CLI Commands
ErrorMessage : Error while constructing the Hinav

null
Downloads: This chapterpdf (PDF - 838.0KB) | Feedback

CLI Commands

Contents

CLI Commands

The Cisco Wireless LAN solution command-line interface (CLI) enables operators to connect an ASCII console to the Cisco Wireless LAN Controller and configure the controller and its associated access points.

Show Commands

show capwap reap association

To display the list of clients associated to an access point and their Service Set Identifiers (SSIDs), use the show capwap reap association command.

show capwap reap association

Syntax Description

This command has no arguments or keywords.

Examples

This example shows how to display clients associated to an access point and their SSIDs:


         
         
> show capwap reap association

Related Commands

config flexconnect group

show capwap reap status

show capwap reap status

To display the status of the FlexConnect access point (connected or standalone), use the show capwap reap status command.

show capwap reap status

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display the status of the FlexConnect access point:


         
         
> show capwap reap status

Related Commands

config flexconnect group

show capwap reap association

show flexconnect acl detailed

To display a detailed summary of FlexConnect access control lists, use the show flexconnect acl detailed command.

show flexconnect acl detailed acl-name

Syntax Description

acl-name

Name of the access control list.

Command Default

None.

Examples

This example shows how to display the FlexConnect detailed ACLs:

> show flexconnect acl detailed acl-2

show flexconnect acl summary

To display a summary of all access control lists on FlexConnect access points, use the show flexconnect acl summary command.

show flexconnect acl summary

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display the flexconnect acl summary:


         
         
> show flexconnect acl summary
ACL Name                         Status
-------------------------------- -------
acl1                            Modified
acl10                           Modified
acl100                          Modified
acl101                          Modified
acl102                          Modified
acl103                          Modified
acl104                          Modified
acl105                          Modified
acl106                          Modified

show flexconnect group detail

To display the details for a specific FlexConnect group, use the show flexconnect group detail command.

show flexconnect group detail group_name

Syntax Description

group_name

IP address of the FlexConnect group.

Command Default

None.

Examples

This example shows how to display the detailed information for a specific FlexConnect group:


         
         
> show flexconnect group detail 192.12.1.2
Number of Ap’s in Group: 	1
00:0a:b8:3b:0b:c2 	 AP1200 	 	Joined
Group Radius Auth Servers:
	Primary Server Index ..................... Disabled
	Secondary Server Index ................... Disabled

Related Commands

config flexconnect group

config flexconnect group summary

show flexconnect group summary

To display the current list of FlexConnect groups, use the show flexconnect group summary command.

show flexconnect group summary

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to display the current list of FlexConnect groups:


         
         
> show flexconnect group summary
flexconnect Group Summary: 	Count 1
Group Name	 				 	# APs
Group 1 						1

Related Commands

config flexconnect group

config flexconnect group detail

show flexconnect office-extend

To display FlexConnect OfficeExtend access point information, use the show flexconnect office-extend command.

show flexconnect office-extend { summary | latency}

Syntax Description

summary

Displays a list of all OfficeExtend access points.

latency

Displays the link delay for OfficeExtend access points.

Command Default

None.

Examples

This example shows how to display information about the list of FlexConnect officeExtend access points:


         
         
> show flexconnect office-extend summary
Summary of OfficeExtend AP
AP Name            Ethernet MAC       Encryption  Join-Mode   Join-Time
------------------ -----------------  ----------  ----------- ----------
AP1130             00:22:90:e3:37:70   Enabled    Latency     Sun Jan 4 21:46:07 2009
AP1140             01:40:91:b5:31:70   Enabled    Latency     Sat Jan 3 19:30:25 2009


This example shows how to display the FlexConnect officeExtend access point’s link delay:


         
         
> show flexconnect office-extend latency
Summary of OfficeExtend AP link latency
AP Name              Status  Current   Maximum   Minimum
--------------------------------------------------------------------------
AP1130               Enabled 15 ms      45 ms     12 ms
AP1140               Enabled 14 ms     179 ms     12 ms

Related Commands

config flexconnect group

show flexconnect group detail

Config Commands

config ap autoconvert

To automatically convert all access points to a FlexConnect mode or monitor mode upon joining the controller, use the config ap autoconvert command:

config ap autoconvert { flexconnect | monitor | disable}

Syntax Description

flexconnect

Configures all the access points automatically to FlexConnect mode.

monitor

Configures all the access points automatically to monitor mode.

disable

Disables the autoconvert option on the access points.

Command Default

None.

Usage Guidelines

When access points in local mode connect to a Cisco 7500 Series Controller, they do not serve clients. The access point details are available in the controller. To enable access points to serve clients or perform monitoring related tasks when connected to the Cisco 7500 Series Controller, the access points must be in FlexConnect mode or monitor mode.

