show Commands
This section lists the show commands to display information about your security configuration settings for the controller.
show 802.11
To display basic 802.11a, 802.11b/g, or 802.11h network settings, use the show 802.11 command.
show 802.11{ a | b | h}
Syntax Description
a |
Specifies the 802.11a network. |
b |
Specifies the 802.11b/g network. |
h |
Specifies the 802.11h network. |
Command Default
None.
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
This example shows to display basic 802.11a network settings:
> show 802.11a
802.11a Network.................................. Enabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
--More-- or (q)uit
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Enabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admission Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0
This example shows how to display basic 802.11h network settings:
> show 802.11h
802.11h ......................................... powerconstraint : 0
802.11h ......................................... channelswitch : Disable
802.11h ......................................... channelswitch mode : 0
show aaa auth
To display the configuration settings for the AAA authentication server database, use the show aaa auth command.
show aaa auth
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display the configuration settings for the AAA authentication server database:
(Cisco Controller) > show aaa auth
Management authentication server order:
1............................................ local
2............................................ tacacs
show advanced eap
To display Extensible Authentication Protocol (EAP) settings, use the show advanced eap command.
show advanced eap
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display the EAP settings:
(Cisco Controller) > show advanced eap
EAP-Identity-Request Timeout (seconds)........... 1
EAP-Identity-Request Max Retries................. 20
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 1
EAP-Request Max Retries.......................... 20
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
show client detail
To display IP addresses per client learned through DNS snooping (DNS-based ACL), use the show client detail mac_address command.
show client detail mac_address
Syntax Description
mac_address |
MAC address of the client. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following is a sample output of the show client detail mac_address command.
(Cisco Controller) > show client detail 01:35:6x:yy:21:00
Client MAC Address............................... 01:35:6x:yy:21:00
Client Username ................................. test
AP MAC Address................................... 00:11:22:33:44:x0
AP Name.......................................... AP0011.2020.x111
AP radio slot Id................................. 1
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 7
Hotspot (802.11u)................................ Not Supported
BSSID............................................ 00:11:22:33:44:xx
Connected For ................................... 28 secs
Channel.......................................... 56
IP Address....................................... 10.0.0.1
Gateway Address.................................. Unknown
Netmask.......................................... Unknown
IPv6 Address..................................... xx20::222:6xyy:zeeb:2233
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Client CCX version............................... No CCX support
Re-Authentication Timeout........................ 1756
QoS Level........................................ Silver
Avg data Rate.................................... 0
Burst data Rate.................................. 0
Avg Real time data Rate.......................... 0
Burst Real Time data Rate........................ 0
802.1P Priority Tag.............................. disabled
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Enabled
APSD ACs....................................... BK BE VI VO
Power Save....................................... ON
Current Rate..................................... m7
Supported Rates.................................. 6.0,9.0,12.0,18.0,24.0,36.0,
............................................. 48.0,54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ No
Policy Manager State............................. SUPPLICANT_PROVISIONING
Policy Manager Rule Created...................... Yes
AAA Override ACL Name............................ android
AAA Override ACL Applied Status.................. Yes
AAA Override Flex ACL Name....................... none
AAA Override Flex ACL Applied Status............. Unavailable
AAA URL redirect................................. https://10.0.0.3:8443/guestportal/gateway?sessionId=0a68aa72000000015272404e&action=nsp
Audit Session ID................................. 0a68aa72000000015272404e
AAA Role Type.................................... none
Local Policy Applied............................. p1
IPv4 ACL Name.................................... none
FlexConnect ACL Applied Status................... Unavailable
IPv4 ACL Applied Status.......................... Unavailable
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Layer2 ACL Name.................................. none
Layer2 ACL Applied Status........................ Unavailable
Client Type...................................... SimpleIP
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
No. of mDNS Services Advertised.................. 0
Policy Type...................................... WPA2
Authentication Key Management.................... 802.1x
Encryption Cipher................................ CCMP (AES)
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... PEAP
Interface......................................
