Mobility Express Controller Commands

Application Visibility Commands

The following commands are used to configure Application Visibility on the Cisco Mobility Express controller.

Command

Description

Added in Release

config flexconnect group default-flexgroup avc 1 visibility { enable | disable }

To enable or disable Application Visibility in a WLAN

8.1.122.0

show flexconnect group detail default-flexgroup

To display the status of Application Visibility in each WLAN

8.1.122.0

show flexconnect avc statistics group default-flexgroup

To view Application Visibility statistics based on the flex group

8.1.122.0

show flexconnect avc statistics client client_MAC

To view Application Visibility statistics based on each client

8.1.122.0

Cisco Umbrella Commands

The following commands are used to configure Cisco Umbrella in the Cisco Mobility Express network.

Command

Description

Added in Release

config opendns {Enable | Disable}

To configure the Cisco Umbrella feature. You can enable or disable the feature.

<8.8 MR1>

config opendns api-token

To register the Cisco Umbrella API token on the network.

<8.8 MR1>

config opendns profile {create |delete | refresh}

To create, delete, or refresh a Cisco Umbrella profile that can be applied over a WLAN

<8.8 MR1>

config wlan opendns-profile <wlan-id> <profile-name> {enable | disable}

To map the Cisco Umbrella profile identity to a WLAN.

<8.8 MR1>

config wlan opendns-dhcp-opt6 <wlan-id> {enable | disable}

To enable or disable DHCP option 6 per WLAN.

<8.8 MR1>

config wlan opendns-mode <wlan-id> {ignore | forced}

To ignore or force the Cisco Umbrella mode on the WLAN.

<8.8 MR1>

show opendns summary

To display details of Cisco Umbrella.

<8.8 MR1>

CleanAir Commands

Command

Description

Added in Release

config 802.11b cleanair enable ap_MAC

To enable CleanAir on an associated AP. Not applicable to 1850 and 1830 series APs.

8.1.122.0

show 802.11b cleanair device ap ap_MAC

To list all the interference devices connected to the AP.

8.1.122.0

show 802.11b cleanair device type jammer

To jam a specific interference device.

8.1.122.0

CMX Cloud Commands

Command

Description

Added in Release

config cloud-services server id-token CMX_token

To specify a valid CMX server token.

8.3.102.0

config cloud-services server url url

To specify a valid CMX server URL.

8.3.102.0

config cloud-services cmx enable

To enable CMX analytics.

8.3.102.0

show cloud-services cmx summary

To view details of the configured CMX cloud services.

8.3.102.0

Commands for Collecting Log, Core, and Crash Files

Command

Description

Added in Release

  1. transfer upload datatype support-bundle

  2. transfer upload start

Use these commands in sequence to collect log, core and crash files.

The files of the following data types are collected, bundled into a .TAR file, and the uploaded to a configured TFTP or FTP server:

  • run-config

  • systemtrace

  • traplog

  • debug-file

  • crashfile

  • coredump

  • ap-crash-data

8.3.102.0

debug transfer all enable

To debug the code-flow, use this command before the transfer upload start command.

8.3.102.0

debug disable-all

To disable debugging of the code-flow.

8.3.102.0

Commands for Software Download from Cisco.com

Step

Command

Description

Added in Release

1

transfer download ap-images mode cco

To set the mode of download of software images to be from Cisco.com.

8.3.102.0

2

transfer download ap-images cco-username username cco-password password

To specify the Cisco.com credentials to be used.

8.3.102.0

3

transfer download ap-images version { suggested | latest }

To specify whether the suggested or the latest software version images are to be downloaded.

8.3.102.0

4

transfer download ap-images cco-auto-check { enable | disable }

To set the controller to automatically check for software image updates from Cisco.com.

8.3.102.0

5

transfer download start

To start the download.

8.3.102.0

Controller Image Upgrade Commands

The following commands are used when performing a Mobility Express controller software image upgrade.

Command

Description

Added in Release

transfer download ap-images imagePath image_path

To set the path of the software image on the TFTP server

8.1.122.0

transfer download ap-images mode tftp

To set the file transfer mode as TFTP

8.1.122.0

transfer download ap-images serverIp ipv4_address

To specify the IP address of the TFTP server

8.1.122.0

transfer download start

To save the configuration and start the image download

8.1.122.0

transfer download stop

To stop the ongoing image download

8.3.102.0

debug transfer all { enable | disable }

To debug the transfer and download with all sub commands enabled

8.1.122.0

debug transfer tftp { enable | disable }

To debug transfer download of TFTP

8.1.122.0

debug transfer trace { enable | disable }

To debug transfer trace

8.1.122.0

DNS Commands

Command

Description

Added in Release

config network dns default To configure the default DNS servers.

