Configuration Commands: a to f

3gpp-info

To configure a 802.11u 3rd Generation Partnership Project (3GPP) cellular network used by hotspots, use the 3gpp-info command. To remove the network, use the no form of the command.

3gpp-info country-code network-code

Syntax Description

country-code

Mobile country code.

network-code

Mobile network code.

Command Default

None

Command Modes

Wireless ANQP Server Configuration (config-wireless-anqp-server)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.12.1

This command was introduced.

Examples

The following example shows how to configure a 802.11u 3GPP cellular network:

Device(config)# wireless hotspot anqp-server my-server
Device(config-wireless-anqp-server)# 3gpp-info us mcc  

aaa accounting identity

To enable authentication, authorization, and accounting (AAA) for IEEE 802.1x, MAC authentication bypass (MAB), and web authentication sessions, use the aaa accounting identity command in global configuration mode. To disable IEEE 802.1x accounting, use the no form of this command.

aaa accounting identity { name | default } start-stop { broadcast group { name | radius | tacacs+} [ group { name | radius | tacacs+} ... ] | group { name | radius | tacacs+} [ group { name | radius | tacacs+} ... ]}

no aaa accounting identity { name | default }

Syntax Description

name

Name of a server group. This is optional when you enter it after the broadcast group and group keywords.

default

Uses the accounting methods that follow as the default list for accounting services.

start-stop

Sends a start accounting notice at the beginning of a process and a stop accounting notice at the end of a process. The start accounting record is sent in the background. The requested-user process begins regardless of whether or not the start accounting notice was received by the accounting server.

broadcast

Enables accounting records to be sent to multiple AAA servers and send accounting records to the first server in each group. If the first server is unavailable, the device uses the list of backup servers to identify the first server.

group

Specifies the server group to be used for accounting services. These are valid server group names:

  • name — Name of a server group.

  • radius — Lists of all RADIUS hosts.

  • tacacs+ — Lists of all TACACS+ hosts.

The group keyword is optional when you enter it after the broadcast group and group keywords. You can enter more than optional group keyword.

radius

(Optional) Enables RADIUS authorization.

tacacs+

(Optional) Enables TACACS+ accounting.

Command Default

AAA accounting is disabled.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

To enable AAA accounting identity, you need to enable policy mode. To enable policy mode, enter the authentication display new-style command in privileged EXEC mode.

Examples

This example shows how to configure IEEE 802.1x accounting identity:


Device# authentication display new-style

Please note that while you can revert to legacy style
configuration at any time unless you have explicitly
entered new-style configuration, the following caveats
should be carefully read and understood.

(1) If you save the config in this mode, it will be written
    to NVRAM in NEW-style config, and if you subsequently
    reload the router without reverting to legacy config and
    saving that, you will no longer be able to revert.

(2) In this and legacy mode, Webauth is not IPv6-capable. It
    will only become IPv6-capable once you have entered new-
    style config manually, or have reloaded with config saved
    in 'authentication display new' mode.

Device# configure terminal
Device(config)# aaa accounting identity default start-stop group radius

aaa accounting update periodic interval-in-minutes

To configure accounting update records intervals, use the aaa accounting update periodic command.

aaa accounting update periodic interval-in-minutes [ jitter maximum jitter-max-value]

Syntax Description

periodic

Send accounting update records at regular intervals.

<1-71582>

Periodic intervals to send accounting update records(in minutes)

jitter

Set jitter parameters for periodic interval

maximum

Set maximum jitter value for periodic interval (in seconds)

<0-2147483>

Maximum jitter value for periodic interval(in seconds). Default is 300 seconds.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to configure the interval to five minutes at which the accounting records are updated:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# aaa accounting update periodic 5

aaa authentication dot1x

To specify the authentication, authorization, and accounting (AAA) method to use on ports complying with the IEEE 802.1x authentication, use the aaa authentication dot1x command in global configuration mode . To disable authentication, use the no form of this command.

aaa authentication dot1x { default} method1

no aaa authentication dot1x { default} method1

Syntax Description

default

The default method when a user logs in. Use the listed authentication method that follows this argument.

method1

Specifies the server authentication. Enter the group radius keywords to use the list of all RADIUS servers for authentication.

Note 

Though other keywords are visible in the command-line help strings, only the default and group radius keywords are supported.

Command Default

No authentication is performed.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

The method argument identifies the method that the authentication algorithm tries in the specified sequence to validate the password provided by the client. The only method that is IEEE 802.1x-compliant is the group radius method, in which the client data is validated against a RADIUS authentication server.

If you specify group radius , you must configure the RADIUS server by entering the radius-server host global configuration command.

Use the show running-config privileged EXEC command to display the configured lists of authentication methods.

Examples

This example shows how to enable AAA and how to create an IEEE 802.1x-compliant authentication list. This authentication first tries to contact a RADIUS server. If this action returns an error, the user is not allowed access to the network.


Device(config)# aaa new-model
Device(config)# aaa authentication dot1x default group radius

aaa authentication login

To set authentication, authorization, and accounting (AAA) at login, use the aaa authentication login command in global configuration mode.

aaa authentication login authentication-list-name { group } group-name

Syntax Description

authentication-list-name

Character string used to name the list of authentication methods activated when a user logs in.

group

Uses a subset of RADIUS servers for authentication as defined by the server group group-name .

group-name

Server group name.

Command Default

None

Command Modes

Global Configuration

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

None

Examples

The following example shows how to set an authentication method list named local_webauth to the group type named local in local web authentication:

Device(config)# aaa authentication login local_webauth local

The following example shows how to set an authentication method to RADIUS server group in local web authentication:

Device(config)# aaa authentication login webauth_radius group ISE_group

aaa authorization

To set the parameters that restrict user access to a network, use the aaa authorization command in global configuration mode. To remove the parameters, use the no form of this command.

aaa authorization { auth-proxy | cache | commands level | config-commands | configuration | console | credential-download | exec | multicast | network | onep | policy-if | prepaid | radius-proxy | reverse-access | subscriber-service | template} { default | list_name } [ method1 [ method2 ...]]

Syntax Description

auth-proxy

Runs authorization for authentication proxy services.

cache

Configures the authentication, authorization, and accounting (AAA) server.

commands

Runs authorization for all commands at the specified privilege level.

level

Specific command level that should be authorized. Valid entries are 0 through 15.

config-commands

Runs authorization to determine whether commands entered in configuration mode are authorized.

configuration

Downloads the configuration from the AAA server.

console

Enables the console authorization for the AAA server.

credential-download

Downloads EAP credential from Local/RADIUS/LDAP.

exec

Enables the console authorization for the AAA server.

multicast

Downloads the multicast configuration from the AAA server.

network

Runs authorization for all network-related service requests, including Serial Line Internet Protocol (SLIP), PPP, PPP Network Control Programs (NCPs), and AppleTalk Remote Access (ARA).

onep

Runs authorization for the ONEP service.

reverse-access

Runs authorization for reverse access connections, such as reverse Telnet.

template

Enables template authorization for the AAA server.

default

Uses the listed authorization methods that follow this keyword as the default list of methods for authorization.

list_name

Character string used to name the list of authorization methods.

method1 [ method2...]

(Optional) An authorization method or multiple authorization methods to be used for authorization. A method may be any one of the keywords listed in the table below.

Command Default

Authorization is disabled for all actions (equivalent to the method keyword none ).

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

Use the aaa authorization command to enable authorization and to create named methods lists, which define authorization methods that can be used when a user accesses the specified function. Method lists for authorization define the ways in which authorization will be performed and the sequence in which these methods will be performed. A method list is a named list that describes the authorization methods (such as RADIUS or TACACS+) that must be used in sequence. Method lists enable you to designate one or more security protocols to be used for authorization, which ensures a backup system in case the initial method fails. Cisco IOS software uses the first method listed to authorize users for specific network services; if that method fails to respond, the Cisco IOS software selects the next method listed in the method list. This process continues until there is successful communication with a listed authorization method, or until all the defined methods are exhausted.


Note

The Cisco IOS software attempts authorization with the next listed method only when there is no response from the previous method. If authorization fails at any point in this cycle--meaning that the security server or the local username database responds by denying the user services--the authorization process stops and no other authorization methods are attempted.


If the aaa authorization command for a particular authorization type is issued without a specified named method list, the default method list is automatically applied to all interfaces or lines (where this authorization type applies) except those that have a named method list explicitly defined. (A defined method list overrides the default method list.) If no default method list is defined, then no authorization takes place. The default authorization method list must be used to perform outbound authorization, such as authorizing the download of IP pools from the RADIUS server.

Use the aaa authorization command to create a list by entering the values for the list-name and the method arguments, where list-name is any character string used to name this list (excluding all method names) and method identifies the list of authorization methods tried in the given sequence.


Note

In the table that follows, the group group-name , group ldap , group radius , and group tacacs+ methods refer to a set of previously defined RADIUS or TACACS+ servers. Use the radius server and tacacs server commands to configure the host servers. Use the aaa group server radius , aaa group server ldap , and aaa group server tacacs+ commands to create a named group of servers.


This table describes the method keywords.

Table 1. aaa authorization Methods

Keyword

Description

cache group-name

Uses a cache server group for authorization.

group group-name

Uses a subset of RADIUS or TACACS+ servers for accounting as defined by the server group group-name command.

group ldap

Uses the list of all Lightweight Directory Access Protocol (LDAP) servers for authentication.

group radius

Uses the list of all RADIUS servers for authentication as defined by the aaa group server radius command.

grouptacacs+

Uses the list of all TACACS+ servers for authentication as defined by the aaa group server tacacs+ command.

if-authenticated

Allows the user to access the requested function if the user is authenticated.
Note 

The if-authenticated method is a terminating method. Therefore, if it is listed as a method, any methods listed after it will never be evaluated.

local

Uses the local database for authorization.

none

Indicates that no authorization is performed.

Cisco IOS software supports the following methods for authorization:
  • Cache Server Groups—The router consults its cache server groups to authorize specific rights for users.

  • If-Authenticated—The user is allowed to access the requested function provided the user has been authenticated successfully.

  • Local—The router or access server consults its local database, as defined by the username command, to authorize specific rights for users. Only a limited set of functions can be controlled through the local database.

  • None—The network access server does not request authorization information; authorization is not performed over this line or interface.

  • RADIUS—The network access server requests authorization information from the RADIUS security server group. RADIUS authorization defines specific rights for users by associating attributes, which are stored in a database on the RADIUS server, with the appropriate user.

  • TACACS+—The network access server exchanges authorization information with the TACACS+ security daemon. TACACS+ authorization defines specific rights for users by associating attribute-value (AV) pairs, which are stored in a database on the TACACS+ security server, with the appropriate user.

Method lists are specific to the type of authorization being requested. AAA supports five different types of authorization:

  • Commands—Applies to the EXEC mode commands a user issues. Command authorization attempts authorization for all EXEC mode commands, including global configuration commands, associated with a specific privilege level.

  • EXEC—Applies to the attributes associated with a user EXEC terminal session.

  • Network—Applies to network connections. The network connections can include a PPP, SLIP, or ARA connection.


    Note

    You must configure the aaa authorization config-commands command to authorize global configuration commands, including EXEC commands prepended by the do command.


