Config Commands: j to q

config known ap

To configure a known Cisco lightweight access point, use the config known ap command.

config known ap { add | alert | delete} MAC

Syntax Description

add

Adds a new known access point entry.

alert

Generates a trap upon detection of the access point.

delete

Deletes an existing known access point entry.

MAC

MAC address of the known Cisco lightweight access point.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to add a new access point entry ac:10:02:72:2f:bf on a known access point:

(Cisco Controller) >config known ap add ac:10:02:72:2f:bf 12

config lag

To enable or disable link aggregation (LAG), use the config lag command.

config lag { enable | disable}

Syntax Description

enable

Enables the link aggregation (LAG) settings.

disable

Disables the link aggregation (LAG) settings.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable LAG settings:


(Cisco Controller) > config lag enable
Enabling LAG will map your current interfaces setting to LAG interface,
All dynamic AP Manager interfaces and Untagged interfaces will be deleted
All WLANs will be disabled and mapped to Mgmt interface
Are you sure you want to continue? (y/n)
You must now reboot for the settings to take effect.


The following example shows how to disable LAG settings:


(Cisco Controller) > config lag disable
Disabling LAG will map all existing interfaces to port 1.
Are you sure you want to continue? (y/n)
You must now reboot for the settings to take effect.

config ldap

To configure the Lightweight Directory Access Protocol (LDAP) server settings, use the config ldap command.

config ldap { add | delete | enable | disable | retransmit-timeout | retry | user | security-mode | simple-bind} index

config ldap add index server_ip_address port user_base user_attr user_type[ secure]

config ldap retransmit-timeout index retransmit-timeout

config ldap retry attempts

config ldap user { attr index user-attr | base index user-base | typeindex user-type}

config ldap security-mode { enable | disable} index

config ldap simple-bind { anonymous index | authenticated index username password}

Syntax Description

add

Specifies that an LDAP server is being added.

delete

Specifies that an LDAP server is being deleted.

enable

Specifies that an LDAP serve is enabled.

disable

Specifies that an LDAP server is disabled.

retransmit-timeout

Changes the default retransmit timeout for an LDAP server.

retry

Configures the retry attempts for an LDAP server.

user

Configures the user search parameters.

security-mode

Configures the security mode.

simple-bind

Configures the local authentication bind method.

anonymous

Allows anonymous access to the LDAP server.

authenticated

Specifies that a username and password be entered to secure access to the LDAP server.

index

LDAP server index. The range is from 1 to 17.

server_ip_address

IP address of the LDAP server.

port

Port number.

user_base

Distinguished name for the subtree that contains all of the users.

user_attr

Attribute that contains the username.

user_type

ObjectType that identifies the user.

secure

(Optional) Specifies that Transport Layer Security (TLS) is used.

retransmit-timeout

Retransmit timeout for an LDAP server. The range is from 2 to 30.

attempts

Number of attempts that each LDAP server is retried.

attr

Configures the attribute that contains the username.

base

Configures the distinguished name of the subtree that contains all the users.

type

Configures the user type.

username

Username for the authenticated bind method.

password

Password for the authenticated bind method.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

7.6

The secure keyword was added to support secure LDAP.

Usage Guidelines

When you enable secure LDAP, the controller does not validate the server certificate.

Examples

The following example shows how to enable LDAP server index 10:


(Cisco Controller) > config ldap enable 10

config local-auth active-timeout

To specify the amount of time in which the controller attempts to authenticate wireless clients using local Extensible Authentication Protocol (EAP) after any pair of configured RADIUS servers fails, use the config local-auth active-timeout command.

config local-auth active-timeout timeout

Syntax Description

timeout

Timeout measured in seconds. The range is from 1 to 3600.

Command Default

The default timeout value is 100 seconds.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to specify the active timeout to authenticate wireless clients using EAP to 500 seconds:


(Cisco Controller) > config local-auth active-timeout 500

config local-auth cipher-option

To configure the 3DES-RC4 cipher option, use the config local-auth cipher-option command.

config local-auth cipher-option { enable | disable }

Syntax Description

cipher-option

Configures the cipher option.

enable

Allows the 3DES-RC4 cipher to be enabled.

disable

Disables the 3DES-RC4 cipher.

Command Default

None

Command History

Release Modification
8.0 This command was introduced.

Examples

The following example shows how to disable the cipher-option on the controller:

(Cisco Controller) > config local-auth cipher-option 3des-rc4 disable

config local-auth eap-profile

To configure local Extensible Authentication Protocol (EAP) authentication profiles, use the config local-auth eap-profile command.

config local-auth eap-profile {[ add | delete] profile_name | cert-issuer { cisco | vendor} | method method local-cert { enable | disable} profile_name | method method client-cert { enable | disable} profile_name | method method peer-verify ca-issuer { enable | disable} | method method peer-verify cn-verify{ enable | disable} | method method peer-verify date-valid { enable | disable}

Syntax Description

add

(Optional) Specifies that an EAP profile or method is being added.

delete

(Optional) Specifies that an EAP profile or method is being deleted.

profile_name

EAP profile name (up to 63 alphanumeric characters). Do not include spaces within a profile name.

cert-issuer

(For use with EAP-TLS, PEAP, or EAP-FAST with certificates) Specifies the issuer of the certificates that will be sent to the client. The supported certificate issuers are Cisco or a third-party vendor.

cisco

Specifies the Cisco certificate issuer.

vendor

Specifies the third-party vendor.

method

Configures an EAP profile method.

method

EAP profile method name. The supported methods are leap, fast, tls, and peap.

local-cert

(For use with EAP-FAST) Specifies whether the device certificate on the controller is required for authentication.

enable

Specifies that the parameter is enabled.

disable

Specifies that the parameter is disabled.

client-cert

(For use with EAP-FAST) Specifies whether wireless clients are required to send their device certificates to the controller in order to authenticate.

peer-verify

Configures the peer certificate verification options.

ca-issuer

(For use with EAP-TLS or EAP-FAST with certificates) Specifies whether the incoming certificate from the client is to be validated against the Certificate Authority (CA) certificates on the controller.

cn-verify

(For use with EAP-TLS or EAP-FAST with certificates) Specifies whether the common name (CN) in the incoming certificate is to be validated against the CA certificates’ CN on the controller.

date-valid

(For use with EAP-TLS or EAP-FAST with certificates) Specifies whether the controller is to verify that the incoming device certificate is still valid and has not expired.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to create a local EAP profile named FAST01:


(Cisco Controller) > config local-auth eap-profile add FAST01

The following example shows how to add the EAP-FAST method to a local EAP profile:

(Cisco Controller) > config local-auth eap-profile method add fast FAST01

The following example shows how to specify Cisco as the issuer of the certificates that will be sent to the client for an EAP-FAST profile:

(Cisco Controller) > config local-auth eap-profile method fast cert-issuer cisco

The following example shows how to specify that the incoming certificate from the client be validated against the CA certificates on the controller:

(Cisco Controller) > config local-auth eap-profile method fast peer-verify ca-issuer enable

config local-auth method fast

To configure an EAP-FAST profile, use the config local-auth method fast command.

config local-auth method fast { anon-prov [ enable | disable] | authority-id auth_id pac-ttl days | server-key key_value}

Syntax Description

anon-prov

Configures the controller to allow anonymous provisioning, which allows PACs to be sent automatically to clients that do not have one during Protected Access Credentials (PAC) provisioning.

enable

(Optional) Specifies that the parameter is enabled.

disable

(Optional) Specifies that the parameter is disabled.

authority-id

Configures the authority identifier of the local EAP-FAST server.

auth_id

Authority identifier of the local EAP-FAST server (2 to 32 hexadecimal digits).

pac-ttl

Configures the number of days for the Protected Access Credentials (PAC) to remain viable (also known as the time-to-live [TTL] value).

days

Time-to-live value (TTL) value (1 to 1000 days).

server-key

Configures the server key to encrypt or decrypt PACs.

key_value

Encryption key value (2 to 32 hexadecimal digits).

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to disable the controller to allows anonymous provisioning:

(Cisco Controller) > config local-auth method fast anon-prov disable

The following example shows how to configure the authority identifier 0125631177 of the local EAP-FAST server:

(Cisco Controller) > config local-auth method fast authority-id 0125631177

The following example shows how to configure the number of days to 10 for the PAC to remain viable:

(Cisco Controller) > config local-auth method fast pac-ttl 10

config local-auth user-credentials

To configure the local Extensible Authentication Protocol (EAP) authentication database search order for user credentials, use the config local-auth user credentials command.

config local-auth user-credentials { local [ ldap] | ldap [ local] }

Syntax Description

local

Specifies that the local database is searched for the user credentials.

ldap

(Optional) Specifies that the Lightweight Directory Access Protocol (LDAP) database is searched for the user credentials.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The order of the specified database parameters indicate the database search order.

Examples

The following example shows how to specify the order in which the local EAP authentication database is searched:

(Cisco Controller) > config local-auth user credentials local lda

In the above example, the local database is searched first and then the LDAP database.

config lync-sdn

To configure the Lync service, use the config lync-sdn command.

config lync-sdn { port port-number} | { enable | disable}

Syntax Description

port

Configures the Lync server port number.

port-number

Port number of the server.

enable

Enables Lync service globally.

disable

Disables Lync service globally.

Command Default

None

Command History

Release Modification
8.1

This command was introduced.

Examples

The following example shows how to enable Lync service globally:

(Cisco Controller) >config lync-sdn enable

config licensing

To switch between Cisco Smart Software Licensing and RTU licensing platform, use the config licensing command.

config licensing { rtu | smart-license} dns-server ip address

Syntax Description

rtu

Right To Use license platform.

smart-license

Cisco Smart Software License platform.

dns-server

Configures smart software licensing dns server parameters

Command History

Release Modification

8.2

This command was introduced.