Examples

This example shows how to automatically convert all access points to the FlexConnect mode:


         
         
> config ap autoconvert flexconnect

This example shows how to disable the autoconvert option on the APs:


         
         
> config ap autoconvert disable

Related Commands

config ap

show ap

config ap flexconnect central-dhcp

To enable central-DHCP on a FlexConnect access point in a WLAN, use the config ap flexconnect central-dhcp command.

config ap flexconnect central-dhcp wlan_id cisco_ap [ add | delete] { enable | disable} override dns { enable | disable} nat-pat { enable | disable}

Syntax Description

wlan_id

Wireless LAN identifier from 1 to 512.

cisco_ap

Name of the Cisco lightweight access point.

add

(Optional) Adds a new WLAN DHCP mapping.

delete

(Optional) Deletes a WLAN DHCP mapping.

enable

Enables central-DHCP on a FlexConnect access point. When you enable this feature, the DHCP packets received from the access point are centrally switched to the controller and then forwarded to the corresponding VLAN based on the AP and the SSID.

disable

Disables central-DHCP on a FlexConnect access point.

override dns

Overrides the DNS server address on the interface assigned by the controller. When you override DNS in centrally switched WLANs, the clients get their DNS server IP address from the AP and not from the controller.

enable

Enables the Override DNS feature on a FlexConnect access point.

disable

Disables the Override DNS feature on a FlexConnect access point.

nat-pat

Network Address Translation (NAT) and Port Address Translation (PAT) that you can enable or disable.

enable

Enables NAT-PAT on a FlexConnect access point.

disable

Deletes NAT-PAT on a FlexConnect access point.

Command Default

None.

Examples

This example shows how to enable central-DHCP, Override DNS, and NAT-PAT on a FlexConnect access point:

> config ap flexconnect central-dhcp 1 ap1250 enable override dns enable nat-pat enable

Related Commands

config ap flexconnect local-split

config ap flexconnect web-auth wlan

config ap flexconnect web-policy acl

config ap flexconnect radius

config ap flexconnect vlan add

config ap flexconnect vlan native

config ap flexconnect vlan wlan

config ap flexconnect vlan enable

config ap flexconnect vlan disable

config ap flexconnect local-split

To configure a local-split tunnel on a FlexConnect access point, use the config ap flexconnect local-split command.

config ap flexconnect local-split wlan_id cisco_ap { enable | disable } acl acl_name

Syntax Description

wlan_id

Wireless LAN identifier between 1 and 512.

cisco_ap

Name of the FlexConnect access point.

enable

Enables local-split tunnel on a FlexConnect access point.

disable

Disables local-split tunnel feature on a FlexConnect access point.

acl

Configures a FlexConnect local-split access control list.

acl_name

Name of the FlexConnect access control list.

Command Default

None.

Usage Guidelines

This command allows you to configure a local-split tunnel in a centrally switched WLAN using a FlexConnect acl. A local split tunnel supports only for unicast Layer 4 IP traffic as NAT/PAT does not support multicast IP traffic.

Examples

This example shows how to configure a local-split tunnel using a FlexConnect acl:

> config ap flexconnect local-split 6 AP2 enable acl flex6
 

Related Commands

config ap flexconnect central-dhcp

config ap flexconnect vlan enable

config ap flexconnect web-auth

config ap flexconnect web-policy acl

config ap flexconnect radius

config ap flexconnect vlan add

config ap flexconnect vlan native

config ap flexconnect vlan wlan

config ap flexconnect vlan disable

config ap flexconnect radius auth set

To configure a primary or secondary RADIUS server for a specific FlexConnect access point, use the config ap flexconnect radius auth set command.

config ap flexconnect radius auth set { primary | secondary} ip_address auth_port secret

Syntax Description

primary

Specifies the primary RADIUS server for a specific FlexConnect access point.

secondary

Specifies the secondary RADIUS server for a specific FlexConnect access point.

ip_address

Name of the Cisco lightweight access point.

auth_port secret

Name of the port.

secret

RADIUS server secret.

Command Default

None.

Examples

This example shows how to configure a primary RADIUS server for a specific access point:


         
         > config ap flexconnect radius auth set primary 192.12.12.1

Related Commands

config ap mode flexconnect vlan

config ap flexconnect vlan wlan

config ap flexconnect vlan native

config ap flexconnect vlan

To enable or disable VLAN tagging for a FlexConnect access, use the config ap flexconnect vlan command.

config ap flexconnect vlan { enable | disable} cisco_ap

Syntax Description

enable

Enables the access point’s VLAN tagging.

disable

Disables the access point’s VLAN tagging.

cisco_ap

Name of the Cisco lightweight access point.

Command Default

Disabled. Once enabled, WLANs enabled for local switching inherit the VLAN assigned at the controller.

Examples

This example shows how to enable the access point’s VLAN tagging for a FlexConnect access:


         
         
> config ap flexconnect vlan enable AP02

Related Commands

config ap mode flexconnect

config ap flexconnect radius auth set

config ap flexconnect vlan wlan

config ap flexconnect vlan native

config ap flexconnect vlan add

To add a VLAN to a FlexConnect access point, use the config ap flexconnect vlan add command.

config ap flexconnect vlan add vlan-id acl in-acl out-acl cisco_ap

Syntax Description

vlan-id

VLAN identifier.

acl

ACL name that contains up to 32 alphanumeric characters.

in-acl

Inbound ACL name that contains up to 32 alphanumeric characters.

out-acl

Outbound ACL name that contains up to 32 alphanumeric characters.

cisco_ap

Name of the Cisco lightweight access point.

Command Default

None.