  • Reverse Access—Applies to reverse Telnet sessions.

  • Configuration—Applies to the configuration downloaded from the AAA server.

When you create a named method list, you are defining a particular list of authorization methods for the indicated authorization type.

Once defined, the method lists must be applied to specific lines or interfaces before any of the defined methods are performed.

The authorization command causes a request packet containing a series of AV pairs to be sent to the RADIUS or TACACS daemon as part of the authorization process. The daemon can do one of the following:

  • Accept the request as is.

  • Make changes to the request.

  • Refuse the request and authorization.

For a list of supported RADIUS attributes, see the module RADIUS Attributes. For a list of supported TACACS+ AV pairs, see the module TACACS+ Attribute-Value Pairs.

Note

Five commands are associated with privilege level 0: disable , enable , exit , help , and logout . If you configure AAA authorization for a privilege level greater than 0, these five commands will not be included in the privilege level command set.


Examples

The following example shows how to define the network authorization method list named mygroup, which specifies that RADIUS authorization will be used on serial lines using PPP. If the RADIUS server fails to respond, local network authorization will be performed.


Device(config)#  aaa authorization network mygroup group radius local

aaa authorization credential download default

To set an authorization method list to use local credentials, use the aaa authorization credential download default command in global configuration mode.

aaa authorization credential download default group-name

Syntax Description

group-name

Server group name.

Command Default

None

Command Modes

Global Configuration

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

The following example shows how to set an authorization method list to use local credentials:

Device(config)# aaa authorization credential-download default local

aaa group server ldap

To configure a AAA server group, use the aaa group server ldap command.

aaa group server ldap group-name

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Fuji 16.9.1

This command was introduced.

Examples

This example shows how to configure a AAA server group:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# aaa new-model
Device(config)# aaa group server ldap name1
Device(config-ldap-sg)# server server1
Device(config-ldap-sg)# exit

aaa group server radius

To group different RADIUS server hosts into distinct lists and distinct methods, use the aaa group server radius command in global configuration mode.

aaa group server radius group-name

Syntax Description

group-name

Character string used to name the group of servers.

Command Default

None

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

The authentication, authorization, and accounting (AAA) server-group feature introduces a way to group existing server hosts. The feature enables you to select a subset of the configured server hosts and use them for a particular service.

A group server is a list of server hosts of a particular type. Currently supported server host types are RADIUS server hosts. A group server is used in conjunction with a global server host list. The group server lists the IP addresses of the selected server hosts.

Examples

The following example shows how to configure an AAA group server named ISE_Group that comprises three member servers:

Device(config)# aaa group server radius ISE_Group

aaa local authentication default authorization

To configure local authentication method list, use the aaa local authentication default authorization command.

aaa local authentication default authorization [ method-list-name | default]

Syntax Description

method-list-name

Name of the method list.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to configure local authentication method list to the default list:

Device # configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# aaa local authentication default authorization default

aaa new-model

To enable the authentication, authorization, and accounting (AAA) access control model, issue the aaa new-model command in global configuration mode. To disable the AAA access control model, use the no form of this command.

aaa new-model

no aaa new-model

Syntax Description

This command has no arguments or keywords.

Command Default

AAA is not enabled.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

This command enables the AAA access control system.

If the login local command is configured for a virtual terminal line (VTY), and the aaa new-model command is removed, you must reload the device to get the default configuration or the login command. If the device is not reloaded, the device defaults to the login local command under the VTY.


Note

We do not recommend removing the aaa new-model command.
The following example shows this restriction:
Device(config)# aaa new-model
Device(config)# line vty 0 15
Device(config-line)# login local
Device(config-line)# exit
Device(config)# no aaa new-model
Device(config)# exit 
Device# show running-config | b line vty

line vty 0 4
 login local  !<=== Login local instead of "login"
line vty 5 15
 login local
!

Examples

The following example initializes AAA:


Device(config)# aaa new-model
Device(config)# 

aaa server radius dynamic-author

To configure a device as an authentication, authorization, and accounting (AAA) server to facilitate interaction with an external policy server, use the aaa server radius dynamic-author command in global configuration mode. To remove this configuration, use the no form of this command.

aaa server radius dynamic-author

no aaa server radius dynamic-author

Syntax Description

This command has no arguments or keywords.

Command Default

The device will not function as a server when interacting with external policy servers.

Command Modes

Global configuration

Command History

Release

Modification

12.2(28)SB

This command was introduced.

12.4

This command was integrated into Cisco IOS Release 12.4.

Cisco IOS XE Release 2.6

This command was integrated into Cisco IOS XE Release 2.6.

12.2(5)SXI

This command was integrated into Cisco IOS Release 12.2(5)SXI.

15.2(2)T

This command was integrated into Cisco IOS Release 15.2(2)T.

This command was introduced.

Usage Guidelines

Dynamic authorization allows an external policy server to dynamically send updates to a device. Once the aaa server radius dynamic-author command is configured, dynamic authorization local server configuration mode is entered. Once in this mode, the RADIUS application commands can be configured.

Dynamic Authorization for the Intelligent Services Gateway (ISG)

ISG works with external devices, referred to as policy servers, that store per-subscriber and per-service information. ISG supports two models of interaction between the ISG device and external policy servers: initial authorization and dynamic authorization.

The dynamic authorization model allows an external policy server to dynamically send policies to the ISG. These operations can be initiated in-band by subscribers (through service selection) or through the actions of an administrator, or applications can change policies on the basis of an algorithm (for example, change session quality of service (QoS) at a certain time of day). This model is facilitated by the Change of Authorization (CoA) RADIUS extension. CoA introduced peer-to-peer capability to RADIUS, enabling ISG and the external policy server each to act as a RADIUS client and server.

Examples

The following example configures the ISG to act as a AAA server when interacting with the client at IP address 10.12.12.12:


aaa server radius dynamic-author
 client 10.12.12.12 key cisco
 message-authenticator ignore

aaa session-id

To specify whether the same session ID will be used for each authentication, authorization, and accounting (AAA) accounting service type within a call or whether a different session ID will be assigned to each accounting service type, use the aaa session-id command in global configuration mode. To restore the default behavior after the unique keyword is enabled, use the no form of this command.

aaa session-id [common | unique]

no aaa session-id [unique]

Syntax Description

common

(Optional) Ensures that all session identification (ID) information that is sent out for a given call will be made identical. The default behavior is common .

unique

(Optional) Ensures that only the corresponding service access-requests and accounting-requests will maintain a common session ID. Accounting-requests for each service will have a different session ID.

Command Default

The common keyword is enabled.

Command Modes


Global configuration

Command History

Release

Modification

12.2(4)B

This command was introduced.

12.2(8)T

This command was integrated into Cisco IOS Release 12.2(8)T.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

This command was integrated in Cisco IOS XE 16.12.1.

Usage Guidelines

The common keyword behavior allows the first session ID request of the call to be stored in a common database; all proceeding session ID requests will retrieve the value of the first session ID. Because a common session ID is the default behavior, this functionality is written to the system configuration after the aaa new-model command is configured.


Note

The router configuration will always have either the aaa session-id common or the aaa session-id unique command enabled; it is not possible to have neither of the two enabled. Thus, the no aaa session-id unique command will revert to the default functionality, but the no aaa session-id common command will not have any effect because it is the default functionality.


The unique keyword behavior assigns a different session ID for each accounting type (Auth-Proxy, Exec, Network, Command, System, Connection, and Resource) during a call. To specify this behavior, the unique keyword must be specified. The session ID may be included in RADIUS access requests by configuring the radius-server attribute 44 include-in-access-req command. The session ID in the access-request will be the same as the session ID in the accounting request for the same service; all other services will provide unique session IDs for the same call.

Examples

The following example shows how to configure unique session IDs:


aaa new-model
aaa authentication ppp default group radius
radius-server host 10.100.1.34
radius-server attribute 44 include-in-access-req
aaa session-id unique

aaa-override

To enable AAA override on the WLAN, use the aaa-override command. To disable AAA override, use the no form of this command.

aaa-override

no aaa-override

Syntax Description

This command has no keywords or arguments.

Command Default

AAA is disabled by default.

Command Modes

WLAN configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to enable AAA on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# shutdown
Device(config-wlan)# aaa-override
Device(config-wlan)# no shutdown
Device(config-wlan)# end

This example shows how to disable AAA on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# shutdown
Device(config-wlan)# no aaa-override
Device(config-wlan)# no shutdown
Device(config-wlan)# end

aaa-policy

To map a AAA policy in a WLAN policy profile, use the aaa-policy command.

aaa-policy aaa-policy-name

Syntax Description

aaa-policy-name

Name of the AAA policy.

Command Default

None

Command Modes

config-wireless-policy

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to map a AAA policy in a WLAN policy profile:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wireless profile policy policy-name
Device(config-wireless-policy)# aaa-policy aaa-policy-name

aaa-realm enable

To enable AAA RADUIS selection by realm, use the aaa-realm enable command.

aaa-realm enable

Command Default

None

Command Modes

config-aaa-policy

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to enable AAA RADIUS section by realm:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wireless aaa policy aaa-profile-name
Device (config-aaa-policy)#  aaa-realm enable

absolute-timer

To enable an absolute timeout for subscriber sessions, use the absolute-timer command in service template configuration mode. To disable the timer, use the no form of this command.

absolute-timer minutes

no absolute-timer

Syntax Description

minutes

Maximum session duration, in minutes. Range: 1 to 65535. Default: 0, which disables the timer.

Command Default

Disabled (the absolute timeout is 0).

Command Modes

Service template configuration (config-service-template)

Command History

Release

Modification

Cisco IOS XE Release 3.2SE

This command was introduced.

Usage Guidelines

Use the absolute-timer command to limit the number of minutes that a subscriber session can remain active. After this timer expires, a session must repeat the process of establishing its connection as if it were a new request.

Examples

The following example shows how to set the absolute timeout to 15 minutes in the service template named SVC_3:

service-template SVC_3
 description sample
 access-group ACL_2
 vlan 113
 inactivity-timer 15
 absolute-timer 15

access-list

To add an access list entry, use the access-list command.

access-list {1-99 | 100-199 | 1300-1999 | 2000-2699 }[ sequence-number] { deny | permit } { hostname-or-ip-addr [wildcard-bits | log] | any [ log] | host hostname-or-ip-addr log} | { remark [ line]}

Syntax Description

1-99

Configures IP standard access list.

100-199

Configures IP extended access list.

1300-1999

Configures IP standard access list (expanded range).

2000-2699

Configures IP extended access list (expanded range).

sequence-number

Sequence number of the ACL entry. Valid range is 1 to 2147483647.

deny

Configures packets to be rejected.

permit

Configures packets to be forwarded.

hostname-or-ip-addr

Hostname or the IP address to match.

wildcard-bits

Wildcard bits to match the IP address.

log

Configures log matches against this entry.

any

Any source host.

host

A single host address.

remark

Configures ACL entry comment.

line

The ACL entry comment.

