The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
show Commands
To view the details of APs in FlexConnect mode, use the show ap flexconnect command.
show ap flexconnect module-vlan ap-name
| module-vlan |
Displays the status of FlexConnect local switching and VLAN ID value |
| ap-name |
Cisco AP name |
To display the list of clients associated with an access point and their SSIDs, use the show capwap reap association command.
show capwap reap association
This command has no arguments or keywords.
The following example shows how to display clients associated to an access point and their SSIDs:
(Cisco Controller) >show capwap reap association
To display the status of the FlexConnect access point (connected or standalone), use the show capwap reap status command.
show capwap reap status
This command has no arguments or keywords.
None
The command shows only the VLAN when configured as AP-specific.
The following example shows how to display the status of the FlexConnect access point:
(Cisco Controller) >show capwap reap status
To display a detailed summary of FlexConnect access control lists, use the show flexconnect acl detailed command.
show flexconnect acl detailed acl-name
|
acl-name |
Name of the access control list. |
None
The following example shows how to display the FlexConnect detailed ACLs:
(Cisco Controller) >show flexconnect acl detailed acl-2
To display a summary of all access control lists on FlexConnect access points, use the show flexconnect acl summary command.
show flexconnect acl summary
This command has no arguments or keywords.
None
The following example shows how to display the FlexConnect ACL summary:
(Cisco Controller) >show flexconnect acl summary
ACL Name Status
-------------------------------- -------
acl1 Modified
acl10 Modified
acl100 Modified
acl101 Modified
acl102 Modified
acl103 Modified
acl104 Modified
acl105 Modified
acl106 Modified
To display details of a FlexConnect group, use the show flexconnect group detail command.
show flexconnect group detail group_name
|
group_name |
Name of the FlexConnect group. |
The following example shows how to display the detailed information for a specific FlexConnect group:
(Cisco Controller) >show flexconnect group detail myflexgroup
Number of Ap’s in Group: 1
00:0a:b8:3b:0b:c2 AP1200 Joined
Group Radius Auth Servers:
Primary Server Index ..................... Disabled
Secondary Server Index ................... Disabled
To display the current list of FlexConnect groups, use the show flexconnect group summary command.
show flexconnect group summary
This command has no arguments or keywords.
None
The following example shows how to display the current list of FlexConnect groups:
(Cisco Controller) >show flexconnect group summary
flexconnect Group Summary: Count 1
Group Name # APs
Group 1 1
config Commands
To enable or disable VLAN tagging for a FlexConnect access, use the config ap flexconnect vlan command.
config ap flexconnect vlan { enable | disable} cisco_ap
|
enable |
Enables the access point’s VLAN tagging. |
|
disable |
Disables the access point’s VLAN tagging. |
|
cisco_ap |
Name of the Cisco lightweight access point. |
Disabled. Once enabled, WLANs enabled for local switching inherit the VLAN assigned at the Cisco WLC.
This example shows how to enable the access point’s VLAN tagging for a FlexConnect access:
(Cisco Controller) >config ap flexconnect vlan enable AP02
To add a VLAN to a FlexConnect access point, use the config ap flexconnect vlan add command.
config ap flexconnect vlan add vlan-id acl in-acl out-acl cisco_ap
|
vlan-id |
VLAN identifier. |
|
acl |
ACL name that contains up to 32 alphanumeric characters. |
|
in-acl |
Inbound ACL name that contains up to 32 alphanumeric characters. |
|
out-acl |
Outbound ACL name that contains up to 32 alphanumeric characters. |
|
cisco_ap |
Name of the Cisco lightweight access point. |
None
The following example shows how to configure the FlexConnect access point:
(Cisco Controller) >config ap flexconnect vlan add 21 acl inacl1 outacl1 ap1To configure a native VLAN for a FlexConnect access point, use the config ap flexconnect vlan native command.
config ap flexconnect vlan native vlan-id cisco_ap
|
vlan-id |
VLAN identifier. |
|
cisco_ap |
Name of the Cisco lightweight access point. |
None
The following example shows how to configure a native VLAN for a FlexConnect access point mode:
(Cisco Controller) >config ap flexconnect vlan native 6 AP02
To assign a VLAN ID to a FlexConnect access point, use the config ap flexconnect vlan wlan command.
config ap flexconnect vlan wlan wlan-id vlan-id cisco_ap
|
wlan-id |
WLAN identifier |
|
vlan-id |
VLAN identifier (1 - 4094). |
|
cisco_ap |
Name of the Cisco lightweight access point. |
VLAN ID associated to the WLAN.
