WLAN Commands

aaa-override

To enable AAA override on the WLAN, use the aaa-override command. To disable AAA override, use the no form of this command.

aaa-override

no aaa-override

Syntax Description

This command has no keywords or arguments.

Command Default

AAA is disabled by default.

Command Modes

WLAN configuration

Command History

Release

Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to enable AAA on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# shutdown
Switch(config-wlan)# aaa-override
Switch(config-wlan)# no shutdown
Switch(config-wlan)# end

This example shows how to disable AAA on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# shutdown
Switch(config-wlan)# no aaa-override
Switch(config-wlan)# no shutdown
Switch(config-wlan)# end

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

accounting-list

To configure RADIUS accounting servers on a WLAN, use the accounting-list command. To disable RADIUS server accounting, use the no form of this command.

accounting-list radius-server-acct

no accounting-list

Syntax Description

radius-server-acct

Accounting RADIUS server name.

Command Default

RADIUS server accounting is disabled by default.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to configure RADIUS server accounting on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# accounting-list test
Switch(config-wlan)# end

This example shows how to disable RADIUS server accounting on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no accounting-list test
Switch(config-wlan)# end

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

assisted-roaming

To configure assisted roaming using 802.11k on a WLAN, use the assisted-roaming command. To disable assisted roaming, use the no form of this command.

assisted-roaming { dual-list | neighbor-list | prediction }

no assisted-roaming { dual-list | neighbor-list | prediction }

Syntax Description

dual-list

Configures a dual band 802.11k neighbor list for a WLAN. The default is the band that the client is currently associated with.

neighbor-list

Configures an 802.11k neighbor list for a WLAN.

prediction

Configures assisted roaming optimization prediction for a WLAN.

Command Default

Neighbor list and dual band support are enabled by default. The default is the band that the client is currently associated with.

Command Modes

WLAN configuration

Command History

Release Modification
Cisco IOS XE 3.3SE

This command was introduced.

Usage Guidelines

When you enable the assisted roaming prediction list, a warning appears and load balancing is disabled for the WLAN if load balancing is already enabled on the WLAN. To make changes to the WLAN, the WLAN must be in disabled state.

Examples

The following example shows how to configure a 802.11k neighbor list on a WLAN:

Switch(config-wlan)#assisted-roaming neighbor-list 

The following example shows the warning message when load balancing is enabled on a WLAN. Load balancing must be disabled if it is already enabled when configuring assisted roaming:

Switch(config)#wlan test-prediction 2 test-prediction
Switch(config-wlan)#client vlan 43
Switch(config-wlan)#no security wpa
Switch(config-wlan)#load-balance
Switch(config-wlan)#assisted-roaming prediction
WARNING: Enabling neighbor list prediction optimization may slow association and impact VOICE client perform.
Are you sure you want to continue? (y/n)[y]: y
% Request aborted - Must first disable Load Balancing before enabling Assisted Roaming Prediction Optimization on this WLAN.

ap name ap-name lan port-id port-id poe

To enable PoE in the LAN port of AP, use the ap name ap-name lan port-id port-id poe command in privileged EXEC mode. To disable PoE in the LAN port of AP, use no form of this command.


Note


PoE can be configured only for port 1.


ap name ap-name lan port-id port-id poe

no ap name ap-name lan port-id port-id poe

Syntax Description

ap-name

Name of the AP.

port-id

ID of the port.

Command Default

None

Command Modes

privileged EXEC

Command History

Release Modification

Cisco IOS XE Denali 16.3.1

This command was introduced.

Examples

The following example shows how to enable PoE in the LAN port of AP:

Switch # ap name AP00FE.C82D.DFB0 lan port-id 1 poe

ap name ap-name lan override

To enable Override in an AP group LAN port configuration, use the ap name ap-name lan override command in privileged EXEC mode. To disable Override in an AP group LAN port configuration, use no form of this command.

ap name ap-name lan override

no ap name ap-name lan override

Syntax Description

ap-name

Name of the AP.

Command Default

None

Command Modes

privileged EXEC

Command History

Release Modification

Cisco IOS XE Denali 16.3.1

This command was introduced.

Examples

The following example shows how to enable Override in an AP group LAN port configuration:

Switch # ap name AP00FE.C82D.DFB0 lan override

band-select

To configure band selection on a WLAN, use the band-select command. To disable band selection, use the no form of this command.

band-select

no band-select

Syntax Description

This command has no keywords or arguments.

Command Default

Band selection is disabled by default.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

When you enable band select on a WLAN, the access point suppresses client probes on 2.4GHz and moves the dual band clients to the 5-GHz spectrum. The band-selection algorithm directs dual-band clients only from the 2.4-GHz radio to the 5-GHz radio of the same access point, and it only runs on an access point when both the 2.4-GHz and 5-GHz radios are up and running.

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to enable band select on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# band-select                            
Switch(config-wlan)# end

This example shows how to disable band selection on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no band-select
Switch(config-wlan)# end

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

broadcast-ssid

To enable a Service Set Identifier (SSID) on a WLAN, use the broadcast-ssid command. To disable broadcasting of SSID, use the no form of this command.

broadcast-ssid

no broadcast-ssid

Syntax Description

This command has no keywords or arguments.

Command Default

The SSIDs of WLANs are broadcasted by default.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to enable a broadcast SSID on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# broadcast-ssid                            
Switch(config-wlan)# end

This example shows how to disable a broadcast SSID on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no broadcast-ssid
Switch(config-wlan)# end

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

call-snoop

To enable Voice over IP (VoIP) snooping on a WLAN, use the call-snoop command. To disable Voice over IP (VoIP), use the no form of this command.

call-snoop

no call-snoop

Syntax Description

This command has no keywords or arguments.

Command Default

VoIP snooping is disabled by default.

Command Modes

WLN configuration

Usage Guidelines

You must disable the WLAN before using this command. See the Related Commands section for more information on how to disable a WLAN.

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

The WLAN on which call snooping is configured must be configured with Platinum QoS. You must disable quality of service before using this command. See Related Commands section for more information on configuring QoS service-policy.

Examples

This example shows how to enable VoIP on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# call-snoop                            
Switch(config-wlan)# end

This example shows how to disable VoIP on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no call-snoop
Switch(config-wlan)# end

Related Commands

Command

Description

service-policy (WLAN)

Configures the QoS Policy on a WLAN.

wlan

Creates or disables a WLAN.

channel-scan defer-priority

To configure the device to defer priority markings for packets that can defer off-channel scanning, use the channel-scan defer-priority command. To disable the device to defer priority markings for packets that can defer off-channel scanning, use the no form of this command.

channel-scan defer-priority priority

no channel-scan defer-priority priority

Syntax Description

priority

Channel priority value. The range is 0 to 7. The default is 3.

