The Cisco Wireless LAN solution command-line interface (CLI) enables operators to connect an ASCII console to the Cisco Wireless LAN Controller and configure the controller and its associated access points.
To display all the supported Application Visibility and Control (AVC) applications, use the show avc applications command.
show avc applications
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Usage Guidelines
AVC uses the Network-Based Application Recognition (NBAR) deep packet inspection technology to classify applications based on the protocol they use. Using AVC, the controller can detect more than 1500 Layer 4 to Layer 7 protocols.
Examples
This example shows how to display all the supported AVC applications:
Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
top-apps
Displays AVC statistics for top applications.
upstream
(Optional) Displays statistics of top upstream applications.
downstream
(Optional) Displays statistics of top downstream applications.
Command Default
None.
Examples
This example shows how to display the AVC statistics of an application for a client:
> show avc statistics client 00:0a:ab:15:00:01 application http
Description Upstream Downstream
=========== ======== ==========
Number of Packtes(n secs) 5059 6369
Number of Bytes(n secs) 170144 8655115
Average Packet size(n secs) 33 1358
Total Number of Packtes 131878 150169
Total Number of Bytes 6054464 205239972
DSCP Incoming packet 16 0
DSCP Outgoing Packet 16 0
This example shows how to display the AVC statistics of the top applications for a client:
This example shows how to display the AVC statistics of an FTP application for a WLAN:
> show avc statistics wlan 1 application ftp
Description Upstream Downstream
=========== ======== ==========
Number of Packtes(n secs) 0 0
Number of Bytes(n secs) 0 0
Average Packet size(n secs) 0 0
Total Number of Packtes 32459 64888
Total Number of Bytes 274 94673983
Related Commands
config avc profile delete
config avc profile create
config avc profile rule
config wlan avc
show avc profile
show avc applications
show avc statistics client
show avc statistics applications
show avc statistics top-apps
show avc statistics guest-lan
show avc statistics remote-lan
debug avc error
debug avc events
Show CAC Commands
Use the show cac commands to display Call Admission Control (CAC) voice and video summary and statistics.
To view the detailed voice CAC statistics of the 802.11a or 802.11b radio, use the show cac voice stats command.
show cac voice stats {
802.11a |
802.11b}
Syntax Description
802.11a
Displays detailed voice CAC statistics for 802.11a.
802.11b
Displays detailed voice CAC statistics for 802.11b/g.
Examples
This example shows how to view the detailed voice CAC statistics for the 802.11b radio:
> show cac voice stats 802.11b
WLC Voice Call Statistics for 802.11b Radio
WMM TSPEC CAC Call Stats
Total num of Calls in progress................. 0
Num of Roam Calls in progress.................. 0
Total Num of Calls Admitted.................... 0
Total Num of Roam Calls Admitted............... 0
Total Num of exp bw requests received.......... 0
Total Num of exp bw requests Admitted.......... 0
Total Num of Calls Rejected.................... 0
Total Num of Roam Calls Rejected............... 0
Num of Calls Rejected due to insufficent bw.... 0
Num of Calls Rejected due to invalid params.... 0
Num of Calls Rejected due to PHY rate.......... 0
Num of Calls Rejected due to QoS policy........ 0
SIP CAC Call Stats
Total Num of Calls in progress................. 0
Num of Roam Calls in progress.................. 0
Total Num of Calls Admitted.................... 0
Total Num of Roam Calls Admitted............... 0
Total Num of Preferred Calls Received.......... 0
Total Num of Preferred Calls Admitted.......... 0
Total Num of Ongoing Preferred Calls........... 0
Total Num of Calls Rejected(Insuff BW)......... 0
Total Num of Roam Calls Rejected(Insuff BW).... 0
KTS based CAC Call Stats
Total Num of Calls in progress................. 0
Num of Roam Calls in progress.................. 0
Total Num of Calls Admitted.................... 0
Total Num of Roam Calls Admitted............... 0
Total Num of Calls Rejected(Insuff BW)......... 0
Total Num of Roam Calls Rejected(Insuff BW).... 0
Related Commands
config 802.11 cac voice
config 802.11 cac defaults
config 802.11 cac defaults
config 802.11 cac video
config 802.11 cac multimedia
show cac voice summary
show cac video stats
show cac video summary
show cac voice summary
To view the list of all APs with brief voice statistics (includes bandwidth used, maximum bandwidth available, and the number of calls information), use the show cac voice summary command.