Examples

This example shows how to configure the FlexConnect access point:

> config ap flexconnect vlan add 21 acl inacl1 outacl1 ap1

Related Commands

config ap mode flexconnect

config ap flexconnect radius auth set

config ap flexconnect vlan wlan

config ap flexconnect vlan native

config ap flexconnect vlan native

To configure a native VLAN for a FlexConnect access, use the config ap flexconnect vlan native command.

config ap flexconnect vlan native vlan-id cisco_ap

Syntax Description

vlan-id

VLAN identifier.

cisco_ap

Name of the Cisco lightweight access point.

Command Default

None.

Examples

This example shows how to configure a native VLAN for a FlexConnect access point mode:


         
         
> config ap flexconnect vlan native 6 AP02

Related Commands

config ap mode flexconnect

config ap flexconnect radius auth set

config ap flexconnect vlan wlan

config ap flexconnect vlan wlan

To assign a VLAN ID to aFlexConnect access point, use the config ap flexconnect vlan wlan command.

config ap flexconnect vlan wlan ip_address vlan-id cisco_ap

Syntax Description

ip_address

Name of the Cisco lightweight access point.

vlan-id

VLAN identifier.

cisco_ap

Name of the Cisco lightweight access point.

Command Default

VLAN ID associated to the WLAN.

Examples

This example shows how to assign a VLAN ID to a FlexConnect access point:


         
         
> config ap flexconnect vlan wlan 192.12.12.1 6 AP02 

Related Commands

config ap mode flexconnect

config ap flexconnect radius auth set

config ap flexconnect vlan

config ap flexconnect vlan native

config ap flexconnect web-auth

To configure a FlexConnect ACL for external web authentication in locally switched WLANs, use the config ap flexconnect web-auth command.

config ap flexconnect web-auth wlan wlan_id cisco_ap acl_name { enable | disable }

Syntax Description

wlan

Specifies the wireless LAN to be configured with a FlexConnect ACL.

wlan_id

Wireless LAN identifier between 1 and 512 (inclusive).

cisco_ap

Name of the FlexConnect access point.

acl_name

Name of the FlexConnect ACL.

enable

Enables the FlexConnect ACL on the locally switched wireless LAN.

disable

Disables the FlexConnect ACL on the locally switched wireless LAN.

Command Default

Disabled.

Usage Guidelines

The FlexConnect ACLs that are specific to an AP have the highest priority. The FlexConnect ACLs that are specific to WLANs have the lowest priority.

Examples

This example shows how to enable FlexConnect ACL for external web authentication on WLAN 6:

> config ap flexconnect web-auth wlan 6 AP2 flexacl2 enable

Related Commands

config ap flexconnect central-dhcp

config ap flexconnect local-split

config ap flexconnect web-policy acl

config ap flexconnect radius

config ap flexconnect vlan add

config ap flexconnect vlan native

config ap flexconnect vlan wlan

config ap flexconnect vlan

config ap flexconnect web-policy acl

To configure a Web Policy FlexConnect ACL on an access point, use the config ap flexconnect web-policy acl command.

config ap flexconnect web-policy acl { add | delete} acl_name

Syntax Description

add

Adds a Web Policy FlexConnect ACL on an access point.

delete

Deletes Web Policy FlexConnect ACL on an access point.

acl_name

Name of the Web Policy FlexConnect ACL.

Command Default

None.

Examples

This example shows how to add a Web Policy FlexConnect ACL on an access point:

> config ap flexconnect web-policy acl add flexacl2

Related Commands

config ap flexconnect central-dhcp

config ap flexconnect vlan enable

config ap flexconnect local-split

config ap flexconnect web-auth

config ap flexconnect radius

config ap flexconnect vlan add

config ap flexconnect vlan native

config ap flexconnect vlan wlan

config ap flexconnect vlan disable

config flexconnect acl

To apply access control lists configured on a FlexConnect access point, use the config flexconnect acl command.

config flexconnect acl { apply | create | delete} acl_name

Syntax Description

apply

Applies an ACL to the data path.

create

Creates an ACL.

delete

Deletes an ACL.

acl_name

ACL name that contains up to 32 alphanumeric characters.

Examples

This example shows how to apply the ACL configured on a FlexConnect access point:


         
         
> config flexconnect acl apply acl1

config flexconnect acl rule

To configure access control list (ACL) rules on a FlexConnect access point, use the config flexconnect acl rule command.

config flexconnect aclrule { action rule_name rule_index { permit | deny} | 
 add rule_name rule_index | 
 change index rule_name old_index new_index | 
 delete rule_name rule_index | 
 destination address rule_name rule_index ip_address netmask | 
 destination port range rule_name rule_index start_port end_port |
 direction rule_name rule_index { in | out | any} | 
 dscp rule_name rule_index dscp | 
 protocol rule_name rule_index protocol | 
 source address rule_name rule_index ip_address netmask | 
 source port range rule_name rule_index start_port end_port |
 swap index rule_name index_1 index_2}

Syntax Description

action

Configures whether to permit or deny access.

rule_name

ACL name that contains up to 32 alphanumeric characters.

rule_index

Rule index between 1 and 32.

permit

Permits the rule action.

deny

Denies the rule action.

add

Adds a new rule.

change

Changes a rule’s index.

index

Specifies a rule index.

delete

Deletes a rule.

destination address

Configures a rule’s destination IP address and netmask.

ip_address

IP address of the rule.

netmask

Netmask of the rule.

start_port

Start port number (between 0 and 65535).

end_port

End port number (between 0 and 65535).

direction

Configures a rule’s direction to in, out, or any.

in

Configures a rule’s direction to in.

out

Configures a rule’s direction to out.

any

Configures a rule’s direction to any.

dscp

Configures a rule’s DSCP.

dscp

Number between 0 and 63, or any.

protocol

Configures a rule’s DSCP.

protocol

Number between 0 and 255, or any.

source address

Configures a rule’s source IP address and netmask.

source port range

Configures a rule’s source port range.

swap

Swaps two rules’ indices.

index_1

The rule first index to swap.

index_2

The rule index to swap the first index with.