Command Default

The Right To Use (RTU) is the default license mechanism in the device.

Examples

The following example shows how to activate Cisco Smart Software License on the controller:


(Cisco Controller) > config licensing smart-license dns-server 209.165.200.224

Note


The controller needs to be rebooted to activate the change in the license platform.


config license boot

To specify the license level to be used on the next reboot of the Cisco 5500 Series Controller, use the config license boot command.

config license boot { base | wplus | auto}

Syntax Description

base

Specifies the base boot level.

wplus

Specifies the wplus boot level.

auto

Specifies the auto boot level.

Command Default

None

Command History

Release Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

If you enter auto , the licensing software automatically chooses the license level to use on the next reboot. It generally chooses permanent licenses over evaluation licenses and wplus licenses over base licenses.


Note


If you are considering upgrading from a base license to a wplus license, you can try an evaluation wplus license before upgrading to a permanent wplus license. To activate the evaluation license, you need to set the image level to wplus in order for the controller to use the wplus evaluation license instead of the base permanent license.



Note


To prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the controller defaults to the same feature set level as the expired evaluation license. If no permanent license at the same feature set level is installed, the controller uses a permanent license at another level or an unexpired evaluation license.


Examples

The following example shows how to set the license boot settings to wplus:


(Cisco Controller) > config license boot wplus

config load-balancing

To globally configure aggressive load balancing on the controller, use the config load-balancing command.

config load-balancing { window client_count | status { enable | disable} | denial denial_count}

config load-balancing uplink-threshold traffic_threshold

Syntax Description

window

Specifies the aggressive load balancing client window.

client_count

Aggressive load balancing client window with the number of clients from 1 to 20.

status

Sets the load balancing status.

enable

Enables load balancing feature.

disable

Disables load balancing feature.

denial

Specifies the number of association denials during load balancing.

denial_count

Maximum number of association denials during load balancing. from 0 to 10.

uplink-threshold

Specifies the threshold traffic for an access point to deny new associations.

traffic_threshold

Threshold traffic for an access point to deny new associations. This value is a percentage of the WAN utilization measured over a 90 second interval. For example, the default threshold value of 50 triggers the load balancing upon detecting an utilization of 50% or more on an access point WAN interface.

Command Default

By default, the aggressive load balancing is disabled.

Command History

Release Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Load-balancing-enabled WLANs do not support time-sensitive applications like voice and video because of roaming delays.

When you use Cisco 7921 and 7920 Wireless IP Phones with controllers, make sure that aggressive load balancing is disabled on the voice WLANs for each controller. Otherwise, the initial roam attempt by the phone might fail, causing a disruption in the audio path.

Clients can only be load balanced across access points joined to the same controller. The WAN utilization is calculated as a percentage using the following formula: (Transmitted Data Rate (per second) + Received Data Rate (per second))/(1000Mbps TX + 1000Mbps RX) * 100

Examples

The following example shows how to enable the aggressive load-balancing settings:


(Cisco Controller) > config load-balancing aggressive enable

config location

To configure a location-based system, use the config location command.

config location { algorithm { simple | rssi-average} |
{ rssi-half-life | expiry} [ client | calibrating-client | tags | rogue-aps] seconds |
 notify-threshold [ client | tags | rogue-aps] threshold | 
 interface-mapping { add | delete} location wlan_id interface_name | 
 plm { client { enable | disable} burst_interval | calibrating { enable | disable} { uniband | multiband}}}

Syntax Description

algorithm

Note

 

We recommend that you do not use or modify the config location algorithm command. It is set to optimal default values.

Configures the algorithm used to average RSSI and SNR values.

simple

Specifies a faster algorithm that requires low CPU overhead but provides less accuracy.

rssi-average

Specifies a more accurate algorithm but requires more CPU overhead.

rssi-half-life

Note

 

We recommend that you do not use or modify the config location rssi-half-life command. It is set to optimal default values.

Configures the half-life when averaging two RSSI readings.

expiry

Note

 

We recommend that you do not use or modify the config location expiry command. It is set to optimal default values.

Configures the timeout for RSSI values.

client

(Optional) Specifies the parameter applies to client devices.

calibrating-client

(Optional) Specifies the parameter is used for calibrating client devices.

tags

(Optional) Specifies the parameter applies to radio frequency identification (RFID) tags.

rogue-aps

(Optional) Specifies the parameter applies to rogue access points.

seconds

Time value (0, 1, 2, 5, 10, 20, 30, 60, 90, 120, 180, 300 seconds).

notify-threshold

Note

 

We recommend that you do not use or modify the config location notify-threshold command. It is set to optimal default values.

Specifies the NMSP notification threshold for RSSI measurements.

threshold

Threshold parameter. The range is 0 to 10 dB, and the default value is 0 dB.

interface-mapping

Adds or deletes a new location, wireless LAN, or interface mapping element.

wlan_id

WLAN identification name.

interface_name

Name of interface to which mapping element applies.

plm

Specifies the path loss measurement (S60) request for normal clients or calibrating clients.

client

Specifies normal, noncalibrating clients.

burst_interval

Burst interval. The range is from 1 to 3600 seconds, and the default value is 60 seconds.

calibrating

Specifies calibrating clients.

uniband

Specifies the associated 802.11a or 802.11b/g radio (uniband).

multiband

Specifies the associated 802.11a/b/g radio (multiband).

Command Default

See the “Syntax Description” section for default values of individual arguments and keywords.

Command History

Release Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to specify the simple algorithm for averaging RSSI and SNR values on a location-based controller:


(Cisco Controller) > config location algorithm simple

config location info rogue

To configure info-notification for rogue service, use the config location info rogue command.

config location info rogue { basic | extended }

Syntax Description

basic
Configures basic rogue parameters such as mode, class, containmentlevel, numclients, firsttime, lasttime, ssid, and so on, for rogue info-notification service.

Note

 
Configure the basic parameters if the version of Cisco MSE is older than the version of the controller.
extended

Configures extended rogue parameters, which is basic parameters plus security type, detecting LRAD type, and so on, for rogue info-notification service.

Command History

Release Modification
8.0 This command was introduced.

config logging buffered

To set the severity level for logging messages to the controller buffer, use the config logging buffered command.

config logging buffered security_level

Syntax Description

security_level

Security level. Choose one of the following:

  • emergencies—Severity level 0

  • alerts—Severity level 1

  • critical—Severity level 2

  • errors—Severity level 3

  • warnings—Severity level 4

  • notifications—Severity level 5

  • informational—Severity level 6

  • debugging—Severity level 7

Command Default

None

Command History

Release Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to set the controller buffer severity level for logging messages to 4:


(Cisco Controller) > config logging buffered 4

config logging console

To set the severity level for logging messages to the controller console, use the config logging console command.

config logging console security_level

Syntax Description

security_level

Severity level. Choose one of the following:

  • emergencies—Severity level 0

  • alerts—Severity level 1

  • critical—Severity level 2

  • errors—Severity level 3

  • warnings—Severity level 4

  • notifications—Severity level 5

  • informational—Severity level 6

  • debugging—Severity level 7

Command Default

None

Command History

Release Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to set the controller console severity level for logging messages to 3:


(Cisco Controller) > config logging console 3

config logging debug

To save debug messages to the controller buffer, the controller console, or a syslog server, use the config logging debug command.

config logging debug { buffered | console | syslog} { enable | disable}

Syntax Description

buffered

Saves debug messages to the controller buffer.

console

Saves debug messages to the controller console.

syslog

Saves debug messages to the syslog server.

enable

Enables logging of debug messages.

disable

Disables logging of debug messages.

Command Default

The console command is enabled and the buffered and syslog commands are disabled by default.

Command History

Release Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to save the debug messages to the controller console:


(Cisco Controller) > config logging debug console enable

config logging fileinfo

To cause the controller to include information about the source file in the message logs or to prevent the controller from displaying this information, use the config logging fileinfo command.

config logging fileinfo { enable | disable}

Syntax Description

enable

Includes information about the source file in the message logs.

disable

Prevents the controller from displaying information about the source file in the message logs.

Command Default

None

Command History

Release Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable the controller to include information about the source file in the message logs:


(Cisco Controller) > config logging fileinfo enable

config logging procinfo

To cause the controller to include process information in the message logs or to prevent the controller from displaying this information, use the config logging procinfo command.

config logging procinfo { enable | disable}

Syntax Description

enable

Includes process information in the message logs.

disable

Prevents the controller from displaying process information in the message logs.

Command Default

None

Command History

Release Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable the controller to include the process information in the message logs:


(Cisco Controller) > config logging procinfo enable

config logging traceinfo

To cause the controller to include traceback information in the message logs or to prevent the controller from displaying this information, use the config logging traceinfo command.

config logging traceinfo { enable | disable}

Syntax Description

enable

Includes traceback information in the message logs.

disable

Prevents the controller from displaying traceback information in the message logs.

Command Default

None

Command History

Release Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to disable the controller to include the traceback information in the message logs:


(Cisco Controller) > config logging traceinfo disable

config logging syslog host

To configure a remote host for sending syslog messages, use the config logging syslog host command.

config logging syslog host ip_addr

Syntax Description

ip_addr

IP address for the remote host.

Command Default

None

Command History

Release Modification

7.6

This command was introduced in a release earlier than Release 7.6.

8.0

This command supports both IPv4 and IPv6 address formats.

Usage Guidelines

  • To configure a remote host for sending syslog messages, use the config logging syslog host ip_addr command.

  • To remove a remote host that was configured for sending syslog messages, use the config logging syslog host ip_addr delete command.

  • To display the configured syslog servers on the controller, use the show logging command.

