the command is set to Auto.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

In previous software releases, the default value for the bridge data rate was 24000 (24 Mbps). In controller
software release 6.0, the default value for the bridge data rate is auto. If you configured the default bridge
data rate value (24000) in a previous controller software release, the bridge data rate is configured with the
new default value (auto) when you upgrade to controller software release 6.0. However, if you configured a
non default value (for example, 18000) in a previous controller software release, that configuration setting is
preserved when you upgrade to Cisco WLC Release 6.0.
When the bridge data rate is set to auto, the mesh backhaul chooses the highest rate where the next higher
rate cannot be used due to unsuitable conditions for that specific rate (and not because of conditions that affect
all rates).

Examples

The following example shows how to configure the Cisco bridge backhaul Tx rate to 54000 kbps:
(Cisco Controller) >config ap bhrate 54000 AP01

Cisco Wireless LAN Controller Command Reference, Release 8.0

1454

OL-31334-01

config Commands

config ap bridgegroupname
To set or delete a bridge group name on a Cisco lightweight access point, use the config ap bridgegroupname
command.
config ap bridgegroupname {set groupname | delete} cisco_ap

Syntax Description

Command Default

Command History

set

Sets a Cisco lightweight access points bridge group name.

groupname

Bridge group name.

delete

Deletes a Cisco lightweight access points bridge group name.

cisco_ap

Name of a Cisco lightweight access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Only access points with the same bridge group name can connect to each other. Changing the AP
bridgegroupname may strand the bridge AP.

Examples

The following example shows how to delete a bridge group name on Cisco access points bridge group name
AP02:
(Cisco Controller) >config ap bridgegroupname delete AP02
Changing the AP's bridgegroupname may strand the bridge AP. Please continue with caution.
Changing the AP's bridgegroupname will also cause the AP to reboot.
Are you sure you want to continue? (y/n)

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1455

config Commands

config ap bridging
To configure Ethernet-to-Ethernet bridging on a Cisco lightweight access point, use the config ap bridging
command.
config ap bridging {enable | disable} cisco_ap

Syntax Description

Command Default

Command History

Examples

enable

Enables the Ethernet-to-Ethernet bridging on a Cisco lightweight access point.

disable

Disables Ethernet-to-Ethernet bridging.

cisco_ap

Name of a Cisco lightweight access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable bridging on an access point:

(Cisco Controller) >config ap bridging enable nyc04-44-1240

The following example shows hot to disable bridging on an access point:

(Cisco Controller) >config ap bridging disable nyc04-44-1240

Cisco Wireless LAN Controller Command Reference, Release 8.0

1456

OL-31334-01

config Commands

config ap cdp
To configure the Cisco Discovery Protocol (CDP) on a Cisco lightweight access point, use the config ap cdp
command.
config ap cdp {enable | disable | interface {ethernet interface_number | slot slot_id}} {cisco_ap | all}

Syntax Description

Note

Command Default

Command History

Usage Guidelines

enable

Enables CDP on an access point.

disable

Disables CDP on an access point.

interface

Configures CDP in a specific interface.

ethernet

Configures CDP for an ethernet interface.

interface_number

Ethernet interface number between 0 and 3.

slot

Configures CDP for a radio interface.

slot_id

Slot number between 0 and 3.

cisco_ap

Name of a Cisco lightweight access point.

all

Specifies all access points.

If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP
that is with the keyword all.

Enabled on radio interfaces of mesh APs and disabled on radio interfaces of non-mesh APs. Enabled on
Ethernet interfaces of all APs.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The config ap cdp disable all command disables CDP on all access points that are joined to the controller
and all access points that join in the future. CDP remains disabled on both current and future access points
even after the controller or access point reboots. To enable CDP, enter the config ap cdp enable all command.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1457

config Commands

Note

Examples

CDP over Ethernet/radio interfaces is available only when CDP is enabled. After you enable CDP on all
access points joined to the controller, you may disable and then reenable CDP on individual access points
using the config ap cdp {enable | disable} cisco_ap command. After you disable CDP on all access points
joined to the controller, you may not enable and then disable CDP on individual access points.

The following example shows how to enable CDP on all access points:
(Cisco Controller) >config ap cdp enable all

The following example shows how to disable CDP on ap02 access point:
(Cisco Controller) >config ap cdp disable ap02

The following example shows how to enable CDP for Ethernet interface number 2 on all access points:
(Cisco Controller) >config ap cdp ethernet 2 enable all

Cisco Wireless LAN Controller Command Reference, Release 8.0

1458

OL-31334-01

config Commands

config ap core-dump
To configure a Cisco lightweight access points memory core dump, use the config ap core-dump command.
config ap core-dump {disable | enable tftp_server_ipaddress filename {compress | uncompress} {cisco_ap
| all}

Syntax Description

Note

Command Default

Command History

enable

Enables the Cisco lightweight access points memory core dump setting.

disable

Disables the Cisco lightweight access points memory core dump setting.

tftp_server_ipaddress

IP address of the TFTP server to which the access point sends core dump files.

filename

Name that the access point uses to label the core file.

compress

Compresses the core dump file.

uncompress

Uncompresses the core dump file.

cisco_ap

Name of a Cisco lightweight access point.

all

Specifies all access points.

If an AP itself is configured with the name all, then the all access points case takes precedence over the
AP that is named all.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6.

Usage Guidelines

The access point must be able to reach the TFTP server. This command is applicable for both IPv4 and IPv6
addresses.

Examples

The following example shows how to configure and compress the core dump file:
(Cisco Controller) >config ap core-dump enable 209.165.200.225 log compress AP02

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1459

config Commands

config ap crash-file clear-all

To delete all crash and radio core dump files, use the config ap crash-file clear-all command.
config ap crash-file clear-all

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to delete all crash files:

(Cisco Controller) >config ap crash-file clear-all

Cisco Wireless LAN Controller Command Reference, Release 8.0

1460

OL-31334-01

config Commands

config ap crash-file delete

To delete a single crash or radio core dump file, use the config ap crash-file delete command.
config ap crash-file delete filename

Syntax Description

Command Default

Command History

Examples

filename

Name of the file to delete.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to delete crash file 1:

(Cisco Controller) >config ap crash-file delete crash_file_1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1461

config Commands

config ap crash-file get-crash-file

To collect the latest crash data for a Cisco lightweight access point, use the config ap crash-file get-crash-file
command.
config ap crash-file get-crash-file cisco_ap

Syntax Description

Command Default

Command History

cisco_ap

Name of the Cisco lightweight access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Use the transfer upload datatype command to transfer the collected data to the Cisco wireless LAN controller.

Examples

The following example shows how to collect the latest crash data for access point AP3:
(Cisco Controller) >config ap crash-file get-crash-file AP3

Cisco Wireless LAN Controller Command Reference, Release 8.0

1462

OL-31334-01

config Commands

config ap crash-file get-radio-core-dump

To get a Cisco lightweight access points radio core dump, use the config ap crash-file get-radio-core-dump
command.
config ap crash-file get-radio-core-dump slot_id cisco_ap

Syntax Description

Command Default

Command History

Examples

slot_id

Slot ID (either 0 or 1).

cisco_ap

Name of a Cisco lightweight access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to collect the radio core dump for access point AP02 and slot 0:
(Cisco Controller) >config ap crash-file get-radio-core-dump 0 AP02

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1463

config Commands

config ap 802.1Xuser
To configure the global authentication username and password for all access points currently associated with
the controller as well as any access points that associate with the controller in the future, use the config ap
802.1Xuser command.
config ap 802.1Xuser add username ap-username password ap-password {all | cisco_ap}

Syntax Description

Command Default

Command History

Usage Guidelines

add username

Specifies to add a username.

ap-username

Username on the Cisco AP.

password

Specifies to add a password.

ap-password

Password.

cisco_ap

Specific access point.

all

Specifies all access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

You must enter a strong password. Strong passwords have the following characteristics:
They are at least eight characters long.
They contain a combination of uppercase and lowercase letters, numbers, and symbols.
They are not a word in any language.
You can set the values for a specific access point.

Examples

This example shows how to configure the global authentication username and password for all access points:
(Cisco Controller) >config ap 802.1Xuser add username cisco123 password cisco2020 all

Cisco Wireless LAN Controller Command Reference, Release 8.0

1464

OL-31334-01

config Commands

config ap 802.1Xuser delete

To force a specific access point to use the controllers global authentication settings, use the config ap
802.1Xuser delete command.
config ap 802.1Xuser delete cisco_ap

Syntax Description

Command Default

Command History

Examples

cisco_ap

Access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to delete access point AP01 to use the controllers global authentication
settings:
(Cisco Controller) >config ap 802.1Xuser delete AP01

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1465

config Commands

config ap 802.1Xuser disable

To disable authentication for all access points or for a specific access point, use the config ap 802.1Xuser
disable command.
config ap 802.1Xuser disable {all | cisco_ap}

Syntax Description

Command Default

Command History

disable

Disables authentication.

all

Specifies all access points.

cisco_ap

Access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

You can disable 802.1X authentication for a specific access point only if global 802.1X authentication is not
enabled. If global 802.1X authentication is enabled, you can disable 802.1X for all access points only.

Examples

The following example shows how to disable the authentication for access point cisco_ap1:
(Cisco Controller) >config ap 802.1Xuser disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1466

OL-31334-01

config Commands

config ap dtls-cipher-suite
To enable new cipher suites for DTLS connection between AP and controller, use the config ap
dtls-cipher-suite command.
config ap dtls-cipher-suite{RSA-AES256-SHA256 | RSA-AES256-SHA | RSA-AES128-SHA}

Syntax Description

Command Default

Command History

Examples

RSA-AES256-SHA256

Cipher suite using either RSA key exchange or authentication,

using 256 bit AES and SHA 256.

RSA-AES256-SHA

Cipher suite using either RSA key exchange or authentication,

using 256 bit AES and SHA.

RSA-AES128-SHA

Cipher suite using either RSA key exchange or authentication,

using 128 bit AES and SHA.

None

Release

Modification

8.0

This command was introduced.

The following example shows how to enable RSA cipher suites using 256 bit AES and SHA 256 for DTLS
connection between AP and controller:
(Cisco Controller) > config ap dtls-cipher-suite RSA-AES256-SHA256

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1467

config Commands

config ap ethernet duplex

To configure the Ethernet port duplex and speed settings of the lightweight access points, use the config ap
ethernet duplex command.
config ap ethernet duplex [auto | half | full] speed [auto | 10 | 100 | 1000] { all | cisco_ap}

Syntax Description

Command Default

Command History

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the Ethernet port duplex half settings as 10 Mbps for all
access points:
(Cisco Controller) >config ap ethernet duplex half speed 10 all

Cisco Wireless LAN Controller Command Reference, Release 8.0

1468

OL-31334-01

config Commands

config ap ethernet tag

To configure VLAN tagging of the Control and Provisioning of Wireless Access Points protocol (CAPWAP)
packets, use the config ap ethernet tag command.
config ap ethernet tag {id vlan_id | disable} {cisco_ap | all}

Syntax Description

Command Default

Command History

Usage Guidelines

Specifies the VLAN id.

vlan_id

ID of the trunk VLAN.

disable

Disables the VLAN tag feature. When you disable VLAN tagging, the access
point untags the CAPWAP packets.

cisco_ap

Name of the Cisco AP.

all

Configures VLAN tagging on all the Cisco access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

After you configure VLAN tagging, the configuration comes into effect only after the access point reboots.
You cannot configure VLAN tagging on mesh access points.
If the access point is unable to route traffic or reach the controller using the specified trunk VLAN, it falls
back to the untagged configuration. If the access point joins the controller using this fallback configuration,
the controller sends a trap to a trap server such as the Cisco Prime Infrastructure, which indicates the failure
of the trunk VLAN. In this scenario, the "Failover to untagged" message appears in show command output.

Examples

The following example shows how to configure VLAN tagging on a trunk VLAN:
(Cisco Controller) >config ap ethernet tag 6 AP1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1469

config Commands

config ap group-name
To specify a descriptive group name for a Cisco lightweight access point, use the config ap group-name
command.
config ap group-name groupname cisco_ap

Syntax Description

Command Default

Command History

groupname

Descriptive name for the access point group.

cisco_ap

Name of the Cisco lightweight access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

The Cisco lightweight access point must be disabled before changing this parameter.

Examples

The following example shows how to configure a descriptive name for access point AP01:
(Cisco Controller) >config ap group-name superusers AP01

Cisco Wireless LAN Controller Command Reference, Release 8.0

1470

OL-31334-01

config Commands

config ap hotspot
To configure HotSpot parameters on an access point, use the config ap hotspot command.
config ap hotspot venue {type group_code type_code | name {add language_code venue_name | delete}}
cisco_ap

Syntax Description

venue

Configures venue information for given AP group.

type

Configures the type of venue for given AP group.

group_code

Venue group information for given AP group.

The following options are available:
0UNSPECIFIED
1ASSEMBLY
2BUSINESS
3EDUCATIONAL
4FACTORY-INDUSTRIAL
5INSTITUTIONAL
6MERCANTILE
7RESIDENTIAL
8STORAGE
9UTILITY-MISC
10VEHICULAR
11OUTDOOR

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1471

config Commands

type_code

Cisco Wireless LAN Controller Command Reference, Release 8.0

1472

OL-31334-01

1475

config Commands

For venue group 6 (MERCANTILE), the following options are available:

0UNSPECIFIED MERCANTILE
1RETAIL STORE
2GROCERY MARKET
3AUTOMOTIVE SERVICE STATION
4SHOPPING MALL
5GAS STATION
For venue group 7 (RESIDENTIAL), the following options are available:
0UNSPECIFIED RESIDENTIAL
1PRIVATE RESIDENCE
2HOTEL OR MOTEL
3DORMITORY
4BOARDING HOUSE
For venue group 8 (STORAGE), the option is:
0UNSPECIFIED STORAGE
For venue group 9 (UTILITY-MISC), the option is:
0UNSPECIFIED UTILITY AND MISCELLANEOUS
For venue group 10 (VEHICULAR), the following options are available:
0UNSPECIFIED VEHICULAR
1AUTOMOBILE OR TRUCK
2AIRPLANE
3BUS
4FERRY
5SHIP OR BOAT
6TRAIN
7MOTOR BIKE
For venue group 11 (OUTDOOR), the following options are available:
0UNSPECIFIED OUTDOOR
1MINI-MESH NETWORK
2CITY PARK
3REST AREA

Cisco Wireless LAN Controller Command Reference, Release 8.0

1476

OL-31334-01

config Commands

4TRAFFIC CONTROL
5BUS STOP
6KIOSK
name

Configures the name of venue for this access point.

language_code ISO-639 encoded string defining the language used at the venue. This string is a
three-character language code. For example, you can enter ENG for English.

Command Default

Command History

Examples

venue_name

Venue name for this access point. This name is associated with the basic service set (BSS)
and is used in cases where the SSID does not provide enough information about the venue.
The venue name is case sensitive and can be up to 252 alphanumeric characters.

add

Adds the HotSpot venue name for this access point.

delete

Deletes the HotSpot venue name for this access point.

cisco_ap

Name of the Cisco access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the venue group as educational and venue type as university:
(Cisco Controller) >config ap hotspot venue type 3 3

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1477

config Commands

config ap image predownload

To configure an image on a specified access point, use the config ap image predownload command.
config ap image predownload {abort | primary | backup} {cisco_ap | all}

Syntax Description

abort

Aborts the predownload image process.

primary

Predownloads an image to a Cisco access point from the controller's

primary image.

cisco_ap

Name of a Cisco lightweight access point.

all

Specifies all access points to predownload an image.

(Cisco Controller) >

Note

Command Default

Command History

Examples

If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP
that is with the keyword all.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to predownload an image to an access point from the primary image:
(Cisco Controller) >config ap image predownload primary all

Cisco Wireless LAN Controller Command Reference, Release 8.0

1478

OL-31334-01

config Commands

config ap image swap

To swap an access points primary and backup images, use the config ap image swap command.
config ap image swap {cisco_ap | all}

Syntax Description

Note

Command Default

Command History

Examples

cisco_ap

Name of a Cisco lightweight access point.

all

Specifies all access points to interchange the boot images.

If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP
that is with the keyword all.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to swap an access points primary and secondary images:
(Cisco Controller) >config ap image swap all

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1479

config Commands

config ap led-state
To configure the LED state of an access point or to configure the flashing of LEDs, use the config ap led-state
command.
config ap led-state {enable | disable} {cisco_ap | all}
config ap led-state flash {seconds | indefinite | disable} {cisco_ap | dual-band}

Syntax Description

enable

Enables the LED state of an access point.

disable

Disables the LED state of an access point.

cisco_ap

Name of a Cisco lightweight access point.

flash

Configure the flashing of LEDs for an access point.

seconds

Duration that the LEDs have to flash. The range is from 1 to 3600
seconds.

indefinite

Configures indefinite flashing of the access points LED.

dual-band

Configures the LED state for all dual-band access points.

Usage Guidelines
Note

If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP
that is with the keyword all.
LEDs on access points with dual-band radio module will flash green and blue when you execute the led state
flash command.

Command Default

Command History

Examples

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the LED state for an access point:
(Cisco Controller) >config ap led-state enable AP02

Cisco Wireless LAN Controller Command Reference, Release 8.0

1480

OL-31334-01

config Commands

The following example shows how to enable the flashing of LEDs for dual-band access points:
(Cisco Controller) >config ap led-state flash 20 dual-band

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1481

config Commands

config ap link-encryption
To configure the Datagram Transport Layer Security (DTLS) data encryption for access points on the
5500 series controller, use the config ap link-encryption command.

Note

If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP
that is with the keyword all.

config ap link-encryption {enable | disable} {cisco_ap | all}

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables the DTLS data encryption for access points.

disable

Disables the DTLS data encryption for access points.

cisco_ap

Name of a Cisco lightweight access point.

all

Specifies all access points.

DTLS data encryption is enabled automatically for OfficeExtend access points but disabled by default for all
other access points.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Only Cisco 5500 Series Controllers support DTLS data encryption. This feature is not available on other
controller platforms. If an access point with data encryption enabled tries to join any other controller, the
access point joins the controller, but data packets are sent unencrypted.
Only Cisco 1130, 1140, 1240, and 1250 series access points support DTLS data encryption, and data-encrypted
access points can join a Cisco 5500 Series Controller only if the wplus license is installed on the controller.
If the wplus license is not installed, the access points cannot join the controller.

Examples

The following example shows how to enable the data encryption for an access point:
(Cisco Controller) >config ap link-encryption enable AP02

Cisco Wireless LAN Controller Command Reference, Release 8.0

1482

OL-31334-01

config Commands

config ap link-latency
To configure link latency for a specific access point or for all access points currently associated to the controller,
use the config ap link-latency command:

Note

If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP
that is with the keyword all.

config ap link-latency {enable | disable | reset} {cisco_ap | all}

Syntax Description

Command Default

Command History

enable

Enables the link latency for an access point.

disable

Disables the link latency for an access point.

reset

Resets all link latency for all access points.

cisco_ap

Name of the Cisco lightweight access point.

all

Specifies all access points.

By default, link latency is in disabled state.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

This command enables or disables link latency only for access points that are currently joined to the controller.
It does not apply to access points that join in the future.

Examples

The following example shows how to enable the link latency for all access points:
(Cisco Controller) >config ap link-latency enable all

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1483

config Commands

config ap location
To modify the descriptive location of a Cisco lightweight access point, use the config ap location command.
config ap location location cisco_ap

Syntax Description

Command Default

Command History

location

Location name of the access point (enclosed by double quotation marks).

cisco_ap

Name of the Cisco lightweight access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

The Cisco lightweight access point must be disabled before changing this parameter.

Examples

The following example shows how to configure the descriptive location for access point AP1:
(Cisco Controller) >config ap location Building 1 AP1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1484

OL-31334-01

config Commands

config ap logging syslog level

To set the severity level for filtering syslog messages for a particular access point or for all access points, use
the config ap logging syslog level command.
config ap logging syslog level severity_level {cisco_ap | all}

Syntax Description

severity_level

Severity levels are as follows:

Note

Command Default

Command History

Usage Guidelines

cisco_ap

Cisco access point.

all

Specifies all access points.

If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP
that is with the keyword all.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

If you set a syslog level, only those messages whose severity is equal to or less than that level are sent to the
access point. For example, if you set the syslog level to Warnings (severity level 4), only those messages
whose severity is between 0 and 4 are sent to the access point.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1485

config Commands

Examples

This example shows how to set the severity for filtering syslog messages to 3:
(Cisco Controller) >config ap logging syslog level 3

Cisco Wireless LAN Controller Command Reference, Release 8.0

1486

OL-31334-01

config Commands

config ap max-count
To configure the maximum number of access points supported by the Cisco Wireless LAN Controller (WLC),
use the config ap max-count command.
config ap max-count number

Syntax Description

Command Default

Command History

number

Number of access points supported by the Cisco WLC.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

The access point count of the Cisco WLC license overrides this count if the configured value is greater than
the access point count of the license. A value of 0 indicates that there is no restriction on the maximum number
of access points. If high availability is configured, you must reboot both the active and the standby Cisco
WLCs after you configure the maximum number of access points supported by the Cisco WLC.

Examples

The following example shows how to configure the number of access points supported by the Cisco WLC:
(Cisco Controller) >config ap max-count 100

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1487

config Commands

config ap mgmtuser add

To configure username, password, and secret password for AP management, use the config ap mgmtuser
add command.
config ap mgmtuser add username AP_username password AP_password secret secret {all | cisco_ap}

Syntax Description

Command Default

Command History

Usage Guidelines

username

Configures the username for AP management.

AP_username

Management username.

password

Configures the password for AP management.

AP_password

AP management password.

secret

Configures the secret password for privileged AP management.

secret

AP managemetn secret password.

all

Applies configuration to every AP that does not have a specific username.

cisco_ap

Cisco access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following requirements are enforced on the password:

The password should contain characters from at least three of the following classes: lowercase letters,
uppercase letters, digits, and special characters.
No character in the password can be repeated more than three times consecutively.
The password sould not contain management username or reverse of usename.
The password should not contain words like Cisco, oscic, admin, nimda or any variant obtained by
changing the capitalization of letters by substituting 1, |, or ! or substituting 0 for o or substituting $ for
s.
The following requirement is enforced on the secret password:
The secret password should contain characters from at least three of the following classes: lowercase
letters, uppercase letters, digits, or special characters.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1488

OL-31334-01

config Commands

Examples

The following example shows how to add a username, password, and secret password for AP management:
> config ap mgmtuser add username acd password Arc_1234 secret Mid_45 all

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1489

config Commands

config ap mgmtuser delete

To force a specific access point to use the controllers global credentials, use the config ap mgmtuser delete
command.
config ap mgmtuser delete cisco_ap

Syntax Description

Command Default

Command History

Examples

cisco_ap

Access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to delete the credentials of an access point:
> config ap mgmtuser delete cisco_ap1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1490

OL-31334-01

config Commands

config ap mode
To change a Cisco WLC communication option for an individual Cisco lightweight access point, use the
config ap mode command.
config ap mode {bridge | flexconnect submode {none | wips | pppoe-only | pppoe-wips} | local submode
{none | wips} | reap | rogue | sniffer | se-connect | monitor submode {none | wips} | flex+bridge
submode{none | wips | pppoe-only | pppoe-wips} } cisco_ap

Syntax Description

Command Default

Command History

bridge

Converts from a lightweight access point to a mesh access point

(bridge mode).

flexconnect

Enables FlexConnect mode on an access point.

local

Converts from an indoor mesh access point (MAP or RAP) to a

nonmesh lightweight access point (local mode).

reap

Enables remote edge access point mode on an access point.

rogue

Enables wired rogue detector mode on an access point.

sniffer

Enables wireless sniffer mode on an access point.

se-connect

Enables flex+bridge mode on an access point.

flex+bridge

Enables spectrum expert mode on an access point.

submode

(Optional) Configures wIPS submode on an access point.

none

Disables the wIPS on an access point.

wips

Enables the wIPS submode on an access point.

pppoe-only

Enables the PPPoE submode on an access point.

pppoe-wips

Enables the PPPoE-wIPS submode on an access point.

cisco_ap

Name of the Cisco lightweight access point.

Local

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

The flex+bridgekeyword was added..

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1491

config Commands

Usage Guidelines

The sniffer mode captures and forwards all the packets from the clients on that channel to a remote machine
that runs AiroPeek or other supported packet analyzer software. It includes information on the timestamp,
signal strength, packet size and so on.

Examples

The following example shows how to set the controller to communicate with access point AP91 in bridge
mode:
> config ap mode bridge AP91

The following example shows how to set the controller to communicate with access point AP01 in local mode:
> config ap mode local AP01

The following example shows how to set the controller to communicate with access point AP91 in remote
office (REAP) mode:
> config ap mode flexconnect AP91

The following example shows how to set the controller to communicate with access point AP91 in a wired
rogue access point detector mode:
> config ap mode rogue AP91

The following example shows how to set the controller to communicate with access point AP02 in wireless
sniffer mode:
> config ap mode sniffer AP02

Cisco Wireless LAN Controller Command Reference, Release 8.0

1492

OL-31334-01

config Commands

config ap monitor-mode
To configure Cisco lightweight access point channel optimization, use the config ap monitor-mode command.
config ap monitor-mode {802.11b fast-channel | no-optimization | tracking-opt | wips-optimized} cisco_ap

Syntax Description

Command Default

Command History

Examples

802.11b fast-channel

Configures 802.11b scanning channels for a monitor-mode access point.

no-optimization

Specifies no channel scanning optimization for the access point.

tracking-opt

Enables tracking optimized channel scanning for the access point.

wips-optimized

Enables wIPS optimized channel scanning for the access point.

cisco_ap

Name of the Cisco lightweight access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a Cisco wireless intrusion prevention system (wIPS) monitor
mode on access point AP01:
> config ap monitor-mode wips-optimized AP01

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1493

config Commands

config ap name
To modify the name of a Cisco lightweight access point, use the config ap name command.
config ap name new_name old_name

Syntax Description

Command Default

Command History

Examples

new_name

Desired Cisco lightweight access point name.

old_name

Current Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to modify the name of access point AP1 to AP2:
> config ap name AP1 AP2

Cisco Wireless LAN Controller Command Reference, Release 8.0

1494

OL-31334-01

config Commands

config ap packet-dump
To configure the Packet Capture parameters on access points, use the config ap packet-dump command.
config ap packet-dump {buffer-size Size _in_KB| capture-time Time_in_Min| ftp serverip IP_addr path
path username usernamepassword password | start MAC_address Cisco_AP | stop | truncate
Length_in_Bytes}
config ap packet-dump classifier {{arp | broadcast | control | data | dot1x | iapp | ip | management |
multicast } {enable | disable} | tcp {enable | disable | port TCP_Port {enable | disable}} | udp {enable |
disable | port UDP_Port {enable | disable}}}

Syntax Description

buffer-size

Configures the buffer size for

Packet Capture in the access point.

Size _in_KB

Size of the buffer. The range is

from 1024 to 4096 KB.

capture-time

Configures the timer value for

Packet Capture.

Time_in_Min

Timer value for Packet Capture.

The range is from 1 to 60 minutes.

ftp

Configures FTP parameters for

Packet Capture.

serverip

Configures the FTP server.

IP_addr

IP address of the FTP server.

path path

Configures FTP server path.

username user_ID

Configures the username for the

FTP server.

password password

Configures the password for the

FTP server.

start

Starts Packet Capture from the

access point.

MAC_address

Client MAC Address for Packet

Capture.

Cisco_AP

Name of the Cisco access point.

stop

Stops Packet Capture from the

access point.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1495

config Commands

truncate

Truncates the packet to the

specified length during Packet
Capture.

Length_in_Bytes

Length of the packet after

truncation. The range is from 20 to
1500.

classifier

Configures the classifier

information for Packet Capture.
You can specify the type of packets
that needs to be captured.

arp

Captures ARP packets.

enable

Enables capture of ARP, broadcast,

802.11 control, 802.11 data, dot1x,
Inter Access Point Protocol (IAPP),
IP, 802.11 management, or
multicast packets.

disable

Disables capture of ARP,

broadcast, 802.11 control, 802.11
data, dot1x, IAPP, IP,
802.11management, or multicast
packets.

broadcast

Captures broadcast packets.

control

Captures 802.11 control packets.

data

Captures 802.11 data packets.

dot1x

Captures dot1x packets.

iapp

Captures IAPP packets.

Captures IP packets.

management

Captures 802.11 management

packets.

multicast

Captures multicast packets.

tcp

Captures TCP packets.

TCP_Port

TCP port number. The range is

from 1 to 65535.

udp

Captures TCP packets.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1496

OL-31334-01

config Commands

Command Default

Command History

Usage Guidelines

UDP_Port

UDP port number. The range is

from 1 to 65535.

ftp

Configures FTP parameters for

Packet Capture.

server_ip

FTP server IP address.

The default buffer size is 2 MB. The default capture time is 10 minutes.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

Packet Capture does not work during intercontroller roaming.

The controller does not capture packets created in the radio firmware and sent out of the access point, such
as a beacon or probe response. Only packets that flow through the Radio driver in the Tx path will be captured.
Use the command config ap packet-dump start to start the Packet Capture from the access point. When you
start Packet Capture, the controller sends a Control and Provisioning of Wireless Access Points protocol
(CAPWAP) message to the access point to which the client is associated and captures packets. You must
configure the FTP server and ensure that the client is associated to the access point before you start Packet
Capture. If the client is not associated to the access point, you must specify the name of the access point.
This command supports both IPv4 and IPv6 address formats.

Examples

The following example shows how to start Packet Capture from an access point:
(Cisco Controller) >config ap packet-dump start 00:0d:28:f4:c0:45 AP1

The following example shows how to capture 802.11 control packets from an access point:
(Cisco Controller) >config ap packet-dump classifier control enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1497

config Commands

config ap port
To configure the port for a foreign access point, use the config ap port command.
config ap port MAC port

Syntax Description

Command Default

Command History

Examples

MAC

Foreign access point MAC address.

port

Port number for accessing the foreign access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the port for a foreign access point MAC address:
> config ap port 12:12:12:12:12:12 20

Cisco Wireless LAN Controller Command Reference, Release 8.0

1498

OL-31334-01

config Commands

config ap power injector

To configure the power injector state for an access point, use the config ap power injector command.
config ap power injector {enable | disable} {cisco_ap | all} {installed | override | switch_MAC}

Syntax Description

Note

Command Default

Command History

Examples

enable

Enables the power injector state for an access point.

disable

Disables the power injector state for an access point.

cisco_ap

Name of the Cisco lightweight access point.

all

Specifies all Cisco lightweight access points connected to the controller.

installed

Detects the MAC address of the current switch port that has a power injector.

override

Overrides the safety checks and assumes a power injector is always installed.

switch_MAC

MAC address of the switch port with an installed power injector.

If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP
that is with the keyword all.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the power injector state for all access points:
> config ap power injector enable all 12:12:12:12:12:12

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1499

config Commands

config ap power pre-standard

To enable or disable the inline power Cisco pre-standard switch state for an access point, use the config ap
power pre-standard command.
config ap power pre-standard {enable | disable} cisco_ap

Syntax Description

enable

Enables the inline power Cisco pre-standard switch state for an access point.

disable

Disables the inline power Cisco pre-standard switch state for an access point.

cisco_ap

Name of the Cisco lightweight access point.

Command Default

Disabled.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Examples

The following example shows how to enable the inline power Cisco pre-standard switch state for access point
AP02:
> config ap power pre-standard enable AP02

Cisco Wireless LAN Controller Command Reference, Release 8.0

1500

OL-31334-01

config Commands

config ap preferred-mode
To configure the preferred mode, use the config ap preferred-mode command.
config appreferred-mode{ipv4 | ipv6|any}{AP_name | Ap-group_name | all }

Syntax Description

Command Default

Command History

Examples

ipv4

Configures IPv4 as the preferred mode

ipv6

Configures IPv6 as the preferred mode

any

Configures any as the preferred mode

AP_name

Configures the preferred mode to the AP

Ap-group_name

Configures the preferred mode to the AP group members

all

Configures the preferred mode to all the APs

None

Release

Modification

8.0

This command was introduced. It supports both IPv4

and IPv6.

The following example shows how to configure IPv6 as the preferred mode to lightweight access point AP1
(Cisco Controller) >config ap preferred-mode ipv6 AP1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1501

config Commands

config ap primary-base
To set the Cisco lightweight access point primary Cisco WLC, use the config ap primary-base command.
config ap primary-base controller_name Cisco_AP[controller_ip_address]

Syntax Description

controller_name

Name of the Cisco WLC.

Cisco_AP

Cisco lightweight access point name.

controller_ip_address

(Optional) If the backup controller is outside the mobility group to which the
access point is connected, then you need to provide the IP address of the primary,
secondary, or tertiary controller.
Note

Command Default

Command History

Usage Guidelines

For OfficeExtend access points, you must enter both the name and IP
address of the controller. Otherwise, the access point cannot join this
controller.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

The Cisco lightweight access point associates with this Cisco WLC for all network operations and in the event
of a hardware reset.
OfficeExtend access points do not use the generic broadcast or over-the air (OTAP) discovery process to find
a controller. You must configure one or more controllers because OfficeExtend access points try to connect
only to their configured controllers.
This command supports both IPv4 and IPv6 address formats.

Examples

The following example shows how to set an access point primary Cisco WLC IPv4 address for an Cisco AP:
(Cisco Controller) > config ap primary-base SW_1 AP2 10.0.0.0

The following example shows how to set an access point primary Cisco WLC IPv6 address for an Cisco AP:
(Cisco Controller) > config ap primary-base SW_1 AP2 2001:DB8:0:1::1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1502

OL-31334-01

config Commands

Related Commands

show ap config general

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1503

config Commands

config ap priority
To assign a priority designation to an access point that allows it to reauthenticate after a controller failure by
priority rather than on a first-come-until-full basis, use the config ap priority command.
config ap priority {1 | 2 | 3 | 4} cisco_ap

Syntax Description

Command Default

Command History

Specifies low priority.

Specifies medium priority.

Specifies high priority.

Specifies the highest (critical) priority.

cisco_ap

Cisco lightweight access point name.

1 - Low priority.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

In a failover situation, if the backup controller does not have enough ports to allow all the access points in
the affected area to reauthenticate, it gives priority to higher-priority access points over lower-priority ones,
even if it means replacing lower-priority access points.

Examples

The following example shows how to assign a priority designation to access point AP02 that allows it to
reauthenticate after a controller failure by assigning a reauthentication priority 3:
> config ap priority 3 AP02

Cisco Wireless LAN Controller Command Reference, Release 8.0

1504

OL-31334-01

config Commands

config ap reporting-period
To reset a Cisco lightweight access point, use the config ap reporting-period command.
config ap reporting-period period

Syntax Description

Command Default

Command History

Examples

period

Time period in seconds between 10 and 120.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to reset an access point reporting period to 120 seconds:
> config ap reporting-period 120

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1505

config Commands

config ap reset
To reset a Cisco lightweight access point, use the config ap reset command.
config ap reset cisco_ap

Syntax Description

Command Default

Command History

Examples

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to reset an access point:

> config ap reset AP2

Cisco Wireless LAN Controller Command Reference, Release 8.0

1506

OL-31334-01

config Commands

config ap retransmit interval

To configure the access point control packet retransmission interval, use the config ap retransmit interval
command.
config ap retransmit interval seconds {all | cisco_ap}

Syntax Description

Command Default

Command History

Examples

seconds

AP control packet retransmission timeout between 2 and 5 seconds.

all

Specifies all access points.

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the retransmission interval for all access points globally:
> config ap retransmit interval 4 all

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1507

config Commands

config ap retransmit count

To configure the access point control packet retransmission count, use the config ap retransmit count
command.
config ap retransmit count count {all | cisco_ap}

Syntax Description

Command Default

Command History

Examples

count

Number of times control packet will be retransmitted.

The range is from 3 to 8.

all

Specifies all access points.

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the retransmission retry count for a specific access point:
> config ap retransmit count 6 cisco_ap

Cisco Wireless LAN Controller Command Reference, Release 8.0

1508

OL-31334-01

config Commands

config ap role
To specify the role of an access point in a mesh network, use the config ap role command.
config ap role {rootAP | meshAP} cisco_ap

Syntax Description

rootAP

Designates the mesh access point as a root access point (RAP).

meshAP

Designates the mesh access point as a mesh access point (MAP).

cisco_ap

Name of the Cisco lightweight access point.

Command Default

meshAP.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Use the meshAP keyword if the access point has a wireless connection to the controller, or use the rootAP
keyword if the access point has a wired connection to the controller. If you change the role of the AP, the AP
will be rebooted.

Examples

The following example shows how to designate mesh access point AP02 as a root access point:
> config ap role rootAP AP02
Changing the AP's role will cause the AP to reboot.
Are you sure you want to continue? (y/n)

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1509

config Commands

config ap rst-button
To configure the Reset button for an access point, use the config ap rst-button command.
config ap rst-button {enable | disable} cisco_ap

Syntax Description

Command Default

Command History

Examples

enable

Enables the Reset button for an access point.

disable

Disables the Reset button for an access point.

cisco_ap

Name of the Cisco lightweight access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the Reset button for access point AP03:
> config ap rst-button enable AP03

Cisco Wireless LAN Controller Command Reference, Release 8.0

1510

OL-31334-01

config Commands

config ap secondary-base
To set the Cisco lightweight access point secondary Cisco WLC, use the config ap secondary-base command.
config ap secondary-base Controller_name Cisco_AP [Controller_IP_address]

Syntax Description

controller_name

Name of the Cisco WLC.

Cisco_AP

Cisco lightweight access point name.

Controller_IP_address

(Optional). If the backup Cisco WLC is outside the mobility group to which the
access point is connected, then you need to provide the IP address of the primary,
secondary, or tertiary Cisco WLC.
Note

Command Default

Command History

Usage Guidelines

For OfficeExtend access points, you must enter both the name and IP
address of the Cisco WLC. Otherwise, the access point cannot join this
Cisco WLC.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

The Cisco lightweight access point associates with this Cisco WLC for all network operations and in the event
of a hardware reset.
OfficeExtend access points do not use the generic broadcast or over-the air (OTAP) discovery process to find
a Cisco WLC. You must configure one or more Cisco WLCs because OfficeExtend access points try to connect
only to their configured Cisco WLCs.
This command supports both IPv4 and IPv6 address formats.

Examples

The following example shows how to set an access point secondary Cisco WLC:
> config ap secondary-base SW_1 AP2 10.0.0.0

The following example shows how to set an access point primary Cisco WLC IPv6 address for an Cisco AP:
(Cisco Controller) > config ap secondary-base SW_1 AP2 2001:DB8:0:1::1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1511

config Commands

Related Commands

show ap config general

Cisco Wireless LAN Controller Command Reference, Release 8.0

1512

OL-31334-01

config Commands

config ap sniff
To enable or disable sniffing on an access point, use the config ap sniff command.
config ap sniff {802.11a | 802.11b} {enable channel server_ip | disable} cisco_ap

Syntax Description

Command Default

Command History

Usage Guidelines

802.11a

Specifies the 802.11a network.

802.11b

Specifies the 802.11b network.

enable

Enables sniffing on an access point.

channel

Channel to be sniffed.

server_ip

IP address of the remote machine running Omnipeek, Airopeek,AirMagnet, or

Wireshark software.

disable

Disables sniffing on an access point.

cisco_ap

Access point configured as the sniffer.

Channel 36.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

When the sniffer feature is enabled on an access point, it starts sniffing the signal on the given channel. It
captures and forwards all the packets to the remote computer that runs Omnipeek, Airopeek, AirMagnet, or
Wireshark software. It includes information on the timestamp, signal strength, packet size and so on.
Before an access point can act as a sniffer, a remote computer that runs one of the listed packet analyzers must
be set up so that it can receive packets sent by the access point. After the Airopeek installation, copy the
following .dll files to the location where airopeek is installed:
socket.dll file to the Plug-ins folder (for example, C:\Program Files\WildPackets\AiroPeek\Plugins)
socketres.dll file to the PluginRes folder (for example, C:\Program Files\WildPackets\AiroPeek\
1033\PluginRes)

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1513

config Commands

Examples

The following example shows how to enable the sniffing on the 802.11a an access point from the primary
Cisco WLC:
> config ap sniff 80211a enable 23 11.22.44.55 AP01

Cisco Wireless LAN Controller Command Reference, Release 8.0

1514

OL-31334-01

config Commands

config ap ssh
To enable Secure Shell (SSH) connectivity on an access point, use the config ap ssh command.
config ap ssh {enable | disable | default} cisco_ap | all

Syntax Description

Command Default

Command History

enable

Enables the SSH connectivity on an access point.

disable

Disables the SSH connectivity on an access point.

default

Replaces the specific SSH configuration of an access point with

the global SSH configuration.

cisco_ap

Cisco access point name.

all

All access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

The Cisco lightweight access point associates with this Cisco wireless LAN controller for all network operation
and in the event of a hardware reset.

Examples

The following example shows how to enable SSH connectivity on access point Cisco_ap2:
> config ap ssh enable cisco_ap2

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1515

config Commands

config ap static-ip
To configure Static IP address settings on Cisco lightweight access point , use the config ap static-ip command.
config ap static-ip {enable Cisco_AP AP_IP_addr IP_netmask /prefix_length gateway | disable Cisco_AP|
add {domain {Cisco_AP | all} domain_name | nameserver {Cisco_AP | all} nameserver-ip} | delete {domain
| nameserver} {Cisco_AP | all}}

Syntax Description

Note

enable

Enables the Cisco lightweight access point

static IP address.

disable

Disables the Cisco lightweight access point

static IP address. The access point uses DHCP
to get the IP address.

Cisco_AP

Cisco lightweight access point name.

AP_IP_addr

Cisco lightweight access point IP address

IP_netmask/prefix_length

Cisco lightweight access point network mask.

gateway

IP address of the Cisco lightweight access

point gateway.

add

Adds a domain or DNS server.

domain

Specifies the domain to which a specific

access point or all access points belong.

all

Specifies all access points.

domain_name

Specifies a domain name.

nameserver

Specifies a DNS server so that a specific

access point or all access points can discover
the controller using DNS resolution.

nameserver-ip

DNS server IP address.

delete

Deletes a domain or DNS server.

