The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
show Commands
To view the details of APs in FlexConnect mode, use the show ap flexconnect command.
show ap flexconnect module-vlan ap-name
module-vlan |
Displays the status of FlexConnect local switching and VLAN ID value |
ap-name |
Cisco AP name |
Release | Modification |
---|---|
8.3 | This command was introduced. |
To display the list of clients associated with an access point and their SSIDs, use the show capwap reap association command.
show capwap reap association
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to display clients associated to an access point and their SSIDs:
(Cisco Controller) >show capwap reap association
To display the status of the FlexConnect access point (connected or standalone), use the show capwap reap status command.
show capwap reap status
None
Release | Modification |
---|---|
8.3 | This command was introduced. |
The command shows only the VLAN when configured as AP-specific.
The following example shows how to display the status of the FlexConnect access point:
(Cisco Controller) >show capwap reap status
To display a detailed summary of FlexConnect access control lists, use the show flexconnect acl detailed command.
show flexconnect acl detailed acl-name
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to display the FlexConnect detailed ACLs:
(Cisco Controller) >show flexconnect acl detailed acl-2
To display a summary of all access control lists on FlexConnect access points, use the show flexconnect acl summary command.
show flexconnect acl summary
None
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to display the FlexConnect ACL summary:
(Cisco Controller) >show flexconnect acl summary ACL Name Status -------------------------------- ------- acl1 Modified acl10 Modified acl100 Modified acl101 Modified acl102 Modified acl103 Modified acl104 Modified acl105 Modified acl106 Modified
To display details of a FlexConnect group, use the show flexconnect group detail command.
show flexconnect group detail group_name [ module-vlan | aps]
module-vlan |
Displays status of the FlexConnect local switching and VLAN ID in the group |
aps |
Displays list of APs that are part of the FlexConnect group |
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to display the detailed information for a specific FlexConnect group:
(Cisco Controller) >show flexconnect group detail myflexgroup Number of Ap’s in Group: 1 00:0a:b8:3b:0b:c2 AP1200 Joined Group Radius Auth Servers: Primary Server Index ..................... Disabled Secondary Server Index ................... Disabled
To display the current list of FlexConnect groups, use the show flexconnect group summary command.
show flexconnect group summary
None
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to display the current list of FlexConnect groups:
(Cisco Controller) >show flexconnect group summary flexconnect Group Summary: Count 1 Group Name # APs Group 1 1
config Commands
To configure a policy ACL on a FlexConnect access point, use the config ap flexconnect policy command.
config ap flexconnect policy { add | delete} acl_name
add |
Adds a policy ACL on a FlexConnect access point. |
deletes |
Deletes a policy ACL on a FlexConnect access point. |
acl_name |
Name of the ACL. |
None
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to add a policy ACL on a FlexConnect access point:
(Cisco Controller) >config ap flexconnect policy add acl1
To enable or disable VLAN tagging for a FlexConnect access, use the config ap flexconnect vlan command.
config ap flexconnect vlan { enable | disable} cisco_ap
Disabled. Once enabled, WLANs enabled for local switching inherit the VLAN assigned at the Cisco WLC.
Release | Modification |
---|---|
8.3 | This command was introduced. |
This example shows how to enable the access point’s VLAN tagging for a FlexConnect access:
(Cisco Controller) >config ap flexconnect vlan enable AP02
To add a VLAN to a FlexConnect access point, use the config ap flexconnect vlan add command.
config ap flexconnect vlan add vlan-id acl in-acl out-acl cisco_ap
Inbound ACL name that contains up to 32 alphanumeric characters. |
|
Outbound ACL name that contains up to 32 alphanumeric characters. |
|
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to configure the FlexConnect access point:
(Cisco Controller) >config ap flexconnect vlan add 21 acl inacl1 outacl1 ap1
To configure a native VLAN for a FlexConnect access point, use the config ap flexconnect vlan native command.