8.2.100.1

show network summary To view a network summary, with the default DNS servers listed, if they are enabled.

8.2.100.1

DNS ACL Commands

The following commands are used while configuring DNS IPv4 ACLs and DNS IPv6 ACLs on the Cisco Mobility Express controller.

Table 1. DNS ACL Commands

Command

Description

Command History

config flexconnect acl create acl-name

Creates and configures the ACL.

Introduced in 8.6.101.0

config flexconnect ipv6 acl create acl-name

Creates and configures the IPv6 ACL.

Introduced in 8.6.101.0

config flexconnect acl url-domain url {snmptraps | | | radius}enable | | | disable

Configures secure tunnel application support.

Introduced in 8.6.101.0

config secure-tunnel network {snmptraps | | | radius}enable | | | disable

Configures the secure tunnel network.

Introduced in 8.6.101.0

config flexconnect acl url-domain add acl-nameindex

Adds the URL domain to the ACL.

Introduced in 8.6.101.0

config flexconnect ipv6 acl url-domain add acl-nameindex

Adds the URL domain to the IPv6 ACL.

config flexconnect acl url-domain url acl-nameindexurl-name

Configures the URL name in the ACL.

Introduced in 8.6.101.0

config flexconnect ipv6 acl url-domain url acl-nameindexurl-name

Configures the URL name in the IPv6 ACL.

config flexconnect acl url-domain delete acl-nameindex

Deletes the URL domain from the ACL.

Introduced in 8.6.101.0

config flexconnect ipv6 acl url-domain delete acl-nameindex

Deletes the IPv6 URL domain from the ACL.

config flexconnect acl url-domain action acl-nameindex permit| deny

Configures the action of an ACL rule.

Introduced in 8.6.101.0

config flexconnect ipv6 acl url-domain action acl-nameindex permit| deny

Configures the action of an IPv6 ACL rule.

config flexconnect group group-namepolicy acl {add | delete}acl-name

Adds or deletes policy IPv4 ACL on the Flexconnect group.

Introduced in 8.6.101.0

config flexconnect group group-namepolicy ipv6 acl {add | delete}acl-name

Adds or deletes policy IPv6 ACL on the Flexconnect group.

config flexconnect acl apply acl-name

Applies the IPv4 ACL to the APs.

config flexconnect ipv6 acl apply acl-name

Applies the IPv6 ACL to the APs.

config flexconnect group group-nameweb-auth wlanwlan-idaclacl-name{enable| disable}

Configures WLAN for web-auth IPv4 ACL on the Flexconnect group.

Introduced in 8.6.101.0

config flexconnect group group-nameweb-auth wlanwlan-id ipv6 aclacl-name{enable| disable}

Configures WLAN for web-auth IPv6 ACL on the Flexconnect group.

Introduced in 8.6.101.0

show flexconnect acl {summary | detailed acl-name}

Displays the summary of the Access Control Lists or the detailed Access Control List information.

Introduced in 8.6.101.0

show flexconnect ipv6acl {summary | detailed acl-name}

Displays the summary of the IPv6 Access Control Lists or the detailed IPv6 Access Control List information.

Introduced in 8.6.101.0

Efficient AP Join Command

The following command is used to configure the efficient AP join in the Cisco Mobility Express network.

Command

Description

Added in Release

config flexconnect group default-flexgroup efficient-join {enable | disable}

To configure efficient join.

8.8.100.0

EoGRE Commands

The following commands are available once Ethernet over GRE (EoGRE) configurations are enabled for the Cisco Mobility Express network. EoGRE tunnels in Cisco Mobility Express only support FlexConnect mode.

Command

Description

Added in Release

config tunnel

To add or delete custom CCX multicast addresses for RFID tag tracking.

The addresses that can be configured include 0x01, 0x40, 0x96, 0x00, and 0x03.

8.8.100.0

config tunnel

To

8.8.100.0

config tunnel

To

8.8.100.0

config tunnel

To

8.8.100.0

config tunnel profile rule add profile-name realm-filter realm-string eogre vlanvlan-id domain-name

To add a new rule to the profile.

8.8.100.0

config tunnel profile rule delete profile-name realm-filter realm-string

To delete an existing rule from the profile.

