Feedback
Table Of Contents
Cisco IOS Commands for Access Points
and Bridgesaccounting (SSID configuration mode)
authentication network-eap (SSID configuration mode)
authentication open (SSID configuration mode)
authentication shared (SSID configuration mode)
bridge-group block-unknown-source
bridge-group spanning-disabled
bridge-group subscriber-loop-control
clear ip proxy-mobile subnet-map
group (local server configuration mode)
guest-mode (SSID configuration mode)
infrastructure-ssid (SSID configuration mode)
ip proxy-mobile (SSID configuration mode)
match (class-map configuration)
max-associations (SSID configuration mode)
nas (local server configuration mode)
show dot11 statistics client-traffic
show interfaces dot11radio aaa
show interfaces dot11radio statistics
show ip proxy-mobile aaa requests
show ip proxy-mobile registration
show ip proxy-mobile subnet-map
show radius local-server statistics
snmp-server enable traps envmon temperature
user (local server configuration mode)
vlan (SSID configuration mode)
Cisco IOS Commands for Access Points
and Bridges
This chapter lists and describes Cisco IOS commands in Cisco IOS Release 12.2(13)JA that you use to configure and manage your access point, bridge, and wireless LAN. The commands are listed alphabetically. Refer to "List of Supported Cisco IOS Commands," for a complete list of Cisco IOS commands supported by access points and bridges.
accounting (SSID configuration mode)
Use the accounting SSID configuration mode command to enable RADIUS accounting for the radio interface (for the specified SSID). Use the no form of the command to disable accounting.
[no] accounting list-name
Syntax Description
Defaults
This command has no defaults.
Command Modes
SSID configuration interface
Command History
Usage Guidelines
You create accounting lists using the aaa accounting command. These lists indirectly reference the server where the accounting information is stored.
Examples
This example shows how to enable RADIUS accounting and set the RADIUS server name:
AP(config-if-ssid)# accounting radius1This example shows how to disable RADIUS accounting:
AP(config-if-ssid)# no accountingRelated Commands
antenna
Use the antenna configuration interface command to configure the radio receive or transmit antenna settings. Use the no form of this command to reset the receive antenna to defaults.
[no] antenna {receive | transmit} {diversity | left | right}
Syntax Description
Defaults
The default antenna configuration is diversity.
Command Modes
Configuration interface
Command History
Examples
This example shows how to specify the right receive antenna option:
AP(config-if)# antenna receive rightThis example shows how to set the receive antenna option to defaults:
AP(config-if)# no antenna receiveRelated Commands
Configures the radio transmit antenna settings
show running-config
Displays the current access point operating configuration
authentication client
Use the authentication client configuration interface command to configure a LEAP username and password that the access point uses when authenticating to the network as a repeater.
authentication client username username password password
Syntax Description
Defaults
This command has no defaults.
Command Modes
SSID configuration interface
Command History
Examples
This example shows how to configure the LEAP username and password that the repeater uses to authenticate to the network:
AP(config-if-ssid)# authentication client username ap-north password buckeyeRelated Commands
Specifies the SSID and enters the SSID configuration mode
show running-config
Displays the current access point operating configuration
authentication key-management
Use the authentication key-management SSID configuration mode command to configure the radio interface (for the specified SSID) to support authenticated key management. Cisco Centralized Key Management (CCKM) and Wi-Fi Protected Access (WPA) are the key management types supported on the access point.
authentication key-management { [wpa] [cckm] } [ optional ]
Note
This command is not supported on bridges.
Syntax Description
Defaults
This command has no defaults.
Command Modes
SSID configuration interface
Command History
12.2(11)JA
This command was introduced.
12.2(13)JA
This command was modified to allow you to enable both WPA and CCKM for an SSID.
Usage Guidelines
Use this command to enable authenticated key management for client devices.
•
•
•
•
Examples
This example shows how to enable both WPA and CCKM for an SSID:
AP(config-if-ssid)# authentication key-management wpa cckmRelated Commands
Specifies a cipher suite
Specifies the SSID and enters SSID configuration mode
Specifies a pre-shared key for an SSID
authentication network-eap (SSID configuration mode)
Use the authentication network-eap SSID configuration mode command to configure the radio interface (for the specified SSID) to support network-EAP authentication with optional MAC address authentication. Use the no form of the command to disable network-eap authentication for the SSID.
[no] authentication
network-eap list-name
[mac-address list-name]
Note
Syntax Description
list-name
Specifies the list name for EAP authentication
mac-address list-name
Specifies the list name for MAC authentication
Defaults
This command has no defaults.
Command Modes
SSID configuration interface
Command History
Usage Guidelines
Use this command to authenticate clients using the network EAP method, with optional MAC address screening. You define list names for MAC addresses and EAP using the aaa authentication login command. These lists define the authentication methods activated when a user logs in and indirectly identify the location where the authentication information is stored.
Examples
This example shows how to set the authentication to open for devices on a specified address list:
AP(config-if-ssid)# authentication network-eap list1This example shows how to reset the authentication to default values:
AP(config-if-ssid)# no authentication network-eapRelated Commands
authentication open (SSID configuration mode)
Use the authentication open SSID configuration mode command to configure the radio interface (for the specified SSID) to support open authentication and optionally MAC address authentication or EAP authentication. Use the no form of the command to disable open authentication for the SSID.
[no] authentication open
[mac-address list-name [alternate] ]
[eap list-name]
Note
Syntax Description
Defaults
This command has no defaults.
Command Modes
SSID configuration interface
Command History
Usage Guidelines
Use this command to authenticate clients using the open method, with optional MAC address or EAP screenings. If you use the alternate keyword, the client must pass either the MAC address or EAP authentication. Otherwise, the client must pass both authentications. You define list names for MAC addresses and EAP using the aaa authentication login command. These lists define the authentication methods activated when a user logs in and indirectly identify the location where the authentication information is stored.
Examples
This example shows how to enable open authentication with MAC address restrictions:
AP(config-if-ssid)# authentication open mac-address mac-list1This example shows how to disable open authentication for the SSID:
AP(config-if-ssid)# no authentication openRelated Commands
Specifies shared key authentication
Specifies network EAP authentication
Specifies the SSID and enters the SSID configuration mode
authentication shared (SSID configuration mode)
Use the authentication shared SSID configuration mode command to configure the radio interface (for the specified SSID) to support shared authentication with optional MAC address authentication and EAP authentication. Use the no form of the command to disable shared authentication for the SSID.
[no] authentication shared
[mac-address list-name]
[eap list-name]
Note
Syntax Description
mac-address list-name
Specifies the list name for MAC authentication
eap list-name
Specifies the list name for EAP authentication
Defaults
This command has no defaults.
Command Modes
SSID configuration interface
Command History
Usage Guidelines
Use this command to authenticate clients using the shared method, with optional MAC address or EAP screenings. You define list names for MAC addresses and EAP using the aaa authentication login command. These lists define the authentication methods activated when a user logs in and indirectly identify the location where the authentication information is stored.
Examples
This example shows how to set the authentication to shared for devices on a MAC address list:
AP(config-if-ssid)# authentication shared mac-address mac-list1This example shows how to reset the authentication to default values:
AP(config-if-ssid)# no authentication sharedRelated Commands
beacon
Use the beacon configuration interface command to specify how often the beacon contains a Delivery Traffic Indicator Message (DTIM). Use the no form of this command to reset the beacon interval to defaults.
[no] beacon {period Kms | dtim-period count}
Syntax Description
Defaults
The default period is 100.
The default dtim-period is 2.
Command Modes
Configuration interface
Command History
Usage Guidelines
Clients normally wake up each time a beacon is sent to check for pending packets. Longer beacon periods let the client sleep longer and preserve power. Shorter beacon periods reduce the delay in receiving packets.
Controlling the DTIM period has a similar power-saving result. Increasing the DTIM period count lets clients sleep longer, but delays the delivery of multicast packets. Because multicast packets are buffered, large DTIM period counts can cause a buffer overflow.
Examples
This example shows how to specify a beacon period of 15 Kms (15.36 milliseconds):
AP(config-if)# beacon period 15This example shows how to set the beacon parameter to defaults:
AP(config-if)# no beaconRelated Commands
boot upgrade
Use the boot upgrade global interface command to configure access points and bridges to automatically load a configuration and use DHCP options to upgrade system software.
When your access point renews its IP address with a DHCP request, it uses the details configured on the DHCP server to download a specified configuration file from a TFTP server. If a boot system command is part of the configuration file and the unit's current software version is different, the access point or bridge image is automatically upgraded to the version in the configuration. The access point or bridge reloads and executes the new image.
[ no ] boot upgrade
Syntax Description
This command has no arguments or keywords.
Defaults
This command is enabled by default.
Command Modes
Global configuration
Command History
Examples
This example shows how to prevent an access point or bridge from automatically loading a configuration and upgrading system software:
AP(config)# no boot upgradebridge aging-time
Use the bridge aging-time global configuration command to configure the length of time that a dynamic entry can remain in the bridge table from the time the entry is created or last updated.
bridge group aging-time seconds
Note
Syntax Description
Defaults
The default aging time is 300 seconds.
Command Modes
Global configuration
Command History
Examples
This example shows how to configure the aging time for bridge group 1:
bridge(config)# bridge 1 aging-time 500Related Commands
bridge forward-time
Use the bridge forward-time global configuration command to configure the forward delay interval on the bridge.
bridge group aging-time seconds
Note
Syntax Description
Defaults
The default forward time is 30 seconds.
Command Modes
Global configuration
Command History
Examples
This example shows how to configure the forward time for bridge group 2:
bridge(config)# bridge 2 forward-time 60Related Commands
bridge hello-time
Use the bridge hello-time global configuration command to configure the interval between hello bridge protocol data units (BPDUs).
bridge group hello-time seconds
Note
Syntax Description
Defaults
The default hello time is 2 seconds.
Command Modes
Global configuration
Command History
Examples
This example shows how to configure the hello time for bridge group 1:
bridge(config)# bridge 1 hello-time 15Related Commands
bridge max-age
Use the bridge max-age global configuration command to configure the interval that the bridge waits to hear BPDUs from the spanning tree root. If the bridge does not hear BPDUs from the spanning tree root within this specified interval, it assumes that the network has changed and recomputes the spanning-tree topology.
bridge group max-age seconds
Note
Syntax Description
group
Specifies the bridge group
seconds
Specifies the max-age interval in seconds (enter a value between 10 and 200 seconds)
Defaults
The default max-age is 15 seconds.
Command Modes
Global configuration
Command History
Examples
This example shows how to configure the max age for bridge group 1:
bridge(config)# bridge 1 max-age 20Related Commands
bridge priority
Use the bridge priority global configuration command to configure the spanning tree priority for the bridge. STP uses the bridge priority to select the spanning tree root. The lower the priority, the more likely it is that the bridge will become the spanning tree root.
The radio and Ethernet interfaces and the native VLAN on the bridge are assigned to bridge group 1 by default. When you enable STP and assign a priority on bridge group 1, STP is enabled on the radio and Ethernet interfaces and on the primary VLAN, and those interfaces adopt the priority assigned to bridge group 1. You can create bridge groups for sub-interfaces and assign different STP settings to those bridge groups.
bridge group priority priority
Note
Syntax Description
group
Specifies the bridge group to be configured
priority
Specifies the STP priority for the bridge
Defaults
The default bridge priority is 32768.
Command Modes
Global configuration
Command History
Examples
This example shows how to configure the priority for the bridge:
bridge(config-if)# bridge 1 priority 900Related Commands
bridge protocol ieee
Use the bridge number protocol ieee global configuration command to enable Spanning Tree Protocol (STP) on the bridge. STP is enabled for all interfaces assigned to the bridge group that you specify in the command.
The radio and Ethernet interfaces and the native VLAN on the bridge are assigned to bridge group 1 by default. When you enable STP and assign a priority on bridge group 1, STP is enabled on the radio and Ethernet interfaces and on the primary VLAN, and those interfaces adopt the priority assigned to bridge group 1. You can create bridge groups for sub-interfaces and assign different STP settings to those bridge groups.
bridge number protocol ieee [ suspend ]
Note
Syntax Description
number
Specifies the bridge group for which STP is enabled
suspend
Suspends STP on the bridge until you re-enable it.
Defaults
STP is disabled by default.
Command Modes
Global configuration
Command History
Examples
This example shows how to enable STP for bridge group 1:
bridge(config)# bridge 1 protocol ieeeRelated Commands
bridge-group block-unknown-source
Use the bridge-group block-unknown-source configuration interface command to block traffic from unknown MAC addresses on a specific interface. Use the no form of the command to disable unknown source blocking on a specific interface.
For STP to function properly, block-unknown-source must be disabled for interfaces participating in STP.
bridge-group group block-unknown-source
Syntax Description
Defaults
When you enable STP on an interface, block unknown source is disabled by default.