If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP
that is with the keyword all.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1516

OL-31334-01

config Commands

Command Default

Command History

Usage Guidelines

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

An access point cannot discover the controller using Domain Name System (DNS) resolution if a static IP
address is configured for the access point, unless you specify a DNS server and the domain to which the access
point belongs.
After you enter the IPv6 address, Prefix-length and IPv6 gateway address, the CAPWAP tunnel will restart
for access point. Changing the AP's IP address will cause the AP to disjoin. After the access point rejoins the
controller, you can enter the domain and IPv6 DNS server information.
This command supports both IPv4 and IPv6 address formats.

Examples

The following example shows how to configure static IP address on an access point:
(Cisco Controller) >config ap static-ip enable AP2 1.1.1.1 255.255.255.0 209.165.200.254

The following example shows how to configure static IPv6 address on an access point:
(Cisco Controller) > config ap static-ip enable AP2 2001:DB8:0:1::1

Related Commands

show ap config general

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1517

config Commands

config ap stats-timer
To set the time in seconds that the Cisco lightweight access point sends its DOT11 statistics to the Cisco
wireless LAN controller, use the config ap stats-timer command.
config ap stats-timer period cisco_ap

Syntax Description

Command Default

Command History

period

Time in seconds from 0 to 65535. A zero value disables the timer.

cisco_ap

Cisco lightweight access point name.

The default value is 0 (disabled state).

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

A value of 0 (zero) means that the Cisco lightweight access point does not send any DOT11 statistics. The
acceptable range for the timer is from 0 to 65535 seconds, and the Cisco lightweight access point must be
disabled to set this value.

Examples

The following example shows how to set the stats timer to 600 seconds for access point AP2:
> config ap stats-timer 600 AP2

Cisco Wireless LAN Controller Command Reference, Release 8.0

1518

OL-31334-01

config Commands

config ap syslog host global

To configure a global syslog server for all access points that join the controller, use the config ap syslog host
global command.
config ap syslog host global ip_address

Syntax Description

Command Default

Command History

Usage Guidelines

ip_address

IPv4/IPv6 address of the syslog server.

The default value of the IPv4 address of the syslog server is 255.255.255.255.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

By default, the global syslog server IP address for all access points is 255.255.255.255. Make sure that the
access points can reach the subnet on which the syslog server resides before configuring the syslog server on
the controller. If the access points cannot reach this subnet, the access points are unable to send out syslog
messages.
This command supports both IPv4 and IPv6 address formats.

Examples

The following example shows how to configure a global syslog server, using IPv4 address, for all access
points:
(Cisco Controller) > config ap syslog host global 255.255.255.255

Examples

The following example shows how to configure a global syslog server, using IPv6 address, for all access
points:
(Cisco Controller) > config ap syslog host global

2001:9:10:56::100

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1519

config Commands

config ap syslog host specific

To configure a syslog server for a specific access point, use the config ap syslog host specific command.
config ap syslog host specific ap_nameip_address

Syntax Description

Command Default

Command History

Usage Guidelines

ap_name

Cisco lightweight access point.

ip_address

IPv4/IPv6 address of the syslog server.

The default value of the syslog server IP address is 0.0.0.0.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

By default, the syslog server IP address for each access point is 0.0.0.0, indicating that it is not yet set. When
the default value is used, the global access point syslog server IP address is pushed to the access point.
This command supports both IPv4 and IPv6 address formats.

Examples

The following example shows how to configure a syslog server:

(Cisco Controller) >config ap syslog host specific 0.0.0.0

Examples

The following example shows how to configure a syslog server for a specific AP, using IPv6 address:
(Cisco Controller) > config ap syslog host specific AP3600 2001:9:10:56::100

Cisco Wireless LAN Controller Command Reference, Release 8.0

1520

OL-31334-01

config Commands

config ap tcp-mss-adjust
To enable or disable the TCP maximum segment size (MSS) on a particular access point or on all access
points, use the config ap tcp-mss-adjust command.
config ap tcp-mss-adjust {enable | disable} {cisco_ap | all} size

Syntax Description

enable

Enables the TCP maximum segment size on an access point.

disable

Disables the TCP maximum segment size on an access point.

cisco_ap

Cisco access point name.

all

Specifies all access points.

size

Maximum segment size.

IPv4Specify a value between 536 and 1363.
IPv6Specify a value between 1220 and 1331.
Note
Any TCP MSS value that is below 1220 and above 1331 will not
be effective for CAPWAP v6 AP.

Note

Command Default

Command History

Usage Guidelines

If an AP itself is configured with the keyword all, the all access points case takes precedence over the AP
that is with the keyword all.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports only IPv6.

When you enable this feature, the access point checks for TCP packets to and from wireless clients in its data
path. If the MSS of these packets is greater than the value that you configured or greater than the default value
for the CAPWAP tunnel, the access point changes the MSS to the new configured value.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1521

config Commands

Examples

This example shows how to enable the TCP MSS on access point cisco_ap1 with a segment size of 1200
bytes:
> config ap tcp-mss-adjust enable cisco_ap1 1200

Cisco Wireless LAN Controller Command Reference, Release 8.0

1522

OL-31334-01

config Commands

config ap telnet
To enable Telnet connectivity on an access point, use the config ap telnet command.
config ap telnet {enable | disable | default} cisco_ap | all

Syntax Description

Command Default

Command History

enable

Enables the Telnet connectivity on an access point.

disable

Disables the Telnet connectivity on an access point.

default

Replaces the specific Telnet configuration of an access point with the global
Telnet configuration.

cisco_ap

Cisco access point name.

all

All access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

The Cisco lightweight access point associates with this Cisco wireless LAN controller for all network operation
and in the event of a hardware reset.

Examples

The following example shows how to enable Telnet connectivity on access point cisco_ap1:
> config ap telnet enable cisco_ap1

The following example shows how to disable Telnet connectivity on access point cisco_ap1:
> config ap telnet disable cisco_ap1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1523

config Commands

config ap tertiary-base
To set the Cisco lightweight access point tertiary Cisco WLC, use the config ap tertiary-base command.
config ap tertiary-base controller_name Cisco_AP [controller_ip_address]

Syntax Description

controller_name

Name of the Cisco WLC.

Cisco_AP

Cisco lightweight access point name.

controller_ip_address

Command Default

Command History

Usage Guidelines

For OfficeExtend access points, you must enter both the name and IP
address of the Cisco WLC. Otherwise, the access point cannot join this
Cisco WLC.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

OfficeExtend access points do not use the generic broadcast or over-the air (OTAP) discovery process to find
a Cisco WLC. You must configure one or more controllers because OfficeExtend access points try to connect
only to their configured Cisco WLCs.
The Cisco lightweight access point associates with this Cisco WLC for all network operations and in the event
of a hardware reset.
This command supports both IPv4 and IPv6 address formats.

Examples

This example shows how to set the access point tertiary Cisco WLC:
(Cisco Controller) > config ap tertiary-base SW_1 AP02 10.0.0.0

The following example shows how to set an access point tertiary Cisco WLC IPv6 address for an Cisco AP:
(Cisco Controller) > config ap tertiary-base SW_1 AP2 2001:DB8:0:1::1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1524

OL-31334-01

config Commands

Related Commands

show ap config general

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1525

config Commands

config ap tftp-downgrade
To configure the settings used for downgrading a lightweight access point to an autonomous access point,
use the config ap ftp-downgrade command.
config ap tftp-downgrade tftp_ip_addressfilename Cisco_AP

Syntax Description

Command Default

Command History

Examples

tftp_ip_address

IP address of the TFTP server.

filename

Filename of the access point image file on the TFTP server.

Cisco_AP

Access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

The following example shows how to configure the settings for downgrading access point ap1240_102301:
(Cisco Controller) >config ap ftp-downgrade 209.165.200.224 1238.tar ap1240_102301

Cisco Wireless LAN Controller Command Reference, Release 8.0

1526

OL-31334-01

config Commands

config ap username
To assign a username and password to access either a specific access point or all access points, use the config
ap username command.
config ap username user_id password passwd [all | ap_name]

Syntax Description

Command Default

Command History

Examples

user_id

Administrator username.

passwd

Administrator password.

all

(Optional) Specifies all access points.

ap_name

Name of a specific access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to assign a username and password to a specific access point:
> config ap username jack password blue la204

The following example shows how to assign the same username and password to a all access points:
> config ap username jack password blue all

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1527

config Commands

config ap venue
To configure the venue information for 802.11u network on an access point, use the config ap venue command.
config ap venue {addvenue_name venue-group venue-type lang-code cisco-ap | delete}

Syntax Description

Command Default

Command History

Examples

add

Adds venue information.

venue_name

Venue name.

venue_group

Venue group category. See the table below for details on venue group
mappings.

venue_type

Venue type. This value depends on the venue-group specified. See the
table below for venue group mappings.

lang_code

Language used. An ISO-14962-1997 encoded string that defines the

language. This string is a three character language code. Enter the first
three letters of the language in English (for example, eng for English).

cisco_ap

Name of the access point.

deletes

Deletes venue information.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set the venue details for an access point named cisco-ap1:
> config ap venue add test 11 34 eng cisco-ap1

This table lists the different venue types for each venue group.
Table 14: Venue Group Mapping

Venue Group Name

Value

UNSPECIFIED

Venue Type for Group

Cisco Wireless LAN Controller Command Reference, Release 8.0

1528

OL-31334-01

config Commands

Venue Group Name

Value

ASSEMBLY

Venue Type for Group

0UNSPECIFIED ASSEMBLY
1ARENA
2STADIUM
3PASSENGER TERMINAL (E.G.,
AIRPORT, BUS, FERRY, TRAIN
STATION)
4AMPHITHEATER
5AMUSEMENT PARK
6PLACE OF WORSHIP
7CONVENTION CENTER
8LIBRARY
9MUSEUM
10RESTAURANT
11THEATER
12BAR
13COFFEE SHOP
14ZOO OR AQUARIUM
15EMERGENCY
COORDINATION CENTER

BUSINESS

0UNSPECIFIED BUSINESS
1DOCTOR OR DENTIST OFFICE
2BANK
3FIRE STATION
4POLICE STATION
6POST OFFICE
7PROFESSIONAL OFFICE
8RESEARCH AND
DEVELOPMENT FACILITY
9ATTORNEY OFFICE

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1529

config Commands

Venue Group Name

Value

EDUCATIONAL

Venue Type for Group

0UNSPECIFIED EDUCATIONAL
1SCHOOL, PRIMARY
2SCHOOL, SECONDARY
3UNIVERSITY OR COLLEGE

FACTORY-INDUSTRIAL

0UNSPECIFIED FACTORY AND

INDUSTRIAL
1FACTORY

INSTITUTIONAL

0UNSPECIFIED
INSTITUTIONAL
1HOSPITAL
2LONG-TERM CARE FACILITY
(E.G., NURSING HOME, HOSPICE,
ETC.)
3ALCOHOL AND DRUG
RE-HABILITATION CENTER
4GROUP HOME
5PRISON OR JAIL

MERCANTILE

0UNSPECIFIED MERCANTILE
1RETAIL STORE
2GROCERY MARKET
3AUTOMOTIVE SERVICE
STATION
4SHOPPING MALL
5GAS STATION

RESIDENTIAL

0UNSPECIFIED RESIDENTIAL
1PRIVATE RESIDENCE
2HOTEL OR MOTEL
3DORMITORY
4BOARDING HOUSE

Cisco Wireless LAN Controller Command Reference, Release 8.0

1530

OL-31334-01

config Commands

Venue Group Name

Value

Venue Type for Group

STORAGE

UNSPECIFIED STORAGE

UTILITY-MISC

0UNSPECIFIED UTILITY AND

MISCELLANEOUS

VEHICULAR

0UNSPECIFIED VEHICULAR
1AUTOMOBILE OR TRUCK
2AIRPLANE
3BUS
4FERRY
5SHIP OR BOAT
6TRAIN
7MOTOR BIKE

OUTDOOR

0UNSPECIFIED OUTDOOR
1MUNI-MESH NETWORK
2CITY PARK
3REST AREA
4TRAFFIC CONTROL
5BUS STOP
6KIOSK

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1531

config Commands

config ap wlan
To enable or disable wireless LAN override for a Cisco lightweight access point radio, use the config ap wlan
command.
config ap wlan {enable | disable} {802.11a | 802.11b} wlan_id cisco_ap

Syntax Description

Command Default

Command History

Examples

enable

Enables the wireless LAN override on an access point.

disable

Disables the wireless LAN override on an access point.

802.11a

Specifies the 802.11a network.

802.11b

Specifies the 802.11b network.

wlan_id

Cisco wireless LAN controller ID assigned to a wireless LAN.

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable wireless LAN override on the AP03 802.11a radio:
> config ap wlan 802.11a AP03

Cisco Wireless LAN Controller Command Reference, Release 8.0

1532

OL-31334-01

config Commands

config country
To configure the controllers country code, use the config country command.
config country country_code

Syntax Description

Command Default

Command History

Usage Guidelines

country_code

Two-letter or three-letter country code.

us (country code of the United States of America).

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Cisco WLCs must be installed by a network administrator or qualified IT professional and the installer must
select the proper country code. Following installation, access to the unit should be password protected by the
installer to maintain compliance with regulatory requirements and to ensure proper unit functionality. See the
related product guide for the most recent country codes and regulatory domains.
You can use the show country command to display a list of supported countries.

Examples

The following example shows how to configure the controllers country code to DE:
(Cisco Controller) >config country DE

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1533

config Commands

config ipv6 ra-guard

To configure the filter for Router Advertisement (RA) packets that originate from a client on an AP, use the
config ipv6 ra-guard command.
config ipv6 ra-guard ap {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables RA guard on an AP.

disable

Disables RA guard on an AP.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable IPv6 RA guard:

(Cisco Controller) >config ipv6 ra-guard enable

Related Commands

show ipv6 ra-guard

Cisco Wireless LAN Controller Command Reference, Release 8.0

1534

OL-31334-01

config Commands

config known ap
To configure a known Cisco lightweight access point, use the config known ap command.
config known ap {add | alert | delete} MAC

Syntax Description

Command Default

Command History

Examples

add

Adds a new known access point entry.

alert

Generates a trap upon detection of the access point.

delete

Deletes an existing known access point entry.

MAC

MAC address of the known Cisco lightweight access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to add a new access point entry ac:10:02:72:2f:bf on a known access point:
(Cisco Controller) >config known ap add ac:10:02:72:2f:bf 12

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1535

config Commands

config network allow-old-bridge-aps

To configure an old bridge access points ability to associate with a switch, use the config network
allow-old-bridge-aps command.
config network allow-old-bridge-aps {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the switch association.

disable

Disables the switch association.

Switch association is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure an old bridge access point to associate with the switch:
> config network allow-old-bridge-aps enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1536

OL-31334-01

config Commands

config network ap-discovery

To enable or disable NAT IP in an AP discovery response, use the config network ap-discovery command.
config network ap-discovery nat-ip-only {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables use of NAT IP only in discovery response.

disable

Enables use of both NAT IP and non NAT IP in discovery response.

The use of NAT IP only in discovery response is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Examples

The following example shows how to enable NAT IP in an AP discovery response:

> config network ap-discovery nat-ip-only enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1537

config Commands

config network ap-fallback

To configure Cisco lightweight access point fallback, use the config network ap-fallback command.
config network ap-fallback {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the Cisco lightweight access point fallback.

disable

Disables the Cisco lightweight access point fallback.

The Cisco lightweight access point fallback is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the Cisco lightweight access point fallback:
> config network ap-fallback enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1538

OL-31334-01

config Commands

config network ap-priority

Syntax Description

Command Default

Command History

Examples

enable

Enables the lightweight access point priority reauthentication.

disable

Disables the lightweight access point priority reauthentication.

The lightweight access point priority reauthentication is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the lightweight access point priority reauthorization:
> config network ap-priority enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1539

config Commands

config network apple-talk

To configure AppleTalk bridging, use the config network apple-talk command.
config network apple-talk {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the AppleTalk bridging.

disable

Disables the AppleTalk bridging.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure AppleTalk bridging:

> config network apple-talk enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1540

OL-31334-01

config Commands

config network bridging-shared-secret

To configure the bridging shared secret, use the config network bridging-shared-secret command.
config network bridging-shared-secret shared_secret

Syntax Description

Command Default

Command History

Usage Guidelines

shared_secret

Bridging shared secret string. The string can contain up to 10 bytes.

The bridging shared secret is enabled by default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This command creates a secret that encrypts backhaul user data for the mesh access points that connect to the
switch.
The zero-touch configuration must be enabled for this command to work.

Examples

The following example shows how to configure the bridging shared secret string shhh1:
(Cisco Controller) > config network bridging-shared-secret shhh1

Related Commands

show network summary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1541

config Commands

config network master-base

To enable or disable the Cisco wireless LAN controller as an access point default master, use the config
network master-base command.
config network master-base {enable | disable}

Syntax Description

Command Default

Command History

enable

Enables the Cisco wireless LAN controller acting as a Cisco lightweight access
point default master.

disable

Disables the Cisco wireless LAN controller acting as a Cisco lightweight access
point default master.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Examples

The following example shows how to enable the Cisco wireless LAN controller as a default master:
(Cisco Controller) > config network master-base enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1542

OL-31334-01

config Commands

config network oeap-600 dual-rlan-ports

Syntax Description

Command Default

Command History

Examples

enable

Enables Ethernet port 3 of Cisco OfficeExtend 600 Series access points to operate
as a remote LAN port in addition to port 4.

disable

Resets the Ethernet port 3 Cisco OfficeExtend 600 Series access points to function
as a local LAN port.

The Ethernet port 3 Cisco 600 Series OEAP is reset.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the Ethernet port 3 of Cisco OfficeExtend 600 Series access
points to operate as a remote LAN port:
> config network oeap-600 dual-rlan-ports enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1543

config Commands

config network oeap-600 local-network

Syntax Description

Command Default

Command History

Examples

enable

Enables access to the local network for the Cisco 600 Series OfficeExtend access
points.

disable

Disables access to the local network for the Cisco 600 Series OfficeExtend access
points.

Access to the local network for the Cisco 600 Series OEAPs is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable access to the local network for the Cisco 600 Series OfficeExtend
access points:
> config network oeap-600 local-network enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1544

OL-31334-01

config Commands

config network otap-mode

To enable or disable over-the-air provisioning (OTAP) of Cisco lightweight access points, use the config
network otap-mode command.
config network otap-mode {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the OTAP provisioning.

disable

Disables the OTAP provisioning.

The OTAP provisioning is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to disable the OTAP provisioning:

> config network otap-mode disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1545

config Commands

config network zero-config

To configure bridge access point ZeroConfig support, use the config network zero-config command.
config network zero-config {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the bridge access point ZeroConfig support.

disable

Disables the bridge access point ZeroConfig support.

The bridge access point ZeroConfig support is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the bridge access point ZeroConfig support:
> config network zero-config enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1546

OL-31334-01

config Commands

config redundancy interface address peer-service-port

To configure the service port IP and netmask of the peer or standby controller, use the config redundancy
interface address peer-service-port command.
config redundancy interface address peer-service-port ip_address netmask

Syntax Description

Command Default

Command History

ip_address

IP address of the peer service port.

netmask

Netmask of the peer service port.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

You can configure this command only from the Active controller. For the HA feature, the service port
configurations are made per controller. You will loose these configurations if you change the mode from HA
to non-HA and vice-versa.

Examples

The following example shows how to configure the service port IP and netmask of the peer or standby
controller:
(Cisco Controller) >config redundancy interface address peer-service-port 11.22.44.55

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1547

config Commands

config redundancy mobilitymac

To configure the HA mobility MAC address to be used as an identifier, use the config redundancy
mobilitymac command.
config redundancy mobilitymac mac_address

Syntax Description

Command Default

Command History

Examples

mac_address

MAC address that is an identifier for the active and standby controller
pair.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the HA mobility MAC address:
(Cisco Controller) >config redundancy mobilitymac ff:ff:ff:ff:ff:ff

Cisco Wireless LAN Controller Command Reference, Release 8.0

1548

OL-31334-01

config Commands

config redundancy mode

To enable or disable redundancy or High Availability (HA), use the config redundancy mode command.
config redundancy mode {sso | none}

Syntax Description

Command Default

Command History

sso

Enables a stateful switch over (SSO) or hot standby redundancy mode.

none

Disables redundancy mode.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

You must configure local and peer redundancy management IP addresses before you configure redundancy.

Examples

The following example shows how to enable redundancy:

(Cisco Controller) >config redundancy mode sso

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1549

config Commands

config redundancy peer-route

To configure the route configurations of the peer or standby controller, use the config redundancy peer-route
command.
config redundancy peer-route {add | delete} network_ip_address netmask gateway

Syntax Description

Command Default

Command History

add

Adds a network route.

delete

Deletes a network route specific to standby controller.

network_ip_address

Network IP address.

netmask

Subnet mask of the network.

gateway

IP address of the gateway for the route network.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

You can configure this command only from the Active controller. For the HA feature, the service port
configurations are made per controller. You will lose these configurations if you change the mode from HA
to non-HA and vice-versa.

Examples

The following example shows how to configure route configurations of a peer or standby controller.
(Cisco Controller) >config redundancy peer-route add 10.1.1.0 255.255.255.0 10.1.1.1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1550

OL-31334-01

config Commands

config redundancy timer keep-alive-timer

To configure the keep-alive timeout value, use the config redundancy timer keep-alive-timer command.
config redundancy timer keep-alive-timer milliseconds

Syntax Description

Command Default

Command History

Examples

milliseconds

Keep-alive timeout value in milliseconds. The range is from 100 to 400

milliseconds.

The default keep-alive timeout value is 100 milliseconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the keep-alive timeout value:
(Cisco Controller) >config redundancy timer keep-alive-timer 200

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1551

config Commands

config redundancy timer peer-search-timer

To configure the peer search timer, use the config redundancy timer peer-search-timer command.
config redundancy timer peer-search-timer seconds

Syntax Description

Command Default

Command History

seconds

Value of the peer search timer in seconds. The range is from 60 to 180 secs.

The default value of the peer search timer is 120 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

You can use this command to configure the boot up role negotiation timeout value in seconds.

Examples

The following example shows how to configure the redundancy peer search timer:
(Cisco Controller) >config redundancy timer peer-search-timer 100

Cisco Wireless LAN Controller Command Reference, Release 8.0

1552

OL-31334-01

config Commands

config redundancy unit

To configure a Cisco WLC as a primary or secondary WLC, use the config redundancy unit command.
config redundancy unit {primary | secondary}

Syntax Description

Command Default

Command History

primary

Configures the Cisco WLC as the primary WLC.

secondary

Configures the Cisco WLC as the secondary WLC.

The default state is as the primary WLC.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

When you configure a Cisco WLC as the secondary WLC, it becomes the HA Stakable Unit (SKU) without
any valid AP licenses.

Examples

The following example shows how to configure a Cisco WLC as the primary WLC:
(Cisco Controller) >config redundancy unit primary

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1553

config Commands

redundancy force-switchover
To trigger a manual switch over on the active Cisco WLC, use the redundancy force-switchover command.
redundancy force-switchover

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

When a manual switchover occurs, the active Cisco WLC reboots and the standby Cisco WLC takes over the
network. A stateful switchover of access points (AP SSO) is supported. AP SSO ensures that the AP sessions
are maintained after the standby Cisco WLC takes over and the APs switch over to the standby Cisco WLC.
The clients on the active Cisco WLC deauthenticate and join the new active Cisco WLC.

Examples

The following example shows how to trigger a forceful switchover on the Cisco WLC:
(Cisco Controller) >redundancy force-switchover

Cisco Wireless LAN Controller Command Reference, Release 8.0

1554

OL-31334-01

config Commands

config slot
To configure various slot parameters, use the config slot command.
config slot slot_id {enable | disable | channel ap | chan_width | txpower ap | antenna extAntGain
antenna_gain | rts} cisco_ap

Syntax Description

Command Default

Command History

Examples

slot_id

Slot downlink radio to which the channel is assigned. Beginning in Release 7.5
and later releases, you can configure 802.11a on slot 1 and 802.11ac on slot 2.

enable

Enables the slot.

disable

Disables the slot.

channel

Configures the channel for the slot.

Configures one 802.11a Cisco access point.

chan_width

Configures channel width for the slot.

txpower

Configures Tx power for the slot.

antenna

Configures the 802.11a antenna.

extAntGain

Configures the 802.11a external antenna gain.

antenna_gain

External antenna gain value in .5 dBi units (such as 2.5 dBi = 5).

rts

Configures RTS/CTS for an access point.

cisco_ap

Name of the Cisco access point on which the channel is configured.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable slot 3 for the access point abc:
(Cisco Controller) >config slot 3 enable abc

The following example shows how to configure RTS for the access point abc:
(Cisco Controller) >config slot 2 rts abc

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1555

clear Commands

config wgb vlan

To configure the Workgroup Bridge (WGB) VLAN client support, use the config wgb vlan command.
config wgb vlan {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables wired clients behind a WGB to connect to an anchor controller in a Data

Management Zone (DMZ).

disable

Disables wired clients behind a WGB from connecting to an anchor controller

in a DMZ.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable WGB VLAN client support:
(Cisco Controller) >config wgb vlan enable

clear Commands
This section lists the clear commands to clear existing configurations, log files, and other functions for access
points .

Cisco Wireless LAN Controller Command Reference, Release 8.0

1556

OL-31334-01

clear Commands

clear ap config
To clear (reset to the default values) a lightweight access points configuration settings, use the clear ap config
command.
clear ap config ap_name

Syntax Description

Command Default

Command History

ap_name

Access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Entering this command does not clear the static IP address of the access point.

Examples

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1557

clear Commands

Syntax Description

Command Default

Command History

Examples

specific

Specifies a specific access point log file.

ap_name

Name of the access point for which the event log file will be emptied.

all

Deletes the event log for all access points joined to the controller.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1558

OL-31334-01

clear Commands

clear ap join stats

To clear the join statistics for all access points or for a specific access point, use the clear ap join stats
command.
clear ap join stats {all | ap_mac}

Syntax Description

Command Default

Command History

Examples

all

Specifies all access points.

ap_mac

Access point MAC address.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear the join statistics of all the access points:
(Cisco Controller) >clear ap join stats all

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1559

clear Commands

clear ap tsm
To clear the Traffic Stream Metrics (TSM) statistics of clients associated to an access point, use the clear ap
tsm command.
clear ap tsm {802.11a | 802.11b} cisco_ap all

Syntax Description

Command Default

Command History

Examples

802.11a

Clears 802.11a TSM statistics of clients associated to an access point.

802.11b

Clears 802.11b TSM statistics of clients associated to an access point.

cisco_ap

Cisco lightweight access point.

all

Clears TSM statistics of clients associated to the access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear 802.11a TSM statistics for all clients of an access point:
(Cisco Controller) >clear ap tsm 802.11a AP3600_1 all

Cisco Wireless LAN Controller Command Reference, Release 8.0

1560

OL-31334-01

debug Commands

clear lwapp private-config

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Usage Guidelines

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Enter the command on the access point console port.

Note

Examples

The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.

The following example shows how to clear an access points current LWAPP private configuration:
ap_console >clear lwapp private-config
removing the reap config file flash:/lwapp_reap.cfg

debug Commands
This section lists the debug commands to manage debugging of access points managed by the controller.

Caution

Debug commands are reserved for use only under the direction of Cisco personnel. Do not use these
commands without direction from Cisco-certified staff.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1561

debug Commands

debug ap
To configure the remote debugging of Cisco lightweight access points or to remotely execute a command on
a lightweight access point, use the debug ap command.
debug ap {enable | disable | command cmd} cisco_ap

Syntax Description

enable

Enables the debugging on a lightweight access point.

Note

disable

The debugging information is displayed only to the controller console

and does not send output to a controller Telnet/SSH CLI session.

Disables the debugging on a lightweight access point.

Note

The debugging information is displayed only to the controller console

and does not send output to a controller Telnet/SSH CLI session.

command

Specifies that a CLI command is to be executed on the access point.

cmd

Command to be executed.
Note

The command to be executed must be enclosed in double quotes, such

as debug ap command led flash 30 AP03.
The output of the command displays only to the controller console and
does not send output to a controller Telnet/SSH CLI session.

cisco_ap

Command Default

Command History

Examples

Name of a Cisco lightweight access point.

The remote debugging of Cisco lightweight access points is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the remote debugging on access point AP01:
> debug ap enable AP01

The following example shows how to execute the config ap location command on access point AP02:
> debug ap command config ap location "Building 1" AP02

The following example shows how to execute the flash LED command on access point AP03:
> debug ap command led flash 30 AP03

Cisco Wireless LAN Controller Command Reference, Release 8.0

1562

OL-31334-01

debug Commands

debug ap enable
To configure the remote debugging of Cisco lightweight access points or to remotely execute a command on
a lightweight access point, use the debug ap enable command.
debug ap {enable | disable | command cmd} cisco_ap

Syntax Description

enable

Enables the remote debugging.

Note

The debugging information is displayed only to the controller console

and does not send output to a controller Telnet/SSH CLI session.

disable

Disables the remote debugging.

command

Specifies that a CLI command is to be executed on the access point.

cmd

Command to be executed.
Note

The command to be executed must be enclosed in double quotes, such

as debug ap command led flash 30 AP03.
The output of the command displays only to the controller console and
does not send output to a controller Telnet/SSH CLI session.

cisco_ap

Command Default

Command History

Examples

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the remote debugging on access point AP01:
> debug ap enable AP01

The following example shows how to disable the remote debugging on access point AP02:
> debug ap disable AP02

The following example shows how to execute the flash LED command on access point AP03:
> debug ap command led flash 30 AP03

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1563

debug Commands

debug ap packet-dump
To configure the debugging of Packet Capture, use the debug ap packet-dump command.
debug ap packet-dump {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables the debugging of Packet Capture of an access point.

disable

Disables the debugging of Packet Capture of an access point.

Debugging of Packet Capture is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Packet Capture does not work during inter-Cisco WLC roaming.

The Cisco WLC does not capture packets created in the radio firmware and sent out of the access point, such
as beacon or probe response. Only packets that flow through the radio driver in the Tx path will be captured.

Examples

The following example shows how to enable the debugging of Packet Capture from an access point:
> debug ap packet-dump enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1564

OL-31334-01

debug Commands

debug ap show stats

To debug video messages and statistics of Cisco lightweight access points, use the debug ap show stats
command.
debug ap show stats {802.11a | 802.11b} cisco_ap {tx-queue | packet | load | multicast | client {client_MAC
| video | all} | video metrics}
debug ap show stats video cisco_ap {multicast mgid mgid_database_number | admission | bandwidth}

Syntax Description

Command Default

802.11a

Specifies the 802.11a network.

802.11b

Specifies the 802.11b/g network.

cisco_ap

Cisco lightweight access point name.

tx-queue

Displays the transmit queue traffic statistics of the AP.

packet

Displays the packet statistics of the AP.

load

Displays the QoS Basic Service Set (QBSS) and other statistics of the AP.

multicast

Displays the multicast supported rate statistics of the AP.

client

Displays the specified client metric statistics.

client_MAC

MAC address of the client.

video

Displays video statistics of all clients on the AP.

all

Displays statistics of all clients on the AP.

video metrics

Displays the video metric statistics.

mgid

Displays detailed multicast information for a single multicast group ID

(MGID).

mgid_database_number

Layer 2 MGID database number.

admission

Displays video admission control on the AP.

bandwidth

Displays video bandwidth on the AP.

None

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1565

debug Commands

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to troubleshoot the access point AP01s transmit queue traffic on an 802.11a
network:
> debug ap show stats 802.11a AP01 tx-queue

The following example shows how to troubleshoot the access point AP02s multicast supported rates on an
802.11b/g network:
> debug ap show stats 802.11b AP02 multicast

The following example shows how to troubleshoot the metrics of a client identified by its MAC address,
associated with the access point AP01 on an 802.11a network:
> debug ap show stats 802.11a AP01 client 00:40:96:a8:f7:98

The following example shows how to troubleshoot the metrics of all clients associated with the access point
AP01 on an 802.11a network:
> debug ap show stats 802.11a AP01 client all

Cisco Wireless LAN Controller Command Reference, Release 8.0

1566

OL-31334-01

debug Commands

debug ap show stats video

To configure the debugging of video messages and statistics of Cisco lightweight access points, use the debug
ap show stats video command.
debug ap show stats video cisco_ap {multicast mgid mgid_value | admission | bandwidth}

Syntax Description

Command Default

Command History

Examples

cisco_ap

Cisco lightweight access point name.

multicast mgid

Displays multicast database related information for the specified MGID of an

access point.

mgid_value

Layer 2 MGID database number from 1 to 4095.

admission

Displays the video admission control.

bandwidth

Displays the video bandwidth.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the debugging of an access point AP01s multicast group that
is identified by the groups Layer 2 MGID database number:
> debug ap show stats video AP01 multicast mgid 50

This example shows how to configure the debugging of an access point AP01s video bandwidth:
> debug ap show stats video AP01 bandwidth

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1567

debug Commands

debug capwap
To configure the debugging of Control and Provisioning of Wireless Access Points (CAPWAP) settings, use
the debug capwap command.
debug capwap {detail | dtls-keepalive | errors | events | hexdump | info | packet | payload | mfp} {enable
| disable}

Syntax Description

Command Default

Command History

Examples

detail

Configures the debugging for CAPWAP detail settings.

dtls-keepalive

Configures the debugging for CAPWAP DTLS data keepalive packets settings.

errors

Configures the debugging for CAPWAP error settings.

events

Configures the debugging for CAPWAP events settings.

hexdump

Configures the debugging for CAPWAP hexadecimal dump settings.

info

Configures the debugging for CAPWAP info settings.

packet

Configures the debugging for CAPWAP packet settings.

payload

Configures the debugging for CAPWAP payload settings.

mfp

Configures the debugging for CAPWAP mfp settings.

enable

Enables the debugging of the CAPWAP command.

disable

Disables the debugging of the CAPWAP command.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the debugging of CAPWAP details:
> debug capwap detail enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1568

OL-31334-01

debug Commands

debug group
To configure the debugging of access point groups, use the debug group command.
debug group {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the debugging of access point groups.

disable

Disables the debugging of access point groups.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the debugging of access point groups:
> debug group enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1569

debug Commands

debug lwapp console cli

To configure the debugging of the access point console CLI, use the debug lwapp console cli command from
the access point console port.
debug lwapp console cli

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

This access point CLI command must be entered from the access point console port.

Examples

The following example shows how to configure the debugging of the access point console:
AP# debug lwapp console cli
LWAPP console CLI allow/disallow debugging is on

Cisco Wireless LAN Controller Command Reference, Release 8.0

1570

OL-31334-01

debug Commands

debug rfac
To configure the debugging of the Redundancy Framework (RFAC), use the debug rfac command.
debug rfac {[packet | events | errors | detail] [enable | disable]}

Syntax Description

Command Default

Command History

Examples

packet

Configures the debugging of Redundancy Framework packets.

events

Configures the debugging of Redundancy Framework events.

errors

Configures the debugging of Redundancy Framework errors.

detail

Configures the debugging of Redundancy Framework details.

enable

(Optional) Enables the debugging of Redundancy Framework.

disable

(Optional) Disables the debugging of Redundancy Framework.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the debugging of Redundancy Framework packets:
> debug rfac packet enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1571

debug Commands

debug rmgr
To configure the debugging of Redundancy Manager (RMGR), use the debug rmgr command.
debug rmgr {packet | events | errors | detail} {enable | disable}

Syntax Description

Command Default

Command History

packet

Configures the debugging of Redundancy Manager packets.

events

Configures the debugging of Redundancy Manager events.

errors

Configures the debugging of Redundancy Manager errors.

detail

Configures the debugging of Redundancy Manager details.

enable

Enables the debugging of Redundancy Manager.

disable

Disables the debugging of Redundancy Manager.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Redundancy Manager determines the role of the Cisco WLCs, maintains the keepalive messages between the
peers, and initiates the switchover.

Examples

The following example shows how to enable the debugging of Redundancy Manager packets:
> debug rmgr packet enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1572

OL-31334-01

debug Commands

debug rsyncmgr
To configure the debugging of the Redundancy Sync Manager (RSYNCMGR), use the debug rsyncmgr
command.
debug rsyncmgr {packet | events | errors | detail} {enable | disable}}

Syntax Description

Command Default

Command History

packet

Configures the debugging of Redundancy Sync Manager

packets.

events

Configures the debugging of Redundancy Sync Manager

events.

errors

Configures the debugging of Redundancy Sync Manager

errors.

detail

Configures the debugging of Redundancy Sync Manager

details.

enable

Enables the debugging of Redundancy Sync Manager.

disable

Stops the debugging Redundancy Sync Manager.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Redundancy Synchronization Manager synchronizes the configurations of the active and standby Cisco WLCs.

Examples

The following example shows how to enable the debugging of Redundancy Sync Manager packets:
> debug rsyncmgr packet enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1573

debug Commands

debug service ap-monitor

To debug the access point monitor service, use the debug service ap-monitor command.
debug service ap-monitor {all | error | event | nmsp | packet} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures the debugging of all access point status messages.

error

Configures the debugging of access point monitor error events.

event

Configures the debugging of access point monitor events.

nmsp

Configures the debugging of access point monitor Network Mobility Services

Protocol (NMSP) events.

packet

Configures the debugging of access point monitor packets.

enable

Enables the debugging for access point monitor service.

disable

Disables the debugging for access point monitor service.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the debugging of access point monitor NMSP events:
> debug service ap-monitor events

Cisco Wireless LAN Controller Command Reference, Release 8.0

1574

OL-31334-01

transfer upload peer-start

To upload a file to the peer WLC, use the transfer upload peer-start command.
transfer upload peer-start

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

FTP
209.165.201.1
21
/builds/nimm/
AS_5500_7_4_1_20.aes
wnbu
*********
Error Log

Are you sure you want to start upload from standby? (y/N) n
Transfer Canceled

Resetting the System Reboot Time

Use the reset command to schedule a reboot of the controller and access points.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1575

Resetting the System Reboot Time

reset system at
To reset the system at a specified time, use the reset system at command.
reset system at YYYY-MM-DD HH:MM:SS image {no-swap|swap} reset-aps [save-config]

Syntax Description

Command Default

Command History

Examples

YYYY-MM-DD

Specifies the date.

HH: MM: SS

Specifies the time in a 24-hour format.

image

Configures the image to be rebooted.

swap

Changes the active boot image.

no-swap

Boots from the active image.

reset-aps

Resets all access points during the system reset.

save-config

(Optional) Saves the configuration before the system reset.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to reset the system at 2010-03-29 and 12:01:01 time:
(Cisco Controller) > reset system at 2010-03-29 12:01:01 image swap reset-aps save-config

Cisco Wireless LAN Controller Command Reference, Release 8.0

1576

OL-31334-01

Resetting the System Reboot Time

reset system in
To specify the amount of time delay before the devices reboot, use the reset system in command.
reset system in HH:MM:SS image {swap | no-swap} reset-aps save-config

Syntax Description

Command Default

Command History

Examples

HH :MM :SS

Specifies a delay in duration.

image

Configures the image to be rebooted.

swap

Changes the active boot image.

no-swap

Boots from the active image.

reset-aps

Resets all access points during the system reset.

save-config

Saves the configuration before the system reset.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to reset the system after a delay of 00:01:01:
(Cisco Controller) > reset system in 00:01:01 image swap reset-aps save-config

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1577

Resetting the System Reboot Time

reset system cancel

To cancel a scheduled reset, use the reset system cancel command.
reset system cancel

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to cancel a scheduled reset:

(Cisco Controller) > reset system cancel

Cisco Wireless LAN Controller Command Reference, Release 8.0

1578

OL-31334-01

Resetting the System Reboot Time

reset system notify-time

To configure the trap generation prior to scheduled resets, use the reset system notify-time command.
reset system notify-time minutes

Syntax Description

Command Default

Command History

Examples

minutes

Number of minutes before each scheduled reset at which to generate a trap.

The default time period to configure the trap generation prior to scheduled resets is 10 minutes.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the trap generation to 10 minutes before the scheduled resets:
(Cisco Controller) > reset system notify-time 55

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1579

test Commands

reset peer-system
To reset the peer controller, use the reset peer-system command.
reset peer-system

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to reset the peer controller:

> reset peer-system

test Commands
This section lists the test commands for access points.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1580

OL-31334-01

test Commands

test ap
To enable or disable the Path Maximum Transmission Unit (PMTU) on the CAPWAP tunnel of a Cisco access
point, use the test ap command.
test ap {pmtu {enable | disable} cisco_ap | group-name-reset {enable | disable}}

Syntax Description

enable

Enables PMTU on the CAPWAP tunnel of a Cisco

access point.

disable

Disables PMTU on the CAPWAP tunnel of a Cisco

access point.

cisco_ap

Name of the Cisco lightweight access point.

group-name-reset

Enables the resetting of the AP group name.

Command Default

None.

Examples

This example shows how to enable PMTU on the CAPWAP tunnel of a Cisco access point:
> test ap pmtu enable AP1600_1

Related Commands

test ap
test capwap
test ccx
test cleanair
test ftpstatus
test lic-agent
test license
test log
test make-space
test media
test reader
test redundancy
test rrm
test sip-cac-fail
test token-bucket
test wlan

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1581

test Commands

test capwap
To configure an access point to send broadcast radio measurement requests to clients, or to enable the encryption
of control packets that are sent between the access point and the controller, use the test capwap command.
test capwap {message token cisco_ap | encr cisco_ap {enable | disable}}

Syntax Description

message

Configures the access point to send a broadcast radio measurement requests to

clients.

token

Time interval for the access point to send a broadcast radio measurement requests
to clients.

cisco_ap

Name of the Cisco lightweight access point.

encr

Encrypts or decrypts the control packets that are sent between the access point and
the controller.

enable

Enables the encryption or decryption of control packets that are sent between the
access point and the controller.

disable

Disables the encryption or decryption of control packets that are sent between the
access point and the controller.

Command Default

None.