show cac voice summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the list of all APs with brief voice statistics:
> show cac voice summary
AP Name Slot# Radio BW Used/Max Calls
----------------- ------- ----- ----------- -----
APc47d.4f3a.3547 0 11b/g 0/23437 0
1 11a 1072/23437 1
Related Commands
show mesh cac
show cac video stats
To view the detailed video CAC statistics of the 802.11a or 802.11b radio, use the show cac video stats command.
show cac video stats {
802.11a |
802.11b}
Syntax Description
802.11a
Displays detailed video CAC statistics for 802.11a.
802.11b
Displays detailed video CAC statistics for 802.11b/g.
Examples
This example shows how to view the detailed video CAC statistics for the 802.11b radio:
> show cac video stats 802.11b
WLC Video Call Statistics for 802.11b Radio
WMM TSPEC CAC Call Stats
Total num of Calls in progress................. 0
Num of Roam Calls in progress.................. 0
Total Num of Calls Admitted.................... 0
Total Num of Roam Calls Admitted............... 0
Total Num of Calls Rejected.................... 0
Total Num of Roam Calls Rejected............... 0
Num of Calls Rejected due to insufficent bw.... 0
Num of Calls Rejected due to invalid params.... 0
Num of Calls Rejected due to PHY rate.......... 0
Num of Calls Rejected due to QoS policy........ 0
SIP CAC Call Stats
Total Num of Calls in progress................. 0
Num of Roam Calls in progress.................. 0
Total Num of Calls Admitted.................... 0
Total Num of Roam Calls Admitted............... 0
Total Num of Calls Rejected(Insuff BW)......... 0
Total Num of Roam Calls Rejected(Insuff BW).... 0
Related Commands
config 802.11 cac voice
config 802.11 cac defaults
config 802.11 cac video
config 802.11 cac multimedia
show cac voice stats
show cac voice summary
show cac video stats
show cac video summary
config 802.11 cac video load-based
config 802.11 cac video cac-method
config 802.11 cac video sip
show cac video summary
To view the list of all access points with brief video statistics (includes bandwidth used, maximum bandwidth available, and the number of calls information), use the show cac video summary command.
show cac video summary
Syntax Description
This command has no arguments or keywords.
Examples
This example shows how to display the list of all access points with brief video statistics:
> show cac video summary
AP Name Slot# Radio BW Used/Max Calls
----------------- ------- ----- ----------- -----
AP001b.d571.88e0 0 11b/g 0/10937 0
1 11a 0/18750 0
AP5_1250 0 11b/g 0/10937 0
1 11a 0/18750 0
Related Commands
config 802.11 cac voice
config 802.11 cac defaults
config 802.11 cac video
config 802.11 cac multimedia
show cac voice stats
show cac voice summary
show cac video stats
show cac video summary
config 802.11 cac video load-based
config 802.11 cac video cac-method
config 802.11 cac video sip
Show Client Commands
Use the show client commands to see client settings.
To display the total number of active or rejected calls on the controller, use the show client calls command.
show client calls {
active |
rejected} {
802.11a |
802.11bg |
all}
Syntax Description
active
Displays active calls.
rejected
Displays rejected calls.
802.11a
Specifies the 802.11a network.
802.11bg
Specifies the 802.11b/g network.
all
Specifies both the 802.11a and 802.11b/g network.
Command Default
None.
Examples
This example shows how to display the active client calls on an 802.11a network:
> show client calls active 802.11a
Client MAC Username Total Call AP Name Radio Type
Duration (sec)
-------------------- --------- ---------- --------------- ----------
00:09: ef: 02:65:70 abc 45 VJ-1240C-ed45cc 802.11a
00:13: ce: cc: 51:39 xyz 45 AP1130-a416 802.11a
00:40:96: af: 15:15 def 45 AP1130-a416 802.11a
00:40:96:b2:69: df def 45 AP1130-a416 802.11a
Number of Active Calls ------------------------------------ 4
Related Commands
debug voice-diag
show client roam-history
To display the roaming history of a specified client, use the show client roam-history command.
show client roam-history mac_address
Syntax Description
mac_address
Client MAC address.
Command Default
None.