Command Default

None

Command Modes

Global Config

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to add an access list entry:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# access-list 1 permit any

access-list acl-ace-limit

To set the maximum configurable ace limit for all ACLs, use the access-list acl-ace-limit command.

access-list acl-ace-limit max-ace-limit

Syntax Description

max-ace-limit

Maximum number of ace limit for all ACLs. Valid range is 1 to 4294967295.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to set the maximum configurable ace limit for all ACLs to 100:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# access-list acl-ace-limit 100

accounting-list

To configure RADIUS accounting servers on a WLAN policy profile, use the accounting-list command. To disable RADIUS server accounting, use the no form of this command.

accounting-list radius-server-acct

no accounting-list

Syntax Description

radius-server-acct

Accounting RADIUS server name.

Command Default

RADIUS server accounting is disabled by default.

Command Modes

WLAN policy configuration

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to configure RADIUS server accounting on a WLAN policy profile:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wireless profile policy rr-xyz-policy-1
Device(config-wireless-policy)# accounting-list test
Device(config-wireless-policy)# no shutdown

This example shows how to disable RADIUS server accounting on a WLAN policy profile:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wireless profile policy rr-xyz-policy-1
Device(config-wireless-policy)# no accounting-list test
Device(config-wireless-policy)# no shutdown

acl-policy

To configure an access control list (ACL) policy, use the acl-policy command.

acl-policy acl-policy-name

Syntax Description

acl-policy-name

Name of the ACL policy.

Command Default

None

Command Modes

config-wireless-flex-profile

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to configure an ACL policy name:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wireless profile flex default-flex-profile
Device(config-wireless-flex-profile)# acl-policy my-acl-policy

address

To specify the IP address of the Rivest, Shamir, and Adelman (RSA) public key of the remote peer that you will manually configure in the keyring, use the address command in rsa-pubkey configuration mode. To remove the IP address, use the no form of this command.

address ip-address

no address ip-address

Syntax Description

ip-address

IP address of the remote peer.

Command Default

No default behavior or values

Command Modes


Rsa-pubkey configuration

Command History

Release

Modification

11.3 T

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 2.6

This command was integrated into Cisco IOS XE Release 2.6.

Usage Guidelines

Before you can use this command, you must enter the rsa-pubkey command in the crypto keyring mode.

Examples

The following example specifies the RSA public key of an IP Security (IPSec) peer:


Router(config)# crypto keyring vpnkeyring
Router(conf-keyring)# rsa-pubkey name host.vpn.com
Router(config-pubkey-key)# address 10.5.5.1
Router(config-pubkey)# key-string
Router(config-pubkey)# 00302017 4A7D385B 1234EF29 335FC973
Router(config-pubkey)# 2DD50A37 C4F4B0FD 9DADE748 429618D5
Router(config-pubkey)# 18242BA3 2EDFBDD3 4296142A DDF7D3D8
Router(config-pubkey)# 08407685 2F2190A0 0B43F1BD 9A8A26DB
Router(config-pubkey)# 07953829 791FCDE9 A98420F0 6A82045B
Router(config-pubkey)# 90288A26 DBC64468 7789F76E EE21
Router(config-pubkey)# quit
Router(config-pubkey-key)# exit
Router(conf-keyring)# exit

address prefix

To specify an address prefix for address assignment, use the address prefix command in interface configuration mode. To remove the address prefix, use the no form of this command.

address prefix ipv6-prefix [lifetime {valid-lifetime preferred-lifetime | infinite}]

no address prefix

Syntax Description

ipv6-prefix

IPv6 address prefix.

lifetime {valid-lifetime preferred-lifetime | infinite}]

(Optional) Specifies a time interval (in seconds) that an IPv6 address prefix remains in the valid state. If the infinite keyword is specified, the time interval does not expire.

Command Default

No IPv6 address prefix is assigned.

Command Modes


DHCP pool configuration (config-dhcpv6)

Command History

Release

Modification

12.4(24)T

This command was introduced.

Usage Guidelines

You can use the address prefix command to configure one or several address prefixes in an IPv6 DHCP pool configuration. Each time the IPv6 DHCP address pool is used, an address will be allocated from each of the address prefixes associated with the IPv6 DHCP pool.

Examples

The following example shows how to configure a pool called engineering with an IPv6 address prefix:


Router(config)# ipv6 dhcp pool engineering
Router(config-dhcpv6)# address prefix 2001:1000::0/64 lifetime infinite

airtime-fairness mode


Note

Cisco Air Time Fairness (ATF) must be enabled on 2.4- or 5-GHz radios separately.


To configure airtime-fairness in different modes, use the airtime-fairness mode command.

airtime-fairness mode{ enforce-policy | monitor}

Syntax Description

enforce-policy

This mode signifies that the ATF is operational.

monitor

This mode gathers information about air time and reports air time usage.

Command Default

None

Command Modes

RF Profile configuration (config-rf-profile)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to configure air time fairness in different modes:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 24ghz rf-profile rfprof24_1
Device(config-rf-profile)# airtime-fairness mode enforce-policy
Device(config-rf-profile)# airtime-fairness optimization
Device(config-rf-profile)# end

allow at-least min-number at-most max-number

To limit the number of multicast RAs per device per throttle period in an RA throttler policy, use the allow at-least min-number at-most max-number command.

allow at-least min-number at-most {max-number | no-limit}

Syntax Description

at-least min-number

Enter the minimum guaranteed number of multicast RAs per router before throttling can be enforced. Valid range is 0 to 32.

at-most max-number

Enter the maximum number of multicast RAs from router by which throttling is enforced. Valid range is 0 to 256.

at-most no-limit

No upper bound at the router level.

Command Default

None

Command Modes

config-nd-ra-throttle

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to limit the number of multicast RAs per device per throttle period in an RA throttler policy:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ipv6 nd ra-throttler policy ra-throttler-policy-name
Device(config-nd-ra-throttle)# allow at-least 5 at-most 10

amsdu (mesh)

To configure backhaul aggregated MAC service data unit (A-MSDU) for a mesh AP profile, use the amsdu command.

amsdu

Syntax Description

This command has no keywords or arguments.

Command Default

amsdu is enabled.

Command Modes

config-wireless-mesh-profile

Command History

Release Modification
Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

The following example shows how to configure A-MSDU for a mesh AP profile:

Device # configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device (config)# wireless profile mesh mesh-profile
Device (config-wireless-mesh-profile)# amsdu

anqp

To configure the Generic Advertisement Service (GAS) or the Access Network Query Protocol (ANQP) protocol settings, use the anqp command. To remove the protocol settings, use the no form of the command .

anqp { fragmentation-threshold fragmentation-threshold | gas-timeout gas-timeout}

Syntax Description

fragmentation-threshold

ANQP reply fragmentation threshold, in bytes. Valid range is from 16-1462.

gas-timeout

GAS request timeout, in milliseconds. Valid range is from 100-10000.

Command Default

None

Command Modes

Wireless ANQP Server Configuration (config-wireless-anqp-server)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.12.1

This command was introduced.

Examples

The following example shows how to configure GAS request timeout:

Device(config)# wireless hotspot anqp-server my-server
Device(config-wireless-anqp-server)# anqp gas-timeout 100   

anqp-domain-id

To configure the Hotspot 2.0 Access Network Query Protocol (ANQP) domain identifier, use the anqp-domain-id command. To remove the domain identifier, use the no form of the command .

anqp-domain-id domain-id

Syntax Description

domain-id

ANQP domain ID. The range is from 0 to 65535.

Command Default

None

Command Modes

Wireless ANQP Server Configuration (config-wireless-anqp-server)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.12.1

This command was introduced.

Examples

The following example shows how to configure the Hotspot 2.0 ANQP domain identifier:

Device(config)#wireless hotspot anqp-server my-server
Device(config-wireless-anqp-server)# anqp-domain-id 100   

ap

To configure cisco APs, use the ap command.

ap mac-address

Syntax Description

mac-address

Ethernet MAC address of the AP.

Command Default

None

Command Modes

config

Command History

Release Modification
Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

none.

Examples

The following example shows how to configure a Cisco AP:

Device(config)# ap F866.F267.7DFB

ap auth-list

To configure the AP authorization list, use the ap auth-list command in the global configuration mode. To disable the AP authorization list, use the no form of this command.

ap auth-list { authorize-mac | authorize-serialNum | method-list method-list-name}

no ap auth-list { authorize-mac | authorize-serialNum | method-list method-list-name}

Syntax Description

authorize-mac

Configures the AP authorization policy with MAC.

auhorize-serialNum

Configures the AP authorization policy with the serial number.

method-list

Configures the AP authorization method list.

method-list-name

Indicates the method list name.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification
Cisco IOS XE Gibraltar 16.11.1

This command was introduced.

Examples

The following example shows how to configure the AP authorization policy with serial number:

Device(config) #ap auth-list authorize-serialNum

ap auth-list ap-policy

To configure authorization policy for all Cisco lightweight access points joined to the device, use the ap auth-list ap-policy command. To disable authorization policy for all Cisco lightweight access points joined to the device, use the no form of this command.

ap auth-list ap-policy {authorize-ap | lsc | mic | ssc}

no ap auth-list ap-policy {authorize-ap | lsc | mic | ssc}

Syntax Description

authorize-ap

Enables the authorization policy.

lsc

Enables access points with locally significant certificates to connect.

mic

Enables access points with manufacture-installed certificates to connect.

ssc

Enables access points with self signed certificates to connect.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to enable the access point authorization policy:

Device(config)# ap auth-list ap-policy authorize-ap

This example shows how to enable access points with locally significant certificates to connect:

Device(config)# ap auth-list ap-policy lsc

This example shows how to enable access points with manufacture-installed certificates to connect:

Device(config)# ap auth-list ap-policy mic

This example shows how to enable access points with self-signed certificates to connect:

Device(config)# ap auth-list ap-policy ssc

ap capwap multicast

To configure the multicast address used by all access points to receive multicast traffic when multicast forwarding is enabled and to configure the outer Quality of Service (QoS) level of those multicast packets sent to the access points, use the ap capwap multicast command.

ap capwap multicast {multicast-ip-address | service-policy output pollicymap-name}

Syntax Description

multicast-ip-address

Multicast IP address.

service-policy

Specifies the tunnel QoS policy for multicast access points.

output

Assigns a policy map name to the output.

policymap-name

Service policy map name.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to configure a multicast address used by all access points to receive multicast traffic when multicast forwarding is enabled:


Device(config)# ap capwap multicast 239.2.2.2

This example shows how to configure a tunnel multicast QoS service policy for multicast access points:


Device(config)# ap capwap multicast service-policy output tunnmulpolicy

ap capwap retransmit

To configure Control and Provisioning of Wireless Access Points (CAPWAP) control packet retransmit count and control packet retransmit interval under the AP profile, use the ap capwap retransmit command.

ap profile default-ap-profile

ap capwap retransmit {count retransmit-count | interval retransmit-interval}

Syntax Description

count retransmit-count

Specifies the access point CAPWAP control packet retransmit count.

Note 

The count is from 3 to 8 seconds.

interval retransmit-interval

Specifies the access point CAPWAP control packet retransmit interval.

Note 

The interval is from 2 to 5 seconds.