Examples

The following example shows how to configure two remote hosts 10.92.125.52 and 2001:9:6:40::623 for sending the syslog messages and displaying the configured syslog servers on the controller:


(Cisco Controller) > config logging syslog host 10.92.125.52
System logs will be sent to 10.92.125.52 from now on

(Cisco Controller) > config logging syslog host 2001:9:6:40::623
System logs will be sent to 2001:9:6:40::623 from now on

(Cisco Controller) > show logging
Logging to buffer :
- Logging of system messages to buffer :
 - Logging filter level.......................... errors
 - Number of system messages logged.............. 1316
 - Number of system messages dropped............. 6892
- Logging of debug messages to buffer ........... Disabled
 - Number of debug messages logged............... 0
 - Number of debug messages dropped.............. 0
- Cache of logging  ............................. Disabled
- Cache of logging time(mins) ................... 10080
- Number of over cache time log dropped  ........ 0
Logging to console :
- Logging of system messages to console :
 - Logging filter level.......................... disabled
 - Number of system messages logged.............. 0
 - Number of system messages dropped............. 8243
- Logging of debug messages to console .......... Enabled
 - Number of debug messages logged............... 0
 - Number of debug messages dropped.............. 0
Logging to syslog :
- Syslog facility................................ local0
- Logging of system messages to console :
 - Logging filter level.......................... disabled
 - Number of system messages logged.............. 0
 - Number of system messages dropped............. 8208
- Logging of debug messages to console .......... Enabled
 - Number of debug messages logged............... 0
 - Number of debug messages dropped.............. 0
- Logging of system messages to syslog :
 - Logging filter level.......................... errors
 - Number of system messages logged.............. 1316
 - Number of system messages dropped............. 6892
- Logging of debug messages to syslog ........... Disabled
 - Number of debug messages logged............... 0
 - Number of debug messages dropped.............. 0
- Number of remote syslog hosts.................. 2
- syslog over tls................................ Disabled
  - Host 0....................................... 10.92.125.52
  - Host 1....................................... 2001:9:6:40::623
  - Host 2.......................................
Logging of RFC 5424.............................. Disabled
Logging of Debug messages to file :
- Logging of Debug messages to file.............. Disabled
- Number of debug messages logged................ 0
- Number of debug messages dropped............... 0
Logging of traceback............................. Enabled

The following example shows how to remove two remote hosts 10.92.125.52 and 2001:9:6:40::623 that were configured for sending syslog messages and displaying that the configured syslog servers were removed from the controller:


(Cisco Controller) > config logging syslog host 10.92.125.52 delete
System logs will not be sent to 10.92.125.52 anymore

(Cisco Controller) > config logging syslog host 2001:9:6:40::623 delete
System logs will not be sent to 2001:9:6:40::623 anymore

(Cisco Controller) > show logging

Logging to buffer :
- Logging of system messages to buffer :
 - Logging filter level.......................... errors
 - Number of system messages logged.............. 1316
 - Number of system messages dropped............. 6895
- Logging of debug messages to buffer ........... Disabled
 - Number of debug messages logged............... 0
 - Number of debug messages dropped.............. 0
- Cache of logging  ............................. Disabled
- Cache of logging time(mins) ................... 10080
- Number of over cache time log dropped  ........ 0
Logging to console :
- Logging of system messages to console :
 - Logging filter level.......................... disabled
 - Number of system messages logged.............. 0
 - Number of system messages dropped............. 8211
- Logging of debug messages to console .......... Enabled
 - Number of debug messages logged............... 0
 - Number of debug messages dropped.............. 0
Logging to syslog :
- Syslog facility................................ local0
- Logging of system messages to syslog :
 - Logging filter level.......................... errors
 - Number of system messages logged.............. 1316
 - Number of system messages dropped............. 6895
- Logging of debug messages to syslog ........... Disabled
 - Number of debug messages logged............... 0
 - Number of debug messages dropped.............. 0
- Number of remote syslog hosts.................. 0
- syslog over tls................................ Disabled
  - Host 0.......................................
  - Host 1.......................................
  - Host 2.......................................
Logging of RFC 5424.............................. Disabled
Logging of Debug messages to file :
- Logging of Debug messages to file.............. Disabled
- Number of debug messages logged................ 0
- Number of debug messages dropped............... 0
Logging of traceback............................. Enabled
- Traceback logging level........................ errors
Logging of source file informational............. Enabled
Timestamping of messages.........................
- Timestamping of system messages................ Enabled
 - Timestamp format.............................. Date and Time

config logging syslog facility

To set the facility for outgoing syslog messages to the remote host, use the config logging syslog facility command.

config logging syslog facility facility_code

Syntax Description

facility_code

Facility code. Choose one of the following:

  • authorization—Authorization system. Facility level—4.

  • auth-private—Authorization system (private). Facility level—10.

  • cron—Cron/at facility. Facility level—9.

  • daemon—System daemons. Facility level—3.

  • ftp—FTP daemon. Facility level—11.

  • kern—Kernel. Facility level—0.

  • local0—Local use. Facility level—16.

  • local1—Local use. Facility level—17.

  • local2—Local use. Facility level—18.

  • local3—Local use. Facility level—19.

  • local4—Local use. Facility level—20.

  • local5—Local use. Facility level—21.

  • local6—Local use. Facility level—22.

  • local7—Local use. Facility level—23.

  • lpr—Line printer system. Facility level—6.

  • mail—Mail system. Facility level—2.

  • news—USENET news. Facility level—7.

  • sys12—System use. Facility level—12.

  • sys13—System use. Facility level—13.

  • sys14—System use. Facility level—14.

  • sys15—System use. Facility level—15.

  • syslog—The syslog itself. Facility level—5.

  • user—User process. Facility level—1.

  • uucp—UNIX-to-UNIX copy system. Facility level—8.

Command Default

None

Command History

Release Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to set the facility for outgoing syslog messages to authorization:


(Cisco Controller) > config logging syslog facility authorization

config logging syslog facility client

To configure the syslog facility to AP, use the config logging syslog facility client { assocfail Dot11 | associate Dot11 | authentication | authfail Dot11 | deauthenticate Dot11 | disassociate Dot11 | exclude}{ enable | disable} command.

config logging syslog facility Client

Syntax Description

Client

Facility Client. Has the following functions:
  • assocfail Dot11—Association fail syslog for clients

  • associate Dot11—Association syslog for clients

  • authentication—Authentication success syslog for clients

  • authfail Dot11—Authentication fail syslog for clients

  • deauthenticate Dot11—Deauthentication syslog for clients

  • disassociate Dot11—Disassociation syslog for clients

  • excluded—Excluded syslog for clients

Command Default

None

Command History

Release Modification

7.5

This command was introduced in a release earlier than Release 7.5.

Examples

The following example shows how to set the facility syslog facility for client:


cisco controller config logging syslog facility client

config logging syslog facility ap

To configure the syslog facility to AP, use the config logging syslog facility ap{ associate | disassociate}{ enable | disable} command.

config logging syslog facility AP

Syntax Description

AP

Facility AP. Has the following functions:

  • associate—Association syslog for AP

  • disassociate—Disassociation syslog for AP

Command Default

None

Command History

Release Modification

7.5

This command was introduced in a release earlier than Release 7.5.

Examples

The following example shows how to configure syslog facility for AP:


cisco controller config logging syslog facility ap

config logging syslog ipsec

To configure transmission of syslog messages over IPSec, use the config logging syslog ipsec command.

config logging syslog ipsec { enable | disable }

Syntax Description

enable

Enables transmission of syslog messages over IPSec.

disable

Disables transmission of syslog messages over IPSec.

Command Default

By default, transmission of syslog messages over IPSec is disabled.

Command History

Release Modification

8.0

This command was introduced.

Examples

The following example shows how to enable transmission of syslog messages over IPSec:


(Cisco Controller) > config logging syslog ipsec enable

config logging syslog ipsec profile

To configure an IPSec profile to define IPSec parameters for the connection, use the config logging syslog ipsec profile command.

config logging syslog ipsec profile profile-name

Syntax Description

profile-name

Name of the IPSec profile to use.

Command Default

None

Command History

Release Modification

8.0

This command was introduced.

Examples

The following example shows how to configure an IPSec profile name to define IPSec parameters:


(Cisco Controller) > config logging syslog ipsec profile ipsec-profile-1

config logging syslog tls

To configure transmission of syslog messages over transport layer security (TLS), use the config logging syslog tls command.

config logging syslog tls { enable | disable }

Syntax Description

enable

Enables transmission of syslog messages over TLS.

Enabling syslog over TLS on the controller enables the feature for all syslog hosts defined in the controller. You can define up to three syslog hosts per controller. The controller transmits messages concurrently to all the configured syslog hosts.

disable

Disables transmission of syslog messages over TLS.

Command Default

By default, transmission of syslog messages over TLS is disabled.

Command History

Release Modification

8.0

This command was introduced.

Examples

The following example shows how to enable transmission of syslog messages over TLS:


(Cisco Controller) > config logging syslog tls enable

config logging syslog level

To set the severity level for filtering syslog messages to the remote host, use the config logging syslog level command.

config logging syslog level severity_level

Syntax Description

severity_level

Severity level. Choose one of the following:

  • emergencies—Severity level 0

  • alerts—Severity level 1

  • critical—Severity level 2

  • errors—Severity level 3

  • warnings—Severity level 4

  • notifications—Severity level 5

  • informational—Severity level 6

  • debugging—Severity level 7

Command Default

None

Command History

Release Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to set the severity level for syslog messages to 3:


(Cisco Controller) > config logging syslog level 3

config loginsession close

To close all active Telnet sessions, use the config loginsession close command.

config loginsession close { session_id | all}

Syntax Description

session_id

ID of the session to close.

all

Closes all Telnet sessions.