Examples
This example shows how to display the roaming history of a specified client:
> show client roam-history 00:14:6c:0a:57:77
show client summary
To display a summary of clients associated with a Cisco lightweight access point, use the show client summary command.
show client summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Usage Guidelines
The show client ap command may list the status of automatically disabled clients. Use the show exclusionlist command to display clients on the exclusion list (blacklisted).
Examples
This example shows how to display a summary of the active clients:
> show client summary
Number of Clients................................ 24
Number of PMIPV6 Clients......................... 200
MAC Address AP Name Status WLAN/GLAN/RLAN Auth Protocol Port Wired PMIPV6
----------------- ----------------- ------------- -------------- ---- ---------------- ---- ----- ------
00:00:15:01:00:01 NMSP-TalwarSIM1-2 Associated 1 Yes 802.11a 13 No Yes
00:00:15:01:00:02 NMSP-TalwarSIM1-2 Associated 1 Yes 802.11a 13 No No
00:00:15:01:00:03 NMSP-TalwarSIM1-2 Associated 1 Yes 802.11a 13 No Yes
00:00:15:01:00:04 NMSP-TalwarSIM1-2 Associated 1 Yes 802.11a 13 No No
Related Commands
show client summary guest-lan
show client summary guest-lan
To display the active wired guest LAN clients, use the show client summary guest-lan command.
show client summary guest-lan
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display a summary of the active wired guest LAN clients:
> show client summary guest-lan
Number of Clients................................ 1
MAC Address AP Name Status WLAN Auth Protocol Port Wired
----------- --------- ---------- ---- ---- -------- ---- -----
00:16:36:40:ac:58 N/A Associated 1 No 802.3 1 Yes
Related Commands
show client summary
show client tsm
To display the client traffic stream metrics (TSM) statistics, use the show client tsm command.
show client tsm 802.11{
a |
b}
client_mac {
ap_mac |
all}
Syntax Description
802.11a
Specifies the 802.11a network.
802.11b
Specifies the 802.11 b/g network.
client_mac
MAC address of the client.
ap_mac
MAC address of the tsm access point.
all
Specifies the list of all access points to which the client has associations.
Command Default
None.
Examples
This example shows how to display the client’s TSM for the 802.11a network:
> show client tsm 802.11a xx:xx:xx:xx:xx:xx all
AP Interface MAC: 00:0b:85:01:02:03
Client Interface Mac: 00:01:02:03:04:05
Measurement Duration: 90 seconds
Timestamp 1st Jan 2006, 06:35:80
UpLink Stats
================
Average Delay (5sec intervals)............................35
Delay less than 10 ms.....................................20
Delay bet 10 - 20 ms......................................20
Delay bet 20 - 40 ms......................................20
Delay greater than 40 ms..................................20
Total packet Count.........................................80
Total packet lost count (5sec).............................10
Maximum Lost Packet count(5sec)............................5
Average Lost Packet count(5secs)...........................2
DownLink Stats
================
Average Delay (5sec intervals)............................35
Delay less than 10 ms.....................................20
Delay bet 10 - 20 ms......................................20
Delay bet 20 - 40 ms......................................20
Delay greater than 40 ms..................................20
Total packet Count.........................................80
Total packet lost count (5sec).............................10
Maximum Lost Packet count(5sec)............................5
Average Lost Packet count(5secs)...........................2
Related Commands
show client ap
show client detail
show client summary
show client username
To display the client data by the username, use the show client username command.
show client username username
Syntax Description
username
Client’s username.
Command Default
None.
Examples
This example shows how to display the detailed information for a client by name:
> show client username IT_007
MAC Address AP ID Status WLAN Id Authenticated
----------------- ------ ------------- --------- -------------
xx:xx:xx:xx:xx:xx 1 Associated 1 No
Related Commands
show client ap
show client detail
show client summary
show client voice-diag
To display voice diagnostics statistics, use the show client voice-diag command.
show client voice-diag {
quos-map |
roam-history |
rssi |
status |
tspec}
Syntax Description
quos-map
Displays information about the QoS/DSCP mapping and packet statistics in each of the four queues: VO, VI, BE, BK. The different DSCP values are also displayed.
roam-history
Displays information about the last 3 roaming history. The output contains the Timestamp, access point associated with roaming, roaming reason, and if there is a roaming failure, reason for roaming-failure.
rssi
Displays the client’s RSSI values in the last 5 seconds when voice diagnostics are enabled.
status
Displays status of voice diagnostics for clients.
tspec
Displays TSPEC for voice diagnostic clients.