.. management
VLAN............................................. 0
Quarantine VLAN.................................. 0
Access VLAN...................................... 0
Client Capabilities:
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Not implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 10
Fast BSS Transition........................ Not implemented
Client Wifi Direct Capabilities:
WFD capable................................ No
Manged WFD capable......................... No
Cross Connection Capable................... No
Support Concurrent Operation............... No
Fast BSS Transition Details:
Client Statistics:
Number of Bytes Received................... 123659
Number of Bytes Sent....................... 120564
Number of Packets Received................. 1375
Number of Packets Sent..................... 276
Number of Interim-Update Sent.............. 0
Number of EAP Id Request Msg Timeouts...... 0
Number of EAP Id Request Msg Failures...... 0
Number of EAP Request Msg Timeouts......... 2
Number of EAP Request Msg Failures......... 0
Number of EAP Key Msg Timeouts............. 0
Number of EAP Key Msg Failures............. 0
Number of Data Retries..................... 82
Number of RTS Retries...................... 0
Number of Duplicate Received Packets....... 0
Number of Decrypt Failed Packets........... 0
Number of Mic Failured Packets............. 0
Number of Mic Missing Packets.............. 0
Number of RA Packets Dropped............... 0
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -51 dBm
Signal to Noise Ratio...................... 46 dB
Client Rate Limiting Statistics:
Number of Data Packets Recieved............ 0
Number of Data Rx Packets Dropped.......... 0
Number of Data Bytes Recieved.............. 0
Number of Data Rx Bytes Dropped............ 0
Number of Realtime Packets Recieved........ 0
Number of Realtime Rx Packets Dropped...... 0
Number of Realtime Bytes Recieved.......... 0
Number of Realtime Rx Bytes Dropped........ 0
Number of Data Packets Sent................ 0
Number of Data Tx Packets Dropped.......... 0
Number of Data Bytes Sent.................. 0
Number of Data Tx Bytes Dropped............ 0
Number of Realtime Packets Sent............ 0
Number of Realtime Tx Packets Dropped...... 0
Number of Realtime Bytes Sent.............. 0
Number of Realtime Tx Bytes Dropped........ 0
Nearby AP Statistics:
AP0022.9090.c545(slot 0)
antenna0: 26 secs ago.................... -33 dBm
antenna1: 26 secs ago.................... -35 dBm
AP0022.9090.c545(slot 1)
antenna0: 25 secs ago.................... -41 dBm
antenna1: 25 secs ago.................... -44 dBm
APc47d.4f3a.35c2(slot 0)
antenna0: 26 secs ago.................... -30 dBm
antenna1: 26 secs ago.................... -36 dBm
APc47d.4f3a.35c2(slot 1)
antenna0: 24 secs ago.................... -43 dBm
antenna1: 24 secs ago.................... -45 dBm
DNS Server details:
DNS server IP ............................. 0.0.0.0
DNS server IP ............................. 0.0.0.0
Client Dhcp Required: False
Allowed (URL)IP Addresses
-------------------------
209.165.200.225
209.165.200.226
209.165.200.227
209.165.200.228
209.165.200.229
209.165.200.230
209.165.200.231
209.165.200.232
209.165.200.233
209.165.200.234
209.165.200.235
209.165.200.236
209.165.200.237
209.165.200.238
209.165.201.1
209.165.201.2
209.165.201.3
209.165.201.4
209.165.201.5
209.165.201.6
209.165.201.7
209.165.201.8
209.165.201.9
209.165.201.10
show database summary
To display the maximum number of entries in the database, use the show database summary command.
show database summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following is a sample output of the show database summary command:
(Cisco Controller) > show database summary
Maximum Database Entries......................... 2048
Maximum Database Entries On Next Reboot.......... 2048
Database Contents
MAC Filter Entries........................... 2
Exclusion List Entries....................... 0
AP Authorization List Entries................ 1
Management Users............................. 1
Local Network Users.......................... 1
Local Users.............................. 1
Guest Users.............................. 0
Total..................................... 5
show exclusionlist
To display a summary of all clients on the manual exclusion list from associating with the controller, use the show exclusionlist command.
show exclusionlist
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Usage Guidelines
This command displays all manually excluded MAC addresses.
Examples
The following example shows how to display the exclusion list:
(Cisco Controller) > show exclusionlist
No manually disabled clients.
Dynamically Disabled Clients
----------------------------
MAC Address Exclusion Reason Time Remaining (in secs)
----------- ---------------- ------------------------
00:40:96:b4:82:55 802.1X Failure 51
show local-auth certificates
To display local authentication certificate information, use the show local-auth certificates command:
show local-auth certificates
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display the authentication certificate information stored locally:
(Cisco Controller) > show local-auth certificates
show local-auth config
To display local authentication configuration information, use the show local-auth config command.