Command Default

None

Command History

Release Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to close all active Telnet sessions:


(Cisco Controller) > config loginsession close all

config macfilter

To create or delete a MAC filter entry on the Cisco wireless LAN controller, use the config macfilter { add | delete} command.

config macfilter { add client_MAC wlan_id [ interface_name] [ description] [ macfilter_IP] | delete client_MAC}

Syntax Description

add

Adds a MAC filter entry on the controller.

delete

Deletes a MAC filter entry on the controller.

MAC_addr

Client MAC address.

wlan_id

Wireless LAN identifier with which the MAC filter entry should associate. A zero value associates the entry with any wireless LAN.

interface_name

(Optional) Name of the interface. Enter 0 to specify no interface.

description

(Optional) Short description of the interface (up to 32 characters) in double quotes.

Note

 

A description is mandatory if macfilterIP is specified.

IP Address

(Optional) IPv4 address of the local MAC filter database.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Use the config macfilter add command to add a client locally to a wireless LAN on the Cisco wireless LAN controller. This filter bypasses the RADIUS authentication process.

As on release 7.6, the optional macfilter_IP supports only IPv4 address.

Examples

The following example shows how to add a MAC filter entry 00:E0:77:31:A3:55 with the wireless LAN ID 1, interface name labconnect, and MAC filter IP 10.92.125.51 on the controller:

(Cisco Controller) > config macfilter add 00:E0:77:31:A3:55 1 lab02 “labconnect” 10.92.125.51

config macfilter description

To add a description to a MAC filter, use the config macfilter description command.

config macfilter description MAC addrdescription

Syntax Description

MAC addr

Client MAC address.

description

(Optional) Description within double quotes (up to 32 characters).

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure the description MAC filter 01 to MAC address 11:11:11:11:11:11:

(Cisco Controller) > config macfilter description 11:11:11:11:11:11 “MAC Filter 01”

config macfilter interface

To create a MAC filter client interface, use the config macfilter interface command.

config macfilter interface MAC_addr interface

Syntax Description

MAC addr

Client MAC address.

interface

Interface name. A value of zero is equivalent to no name.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure a MAC filer interface Lab01 on client 11:11:11:11:11:11:


(Cisco Controller) > config macfilter interface 11:11:11:11:11:11 Lab01

config macfilter ip-address

To enter passive client IP address , use the config macfilter ip-address command.

config macfilterip-address MAC_addr IP Address

Syntax Description

MAC_addr

MAC address of the client.

IP Address

Adds an IP address for passive clients.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.
8.0 This command supports only IPv4.

Examples

The following example shows how to add an IP address for a passive client:

(Cisco Controller) > config macfilter ip-address aa-bb-cc-dd-ee-ff 10.92.125.51

config macfilter mac-delimiter

To set the MAC delimiter (colon, hyphen, none, and single-hyphen) for MAC addresses sent to RADIUS servers, use the config macfilter mac-delimiter command.

config macfilter mac-delimiter { none | colon | hyphen | single-hyphen}

Syntax Description

none

Disables the delimiters (for example, xxxxxxxxxx).

colon

Sets the delimiter to a colon (for example, xx:xx:xx:xx:xx:xx).

hyphen

Sets the delimiter to a hyphen (for example, xx-xx-xx-xx-xx-xx).

single-hyphen

Sets the delimiter to a single hyphen (for example, xxxxxx-xxxxxx).

Command Default

The default delimiter is hyphen.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to have the operating system send MAC addresses to the RADIUS server in the form aa:bb:cc:dd:ee:ff:

(Cisco Controller) > config macfilter mac-delimiter colon

The following example shows how to have the operating system send MAC addresses to the RADIUS server in the form aa-bb-cc-dd-ee-ff:

(Cisco Controller) > config macfilter mac-delimiter hyphen

The following example shows how to have the operating system send MAC addresses to the RADIUS server in the form aabbccddeeff:

(Cisco Controller) > config macfilter mac-delimiter none

config macfilter radius-compat

To configure the Cisco wireless LAN controller for compatibility with selected RADIUS servers, use the config macfilter radius-compat command.

config macfilter radius-compat { cisco | free | other}

Syntax Description

cisco

Configures the Cisco ACS compatibility mode (password is the MAC address of the server).

free

Configures the Free RADIUS server compatibility mode (password is secret).

other

Configures for other server behaviors (no password is necessary).

Command Default

Other

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.
8.0 This command supports only IPv4.

Examples

The following example shows how to configure the Cisco ACS compatibility mode to “other”:


(Cisco Controller) > config macfilter radius-compat other

config macfilter wlan-id

To modify a wireless LAN ID for a MAC filter, use the config macfilter wlan-id command.

config macfilter wlan-id MAC_addr WLAN_id

Syntax Description

MAC addr

Client MAC address.

WLAN_id

Wireless LAN identifier to associate with. A value of zero is not allowed.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to modify client wireless LAN ID 2 for a MAC filter 11:11:11:11:11:11:


(Cisco Controller) > config macfilter wlan-id 11:11:11:11:11:11 2

config mdns ap

To configure multicast Domain Name System (mDNS) snooping on an access point, use the config mdns ap command.

config mdns ap { enable { ap_name | all} [ vlan vlan_id] | disable { ap_name | all} | vlan { add | delete} vlan ap_name}

Syntax Description

enable

Enables mDNS snooping on an access point.

ap_name

Name of the access point on which mDNS snooping has to be configured.

all

Configures mDNS snooping on all access points.

vlan

(Optional) Configures the VLAN on which the access point snoops and forwards the mDNS packets.

vlan_id

VLAN identifier.

disable

Disables mDNS snooping on an access point.

add

Adds a VLAN from which the access point snoops and forwards the mDNS packets to the controller. You can configure up to 10 VLANs for an mDNS access point.

delete

Deletes a VLAN from which the access point snoops and forwards the mDNS packets to the controller.

Command Default

The mDNS-enabled access point snoops the access or native VLANs by default.

Command History

Release Modification

7.5

This command was introduced.

Usage Guidelines

Enabling mDNS snooping on access points allows the access points to snoop the wired services on VLANs that are invisible to the controller. mDNS snooping is supported only on local-mode and monitor-mode access points. The access point must be in the access mode or trunk mode. If the access point is in the trunk mode, you must configure the VLAN on the controller on which the access point snoops and forwards the mDNS packets. You must also configure the native VLAN from the controller for the access point to snoop and send mDNS queries on. The access point also tags the packets with the native VLAN.

Global mDNS snooping overrides mDNS access point snooping.

Examples

The following example shows how to enable mDNS snooping on an access point and the VLAN on which it must snoop for mDNS packets:


(Cisco Controller) > config mdns ap enable vlan 1

config mdns profile

To configure a multicast DNS (mDNS) profile and associate a service with the profile, use the config mdns profile command.

config mdns profile { create | delete | service { add | delete} service _name profile_name

Syntax Description

create

Creates an mDNS profile.

delete

Deletes an mDNS profile. If the profile is associated to an interface group, an interface, or a WLAN, an error appears.

service

Configures an mDNS service.

add

Adds an mDNS service to an mDNS profile.

delete

Deletes an mDNS service from an mDNS profile.

service -name

Name of the mDNS service.

profile_name

Name of the mDNS profile. You can create a maximum of 16 profiles.

Command Default

By default, the controller has an mDNS profile, default-mdns-profile. You cannot delete this default profile.

Command History

Release Modification

7.4

This command was introduced.

Usage Guidelines

After creating a new profile, you must map the profile to an interface group, an interface, or a WLAN. Clients receive service advertisements only for the services associated with the profile. The controller gives the highest priority to the profiles associated to interface groups, followed by the interface profiles, and then the WLAN profiles. Each client is mapped to a profile based on the order of priority.

By default, the controller has an mDNS profile, default-mdns-profile. You cannot delete this default profile.

Examples

The following example shows how to add the Apple TV mDNS service to the mDNS profile1.


(Cisco Controller) > config mdns profile create profile1 Apple TV

config mdns query interval

To configure the query interval for multicast DNS (mDNS) services, use the config mdns query interval command.

config mdns query interval interval_value

Syntax Description

interval_value

mDNS query interval, in minutes, that you can set. The query interval is the frequency at which the controller sends periodic queries to all the services defined in the Master Services database. The range is from 10 to 120.

Command Default

The default query interval for an mDNS service is 15 minutes.

Command History

Release Modification

7.4

This command was introduced.

Usage Guidelines

The controller snoops and learns about the mDNS service advertisements only if the service is available in the Master Services database. mDNS uses the multicast IP address 224.0.0.251 as the destination address and 5353 as UDP destination port.

Examples

The following example shows how to configure the query interval for mDNS services as 20 minutes.


(Cisco Controller) > config mdns query interval 20

config mdns service

To configure multicast DNS (mDNS) services in the master services database, use the config mdns service command.

The following command is valid in Release 7.5 and later releases:

config mdns service { create service_name service_string origin { Wireless | Wired | All} lss { enable | disable} [ query { enable | disable}] | lss { enable | disable} { service_name | all} | priority-mac { add | delete} priority-mac service_name [ ap-group ap-group-name] | origin { Wireless | Wired | All} { service_name | all}}

Syntax Description

create

Adds a new mDNS service to the Master Services database.

service_name

Name of the mDNS service, for example, Air Tunes, iTunes Music Sharing, FTP, Apple File Sharing Protocol (AFP).

service_string

Unique string associated to an mDNS service, for example, _airplay._tcp.local. is the service string associated with Apple TV.

delete
Deletes an mDNS service from the Master Services database. Before deleting the service, the controller checks if any profile is using the service.

Note

 
You must delete the service from all profiles before deleting it.
query

Configures the query status for the mDNS service.

enable

Enables periodic query for an mDNS service by the controller.

disable

Disables periodic query for an mDNS service by the controller.

origin

Configures the origin of the mDNS service. You can restrict the origin of the service as wired or wireless.