Command Modes
Configuration interface
Command History
Examples
This example shows how to disable block unknown source for bridge group 2:
bridge(config-if)# no bridge-group 2 block-unknown-sourceRelated Commands
bridge-group path-cost
Use the bridge-group path-cost configuration interface command to configure the path cost for the bridge Ethernet and radio interfaces. Spanning Tree Protocol (STP) uses the path cost to calculate the shortest distance from the bridge to the spanning tree root.
bridge-group group path-cost cost
Note
Syntax Description
Defaults
The default path cost for the Ethernet interface is 19, and the default path cost for the radio interface is 33.
Command Modes
Configuration interface
Command History
Examples
This example shows how to configure the path cost for bridge group 2:
bridge(config-if)# bridge-group 2 path-cost 25Related Commands
bridge-group port-protected
Use the bridge-group port-protected configuration interface command to enable protected port for public secure mode configuration. In Cisco IOS software, there is no exchange of unicast, broadcast, or multicast traffic between protected ports.
bridge-group bridge-group
port-protectedSyntax Description
Defaults
This command has no defaults.
Command Modes
Configuration interface
Command History
Examples
This example shows how to enable protected port for bridge group 71:
AP(config-if)# bridge-group 71 port-protectedRelated Commands
bridge-group priority
Use the bridge-group priority configuration interface command to configure the spanning tree priority for the bridge Ethernet and radio interfaces. Spanning Tree Protocol (STP) uses the interface priority to select the root interface on the bridge.
The radio and Ethernet interfaces and the native VLAN on the bridge are assigned to bridge group 1 by default. When you enable STP and assign a priority on bridge group 1, STP is enabled on the radio and Ethernet interfaces and on the primary VLAN, and those interfaces adopt the priority assigned to bridge group 1. You can create bridge groups for sub-interfaces and assign different STP settings to those bridge groups.
bridge-group group priority priority
Syntax Description
group
Specifies the bridge group to be configured
priority
Specifies the STP priority for the bridge group
Defaults
The default priority for both the Ethernet and radio interfaces is 128.
Command Modes
Configuration interface
Command History
Examples
This example shows how to configure the priority for an interface on bridge group 2:
bridge(config-if)# bridge-group 2 priority 150Related Commands
bridge-group spanning-disabled
Use the bridge-group spanning-disabled configuration interface command to disable Spanning Tree Protocol (STP) on a specific interface. Use the no form of the command to enable STP on a specific interface.
For STP to function properly, spanning-disabled must be disabled for interfaces participating in STP.
bridge-group group spanning-disabled
Syntax Description
Defaults
STP is disabled by default.
Command Modes
Configuration interface
Command History
Examples
This example shows how to disable STP for bridge group 2:
bridge(config-if)# bridge-group 2 spanning-disabledRelated Commands
bridge-group subscriber-loop-control
Use the bridge-group subscriber-loop-control configuration interface command to enable loop control on virtual circuits associated with a bridge group. Use the no form of the command to disable loop control on virtual circuits associated with a bridge group.
For Spanning Tree Protocol (STP) to function properly, subscriber-loop-control must be disabled for interfaces participating in STP.
bridge-group group subscriber-loop-control
Syntax Description
Defaults
When you enable STP for an interface, subscriber loop control is disabled by default.
Command Modes
Configuration interface
Command History
Examples
This example shows how to disable subscriber loop control for bridge group 2:
bridge(config-if)# no bridge-group 2 subscriber-loop-controlRelated Commands
bridge-group unicast-flooding
Use the bridge-group unicast-flooding configuration interface command to enable unicast flooding for a specific interface. Use the no form of the command to disable unicast flooding for a specific interface.
bridge-group group unicast-flooding
Syntax Description
Defaults
Unicast flooding is disabled by default.
Command Modes
Configuration interface
Command History
Examples
This example shows how to configure unicast flooding for bridge group 2:
bridge(config-if)# bridge-group 2 unicast-floodingRelated Commands
broadcast-key
Use the broadcast-key configuration interface command to configure the time interval between rotations of the broadcast encryption key used for clients. Use the no form of the command to disable broadcast key rotation.
[no] broadcast-key
[vlan vlan-id]
[change secs]
[ membership-termination ]
[ capability-change ]
Note
Note
Syntax Description
Defaults
This command has no defaults.
Command Modes
Configuration interface
Command History
Examples
This example shows how to configure vlan10 to support broadcast key encryption with a 5-minute key rotation interval:
AP(config-if)# broadcast-key vlan 10 change 300This example shows how to disable broadcast key rotation:
AP(config-if)# no broadcast-keycca
Use the cca configuration interface command to configure the clear channel assessment (CCA) noise floor level for the bridge radio. The value you enter is used as an absolute value of dBm.
cca number
Note
Syntax Description
number
Specifies the radio noise floor in dBm. Enter a number from -60 to 0. Zero configures the radio to use a received validate frame as the CCA indication.
Defaults
The default CCA level is -62 dBm.
Command Modes
Configuration interface
Command History
Examples
This example shows how to configure the CCA level for the bridge radio:
bridge(config-if)# cca 50channel
Use the channel configuration interface command to set the radio channel frequency. Use the no form of this command to reset the channel frequency to defaults.
[no] channel {number | frequency | least-congested}
Syntax Description
number
Specifies a channel number. For a list of channels for the 2.4-GHz radio, see Table 2-1. For a list of channels for the 5-GHz radio, see Table 2-2.
Note
frequency
Specifies the center frequency for the radio channel. For a list of center frequencies for the 2.4-GHz access point radio, see Table 2-1. For a list of center frequencies for the 5-GHz access point radio, see Table 2-2. For a list of center frequencies for the 5-GHz bridge radio, see Table 2-3.
Note
least-congested
Enables or disables the scanning for a least busy radio channel to communicate with the client adapter
Note
Note
Defaults
The default channel is least-congested.
Command Modes
Configuration interface
Command History
Examples
This example shows how to set the access point radio to channel 10 with a center frequency of 2457.
AP(config-if)# channel 2457This example shows how to set the access point to scan for the least-congested radio channel.
AP(config-if)# channel least-congestedThis example shows how to set the frequency to the default setting:
AP(config-if)# no channelRelated Commands
show controllers dot11radio
Displays the radio controller information and status
class-map
Use the class-map global configuration command to create a class map to be used for matching packets to the class whose name you specify and to enter class-map configuration mode. Use the no form of this command to delete an existing class map and return to global configuration mode.
[no] class-map name
Syntax Description
Defaults
This command has no defaults, and there is not a default class map.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to specify the name of the class for which you want to create or modify class-map match criteria and to enter class-map configuration mode. In this mode, you can enter one match command to configure the match criterion for this class.
The class-map command and its subcommands are used to define packet classification, marking, and aggregate policing as part of a globally named service policy applied on a per-interface basis.
After you are in quality of service (QoS) class-map configuration mode, these configuration commands are available:
•
•
•
•
•
Only one match criterion per class map is supported. For example, when defining a class map, only one match command can be issued.
Because only one match command per class map is supported, the match-all and match-any keywords function the same.
Only one access control list (ACL) can be configured in a class map. The ACL can have multiple access control entries (ACEs).
Examples
This example shows how to configure the class map called class1. class1 has one match criterion, which is an access list called 103.
AP(config)# access-list 103 permit any any dscp 10AP(config)# class-map class1AP(config-cmap)# match access-group 103AP(config-cmap)# exitThis example shows how to delete the class map class1:
AP(config)# no class-map class1You can verify your settings by entering the show class-map privileged EXEC command.
Related Commands
clear dot11 client
Use the clear dot11 client privileged EXEC command to deauthenticate a radio client with a specified media access control (MAC) address. The client must be directly associated with the access point, not a repeater.
clear dot11 client {mac-address}
Syntax Description
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to deauthenticate a specific radio client:
AP# clear dot11 client 0040.9645.2196You can verify that the client was deauthenticated by entering the following privileged EXEC command:
AP# show dot11 associations 0040.9645.2196Related Commands
Displays the radio association table or optionally displays association statistics or association information about repeaters or clients
clear dot11 hold-list
Use the clear dot11 hold-list privileged EXEC command to reset the MAC, LEAP, and EAP authentications hold list.
clear dot11 hold-list
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default setting.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to clear the hold-off list of MAC authentications:
AP# clear dot11 hold-listclear dot11 statistics
Use the clear dot11 statistics privileged EXEC command to reset statistic information for a specific radio interface or for a particular client with a specified MAC address.
clear dot11 statistics
{interface | mac-address}Syntax Description
interface
Specifies a radio interface number
mac-address
Specifies a client MAC address (in xxxx.xxxx.xxxx format)
Defaults
This command has no default setting.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to clear radio statistics for radio interface 0:
AP# clear dot11 statistics dot11radio 0This example shows how to clear radio statistics for the client radio with a MAC address of 0040.9631.81cf:
AP# clear dot11 statistics 0040.9631.81cfYou can verify that the radio interface statistics are reset by entering the following privileged EXEC command:
AP# show dot11 associations statisticsRelated Commands
Displays client traffic statistics
Displays radio interface information
Displays radio interface statistics
clear iapp rogue-ap-list
Use the clear iapp rogue-ap-list privileged EXEC command to clear the list of IAPP rogue access points.
clear iapp rogue-ap-list
Note
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default setting.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to clear the IAPP rogue access point list:
AP# clear iapp rogue-ap-listYou can verify that the rogue AP list was deleted by entering the show iapp rogue-ap-list privileged EXEC command.
Related Commands
clear iapp statistics
Use the clear iapp statistics privileged EXEC command to clear all the IAPP statistics.
clear iapp statistics
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default setting.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to clear the IAPP statistics:
AP# clear iapp statisticsYou can verify that the IAPP statistics were cleared by entering the following privileged EXEC command:
AP# show iapp statisticsRelated Commands
clear ip proxy-mobile traffic
Use the clear ip proxy-mobile traffic privileged EXEC command to clear all the statistics related to proxy Mobile IP.
clear ip proxy-mobile traffic
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default setting.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to clear the proxy-mobile statistics:
AP# clear ip proxy-mobile trafficYou can verify that traffic statistics are cleared by entering the show ip proxy-mobile traffic privileged EXEC command.
Related Commands
clear ip proxy-mobile subnet-map
Use the clear ip proxy-mobile subnet-map privileged EXEC command to clear the proxy Mobile IP subnet map table and obtain a new table from the AAP. If the access point cannot obtain a new table from the AAP, the subnet map table does not change. When you enter this command on an AAP, the AAP immediately synchronizes its tables with the other AAPs.
clear ip proxy-mobile subnet-map
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default setting.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to clear the proxy Mobile IP subnet map:
AP# clear ip proxy-mobile subnet-mapYou can verify that information was deleted by entering the show ip proxy-mobile subnet-map privileged EXEC command.
Related Commands
Displays the subnet map table
Displays information about proxy Mobile IP
Displays proxy Mobile IP statistics, the subnet map table, and all the security associations
concatenation
Use the concatenation configuration interface command to enable packet concatenation on the bridge radio. Using concatenation, the bridge combines multiple packets into one packet to reduce packet overhead and overall latency, and to increase transmission efficiency.
concatenation [ bytes ]
Note
Syntax Description
bytes
(Optional) Specifies a maximum size for concatenated packets in bytes. Enter a value from 1600 to 4000.
Defaults
Concatenation is enabled by default, and the default maximum concatenated packet size is 3500.
Command Modes
Configuration interface
Command History
Examples
This example shows how to configure concatenation on the bridge radio:
bridge(config-if)# concatenation 4000countermeasure tkip hold-time
Use the countermeasure tkip hold-time configuration interface command to configure a TKIP MIC failure holdtime. If the access point detects two MIC failures within 60 seconds, it blocks all the TKIP clients on that interface for the holdtime period.
countermeasure tkip hold-time seconds
Syntax Description
seconds
Specifies the length of the TKIP holdtime in seconds (if the holdtime is 0, TKIP MIC failure hold is disabled)
Defaults
TKIP holdtime is enabled by default, and the default holdtime is 60 seconds.
Command Modes
Configuration interface
Command History
Examples
This example shows how to configure the TKIP holdtime on the access point radio:
ap(config-if)# countermeasure tkip hold-time 120debug dot11
Use the debug dot11 privileged EXEC command to begin debugging of radio functions. Use the no form of this command to stop the debug operation.
[no] debug dot11
{events | packets | forwarding | mgmt | network-map | syslog | virtual-interface}Syntax Description
Defaults
Debugging is not enabled.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to begin debugging of all radio-related events:
AP# debug dot11 eventsThis example shows how to begin debugging of radio packets:
AP# debug dot11 packetsThis example shows how to begin debugging of the radio system log:
AP# debug dot11 syslogThis example shows how to stop debugging of all radio related events:
AP# no debug dot11 eventsRelated Commands
show debugging
Displays all debug settings and the debug packet headers
Displays configuration and status information for the radio interface
debug dot11 aaa
Use the debug dot11 aaa privileged EXEC command to begin debugging of dot11 authentication, authorization, and accounting (AAA) operations. Use the no form of this command to stop the debug operation.