Command Default

None

Command Modes

AP profile configuration (config-ap-profile)

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to configure the CAPWAP control packet retransmit count for an access point:

Device# ap capwap retransmit count 3

This example shows how to configure the CAPWAP control packet retransmit interval for an access point:

Device# ap capwap retransmit interval 5

ap capwap timers

To configure advanced timer settings under the AP profile mode, use the ap capwap timers command.

ap profile default-ap-profile

ap capwap timers {discovery-timeout seconds | fast-heartbeat-timeout local seconds | heartbeat-timeout seconds | primary-discovery-timeout seconds | primed-join-timeout seconds}

Syntax Description

discovery-timeout

Specifies the Cisco lightweight access point discovery timeout.

Note 

The Cisco lightweight access point discovery timeout is how long a Cisco device waits for an unresponsive access point to answer before considering that the access point failed to respond.

seconds

Cisco lightweight access point discovery timeout from 1 to 10 seconds.

Note 

The default is 10 seconds.

fast-heartbeat-timeout local

Enables the fast heartbeat timer that reduces the amount of time it takes to detect a device failure for local or all access points.

seconds

Small heartbeat interval (from 1 to 10 seconds) that reduces the amount of time it takes to detect a device failure.

Note 

The fast heartbeat time-out interval is disabled by default.

heartbeat-timeout

Specifies the Cisco lightweight access point heartbeat timeout.

Note 

The Cisco lightweight access point heartbeat timeout controls how often the Cisco lightweight access point sends a heartbeat keep-alive signal to the Cisco device.

This value should be at least three times larger than the fast heartbeat timer.

seconds

Cisco lightweight access point heartbeat timeout value from 1 to 30 seconds.

Note 

The default is 30 seconds.

primary-discovery-timeout

Specifies the access point primary discovery request timer. The timer determines the amount of time taken by an access point to discovery the configured primary, secondary, or tertiary device.

seconds

Access point primary discovery request timer from 30 to 3600 seconds.

Note 

The default is 120 seconds.

primed-join-timeout

Specifies the authentication timeout. Determines the time taken by an access point to determine that the primary device has become unresponsive. The access point makes no further attempts to join the device until the connection to the device is restored.

seconds

Authentication response timeout from 120 to 43200 seconds.

Note 

The default is 120 seconds.

Command Default

None

Command Modes

AP profile mode (config-ap-profile)

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to configure an access point discovery timeout with the timeout value of 7:

Device(config)# ap profile default-ap-profile

Device(config-ap-profile)# ap capwap timers discovery-timeout 7

This example shows how to enable the fast heartbeat interval for all access points:

Device(config)# ap profile default-ap-profile

Device(config-ap-profile)# ap capwap timers fast-heartbeat-timeout 6

This example shows how to configure an access point heartbeat timeout to 20:

Device(config)# ap profile default-ap-profile

Device(config-ap-profile)# ap capwap timers heartbeat-timeout 20

This example shows how to configure the access point primary discovery request timer to 1200 seconds:

Device(config)# ap profile default-ap-profile

Device(config-ap-profile)# ap capwap timers primary-discovery-timeout 1200

This example shows how to configure the authentication timeout to 360 seconds:

Device(config)# ap profile default-ap-profile

Device(config-ap-profile)# ap capwap timers primed-join-timeout 360

ap country

To configure one or more country codes for a device, use the ap country command.

ap country country-code

Syntax Description

country-code

Two-letter or three-letter country code or several country codes separated by a comma.

Command Default

US (country code of the United States of America).

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Cisco IOS XE Amsterdam 17.3.1

This command has been deprecated.

Note 

From Cisco IOS XE Amsterdam 17.3.1 onwards, the command ap country is deprecated and renamed as wireless country <1 country code>, where you can enter country codes for more than 20 countries. Although the existing command ap country is still functional, it is recommended that you use the wireless country <1 country code> command.

Usage Guidelines

The Cisco device must be installed by a network administrator or qualified IT professional and the installer must select the proper country code. Following installation, access to the unit should be password protected by the installer to maintain compliance with regulatory requirements and to ensure proper unit functionality. See the related product guide for the most recent country codes and regulatory domains.

Examples

This example shows how to configure country codes on the device to IN (India) and FR (France):

Device(config)# ap country IN,FR

ap dot11

To configure Spectrum Intelligence (SI) on Qualcomm based 2.4 GHz or 5 GHz radios, use the ap dot11 SI command.

ap dot11 {24ghz | 5ghz } SI

Syntax Description

24ghz

2.4 GHz radio

5ghz

5 GHz radio

SI

Enable Spectrum Intelligence (SI). [no] in the command disasbles SI.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to enable SI on 5GHz radio:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 5ghz SI

ap dot11 24ghz cleanair

To enable CleanAir for detecting 2.4-GHz devices, use the ap dot11 24ghz cleanair command in global configuration mode. To disable CleanAir for detecting 2.4-GHz devices, use the no form of this command.

ap dot11 24ghz cleanair

Syntax Description

This command has no arguments or keywords.

Command Default

Disabled.

Command Modes

Global configuration (config).

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

You must enable this CleanAir command before you configure other CleanAir commands.

Examples

This example shows how to enable CleanAir for 2.4-GHz devices:


Device(config)# ap dot11 24ghz cleanair

ap dot11 24ghz dot11g

To enable the Cisco wireless LAN solution 802.11g network, use the ap dot11 24ghz dot11g command. To disable the Cisco wireless LAN solution 802.11g network, use the no form of this command.

ap dot11 24ghz dot11g

no ap dot11 24ghz dot11g

Syntax Description

This command has no keywords and arguments.

Command Default

Enabled

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

Before you enter the ap dot11 24ghz dot11g command, disable the 802.11 Cisco radio with the ap dot11 24ghz shutdown command.

After you configure the support for the 802.11g network, use the no ap dot11 24ghz shutdown command to enable the 802.11 2.4 Ghz radio.

Examples

This example shows how to enable the 802.11g network:

Device(config)# ap dot11 24ghz dot11g

ap dot11 24ghz rate

To configure 802.11b operational rates, use the ap dot11 24ghz rate command.

ap dot11 24ghz rate {RATE_11M | RATE_12M | RATE_18M | RATE_1M | RATE_24M | RATE_2M | RATE_36M | RATE_48M | RATE_54M | RATE_5_5M | RATE_6M | RATE_9M} {disable | mandatory | supported}

Syntax Description

RATE_11M

Configures the data to be transmitted at the rate of 11 Mbps

RATE_12M

Configures the data to be transmitted at the rate of 12 Mbps

RATE_18M

Configures the data to be transmitted at the rate of 18 Mbps

RATE_1M

Configures the data to be transmitted at the rate of 1 Mbps

RATE_24M

Configures the data to be transmitted at the rate of 24 Mbps

RATE_2M

Configures the data to be transmitted at the rate of 2 Mbps

RATE_36M

Configures the data to be transmitted at the rate of 36 Mbps

RATE_48M

Configures the data to be transmitted at the rate of 48 Mbps

RATE_54M

Configures the data to be transmitted at the rate of 54 Mbps

RATE_5_5M

Configures the data to be transmitted at the rate of 5.5 Mbps

RATE_6M

Configures the data to be transmitted at the rate of 6 Mbps

RATE_9M

Configures the data to be transmitted at the rate of 9 Mbps

disable

Disables the data rate that you specify. Also defines that the clients specify the data rates used for communication.

mandatory

Defines that the clients support this data rate in order to associate with an AP.

supported

Any associated clients support this data rate can communicate with the AP using this rate. However, the clients are not required to use this rate to associate with the AP.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to configure 802.11b operational rate to 9 Mbps and make it mandatory:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 24ghz rate RATE_9M mandatory

ap dot11 rrm channel cleanair-event

To configure CleanAir event-driven Radio Resource Management (RRM) parameters for all 802.11 Cisco lightweight access points, use the ap dot11 rrm channel cleanair-event command. When this parameter is configured, CleanAir access points can change their channel when a source of interference degrades the operations, even if the RRM interval has not expired yet.

ap dot11 {24ghz | 5ghz} rrm channel {cleanair-event sensitivity value}

Syntax Description

24ghz

Specifies the 2.4 GHz band.

5ghz

Specifies the 5 GHz band.

sensitivity

Sets the sensitivity for CleanAir event-driven RRM.

value
Sensitivity value. You can specify any one of the following three optional sensitivity values:
  • low—Specifies low sensitivity.

  • medium—Specifies medium sensitivity.

  • high—Specifies high sensitivity.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to set the high sensitivity for CleanAir event-driven RRM:

Device(config)# ap dot11 24ghz rrm channel cleanair-event sensitivity high

default ap dot11 24ghz cleanair device

To configure the default state of report generation for 2.4-GHz interference devices, use the default ap dot11 24ghz cleanair device command in global configuration mode.

default ap dot11 24ghz cleanair device {ble-beacon | bt-discovery | bt-link | canopy | cont-tx | dect-like | fh | inv | jammer | mw-oven | nonstd | report | superag | tdd-tx | video | wimax-fixed | wimax-mobile | xbox | zigbee}

Syntax Description

ble-beacon

Configure the BLE beacon feature.

bt-discovery

Configures the alarm for Bluetooth interference devices.

bt-link

Configures the alarm for any Bluetooth link.

canopy

Configures the alarm for canopy interference devices.

cont-tx

Configures the alarm for continuous transmitters.

dect-like

Configures the alarm for Digital Enhanced Cordless Communication (DECT)-like phones.

fh

Configures the alarm for 802.11 frequency hopping devices.

inv

Configures the alarm for devices using spectrally inverted Wi-Fi signals.

jammer

Configures the alarm for jammer interference devices.

mw-oven

Configures the alarm for microwave ovens.

nonstd

Configures the alarm for devices using nonstandard Wi-Fi channels.

superag

Configures the alarm for 802.11 SuperAG interference devices.

tdd-tx

Configures the alarm for Time Division Duplex (TDD) transmitters.

video

Configures the alarm for video cameras.

wimax-fixed

Configures the alarm for WiMax fixed interference devices.

wimax-mobile

Configures the alarm for WiMax mobile interference devices.

xbox

Configures the alarm for Xbox interference devices.

zigbee

Configures the alarm for 802.15.4 interference devices.

Command Default

The alarm for Wi-Fi inverted devices is enabled. The alarm for all other devices is disabled.

Command Modes

Global configuration (config).

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

This command was modified. The ble-beacon keyword was added.

Usage Guidelines

You must enable CleanAir using the ap dot11 24ghz cleanair command before you configure this command.

Examples

This example shows how to enable CleanAir to report when a video camera interferes:


Device(config)# default ap dot11 24ghz cleanair device video

ap dot11 24ghz rrm channel cleanair-event

To enable Event-Driven RRM (EDRRM) and the sensitivity for 2.4-GHz devices, use the ap dot11 24ghz rrm channel cleanair-event command in global configuration mode. To disable EDRRM, use the no form of this command.

ap dot11 24ghz rrm channel cleanair-event sensitivity {high | low | medium}

no ap dot11 24ghz rrm channel cleanair-event [ sensitivity{ high | low | medium}]

Syntax Description

sensitivity

(Optional) Configures the EDRRM sensitivity of the CleanAir event.

high

(Optional) Specifies the highest sensitivity to non-Wi–Fi interference as indicated by the air quality (AQ) value.

low

(Optional) Specifies the least sensitivity to non-Wi–Fi interference as indicated by the AQ value.

medium

(Optional) Specifies medium sensitivity to non-Wi–Fi interference as indicated by the AQ value.