config ap flexconnect vlan native vlan-id cisco_ap
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to configure a native VLAN for a FlexConnect access point mode:
(Cisco Controller) >config ap flexconnect vlan native 6 AP02
To assign a VLAN ID to a FlexConnect access point, use the config ap flexconnect vlan wlan command.
config ap flexconnect vlan wlan wlan-id vlan-id cisco_ap
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to assign a VLAN ID to a FlexConnect access point:
(Cisco Controller) >config ap flexconnect vlan wlan 192.12.12.1 6 AP02
To configure a FlexConnect ACL for external web authentication in locally switched WLANs, use the config ap flexconnect web-auth command.
config ap flexconnect web-auth wlan wlan_id cisco_ap acl_name { enable | disable }
wlan |
Specifies the wireless LAN to be configured with a FlexConnect ACL. |
wlan_id |
Wireless LAN identifier between 1 and 512 (inclusive). |
cisco_ap |
Name of the FlexConnect access point. |
acl_name |
Name of the FlexConnect ACL. |
enable |
Enables the FlexConnect ACL on the locally switched wireless LAN. |
disable |
Disables the FlexConnect ACL on the locally switched wireless LAN. |
FlexConnect ACL for external web authentication in locally switched WLANs is disabled.
Release | Modification |
---|---|
8.3 | This command was introduced. |
The FlexConnect ACLs that are specific to an AP have the highest priority. The FlexConnect ACLs that are specific to WLANs have the lowest priority.
The following example shows how to enable FlexConnect ACL for external web authentication on WLAN 6:
(Cisco Controller) >config ap flexconnect web-auth wlan 6 AP2 flexacl2 enable
To configure a Web Policy FlexConnect ACL on an access point, use the config ap flexconnect web-policy acl command.
config ap flexconnect web-policy acl { add | delete} acl_name
add |
Adds a Web Policy FlexConnect ACL on an access point. |
delete |
Deletes Web Policy FlexConnect ACL on an access point. |
acl_name |
Name of the Web Policy FlexConnect ACL. |
None
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to add a Web Policy FlexConnect ACL on an access point:
(Cisco Controller) >config ap flexconnect web-policy acl add flexacl2
To configure a FlexConnect access point in a locally switched WLAN, use the config ap flexconnect wlan command.
config ap flexconnect wlan l2acl { add wlan_id cisco_ap acl_name | delete wlan_id cisco_ap}
add |
Adds a Layer 2 ACL to the FlexConnect access point. |
wlan_id |
Wireless LAN identifier from 1 to 512. |
cisco_ap |
Name of the Cisco lightweight access point. |
acl_name |
Layer 2 ACL name. The name can be up to 32 alphanumeric characters. |
delete |
Deletes a Layer 2 ACL from the FlexConnect access point. |
None
Release | Modification |
---|---|
8.3 | This command was introduced. |
You can create a maximum of 16 rules for a Layer 2 ACL.
You can create a maximum of 64 Layer 2 ACLs on a Cisco WLC.
A maximum of 16 Layer 2 ACLs are supported per AP because an AP supports a maximum of 16 WLANs.
Ensure that the Layer 2 ACL names do not conflict with the FlexConnect ACL names because an AP does not support the same Layer 2 and Layer 3 ACL names.
The following example shows how to configure a Layer 2 ACL on a FlexConnect AP.
(Cisco Controller) >config ap flexconnect wlan add 1 AP1600_1 acl_l2_1
To apply access control lists that are configured on a FlexConnect access point, use the config flexconnect acl command.
config flexconnect acl { apply | create | delete} acl_name
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to apply the ACL configured on a FlexConnect access point:
(Cisco Controller) >config flexconnect acl apply acl1
To configure access control list (ACL) rules on a FlexConnect access point, use the config flexconnect acl rule command.