show local-auth config
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display the local authentication configuration information:
(Cisco Controller) > show local-auth config
User credentials database search order:
Primary ................................... Local DB
Configured EAP profiles:
Name ...................................... fast-test
Certificate issuer .................... default
Enabled methods ....................... fast
Configured on WLANs ................... 2
EAP Method configuration:
EAP-TLS:
Certificate issuer .................... default
Peer verification options:
Check against CA certificates ..... Enabled
Verify certificate CN identity .... Disabled
Check certificate date validity ... Enabled
EAP-FAST:
TTL for the PAC ....................... 3 600
Initial client message ................ <none>
Local certificate required ............ No
Client certificate required ........... No
Vendor certificate required ........... No
Anonymous provision allowed ........... Yes
Authenticator ID ...................... 7b7fffffff0000000000000000000000
Authority Information ................. Test
EAP Profile.................................... tls-prof
Enabled methods for this profile .......... tls
Active on WLANs ........................... 1 3EAP Method configuration:
EAP-TLS:
Certificate issuer used ............... cisco
Peer verification options:
Check against CA certificates ..... disabled
Verify certificate CN identity .... disabled
Check certificate date validity ... disabled
show local-auth statistics
To display local Extensible Authentication Protocol (EAP) authentication statistics, use the show local-auth statistics command:
show local-auth statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display the local authentication certificate statistics:
(Cisco Controller) > show local-auth statistics
Local EAP authentication DB statistics:
Requests received ............................... 14
Responses returned .............................. 14
Requests dropped (no EAP AVP) ................... 0
Requests dropped (other reasons) ................ 0
Authentication timeouts ......................... 0
Authentication statistics:
Method Success Fail
------------------------------------
Unknown 0 0
LEAP 0 0
EAP-FAST 2 0
EAP-TLS 0 0
PEAP 0 0
Local EAP credential request statistics:
Requests sent to LDAP DB ........................ 0
Requests sent to File DB ........................ 2
Requests failed (unable to send) ................ 0
Authentication results received:
Success ....................................... 2
Fail .......................................... 0
Certificate operations:
Local device certificate load failures .......... 0
Total peer certificates checked ................. 0
Failures:
CA issuer check ............................... 0
CN name not equal to identity ................. 0
Dates not valid or expired .................... 0
show netuser
To display the configuration of a particular user in the local user database, use the show netuser command.
show netuser { detail user_name | guest-roles | summary}
Syntax Description
detail |
Displays detailed information about the specified network user. |
user_name |
Network user. |
guest_roles |
Displays configured roles for guest users. |
summary |
Displays a summary of all users in the local user database. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following is a sample output of the show netuser summary command:
(Cisco Controller) > show netuser summary
Maximum logins allowed for a given username ........Unlimited
The following is a sample output of the show netuser detail command:
(Cisco Controller) > show netuser detail john10
username........................................... abc
WLAN Id............................................. Any
Lifetime............................................ Permanent
Description......................................... test user
show network
To display the current status of 802.3 bridging for all WLANs, use the show network command.
show network
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
This example shows how to display the network details:
(Cisco Controller) > show network
show network summary
To display the network configuration of the Cisco wireless LAN controller, use the show network summary command.
show network summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
This example shows how to display a summary configuration:
(Cisco Controller) >show network summary
RF-Network Name............................. RF
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Enable
Ethernet Multicast Mode..................... Disable Mode: Ucast
Ethernet Broadcast Mode..................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
MLD snooping................................ Disabled
MLD timeout................................. 60 seconds
MLD query interval.......................... 20 seconds
User Idle Timeout........................... 300 seconds
AP Join Priority............................ Disable
ARP Idle Timeout............................ 300 seconds
ARP Unicast Mode............................ Disabled
Cisco AP Default Master..................... Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Over The Air Provisioning of AP's........... Enable
Apple Talk ................................. Disable
Mesh Full Sector DFS........................ Enable
AP Fallback ................................ Disable
Web Auth CMCC Support ...................... Disabled
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Web Auth Captive-Bypass .................. Disable
Web Auth Secure Web ....................... Enable
Fast SSID Change ........................... Disabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
CCX-lite status ............................ Disable
oeap-600 dual-rlan-ports ................... Disable
oeap-600 local-network ..................... Enable
mDNS snooping............................... Disabled
mDNS Query Interval......................... 15 minutes
Web Color Theme............................. Red
Web Color Theme............................. Default
CAPWAP Prefer Mode.......................... IPv4
show ntp-keys
To display network time protocol authentication key details, use the show ntp-keys command.
show ntp-keys
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
7.6 | This command was introduced in a release earlier than Release 7.6. |
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
This example shows how to display NTP authentication key details:
(Cisco Controller) > show ntp-keys
Ntp Authentication Key Details...................
