The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
For features supported in a specific Cisco Mobility Express software release, the Cisco Mobility Express controller software supports most commands that are supported by the Cisco WLC in the same Cisco Unified Wireless Network Software Release version. However, there are several commands and procedures which are specific to, or behave differently on, the Cisco Mobility Express controller. These procedures are given in the following sections.
For a complete listing of the commands supported on the Cisco Mobility Express controller CLI, see the Cisco Mobility Express Command Reference. Cisco Mobility Express only supports the AireOS commands mentioned in this document.
For information on the commands available on the WLC CLI, refer to the Cisco Wireless Controller Command Reference guides for Cisco Unified Wireless Network Software Releases listed at http://www.cisco.com/c/en/us/support/wireless/wireless-lan-controller-software/products-command-reference-list.html
Connect to the console port of the access point to perform the following procedure.
The available options appear in brackets after each configuration parameter. The default value appears in all uppercase letters.
If you enter an incorrect response, the controller provides you with an appropriate error message, such as “Invalid Response,” and returns you to the wizard prompt.
Press the hyphen key if you ever need to return to the previous command line.
CLI Procedures
The controller uses a default value of “default” for the username, authentication password, and privacy password for SNMPv3 users. Using these standard values presents a security risk. Therefore, Cisco strongly advises that you change these values.
SNMPv3 is time sensitive. Ensure that you configure the correct time and time zone on your controller.
Step 1 | See the current list of SNMPv3 users for this controller by entering this command: |
Step 2 | If “default”
appears in the SNMPv3 User Name column, enter this command to delete this user:
config snmp v3user delete username The username parameter is the SNMPv3 username (in this case, “default”). |
Step 3 | Create a new SNMPv3
user by entering this command:
config snmp v3user create username {ro | rw} {none | hmacmd5 | hmacsha} {none | des | aescfb128} auth_key encrypt_key |
Step 4 | Enter the save config command. |
Step 5 | Reboot the controller so that the SNMPv3 user that you added takes effect by entering reset system command. |
Step 1 | To enable or
disable 802.11r fast transition parameters, use the
config wlan security
ft {enable |
disable}
wlan-id command.
By default, the fast transition is disabled. |
Step 2 | To enable or
disable 802.11r fast transition parameters over a distributed system, use the
config wlan security ft
over-the-ds
{enable |
disable}
wlan-id command.
By default, the fast transition over a distributed system is disabled. |
Step 3 | To enable or
disable the authentication key management for fast transition using preshared
keys (PSK), use the
config wlan security wpa akm
ft-psk {enable |
disable}
wlan-id command.
By default, the authentication key management using PSK is disabled. |
Step 4 | To enable or
disable the authentication key management for fast transition using 802.1X, use
the
config wlan security wpa akm
ft-802.1X
{enable |
disable}
wlan-id command.
By default, the authentication key management using 802.1X is disabled. |
Step 5 | To enable or
disable 802.11r fast transition reassociation timeout, use the
config wlan security ft
reassociation-timeout
timeout-in-seconds wlan-id command.
The valid range is 1 to 100 seconds. The default value of reassociation timeout is 20 seconds. |
Step 6 | To enable or
disable the authentication key management for fast transition over a
distributed system, use the
config wlan security wpa akm
ft over-the-ds
{enable |
disable}
wlan-id command.
By default, the authentication key management for fast transition over a distributed system is enabled. |
Step 7 | To view the fast transition configuration on a client, use the show client detailed client-mac command. |
Step 8 | To view the fast transition configuration on a WLAN, use the show wlan wlan-id command. |
Step 9 | To enable or disable debugging of fast transition events, use the debug ft events {enable | disable} command. |
Step 10 | To enable or disable debugging of key generation for fast transition, use the debug ft keys {enable | disable} command. |