[no] debug dot11 aaa
{accounting | dispatcher |
dot1x {all | broadcast-key | process} | rxdata | state-machine | txdata} | mac-authen}Syntax Description
Defaults
Debugging is not enabled.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to begin debugging of dot11 AAA accounting packets:
AP# debug dot11 aaa accountingThis example shows how to begin debugging of all dot1x AAA packets:
AP# debug dot11 aaa dot1x allRelated Commands
show debugging
Displays all debug settings
Optionally displays all radio clients
debug dot11 dot11radio
Use the debug dot11 dot11radio privileged EXEC command to turn on radio debug options. These options include run RF monitor mode and trace frames received or transmitted on the radio interface. Use the no form of this command to stop the debug operation.
[no] debug dot11 dot11radio interface-number {accept-radio-firmware |
monitor {ack | address | beacon | crc | lines | plcp | print | probe | store} |
print { hex | if | iv | lines | mic | plcp | printf | raw | shortadr } |
radio_debug flag-value | stop-on-failure |
trace {off | print | store}}Syntax Description
Defaults
Debugging is not enabled.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to enable packet printing with MAC addresses in short form:
AP# debug dot11 dot11radio 0 print shortadrThis example shows how to begin monitoring of all packets with CRC errors:
AP# debug dot11 dot11radio 0 monitor crcThis example shows how to stop monitoring of packets with CRC errors:
AP# no debug dot11 dot11radio 0 monitor crcRelated Commands
show debugging
Displays all debug settings and the debug packet headers
Displays configuration and status information for the radio interface
Displays radio interface statistics
debug iapp
Use the debug iapp privileged EXEC command to begin debugging of IAPP operations. Use the no form of this command to stop the debug operation.
[no] debug iapp
{packets | event | error}Syntax Description
packets
Displays IAPP packets sent and received by the access point. Link test packets are not displayed
event
Displays significant IAPP events
error
Displays IAPP software and protocol errors
Defaults
This command has no default setting.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to begin debugging of IAPP packets:
AP# debug iapp packetThis example shows how to begin debugging of IAPP events:
AP# debug iapp eventsThis example shows how to begin debugging of IAPP errors:
AP# debug iapp errorsRelated Commands
debug ip proxy-mobile
Use the debug ip proxy-mobile privileged EXEC command to begin debugging of proxy Mobile IP activities. If a component is not specified in the command, debugging of all components is activated. Use the no form of this command to stop the debug operation and return to the default configuration.
[no] debug ip proxy-mobile
[subnet-map] [agent-disc] [registration]Syntax Description
Defaults
Debugging is not enabled.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to begin debugging of all proxy-mobile activities:
AP# debug ip proxy-mobileThis example shows how to begin debugging of registration events:AP# debug ip proxy-mobile registrationThis example shows how to stop debugging of registration events:
AP# no debug ip proxy-mobile registrationYou can check debugging information by entering the show debugging privileged EXEC command.
Related Commands
debug radius local-server
Use the debug radius local-server privileged EXEC mode command to control the display of debug messages for the local authenticator.
debug radius local-server {client | error | packets }
Syntax Description
Defaults
Debugging is not enabled.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to begin debugging for local authenticator errors:
AP# debug radius local-server errorRelated Commands
Enables the access point as a local authenticator
show debugging
Displays all debug settings and the debug packet headers
debug wlccp ap
Use the debug wlccp ap privileged EXEC command to enable debugging for devices that interact with the access point that provides wireless domain services (WDS).
debug wlccp ap { mn | wds-discovery | state | rm [ statistics | context | packet ] }
Note
Syntax Description
Defaults
Debugging is not enabled.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to begin debugging for LEAP-enabled client devices participating in Cisco Centralized Key Management (CCKM):
AP# debug wlccp ap mnRelated Commands
show debugging
Displays all debug settings and the debug packet headers
Displays WLCCP information
debug wlccp packet
Use the debug wlccp packet privileged EXEC command to activate display of packets to and from the access point that provides wireless domain services (WDS).
debug wlccp packet
Note
Syntax Description
This command has no arguments or keywords.
Defaults
Debugging is not enabled.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to activate display of packets to and from the WDS access point:
AP# debug wlccp packetRelated Commands
show debugging
Displays all debug settings and the debug packet headers
Displays WLCCP information
debug wlccp rmlib
Use the debug wlccp rmlib privileged EXEC command to activate display of radio management library functions on the access point that provides wireless domain services (WDS).
debug wlccp rmlib
Note
Syntax Description
This command has no arguments or keywords.
Defaults
Debugging is not enabled.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to activate display of radio management library functions on the access point that provides WDS:
AP# debug wlccp rmlibRelated Commands
show debugging
Displays all debug settings and the debug packet headers
Displays WLCCP information
debug wlccp wds
Use the debug wlccp wds privileged EXEC command to activate display of wireless domain services (WDS) debug messages.
debug wlccp wds
aggregator [ packet ]
nm [ packet | loopback ]
state
statistics
Note
Syntax Description
Defaults
Debugging is not enabled.
Command Modes
Privileged EXEC
Command History
12.2(11)JA
This command was first introduced.
12.2(13)JA
This command was modified to include the aggregator and nm options.
Examples
This example shows how to begin debugging for LEAP-enabled client devices participating in Cisco Centralized Key Management (CCKM):
AP# debug wlccp ap mnRelated Commands
show debugging
Displays all debug settings and the debug packet headers
Displays WLCCP information
distance
Use the distance configuration interface command to specify the distance from a root bridge to the non-root bridge or bridges with which it communicates. The distance setting adjusts the bridge's timeout values to account for the time required for radio signals to travel from bridge to bridge. If more than one non-root bridge communicates with the root bridge, enter the distance from the root bridge to the non-root bridge that is farthest away. You do not need to adjust this setting on non-root bridges.
distance kilometers
Note
Syntax Description
Defaults
In installation mode, the default distance setting is 99 km. In all other modes, such as root and non-root, the default distance setting is 0 km.
Command Modes
Configuration interface
Command History
Examples
This example shows how to configure the distance setting for the root bridge radio:
bridge(config-if)# distance 40dot11 aaa csid
Use the dot11 aaa csid global configuration command to select the format for MAC addresses in Called-Station-ID (CSID) and Calling-Station-ID attributes in RADIUS packets.
dot11 aaa csid { default | ietf | unformatted }
Syntax Description
Defaults
The default CSID format looks like this example:
0007.85b3.5f4aCommand Modes
Global configuration
Command History
Usage Guidelines
You can also use the wlccp wds aaa csid command to select the CSID format.
Related Commands
Begin debugging of dot11 authentication, authorization, and accounting (AAA) operations
dot11 activity-timeout
Use the dot11 activity-timeout global configuration command to configure the number of seconds that the access point tracks an inactive device (the number depends on its device class). The access point applies the unknown device class to all non-Cisco Aironet devices.
dot11 activity-timeout { [ client-station | repeater | bridge | workgroup-bridge | unknown ] [ default <1 - 100000> ] [ maximum <1 - 100000> ] }
Syntax Description
Defaults
Table 2-4 lists the default activity timeouts for each device class. All values are in seconds.
Table 2-4 Default Activity Timeouts
unknown
60
client-station
1800
repeater
28800
bridge
28800
workgroup-bridge
28800
Command Modes
Global configuration
Command History
Examples
This example shows how to configure default and maximum activity timeouts for all device classes:
AP(config)# dot11 activity-timeout default 5000 maximum 24000Usage Guidelines
To set an activity timeout for all device types, set a default or maximum timeout without specifying a device class (for example, enter dot11 activity-timeout default 5000). The access point applies the timeout to all device types that are not already configured with a timeout.
Related Commands
dot11 adjacent-ap age-timeout
Use the dot11 adjacent-ap age-timeout global configuration command to specify the number of hours an inactive entry remains in the list of adjacent access points.
dot11 adjacent-ap age-timeout hours
Note
Syntax Description
Defaults
The default age-timeout is 24 hours.
Command Modes
Global configuration
Command History
Examples
This example shows how to configure the timeout setting for inactive entries in the adjacent access point list:
AP# dot11 adjacent-ap age-timeout 12Related Commands
dot11 antenna-alignment
Use the dot11 antenna-alignment privileged EXEC command to activate the antenna-alignment tool for an radio interface. Use this tool to test and align the access point antenna with another remote antenna.
dot11 interface-number antenna-alignment [timeout]
Syntax Description
interface-number
Specifies the radio interface number (The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.)
timeout
Specifies the duration of the alignment test, in seconds
Defaults
The default alignment timeout is 5 seconds.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
During the antenna alignment test, the radio disassociates from its parent, probes adjacent access points, and records the MAC address and signal strength of responses it receives. After the timeout, the radio reassociates with its parent. Clients connected to the access point through its parent lose their connection for the duration of the test; clients connected to a repeater maintain their connection and can abort the test using the escape sequence (Ctrl key and ^ key).
You display the last 10 results using the show dot11 antenna-alignment command, which lists the MAC address and signal level for the access points that responded to the probe.
Examples
This example shows how to start the antenna-alignment test for radio interface 0:
AP# dot11 dot11radio 0 antenna-alignmentRelated Commands
dot11 arp-cache
Use the dot11 arp-cache global configuration command to enable client ARP caching on the access point. ARP caching on the access point reduces the traffic on your wireless LAN by stopping ARP requests for client devices at the access point. Instead of forwarding ARP requests to client devices, the access point responds to requests on behalf of associated client devices and drops ARP requests that are not directed to clients associated to the access point. When ARP caching is optional, the access point responds on behalf of clients with IP addresses known to the access point but forwards out its radio port any ARP requests addressed to unknown clients. When the access point knows all the IP addresses for associated clients, it drops any ARP requests not directed to its clients.
[no] dot11 arp-cache [optional]
Syntax Description
Defaults
ARP caching is disabled by default.
Command Modes
Global configuration
Command History
Examples
This example shows how to enable ARP caching:
AP(config)# dot11 arp-cachedot11 carrier busy
Use the dot11 carrier busy privileged exec command to display levels of radio activity on each channel.
dot11 interface-number carrier busy
Syntax Description
interface-number
Specifies the radio interface number (The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.)
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
During the carrier busy test, the access point or bridge drops all associations with wireless networking devices for about 4 seconds while it conducts the carrier test and then displays the test results.
You can re-display the carrier busy results using the show dot11 carrier busy command.
Examples
This example shows how to run the carrier busy test for radio interface 0:
AP# dot11 d0 carrier busyThis example shows the carrier busy test results:
Frequency Carrier Busy %--------- --------------5180 05200 25220 275240 55260 15280 05300 35320 2Related Commands
dot11 linktest
Use the dot11 linktest privileged EXEC command to test a radio link between the access point and a client device.
dot11 interface-number linktest
[target mac-address]
[count packet-number]
[interval sec]
[packet-size size]
[rate value]Syntax Description
Defaults
The default target for a root access point is the first client. The default target for a repeater is its parent access point.
The default count specifies that test runs once.
The default interval is 5 seconds.
The default packet-size is 512 bytes.
The default rate is the automatic rate-shifting algorithm.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The link test verifies the radio link between the access point and a client device by sending the client a series of special packets, which the client returns to the access point.
Note
The client adds information to the packets that quantify how well it received the request. Results are displayed as a table of packet statistics, quality, and signal-level information.
If you specify an interval, the test repeats continuously separated by the specified number of seconds. To abort the test, type the escape sequence (Ctrl key and ^ key). Without an interval, the test runs once.
Examples
This example shows how to initiate a radio link test to send 10 packets to client MAC address 0040963181CF on radio interface 0:
AP# dot11 dot11radio 0 linktest target 0040.9631.81CF count 10This example shows how to initiate a radio link test to send 100 packets of 500 bytes to client MAC address 0040963181CF on radio interface 0:
AP# dot11 dot11radio 0 linktest target 0040.9631.81CF packet-size 500 count 100Related Commands
Displays the radio statistics
Displays the radio association table
Displays the radio network map
dot11 location isocc
Use the dot11 location isocc privileged EXEC command to configure location identifiers that the access point sends with all RADIUS authentication and accounting requests.
dot11 location isocc ISO-country-code cc country-code ac area-code
Syntax Description
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
You can find a list of ISO and ITU country and area codes at the ISO and ITU websites. Cisco IOS software does not check the validity of the country and area codes that you enter with this command.
Examples
This example shows how to configure the ISO and ITU location codes on the access point:
ap# dot11 location isocc us cc 1 ac 408This example shows how the access point adds the SSID used by the client device and how it formats the location-ID string:
isocc=us,cc=1,ac=408,network=ACMEWISP_NewarkAirportRelated Commands
dot11 meter
Use the dot11 meter privileged EXEC command to measure the performance of packet forwarding. To display the results, use the show dot11 statistics metered-traffic command.
dot11 interface-number meter
Syntax Description
interface-number
Specifies the radio interface number. The 2.4-GHz radio is radio 0. The 5-GHz radio is radio 1.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to activate the meter tool for radio interface 0:
AP# dot11 dot11radio 0 meterRelated Commands
dot11 extension aironet
Use the dot11 extension aironet configuration interface command to enable or disable Cisco Aironet extensions to the IEEE 802.11b standard. Use the no form of this command to disable the Cisco Aironet extensions.