Wireless

Configures the origin of the mDNS service as wireless.

Wired

Configures the origin of the mDNS service as wired.

All

Configures the origin of the mDNS service as wireless or wired.

lss

Configures Location Specific Services (LSS) for a service or all mDNS services. LSS is not applicable for registered service providers. The registered service providers are always included if the querying client corresponds to the user. You cannot configure LSS on the services configured as only wired.

all

Configures LSS for all mDNS services.

priority-mac

Configures the MAC address of a service provider device. This device gets a priority even if the service provider database is full.

add

Adds the MAC address of a service provider device for priority.

You can configure up to 50 MAC addresses for a service.

delete

Deletes the MAC address of a service provider device from the priority list.

priority-mac

MAC address of a service provider device that needs priority. The MAC address must be unique for each service.

ap-group

Configures the access point group for wired service providers. These service providers get priority over others. When a client mNDS query originates from this AP group, the wired entries with priority MAC addresses and access point groups are listed first in the aggregated response.

ap-group-name

Name of the access point group to which the service provider belongs.

Command Default

By default, LSS is disabled, but it is enabled for all the discovered services.

Command History

Release Modification

7.4

This command was introduced.

7.5

This command was modified. The origin , Wireless , Wired , All , lss , priority-mac , add , delete , ap-group keywords and priority-mac ap-group-name arguments were added.

Usage Guidelines

In Release 7.5 and later releases, the maximum number of service providers for different controller models are as follows:
  • Cisco 5500 Series Controller and Cisco 2500 Series Controller—6400
  • Cisco Wireless Services Module 2—6400

  • Cisco 8500 Series Controller and Cisco 7500 Series Controller—16000

You cannot change the services with the origin set to Wireless to Wired if LSS is enabled for the service.

Examples

The following example shows how to add the HTTP mDNS service to the Master Services database, configure the origin as wireless, and enable LSS for the service:


(Cisco Controller) > config mdns service create http _http._tcp.local. origin wireless lss enable


The following example shows how to add a priority MAC address of a HTTP service provider device:


(Cisco Controller) >config mdns service priority-mac add 44:03:a7:a3:04:45 http

config mdns snooping

To enable or disable global multicast DNS (mDNS) snooping on the controller, use the config mdns snooping command.

config mdns snooping { enable | disable}

Syntax Description

enable

Enables mDNS snooping on the controller.

disable

Disables mDNS snooping on the controller.

Command Default

By default, mDNS snooping is enabled on the controller.

Command History

Release Modification

7.4

This command was introduced.

Usage Guidelines

mDNS service discovery provides a way to announce and discover services on the local network. mDNS perform DNS queries over IP multicast. mDNS supports zero configuration IP networking.

Examples

The following example shows how to enable mDNS snooping:


(Cisco Controller) > config mdns snooping enable

config mdns policy enable

To configure the mDNS policy use the config mdns policy enable | disable command.

config mdns policy enable | disable

Syntax Description

policy

Name of the mDNS policy.

enable

Enables the policy for an mDNS service by the controller.

disable

Disables the policy for an mDNS service by the controller.

Command Default

None

Command History

Release Modification
8.0

This command was introduced.

Usage Guidelines

This command is valid for 8.0 release onwards.

Examples

The following example show how to configure the mDNS policy.

(Cisco Controller) >config mdns
	 policy enable

config mdns policy service-group

To create or delete mDNS policy service group use the config mdns policy service-group command.

config mdns policy service-group { create | delete} service-group-name

Syntax Description

create

Creates the mDNS service group.

delete

Deletes the mDNS service group.

service-group-name

Name of the service group.

Command Default

None

Command History

Release Modification
8.0

This command was introduced.

Examples

The following example shows how to delete a mDNS service group.

(Cisco Controller) >config mdns policy service-group create <service-group-name> 

config mdns policy service-group parameters

To configure the parameters of a service group, use the config mdns policy service-group command.

config mdns policy service-group device-mac add service-group-name mac-addr device name location-type [AP_LOCATION | AP_NAME |AP_GROUP] device-location [location string |any | same]

Syntax Description

device-mac

Configures MAC address of a service provider device.

add

Adds the service group name of the service provider device.

service-group-name

Name of a mDNS service group.

device-name

Name of a device to which the service provider belongs.

location type

Configures a location type of a service provider device.

[AP_LOCATION | AP_NAME | AP_GROUP]

Name, location, group of the access point.

device-location

Configures location of a device to which the service provider belongs.

[location string |any | same]

location string of a device.

Command Default

None

Command History

Release Modification
8.0

This command was introduced.

Examples

The following example shows how to configure a location type of a service provider device.

(Cisco Controller) >config mdns policy service-group location type [AP_LOCATION | AP_NAME | AP_GROUP]

config mdns policy service-group user-name

To configure a user role for a mDNS service group, use the config mdns policy service-group user-name add | delete <service-group-name> <user-role-name>command

config mdns policy service-group user-name add | delete service-group-name user-name

Syntax Description

user-name

Configures name of a user for mDNS service group.

service-group-name

Name of a mDNS service group

user-name

Name of the user role for mDNS service group

Command Default

None

Command History

Release Modification
8.0

This command was introduced.

Examples

The following example show how to add user name for a mDNS service group

(Cisco Controller) >config mdns policy service-group user-name add <service-group-name> <user-role-name>

config mdns policy service-group user-role

To configure a user role for a mDNS service group, use the config mdns policy service-group user-role add | delete <service-group-name> <user-role-name>command.

config mdns policy service-group user-role add | delete service-group-name user-role-name

Syntax Description

user-role

Configures a user role for mDNS service group.

service-group-name

Name of a mDNS service group

user-role-name

Name of the user role for mDNS service group

Command Default

None

Command History

Release Modification
8.0

This command was introduced.

Examples

The following example show how to add user role details for a mDNS service group

(Cisco Controller) >config mdns policy service-group user-role add <service-group-name> <user-role-name>

config media-stream multicast-direct

To configure the media-stream multicast direct, use the config media-stream multicast direct command.

config media-stream multicast-direct { enable | disable}

Syntax Description

enable

Enables a media stream.

disable

Disables a media stream.

Command Default

None.

Usage Guidelines

Media-stream multicast-direct requires load based Call Admission Control (CAC) to run.

Examples

This example shows how to enable media-stream multicast-direct settings:


> config media-stream multicast-direct enable

This example shows how to disable media-stream multicast-direct settings:


> config media-stream multicast-direct disable

config media-stream message

To configure various parameters of message configuration, use the config media-stream message command.

config media-stream message { state [ enable | disable] | url url | email email | phone phone_number | note note}

Syntax Description

state

Specifies the media stream message state.

enable

(Optional) Enables the session announcement message state.

disable

(Optional) Disables the session announcement message state.

url

Configures the URL.

url

Session announcement URL.

email

Configures the email ID.

email

Specifies the session announcement e-mail.

phone

Configures the phone number.

phone_number

Session announcement phone number.

note

Configures the notes.

note

Session announcement notes.

Command Default

Disabled.

Usage Guidelines

Media-stream multicast-direct requires load-based Call Admission Control (CAC) to run.

Examples

This example shows how to enable the session announcement message state:


> config media-stream message state enable 

This example shows how to configure the session announcement e-mail address:


> config media-stream message mail abc@co.com 

config media-stream add

To configure the various global media-stream configurations, use the config media-stream add command.

config media-stream add multicast-direct media_stream_name start-IP end-IP [ template { very coarse | coarse | ordinary | low-resolution | med-resolution | high-resolution} | detail { bandwidth packet-size { periodic| initial}} qos priority { drop | fallback}

Syntax Description

multicast-direct

Specifies the media stream for the multicast-direct setting.

media_stream_name

Media-stream name.

start-IP

IP multicast destination start address.

end-IP

IP multicast destination end address.

template

(Optional) Configures the media stream from templates.

very coarse

Applies a very-coarse template.

coarse

Applies a coarse template.

ordinary

Applies an ordinary template.

low-resolution

Applies a low-resolution template.

med-resolution

Applies a medium-resolution template.

high-resolution

Applies a high-resolution template.

detail

Configures the media stream with specific parameters.

bandwidth

Maximum expected stream bandwidth.

packet-size

Average packet size.

periodic

Specifies the periodic admission evaluation.

initial

Specifies the Initial admission evaluation.

qos

AIR QoS class (video only).

priority

Media-stream priority.

drop

Specifies that the stream is dropped on a periodic reevaluation.

fallback

Specifies if the stream is demoted to the best-effort class on a periodic reevaluation.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Media-stream multicast-direct requires load-based Call Admission Control (CAC) to run.

Examples

This example shows how to configure a new media stream:

> config media-stream add multicast-direct abc 227.8.8.8 227.9.9.9 detail 2 150 periodic video 1 drop

config media-stream admit

To allow traffic for a media stream group, use the config media-stream admit command.

config media-stream admit media_stream_name

Syntax Description

media_stream_name

Media-stream group name.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When you try to allow traffic for the media stream group, you will be prompted that IGMP snooping will be disabled and enabled again, and all clients might observe a glitch on the multicast traffic.

Examples

This example shows how to allow traffic for a media stream group:


(Cisco Controller) > config media-stream admit MymediaStream

config media-stream deny

To block traffic for a media stream group, use the config media-stream deny command.

Syntax Description

media_stream_name

Media-stream group name.

config media-stream deny media_stream_name

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When you try to block traffic for the media stream group, you will be prompted that IGMP snooping will be disabled and enabled again, and all clients might observe a glitch on the multicast traffic.

Examples

This example shows how to block traffic for a media stream group:


(Cisco Controller) > config media-stream deny MymediaStream

config media-stream delete

To configure the various global media-stream configurations, use the config media-stream delete command.

config media-stream delete media_stream_name

Syntax Description

media_stream_name

Media-stream name.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Media-stream multicast-direct requires load-based Call Admission Control (CAC) to run.