The following example shows how to assign a VLAN ID to a FlexConnect access point:
(Cisco Controller) >config ap flexconnect vlan wlan 192.12.12.1 6 AP02
To apply access control lists that are configured on a FlexConnect access point, use the config flexconnect [ipv6] acl command. Use the ipv6 keyword to configure IPv6 FlexConnect ACLs .
config flexconnect [ ipv6] acl { apply | create | delete} acl_name
|
ipv6 |
Use this option to configure IPv6 FlexConnect ACLs. If you don't use this option, then IPv4 FlexConnect ACLs will be configured. |
|
apply |
Applies an ACL to the data path. |
|
create |
Creates an ACL. |
|
delete |
Deletes an ACL. |
|
acl_name |
ACL name that contains up to 32 alphanumeric characters. |
The following example shows how to apply the IPv4 ACL configured on a FlexConnect access point:
(Cisco Controller) >config flexconnect acl apply acl1
To configure access control list (ACL) rules on a FlexConnect access point, use the config flexconnect [ipv6] acl rule command.
config flexconnect [ ipv6] acl rule { action rule_name rule_index { permit | deny} | add rule_name rule_index | change index rule_name old_index new_index | delete rule_name rule_index | destination address rule_name rule_index ip_address netmask | destination port range rule_name rule_index start_port end_port | direction rule_name rule_index { in | out | any} | dscp rule_name rule_index dscp | protocol rule_name rule_index protocol | source address rule_name rule_index ip_address netmask | source port range rule_name rule_index start_port end_port | swap index rule_name index_1 index_2}
|
ipv6 |
Use this option to configure IPv6 FlexConnect ACL rules. If you don't use this option, then IPv4 FlexConnect ACL rules will be configured. |
|
action |
Configures whether to permit or deny access. |
|
rule_name |
ACL name that contains up to 32 alphanumeric characters. |
|
rule_index |
Rule index between 1 and 32. |
|
permit |
Permits the rule action. |
|
deny |
Denies the rule action. |
|
add |
Adds a new rule. |
|
change |
Changes a rule’s index. |
|
index |
Specifies a rule index. |
|
delete |
Deletes a rule. |
|
destination address |
Configures a rule’s destination IP address and netmask. |
|
ip_address |
IP address of the rule. |
|
netmask |
Netmask of the rule. |
|
start_port |
Start port number (between 0 and 65535). |
|
end_port |
End port number (between 0 and 65535). |
|
direction |
Configures a rule’s direction to in, out, or any. |
|
in |
Configures a rule’s direction to in. |
|
out |
Configures a rule’s direction to out. |
|
any |
Configures a rule’s direction to any. |
|
dscp |
Configures a rule’s DSCP. |
|
dscp |
Number between 0 and 63, or any . |
|
protocol |
Configures a rule’s DSCP. |
|
protocol |
Number between 0 and 255, or any . |
|
source address |
Configures a rule’s source IP address and netmask. |
|
source port range |
Configures a rule’s source port range. |
|
swap |
Swaps two rules’ indices. |
|
index_1 |
The rule first index to swap. |
|
index_2 |
The rule index to swap the first index with. |
None
This example shows how to configure an ACL to permit access:
(Cisco Controller) >config flexconnect acl rule action lab1 4 permit
config flexconnect arp-caching { enable } disable}
| arp-caching enable |
Instructs the access point to save the ARP entry for a client in the cache and reply on its behalf of the client for locally switched WLAN. |
| arp-caching disable |
Disables ARP caching. |
None
The following example shows how to apply the proxy ARP with locally switched WLAN on FlexConnect APs.
(Cisco Controller) >config flexconnect arp-caching enableTo configure VLAN for a FlexConnect group, use the config flexconnect group vlan command.
config flexconnect group group_name vlan { add vlan-id acl in-aclname out-aclname | delete vlan-id}
|
group_name |
FlexConnect group name. |
|
add |
Adds a VLAN for the FlexConnect group. |
|
vlan-id |
VLAN ID. |
|
acl |
Specifies an access control list. |
|
in-aclname |
In-bound ACL name. |
|
out-aclname |
Out-bound ACL name. |
|
delete |
Deletes a VLAN from the FlexConnect group. |
The following example shows how to add VLAN ID 1 for the FlexConnect group myflexacl where the in-bound ACL name is in-acl and the out-bound ACL is out-acl:
(Cisco Controller) >config flexconnect group vlan myflexacl vlan add 1 acl in-acl out-acl
To enable or disable the access point to choose the controller with the least latency when joining, use the config flexconnect join min-latency command.
config flexconnect join min-latency { enable | disable} cisco_ap
|
enable |
Enables the access point to choose the controller with the least latency when joining. |
|
disable |
Disables the access point to choose the controller with the least latency when joining. |
|
cisco_ap |
Cisco lightweight access point. |
The access point cannot choose the controller with the least latency when joining.