[no] dot11 extension aironet
Note
Syntax Description
This command has no arguments or keywords.
Defaults
Cisco Aironet extensions are disabled by default.
Command Modes
Configuration interface
Command History
Usage Guidelines
The Cisco Aironet extensions help clients choose the best access point. You must enable these extensions to use advanced features such as Cisco MIC and key hashing. Disable these extensions for non-Cisco clients that misinterpret the extensions.
Examples
This example shows how to enable Cisco Aironet extensions for the radio interface:
AP(config-if)# dot11 extension aironetThis example shows how to disable Cisco Aironet extensions for the radio interface:
AP(config-if)# no dot11 extension aironetRelated Commands
dot11 holdoff-time
Use the dot11 holdoff-time global configuration command to specify the hold-off time for EAP and MAC address authentication. The holdoff time is invoked when a client fails three login attempts or fails to respond to three authentication requests from the access point. Use the no form of the command to reset the parameter to defaults.
[no] dot11 holdoff-time seconds
Syntax Description
Defaults
The default holdoff time is 0 (disabled).
Command Modes
Global configuration
Command History
Examples
This example shows how to specify a 2-minute hold-off time:
AP(config)# dot11 holdoff-time 120This example shows how reset the hold-off time to defaults:
AP(config)# dot11 no holdoff-timeRelated Commands
dot11 igmp snooping-helper
Use the dot11 igmp snooping-helper global configuration command to begin sending IGMP Query requests when a new client associates with the access point. Use the no form of this command to disable the IGMP Query requests.
[no] dot11 igmp snooping-helper
Syntax Description
This command has no arguments or keywords.
Defaults
IGMP Query requests are disabled.
Command Modes
Global configuration
Command History
Examples
This example shows how to enable IGMP Query requests:
AP(config)# dot11 igmp snooping-helperThis example shows how to stop or disable the IGMP Query requests:
AP(config)# no dot11 igmp snooping-helper
dot11 network-map
Use the dot11 network-map global configuration command to enable the radio network map feature. When enabled, the access point broadcasts a IAPP GenInfo Request every collection interval. This request solicits information from all Cisco access points in the same Layer 2 domain. Upon receiving a GetInfo Request, the access point sends a unicast IAPP GenInfo Response back to the requester. The access point uses these IAPP GenInfo Responses to build a network-map.
dot11 network-map [collect-interval]
Syntax Description
Defaults
The default collect interval is 5 seconds.
Command Modes
Global configuration
Command History
Examples
This example shows how to generate a radio network map with a collection interval of 30 seconds:
AP(config)# dot11 network-map 30You can verify the network map by using the show dot11 network-map EXEC command.
Related Commands
dot11 phone
Use the dot11 phone global configuration command to enable or disable IEEE 802.11 compliance phone support. Use the no form of this command to disable the IEEE 802.11 phone.
[no] dot11 phone
Note
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Global configuration
Command History
Usage Guidelines
Enabling IEEE 802.11 compliance phone support adds information to the access point beacons and probe responses. This information helps some 802.11 phones make intelligent choices about the access point to which they should associate. Some phones do not associate with an access point without this additional information.
Examples
This example shows how to enable IEEE 802.11 phone support:
AP(config)# dot11 phoneThis example shows how to stop or disable the IEEE 802.11 phone support:
AP(config)# no dot11 phone
dot11 priority_map avvid
Use the dot11 priority_map avvid global configuration command to enable or disable Cisco AVVID (Architecture for Voice, Video and Integrated Data) priority mapping. AVVID priority mapping maps Ethernet packets tagged as class of service 5 to class of service 6. This feature enables the access point to apply the correct priority to voice packets for compatibility with Cisco AVVID networks. Use the no form of this command to disable AVVID priority mapping.
[no] dot11 priority_map avvid
Note
Syntax Description
This command has no arguments or keywords.
Defaults
AVVID priority mapping is enabled by default.
Command Modes
Global configuration
Command History
Examples
This example shows how to stop or disable AVVID priority mapping:
AP(config)# no dot11 priority_map avvid
This example shows how to enable AVVID priority mapping:
AP(config)# dot11 priority_map avvidRelated Commands
Creates a class map to be used for matching packets to the class whose name you specify
show class-map
Displays quality of service (QoS) class maps
dot11 update-group-key
Use the dot11 update-group-key privileged EXEC command to trigger an update of the WPA group key. When you enter the command, the access point distributes a new WPA group key to authenticated client devices.
dot11 interface-number update-group-key [ vlan vlan-id ]
Syntax Description
interface-number
Specifies the radio interface number (the 2.4-GHz radio is radio 0; the 5-GHz radio is radio 1)
vlan-id
Specifies the VLAN on which the access point sends out the group key update
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to trigger a group key update on VLAN 2:
AP# dot11 dot11radio 0 group-key-update vlan 2Related Commands
Configures the radio interface (for a specified SSID) to support authenticated key management
dot1x client-timeout
Use the dot1x client-timeout configuration interface command to configure the IEEE 802.1x (dot1x) client timeout value. The client timeout value is the length of time that the access point waits for a client to respond to the access point's EAP request.
dot1x client-timeout 1-65555
Syntax Description
Defaults
The default timeout is 30 seconds.
Command Modes
Configuration interface
Command History
12.2(4)JA
This command was introduced.
12.2(13)JA
The default value for this command changed from 10 seconds to 30 seconds.
Examples
This example shows how to configure a 60-second dot1x client timeout value:
AP(config-if)# dot1x client-timeout 60Related Commands
Displays radio AAA timeout values
Configures a lockout period for clients that fail to authenticate
dot1x reauth-period
Use the dot1x reauth-period configuration interface command to configure the dot1x client- reauthentication period. The no form of the command disables reauthentication.
[no] dot1x reauth-period {1-65555 | server}
Syntax Description
Defaults
The default is disabled.
Command Modes
Configuration interface
Command History
Examples
This example shows how to configure a 2-minute dot1x client-reauthentication period:
AP(config-if)# dot1x reauth-period 120Related Commands
encryption key
Use the encryption key configuration interface command to define a WEP key used for data encryption on the wireless LAN or on a specific virtual LAN (VLAN). Use the no form of the command to remove a specific encryption key.
Note
[no] encryption
[vlan vlan-id ]
key 1-4
size {40bit | 128Bit}
encryption-key
[transmit-key]Syntax Description
vlan vlan-id
Specifies the VLAN number (1 to 4095)
key 1-4
Specifies the number of the key (1 to 4) that is being configured. (A total of four encryption keys can be configured for each VLAN.)
Note
size 40bit
Specifies a 40-bit encryption key
size 128bit
Specifies a 128-bit encryption key
encryption-key
Specifies the value of the encryption key:
•
•
transmit-key
Specifies the key for encrypting transmit data from the access point. Key slot 1 is the default key slot.
Defaults
This command has no defaults.
Command Modes
Configuration interface
Command History
Usage Guidelines
Using security features such as authenticated key management can limit WEP key configurations. Table 2-5 lists WEP key restrictions based on your security configuration.
Examples
This example shows how to configure a 40-bit encryption key with a value of 11aa33bb55 as
WEP key 1 used on VLAN number 1:AP(config-if)# encryption vlan 1 key 1 size 40bit 11aa33bb55 transmit-keyThis example shows how to remove WEP key 1 on VLAN 1:
AP(config-if)# no encryption vlan 1 key 1Related Commands
encryption mode ciphers
Use the encryption mode ciphers configuration interface command to enable a cipher suite. Cipher suites are sets of encryption algorithms that, like WEP, protect radio communication on your wireless LAN. You must use a cipher suite to enable Wi-Fi Protected Access (WPA) or Cisco Centralized Key Management (CCKM).
Because cipher suites provide the protection of WEP while also allowing use of authenticated key management, we recommend that you enable WEP by using the encryption mode ciphers command in the CLI or by using the cipher drop-down menu in the web-browser interface. Cipher suites that contain TKIP provide the best security for your wireless LAN, and cipher suites that contain only WEP are the least secure.
Note
encryption [ vlan vlan ] mode ciphers
{ [ ckip | cmic | ckip-cmic | tkip ] }
{ [ wep128 | wep40 ] }Syntax Description
Defaults
This command has no defaults.
Command Modes
Configuration interface
Command History
Usage Guidelines
If you configure your access point to use WPA or CCKM authenticated key management, you must select a cipher suite compatible with the authenticated key management type. Table 2-6 lists the cipher suites that are compatible with WPA and CCKM.
Refer to the Cisco IOS Software Configuration Guide for Cisco Aironet Access Points for a complete description of WPA and CCKM and instructions for configuring authenticated key management.
Examples
This example sets up a cipher suite for VLAN 22 that enables CKIP, CMIC, and 128-bit WEP.
ap(config-if)# encryption vlan 22 mode ciphers ckip-cmic wep128Related Commands
Configures the access point for WEP encryption
Configures the client authentication type for an SSID, including WPA and CCKM authenticated key management
encryption mode wep
Use the encryption mode wep configuration interface command to enable a specific encryption type that is used to communicate on the wireless LAN or on a specific VLAN. When encryption is enabled, all client devices on the wireless LAN or on a VLAN must support the specified encryption methods to communicate with the access point. Use the no form of the command to disable the encryption features on a specific VLAN.
Note
[no] encryption [vlan vlan-id ] mode wep
{mandatory | optional}
{key-hash | mic [key-hash] }Syntax Description
Defaults
This command has no defaults.
Command Modes
Configuration interface
Command History
Examples
This example shows how to specify that encryption key hashing must be used on VLAN number 1:
AP(config-if)# encryption vlan 1 mode wep mandatory key-hashThis example shows how to disable mandatory encryption on VLAN 1:
AP(config-if)# no encryption vlan 1 mode wep mandatoryRelated Commands
fragment-threshold
Use the fragment-threshold configuration interface command to set the size at which packets are fragmented. Use the no form of the command to reset the parameter to defaults.
[no] fragment-threshold 256-2346
Syntax Description
Defaults
The default threshold is 2346 bytes
Command Modes
Configuration interface
Command History
Examples
This example shows how to set the packet fragment threshold size to 1800 bytes:
AP(config-if)# fragment-threshold 1800This example shows how to reset the packet fragment threshold size to defaults:
AP(config-if)# no fragment-thresholdRelated Commands
group (local server configuration mode)
Use the group local server configuration mode command to enter user group configuration mode and configure a user group to which you can assign shared settings. In user group configuration mode you can specify settings for the user group such as VLAN and SSID.
group group
Note
Syntax Description
Defaults
This command has no defaults.
Command Modes
Local server configuration mode
Command History
Examples
This example shows how to create a user group on the local authenticator:
AP(config-radsrv)# group hoosiersRelated Commands
guest-mode (SSID configuration mode)
Use the guest-mode SSID configuration mode command to configure the radio interface (for the specified SSID) to support guest mode. Use the no form of the command to disable the guest mode.
[no] guest-mode
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
SSID configuration interface
Command History
Usage Guidelines
The access point can have one guest-mode SSID or none at all. The guest-mode SSID is used in beacon frames and response frames to probe requests that specify the empty or wildcard SSID. If no guest-mode SSID exists, the beacon contains no SSID and probe requests with the wildcard SSID are ignored. Disabling the guest mode makes the networks slightly more secure. Enabling the guest mode helps clients that passively scan (do not transmit) associate with the access point. It also allows clients configured without a SSID to associate.
Examples
This example shows how to set the wireless LAN for the specified SSID into guest mode:
AP(config-if-ssid)# guest-modeThis example shows how to reset the guest-mode parameter to default values:
AP(config-if-ssid)# no guest-modeRelated Commands
Specifies the SSID and enters the SSID configuration mode
show running-config
Displays the current access point operating configuration
iapp standby mac-address
Use the iapp standby mac-address global configuration command to configure an access point to be in standby mode and specify the active access point's MAC address. Use the no form of this command to disable the access point standby mode.
[no] iapp standby mac-address mac-address
Note
Syntax Description
Defaults
This command has no default setting.
Command Modes
Global configuration
Command History
Examples
This example shows how to place the access point in standby mode and indicate the MAC address of the active access point:
AP(config)# iapp standby mac-address 0040.9631.81cfThis example shows how to stop or disable the standby mode:
AP(config)# no iapp standby mac-address 0040.9631.81cf
Related CommandsYou can verify your settings by entering the show class-map privileged EXEC command.
Configures the polling interval in standby mode
Configures the polling timeout value in standby mode
iapp standby poll-frequency
Use the iapp standby poll-frequency global configuration command to configure the standby mode polling interval. Use the no form of this command to clear the access point standby mode poll frequency.
[no] iapp standby poll-frequency sec [mac-address]
Note
Syntax Description
sec
Specifies the standby mode poll frequency in seconds
mac-address
Specifies the MAC address of an access point
Defaults
When you enable hot standby, the default poll frequency is 2 seconds.