Command Default

EDRRM is disabled and the sensitivity is low.

Command Modes

Global configuration (config).

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

You must enable EDRRM using the ap dot11 24ghz rrm channel cleanair-event command before you configure the sensitivity.

Examples

This example shows how to enable EDRRM and set the EDRRM sensitivity to low:

Device(config)# ap dot11 24ghz rrm channel cleanair-event 
Device(config)# ap dot11 24ghz rrm channel cleanair-event sensitivity low

ap dot11 24ghz rrm channel device

To configure persistent non-Wi-Fi device avoidance in the 802.11b channel, use the ap dot11 24ghz rrm channel device command in global configuration mode. To disable persistent device avoidance, use the no form of this command.

ap dot11 24ghz rrm channel device

no ap dot11 24ghz rrm channel device

Syntax Description

This command has no arguments or keywords.

Command Default

Persistent device avoidance is disabled.

Command Modes

Global configuration (config).

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

CleanAir-capable monitor mode access points collect information about persistent devices on all configured channels and stores the information in the device. Local and bridge mode access points detect interference devices on the serving channels only.

Examples

This example shows how to enable persistent device avoidance:

Device(config)# ap dot11 24ghz rrm channel device

ap dot11 24ghz rrm optimized-roam

To configure optimized roaming for 802.11b network, use the ap dot11 24ghz rrm optimized-roam command.

ap dot11 24ghz rrm optimized-roam [ data-rate-threshold {11M | 12M | 18M | 1M | 24M | 2M | 36M | 48M | 54M | 5_5M | 6M | 9M | disable}]

Syntax Description

data-rate-threshold

Configures the data rate threshold for 802.11b optimized roaming.

11M

Sets the data rate threshold for 802.11b optimized roaming to 11 Mbps

12M

Sets the data rate threshold for 802.11b optimized roaming to of 12 Mbps

18M

Sets the data rate threshold for 802.11b optimized roaming to of 18 Mbps

1M

Sets the data rate threshold for 802.11b optimized roaming to of 1 Mbps

24M

Sets the data rate threshold for 802.11b optimized roaming to of 24 Mbps

2M

Sets the data rate threshold for 802.11b optimized roaming to of 2 Mbps

36M

Sets the data rate threshold for 802.11b optimized roaming to of 36 Mbps

48M

Sets the data rate threshold for 802.11b optimized roaming to of 48 Mbps

54M

Sets the data rate threshold for 802.11b optimized roaming to of 54 Mbps

5_5M

Sets the data rate threshold for 802.11b optimized roaming to of 5.5 Mbps

6M

Sets the data rate threshold for 802.11b optimized roaming to of 6 Mbps

9M

Sets the data rate threshold for 802.11b optimized roaming to of 9 Mbps

disable

Disables the data rate threshold.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to configure optimized roaming for 802.11b network:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 24ghz rrm optimized-roam

ap dot11 24ghz rx-sop threshold

To configure 802.11b radio receiver start-of-packet (RxSOP), use the ap dot11 24ghz rx-sop threshold command.

ap dot11 24ghz rx-sop threshold {auto | high | low | medium | custom rxsop-value}

Syntax Description

auto

Reverts RxSOP value to the default value.

high

Sets the RxSOP value to high threshold (–79 dBm).

medium

Sets the RxSOP value to medium threshold (–82 dBm).

low

Sets the RxSOP value to low threshold (–85 dBm).

custom rxsop-value

Sets the RxSOP value to custom threshold (–85 dBm to –60 dBm)

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Usage Guidelines

RxSOP determines the Wi-Fi signal level in dBm at which an access point's radio demodulates and decodes a packet. Higher the level, less sensitive the radio is and smaller the receiver cell size. The table below shows the RxSOP threshold values for high, medium, low, and custom levels for 2.4-GHz band.

Table 2. RxSOP Thresholds for 2.4-GHz Band
High Threshold Medium Threshold Low Threshold Custom Threshold

–79 dBm

–82 dBm

–85 dBm

–85 dBm to –60 dBm

Examples

The following example shows how to configure 802.11b radio receiver start-of-packet (RxSOP) value to auto:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 24ghz rx-sop threshold auto

ap dot11 24ghz shutdown

To disable 802.11a network, use the ap dot11 24ghz shutdown command.

ap dot11 24ghz shutdown

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to disable the 802.11a network:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 24ghz shutdown

ap dot11 5ghz channelswitch quiet

To configure the 802.11h channel switch quiet mode, use the ap dot11 5ghz channelswitch quiet command.

ap dot11 5ghz channelswitch quiet

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to configure the 802.11h channel switch quiet mode:

Device # configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device (config)# ap dot11 5ghz channelswitch quiet

ap dot11 5ghz cleanair

To enable CleanAir for detecting 5-GHz devices, use the ap dot11 5ghz cleanair command in global configuration mode.

ap dot11 5ghz cleanair

Command Default

Disabled.

Command Modes

Global configuration.

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

You must enable this CleanAir command before you configure other CleanAir commands.

Examples

This example shows how to enable CleanAir for 5-GHz devices:


Device(config)# ap dot11 5ghz cleanair

default ap dot11 5ghz cleanair device

To configure the default state of the alarm for 5-GHz interference devices, use the default ap dot11 5ghz cleanair device command in global configuration mode.

default ap dot11 5ghz cleanair device {canopy | cont-tx | dect-like | inv | jammer | nonstd | radar | report | superag | tdd-tx | video | wimax-fixed | wimax-mobile}

Syntax Description

canopy

Configures the alarm for canopy interference devices.

cont-tx

Configures the alarm for continuous transmitters.

dect-like

Configures the alarm for Digital Enhanced Cordless Communication (DECT)-like phones.

inv

Configures the alarm for devices using spectrally inverted Wi-Fi signals.

jammer

Configures the alarm for jammer interference devices.

nonstd

Configures the alarm for devices using nonstandard Wi-Fi channels.

radar

Configures the alarm for radars.

report

Enables interference device reports.

superag

Configures the alarm for 802.11 SuperAG interference devices.

tdd-tx

Configures the alarm for Time Division Duplex (TDD) transmitters.

video

Configures the alarm for video cameras.

wimax-fixed

Configures the alarm for WiMax fixed interference devices.

wimax-mobile

Configures the alarm for WiMax mobile interference devices.

Command Default

The alarm for Wi-Fi inverted devices is enabled. The alarm for all other interference devices is disabled.

Command Modes

Global configuration (config).

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

You must enable CleanAir using the ap dot11 5ghz cleanair command before you configure this command.

Examples

This example shows how to enable CleanAir to report when a video camera interferes:


Device(config)# default ap dot11 5ghz cleanair device video

ap dot11 5ghz power-constraint

To configure the 802.11h power constraint value, use the ap dot11 5ghz power-constraint command. To remove the 802.11h power constraint value, use the no form of this command.

ap dot11 5ghz power-constraint value

no ap dot11 5ghz power-constraint

Syntax Description

value

802.11h power constraint value.

Note 

The range is from 0 to 30 dBm.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to configure the 802.11h power constraint to 5 dBm:


Device(config)# ap dot11 5ghz power-constraint 5

ap dot11 5ghz rate

To configure 802.11a operational rates, use the ap dot11 5ghz rate command.

ap dot11 5ghz rate {RATE_12M | RATE_18M | RATE_24M | RATE_36M | RATE_48M | RATE_54M | RATE_6M | RATE_9M} {disable | mandatory | supported}

Syntax Description

RATE_12M

Configures the data to be transmitted at the rate of 12 Mbps

RATE_18M

Configures the data to be transmitted at the rate of 18 Mbps

RATE_24M

Configures the data to be transmitted at the rate of 24 Mbps

RATE_36M

Configures the data to be transmitted at the rate of 36 Mbps

RATE_48M

Configures the data to be transmitted at the rate of 48 Mbps

RATE_54M

Configures the data to be transmitted at the rate of 54 Mbps

RATE_6M

Configures the data to be transmitted at the rate of 6 Mbps

RATE_9M

Configures the data to be transmitted at the rate of 9 Mbps

disable

Disables the data rate that you specify. Also defines that the clients specify the data rates used for communication.

mandatory

Defines that the clients support this data rate in order to associate with an AP.

supported

Any associated clients support this data rate can communicate with the AP using this rate. However, the clients are not required to use this rate to associate with the AP.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to configure 802.11a operational rate to 24 Mbps and make it supported:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 5ghz rate RATE_24M supported

ap dot11 5ghz rrm channel cleanair-event

To enable Event-Driven RRM (EDRRM) and configure the sensitivity for 5-GHz devices, use the ap dot11 5ghz rrm channel cleanair-event command in global configuration mode. To disable EDRRM, use the no form of the command.

ap dot11 5ghz rrm channel cleanair-event [ sensitivity {high | low | medium}]

no ap dot11 5ghz rrm channel cleanair-event [ sensitivity {high | low | medium}]

Syntax Description

sensitivity

(Optional) Configures the EDRRM sensitivity of the CleanAir event.

high

(Optional) Specifies the highest sensitivity to non-Wi–Fi interference as indicated by the air quality (AQ) value.

low

(Optional) Specifies the least sensitivity to non-Wi–Fi interference as indicated by the AQ value.

medium

(Optional) Specifies medium sensitivity to non-Wi–Fi interference as indicated by the AQ value.

Command Default

EDRRM is disabled and the EDRRM sensitivity is low.

Command Modes

Global configuration (config).

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

You must enable EDRRM using the ap dot11 5ghz rrm channel cleanair-event command before you configure the sensitivity.

Examples

This example shows how to enable EDRRM and set the EDRRM sensitivity to high:

Device(config)# ap dot11 5ghz rrm channel cleanair-event 
Device(config)# ap dot11 5ghz rrm channel cleanair-event sensitivity high

ap dot11 5ghz rrm channel device

To configure persistent non-Wi-Fi device avoidance in the 802.11a channel, use the ap dot11 5ghz rrm channel device command in global configuration mode. To disable persistent device avoidance, use the no form of this command.

ap dot11 5ghz rrm channel device

no ap dot11 5ghz rrm channel device

Syntax Description

This command has no arguments or keywords.

Command Default

The CleanAir persistent device state is disabled.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

CleanAir-capable monitor mode access points collect information about persistent devices on all configured channels and stores the information in the device. Local and bridge mode access points detect interference devices on the serving channels only.

Examples

This example shows how to enable persistent device avoidance on 802.11a devices:

Device(config)# ap dot11 5ghz rrm channel device

ap dot11 5ghz rx-sop threshold

To configure 802.11a radio receiver start-of-packet (RxSOP), use the ap dot11 5ghz rx-sop threshold command.

ap dot11 5ghz rx-sop threshold {auto | high | low | medium | custom rxsop-value}

Syntax Description

auto

Reverts RxSOP value to the default value.

high

Sets the RxSOP value to high threshold (–76 dBm).

medium

Sets the RxSOP value to medium threshold (–78 dBm).

low

Sets the RxSOP value to low threshold (–80 dBm).

custom rxsop-value

Sets the RxSOP value to custom threshold (–85 dBm to –60 dBm)

Command Default

None

Command Modes

config

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Usage Guidelines

RxSOP determines the Wi-Fi signal level in dBm at which an access point's radio demodulates and decodes a packet. Higher the level, less sensitive the radio is and smaller the receiver cell size. The table below shows the RxSOP threshold values for high, medium, low, and custom levels for 5-GHz band.