Key Index
-----------
1
3
show radius acct detailed
To display RADIUS accounting server information, use the show radius acct detailed command.
show radius acct detailed radius_index
Syntax Description
radius_index |
Radius server index. The range is from 1 to 17. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display RADIUS accounting server information:
(Cisco Controller) > show radius acct detailed 5
Radius Index........5
NAI Realms..........LAB.VTV.BLR.cisco.co.in
show radius acct statistics
To display the RADIUS accounting server statistics for the Cisco wireless LAN controller, use the show radius acct statistics command.
show radius acct statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display RADIUS accounting server statistics:
(Cisco Controller) > show radius acct statistics
Accounting Servers:
Server Index..................................... 1
Server Address................................... 10.1.17.10
Msg Round Trip Time.............................. 0 (1/100 second)
First Requests................................... 0
Retry Requests................................... 0
Accounting Responses............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
show radius auth detailed
To display RADIUS authentication server information, use the show radius auth detailed command.
show radius auth detailed radius_index
Syntax Description
radius_index |
Radius server index. The range is from 1 to 17. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display RADIUS authentication server information:
(Cisco Controller) > show radius auth detailed 1
Radius Index........1
NAI Realms..........LAB.VTV.BLR.cisco.co.in
show radius auth statistics
To display the RADIUS authentication server statistics for the Cisco wireless LAN controller, use the show radius auth statistics command.
show radius auth statistics
This command has no arguments or keyword.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display RADIUS authentication server statistics:
(Cisco Controller) > show radius auth statistics
Authentication Servers:
Server Index..................................... 1
Server Address................................... 209.165.200.10
Msg Round Trip Time.............................. 0 (1/100 second)
First Requests................................... 0
Retry Requests................................... 0
Accept Responses................................. 0
Reject Responses................................. 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
show radius avp-list
To display RADIUS VSA AVPs, use the show radius avp-list command.
show radius avp-list profile-name
Syntax Description
profile-name |
Profile name for which downloaded AVPs to be shown. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display RADIUS VSA AVPs:
(Cisco Controller) > show radius avp-list
show radius summary
To display the RADIUS authentication and accounting server summary, use the show radius summary command.
show radius summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display a RADIUS authentication server summary:
(Cisco Controller) > show radius summary
Vendor Id Backward Compatibility................. Disabled
Credentials Caching.............................. Disabled
Call Station Id Type............................. IP Address
Administrative Authentication via RADIUS......... Enabled
Authentication Servers
Index Type Server Address Port State Tout RFC-3576 IPsec - AuthMod
e/Phase1/Group/Lifetime/Auth/Encr
----- ---- ---------------- ------ -------- ---- -------- ---------------
---------------------------------
Accounting Servers
Index Type Server Address Port State Tout RFC-3576 IPsec - AuthMod
e/Phase1/Group/Lifetime/Auth/Encr
----- ---- ---------------- ------ -------- ---- -------- ---------------
---------------------------------
show rules
To display the active internal firewall rules, use the show rules command.
show rules
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display active internal firewall rules:
(Cisco Controller) > show rules
--------------------------------------------------------
Rule ID.............: 3
Ref count...........: 0
Precedence..........: 99999999
Flags...............: 00000001 ( PASS )
Source IP range:
(Local stack)
Destination IP range:
(Local stack)
--------------------------------------------------------
Rule ID.............: 25
Ref count...........: 0
Precedence..........: 99999999
Flags...............: 00000001 ( PASS )
Service Info
Service name........: GDB
Protocol............: 6
Source port low.....: 0
Source port high....: 0
Dest port low.......: 1000
Dest port high......: 1000
Source IP range:
IP High............: 0.0.0.0
Interface..........: ANY
Destination IP range:
(Local stack)
--------------------------------------------------------
show rogue adhoc custom summary
To display information about custom rogue ad-hoc rogue access points, use the show rogue adhoc custom summary command.
show rogue adhoc custom summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display details of custom rogue ad-hoc rogue access points:
(Cisco Controller) > show rogue adhoc custom summary
Number of Adhocs............................0
MAC Address State # APs # Clients Last Heard
----------------- ------------------ ----- --------- -----------------------
show rogue adhoc detailed
To display details of an ad-hoc rogue access point detected by the Cisco wireless LAN controller, use the show rogue adhoc client detailed command.