Command Default
None.
Examples
Examples
This example shows how to display the status of voice diagnostics for clients:
> show client voice-diag status
Voice Diagnostics Status: FALSE
Related Commands
show client ap
show client detail
show client summary
debug voice-diag
show flow exporter
To display the details or the statistics of the flow exporter, use the show flow exporter command.
show flow exporter {
summary |
statistics}
Syntax Description
summary
Displays summary of flow exporter.
statistics
Displays the statistics of flow exporters such as number of records sent, time when the last record was sent.
Command Default
None.
Examples
This example shows how to display the flow exporter details:
> show flow exporter summary
Exporter-Name Exporter-IP Port
============= =========== =====
expo1 9.9.120.115 800
Related Commands
show flow monitor
config flow
config wlan flow
show flow monitor summary
To display the details of the NetFlow monitor, use the show flow monitor summary command.
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Usage Guidelines
Netflow record monitoring and export are used for integration with an NMS or any Netflow analysis tool.
Examples
This example shows how to display the details of the NetFlow monitor:
> show flow monitor summary
Monitor-Name Exporter-Name Exporter-IP Port Record Name
============ ============= =========== ==== ===========
mon1 expo1 9.9.120.115 800 ipv4_client_app_flow_record
Related Commands
show flow exporter
config flow
config wlan flow
Show mDNS Commands
Use the show mdns commands to display information about Multicast DNS (mDNS).
To display mDNS profile information, use the show mdns profile command.
show mdns profile {
summary |
detailed profile-name}
Syntax Description
summary
Displays the summary of the mDNS profiles.
detailed
Displays details of an mDNS profile.
profile-name
Name of the mDNS profile.
Command Default
None.
Examples
This example shows how to display the summary of all the mDNS profiles:
> show mdns profile summary
Number of Profiles............................... 2
ProfileName No. Of Services
-------------------------------- ---------------
default-mdns-profile 5
profile1 2
This example shows how to display the detailed information of an mDNS profile:
> show mdns profile detailed default-mdns-profile
Profile Name..................................... default-mdns-profile
Profile Id....................................... 1
No of Services................................... 5
Services......................................... AirPrint
AppleTV
HP_Photosmart_Printer_1
HP_Photosmart_Printer_2
Printer
No. Interfaces Attached.......................... 0
No. Interface Groups Attached.................... 0
No. Wlans Attached............................... 1
Wlan Ids......................................... 1
Related Commands
config mdns query interval
config mdns service
config mdns snooping
config interface mdns-profile
config interface group mdns-profile
config wlan mdns
config mdns profile
show mnds service
clear mdns service-database
debug mdns all
debug mdns error
debug mdns detail
debug mdns message
show mnds service
To display mDNS service information, use the show mnds service command.
show mnds service {
summary |
detailed service-name}
Syntax Description
summary
Displays the summary of all mDNS services.
detailed
Displays details of an mDNS service.
service-name
Name of the mDNS service.
Command Default
None.
Examples
This example shows how to display the summary of the mDNS services:
> show mnds service summary
Number of Services............................... 5
Service-Name Service-string
-------------------------------- ---------------
AirPrint _ipp._tcp.local.
AppleTV _airplay._tcp.local.
HP_Photosmart_Printer_1 _universal._sub._ipp._tcp.local.
HP_Photosmart_Printer_2 _cups._sub._ipp._tcp.local.
Printer _printer._tcp.local.
This example shows how to display the details of an mDNS service:
> show mnds service detailed AirPrint
Service Name..................................... AirPrint
Service Id....................................... 1
Service query status............................. Enabled
Number of Profiles............................... 2
Profile.......................................... student-profile
guest-profile
Number of Service Providers ..................... 2
Service Provider MAC-Address VLAN Type
---------------- ----------- ------- ----
user1 60:33:4b:2b:a6:9a 104 Wired
laptopa 00:21:1b:ea:36:60 105 Wireless
Related Commands
config mdns query interval
config mdns service
config mdns snooping
config interface mdns-profile
config interface group mdns-profile
config wlan mdns
show mdns profile
config mdns profile
clear mdns service-database
debug mdns all
debug mdns error
debug mdns detail
debug mdns message
Show Radio Frequency ID Commands
Use the show rfid commands to display radio frequency ID settings.