Command Default

Channel scan defer is enabled.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Examples

This example shows how to enable channel scan defer priority on a WLAN and set it to a priority value 4:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# channel-scan defer-priority 4                            
Switch(config-wlan)# end

This example shows how to disable channel scan defer priority on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no channel-scan defer-priority 4
Switch(config-wlan)# end

channel-scan defer-time

To assign a channel scan defer time, use the channel-scan defer-time command. To disable the channel scan defer time, use the no form of this command.

channel-scan defer-time msecs

no channel-scan defer-time

Syntax Description

msecs

Deferral time in milliseconds. The range is from 0 to 60000. The default is 100.

Command Default

Channel-scan defer time is enabled.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

The time value in milliseconds should match the requirements of the equipment on the WLAN.

Examples

This example shows how to enable a channel scan on the WLAN and set the scan deferral time to 300 milliseconds:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# channel-scan defer-time 300                            
Switch(config-wlan)# end

This example shows how to disable channel scan defer time on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no channel-scan defer-time
Switch(config-wlan)# end

chd

To enable coverage hole detection on a WLAN, use the chd command. To disable coverage hole detection, use the no form of this command.

chd

no chd

Syntax Description

This command has no keywords or arguments.

Command Default

Coverage hole detection is enabled.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Examples

This example shows how to enable coverage hole detection on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# chd                            
Switch(config-wlan)# end

This example shows how to disable coverage hole detection on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no chd
Switch(config-wlan)# end

client association limit

To configure the maximum number of client connections, clients per access points, or clients per access point radio on a WLAN, use the client association limit command. To disable clients association limit on the WLAN, use the no form of this command.

client association limit { association-limit | ap ap-limit | radio max-ap-radio-limit }

no client association limit { association-limit | ap ap-limit | radio max-ap-radio-limit }

Syntax Description

association-limit

Number of client connections to be accepted. The range is from 0 to 2000. A value of zero (0) indicates no set limit.

ap

Maximum number of clients per access point.

ap-limit

Configures the maximum number of client connections to be accepted per access point radio. The valid range is from 0 to 400.

radio

Configures the maximum number of clients per AP radio.

max-ap-radio-limit

Maximum number of client connections to be accepted per access point radio. The valid range is from 0 - 200.

Command Default

The maximum number of client connections is set to 0 (no limit).

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Cisco IOS XE 3.3SE

The command was modified. The ap and radio keywords were added.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to configure a client association limit on a WLAN and configure the client limit to 200:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# shutdown
Switch(config-wlan)# client association limit 200                            
Switch(config-wlan)# no shutdown
Switch(config-wlan)# end

This example shows how to disable a client association limit on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# shutdown
Switch(config-wlan)# no client association limit
Switch(config-wlan)# no shutdown
Switch(config-wlan)# end
This example shows how to configure a client association limit per radio on a WLAN and configure the client limit to 200:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# client association limit radio 200
Switch(config-wlan)# no shutdown
Switch(config-wlan)# end
This example shows how to configure a client association limit per AP on a WLAN and configure the client limit to 300::
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# client association limit ap 300
Switch(config-wlan)# no shutdown
Switch(config-wlan)# end

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

client vlan

To configure a WLAN interface or an interface group, use the client vlan command. To disable the WLAN interface, use the no form of this command.

client vlan interface-id-name-or-group-name

no client vlan

Syntax Description

interface-id-name-or-group-name

Interface ID, name, or VLAN group name. The interface ID can also be in digits too.

Command Default

The default interface is configured.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to enable a client VLAN on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# client vlan client-vlan1                            
Switch(config-wlan)# end

This example shows how to disable a client VLAN on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no client vlan
Switch(config-wlan)# end

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

ccx aironet-iesupport

To enable Aironet Information Elements (IEs) for a WLAN, use the ccx aironet-iesupport command. To disable Aironet Information Elements (IEs), use the no form of this command.

ccx aironet-iesupport

no ccx aironet-iesupport

Syntax Description

This command has no keywords or arguments.

Command Default

Aironet IE support is enabled.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to enable an Aironet IE for a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# ccx aironet-iesupport                            
Switch(config-wlan)# end

This example shows how to disable an Aironet IE on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no ccx aironet-iesupport
Switch(config-wlan)# end

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

datalink flow monitor

To enable NetFlow monitoring in a WLAN, use the datalink flow monitor command. To disable NetFlow monitoring, use the no form of this command.

datalink flow monitor datalink-monitor-name { input | output }

no datalink flow monitor datalink-monitor-name { input | output }

Syntax Description

datalink-monitor-name

Flow monitor name. The datalink monitor name can have up to 31 characters.

input

Specifies the NetFlow monitor for ingress traffic.

output

Specifies the NetFlow monitor for egress traffic.

Command Default

None.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to enable NetFlow monitoring on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# datalink flow monitor test output                            
Switch(config-wlan)# end

This example shows how to disable NetFlow monitoring on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no datalink flow monitor test output
Switch(config-wlan)# end

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

device-classification

To enable client device classification in a WLAN, use the device-classification command. To disable device classification, use the no form of this command.

device-classification

no device-classification

Syntax Description

device-classification

Enables/Disables Client Device Classification.

Command Default

None.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Examples

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# device-classification                            
Switch(config-wlan)# end

default

To set the parameters to their default values, use the default command.

default { aaa-override | accounting-list | band-select | broadcast-ssid | call-snoop | ccx | channel-scan | parameters | chd | client | datalink | diag-channel | dtim | exclusionlist | ip | ipv6 | load-balance | local-auth | mac-filtering | media-stream | mfp | mobility | nac | passive-client | peer-blocking | radio | roamed-voice-client | security | service-policy | session-timeout | shutdown | sip-cac | static-ip | uapsd | wgb | wmm }

Syntax Description

aaa-override

Sets the AAA override parameter to its default value.

accounting-list

Sets the accounting parameter and its attributes to their default values.

band-select

Sets the band selection parameter to its default values.

broadcast-ssid

Sets the broadcast Service Set Identifier (SSID) parameter to its default value.

call-snoop

Sets the call snoop parameter to its default value.

ccx

Sets the Cisco client extension (Cisco Aironet IE) parameters and attributes to their default values.

channel-scan

Sets the channel scan parameters and attributes to their default values.

chd

Sets the coverage hold detection parameter to its default value.

client

Sets the client parameters and attributes to their default values.

datalink

Sets the datalink parameters and attributes to their default values.

diag-channel

Sets the diagnostic channel parameters and attributes to their default values.

dtim

Sets the Delivery Traffic Indicator Message (DTIM) parameter to its default value.

exclusionlist

Sets the client exclusion timeout parameter to its default value.

ip

Sets the IP parameters to their default values.

ipv6

Sets the IPv6 parameters and attributes to their default values.

load-balance

Sets the load-balancing parameter to its default value.

local-auth

Sets the Extensible Authentication Protocol (EAP) profile parameters and attributes to their default values.

mac-filtering

Sets the MAC filtering parameters and attributes to their default values.