show rogue adhoc detailed MAC_address
Syntax Description
MAC_address |
Adhoc rogue MAC address. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display detailed ad-hoc rogue MAC address information:
(Cisco Controller) > show rogue adhoc client detailed 02:61:ce:8e:a8:8c
Adhoc Rogue MAC address.......................... 02:61:ce:8e:a8:8c
Adhoc Rogue BSSID................................ 02:61:ce:8e:a8:8c
State............................................ Alert
First Time Adhoc Rogue was Reported.............. Tue Dec 11 20:45:45 2007
Last Time Adhoc Rogue was Reported............... Tue Dec 11 20:45:45 2007
Reported By
AP 1
MAC Address.............................. 00:14:1b:58:4a:e0
Name..................................... AP0014.1ced.2a60
Radio Type............................... 802.11b
SSID..................................... rf4k3ap
Channel.................................. 3
RSSI..................................... -56 dBm
SNR...................................... 15 dB
Encryption............................... Disabled
ShortPreamble............................ Disabled
WPA Support.............................. Disabled
Last reported by this AP............... Tue Dec 11 20:45:45 2007
show rogue adhoc friendly summary
To display information about friendly rogue ad-hoc rogue access points, use the show rogue adhoc friendly summary command.
show rogue adhoc friendly summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display information about friendly rogue ad-hoc rogue access points:
(Cisco Controller) > show rogue adhoc friendly summary
Number of Adhocs............................0
MAC Address State # APs # Clients Last Heard
----------------- ------------------ ----- --------- -----------------------
show rogue adhoc malicious summary
To display information about malicious rogue ad-hoc rogue access points, use the show rogue adhoc malicious summary command.
show rogue adhoc malicious summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display details of malicious rogue ad-hoc rogue access points:
(Cisco Controller) > show rogue adhoc malicious summary
Number of Adhocs............................0
MAC Address State # APs # Clients Last Heard
----------------- ------------------ ----- --------- -----------------------
show rogue adhoc unclassified summary
To display information about unclassified rogue ad-hoc rogue access points, use the show rogue adhoc unclassified summary command.
show rogue adhoc unclassified summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display information about unclassified rogue ad-hoc rogue access points:
(Cisco Controller) > show rogue adhoc unclassified summary
Number of Adhocs............................0
MAC Address State # APs # Clients Last Heard
----------------- ------------------ ----- --------- -----------------------
show rogue adhoc summary
To display a summary of the ad-hoc rogue access points detected by the Cisco wireless LAN controller, use the show rogue adhoc summary command.
show rogue adhoc summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display a summary of all ad-hoc rogues:
(Cisco Controller) > show rogue adhoc summary
Detect and report Ad-Hoc Networks................ Enabled
Client MAC Address Adhoc BSSID State # APs Last Heard
------------------ ----------- ----- --- -------
xx:xx:xx:xx:xx:xx super Alert 1 Sat Aug 9 21:12:50 2004
xx:xx:xx:xx:xx:xx Alert 1 Aug 9 21:12:50 2003
xx:xx:xx:xx:xx:xx Alert 1 Sat Aug 9 21:10:50 2003
show rogue ap custom summary
To display information about custom rogue ad-hoc rogue access points, use the show rogue ap custom summary command.
show rogue ap custom summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display details of custom rogue ad-hoc rogue access points:
(Cisco Controller) > show rogue ap custom summary
Number of APs............................0
MAC Address State # APs # Clients Last Heard
----------------- ------------------ ----- --------- -----------------------
show rogue ap clients
To display details of rogue access point clients detected by the Cisco wireless LAN controller, use the show rogue ap clients command.
show rogue ap clients ap_mac_address
Syntax Description
ap_mac_address |
Rogue access point MAC address. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display details of rogue access point clients:
(Cisco Controller) > show rogue ap clients xx:xx:xx:xx:xx:xx
MAC Address State # APs Last Heard
----------------- ------------------ ----- -------------------------
00:bb:cd:12:ab:ff Alert 1 Fri Nov 30 11:26:23 2007
show rogue ap detailed
To display details of a rogue access point detected by the Cisco wireless LAN controller, use the show rogue-ap detailed command.