Command Modes
Global configuration
Command History
Examples
This example shows how to specify the standby mode poll frequency of 5 minutes:
AP(config)# iapp standby poll-frequency 300This example shows how to stop or disable the standby mode:
AP(config)# no iapp standby mac-address 0040.9631.81cf
Related CommandsYou can verify your settings by entering the show class-map privileged EXEC command.
Places the access point into standby mode and identifies the MAC address of the active access point
Specifies the access point standby mode polling timeout value
iapp standby timeout
Use the iapp standby timeout global configuration command to configure the standby mode polling timeout value. Use the no form of this command to clear the standby mode polling timeout value.
[no] iapp standby timeout sec
Syntax Description
Defaults
When you enable hot standby, the default standby timeout is 20 seconds.
Command Modes
Global configuration
Command History
Examples
This example shows how to specify the standby mode polling timeout of 1 minute:
AP(config)# iapp standby timeout 60This example shows how to clear the standby mode timeout value:
AP(config)# no iapp standby timeout
Related CommandsYou can verify your settings by entering the show class-map privileged EXEC command.
Places the access point into standby mode and identifies the MAC address of the active access point
Specifies the standby mode polling interval
infrastructure-client
Use the infrastructure-client configuration interface command to configure a virtual interface for a workgroup bridge client. Use the no form of the command to disable the workgroup bridge client virtual interface.
[no] infrastructure-client
Syntax Description
This command has no arguments or keywords.
Defaults
The default is infrastructure client disabled.
Command Modes
Configuration interface
Command History
Usage Guidelines
Enable the infrastructure client feature to increase the reliability of multicast messages to workgroup bridges. When enabled, the access point sends directed packets containing the multicasts, which are retried if necessary, to the associated workgroup bridge. Enable only when necessary because it can greatly increase the load on the radio cell.
Examples
This example shows how to configure a virtual interface for a workgroup bridge client.
AP(config-if)# infrastructure-clientThis example shows how to specify that a workgroup bridge client virtual interface is not supported.
AP(config-if)# no infrastructure-clientRelated Commands
show running-config
Displays information on the current running access point configuration
infrastructure-ssid (SSID configuration mode)
Use the infrastructure-ssid command in SSID configuration mode to reserve this SSID for infrastructure associations, such as those from one access point or bridge to another. Use the no form of the command to revert to a normal non-infrastructure SSID.
[ no ] infrastructure-ssid [ optional ]
Syntax Description
optional
Specifies that both infrastructure and mobile client devices are allowed to associate using the SSID
Defaults
This command has no defaults.
Command Modes
SSID configuration interface
Command History
Usage Guidelines
This command controls the SSID that access points and bridges use when associating with one another. A root access point only allows a repeater access point to associate using the infrastructure SSID, and a root bridge only allows a non-root bridge to associate using the infrastructure SSID. Repeater access points and non-root bridges use this SSID to associate with root devices. Configure authentication types and VLANs for an SSID to control the security of access points and bridges.
Examples
This example shows how to reserve the specified SSID for infrastructure associations on the wireless LAN:
AP(config-if-ssid)# infrastructure-ssidThis example shows how to restore the SSID to non-infrastructure associations:
AP(config-if-ssid)# no infrastructure-ssidRelated Commands
interface dot11radio
Use the interface dot11radio global configuration command to place access point into the radio configuration mode.
interface dot11radio interface-number
Syntax Description
interface-number
Specifies the radio interface number (The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.)
Defaults
The default radio interface number is 0.
Command Modes
Global configuration
Command History
Examples
This example shows how to place the access point into the radio configuration mode:
AP# interface dot11radio 0Related Commands
ip proxy-mobile
Use the ip proxy-mobile configuration interface command to enable the access point to participate in proxy Mobile IP operations. Use the no form of this command to disable proxy Mobile IP operations on the access point.
[no] ip proxy-mobile
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Configuration interface
Command History
Examples
This example shows how to enable the proxy Mobile IP interface on the access point.
AP(config-if)# ip proxy-mobileThis example shows how to disable proxy Mobile IP operations on the access point.
AP(config-if)# no ip proxy-mobileRelated Commands
ip proxy-mobile (SSID configuration mode)
Use the ip proxy-mobile SSID configuration mode command to configure the radio interface (for the specified SSID) to support proxy Mobile IP. Use the no form of the command to reset the parameter to the default value.
[no] ip proxy-mobile
Syntax Description
This command has no arguments or keywords.
Defaults
No proxy Mobile IP support is the default setting.
Command Modes
SSID configuration interface
Command History
Examples
This example shows how to enable proxy Mobile IP support on the wireless LAN for the specified SSID:
AP(config-if-ssid)# ip proxy-mobileThis example shows how to disable proxy Mobile IP support:
AP(config-if-ssid)# no ip proxy-mobileRelated Commands
ip proxy-mobile aap
Use the ip proxy-mobile aap global configuration command to specify the IP addresses for the primary and secondary AAPs. Use the no form of this command to clear the primary AAP and secondary AAP addresses.
[no] ip proxy-mobile aap address
[ address2 address3]Syntax Description
address
Specifies the primary AAP IP address
address2
(Optional) Specifies the secondary AAP IP address
address3
(Optional) Specifies a second secondary AAP IP address
Defaults
AAP address information is not defined by default.
Command Modes
Global configuration
Command History
Examples
This example shows how to specify the IP addresses for proxy Mobile IP primary and secondary AAPs:
AP(config)# ip proxy-mobile aap 10.10.9.21 10.10.9.22 10.10.9.23This example shows how to clear out the IP addresses for the proxy Mobile IP AAPs:
AP(config)# no ip proxy-mobile aap
Related CommandsYou can verify your settings by entering the show class-map privileged EXEC command.
Enables and disables proxy Mobile IP and removes the configuration information when disabled
Displays proxy Mobile IP information
ip proxy-mobile enable
Use the ip proxy-mobile enable global configuration command to enable or disable proxy Mobile IP. Use the no form of this command to disable proxy Mobile IP and remove all associated CLIs.
[no] ip proxy-mobile enable
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled by default.
Command Modes
Global configuration
Command History
Examples
This example shows how to enable proxy Mobile IP:
AP(config)# ip proxy-mobile enableThis example shows how to disable proxy Mobile IP and remove all associated CLIs:
AP(config)# no ip proxy-mobile enable
Related CommandsYou can verify your settings by entering the show class-map privileged EXEC command.
ip proxy-mobile pause
Use the ip proxy-mobile pause global configuration command to enable or disable proxy Mobile IP without removing all associated CLIs. Use the no form of this command to re-enable proxy Mobile IP.
[no] ip proxy-mobile pause
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Global configuration
Command History
Examples
This example shows how to disable proxy Mobile IP without removing the configuration:
AP(config)# ip proxy-mobile pauseThis example shows how to re-enable proxy Mobile IP:
AP(config)# no ip proxy-mobile pause
Related CommandsYou can verify your settings by entering the show class-map privileged EXEC command.
ip proxy-mobile secure
Use the ip proxy-mobile secure global configuration command to specify the proxy Mobile IP security association information for a range of IP addresses. Use the no form of this command to reset the parameters to default values.
[no] ip proxy-mobile secure
node address-start address-end
spi spi
key {hex | ascii} stringSyntax Description
Defaults
The default key setting is ASCII.
Command Modes
Global configuration
Command History
Examples
This example shows how to configure proxy Mobile IP security association information for an IP address range of 10.9.1.20 to 10.9.1.60 with an ASCII key of 123456789abcd:
AP(config)# ip proxy-mobile secure 10.9.1.20 10.9.1.60 spi 100 key ascii 123456789abcdThis example shows how to reset the proxy Mobile IP security association information to defaults:
AP(config)# no ip proxy-mobile secure
Related Commands
Enables and disables proxy Mobile IP and removes the configuration information when disabled
Displays proxy Mobile IP information
ip proxy-mobile tunnel
Use the ip proxy-mobile tunnel global configuration command to request the encapsulation type in all mobile node registration requests. You can request GRE or reverse tunnel encapsulation. Specify the proxy Mobile IP security association information for a range of IP addresses. Use the no form of this command to reset the parameters to default values.
[no] ip proxy-mobile tunnel
{ gre
reverse }Syntax Description
Defaults
The tunnel feature is disabled by default. The access point uses IPinIP encapsulation by default.
Command Modes
Global configuration
Command History
Examples
This example shows how to configure the access point to request GRE encapsulation in all mobile node registration requests:
AP(config)# ip proxy-mobile tunnel greRelated Commands
Enables and disables proxy Mobile IP and removes the configuration information when disabled
Displays proxy Mobile IP information
l2-filter bridge-group-acl
Use the l2-filter bridge-group-acl configuration interface command to apply a Layer 2 ACL filter to the bridge group incoming and outgoing packets between the access point and the host (upper layer). Use the no form of the command to disable the Layer 2 ACL filter
[no] l2-filter bridge-group-acl
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Configuration interface
Command History
Examples
This example shows how to apply a Layer 2 ACL filter to the bridge group packets:
AP(config-if)# l2-filter bridge-group-aclThis example shows how to activate a Layer 2 ACL filter:AP(config-if)# no l2-filter bridge-group-aclRelated Commands
led flash
Use the led flash privileged EXEC command to start or stop the blinking of the LED indicators on the access point for a specified number of seconds. Without arguments, this command blinks the LEDs continuously.
led flash [seconds | disable]
Syntax Description
seconds
Specifies the number of seconds (1 to 3600) that the LEDs blink
disable
Stops the blinking of the LEDs
Defaults
The default is continuous blinking of the LEDs.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to blink the access point LEDs for 30 seconds:
AP# led flash 30This example shows how to stop the blinking of the access point LEDs:AP# led flash disableRelated Commands
logging buffered
Use the logging buffered global configuration command to begin logging of messages to an internal buffer. Use the no form of this command to stop logging messages.
[no] logging buffered [size] [severity]
Syntax Description
Defaults
This command has no defaults.
Command Modes
Global configuration
Command History
Examples
This example shows how to begin logging severity 3 messages to an internal 5000-byte buffer:
AP(config)# logging buffered 5000 3This example shows how to stop the message logging:
AP(config)# no logging buffered
Related Commands
show logging
Displays recent logging event headers or complete events
clear logging
Clears logging status count and the trace buffer
match (class-map configuration)
Use the match class-map configuration command to define the match criteria to classify traffic. Use the no form of this command to remove the match criteria.
[no] match {access-group acl-index-or-name |
ip [dscp dscp-list | precedence precedence-list] |
vlan vlan-id}Syntax Description
Note
Defaults
This command has no defaults.
Command Modes
Class-map configuration
Command History
Usage Guidelines
Use the class-map global configuration command to enter the class-map configuration mode. The match command in the class-map configuration mode is used to specify which fields in the incoming packets are examined to classify the packets. Only the IP access group or the MAC access group matching to the Ether Type/Len are supported.
You can use the match ip dscp dscp-list command only in a policy map that is attached to an egress interface.
Only one match command per class map is supported.
For the match ip dscp dscp-list or the match ip precedence ip-precedence-list command, you can enter a mnemonic name for a commonly used value. For example, you can enter the match ip dscp af11 command, which is the same as entering the match ip dscp 10 command. You can enter the match ip precedence critical command, which is the same as entering the match ip precedence 5 command. For a list of supported mnemonics, enter the match ip dscp ? or the match ip precedence ? command to see the command-line help strings.
Examples
This example shows how to create a class map called class2, which matches all the incoming traffic with DSCP values of 10, 11, and 12:
AP(config)# class-map class2AP(config-cmap)# match ip dscp 10 11 12AP(config-cmap)# exitThis example shows how to create a class map called class3, which matches all the incoming traffic with IP-precedence values of 5, 6, and 7:
AP(config)# class-map class3AP(config-cmap)# match ip precedence 5 6 7AP(config-cmap)# exitThis example shows how to delete the IP-precedence match criteria and to classify traffic by vlan:
AP(config)# class-map class2AP(config-cmap)# match ip precedence 5 6 7AP(config-cmap)# no match ip precedenceAP(config-cmap)# match vlan 2AP(config-cmap)# exitYou can verify your settings by entering the show class-map privileged EXEC command.
Related Commands
Creates a class map to be used for matching packets to the class whose name you specify
show class-map
Displays quality of service (QoS) class maps
max-associations (SSID configuration mode)
Use the max-associations SSID configuration mode command to configure the maximun number of associations supported by the radio interface (for the specified SSID). Use the no form of the command to reset the parameter to the default value.
[no] max-associations value
Syntax Description
Defaults
This default maximum is 255.
Command Modes
SSID configuration interface
Command History
Examples
This example shows how to set the maximum number of associations to 5 on the wireless LAN for the specified SSID:
AP(config-if-ssid)# max-associations 5This example shows how to reset the maximum number of associations to the default value:
AP(config-if-ssid)# no max-associationsRelated Commands
nas (local server configuration mode)
Use the nas local server configuration mode command to add an access point to the list of devices that use the local authenticator.
nas ip-address key shared-key
Syntax Description
Defaults
This command has no defaults.