media-stream

Sets the media stream parameters and attributes to their default values.

mfp

Sets the Management Frame Protection (MPF) parameters and attributes to their default values.

mobility

Sets the mobility parameters and attributes to their default values.

nac

Sets the RADIUS Network Admission Control (NAC) parameter to its default value.

passive-client

Sets the passive client parameter to its default value.

peer-blocking

Sets the peer to peer blocking parameters and attributes to their default values.

radio

Sets the radio policy parameters and attributes to their default values.

roamed-voice-client

Sets the roamed voice client parameters and attributes to their default values.

security

Sets the security policy parameters and attributes to their default values.

service-policy

Sets the WLAN quality of service (QoS) policy parameters and attributes to their default values.

session-timeout

Sets the client session timeout parameter to its default value.

shutdown

Sets the shutdown parameter to its default value.

sip-cac

Sets the Session Initiation Protocol (SIP) Call Admission Control (CAC) parameters and attributes to their default values.

static-ip

Sets the static IP client tunneling parameters and their attributes to their default values.

uapsd

Sets the Wi-Fi Multimedia (WMM) Unscheduled Automatic Power Save Delivery (UAPSD) parameters and attributes to their default values.

wgb

Sets the Workgroup Bridges (WGB) parameter to its default value.

wmm

Sets the WMM parameters and attributes to their default values.

Command Default

None.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to set the Cisco Client Extension parameter to its default value:

Switch(config-wlan)# default ccx aironet-iesupport

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

dtim dot11

To configure the Delivery Traffic Indicator Message (DTIM) period for a WLAN, use the dtim dot11 command. To disable DTIM, use the no form of this command.

dtim dot11 { 5ghz | 24ghz } dtim-period

no dtim dot11 { 5ghz | 24ghz } dtim-period

Syntax Description

5ghz

Configures the DTIM period on the 5-GHz band.

24ghz

Configures the DTIM period on the 2.4-GHz band.

dtim-period

Value for the DTIM period. The range is from 1 to 255.

Command Default

The DTIM period is set to 1.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to enable the DTIM period on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# dtim dot11 24ghz 3

This example shows how to disable the DTIM period on a WLAN on the 2.4-GHz band:
Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no dtim dot11 24ghz 3

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

exclusionlist

To configure an exclusion list on a wireless LAN, use the exclusionlist command. To disable an exclusion list, use the no form of this command.

exclusionlist [ timeout seconds ]

no exclusionlist [timeout]

Syntax Description

timeout seconds

(Optional) Specifies an exclusion list timeout in seconds. The range is from 0 to 2147483647. A value of zero (0) specifies no timeout.

Command Default

The exclusion list is set to 60 seconds.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to configure a client exclusion list for a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# exclusionlist timeout 345

This example shows how to disable a client exclusion list on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no exclusionlist timeout 345

exit

To exit the WLAN configuration submode, use the exit command.

exit

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Examples

This example shows how to exit the WLAN configuration submode:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# exit
Switch(config)# 

exit (WLAN AP Group)

To exit the WLAN access point group submode, use the exit command.

exit

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

WLAN AP Group configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Examples

This example shows how to exit the WLAN AP group submode:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# ap group test
Switch(config-apgroup)# exit

ip access-group

To configure WLAN access control group (ACL), use the ip access-group command. To remove a WLAN ACL group, use the no form of the command.

ip access-group [web] acl-name

no ip access-group [web]

Syntax Description

web

(Optional) Configures the IPv4 web ACL.

acl-name

Specify the preauth ACL used for the WLAN with the security type value as webauth.

Command Default

None

Command Modes

WLAN configuration

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Examples

This example shows how to configure a WLAN ACL:

Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#wlan wlan1
Switch(config-wlan)#ip access-group test-acl

This example shows how to configure an IPv4 WLAN web ACL:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# ip access-group web test
Switch(config-wlan)# 

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

ip flow monitor

To configure IP NetFlow monitoring, use the ip flow monitor command. To remove IP NetFlow monitoring, use the no form of this command.

ip flow monitor ip-monitor-name { input | output }

no ip flow monitor ip-monitor-name { input | output }

Syntax Description

ip-monitor-name

Flow monitor name.

input

Enables a flow monitor for ingress traffic.

output

Enables a flow monitor for egress traffic.

Command Default

None

Command Modes

WLAN configuration

Usage Guidelines

You must disable the WLAN before using this command.

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Examples

This example shows how to configure an IP flow monitor for the ingress traffic:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# ip flow monitor test input

This example shows how to disable an IP flow monitor:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no ip flow monitor test input

ip verify source mac-check

To enable IPv4 Source Guard (IPSG) on a WLAN, use the ip verify source mac-check command. To disable IPSG, use the no form of this command.

ip verify source mac-check

no ip verify source mac-check

Syntax Description

This command has no keywords or arguments.

Command Default

IPSG is disabled.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

Use this feature to restrict traffic from a host to a specific interface that is based on the host's IP address. The feature can also be configured to bind the source MAC and IP of a host so that IP spoofing is prevented.

Use this feature to bind the IP and MAC address of a wireless host that is based on information received from DHCP snooping, ARP, and Dataglean. Dataglean is the process of extracting location information such as host hardware address, ports that lead to the host, and so on from DHCP messages as they are forwarded by the DHCP relay agent. If a wireless host tries to send traffic with IP address and MAC address combination that has not been learned by the switch, this traffic is dropped in the hardware. IPSG is not supported on DHCP packets. IPSG is not supported for foreign clients in a foreign switch.

You must disable the WLAN before using this command.

Examples

This example shows how to enable IPSG:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# ip verify source mac-check

This example shows how to disable IPSG:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no ip verify source mac-check

load-balance

To enable load balancing on a WLAN, use the load-balance command. To disable load balancing, use the no form of this command.

load-balance

no load-balance

Syntax Description

This command has no keywords or arguments.

Command Default

Load balancing is disabled by default.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

The command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to enable load balancing on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# shutdown
Switch(config)# wlan wlan1
Switch(config-wlan)# load-balance
Switch(config)# no shutdown
Switch(config-wlan)# end

This example shows how to disable load balancing on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# shutdown
Switch(config)# wlan wlan1
Switch(config-wlan)# no load-balance
Switch(config)# no shutdown
Switch(config-wlan)# end

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

mobility anchor

To configure mobility sticky anchoring, use the mobility anchor sticky command. To disable the sticky anchoring, use the no form of the command.

To configure guest anchoring, use the mobility anchor ip-address command.

To delete the guest anchor, use the no form of the command.

To configure the device as an auto-anchor, use the mobility anchor command.

mobility anchor { ip-address | sticky }

no mobility anchor { ip-address | sticky }

Syntax Description

sticky
The client is anchored to the first switch that it associates.
Note    This command is by default enabled and ensures low roaming latency. This ensures that the point of presence for the client does not change when the client joins the mobility domain and roams within the domain.
ip-address

Configures the IP address for the guest anchor switch to this WLAN.