To display the radio frequency identification (RFID) tags that are associated to the controller as clients, use the show rfid client command.
show rfid client
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Usage Guidelines
When the RFID tag is not in client mode, the above fields are blank.
Examples
This example shows how to display the RFID tag that is associated to the controller as clients:
> show rfid client
------------------ -------- --------- ----------------- ------ ----------------
Heard
RFID Mac VENDOR Sec Ago Associated AP Chnl Client State
------------------ -------- --------- ----------------- ------ ----------------
00:14:7e:00:0b:b1 Pango 35 AP0019.e75c.fef4 1 Probing
Related Commands
config rfid status
config rfid timeout
show rfid config
show rfid detail
show rfid summary
show rfid config
To display the current radio frequency identification (RFID) configuration settings, use the show rfid config command.
show rfid config
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the current RFID configuration settings:
> show rfid config
RFID Tag Data Collection ............................... Enabled
RFID Tag Auto-Timeout .................................. Enabled
RFID Client Data Collection ............................ Disabled
RFID Data Timeout ...................................... 200 seconds
Related Commands
config rfid status
config rfid timeout
show rfid client
show rfid detail
show rfid summary
show rfid detail
To display detailed radio frequency identification (RFID) information for a specified tag, use the show rfid detail command.
show rfid detail mac_address
Syntax Description
mac_address
MAC address of an RFID tag.
Command Default
None.
Examples
This example shows how to display detailed RFID information:
To display a summary of the radio frequency identification (RFID) information for a specified tag, use the show rfid summary command.
show rfid summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display a summary of RFID information:
> show rfid summary
Total Number of RFID : 5
----------------- -------- ------------------ ------ ---------------------
RFID ID VENDOR Closest AP RSSI Time Since Last Heard
----------------- -------- ------------------ ------ ---------------------
00:04:f1:00:00:04 Wherenet ap:1120 -51 858 seconds ago
00:0c:cc:5c:06:d3 Aerosct ap:1120 -51 68 seconds ago
00:0c:cc:5c:08:45 Aerosct AP_1130 -54 477 seconds ago
00:0c:cc:5c:08:4b Aerosct wolverine -54 332 seconds ago
00:0c:cc:5c:08:52 Aerosct ap:1120 -51 699 seconds ago
Related Commands
config rfid status
config rfid timeout
show rfid client
show rfid detail
show rfid config
Other Show Commands
This section lists the other show commands to display controller settings.
To display the kernel Address Resolution Protocol (ARP) cache information, use the show arp kernel command.
show arp kernel
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display kernel ARP cache information:
> show arp kernel
IP address HW type Flags HW address Mask Device
192.0.2.1 0x1 0x2 00:1A:6C:2A:09:C2 * dtl0
192.0.2.8 0x1 0x6 00:1E:E5:E6:DB:56 * dtl0
Related Commands
clear arp
debug arp
show route kernel
show arp switch
To display the Cisco wireless LAN controller MAC addresses, IP addresses, and port types, use the show arp switch command.
show arp switch
Syntax Description
This command has no arguments or keywords.
Examples
This example shows how to display Address Resolution Protocol (ARP) cache information for the switch:
> show arp switch
MAC Address IP Address Port VLAN Type
------------------- ---------------- ------------ ---- -------------------
xx:xx:xx:xx:xx:xx xxx.xxx.xxx.xxx service port 1
xx:xx:xx:xx:xx:xx xxx.xxx.xxx.xxx service port
xx:xx:xx:xx:xx:xx xxx.xxx.xxx.xxx service port
Related Commands
clear arp
debug arp
show arp kernel
show boot
To display the primary and backup software build numbers with an indication of which is active, use the show boot command.
show boot
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Usage Guidelines
Each Cisco wireless LAN controller retains one primary and one backup operating system software load in nonvolatile RAM to allow controllers to boot off the primary load (default) or revert to the backup load when desired.