Table 3. RxSOP Thresholds for 5-GHz Band
High Threshold Medium Threshold Low Threshold Custom Threshold

–76 dBm

–78 dBm

–80 dBm

–85 dBm to –60 dBm

Examples

The following example shows how to configure 802.11b radio receiver start-of-packet (RxSOP) value to a custom value of –70 dBm:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 24ghz rx-sop threshold custom -70

ap dot11 5ghz shutdown

To disable 802.11a network, use the ap dot11 5ghz shutdown command.

ap dot11 5ghz shutdown

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to disable the 802.11a network:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 5ghz shutdown

ap dot11 5ghz smart-dfs

To configure to use nonoccupancy time for radar interference channel, use the ap dot11 5ghz smart-dfs command.

ap dot11 5ghz smart-dfs

Command Default

None

Command Modes

config

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to configure to use nonoccupancy time for radar interference channel:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 5ghz smart-dfs

ap dot11 beaconperiod

To change the beacon period globally for 2.4 GHz or 5 GHz bands, use the ap dot11 beaconperiod command.


Note

Disable the 802.11 network before using this command. See the “Usage Guidelines” section.


ap dot11 {24ghz | 5ghz} beaconperiod time

Syntax Description

24ghz

Specifies the settings for 2.4 GHz band.

5ghz

Specifies the settings for 5 GHz band.

beaconperiod

Specifies the beacon for a network globally.

time

Beacon interval in time units (TU). One TU is 1024 microseconds. The range is from 20 to 1000.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

In Cisco wireless LAN 802.11 networks, all Cisco lightweight access point wireless LANs broadcast a beacon at regular intervals. This beacon notifies clients that the wireless service is available and allows the clients to synchronize with the lightweight access point.

Before you change the beacon period, make sure that you have disabled the 802.11 network by using the ap dot11 {24ghz | 5ghz} shutdown command. After changing the beacon period, enable the 802.11 network by using the no ap dot11 {24ghz | 5ghz} shutdown command.

Examples

This example shows how to configure the 5 GHZ band for a beacon period of 120 time units:

Device(config)# ap dot11 5ghz beaconperiod 120

ap dot11 cac media-stream

To configure media stream Call Admission Control (CAC) voice and video quality parameters for 2.4 GHz and 5 GHz bands, use the ap dot11 cac media-stream command.

ap dot11 {24ghz | 5ghz} cac media-stream multicast-direct {max-retry-percent retryPercent | min-client-rate {eighteen | eleven | fiftyFour | fivePointFive | fortyEight | nine | oneFifty | oneFortyFourPointFour | oneThirty | oneThirtyFive | seventyTwoPointTwo | six | sixtyFive | thirtySix | threeHundred | twelve | twentyFour | two | twoSeventy}}

Syntax Description

24ghz

Specifies the 2.4 GHz band.

5ghz

Specifies the 5 GHz band.

multicast-direct

Specifies CAC parameters for multicast-direct media streams.

max-retry-percent

Specifies the percentage of maximum retries that are allowed for multicast-direct media streams.

retryPercent

Percentage of maximum retries that are allowed for multicast-direct media streams.

Note 

The range is from 0 to 100.

min-client-rate

Specifies the minimum transmission data rate to the client for multicast-direct media streams (rate at which the client must transmit in order to receive multicast-direct unicast streams).

If the transmission rate is below this rate, either the video will not start or the client may be classified as a bad client. The bad client video can be demoted for better effort QoS or subject to denial.

min-client-rate

You can choose the following rates:

  • eighteen

  • eleven

  • fiftyFour

  • fivePointFive

  • fortyEight

  • nine

  • one

  • oneFifty

  • oneFortyFourPointFour

  • oneThirty

  • oneThirtyFive

  • seventyTwoPointTwo

  • six

  • sixtyFive

  • thirtySix

  • threeHundred

  • twelve

  • twentyFour

  • two

  • twoSeventy

Command Default

The default value for the maximum retry percent is 80. If it exceeds 80, either the video will not start or the client might be classified as a bad client. The bad client video will be demoted for better effort QoS or is subject to denial.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol.

Before you can configure CAC parameters on a network, you must complete the following prerequisites:

  • Disable all WLANs with WMM enabled by entering the wlan wlan_name shutdown command.

  • Disable the radio network you want to configure by entering the ap dot11 {24ghz | 5ghz} shutdown command.

  • Save the new configuration.

  • Enable voice or video CAC for the network you want to configure by entering the ap dot11 {24ghz | 5ghz} cac voice acm or ap dot11 {24ghz | 5ghz} cac video acm commands.

Examples

This example shows how to configure the maximum retry percent for multicast-direct media streams as 90 on a 802.11a network:

Device(config)# ap dot11 5ghz cac media-stream multicast max-retry-percent 90

ap dot11 cac multimedia

To configure multimedia Call Admission Control (CAC) voice and video quality parameters for 2.4 GHz and 5 GHz bands, use the ap dot11 cac multimedia command.

ap dot11 {24ghz | 5ghz} cac multimedia max-bandwidth bandwidth

Syntax Description

24ghz

Specifies the 2.4 GHz band.

5ghz

Specifies the 5 GHz band.

max-bandwidth

Specifies the percentage of maximum bandwidth allocated to Wi-Fi Multimedia (WMM) clients for voice and video applications on the 2.4 GHz or 5 GHz band.

bandwidth

Percentage of the maximum bandwidth allocated to WMM clients for voice and video applications on the 802.11a or 802.11b/g network. Once the client reaches the specified value, the access point rejects new multimedia flows this radio band. The range is from 5 to 85%.

Command Default

The default value is 75%.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol.

Before you can configure CAC parameters on a network, you must complete the following prerequisites:

  • Disable all WLANs with WMM enabled by entering the wlan wlan_name shutdown command.

  • Disable the radio network you want to configure by entering the ap dot11 {24ghz | 5ghz} shutdown command.

  • Save the new configuration.

  • Enable voice or video CAC for the network you want to configure by entering the ap dot11 {24ghz | 5ghz} cac voice acm or ap dot11 {24ghz | 5ghz} cac video acm commands.

Examples

This example shows how to configure the percentage of the maximum bandwidth allocated to WMM clients for voice and video applications on the 5 GHz band:

Device(config)# ap dot11 5ghz cac multimedia max-bandwidth 5

ap dot11 cac voice

To configure Call Admission Control (CAC) parameters for the voice category, use the ap dot11 cac voice command.

ap dot11 {24ghz | 5ghz} cac voice {acm | load-based | max-bandwidth value | roam-bandwidth value | sip [bandwidth bw] sample-interval value | stream-size x max-streams y | tspec-inactivity-timeout {enable | ignore}}

Syntax Description

24ghz

Specifies the 2.4 GHz band.

5ghz

Specifies the 5 GHz band.

acm

Enables bandwidth-based voice CAC for the 2.4 GHz or 5 GHz band.

Note 

To disable bandwidth-based voice CAC for the 2.4 GHz or 5 GHz band, use the no ap dot11 {24ghz | 5ghz} cac voice acm command.

load-based

Enable load-based CAC on voice access category.

Note 

To disable load-based CAC on voice access category for the 2.4 GHz or 5 GHz band, use the no ap dot11 {24ghz | 5ghz} cac voice load-based command.

max-bandwidth

Sets the percentage of the maximum bandwidth allocated to clients for voice applications on the 2.4 GHz or 5 GHz band.

value

Bandwidth percentage value from 5 to 85%.

roam-bandwidth

Sets the percentage of the CAC maximum allocated bandwidth reserved for roaming voice clients on the 2.4 GHz or 5 GHz band.

value

Bandwidth percentage value from 0 to 85%.

sip

Specifies the CAC codec name and sample interval as parameters and calculates the required bandwidth per call for the 802.11 networks.

bandwidth

(Optional) Specifies bandwidth for a SIP-based call.

bw
Bandwidth in kbps. The following bandwidth values specify parameters for the SIP codecs:
  • 64kbps—Specifies CAC parameters for the SIP G711 codec.

  • 8kbps—Specifies CAC parameters for the SIP G729 codec.
Note 

The default value is 64 Kbps.

sample-interval

Specifies the packetization interval for SIP codec.

value

Packetization interval in msecs. The sample interval for SIP codec value is 20 seconds.

stream-size

Specifies the number of aggregated voice Wi-Fi Multimedia (WMM) traffic specification (TSPEC) streams at a specified data rate for the 2.4 GHz or 5 GHz band.

x

Stream size. The range of the stream size is from 84000 to 92100.

max-streams

Specifies the maximum number of streams per TSPEC.

y

Number (1 to 5) of voice streams.

Note 

The default number of streams is 2 and the mean data rate of a stream is 84 kbps.

tspec-inactivity-timeout
Specifies TSPEC inactivity timeout processing mode.
Note 

Use this keyword to process or ignore the Wi-Fi Multimedia (WMM) traffic specifications (TSPEC) inactivity timeout received from an access point. When the inactivity timeout is ignored, a client TSPEC is not deleted even if the access point reports an inactivity timeout for that client.

enable

Processes the TSPEC inactivity timeout messages.

ignore

Ignores the TSPEC inactivity timeout messages.

Note 

The default is ignore (disabled).

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.

Before you can configure CAC parameters on a network, you must complete the following prerequisites:

  • Disable all WLANs with WMM enabled by entering the wlan wlan_name shutdown command.

  • Disable the radio network you want to configure by entering the ap dot11 {24ghz | 5ghz} shutdown command.

  • Save the new configuration.

  • Enable voice or video CAC for the network you want to configure by entering the ap dot11 {24ghz | 5ghz} cac voice acm or ap dot11 {24ghz | 5ghz} cac video acm commands.

Examples

This example shows how to enable the bandwidth-based CAC:

Device(config)# ap dot11 24ghz cac voice acm

This example shows how to enable the load-based CAC on the voice access category:

Device(config)# ap dot11 24ghz cac voice load-based

This example shows how to specify the percentage of the maximum allocated bandwidth for voice applications on the selected radio band:

Device(config)# ap dot11 24ghz cac voice max-bandwidth 50

This example shows how to configure the percentage of the maximum allocated bandwidth reserved for roaming voice clients on the selected radio band:

Device(config)# ap dot11 24ghz cac voice roam-bandwidth 10

This example shows how to configure the bandwidth and voice packetization interval for the G729 SIP codec on a 2.4 GHz band:

Device(config)# ap dot11 24ghz cac voice sip bandwidth 8 sample-interval 40

This example shows how to configure the number of aggregated voice traffic specifications stream with a stream size of 85000 and with a maximum of 5 streams:

Device(config)# ap dot11 24ghz cac voice stream-size 85000 max-streams 5

This example shows how to enable the voice TSPEC inactivity timeout messages received from an access point:

Device(config)# ap dot11 24ghz cac voice tspec-inactivity-timeout enable

ap dot11 cleanair

To configure CleanAir on 802.11 networks, use the ap dot11 cleanair command. To disable CleanAir on 802.11 networks, use the no form of this command.

ap dot11 {24ghz | 5ghz} cleanair

no ap dot11 {24ghz | 5ghz} cleanair

Syntax Description

24ghz

Specifies the 2.4 GHz band.