When you enable this feature, the access point calculates the time between the discovery request and discovery response and joins the controller that responds first.
This configuration overrides the HA setting on the controller, and is applicable only for OEAP access points.
The following example shows how to enable the access point to choose the controller with the least latency when joining:
(Cisco Controller) >config flexconnect join min-latency enable CISCO_AP
debug Commands
To configure the debugging of Control and Provisioning of Wireless Access Points (CAPWAP) settings on a FlexConnect access point, use the debug capwap reap command.
debug capwap reap [ mgmt | load]
|
mgmt |
(Optional) Configures the debugging for client authentication and association messages. |
|
load |
(Optional) Configures the debugging for payload activities, which is useful when the FlexConnect access point boots up in standalone mode. |
None
The following example shows how to configure the debugging of FlexConnect client authentication and association messages:
(Cisco Controller) >debug capwap reap mgmt
To configure debugging of 802.11 management interface events, use the debug dot11 mgmt interface command.
debug dot11 mgmt interface
This command has no arguments or keywords.
None
The following example shows how to debug 802.11 management interface events:
(Cisco Controller) >debug dot11 mgmt interface
To configure debugging of 802.11 management messages, use the debug dot11 mgmt msg command.
debug dot11 mgmt msg
This command has no arguments or keywords.
None
This example shows how to debug dot11 management messages:
(Cisco Controller) >debug dot11 mgmt msg
To configure debugging of 802.11 SSID management events, use the debug dot11 mgmt ssid command.
debug dot11 mgmt ssid
This command has no arguments or keywords.
None
The following example shows how to configure the debugging of 802.11 SSID management events:
(Cisco Controller) >debug dot11 mgmt ssid
To configure debugging of the 802.11 state machine, use the debug dot11 mgmt state-machine command.
debug dot11 mgmt state-machine
This command has no arguments or keywords.
None
The following example shows how to configure the debugging of 802.11 state machine:
(Cisco Controller) >debug dot11 mgmt state-machine
To configure the debugging of the management station settings, use the debug dot11 mgmt station command.
debug dot11 mgmt station
This command has no arguments or keywords.
None
The following example shows how to configure the debugging of the management station settings:
(Cisco Controller) >debug dot11 mgmt station
To configure debugging of FlexConnect backup RADIUS server events or errors, use the debug flexconnect aaa command.
debug flexconnect aaa { event | error} { enable | disable}
|
event |
Configures the debugging for FlexConnect RADIUS server events. |
|
error |
Configures the debugging for FlexConnect RADIUS server errors. |
|
enable |
Enables the debugging of FlexConnect RADIUS server settings. |
|
disable |
Disables the debugging of FlexConnect RADIUS server settings. |
None
The following example shows how to enable the debugging of FlexConnect RADIUS server events:
(Cisco Controller) >debug flexconnect aaa event enable
Configures debugging of FlexConnect access control lists (ACLs), use the debug flexconnect acl command.
debug flexconnect acl { enable | disable}
|
enable |
Enables the debugging of FlexConnect ACLs. |
|
disable |
Disables the debugging of FlexConnect ACLs. |
None
The following example shows how to enable the debugging of FlexConnect ACLs:
(Cisco Controller) >debug flexconnect acl enable
Configure debugging of FlexConnect Cisco Centralized Key Management (CCKM) fast roaming, use the debug flexconnect cckm command.
debug flexconnect cckm { enable | disable}
|
enable |
Enables the debugging of FlexConnect CCKM fast roaming settings. |
|
disable |
Disables the debugging of FlexConnect CCKM fast roaming settings. |
None
The following example shows how to enable the debugging of FlexConnect CCKM fast roaming events:
(Cisco Controller) >debug flexconnect cckm event enable
To configure debugging of FlexConnect access point groups, use the debug flexconnect group command.
debug flexconnect group { enable | disable}
|
enable |
Enables the debugging of FlexConnect access point groups. |
|
disable |
Disables the debugging of FlexConnect access point groups. |
None
The following example shows how to enable the debugging of FlexConnect access point groups:
(Cisco Controller) >debug flexconnect group enable
To configure debugging of the access policy manager, use the debug pem command.
debug pem { events | state} { enable | disable}
|
events |
Configures the debugging of the policy manager events. |
|
state |
Configures the debugging of the policy manager state machine. |
|
enable |
Enables the debugging of the access policy manager. |
|
disable |
Disables the debugging of the access policy manager. |
None
The following example shows how to enable the debugging of the access policy manager:
(Cisco Controller) >debug pem state enable
Feedback