Examples
This example shows how to display the default boot image information:
To display band selection information, use the show band-select command.
show band-select
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to
display band selection information:
> show band-select
Band Select Probe Response....................... per WLAN enabling
Cycle Count................................... 3 cycles
Cycle Threshold............................... 200 milliseconds
Age Out Suppression........................... 20 seconds
Age Out Dual Band............................. 60 seconds
Client RSSI................................... -80 dBm
Related Commands
config band-select
config wlan band-select
show buffers
To display buffer information of the controller, use the show buffers command.
show buffers
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to
display buffer information of the controller:
> show buffers
Pool[00]: 16 byte chunks
chunks in pool: 50000
chunks in use: 9196
bytes in use: 147136
bytes requested: 73218 (73918 overhead bytes)
Pool[01]: 64 byte chunks
chunks in pool: 50100
chunks in use: 19222
bytes in use: 1230208
bytes requested: 729199 (501009 overhead bytes)
Pool[02]: 128 byte chunks
chunks in pool: 26200
chunks in use: 9861
bytes in use: 1262208
bytes requested: 848732 (413476 overhead bytes)
Pool[03]: 256 byte chunks
chunks in pool: 3000
chunks in use: 596
bytes in use: 152576
bytes requested: 93145 (59431 overhead bytes)
Pool[04]: 384 byte chunks
chunks in pool: 6000
chunks in use: 258
bytes in use: 99072
bytes requested: 68235 (30837 overhead bytes)
Pool[05]: 512 byte chunks
chunks in pool: 18700
chunks in use: 18667
bytes in use: 9557504
bytes requested: 7933814 (1623690 overhead bytes)
Pool[06]: 1024 byte chunks
chunks in pool: 3500
chunks in use: 94
bytes in use: 96256
bytes requested: 75598 (20658 overhead bytes)
Pool[07]: 2048 byte chunks
chunks in pool: 1000
chunks in use: 54
bytes in use: 110592
bytes requested: 76153 (34439 overhead bytes)
Pool[08]: 4096 byte chunks
chunks in pool: 1000
chunks in use: 47
bytes in use: 192512
bytes requested: 128258 (64254 overhead bytes)
Raw Pool:
chunks in use: 256
bytes requested: 289575125
show cdp
To display the status of Cisco Discovery Protocol (CDP) and view the details of the CDP protocol, use the show cdp command.
show cdp {
neighbors [
detail] |
entry all |
traffic}
Syntax Description
neighbors
Displays a list of all CDP neighbors on all interfaces.
detail
Displays detailed information of the controller’s CDP neighbors. This command shows only the CDP neighbors of the controller, it does not show the CDP neighbors of the controller’s associated access points.
entry all
Displays all CDP entries in the database.
traffic
Displays CDP traffic information.
Command Default
None.
Examples
This example shows how to
display the CDP traffic information:
> show cdp
CDP counters :
Total packets output: 0, Input: 0
Chksum error: 0
No memory: 0, Invalid packet: 0,
Related Commands
config cdp
config ap cdp
show ap cdp
show certificate lsc
To verify that the controller has generated a Locally Significant Certificate (LSC), use the show certificate lsc summary command.
show certificate lsc {
summary |
ap-provision}
Syntax Description
summary
Displays a summary of LSC certificate settings and certificates.
ap-provision
Displays details about the access points that are provisioned using the LSC.
Command Default
None.
Examples
This example shows how to display a summary of the LSC:
> show certificate lsc summary
LSC Enabled...................................... Yes
LSC CA-Server.................................... http://10.0.0.1:8080/caserver
LSC AP-Provisioning.............................. Yes
Provision-List............................... Not Configured
LSC Revert Count in AP reboots............... 3
LSC Params:
Country...................................... 4
State........................................ ca
City......................................... ss
Orgn......................................... org
Dept......................................... dep
Email........................................ dep@co.com
KeySize...................................... 390
LSC Certs:
CA Cert...................................... Not Configured
RA Cert...................................... Not Configured
This example shows how to display the details about the access points that are provisioned using the LSC:
> show certificate lsc ap-provision
LSC AP-Provisioning.............................. Yes
Provision-List................................... Present
Idx Mac Address
--- -------------
1 00:18:74:c7:c0:90
Related Commands
config certificate lsc
show certificate compatibility
config certificate
show certificate summary
show local-auth certificates
show certificate ssc
To view the Self Signed Device Certificate (SSC) and hash key of the virtual controller, use the show certificate ssc command.
show certificate ssc
Syntax Description
This command has no arguments or keywords.