Examples

This example shows how to enable encryption of control packets:

> test capwap encr A_1500_1 enable

Related Commands

test ap
test capwap
test ccx
test cleanair
test ftpstatus
test lic-agent
test license
test log
test make-space
test media
test reader

Cisco Wireless LAN Controller Command Reference, Release 8.0

1582

OL-31334-01

test Commands

test redundancy
test rrm
test sip-cac-fail
test token-bucket
test wlan

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

summary

Displays a summary of mesh access point information including the name, model,
bridge virtual interface (BVI) MAC address, United States Computer Emergency
Response Team (US-CERT) MAC address, hop, and bridge group name.

tree

Displays a summary of mesh access point information in a tree configuration,

including the name, hop counter, link signal-to-noise ratio (SNR), and bridge
group name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display a summary format:

(Cisco Controller) >show mesh ap summary
AP Name AP Model
BVI MAC
CERT MAC
Hop
Bridge Group Name
------------------ ------------------- ----------------- ---------------------- -SB_RAP1 AIR-LAP1522AG-A-K9
00:1d:71:0e:d0:00 00:1d:71:0e:d0:00
0
sbox
SB_MAP1 AIR-LAP1522AG-A-K9
00:1d:71:0e:85:00 00:1d:71:0e:85:00
1
sbox
SB_MAP2 AIR-LAP1522AG-A-K9
00:1b:d4:a7:8b:00 00:1b:d4:a7:8b:00
2
sbox
SB_MAP3 AIR-LAP1522AG-A-K9
00:1d:71:0d:ee:00 00:1d:71:0d:ee:00
3
sbox
Number of Mesh APs............................... 4
Number of RAPs................................... 1
Number of MAPs................................... 3

The following example shows how to display settings in a hierarchical (tree) format:
(Cisco Controller) >show mesh ap tree
=======================================================
|| AP Name [Hop Counter, Link SNR, Bridge Group Name] ||
=======================================================
[Sector 1]
---------SB_RAP1[0,0,sbox]
|-SB_MAP1[1,32,sbox]
|-SB_MAP2[2,27,sbox]
|-SB_MAP3[3,30,sbox]
---------------------------------------------------Number of Mesh APs............................... 4
Number of RAPs................................... 1
Number of MAPs................................... 3
----------------------------------------------------

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1589

show mesh Commands

show mesh astools stats

To display antistranding statistics for outdoor mesh access points, use the show mesh astools stats command.
show mesh astools stats [cisco_ap]

Syntax Description

Command Default

Command History

Examples

cisco_ap

(Optional) Antistranding feature statistics for a designated mesh access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display anti-stranding statistics on all outdoor mesh access points:
(Cisco Controller) >show mesh astools stats
Total No of Aps stranded : 0

The following example shows how to display anti-stranding statistics for access point sb_map1:
(Cisco Controller) >show mesh astools stats sb_map1
Total No of Aps stranded : 0

Cisco Wireless LAN Controller Command Reference, Release 8.0

1590

OL-31334-01

show mesh Commands

show mesh backhaul

To check the current backhaul information, use the show mesh backhaul command.
show mesh backhaul cisco_ap

Syntax Description

Command Default

Command History

Examples

cisco_ap

Name of the access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the current backhaul:

(Cisco Controller) >show mesh backhaul

If the current backhaul is 5 GHz, the output is as follows:

Basic Basic Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211g
Radio Role................................... DOWNLINK ACCESS
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Current Tx Power Level .................... 1
If the current backhaul is 2.4 GHz, the output is as follows:
Basic Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211a
Radio Subband................................ RADIO_SUBBAND_ALL
Radio Role................................... DOWNLINK ACCESS
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Current Tx Power Level .................... 1
Current Channel ........................... 165
Antenna Type............................... EXTERNAL_ANTENNA
External Antenna Gain (in .5 dBm units).... 0
Current Channel...................................6
Antenna Type......................................Externa_ANTENNA
External Antenna Gain (in .5 dBm units)...........0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1591

show mesh Commands

show mesh cac

Syntax Description

Command Default

Command History

Examples

summary

Displays the total number of voice calls and voice bandwidth used for each mesh access
point.

bwused

Displays the bandwidth for a selected access point in a tree topology.

voice

Displays the mesh topology and the voice bandwidth used or available.

video

Displays the mesh topology and the video bandwidth used or available.

access

Displays access voice calls in progress in a tree topology.

callpath

Displays the call bandwidth distributed across the mesh tree.

rejected

Displays voice calls rejected for insufficient bandwidth in a tree topology.

cisco_ap

Mesh access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1592

OL-31334-01

show mesh Commands

SB_MAP1

SB_MAP2

||| SB_MAP3

0
1
0
1
0
1

11b/g
11a
11b/g
11a
11b/g
11a

0/23437
0/23437
0/23437
0/23437
0/23437
0/23437

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1593

show mesh Commands

show mesh client-access

To display the backhaul client access configuration setting, use the show mesh client-access command.
show mesh client-access

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display backhaul client access configuration settings for a mesh access
point:
(Cisco Controller) >show mesh client-access
Backhaul with client access status: enabled
Backhaul with client access extended status(3 radio AP): disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

1594

OL-31334-01

show mesh Commands

show mesh config

To display mesh configuration settings, use the show mesh config command.
show mesh config

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

The display was expanded to include Mesh Convergence Method.

The following example shows how to display global mesh configuration settings:
(Cisco Controller) >show mesh config
Mesh Range.......................................
Mesh Statistics update period....................
Backhaul with client access status...............
Backhaul with extended client access status......
Background Scanning State........................
Backhaul Amsdu State.............................
Mesh Security
Security Mode.................................
External-Auth.................................
Use MAC Filter in External AAA server.........
Force External Authentication.................
Mesh Alarm Criteria
Max Hop Count.................................
Recommended Max Children for MAP..............
Recommended Max Children for RAP..............
Low Link SNR..................................
High Link SNR.................................
Max Association Number........................
Association Interval..........................
Parent Change Numbers.........................
Parent Change Interval........................ 60
Mesh Multicast Mode..............................
Mesh Full Sector DFS.............................
Mesh Ethernet Bridging VLAN Transparent Mode.....
Mesh DCA channels for serial backhaul APs........
Mesh Slot Bias...................................
Mesh Convergence Method..........................

12000
3 minutes
disabled
disabled
enabled
disabled
EAP
disabled
disabled
disabled
4
10
20
12
60
10
60 minutes
3
minutes
In-Out
enabled
disabled
enabled
enabled
standard

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1595

show mesh Commands

show mesh convergence

To display mesh convergence settings, use the show mesh convergence command.
show mesh convergence

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release

Modification

8.0

This command was introduced.

Usage Guidelines

This command must be entered from an access points console port.

Examples

The following example shows how to display mesh convergence settings:

ap_console >show mesh convergence
Convergence method: fast
Subset channels: 157 165
Num.of Subset channels: 2
Mesh Convergence Global Data
old_conv_method: standard
updated_subset: 1 subset_chan_seek: 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1596

OL-31334-01

show mesh Commands

show mesh env

To display global or specific environment summary information for mesh networks, use the show mesh env
command.
show mesh env {summary | cisco_ap}

Syntax Description

Command Default

Command History

Examples

summary

Displays global environment summary information.

cisco_ap

Name of access point for which environment summary information is requested.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display global environment summary information:
(Cisco Controller) >show mesh env summary
AP Name
Temperature(C) Heater
------------------ -------------- -----ap1130:5f:be:90
N/A
N/A
AP1242:b2.31.ea
N/A
N/A
AP1131:f2.8d.92
N/A
N/A
AP1131:46f2.98ac
N/A
N/A
ap1500:62:39:70
-36
OFF

Ethernet
-------DOWN
DOWN
DOWN
DOWN
UP

Battery
------N/A
N/A
N/A
N/A
N/A

The following example shows how to display an environment summary for an access point:
(Cisco Controller) >show mesh env SB_RAP1
AP Name..........................................
AP Model.........................................
AP Role..........................................
Temperature......................................
Heater...........................................
Backhaul.........................................
GigabitEthernet0 Status..........................
Duplex.......................................
Speed........................................
Rx Unicast Packets...........................
Rx Non-Unicast Packets.......................
Tx Unicast Packets...........................
Tx Non-Unicast Packets.......................
GigabitEthernet1 Status..........................
POE Out........................................
Battery..........................................

SB_RAP1
AIR-LAP1522AG-A-K9
RootAP
21 C, 69 F
OFF
GigabitEthernet0
UP
FULL
100
114754
1464
9630
3331
DOWN
OFF
N/A

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1597

show mesh Commands

show mesh neigh

To display summary or detailed information about the mesh neighbors of a mesh access point, use the show
mesh neigh command.
show mesh neigh {detail | summary} {cisco_ap | all}

Syntax Description

Note

Command History

Examples

detail

Displays the channel and signal-to-noise ratio (SNR) details between the
designated mesh access point and its neighbor.

summary

Displays the mesh neighbors for a designated mesh access point.

cisco_ap

Cisco lightweight access point name.

all

Displays all access points.

If an AP itself is configured with the allkeyword, the allkeyword access points take precedence over the
AP that is named all.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display a neighbor summary of an access point:
(Cisco Controller) >show mesh neigh summary RAP1
AP Name/Radio Mac Channel Rate Link-Snr Flags
----------------- ------- ----- -------- -------00:1D:71:0F:CA:00 157
54
6
0x0
00:1E:14:48:25:00 157
24
1
0x0
MAP1-BB00
157
54
41
0x11

State
-------BEACON
BEACON
CHILD BEACON

The following example shows how to display the detailed neighbor statistics of an access point:
(Cisco Controller) >show mesh neigh detail RAP1
AP MAC : 00:1E:BD:1A:1A:00 AP Name: HOR1522_MINE06_MAP_S_Dyke
backhaul rate 54
FLAGS : 860 BEACON
worstDv 255, Ant 0, channel 153, biters 0, ppiters 0
Numroutes 0, snr 0, snrUp 8, snrDown 8, linkSnr 8
adjustedEase 0, unadjustedEase 0
txParent 0, rxParent 0
poorSnr 0
lastUpdate 2483353214 (Sun Aug 4 23:51:58 1912)
parentChange 0
Per antenna smoothed snr values: 0 0 0 0
Vector through 00:1E:BD:1A:1A:00

The following table lists the output flags displayed for the show mesh neigh detail command.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1598

OL-31334-01

show mesh Commands

Table 15: Output Flags for the show mesh neigh detail command

Output Flag

Description

AP MAC

MAC address of a mesh neighbor for a designated mesh access point.

AP Name

Name of the mesh access point.

FLAGS

Describes adjacency. The possible values are as follows:

UPDATEDRecently updated neighbor.
NEIGHOne of the top neighbors.
EXCLUDEDNeighbor is currently excluded.
WASEXCLUDEDNeighbor was recently removed from the exclusion list.
PERMSNRPermanent SNR neighbor.
CHILDA child neighbor.
PARENTA parent neighbor.
NEEDUPDATENot a current neighbor and needs an update.
BEACONHeard a beacon from this neighbor.
ETHEREthernet neighbor.

worstDv

Worst distance vector through the neighbor.

Ant

Antenna on which the route was received.

channel

Channel of the neighbor.

biters

Number of black list timeouts left.

ppiters

Number of potential parent timeouts left.

Numroutes

Number of distance routes.

snr

Signal to Noise Ratio.

snrUp

SNR of the link to the AP.

snrDown

SNR of the link from the AP.

linkSnr

Calculated SNR of the link.

adjustedEase

Ease to the root AP through this AP. It is based on the current SNR and threshold
SNR values.

unadjustedEase

Ease to the root AP through this AP after applying correct for number of hops.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1599

show mesh Commands

Output Flag

Description

txParent

Packets sent to this node while it was a parent.

rxparent

Packets received from this node while it was a parent.

poorSnr

Packets with poor SNR received from a node.

lastUpdate

Timestamp of the last received message for this neighbor

parentChange

When this node last became parent.

per antenna smoother SNR value is populated only for antenna 0.

SNR values

Cisco Wireless LAN Controller Command Reference, Release 8.0

1600

OL-31334-01

show mesh Commands

show mesh path

To display the channel and signal-to-noise ratio (SNR) details for a link between a mesh access point and its
neighbor, use the show mesh path command.
show mesh path cisco_ap

Syntax Description

Command Default

Command History

Examples

cisco_ap

Mesh access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display channel and SNR details for a designated link path:
(Cisco Controller) >show mesh path mesh-45-rap1
AP Name/Radio Mac Channel Rate Link-Snr Flags
----------------- ------- ----- -------- -------MAP1-BB00
157
54
32
0x0
RAP1
157
54
37
0x0

State
-------UPDATED NEIGH PARENT BEACON
BEACON

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1601

show mesh Commands

show mesh per-stats

To display the percentage of packet errors for packets transmitted by the neighbors of a specified mesh access
point, use the show mesh per-stats command.
show mesh per-stats summary {cisco_ap | all}

Syntax Description

Note

Command History

summary

Displays the packet error rate stats summary.

cisco_ap

Name of mesh access point.

all

Displays all mesh access points.

If an AP itself is configured with the allkeyword, the allkeyword access points take precedence over the
AP that is named all.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The packet error rate percentage equals 1, which is the number of successfully transmitted packets divided
by the number of total packets transmitted.

Examples

The following example shows how to display the percentage of packet errors for packets transmitted by the
neighbors to a mesh access point:
(Cisco Controller) >show mesh per-stats
Neighbor MAC Address 00:0B:85:5F:FA:F0
Total Packets transmitted:
Total Packets transmitted successfully:
Total Packets retried for transmission:
RTS Attempts:
RTS Success:
Neighbor MAC Address:
Total Packets transmitted:
Total Packets transmitted successfully:
Total Packets retried for transmission:
Neighbor MAC Address:
Total Packets transmitted:
Total Packets transmitted successfully:
Total Packets retried for transmission:
RTS Attempts:
RTS Success:

summary ap_12
104833
104833
33028
0
0
00:0B:85:80:ED:D0
0
0
0
00:17:94:FE:C3:5F
0
0
0
0
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

1602

OL-31334-01

show mesh Commands

show mesh public-safety

To display 4.8-GHz public safety settings, use the show mesh public-safety command.
show mesh public-safety

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to view 4.8-GHz public safety settings:
(Cisco Controller) >(Cisco Controller) >show mesh public-safety
Global Public Safety status: disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1603

show mesh Commands

show mesh queue-stats

To display the number of packets in a client access queue by type for a mesh access point, use the show mesh
queue-stats command.
show mesh queue-stats {cisco_ap | all}

Note

Syntax Description

Command Default

Command History

Examples

If an AP itself is configured with the allkeyword, the allkeyword access points take precedence over the
AP that is named all.

cisco_ap

Name of access point for which you want packet queue statistics.

all

Displays all access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display packet queue statistics for access point ap417:
(Cisco Controller) >show mesh queue-stats ap417
Queue Type Overflows Peak length Average length
---------- --------- ----------- -------------Silver
0
1
0.000
Gold
0
4
0.004
Platinum
0
4
0.001
Bronze
0
0
0.000
Management 0
0
0.000

Cisco Wireless LAN Controller Command Reference, Release 8.0

1604

OL-31334-01

show mesh Commands

show mesh security-stats

To display packet error statistics for a specific access point, use the show mesh security-stats command.
show mesh security-stats {cisco_ap | all}

Syntax Description

Note

Command Default

Command History

cisco_ap

Name of access point for which you want packet error statistics.

all

Displays all access points.

If an AP itself is configured with the allkeyword, the allkeyword access points take precedence over the
AP that is named all.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This command shows packet error statistics and a count of failures, timeouts, and successes with respect to
associations and authentications as well as reassociations and reauthentications for the specified access point
and its child.

Examples

The following example shows how to display packet error statistics for access point ap417:
(Cisco Controller) >show mesh security-stats ap417
AP MAC : 00:0B:85:5F:FA:F0
Packet/Error Statistics:
----------------------------x Packets 14, Rx Packets 19, Rx Error Packets 0
Parent-Side Statistics:
-------------------------Unknown Association Requests 0
Invalid Association Requests 0
Unknown Re-Authentication Requests 0
Invalid Re-Authentication Requests 0
Unknown Re-Association Requests 0
Invalid Re-Association Requests 0
Child-Side Statistics:
-------------------------Association Failures 0
Association Timeouts 0
Association Successes 0
Authentication Failures 0
Authentication Timeouts 0
Authentication Successes 0
Re-Association Failures 0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1605

show mesh Commands

Re-Association Timeouts 0
Re-Association Successes 0
Re-Authentication Failures 0
Re-Authentication Timeouts 0
Re-Authentication Successes 0

Cisco Wireless LAN Controller Command Reference, Release 8.0

1606

OL-31334-01

show mesh Commands

show mesh stats

To display the mesh statistics for an access point, use the show mesh stats command.
show mesh stats cisco_ap

Syntax Description

Command Default

Command History

Examples

cisco_ap

Access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display statistics of an access point:

(Cisco Controller) >show mesh stats RAP_AP1
RAP in state Maint
rxNeighReq 759978, rxNeighRsp 568673
txNeighReq 115433, txNeighRsp 759978
rxNeighUpd 8266447 txNeighUpd 693062
tnextchan 0, nextant 0, downAnt 0, downChan 0, curAnts 0
tnextNeigh 0, malformedNeighPackets 244, poorNeighSnr 27901
blacklistPackets 0, insufficientMemory 0
authenticationFailures 0
Parent Changes 1, Neighbor Timeouts 16625

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1607

config mesh Commands

Use the config mesh commands to configure the mesh access points.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1608

OL-31334-01

config mesh Commands

config mesh astools

To globally enable or disable the anti-stranding feature for outdoor mesh access points, use the config mesh
astools command.
config mesh astools {enable | disable}

Syntax Description

enable

Enables this feature for all outdoor mesh access points.

disable

Disables this feature for all outdoor mesh access points.

Command Default

None.

Examples

This example shows how to enable anti-stranding on all outdoor mesh access points:
> config mesh astools enable

Related Commands

show mesh astools stats

show mesh config
show mesh security-stats
show mesh ap
config mesh slot-bias
show mesh stats
show mgmtuser

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1609

config mesh Commands

config mesh backhaul rate-adapt

To globally configure the backhaul Tx rate adaptation (universal access) settings for indoor and outdoor mesh
access points, use the config mesh backhaul rate-adapt command.
config mesh backhaul rate-adapt [all | bronze | silver | gold | platinum] {enable | disable}

disable

Disables this backhaul access level for mesh access points.

Command Default

Disabled.

Usage Guidelines

To use this command, mesh backhaul with client access must be enabled by using the config mesh client-access
command.

Note

Examples

After this feature is enabled, all mesh access points reboot.

This example shows how to set the backhaul client access to the best-effort level:
> config mesh backhaul rate-adapt silver

Related Commands

show mesh config

show mesh ap
show mesh stats

Cisco Wireless LAN Controller Command Reference, Release 8.0

1610

OL-31334-01

config mesh Commands

config mesh backhaul slot

To configure the slot radio as a downlink backhaul, use the config mesh backhaul slot command.
config mesh backhaul slot slot_id {enable | disable} cisco_ap

Syntax Description

slot_id

Slot number between 0 and 2.

enable

Enables the entered slot radio as a downlink backhaul.

disable

Disables the entered slot radio as a downlink backhaul.

cisco_ap

Name of the Root AP of the sector on which the backhaul needs to be enabled
or disabled.

Command Default

Disabled.

Usage Guidelines

For 2.4-GHz, only slot 0 and 1 are valid. If slot 0 is enabled, then slot 1 is automatically be disabled. If slot
0 is disabled, then slot 1 is automatically enabled. The config mesh backhaul slot command is applicable
only to AP1522.

Examples

This example shows how to enable slot 1 as the preferred backhaul for the root AP myrootap1:
> config mesh backhaul slot 1 enable myrootap1

Related Commands

show mesh config

show mesh ap
show mesh stats

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1611

config mesh Commands

config mesh battery-state

To configure the battery state for Cisco Aironet 1520 series mesh access points, use the config mesh
battery-state command.
config mesh battery-state {enable | disable} {all | cisco_ap}

Syntax Description

enable

Enables the battery-state for 1520 series mesh access points.

disable

Disables the battery-state for 1520 series mesh access points.

all

Applies this command to all mesh access points.

cisco_ap

Specific mesh access point.

Command Default

Disabled.

Examples

This example shows how to set the backhaul client access to the best-effort level:
> config mesh battery-state enable all

Cisco Wireless LAN Controller Command Reference, Release 8.0

1612

OL-31334-01

config mesh Commands

config mesh alarm

To configure alarm settings for outdoor mesh access points, use the config mesh alarm command.
config mesh alarm {max-hop | max-children | low-snr | high-snr | association | parent-change count}
value

Syntax Description

max-hop

Sets the maximum number of hops before triggering an alarm for traffic
over the mesh network. The range is from 1 to 16.

max-children

Sets the maximum number of mesh access points (MAPs) that can be
assigned to a mesh router access point (RAP) before triggering an alarm.
The range is from 1 to 16.

low-snr

Sets the low-end signal-to-noise ratio (SNR) value before triggering an

alarm. The range is from 1 to 30.

high-snr

Sets the high-end SNR value before triggering an alarm. The range is from
1 to 30 (inclusive).

association

Sets the mesh alarm association count value before triggering an alarm.
The range is from 1 to 30 (inclusive).

parent-change count

Sets the number of times a MAP can change its RAP association before
triggering an alarm. The range is from 1 to 30 (inclusive).

value

Value above or below which an alarm is generated. The valid values vary
for each command.

Command Default

See the Syntax Description section for command and argument value ranges.

Examples

This example shows how to set the maximum hops threshold to 8:

> config mesh alarm max-hop 8

This example shows how to set the upper SNR threshold to 25:
>

Related Commands

config mesh alarm high-snr 25

config mesh client-access

config mesh ethernet-bridging vlan-transparent
config mesh full-sector-dfs
config mesh multicast

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1613

config mesh Commands

config mesh radius-server

config mesh security
config mesh slot-bias
show mesh security-stats
show mesh ap
config mesh slot-bias
show mesh stats
show mgmtuser

Cisco Wireless LAN Controller Command Reference, Release 8.0

1614

OL-31334-01

config mesh Commands

config mesh client-access

To enable or disable client access to the mesh backhaul on indoor and outdoor mesh access points, use the
config mesh client-access command.
config mesh client-access {enable [extended] | disable}

Syntax Description

enable

Allows wireless client association over the mesh access point

backhaul 802.11a radio.

extended

(Optional) Enables client access over both the backhaul radios for
1524 serial backhaul access points.

disable

Restricts the 802.11a radio to backhaul traffic, and allows client

association only over the 802.11b/g radio.

Command Default

Disabled.

Usage Guidelines

Backhaul interfaces (802.11a radios) act as primary Ethernet interfaces. Backhauls function as trunks in the
network and carry all VLAN traffic between the wireless and wired network. No configuration of primary
Ethernet interfaces is required.
When this feature is enabled, Cisco Aironet 1520 series (152x) mesh access points allow wireless client
association over the 802.11a radio, which implies that a 152x mesh access point can carry both backhaul
traffic and 802.11a client traffic over the same 802.11a radio.
When this feature is disabled, the 152x carries backhaul traffic over the 802.11a radio and allows client
association only over the 802.11b/g radio.

Examples

This example shows how to enable client access extended to allow a wireless client association over the
802.11a radio:
> config mesh client-access enable extended
Enabling client access on both backhaul slots
Same BSSIDs will be used on both slots
All Mesh AP will be rebooted
Are you sure you want to start? (y/N)Y

This example shows how to restrict a wireless client association to the 802.11b/g radio:
> config mesh client-access disable
All Mesh AP will be rebooted
Are you sure you want to start? (Y/N) Y
Backhaul with client access is cancelled.

Related Commands

show mesh config

show mesh ap

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1615

config mesh Commands

show mesh stats

show mesh client-access

Cisco Wireless LAN Controller Command Reference, Release 8.0

1616

OL-31334-01

config mesh Commands

config mesh convergence

To configure mesh convergence method on all mesh access points, use the config mesh convergence command.
config mesh convergence {fast [standard] | very-fast}all

Syntax Description

Command Default

Command History

Usage Guidelines

fast

Sets the fast convergence method.

standard

Sets the standard convergence method.

very-fast

Set very-fast convergence method.

all

Sets the selected mesh convergence method on all the mesh access
points.

The default mesh convergence method is standard.

Release

Modification

8.0

This command was introduced.

The standard convergence method is available on Release 7.6 onwards. The fast and very fast convergence
methods are available from Release 8.0.
This table lists the different convergence methods.

Examples

Convergence method

Parent loss
Timer (seconds)

Seek per channel

Timer (seconds)

Parent, neighbor keep alive

Timer (seconds)

Standard

Fast

Very Fast

1.5

The following example shows how to set mesh convergence to standard:

(Cisco Controller) >config mesh convergence standard all

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1617

config mesh Commands

config mesh ethernet-bridging vlan-transparent

To configure how a mesh access point handles VLAN tags for Ethernet bridged traffic, use the config mesh
ethernet-bridging vlan-transparent command.
config mesh ethernet-bridging vlan-transparent {enable | disable}

Syntax Description

enable

Bridges packets as if they are untagged.

disable

Drops all tagged packets.

Command Default

Enabled.

Usage Guidelines

VLAN transparent is enabled as a default to ensure a smooth software upgrade from 4.1.192.xxM releases to
release 5.2. Release 4.1.192.xxM does not support VLAN tagging.

Examples

This example shows how to configure Ethernet packets as untagged:

> config mesh ethernet-bridging vlan-transparent enable

This example shows how to drop tagged Ethernet packets:

> config mesh ethernet-bridging vlan-transparent disable

Related Commands

show mesh config

show mesh ap
show mesh stats
config mesh client-access
config mesh linkdata
config mesh linktest
config mesh multicast
show mesh client-access

Cisco Wireless LAN Controller Command Reference, Release 8.0

1618

OL-31334-01

config mesh Commands

config mesh full-sector-dfs

To globally enable or disable full-sector Dynamic Frequency Selection (DFS) on mesh access points, use the
config mesh full-sector-dfs command.
config mesh full-sector-dfs {enable | disable}

Syntax Description

enable

Enables DFS for mesh access points.

disable

Disables DFS for mesh access points.

Command Default

None.

Usage Guidelines

This command instructs the mesh sector to make a coordinated channel change on the detection of a radar
signal. For example, if a mesh access point (MAP) detects a radar signal, the MAP will notify the root access
point (RAP), and the RAP will initiate a sector change.
All MAPs and the RAP that belong to that sector go to a new channel, which lowers the probability of MAPs
stranding when radar is detected on the current backhaul channel, and no other valid parent is available as
backup.
Each sector change causes the network to be silent for 60 seconds (as dictated by the DFS standard).
It is expected that after a half hour, the RAP will go back to the previously configured channel, which means
that if radar is frequently observed on a RAP's channel, it is important that you configure a different channel
for that RAP to exclude the radar affected channel at the controller.

Examples

This example shows to enable full-sector DFS on mesh access points:

> config mesh full-sector-dfs enable

Related Commands

config mesh battery-state

show mesh ap
show mesh stats
config mesh alarm
config mesh linkdata
config mesh linktest
config mesh client-access
config mesh range
show mesh security-stats
show mgmtuser

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1619

config mesh Commands

config mesh linkdata

To enable external MAC filtering of access points, use the config mesh linkdata command.
config mesh linkdata destination_ap_name

Syntax Description

Command Default

destination_ap_name

Destination access point name for MAC address filtering.

Disabled.

Usage Guidelines
Note

The config mesh linktest and config mesh linkdata commands are designed to be used together to verify
information between a source and a destination access point. To get this information, first execute the
config mesh linktest command with the access point that you want link data from in the dest_ap argument.
When the command completes, enter the config mesh linkdata command and list the same destination
access point, to display the link data will display (see example).
MAC filtering uses the local MAC filter on the controller by default.
When external MAC filter authorization is enabled, if the MAC address is not found in the local MAC filter,
then the MAC address in the external RADIUS server is used.
MAC filtering protects your network against rogue mesh access points by preventing access points that are
not defined on the external server from joining.
Before employing external authentication within the mesh network, the following configuration is required:
The RADUIS server to be used as an AAA server must be configured on the controller.
The controller must also be configured on the RADIUS server.
The mesh access point configured for external authorization and authentication must be added to the
user list of the RADIUS server.

Examples

This example shows how to enable external MAC address filtering on access point AP001d.710d.e300:
> config mesh linkdata MAP2-1-1522.7400 AP001d.710d.e300 18 100 1000 30
LinkTest started on source AP, test ID: 0
[00:1D:71:0E:74:00]->[00:1D:71:0D:E3:0F]
Test config: 1000 byte packets at 100 pps for 30 seconds, a-link rate 18 Mb/s
In progress: | || || || || || || || || || || || || |
LinkTest complete
Results
=======
txPkts:
2977
txBuffAllocErr:
0
txQFullErrs:
0
Total rx pkts heard at destination:
2977
rx pkts decoded correctly:
2977
err pkts: Total
0 (PHY 0 + CRC 0 + Unknown 0), TooBig 0, TooSmall 0
rx lost packets:
0 (incr for each pkt seq missed or out of order)

Cisco Wireless LAN Controller Command Reference, Release 8.0

1620

To verify client access between mesh access points, use the config mesh linktest command.
config mesh linktest source_ap {dest_ap | dest_MAC} datarate packet_rate packet_size duration

Syntax Description

source_ap

Source access point.

dest_ap

Destination access point.

dest_MAC

Destination MAC address.

datarate

Data rate for 802.11a radios. Valid values are 6, 9, 11, 12, 18, 24, 36, 48
and 54 Mbps.
Data rate for 802.11b radios. Valid values are 6, 12, 18, 24, 36, 54, or 100
Mbps.
Data rate for 802.11n radios. Valid values are MCS rates between m0 to
m15.

Command Default

packet_rate

Number of packets per second. Valid range is 1 through 3000, but the
recommended default is 100.

packet_size

(Optional) Packet size in bytes. If not specified, packet size defaults to 1500
bytes.

duration

(Optional) Duration of the test in seconds. Valid values are 10-300 seconds,
inclusive. If not specified, duration defaults to 30 seconds.

100 packets per second, 1500 bytes, 30 second duration.

Usage Guidelines
Note

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1623

config mesh Commands

Examples

This example shows how to verify client access between mesh access points SB_MAP1 and SB_RAP2 at 36
Mbps, 20 fps, 100 frame size, and 15 second duration:
> config mesh linktest SB_MAP1 SB_RAP1 36 20 100 15
LinkTest started on source AP, test ID: 0
[00:1D:71:0E:85:00]->[00:1D:71:0E:D0:0F]
Test config: 100 byte packets at 20 pps for 15 seconds, a-link rate 36 Mb/s
In progress: | || || || || || |
LinkTest complete
Results
=======
txPkts:
290
txBuffAllocErr:
0
txQFullErrs:
0
Total rx pkts heard at destination:
290
rx pkts decoded correctly:
err pkts: Total
0 (PHY 0 + CRC 0 + Unknown 0), TooBig 0, TooSmall 0
rx lost packets:
0 (incr for each pkt seq missed or out of order)
rx dup pkts:
0
rx out of order:
0
avgSNR:
37, high:
40, low:
5
SNR profile
[0dB...60dB]
0
1
0
0
1
3
0
1
0
2
8
27
243
4
0
0
0
0
0
0
(>60dB)
0
avgNf:
-89, high: -58, low: -90
Noise Floor profile [-100dB...-40dB]
0
0
0
145
126
11
2
0
1
0
3
0
1
0
1
0
0
0
0
0
(>-40dB)
0
avgRssi:
51, high:
53, low:
50
RSSI profile
[-100dB...-40dB]
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
7
283
0
0
(>-40dB)
0
Summary PktFailedRate (Total pkts sent/recvd):
0.000%
Physical layer Error rate (Total pkts with errors/Total pkts heard): 0.000%

The following table lists the output flags displayed for the config mesh linktest command.
Table 16: Output Flags for the Config Mesh Linktest Command

Output Flag

Description

txPkts

Number of packets sent by the source.

txBuffAllocErr

Number of linktest buffer allocation errors at the source (expected to be zero).

txQFullErrs

Number of linktest queue full errors at the source (expected to be zero).

Total rx pkts heard at Number of linktest packets received at the destination (expected to be same as or
destination
close to the txPkts).
rx pkts decoded
correctly

Number of linktest packets received and decoded correctly at the destination (expected
to be same as close to txPkts).

err pkts: Total

Packet error statistics for linktest packets with errors.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1624

OL-31334-01

config mesh Commands

Related Commands

Output Flag

Description

rx lost packets

Total number of linktest packets not received at the destination.

rx dup pkts

Total number of duplicate linktest packets received at the destination.

rx out of order

Total number of linktest packets received out of order at the destination.

avgNF

Average noise floor.

Noise Floor profile

Noise floor profile in dB and are negative numbers.

avgSNR

Average SNR values.

SNR profile
[odb...60dB]

Histogram samples received between 0 to 60 dB. The different colums in the SNR
profile is the number of packets falling under the bucket 0-3, 3-6, 6-9, up to 57-60.

avgRSSI

Average RSSI values. The average high and low RSSI values are positive numbers.

RSSI profile
[-100dB...-40dB]

The RSSI profile in dB and are negative numbers.

config mesh battery-state

config mesh client-access
config mesh full-sector-dfs
config mesh linkdata
config mesh multicast
config mesh range
show mesh client-access
show mesh config
show mesh security-stats
show mesh stats

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1625

config mesh Commands

config mesh lsc

To configure a locally significant certificate (LSC) on mesh access points, use the config mesh lsc command.
config mesh lsc {enable | disable}

Syntax Description

enable

Enables an LSC on mesh access points.

disable

Disables an LSC on mesh access points.

Command Default

None.

Examples

This example shows how to enable LSC on mesh access points:

> config mesh lsc enable

Related Commands

config certificate lsc

show certificate lsc

Cisco Wireless LAN Controller Command Reference, Release 8.0

1626

OL-31334-01

config mesh Commands

config mesh multicast

To configure multicast mode settings to manage multicast transmissions within the mesh network, use the
config mesh multicast command.
config mesh multicast {regular | in | in-out}

Syntax Description

regular

Multicasts the video across the entire mesh network and all its segments by
bridging-enabled root access points (RAPs) and mesh access points (MAPs).

Forwards the multicast video received from the Ethernet by a MAP to the RAPs
Ethernet network. No additional forwarding occurs, which ensures that
non-LWAPP multicasts received by the RAP are not sent back to the MAP
Ethernet networks within the mesh network (their point of origin), and
MAP-to-MAP multicasts do not occur because they are filtered out

in-out

Configures the RAP and MAP to multicast, but each in a different manner:
If multicast packets are received at a MAP over Ethernet, they are sent to the
RAP; however, they are not sent to other MAP Ethernets, and the MAP-to-MAP
packets are filtered out of the multicast.
If multicast packets are received at a RAP over Ethernet, they are sent to all the
MAPs and their respective Ethernet networks. See the Usage Guidelines section
for more information.

Command Default

In-out mode.

Usage Guidelines

Multicast for mesh networks cannot be enabled using the controller GUI.
Mesh multicast modes determine how bridging-enabled access points mesh access points (MAPs) and root
access points (RAPs) send multicasts among Ethernet LANs within a mesh network. Mesh multicast modes
manage non-LWAPP multicast traffic only. LWAPP multicast traffic is governed by a different mechanism.
You can use the controller CLI to configure three mesh multicast modes to manage video camera broadcasts
on all mesh access points. When enabled, these modes reduce unnecessary multicast transmissions within the
mesh network and conserve backhaul bandwidth.
When using in-out mode, it is important to properly partition your network to ensure that a multicast sent by
one RAP is not received by another RAP on the same Ethernet segment and then sent back into the network.

Note

If 802.11b clients need to receive CAPWAP multicasts, then multicast must be enabled globally on the
controller as well as on the mesh network (by using the config network multicast global command). If
multicast does not need to extend to 802.11b clients beyond the mesh network, you should disable the
global multicast parameter.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1627

config mesh Commands

Examples

This example shows how to multicast video across the entire mesh network and all its segments by
bridging-enabled RAPs and MAPs:
> config mesh multicast regular

Related Commands

config mesh battery-state

config mesh client-access
config mesh linktest
show mesh ap
config network multicast global
show mesh config
show mesh stats

Cisco Wireless LAN Controller Command Reference, Release 8.0

1628

OL-31334-01

config mesh Commands

config mesh parent preferred

To configure a preferred parent for a mesh access point, use the config mesh parent preferred command.
config mesh parent preferred cisco_ap {mac_address | none}

Syntax Description

Command Default

Command History

Usage Guidelines

cisco_ap

Name of the child access point.

mac_address

MAC address of the preferred parent.

none

Clears the configured parent.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

A child AP selects the preferred parent based on the following conditions:

The preferred parent is the best parent.
The preferred parent has a link SNR of at least 20 dB (other parents, however good, are ignored).
The preferred parent has a link SNR in the range of 12 dB and 20 dB, but no other parent is significantly
better (that is, the SNR is more than 20 percent better). For an SNR lower than 12 dB, the configuration
is ignored.
The preferred parent is not blacklisted.
The preferred parent is not in silent mode because of dynamic frequency selection (DFS).
The preferred parent is in the same bridge group name (BGN). If the configured preferred parent is not
in the same BGN and no other parent is available, the child joins the parent AP using the default BGN.

Examples

The following example shows how to configure a preferred parent with the MAC address 00:21:1b:ea:36:60
for a mesh access point myap1:
(Cisco Controller) >config mesh parent preferred myap1 00:21:1b:ea:36:60

The following example shows how to clear a preferred parent for a mesh access point myap1 by using the
keyword none:
(Cisco Controller) >config mesh parent preferred myap1 none

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1629

config mesh Commands

config mesh public-safety

To enable or disable the 4.9-GHz public safety band for mesh access points, use the config mesh public-safety
command.
config mesh public-safety {enable | disable} {all | cisco_ap}

Syntax Description

enable

Enables the 4.9-GHz public safety band.

disable

Disables the 4.9-GHz public safety band.

all

Applies the command to all mesh access points.

cisco_ap

Specific mesh access point.

Command Default

Disabled.

Usage Guidelines

4.9 GHz is a licensed frequency band restricted to public-safety personnel.

Examples

This example shows how to enable the 4.9-GHz public safety band for all mesh access points:
> config mesh public-safety enable all
4.9GHz is a licensed frequency band in -A domain for public-safety usage
Are you sure you want to continue? (y/N) y

Related Commands

config mesh range

config mesh security
show mesh ap
show mesh public-safety
show mesh security-stats
show mesh config
show mesh stats

Cisco Wireless LAN Controller Command Reference, Release 8.0

1630

OL-31334-01

config mesh Commands

config mesh radius-server

To enable or disable external authentication for mesh access points, use the config mesh radius-server
command.
config mesh radius-server index {enable | disable}

Syntax Description

index

RADIUS authentication method. Options are as follows:

Enter eap to designate Extensible Authentication Protocol (EAP) for the
mesh RADIUS server setting.
Enter psk to designate Preshared Keys (PSKs) for the mesh RADIUS server
setting.

enable

Enables the external authentication for mesh access points.

disable

Disables the external authentication for mesh access points.

Command Default

EAP is enabled by default.

Examples

This example shows how to enable external authentication for mesh access points:
> config mesh radius-server eap enable

Related Commands

config mesh alarm

config mesh security
show mesh ap
show mesh security-stats
show mesh stats

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1631

config mesh Commands

config mesh range

To globally set the maximum range between outdoor mesh root access points (RAPs) and mesh access points
(MAPs), use the config mesh range command.
config mesh range [distance]

Syntax Description

distance

(Optional) Maximum operating range (150 to 132000 ft) of the mesh access
point.

Command Default

12,000 feet.

Usage Guidelines

After this command is enabled, all outdoor mesh access points reboot. This command does not affect indoor
access points.

Examples

This example shows how to set the range between an outdoor mesh RAP and a MAP:
> config mesh range 300
Command not applicable for indoor mesh. All outdoor Mesh APs will be rebooted
Are you sure you want to start? (y/N) y

Related Commands

config mesh astools

config mesh ethernet-bridging vlan-transparent
show mesh ap
config mesh full-sector-dfs
config mesh linkdata
config mesh linktest
show mesh config
show mesh stats

Cisco Wireless LAN Controller Command Reference, Release 8.0

1632

OL-31334-01

config mesh Commands

config mesh secondary-backhaul

To configure a secondary backhaul on the mesh network, use the config mesh secondary-backhaul command.
config mesh secondary-backhaul {enable [force-same-secondary-channel] | disable [rll-retransmit |
rll-transmit]}

Syntax Description

Command Default

enable

Enables the secondary backhaul configuration.

force-same-secondarychannel

(Optional) Enables secondary-backhaul mesh capability. Forces all access points

rooted at the first hop node to have the same secondary channel and ignores the
automatic or manual channel assignments for the mesh access points (MAPs) at
the second hop and beyond.

disable

Specifies the secondary backhaul configuration is disabled.

rll-transmit

(Optional) Uses reliable link layer (RLL) at the second hop and beyond.

rll-retransmit

(Optional) Extends the number of RLL retry attempts in an effort to improve

reliability.

None.

Usage Guidelines
Note

The secondary backhaul access feature is not supported by Cisco 1520 and 1524 indoor mesh access points
in the 5.2 release.
This command uses a secondary backhaul radio as a temporary path for traffic that cannot be sent on the
primary backhaul due to intermittent interference.

Examples

This example shows ho to enable a secondary backhaul radio and force all access points rooted at the first
hop node to have the same secondary channel:
> config mesh secondary-backhaul enable force-same-secondary-channel

Related Commands

config mesh battery-state

config mesh backhaul slot
show mesh client-access
show mesh config
show mesh stats

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1633

config mesh Commands

config mesh security

To configure the security settings for mesh networks, use the config mesh security command.
config mesh security {{{rad-mac-filter | force-ext-auth} {enable | disable}} | eap | psk}

Syntax Description

rad-mac-filter

Enables a RADIUS MAC address filter for the mesh security setting.

force-ext-auth

Disables forced external authentication for the mesh security setting.

enable

Enables the setting.

disable

Disables the setting.

eap

Designates the Extensible Authentication Protocol (EAP) for the mesh security
setting.

psk

Designates preshared keys (PSKs) for the mesh security setting.

Command Default

EAP.