8.8.100.0

config tunnel profile rule modify profile-name realm-filter realm-string eogre vlanvlan-id domain-name

To modify an existing rule.

8.8.100.0

config tunnel

To

8.8.100.0

config tunnel

To

8.8.100.0

config tunnel

To

8.8.100.0

config tunnel

To

8.8.100.0

config tunnel

To

8.8.100.0

config tunnel

To

8.8.100.0

config rfid rate-limit

To configure the RFID message rate limit over a cycle of processing.

8.8.100.0

config rfid status {enable | disable}

To enable or disable RFID tag data collection.

8.8.100.0

config rfid timeout

To configure the RFID tag data timeout.

8.8.100.0

show rfid client

To display the summary of RFID tags that are clients.

8.8.100.0

show rfid config

To display the configuration options for RFID tag tracking.

8.8.100.0

show rfid detail

To display detailed information for a specified RFID tag.

8.8.100.0

show rfid summary

To display summary information for all known RFID tags.

8.8.100.0

Migration Commands

The following commands are used for converting an AP from Mobility Express software image to Lightweight CAPWAP AP software image, and vice-versa.

Command

Description

Added in Release

ap-type capwap

To convert ap-type from Mobility Express to CAPWAP

8.1.122.0

ap-type mobilityexpress tftp://tftp_server/file_name

To convert ap-type from CAPWAP to Mobility Express, when running an Mobility Express software image

8.1.122.0

config ap unifiedmode switch_name switch_IP_address

To convert all APs to type CAPWAP simultaneously from the switch

8.1.122.0

mDNS Commands

The following commands are used to configure multicast DNS in the Cisco Mobility Express network.

Command

Description

Added in Release

config mdns policy {disable | enable | service-group}

To configure the mDNS policy. You can enable or disable and mDNS access policy, and also configure and mDNS service group.

Introduced in 8.8.120.0

config mdns policy service-group create <service-group-name> [<service-group-description>]

To create an mDNS service group, enter the service group name and the description.

Introduced in 8.8.120.0

config mdns policy service-group delete <service-group-name>

To delete an mDNS service group, enter the service group name.

Introduced in 8.8.120.0

config mdns policy service-group device-mac {add <service-group-name> <mac-addr> <device-name> <location-type> <device-location> | delete <service-group-name> <mac-addr>}

To add a device-mac to the mDNS service group, enter the service group name, MAC address, the device name, and the location type.

Enter the device location type as AP_LOCATION, or AP_NAME, or AP_GROUP.

To delete a device-mac, enter the service group name and the MAC address.

Introduced in 8.8.120.0

config mdns policy service-group user-name {add | delete} <service-group-name> <user-name>

To add or delete the mDNS policy service group username, enter the service group name and the username.

Introduced in 8.8.120.0

config mdns policy service-group user-role {add | delete} <service-group-name> <user-name>

To add or delete the mDNS policy service group user role, enter the service group name and the username.

Introduced in 8.8.120.0

show mdns policy service-group {summary | detailed <service-group-name>}

To view the mDNS access policy status, total number of mDNS policies, and number of admin configured policies.

The summary keyword displays the access policy status, total number of mDNS policies, and number of admin configured policies.

The detailed keyword displays details of a particular service group name.

Introduced in 8.8.120.0

clear mdns service-database

To clear the mDNS service database.

8.8.100.0

config mdns service

To configure the mDNS service. You can create a service, mention the origin, enable or disable a query, and delete a service.

8.8.100.0

config mdns service lss

To enable or disable location specific service on a specific mDNS service or all mDNS services.

8.8.100.0

config mdns service origin

To configure learning of services from wired, wireless, or both.

8.8.100.0

config mdns snooping {enable | disable}

To enable mDNS snooping on the WLAN.

8.8.100.0

config mdns profile {create | delete}

To configure an mDNS profile.

8.8.100.0

config wlan mdns {enable | disable}

To configure mDNS for a WLAN.

8.8.100.0

config wlan mdns profile

To map an mDNS profile to a WLAN.

8.8.100.0

config mdns query interval

To set the value of the mDNS query in minutes.

8.8.100.0

config mdns service

To configure the mDNS service. You can create a service, mention the origin, enable or disable a query, and delete a service.

8.8.100.0

config mdns service query {enable | disable}

To configure a query for an mDNS service.

8.8.100.0

config mdns profile service {add | delete}

To configure an mDNS profile to a service

8.8.100.0

show client detail

To view the mDNS profile for a client.

8.8.100.0

show mdns domain-name-ip summary

To view information about the mDNS domain names.