config flexconnect aclrule { action rule_name rule_index { permit | deny} | add rule_name rule_index | change index rule_name old_index new_index | delete rule_name rule_index | destination address rule_name rule_index ip_address netmask | destination port range rule_name rule_index start_port end_port | direction rule_name rule_index { in | out | any} | dscp rule_name rule_index dscp | protocol rule_name rule_index protocol | source address rule_name rule_index ip_address netmask | source port range rule_name rule_index start_port end_port | swap index rule_name index_1 index_2}
Release | Modification |
---|---|
8.3 | This command was introduced. |
This example shows how to configure an ACL to permit access:
(Cisco Controller) >config flexconnect acl rule action lab1 4 permit
config flexconnect arp-caching { enable } disable}
arp-caching enable |
Instructs the access point to save the ARP entry for a client in the cache and reply on its behalf of the client for locally switched WLAN. |
arp-caching disable |
Disables ARP caching. |
None
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to apply the proxy ARP with locally switched WLAN on FlexConnect APs.
(Cisco Controller) >config flexconnect arp-caching enable
To configure VLAN for a FlexConnect group, use the config flexconnect group vlan command.
config flexconnect group group_name vlan { add vlan-id acl in-aclname out-aclname | delete vlan-id}
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to add VLAN ID 1 for the FlexConnect group myflexacl where the in-bound ACL name is in-acl and the out-bound ACL is out-acl:
(Cisco Controller) >config flexconnect group vlan myflexacl vlan add 1 acl in-acl out-acl
To configure Web-Auth ACL for a FlexConnect group, use the config flexconnect group web-auth command.
config flexconnect group group_name web-auth wlan wlan-id acl acl-name { enable | disable}
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to enable Web-Auth ACL webauthacl for the FlexConnect group myflexacl on WLAN ID 1:
(Cisco Controller) >config flexconnect group myflexacl web-auth wlan 1 acl webauthacl enable
To configure Web Policy ACL for a FlexConnect group, use the config flexconnect group web-policy command.
config flexconnect group group_name web-policy acl { add | delete} acl-name
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to add the Web Policy ACL mywebpolicyacl to the FlexConnect group myflexacl:
(Cisco Controller) >config flexconnect group myflexacl web-policy acl add mywebpolicyacl
To enable or disable the access point to choose the controller with the least latency when joining, use the config flexconnect join min-latency command.
config flexconnect join min-latency { enable | disable} cisco_ap
Enables the access point to choose the controller with the least latency when joining. |
|
Disables the access point to choose the controller with the least latency when joining. |
|
The access point cannot choose the controller with the least latency when joining.
Release | Modification |
---|---|
8.3 | This command was introduced. |
When you enable this feature, the access point calculates the time between the discovery request and discovery response and joins the controller that responds first.
This configuration overrides the HA setting on the controller, and is applicable only for OEAP access points.
The following example shows how to enable the access point to choose the controller with the least latency when joining:
(Cisco Controller) >config flexconnect join min-latency enable CISCO_AP
debug Commands
To configure the debugging of Control and Provisioning of Wireless Access Points (CAPWAP) settings on a FlexConnect access point, use the debug capwap reap command.
debug capwap reap [ mgmt | load]
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to configure the debugging of FlexConnect client authentication and association messages:
(Cisco Controller) >debug capwap reap mgmt
To configure debugging of 802.11 management interface events, use the debug dot11 mgmt interface command.
debug dot11 mgmt interface
None
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to debug 802.11 management interface events:
(Cisco Controller) >debug dot11 mgmt interface
To configure debugging of 802.11 management messages, use the debug dot11 mgmt msg command.
debug dot11 mgmt msg
None
Release | Modification |
---|---|
8.3 | This command was introduced. |
This example shows how to debug dot11 management messages:
(Cisco Controller) >debug dot11 mgmt msg
To configure debugging of 802.11 SSID management events, use the debug dot11 mgmt ssid command.