Examples

This example shows how to configure EAP as the security option for all mesh access points:
> config mesh security eap

This example shows how to configure PSK as the security option for all mesh access points:
> config mesh security psk

Related Commands

config mesh alarm

config mesh client-access
show mesh ap
config mesh public-safety
show mesh security-stats
show mesh config
show mesh stats
config mesh radius-server
show mesh client-access

Cisco Wireless LAN Controller Command Reference, Release 8.0

1634

OL-31334-01

config mesh Commands

config mesh slot-bias

To enable or disable slot bias for serial backhaul mesh access points, use the config mesh slot-bias command.
config mesh slot-bias {enable | disable}

Syntax Description

enable

Enables slot bias for serial backhaul mesh APs.

disable

Disables slot bias for serial backhaul mesh APs.

Command Default

By default, slot bias is in enabled state.

Usage Guidelines

Follow these guidelines when using this command:

The config mesh slot-bias command is a global command and therefore applicable to all 1524SB APs
associated with the same controller.
Slot bias is applicable only when both slot 1 and slot 2 are available. If a slot radio does not have a
channel that is available because of dynamic frequency selection (DFS), the other slot takes up both the
uplink and downlink roles.
If slot 2 is not available because of hardware issues, slot bias functions normally. Corrective action
should be taken by disabling the slot bias or fixing the antenna.

Examples

This example shows how to disable slot bias for serial backhaul mesh APs:
> config mesh slot-bias disable

Related Commands

config mesh alarm

config mesh client-access
show mesh ap
config mesh public-safety
show mesh security-stats
show mesh config
show mesh stats
config mesh radius-server
show mesh client-access

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1635

debug Commands

config lsc mesh

To enable the locally significant certificate (LSC) on mesh access points, use the config lsc mesh command.
config lsc mesh {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables LSC on mesh access points.

disable

Disabes LSC on mesh access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable LSC on mesh access point:
(Cisco Controller) >config lsc mesh enable

debug Commands
This section describes the controller debug commands to troubleshoot Mesh access points.

Caution

Debug commands are reserved for use only under the direction of Cisco personnel. Do not use these
commands without direction from Cisco-certified staff.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1636

OL-31334-01

debug Commands

debug mesh security

To configure the debugging of mesh security issues, use the debug mesh security command.
debug mesh security {all | events | errors} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures the debugging of all mesh security messages.

events

Configures the debugging of mesh security event messages.

errors

Configures the debugging of mesh security error messages.

enable

Enables the debugging of mesh security error messages.

disable

Disables the debugging of mesh security error messages.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of mesh security error messages:
(Cisco Controller) >debug mesh security errors enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1637

debug Commands

debug mesh convergence

To configure the debugging of mesh convergence issues, use the debug mesh convergence command.
debug mesh convergence

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

8.0

This command was introduced.

The following example shows how to enable the debugging of mesh covergence error messages:
(Cisco Controller) >debug mesh convergence
mesh convergence debugging is on

Cisco Wireless LAN Controller Command Reference, Release 8.0

1638

OL-31334-01

PART

VIII

Radio Resource Management Commands

CLI Commands, page 1641

CLI Commands
The Cisco Wireless LAN solution command-line interface (CLI) enables operators to connect an ASCII
console to the Cisco Wireless LAN Controller and configure the controller and its associated access points.
show Commands, page 1641
config Commands, page 1658
Configuring 802.11k and Assisted Roaming, page 1754
debug Commands, page 1758

show Commands
This section lists the show commands to display information about your Radio Resource Management (RRM)
configuration settings.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1641

show Commands

show 802.11 extended

To display access point radio extended configurations, use the show 802.11 extended command.
show 802.11 {a | b} extended

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

extended

Displays the 802.11a/b radio extended configurations.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

The command output was expanded to include the Rx

SOP threshold.

The following example shows how to display radio extended configurations:

(Cisco Controller) > show 802.11a extended
Default 802.11a band radio extended configurations:
beacon period 300, range 60;
multicast buffer 45, rate 200;
RX SOP -80; CCA threshold -90;
AP0022.9090.b618 00:24:97:88:99:60
beacon period 300, range 60; multicast buffer 45, rate 200;
RX SOP -80; CCA threshold -77
AP0022.9090.bb3e 00:24:97:88:c5:d0
beacon period 300, range 0; multicast buffer 0, rate 0;
RX SOP -80; CCA threshold -0
ironRap.ddbf 00:17:df:36:dd:b0
beacon period 300, range 0; multicast buffer 0, rate 0;
RX SOP -80; CCA threshold -0

The following example shows how to display radio extended configurations and the Rx SOP threshold:
(Cisco Controller) > show 802.11a extended
Default 802.11a band Radio Extended Configurations:
Beacon period: 100, range: 0 (AUTO);
Multicast buffer: 0 (AUTO), rate: 0 (AUTO);
RX SOP threshold: -76; CCA threshold: 0 (AUTO);
AP3600-XALE3 34:a8:4e:6a:7b:00
Beacon period: 100, range: 0 (AUTO);
Multicast buffer: 0 (AUTO), rate: 0 (AUTO);
RX SOP threshold: -76; CCA threshold: 0 (AUTO);

Cisco Wireless LAN Controller Command Reference, Release 8.0

1642

OL-31334-01

show Commands

show advanced 802.11 channel

To display the automatic channel assignment configuration and statistics, use the show advanced 802.11
channel command.
show advanced 802.11{a | b} channel

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the automatic channel assignment configuration and statistics:
(Cisco Controller) > show advanced 802.11a channel

Automatic Channel Assignment

Channel Assignment Mode........................ AUTO
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... 00:1a:6d:dd:1e:40
Last Run....................................... 129 seconds ago
DCA Sensitivity Level: ...................... STARTUP (5 dB)
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Auto-RF Allowed Channel List...................
36,40,44,48,52,56,60,64,149,
............................................. 153,157,161
Auto-RF Unused Channel List....................
100,104,108,112,116,132,136,
............................................. 140,165,190,196
DCA Outdoor AP option.......................... Enabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1643

show Commands

show advanced 802.11 coverage

To display the configuration and statistics for coverage hole detection, use the show advanced 802.11 coverage
command.
show advanced 802.11{a | b} coverage

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the statistics for coverage hole detection:
(Cisco Controller) > show advanced 802.11a coverage

Coverage Hole Detection

802.11a Coverage Hole Detection Mode...........
802.11a Coverage Voice Packet Count............
802.11a Coverage Voice Packet Percentage.......
802.11a Coverage Voice RSSI Threshold..........
802.11a Coverage Data Packet Count.............
802.11a Coverage Data Packet Percentage........
802.11a Coverage Data RSSI Threshold...........
802.11a Global coverage exception level........
802.11a Global client minimum exception lev....

Enabled
100 packets
50%
-80 dBm
50 packets
50%
-80 dBm
25 %
3 clients

Cisco Wireless LAN Controller Command Reference, Release 8.0

1644

OL-31334-01

show Commands

show advanced 802.11 group

To display 802.11a or 802.11b Cisco radio RF grouping, use the show advanced 802.11 group command.
show advanced 802.11{a | b} group

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display Cisco radio RF group settings:
(Cisco Controller) > show advanced 802.11a group

Radio RF Grouping
802.11a Group Mode................................... AUTO
802.11a Group Update Interval........................ 600 seconds
802.11a Group Leader................................. xx:xx:xx:xx:xx:xx
802.11a Group Member............................... xx:xx:xx:xx:xx:xx
802.11a Last Run..................................... 133 seconds ago

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1645

show Commands

show advanced 802.11 l2roam

To display 802.11a or 802.11b/g Layer 2 client roaming information, use the show advanced 802.11 l2roam
command.
show advanced 802.11{a | b} l2roam {rf-param | statistics} mac_address}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

rf-param

Specifies the Layer 2 frequency parameters.

statistics

Specifies the Layer 2 client roaming statistics.

mac_address

MAC address of the client.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1646

OL-31334-01

show Commands

show advanced 802.11 logging

To display 802.11a or 802.11b RF event and performance logging, use the show advanced 802.11 logging
command.
show advanced 802.11{a | b} logging

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display 802.11b RF event and performance logging:
(Cisco Controller) > show advanced 802.11b logging

RF Event and Performance Logging

Channel Update Logging.........................
Coverage Profile Logging.......................
Foreign Profile Logging........................
Load Profile Logging...........................
Noise Profile Logging..........................
Performance Profile Logging....................
TxPower Update Logging.........................

Off
Off
Off
Off
Off
Off
Off

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1647

show Commands

show advanced 802.11 monitor

To display the 802.11a or 802.11b default Cisco radio monitoring, use the show advanced 802.11 monitor
command.
show advanced 802.11{a | b} monitor

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the radio monitoring for the 802.11b network:
(Cisco Controller) > show advanced 802.11b monitor

Default 802.11b AP monitoring

802.11b Monitor Mode...........................
802.11b Monitor Channels.......................
802.11b RRM Neighbor Discovery Type............
802.11b AP Coverage Interval...................
802.11b AP Load Interval.......................
802.11b AP Noise Interval......................
802.11b AP Signal Strength Interval............

enable
Country channels
Transparent
180 seconds
60 seconds
180 seconds
60 seconds

Cisco Wireless LAN Controller Command Reference, Release 8.0

1648

OL-31334-01

show Commands

show advanced 802.11 optimized roaming

To display the optimized roaming configurations for 802.11a/b networks, use the show advanced 802.11
optimized roaming command.
show advanced 802.11 {a | b} optimized roaming [stats]

Syntax Description

stats

Command Default

None

Command History

Examples

(Optional) Displays optimized roaming statistics for a 802.11a/b network.

Release

Modification

8.0

This command was introduced.

The following example shows how to display the optimized roaming configurations for an 802.11a network:
(Cisco Controller) > show advanced 802.11a optimized roaming
OptimizedRoaming
802.11a OptimizedRoaming Mode.................. Enabled
802.11a OptimizedRoaming Reporting Interval.... 20 seconds
802.11a OptimizedRoaming Rate Threshold........ disabled

The following example shows how to display the optimized roaming statistics for an 802.11a network:
(Cisco Controller) > show advanced 802.11a optimized roaming stats
OptimizedRoaming Stats
802.11a OptimizedRoaming Disassociations....... 2
802.11a OptimizedRoaming Rejections............ 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1649

show Commands

show advanced 802.11 profile

To display the 802.11a or 802.11b lightweight access point performance profiles, use the show advanced
802.11 profile command.
show advanced 802.11{a | b} profile {global | cisco_ap}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

global

Specifies all Cisco lightweight access points.

cisco_ap

Name of a specific Cisco lightweight access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the global configuration and statistics of an 802.11a profile:
(Cisco Controller) > show advanced 802.11 profile global

Default 802.11a AP performance profiles

802.11a Global Interference threshold..............
802.11a Global noise threshold.....................
802.11a Global RF utilization threshold............
802.11a Global throughput threshold................
802.11a Global clients threshold...................
802.11a Global coverage threshold..................
802.11a Global coverage exception level............
802.11a Global client minimum exception lev........

10%
-70 dBm
80%
1000000 bps
12 clients
12 dB
80%
3 clients

The following example shows how to display the configuration and statistics of a specific access point profile:
(Cisco Controller) >

show advanced 802.11 profile AP1

Cisco AP performance profile not customized

This response indicates that the performance profile for this lightweight access point is using the global defaults
and has not been individually configured.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1650

OL-31334-01

show Commands

show advanced 802.11 receiver

To display the configuration and statistics of the 802.11a or 802.11b receiver, use the show advanced 802.11
receiver command.
show advanced 802.11{a | b} receiver

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the configuration and statistics of the 802.11a network settings:
(Cisco Controller) > show advanced 802.11 receiver

802.11a Receiver Settings

RxStart
: Signal Threshold...........................
RxStart
: Signal Lamp Threshold......................
RxStart
: Preamble Power Threshold...................
RxReStart : Signal Jump Status.........................
RxReStart : Signal Jump Threshold......................
TxStomp : Low RSSI Status..............................
TxStomp : Low RSSI Threshold...........................
TxStomp : Wrong BSSID Status...........................
TxStomp : Wrong BSSID Data Only Status.................
RxAbort : Raw Power Drop Status........................
RxAbort : Raw Power Drop Threshold.....................
RxAbort : Low RSSI Status..............................
RxAbort : Low RSSI Threshold...........................
RxAbort : Wrong BSSID Status...........................
RxAbort : Wrong BSSID Data Only Status.................

15
5
2
Enabled
10
Enabled
30
Enabled
Enabled
Disabled
10
Disabled
0
Disabled
Disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1651

show Commands

show advanced 802.11 summary

To display the 802.11a or 802.11b Cisco lightweight access point name, channel, and transmit level summary,
use the show advanced 802.11 summary command.
show advanced 802.11{a | b} summary

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of the 802.11b access point settings:
(Cisco Controller) > show advanced 802.11b summary

AP Name
TxPower
------------------CJ-1240
1( )
CJ-1130
1(*)

Note

MAC Address

Admin State

Operation State

Channel

------------------ ------------ ----------------- ------00:21:1b:ea:36:60

ENABLED

161

00:1f:ca:cf:b6:60

ENABLED

56*

An asterisk (*) next to a channel number or power level indicates that it is being controlled by the global
algorithm settings.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1652

OL-31334-01

show Commands

show advanced 802.11 txpower

To display the 802.11a or 802.11b automatic transmit power assignment, use the show advanced 802.11
txpower command.
show advanced 802.11{a | b} txpower

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the configuration and statistics of the 802.11b transmit power
cost:
(Cisco Controller) > show advanced 802.11b txpower

Automatic Transmit Power Assignment

Transmit Power Assignment Mode..................
Transmit Power Update Interval..................
Transmit Power Threshold........................
Transmit Power Neighbor Count...................
Transmit Power Update Contribution..............
Transmit Power Assignment Leader................
Last Run........................................

AUTO
600 seconds
-65 dBm
3 APs
SN.
xx:xx:xx:xx:xx:xx
384 seconds ago

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1653

show Commands

show advanced dot11-padding

To display the state of over-the-air frame padding on a wireless LAN controller, use the show advanced
dot11-padding command.
show advanced dot11-padding

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to view the state of over-the-air frame padding:
(Cisco Controller) > show advanced dot11-padding

dot11-padding.................................... Disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

1654

OL-31334-01

show Commands

show client ccx rm

Syntax Description

Command Default

Command History

Examples

client_MAC

Client MAC address.

status

Displays the client CCX radio management status

information.

report

Displays the client CCX radio management report.

chan-load

Displays radio management channel load reports.

noise-hist

Displays radio management noise histogram reports.

beacon

Displays radio management beacon load reports.

frame

Displays radio management frame reports.

pathloss

Displays radio management path loss reports.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1655

show Commands

Refused Flag........................................ On
Chan CCA Busy Fraction
----------------------1 194
2 86
3 103
4 0
5 178
6 82
7 103
8 95
9 13
10 222
11 75

Cisco Wireless LAN Controller Command Reference, Release 8.0

1656

OL-31334-01

show Commands

show client location-calibration summary

To display client location calibration summary information, use the show client location-calibration summary
command.
show client location-calibration summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the location calibration summary information:
(Cisco Controller) >show client location-calibration summary

MAC Address Interval

----------- ---------10:10:10:10:10:10 60
21:21:21:21:21:21 45

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1657

config Commands

show wps ap-authentication summary

To display the access point neighbor authentication configuration on the controller, use the show wps
ap-authentication summary command.
show wps ap-authentication summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of the Wireless Protection System (WPS) access
point neighbor authentication:
(Cisco Controller) > show wps ap-authentication summary

AP neighbor authentication is <disabled>.

Authentication alarm threshold is 1.
RF-Network Name: <B1>

Related Commands

config wps ap-authentication

config Commands
This section lists the config commands to configure Radio Resource Management (RRM).

Cisco Wireless LAN Controller Command Reference, Release 8.0

1658

OL-31334-01

config Commands

config 802.11-a
To enable or disable the 4.9-GHz and 5.8-GHz public safety channels on an access point, use the config
802.11-a command.
config {802.11-a49 | 802.11-a58} {enable | disable} cisco_ap

Syntax Description

Command Default

Command History

Examples

802.11-a49

Specifies the 4.9-GHz public safety channel.

802.11-a58

Specifies the 5.8-GHz public safety channel.

enable

Enables the use of this frequency on the designated

access point.

disable

Disables the use of this frequency on the designated

access point.

cisco_ap

Name of the access point to which the command

applies.

The default 4.9-GHz and 5.8-GHz public safety channels on an access point is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the 4.9-GHz public safety channel on ap_24 access point:
(Cisco Controller) > config 802.11-a

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1659

config Commands

config 802.11-a antenna extAntGain

Syntax Description

Command Default

Command History

Usage Guidelines

802.11-a49

Specifies the 4.9-GHz public safety channel.

802.11-a58

Specifies the 5.8-GHz public safety channel.

ant_gain

Value in .5-dBi units (for instance, 2.5 dBi = 5).

cisco_ap

Name of the access point to which the command applies.

global

Specifies the antenna gain value to all channels.

channel_no

Antenna gain value for a specific channel.

Channel properties are disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure an 802.11-a49 external antenna gain of 10 dBi for AP1:
(Cisco Controller) >config 802.11-a antenna extAntGain 10 AP1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1660

OL-31334-01

config Commands

config 802.11-a channel ap

Syntax Description

Command Default

Command History

Examples

802.11-a49

Specifies the 4.9-GHz public safety channel.

802.11-a58

Specifies the 5.8-GHz public safety channel.

cisco_ap

Name of the access point to which the command applies.

global

Enables the Dynamic Channel Assignment (DCA) on all 4.9-GHz and

5.8-GHz subband radios.

channel_no

Custom channel for a specific mesh access point. The range is 1 through
26, inclusive, for a 4.9-GHz band and 149 through 165, inclusive, for a
5.8-GHz band.

Channel properties are disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the channel properties:

(Cisco Controller) >config 802.11-a channel ap

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1661

config Commands

config 802.11-a txpower ap

Syntax Description

Command Default

Command History

Examples

802.11-a49

Specifies the 4.9-GHz public safety channel.

802.11-a58

Specifies the 5.8-GHz public safety channel.

txpower

Configures transmission power properties.

Configures access point channel settings.

cisco_ap

Name of the access point to which the command

applies.

global

Applies the transmission power value to all channels.

power_level

Transmission power value to the designated mesh

access point. The range is from 1 to 5.

The default transmission power properties for the 4.9-GHz and 5.8-GHz public safety channels on an access
point is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure an 802.11-a49 transmission power level of 4 for AP1:
(Cisco Controller) > config 802.11-a txpower ap 4 AP1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1662

OL-31334-01

config Commands

config 802.11-abgn
To configure dual-band radio parameters on an access point, use the config 802.11-abgn command.
config 802.11-abgn {cleanair {enable | disable} {cisco_ap band band} | {enable | disable} {cisco_ap}}

Syntax Description

Command Default

Command History

cleanair

Configures CleanAir on the

dual-band radio.

enable

Enables CleanAir for both 2.4-GHz

and 5-GHz radios.

disable

Disables CleanAir for both

2.4-GHz and 5-GHz radios.

cisco_ap

Name of the access point to which

the command applies.

band

Configures the radio band.

band

Radio band that can be 2.4-GHz or

5-GHz.

enable

Enables the dual-band radio on an

access point.

disable

Disables the dual-band radio on an

access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Only Cisco CleanAir-enabled access point radios can be configured for Cisco CleanAir.

Examples

The following example shows how to enable Cisco CleanAir on an access point:
(Cisco Controller) > config 802.11-abgn cleanair enable AP3600 band 5

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1663

config Commands

config 802.11a 11acsupport

To configure 802.11ac 5-GHz parameters, use the config 802.11a 11acsupport
config 802.11a 11acsupport {enable | disable | mcs tx mcs_index ss spatial_stream {enable | disable}}

Syntax Description

enable

Enables 802.11ac 5-GHz mode.

disable

Disables 802.11ac 5-GHz mode.

mcs tx

Configures 802.11ac 5-GHz Modulation and Coding Scheme (MCS) rates at which
data can be transmitted between the access point and the client.

Configures 802.11ac 5-GHz MCS transmit rates.

mcs_index

MCS index value of 8 or 9. MCS data rates with index 8 or 9 are specific to 802.11ac.
When you enable an MCS data rate with index 9, the data rate with MCS index 8 is
automatically enabled.

Configures the 802.11ac 5-GHz MCS spatial stream (SS).

spatial_stream

Spatial stream within which you can enable or disable an MCS data rate.
Signals transmitted by the various antennae are multiplexed by using different spaces
within the same spectral channel. These spaces are known as spatial streams. Three
spatial streams are available within which you can enable or disable a MCS rate. The
range is from 1 to 3.

Command Default

Command History

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Disabling the 802.11n/ac mode applies only to access radios. Backhaul radios always have 802.11n/ac mode
enabled if they are 802.11n capable.

Examples

The following example shows how to configure the MCS index for spatial stream 3:
(Cisco Controller) >config 802.11a 11acsupport mcs tx 9 ss 3

Cisco Wireless LAN Controller Command Reference, Release 8.0

1664

OL-31334-01

config Commands

config 802.11b 11gSupport

To enable or disable the Cisco wireless LAN solution 802.11g network, use the config 802.11b 11gSupport
command.
config 802.11b 11gSupport {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables the 802.11g network.

disable

Disables the 802.11g network.

The default network for Cisco wireless LAN solution 802.11g is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Before you enter the config 802.11b 11gSupport {enable | disable} command, disable the 802.11 Cisco
radio with the config 802.11 disable command.
After you configure the support for the 802.11g network, use the config 802.11 enable command to enable
the 802.11 radio.

Note

Examples

To disable an 802.11a, 802.11b and/or 802.11g network for an individual wireless LAN, use the config
wlan radio command.

The following example shows how to enable the 802.11g network:

(Cisco Controller) > config 802.11b 11gSupport enable

Changing the 11gSupport will cause all the APs to reboot when you enable
802.11b network.
Are you sure you want to continue? (y/n) n
11gSupport not changed!

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1665

config Commands

config 802.11b preamble

Syntax Description

Command Default

Command History

long

Specifies the long 802.11b preamble.

short

Specifies the short 802.11b preamble.

The default 802.11b preamble value is short.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines
Note

Examples

The following example shows how to change the 802.11b preamble to short:
(Cisco Controller) > config 802.11b preamble short
(Cisco Controller) > (reset system with save)

Related Commands

show 802.11b

Cisco Wireless LAN Controller Command Reference, Release 8.0

1666

OL-31334-01

config Commands

config 802.11h channelswitch

To configure an 802.11h channel switch announcement, use the config 802.11h channelswitch command.
config 802.11h channelswitch {enable {loud | quiet} | disable}

Syntax Description

Command Default

Command History

enable

Enables the 802.11h channel switch announcement.

loud

Enables the 802.11h channel switch announcement in the loud

mode. The 802.11h-enabled clients can send packets while
switching channel.

quiet

Enables 802.11h-enabled clients to stop transmitting packets

immediately because the AP has detected radar and client devices
should also quit transmitting to reduce interference.

disable

Disables the 802.11h channel switch announcement.

None

Release
7.6

Modification
This command was introduced in a release earlier than Release 7.6.
The loud and quiet parameters were introduced in Release 7.6.

Examples

The following example shows how to disable an 802.11h switch announcement:

(Cisco Controller) > config 802.11h channelswitch disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1667

config Commands

config 802.11h powerconstraint

To configure the 802.11h power constraint value, use the config 802.11h powerconstraint command.
config 802.11h powerconstraint value

Syntax Description

Command Default

Command History

Examples

value

802.11h power constraint value.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the 802.11h power constraint to 5:
(Cisco Controller) > config 802.11h powerconstraint 5

Related Commands

show 802.11h

Cisco Wireless LAN Controller Command Reference, Release 8.0

1668

OL-31334-01

config Commands

config 802.11h setchannel

To configure a new channel using 802.11h channel announcement, use the config 802.11h setchannel
command.
config 802.11h setchannel cisco_ap

Syntax Description

Command Default

Command History

Examples

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure a new channel using the 802.11h channel:
(Cisco Controller) > config 802.11h setchannel ap02

Related Commands

show 802.11h

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1669

config Commands

config 802.11 11nsupport

To enable 802.11n support on the network, use the config 802.11 11nsupport command.
config 802.11{a | b} 11nsupport {enable | disable}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network settings.

Specifies the 802.11b/g network settings.

enable

Enables the 802.11n support.

disable

Disables the 802.11n support.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the 802.11n support on an 802.11a network:
(Cisco Controller) > config 802.11a 11nsupport enable

Related Commands

config 802.11 11nsupport mcs tx

config 802.11 11nsupport a-mpdu tx priority
config 802.11a disable network
config 802.11a disable
config 802.11a channel ap
config 802.11a txpower ap
config 802.11a chan_width

Cisco Wireless LAN Controller Command Reference, Release 8.0

1670

OL-31334-01

config Commands

config 802.11 11nsupport a-mpdu tx priority

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

0-7

Specifies the aggregated MAC protocol data unit priority level between 0 through
7.

all

Configures all of the priority levels at once.

enable

Specifies the traffic associated with the priority level uses A-MPDU transmission.

disable

Specifies the traffic associated with the priority level uses A-MSDU transmission.

Command Default

By default, Priority 0 is enabled.

Usage Guidelines

Note

Configure the priority levels to match the aggregation method used by the clients.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1671

config Commands

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Related Commands

config 802.11 11nsupport mcs tx

config 802.11a disable network
config 802.11a disable
config 802.11a channel ap
config 802.11a txpower ap

Cisco Wireless LAN Controller Command Reference, Release 8.0

1672

OL-31334-01

config Commands

config 802.11 11nsupport a-mpdu tx scheduler

Syntax Description

enable

Enables the 802.11n-5 GHz A-MPDU transmit aggregation scheduler.

disable

Disables the 802.11n-5 GHz A-MPDU transmit aggregation scheduler.

timeout rt

Configures the A-MPDU transmit aggregation scheduler realtime traffic timeout.

timeout-value

Timeout value in milliseconds. The valid range is between 1 millisecond to 1000

milliseconds.

Command Default

None

Usage Guidelines

Ensure that the 802.11 network is disabled before you enter this command.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Related Commands

config 802.11 11nsupport mcs tx

config 802.11a disable network
config 802.11a channel ap
config 802.11a txpower ap
config 802.11a chan_width

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1673

config Commands

config 802.11 11nsupport antenna

To configure an access point to use a specific antenna, use the config 802.11 11nsupport antenna command.
config 802.11{a | b} 11nsupport antenna cisco_ap {A | B | C | D} {enable | disable}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a/n network.

Specifies the 802.11b/g/n network.

cisco_ap

Access point.

A/B/C/D

Specifies an antenna port.

enable

Enables the configuration.

disable

Disables the configuration.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure transmission to a single antenna for legacy orthogonal
frequency-division multiplexing:
(Cisco Controller) > config 802.11 11nsupport antenna AP1 C enable

Related Commands

config 802.11 11nsupport mcs tx

config 802.11a disable network
config 802.11a disable
config 802.11a channel ap
config 802.11a txpower ap
config 802.11a chan_width

Cisco Wireless LAN Controller Command Reference, Release 8.0

1674

OL-31334-01

config Commands

config 802.11 11nsupport guard-interval

To configure the guard interval, use the config 802.11 11nsupport guard-interval command.
config 802.11 {a | b} 11nsupport guard-interval {any | long}

Syntax Description

Command Default

Command History

Examples

any

Enables either a short or a long guard interval.

long

Enables only a long guard interval.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure a long guard interval:

(Cisco Controller) > config 802.11 11nsupport guard-interval long

Related Commands

config 802.11 11nsupport mcs tx

config 802.11a disable network
config 802.11a channel ap
config 802.11a txpower ap
config 802.11a chan_width

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1675

config Commands

config 802.11 11nsupport mcs tx

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

11nsupport

Specifies support for 802.11n devices.

mcs tx

Specifies the modulation and coding scheme data rates as follows:

0 (7 Mbps)
1 (14 Mbps)
2 (21 Mbps)
3 (29 Mbps)
4 (43 Mbps)
5 (58 Mbps)
6 (65 Mbps)
7 (72 Mbps)
8 (14 Mbps)
9 (29 Mbps)
10 (43 Mbps)
11 (58 Mbps)
12 (87 Mbps)
13 (116 Mbps)
14 (130 Mbps)
15 (144 Mbps)

Command Default

enable

Enables this configuration.

disable

Disables this configuration.

None

Cisco Wireless LAN Controller Command Reference, Release 8.0

1676

OL-31334-01

config Commands

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to specify MCS rates:

(Cisco Controller) > config 802.11a 11nsupport mcs tx 5 enable

Related Commands

config 802.11 11nsupport

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1677

config Commands

config 802.11 11nsupport rifs

To configure the Reduced Interframe Space (RIFS) between data frames and its acknowledgment, use the
config 802.11 11nsupport rifs command.
config 802.11{a | b} 11nsupport rifs {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables RIFS for the 802.11 network.

disable

Disables RIFS for the 802.11 network.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This example shows how to enable RIFS:

(Cisco Controller) > config 802.11a 11nsupport rifs enable

Related Commands

config 802.11 11nsupport mcs tx

config 802.11a disable network
config 802.11a disable
config 802.11a channel ap
config 802.11a txpower ap
config 802.11a chan_width

Cisco Wireless LAN Controller Command Reference, Release 8.0

1678

OL-31334-01

config Commands

config 802.11 antenna diversity

To configure the diversity option for 802.11 antennas, use the config 802.11 antenna diversity command.
config 802.11{a | b} antenna diversity {enable | sideA | sideB} cisco_ap

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the diversity.

sideA

Specifies the diversity between the internal antennas and an external antenna
connected to the Cisco lightweight access point left port.

sideB

Specifies the diversity between the internal antennas and an external antenna
connected to the Cisco lightweight access point right port.

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable antenna diversity for AP01 on an 802.11b network:
(Cisco Controller) >config 802.11a antenna diversity enable AP01

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1679

config Commands

config 802.11 antenna extAntGain

To configure external antenna gain for an 802.11 network, use the config 802.11 antenna extAntGain
command.
config 802.11{a | b} antenna extAntGain antenna_gain cisco_ap

Syntax Description

Command Default

Command History

Usage Guidelines

Specifies the 802.11a network.

Specifies the 802.11b/g network.

antenna_gain

Antenna gain in 0.5 dBm units (for example, 2.5 dBm = 5).

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure an 802.11a external antenna gain of 0.5 dBm for AP1:
(Cisco Controller) >config 802.11 antenna extAntGain 1 AP1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1680

OL-31334-01

config Commands

config 802.11 antenna mode

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

omni

Specifies to use both internal antennas.

sectorA

Specifies to use only the side A internal antenna.

sectorB

Specifies to use only the side B internal antenna.

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure access point AP01 antennas for a 360-degree omnidirectional
pattern on an 802.11b network:
(Cisco Controller) >config 802.11 antenna mode omni AP01

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1681

config Commands

config 802.11 antenna selection

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

internal

Specifies the internal antenna.

external

Specifies the external antenna.

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure access point AP02 on an 802.11b network to use the internal
antenna:
(Cisco Controller) >config 802.11a antenna selection internal AP02

Cisco Wireless LAN Controller Command Reference, Release 8.0

1682

OL-31334-01

config Commands

config 802.11 channel

To configure an 802.11 network or a single access point for automatic or manual channel selection, use the
config 802.11 channel command.
config 802.11{a | b} channel {global [auto | once | off | restart]} | ap {ap_name [global | channel]}

Syntax Description

Command Default

Command History

Usage Guidelines

Specifies the 802.11a network.

Specifies the 802.11b/g network.

global

Specifies the 802.11a operating channel that is automatically set by RRM and
overrides the existing configuration setting.

auto

(Optional) Specifies that the channel is automatically set by Radio Resource

Management (RRM) for the 802.11a radio.

once

(Optional) Specifies that the channel is automatically set once by RRM.

off

(Optional) Specifies that the automatic channel selection by RRM is disabled.

restarts

(Optional) Restarts the aggressive DCA cycle.

ap_name

Access point name.

channel

Manual channel number to be used by the access point. The supported channels
depend on the specific access point used and the regulatory region.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

When configuring 802.11 channels for a single lightweight access point, enter the config 802.11 disable
command to disable the 802.11 network. Enter the config 802.11 channel command to set automatic channel
selection by Radio Resource Management (RRM) or manually set the channel for the 802.11 radio, and enter
the config 802.11 enable command to enable the 802.11 network.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1683

config Commands

Note

Examples

See the Channels and Maximum Power Settings for Cisco Aironet Lightweight Access Points document
for the channels supported by your access point. The power levels and available channels are defined by
the country code setting and are regulated on a country-by-country basis.

The following example shows how to have RRM automatically configure the 802.11a channels for automatic
channel configuration based on the availability and interference:
(Cisco Controller) >config 802.11a channel global auto

The following example shows how to configure the 802.11b channels one time based on the availability and
interference:
(Cisco Controller) >config 802.11b channel global once

The following example shows how to turn 802.11a automatic channel configuration off:
(Cisco Controller) >config 802.11a channel global off

The following example shows how to configure the 802.11b channels in access point AP01 for automatic
channel configuration:
(Cisco Controller) >config 802.11b AP01 channel global

The following example shows how to configure the 802.11a channel 36 in access point AP01 as the default
channel:
(Cisco Controller) >config 802.11a channel AP01 36

Cisco Wireless LAN Controller Command Reference, Release 8.0

1684

OL-31334-01

config Commands

config 802.11 channel ap

To set the operating radio channel for an access point, use the config 802.11 channel ap command.
config 802.11{a | b} channel ap cisco_ap {global | channel_no}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

cisco_ap

Name of the Cisco access point.

global

Enables auto-RF on the designated access point.

channel_no

Default channel from 1 to 26, inclusive.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable auto-RF for access point AP01 on an 802.11b network:
(Cisco Controller) >config 802.11b channel ap AP01 global

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1685

config Commands

config 802.11 chan_width

To configure the channel width for a particular access point, use the config 802.11 chan_width command.
config 802.11{a | b} chan_width cisco_ap {20 | 40 | 80}

Syntax Description

Configures the 802.11a radio on slot 1 and 802.11ac

radio on slot 2.

Specifies the 802.11b/g radio.

cisco_ap

Access point.

Allows the radio to communicate using only 20-MHz

channels.
Choose this option for legacy 802.11a radios, 20-MHz
802.11n radios, or 40-MHz 802.11n radios that you
want to operate using only 20-MHz channels.

Command Default

Command History

Usage Guidelines

Caution

Allows 40-MHz 802.11n radios to communicate using

two adjacent 20-MHz channels bonded together.

Allows 80-MHz 802.11ac radios to communicate

using two adjacent 40-MHz channels bonded together.

The default channel width is 20.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

This parameter can be configured only if the primary channel is statically assigned.

We recommend that you do not configure 40-MHz channels in the 2.4-GHz radio band because severe
co-channel interference can occur.
Statically configuring an access points radio for 20- or 40-MHz mode overrides the globally configured DCA
channel width setting (configured by using the config advanced 802.11 channel dca chan-width-11n
command). If you change the static configuration back to global on the access point radio, the global DCA
configuration overrides the channel width configuration that the access point was previously using.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1686

OL-31334-01

config Commands

Examples

The following example shows how to configure the channel width for access point AP01 on an 802.11 network
using 40-MHz channels:
(Cisco Controller) > config 802.11a chan_width AP01 40

Related Commands

config 802.11 11nsupport

config wlan wmm required
config 802.11 11nsupport a-mpdu tx priority
config 802.11a disable network
config 802.11a disable
config 802.11a channel ap
config 802.11b disable
config 802.11b channel ap
config 802.11a txpower ap
config 802.11a 11acsupport

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1687

config Commands

config 802.11 rx-sop threshold

To configure the high, medium or low Receiver Start of Packet Detection Threshold (Rx SOP) threshold value
for each 802.11 band, use the config 802.11 rx-sop threshold command.
config {802.11a | 802.11b} rx-sop threshold {high | medium | low | auto} {ap ap_name | default}

Syntax Description

Command Default

Command History

Usage Guidelines

802.11a

Configures an Rx SOP threshold value for the 802.11a network.

802.11b

Configures an Rx SOP threshold value for the 802.11b network.

high

Configures the high Rx SOP threshold value for 802.11a/b networks.

medium

Configures the medium Rx SOP threshold value for 802.11a/b networks.

low

Configures the low Rx SOP threshold value for 802.11a/b networks.

auto

Configures an auto Rx SOP threshold value for 802.11a/b networks. When you
choose auto, the access point determines the best Rx SOP threshold value.

ap ap_name

Configures the Rx SOP threshold value on an access point of an 802.11 network.

default

Configures the Rx SOP threshold value on all access points of an 802.11 network.

The default Rx SOP threshold option is auto.

Release

Modification

8.0

This command was introduced.

Rx SOP determines the Wi-Fi signal level in dBm at which an access point's radio demodulates and decodes
a packet. Higher the level, less sensitive the radio is and smaller the receiver cell size. The table below shows
the Rx SOP threshold values for high, medium and low levels for each 802.11 band.
Table 17: Rx SOP Thresholds

802.11 Band

High Threshold

Medium Threshold

Low Threshold

5 GHz

-76 dBm

-78 dBm

-80 dBm

2.4 GHz

-79 dBm

-82 dBm

-85 dBm

Cisco Wireless LAN Controller Command Reference, Release 8.0

1688

OL-31334-01

config Commands

Examples

The following example shows how to configure a high Rx SOP threshold value for all access points in the
802.11a band:
(Cisco Controller) > config 802.11a rx-sop threshold high default

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1689

config Commands

config 802.11 txPower

To configure the transmit power level for all access points or a single access point in an 802.11 network, use
the config 802.11 txPower command.
config 802.11{a | b} txPower {global {power_level | auto | max | min | once } | ap cisco_ap}

Syntax Description

Command Default

Command History

Usage Guidelines

Specifies the 802.11a network.

Specifies the 802.11b/g network.

global

Configures the 802.11 transmit power level for all

lightweight access points.

auto

(Optional) Specifies the power level is automatically

set by Radio Resource Management (RRM) for the
802.11 Cisco radio.

once

(Optional) Specifies the power level is automatically

set once by RRM.

power_level

(Optional) Manual Transmit power level number for

the access point.

Configures the 802.11 transmit power level for a

specified lightweight access point.

ap_name

Access point name.

The command default (global, auto) is for automatic configuration by RRM.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The supported power levels depends on the specific access point used and the regulatory region. For example,
the 1240 series access point supports eight levels and the 1200 series access point supports six levels. See the
Channels and Maximum Power Settings for Cisco Aironet Lightweight Access Points document for the
maximum transmit power limits for your access point. The power levels and available channels are defined
by the country code setting and are regulated on a country-by-country basis.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1690

OL-31334-01

config Commands

Examples

The following example shows how to automatically set the 802.11a radio transmit power level in all lightweight
access points:
(Cisco Controller) > config 802.11a txPower auto

The following example shows how to manually set the 802.11b radio transmit power to level 5 for all
lightweight access points:
(Cisco Controller) > config 802.11b txPower global 5

The following example shows how to automatically set the 802.11b radio transmit power for access point
AP1:
(Cisco Controller) > config 802.11b txPower AP1 global

The following example shows how to manually set the 802.11a radio transmit power to power level 2 for
access point AP1:
(Cisco Controller) > config 802.11b txPower AP1 2

Related Commands

show ap config 802.11a

config 802.11b txPower

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1691

config Commands

config advanced 802.11 7920VSIEConfig

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

call-admission-limit

Configures the call admission limit for the 7920s.

G711-CU-Quantum

Configures the value supplied by the infrastructure indicating the current number
of channel utilization units that would be used by a single G.711-20ms call.

limit

Call admission limit (from 0 to 255). The default value is 105.

quantum

G711 quantum value. The default value is 15.

None.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This example shows how to configure the call admission limit for 7920 VISE parameters:
(Cisco Controller) > config advanced 802.11 7920VSIEConfig call-admission-limit 4

Cisco Wireless LAN Controller Command Reference, Release 8.0

1692

OL-31334-01

config Commands

config advanced 802.11 channel add

To add channel to the 802.11 networks auto RF channel list, use the config advanced 802.11 channel add
command.
config advanced 802.11{a | b} channel add channel_number

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

add

Adds a channel to the 802.11 network auto RF channel list.

channel_number

Channel number to add to the 802.11 network auto RF channel list.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add a channel to the 802.11a network auto RF channel list:
(Cisco Controller) >config advanced 802.11 channel add 132

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1693

config Commands

config advanced 802.11 channel cleanair-event

To configure CleanAir event driven Radio Resource Management (RRM) parameters for all 802.11 Cisco
lightweight access points, use the config advanced 802.11 channel cleanair-event command.
config advanced 802.11{a | b} channel cleanair-event {enable | disable | sensitivity [low | medium | high]
| custom threshold threshold_value}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the CleanAir event-driven RRM parameters.

disable

Disables the CleanAir event-driven RRM parameters.

sensitivity

Sets the sensitivity for CleanAir event-driven RRM.

low

(Optional) Specifies low sensitivity.

medium

(Optional) Specifies medium sensitivity

high

(Optional) Specifies high sensitivity

custom

Specifies custom sensitivity.

threshold

Specifies the EDRRM AQ threshold value.

threshold_value

Number of custom threshold.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the CleanAir event-driven RRM parameters:
(Cisco Controller) > config advanced 802.11 channel cleanair-event enable

The following example shows how to configure high sensitivity for CleanAir event-driven RRM:
(Cisco Controller) > config advanced 802.11 channel cleanair-event sensitivity high

Cisco Wireless LAN Controller Command Reference, Release 8.0

1694

OL-31334-01

config Commands

config advanced 802.11 channel dca anchor-time

To specify the time of day when the Dynamic Channel Assignment (DCA) algorithm is to start, use the config
advanced 802.11 channel dca anchor-time command.
config advanced 802.11{a | b} channel dca anchor-time value

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

value

Hour of the time between 0 and 23. These values

represent the hour from 12:00 a.m. to 11:00 p.m.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the time of delay when the DCA algorithm starts:
(Cisco Controller) > config advanced 802.11 channel dca anchor-time 17

Related Commands

config advanced 802.11 channel dca interval

config advanced 802.11 channel dca sensitivity
config advanced 802.11 channel

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1695

config Commands

config advanced 802.11 channel dca chan-width-11n

To configure the Dynamic Channel Assignment (DCA) channel width for all 802.11n radios in the 5-GHz
band, use the config advanced 802.11 channel dca chan-width-11n command.
config advanced 802.11{a | b} channel dca chan-width-11n {20 | 40 | 80}

Syntax Description

Command Default

Command History

Usage Guidelines

Specifies the 802.11a network.