Command Default

Sticky configuration is enabled by default.

Command Modes

WLAN Configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Cisco IOS XE 3.3SE

The auto-anchor configuration required the device IP address to be entered prior to the Cisco IOS XE 3.3SE release; with this release, if no IP address is given, the device itself becomes an anchor; you do not have to explicitly specify the IP address.

Usage Guidelines

  • The wlan_id or guest_lan_id must exist and be disabled.

  • Auto-anchor mobility is enabled for the WLAN or wired guest LAN when you configure the first mobility anchor.

  • Deleting the last anchor disables the auto-anchor mobility feature and resumes normal mobility for new associations.

  • Mobility uses the following ports, that are allowed through the firewall:

    • 16666
    • 16667
    • 16668

Examples

This example shows how to enable the sticky mobility anchor:
Switch(config-wlan)# mobility anchor sticky
 
This example shows how to configure guest anchoring:
Switch(config-wlan)# mobility anchor 209.165.200.224
This example shows how to configure the device as an auto-anchor:
Switch(config-wlan)# mobility anchor

nac

To enable RADIUS Network Admission Control (NAC) support for a WLAN, use the nac command. To disable NAC out-of-band support, use the no form of this command.

nac

no nac

Syntax Description

This command has no keywords or arguments.

Command Default

NAC is disabled.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You should enable AAA override before you enable the RADIUS NAC state.

Examples

This example shows how to configure RADIUS NAC on the WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# aaa-override
Switch(config-wlan)# nac

This example shows how to disable RADIUS NAC on the WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no nac
Switch(config-wlan)# no aaa-override

Related Commands

Command

Description

aaa-override

Enables or disables AAA override on a WLAN.

passive-client

To enable the passive client feature on a WLAN, use the passive-client command. To disable the passive client feature, use the no form of this command.

passive-client

no passive-client

Syntax Description

This command has no keywords or arguments.

Command Default

Passive client feature is disabled.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must enable the global multicast mode and multicast-multicast mode before entering this command. Both multicast-multicast mode and multicast unicast modes are supported. The multicast-multicast mode is recommended.

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This show how to enable the passive client feature on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wireless multicast
Switch(config)# wlan test-wlan
Switch(config-wlan)# passive-client

This example shows how to disable the passive client feature on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wireless multicast
Switch(config)# wlan test-wlan
Switch(config-wlan)# no passive-client

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

peer-blocking

To configure peer-to-peer blocking on a WLAN, use the peer-blocking command. To disable peer-to-peer blocking, use the no form of this command.

peer-blocking { drop | forward-upstream }

no peer-blocking

Syntax Description

drop

Specifies the switch to discard the packets.

forward-upstream

Specifies the packets to be forwarded on the upstream VLAN. The device next in the hierarchy to the switch decides what action to take regarding the packets.

Command Default

Peer blocking is disabled.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to enable the drop and forward-upstream options for peer-to-peer blocking:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# peer-blocking  drop
Switch(config-wlan)# peer-blocking forward-upstream

This example shows how to disable the drop and forward-upstream options for peer-to-peer blocking:
Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no peer-blocking  drop
Switch(config-wlan)# no peer-blocking forward-upstream

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

port

To configure port id of an AP group, use the port command in interface configuration mode. To disable a port id of an AP group, use no form of this command.

port port-id

no port port-id

Syntax Description

port-id

ID of the port.

Command Default

None

Command Modes

Interface configuration (config-apgroup)

Command History

Release Modification

Cisco IOS XE Denali 16.3.1

This command was introduced.

Examples

The following example shows how to configure port id of an AP group:

Switch(config-apgroup)# port-1

poe

To enable PoE on a port, use the poe command in interface configuration mode. To disable PoE on the port, use no form of this command.


Note


PoE can be configured only for port 1.


poe

no poe

Command Default

None

Command Modes

Interface configuration (config-apgroup)

Command History

Release Modification

Cisco IOS XE Denali 16.3.1

This command was introduced.

Examples

The following example shows how to enable PoE on a port:

Switch(config-apgroup)# poe

radio

To enable the Cisco radio policy on a WLAN, use the radio command. To disable the Cisco radio policy on a WLAN, use the no form of this command.

radio { all | dot11a | dot11ag | dot11bg | dot11g }

no radio

Syntax Description

all

Configures the WLAN on all radio bands.

dot11a

Configures the WLAN on only 802.11a radio bands.

dot11ag

Configures the WLAN on 802.11a/g radio bands.

dot11bg

Configures the wireless LAN on only 802.11b/g radio bands (only 802.11b if 802.11g is disabled).

dot11g

Configures the wireless LAN on 802.11g radio bands only.

Command Default

Radio policy is enabled on all bands.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to configure the WLAN on all radio bands:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# radio all

This example shows how to disable all radio bands on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no radio all

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

radio-policy

To configure the radio policy on a WLAN access point group, use the radio-policy command. To disable the radio policy on the WLAN, use the no form of this command.

radio-policy { all | dot11a | dot11bg | dot11g }

no radio { all | dot11a | dot11bg | dot11g }

Syntax Description

all

Configures the wireless LAN on all radio bands.

dot11a

Configures the wireless LAN on only 802.11a radio bands.

dot11bg

Configures the wireless LAN on only 802.11b/g (only 802.11b if 802.11g is disabled) radio bands.

dot11g

Configures the wireless LAN on only 802.11g radio bands.

Command Default

Radio policy is enabled on all the bands.

Command Modes

WLAN AP Group configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

The WLAN must be restarted for the changes to take effect. See Related Commands section for more information on how to shutdown a WLAN.

Examples

This example shows how to enable the radio policy on the 802.11b band for an AP group:

Switch(config)# ap group test
Switch(config-apgroup)# wlan test-wlan
Switch(config-wlan-apgroup)# radio-policy dot11b

This example shows how to disable the radio policy on the 802.11b band of an AP group:

Switch(config)# ap group test
Switch(config-apgroup)# wlan test-wlan
Switch(config-wlan-apgroup)# no radio-policy dot11bg

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

wlan shutdown

Disables a WLAN.

remote-lan

To specify Remote-LAN profile name, use the remote-lan command in global configuration mode. To disable the configured profile name, use no form of this command.

remote-lan profile-name id

no remote-lan profile-name id

Syntax Description

profile-name

Remote-LAN profile name.

id

Remote LAN identifier. The range is from 1 to 64.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Denali 16.3.1

This command was introduced.

Examples

The following example shows how to specify Remote-LAN profile name:

Switch(config)# remote-lan test-lan 3

remote-lan

To add a Remote-LAN to an AP group, use the remote-lan command in interface configuration mode. To disable a Remote-LAN in an AP group, use no form of this command.

remote-lan remote-lan-name

no remote-lan remote-lan-name


Note


The remote-lan remote-lan-name command is also required to map a Remote-LAN to a port.