Examples
This example shows how to display the SSC:
> show certificate ssc
SSC Hash validation.............................. Enabled.
SSC Device Certificate details:
Subject Name :
C=US, ST=California, L=San Jose, O=Cisco Virtual Wireless LAN Controller,
CN=DEVICE-vWLC-AIR-CTVM-K9-000C297F2CF7, MAILTO=support@vwlc.com
Validity :
Start : 2012 Jul 23rd, 15:47:53 GMT
End : 2022 Jun 1st, 15:47:53 GMT
Hash key : 5870ffabb15de2a617132bafcd73
Related Commands
show certificate ssc
show mobility group member
config certificate ssc
config mobility group member hash
show certificate summary
To verify that the controller has generated a certificate, use the show certificate summary command.
show certificate summary
Syntax Description
This command has no arguments or keywords.
Examples
This example shows how to display a summary of the certificate:
> show certificate summary
Web Administration Certificate................. Locally Generated
Web Authentication Certificate................. Locally Generated
Certificate compatibility mode:................ off
Related Commands
config certificate
config certificate lsc
show certificate lsc
show certificate compatibility
show local-auth certificate
show coredump summary
To display a summary of the controller’s core dump file, use the show coredump summary command.
show coredump summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the core dump summary:
> show coredump summary
Core Dump is enabled
FTP Server IP.................................... 10.10.10.17
FTP Filename..................................... file1
FTP Username..................................... ftpuser
FTP Password.................................. *********
Related Commands
config coredump
config coredump ftp
config coredump username
show cpu
To display current WLAN controller CPU usage information, use the show cpu command.
show cpu
Syntax Description
This command has no arguments or keywords.
Examples
This example shows how to display the current CPU usage information:
> show cpu
Current CPU load: 2.50%
show custom-web
To display web authentication customization information, use the show custom-web command.
show custom-web
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the web authentication customization information:
> show custom-web
Radius Authentication Method..................... PAP
Cisco Logo....................................... Enabled
CustomLogo....................................... None
Custom Title..................................... None
Custom Message................................... None
Custom Redirect URL.............................. None
External web authentication Mode................. Disabled
External web authentication URL.................. None
Related Commands
config custom-web weblogo
config custom-web webmessage
config custom-web webtitle
config custom-web weblogo
config custom-web ext-webauth-mode
config custom-web redirectUrl
config custom-web ext-webauth-type
config custom-web ext-webauth-url
show custom-web
show database summary
To display the maximum number of entries in the database, use the show database summary command.
show database summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display a summary of the local database configuration:
> show database summary
Maximum Database Entries......................... 2048
Maximum Database Entries On Next Reboot.......... 2048
Database Contents
MAC Filter Entries........................... 2
Exclusion List Entries....................... 0
AP Authorization List Entries................ 1
Management Users............................. 1
Local Network Users.......................... 1
Local Users.............................. 1
Guest Users.............................. 0
Total..................................... 5
Related Commands
config database size
show dhcp
To display the internal Dynamic Host Configuration Protocol (DHCP) server configuration, use the show dhcp command.
show dhcp {
leases |
summary |
scope}
Syntax Description
leases
Displays allocated DHCP leases.
summary
Displays DHCP summary information.
scope
Name of a scope to display the DHCP information for that scope.
Command Default
None.
Examples
This example shows how to display the allocated DHCP leases:
> show dhcp leases
No leases allocated.
This example shows how to display the DHCP summary information:
> show dhcp summary
Scope Name Enabled Address Range
003 No 0.0.0.0 -> 0.0.0.0
This example shows how to display the DHCP information for the scope 003:
> show dhcp 003
Enabled....................................... No
Lease Time.................................... 0
Pool Start.................................... 0.0.0.0
Pool End...................................... 0.0.0.0
Network....................................... 0.0.0.0
Netmask....................................... 0.0.0.0
Default Routers............................... 0.0.0.0 0.0.0.0 0.0.0.0
DNS Domain....................................