Command Default

None.

Examples

This example shows how to configure an ACL to permit access:


         
         > config flexconnect acl rule action lab1 4 permit

Related Commands

config flexconnect acl

show flexconnect acl summary

show flexconnect group detail

config flexconnect group

To add, delete, or configure a FlexConnect group, use the config flexconnect group command.

config flexconnect group group_name 
{ add | delete | ap { add | delete} ap-mac | radius { ap { authority { id hex_id | info auth_info} | disable | eap-fast { enable | disable} | enable | leap { enable | disable} | pac-timeout timeout | server-key { auto | key} | user { add { username password} | delete username}}} | server auth { add | delete} { primary | secondary} IP_address auth_port secret} | predownload { disable | enable} | master ap_name | slave { retry-count max_count | ap-name cisco_ap} | start { primary backup abort} | local-split { wlan wlan_id acl acl_name { enable | disable}} | multicast overridden-interface { enable | disable} | vlan { add vlan_id acl in-aclname out-aclname | delete vlan_id } | web-auth wlan wlan_id acl acl_name { enable | disable} | web-policy acl { add | delete} acl_name}

Syntax Description

group_name

Group name.

add

Adds a FlexConnect group.

delete

Deletes a FlexConnect group.

ap

Adds or deletes an access point to a FlexConnect group.

add

Adds an access point to a FlexConnect group.

delete

Deletes an access point to a FlexConnect group.

ap_mac

MAC address of the access point.

radius

Configures the RADIUS server for client authentication for a FlexConnect group.

ap

Configures an access point based RADIUS server for client authentication for a FlexConnect group.

authority

Configures the Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) authority parameters.

id

Configures the authority identifier of the local EAP-FAST server.

hex_id

Authority identifier of the local EAP-FAST server in hexadecimal characters. You can enter up to 32 hexadecimal even number of characters.

info

Configures the authority identifier of the local EAP-FAST server in text format.

auth_info

Authority identifier of the local EAP-FAST server in text format.

disable

Disables an AP based RADIUS server.

eap-fast

Enables or disables Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) authentication.

enable

Enables EAP-FAST authentication.

disable

Disables EAP-FAST authentication.

enable

Enables AP based RADIUS Server.

leap

Enables or disables Lightweight Extensible Authentication Protocol (LEAP) authentication.

disable

Disables LEAP authentication.

enable

Enables LEAP authentication.

pac-timeout

Configures the EAP-FAST Protected Access Credential (PAC) timeout parameters.

timeout

PAC timeout in days. The range is from 2 to 4095. A value of 0 indicates that it is disabled.

server-key

Configures the EAP-FAST server key. The server key is used to encrypt and decrypt PACs.

auto

Automatically generates a random server key.

key

Key that disables efficient upgrade for a FlexConnect group.

user

Manages the user list at the AP-based RADIUS server.

add

Adds a user. You can configure a maximum of 100 users.

username

Username that is case-sensitive and alphanumeric and can be up to 24 characters.

password

Password of the user.

delete

Deletes a user.

server

Configures an external RADIUS server.

add

Adds an external RADIUS server.

delete

Deletes an external RADIUS server.

primary

Configures an external primary RADIUS server.

secondary

Configures an external secondary RADIUS server.

   

IP_address

IP address of the RADIUS server.

auth_port

Port address of the RADIUS server.

secret

Index of the RADIUS server.

predownload

Configures an efficient AP upgrade for the FlexConnect group. You can download an upgrade image to the access point from the controller without resetting the access point or losing network connectivity.

disable

Disables an efficient upgrade for a FlexConnect group.

enable

Enables an efficient upgrade for a FlexConnect group.

master

Manually designates an access point in the FlexConnect group as the master AP.

ap_name

Access point name.

slave

Manually designates an access point in the FlexConnect group as the slave AP.

retry-count

Configures the number of times the slave access point tries to predownload an image from the master.

max_count

Maximum number of times the slave access point tries to predownload an image from the master.

ap_name

Override the manually configured master.

cisco_ap

Name of the master access point.

start

Starts the predownload image upgrade for the FlexConnect group.

primary

Starts the predownload primary image upgrade for the FlexConnect group.

backup

Starts the predownload backup image upgrade for the FlexConnect group.

abort

Aborts the predownload image upgrade for the FlexConnect group.

local-split

Configures a local-split ACL on a FlexConnect AP group per WLAN.

wlan

Configures a WLAN for a local split ACL on a FlexConnect AP group.

wlan_id

Wireless LAN identifier between 1 and 512 (inclusive).

acl

Configures a local split ACL on a FlexConnect AP group per WLAN.

acl_name

Name of the local split ACL.