Syntax Description

remote-lan-name

Name of the Remote-LAN.

Command Default

None

Command Modes

Interface configuration (config-apgroup)

Command History

Release Modification

Cisco IOS XE Denali 16.3.1

This command was introduced.

Examples

The following example shows how to add a Remote-LAN to an AP group:

Switch(config-apgroup)# remote-lan test-lan

roamed-voice-client re-anchor

To enable the roamed-voice-client re-anchor feature, use the roamed-voice-client re-anchor command. To disable the roamed-voice-client re-anchor feature, use the no form of this command.

roamed-voice-client re-anchor

no roamed-voice-client re-anchor

Syntax Description

This command has no keywords or arguments.

Command Default

Roamed voice client reanchor feature is disabled.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to enable the roamed voice client re-anchor feature:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# roamed-voice-client re-anchor

This example shows how to disable the roamed voice client re-anchor feature:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no roamed-voice-client re-anchor

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

security ft

To configure 802.11r fast transition parameters, use the security ft command. To configure fast transition over the air, use the no security ft over-the-ds command.

security ft [ over-the-ds | reassociation-timeout timeout-jn-seconds ]

no security ft [ over-the-ds | reassociation-timeout ]

Syntax Description

over-the-ds

(Optional) Specifies that the 802.11r fast transition occurs over a distributed system. The no form of the command with this parameter configures security ft over the air.

reassociation-timeout

(Optional) Configures the reassociation timeout interval.

timeout-in-seconds

(Optional) Specifies the reassociation timeout interval in seconds. The valid range is between 1 to 100. The default value is 20.

Command Default

The feature is disabled.

Command Modes

WLAN configuration

Command History

Release Modification
Cisco IOS XE 3.3SE

This command was introduced.

Usage Guidelines

None

WLAN Security must be enabled.

Examples

The following example configures security FT configuration for an open WLAN:

Switch#wlan test
Switch(config-wlan)# client vlan 0140
Switch(config-wlan)# no mobility anchor sticky
Switch(config-wlan)# no security wpa
Switch(config-wlan)# no security wpa akm dot1x
Switch(config-wlan)# no security wpa wpa2
Switch(config-wlan)# no security wpa wpa2 ciphers aes
Switch(config-wlan)# security ft
Switch(config-wlan)# shutdown

The following example shows a sample security FT on a WPA-enabled WLAN:

Switch# wlan test
Switch(config-wlan)# client vlan 0140
Switch(config-wlan)# no security wpa akm dot1x
Switch(config-wlan)# security wpa akm ft psk
Switch(config-wlan)# security wpa akm psk set-key ascii 0 test-test
Switch(config-wlan)# security ft
Switch(config-wlan)# no shutdown

security pmf

To configure 802.11w Management Frame Protection (PMF) on a WLAN, use the security pmf command. To disable management frame protection, use the no form of the command.

security pmf { association-comeback association-comeback-time-seconds | mandatory | optional | saquery-retry-time saquery-retry-time-milliseconds }

no security pmf [ association-comeback association-comeback-time-seconds | mandatory | optional | saquery-retry-time saquery-retry-time-milliseconds ]

Syntax Description

association-comeback

Configures the 802.11w association comeback time.

association-comeback-time-seconds

Association comeback interval in seconds. Time interval that an associated client must wait before the association is tried again after it is denied with a status code 30. The status code 30 message is "Association request rejected temporarily; Try again later.”

The range is from 1 through 20 seconds.

mandatory

Specifies that clients are required to negotiate 802.1w PMF protection on the WLAN.

optional

Specifies that the WLAN does not mandate 802.11w support on clients. Clients with no 802.11w capability can also join.

saquery-retry-time

Time interval identified before which the SA query response is expected. If the switch does not get a response, another SA query is tried.

saquery-retry-time-milliseconds

The saquery retry time in milliseconds. The range is from 100 to 500 ms. The value must be specified in multiples of 100 milliseconds.

Command Default

PMF is disabled.

Command Modes

WLAN configuration

Command History

Release Modification
Cisco IOS XE 3.3SE

This command was introduced.

Usage Guidelines

You must have WPA (Wi-Fi Protected Access) and AKM (Authentication Key Management) configured to use this feature. See Related Command section for more information on configuring the security parameters.

802.11w introduces an Integrity Group Temporal Key (IGTK) that is used to protect broadcast or multicast robust management frames. IGTK is a random value, assigned by the authenticator station (switch) used to protect MAC management protocol data units (MMPDUs) from the source STA. The 802.11w IGTK key is derived using the four-way handshake and is used only on WLANs that are configured with WPA2 security at Layer 2.

Examples

This example shows how to enable the association comeback value at 15 seconds.

Switch(config-wlan)# security pmf association-comeback 15

This example shows how to configure mandatory 802.11w MPF protection for clients on a WLAN:

Switch(config-wlan)# security pmf mandatory

This example shows how to configure optional 802.11w MPF protection for clients on a WLAN:

Switch(config-wlan)# security pmf optional

This example shows how to configure the saquery parameter:

Switch(config-wlan)# security pmf saquery-retry-time 100

This example shows how to disable the PMF feature:

Switch(config-wlan)# no security pmf

Related Commands

Command

Description

security wpa akm

Configures authentication key-management using Cisco Centralized Key Management on a WLAN.

security web-auth

To change the status of web authentication used on a WLAN, use the security web-auth command. To disable web authentication on a WLAN, use the no form of the command.

security web-auth [ authentication-list authentication-list-name | on-macfilter-failure | parameter-map parameter-map-name ]

no security web-auth [ authentication-list [authentication-list-name] | on-macfilter-failure | parameter-map [parameter-name] ]

Syntax Description

authentication-list authentication-list-name

Sets the authentication list for IEEE 802.1x.

on-macfilter-failure

Enables web authentication on MAC failure.

parameter-map parameter-map-name

Configures the parameter map.

Command Default

Web authentication is disabled.

Command Modes

WLAN configuration

Command History

Release Modification
Cisco IOS XE 3.2SE

This command was introduced.

Examples

The following example shows how to configure the authentication-list web authentication on a WLAN:

Switch(config-wlan)# security web-auth authentication-list test

security wpa akm

To configure authentication key management using Cisco Centralized Key Management (CCKM), use the security wpa akm command. To disable the authentication key management for Cisco Centralized Key Management, use the no form of the command.

security wpa [ akm { cckm | dot1x | ft | pmf | psk } | wpa1 [ ciphers { aes | tkip } ] | wpa2 [ ciphers { aes | tikp } ] ]

no security wpa [ akm { cckm | dot1x | ft | pmf | psk } | wpa1 [ ciphers { aes | tkip } ] | wpa2 [ ciphers { aes | tikp } ] ]

Syntax Description

akm

Configures the Authentication Key Management (AKM) parameters.

aes

Configures AES (Advanced Encryption Standard) encryption support.

cckm

Configures Cisco Centralized Key Management support.

ciphers

Configures WPA ciphers.

dot1x

Configures 802.1x support.

ft

Configures fast transition using 802.11r.

pmf

Configures 802.11w management frame protection.

psk

Configures 802.11r fast transition pre-shared key (PSK) support.

tkip

Configures Temporal Key Integrity Protocol (TKIP) encryption support.

wpa2

Configures Wi-Fi Protected Access 2 ( WPA2) support.