5ghz

Specifies the 5 GHz band.

cleanair

Specifies CleanAir on the 2.4 GHz or 5 GHz band.

Command Default

Disabled

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to enable the CleanAir settings on the 2.4 GHz band:


Device(config)# ap dot11 24ghz cleanair

ap dot11 cleanair device

To configure CleanAir interference device types, use the ap dot11 cleanair device command.

ap dot11 24ghz cleanair device [all | bt-discovery | bt-link | canopy | cont-tx | dect-like | fh | inv | jammer | mw-oven | nonstd | superag | tdd-tx | video | wimax-fixed | wimax-mobile | xbox | zigbee]

Syntax Description

all

Specifies all device types.

device

Specifies the CleanAir interference device type.

bt-discovery

Specifies the Bluetooth device in discovery mode.

bt-link

Specifies the Bluetooth active link.

canopy

Specifies the Canopy devices.

cont-tx

Specifies the continuous transmitter.

dect-like

Specifies a Digital Enhanced Cordless Communication (DECT)-like phone.

fh

Specifies the 802.11 frequency hopping devices.

inv

Specifies the devices using spectrally inverted Wi-Fi signals.

jammer

Specifies the jammer.

mw-oven

Specifies the microwave oven devices.

nonstd

Specifies the devices using nonstandard Wi-Fi channels.

superag

Specifies 802.11 SuperAG devices.

tdd-tx

Specifies the TDD transmitter.

video

Specifies video cameras.

wimax-fixed

Specifies a WiMax fixed device.

wimax-mobile

Specifies a WiMax mobile device.

xbox

Configures the alarm for Xbox interference devices.

zigbee

Configures the alarm for 802.15.4 interference devices.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to configure the device to monitor ZigBee interferences:

Device(config)# ap dot11 24ghz cleanair device report

ap dot11 dot11n

To configure settings for an 802.11n network, use the ap dot11 dot11n command.

ap dot11 {24ghz | 5ghz} dot11n {a-mpdu tx priority { priority_value all } | scheduler timeout rt scheduler_value} | a-msdu tx priority {priority_value | all} | guard-interval {any | long} | mcs tx rate | rifs rx}

Syntax Description

24ghz

Specifies the 2.4-GHz band.

5ghz

Specifies the 5-GHz band.

dot11n

Enables 802.11n support.

a-mpdu tx priority

Specifies the traffic that is associated with the priority level that uses Aggregated MAC Protocol Data Unit (A-MPDU) transmission.

priority_value

Aggregated MAC protocol data unit priority level from 0 to 7.

all

Specifies all of the priority levels at once.

a-msdu tx priority

Specifies the traffic that is associated with the priority level that uses Aggregated MAC Service Data Unit (A-MSDU) transmission.

priority_value

Aggregated MAC protocol data unit priority level from 0 to 7.

all

Specifies all of the priority levels at once.

scheduler timeout rt

Configures the 802.11n A-MPDU transmit aggregation scheduler timeout value in milliseconds.

scheduler_value

The 802.11n A-MPDU transmit aggregation scheduler timeout value from 1 to 10000 milliseconds.

guard-interval

Specifies the guard interval.

any

Enables either a short or a long guard interval.

long

Enables only a long guard interval.

mcs tx rate

Specifies the modulation and coding scheme (MCS) rates at which data can be transmitted between the access point and the client.

rate

Specifies the modulation and coding scheme data rates.

Note 

The range is from 0 to 23.

rifs rx

Specifies the Reduced Interframe Space (RIFS) between data frames.

Command Default

By default, priority 0 is enabled.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

Aggregation is the process of grouping packet data frames together rather than transmitting them separately. The two aggregation methods available are:
  • A-MPDU—This aggregation is performed in the software.
  • A-MSDU—This aggregation is performed in the hardware

Aggregated MAC Protocol Data Unit priority levels assigned per traffic type are as follows:

  • 0—Best effort

  • 1—Background

  • 2—Spare

  • 3—Excellent effort

  • 4—Controlled load

  • 5—Video, less than 100-ms latency and jitter

  • 6—Voice, less than 10-ms latency and jitter

  • 7—Network control

  • all—Configure all of the priority levels at once.


Note

Configure the priority levels to match the aggregation method used by the clients.


Examples

This example shows how to enable 802.11n support on a 2.4-GHz band:


Device(config)# ap dot11 24ghz dot11n

This example shows how to configure all the priority levels at once so that the traffic that is associated with the priority level uses A-MSDU transmission:


Device(config)# ap dot11 24ghz dot11n a-msdu tx priority all

This example shows how to enable only long guard intervals:


Device(config)# ap dot11 24ghz dot11n guard-interval long

This example shows how to specify MCS rates:


Device(config)# ap dot11 24ghz dot11n mcs tx 5

This example shows how to enable RIFS:


Device(config)# ap dot11 24ghz dot11n rifs rx

ap dot11 dtpc

To configure Dynamic Transmit Power Control (DTPC) settings, Cisco Client eXtension (CCX) version 5 expedited bandwidth request feature, and the fragmentation threshold on an 802.11 network, use the ap dot11 dtpc command.

ap dot11 {24ghz | 5ghz} {dtpc | exp-bwreq | fragmentation threshold}

Syntax Description

24ghz

Specifies the 2.4 GHz band.

5ghz

Specifies the 5 GHz band.

dtpc

Specifies Dynamic Transport Power Control (DTPC) settings.

Note 

This option is enabled by default.

exp-bwreq

Specifies Cisco Client eXtension (CCX) version 5 expedited bandwidth request feature.

Note 

The expedited bandwidth request feature is disabled by default.

fragmentation threshold

Specifies the fragmentation threshold.

Note 

This option can only used be when the network is disabled using the ap dot11 {24ghz | 5ghz} shutdown command.

threshold

Threshold. The range is from 256 to 2346 bytes (inclusive).

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

When the CCX version 5 expedited bandwidth request feature is enabled, the device configures all joining access points for this feature.

Examples

This example shows how to enable DTPC for the 5 GHz band:

Device(config)# ap dot11 5ghz dtpc

This example shows how to enable the CCX expedited bandwidth settings:

Device(config)# ap dot11 5ghz exp-bwrep

This example shows how to configure the fragmentation threshold on the 5 GHz band with the threshold number of 1500 bytes:

Device(config)# ap dot11 5ghz fragmentation 1500

ap dot11 edca-parameters

To enable a specific enhanced distributed channel access (EDCA) profile on the 2.4 GHz or 5 GHz bands, use the ap dot11 edca-parameters command. To disable an EDCA profile on the 2.4 GHz or 5 GHz bands, use the no form of this command.

ap dot11 { 24ghz | 5ghz } edca-parameters { client-load-based | custom-voice | optimized-video-voice | optimized-voice | svp-voice | wmm-default }

no ap dot11 { 24ghz | 5ghz } edca-parameters { client-load-based | custom-voice | fastlane | optimized-video-voice | optimized-voice | svp-voice | wmm-default }

Syntax Description

24ghz

Specifies the 2.4 GHz band.

5ghz

Specifies the 5 GHz band.

edca-parameters

Specifies a specific enhanced distributed channel access (EDCA) profile on the 802.11 networks.

fastlane

Enables Fastlane parameters for 24GHz.

client-load-based

Enables client load-based EDCA configuration for 802.11 radios.

custom-voice

Enables custom voice EDCA parameters.

optimized-video-voice

Enables EDCA voice- and video-optimized profile parameters. Choose this option when both voice and video services are deployed on your network.

optimized-voice

Enables EDCA voice-optimized profile parameters. Choose this option when voice services other than SpectraLink are deployed on your network.

svp-voice

Enables SpectraLink voice priority parameters. Choose this option if SpectraLink phones are deployed on your network to improve the quality of calls.

wmm-default

Enables the Wi-Fi Multimedia (WMM) default parameters. Choose this option when voice or video services are not deployed on your network.

Command Default

wmm-default

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

10.3

The custom-voice keyword was removed for Cisco 5700 Series WLC.

Cisco IOS XE Bengaluru 17.5.1

The client-load-based keyword was added.

Examples

This example shows how to enable SpectraLink voice priority parameters:


Device(config)# ap dot11 24ghz edca-parameters svp-voice

ap dot11 load-balancing denial

To configure the load balancing denial count, use the ap dot11 load-balancingdenial command. To disable load balancing denial count, use the no form of the command.

ap dot11 { 24ghz| 5ghz} load-balancingdenial count

Syntax Description

count

Load balancing denial count.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification
Cisco IOS XE Gibraltar 16.12.1

This command was introduced.

Examples

The following example shows how to configure the load balancing denial count:

Device# configure terminal
Device(config)# ap dot11 5ghz load-balancing denial 10

ap dot11 load-balancing window

To configure the number of clients for the aggressive load balancing client window, use the ap dot11 load-balancingwindow command. To disable the client count, use the no form of the command.

ap dot11 { 24ghz| 5ghz} load-balancingwindow clients

Syntax Description

clients

Number of clients. Valid range is from 0 to 20.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification
Cisco IOS XE Gibraltar 16.12.1

This command was introduced.

Examples

The following example shows how to configure the number of clients for the aggressive load balancing client window:

Device# configure terminal
Device(config)# ap dot11 5ghz load-balancing window 10

ap dot11 rf-profile

To configure an RF-Profile for a selected band, use the ap dot11 rf-profile command. To delete an RF-Profile, use the no form of this command.

ap dot11 {24GHz | 5GHz} rf-profile profile name

Syntax Description

24ghz

Displays the 2.4-GHz band

5ghz

Displays the 5-GHz band

profile name

Name of the RF profile

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Denali 16.3.1

This command was introduced.

Usage Guidelines

None

Examples

This example shows how to configure an RF profile for a selected band.

Device#ap dot11 24GHz rf-profile doctest

ap dot11 rrm

To configure basic and advanced radio resource management settings for 802.11 devices, use the ap dot11 rrm command.

ap dot11 {24ghz | 5ghz} rrm {ccx location-measurement sec | channel {cleanair-event | dca | device | foreign | load | noise | outdoor-ap-dca} | coverage {data fail-percentage pct | data packet-count count | data rssi-threshold threshold} | exception global percentage | level global number | voice {fail-percentage percentage | packet-count number | rssi-threshold threshold}}

Syntax Description

ccx

Configures Advanced (RRM) 802.11 CCX options.

location-measurement

Specifies 802.11 CCX Client Location Measurements in seconds. The range is between 10 and 32400 seconds.

channel

Configure advanced 802.11-channel assignment parameters.

cleanair-event

Configures cleanair event-driven RRM parameters.

dca

Configures 802.11-dynamic channel assignment algorithm parameters.

device

Configures persistent non-WiFi device avoidance in the 802.11-channel assignment.

foreign

Enables foreign AP 802.11-interference avoidance in the channel assignment.

load

Enables Cisco AP 802.11-load avoidance in the channel assignment.

noise

Enables non-802.11-noise avoidance in the channel assignment.

outdoor-ap-dca

Configures 802.11 DCA list option for outdoor AP.

coverage

Configures 802.11 coverage Hole-Detection.

data fail-percentage pct

Configures 802.11 coverage failure-rate threshold for uplink data packets. The range is between 1 and 100

data packet-count count

Configures 802.11 coverage minimum-failure-count threshold for uplinkdata packets.

data rssi-threshold threshold

Configures 802.11 minimum-receive-coverage level for voice packets.

exception global percentage

Configures 802.11 Cisco APs coverage-exception level. The range is between 0 and 100 percent.

level global number

Configures 802.11 Cisco AP client-minimum-exception level between 1 and 75 clients.

voice

Configures 802.11 coverage Hole-Detection for voice packets.

fail-percentage percentage

Configures 802.11 coverage failure rate threshold for uplink voice packets.

packet-count number

Configures 802.11 coverage minimum-uplink-failure count threshold for voice packets.

rssi-threshold threshold

Configures 802.11 minimum receive coverage level for voice packets.