enable

Enables the local split ACL on the FlexConnect AP group.

disable

Disables the local split ACL on a FlexConnect AP group.

multicast overridden-interface

Configures multicast across the Layer 2 broadcast domain on the overridden interface for locally switched clients.

disable

Disables multicast across the Layer 2 broadcast domain on the overridden interface for locally switched clients.

enable

Enables multicast across the Layer 2 broadcast domain on the overridden interface for locally switched clients.

vlan

Configures a VLAN to the FlexConnect group.

add

Adds a VLAN to the FlexConnect group.

vlan_id

VLAN identifier.

acl

Configures the ingress and egress ACLs.

in-acl

Inbound ACL name that contains up to 32 alphanumeric characters.

out-acl

Outbound ACL name that contains up to 32 alphanumeric characters.

delete

Deletes a VLAN from the FlexConnect group.

web-auth

Configures a FlexConnect ACL for external web authentication.

wlan

Specifies the wireless LAN to be configured with a FlexConnect ACL.

wlan_id

Wireless LAN identifier between 1 and 512 (inclusive).

cisco_ap

Name of the FlexConnect access point.

acl

Configures a FlexConnect ACLs.

acl_name

Name of the FlexConnect ACL.

enable

Enables the FlexConnect ACL on the locally switched wireless LAN.

disable

Disables the FlexConnect ACL on the locally switched wireless LAN.

web-policy

Configures a web policy FlexConnect ACL.

add

Adds a web policy FlexConnect ACL to the FlexConnect group.

delete

Deletes a web policy FlexConnect ACL from the FlexConnect group

acl_name

Name of the Web Policy FlexConnect ACL.

Command Default

None.

Usage Guidelines

You can add up to 100 clients.

Beginning in Release 7.4 and later releases, the supported maximum number of RADIUS servers is 100.

Examples

This example shows how to add a FlexConnect group for MAC address 192.12.1.2:


         
         > config flexconnect group 192.12.1.2 add


This example shows how to add a RADIUS server as a primary server for a FlexConnect group with the server index number 1:


         
         > config flexconnect group 192.12.1.2 radius server add primary 1

This example shows how to enable a local split ACL on a FlexConnect AP group for a WLAN:

> config flexconnect group flexgroup1 local-split wlan 1 acl flexacl1 enable

Related Commands

config ap mode

config flexconnect join min-latency

config flexconnect office-extend

debug flexconnect group

show flexconnect group detail

show flexconnect group summary

config flexconnect group vlan

To configure VLAN for a FlexConnect group, use the config flexconnect group vlan command.

config flexconnect group group_name vlan { add vlan-id acl in-aclname out-aclname | delete vlan-id}

Syntax Description

group_name

FlexConnect group name.

add

Adds a VLAN for the FlexConnect group.

vlan-id

VLAN ID.

acl

Specifies an access control list.

in-aclname

In-bound ACL name.

out-aclname

Out-bound ACL name.

delete

Deletes a VLAN from the FlexConnect group.

Examples

This example shows how to add VLAN ID 1 for the FlexConnect group myflexacl where the in-bound ACL name is in-acl and the out-bound ACL is out-acl:


         
         > config flexconnect group vlan myflexacl vlan add 1 acl in-acl out-acl

Related Commands

debug flexconnect group

show flexconnect group detail

show flexconnect group summary

config flexconnect group web-auth

To configure Web-Auth ACL for a FlexConnect group, use the config flexconnect group web-auth command.

config flexconnect group group_name web-auth wlan wlan-id acl acl-name { enable | disable}

Syntax Description

group_name

FlexConnect group name.

wlan-id

WLAN ID.

acl-name

ACL name.

enable

Enables the Web-Auth ACL for a FlexConnect group.

disable

Disables the Web-Auth ACL for a FlexConnect group.

Examples

This example shows how to enable Web-Auth ACL webauthacl for the FlexConnect group myflexacl on WLAN ID 1:


         
         > config flexconnect group myflexacl web-auth wlan 1 acl webauthacl enable

Related Commands

debug flexconnect group

show flexconnect group detail

show flexconnect group summary

config flexconnect group web-policy

To configure Web Policy ACL for a FlexConnect group, use the config flexconnect group web-policy command.

config flexconnect group group_name web-policy acl { add | delete} acl-name

Syntax Description

group_name

FlexConnect group name.

add

Adds the Web Policy ACL.

delete

Deletes the Web Policy ACL.

acl-name

Name of the Web Policy ACL.

Examples

This example shows how to add the Web Policy ACL mywebpolicyacl to the FlexConnect group myflexacl:


         
         > config flexconnect group myflexacl web-policy acl add mywebpolicyacl

Related Commands

debug flexconnect group

show flexconnect group detail

show flexconnect group summary

config flexconnect join min-latency

To enable or disable the access point to choose the controller with the least latency when joining, use the config flexconnect join min-latency command.

config flexconnect join min-latency { enable | disable} cisco_ap

Syntax Description

enable

Enables the access point to choose the controller with the least latency when joining.

disable

Disables the access point to choose the controller with the least latency when joining.

cisco_ap

Cisco lightweight access point.

Command Default

The default value is disabled.

Usage Guidelines

When you enable this feature, the access point calculates the time between the discovery request and discovery response and joins the Cisco 5500 Series Controller that responds first.