Examples

This example shows how to delete the media stream named abc:


(Cisco Controller) > config media-stream delete abc

config memory monitor errors

To enable or disable monitoring for memory errors and leaks, use the config memory monitor errors command.

config memory monitor errors { enable | disable}


Caution


The config memory monitor commands can be disruptive to your system and should be run only when you are advised to do so by the Cisco TAC.


Syntax Description

enable

Enables the monitoring for memory settings.

disable

Disables the monitoring for memory settings.

Command Default

Monitoring for memory errors and leaks is disabled by default.

Command History

Release Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Be cautious about changing the defaults for the config memory monitor command unless you know what you are doing, you have detected a problem, or you are collecting troubleshooting information.

Examples

The following example shows how to enable monitoring for memory errors and leaks for a controller:


(Cisco Controller) > config memory monitor errors enable

config memory monitor leaks

To configure the controller to perform an auto-leak analysis between two memory thresholds, use the config memory monitor leaks command.

config memory monitor leaks low_thresh high_thresh


Caution


The config memory monitor commands can be disruptive to your system and should be run only when you are advised to do so by the Cisco TAC.


Syntax Description

low_thresh

Value below which free memory cannot fall without crashing. This value cannot be set lower than 10000 KB.

high_thresh

Value below which the controller enters auto-leak-analysis mode. See the “Usage Guidelines” section.

Command Default

The default value for low_thresh is 10000 KB; the default value for high_thresh is 30000 KB.

Command History

Release Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Usage Guidelines


Note


Be cautious about changing the defaults for the config memory monitor command unless you know what you are doing, you have detected a problem, or you are collecting troubleshooting information.


Use this command if you suspect that a memory leak has occurred.

If the free memory is lower than the low_thresh threshold, the system crashes, generating a crash file. The default value for this parameter is 10000 KB, and you cannot set it below this value.

Set the high_thresh threshold to the current free memory level or higher so that the system enters auto-leak-analysis mode. After the free memory reaches a level lower than the specified high_thresh threshold, the process of tracking and freeing memory allocation begins. As a result, the debug memory events enable command shows all allocations and frees, and the show memory monitor detail command starts to detect any suspected memory leaks.

Examples

The following example shows how to set the threshold values for auto-leak-analysis mode to 12000 KB for the low threshold and 35000 KB for the high threshold:


(Cisco Controller) > config memory monitor leaks 12000 35000

config mesh alarm

To configure alarm settings for outdoor mesh access points, use the config mesh alarm command.

config mesh alarm { max-hop | max-children | low-snr | high-snr | association | 
 parent-change count} value

Syntax Description

max-hop

Sets the maximum number of hops before triggering an alarm for traffic over the mesh network. The valid values are 1 to 16 (inclusive).

max-children

Sets the maximum number of mesh access points (MAPs) that can be assigned to a mesh router access point (RAP) before triggering an alarm. The valid values are 1to 16 (inclusive).

low-snr

Sets the low-end signal-to-noise ratio (SNR) value before triggering an alarm. The valid values are 1 to 30 (inclusive).

high-snr

Sets the high-end SNR value before triggering an alarm. The valid values are 1 to 30 (inclusive).

association

Sets the mesh alarm association count value before triggering an alarm. The valid values are 1 to 30 (inclusive).

parent-change count

Sets the number of times a MAP can change its RAP association before triggering an alarm. The valid values are 1 to 30 (inclusive).

value

Value above or below which an alarm is generated. The valid values vary for each command.

Command Default

See the “Syntax Description” section for command and argument value ranges.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to set the maximum hops threshold to 8:

(Cisco Controller) >config mesh alarm max-hop 8

The following example shows how to set the upper SNR threshold to 25:

(Cisco Controller) >config mesh alarm high-snr 25 

config mesh astools

To globally enable or disable the anti-stranding feature for outdoor mesh access points, use the config mesh astools command.

config mesh astools { enable | disable}

Syntax Description

enable

Enables this feature for all outdoor mesh access points.

disable

Disables this feature for all outdoor mesh access points.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable anti-stranding on all outdoor mesh access points:

(Cisco Controller) >config mesh astools enable

config mesh backhaul rate-adapt

To globally configure the backhaul Tx rate adaptation (universal access) settings for indoor and outdoor mesh access points, use the config mesh backhaul rate-adapt command.

config mesh backhaul rate-adapt [ all | bronze | silver | gold | platinum] { enable | disable}

Syntax Description

all

(Optional) Grants universal access privileges on mesh access points.

bronze

(Optional) Grants background-level client access privileges on mesh access points.

silver

(Optional) Grants best effort-level client access privileges on mesh access points.

gold

(Optional) Grants video-level client access privileges on mesh access points.

platinum

(Optional) Grants voice-level client access privileges on mesh access points.

enable

Enables this backhaul access level for mesh access points.

disable

Disables this backhaul access level for mesh access points.

Command Default

Backhaul access level for mesh access points is disabled.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

To use this command, mesh backhaul with client access must be enabled by using the config mesh client-access command.


Note


After this feature is enabled, all mesh access points reboot.


Examples

The following example shows how to set the backhaul client access to the best-effort level:

(Cisco Controller) >config mesh backhaul rate-adapt silver

config mesh backhaul slot

To configure the slot radio as a downlink backhaul, use the config mesh backhaul slot command.

config mesh backhaul slot slot_id { enable | disable} cisco_ap

Syntax Description

slot_id

Slot number between 0 and 2.

enable

Enables the entered slot radio as a downlink backhaul.

disable

Disables the entered slot radio as a downlink backhaul.

cisco_ap

Name of the Root AP of the sector on which the backhaul needs to be enabled or disabled.

Command Default

The entered slot radio as a downlink backhaul is disabled.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

For 2.4 GHz, only slot 0 and 1 are valid. If slot 0 is enabled, slot 1 is automatically be disabled. If slot 0 is disabled, slot 1 is automatically enabled.

Examples

The following example shows how to enable slot 1 as the preferred backhaul for the root AP myrootap1:

(Cisco Controller) >config mesh backhaul slot 1 enable myrootap1

config mesh battery-state

To configure the battery state for Cisco mesh access points, use the config mesh battery-state command.

config mesh battery-state disable { all | cisco_ap}

Syntax Description

disable

Disables the battery-state for mesh access points.

all

Applies this command to all mesh access points.

cisco_ap

Specific mesh access point.

Command Default

Battery state is disabled.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to disable battery state for all mesh APs:

(Cisco Controller) >config mesh battery-state disable all

config mesh client-access

To enable or disable client access to the mesh backhaul on indoor and outdoor mesh access points, use the config mesh client-access command.

config mesh client-access { enable [ extended] | disable}

Syntax Description

enable

Allows wireless client association over the mesh access point backhaul 802.11a radio.

extended

(Optional) Enables client access over both the backhaul radios for backhaul access points.

disable

Restricts the 802.11a radio to backhaul traffic, and allows client association only over the 802.11b/g radio.

Command Default

Client access is disabled.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Backhaul interfaces (802.11a radios) act as primary Ethernet interfaces. Backhauls function as trunks in the network and carry all VLAN traffic between the wireless and wired network. No configuration of primary Ethernet interfaces is required.

When this feature is enabled, the mesh access points allow wireless client association over the 802.11a radio, which implies that a 152x mesh access point can carry both backhaul traffic and 802.11a client traffic over the same 802.11a radio.

When this feature is disabled, the mesh access points carry backhaul traffic over the 802.11a radio and allows client association only over the 802.11b/g radio.

Examples

The following example shows how to enable client access extended to allow a wireless client association over the 802.11a radio:

(Cisco Controller) >config mesh client-access enable extended
Enabling client access on both backhaul slots
 Same BSSIDs will be used on both slots
 All Mesh AP will be rebooted
 Are you sure you want to start? (y/N)Y


The following example shows how to restrict a wireless client association to the 802.11b/g radio:

(Cisco Controller) >config mesh client-access disable
All Mesh AP will be rebooted
Are you sure you want to start? (Y/N) Y
Backhaul with client access is canceled.

config mesh ethernet-bridging allow-bpdu

To configure STP BPDUs towards wired mesh uplink, use the config mesh ethernet-bridging allow-bpdu command.

config mesh ethernet-bridging allow-bpdu { enable | disable}

Syntax Description

enable

Enables STP BPDUs towards wired mesh uplink.

disable

Disables STP BPDUs towards wired mesh uplink.

Command Default

Disabled

Command History

Release Modification

8.0.110.0

This command was introduced.

Usage Guidelines

controller does not allow you to use this command if VLAN transparency is enabled.

config mesh ethernet-bridging vlan-transparent

To configure how a mesh access point handles VLAN tags for Ethernet bridged traffic, use the config mesh ethernet-bridging vlan-transparent command.

config mesh ethernet-bridging vlan-transparent { enable | disable}

Syntax Description

enable

Bridges packets as if they are untagged.

disable

Drops all tagged packets.

Command Default

Bridges packets as if they are untagged.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure Ethernet packets as untagged:

(Cisco Controller) >config mesh ethernet-bridging vlan-transparent enable

The following example shows how to drop tagged Ethernet packets:

(Cisco Controller) >config mesh ethernet-bridging vlan-transparent disable

config mesh full-sector-dfs

To globally enable or disable full-sector Dynamic Frequency Selection (DFS) on mesh access points, use the config mesh full-sector-dfs command.

config mesh full-sector-dfs { enable | disable}

Syntax Description

enable

Enables DFS for mesh access points.

disable

Disables DFS for mesh access points.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This command instructs the mesh sector to make a coordinated channel change on the detection of a radar signal. For example, if a mesh access point (MAP) detects a radar signal, the MAP will notify the root access point (RAP), and the RAP will initiate a sector change.