Command Modes
Local server configuration mode
Command History
Examples
This example shows how to add an access point to the list of NAS access points on the local authenticator:
AP(config-radsrv)# nas 10.91.6.158 key 110337Related Commands
packet retries
Use the packet retries configuration interface command to specify the maximum number of attempts to send a packet. Use the no form of the command to reset the parameter to defaults.
[no] packet retries 1-128
Syntax Description
Defaults
The default number of retries is 32.
Command Modes
Configuration interface
Command History
Examples
This example shows how to specify 15 as the maximum number of retries.
AP(config-if)# packet retries 15This example shows how reset the packet retries to defaults.
AP(config-if)# no packet retriesRelated Commands
parent
Use the parent configuration interface command to add a parent to a list of valid parent access points. Use the no form of the command to remove a parent from the list.
[no] parent 1-4 mac-address
Syntax Description
1-4
Specifies the parent root access point number (1 to 4)
mac-address
Specifies the MAC address (in xxxx.xxxx.xxxx format) of a parent access point
Defaults
Repeater access point operation is disabled by default.
Command Modes
Configuration interface
Command History
Usage Guidelines
The parent command adds a parent to the list of valid parent access points. Use this command multiple times to define up to four valid parents. A repeater access point operates best when configured to associate with specific root access points that are connected to the wired LAN.
Examples
This example shows how to set up repeater operation with the parent 1 access point:
AP(config-if)# parent 1 0040.9631.81cfThis example shows how to set up repeater operation with the parent 2 access point:
AP(config-if)# parent 2 0040.9631.81daThis example shows how to remove a parent from the parent list:
AP(config-if)# no parentRelated Commands
parent timeout
Use the parent timeout configuration interface command to define the amount of time that a repeater tries to associate with a parent access point. Use the no form of the command to disable the timeout.
[no] parent timeout sec
Syntax Description
sec
Specifies the amount of time the access point attempts to associate with the specified parent access point (0 to 65535 seconds)
Defaults
Parent timeout is disabled by default.
Command Modes
Configuration interface
Command History
Usage Guidelines
The parent timeout defines how long the access point attempts to associate with a parent in the parent list. After the timeout, another acceptable parent is used. You set up the parent list using the parent command. With the timeout disabled, the parent must come from the parent list.
Examples
This example shows how to set up repeater operation with the parent 1 access point with a timeout of 60 seconds:
AP(config-if)# parent timeout 60This example shows how to disable repeater operation:
AP(config-if)# no parentRelated Commands
payload-encapsulation
Use the payload-encapsulation configuration interface command to specify the Ethernet encapsulation type used to format Ethernet data packets that are not formatted using IEEE 802.3 headers. Data packets that are not IEEE 802.3 packets must be reformatted using IEEE 802.1H or RFC1042. Use the no form of the command to reset the parameter to defaults.
[no] payload-encapsulation
{snap | dot1h}Syntax Description
snap
(Optional) Specifies the RFC1042 encapsulation
dot1h
(Optional) Specifies the IEEE 802.1H encapsulation
Defaults
The default payload encapsulation is snap.
Command Modes
Configuration interface
Command History
Examples
This example shows how to specify the use of IEEE 802.1H encapsulation:
AP(config-if)# payload-encapsulation dot1hThis example shows how to reset the parameter to defaults:
AP(config-if)# no payload-encapsulationRelated Commands
power client
Use the power client configuration interface command to configure the maximum power level clients should use for IEEE 802.11b radio transmissions to the access point. The power setting is transmitted to the client device during association with the access point. Use the no form of the command to not specify a power level.
2.4-GHz Radio (802.11b)
[no] power client
{1 | 5 | 20 | 30 | 50 | 100} | maximum2.4-GHz Radio (802.11g)
[no] power client
{1 | 5 | 10 | 20 | 30 | 50 | 100} | maximum5-GHz Radio (dot11radio1)
[no] power client
{5 | 10 | 20 | 40} | maximum
Note
Syntax Description
For the 802.11b, 2.4-GHz radio:
1, 5, 20, 30, 50, 100, maximumFor the 802.11g, 2.4-GHz radio:
1, 5, 10, 20, 30, 50, 100, maximumFor the 5-GHz radio:
5, 10, 20, 40, maximumSpecifies a specific power level in mW. Maximum power is regulated by the regulatory agency in the country of operation and is set during manufacture of the access point and client device.
For a list of maximum power levels allowed in each regulatory domain for the 2.4-GHz radio, see Table 2-7. For a list of maximum power levels allowed in each regulatory domain for the 5-GHz radio, see Table 2-8.
Note
Note
Defaults
The default is no power level specification during association with the client.
Command Modes
Configuration interface
Command History
Usage Guidelines
Use this command to specify the desired transmitter power level for clients. Lower power levels reduce the radio cell size and interference between cells. The client software chooses the actual transmit power level, choosing between the lower of the access point value and the locally configured value. The maximum transmit power is limited according to regulatory region.
Examples
This example shows how to specify a 20-mW power level for client devices associated to the access point radio:
AP(config-if)# power client 20This example shows how to disable power level requests:
AP(config-if)# no power clientRelated Commands
power local
Use the power local configuration interface command to configure the access point radio power level. Use the no form of the command to reset the parameter to defaults. On the 2.4-GHz, 802.11g radio, you can set Orthogonal Frequency Division Multiplexing (OFDM) power levels and Complementary Code Keying (CCK) power levels. CCK modulation is supported by 802.11b and 802.11g devices. OFDM modulation is supported by 802.11g and 802.11a devices.
2.4-GHz Access Point Radio (802.11b)
[no] power local {1 | 5 | 20 | 30 | 50 | 100 | maximum}
2.4-GHz Access Point Radio (802.11g)
[no] power local cck {1 | 5 | 10 | 20 | 30 | 50 | 100 | maximum}
[no] power local ofdm {1 | 5 | 10 | 20 | 30 | maximum}
5-GHz Access Point Radio
[no] power local {5 | 10 | 20 | 40 | maximum}
5.8-GHz Bridge Radio
[no] power local {12 | 15 | 18 | 21 | 22 | 23 | 24 | maximum}
Syntax Description
For the 802.11b, 2.4-GHz access point radio:
1, 5, 20, 30, 50, 100, or maximumFor the 802.11g, 2.4-GHz access point radio:
1, 5, 10, 20, 30, 50, 100, or maximumFor the 5-GHz access point radio:
5, 10, 20, 40, or maximumFor the 5.8-GHz bridge radio:
12, 15, 18, 21, 22, 23, 24, or maximumSpecifies access point power setting in mW. Maximum power is regulated by the regulatory agency in the country of operation and is set during manufacture of the access point. For a list of maximum power levels allowed in each regulatory domain for the 2.4-GHz access point radio, see Table 2-7. For a list of maximum power levels allowed in each regulatory domain for the 5-GHz access point radio, see Table 2-8.
Specifies bridge power setting in dBm. Maximum power is regulated by the regulatory agency in the country of operation and is set during manufacture of the bridge. For a list of maximum power levels allowed in each regulatory domain for the 5.8-GHz bridge radio, see Table 2-9.
Note
Table 2-9 Maximum Power Levels and Antenna Gains
Omnidirectional
Antenna
Antenna
Antenna
Dish
AntennaAmericas (-A)
P2P1
24 dBm
24 dBm
24 dBm
22 dBm
P2MP2
24 dBm
24 dBm
-
1 Point to point.
2 Point to multipoint.
3 A maximum of 13 dBm is allowed, but that setting is not supported by the bridge.
4 On point-to-multipoint links, the remote bridges communicating with the central bridge are allowed to use a maximum power setting of 24 dBm. The central bridge is limited to a maximum power setting of 12 dBm.
Defaults
The default local power level is maximum.
Command Modes
Configuration interface
Command History
Usage Guidelines
Use this command to specify the local transmit power level. Lower power levels reduce the radio cell size and interference between cells. The maximum transmit power is limited by region.
Examples
This example shows how to specify a 20-mW transmit power level for one of the the access point radios:
AP(config-if)# power local 20This example shows how to reset power to defaults on one of the access point radios:
AP(config-if)# no power localRelated Commands
preamble-short
Use the preamble-short configuration interface command to enable short radio preambles. The radio preamble is a selection of data at the head of a packet that contains information that the access point and client devices need when sending and receiving packets. Use the no form of the command to change back to default values.
[no] preamble-short
Note
Syntax Description
This command has no arguments or keywords.
Defaults
The default is short radio preamble.
Command Modes
Configuration interface
Command History
Usage Guidelines
If short radio preambles are enabled, clients may request either short or long preambles and the access point formats packets accordingly. Otherwise, clients are told to use long preambles.
Examples
This example shows how to set the radio packet to use a short preamble.
AP(config-if)# preamble-shortThis example shows how to set the radio packet to use a long preamble.
AP(config-if)# no preamble-shortRelated Commands
radius-server local
Use the radius-server local global configuration command to enable the access point as a local or backup authenticator and to enter configuration mode for the local authenticator.
radius-server local
Note
Defaults
This command has no defaults.
Command Modes
Global configuration
Command History
Examples
This example shows how to enable the access point as a local or backup authenticator:
AP(config)# radius-server localRelated Commands
rts
Use the rts configuration interface command to set the Request-To-Send (RTS) threshold and the number of retries. Use the no form of the command to reset the parameter to defaults.
Access Points
[no] rts
{threshold 0-2347 | retries 1-128}Bridges
[no] rts
{threshold 0-4000 | retries 1-128}Syntax Description
Defaults
The default threshold is 2330 bytes on access points and 4000 bytes on bridges.
The default number of retries is 32.
Command Modes
Configuration interface
Command History
12.2(4)JA
This command was introduced.
12.2(11)JA
This command was modified to support bridges.
Usage Guidelines
On bridges set up in a point-to-point configuration, set the RTS threshold to 4000 on both the root and non-root bridges. If you have multiple bridges set up in a point-to-multipoint configuration, set the RTS threshold to 4000 on the root bridge and to 0 on the non-root bridges.
Examples
This example shows how to set the RTS threshold on a bridge to 4000 bytes:
bridge(config-if)# rts threshold 4000This example shows how to set the RTS retries count to 3:
AP(config-if)# rts retries 3This example shows how to reset the parameter to defaults:
AP(config-if)# no rtsshow controllers dot11radio
Use the show controllers dot11radio privileged EXEC command to display the radio controller status.
show controllers dot11radio interface-number
Syntax Description
interface-number
Specifies the radio interface number. The 2.4-GHz radio is radio 0. The 5-GHz radio is radio 1.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display the radio controller status for radio interface 0:
AP# show controllers dot11radio 0Related Commands
show dot11 adjacent-ap
Use the show dot11 adjacent-ap privileged EXEC command to display the fast, secure roaming list of access points that are adjacent to this access point. The WDS access point builds the adjacent access point list based on data from client devices that support fast, secure roaming. This command works only when you configure your wireless LAN for fast, secure roaming and there are client devices on your wireless LAN that support fast, secure roaming.
show dot11 adjacent-ap
Note
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display the adjacent access point list:
AP# show dot11 adjacent-apThis example shows a list of adjacent access points:
Radio Address Channel Age(Hours) SSID-------- ----------------------- ------------ ---------------- ----------0 0007.50d5.8759 1 1 tsunamiThese are descriptions of the list columns:
•
•
•
•
•
Related Commands
Specifies the number of hours an inactive entry remains in the adjacent access point list
show dot11 associations
Use the show dot11 associations privileged EXEC command to display the radio association table, radio association statistics, or to selectively display association information about all repeaters, all clients, a specific client, or basic service clients.
show dot11 associations
[client | repeater | statistics | H.H.H | bss-only | all-client]Syntax Description
Defaults
When parameters are not specified, this command displays the complete radio association table.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display the radio association table:
AP# show dot11 associationsThis example shows how to display all client devices associated with the access point:
AP# show dot11 associations clientThis example shows how to display access point radio statistics:
AP# show dot11 associations statisticsRelated Commands
show dot11 carrier busy
Use the show dot11 carrier busy privileged EXEC command to display recent carrier busy test results. You can display test results once using this command. After the display, you must use the dot11 carrier busy command to run the carrier busy test again.
show dot11 carrier busy
Syntax Description
This command has no arguments or keywords.
DefaultsDefaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display the carrier busy test results:
AP# show dot11 carrier busyThis example shows the carrier busy test results:
Frequency Carrier Busy %--------- --------------5180 05200 25220 275240 55260 15280 05300 35320 2Related Commands
show dot11 network-map
Use the show dot11 network-map privileged EXEC command to display the radio network map. The radio network map contains information from Cisco access points in the same Layer 2 domain as this access point.
show dot11network-map
Syntax Description
This command has no arguments or keywords.
DefaultsDefaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
This command displays network map information only if you first enable the network map feature with the dot11 network map command.