show rogue ap detailed ap_mac_address
Syntax Description
ap_mac_address |
Rogue access point MAC address. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display detailed information of a rogue access point:
(Cisco Controller) > show rogue ap detailed xx:xx:xx:xx:xx:xx
Rogue BSSID...................................... 00:0b:85:63:d1:94
Is Rogue on Wired Network........................ No
Classification................................... Unclassified
State............................................ Alert
First Time Rogue was Reported.................... Fri Nov 30 11:24:56 2007
Last Time Rogue was Reported..................... Fri Nov 30 11:24:56 2007
Reported By
AP 1
MAC Address.............................. 00:12:44:bb:25:d0
Name..................................... flexconnect
Radio Type............................... 802.11g
SSID..................................... edu-eap
Channel.................................. 6
RSSI..................................... -61 dBm
SNR...................................... -1 dB
Encryption............................... Enabled
ShortPreamble............................ Enabled
WPA Support.............................. Disabled
Last reported by this AP.............. Fri Nov 30 11:24:56 2007
This example shows how to display detailed information of a rogue access point with a customized classification:
(Cisco Controller) > show rogue ap detailed xx:xx:xx:xx:xx:xx
Rogue BSSID...................................... 00:17:0f:34:48:a0
Is Rogue on Wired Network........................ No
Classification................................... custom
Severity Score .................................. 1
Class Name........................................VeryMalicious
Class Change by.................................. Rogue Rule
Classified at ................................... -60 dBm
Classified by.................................... c4:0a:cb:a1:18:80
State............................................ Contained
State change by.................................. Rogue Rule
First Time Rogue was Reported.................... Mon Jun 4 10:31:18 2012
Last Time Rogue was Reported..................... Mon Jun 4 10:31:18 2012
Reported By
AP 1
MAC Address.............................. c4:0a:cb:a1:18:80
Name..................................... SHIELD-3600-2027
Radio Type............................... 802.11g
SSID..................................... sri
Channel.................................. 11
RSSI..................................... -87 dBm
SNR...................................... 4 dB
Encryption............................... Enabled
ShortPreamble............................ Enabled
WPA Support.............................. Enabled
Last reported by this AP................. Mon Jun 4 10:31:18 2012
show rogue ap summary
To display a summary of the rogue access points detected by the Cisco wireless LAN controller, use the show rogue-ap summary command.
show rogue ap summary {ssid | channel}
Syntax Description
ssid |
Displays specific user-configured SSID of the rogue access point. |
channel |
Displays specific user-configured radio type and channel of the rogue access point. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display a summary of all rogue access points:
(Cisco Controller) > show rogue ap summary
Rogue Location Discovery Protocol................ Disabled
Rogue ap timeout................................. 1200
Rogue on wire Auto-Contain....................... Disabled
Rogue using our SSID Auto-Contain................ Disabled
Valid client on rogue AP Auto-Contain............ Disabled
Rogue AP timeout................................. 1200
Rogue Detection Report Interval.................. 10
Rogue Detection Min Rssi......................... -128
Rogue Detection Transient Interval............... 0
Rogue Detection Client Num Thershold............. 0
Total Rogues(AP+Ad-hoc) supported................ 2000
Total Rogues classified.......................... 729
MAC Address Classification # APs # Clients Last Heard
----------------- ------------------ ----- --------- -----------------------
xx:xx:xx:xx:xx:xx friendly 1 0 Thu Aug 4 18:57:11 2005
xx:xx:xx:xx:xx:xx malicious 1 0 Thu Aug 4 19:00:11 2005
xx:xx:xx:xx:xx:xx malicious 1 0 Thu Aug 4 18:57:11 2005
xx:xx:xx:xx:xx:xx malicious 1 0 Thu Aug 4 18:57:11 2005
The following example shows how to display a summary of all rogue access points with SSID as extended parameter.
(Cisco Controller) > show rogue ap summary ssid
MAC Address Class State SSID Security
--------------------------------------------------------------------------------------
xx:xx:xx:xx:xx:xx Unclassified Alert xxx Open
xx:xx:xx:xx:xx:xx Unclassified Alert xxx Open
xx:xx:xx:xx:xx:xx Pending Pending xxx Open
xx:xx:xx:xx:xx:xx Unclassified Alert xxx WEP/WPA
The following example shows how to display a summary of all rogue access points with channel as extended parameter.
(Cisco Controller) > show rogue ap summary channel
MAC Address Class State Det RadioType Channel RSSIlast/Max)
--------------------------------------------------------------------------------------------------------------------
xx:xx:xx:xx:xx:xx Unclassified Alert 802.11g 11 -53 / -48
xx:xx:xx:xx:xx:xx Unclassified Alert 802.11g 11 -53 / -48
xx:xx:xx:xx:xx:xx Unclassified Alert 802.11a 149 -74 / -69
xx:xx:xx:xx:xx:xx Unclassified Alert 802.11a 149 -74 / -69
xx:xx:xx:xx:xx:xx Unclassified Alert 802.11a 149 -74 / -69
The following example shows how to display a summary of all rogue access points with both SSID and channel as extended parameters.