Command Default

Disabled

Command Modes

Interface configuration

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

This command applies for both 802.11a and 802.11b bands. But the appropriate commands must be chosen for configuring the parameter.

Examples

This example shows how to configure various RRM settings.


Device#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)#ap dot11 5ghz rrm ?
  ccx            Configure Advanced(RRM) 802.11a CCX options
  channel        Configure advanced 802.11a channel assignment parameters
  coverage       802.11a Coverage Hole Detection
  group-member   Configure members in 802.11a static RF group
  group-mode     802.11a RF group selection mode
  logging        802.11a event logging
  monitor        802.11a statistics monitoring
  ndp-type       Neighbor discovery type Protected/Transparent
  profile        802.11a performance profile
  tpc-threshold  Configures the Tx Power Control Threshold used by RRM for auto
                 power assignment
  txpower        Configures the 802.11a Tx Power Level

ap dot11 rrm channel

To enable radio resource management channel for 2.4 GHz and 5GHz devices, use the ap dot11 rrm channel command. To disable the radio resource mangement for 2.4 GHz and 5 GHz devices, use the no form of the command.

ap dot11 {24ghz | 5ghz} rrm channel {cleanair-event | dca | device | foreign | load | noise}

no ap dot11 {24ghz | 5ghz} rrm channel {cleanair-event | dca | device | foreign | load | noise}

Syntax Description

cleanair-event

Specifies the cleanair event-driven RRM parameters

dca

Specifies the 802.11 dynamic channel assignment algorithm parameters

device

Specifies the persistent non-WiFi device avoidance in the 802.11-channel assignment.

foreign

Enables foreign AP 802.11-interference avoidance in the channel assignment.

load

Enables Cisco AP 802.11-load avoidance in the channel assignment.

noise

Enables non-802.11-noise avoidance in the channel assignment.

Command Default

None.

Command Modes

Interface configuration.

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

None.

Examples

This example shows all the parameters available for Channel.


Device#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)#ap dot11 24ghz rrm channel ?
  cleanair-event  Configure cleanair event-driven RRM parameters
  dca             Config 802.11b dynamic channel assignment algorithm
                  parameters
  device          Configure persistent non-WiFi device avoidance in the 802.11b
                  channel assignment
  foreign         Configure foreign AP 802.11b interference avoidance in the
                  channel assignment
  load            Configure Cisco AP 802.11b load avoidance in the channel
                  assignment
  noise           Configure 802.11b noise avoidance in the channel assignment

ap dot11 rrm channel dca

To configure Dynamic Channel Assignment (DCA) algorithm parameters on 802.11 networks, use the ap dot11 rrm channel dca command.

ap dot11 {24ghz | 5ghz} rrm channel dca {channel_number | anchor-time value | global {auto | once} | interval value | min-metric value | sensitivity {high | low | medium}}

Syntax Description

24ghz

Specifies the 2.4 GHz band.

5ghz

Specifies the 5 GHz band.

channel_number

Channel number to be added to the DCA list.

Note 

The range is from 1 to 14.

anchor-time

Specifies the anchor time for DCA.

value

Hour of time between 0 and 23. These values represent the hour from 12:00 a.m. to 11:00 p.m.

global

Specifies the global DCA mode for the access points in the 802.11 networks.

auto

Enables auto-RF.

once

Enables one-time auto-RF.

interval

Specifies how often the DCA is allowed to run.

value

Interval between the times when DCA is allowed to run. Valid values are 0, 1, 2, 3, 4, 6, 8, 12, or 24 hours. 0 is 10 minutes (600 seconds). Default value is 0 (10 minutes).

min-metric

Specifies the DCA minimum RSSI energy metric.

value

Minimum RSSI energy metric value from –100 to –60.

sensitivity

Specifies how sensitive the DCA algorithm is to environmental changes (for example, signal, load, noise, and interference) when determining whether or not to change channels.

high

Specifies that the DCA algorithm is not particularly sensitive to environmental changes. See the “Usage Guidelines” section for more information.

low

Specifies that the DCA algorithm is moderately sensitive to environmental changes. See the “Usage Guidelines” section for more information.

medium

Specifies that the DCA algorithm is highly sensitive to environmental changes. See the “Usage Guidelines” section for more information.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

The DCA sensitivity thresholds vary by radio band as shown in the table below.

To aid in troubleshooting, the output of this command shows an error code for any failed calls. The table below explains the possible error codes for failed calls.

Table 4. DCA Sensitivity Threshold
Sensitivity 2.4 Ghz DCA Sensitivity Threshold 5 Ghz DCA Sensitivity Threshold
High 5 dB 5 dB
Medium 15 dB 20 dB
Low 30 dB 35 dB

Examples

This example shows how to configure the device to start running DCA at 5 pm for the 2.4 GHz band:


Device(config)# ap dot11 24ghz rrm channel dca anchor-time 17

This example shows how to set the DCA algorithm to run every 10 minutes for the 2.4 GHz band:


Device(config)# ap dot11 24ghz rrm channel dca interval 0

This example shows how to configure the value of DCA algorithm’s sensitivity to low on the 2.4 GHz band:


Device(config)# ap dot11 24ghz rrm channel dca sensitivity low

ap dot11 rrm channel dca chan-width

To configure channel width for IEEE 802.11 radios, use the ap dot11 rrm channel dca chan-width command.

ap dot11 { 24ghz| 5ghz} rrm channel dca chan-width { 160| 20| 40| 80| 80+80| best| width-max}

Syntax Description

160

160 MHz.

20

20 MHz.

40

40 MHz.

80

80 MHz.

80+80

80+80 MHz.

best

Best channel width.

width-max

Maximum best channel width allowed for dynamic bandwidth selection.

Command Default

None

Command Modes

Global Configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Usage Guidelines

Examples

The following example shows how to configure channel width for IEEE 802.11 radios.

Device(config)# ap dot11 5ghz rrm channel dca chan-width 160 

ap dot11 rrm coverage

To enable 802.11 coverage hole detection, use the ap dot11 rrm coverage command.

ap dot11 {24ghz | 5ghz} rrm coverage [data {fail-percentage percentage | packet-count count | rssi-threshold threshold} | exceptional global value | level global value | voice {fail-percentage percentage | packet-count packet-count | rssi-threshold threshold}]

Syntax Description

data

Specifies 802.11 coverage hole-detection data packets.

fail-percentage percentage

Specifies 802.11 coverage failure-rate threshold for uplink data packets. The range is between 1 and 100

packet-count count

Specifies 802.11 coverage minimum-failure-count threshold for uplink data packets.

rssi-threshold threshold

Specifies 802.11 minimum-receive-coverage level for voice packets.

exceptional global value

Specifies 802.11 Cisco APs coverage-exception level. The range is between 0 and 100 percent.

level global value

Specifies 802.11 Cisco AP client-minimum-exception level between 1 and 75 clients.

voice

Specifies 802.11 coverage Hole-Detection for voice packets.

fail-percentage percentage

Specifies 802.11 coverage failure rate threshold for uplink voice packets.

packet-count packet-count

Specifies 802.11 coverage minimum-uplink-failure count threshold for voice packets.

rssi-threshold threshold

Specifies 802.11 minimum receive coverage level for voice packets.

Command Default

None.

Command Modes

Interface configuration.

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

If you enable coverage hole-detection, the device automatically determines, based on data that is received from the access points, whether any access points have clients that are potentially located in areas with poor coverage.

If both the number and percentage of failed packets exceed the values that you entered in the ap dot11 {24ghz | 5ghz} rrm coverage packet-count and ap dot11 {24ghz | 5ghz} rrm coverage fail-percentage commands for a 5-second period, the client is considered to be in a pre-alarm condition. The device uses this information to distinguish between real and false coverage holes and excludes clients with poor roaming logic. A coverage hole is detected if both the number and percentage of failed clients meet or exceed the values entered in the ap dot11 {24ghz | 5ghz} rrm coverage level-global and ap dot11 {24ghz | 5ghz} rrm coverage exceptional-global commands over a 90-second period. The device determines whether the coverage hole can be corrected and, if appropriate, mitigate the coverage hole by increasing the transmit power level for that specific access point.

Examples

This example shows how to set the RSSI-threshold for data in 5-GHz band.


Device#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)#ap dot11 5ghz rrm coverage data rssi-threshold -80

ap dot11 rrm group-member

To configure members in an 802.11 static RF group, use the ap dot11 rrm group-member command. To remove members from 802.11 RF group, use the no form of this command.

ap dot11 {24ghz | 5ghz} rrm group-member controller-name controller-ip

no ap dot11 {24ghz | 5ghz} rrm group-member controller-name controller-ip

Syntax Description

24ghz

Specifies the 2.4 GHz band.

5ghz

Specifies the 5 GHz band.

controller-name

Name of the device to be added.

controller-ip

IP address of the device to be added.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to add a device in the 5 GHz band RF group:


Device(config)# ap dot11 5ghz rrm group-member cisco-controller 192.0.2.54

ap dot11 rrm group-mode

To set the 802.11 automatic RF group selection mode on, use the ap dot11 rrm group-mode command. To set the 802.11 automatic RF group selection mode off, use the no form of this command.

ap dot11 {5ghz | 24ghz} rrm group-mode {auto | leader | off | restart}

no ap dot11 {5ghz | 24ghz} rrm group-mode

Syntax Description

5ghz

Specifies the 2.4 GHz band.

24ghz

Specifies the 5 GHz band.

auto

Sets the 802.11 RF group selection to automatic update mode.

leader

Sets the 802.11 RF group selection to static mode, and sets this device as the group leader.

off

Sets the 802.11 RF group selection to off.

restart

Restarts the 802.11 RF group selection.

Command Default

auto

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to turn the auto RF group selection mode on the 5 GHz band:

Device(config)# ap dot11 5ghz rrm group-mode auto

ap dot11 rrm logging

To configure report log settings on supported 802.11 networks, use the ap dot11 rrm logging command.

ap dot11 {24ghz | 5ghz} rrm logging {channel | coverage | foreign | load | noise | performance | txpower}

Syntax Description

24ghz

Specifies the 2.4 GHz band.

5ghz

Specifies the 5 GHz band.

channel

Turns the channel change logging mode on or off. The default mode is off (Disabled).

coverage

Turns the coverage profile logging mode on or off. The default mode is off (Disabled).

foreign

Turns the foreign interference profile logging mode on or off. The default mode is off (Disabled).