Examples
This example shows how to display the radio network map:
AP# show dot11 network-mapRelated Commands
show dot11 statistics client-traffic
Use the show dot 11 statistics client-traffic privileged EXEC command to display the radio client traffic statistics.
show dot11 statistics client-traffic
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display the radio client traffic statistics:
AP# show dot11 statistics client-trafficRelated Commands
Deauthenticates a client with a specified MAC address
Resets the statistics for a specified radio interface or client device
show environment
Use the show environment EXEC command to display information about the temperature of the bridge radio.
show environment
Note
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
EXEC
Command History
Examples
This example shows how to display temperature information for the bridge radio:
bridge# show environmentEnvironmental StatisticsEnvironmental status as of 00:10:45 UTC Thu Mar 27 2003Data is 3 second(s) old, refresh in 57 second(s)Dot11Radio0 temperature measured at 37(C)Related Commands
show iapp rogue-ap-list
Use the show iapp rogue-ap-list privileged EXEC command to display a list of rogue access points.
show iapp rogue-ap-list
Note
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The list contains an entry for each access point that a client station reported as a possible rogue access point. Each list entry contains the following information:
Rogue AP—MAC address of the reported rogue access point
Count—The number of times the access point was reported
Last Rpt Src—The MAC address of the last client to report the rogue access point
R—The last reason code
Prev Rpt Src—The MAC address of any previous client that reported the rogue access point
R—The previous reason code
Last(Min)—The number of minutes since the last report
1st(Min)—The number of minutes since the access point was first reported as a possible rogue
Name—The name of a Cisco rogue access point
The following reason codes are displayed:
1—The rogue was not running 802.1x
2—Authentication with the rogue timed out
3—Bad user password
4—Authentication challenge failed
Examples
This example shows how to display the list of IAPP rogue access points:
AP# show iapp rogue-ap-listRelated Commands
show iapp standby-parms
Use the show iapp standby-parms privileged EXEC command to display IAPP standby parameters when a standby MAC address is configured. The information displayed includes the standby MAC address, the time-out value, and the poll-frequency value.
show iapp standby-parms
Note
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display the IAPP standby parameters:
AP# show iapp standby-parmsRelated Commands
show iapp statistics
Use the show iapp statistics privileged EXEC command to display the IAPP transmit and receive statistics.
show iapp statistics
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
This command displays IAPP transmit and receive packet counts and IAPP error counts. The operating mode for the access point is also displayed.
Examples
This example shows how to display the IAPP statistics:
AP# show iapp statisticsRelated Commands
show interfaces dot11radio
Use the show interfaces dot11radio privileged EXEC command to display the radio interface configuration and statistics.
show interfaces dot11radio interface-number
Syntax Description
interface-number
Specifies the radio interface number. The 2.4-GHz radio is radio 0. The 5-GHz radio is radio 1.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display the radio interface configuration and statistics:
AP# show interfaces dot11radio 0Related Commands
Configures a specified radio interface
show running-config
Displays the access point run time configuration information
show interfaces dot11radio aaa
Use the show interfaces dot11radio aaa privileged EXEC command to display the radio interface information.
show interfaces dot11radio interface-number
aaa [timeout]Syntax Description
interface-number
Specifies the radio interface number. The 2.4-GHz radio is radio 0. The 5-GHz radio is radio 1.
timeout
Displays the AAA timeout value
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display AAA information for interface 0:
AP# show interfaces dot11radio 0 aaaRelated Commands
show interfaces dot11radio statistics
Use the show interfaces dot11radio statistics privileged EXEC command to display the radio interface statistics.
show interfaces dot11radio interface-number statistics
Syntax Description
interface-number
Specifies the radio interface number. The 2.4-GHz radio is radio 0. The 5-GHz radio is radio 1.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display the radio interface statistics for interface 0:
AP# show interfaces dot11radio 0 statisticsRelated Commands
show ip proxy-mobile
Use the show ip proxy-mobile privileged EXEC command to display information about proxy Mobile IP functionality.
show ip proxy-mobile
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display information about proxy Mobile IP functionality:
AP# show ip proxy-mobileThis example shows output from the command:
WLAN Proxy Mobile IP : EnabledInterfaces : BVI1 FastEthernet0 Dot11Radio0Supported SSIDs on Dot11Radio0: mip-testIP address 10.5.1.5, Mask 255.255.255.0, MAC 000b.5f18.109e, Gateway 10.5.1.1Active Home Agent 10.5.1.1Active Foreign Agent 10.5.1.1, with COA 10.5.1.1AP is an Authoritative APAAP : 10.5.1.5 10.4.1.4Tunnel parameters:GREReverse tunnel (enabled on AP, not on FA)WLAN Proxy Mobile IP traffic:Time since last cleared: 00:01:31Foreign MN: 0, doing proxy MIP 0Advertisements:Solicitations sent 2Advertisements received 16Home Agent Registrations:Register 0, Deregister 0 requests sentRegister 0, Deregister 0 replies receivedAccepted 0Denied 0, By HA 0 , By FA 0Authentication failed MN - HA 0, FA 0Gratuitous ARPs sent 0Related Commands
show ip proxy-mobile aaa requests
Use the show ip proxy-mobile aaa requests privileged EXEC command to display information about mobile nodes that have pending proxy Mobile IP AAA requests.
show ip proxy-mobile aaa requests
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display information about mobile nodes that have pending proxy Mobile IP AAA requests:
AP# show ip proxy-mobile aaa requestsRelated Commands
Enables proxy Mobile IP on the access point
Displays information about proxy Mobile IP
Displays proxy Mobile IP statistics, the subnet map table, and all the security associations
show ip proxy-mobile agent
Use the show ip proxy-mobile agent privileged EXEC command to display information about the proxy Mobile IP agents discovered by the access point.
show ip proxy-mobile agent
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display all proxy Mobile IP agents discovered by the access point:
AP# show ip proxy-mobile agentThis example shows sample output from the command:
Agent 10.4.1.1:Type Home ForeignCare-of address 10.4.1.1Interface FastEthernet0, MAC 0003.e4d0.2470Agent advertisement seq 54907, Flags rbHFmGvt, Lifetime 36000IRDP advertisement lifetime 180, Remaining 176Last received 07/25/03 21:24:15First heard 07/25/03 21:21:15Related Commands
Enables proxy Mobile IP on the access point
Displays proxy Mobile IP statistics, the subnet map table, and all the security associations
show ip proxy-mobile detail
Use the show ip proxy-mobile detail privileged EXEC command to display proxy Mobile IP statistics, the subnet map, and all security associations.
show ip proxy-mobile detail
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display the proxy Mobile IP statistics, the subnet map, and all security associations:
AP# show ip proxy-mobile detailThis example shows sample output from the command:
WLAN Proxy Mobile IP traffic:Time since last cleared: 00:18:29Foreign MN: 2, doing proxy MIP 1Advertisements:Solicitations sent 1Advertisements received 167Home Agent Registrations:Register 1, Deregister 0 requests sentRegister 1, Deregister 0 replies receivedAccepted 1Denied 0, By HA 0 , By FA 0Authentication failed MN - HA 0, FA 0Gratuitous ARPs sent 0Following host has a pending request sent to AAA:[none]Security Associations (algorithm,mode,replay protection,key):10.4.1.7 - 10.4.1.19 :SPI 100, MD5, Prefix-suffix, Timestamp +/- 7,Key 12345678901234567890123456789012Subnet Map Information:Home agent Mask10.4.1.1 255.255.255.010.5.1.1 255.255.255.0AP List:AP HA PrefixRelated Commands
Enables proxy Mobile IP on the access point
Displays information about proxy Mobile IP
show ip proxy-mobile node
Use the show ip proxy-mobile node privileged EXEC command to display security information about a specific proxy Mobile IP node or all proxy Mobile IP nodes on the access point.
show ip proxy-mobile node [address-start]
Syntax Description
Defaults
Displays all proxy Mobile IP nodes on the access point when an IP address is not specified.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display information about all proxy Mobile IP nodes on the access point:
AP# show ip proxy-mobile nodesThis example shows sample output from the command:
Security Associations (algorithm, mode, replay protection, key):10.4.1.7 - 10.4.1.19 :SPI 100, MD5, Prefix-suffix, Timestamp +/- 7,KeyRelated Commands
Enables proxy Mobile IP on the access point
Displays information about proxy Mobile IP
Displays proxy Mobile IP statistics, the subnet map table, and all the security associations
show ip proxy-mobile registration
Use the show ip proxy-mobile registration privileged EXEC command to display pending or accepted proxy Mobile IP registrations. The command also shows registration parameters in the configuration.
show ip proxy-mobile registration
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display pending or accepted proxy Mobile IP registrations:
AP# show ip proxy-mobile registrationsThis example shows sample output from the command:
WLAN Proxy Mobile Registrations:WLAN Proxy Mobile Registrations Config:Initial Retransmit 1000, Max restransmit 5000, Retry 3Lifetime 65534, Extend Expire 120, Extend Retry 3, Extend Interval 10Related Commands
Enables proxy Mobile IP on the access point
Displays information about proxy Mobile IP
Displays proxy Mobile IP statistics, the subnet map table, and all the security associations
show ip proxy-mobile subnet-map
Use the show ip proxy-mobile subnet-map privileged EXEC command to display the proxy Mobile IP subnet map table.
show ip proxy-mobile subnet-map
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display the proxy Mobile IP subnet map table:
AP# show ip proxy-mobile subnet-mapThis example shows sample output from the command:
Subnet Map Information:Home agent Mask10.4.1.1 255.255.255.0Related Commands
show ip proxy-mobile traffic
Use the show ip proxy-mobile traffic privileged EXEC command to display all the statistics related to proxy Mobile IP.
show ip proxy-mobile traffic
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display all the proxy Mobile IP statistics:
AP# show ip proxy-mobile trafficThis example shows sample output from the command:
WLAN Proxy Mobile IP traffic:Time since last cleared: 00:05:19Foreign MN: 0, doing proxy MIP 0Advertisements:Solicitations sent 1Advertisements received 7Home Agent Registrations:Register 0, Deregister 0 requests sentRegister 0, Deregister 0 replies receivedAccepted 0Denied 0, By HA 0 , By FA 0Authentication failed MN - HA 0, FA 0Gratuitous ARPs sent 0Related Commands
Enables proxy Mobile IP on the access point
Displays information about proxy Mobile IP
show ip proxy-mobile visitor
Use the show ip proxy-mobile visitor privileged EXEC command to display the visiting proxy Mobile IP nodes.
show ip proxy-mobile visitor [ detail ]
Syntax Description
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
12.2(4)JA
This command was introduced.
12.2(13)JA
This command was modified to include the detail option.
Examples
This example shows how to display about visiting proxy Mobile IP nodes:
AP# show ip proxy-mobile visitor detailThis example shows sample output from the command:
MAC Addr IP Addr Status0040.9635.c779 10.4.1.10 PMIP CompletedFlags: GRERelated Commands
Enables proxy Mobile IP on the access point
Displays information about proxy Mobile IP
Displays proxy Mobile IP statistics, the subnet map table, and all the security associations
show led flash
Use the show led flash privileged EXEC command to display the LED flashing status.
show led flash
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display the LED flashing status:
AP# show led flashRelated Commands
show power-injector
Use the show power-injector privileged EXEC command to display statistics related to the bridge power injector. Statistics include traffic counts and status for each port on the bridge power injector.
show power-injector
Note
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display bridge power injector statistics:
bridge# show power-injectorshow radius local-server statistics
Use the show radius local-server statistics privileged EXEC command to view statistics collected by the local authenticator.
show radius local-server statistics
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display statistics from the local authenticator:
ap# show radius local-server statisticsThis example shows local server statistics:
ap# show radius local-server statisticsSuccesses : 0 Unknown usernames : 0Client blocks : 0 Invalid passwords : 0Unknown NAS : 0 Invalid packet from NAS: 0NAS : 10.91.6.158Successes : 0 Unknown usernames : 0Client blocks : 0 Invalid passwords : 0Corrupted packet : 0 Unknown RADIUS message : 0No username attribute : 0 Missing auth attribute : 0Shared key mismatch : 0 Invalid state attribute: 0Unknown EAP message : 0 Unknown EAP auth type : 0Username Successes Failures Blocksjanee 0 0 0jazke 0 0 0jsmith 0 0 0Related Commands
show spanning-tree
Use the show spanning-tree privileged EXEC command to display information about the spanning tree topology.
show spanning-tree
{ group | active | blockedports | bridge | brief | inconsistentports | interface interface | root | summary }Syntax Description
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display STP information for bridge group 1:
bridge# show spanning-tree 1This example shows how to display STP information for the bridge's radio interface:
bridge# show spanning-tree interface dot11radio0Related Commands
show wlccp
Use the show wlccp privileged EXEC command to display information on devices participating in Cisco Centralized Key Management (CCKM).
show wlccp
ap [ rm [ context | accumulation ] ] |
wds [ ap | mn [ detail | mac-address ] ] |
wnm status
Note
Syntax Description
Defaults
This command has no defaults.
Command Modes
Privileged EXEC
Command History
12.2(11)JA
This command was introduced.
12.2(13)JA
This command was modified to include radio measurement options.