Specifies the 802.11b/g network.

Sets the channel width for 802.11n radios to 20 MHz.

Sets the channel width for 802.11n radios to 40 MHz.

Sets the channel width for 802.11ac radios to 80-MHz.

The default channel width is 20.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

If you choose 40, be sure to set at least two adjacent channels in the config advanced 802.11 channel {add
| delete} channel_number command (for example, a primary channel of 36 and an extension channel of 40).
If you set only one channel, that channel is not used for the 40-MHz channel width.
To override the globally configured DCA channel width setting, you can statically configure an access points
radio for 20- or 40-MHz mode using the config 802.11 chan_width command. If you then change the static
configuration to global on the access point radio, the global DCA configuration overrides the channel width
configuration that the access point was previously using.

Examples

The following example shows how to add a channel to the 802.11a network auto channel list:
(Cisco Controller) > config advanced 802.11a channel dca chan-width-11n 40

Examples

The following example shows how to set the channel width for the 802.11ac radio as 80-MHz:
(Cisco Controller) > config advanced 802.11a channel dca chan-width-11n 80

Related Commands

config 802.11 chan_width

Cisco Wireless LAN Controller Command Reference, Release 8.0

1696

OL-31334-01

config Commands

config advanced 802.11 dca interval

config advanced 802.11 dca sensitivity
show advanced 802.11 channel
config 802.11a 11acsupport

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1697

config Commands

config advanced 802.11 channel dca interval

To specify how often the Dynamic Channel Assignment (DCA) is allowed to run, use the config advanced
802.11 channel dca interval command.
config advanced 802.11{a | b} channel dca interval value

Syntax Description

Command Default

Command History

Specifies the 802.11a network.

Specifies the 802.11b/g network.

value

Valid values are 0, 1, 2, 3, 4, 6, 8, 12, or 24 hours. 0

is 10 minutes (600 seconds).

The default DCA channel interval is 10 (10 minutes).

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

If your controller supports only OfficeExtend access points, we recommend that you set the DCA interval to
6 hours for optimal performance. For deployments with a combination of OfficeExtend access points and
local access points, the range of 10 minutes to 24 hours can be used.

Examples

The following example shows how often the DCA algorithm is allowed to run:
(Cisco Controller) > config advanced 802.11 channel dca interval 8

Related Commands

config advanced 802.11 dca anchor-time

config advanced 802.11 dca sensitivity
show advanced 802.11 channel

Cisco Wireless LAN Controller Command Reference, Release 8.0

1698

OL-31334-01

config Commands

config advanced 802.11 channel dca min-metric

To configure the 5-GHz minimum RSSI energy metric for DCA, use the config advanced 802.11 channel
dca min-metric command.
config advanced 802.11{a | b} channel dca RSSI_value

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

RSSI_value

Minimum received signal strength indicator (RSSI)

that is required for the DCA to trigger a channel
change. The range is from 100 to 60 dBm.

The default minimum RSSI energy metric for DCA is 95 dBm.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the minimum 5-GHz RSSI energy metric for DCA:
(Cisco Controller) > config advanced 802.11a channel dca min-metric 80

In the above example, the RRM must detect an interference energy of at least -80 dBm in RSSI for the DCA
to trigger a channel change.

Related Commands

config advanced 802.11 dca interval

config advanced 802.11 dca anchor-time
show advanced 802.11 channel

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1699

config Commands

config advanced 802.11 channel dca sensitivity

To specify how sensitive the Dynamic Channel Assignment (DCA) algorithm is to environmental changes
(for example, signal, load, noise, and interference) when determining whether or not to change channels, use
the config advanced 802.11 channel dca sensitivity command.
config advanced 802.11{a | b} channel dcasensitivity {low | medium | high}

Syntax Description

Command Default

Command History

Usage Guidelines

Specifies the 802.11a network.

Specifies the 802.11b/g network.

low

Specifies the DCA algorithm is not particularly

sensitive to environmental changes. See the Usage
Guidelines section for more information.

medium

Specifies the DCA algorithm is moderately sensitive

to environmental changes. See the Usage Guidelines
section for more information.

high

Specifies the DCA algorithm is highly sensitive to

environmental changes. See the Usage Guidelines
section for more information.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The DCA sensitivity thresholds vary by radio band as shown in the table below.
To aid in troubleshooting, the output of this command shows an error code for any failed calls. This table
explains the possible error codes for failed calls.
Table 18: DCA Sensitivity Thresholds

Sensitivity

2.4-GHz DCA Sensitivity Threshold 5-GHz DCA Sensitivity Threshold

High

5 dB

Medium

15 dB

20 dB

Cisco Wireless LAN Controller Command Reference, Release 8.0

1700

OL-31334-01

config Commands

Examples

Sensitivity

2.4-GHz DCA Sensitivity Threshold 5-GHz DCA Sensitivity Threshold

Low

30 dB

35 dB

The following example shows how to configure the value of DCA algorithms sensitivity to low:
(Cisco Controller) > config advanced 802.11 channel dca sensitivity low

Related Commands

config advanced 802.11 dca interval

config advanced 802.11 dca anchor-time
show advanced 802.11 channel

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1701

config Commands

config advanced 802.11 channel foreign

To have Radio Resource Management (RRM) consider or ignore foreign 802.11a interference avoidance in
making channel selection updates for all 802.11a Cisco lightweight access points, use the config advanced
802.11 channel foreign command.
config advanced 802.11{a | b} channel foreign {enable | disable}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the foreign access point 802.11a interference

avoidance in the channel assignment.

disable

Disables the foreign access point 802.11a interference

avoidance in the channel assignment.

The default value for the foreign access point 802.11a interference avoidance in the channel assignment is
enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to have RRM consider foreign 802.11a interference when making channel
selection updates for all 802.11a Cisco lightweight access points:
(Cisco Controller) > config advanced 802.11a channel foreign enable

Related Commands

show advanced 802.11a channel

config advanced 802.11b channel foreign

Cisco Wireless LAN Controller Command Reference, Release 8.0

1702

OL-31334-01

config Commands

config advanced 802.11 channel load

To have Radio Resource Management (RRM) consider or ignore the traffic load in making channel selection
updates for all 802.11a Cisco lightweight access points, use the config advanced 802.11 channel load
command.
config advanced 802.11{a | b} channel load {enable | disable}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the Cisco lightweight access point 802.11a

load avoidance in the channel assignment.

disable

Disables the Cisco lightweight access point 802.11a

load avoidance in the channel assignment.

The default value for Cisco lightweight access point 802.11a load avoidance in the channel assignment is
disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to have RRM consider the traffic load when making channel selection
updates for all 802.11a Cisco lightweight access points:
(Cisco Controller) > config advanced 802.11 channel load enable

Related Commands

show advanced 802.11a channel

config advanced 802.11b channel load

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1703

config Commands

config advanced 802.11 channel noise

To have Radio Resource Management (RRM) consider or ignore non-802.11a noise in making channel
selection updates for all 802.11a Cisco lightweight access points, use the config advanced 802.11 channel
noise command.
config advanced 802.11{a | b} channel noise {enable | disable}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables non-802.11a noise avoidance in the channel

assignment. or ignore.

disable

Disables the non-802.11a noise avoidance in the

channel assignment.

The default value for non-802.11a noise avoidance in the channel assignment is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to have RRM consider non-802.11a noise when making channel selection
updates for all 802.11a Cisco lightweight access points:
(Cisco Controller) > config advanced 802.11 channel noise enable

Related Commands

show advanced 802.11a channel

config advanced 802.11b channel noise

Cisco Wireless LAN Controller Command Reference, Release 8.0

1704

OL-31334-01

config Commands

config advanced 802.11 channel outdoor-ap-dca

To enable or disable the controller to avoid checking the non-Dynamic Frequency Selection (DFS) channels,
use the config advanced 802.11 channel outdoor-ap-dca command.
config advanced 802.11{a | b} channel outdoor-ap-dca {enable | disable}

Syntax Description

Command Default

Command History

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables 802.11 network DCA list option for outdoor

access point.

disable

Disables 802.11 network DCA list option for outdoor

access point.

The default value for 802.11 network DCA list option for outdoor access point is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

The config advanced 802.11{a | b} channel outdoor-ap-dca {enable | disable} command is applicable only
for deployments having outdoor access points such as 1522 and 1524.

Examples

The following example shows how to enable the 802.11a DCA list option for outdoor access point:
(Cisco Controller) > config advanced 802.11a channel outdoor-ap-dca enable

Related Commands

show advanced 802.11a channel

config advanced 802.11b channel noise

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1705

config Commands

config advanced 802.11 channel pda-prop

To enable or disable propagation of persistent devices, use the config advanced 802.11 channel pda-prop
command.
config advanced 802.11{a | b} channel pda-prop {enable | disable}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the 802.11 network DCA list option for the

outdoor access point.

disable

Disables the 802.11 network DCA list option for the

outdoor access point.

The default 802.11 network DCA list option for the outdoor access point is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable or disable propagation of persistent devices:
(Cisco Controller) > config advanced 802.11 channel pda-prop enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1706

OL-31334-01

config Commands

config advanced 802.11 channel update

To have Radio Resource Management (RRM) initiate a channel selection update for all 802.11a Cisco
lightweight access points, use the config advanced 802.11 channel update command.
config advanced 802.11{a | b} channel update

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to initiate a channel selection update for all 802.11a network access points:
(Cisco Controller) > config advanced 802.11a channel update

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1707

config Commands

config advanced 802.11 coverage

To enable or disable coverage hole detection, use the config advanced 802.11 coverage command.
config advanced 802.11{a | b} coverage {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the coverage hole detection.

disable

Disables the coverage hole detection.

The default coverage hole detection value is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

If you enable coverage hole detection, the Cisco WLC automatically determines, based on data that is received
from the access points, whether any access points have clients that are potentially located in areas with poor
coverage.
If both the number and percentage of failed packets exceed the values that you entered in the config advanced
802.11 coverage packet-count and config advanced 802.11 coverage fail-rate commands for a 5-second
period, the client is considered to be in a pre-alarm condition. The controller uses this information to distinguish
between real and false coverage holes and excludes clients with poor roaming logic. A coverage hole is
detected if both the number and percentage of failed clients meet or exceed the values entered in the config
advanced 802.11 coverage level global and config advanced 802.11 coverage exception global commands
over a 90-second period. The Cisco WLC determines whether the coverage hole can be corrected and, if
appropriate, mitigates the coverage hole by increasing the transmit power level for that specific access point.

Examples

The following example shows how to enable coverage hole detection on an 802.11a network:
(Cisco Controller) > config advanced 802.11a coverage enable

Related Commands

config advanced 802.11 coverage exception global

config advanced 802.11 coverage fail-rate
config advanced 802.11 coverage level global

Cisco Wireless LAN Controller Command Reference, Release 8.0

1708

OL-31334-01

config Commands

config advanced 802.11 coverage packet-count

config advanced 802.11 coverage rssi-threshold

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1709

config Commands

config advanced 802.11 coverage exception global

To specify the percentage of clients on an access point that are experiencing a low signal level but cannot
roam to another access point, use the config advanced 802.11 coverage exception global command.
config advanced 802.11{a | b} coverage exception global percent

Syntax Description

Command Default

Command History

Specifies the 802.11a network.

Specifies the 802.11b/g network.

percent

Percentage of clients. Valid values are from 0 to

100%.

The default percentage value for clients on an access point is 25%.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

If both the number and percentage of failed packets exceed the values that you entered in the config advanced
802.11 coverage packet-count and config advanced 802.11 coverage fail-rate commands for a 5-second
period, the client is considered to be in a pre-alarm condition. The controller uses this information to distinguish
between real and false coverage holes and excludes clients with poor roaming logic. A coverage hole is
detected if both the number and percentage of failed clients meet or exceed the values entered in theconfig
advanced 802.11 coverage level global and config advanced 802.11 coverage exception global commands
over a 90-second period. The controller determines whether the coverage hole can be corrected and, if
appropriate, mitigates the coverage hole by increasing the transmit power level for that specific access point.

Examples

The following example shows how to specify the percentage of clients for all 802.11a access points that are
experiencing a low signal level:
(Cisco Controller) > config advanced 802.11 coverage exception global 50

Related Commands

config advanced 802.11 coverage exception global

config advanced 802.11 coverage fail-rate
config advanced 802.11 coverage level global
config advanced 802.11 coverage packet-count
config advanced 802.11 coverage rssi-threshold

Cisco Wireless LAN Controller Command Reference, Release 8.0

1710

OL-31334-01

config Commands

config advanced 802.11 coverage

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1711

config Commands

config advanced 802.11 coverage fail-rate

To specify the failure rate threshold for uplink data or voice packets, use the config advanced 802.11 coverage
fail-rate command.
config advanced 802.11{a | b} coverage {data | voice} fail-rate percent

Syntax Description

Command Default

Command History

Specifies the 802.11a network.

Specifies the 802.11b/g network.

data

Specifies the threshold for data packets.

voice

Specifies the threshold for voice packets.

percent

Failure rate as a percentage. Valid values are from 1

to 100 percent.

The default failure rate threshold uplink coverage fail-rate value is 20%.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

If both the number and percentage of failed packets exceed the values that you entered in theconfig advanced
802.11 coverage packet-count and config advanced 802.11 coverage fail-rate commands for a 5-second
period, the client is considered to be in a pre-alarm condition. The controller uses this information to distinguish
between real and false coverage holes and excludes clients with poor roaming logic. A coverage hole is
detected if both the number and percentage of failed clients meet or exceed the values entered in the config
advanced 802.11 coverage level global and config advanced 802.11 coverage exception global commands
over a 90-second period. The controller determines whether the coverage hole can be corrected and, if
appropriate, mitigates the coverage hole by increasing the transmit power level for that specific access point.

Examples

The following example shows how to configure the threshold count for minimum uplink failures for data
packets:
(Cisco Controller) > config advanced 802.11 coverage fail-rate 80

Related Commands

config advanced 802.11 coverage exception global

config advanced 802.11 coverage level global

Cisco Wireless LAN Controller Command Reference, Release 8.0

1712

OL-31334-01

config Commands

config advanced 802.11 coverage packet-count

config advanced 802.11 coverage rssi-threshold
config advanced 802.11 coverage

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1713

config Commands

config advanced 802.11 coverage level global

To specify the minimum number of clients on an access point with an received signal strength indication
(RSSI) value at or below the data or voice RSSI threshold, use the config advanced 802.11 coverage level
global command.
config advanced 802.11{a | b} coverage level global clients

Syntax Description

Command Default

Command History

Specifies the 802.11a network.

Specifies the 802.11b/g network.

clients

Minimum number of clients. Valid values are from 1

to 75.

The default minimum number of clients on an access point is 3.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

If both the number and percentage of failed packets exceed the values that you entered in the config advanced
802.11 coverage packet-count and config advanced 802.11 coverage fail-rate commands for a 5-second
period, the client is considered to be in a pre-alarm condition. The controller uses this information to distinguish
between real and false coverage holes and excludes clients with poor roaming logic. A coverage hole is
detected if both the number and percentage of failed clients meet or exceed the values entered in the config
advanced 802.11 coverage level global and config advanced 802.11 coverage exception global commands
over a 90-second period. The controller determines whether the coverage hole can be corrected and, if
appropriate, mitigates the coverage hole by increasing the transmit power level for that specific access point.

Examples

The following example shows how to specify the minimum number of clients on all 802.11a access points
with an RSSI value at or below the RSSI threshold:
(Cisco Controller) > config advanced 802.11 coverage level global 60

Related Commands

config advanced 802.11 coverage exception global

config advanced 802.11 coverage fail-rate
config advanced 802.11 coverage packet-count
config advanced 802.11 coverage rssi-threshold

Cisco Wireless LAN Controller Command Reference, Release 8.0

1714

OL-31334-01

config Commands

config advanced 802.11 coverage

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1715

config Commands

config advanced 802.11 coverage packet-count

To specify the minimum failure count threshold for uplink data or voice packets, use the config advanced
802.11 coverage packet-count command.
config advanced 802.11{a | b} coverage {data | voice} packet-count packets

Syntax Description

Command Default

Command History

Specifies the 802.11a network.

Specifies the 802.11b/g network.

data

Specifies the threshold for data packets.

voice

Specifies the threshold for voice packets.

packets

Minimum number of packets. Valid values are from

1 to 255 packets.

The default failure count threshold for uplink data or voice packets is10.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

If both the number and percentage of failed packets exceed the values that you entered in the config advanced
802.11 coverage packet-count and config advanced 802.11 coverage fail-rate commands for a 5-second
period, the client is considered to be in a pre-alarm condition. The controller uses this information to distinguish
between real and false coverage holes and excludes clients with poor roaming logic. A coverage hole is
detected if both the number and percentage of failed clients meet or exceed the values entered in the config
advanced 802.11 coverage level global and config advanced 802.11 coverage exception global commands
over a 90-second period. The controller determines whether the coverage hole can be corrected and, if
appropriate, mitigates the coverage hole by increasing the transmit power level for that specific access point.

Examples

The following example shows how to configure the failure count threshold for uplink data packets:
(Cisco Controller) > config advanced 802.11 coverage packet-count 100

Related Commands

config advanced 802.11 coverage exception global

config advanced 802.11 coverage fail-rate
config advanced 802.11 coverage level global

Cisco Wireless LAN Controller Command Reference, Release 8.0

1716

OL-31334-01

config Commands

config advanced 802.11 coverage rssi-threshold

config advanced 802.11 coverage

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1717

config Commands

config advanced 802.11 coverage rssi-threshold

To specify the minimum receive signal strength indication (RSSI) value for packets that are received by an
access point, use the config advanced 802.11 coverage rssi-threshold command.
config advanced 802.11{a | b} coverage {data | voice} rssi-threshold rssi

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

data

Specifies the threshold for data packets.

voice

Specifies the threshold for voice packets.

rssi

Valid values are from 60 to 90 dBm.

Command Default

The default RSSI value for data packets is 80 dBm.

The default RSSI value for voice packets is 75 dBm.

Command History

Usage Guidelines

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The rssi value that you enter is used to identify coverage holes (or areas of poor coverage) within your network.
If the access point receives a packet in the data or voice queue with an RSSI value that is below the value that
you enter, a potential coverage hole has been detected.
The access point takes RSSI measurements every 5 seconds and reports them to the controller in 90-second
intervals.
If both the number and percentage of failed packets exceed the values that you entered in the config advanced
802.11 coverage packet-count and config advanced 802.11 coverage fail-rate commands for a 5-second
period, the client is considered to be in a pre-alarm condition. The controller uses this information to distinguish
between real and false coverage holes and excludes clients with poor roaming logic. A coverage hole is
detected if both the number and percentage of failed clients meet or exceed the values entered in the config
advanced 802.11 coverage level global and config advanced 802.11 coverage exception global commands
over a 90-second period. The controller determines whether the coverage hole can be corrected and, if
appropriate, mitigates the coverage hole by increasing the transmit power level for that specific access point.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1718

OL-31334-01

config Commands

Examples

The following example shows how to configure the minimum receive signal strength indication threshold
value for data packets that are received by an 802.11a access point:
(Cisco Controller) > config advanced 802.11a coverage rssi-threshold -60

Related Commands

config advanced 802.11 coverage exception global

config advanced 802.11 coverage fail-rate
config advanced 802.11 coverage level global
config advanced 802.11 coverage packet-count
config advanced 802.11 coverage

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1719

config Commands

config advanced 802.11 edca-parameters

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

wmm-default

Enables the Wi-Fi Multimedia (WMM) default

parameters. Choose this option when voice or video
services are not deployed on your network.

svp-voice

Enables Spectralink voice priority parameters. Choose

this option if Spectralink phones are deployed on your
network to improve the quality of calls.

optimized-voice

Enables EDCA voice-optimized profile parameters.

Choose this option when voice services other than
Spectralink are deployed on your network.

optimized-video-voice

Enables EDCA voice- and video-optimized profile

parameters. Choose this option when both voice and
video services are deployed on your network.
Note

Enables custom voice EDCA parameters for 802.11a.

The EDCA parameters under this option also match the
6.0 WMM EDCA parameters when this profile is
applied.

custom-voice

Command Default

Command History

If you deploy video services, admission control

(ACM) must be disabled.

The default EDCA parameter is wmm-default.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1720

OL-31334-01

config Commands

Examples

This example shows how to enable Spectralink voice priority parameters:

(Cisco Controller) > config advanced 802.11 edca-parameters svp-voice

Related Commands

show 802.11a
config advanced 802.11b edca-parameters

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1721

config Commands

config advanced 802.11 factory

To reset 802.11a advanced settings back to the factory defaults, use the config advanced 802.11 factory
command.
config advanced 802.11{a | b} factory

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to return all the 802.11a advanced settings to their factory defaults:
(Cisco Controller) > config advanced 802.11a factory

Related Commands

show advanced 802.11a channel

Cisco Wireless LAN Controller Command Reference, Release 8.0

1722

OL-31334-01

config Commands

config advanced 802.11 group-member

To configure members in 802.11 static RF group, use the config advanced 802.11 group-member command.
config advanced 802.11{a | b} group-member {add | remove} controller controller-ip-address

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

add

Adds a controller to the static RF group.

remove

Removes a controller from the static RF group.

controller

Name of the controller to be added.

controller-ip-address

IP address of the controller to be added.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to add a controller in the 802.11a automatic RF group:
(Cisco Controller) > config advanced 802.11a group-member add cisco-controller 209.165.200.225

Related Commands

show advanced 802.11a group

config advanced 802.11 group-mode

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1723

config Commands

config advanced 802.11 group-mode

To set the 802.11a automatic RF group selection mode on or off, use the config advanced 802.11 group-mode
command.
config advanced 802.11{a | b} group-mode {auto | leader | off | restart}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

auto

Sets the 802.11a RF group selection to automatic

update mode.

leader

Sets the 802.11a RF group selection to static mode,

and sets this controller as the group leader.

off

Sets the 802.11a RF group selection to off.

restart

Restarts the 802.11a RF group selection.

The default 802.11a automatic RF group selection mode is auto.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the 802.11a automatic RF group selection mode on:
(Cisco Controller) > config advanced 802.11a group-mode auto

The following example shows how to configure the 802.11a automatic RF group selection mode off:
(Cisco Controller) > config advanced 802.11a group-mode off

Related Commands

show advanced 802.11a group

config advanced 802.11 group-member

Cisco Wireless LAN Controller Command Reference, Release 8.0

1724

OL-31334-01

config Commands

config advanced 802.11 logging channel

To turn the channel change logging mode on or off, use the config advanced 802.11 logging channel command.
config advanced 802.11{a | b} logging channel {on | off}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

logging channel

Logs channel changes.

Enables the 802.11 channel logging.

off

Disables 802.11 channel logging.

The default channel change logging mode is Off (disabled).

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to turn the 802.11a logging channel selection mode on:
(Cisco Controller) > config advanced 802.11a logging channel on

Related Commands

show advanced 802.11a logging

config advanced 802.11b logging channel

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1725

config Commands

config advanced 802.11 logging coverage

To turn the coverage profile logging mode on or off, use the config advanced 802.11 logging coverage
command.
config advanced 802.11{a | b} logging coverage {on | off}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

Enables the 802.11 coverage profile violation logging.

off

Disables the 802.11 coverage profile violation

logging.

The default coverage profile logging mode is Off (disabled).

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to turn the 802.11a coverage profile violation logging selection mode on:
(Cisco Controller) > config advanced 802.11a logging coverage on

Related Commands

show advanced 802.11a logging

config advanced 802.11b logging coverage

Cisco Wireless LAN Controller Command Reference, Release 8.0

1726

OL-31334-01

config Commands

config advanced 802.11 logging foreign

To turn the foreign interference profile logging mode on or off, use the config advanced 802.11 logging
foreign command.
config advanced 802.11{a | b} logging foreign {on | off}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

Enables the 802.11 foreign interference profile

violation logging.

off

Disables the 802.11 foreign interference profile

violation logging.

The default foreign interference profile logging mode is Off (disabled).

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to turn the 802.11a foreign interference profile violation logging selection
mode on:
(Cisco Controller) > config advanced 802.11a logging foreign on

Related Commands

show advanced 802.11a logging

config advanced 802.11b logging foreign

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1727

config Commands

config advanced 802.11 logging load

To turn the 802.11a load profile logging mode on or off, use the config advanced 802.11 logging load
command.
config advanced 802.11{a | b} logging load {on | off}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

Enables the 802.11 load profile violation logging.

off

Disables the 802.11 load profile violation logging.

The default 802.11a load profile logging mode is Off (disabled).

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to turn the 802.11a load profile logging mode on:
(Cisco Controller) > config advanced 802.11 logging load on

Related Commands

show advanced 802.11a logging

config advanced 802.11b logging load

Cisco Wireless LAN Controller Command Reference, Release 8.0

1728

OL-31334-01

config Commands

config advanced 802.11 logging noise

To turn the 802.11a noise profile logging mode on or off, use the config advanced 802.11 logging noise
command.
config advanced 802.11{a | b} logging noise {on | off}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

Enables the 802.11 noise profile violation logging.

off

Disables the 802.11 noise profile violation logging.

The default 802.11a noise profile logging mode is off (disabled).

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to turn the 802.11a noise profile logging mode on:
(Cisco Controller) > config advanced 802.11a logging noise on

Related Commands

show advanced 802.11a logging

config advanced 802.11b logging noise

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1729

config Commands

config advanced 802.11 logging performance

To turn the 802.11a performance profile logging mode on or off, use the config advanced 802.11 logging
performance command.
config advanced 802.11{a | b} logging performance {on | off}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

Enables the 802.11 performance profile violation

logging.

off

Disables the 802.11 performance profile violation

logging.

The default 802.11a performance profile logging mode is off (disabled).

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to turn the 802.11a performance profile logging mode on:
(Cisco Controller) > config advanced 802.11a logging performance on

Related Commands

show advanced 802.11a logging

config advanced 802.11b logging performance

Cisco Wireless LAN Controller Command Reference, Release 8.0

1730

OL-31334-01

config Commands

config advanced 802.11 logging txpower

To turn the 802.11a transmit power change logging mode on or off, use the config advanced 802.11 logging
txpower command.
config advanced 802.11{a | b} logging txpower {on | off}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

Enables the 802.11 transmit power change logging.

off

Disables the 802.11 transmit power change logging.

The default 802.11a transmit power change logging mode is off (disabled).

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to turn the 802.11a transmit power change mode on:
(Cisco Controller) > config advanced 802.11 logging txpower off

Related Commands

show advanced 802.11 logging

config advanced 802.11b logging power

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1731

config Commands

config advanced 802.11 monitor channel-list

To set the 802.11a noise, interference, and rogue monitoring channel list, use the config advanced 802.11
monitor channel-list command.
config advanced 802.11{a | b} monitor channel-list {all | country | dca}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

all

Monitors all channels.

country

Monitors the channels used in the configured country

code.

dca

Monitors the channels used by the automatic channel

assignment.

The default 802.11a noise, interference, and rogue monitoring channel list is country.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to monitor the channels used in the configured country:
(Cisco Controller) > config advanced 802.11 monitor channel-list country

Related Commands

show advanced 802.11a monitor coverage

Cisco Wireless LAN Controller Command Reference, Release 8.0

1732

OL-31334-01

config Commands

config advanced 802.11 monitor coverage

To set the coverage measurement interval between 60 and 3600 seconds, use the config advanced 802.11
monitor coverage command.
config advanced 802.11{a | b} monitor coverage seconds

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

seconds

Coverage measurement interval between 60 and 3600

seconds.

The default coverage measurement interval is180 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set the coverage measurement interval to 60 seconds:
(Cisco Controller) > config advanced 802.11 monitor coverage 60

Related Commands

show advanced 802.11a monitor

config advanced 802.11b monitor coverage

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1733

config Commands

config advanced 802.11 monitor load

To set the load measurement interval between 60 and 3600 seconds, use the config advanced 802.11 monitor
load command.
config advanced 802.11{a | b} monitor load seconds

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

seconds

Load measurement interval between 60 and 3600

seconds.

The default load measurement interval is 60 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set the load measurement interval to 60 seconds:
(Cisco Controller) > config advanced 802.11 monitor load 60

Related Commands

show advanced 802.11a monitor

config advanced 802.11b monitor load

Cisco Wireless LAN Controller Command Reference, Release 8.0

1734

OL-31334-01

config Commands

config advanced 802.11 monitor mode

To enable or disable 802.11a access point monitoring, use the config advanced 802.11 monitor mode
command.
config advanced 802.11{a | b} monitor mode {enable | disable}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the 802.11 access point monitoring.

disable

Disables the 802.11 access point monitoring.

The default 802.11a access point monitoring is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the 802.11a access point monitoring:
(Cisco Controller) > config advanced 802.11a monitor mode enable

Related Commands

show advanced 802.11a monitor

config advanced 802.11b monitor mode

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1735

config Commands

config advanced 802.11 monitor ndp-type

To configure the 802.11 access point radio resource management (RRM) Neighbor Discovery Protocol (NDP)
type, use the config advanced 802.11 monitor ndp-type command:
config advanced 802.11{a | b} monitor ndp-type {protected | transparent}

Syntax Description

Command Default

Command History

Specifies the 802.11a network.

Specifies the 802.11b/g network.

protected

Specifies the Tx RRM protected NDP.

transparent

Specifies the Tx RRM transparent NDP.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Before you configure the 802.11 access point RRM NDP type, ensure that you have disabled the network by
entering the config 802.11 disable network command.

Examples

The following example shows how to enable the 802.11a access point RRM NDP type as protected:
(Cisco Controller) > config advanced 802.11 monitor ndp-type protected

Related Commands

config advanced 802.11 monitor

config advanced 802.11 monitor mode
config advanced 802.11 disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1736

OL-31334-01

config Commands

config advanced 802.11 monitor noise

To set the 802.11a noise measurement interval between 60 and 3600 seconds, use the config advanced 802.11
monitor noise command.
config advanced 802.11{a | b} monitor noise seconds

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

seconds

Noise measurement interval between 60 and 3600

seconds.

The default 802.11a noise measurement interval is 80 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set the noise measurement interval to 120 seconds:
(Cisco Controller) > config advanced 802.11 monitor noise 120

Related Commands

show advanced 802.11a monitor

config advanced 802.11b monitor noise

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1737

config Commands

config advanced 802.11 monitor signal

To set the signal measurement interval between 60 and 3600 seconds, use the config advanced 802.11 monitor
signal command.
config advanced 802.11{a | b} monitor signal seconds

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

seconds

Signal measurement interval between 60 and 3600

seconds.

The default signal measurement interval is 60 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set the signal measurement interval to 120 seconds:
(Cisco Controller) > config advanced 802.11 monitor signal 120

Related Commands

show advanced 802.11a monitor

config advanced 802.11b monitor signal

Cisco Wireless LAN Controller Command Reference, Release 8.0

1738

OL-31334-01

config Commands

config advanced 802.11 optimized roaming

To configure the optimized roaming parameters for each 802.11 band, use the config advanced 802.11
optimized roaming command.
config advanced {802.11a | 802.11b} optimized-roaming {enable | disable | interval seconds | datarate
mbps}

Syntax Description

802.11a

Configures optimized roaming parameters for 802.11a network.

802.11b

Configures optimized roaming parameters for 802.11b network.

enable

Enables optimized roaming.

disable

Disables optimized roaming.

interval

Configures the client coverage reporting interval for 802.11a/b networks.

seconds

Client coverage reporting interval in seconds. The range is from 5 to 90 seconds.

datarate

Configures the threshold data rate for 802.11a/b networks.

mbps

Threshold data rate in Mbps for 802.11a/b networks.

For 802.11a, the configurable data rates are 6, 9, 12, 18, 24, 36, 48, and 54.
For 802.11b, the configurable data rates are 1, 2, 5.5, 11, 6, 9, 12, 18, 24, 36, 48,
and 54.
You can configure 0 to disable the data rate for disassociating clients.

Command Default

Command History

Usage Guidelines

By default, optimized roaming is disabled. The default value for client coverage reporting interval is 90 seconds
and threshold data rate is 0 (disabled state).

Release

Modification

8.0

This command was introduced.

You must disable the 802.11a/b network before you configure the optimized roaming reporting interval. If
you configure a low value for the reporting interval, the network can get overloaded with coverage report
messages.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1739

config Commands

Examples

The following example shows how to enable optimized roaming for the 802.11a network:
(Cisco Controller) > config advanced 802.11a optimized roaming enable

The following example shows how to configure the data rate interval for the 802.11a network:
(Cisco Controller) > config advanced 802.11a optimized roaming datarate 9

Cisco Wireless LAN Controller Command Reference, Release 8.0

1740

OL-31334-01

config Commands

config advanced 802.11 profile foreign

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

global

Configures all 802.11a Cisco lightweight access points.

cisco_ap

Cisco lightweight access point name.

percent

802.11a foreign 802.11a interference threshold between 0 and 100 percent.

The default foreign 802.11a transmitter interference threshold value is 10.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set the foreign 802.11a transmitter interference threshold for AP1 to 0
percent:
(Cisco Controller) >config advanced 802.11 profile foreign AP1 0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1741

config Commands

config advanced 802.11 profile noise

To set the 802.11a foreign noise threshold between 127 and 0 dBm, use the config advanced 802.11 profile
noise command.
config advanced 802.11{a | b} profile noise {global | cisco_ap} dBm

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a/n network.

Specifies the 802.11b/g/n network.

global

Configures all 802.11a Cisco lightweight access point specific profiles.

cisco_ap

Cisco lightweight access point name.

dBm

802.11a foreign noise threshold between 127 and 0 dBm.

The default foreign noise threshold value is 70 dBm.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set the 802.11a foreign noise threshold for all Cisco lightweight access
points to 127 dBm:
(Cisco Controller) >config advanced 802.11a profile noise global -127

The following example shows how to set the 802.11a foreign noise threshold for AP1 to 0 dBm:
(Cisco Controller) >config advanced 802.11a profile noise AP1 0

Cisco Wireless LAN Controller Command Reference, Release 8.0

1742

OL-31334-01

config Commands

config advanced 802.11 profile throughput

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

global

Configures all 802.11a Cisco lightweight access point specific profiles.

cisco_ap

Cisco lightweight access point name.

value

802.11a Cisco lightweight access point throughput threshold between 1000 and
10000000 bytes per second.

The default Cisco lightweight access point data-rate throughput threshold value is 1,000,000 bytes per second.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set all Cisco lightweight access point data-rate thresholds to 1000 bytes
per second:
(Cisco Controller) >config advanced 802.11 profile throughput global 1000

The following example shows how to set the AP1 data-rate threshold to 10000000 bytes per second:
(Cisco Controller) >config advanced 802.11 profile throughput AP1 10000000

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1743

config Commands

config advanced 802.11 profile utilization

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

global

Configures a global Cisco lightweight access point specific profile.

cisco_ap

Cisco lightweight access point name.

percent

802.11a RF utilization threshold between 0 and 100 percent.

The default RF utilization threshold value is 80 percent.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set the RF utilization threshold for all Cisco lightweight access points
to 0 percent:
(Cisco Controller) >config advanced 802.11 profile utilization global 0

The following example shows how to set the RF utilization threshold for AP1 to 100 percent:
(Cisco Controller) >config advanced 802.11 profile utilization AP1 100

Cisco Wireless LAN Controller Command Reference, Release 8.0

1744

OL-31334-01

config Commands

config advanced 802.11 receiver

To set the advanced receiver configuration settings, use the config advanced 802.11 receiver command.
config advanced 802.11{a | b} receiver {default | rxstart jumpThreshold value}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

receiver

Specifies the receiver configuration.

default

Specifies the default advanced receiver configuration.

rxstartjumpThreshold

Specifies the receiver start signal.

value

Jump threshold configuration value between 0 and

127.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to prevent changes to receiver parameters while the network is enabled:
(Cisco Controller) > config advanced 802.11 receiver default

Related Commands

config advanced 802.11b receiver

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1745

config Commands

config advanced 802.11 tpc-version

To configure the Transmit Power Control (TPC) version for a radio, use the config advanced 802.11
tpc-version command.
config advanced 802.11{a | b} tpc-version {1 | 2}

Syntax Description

Command Default

Command History

Examples

Specifies the TPC version 1 that offers strong signal

coverage and stability.

Specifies TPC version 2 is for scenarios where voice

calls are extensively used. The Tx power is
dynamically adjusted with the goal of minimum
interference. It is suitable for dense networks. In this
mode, there could be higher roaming delays and
coverage hole incidents.

The default TPC version for a radio is 1.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the TPC version as 1 for the 802.11a radio:
(Cisco Controller) > config advanced 802.11a tpc-version 1

Related Commands

config advanced 802.11 tpcv1-thresh

Cisco Wireless LAN Controller Command Reference, Release 8.0

1746

OL-31334-01

config Commands

config advanced 802.11 tpcv1-thresh

To configure the threshold for Transmit Power Control (TPC) version 1 of a radio, use the config advanced
802.11 tpcv1-thresh command.
config advanced 802.11{a | b} tpcv1-thresh threshold

Syntax Description

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g/n network.

threshold

Threshold value between 50 dBm to 80 dBm.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the threshold as 60 dBm for TPC version 1 of the 802.11a
radio:
(Cisco Controller) > config advanced 802.11 tpcv1-thresh -60

Related Commands

config advanced 802.11 tpc-thresh

config advanced 802.11 tpcv2-thresh

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1747

config Commands

config advanced 802.11 tpcv2-intense

To configure the computational intensity for Transmit Power Control (TPC) version 2 of a radio, use the
config advanced 802.11 tpcv2-intense command.
config advanced 802.11{a | b} tpcv2-intense intensity

Syntax Description

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g/n network.

intensity

Computational intensity value between 1 to 100.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the computational intensity as 50 for TPC version 2 of the
802.11a radio:
(Cisco Controller) > config advanced 802.11 tpcv2-intense 50

Related Commands

config advanced 802.11 tpc-thresh

config advanced 802.11 tpcv2-thresh
config advanced 802.11 tpcv2-per-chan

Cisco Wireless LAN Controller Command Reference, Release 8.0

1748

OL-31334-01

config Commands

config advanced 802.11 tpcv2-per-chan

To configure the Transmit Power Control Version 2 on a per-channel basis, use the config advanced 802.11
tpcv2-per-chan command.
config advanced 802.11{a | b} tpcv2-per-chan {enable | disable}

Syntax Description

Command History

Examples

enable

Enables the configuration of TPC version 2 on a

per-channel basis.

disable

Disables the configuration of TPC version 2 on a

per-channel basis.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable TPC version 2 on a per-channel basis for the 802.11a radio:
(Cisco Controller) > config advanced 802.11 tpcv2-per-chan enable

Related Commands

config advanced 802.11 tpc-thresh

config advanced 802.11 tpcv2-thresh
config advanced 802.11 tpcv2-intense

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1749

config Commands

config advanced 802.11 tpcv2-thresh

To configure the threshold for Transmit Power Control (TPC) version 2 of a radio, use the config advanced
802.11 tpcv2-thresh command.
config advanced 802.11{a | b} tpcv2-thresh threshold

Syntax Description

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

threshold

Threshold value between 50 dBm to 80 dBm.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the threshold as 60 dBm for TPC version 2 of the 802.11a
radio:
(Cisco Controller) > config advanced 802.11a tpcv2-thresh -60

Related Commands

config advanced 802.11 tpc-thresh

config advanced 802.11 tpcv1-thresh
config advanced 802.11 tpcv2-per-chan

Cisco Wireless LAN Controller Command Reference, Release 8.0

1750

OL-31334-01

config Commands

config advanced 802.11 txpower-update

To initiate updates of the 802.11a transmit power for every Cisco lightweight access point, use the config
advanced 802.11 txpower-update command.
config advanced 802.11{a | b} txpower-update

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to initiate updates of 802.11a transmit power for an 802.11a access point:
(Cisco Controller) > config advanced 802.11 txpower-update

Related Commands

config advance 802.11b txpower-update

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1751

config Commands

config advanced dot11-padding

To enable or disable over-the-air frame padding, use the config advanced dot11-padding command.
config advanced dot11-padding {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the over-the-air frame padding.

disable

Disables the over-the-air frame padding.

The default over-the-air frame padding is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable over-the-air frame padding:

(Cisco Controller) > config advanced dot11-padding enable

Related Commands

debug dot11
debug dot11 mgmt interface
debug dot11 mgmt msg
debug dot11 mgmt ssid
debug dot11 mgmt state-machine
debug dot11 mgmt station
show advanced dot11-padding

Cisco Wireless LAN Controller Command Reference, Release 8.0

1752

OL-31334-01

config Commands

config client location-calibration

To configure link aggregation, use the config client location-calibration command.
config client location-calibration {enable mac_address interval | disable mac_address}

Syntax Description

Command Default

Command History

Examples

enable

(Optional) Specifies that client location calibration is enabled.

mac_address

MAC address of the client.

interval

Measurement interval in seconds.

disable

(Optional) Specifies that client location calibration is disabled.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the client location calibration for the client 37:15:85:2a with a
measurement interval of 45 seconds:
(Cisco Controller) >config client location-calibration enable 37:15:86:2a:Bc:cf 45

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1753

Configuring 802.11k and Assisted Roaming

config network rf-network-name

To set the RF-Network name, use the config network rf-network-name command.
config network rf-network-name name

Syntax Description

Command Default

Command History

Examples

name

RF-Network name. The name can contain up to 19

characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to set the RF-network name to travelers:
(Cisco Controller) > config network rf-network-name travelers

Related Commands

show network summary

Configuring 802.11k and Assisted Roaming

This section lists the commands for configuring, displaying, and debugging 802.11k and assisted roaming
settings on the controller.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1754

OL-31334-01

Configuring 802.11k and Assisted Roaming

config assisted-roaming
To configure assisted roaming parameters on the controller, use the config assisted-roaming command.
config assisted-roaming {denial-maximum count | floor-bias RSSI | prediction-minimum number_of_APs}

Syntax Description

denial-maximum

Configures the maximum number of counts for association denial.

count

Maximum number of times that a client is denied for association when the
association request that was sent to an access point does not match any access
point on the prediction list. The range is from 1 to 10.

floor-bias

Configures the RSSI bias for access points on the same floor.