(Cisco Controller) > show rogue ap summary ssid channel
MAC Address Class State SSID Security Det RadioType Channel RSSI(last/Max)
-----------------------------------------------------------------------------------------------------------------
xx:xx:xx:xx:xx:xx Unclassified Alert dd WEP/WPA 802.11n5G 56 -73 / -62
xx:xx:xx:xx:xx:xx Unclassified Alert SSID IS HIDDEN Open 802.11a 149 -68 / -66
xx:xx:xx:xx:xx:xx Unclassified Alert wlan16 WEP/WPA 802.11n5G 149 -71 / -71
xx:xx:xx:xx:xx:xx Unclassified Alert wlan15 WEP/WPA 802.11n5G 149 -71 / -71
xx:xx:xx:xx:xx:xx Unclassified Alert wlan14 WEP/WPA 802.11n5G 149 -71 / -71
xx:xx:xx:xx:xx:xx Unclassified Alert wlan13 WEP/WPA 802.11n5G 149 -71 / -70
xx:xx:xx:xx:xx:xx Unclassified Alert wlan12 WEP/WPA 802.11n5G 149 -71 / -71
show rogue ap friendly summary
To display a list of the friendly rogue access points detected by the controller, use the show rogue ap friendly summary command.
show rogue ap friendly summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display a summary of all friendly rogue access points:
(Cisco Controller) > show rogue ap friendly summary
Number of APs.................................... 1
MAC Address State # APs # Clients Last Heard
----------------- ------------------ ----- --------- ---------------------------
XX:XX:XX:XX:XX:XX Internal 1 0 Tue Nov 27 13:52:04 2007
show rogue ap malicious summary
To display a list of the malicious rogue access points detected by the controller, use the show rogue ap malicious summary command.
show rogue ap malicious summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display a summary of all malicious rogue access points:
(Cisco Controller) > show rogue ap malicious summary
Number of APs.................................... 2
MAC Address State # APs # Clients Last Heard
----------------- ------------------ ----- --------- ---------------------------
XX:XX:XX:XX:XX:XX Alert 1 0 Tue Nov 27 13:52:04 2007
XX:XX:XX:XX:XX:XX Alert 1 0 Tue Nov 27 13:52:04 2007
show rogue ap unclassified summary
To display a list of the unclassified rogue access points detected by the controller, use the show rogue ap unclassified summary command.
show rogue ap unclassified summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display a list of all unclassified rogue access points:
(Cisco Controller) > show rogue ap unclassified summary
Number of APs.................................... 164
MAC Address State # APs # Clients Last Heard
----------------- ------------- ----- --------- ---------------
XX:XX:XX:XX:XX:XX Alert 1 0 Fri Nov 30 11:12:52 2007
XX:XX:XX:XX:XX:XX Alert 1 0 Fri Nov 30 11:29:01 2007
XX:XX:XX:XX:XX:XX Alert 1 0 Fri Nov 30 11:26:23 2007
XX:XX:XX:XX:XX:XX Alert 1 0 Fri Nov 30 11:26:23 2007
show rogue client detailed
To display details of a rogue client detected by a Cisco wireless LAN controller, use the show rogue client detailed command.
show rogue client detailed Rogue_AP MAC_address
Syntax Description
Rogue_AP |
Rogue AP address. |
MAC_address |
Rogue client MAC address. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display detailed information for a rogue client:
(Cisco Controller) > show rogue client detailed xx:xx:xx:xx:xx:xx
Rogue BSSID...................................... 00:0b:85:23:ea:d1
State............................................ Alert
First Time Rogue was Reported.................... Mon Dec 3 21:50:36 2007
Last Time Rogue was Reported..................... Mon Dec 3 21:50:36 2007
Rogue Client IP address.......................... Not known
Reported By
AP 1
MAC Address.............................. 00:15:c7:82:b6:b0
Name..................................... AP0016.47b2.31ea
Radio Type............................... 802.11a
RSSI..................................... -71 dBm
SNR...................................... 23 dB
Channel.................................. 149
Last reported by this AP.............. Mon Dec 3 21:50:36 2007
show rogue client summary
To display a summary of the rogue clients detected by the Cisco wireless LAN controller, use the show rogue client summary command.
show rogue client summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display a list of all rogue clients:
(Cisco Controller) > show rogue client summary
Validate rogue clients against AAA............... Disabled
Total Rogue Clients supported.................... 2500
Total Rogue Clients present...................... 3
MAC Address State # APs Last Heard
----------------- ------------------ ----- -----------------------
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:09:11 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:03:11 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:03:11 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:09:11 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 18:57:08 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:12:08 2005
show rogue ignore-list
To display a list of rogue access points that are configured to be ignored, use the show rogue ignore-list command.
show rogue ignore-list
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display a list of all rogue access points that are configured to be ignored.