8.8.100.0

show mdns profile

To display the information about all mDNS profiles or a particular mDNS profile.

8.8.100.0

show mdns service

To display the information about all mDNS services or a particular mDNS service.

8.8.100.0

show network summary

To view the mDNS details for a network.

8.8.100.0

show wlan

To view information about an mDNS profile that is associated with a WLAN.

8.8.100.0

Next Preferred Primary AP and Forced Failover

Command

Description

Added in Release

config ap next-preferred-master cisco_ap_name To set the next preferred primary AP.

8.3.102.0

config ap next-preferred-master cisco_ap_name forced-failover To set the next preferred primary AP and to manually trigger a failover to that AP.

8.3.102.0

NTP Commands

Command

Description

Added in Release

config time ntp server 1 FQDN_of_server To configure the fully qualified domain name of the NTP server having, for example here, NTP index 1.

8.2.100.1

config time ntp server 2 NTP_Server_IP_address To configure the IP address of the NTP server having, for example here, NTP index 2.

8.2.100.1

RFID Commands

The following commands are used to configure and monitor tracking of Radio Frequency Identifier (RFID) tags in the Cisco Mobility Express network.

Command

Description

Added in Release

config rfid ccx

To add or delete custom CCX multicast addresses for RFID tag tracking.

The addresses that can be configured include 0x01, 0x40, 0x96, 0x00, and 0x03.

8.8.100.0

config rfid rate-limit

To configure the RFID message rate limit over a cycle of processing.

8.8.100.0

config rfid status {enable | disable}

To enable or disable RFID tag data collection.

8.8.100.0

config rfid timeout

To configure the RFID tag data timeout.

8.8.100.0

show rfid client

To display the summary of RFID tags that are clients.

8.8.100.0

show rfid config

To display the configuration options for RFID tag tracking.

8.8.100.0

show rfid detail

To display detailed information for a specified RFID tag.

8.8.100.0

show rfid summary

To display summary information for all known RFID tags.

8.8.100.0

TLS Gateway Commands

The following commands are used while configuring a secure TLS tunnel to enable the Cisco Mobility Express controller to communicate with the TLS gateway.


Note
TLS Gateway does not support Cisco Mobility Express platform.
Table 2. TLS Secure Tunnel Gateway Commands

Command

Description

Command History

config secure-tunnel gateway {fqdn | | | ip-address | | | ip-address}

Configures the TLS secure tunnel gateway parameters: gateway FQDN, gateway IP Address, and gateway port.

Introduced in 8.6.101.0

config secure-tunnel psk {identity | | | key}

Configures secure tunnel PSK cipher parameters.

Introduced in 8.6.101.0

config secure-tunnel application {snmptraps | | | radius}enable | | | disable

Configures secure tunnel application support.

Introduced in 8.6.101.0

config secure-tunnel network {snmptraps | | | radius}enable | | | disable

Configures the secure tunnel network.

Introduced in 8.6.101.0

config secure-tunnelenable | | | disable

Configures secure tunnel support.

Introduced in 8.6.101.0

show secure-tunnel summary

Displays the summary of the secure tunnel configuration and the secure tunnel runtime information.

Introduced in 8.6.101.0

show secure-tunnel detail

Displays the details of the secure tunnel configured networks, runtime information, Cloud DNS servers, secure tunnel routes and so on.

Introduced in 8.6.101.0

show secure-tunnel statistics

Displays the secure tunnel statistics.

Introduced in 8.6.101.0

show secure-tunnel debug-info

Displays the debug information of the secure tunnel.

Introduced in 8.6.101.0

VRRP Commands

The following Virtual Router Redundancy Protocol (VRRP) commands are used during the Mobility Express controller failover and for the primary AP.

Command

Description

Added in Release

config ap next-preferred-master

To configure the primary AP that has been elected to take over as the new primary AP

8.1.122.0

show ap next-preferred-master

To display the status of the primary AP

8.1.122.0

clear ap next-preferred-master

To clear the configuration of the primary AP

8.1.122.0

show mob-exp vrrp vrid

To display the VRID.

8.8.100.0

show mob-exp vrrp mac

To display the VRRP MAC

8.8.100.0

config mob-exp vrid new_vrid

To configure a new VRID. The range for new_vrid is 1 to 255 where the default is 1.

8.8.100.0

WLAN Security Commands

Command

Description

Added in Release

config wlan security wpa akm cckm {enable | disable} wlan_id

To enable or disable CCKM

8.2.100.1