Command Default

By default Wi-Fi Protected Access2, 802.1x are enabled. WPA2, PSK, CCKM, FT dot1x, FT PSK, PMF dot1x, PMF PSK, FT Support are disabled. The FT Reassociation timeout is set to 20 seconds, PMF SA Query time is set to 200.

Command Modes

WLAN configuration

Command History

Release Modification
Cisco IOS XE 3.3SE

This command was introduced.

Examples

The following example shows how to configure CCKM on the WLAN.

Switch(config-wlan)#security wpa akm cckm

service-policy (WLAN)

To configure the WLAN quality of service (QoS) service policy, use the service-policy command. To disable a QoS policy on a WLAN, use the no form of this command.

service-policy [client] { input | output } policy-name

no service-policy [client] { input | output } policy-name

Syntax Description

client

(Optional) Assigns a policy map to all clients in the WLAN.

input

Assigns an input policy map.

output

Assigns an output policy map.

policy-name

The policy name.

Command Default

No policies are assigned and the state assigned to the policy is None.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to configure the input QoS service policy on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# service-policy input policy-test

This example shows how to disable the input QoS service policy on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no service-policy input policy-test

This example shows how to configure the output QoS service policy on a WLAN to platinum (precious metal policy):

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# service-policy output platinum

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

session-timeout

To configure session timeout for clients associated to a WLAN, use the session-timeout command. To disable a session timeout for clients that are associated to a WLAN, use the no form of this command.

session-timeout seconds

no session-timeout

Syntax Description

seconds

Timeout or session duration in seconds. A value of zero (0) is equivalent to no timeout. The range is from 300 to 86400.

Command Default

The client timeout is set to 1800 seconds for WLANs that are configured with dot1x security. The client timeout is set to 0 for open WLANs.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Examples

This example shows how to configure a session timeout to 300 seconds:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# session-timeout 300

This example shows how to disable a session timeout:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no session-timeout

show remote-lan all

To display Remote-LAN properties of all configured Remote-LANs, use the show remote-lan all command.

show remote-lan all

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

Privileged EXEC (#)

Command History

Release Modification

Cisco IOS XE Denali 16.3.1

This command was introduced.

Examples

The following example displays Remote-LAN properties of all configured Remote-LANs:

Switch#show remote-lan all
Remote-LAN Profile Name : test
================================================
Identifier : 1
Status : Disabled
Universal AP Admin : Disabled
Max Associated Clients per Remote-LAN : 0
AAA Policy Override : Disabled
Number of Active Clients : 0
Exclusionlist Timeout : 60
Session Timeout : 1800 seconds
Interface : default
Interface Status : Up
Remote-LAN ACL : unconfigured
DHCP Server : 0.0.0.0
DHCP Address Assignment Required : Disabled
Local EAP Authentication : Disabled
Mac Filter Authorization list name : Disabled
Accounting list name : Disabled
802.1x authentication list name : Disabled
Security
802.11 Authentication : Open System
802.1X : Disabled
Web Based Authentication : Disabled
Conditional Web Redirect : Disabled
Splash-Page Web Redirect : Disabled
Webauth On-mac-filter Failure : Disabled
Webauth Authentication List Name : Disabled
Webauth Parameter Map : Disabled

show remote-lan id

To display the Remote-LAN configuration by ID, use the show remote-lan id command.

show remote-lan id id

Syntax Description

id

Remote LAN identifier. The range is from 1 to 64.

Command Default

None

Command Modes

Privileged EXEC (#)

Command History

Release Modification

Cisco IOS XE Denali 16.3.1

This command was introduced.

Examples

The following example shows how to display the Remote-LAN configuration by ID:

Switch #show remote-lan id 2
Remote-LAN Profile Name     : test
================================================
Identifier                                     : 2
Status                                         : Disabled
Universal AP Admin                             : Disabled
Max Associated Clients per Remote-LAN          : 0
AAA Policy Override                            : Enabled
Number of Active Clients                       : 0
Exclusionlist Timeout                          : 21474
Session Timeout                                : 864 seconds
Interface                                      : default
Interface Status                               : Up
Remote-LAN ACL                                  : testacl
DHCP Server                                    : 10.5.7.9
DHCP Address Assignment Required               : Disabled
Local EAP Authentication                       : testeapprofile
Mac Filter Authorization list name             : testmaclist
Accounting list name                           : testlist
802.1x authentication list name                : dotxauth
Security
    802.11 Authentication                      : Open System
    802.1X                                     : Enabled
        Encryption                             : 104-bit WEP

show remote-lan name

To display Remote-LAN configuration by profile name, use the show remote-lan name command.

show remote-lan name name

Syntax Description

name

Remote-LAN profile name.

Command Default

None

Command Modes

Privileged EXEC (#)

Command History

Release Modification

Cisco IOS XE Denali 16.3.1

This command was introduced.

Examples

The following example shows how to display Remote-LAN configuration by profile name:

Switch# show remote-lan name test
Remote-LAN Profile Name : test
================================================
Identifier : 1
Status : Disabled
Universal AP Admin : Disabled
Max Associated Clients per Remote-LAN : 0
AAA Policy Override : Disabled
Number of Active Clients : 0
Exclusionlist Timeout : 60
Session Timeout : 1800 seconds
Interface : default
Interface Status : Up
Remote-LAN ACL : unconfigured
DHCP Server : 0.0.0.0
DHCP Address Assignment Required : Disabled
Local EAP Authentication : Disabled
Mac Filter Authorization list name : Disabled
Accounting list name : Disabled
802.1x authentication list name : Disabled
Security
802.11 Authentication : Open System
802.1X : Disabled
Web Based Authentication : Disabled
Conditional Web Redirect : Disabled
Splash-Page Web Redirect : Disabled
Webauth On-mac-filter Failure : Disabled
Webauth Authentication List Name : Disabled
Webauth Parameter Map : Disabled

show remote-lan summary

To display the summary of all Remote-LANs, use the show remote-lan summary command.

show remote-lan summary

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

Privileged EXEC (#)

Command History

Release Modification

Cisco IOS XE Denali 16.3.1

This command was introduced.

Examples

The following example shows how to display the summary of all Remote-LANs:

Switch # show remote-lan summary
Number of Remote-LANs: 1

Remote-LAN Profile Name                     VLAN Status
-------------------------------------------------------
2          test                             1    DOWN

show running-config remote-lan

To display Remote-LAN configuration, use the show running-config remote-lan command.

show running-config remote-lan name

Syntax Description

name

Remote-LAN profile name.