Examples

This example shows how to enable the access point to choose the controller with the least latency when joining:


         
         > config flexconnect join min-latency enable CISCO_AP

Related Commands

config ap mode

config flexconnect group

config flexconnect office-extend

config flexconnect office-extend

To configure an OfficeExtend access point, use the config flexconnect office-extend command.

config flexconnect office-extend {{ enable | disable} cisco_ap | clear-personalssid-config cisco_ap}

Syntax Description

enable

Enables the OfficeExtend mode for an access point.

disable

Disables the OfficeExtend mode for an access point.

clear-personalssid-config

Clears only the access point’s personal SSID.

cisco_ap

Cisco lightweight access point.

Command Default

OfficeExtend mode is enabled automatically when you enable FlexConnect mode on the access point.

Usage Guidelines

Currently, only Cisco Aironet 1130 series and 1140 series access points that are joined to a Cisco 5500 Series Controller with a WPlus license can be configured to operate as OfficeExtend access points.

Rogue detection is disabled automatically when you enable the OfficeExtend mode for an access point. OfficeExtend access points, which are deployed in a home environment, are likely to detect a large number of rogue devices. You can enable or disable rogue detection for a specific access point or for all access points by using the config rogue detection command.

DTLS data encryption is enabled automatically when you enable the OfficeExtend mode for an access point. However, you can enable or disable DTLS data encryption for a specific access point or for all access points by using the config ap link-encryption command.

Telnet and SSH access are disabled automatically when you enable the OfficeExtend mode for an access point. However, you can enable or disable Telnet or SSH access for a specific access point by using the config ap telnet or config ap ssh command.

Link latency is enabled automatically when you enable the OfficeExtend mode for an access point. However, you can enable or disable link latency for a specific access point or for all access points currently associated to the controller by using the config ap link-latency command.

Examples

This example shows how to enable the office-extend mode for the access point Cisco_ap:


         
         > config flexconnect office-extend enable Cisco_ap

This example shows how to clear only the access point’s personal SSID for the access point Cisco_ap:


         
         > config flexconnect office-extend clear-personalssid-config Cisco_ap

Related Commands

show flexconnect group detail

show flexconnect group summary

debug flexconnect group

config wlan flexconnect ap-auth

To configure local authentication of clients associated with FlexConnect on a locally switched WLAN, use the config wlan flexconnect ap-auth command.

config wlan flexconnect ap-auth wlan_id { enable | disable}

Syntax Description

ap-auth

Configures local authentication of clients associated with an FlexConnect on a locally switched WLAN.

wlan_id

Wireless LAN identifier between 1 and 512.

enable

Enables AP authentication on a WLAN.

disable

Disables AP authentication on a WLAN.

Command Default

None.

Usage Guidelines

Local switching must be enabled on the WLAN where you want to configure local authentication of clients associated with FlexConnect.

Examples

This example shows how to enable authentication of clients associated with FlexConnect on a specified WLAN:


         
         
> config wlan flexconnect ap-auth 6 enable

Related Commands

config wlan flexconnect local-switching

show wlan

config wlan flexconnect learn-ipaddr

To enable or disable client IP address learning for the Cisco WLAN controller, use the config wlan flexconnect learn-ipaddr command.

config wlan flexconnect learn-ipaddr wlan_id { enable | disable}

Syntax Description

wlan_id

Wireless LAN identifier between 1 and 512.

enable

Enables client IP address learning on a wireless LAN.

disable

Disables client IP address learning on a wireless LAN.

Command Default

Disabled when the config wlan flexconnect local-switching command is disabled. 
Enabled when the config wlan flexconnect local-switching command is enabled.

Usage Guidelines

If the client is configured with Layer 2 encryption, the controller cannot learn the client IP address, and the controller will periodically drop the client. Disable this option to keep the client connection without waiting to learn the client IP address.


Note


The ability to disable IP address learning is not supported with FlexConnect central switching.


Examples

This example shows how to disable client IP address learning for WLAN 6:


         
         
> config wlan flexconnect learn-ipaddr disable 6

Related Commands

config wlan flexconnect local-switching

show wlan

config wlan flexconnect local-switching

To configure local switching, central DHCP, NAT-PAT, or, override DNS option on a FlexConnect WLAN, use the config wlan flexconnect local switching command.

config wlan flexconnect local switching wlan_id { enable | disable} { { central-dhcp { enable | disable} nat-pat { enable | disable} } | { override option dns { enable | disable} } }

Syntax Description

wlan_id

Wireless LAN identifier between 1 and 512.

enable

Enables local switching on a FlexConnect WLAN.

disable

Disables local switching on a FlexConnect WLAN.

central-dhcp

Configures central switching of DHCP packets on the local switching FlexConnect WLAN. When you enable this feature, the DHCP packets received from AP are centrally switched to the controller and forwarded to the corresponding VLAN based on the AP and the SSID.

enable

Enables central DHCP on a FlexConnect WLAN.

disable

Disables central DHCP on a FlexConnect WLAN.

nat-pat

Configures Network Address Translation (NAT) and Port Address Translation (PAT) on the local switching FlexConnect WLAN.

enable

Enables NAT-PAT on the FlexConnect WLAN.

disable

Disables NAT-PAT on the FlexConnect WLAN.

override

Specifies the DHCP override options on the FlexConnect WLAN.

option dns

Specifies the override DNS option on the FlexConnect WLAN. When you override this option, the clients get their DNS server IP address from the AP, not from the controller.

enable

Enables the override DNS option on the FlexConnect WLAN.

disable

Disables the override DNS option on the FlexConnect WLAN.