RSSI

RSSI bias for access points on the same floor. The range is from 5 to 25. Access
points on the same floor have more preference.

prediction-minimum

Configures the minimum number of optimized access points for the assisted
roaming feature.

number_of_APs

Minimum number of optimized access points for the assisted roaming feature.
The range is from 1 to 6. If the number of access points in the prediction assigned
to the client is smaller than this number, the assisted roaming feature does not
work.

Command Default

The default RSSI bias for access points on the same floor is 15 dBm.

Usage Guidelines

802.11k allows a client to request a neighbor report that contains information about known neighbor access
points, which can be used for a service set transition. The neighbor list reduces the need for active and passive
scanning.

Examples

This example shows how to configure the minimum number of optimized access points for the assisted roaming
feature:
> config assisted-roaming prediction-minimum 4

Related Commands

config wlan assisted-roaming

show assisted-roaming
debug 11k

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1755

Configuring 802.11k and Assisted Roaming

config wlan assisted-roaming

To configure assisted roaming on a WLAN, use the config wlan assisted-roaming command.
config wlan assisted-roaming {neighbor-list | dual-list | prediction} {enable | disable} wlan_id

Syntax Description

Command Default

neighbor-list

Configures an 802.11k neighbor list for a WLAN.

dual-list

Configures a dual band 802.11k neighbor list for a WLAN. The default is
the band that the client is currently associated with.

prediction

Configures an assisted roaming optimization prediction for a WLAN.

enable

Enables the configuration on the WLAN.

disable

Disables the configuration on the WLAN.

wlan_id

Wireless LAN identifier between 1 and 512 (inclusive).

The 802.11k neighbor list is enabled for all WLANs.

By default, dual band list is enabled if the neighbor list feature is enabled for the WLAN.

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When you enable the assisted roaming prediction list, a warning appears and load balancing is disabled for
the WLAN, if load balancing is already enabled on the WLAN.

Examples

The following example shows how to enable an 802.11k neighbor list for a WLAN:
(Cisco Controller) >config wlan assisted-roaming neighbor-list enable 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1756

OL-31334-01

Configuring 802.11k and Assisted Roaming

show assisted-roaming
To display assisted roaming and 802.11k configurations, use the show assisted-roaming command.
show assisted-roaming

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display assisted roaming and 802.11k configurations:
> show assisted-roaming
Assisted Roaming and 80211k Information:
Floor RSSI Bias.................................. 15 dBm
Maximum Denial................................... 2 counts
Minimium Optimized Neighbor Assigned............. 2 neighbors
Assisted Roaming Performance Chart:
Matching Assigned Neighbor.......................
Matching Assigned Neighbor.......................
Matching Assigned Neighbor.......................
Matching Assigned Neighbor.......................
Matching Assigned Neighbor.......................
Matching Assigned Neighbor.......................
Matching Assigned Neighbor.......................
Matching Assigned Neighbor.......................
No Matching Neighbor.............................
No Neighbor Assigned.............................

Related Commands

[0]
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]

=
=
=
=
=
=
=
=
=
=

0
0
0
0
0
0
0
0
0
0

config assisted-roaming
config wlan assisted-roaming
debug 11k

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1757

debug Commands

debug 11k
To configure the debugging of 802.11k settings, use the debug 11k command.
debug 11k {all | detail | errors| events | history | optimization | simulation} {enable | disable}

Syntax Description

all

Configures the debugging of all 802.11k messages.

detail

Configures the debugging of 802.11k details.

errors

Configures the debugging of 802.11k errors.

events

Configures the debugging of all 802.11k events.

history

Configures the debugging of all 802.11k history. The Cisco WLC collects
roam history of the client.

optimization

Configures the debugging of 802.11k optimizations. You can view optimization

steps of neighbor lists.

simulation

Configures the debugging of 802.11k simulation data. You can view details
of client roaming parameters and import them for offline simulation.

enable

Enables the 802.1k debugging.

disable

Disables the 802.1k debugging.

Command Default

None.

Examples

This example shows how to enable the debugging of 802.11k simulation data:
> debug 11k simulation enable

Related Commands

config assisted-roaming
config wlan assisted-roaming
show assisted-roaming

debug Commands
This section lists the debug commands to manage Radio Resource Management (RRM) settings of the
controller.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1758

OL-31334-01

debug Commands

Caution

Debug commands are reserved for use only under the direction of Cisco personnel. Do not use these
commands without direction from Cisco-certified staff.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1759

debug Commands

debug airewave-director
To configure the debugging of Airewave Director software, use the debug airwave-director command.
debug airewave-director {all | channel | detail | error | group | manager | message | packet | power |
profile | radar | rf-change} {enable | disable}

Syntax Description

all

Configures the debugging of all Airewave Director

logs.

channel

Configures the debugging of the Airewave Director

channel assignment protocol.

detail

Configures the debugging of the Airewave Director

detail logs.

error

Configures the debugging of the Airewave Director

error logs.

group

Configures the debugging of the Airewave Director

grouping protocol.

manager

Configures the debugging of the Airewave Director

manager.

message

Configures the debugging of the Airewave Director

messages.

packet

Configures the debugging of the Airewave Director

packets.

power

Configures the debugging of the Airewave Director

power assignment protocol and coverage hole
detection.

profile

Configures the debugging of the Airewave Director

profile events.

radar

Configures the debugging of the Airewave Director

radar detection/avoidance protocol.

rf-change

Configures the debugging of the Airewave Director

rf changes.

enable

Enables the Airewave Director debugging.

disable

Disables the Airewave Director debugging.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1760

OL-31334-01

debug Commands

Command Default

Command History

Examples

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the debugging of Airewave Director profile events:
(Cisco Controller) > debug airewave-director profile enable

Related Commands

debug disable-all
show sysinfo

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1761

debug Commands

debug dot11
To configure the debugging of 802.11 events, use the debug dot11 command.
debug dot11 {all | load-balancing | management | mobile | nmsp | probe | rldp | rogue | state} {enable |
disable}

Syntax Description

Command Default

Command History

all

Configures the debugging of all 802.11 messages.

load-balancing

Configures the debugging of 802.11 load balancing

events.

management

Configures the debugging of 802.11 MAC

management messages.

mobile

Configures the debugging of 802.11 mobile events.

nmsp

Configures the debugging of the 802.11 NMSP

interface events.

probe

Configures the debugging of probe.

rldp

Configures the debugging of 802.11 Rogue Location

Discovery.

rogue

Configures the debugging of 802.11 rogue events.

state

Configures the debugging of 802.11 mobile state

transitions.

enable

Enables the 802.11 debugging.

disable

Disables the 802.11 debugging.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1762

OL-31334-01

debug Commands

Examples

The following example shows how to enable the debugging of 802.11 settings:
(Cisco Controller) > debug dot11 state enable
(Cisco Controller) > debug dot11 mobile enable

Related Commands

debug disable-all
debug dot11 mgmt interface
debug dot11 mgmt msg
debug dot11 mgmt ssid
debug dot11 mgmt state-machine
debug dot11 mgmt station

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1763

debug Commands

Cisco Wireless LAN Controller Command Reference, Release 8.0

1764

OL-31334-01

PART

CleanAir Commands
CLI Commands, page 1767

CLI Commands
The Cisco Wireless LAN solution command-line interface (CLI) enables operators to connect an ASCII
console to the Cisco Wireless LAN Controller and configure the controller and its associated access points.
This section describes the Cisco CleanAir commands and contains the following sections:
show Commands, page 1767
config Commands, page 1777
test Commands, page 1786

show Commands
This section lists the show commands to display information about the CleanAir configurations on the
controller.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1767

show Commands

show 802.11 cleanair

To display the multicast-direct configuration state, use the show 802.11 cleanair command.
show 802.11{a | b | h} cleanair config

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

Specifies the 802.11h network.

config

Displays the network Cleanair configuration.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the 802.11a cleanair configuration:
(Cisco Controller) > show 802.11a cleanair

Clean Air Solution............................... Enabled

Air Quality Settings:
Air Quality Reporting........................ Enabled
Air Quality Reporting Period (min)........... 15
Air Quality Alarms........................... Enabled
Air Quality Alarm Threshold.................. 35 Interference Device
Settings:
Interference Device Reporting................ Enabled
Interference Device Types:
TDD Transmitter.......................... Disabled
Jammer................................... Disabled
Continuous Transmitter................... Disabled
DECT-like Phone.......................... Disabled
Video Camera............................. Disabled
WiFi Inverted............................ Disabled
WiFi Invalid Channel..................... Disabled
SuperAG.................................. Disabled
Radar.................................... Disabled
Canopy................................... Disabled
WiMax Mobile............................. Disabled
WiMax Fixed.............................. Disabled
Interference Device Alarms................... Enabled
Interference Device Types Triggering Alarms:
TDD Transmitter.......................... Disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

1768

OL-31334-01

show Commands

Jammer...................................
Continuous Transmitter...................
DECT-like Phone..........................
Video Camera.............................
WiFi Inverted............................
WiFi Invalid Channel.....................
SuperAG..................................
Radar....................................
Canopy...................................
WiMax Mobile.............................
WiMax Fixed..............................
Clean Air Settings:
CleanAir Event-driven RRM State..............
CleanAir Driven RRM Sensitivity..............
CleanAir Persistent Devices state............

Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled Additional
Enabled
Medium
Disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1769

show Commands

show 802.11 cleanair air-quality summary

To display the air quality summary information for the 802.11 networks, use the show 802.11 cleanair
air-quality summary command.
show 802.11 {a | b | h} cleanair air-quality summary

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

Specifies the 802.11h network.

summary

Displays a summary of 802.11 radio band air quality

information.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of the air quality information for the 802.11a network:
(Cisco Controller) > show 802.11a cleanair air-quality summary

AQ = Air Quality
DFS = Dynamic Frequency Selection
AP Name
Channel Avg AQ
------------------ ------- -----CISCO_AP3500
36
95 70
0
CISCO_AP3500
40
93 75
0

Min AQ
------

Interferers
-----------

DFS
---

Cisco Wireless LAN Controller Command Reference, Release 8.0

1770

OL-31334-01

show Commands

show 802.11 cleanair air-quality worst

To display the worst air quality information for the 802.11 networks, use the show 802.11 cleanair air-quality
worst command.
show 802.11{a | b | h} cleanair air-quality worst

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

Specifies the 802.11h network.

worst

Displays the worst air quality information for 802.11

networks.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display worst air quality information for the 802.11a network:
(Cisco Controller) > show 802.11 cleanair air-quality worst

AQ = Air Quality
DFS = Dynamic Frequency Selection
AP Name
Channel Avg AQ
------------------ ------- -----CISCO_AP3500
1
83 57
3

Min AQ
-----5

Interferers
-----------

DFS
---

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1771

show Commands

show 802.11 cleanair device ap

To display the information of the device access point on the 802.11 radio band, use the show 802.11 cleanair
device ap command.
show 802.11 {a | b | h} cleanair device ap cisco_ap

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

Specifies the 802.11h network.

cisco_ap

Specified access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the device access point for the 802.11a network:
(Cisco Controller) > show 802.11a cleanair device ap AP_3500

DC = Duty Cycle (%)

ISI = Interference Severity Index (1-Low Interference, 100-High
Interference)
RSSI = Received Signal Strength Index (dBm)
DevID = Device ID
No ClusterID
DevID Type
AP Name
ISI
RSSI
DC
Channel
--- ------------------ ------ ---------- --------------- ---- ----- ---------------1
c2:f7:40:00:00:03 0x8001 DECT phone CISCO_AP3500 1
-43
3
149,153,157,161
2
c2:f7:40:00:00:51 0x8002 Radar
CISCO_AP3500 1
-81
2
153,157,161,165
3
c2:f7:40:00:00:03 0x8005 Canopy
CISCO_AP3500 2
-62
2
153,157,161,165

Cisco Wireless LAN Controller Command Reference, Release 8.0

1772

OL-31334-01

show Commands

show 802.11 cleanair device type

To display the information of all the interferers device type detected by a specific access point on the 802.11
radio band, use the show 802.11 cleanair device type command.
show 802.11{a | b | h} cleanair device type device_type

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

Specifies the 802.11h network.

device_type

Interferer device type for a specified radio band. The

device type is one of the following:
tdd-txTdd-transmitter device information.
jammerJammer device information.
cont-txContinuous-transmitter devices
information.
dect-likeDect-like phone devices information.
videoVideo devices information.
802.11-invWiFi inverted devices information.
802.11-nonstdNonstandard WiFi devices
information.
superagSuperag devices information.
canopyCanopy devices information.
wimax-mobileWiMax mobile devices
information.
wimax-fixedWiMax fixed devices
information.

Command Default

Command History

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1773

show Commands

Examples

The following example shows how to display the information of all the interferers detected by a specified
access point for the 802.11a network:
(Cisco Controller) > show 802.11a cleanair device type canopy

DC = Duty Cycle (%)

ISI = Interference Severity Index (1-Low Interference, 100-High
Interference)
RSSI = Received Signal Strength Index (dBm)
DevID = Device ID
No ClusterID
DevID Type
AP Name
ISI
RSSI
DC
Channel
--- ------------------ ------ ---------- --------------- ---- ----- ---------------1c2:f7:40:00:00:03 0x8005 Canopy
CISCO_AP3500 2
-62
2
153,157,161,165

Cisco Wireless LAN Controller Command Reference, Release 8.0

1774

OL-31334-01

show Commands

show advanced 802.11 channel

To display the automatic channel assignment configuration and statistics, use the show advanced 802.11
channel command.
show advanced 802.11{a | b} channel

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the automatic channel assignment configuration and statistics:
(Cisco Controller) > show advanced 802.11a channel

Automatic Channel Assignment

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1775

show Commands

show ap auto-rf
To display the auto-RF settings for a Cisco lightweight access point, use the show ap auto-rf command.
show ap auto-rf 802.11{a | b} cisco_ap

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

cisco_ap

Cisco lightweight access point name.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display auto-RF information for an access point:
(Cisco Controller) > show ap auto-rf 802.11a AP1

2
AP03
00:0b:85:01:18:b7
RADIO_TYPE_80211a
PASSED
-88 dBm
-86 dBm
-87 dBm
-85 dBm
-84 dBm
-83 dBm
-84 dBm
-85 dBm
PASSED
-66 dBm
-128 dBm
-128 dBm
-128 dBm
-128 dBm
-73 dBm
-55 dBm
-69 dBm

@
@
@
@
@
@
@
@

1%
0%
0%
0%
0%
1%
1%
1%

busy
busy
busy
busy
busy
busy
busy
busy

16/ 0/ 0
28/ 0/ 0

Cisco Wireless LAN Controller Command Reference, Release 8.0

1776

OL-31334-01

config Commands

9/
9/
3/
4/
7/
2/

0/
0/
0/
0/
1/
0/

0
0
0
0
0
0

PASSED
0%
0%
1%
1 clients
PASSED
0 clients
0
0
0
0
0
0
0

clients
clients
clients
clients
clients
clients
clients

0
0
0
0
0
0
0
0
0
0

clients
clients
clients
clients
clients
clients
clients
clients
clients
clients

-46 dBm on 10.1.30.170

-24 dBm on 10.1.30.170
-86 dBm
-75 dBm
109
Wed Sep 29 12:53e:34
44
1
2347
2346
0

config Commands
This section explains the config commands to configure CleanAir on the controller.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1777

config Commands

config 802.11 cleanair

To enable or disable CleanAir for the 802.11 a or 802.11 b/g network, use the config 802.11 cleanair command.
config 802.11{a | b} cleanair {alarm {air-quality {disable | enable | threshold alarm_threshold } | device
{disable device_type | enable device_type | reporting {disable | enable} | unclassified {disable | enable
| threshold alarm_threshold }} | device {disable device_type | enable device_type | reporting {disable |
enable} | disable {network | cisco_ap} | enable {network | cisco_ap}}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

alarm

Configure 5-GHz cleanair alarms.

air-quality

Configures the 5-GHz air quality alarm.

enable

Enables the CleanAir settings.

disable

Disables the CleanAir settings.

threshold

Configure the 5-GHz air quality alarm threshold.

alarm_threshold

Air quality alarm threshold (1 is bad air quality, and

100 is good air quality).

device

Configures the 5-GHz cleanair interference devices

alarm.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1778

OL-31334-01

config Commands

device_type

Device types. The device types are as follows:

802.11-nonstdDevices using nonstandard
Wi-Fi channels.
802.11-invDevices using spectrally inverted
Wi-Fi signals.
superag802.11 SuperAG devices.
all All interference device types.
cont-txContinuous Transmitter.
dect-likeDigital Enhanced Cordless
Communication (DECT) like phone.
tdd-txTDD Transmitter.
jammerJammer.
canopyCanopy devices.
videoVideo cameras.
wimax-mobileWiMax Mobile.
wimax-fixedWiMax Fixed.

Command Default

Command History

Examples

reporting

Configures the 5-GHz CleanAir interference devices

alarm reporting.

unclassified

Configures the 5-GHz air quality alarm on exceeding

unclassified category severity.

network

5-GHz Cisco APs.

cisco_ap

Name of the access point to which the command

applies.

The default CleanAir settings for the 802.11 a or 802.11 b/g network is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the CleanAir settings on access point ap_24:
(Cisco Controller) > config 802.11a cleanair enable ap_24

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1779

config Commands

config 802.11 cleanair device

To configure CleanAir interference device types, use the config 802.11 cleanair device command.
config 802.11{a | b} cleanair device {enable | disable | reporting {enable | disable}} device_type

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the CleanAir reporting for the interference

device type.

disable

Disables the CleanAir reporting for the interference

device type.

reporting

Configures CleanAir interference device reporting.

enable

Enables the 5-GHz Cleanair interference devices

reporting.

disable

Disables the 5-GHz Cleanair interference devices

reporting.

device_type

Interference device type. The device type are as

follows:
802.11-nonstdDevices using nonstandard
WiFi channels.
802.11-invDevices using spectrally inverted
WiFi signals.
superag802.11 SuperAG devices.
all All interference device types.
cont-txContinuous Transmitter.
dect-likeDigital Enhanced Cordless
Communication (DECT) like phone.
tdd-txTDD Transmitter.
jammerJammer.
canopyCanopy devices.
videoVideo cameras.
wimax-mobileWiMax Mobile.
wimax-fixedWiMax Fixed.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1780

OL-31334-01

config Commands

Command Default

Command History

Examples

The default setting CleanAir reporting for the interference device type is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the CleanAir reporting for the device type jammer:
(Cisco Controller) > config 802.11a cleanair device enable jammer

The following example shows how to disable the CleanAir reporting for the device type video:
(Cisco Controller) > config 802.11a cleanair device disable video

The following example shows how to enable the CleanAir interference device reporting:
(Cisco Controller) > config 802.11a cleanair device reporting enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1781

config Commands

config 802.11 cleanair alarm

To configure the triggering of the air quality alarms, use the config 802.11 cleanair alarm command.
config 802.11{a | b} cleanair alarm {air-quality {disable | enable | threshold alarm_threshold } | device
{disable device_type | enable device_type | reporting {disable | enable } | unclassified {disable | enable
| threshold alarm_threshold }}

Syntax Description

Specifies the 802.11a network.

Specifies the 802.11b/g network.

air-quality

Configures the 5-GHz air quality alarm.

disable

Disables the 5-GHz air quality alarm.

enable

Enables the 5-GHz air quality alarm.

threshold

Configures the 5-GHz air quality alarm threshold.

alarm_threshold

Air quality alarm threshold (1 is bad air quality, and

100 is good air quality).

device

Configures the 5-GHz cleanair interference devices

alarm.

all

Configures all the device types at once.

reporting

Configures the 5-GHz CleanAir interference devices

alarm reporting.

unclassified

Configures the 5-GHz air quality alarm on exceeding

unclassified category severity.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1782

OL-31334-01

config Commands

device_type

Device types. The device types are as follows:

Command Default

Command History

Examples

The default setting for 5-GHz air quality alarm is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the CleanAir alarm to monitor the air quality:
(Cisco Controller) > config 802.11a cleanair alarm air-quality enable

The following example shows how to enable the CleanAir alarm for the device type video:
(Cisco Controller) > config 802.11a cleanair alarm device enable video

The following example shows how to enable alarm reporting for the CleanAir interference devices:
(Cisco Controller) > config 802.11a cleanair alarm device reporting enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1783

config Commands

config advanced 802.11 channel cleanair-event

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the CleanAir event-driven RRM parameters.

disable

Disables the CleanAir event-driven RRM parameters.

sensitivity

Sets the sensitivity for CleanAir event-driven RRM.

low

(Optional) Specifies low sensitivity.

medium

(Optional) Specifies medium sensitivity

high

(Optional) Specifies high sensitivity

custom

Specifies custom sensitivity.

threshold

Specifies the EDRRM AQ threshold value.

threshold_value

Number of custom threshold.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the CleanAir event-driven RRM parameters:
(Cisco Controller) > config advanced 802.11 channel cleanair-event enable

The following example shows how to configure high sensitivity for CleanAir event-driven RRM:
(Cisco Controller) > config advanced 802.11 channel cleanair-event sensitivity high

Cisco Wireless LAN Controller Command Reference, Release 8.0

1784

OL-31334-01

config Commands

config advanced 802.11 channel pda-prop

To enable or disable propagation of persistent devices, use the config advanced 802.11 channel pda-prop
command.
config advanced 802.11{a | b} channel pda-prop {enable | disable}

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

enable

Enables the 802.11 network DCA list option for the

outdoor access point.

disable

Disables the 802.11 network DCA list option for the

outdoor access point.

The default 802.11 network DCA list option for the outdoor access point is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable or disable propagation of persistent devices:
(Cisco Controller) > config advanced 802.11 channel pda-prop enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1785

test Commands

config advanced 802.11 channel update

Syntax Description

Command Default

Command History

Examples

Specifies the 802.11a network.

Specifies the 802.11b/g network.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to initiate a channel selection update for all 802.11a network access points:
(Cisco Controller) > config advanced 802.11a channel update

test Commands
This section lists the test commands for CleanAir.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1786

OL-31334-01

test Commands

test cleanair show

To display details of the CleanAir configuration, use the test cleanair show command.
test cleanair show {aq all | idr {ap cisco_ap | all} | neighbors cisco_ap | summary }

Syntax Description

Command Default

Command History

Examples

aq all

Displays all air quality information.

idr

Displays the interference devices of the 802.11a/n and 802.11b/g/n radio bands
for access points.

Displays the interference devices of the 802.11a/n and 802.11b/g/n radio bands
for an access point.

cisco_ap

Name of the Cisco access point

all

Displays the interference devices of the 802.11a/n and 802.11b/g/n radio bands
for all access points.

neighbors

Displays the neighbors of an access point.

summary

Displays a summary of the CleanAir configuration.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of the CleanAir configuration:
(Cisco Controller) > test cleanair show summary

CleanAir system info:

Supported spectrum MMAP number = 500
Supported spectrum LMAP number = 500
Allocated SI entries
= 0 of 500
Allocated IDR cluster entries = 0 of 10000
Allocated IDR device entries
= 0 of 40000
Virtual device support is enabled
The following example shows how to display the interference devices for an access point:
(Cisco Controller) > test cleanair show idr ap AP_1240_floor1

Interference devices for AP_1240_floor1

Identified devices on slot 0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1787

test Commands

Identified devices on slot 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1788

OL-31334-01

PART

FlexConnect Commands
CLI Commands, page 1791

CLI Commands
The Cisco Wireless LAN solution command-line interface (CLI) enables operators to connect an ASCII
console to the Cisco Wireless LAN Controller and configure the controller and its associated access points.
show Commands, page 1791
config Commands, page 1798
Integrated Management Module Commands in Cisco Flex 7500 Series Controllers, page 1835
debug Commands, page 1841

show Commands

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1791

show Commands

show capwap reap association

To display the list of clients associated with an access point and their SSIDs, use the show capwap reap
association command.
show capwap reap association

Syntax Description

Command History

Examples

This command has no arguments or keywords.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display clients associated to an access point and their SSIDs:
(Cisco Controller) >show capwap reap association

Cisco Wireless LAN Controller Command Reference, Release 8.0

1792

OL-31334-01

show Commands

show capwap reap status

To display the status of the FlexConnect access point (connected or standalone), use the show capwap reap
status command.
show capwap reap status

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the status of the FlexConnect access point:
(Cisco Controller) >show capwap reap status

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1793

show Commands

show flexconnect acl detailed

To display a detailed summary of FlexConnect access control lists, use the show flexconnect acl detailed
command.
show flexconnect acl detailed acl-name

Syntax Description

Command Default

Command History

Examples

acl-name

Name of the access control list.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the FlexConnect detailed ACLs:
(Cisco Controller) >show flexconnect acl detailed acl-2

Cisco Wireless LAN Controller Command Reference, Release 8.0

1794

OL-31334-01

show Commands

show flexconnect acl summary

To display a summary of all access control lists on FlexConnect access points, use the show flexconnect acl
summary command.
show flexconnect acl summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the FlexConnect ACL summary:
(Cisco Controller) >show flexconnect acl summary
ACL Name
Status
-------------------------------- ------acl1
Modified
acl10
Modified
acl100
Modified
acl101
Modified
acl102
Modified
acl103
Modified
acl104
Modified
acl105
Modified
acl106
Modified

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1795

show Commands

show flexconnect group detail

To display details of a FlexConnect group, use the show flexconnect group detail command.
show flexconnect group detail group_name

Syntax Description

Command Default

Command History

Examples

group_name

IP address of the FlexConnect group.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the detailed information for a specific FlexConnect group:
(Cisco Controller) >show flexconnect group detail 192.12.1.2
Number of Aps in Group: 1
00:0a:b8:3b:0b:c2
AP1200
Joined
Group Radius Auth Servers:
Primary Server Index ..................... Disabled
Secondary Server Index ................... Disabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

1796

OL-31334-01

show Commands

show flexconnect group summary

To display the current list of FlexConnect groups, use the show flexconnect group summary command.
show flexconnect group summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display the current list of FlexConnect groups:
(Cisco Controller) >show flexconnect group summary
flexconnect Group Summary: Count 1
Group Name
# APs
Group 1
1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1797

config Commands

show flexconnect office-extend

To displays information about OfficeExtend access points that in FlexConnect mode, use the show flexconnect
office-extend command.
show flexconnect office-extend {summary | latency}

Syntax Description

Command Default

Command History

Examples

summary

Displays a list of all OfficeExtend access points.

latency

Displays the link delay for OfficeExtend access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to display information about the list of FlexConnect officeExtend access
points:
(Cisco Controller) >show flexconnect office-extend summary
Summary of OfficeExtend AP
AP Name
Ethernet MAC
Encryption Join-Mode
------------------ ----------------- ---------- ----------AP1130
00:22:90:e3:37:70
Enabled
Latency
AP1140
01:40:91:b5:31:70
Enabled
Latency

Join-Time
---------Sun Jan 4 21:46:07 2009
Sat Jan 3 19:30:25 2009

The following example shows how to display the FlexConnect officeExtend access points link delay:
(Cisco Controller) >show flexconnect office-extend latency
Summary of OfficeExtend AP link latency
AP Name
Status Current
Maximum
Minimum
-------------------------------------------------------------------------AP1130
Enabled 15 ms
45 ms
12 ms
AP1140
Enabled 14 ms
179 ms
12 ms

config Commands

Cisco Wireless LAN Controller Command Reference, Release 8.0

1798

OL-31334-01

config Commands

Syntax Description

Command Default

Command History

flexconnect

Configures all the access points automatically to FlexConnect mode.

monitor

Configures all the access points automatically to monitor mode.

disable

Disables the autoconvert option on the access points.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Examples

The following example shows how to automatically convert all access points to the FlexConnect mode:
(Cisco Controller) >config ap autoconvert flexconnect

The following example shows how to disable the autoconvert option on the APs:
(Cisco Controller) >config ap autoconvert disable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1799

config Commands

config ap flexconnect bridge

To configure flexconnect bridge backhaul on a flex+bridge access point, use the config ap flexconnect bridge
command.
config ap flexconnect bridge {backhaul-wlan | resilient} cisco_ap {enable | disable}

Syntax Description

Command Default

Command History

Examples

backhaul-wlan

Enables backhaul WLAN on the flexconnect AP.

resilient

Enables standalone mode in flex+bridge AP.

cisco_ap

Name of the access point.

enable

Enables the selected mode on the access point.

disable

Disables the selected mode on the access point.

The default resilient mode is enabled on the Flex-bridge AP.

Release

Modification

8.0

This command was introduced.

The following example shows how to enable resilient mode on an AP:

(Cisco Controller) >config ap flexconnect bridge resilient AP2 enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1800

OL-31334-01

config Commands

config ap flexconnect central-dhcp

To enable central-DHCP on a FlexConnect access point in a WLAN, use the config ap flexconnect
central-dhcp command.
config ap flexconnect central-dhcp wlan_id cisco_ap [add | delete] {enable | disable} override dns {enable
| disable} nat-pat {enable | disable}

Syntax Description

Command Default

Command History

wlan_id

Wireless LAN identifier from 1 to 512.

cisco_ap

Name of the Cisco lightweight access point.

add

(Optional) Adds a new WLAN DHCP mapping.

delete

(Optional) Deletes a WLAN DHCP mapping.

enable

Enables central-DHCP on a FlexConnect access point. When you enable this

feature, the DHCP packets received from the access point are centrally switched
to the controller and then forwarded to the corresponding VLAN based on the
AP and the SSID.

disable

Disables central-DHCP on a FlexConnect access point.

override dns

Overrides the DNS server address on the interface assigned by the controller.
When you override DNS in centrally switched WLANs, the clients get their DNS
server IP address from the AP and not from the controller.

enable

Enables the Override DNS feature on a FlexConnect access point.

disable

Disables the Override DNS feature on a FlexConnect access point.

nat-pat

Network Address Translation (NAT) and Port Address Translation (PAT) that
you can enable or disable.

enable

Enables NAT-PAT on a FlexConnect access point.

disable

Deletes NAT-PAT on a FlexConnect access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1801

config Commands

Examples

The following example shows how to enable central-DHCP, Override DNS, and NAT-PAT on a FlexConnect
access point:
(Cisco Controller) >config ap flexconnect central-dhcp 1 ap1250 enable override dns enable
nat-pat enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1802

OL-31334-01

config Commands

config ap flexconnect local-split

To configure a local-split tunnel on a FlexConnect access point, use the config ap flexconnect local-split
command.
config ap flexconnect local-split wlan_id cisco_ap { enable | disable } acl acl_name

Syntax Description

Command Default

Command History

wlan_id

Wireless LAN identifier between 1 and 512.

cisco_ap

Name of the FlexConnect access point.

enable

Enables local-split tunnel on a FlexConnect access point.

disable

Disables local-split tunnel feature on a FlexConnect access point.

acl

Configures a FlexConnect local-split access control list.

acl_name

Name of the FlexConnect access control list.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

This command allows you to configure a local-split tunnel in a centrally switched WLAN using a FlexConnect
ACL. A local split tunnel supports only for unicast Layer 4 IP traffic as NAT/PAT does not support multicast
IP traffic.

Examples

The following example shows how to configure a local-split tunnel using a FlexConnect ACL:
(Cisco Controller) >config ap flexconnect local-split 6 AP2 enable acl flex6

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1803

config Commands

config ap flexconnect policy

To configure a policy ACL on a FlexConnect access point, use the config ap flexconnect policy command.
config ap flexconnect policy {add | delete} acl_name

Syntax Description

Command Default

Command History

Examples

add

Adds a policy ACL on a FlexConnect access point.

deletes

Deletes a policy ACL on a FlexConnect access point.

acl_name

Name of the ACL.

None

Release

Modification

7.5

This command was introduced.

The following example shows how to add a policy ACL on a FlexConnect access point:
(Cisco Controller) >config ap flexconnect policy add acl1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1804

OL-31334-01

config Commands

config ap flexconnect radius auth set

To configure a primary or secondary RADIUS server for a specific FlexConnect access point, use the config
ap flexconnect radius auth set command.
config ap flexconnect radius auth set {primary | secondary} ip_address auth_port secret

Syntax Description

Command Default

Command History

Examples

primary

Specifies the primary RADIUS server for a specific

FlexConnect access point.

secondary

Specifies the secondary RADIUS server for a specific

FlexConnect access point.

ip_address

Name of the Cisco lightweight access point.

auth_port secret

Name of the port.

secret

RADIUS server secret.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a primary RADIUS server for a specific access point:
(Cisco Controller) >config ap flexconnect radius auth set primary 192.12.12.1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1805

config Commands

config ap flexconnect vlan

To enable or disable VLAN tagging for a FlexConnect access, use the config ap flexconnect vlan command.
config ap flexconnect vlan {enable | disable} cisco_ap

Syntax Description

Command Default

Command History

Examples

enable

Enables the access points VLAN tagging.

disable

Disables the access points VLAN tagging.

cisco_ap

Name of the Cisco lightweight access point.

Disabled. Once enabled, WLANs enabled for local switching inherit the VLAN assigned at the Cisco WLC.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

This example shows how to enable the access points VLAN tagging for a FlexConnect access:
(Cisco Controller) >config ap flexconnect vlan enable AP02

Cisco Wireless LAN Controller Command Reference, Release 8.0

1806

OL-31334-01

config Commands

config ap flexconnect vlan add

To add a VLAN to a FlexConnect access point, use the config ap flexconnect vlan add command.
config ap flexconnect vlan add vlan-id acl in-acl out-acl cisco_ap

Syntax Description

Command Default

Command History

Examples

vlan-id

VLAN identifier.

acl

ACL name that contains up to 32 alphanumeric characters.

in-acl

Inbound ACL name that contains up to 32 alphanumeric characters.

out-acl

Outbound ACL name that contains up to 32 alphanumeric characters.

cisco_ap

Name of the Cisco lightweight access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the FlexConnect access point:
(Cisco Controller) >config ap flexconnect vlan add 21 acl inacl1 outacl1 ap1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1807

config Commands

config ap flexconnect vlan native

To configure a native VLAN for a FlexConnect access point, use the config ap flexconnect vlan native
command.
config ap flexconnect vlan native vlan-id cisco_ap

Syntax Description

Command Default

Command History

Examples

vlan-id

VLAN identifier.

cisco_ap

Name of the Cisco lightweight access point.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure a native VLAN for a FlexConnect access point mode:
(Cisco Controller) >config ap flexconnect vlan native 6 AP02

Cisco Wireless LAN Controller Command Reference, Release 8.0

1808

OL-31334-01

config Commands

config ap flexconnect vlan wlan

To assign a VLAN ID to a FlexConnect access point, use the config ap flexconnect vlan wlan command.
config ap flexconnect vlan wlan ip_address vlan-id cisco_ap

Syntax Description

Command Default

Command History

Examples

ip_address

Name of the Cisco lightweight access point.

vlan-id

VLAN identifier.

cisco_ap

Name of the Cisco lightweight access point.

VLAN ID associated to the WLAN.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to assign a VLAN ID to a FlexConnect access point:
(Cisco Controller) >config ap flexconnect vlan wlan 192.12.12.1 6 AP02

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1809

config Commands

config ap flexconnect web-auth

To configure a FlexConnect ACL for external web authentication in locally switched WLANs, use the config
ap flexconnect web-auth command.
config ap flexconnect web-auth wlan wlan_id cisco_ap acl_name { enable | disable }

Syntax Description

Command Default

Command History

wlan

Specifies the wireless LAN to be configured with a FlexConnect ACL.

wlan_id

Wireless LAN identifier between 1 and 512 (inclusive).

cisco_ap

Name of the FlexConnect access point.

acl_name

Name of the FlexConnect ACL.

enable

Enables the FlexConnect ACL on the locally switched wireless LAN.

disable

Disables the FlexConnect ACL on the locally switched wireless LAN.

FlexConnect ACL for external web authentication in locally switched WLANs is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The FlexConnect ACLs that are specific to an AP have the highest priority. The FlexConnect ACLs that are
specific to WLANs have the lowest priority.

Examples

The following example shows how to enable FlexConnect ACL for external web authentication on WLAN
6:
(Cisco Controller) >config ap flexconnect web-auth wlan 6 AP2 flexacl2 enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1810

OL-31334-01

config Commands

config ap flexconnect web-policy acl

To configure a Web Policy FlexConnect ACL on an access point, use the config ap flexconnect web-policy
acl command.
config ap flexconnect web-policy acl {add | delete} acl_name

Syntax Description

Command Default

Command History

Examples

add

Adds a Web Policy FlexConnect ACL on an access point.

delete

Deletes Web Policy FlexConnect ACL on an access point.

acl_name

Name of the Web Policy FlexConnect ACL.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add a Web Policy FlexConnect ACL on an access point:
(Cisco Controller) >config ap flexconnect web-policy acl add flexacl2

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1811

config Commands

config ap flexconnect wlan

To configure a FlexConnect access point in a locally switched WLAN, use the config ap flexconnect wlan
command.
config ap flexconnect wlan l2acl {add wlan_id cisco_ap acl_name | delete wlan_id cisco_ap}

Syntax Description

Command Default

Command History

Usage Guidelines

add

Adds a Layer 2 ACL to the FlexConnect access point.

wlan_id

Wireless LAN identifier from 1 to 512.

cisco_ap

Name of the Cisco lightweight access point.

acl_name

Layer 2 ACL name. The name can be up to 32 alphanumeric characters.

delete

Deletes a Layer 2 ACL from the FlexConnect access point.

None

Release

Modification

7.5

This command was introduced.

You can create a maximum of 16 rules for a Layer 2 ACL.

You can create a maximum of 64 Layer 2 ACLs on a controller.
A maximum of 16 Layer 2 ACLs are supported per AP because an AP supports a maximum of 16 WLANs.
Ensure that the Layer 2 ACL names do not conflict with the FlexConnect ACL names because an AP does
not support the same Layer 2 and Layer 3 ACL names.

Examples

The following example shows how to configure a Layer 2 ACL on a FlexConnect access point.
(Cisco Controller) >config ap flexconnect wlan add 1 AP1600_1 acl_l2_1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1812

OL-31334-01

config Commands

config flexconnect acl

To apply access control lists that are configured on a FlexConnect access point, use the config flexconnect
acl command.
config flexconnect acl {apply | create | delete} acl_name

Syntax Description

Command History

Examples

apply

Applies an ACL to the data path.

create

Creates an ACL.

delete

Deletes an ACL.

acl_name

ACL name that contains up to 32 alphanumeric characters.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to apply the ACL configured on a FlexConnect access point:
(Cisco Controller) >config flexconnect acl apply acl1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1813

config Commands

config flexconnect acl rule

To configure access control list (ACL) rules on a FlexConnect access point, use the config flexconnect acl
rule command.
config flexconnect aclrule {action rule_name rule_index {permit | deny} | add rule_name rule_index |
change index rule_name old_index new_index | delete rule_name rule_index | destination address rule_name
rule_index ip_address netmask | destination port range rule_name rule_index start_port end_port | direction
rule_name rule_index {in | out | any} | dscp rule_name rule_index dscp | protocol rule_name rule_index
protocol | source address rule_name rule_index ip_address netmask | source port range rule_name
rule_index start_port end_port | swap index rule_name index_1 index_2}

Syntax Description

action

Configures whether to permit or deny access.

rule_name

ACL name that contains up to 32 alphanumeric characters.

rule_index

Rule index between 1 and 32.

permit

Permits the rule action.

deny

Denies the rule action.

add

Adds a new rule.

change

Changes a rules index.

index

Specifies a rule index.

delete

Deletes a rule.

destination address

Configures a rules destination IP address and netmask.

ip_address

IP address of the rule.

netmask

Netmask of the rule.

start_port

Start port number (between 0 and 65535).

end_port

End port number (between 0 and 65535).

direction

Configures a rules direction to in, out, or any.

Configures a rules direction to in.

out

Configures a rules direction to out.

any

Configures a rules direction to any.

dscp

Configures a rules DSCP.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1814

OL-31334-01

config Commands

Command Default

Command History

Examples

dscp

Number between 0 and 63, or any.

protocol

Configures a rules DSCP.

protocol

Number between 0 and 255, or any.

source address

Configures a rules source IP address and netmask.

source port range

Configures a rules source port range.

swap

Swaps two rules indices.

index_1

The rule first index to swap.

index_2

The rule index to swap the first index with.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This example shows how to configure an ACL to permit access:

(Cisco Controller) >config flexconnect acl rule action lab1 4 permit

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1815

config Commands

config flexconnect arp-cache

To save an ARP entry for a client in the cache with locally switched WLAN on FlexConnect APs use
configflexconnectarp-cache command.
config flexconnectarp-cache

Syntax Description

Command Default

Command History

Examples

arp-cache

Instructs the access point to save the ARP entry for a client in the cache and reply
on its behalf of the client for locally switched WLAN.

None

Release

Modification

8.0

This command was introduced.

The following example shows how to apply the proxy ARP with locally switched WLAN on FlexConnect
APs.
(Cisco Controller) >config flexconnect arp-cache

Cisco Wireless LAN Controller Command Reference, Release 8.0

1816

OL-31334-01

config Commands

config flexconnect fallback-radio-shut

To configure the radio interface of an access point when the Ethernet link is not operational, use the config
flexconnect fallback-radio-shut command.
config flexconnect fallback-radio-shut {{disable| enable delay} delay-in-sec

Syntax Description

Command Default

Command History

disable

Disables the radio interface shutdown.

enable

Enables the radio interface shutdown.

delay

Specifies the delay for the interface after which the radio interface has to
be shut down.

delay-in-sec

Delay duration, in seconds.

The radio interface shutdown is disabled.

Release

Modification

7.6

This command was introduced.

Usage Guidelines

You can specify the delay duration only if you enable the radio interface shutdown.

Examples

The following example shows how to enable the radio interface shutdown after a delay duration of 5 seconds:
(Cisco Controller) >config flexconnect fallback-radio-shut enable delay 5

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1817

config Commands

config flexconnect group

To add, delete, or configure a FlexConnect group, use the config flexconnect group command.
config flexconnect group group_name {add | delete | ap {add | delete} ap-mac | radius {ap {authority
{id hex_id | info auth_info} | disable | eap-fast {enable | disable} | enable | leap {enable | disable} |
pac-timeout timeout | server-key {auto | key} | user {add {username password} | delete username}}} |
server auth {add | delete} {primary | secondary} server_indexIP_address auth_port secret} | predownload
{disable | enable} | master ap_name | slave {retry-count max_count | ap-name cisco_ap} | start {primary
backup abort} | local-split {wlan wlan_id acl acl_name {enable | disable}} | multicast overridden-interface
{enable | disable} | vlan {add vlan_id acl in-aclname out-aclname | delete vlan_id } | web-auth wlan wlan_id
acl acl_name {enable | disable} | web-policy acl {add | delete} acl_name}
config flexconnect group group_name radius ap {eap-cert download | eap-tls {enable | disable} | peap
{enable | disable}}
config flexconnect group group_name policy acl {add | delete} acl_name

Syntax Description

group_name

Group name.

add

Adds a FlexConnect group.

delete

Deletes a FlexConnect group.