(Cisco Controller) > show rogue ignore-list
MAC Address
-----------------
xx:xx:xx:xx:xx:xx
show rogue rule detailed
To display detailed information for a specific rogue classification rule, use the show rogue rule detailed command.
show rogue rule detailed rule_name
Syntax Description
rule_name |
Rogue rule name. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display detailed information on a specific rogue classification rule:
(Cisco Controller) > show rogue rule detailed Rule2
Priority......................................... 2
Rule Name........................................ Rule2
State............................................ Enabled
Type............................................. Malicious
Severity Score................................... 1
Class Name....................................... Very_Malicious
Notify........................................... All
State ........................................... Contain
Match Operation.................................. Any
Hit Count........................................ 352
Total Conditions................................. 2
Condition 1
type......................................... Client-count
value........................................ 10
Condition 2
type......................................... Duration
value (seconds).............................. 2000
Condition 3
type......................................... Managed-ssid
value........................................ Enabled
Condition 4
type......................................... No-encryption
value........................................ Enabled
Condition 5
type......................................... Rssi
value (dBm).................................. -50
Condition 6
type......................................... Ssid
SSID Count................................... 1
SSID 1.................................... test
show rogue rule summary
To display the rogue classification rules that are configured on the controller, use the show rogue rule summary command.
show rogue rule summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display a list of all rogue rules that are configured on the controller:
(Cisco Controller) > show rogue rule summary
Priority Rule Name State Type Match Hit Count
-------- ----------------------- -------- ------------- ----- ---------
1 mtest Enabled Malicious All 0
2 asdfasdf Enabled Malicious All 0
The following example shows how to display a list of all rogue rules that are configured on the controller:
(Cisco Controller) > show rogue rule summary
Priority Rule Name Rule state Class Type Notify State Match Hit Count
-------- -------------------------------- ----------- ----------- -------- -------- ------ ---------
1 rule2 Enabled Friendly Global Alert All 234
2 rule1 Enabled Custom Global Alert All 0
show tacacs acct statistics
To display detailed radio frequency identification (RFID) information for a specified tag, use the show tacacs acct statistics command.
show tacacs acct statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display detailed RFID information:
(Cisco Controller) > show tacacs acct statistics
Accounting Servers:
Server Index..................................... 1
Server Address................................... 10.0.0.0
Msg Round Trip Time.............................. 0 (1/100 second)
First Requests................................... 1
Retry Requests................................... 0
Accounting Response.............................. 0
Accounting Request Success....................... 0
Accounting Request Failure....................... 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. -1
Timeout Requests................................. 1
Unknowntype Msgs................................. 0
Other Drops...................................... 0
show tacacs athr statistics
To display TACACS+ server authorization statistics, use the show tacacs athr statistics command.
show tacacs athr statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display TACACS server authorization statistics:
(Cisco Controller) > show tacacs athr statistics
Authorization Servers:
Server Index..................................... 3
Server Address................................... 10.0.0.3
Msg Round Trip Time.............................. 0 (1/100 second)
First Requests................................... 0
Retry Requests................................... 0
Received Responses............................... 0
Authorization Success............................ 0
Authorization Failure............................ 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
show tacacs auth statistics
To display TACACS+ server authentication statistics, use the show tacacs auth statistics command.
show tacacs auth statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display TACACS server authentication statistics:
(Cisco Controller) > show tacacs auth statistics
Authentication Servers:
Server Index..................................... 2
Server Address................................... 10.0.0.2
Msg Round Trip Time.............................. 0 (msec)
First Requests................................... 0
Retry Requests................................... 0
Accept Responses................................. 0
Reject Responses................................. 0
Error Responses.................................. 0
Restart Responses................................ 0
Follow Responses................................. 0
GetData Responses................................ 0
Encrypt no secret Responses...................... 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
show tacacs summary
To display TACACS+ server summary information, use the show tacacs summary command.
show tacacs summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display TACACS server summary information:
(Cisco Controller) > show tacacs summary
Authentication Servers
Idx Server Address Port State Tout
--- ---------------- ------ -------- ----
2 10.0.0.1 49 Enabled 30
Accounting Servers
Idx Server Address Port State Tout
--- ---------------- ------ -------- ----
1 10.0.0.0 49 Enabled 5
Authorization Servers
Idx Server Address Port State Tout
--- ---------------- ------ -------- ----
3 10.0.0.3 49 Enabled 5
Idx Server Address Port State Tout
--- ---------------- ------ -------- ----
4 2001:9:6:40::623 49 Enabled 5
...