Examples
This example shows the command you enter on the access point providing WDS to list all client devices (mobile nodes) participating in CCKM:
AP# show wlccp wds mnRelated Commands
Configures an access point as a candidate to provide wireless domain services (WDS)
slot-time-short
Use the slot-time-short configuration interface command to enable short slot time on the 802.11g, 2.4-GHz radio. Short slot time reduces the slot time from 20 microseconds to 9 microseconds, thereby increasing throughput. The access point uses short slot time only when all clients that are associated to the 802.11g radio can support short slot time.
slot-time-short
Note
Syntax Description
This command has no arguments or keywords.
Defaults
Short slot time is disabled by default.
Command Modes
Configuration interface
Command History
Examples
This example shows how to enable short slot time:
AP(config-if)# slot-time-shortRelated Commands
Configures an access point as a candidate to provide wireless domain services (WDS)
snmp-server enable traps envmon temperature
Use the snmp-server enable traps envmon temperature global configuration command to enable an SNMP trap for monitoring bridge radio temperature. This trap is sent out when the bridge radio temperature approaches the limits of its operating range (55° C to -33° C; 131° F to -27.4° F).
snmp-server enable traps envmon temperature
Note
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Global configuration
Command History
Examples
This example shows how to enable the envmon temperature trap:
bridge# snmp-server enable traps envmon temperatureRelated Commands
snmp-server location
Use the snmp-server location global configuration command to specify the SNMP system location and the location-name attribute recommended by the Wi-Fi Alliance's guidelines for Wireless Internet Service Provider roaming (WISPr).
snmp-server location location
Syntax Description
Defaults
This command has no defaults.
Command Modes
Global configuration
Command History
Examples
The WISPr Best Current Practices for Wireless Internet Service Provider (WISP) Roaming document recommends that you enter the location name in this format:
hotspot_operator_name,location
This example shows how to configure the SNMP system location and the WISPr location-name attribute:
ap# snmp-server location ACMEWISP,Gate_14_Terminal_C_of_Newark_AirportRelated Commands
Specifies ISO and ITU country and area codes that the access point includes in accounting and authentication requests
speed
Use the speed configuration interface command to configure the data rates supported by the access point radios. An individual data rate can be set only to a basic or a non-basic setting, not both.
2.4-GHz Access Point Radio (802.11b)
speed
{ [1.0] [2.0] [5.5] [11.0 ]
[basic-1.0] [basic-2.0] [basic-5.5] [basic-11.0] |
range |
throughput }2.4-GHz Access Point Radio (802.11g)
speed
{ [1.0] [2.0] [5.5] [6.0] [9.0] [11.0 ] [12.0] [18.0] [24.0] [36.0] [48.0] [54.0]
[basic-1.0] [basic-2.0] [basic-5.5] [basic-6.0] [basic-9.0] [basic-11.0 ] [basic-12.0] [basic-18.0] [basic-24.0] [basic-36.0] [basic-48.0] [basic-54.0] |
range |
throughput }
Note
5-GHz Access Point and Bridge Radios
speed
{ [6.0] [9.0] [12.0] [18.0 ] [24.0] [36.0] [48.0] [54.0 ]
[basic-6.0] [basic-9.0] [basic-12.0] [basic-18.0] [basic-24.0] [basic-36.0] [basic-48.0] [basic-54.0] |
range |
throughput |
default }Syntax Description
Defaults
On the 802.11b, 2.4-GHz radio, all data rates are set to basic by default.
On the 802.11g, 2.4-GHz radio, data rates 1.0, 2.0, 5.5, 6.0, 11.0, 12.0, and 24.0 are set to basic by default, and the other data rates are supported.
On the 5-GHz radio, data rates 6.0, 12.0 and 24.0 are set to basic by default, and the other data rates are supported.
Command Modes
Configuration interface
Command History
Examples
This example shows how to set the radio data rates for best throughput:
AP(config-if)# speed throughputThis example shows how to set the radio data rates support a low-speed client device while still supporting higher-speed client devices:
AP(config-if)# speed basic-1.0 2.0 5.5 11.0Related Commands
ssid
Use the ssid configuration interface command to specify the radio service set identifier (SSID) and to enter into the SSID configuration mode. Use the no form of the command to remove an SSID.
[no] ssid ssid-string
Syntax Description
ssid-string
Specifies the SSID name for the radio, expressed as a case-sensitive alphanumeric stirng from 1 to 32 characters.
Defaults
On access points, the factory default SSID is tsunami. On bridges, the default SSID is autoinstall.
Command Modes
Configuration interface
Command History
Usage Guidelines
Use this command to specify a unique SSID for your wireless network. Several access points on a network, or subnetwork, can share a SSID. The no form of the command removes the SSID, which inhibits clients that use that SSID from associating with the access point.
Examples
This example shows how to set the radio SSID to Ivory-AP25:
AP(config-if)# ssid Ivory-AP25This example shows how to remove the SSID named Ivory-AP25 and all its configuration settings:
AP(config-if)# no ssid Ivory-AP25Related Commands
station-role
Use the station-role configuration interface command to set the role of the radio interface. Use the no form of the command to reset the parameter to the default value.
Access Points
station-role
{repeater | root [fallback {shutdown | repeater]}}Bridges
station-role
{ install | root | non-root }Syntax Description
Defaults
Access points operate as root access points by default. When set to defaults, bridges start up in install mode and adopt the root role if they do not associate to another bridge. If a bridge associates to another bridge at start-up, it automatically adopts the non-root role.
Command Modes
Configuration interface
Command History
12.2(4)JA
This command was introduced.
12.2(11)JA
This command was modified to support 5-GHz bridges.
Examples
This example shows how to configure the access point for root operation and shutdown when Ethernet is not functional:
AP(config-if)# station-role root fallback shutdownThis example shows how to configure the access point for repeater operation:
AP(config-if)# station-role repeaterThis example shows how to reset the access point to root operation:
AP(config-if)# no station-roleThis example shows how to set the bridge to root operation:
bridge(config-if)# station-role rootRelated Commands
station-role install
Use the station-role install configuration interface command to configure the bridge for installation mode. In installation mode, the bridge flashes the LEDs to indicate received signal strength.
station-role install
[ automatic | non-root | root ]
Note
Syntax Description
Defaults
When set to defaults, bridges start up in install automatic mode and adopt the root role if they do not associate to another bridge. If a bridge associates to another bridge at start-up, it automatically adopts the non-root role.
Command Modes
Configuration interface
Command History
Examples
This example shows how to set the bridge to install mode, non-root:
bridge(config-if)# station-role install non-rootRelated Commands
traffic-class
Use the traffic-class configuration interface mode command to configure the radio interface quality-of-service (QoS) traffic class parameters for each of the eight traffic types. Use the no form of the command to reset a specific traffic class to the default values.
[no] traffic-class { best-effort | background | video | voice }
cw-min 0-10
cw-max 0-10
fixed-slot 0-20Syntax Description
Defaults
When QoS is enabled, the default traffic class settings for access points match the values in Table 2-10, and the default traffic class settings for bridges match the values in Table 2-11.
Command Modes
Configuration interface
Command History
12.2(4)JA
This command was introduced.
12.2(13)JA
This command was modified to support four traffic classes (best-effort, background, video, and voice) instead of eight (0-7).
Usage Guidelines
Use this command to control the backoff parameters for each class of traffic. Backoff parameters control how the radio accesses the airwaves. The cw-min and cw-max arguments specify the collision window as a power of 2. For example, if the value is set to 3, the contention window is 0 to 7 backoff slots (2 to the power 3 minus 1). The fixed-slot arguments specify the number of backoff slots that are counted before the random backoff counter starts to count down.
For best performance on your bridge links, adjust the CW-min and CW-max contention window settings according to the values listed in Table 2-12. The default settings, CW-min 3 and CW-max 10, are best for point-to-point links. However, for point-to-multipoint links, you should adjust the settings depending on the number of non-root bridges that associate to the root bridge.
Note
Examples
This example shows how to configure the best-effort traffic class for contention windows and fixed slot backoff values. Each time the backoff for best-effort is started, the backoff logic waits a minimum of the 802.11 SIFS time plus 2 backoff slots. Then it begins counting down the 0 to 15 backoff slots in the contention window.
AP(config-if)# traffic-class best-effort cw-min 4 cw-max 10 fixed-slot 2This example shows how to disable traffic class support:
AP(config-if)# no traffic-classRelated Commands
concatenation (bridges only)
Enables packet concatenation on the bridge radio
show running-config
Displays the current operating configuration
user (local server configuration mode)
Use the user local server configuration command to specify the users allowed to authenticate using the local authenticator.
user username
{ password | nthash } password
[ group group-name ]
Note
Syntax Description
Defaults
This command has no defaults.
Command Modes
Local server configuration mode
Command History
Examples
This example shows how to add an access point to the list of network authentication server (NAS) access points on the local authenticator:
AP(config-radsrv)# user sam password rover32 group cashiersRelated Commands
vlan (SSID configuration mode)
Use the vlan SSID configuration mode command to configure the radio interface (for the specified SSID) to support a specific Ethernet virtual LAN (VLAN). Use the no form of the command to reset the parameter to the default value.
[no] vlan vlan-id
Syntax Description
Defaults
This command has no defaults.
Command Modes
SSID configuration interface
Command History
Examples
This example shows how to configure the VLAN that uses the radio SSID (wireless LAN):
AP(config-if-ssid)# vlan 2This example shows how to reset the VLAN parameter to default values:
AP(config-if-ssid)# no vlanRelated Commands
wlccp ap
Use the wlccp ap global configuration command to configure an access point to authenticate through the access point configured for wireless domain services (WDS) and participate in Cisco Centralized Key Management (CCKM).
wlccp ap username username password password
Note
Syntax Description
Defaults
This command has no defaults.
Command Modes
Global configuration
Command History
Examples
This example shows how to configure the username and password for an access point that will participate in CCKM:
AP(config)# wlccp ap username birdman password 8675309Related Commands
Specifies server lists for 802.1x authentication for client and infrastructure devices participating in CCKM
wlccp authentication-server
Use the wlccp authentication-server global configuration command to configure the list of servers to be used for 802.1x authentication for infrastructure devices and client devices enabled for Cisco Centralized Key Management (CCKM).
wlccp authentication-server
client { any | eap | leap | mac } list |
infrastructure list
Note
Syntax Description
Defaults
This command has no defaults.
Command Modes
Global configuration
Command History
Examples
This example shows how to configure the server list for LEAP authentication for client devices:
AP(config)# wlccp authentication-server client leap leap-list1This example shows how to configure the server list for 802.1x authentication for infrastructure devices participating in CCKM:
AP(config)# wlccp authentication-server infrastructure wlan-list1Related Commands
Configures an access point to participate in CCKM
Configures an access point for WDS
wlccp wds priority
Use the wlccp wds priority global configuration command to configure an access point to provide Wireless Domain Services (WDS). When configuring Cisco Centralized Key Management (CCKM), you configure one or more access points as candidates to provide WDS. The access point with the highest priority provides WDS.
wlccp wds
priority priority
interface interface
Note
Syntax Description
Defaults
This command has no defaults.
Command Modes
Global configuration
Command History
Examples
This example shows how to configure the priority for an access point as a candidate to provide WDS:
AP(config)# wlccp wds priority 200 interface bvi 1Related Commands
Configures an access point to participate in CCKM
Specifies server lists for 802.1x authentication for client and infrastructure devices participating in CCKM
wlccp wnm ip address
Use the wlccp wnm ip address global configuration command to configure the IP address of the wireless network manager (WNM) that performs network management for the wireless LAN to which the access point belongs.
wlccp wnm ip address
Note
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no defaults.
Command Modes
Global configuration
Command History
Examples
This example shows how to configure the IP address of the wireless network manager:
AP(config)# wlccp wnm ip address 10.10.0.101Related Commands
Configures an access point to participate in CCKM
Specifies server lists for 802.1x authentication for client and infrastructure devices participating in CCKM
world-mode
Use the world-mode configuration interface mode command to enable access point world mode operation. Use the no form of the command to disable world mode operation.
[no] world-mode
Note
Syntax Description
This command has no arguments or keywords.
Defaults
World mode is disabled by default.
Command Modes
Configuration interface
Command History
Usage Guidelines
With world mode enabled, the access point advertises the local settings, such as allowed frequencies and transmitter power levels. Clients with this capability then passively detect and adopt the advertised world settings, and then actively scan for the best access point.
Examples
This example shows how to enable world mode operation:
AP(config-if)# world-modeThis example shows how to disable world mode operation:
AP(config-if)# no world-modeRelated Commands
wpa-psk
Use the wpa-psk SSID interface configuration command to configure a pre-shared key for use in WPA authenticated key management. To support WPA on a wireless LAN where 802.1x-based authentication is not available, you must configure a pre-shared key for the SSID.
wpa-psk { hex | ascii } [ 0 | 7 ] encryption-key
Note
Syntax Description
Defaults
This command has no defaults.
Command Modes
SSID configuration interface
Command History
Examples
This example shows how to configure a WPA pre-shared key for an SSID:
AP(config-if-ssid)# wpa-psk ascii shared-secret-keyRelated Commands
Specifies authenticated key management for an SSID
Specifies a cipher suite
Specifies the SSID and enters SSID configuration mode