Adds or deletes an access point to a

FlexConnect group.

add

Adds an access point to a FlexConnect group.

delete

Deletes an access point to a FlexConnect group.

ap_mac

MAC address of the access point.

radius

Configures the RADIUS server for client

authentication for a FlexConnect group.

Configures an access point based RADIUS

server for client authentication for a
FlexConnect group.

authority

Configures the Extensible Authentication

Protocol-Flexible Authentication via Secure
Tunneling (EAP-FAST) authority parameters.

Configures the authority identifier of the local

EAP-FAST server.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1818

OL-31334-01

config Commands

hex_id

Authority identifier of the local EAP-FAST

server in hexadecimal characters. You can enter
up to 32 hexadecimal even number of
characters.

info

Configures the authority identifier of the local

EAP-FAST server in text format.

auth_info

Authority identifier of the local EAP-FAST

server in text format.

disable

Disables an AP based RADIUS server.

eap-fast

Enables or disables Extensible Authentication

Protocol-Flexible Authentication via Secure
Tunneling (EAP-FAST) authentication.

enable

Enables EAP-FAST authentication.

disable

Disables EAP-FAST authentication.

enable

Enables AP based RADIUS Server.

leap

Enables or disables Lightweight Extensible

Authentication Protocol (LEAP) authentication.

disable

Disables LEAP authentication.

enable

Enables LEAP authentication.

pac-timeout

Configures the EAP-FAST Protected Access

Credential (PAC) timeout parameters.

timeout

PAC timeout in days. The range is from 2 to

4095. A value of 0 indicates that it is disabled.

server-key

Configures the EAP-FAST server key. The

server key is used to encrypt and decrypt PACs.

auto

Automatically generates a random server key.

key

Key that disables efficient upgrade for a

FlexConnect group.

user

Manages the user list at the AP-based RADIUS

server.

add

Adds a user. You can configure a maximum

of 100 users.

username

Username that is case-sensitive and

alphanumeric and can be up to 24 characters.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1819

config Commands

password

Password of the user.

delete

Deletes a user.

server

Configures an external RADIUS server.

add

Adds an external RADIUS server.

delete

Deletes an external RADIUS server.

primary

Configures an external primary RADIUS

server.

secondary

Configures an external secondary RADIUS

server.

server_index

Index of the RADIUS server.

IP_address

IP address of the RADIUS server.

auth_port

Port address of the RADIUS server.

secret

Index of the RADIUS server.

predownload

Configures an efficient AP upgrade for the

FlexConnect group. You can download an
upgrade image to the access point from the
controller without resetting the access point or
losing network connectivity.

disable

Disables an efficient upgrade for a FlexConnect

group.

enable

Enables an efficient upgrade for a FlexConnect

group.

master

Manually designates an access point in the

FlexConnect group as the master AP.

ap_name

Access point name.

slave

Manually designates an access point in the

FlexConnect group as the slave AP.

retry-count

Configures the number of times the slave

access point tries to predownload an image
from the master.

max_count

Maximum number of times the slave access

point tries to predownload an image from the
master.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1820

OL-31334-01

config Commands

ap_name

Override the manually configured master.

cisco_ap

Name of the master access point.

start

Starts the predownload image upgrade for the

FlexConnect group.

primary

Starts the predownload primary image upgrade

for the FlexConnect group.

backup

Starts the predownload backup image upgrade

for the FlexConnect group.

abort

Aborts the predownload image upgrade for the

FlexConnect group.

local-split

Configures a local-split ACL on a FlexConnect

AP group per WLAN.

wlan

Configures a WLAN for a local split ACL on

a FlexConnect AP group.

wlan_id

Wireless LAN identifier between 1 and 512

(inclusive).

acl

Configures a local split ACL on a FlexConnect

AP group per WLAN.

acl_name

Name of the ACL.

multicast overridden-interface

Configures multicast across the Layer 2

broadcast domain on the overridden interface
for locally switched clients.

vlan

Configures a VLAN to the FlexConnect group.

add

Adds a VLAN to the FlexConnect group.

vlan_id

VLAN identifier.

in-acl

Inbound ACL name that contains up to 32

alphanumeric characters.

out-acl

Outbound ACL name that contains up to 32

alphanumeric characters.

delete

Deletes a VLAN from the FlexConnect group.

web-auth

Configures a FlexConnect ACL for external

web authentication.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1821

config Commands

Command Default

Command History

Usage Guidelines

wlan

Specifies the wireless LAN to be configured

with a FlexConnect ACL.

wlan_id

Wireless LAN identifier between 1 and 512

(inclusive).

cisco_ap

Name of the FlexConnect access point.

acl

Configures a FlexConnect ACLs.

web-policy

Configures a web policy FlexConnect ACL.

add

Adds a web policy FlexConnect ACL to the

FlexConnect group.

delete

Deletes a web policy FlexConnect ACL from

the FlexConnect group

eap-cert download

Downloads the EAP root and device certificate.

eap-tls

Enables or disables EAP-Transport Layer

Security (EAP-TLS) authentication.

peap

Enables or disables Protected Extensible

Authentication Protocol (PEAP) authentication.

policy acl

Configures policy ACL on the FlexConnect

group.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

You can add up to 100 clients.

Beginning in Release 7.4 and later releases, the supported maximum number of RADIUS servers is 100.

Examples

The following example shows how to add a FlexConnect group for MAC address 192.12.1.2:
(Cisco Controller) >config flexconnect group 192.12.1.2 add

The following example shows how to add a RADIUS server as a primary server for a FlexConnect group with
the server index number 1:
(Cisco Controller) >config flexconnect group 192.12.1.2 radius server add primary 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1822

OL-31334-01

config Commands

The following example shows how to enable a local split ACL on a FlexConnect AP group for a WLAN:
(Cisco Controller) >config flexconnect group flexgroup1 local-split wlan 1 acl flexacl1
enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1823

config Commands

config flexconnect group vlan

To configure VLAN for a FlexConnect group, use the config flexconnect group vlan command.
config flexconnect group group_name vlan {add vlan-id acl in-aclname out-aclname | delete vlan-id}

Syntax Description

Command History

Examples

group_name

FlexConnect group name.

add

Adds a VLAN for the FlexConnect group.

vlan-id

VLAN ID.

acl

Specifies an access control list.

in-aclname

In-bound ACL name.

out-aclname

Out-bound ACL name.

delete

Deletes a VLAN from the FlexConnect group.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add VLAN ID 1 for the FlexConnect group myflexacl where the in-bound
ACL name is in-acl and the out-bound ACL is out-acl:
(Cisco Controller) >config flexconnect group vlan myflexacl vlan add 1 acl in-acl out-acl

Cisco Wireless LAN Controller Command Reference, Release 8.0

1824

OL-31334-01

config Commands

config flexconnect group flexgroup dhcp overridden-interface enable

To enable the DHCP overridden interface for FlexConnect group, use the
configflexconnectgroupflexgroupdhcpoverridden-interfaceenablecommand.
config flexconnectgroupflexgroupdhcpoverridden-interfaceenable

Syntax Description

Command Default

Command History

Examples

overridden-interface

The DHCP overridden interface for

FlexConnect group.

flexgroup

Name of the FlexConnect group.

enable

Instructs the access point to enable

DHCP broadcast for locally
switched clients.

None

Release

Modification

8.0

This command was introduced.

The following example shows how to enable DHCP broadcast for locally switched clients.
(Cisco Controller) >config flexconnect
group flexgroup dhcp overridden-interface enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1825

config Commands

config flexconnect group web-auth

To configure Web-Auth ACL for a FlexConnect group, use the config flexconnect group web-auth command.
config flexconnect group group_name web-auth wlan wlan-id acl acl-name {enable | disable}

Syntax Description

Command History

Examples

group_name

FlexConnect group name.

wlan-id

WLAN ID.

acl-name

ACL name.

enable

Enables the Web-Auth ACL for a FlexConnect group.

disable

Disables the Web-Auth ACL for a FlexConnect group.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable Web-Auth ACL webauthacl for the FlexConnect group myflexacl
on WLAN ID 1:
(Cisco Controller) >config flexconnect group myflexacl web-auth wlan 1 acl webauthacl enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1826

OL-31334-01

config Commands

config flexconnect group web-policy

To configure Web Policy ACL for a FlexConnect group, use the config flexconnect group web-policy
command.
config flexconnect group group_name web-policy acl {add | delete} acl-name

Syntax Description

Command History

Examples

group_name

FlexConnect group name.

add

Adds the Web Policy ACL.

delete

Deletes the Web Policy ACL.

acl-name

Name of the Web Policy ACL.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to add the Web Policy ACL mywebpolicyacl to the FlexConnect group
myflexacl:
(Cisco Controller) >config flexconnect group myflexacl web-policy acl add mywebpolicyacl

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1827

config Commands

config flexconnect join min-latency

To enable or disable the access point to choose the controller with the least latency when joining, use the
config flexconnect join min-latency command.
config flexconnect join min-latency {enable | disable} cisco_ap

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables the access point to choose the controller with the least latency when joining.

disable

Disables the access point to choose the controller with the least latency when joining.

cisco_ap

Cisco lightweight access point.

The access point cannot choose the controller with the least latency when joining.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

When you enable this feature, the access point calculates the time between the discovery request and discovery
response and joins the controller that responds first. This command is supported only on the following controller
releases:
Cisco 2500 Series Controller
Cisco 5500 Series Controller
Cisco Flex 7500 Series Controllers
Cisco 8500 Series Controllers
Cisco Wireless Services Module 2
This configuration overrides the HA setting on the controller, and is applicable only for OEAP access points.

Examples

The following example shows how to enable the access point to choose the controller with the least latency
when joining:
(Cisco Controller) >config flexconnect join min-latency enable CISCO_AP

Cisco Wireless LAN Controller Command Reference, Release 8.0

1828

OL-31334-01

config Commands

config flexconnect office-extend

To configure FlexConnect mode for an OfficeExtend access point, use the config flexconnect office-extend
command.
config flexconnect office-extend {{enable | disable} cisco_ap | clear-personalssid-config cisco_ap}

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables the OfficeExtend mode for an access point.

disable

Disables the OfficeExtend mode for an access point.

clear-personalssid-config

Clears only the access points personal SSID.

cisco_ap

Cisco lightweight access point.

OfficeExtend mode is enabled automatically when you enable FlexConnect mode on the access point.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Currently, only Cisco Aironet 1130 series and 1140 series access points that are joined to a Cisco 5500 Series
Controller with a WPlus license can be configured to operate as OfficeExtend access points.
Rogue detection is disabled automatically when you enable the OfficeExtend mode for an access point.
OfficeExtend access points, which are deployed in a home environment, are likely to detect a large number
of rogue devices. You can enable or disable rogue detection for a specific access point or for all access points
by using the config rogue detection command.
DTLS data encryption is enabled automatically when you enable the OfficeExtend mode for an access point.
However, you can enable or disable DTLS data encryption for a specific access point or for all access points
by using the config ap link-encryption command.
Telnet and SSH access are disabled automatically when you enable the OfficeExtend mode for an access
point. However, you can enable or disable Telnet or SSH access for a specific access point by using the config
ap telnet or config ap ssh command.
Link latency is enabled automatically when you enable the OfficeExtend mode for an access point. However,
you can enable or disable link latency for a specific access point or for all access points currently associated
to the controller by using the config ap link-latency command.

Examples

The following example shows how to enable the office-extend mode for the access point Cisco_ap:
(Cisco Controller) >config flexconnect office-extend enable Cisco_ap

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1829

config Commands

The following example shows how to clear only the access points personal SSID for the access point Cisco_ap:
(Cisco Controller) >config flexconnect office-extend clear-personalssid-config Cisco_ap

Cisco Wireless LAN Controller Command Reference, Release 8.0

1830

OL-31334-01

config Commands

config wlan flexconnect ap-auth

Syntax Description

Command Default

Command History

ap-auth

Configures local authentication of clients associated with an FlexConnect on a

locally switched WLAN.

wlan_id

Wireless LAN identifier between 1 and 512.

enable

Enables AP authentication on a WLAN.

disable

Disables AP authentication on a WLAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Local switching must be enabled on the WLAN where you want to configure local authentication of clients
associated with FlexConnect.

Examples

The following example shows how to enable authentication of clients associated with FlexConnect on a
specified WLAN:
(Cisco Controller) >config wlan flexconnect ap-auth 6 enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1831

config Commands

config wlan flexconnect learn-ipaddr

To enable or disable client IP address learning for the Cisco WLAN controller, use the config wlan flexconnect
learn-ipaddr command.
config wlan flexconnect learn-ipaddr wlan_id {enable | disable}

Syntax Description

Command Default

Command History

Usage Guidelines

wlan_id

Wireless LAN identifier between 1 and 512.

enable

Enables client IPv4 address learning on a wireless LAN.

disable

Disables client IPv4 address learning on a wireless LAN.

Disabled when the config wlan flexconnect local-switching command is disabled. Enabled when the config
wlan flexconnect local-switching command is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports only IPv4 address format.

Note

This command is valid only for IPv4.

Note

The ability to disable IP address learning is not supported with FlexConnect central switching.

Examples

The following example shows how to disable client IP address learning for WLAN 6:
(Cisco Controller) >config wlan flexconnect learn-ipaddr disable 6

Related Commands

show wlan

Cisco Wireless LAN Controller Command Reference, Release 8.0

1832

OL-31334-01

config Commands

config wlan flexconnect local-switching

Syntax Description

Command Default

Command History

wlan_id

option dns

Specifies the override DNS option on the FlexConnect WLAN.

When you override this option, the clients get their DNS server IP
address from the AP, not from the controller.

enable

Enables the override DNS option on the FlexConnect WLAN.

disable

Disables the override DNS option on the FlexConnect WLAN.

This feature is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1833

config Commands

Usage Guidelines

Examples

Release

Modification

8.0

This command supports only IPv4 address format.

When you enable the config wlan flexconnect local-switching command, the config wlan flexconnect
learn-ipaddr command is enabled by default.

Note

This command is valid only for IPv4.

Note

The ability to disable IP address learning is not supported with FlexConnect central switching.

The following example shows how to enable the override DNS option on WLAN 6:
(Cisco Controller) >config wlan flexconnect local-switching 6 override option dns enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1834

OL-31334-01

Integrated Management Module Commands in Cisco Flex 7500 Series Controllers

config wlan flexconnect vlan-central-switching

To configure central switching on a locally switched WLAN, use the config wlan flexconnect
vlan-central-switching command.
config wlan flexconnect vlan-central-switching wlan_id { enable | disable }

Syntax Description

Command Default

Command History

Usage Guidelines

wlan_id

Wireless LAN identifier between 1 and 512.

enable

Enables central switching on a locally switched wireless LAN.

disable

Disables central switching on a locally switched wireless LAN.

Central switching is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable WLAN 6 for central switching:
(Cisco Controller) >config wlan flexconnect vlan-central-switching 6 enable

Integrated Management Module Commands in Cisco Flex 7500 Series

Controllers
Use the imm commands to manage the Integrated Management Module (IMM) in the Cisco Flex 7500 Series
Controllers.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1835

Integrated Management Module Commands in Cisco Flex 7500 Series Controllers

imm address
To configure the static IP address of the IMM, use the imm address command.
imm address ip-addr netmask gateway

Syntax Description

Command Default

Command History

Examples

ip-addr

IP address of the IMM

netmask

Netmask of the IMM

gateway

Gateway of the IMM

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports only IPv4 address format.

The following example shows how to set the static IP address of an IMM:
(Cisco Controller) >imm address 209.165.200.225 255.255.255.224 10.1.1.1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1836

OL-31334-01

Integrated Management Module Commands in Cisco Flex 7500 Series Controllers

imm dhcp
To configure DHCP for the IMM, use the imm dhcp command.
imm dhcp {enable | disable | fallback}

Syntax Description

Command Default

Command History

Examples

enable

Enables DHCP for the IMM

disable

Disables DHCP for the IMM

fallback

Enables DHCP for the IMM, but if it fails, then uses static IP of the IMM

DHCP for IMM is enabled.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable DHCP for the IMM:
(Cisco Controller) >imm dhcp enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1837

Integrated Management Module Commands in Cisco Flex 7500 Series Controllers

imm mode
To configure the IMM mode, use the imm mode command.
imm mode {shared | dedicated}

Syntax Description

shared

Sets IMM in shared mode

dedicated

Sets IMM in dedicated mode

Command Default

Dedicated

Command History

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to set the IMM in shared mode:
(Cisco Controller) >imm mode

Cisco Wireless LAN Controller Command Reference, Release 8.0

1838

OL-31334-01

Integrated Management Module Commands in Cisco Flex 7500 Series Controllers

imm restart
To restart the IMM, use the imm restart command.
imm restart

Syntax Description

Command Default

Command History

restart

Saves your settings and restarts the IMM

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1839

Integrated Management Module Commands in Cisco Flex 7500 Series Controllers

imm summary
To view the IMM parameters, use the imm summary command.
imm summary

Syntax Description

Command Default

Command History

Examples

summary

Lists the IMM parameters

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows a typical summary of the IMM:

(Cisco Controller) >imm summary
User ID..........................................username1
Mode............................................. Shared
DHCP............................................. Enabled
IP Address....................................... 209.165.200.225
Subnet Mask...................................... 255.255.255.224
Gateway.......................................... 10.1.1.1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1840

OL-31334-01

debug Commands

imm username
To configure the logon credentials for an IMM user, use the imm username command.
imm username username password

Syntax Description

Command Default

Command History

Examples

username

Username for the user

password

Password for the user

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to set the logon credentials of an IMM user:
(Cisco Controller) >imm username username1 password1

debug Commands

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1841

debug Commands

debug capwap reap

To configure the debugging of Control and Provisioning of Wireless Access Points (CAPWAP) settings on
a FlexConnect access point, use the debug capwap reap command.
debug capwap reap [mgmt | load]

Syntax Description

Command Default

Command History

Examples

mgmt

(Optional) Configures the debugging for client authentication and association

messages.

load

(Optional) Configures the debugging for payload activities, which is useful when
the FlexConnect access point boots up in standalone mode.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the debugging of FlexConnect client authentication and
association messages:
(Cisco Controller) >debug capwap reap mgmt

Cisco Wireless LAN Controller Command Reference, Release 8.0

1842

OL-31334-01

debug Commands

debug dot11 mgmt interface

To configure debugging of 802.11 management interface events, use the debug dot11 mgmt interface
command.
debug dot11 mgmt interface

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to debug 802.11 management interface events:
(Cisco Controller) >debug dot11 mgmt interface

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1843

debug Commands

debug dot11 mgmt msg

To configure debugging of 802.11 management messages, use the debug dot11 mgmt msg command.
debug dot11 mgmt msg

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

This example shows how to debug dot11 management messages:

(Cisco Controller) >debug dot11 mgmt msg

Cisco Wireless LAN Controller Command Reference, Release 8.0

1844

OL-31334-01

debug Commands

debug dot11 mgmt ssid

To configure debugging of 802.11 SSID management events, use the debug dot11 mgmt ssid command.
debug dot11 mgmt ssid

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the debugging of 802.11 SSID management events:
(Cisco Controller) >debug dot11 mgmt ssid

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1845

debug Commands

debug dot11 mgmt state-machine

To configure debugging of the 802.11 state machine, use the debug dot11 mgmt state-machine command.
debug dot11 mgmt state-machine

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the debugging of 802.11 state machine:
(Cisco Controller) >debug dot11 mgmt state-machine

Cisco Wireless LAN Controller Command Reference, Release 8.0

1846

OL-31334-01

debug Commands

debug dot11 mgmt station

To configure the debugging of the management station settings, use the debug dot11 mgmt station command.
debug dot11 mgmt station

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the debugging of the management station settings:
(Cisco Controller) >debug dot11 mgmt station

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1847

debug Commands

debug flexconnect aaa

To configure debugging of FlexConnect backup RADIUS server events or errors, use the debug flexconnect
aaa command.
debug flexconnect aaa {event | error} {enable | disable}

Syntax Description

Command Default

Command History

Examples

event

Configures the debugging for FlexConnect RADIUS server events.

error

Configures the debugging for FlexConnect RADIUS server errors.

enable

Enables the debugging of FlexConnect RADIUS server settings.

disable

Disables the debugging of FlexConnect RADIUS server settings.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of FlexConnect RADIUS server events:
(Cisco Controller) >debug flexconnect aaa event enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1848

OL-31334-01

debug Commands

debug flexconnect acl

Configures debugging of FlexConnect access control lists (ACLs), use the debug flexconnect acl command.
debug flexconnect acl {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the debugging of FlexConnect ACLs.

disable

Disables the debugging of FlexConnect ACLs.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of FlexConnect ACLs:
(Cisco Controller) >debug flexconnect acl enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1849

debug Commands

debug flexconnect cckm

Configure debugging of FlexConnect Cisco Centralized Key Management (CCKM) fast roaming, use the
debug flexconnect cckm command.
debug flexconnect cckm {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the debugging of FlexConnect CCKM fast roaming settings.

disable

Disables the debugging of FlexConnect CCKM fast roaming settings.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of FlexConnect CCKM fast roaming events:
(Cisco Controller) >debug flexconnect cckm event enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1850

OL-31334-01

debug Commands

debug flexconnect group

To configure debugging of FlexConnect access point groups, use the debug flexconnect group command.
debug flexconnect group {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the debugging of FlexConnect access point groups.

disable

Disables the debugging of FlexConnect access point groups.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of FlexConnect access point groups:
(Cisco Controller) >debug flexconnect group enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1851

debug Commands

debug pem
To configure debugging of the access policy manager, use the debug pem command.
debug pem {events | state} {enable | disable}

Syntax Description

Command Default

Command History

Examples

events

Configures the debugging of the policy manager events.

state

Configures the debugging of the policy manager state machine.

enable

Enables the debugging of the access policy manager.

disable

Disables the debugging of the access policy manager.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to enable the debugging of the access policy manager:
(Cisco Controller) >debug pem state enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1852

OL-31334-01

PART

Mobility Commands
CLI Commands, page 1855

show Commands
This section lists the show commands to display information about your mobility configuration settings.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1855

show Commands

show advanced client-handoff

To display the number of automatic client handoffs after retries, use the show advanced client-handoff
command.
show advanced client-handoff

Syntax Description

Command History

Examples

This command has no arguments or keywords.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the client auto handoff mode after excessive retries:
(Cisco Controller) >show advanced client-handoff
Client auto handoff after retries................

130

Cisco Wireless LAN Controller Command Reference, Release 8.0

1856

OL-31334-01

show Commands

show l2tp
To display Layer 2 Tunneling Protocol (L2TP) sessions, use the show l2tp command.
show l2tp {summary | ip_address}

Syntax Description

Command Default

Command History

Examples

summary

Displays all L2TP sessions.

ip_address

IP address.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display a summary of all L2TP sessions:
(Cisco Controller) > show l2tp summary

LAC_IPaddr LTid LSid RTid RSid ATid ASid State

---------- ---- ---- ---- ---- ---- ---- -----

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1857

show Commands

show logging
To display the syslog facility logging parameters and buffer contents, use the show logging command.
show logging

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

errors
1316
6892
Disabled
0
0
Disabled
10080
0
disabled
0
8243
Enabled
0
0
local0
disabled
0
8208
Enabled
0
0
errors
1316
6892

Cisco Wireless LAN Controller Command Reference, Release 8.0

1858

OL-31334-01

show Commands

- Logging of debug messages to syslog ...........

Disabled
0
0
2
Disabled
10.92.125.52
2001:9:6:40::623
Disabled
Disabled
0
0
Enabled

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1859

show Commands

show mobility anchor

To display the wireless LAN anchor export list for the Cisco wireless LAN controller mobility groups or to
display a list and status of controllers configured as mobility anchors for a specific WLAN or wired guest
LAN, use the show mobility anchor command.
show mobility anchor [wlan wlan_id | guest-lan guest_lan_id]

Syntax Description

Command Default

Command History

Usage Guidelines

wlan

(Optional) Displays wireless LAN mobility group settings.

wlan_id

Wireless LAN identifier from 1 to 512 (inclusive).

guest-lan

(Optional) Displays guest LAN mobility group settings.

guest_lan_id

Guest LAN identifier from 1 to 5 (inclusive).

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The status field display (see example) shows one of the following values:
UPThe controller is reachable and able to pass data.
CNTRL_PATH_DOWNThe mpings failed. The controller cannot be reached through the control path
and is considered failed.
DATA_PATH_DOWNThe epings failed. The controller cannot be reached and is considered failed.
CNTRL_DATA_PATH_DOWNBoth the mpings and epings failed. The controller cannot be reached
and is considered failed.

Examples

The following example shows how to display a mobility wireless LAN anchor list:
(Cisco Controller) >show mobility anchor
Mobility Anchor Export List
WLAN ID
IP Address
Status
-------------------------12
192.168.0.15
UP
GLAN ID
IP Address
Status
--------------------------1
192.168.0.9
CNTRL_DATA_PATH_DOWN

Cisco Wireless LAN Controller Command Reference, Release 8.0

1860

OL-31334-01

show Commands

show mobility ap-list

To display the mobility AP list, use the show mobility ap-list command.
show mobility ap-list

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the mobility AP list:

(Cisco Controller) >show mobility ap-list
AP Name
AP Radio MAC address
--------------------------- ----------------------AP30e4.dbc5.38ab
b8:62:1f:e5:33:10

Controller
--------------9.7.104.10

Learnt From
---------------Self

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1861

show Commands

show mobility foreign-map

To display a mobility wireless LAN foreign map list, use the show mobility foreign-map command.
show mobility foreign-map wlan wlan_id

Syntax Description

Command Default

Command History

Examples

wlan

Displays the mobility WLAN foreign-map list.

wlan_id

Wireless LAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to get a mobility wireless LAN foreign map list:
(Cisco Controller) >show mobility foreign-map wlan 2
Mobility Foreign Map List
WLAN ID
Foreign MAC Address
------------------------2
00:1b:d4:6b:87:20

Interface
--------dynamic-105

Cisco Wireless LAN Controller Command Reference, Release 8.0

1862

OL-31334-01

show Commands

show mobility group member

To display the details of the mobility group members in the same domain, use the show mobility group
member command.
show mobility group member hash

Syntax Description

hash

Command Default

None

Command History

Examples

Displays the hash keys of the mobility group members in the same domain.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

a819d479dcfeb3e0974421b6e8335582263d9169

9.6.99.10

0974421b6e8335582263d9169a819d479dcfeb3e

9.7.7.7

feb3e0974421b6e8335582263d9169a819d479dc

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1863

show Commands

show mobility oracle

To display the status of the mobility controllers known to the Mobility Oracle (MO) or display the details of
the MO client database, use the show mobility oracle command.
show mobility oracle {client {detail | summary} | summary}

Syntax Description

Command Default

Command History

Examples

client

Displays the MO client database.

detail

Displays details pertaining to a client in MO client database.

summary

Displays the summary of the MO database.

None

Release

Modification

7.3.112.0

This command was introduced.

The following is a sample output of the show mobility oracle summary command:
(Cisco Controller) >show mobility oracle summary
Number of MCs.................................... 2
IP Address
--------------9.71.104.10
9.71.104.250

MAC Address
----------------88:43:e1:7d:fe:00
e8:b7:48:a2:16:e0

Link Status
-----------------

Client Count
-------------

Control Path Down

0
2

The following is a sample output of the show mobility oracle client summary command:
(Cisco Controller) >show mobility oracle client summary
Number of Clients................................ 2
MAC Address
Anchor MC
Foreign MC
AssocTime
----------------- --------------------- ----------------- -------------00:18:de:b0:5c:91 9.72.104.250
00:1e:e5:f9:c9:e2 9.72.104.250

0
0

The following is a sample output of the show mobility oracle client detail command:
(Cisco Controller) >show mobility oracle client detail 00:1e:e5:f9:c9:e2
Client MAC Address : ............................
Client IP address : .............................
Anchor MC IP address : ..........................
Anchor MC NAT IP address : ......................
Foreign MC IP address : .........................
Foreign MC NAT IP address : .....................

00:1e:e5:f9:c9:e2
0.0.0.0
9.71.104.250
9.71.104.250
-

Cisco Wireless LAN Controller Command Reference, Release 8.0

1864

OL-31334-01

show Commands

Client Association Time : ....................... 0

Client Entry update timestamp : ................. 1278543135.0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1865

show Commands

show mobility statistics

To display the statistics information for the Cisco wireless LAN controller mobility groups, use the show
mobility statistics command.
show mobility statistics

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display statistics of the mobility manager:
(Cisco Controller) >show mobility statistics
Global Mobility Statistics
Rx Errors.....................................
Tx Errors.....................................
Responses Retransmitted.......................
Handoff Requests Received.....................
Handoff End Requests Received.................
State Transitions Disallowed..................
Resource Unavailable..........................
Mobility Initiator Statistics
Handoff Requests Sent.........................
Handoff Replies Received......................
Handoff as Local Received.....................
Handoff as Foreign Received...................
Handoff Denys Received........................
Anchor Request Sent...........................
Anchor Deny Received..........................
Anchor Grant Received.........................
Anchor Transfer Received......................
Mobility Responder Statistics
Handoff Requests Ignored......................
Ping Pong Handoff Requests Dropped............
Handoff Requests Dropped......................
Handoff Requests Denied.......................
Client Handoff as Local.......................
Client Handoff as Foreign ...................
Client Handoff Inter Group ...................
Anchor Requests Received......................
Anchor Requests Denied........................
Anchor Requests Granted.......................
Anchor Transferred............................

0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

Cisco Wireless LAN Controller Command Reference, Release 8.0

1866

OL-31334-01

show Commands

show mobility summary

To display the summary information for the Cisco WLC mobility groups, use the show mobility summary
command.
show mobility summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

Some WLAN controllers may list no mobility security mode.

Examples

The following is a sample output of the show mobility summary command.

(Cisco Controller) >show mobility summary
Symmetric Mobility Tunneling (current) ..........
Symmetric Mobility Tunneling (after reboot) .....
Mobility Protocol Port...........................
Mobility Security Mode...........................
Default Mobility Domain..........................
Multicast Mode ..................................
Mobility Domain ID for 802.11r...................
Mobility Keepalive Interval......................
Mobility Keepalive Count.........................
Mobility Group Members Configured................
Mobility Control Message DSCP Value..............
Controllers configured in the Mobility Group
MAC Address
IP Address
Group Name
00:1b:d4:6b:87:20
1.100.163.70
snmp_gui

Disabled
Disabled
16666
Disabled
snmp_gui
Disabled
0x66bd
10
3
1
0
Multicast IP
0.0.0.0

Status
Up

The following is a sample output of the show mobility summary command with new mobility architecture.
(Cisco Controller) >show mobility summary
Mobility Protocol Port...........................
Default Mobility Domain..........................
Multicast Mode ..................................
Mobility Domain ID for 802.11r...................
Mobility Keepalive Interval......................
Mobility Keepalive Count.........................
Mobility Group Members Configured................
Mobility Control Message DSCP Value..............
Controllers configured in the Mobility Group
IP Address Public IP Address Group Name
Status
9.71.106.2 9.72.106.2
Mobility
Data Path Down

16666
Mobility
Disabled
0xb348
10
3
3
0

Multicast IP
0.0.0.0

MAC Address

00:00:00:00:00:00

Control and

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1867

show Commands

9.71.106.3 9.72.106.3
Data Path Down
9.71.106.69 9.72.106.69

Mobility

0.0.0.0

00:00:00:00:00:00

Mobility

0.0.0.0

68:ef:bd:8e:5f:20

Control and
Up

Cisco Wireless LAN Controller Command Reference, Release 8.0

1868

OL-31334-01

show Commands

show pmipv6 domain

To display the summary information of a PMIPv6 domain, use the show pmipv6 domain command.
show pmipv6 domain domain_name profile profile_name

Syntax Description

Command History

Examples

domain_name

Name of the PMIPv6 domain. The domain name can be up

to 127 case-sensitive alphanumeric characters.

profile

Specifies the PMIPv6 profile.

profile_name

Name of the profile associated with the PMIPv6 domain.

The profile name can be up to 127 case-sensitive
alphanumeric characters.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the summary information of a PMIPv6 domain:
(Cisco Controller) >show pmipv6 domain floor1 profile profile1
NAI: @example.com
APN: Example
LMA: Examplelma
NAI: *
APN: ciscoapn
LMA: ciscolma

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1869

show Commands

show pmipv6 mag bindings

To display the binding information of a Mobile Access Gateway (MAG), use the show pmipv6 mag binding
command.
show pmipv6 mag bindings [lma lma_name | nai nai_string]

Syntax Description

Command History

Examples

lma

(Optional) Displays the binding details of the MAG to

an Local Mobility Anchor (LMA).

lma_name

Name of the LMA. The LMA name is case-sensitive and

can be up to 127 alphanumeric characters.

nai

(Optional) Displays the binding details of the MAG to a

client.

nai_string

Network Access Identifier (NAI) of the client. The NAI

is case-sensitive and can be up to 127 alphanumeric
characters. You can use all special characters except a
colon.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the MAG bindings:

(Cisco Controller) >show pmipv6 mag binding
[Binding][MN]: Domain: D1, Nai: [email protected]
[Binding][MN]: State: ACTIVE
[Binding][MN]: Interface: Management
[Binding][MN]: Hoa: 0xE0E0E02, att: 3, llid: aabb.cc00.c800
[Binding][MN][LMA]: Id: LMA1
[Binding][MN][LMA]: lifetime: 3600
[Binding][MN][GREKEY]: Upstream: 102, Downstream: 1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1870

OL-31334-01

show Commands

show pmipv6 mag globals

To display the global PMIPv6 parameters of the Mobile Access Gateway (MAG), use the show pmipv6 mag
globals command.
show pmipv6 mag globals

Syntax Description

Command History

Examples

This command has no arguments or keywords.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the global PMIPv6 parameters of a MAG:
(Cisco Controller) >show pmipv6 mag globals
Domain : D1
MAG Identifier : M1
MAG Interface
Max Bindings
Registration Lifetime
BRI Init-delay time
BRI Max-delay time
BRI Max retries
Refresh time
Refresh RetxInit time
Refresh RetxMax time
Timestamp option
Validity Window
Peer#1:
LMA Name: AN-LMA-5K
Peer#2:
LMA Name: AN-LMA
Peer#3:
LMA Name: AN-LMA

:
:
:
:
:
:
:
:
:
:
:

Management
10000
3600 (sec)
1000 (msec)
2000 (msec)
1
300 (sec)
1000 (msec)
32000 (msec)
Enabled
7

LMA IP: 209.165.201.10

LMA IP: 209.165.201.4
LMA IP: 209.165.201.4

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1871

show Commands

show pmipv6 mag stats

To display the statistics of the Mobile Access Gateway (MAG), use the show pmipv6 mag stats command.
show pmipv6 mag stats [domain domain_name peer lma_name]

Syntax Description

Command History

Usage Guidelines

domain

(Optional) Displays the MAG statistics for a Local Mobility Anchor

(LMA) in the domain.

domain_name

Name of the PMIPv6 domain. The domain name is case-sensitive

and can be up to 127 alphanumeric characters.

peer

(Optional) Displays the MAG statistics for an LMA.

lma_name

Name of the LMA. The LMA name is case sensitive and can be
up to 127 alphanumeric characters.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

This table lists the descriptions of the LMA statistics.

Table 19: Descriptions of the LMA Statistics:

LMA Statistics

Description

PBU Sent

Total number of Proxy Binding Updates (PBUs) sent

to the LMA by the MAG.
PBU is a request message sent by the MAG to a
mobile nodes LMA for establishing a binding
between the mobile nodes interface and its current
care-of address (Proxy-CoA).

PBA Received

Total number of Proxy Binding Acknowledgements

(PBAs) received by the MAG from the LMA.
PBA is a reply message sent by an LMA in response
to a PBU message that it receives from a MAG.

PBRI Sent

Total number of Proxy Binding Revocation

Indications (PBRIs) sent by the MAG to the LMA.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1872

OL-31334-01

show Commands

Examples

LMA Statistics

Description

PBRI Received

Total number of PBRIs received from the LMA by

the MAG.

PBRA Sent

Total number of Proxy Binding Revocation

Acknowledgements (PBRAs) sent by the MAG to
the LMA.

PBRA Received

Total number of PBRAs that the MAG receives from

the LMA.

Number of Handoff

Number of handoffs between the MAG and the LMA.

The following example shows how to display the LMA statistics:

(Cisco Controller) >show pmipv6 mag stats
[M1]: Total Bindings
: 1
[M1]: PBU Sent
: 7
[M1]: PBA Rcvd
: 4
[M1]: PBRI Sent
: 0
[M1]: PBRI Rcvd
: 0
[M1]: PBRA Sent
: 0
[M1]: PBRA Rcvd
: 0
[M1]: No Of handoff
: 0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1873

config Commands

show pmipv6 profile summary

To display the summary of the PMIPv6 profiles, use the show pmipv6 profile summary command.
show pmipv6 profile summary

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to display the summary of the PMIPv6 profiles:
(Cisco Controller) >show pmipv6 profile summary
Profile Name
WLAN IDS (Mapped)
---------------------------Group1
6

config Commands
This section lists the config commands to configure mobility.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1874

OL-31334-01

config Commands

config mobility dscp

To configure the mobility intercontroller DSCP value, use the config mobility dscp command.
config mobility dscp dscp_value

Syntax Description

Command Default

Command History

Examples

dscp_value

DSCP value ranging from 0 to 63.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the mobility intercontroller DSCP value to 40:
(Cisco Controller) >config mobility dscp 40

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1875

config Commands

config mobility group anchor

To create a new mobility anchor for the WLAN or wired guest LAN, enter, use the config mobility group
anchor command.
config mobility group anchor {add | delete} {wlan wlan_id | guest-lan guest_lan_id} anchor_ip

Syntax Description

Command Default

Command History

Usage Guidelines

add

Adds or changes a mobility anchor to a wireless LAN.

delete

Deletes a mobility anchor from a wireless LAN.

wlan

Specifies the wireless LAN anchor settings.

wlan_id

Wireless LAN identifier between 1 and 512 (inclusive).

guest-lan

Specifies the guest LAN anchor settings.

guest_lan_id

Guest LAN identifier between 1 and 5 (inclusive).

anchor_ip

IP address of the anchor controller.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The wlan_id or guest_lan_id must exist and be disabled.

Auto-anchor mobility is enabled for the WLAN or wired guest LAN when you configure the first mobility
anchor. Deleting the last anchor disables the auto-anchor mobility feature and resumes normal mobility for
new associations.

Examples

The following example shows how to add a mobility anchor with the IP address 192.12.1.5 to a wireless LAN
ID 2:
(Cisco Controller) >config mobility group anchor add wlan 2 192.12.1.5

The following example shows how to delete a mobility anchor with the IP address 193.13.1.15 from a wireless
LAN:
(Cisco Controller) >config mobility group anchor delete wlan 5 193.13.1.5

Cisco Wireless LAN Controller Command Reference, Release 8.0

1876

OL-31334-01

config Commands

config mobility group domain

To configure the mobility domain name, use the config mobility group domain command.
config mobility group domain domain_name

Syntax Description

Command Default

Command History

Examples

domain_name

Domain name. The domain name can be up to 31 case-sensitive characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a mobility domain name lab1:
(Cisco Controller) >config mobility group domain lab1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1877

config Commands

config mobility group keepalive count

To configure the Cisco WLC to detect failed mobility group members (including anchor Cisco WLCs), use
the config mobility group keepalive count command.
config mobility group keepalive count count

Syntax Description

Command Default

Command History

Examples

count

Number of times that a ping request is sent to a mobility group member before
the member is considered unreachable. The range is from 3 to 20. The default
is 3.

The default number of times that a ping request is sent to a mobility group member is 3.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to specify the number of times a ping request is sent to a mobility group
member before the member is considered unreachable to three counts:
(Cisco Controller) >config mobility group keepalive count 3

Cisco Wireless LAN Controller Command Reference, Release 8.0

1878

OL-31334-01

config Commands

config mobility group keepalive interval

To configure the controller to detect failed mobility group members (including anchor controllers), use the
config mobility group keepalive command.
config mobility group keepalive interval

Syntax Description

Command Default

Command History

Examples

interval

Interval of time between each ping request sent to a mobility group member. The
range is from 1 to 30 seconds. The default value is 10 seconds.

The default interval of time between each ping request is 10 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to specify the amount of time between each ping request sent to a mobility
group member to 10 seconds:
(Cisco Controller) >config mobility group keepalive 10

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1879

config Commands

config mobility group member

Syntax Description

Command Default

Command History

Examples

add

Adds or changes a mobility group member to

the list.

MAC-addr

Member switch MAC address.

IP-addr

Member switch IP address.

group_name

(Optional) Member switch group name (if

different from the default group name).

delete

(Optional) Deletes a mobility group member

from the list.

hash

Configures the hash key for authorization. You

can configure the hash key only if the member
is a virtual controller in the same domain.

key

Hash key of the virtual controller. For example,

a819d479dcfeb3e0974421b6e8335582263d9169

none

Clears the previous hash key of the virtual

controller.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

The following example shows how to add a mobility group member with an IPv4 address to the list:
(Cisco Controller) >config mobility group member add 11:11:11:11:11:11 209.165.200.225

Cisco Wireless LAN Controller Command Reference, Release 8.0

1880

OL-31334-01

config Commands

The following example shows how to add a mobility group member with an IPv6 address to the list:
(Cisco Controller) >config mobility group member add 11:11:11:11:11:11 2001:DB8::1

The following example shows how to configure the hash key of a virtual controller in the same domain:

Note

The IP address in this example can be in either IPv4 or IPv6 format.