All MAPs and the RAP that belong to that sector go to a new channel, which lowers the probability of MAPs stranding when radar is detected on the current backhaul channel, and no other valid parent is available as backup.

Each sector change causes the network to be silent for 60 seconds (as dictated by the DFS standard).

It is expected that after a half hour, the RAP will go back to the previously configured channel, which means that if radar is frequently observed on a RAP's channel, it is important that you configure a different channel for that RAP to exclude the radar affected channel at the controller.

Examples

This example shows to enable full-sector DFS on mesh access points:

(Cisco Controller) >config mesh full-sector-dfs enable

config mesh linkdata

To enable external MAC filtering of access points, use the config mesh linkdata command.

config mesh linkdata destination_ap_name

Syntax Description

destination_ap_name

Destination access point name for MAC address filtering.

Command Default

External MAC filtering is disabled.

Usage Guidelines


Note


The config mesh linktest and config mesh linkdata commands are designed to be used together to verify information between a source and a destination access point. To get this information, first execute the config mesh linktest command with the access point that you want link data from in the dest_ap argument. When the command completes, enter the config mesh linkdata command and list the same destination access point, to display the link data will display (see example).


MAC filtering uses the local MAC filter on the controller by default.

When external MAC filter authorization is enabled, if the MAC address is not found in the local MAC filter, then the MAC address in the external RADIUS server is used.

MAC filtering protects your network against rogue mesh access points by preventing access points that are not defined on the external server from joining.

Before employing external authentication within the mesh network, the following configuration is required:

  • The RADUIS server to be used as an AAA server must be configured on the controller.

  • The controller must also be configured on the RADIUS server.

  • The mesh access point configured for external authorization and authentication must be added to the user list of the RADIUS server.

Examples

The following example shows how to enable external MAC address filtering on access point AP001d.710d.e300:

(Cisco Controller) >config mesh linkdata MAP2-1-1522.7400 AP001d.710d.e300 18 100 1000 30
LinkTest started on source AP, test ID: 0
[00:1D:71:0E:74:00]->[00:1D:71:0D:E3:0F]
Test config:  1000 byte packets at 100  pps for 30 seconds, a-link rate 18 Mb/s
In progress: | || || || || || || || || || || || || |
LinkTest complete
Results
=======
txPkts:             2977
txBuffAllocErr:        0
txQFullErrs:           0
Total rx pkts heard at destination:      2977
rx pkts decoded correctly:               2977
  err pkts: Total         0 (PHY 0 + CRC 0 + Unknown 0), TooBig 0, TooSmall 0
  rx lost packets:        0 (incr for each pkt seq missed or out of order)
  rx dup pkts:            0
  rx out of order:        0
avgSNR:    30, high:   33, low:    3
SNR profile         [0dB...60dB]
          0            6            0            0            0
          0            0            1            2           77
       2888            3            0            0            0
          0            0            0            0            0
    (>60dB)            0
avgNf:    -95, high:  -67, low:  -97
Noise Floor profile [-100dB...-40dB]
          0         2948           19            3            1
          0            0            0            0            0
          3            3            0            0            0
          0            0            0            0            0
    (>-40dB)           0
avgRssi:   64, high:   68, low:   63
RSSI profile        [-100dB...-40dB]
          0            0            0            0            0
          0            0            0            0            0
          0            0            0            0            0
          0            0            0            0            0
    (>-40dB)        2977
Summary PktFailedRate (Total pkts sent/recvd):                       0.000%
Physical layer Error rate (Total pkts with errors/Total pkts heard): 0.000%

This example shows how to enable external MAC filtering on access point AP001d.71d.e300:

(Cisco Controller) >config mesh linkdata AP001d.710d.e300
[SD:0,0,0(0,0,0), 0,0, 0,0]
[SD:1,105,0(0,0,0),30,704,95,707]
[SD:2,103,0(0,0,0),30,46,95,25]
[SD:3,105,0(0,0,0),30,73,95,29]
[SD:4,82,0(0,0,0),30,39,95,24]
[SD:5,82,0(0,0,0),30,60,95,26]
[SD:6,105,0(0,0,0),30,47,95,23]
[SD:7,103,0(0,0,0),30,51,95,24]
[SD:8,105,0(0,0,0),30,55,95,24]
[SD:9,103,0(0,0,0),30,740,95,749]
[SD:10,105,0(0,0,0),30,39,95,20]
[SD:11,104,0(0,0,0),30,58,95,23]
[SD:12,105,0(0,0,0),30,53,95,24]
[SD:13,103,0(0,0,0),30,64,95,43]
[SD:14,105,0(0,0,0),30,54,95,27]
[SD:15,103,0(0,0,0),31,51,95,24]
[SD:16,105,0(0,0,0),30,59,95,23]
[SD:17,104,0(0,0,0),30,53,95,25]
[SD:18,105,0(0,0,0),30,773,95,777]
[SD:19,103,0(0,0,0),30,745,95,736]
[SD:20,105,0(0,0,0),30,64,95,54]
[SD:21,103,0(0,0,0),30,747,95,751]
[SD:22,105,0(0,0,0),30,55,95,25]
[SD:23,104,0(0,0,0),30,52,95,35]
[SD:24,105,0(0,0,0),30,134,95,23]
[SD:25,103,0(0,0,0),30,110,95,76]
[SD:26,105,0(0,0,0),30,791,95,788]
[SD:27,103,0(0,0,0),30,53,95,23]
[SD:28,105,0(0,0,0),30,128,95,25]
[SD:29,104,0(0,0,0),30,49,95,24]
[SD:30,0,0(0,0,0), 0,0, 0,0]

config mesh linktest

To verify client access between mesh access points, use the config mesh linktest command.

config mesh linktest source_ap { dest_ap | MAC addr} datarate packet_rate packet_size duration

Syntax Description

source_ap

Source access point.

dest_ap

Destination access point.

MAC addr

MAC address.

datarate

  • Data rate for 802.11a radios. Valid values are 6, 9, 11, 12, 18, 24, 36, 48 and 54 Mbps.

  • Data rate for 802.11b radios. Valid values are 6, 12, 18, 24, 36, 54, or 100 Mbps.

  • Data rate for 802.11n radios. Valid values are MCS rates between m0 to m15.

packet_rate

Number of packets per second. Valid range is 1 through 3000, but the recommended default is 100.

packet_size

(Optional) Packet size in bytes. If not specified, packet size defaults to 1500 bytes.

duration

(Optional) Duration of the test in seconds. Valid values are 10-300 seconds, inclusive. If not specified, duration defaults to 30 seconds.

Command Default

100 packets per second, 1500 bytes, 30-second duration.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The config mesh linktest and config mesh linkdata commands are designed to be used together to verify information between a source and a destination access point. To get this information, first enter the config mesh linktest command with the access point that you want link data from in the dest_ap argument. When the command completes, enter the config mesh linkdata command and list the same destination access point, to display the link data.

The following warning message appears when you run a linktest that might oversubscribe the link:

Warning! Data Rate (100 Mbps) is not enough to perform this link test on packet size (2000bytes) and (1000) packets per second. This may cause AP to disconnect or reboot. Are you sure you want to continue?

Examples

The following example shows how to verify client access between mesh access points SB_MAP1 and SB_RAP2 at 36 Mbps , 20 fps , 100 frame size , and 15 -second duration:

(Cisco Controller) >config mesh linktest SB_MAP1 SB_RAP1 36 20 100 15
LinkTest started on source AP, test ID: 0
[00:1D:71:0E:85:00]->[00:1D:71:0E:D0:0F]
Test config:  100 byte packets at 20  pps for 15 seconds, a-link rate 36 Mb/s
In progress: | || || || || || |
LinkTest complete
Results
=======
txPkts:              290
txBuffAllocErr:        0
txQFullErrs:           0
Total rx pkts heard at destination:       290
rx pkts decoded correctly:
  err pkts: Total         0 (PHY 0 + CRC 0 + Unknown 0), TooBig 0, TooSmall 0
  rx lost packets:        0 (incr for each pkt seq missed or out of order)
  rx dup pkts:            0
  rx out of order:        0
avgSNR:    37, high:   40, low:    5
SNR profile         [0dB...60dB]
          0            1            0            0            1
          3            0            1            0            2
          8           27          243            4            0
          0            0            0            0            0
    (>60dB)            0
avgNf:    -89, high:  -58, low:  -90
Noise Floor profile [-100dB...-40dB]
          0            0            0          145          126
         11            2            0            1            0
          3            0            1            0            1
          0            0            0            0            0
    (>-40dB)           0
avgRssi:   51, high:   53, low:   50
RSSI profile        [-100dB...-40dB]
          0            0            0            0            0
          0            0            0            0            0
          0            0            0            0            0
          0            7          283            0            0
    (>-40dB)           0
Summary PktFailedRate (Total pkts sent/recvd):                       0.000%
Physical layer Error rate (Total pkts with errors/Total pkts heard): 0.000%


The following table lists the output flags displayed for the config mesh linktest command.

Table 1. Output Flags for the Config Mesh Linktest Command

Output Flag

Description

txPkts

Number of packets sent by the source.

txBuffAllocErr

Number of linktest buffer allocation errors at the source (expected to be zero).

txQFullErrs

Number of linktest queue full errors at the source (expected to be zero).

Total rx pkts heard at destination

Number of linktest packets received at the destination (expected to be same as or close to the txPkts).

rx pkts decoded correctly

Number of linktest packets received and decoded correctly at the destination (expected to be same as close to txPkts).

err pkts: Total

Packet error statistics for linktest packets with errors.

rx lost packets

Total number of linktest packets not received at the destination.

rx dup pkts

Total number of duplicate linktest packets received at the destination.

rx out of order

Total number of linktest packets received out of order at the destination.

avgNF

Average noise floor.