debug dot11 mgmt ssid
None
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to configure the debugging of 802.11 SSID management events:
(Cisco Controller) >debug dot11 mgmt ssid
To configure debugging of the 802.11 state machine, use the debug dot11 mgmt state-machine command.
debug dot11 mgmt state-machine
None
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to configure the debugging of 802.11 state machine:
(Cisco Controller) >debug dot11 mgmt state-machine
To configure the debugging of the management station settings, use the debug dot11 mgmt station command.
debug dot11 mgmt station
None
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to configure the debugging of the management station settings:
(Cisco Controller) >debug dot11 mgmt station
To configure debugging of FlexConnect backup RADIUS server events or errors, use the debug flexconnect aaa command.
debug flexconnect aaa { event | error} { enable | disable}
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to enable the debugging of FlexConnect RADIUS server events:
(Cisco Controller) >debug flexconnect aaa event enable
Configures debugging of FlexConnect access control lists (ACLs), use the debug flexconnect acl command.
debug flexconnect acl { enable | disable}
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to enable the debugging of FlexConnect ACLs:
(Cisco Controller) >debug flexconnect acl enable
Configure debugging of FlexConnect Cisco Centralized Key Management (CCKM) fast roaming, use the debug flexconnect cckm command.
debug flexconnect cckm { enable | disable}
Enables the debugging of FlexConnect CCKM fast roaming settings. |
|
Disables the debugging of FlexConnect CCKM fast roaming settings. |
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to enable the debugging of FlexConnect CCKM fast roaming events:
(Cisco Controller) >debug flexconnect cckm event enable
To debug FlexConnect client access point MAC addresses, use the debug flexconnect client ap command.
debug flexconnect client ap ap-name { add | delete} MAC-address1 MAC-address2 MAC-address3 MAC-address4
add |
Adds the MAC address to the group. |
delete |
Deletes the MAC address from the group. |
MAC-address |
MAC address of the client |
None
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to debug FlexConnect client ap 'room' MAC addresses:
(Cisco Controller) >debug flexconnect client ap room add 00.0c.41.07.33.a6 0A.0c.52.17.97.b6
To configure debug logging of the syslog server for a FlexConnect client AP, use the debug flexconnect client ap command.
debug flexconnect client ap ap-name syslog { ip-address | disable}
ip-address |
Configures the syslog server ip-address for debug logging. |
disable |
Disables the debug logging to the syslog server. |
None
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to configure syslog server for debug log for the FlexConnect client AP 'room':
(Cisco Controller) >debug flexconnect client ap room syslog 192.168.1.1
To debug FlexConnect client group MAC addresses, use the debug flexconnect client group command.
debug flexconnect client group group-name { add | delete} MAC-address1 MAC-address2 MAC-address3 MAC-address4
add |
Adds the MAC address to the group. |
delete |
Deletes the MAC address from the group. |
MAC-address |
MAC address of the client. |
None
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to debug FlexConnect client group MAC addresses:
(Cisco Controller) >debug flexconnect client group school add 00.0c.41.07.33.a6 0A.0c.52.17.97.b6
To debug FlexConnect group access point syslog, use the debug flexconnect client group command.
debug flexconnect client group group-name syslog ip-address | disable
ip-address |
Configures the syslog server ip-address for debug logging. |
disable |
Disables the debug logging to the syslog server. |
None
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to configure FlexConnect client group 'school' for debug logging purposes:
(Cisco Controller) >debug flexconnect client group school syslog 192.168.1.1
To configure debugging of FlexConnect access point groups, use the debug flexconnect group command.
debug flexconnect group { enable | disable}
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to enable the debugging of FlexConnect access point groups:
(Cisco Controller) >debug flexconnect group enable
To configure debugging of the access policy manager, use the debug pem command.
debug pem { events | state} { enable | disable}
Configures the debugging of the policy manager state machine. |
|
Release | Modification |
---|---|
8.3 | This command was introduced. |
The following example shows how to enable the debugging of the access policy manager:
(Cisco Controller) >debug pem state enable