Command Default

Disabled.

Usage Guidelines

When you enable the config wlan flexconnect local-switching command, the config wlan flexconnect learn-ipaddr command is enabled by default.


Note


The ability to disable IP address learning is not supported with FlexConnect central switching.


Examples

This example shows how to enable WLAN 6 for local switching and enable central DHCP and NAT-PAT:


         
         
> config wlan flexconnect local-switching 6 enable central-dhcp enable nat-pat enable

This example shows how to enable the override DNS option on WLAN 6:

> config wlan flexconnect local-switching 6 override option dns enable

Related Commands

config wlan flexconnect learn-ipaddr

config wlan flexconnect vlan-central-switching

config wlan flexconnect ap-auth

show wlan

config wlan flexconnect vlan-central-switching

To configure central switching on a locally switched WLAN, use the config wlan flexconnect vlan-central-switching command.

config wlan flexconnect vlan-central-switching wlan_id { enable | disable }

Syntax Description

wlan_id

Wireless LAN identifier between 1 and 512.

enable

Enables central switching on a locally switched wireless LAN.

disable

Disables central switching on a locally switched wireless LAN.

Command Default

Disabled.

Usage Guidelines

You must enable Flexconnect local switching to enable VLAN central switching. When you enable WLAN central switching, the access point bridges the traffic locally if the WLAN is configured on the local IEEE 802.1q link. If the VLAN is not configured on the Access point, the AP will tunnel the traffic back to the controller and the controller bridges the traffic to the corresponding VLAN.

WLAN central switching does not support:

  • FlexConnect Local Authentication.
  • L3 roaming of local switching client.

Examples

This example shows how to enable WLAN 6 for central switching:

> config wlan flexconnect vlan-central-switching 6 enable

Related Commands

config wlan flexconnect local-switching

show wlan

Integrated Management Module Commands in Cisco Flex 7500 Series Controllers

Use the imm commands to manage the Integrated Management Module (IMM) in the Cisco Flex 7500 Series Controllers.

imm address

To configure the static IP address of the IMM, use the imm address command.

imm address ip-addr netmask gateway

Syntax Description

ip-addr

IP address of the IMM

netmask

Netmask of the IMM

gateway

Gateway of the IMM

Command Default

None.

Examples

This example shows how to set the static IP address of an IMM:


          
          > imm address 209.165.200.225 255.255.255.224 10.1.1.1

Related Commands

imm dhcp

imm mode

imm restart

imm username

imm summary

imm dhcp

To configure DHCP for the IMM, use the imm dhcp command.

imm dhcp { enable | disable | fallback}

Syntax Description

enable

Enables DHCP for the IMM

disable

Disables DHCP for the IMM

fallback

Enables DHCP for the IMM, but if it fails, then uses static IP of the IMM

Command Default

Enabled.

Examples

This example shows how to enable DHCP for the IMM:


          
          
> imm dhcp enable

Related Commands

imm address

imm mode

imm restart

imm username

imm summary

imm mode

To configure the IMM mode, use the imm mode command.

imm mode { shared | dedicated}

Syntax Description

shared

Sets IMM in shared mode

dedicated

Sets IMM in dedicated mode

Command Default

Dedicated.

Examples

This example shows how to set the IMM in shared mode:


          
          
> imm mode

Related Commands

imm dhcp

imm address

imm restart

imm username

imm summary

imm restart

To restart the IMM, use the imm restart command.

imm restart

Syntax Description

restart

Saves your settings and restarts the IMM

Command Default

None.

Related Commands

imm dhcp

imm mode

imm address

imm username

imm summary

imm summary

To view the IMM parameters, use the imm summary command.

imm summary

Syntax Description

summary

Lists the IMM parameters

Command Default

None.

Examples

This example shows a typical summary of the IMM:


          
          
> imm summary
User ID..........................................username1
Mode............................................. Shared
DHCP............................................. Enabled
IP Address....................................... 209.165.200.225
Subnet Mask...................................... 255.255.255.224
Gateway.......................................... 10.1.1.1

Related Commands

imm dhcp

imm mode

imm restart

imm username

imm address

imm username

To configure the logon credentials for an IMM user, use the imm username command.

imm username username password

Syntax Description

username

Username for the user

password

Password for the user

Command Default

None.

Examples

This example shows how to set the logon credentials of an IMM user:


          
          
> imm username username1 password1 

Related Commands

imm dhcp

imm mode

imm restart

imm address

imm summary

Debug Commands

debug capwap reap

To obtain troubleshooting information about Control and Provisioning of Wireless Access Points (CAPWAP) settings on a FlexConnect access point, use the debug capwap reap command.

debug capwap reap [ mgmt | load]

Syntax Description

mgmt

(Optional) Configures debugging for client authentication and association messages.

load

(Optional) Configures debugging for payload activities, which is useful when the FlexConnect access point boots up in standalone mode.

Command Default

None.