(Cisco Controller) >config mobility group member hash 209.165.201.1
a819d479dcfeb3e0974421b6e8335582263d9169

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1881

config Commands

config mobility group multicast-address

To configure the multicast group IP address for nonlocal groups within the mobility list, use the config mobility
group multicast-address command.
config mobility group multicast-address group_name ip_address

Syntax Description

Command Default

Command History

Examples

group_name

Member switch group name (if different from the default group
name).

ip_address

Member switch IP address.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

The following example shows how to configure the multicast group IP address 10.10.10.1 for a group named
test:
(Cisco Controller) >config mobility group multicast-address test 10.10.10.1

The following example shows how to configure the multicast group IP address 2001:DB8::1 for a group
named test:
(Cisco Controller) >config mobility group multicast-address test 2001:DB8::1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1882

OL-31334-01

config Commands

config mobility multicast-mode

To enable or disable mobility multicast mode, use the config mobility multicast-mode command.
config mobility multicast-mode {enable | disable} local_group_multicast_address

Syntax Description

Command Default

Command History

Examples

enable

Enables the multicast mode; the controller uses

multicast mode to send Mobile Announce messages
to the local group.

disable

Disables the multicast mode; the controller uses

unicast mode to send the Mobile Announce
messages to the local group.

local_group_multicast_address

IP address for the local mobility group.

The mobility multicast mode is disabled.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the multicast mobility mode for the local mobility group IP
address 157.168.20.0:
(Cisco Controller) >config mobility multicast-mode enable 157.168.20.0

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1883

config Commands

config mobility new-architecture

To enable new mobility on the Cisco Wireless LAN Controller (WLC), use the config mobility
new-architecture command.
config mobility new-architecture {enable| disable}

Syntax Description

Command Default

Command History

enable

Configures the Cisco WLC to switch to the new mobility architecture.

disable

Configures the Cisco WLC to switch to the old flat mobility architecture.

By default, new mobility is disabled.

Release

Modification

7.3.112.0

This command was introduced.

Usage Guidelines

New mobility is supported only on Cisco WiSM2, Cisco 2500 Series Wireless Controllers, Cisco 5500 Series
Wireless Controllers, and Cisco 8500 Series Wireless Controllers. New mobility enables the Cisco WLC to
be compatible with Converged Access controllers with Wireless Control Module (WCM), such as Cisco
Catalyst 3850 Series and the Cisco 5760 Wireless LAN Controllers.

Examples

The following example shows how to enable new mobility on the Cisco WLC:
(Cisco Controller) >config mobility new-architecture enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

1884

OL-31334-01

config Commands

config mobility oracle

To configure the Mobility Oracle (MO), use the config mobility oracle command.
config mobility oracle {enable | disable | ip ip_address}

Syntax Description

Command Default

Command History

Usage Guidelines

enable

Enables the MO on startup.

disable

Disables the MO on startup.

Specifies the IP address of the MO.

ip_address

IP address of the MO.

None

Release

Modification

7.3.112.0

This command was introduced.

8.0

This command supports only IPv4 address format.

The MO maintains the client database under one complete mobility domain. It consists of a station database,
an interface to the mobility Cisco WLC, and an NTP server. There can be only one MO in the entire mobility
domain.
The IPv6 address format for this command is not supported.

Examples

The following example shows how to configure the MO IP address:

(Cisco Controller) >config mobility oracle ip 27.0.0.1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1885

config Commands

config mobility switchPeerGroup

To configure a switch peer group (SPG) on the controller, use the config mobility switchPeerGroup command.
config mobility switchPeerGroup {bridge-domain-id peer-group-name bridge domain id | create
peer-group-name | delete peer-group-name | member {add | delete} IP_address [public_IP_address]
peer-group-name | multicast-address peer-group-name multicast_IP_address}

Syntax Description

Command Default

Command History

bridge-domain-id

Configures the bridge domain ID of the SPG.

peer-group-name

Name of the SPG.

bridge domain id

Bridge domain ID of the SPG.

create

Creates an SPG.

delete

Deletes an SPG.

member

Configures a member switch for an SPG.

add

Adds a member switch into an SPG.

IP_address

IP address of the member switch.

public_IP_address

(Optional) Public IP address of the SPG member.

multicast-address

Configures the multicast address of the SPG.

multicast_IP_address

Multicast address of the SPG.

None

Release

Modification

7.3.112.0

This command was introduced.

8.0

This command supports only IPv4 address format.

Usage Guidelines

The IPv6 address format for this command is not supported.

Examples

The following example shows how to create an SPG.

(Cisco Controller) >config mobility switchPeerGroup create SPG1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1886

OL-31334-01

config Commands

config mobility secure-mode

To configure the secure mode for mobility messages between Cisco WLCs, use the config mobility
secure-mode command.
config mobility secure-mode {enable | disable}

Syntax Description

Command Default

Command History

Examples

enable

Enables the mobility group message security.

disable

Disables mobility group message security.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable the secure mode for mobility messages:
(Cisco Controller) >config mobility secure-mode enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1887

config Commands

config mobility statistics reset

To reset the mobility statistics, use the config mobility statistics reset command.
config mobility statistics reset

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

This example shows how to reset the mobility group statistics:

(Cisco Controller) >config mobility statistics reset

Cisco Wireless LAN Controller Command Reference, Release 8.0

1888

OL-31334-01

config Commands

config pmipv6 domain

To configure PMIPv6 and to enable Mobile Access Gateway (MAG) functionality on Cisco WLC, use the
config pmipv6 domain command.
config pmipv6 domain domain_name

Syntax Description

Command Default

Command History

Examples

domain_name

Name of the PMIPv6 domain. The domain name can be up to 127

case-sensitive, alphanumeric characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure a domain name for a PMIPv6 WLAN:
(Cisco Controller) >config pmipv6 domain floor1

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1889

config Commands

config pmipv6 add profile

To create a Proxy Mobility IPv6 (PMIPv6) profile for the WLAN, use the config pmipv6 add profile command.
You can configure PMIPv6 profiles based on a realm or a service set identifier (SSID).
config pmipv6 add profile profile_name nai {user@realm | @realm | *} lma lma_name apn apn_name

Syntax Description

Command Default

Command History

Usage Guidelines

profile_name

Name of the profile. The profile name is case sensitive and can be up to 127
alphanumeric characters.

nai

Specifies the Network Access Identifier of the client.

user@realm

Network Access Identifier of the client in the format user@realm. The NAI name
is case sensitive and can be up to 127 alphanumeric characters.

@realm

Network Access Identifier of the client in the format @realm.

All Network Access Identifiers. You can have profiles based on an SSID for all
users.

lma

Specifies the Local Mobility Anchor (LMA).

lma_name

Name of LMA. The LMA name is case sensitive and can be up to 127
alphanumeric characters.

apn

Specifies the access point.

ap_name

Name of the access point. The access point name is case sensitive and can be up
to 127 alphanumeric characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

This command is a prerequisite for using PMIPv6 configuration commands if the controller uses open
authentication.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1890

OL-31334-01

config Commands

Examples

The following example shows how to create a PMIPv6 profile:

(Cisco Controller) >config pmipv6 add profile profile1 nai @vodfone.com lma vodfonelma apn
vodafoneapn

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1891

config Commands

config pmipv6 delete

To delete a Proxy Mobility IPv6 (PMIPv6) profile, domain, or Local Mobility Anchor (LMA), use the config
pmipv6 delete command.
config pmipv6 delete {profile profile_name nai { nai_id | all } | domain domain_name | lma lma_name}

Syntax Description

Command Default

Command History

Examples

profile

Specifies the PMIPv6 profile.

profile_name

Name of the PMIPv6 profile. The profile name is case sensitive and can be up
to 127 alphanumeric characters.

nai

Specifies the Network Access Identifier (NAI) of a mobile client.

nai_id

Network Access Identifier of a mobile client. The NAI is case sensitive and
can be up to 127 alphanumeric characters.

all

Specifies all NAIs. When you delete all NAIs, the profile is deleted.

domain

Specifies the PMIPv6 domain.

domain_name

Name of the PMIPv6 domain. The domain name is case sensitive and can be
up to 127 alphanumeric characters.

lma

Specifies the LMA.

lma_name

Name of the LMA. The LMA name is case sensitive and can be up to 127
alphanumeric characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to delete a domain:

(Cisco Controller) >config pmipv6 delete lab1

Cisco Wireless LAN Controller Command Reference, Release 8.0

1892

OL-31334-01

config Commands

config pmipv6 mag apn

To configure an Access Point Name (APN) for a mobile access gateway (MAG), use the config pmipv6 mag
apn command.
config pmipv6 mag apn apn-name

Syntax Description

Command Default

Command History

Usage Guidelines

apn-name

Access point name for the MAG.

None

Release

Modification

8.0

This command was introduced.

By default, the MAG role is WLAN. However, for the lightweight access points, MAG role should be
configured as 3GPP. If the MAG role is 3GPP, it is mandatory to specify an APN for the MAG.
To delete an APN for a MAG, use the config pmipv6 delete mag apn apn-name command.

Examples

The following example shows how to add an APN for a MAG:

(Cisco Controller) >config pmipv6 mag apn myCiscoAP

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1893

config Commands

config pmipv6 mag binding init-retx-time

To configure the initial timeout between the proxy binding updates (PBUs) when the Mobile Access Gateway
(MAG) does not receive the proxy binding acknowledgements (PBAs), use the config pmipv6 mag binding
init-retx-time command.
config pmipv6 mag binding init-retx-time units

Syntax Description

Command Default

Command History

Examples

units

Initial timeout between the PBUs when the MAG does not receive the PBAs. The range
is from 100 to 65535 seconds.

The default initial timeout is 1000 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the initial timeout between the PBUs when the MAG does
not receive the PBAs:
(Cisco Controller) >config pmipv6 mag binding init-retx-time 500

Cisco Wireless LAN Controller Command Reference, Release 8.0

1894

OL-31334-01

config Commands

config pmipv6 mag binding lifetime

To configure the lifetime of the binding entries in the Mobile Access Gateway (MAG), use the config pmipv6
mag binding lifetime command.
config pmipv6 mag binding lifetime units

Syntax Description

Command Default

Command History

units

Lifetime of the binding entries in the MAG. The binding lifetime must be a multiple of
4 seconds. The range is from 10 to 65535 seconds.

The default lifetime of the binding entries is 65535 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You must configure a Proxy Mobility IPv6 (PMIPv6) domain before you configure the lifetime of the binding
entries in the controller.

Examples

The following example shows how to configure the lifetime of the binding entries in the controller:
(Cisco Controller) >config pmipv6 mag binding lifetime 5000

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1895

config Commands

config pmipv6 mag binding max-retx-time

To configure the maximum timeout between the proxy binding updates (PBUs) when the Mobility Access
Gateway (MAG) does not receive the proxy binding acknowledgments (PBAs), use the config pmipv6 mag
binding max-retx-time command.
config pmipv6 mag binding max-retx-time units

Syntax Description

Command Default

Command History

Examples

units

Maximum timeout between the PBUs when the MAG does not receive the PBAs. The
range is from 100 to 65535 seconds.

The default maximum timeout is 32000 seconds.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure the maximum timeout between the PBUs when the MAG
does not receive the PBAs:
(Cisco Controller) >config pmipv6 mag binding max-retx-time 50

Cisco Wireless LAN Controller Command Reference, Release 8.0

1896

OL-31334-01

config Commands

config pmipv6 mag binding maximum

To configure the maximum number of binding entries in the Mobile Access Gateway (MAG), use the config
pmipv6 mag binding maximum command.
config pmipv6 mag binding maximum units

Syntax Description

Command Default

Command History

units

Maximum number of binding entries in the MAG. This number indicates the maximum
number of users connected to the MAG. The range is from 0 to 40000.

The default maximum number of binding entries in the MAG is 10000.

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

You must configure a Proxy Mobility IPv6 (PMIPv6) domain before you configure the maximum number of
binding entries in the MAG.

Examples

The following example shows how to configure the maximum number of binding entries in the MAG:
(Cisco Controller) >config pmipv6 mag binding maximum 20000

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1897

config Commands

config pmipv6 mag binding refresh-time

To configure the refresh time of the binding entries in the MAG, use the config pmipv6 mag binding
refresh-time command.
config pmipv6 mag binding refresh-time units

Syntax Description

units

Refresh time of the binding entries in the MAG. The binding refresh time must be a
multiple of 4. The range is from 4 to 65535 seconds.

Command Default

The default refresh time of the binding entries in the MAG is 300 seconds.

Usage Guidelines

You must configure a PMIPv6 domain before you configure the refresh time of the binding entries in the
MAG.

Examples

The following example shows how to configure the refresh time of the binding entries in the MAG:
(Cisco Controller) >config pmipv6 mag binding refresh-time 500

Cisco Wireless LAN Controller Command Reference, Release 8.0

1898

OL-31334-01

config Commands

config pmipv6 mag bri delay

To configure the maximum or minimum amount of time that the MAG waits before retransmitting a Binding
Revocation Indication (BRI) message, use the config pmipv6 mag bri delay command.
config pmipv6 mag bri delay {min | max} time

Syntax Description

Command Default

min

Specifies the minimum amount of time that the MAG waits before retransmitting a
BRI message.

max

Specifies the maximum amount of time that the MAG waits before retransmitting a
BRI message.

time

Maximum or minimum amount of time that the Cisco WLC waits before retransmitting
a BRI message. The range is from 500 to 65535 milliseconds.

The default value of the maximum amount of time that the MAG waits before retransmitting a BRI message
is 2 seconds.
The default value of the minimum amount of time that the MAG waits before retransmitting a BRI message
is 1 second.

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to configure the minimum amount of time that the MAG waits before
retransmitting a BRI message:
(Cisco Controller) >config pmipv6 mag bri delay min 500

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1899

config Commands

config pmipv6 mag bri retries

To configure the maximum number of times that the MAG retransmits the Binding Revocation Indication
(BRI) message before receiving the Binding Revocation Acknowledgment (BRA) message, use the config
pmipv6 mag bri retries command.
config pmipv6 mag bri retries retries

Syntax Description

retries

Maximum number of times that the MAG retransmits the BRI message before receiving
the BRA message. The range is from 1 to 10 retries.

Command Default

The default is 1 retry.

Examples

The following example shows how to configure the maximum number of times that the MAG retries:
(Cisco Controller) >config pmipv6 mag bri retries 5

Cisco Wireless LAN Controller Command Reference, Release 8.0

1900

OL-31334-01

config Commands

config pmipv6 mag lma

To configure a local mobility anchor (LMA) with the mobile access gateway (MAG), use the config pmipv6
mag lma command.
config pmipv6 mag lma lma_name ipv4-address address

Syntax Description

Command Default

Command History

lma_name

Name of the LMA. The LMA name can be a NAI or a string that
uniquely identifies the LMA.

ipv4-address

Specifies the IP address of the LMA.

address

IP address of the LMA.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Usage Guidelines

This command is a prerequisite to configure PMIPv6 parameters on the MAG.

Examples

The following example shows how to configure an LMA with the MAG:
(Cisco Controller) >config pmipv6 mag lma vodafonelma ipv4-address 209.165.200.254

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1901

config Commands

config pmipv6 mag replay-protection

To configure the maximum amount of time difference between the timestamp in the received proxy binding
acknowledgment (PBA) and the current time of the day for replay protection, use the config pmipv6 mag
replay-protection command.
config pmipv6 mag replay-protection { timestamp window time | sequence-no sequence |
mobile-node-timestamp mobile_node_timestamp }

Syntax Description

timestamp

Specifies the time stamp of the PBA message.

window

Specifies the maximum time difference between the time stamp in

the received PBA message and the current time of day.

time

Maximum time difference between the time stamp in the received

PBA message and the current time of day. The range is from 1 to
300 milliseconds.

sequence-no

(Optional) Specifies the sequence number in a Proxy Binding

Update message.

sequence

(Optional) Sequence number in the Proxy Binding Update message.

mobile_node_timestamp

(Optional) Specifies the time stamp of the mobile node.

mobile_node_timestamp

(Optional) Time stamp of the mobile node.

Command Default

The default maximum time difference is 300 milliseconds.

Usage Guidelines

Only the timestamp option is supported.

Examples

The following example shows how to configure the maximum amount of time difference in milliseconds
between the time stamp in the received PBA message and the current time of day:
(Cisco Controller) >config pmipv6 mag replay-protection timestamp window 200

Cisco Wireless LAN Controller Command Reference, Release 8.0

1902

OL-31334-01

config Commands

config wlan mobility anchor

To change the state of MAC filtering on a wireless LAN, use the config wlan mobility anchor command.
config wlan mobility anchor {add | delete} wlan_id ip_addr

Syntax Description

Command Default

Command History

Examples

add

Enables MAC filtering on a wireless LAN.

delete

Disables MAC filtering on a wireless LAN.

wlan_id

Wireless LAN identifier between 1 and 512.

ip_addr

Member switch IPv4 address for anchoring the wireless LAN.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports only IPv4 address format.

The following example shows how to configure the mobility wireless LAN anchor list with WLAN ID 4 and
IPv4 address 192.168.0.14
(Cisco Controller) >config wlan mobility anchor add 4 192.168.0.14

Related Commands

show wlan

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1903

config Commands

config wlan mobility foreign-map

Syntax Description

Command Default

Command History

Examples

add

Adds an interface or interface group to the map of foreign controllers.

delete

Deletes an interface or interface group from the map of foreign controllers.

wlan_id

Wireless LAN identifier from 1 to 512.

foreign_mac_address

Foreign switch MAC address on a WLAN.

interface_name

Interface name up to 32 alphanumeric characters.

interface_group_name

Interface group name up to 32 alphanumeric characters.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1904

OL-31334-01

config Commands

config wlan pmipv6 default-realm

To configure a default realm for a PMIPv6 WLAN, use the config wlan pmipv6 default-realm command.
config wlan pmipv6 default-realm { default-realm-name | none } wlan_id

Syntax Description

Command Default

Command History

Examples

default-realm-name Default realm name for the WLAN.

none

Clears the realm name for the WLAN.

wlan_id

Wireless LAN identifier between 1 and 512.

None.

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure a default realm name on a PMIPv6 WLAN:
(Cisco Controller) >config wlan pmipv6 default-realm XYZ 6

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1905

config Commands

config wlan pmipv6 mobility-type

To configure the mobility type on a WLAN, use the config wlan pmipv6 mobility-type command.
config wlan pmipv6 mobility-type {none | pmipv6 } { wlan_id | all }

Syntax Description

Command Default

Command History

none

Configures a WLAN with Simple IP mobility.

pmipv6

Configures a WLAN with PMIPv6 mobility.

all

Enables the specified type of mobility for all WLANs.

wlan_id

WLAN identifier between 1 and 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You must disable the WLAN when you configure the mobility type.

Examples

The following example shows how to configure the mobility type as PMIPv6 on a WLAN:
(Cisco Controller) >config wlan pmipv6 mobility-type pmipv6 16

Cisco Wireless LAN Controller Command Reference, Release 8.0

1906

OL-31334-01

clear, debug and ping Commands

config wlan pmipv6 profile_name

To configure a profile name for the PMIPv6 WLAN, use the config wlan pmipv6 profile_name command.
config wlan pmipv6 profile_name profile_name wlan_id

Syntax Description

Command Default

Command History

profile_name

Profile name for the PMIPv6 WLAN.

wlan_id

Wireless LAN identifier from 1 to 512.

None

Release

Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Examples

The following example shows how to create a profile named ABC01 on a PMIPv6 WLAN:
(Cisco Controller) >config wlan pmipv6 profile_name ABC01 16

clear, debug and ping Commands

This section lists the config , debug , ping commands for mobility.

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1907

clear, debug and ping Commands

clear stats mobility

To clear mobility manager statistics, use the clear stats mobility command.
clear stats mobility

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Examples

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to clear mobility manager statistics:

(Cisco Controller) >clear stats mobility
Mobility stats cleared.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1908

OL-31334-01

clear, debug and ping Commands

cping
To test mobility data traffic using the new mobility architecture, use the cping command.
cping mobility_peer_IP_address

Syntax Description

Command Default

Command History

mobility_peer_IP_address

IP address of a peer mobility controller.

None

Release

Modification

7.5

This command was introduced in the controller 7.5

Release.

Usage Guidelines

This command tests the mobility data traffic using the new mobility architecture.

Examples

The following example shows how to test the data traffic of a controller with peer mobility IP address as
172.12.35.31:
(Cisco Controller) >cping 172.12.35.31

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1909

clear, debug and ping Commands

debug dot11
To configure the debugging of 802.11 events, use the debug dot11 command.
debug dot11 {all | load-balancing | management | mobile | nmsp | probe | rldp | rogue | state} {enable |
disable}

Syntax Description

Command Default

Command History

all

Configures the debugging of all 802.11 messages.

load-balancing

Configures the debugging of 802.11 load balancing

events.

management

Configures the debugging of 802.11 MAC

management messages.

mobile

Configures the debugging of 802.11 mobile events.

nmsp

Configures the debugging of the 802.11 NMSP

interface events.

probe

Configures the debugging of probe.

rldp

Configures the debugging of 802.11 Rogue Location

Discovery.

rogue

Configures the debugging of 802.11 rogue events.

state

Configures the debugging of 802.11 mobile state

transitions.

enable

Enables the 802.11 debugging.

disable

Disables the 802.11 debugging.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1910

OL-31334-01

clear, debug and ping Commands

Examples

The following example shows how to enable the debugging of 802.11 settings:
(Cisco Controller) > debug dot11 state enable
(Cisco Controller) > debug dot11 mobile enable

Related Commands

debug disable-all
debug dot11 mgmt interface
debug dot11 mgmt msg
debug dot11 mgmt ssid
debug dot11 mgmt state-machine
debug dot11 mgmt station

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1911

clear, debug and ping Commands

debug client
To configure the debugging of a passive client that is associated correctly with the access point, use the debug
client command.
debug client mac_address

Syntax Description

mac_address

MAC address of the client.

Command Default

None

Examples

The following example shows how to debug a passive client with MAC address 00:0d:28:f4:c0:45:
(Cisco Controller) >debug client 00:0d:28:f4:c0:45

Cisco Wireless LAN Controller Command Reference, Release 8.0

1912

OL-31334-01

clear, debug and ping Commands

debug fmchs
To configure debugging of Fixed Mobile Convergence Handover Service (FMCHS) of the controller, use the
debug fmchscommand.
debug fmchs {all | error | event | nmsp | packet} {enable | disable}

Syntax Description

Command Default

Command History

Examples

all

Configures debugging of all FMCHS messages.

error

Configures debugging of the FMCHS errors.

event

Configures debugging of the FMCHS events.

nmsp

Configures debugging of the FMCHS NMSP events.

packet

Configures debugging of the FMCHS packets.

enable

Enables debugging of the FMCHS options.

disable

Disables debugging of the FMCHS options.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

The following example shows how to enable FMCHS event debugging:

(Cisco Controller) >debug fmchs event enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1913

clear, debug and ping Commands

debug mobility
To configure the debugging of wireless mobility, use the debug mobility command.
debug mobility {ap-list | config | directory | dtls | handoff | keep-alive | multicast | oracle | packet | peer-ip
IP-address | pmk | pmtu-discovery | redha} {enable | disable}

Syntax Description

ap-list

Configures the debugging of wireless mobility

access point list.

config

Configures the debugging of wireless mobility

configuration.

Configures the debugging of wireless mobility error

messages.

dtls

Configures the debugging of wireless mobility

Datagram Transport Layer Security (DTLS)
options.

handoff

Configures the debugging of wireless mobility

handoff messages.

keep-alive

Configures the debugging of wireless mobility

CAPWAP data DTLS keep-alive packets.

multicast

Configures the debugging of multicast mobility

packets.

oracle

Starts the debugging of wireless mobility oracle

options.

packet

Configures the debugging of wireless mobility

packets.

peer-ip

Configures IP address of the mobility peer for

which incoming and outgoing mobility messages
should be displayed.

IP-address

IP address of the mobility peer for which incoming

and outgoing mobility messages should be
displayed.

pmk

Configures the debugging of wireless mobility

pairwise master key (PMK).

pmtu-discovery

Configures the debugging of the wireless mobility

path MTU discovery.

Cisco Wireless LAN Controller Command Reference, Release 8.0

1914

OL-31334-01

clear, debug and ping Commands

Command Default

Command History

Examples

redha

Configures the debugging of the multicast mobility

high availability.

enable

Enables the debugging of the wireless mobility

feature.

disable

Disables the debugging of the wireless mobility

feature.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

The following example shows how to enable the debugging of wireless mobility packets.
(Cisco Controller) >debug mobility handoff enable

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1915

clear, debug and ping Commands

eping
To test the mobility Ethernet over IP (EoIP) data packet communication between two Cisco WLCs, use the
eping command.
eping mobility_peer_IP_address

Syntax Description

Command Default

Command History

Usage Guidelines

Note

mobility_peer_IP_address

IP address of a controller that belongs to a mobility group.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports only IPv4 address format.

This command tests the mobility data traffic over the management interface.

This ping test is not Internet Control Message Protocol (ICMP) based. The term ping is used to indicate
an echo request and an echo reply message.
The IPv6 address format for this command is not supported.

Examples

The following example shows how to test EoIP data packets and to set the IP address of a controller that
belongs to a mobility group to 172.12.35.31:
(Cisco Controller) >eping 172.12.35.31

Cisco Wireless LAN Controller Command Reference, Release 8.0

1916

OL-31334-01

clear, debug and ping Commands

mping
To test mobility UDP control packet communication between two Cisco WLCs, use the mping command.
mping mobility_peer_IP_address

Syntax Description

Command Default

Command History

Usage Guidelines

Note

Examples

mobility_peer_IP_address

IP address of a controller that belongs to a mobility group.

None

Release

Modification

7.6

This command was introduced in a release earlier than

Release 7.6.

8.0

This command supports both IPv4 and IPv6 address

formats.

This test runs over mobility UDP port 16666. It tests whether the mobility control packet can be reached over
the management interface.

This ping test is not Internet Control Message Protocol (ICMP) based. The term ping is used to indicate
an echo request and an echo reply message.

The following example shows how to test mobility UDP control packet communications and to set the IP
address of a Cisco WLC that belongs to a mobility group to 172.12.35.31:
(Cisco Controller) >mping 172.12.35.31

Cisco Wireless LAN Controller Command Reference, Release 8.0

OL-31334-01

1917

clear, debug and ping Commands

Cisco Wireless LAN Controller Command Reference, Release 8.0

1918

OL-31334-01

MESBG Armies of Middle-Earth
100% (2)
MESBG Armies of Middle-Earth
198 pages
Gov Uscourts DCD 258148 252 0
86% (14)
Gov Uscourts DCD 258148 252 0
165 pages
Cisco Sd-Wan Vmanage Cluster Creation and Troubleshooting
No ratings yet
Cisco Sd-Wan Vmanage Cluster Creation and Troubleshooting
27 pages
Criminal Procedure Handbook Thirteen Edition
No ratings yet
Criminal Procedure Handbook Thirteen Edition
665 pages
Introduction To The Junos Operating System: Detailed Lab Guide
No ratings yet
Introduction To The Junos Operating System: Detailed Lab Guide
108 pages
Brocade Cisco Command Comparison
No ratings yet
Brocade Cisco Command Comparison
17 pages
Junos Commands Vs IOS Commands
No ratings yet
Junos Commands Vs IOS Commands
3 pages
Next-Generation switching OS configuration and management: Troubleshooting NX-OS in Enterprise Environments
From Everand
Next-Generation switching OS configuration and management: Troubleshooting NX-OS in Enterprise Environments
Mamta Devi
No ratings yet
Deploying and Managing a Cloud Infrastructure: Real-World Skills for the CompTIA Cloud+ Certification and Beyond: Exam CV0-001
From Everand
Deploying and Managing a Cloud Infrastructure: Real-World Skills for the CompTIA Cloud+ Certification and Beyond: Exam CV0-001
Abdul Salam
No ratings yet
CCNA 640-802: Chapter 4: Cisco's IOS and SDM
No ratings yet
CCNA 640-802: Chapter 4: Cisco's IOS and SDM
27 pages
Cisco Basic Router Configuration
No ratings yet
Cisco Basic Router Configuration
16 pages
CISCO1841 Datasheet: Quick Specs
No ratings yet
CISCO1841 Datasheet: Quick Specs
4 pages
Cisco 1800 Series Integrated Services Router (Fixed) Software Installation Guide
No ratings yet
Cisco 1800 Series Integrated Services Router (Fixed) Software Installation Guide
196 pages
B Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide Release 6.x
No ratings yet
B Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide Release 6.x
144 pages
VLAN Lab
No ratings yet
VLAN Lab
2 pages
JNCIA-Junos Quick Study Notes: J-Web Views Hierarchy
0% (1)
JNCIA-Junos Quick Study Notes: J-Web Views Hierarchy
1 page
Cisco Switch Config v2.0
No ratings yet
Cisco Switch Config v2.0
24 pages
Ccna Commands
No ratings yet
Ccna Commands
44 pages
PAN-OS 2.1 CLI Reference Guide
No ratings yet
PAN-OS 2.1 CLI Reference Guide
258 pages
Juniper Demo Lab Manual
No ratings yet
Juniper Demo Lab Manual
60 pages
Jncia Lab Guide
No ratings yet
Jncia Lab Guide
18 pages
Cisco Router Configuration Commands
No ratings yet
Cisco Router Configuration Commands
2 pages
303 Linux OS PDF
No ratings yet
303 Linux OS PDF
13 pages
Juniper Demo Practical Lab Manual
No ratings yet
Juniper Demo Practical Lab Manual
59 pages
Zhone Dslam
No ratings yet
Zhone Dslam
410 pages
Cisco Switch Redundancy PDF
No ratings yet
Cisco Switch Redundancy PDF
160 pages
200 Series CLI Guide
No ratings yet
200 Series CLI Guide
718 pages
Networking Solutions Products Genericcontent0900aecd805f0955 PDF
No ratings yet
Networking Solutions Products Genericcontent0900aecd805f0955 PDF
278 pages
Implementing ACIv 2
No ratings yet
Implementing ACIv 2
105 pages
Cisco Vs Extreme
No ratings yet
Cisco Vs Extreme
4 pages
PASSLEADER BY aNTON DUMP CCNA SEC
No ratings yet
PASSLEADER BY aNTON DUMP CCNA SEC
36 pages
All CBT Courses by Path
No ratings yet
All CBT Courses by Path
7 pages
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
100% (5)
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
198 pages
1-Build A Fortinet FW Lab Using Eve-NG: Skill
No ratings yet
1-Build A Fortinet FW Lab Using Eve-NG: Skill
24 pages
Introduction To The Junos Operating System
No ratings yet
Introduction To The Junos Operating System
2 pages
Junos OS Network Management Admin Guide
No ratings yet
Junos OS Network Management Admin Guide
922 pages
Lenteur SSL Palo Alto
No ratings yet
Lenteur SSL Palo Alto
17 pages
Destination NAT On Juniper SRX in A Dual ISP Environment
100% (1)
Destination NAT On Juniper SRX in A Dual ISP Environment
13 pages
Checkpoint Actualtests 156-215 75 v2012-04-08
No ratings yet
Checkpoint Actualtests 156-215 75 v2012-04-08
178 pages
CLI Access Modes:: Operational Mode
No ratings yet
CLI Access Modes:: Operational Mode
3 pages
JUNOS OSPF Configuring Route Optimizations
No ratings yet
JUNOS OSPF Configuring Route Optimizations
31 pages
PB SN2410
No ratings yet
PB SN2410
3 pages
Introduction To Cisco Ios: Prepared By, Prof - Dhanalakshmi IT Dept, Scet
No ratings yet
Introduction To Cisco Ios: Prepared By, Prof - Dhanalakshmi IT Dept, Scet
90 pages
Intro Juniper 1
No ratings yet
Intro Juniper 1
45 pages
Interfaces Ethernet Switches
No ratings yet
Interfaces Ethernet Switches
1,600 pages
Changing Trends in Computer Architecture
No ratings yet
Changing Trends in Computer Architecture
13 pages
Juniper Dynamic VPN
No ratings yet
Juniper Dynamic VPN
14 pages
Activity-8 Configure Layer3 Switch Inter-VLAN Routing With Two Switches
No ratings yet
Activity-8 Configure Layer3 Switch Inter-VLAN Routing With Two Switches
6 pages
ASR9000
No ratings yet
ASR9000
1,152 pages
Cisco Nexus7000 Fundamentals Config Guide 8x
No ratings yet
Cisco Nexus7000 Fundamentals Config Guide 8x
190 pages
300-435 ENAUTO 01 (Autosaved)
No ratings yet
300-435 ENAUTO 01 (Autosaved)
148 pages
Manual A2h124 Completo
No ratings yet
Manual A2h124 Completo
470 pages
Module 3. Installing and Configuring ESXi
No ratings yet
Module 3. Installing and Configuring ESXi
22 pages
F5 LTM Lab Setup in Vmware Workstation:: Vmnet0 Vmnet8 Vmnet1
No ratings yet
F5 LTM Lab Setup in Vmware Workstation:: Vmnet0 Vmnet8 Vmnet1
3 pages
Juniper Commands v2
No ratings yet
Juniper Commands v2
29 pages
Lab Exercise 2 Inter Vlan Routing and Multi Layer Switching 4479
No ratings yet
Lab Exercise 2 Inter Vlan Routing and Multi Layer Switching 4479
5 pages
Linux Networking Commands
No ratings yet
Linux Networking Commands
15 pages
Symantec SSL Visibility Appliance: Data Sheet
No ratings yet
Symantec SSL Visibility Appliance: Data Sheet
6 pages
Installation Guide For Cisco ACS
No ratings yet
Installation Guide For Cisco ACS
8 pages
Routers: Modular Fixed
No ratings yet
Routers: Modular Fixed
17 pages
Configurar o Gns3
No ratings yet
Configurar o Gns3
12 pages
Security Services
No ratings yet
Security Services
1,616 pages
Fortigate Traffic Shaping 40 mr2 PDF
No ratings yet
Fortigate Traffic Shaping 40 mr2 PDF
56 pages
Testout Linux Discussion 3 Answer
No ratings yet
Testout Linux Discussion 3 Answer
2 pages
Testout Linux Discussion 2
No ratings yet
Testout Linux Discussion 2
2 pages
INT 2380 - Linux Admin 2025 2.6.4 Practice Questions
No ratings yet
INT 2380 - Linux Admin 2025 2.6.4 Practice Questions
8 pages
INT 2380 - Linux Admin 2025 2.4.4 Questions Aliases
No ratings yet
INT 2380 - Linux Admin 2025 2.4.4 Questions Aliases
6 pages
Hack For Apple Trackers On All Devices
No ratings yet
Hack For Apple Trackers On All Devices
7 pages
INT 2380 - Linux Admin 2025 2.5.5 Practice Questions Variables
No ratings yet
INT 2380 - Linux Admin 2025 2.5.5 Practice Questions Variables
9 pages
INT 2380 - Linux Admin 2025 Midterm
No ratings yet
INT 2380 - Linux Admin 2025 Midterm
17 pages
Kali Notes
No ratings yet
Kali Notes
7 pages
Vmware Workstation Pro 17 0
No ratings yet
Vmware Workstation Pro 17 0
620 pages
The CIO Playbook
No ratings yet
The CIO Playbook
11 pages
Containers Vs Vms
No ratings yet
Containers Vs Vms
10 pages
Writing CSH Shell Scripts
No ratings yet
Writing CSH Shell Scripts
36 pages
Cisco Isr4400 Series Software Installation Guide
100% (1)
Cisco Isr4400 Series Software Installation Guide
304 pages
Cisco 4400 Series Router Hardware Installation Guide
100% (1)
Cisco 4400 Series Router Hardware Installation Guide
212 pages
Linux Crutial Commands
No ratings yet
Linux Crutial Commands
3 pages
Boat Purchase and Sales Agreement
No ratings yet
Boat Purchase and Sales Agreement
5 pages
Standard Central Listing Agreement
No ratings yet
Standard Central Listing Agreement
1 page
M7350 (EU) 5.0 Datasheet
No ratings yet
M7350 (EU) 5.0 Datasheet
6 pages
Practical Endgame Bible 061222
No ratings yet
Practical Endgame Bible 061222
28 pages
1st English 8
No ratings yet
1st English 8
3 pages
The Night Before Christmas: Inside
No ratings yet
The Night Before Christmas: Inside
2 pages
Matwork: 15 Exercises
No ratings yet
Matwork: 15 Exercises
7 pages
Speaking Practice
No ratings yet
Speaking Practice
1 page
Spanish Identity in Manuel de Falla
No ratings yet
Spanish Identity in Manuel de Falla
64 pages
Euoplocephalus: Pattern
No ratings yet
Euoplocephalus: Pattern
5 pages
Describing Cities and Places
No ratings yet
Describing Cities and Places
5 pages
Amari Gold Asshole Hammered Monster BBC Jovan Jor
No ratings yet
Amari Gold Asshole Hammered Monster BBC Jovan Jor
1 page
Trap Ease America
No ratings yet
Trap Ease America
9 pages
B450M PRO-M2 V2: Features
No ratings yet
B450M PRO-M2 V2: Features
1 page
Music 9 Q4 SLM2
No ratings yet
Music 9 Q4 SLM2
16 pages
Grade 3 Fraction Word Problems b1
No ratings yet
Grade 3 Fraction Word Problems b1
3 pages
Hartford ISC Prospectus 2025 - DIGITAL
No ratings yet
Hartford ISC Prospectus 2025 - DIGITAL
20 pages
Futurism - Class 6-Googie Architecture
No ratings yet
Futurism - Class 6-Googie Architecture
14 pages
Music Year Curriculum
No ratings yet
Music Year Curriculum
3 pages
How Is Food Useful As A Prism To Exploring
No ratings yet
How Is Food Useful As A Prism To Exploring
3 pages
The Immortal Hero
No ratings yet
The Immortal Hero
152 pages
Kill Team List - Orks v3.0 PDF
No ratings yet
Kill Team List - Orks v3.0 PDF
8 pages
Computer Hardware and Servicing Semester 6 Text Books
No ratings yet
Computer Hardware and Servicing Semester 6 Text Books
232 pages
Canon - PowerShot - SX740 - HS - Camera - User - Guide - EN
No ratings yet
Canon - PowerShot - SX740 - HS - Camera - User - Guide - EN
130 pages
Performed Through Dance Movements, Frequently With: Drama Dialogue
No ratings yet
Performed Through Dance Movements, Frequently With: Drama Dialogue
6 pages
Jain, Saurabh: Card No. 5546 XXX2 XXXX 3501
No ratings yet
Jain, Saurabh: Card No. 5546 XXX2 XXXX 3501
8 pages
Victaulic Dimensions
No ratings yet
Victaulic Dimensions
2 pages
Amarvilas Agra
No ratings yet
Amarvilas Agra
9 pages
Keif M Roberts DP Resume
No ratings yet
Keif M Roberts DP Resume
3 pages
ILA Week 6 - Noun Clause
No ratings yet
ILA Week 6 - Noun Clause
3 pages

Cisco Wireless LAN Controller Command Reference, Release 8.0

Uploaded by

Cisco Wireless LAN Controller Command Reference, Release 8.0

Uploaded by

Cisco Wireless LAN Controller Command Reference, Release 8.

Text Part Number: OL-31334-01

Cisco Systems, Inc. All rights reserved.

Using the Command-Line Interface 1

System Management Commands 7

Cisco Wireless LAN Controller Command Reference, Release 8.0

show arp switch 16

Cisco Wireless LAN Controller Command Reference, Release 8.0

show dtls connections 61

Cisco Wireless LAN Controller Command Reference, Release 8.0

show netuser guest-roles 102

Cisco Wireless LAN Controller Command Reference, Release 8.0

show rfid summary 146

Cisco Wireless LAN Controller Command Reference, Release 8.0

config 802.11 exp-bwreq 200

Cisco Wireless LAN Controller Command Reference, Release 8.0

config custom-web radiusauth 240

Cisco Wireless LAN Controller Command Reference, Release 8.0

config mdns profile 285

Cisco Wireless LAN Controller Command Reference, Release 8.0

config network ap-fallback 328

Cisco Wireless LAN Controller Command Reference, Release 8.0

config network webmode 364

Cisco Wireless LAN Controller Command Reference, Release 8.0

config snmp engineID 406

Cisco Wireless LAN Controller Command Reference, Release 8.0

config 802.11 cac voice tspec-inactivity-timeout 449

Cisco Wireless LAN Controller Command Reference, Release 8.0

clear nmsp statistics 491

Cisco Wireless LAN Controller Command Reference, Release 8.0

transfer download username 526

Cisco Wireless LAN Controller Command Reference, Release 8.0

debug dhcp 560

Cisco Wireless LAN Controller Command Reference, Release 8.0

Ports and Interfaces Commands 605

CLI Commands 607

Cisco Wireless LAN Controller Command Reference, Release 8.0

config interface vlan 644

VideoStream Commands 677

CLI Commands 679

Cisco Wireless LAN Controller Command Reference, Release 8.0

show 802.11 680

Cisco Wireless LAN Controller Command Reference, Release 8.0

Security Commands 735

CLI Commands 737

Cisco Wireless LAN Controller Command Reference, Release 8.0

show radius acct statistics 780

Cisco Wireless LAN Controller Command Reference, Release 8.0

show wps signature events 826

Cisco Wireless LAN Controller Command Reference, Release 8.0

config netuser add 876

Cisco Wireless LAN Controller Command Reference, Release 8.0

config radius aggressive-failover disabled 918

Cisco Wireless LAN Controller Command Reference, Release 8.0

config wlan security eap-params 976

Cisco Wireless LAN Controller Command Reference, Release 8.0

debug web-auth 1018

WLAN Commands 1023

CLI Commands 1025

Cisco Wireless LAN Controller Command Reference, Release 8.0

show ipv6 acl detailed 1061

Cisco Wireless LAN Controller Command Reference, Release 8.0

config ipv6 disable 1110

Cisco Wireless LAN Controller Command Reference, Release 8.0

config rf-profile load-balancing 1154

Cisco Wireless LAN Controller Command Reference, Release 8.0

config wlan flow 1198

Cisco Wireless LAN Controller Command Reference, Release 8.0

config wlan multicast buffer 1238

Cisco Wireless LAN Controller Command Reference, Release 8.0

config wlan security IPsec ike contivity 1277

Cisco Wireless LAN Controller Command Reference, Release 8.0

config wlan uapsd compliant client enable 1314

Lightweight Access Point Commands 1337

CLI Commands 1339

Cisco Wireless LAN Controller Command Reference, Release 8.0