Noise Floor profile

Noise floor profile in dB and are negative numbers.

avgSNR

Average SNR values.

SNR profile [odb...60dB]

Histogram samples received between 0 to 60 dB. The different colums in the SNR profile is the number of packets falling under the bucket 0-3, 3-6, 6-9, up to 57-60.

avgRSSI

Average RSSI values. The average high and low RSSI values are positive numbers.

RSSI profile [-100dB...-40dB]

The RSSI profile in dB and are negative numbers.

config mesh lsc

To configure a locally significant certificate (LSC) on mesh access points, use the config mesh lsc command.

config mesh lsc { enable | disable}

Syntax Description

enable

Enables an LSC on mesh access points.

disable

Disables an LSC on mesh access points.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable LSC on mesh access points:

(Cisco Controller) >config mesh lsc enable

config mesh lsc advanced

To configure an advanced locally significant certificate (LSC) when a wildcard is used in an external authentication, authorization, and accounting (AAA) server for a mesh Access Point (AP), use the config mesh lsc advanced command.

config mesh lsc advanced { enable | disable}

Syntax Description

enable

Enables advanced LSC for a mesh AP.

disable

Disables advanced LSC for a mesh AP.

Command Default

None

Command History

Release Modification
8.0

This command was introduced.

Examples

The following example shows how to enable advanced LSC for a mesh AP:

(Cisco Controller) >config  mesh lsc advanced enable

config mesh lsc advanced ap-provision

To configure advanced mesh locally significant certificate (LSC) Access Point (AP) provision if a wildcard is used in an external authentication, authorization, and accounting (AAA) server for a mesh AP, use the config mesh lsc advanced ap-provision command.

config mesh lsc advanced ap-provision { enable | disable | open-window { enable | disable} | provision-controller { enable | disable}}

Syntax Description

enable

Enables advanced mesh LSC AP provision if a wildcard is used in an external AAA server for a mesh AP.

disable

Disables advanced mesh LSC AP provision if a wildcard is used in an external AAA server for a mesh AP .

open-window

Configures mesh LSC provision for all mesh APs without MAC validation.

enable

Enables AP provision for all mesh APs without MAC validation.

disable

Disables AP provision for all mesh APs without MAC validation.

provision-controller

Configures the provision controller details for mesh APs to get an LSC.

enable

Enables the provision controller option to get an LSC.

disable

Disables the provision controller option to get an LSC.

Command Default

None

Command History

Release Modification
8.0

This command was introduced.

Examples

The following example shows how to enable the advanced AP provision method:
(Cisco Controller) >config mesh lsc advanced ap-provision enable

config mesh multicast

To configure multicast mode settings to manage multicast transmissions within the mesh network, use the config mesh multicast command.

config mesh multicast { regular | in | in-out}

Syntax Description

regular

Multicasts the video across the entire mesh network and all its segments by bridging-enabled root access points (RAPs) and mesh access points (MAPs).

in

Forwards the multicast video received from the Ethernet by a MAP to the RAP’s Ethernet network. No additional forwarding occurs, which ensures that non-LWAPP multicasts received by the RAP are not sent back to the MAP Ethernet networks within the mesh network (their point of origin), and MAP-to-MAP multicasts do not occur because they are filtered out

in-out

Configures the RAP and MAP to multicast, but each in a different manner:

If multicast packets are received at a MAP over Ethernet, they are sent to the RAP; however, they are not sent to other MAP Ethernets, and the MAP-to-MAP packets are filtered out of the multicast.

If multicast packets are received at a RAP over Ethernet, they are sent to all the MAPs and their respective Ethernet networks. See the Usage Guidelines section for more information.

Command Default

In-out mode

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Multicast for mesh networks cannot be enabled using the controller GUI.

Mesh multicast modes determine how bridging-enabled access points mesh access points (MAPs) and root access points (RAPs) send multicasts among Ethernet LANs within a mesh network. Mesh multicast modes manage non-LWAPP multicast traffic only. LWAPP multicast traffic is governed by a different mechanism.

You can use the controller CLI to configure three mesh multicast modes to manage video camera broadcasts on all mesh access points. When enabled, these modes reduce unnecessary multicast transmissions within the mesh network and conserve backhaul bandwidth.

When using in-out mode, it is important to properly partition your network to ensure that a multicast sent by one RAP is not received by another RAP on the same Ethernet segment and then sent back into the network.


Note


If 802.11b clients need to receive CAPWAP multicasts, then multicast must be enabled globally on the controller as well as on the mesh network (by using the config network multicast global command). If multicast does not need to extend to 802.11b clients beyond the mesh network, you should disable the global multicast parameter.


Examples

The following example shows how to multicast video across the entire mesh network and all its segments by bridging-enabled RAPs and MAPs:

(Cisco Controller) >config mesh multicast regular

config mesh parent preferred

To configure a preferred parent for a mesh access point, use the config mesh parent preferred command.

config mesh parent preferred cisco_ap { mac_address | none}

Syntax Description

cisco_ap

Name of the child access point.

mac_address

MAC address of the preferred parent.

none

Clears the configured parent.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

A child AP selects the preferred parent based on the following conditions:

  • The preferred parent is the best parent.

  • The preferred parent has a link SNR of at least 20 dB (other parents, however good, are ignored).

  • The preferred parent has a link SNR in the range of 12 dB and 20 dB, but no other parent is significantly better (that is, the SNR is more than 20 percent better). For an SNR lower than 12 dB, the configuration is ignored.

  • The preferred parent is not in a blocked list.

  • The preferred parent is not in silent mode because of dynamic frequency selection (DFS).

  • The preferred parent is in the same bridge group name (BGN). If the configured preferred parent is not in the same BGN and no other parent is available, the child joins the parent AP using the default BGN.

Examples

The following example shows how to configure a preferred parent with the MAC address 00:21:1b:ea:36:60 for a mesh access point myap1:

(Cisco Controller) >config mesh parent preferred myap1 00:21:1b:ea:36:60

The following example shows how to clear a preferred parent with the MAC address 00:21:1b:ea:36:60 for a mesh access point myap1, by using the keyword none:

(Cisco Controller) >config mesh parent preferred myap1 00:21:1b:ea:36:60 none

config mesh public-safety

To enable or disable the 4.9-GHz public safety band for mesh access points, use the config mesh public-safety command.

config mesh public-safety { enable | disable} { all | cisco_ap}

Syntax Description

enable

Enables the 4.9-GHz public safety band.

disable

Disables the 4.9-GHz public safety band.

all

Applies the command to all mesh access points.

cisco_ap

Specific mesh access point.

Command Default

The 4.9-GHz public safety band is disabled.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

4.9 GHz is a licensed frequency band restricted to public-safety personnel.

Examples

The following example shows how to enable the 4.9-GHz public safety band for all mesh access points:

(Cisco Controller) >config mesh public-safety enable all
4.9GHz is a licensed frequency band in -A domain for public-safety usage
 Are you sure you want to continue? (y/N) y

config mesh radius-server

To enable or disable external authentication for mesh access points, use the config mesh radius-server command.

config mesh radius-server index { enable | disable}

Syntax Description

index

RADIUS authentication method. Options are as follows:

  • Enter eap to designate Extensible Authentication Protocol (EAP) for the mesh RADIUS server setting.

  • Enter psk to designate Preshared Keys (PSKs) for the mesh RADIUS server setting.

enable

Enables the external authentication for mesh access points.

disable

Disables the external authentication for mesh access points.

Command Default

EAP is enabled.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable external authentication for mesh access points:

(Cisco Controller) >config mesh radius-server eap enable

config mesh range

To globally set the maximum range between outdoor root access points (RAPs) and mesh access points (MAPs), use the config mesh range command.

config mesh range [ distance]

Syntax Description

distance

(Optional) Maximum operating range (150 to 132000 ft) of the mesh access point.

Command Default

12,000 feet.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

After this command is enabled, all outdoor mesh access points reboot. This command does not affect indoor access points.

Examples

The following example shows how to set the range between an outdoor mesh RAP and a MAP:

(Cisco Controller) >config mesh range 300
Command not applicable for indoor mesh. All outdoor Mesh APs will be rebooted
Are you sure you want to start? (y/N) y

config mesh secondary-backhaul

To configure a secondary backhaul on the mesh network, use the config mesh secondary-backhaul command.

config mesh secondary-backhaul { enable [ force-same-secondary-channel] | 
 disable [ rll-retransmit | rll-transmit]}

Syntax Description

enable

Enables the secondary backhaul configuration.

force-same-secondary-
channel

(Optional) Enables secondary-backhaul mesh capability. Forces all access points rooted at the first hop node to have the same secondary channel and ignores the automatic or manual channel assignments for the mesh access points (MAPs) at the second hop and beyond.

disable

Specifies the secondary backhaul configuration is disabled.

rll-transmit

(Optional) Uses reliable link layer (RLL) at the second hop and beyond.

rll-retransmit

(Optional) Extends the number of RLL retry attempts in an effort to improve reliability.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This command uses a secondary backhaul radio as a temporary path for traffic that cannot be sent on the primary backhaul due to intermittent interference.

Examples

The following example shows ho to enable a secondary backhaul radio and force all access points rooted at the first hop node to have the same secondary channel:

(Cisco Controller) >config mesh secondary-backhaul enable force-same-secondary-channel

config mesh security

To configure the security settings for mesh networks, use the config mesh security command.

config mesh security {{rad-mac-filter | force-ext-auth } {enable | disable}} | {{eap | psk provisioning | provisioning window} | {enable | disable}} | {delete_psk | key}

Syntax Description

rad-mac-filter

Enables a Remote Authentication Dial-In User Service (RADIUS) MAC address filter for the mesh security setting.