Examples

This example shows how to debug FlexConnect client authentication and association messages:


         
         
> debug capwap reap mgmt

Related Commands

debug disable-all

clear lwapp private-config

show capwap reap association

show capwap reap status

debug dot11 mgmt interface

To debug 802.11 management interface events, use the debug dot11 mgmt interface command.

debug dot11 mgmt interface

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to debug dot11 management interface events:


         
         
> debug dot11 mgmt interface

Related Commands

debug disable-all

debug dot11

debug dot11 mgmt msg

debug dot11 mgmt ssid

debug dot11 mgmt state-machine

debug dot11 mgmt station

debug dot11 mgmt msg

To debug 802.11 management messages, use the debug dot11 mgmt msg command.

debug dot11 mgmt msg

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to debug dot11 management messages:


         
         
> debug dot11 mgmt msg

Related Commands

debug disable-all

debug dot11

debug dot11 mgmt msg

debug dot11 mgmt interface

debug dot11 mgmt ssid

debug dot11 mgmt state-machine

debug dot11 mgmt station

debug dot11 mgmt ssid

To debug 802.11 Service Set Identifier (SSID) management events, use the debug dot11 mgmt ssid command.

debug dot11 mgmt ssid

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to debug dot11 SSID management events:


         
         
> debug dot11 mgmt ssid

Related Commands

debug disable-all

debug dot11

debug dot11 mgmt msg

debug dot11 mgmt interface

debug dot11 mgmt state-machine

debug dot11 mgmt state-machine

To debug the 802.11 state machine, use the debug dot11 mgmt state-machine command.

debug dot11 mgmt state-machine

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to debug dot11 state machine settings:


         
         
> debug dot11 mgmt state-machine

Related Commands

debug disable-all

debug dot11

debug dot11 mgmt msg

debug dot11 mgmt interface

debug dot11 mgmt state-machine

debug dot11 mgmt station

debug dot11 mgmt station

To debug client events, use the debug dot11 mgmt station command.

debug dot11 mgmt station

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Examples

This example shows how to debug management station settings:


         
         
> debug dot11 mgmt station

Related Commands

debug disable-all

debug dot11

debug dot11 mgmt msg

debug dot11 mgmt ssid

debug dot11 mgmt state-machine

debug dot11 mgmt interface

debug flexconnect aaa

To enable or disable debugging of FlexConnect backup RADIUS server events or errors, use the debug flexconnect aaa command.

debug flexconnect aaa { event | error} { enable | disable}

Syntax Description

event

Configures debugging for FlexConnect RADIUS server events.

error

Configures debugging for FlexConnect RADIUS server errors.

enable

Enables debugging of FlexConnect RADIUS server settings.

disable

Disables debugging of FlexConnect RADIUS server settings.

Command Default

None.

Examples

This example shows how to enable debugging of FlexConnect RADIUS server events:


         
         
> debug flexconnect aaa event enable

Related Commands

debug disable-all

debug flexconnect cckm

debug flexconnect group

debug flexconnect group detail

debug flexconnect group summary

show radius summary

debug flexconnect acl

To enable or disable debugging of FlexConnect access control lists (ACLs), use the debug flexconnect acl command.

debug flexconnect acl { enable | disable}

Syntax Description

enable

Enables debugging of FlexConnect ACLs.

disable

Disables debugging of FlexConnect ACLs.

Command Default

None.

Examples

This example shows how to enable debugging of FlexConnect ACLs:


         
         
> debug flexconnect acl enable

Related Commands

debug disable-all

debug flexconnect cckm

debug flexconnect group

debug flexconnect group detail

debug flexconnect group summary

show radius summary

debug flexconnect cckm

To enable or disable debugging of FlexConnect Cisco Centralized Key Management (CCKM) fast roaming, use the debug flexconnect cckm command.

debug flexconnect cckm { enable | disable}

Syntax Description

enable

Enables debugging of FlexConnect CCKM fast roaming settings.

disable

Disables debugging of FlexConnect CCKM fast roaming settings.

Command Default

None.

Examples

This example shows how to enable debugging of FlexConnect CCKM fast roaming events:


         
         
> debug flexconnect cckm event enable

Related Commands

debug disable-all

debug flexconnect aaa

debug flexconnect group

debug flexconnect group detail

debug flexconnect group summary

show radius summary

debug flexconnect group

To enable or disable debugging of FlexConnect access point groups, use the debug flexconnect group command.

debug flexconnect group { enable | disable}

Syntax Description

enable

Enables debugging of FlexConnect access point groups.

disable

Disables debugging of FlexConnect access point groups.

Command Default

None.

Examples

This example shows how to enable debugging of FlexConnect access point groups:


         
         
> debug flexconnect group enable

Related Commands

debug disable-all

debug flexconnect aaa

debug flexconnect cckm

debug flexconnect group

debug flexconnect group detail

debug flexconnect group summary

debug pem

To configure the access policy manager debug options, use the debug pem command.

debug pem { events | state} { enable | disable}

Syntax Description

events

Configures debugging of the policy manager events.

state

Configures debugging of the policy manager state machine.

enable

Enables access policy manager debugging.

disable

Disables access policy manager debugging.

Command Default

None.

Examples

This example shows how to enable access policy manager debug settings:


         
         
> debug pem state enable

Related Commands

debug disable-all