Command Default

None

Command Modes

Privileged EXEC (#)

Command History

Release Modification

Cisco IOS XE Denali 16.3.1

This command was introduced.

Examples

The following example shows how to display Remote-LAN configuration:

Switch# show running-config remote-lan test
remote-lan test 1
aaa-override
accounting-list test-all-list
exclusionlist timeout 100
ip access-group test-acl
ip dhcp server 10.100.12.5
mac-filtering test-mac-list
security dot1x authentication-list test-dot1x-list
session-timeout 100
shutdown

show wlan

To view WLAN parameters, use the show wlan command.

show wlan { all | id wlan-id | name wlan-name | summary }

Syntax Description

all

Displays a summary of parameters of all configured WLANs. The list is ordered by the ascending order of the WLAN IDs.

id wlan-id

Specifies the wireless LAN identifier. The range is from 1 to 512.

name wlan-name

Specifies the WLAN profile name. The name is from 1 to 32 characters.

summary

Displays a summary of the parameters configured on a WLAN.

Command Default

None

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Examples

This example shows how to display a summary of the WLANs configured on the device:

Switch# show wlan summary
Number of WLANs: 1

WLAN Profile Name                     SSID                           VLAN Status
--------------------------------------------------------------------------------
45   test-wlan                        test-wlan-ssid                  1    UP

This example shows how to display a summary of parameters configured on a particular WLAN:

Switch# show wlan name test-wlan
WLAN Identifier                                : 45
Profile Name                                   : test-wlan
Network Name (SSID)                            : test-wlan-ssid
Status                                         : Enabled
Broadcast SSID                                 : Enabled
Maximum number of Associated Clients           : 0
AAA Policy Override                            : Disabled
Network Admission Control
  NAC-State                                    : Disabled
Number of Active Clients                       : 0
Exclusionlist Timeout                          : 60
Session Timeout                                : 1800 seconds
CHD per WLAN                                   : Enabled
Webauth DHCP exclusion                         : Disabled
Interface                                      : default
Interface Status                               : Up
Multicast Interface                            : test
WLAN IPv4 ACL                                  : test
WLAN IPv6 ACL                                  : unconfigured
DHCP Server                                    : Default
DHCP Address Assignment Required               : Disabled
DHCP Option 82                                 : Disabled
DHCP Option 82 Format                          : ap-mac
DHCP Option 82 Ascii Mode                      : Disabled
DHCP Option 82 Rid Mode                        : Disabled
QoS Service Policy - Input
  Policy Name                                  : unknown
  Policy State                                 : None
QoS Service Policy - Output
  Policy Name                                  : unknown
  Policy State                                 : None
QoS Client Service Policy
  Input  Policy Name                           : unknown
  Output Policy Name                           : unknown
WifiDirect                                     : Disabled
WMM                                            : Disabled
Channel Scan Defer Priority:
  Priority (default)                           : 4
  Priority (default)                           : 5
  Priority (default)                           : 6
Scan Defer Time (msecs)                        : 100
Media Stream Multicast-direct                  : Disabled
CCX - AironetIe Support                        : Enabled
CCX - Gratuitous ProbeResponse (GPR)           : Disabled
CCX - Diagnostics Channel Capability           : Disabled
Dot11-Phone Mode (7920)                        : Invalid
Wired Protocol                                 : None
Peer-to-Peer Blocking Action                   : Disabled
Radio Policy                                   : All
DTIM period for 802.11a radio                  : 1
DTIM period for 802.11b radio                  : 1
Local EAP Authentication                       : Disabled
Mac Filter Authorization list name             : Disabled
Accounting list name                           : Disabled
802.1x authentication list name                : Disabled
Security
    802.11 Authentication                      : Open System
    Static WEP Keys                            : Disabled
    802.1X                                     : Disabled
    Wi-Fi Protected Access (WPA/WPA2)          : Enabled
        WPA (SSN IE)                           : Disabled
        WPA2 (RSN IE)                          : Enabled
            TKIP Cipher                        : Disabled
            AES Cipher                         : Enabled
        Auth Key Management
            802.1x                             : Enabled
            PSK                                : Disabled
            CCKM                               : Disabled
    IP Security                                : Disabled
    IP Security Passthru                       : Disabled
    L2TP                                       : Disabled
    Web Based Authentication                   : Disabled
    Conditional Web Redirect                   : Disabled
    Splash-Page Web Redirect                   : Disabled
    Auto Anchor                                : Disabled
    Sticky Anchoring                           : Enabled
    Cranite Passthru                           : Disabled
    Fortress Passthru                          : Disabled
    PPTP                                       : Disabled
    Infrastructure MFP protection              : Enabled
    Client MFP                                 : Optional
    Webauth On-mac-filter Failure              : Disabled
    Webauth Authentication List Name           : Disabled
    Webauth Parameter Map                      : Disabled
    Tkip MIC Countermeasure Hold-down Timer    : 60
Call Snooping                                  : Disabled
Passive Client                                 : Disabled
Non Cisco WGB                                  : Disabled
Band Select                                    : Disabled
Load Balancing                                 : Disabled
IP Source Guard                                : Disabled
Netflow Monitor                                : test
        Direction                              : Input
        Traffic                                : Datalink

Mobility Anchor List
IP Address
-----------

show wireless wlan summary

To display wireless wlan summary, use the show wireless wlan summary command.

show wireless wlan summary

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command History

Release Modification
15.2(3)E

This command was introduced.

Examples

The following is a sample output of the show wireless wlan summary command.

Cisco-Controller# show wireless wlan summary 

Total WLAN Configured: 3

Total Client Count: 0



ID    Profile Name          SSID                  Security    Radio       VLAN        Client   Status  
-----------------------------------------------------------------------------------------------------
1     Test1                 xxx                   WPA1/WPA2   All         1           0        DOWN
2     wlan1                 wlan2-ssid            WPA1/WPA2   All         1           0        DOWN
3     wlan3                 mywlan3               WPA1/WPA2   All         1           0        DOWN

shutdown

To disable a WLAN, use the shutdown command. To enable a WLAN, use the no form of this command.

shutdown

no shutdown


Note


To enable LAN port in an AP group configuration and Remote-LAN profile, use the no form of this command.


Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Examples

This example shows how to disable a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan test-wlan
Switch(config-wlan)# shutdown
Switch(config-wlan)# end
Switch# show wlan summary
Number of WLANs: 1

WLAN Profile Name                     SSID                           VLAN Status
--------------------------------------------------------------------------------
45   test-wlan                         test-wlan-ssid                  1    DOWN

This example shows how to enable a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan test-wlan
Switch(config-wlan)# no shutdown
Switch(config-wlan)# end
Switch# show wlan summary
Number of WLANs: 1

WLAN Profile Name                     SSID                           VLAN Status
--------------------------------------------------------------------------------
45   test-wlan                         test-wlan-ssid                  1    UP

sip-cac

To configure the Session Initiation Protocol (SIP) Call Admission Control (CAC) feature on a WLAN, use the sip-cac command. To disable the SIP CAC feature, use the no form of this command.

sip-cac { disassoc-client | send-486busy }

no sip-cac { disassoc-client | send-486busy }

Syntax Description

disassoc-client

Enables a client disassociation if a CAC failure occurs.

send-486busy

Sends a SIP 486 busy message if a CAC failure occurs.

Command Default

None

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to enable a client disassociation and 486 busy message on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# sip-cac disassoc-client
Switch(config-wlan)# sip-cac send-486busy

This example shows how to disable a client association and 486 busy message on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no sip-cac disassoc-client
Switch(config-wlan)# no sip-cac send-486busy

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

static-ip tunneling

To enable static IP tunneling on a WLAN, use the static-ip tunneling command. To disable the static IP tunneling feature, use the no form of this command.

static-ip tunneling

no static-ip tunneling

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Examples

This example shows how to enable static-IP tunneling:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# static-ip tunneling

This example shows how to disable static-IP tunneling:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no static-ip tunneling

vlan

To assign a VLAN to an AP group, use the vlan command. To remove a VLAN ID, use the no form of this command.

vlan interface-name

no vlan

Syntax Description

interface-name

VLAN interface name.

Command Default

No VALN is assigned to the AP group. See Related Commands section for more information on how to disable a WLAN.

Command Modes

WLAN AP Group configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command.

Examples

This example shows how to configure a VLAN on an AP group:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# ap group ap-group-1
Switch(config-apgroup)# wlan test-wlan
Switch(config-wlan-apgroup)# vlan 3

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

universal-admin

To configure the WLAN as the universal admin, use the universal-admin command. To remove the configuration, use the no form of this command.

universal-admin

Command Default

None

Command Modes

WLAN configuration

Command History

Release Modification
Cisco IOS XE 3.7.0 E

This command was introduced.

Examples

Switchenable
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#wlan wlan1
Switch(config-wlan)#universal-admin







wgb non-cisco

To enable non-Cisco Workgroup Bridges (WGB) clients on the WLAN, use the wgb non-cisco command. To disable support for non-Cisco WGB clients, use the no form of this command.

wgb non-cisco

no wgb non-cisco

Syntax Description

This command has no keywords or arguments.

Command Default

Non-Cisco WGB clients are disabled.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to enable non-Cisco WGBs on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# shutdown
Switch(config-wlan)# wgb non-cisco
Switch(config-wlan)# no shutdown

This example shows how to disable support for non-Cisco WGB clients on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# shutdown
Switch(config-wlan)# no wgb non-cisco
Switch(config-wlan)# no shutdown

wifidirect policy

To configure Wi-Fi Direct client policy on a WLAN, use the wifidirect policy command. To disable Wi-Fi Direct Client policy, use the no form of the command.

wifidirect policy { permit | deny }

Syntax Description

permit

Enables Wi-Fi Direct clients to associate with the WLAN.

deny

When the Wi-Fi Direct policy is configured as "deny", the switch permits or denies Wi-Fi Direct devices based on the device capabilities. A WI-Fi Direct device reports these capabilities in its association request to the switch and these are based on the Wi-Fi capabilities of the device. These include:

  • Concurrent Operation

  • Cross connection

If the Wi-Fi device supports either concurrent operations or cross connections or both, the client association is denied. The client can associate if the device does not support concurrent operations and cross connections.

Command Default

Wi-Fi Direct is disabled.

Command Modes

WLAN configuration

Command History

Release Modification
Cisco IOS XE 3.3SE

This command was introduced.

Examples

The following example shows how to enable Wi-Fi Direct and configure the Wi-Fi Direct clients to associate with the WLAN:

Switch(config-wlan)# wifidirect policy permit

wlan (AP Group Configuration)

To configure WLAN parameters of a WLAN in an access point (AP) group, use the wlan command. To remove a WLAN from the AP group, use the no form of this command.

wlan wlan-name

no wlan wlan-name

Syntax Description

wlan-name

WLAN profile name. The range is from 1 to 32 alphanumeric characters.

Command Default

WLAN parameters are not configured for an AP group.

Command Modes

AP Group configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to configure WLAN related parameters in the AP group configuration mode:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# ap group test
Switch(config-apgroup)# wlan qos-wlan

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

wlan

To create a wireless LAN, use the wlan command. To disable a wireless LAN, use the no form of this command.

wlan [ wlan-name | wlan-name wlan-id | wlan-name wlan-id wlan-ssid ]

no wlan [ wlan-name | wlan-name wlan-id | wlan-name wlan-id wlan-ssid ]

Syntax Description

wlan-name

WLAN profile name. The name is from 1 to 32 alphanumeric characters.

wlan-id

Wireless LAN identifier. The range is from 1 to 512.

wlan-ssid

SSID. The range is from 1 to 32 alphanumeric characters.

Command Default

WLAN is disabled.

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

If you do not specify an SSID, the profile name parameter is used for both the profile name and the SSID. If the management and AP-manager interfaces are mapped to the same port and are members of the same VLAN, you must disable the WLAN before making a port-mapping change to either interface. If the management and AP-manager (Access Point Manager) interfaces are assigned to different VLANs, you do not need to disable the WLAN.

An error message appears if you try to delete a WLAN that is assigned to an access point group. If you proceed, the WLAN is removed from the access point group and from the access point’s radio.

Examples

This example shows how to create a WLAN:
Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config)# wlan test-wlan-cr 67 test-wlan-cr-ssid

This example shows how to delete a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config)# no wlan test-wlan-cr 67 test-wlan-cr-ssid

wlan shutdown

To disable a WLAN, use the wlan shutdown command. To enable a WLAN, use the no form of this command.

wlan shutdown

no wlan shutdown

Command Default

The WLAN is disabled.

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to shut down a WLAN:
Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# shutdown

Related Commands

Command

Description

wlan

Creates or disables a WLAN.

wmm

To enable Wi-Fi Multimedia (WMM) on a WLAN, use the wmm command. To disable WMM on a WLAN, use the no form of this command.

wmm { allowed | require }

no wmm

Syntax Description

allowed

Allows WMM on a WLAN.

require

Mandates that clients use WMM on the WLAN.

Command Default

WMM is enabled.

Command Modes

WLAN configuration

Command History

Release Modification

Cisco IOS XE 3.2SE

This command was introduced.

Usage Guidelines

When the switch is in Layer 2 mode and WMM is enabled, you must put the access points on a trunk port in order to allow them to join the switch.

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to enable WMM on a WLAN:
Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# wmm allowed

This example shows how to disable WMM on a WLAN:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# wlan wlan1
Switch(config-wlan)# no wmm

Related Commands

Command

Description

wlan

Creates or disables a WLAN.