DNS........................................... 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers.......................... 0.0.0.0 0.0.0.0 0.0.0.0
Related Commands
config dhcp proxy
config dhcp timeout
config interface dhcp
config wlan dhcp server
debug dhcp
debug dhcp service-port
debug disable-all
config dhcp
show dhcp proxy
show dtls connections
To display the Datagram Transport Layer Security (DTLS) server status, use the show dtls connections command.
show dtls connections
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the established DTLS connections:
> show dtls connections
AP Name Local Port Peer IP Peer Port Ciphersuite
--------------- ------------- --------------- ------------- -----------------------
1130 Capwap_Ctrl 1.100.163.210 23678 TLS_RSA _WITH_AES_128_CBC_SHA
1130 Capwap_Data 1.100.163.210 23678 TLS_RSA _WITH_AES_128_CBC_SHA
1240 Capwap_Ctrl 1.100.163.209 59674 TLS_RSA _WITH_AES_128_CBC_SHA
show dhcp proxy
To display the status of DHCP proxy handling, use the show dhcp proxy command.
show dhcp proxy
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the status of DHCP proxy information:
> show dhcp proxy
DHCP Proxy Behavior: enabled
Related Commands
config dhcp proxy
config dhcp timeout
config interface dhcp
config wlan dhcp_server
debug dhcp
debug dhcp service-port
debug disable-all
show dhcp
config dhcp
show dhcp timeout
To display the DHCP timeout value, use the show dhcp timeout command.
show dhcp timeout
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the DHCP timeout value:
> show dhcp timeout
DHCP Timeout (seconds)................. 10
Related Commands
config dhcp proxy
config dhcp
config interface dhcp
config wlan dhcp_server
debug dhcp
debug dhcp service-port
debug disable-all
show dhcp
show dhcp proxy
show guest-lan
To display the configuration of a specific wired guest LAN, use the show guest-lan command.
show guest-lan guest_lan_id
Syntax Description
guest_lan_id
ID of selected wired guest LAN.
Command Default
None.
Usage Guidelines
To display all wired guest LANs configured on the controller, use the show guest-lan summary command.
Examples
This example shows how to display the guest LAN configuration:
> show guest-lan 2
Guest LAN Identifier........................... 1
Profile Name................................... guestlan
Network Name (SSID)............................ guestlan
Status......................................... Enabled
AAA Policy Override............................ Disabled
Number of Active Clients....................... 1
Exclusionlist Timeout.......................... 60 seconds
Session Timeout................................ Infinity
Interface...................................... wired
Ingress Interface.............................. wired-guest
WLAN ACL....................................... unconfigured
DHCP Server.................................... 10.20.236.90
DHCP Address Assignment Required............... Disabled
Quality of Service............................. Silver (best effort)
Security
Web Based Authentication................... Enabled
ACL........................................ Unconfigured
Web-Passthrough............................ Disabled
Conditional Web Redirect................... Disabled
Auto Anchor................................ Disabled
Mobility Anchor List
GLAN ID IP Address Status
Related Commands
config guest-lan
config guest-lan custom-web ext-webauth-url
config guest-lan custom-web global disable
config guest-lan custom-web login_page
config guest-lan nac
config guest-lan security
show invalid-config
To see any ignored commands or invalid configuration values in an edited configuration file, use the show invalid-config command.
show invalid-config
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Usage Guidelines
You can execute this command only before the clear config or save config command.
Examples
This example shows how to display a list of any ignored commands or invalid configuration values in a configuration file:
> show invalid-config
config wlan peer-blocking drop 3
config wlan dhcp_server 3 192.168.0.44 required
show inventory
To display a physical inventory of the Cisco wireless LAN controller, use the show inventory command.
show inventory
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Usage Guidelines
Some wireless LAN controllers may have no crypto accelerator (VPN termination module) or power supplies listed because they have no provisions for VPN termination modules or power supplies.
Examples
This example shows how to display a physical inventory of the controller:
> show inventory
Switch Description............................... Cisco Controller
Machine Model.................................... WLC4404-100
Serial Number.................................... FLS0923003B
Burned-in MAC Address............................ 00:0B:85:32:AB:60
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Related Commands
show ap inventory
show license agent
To display the license agent counter and session information on the Cisco 5500 Series Controller, use the show license agent command.
show license agent {
counters |
sessions}
Syntax Description
counters
Displays license agent counter information.
sessions
Displays session information.
Command Default
None.
Examples
This example shows how to display the license agent counters information:
> show license agent counters
License Agent Counters
Request Messages Received:0: Messages with Errors:0
Request Operations Received:0: Operations with Errors:0
Notification Messages Sent:0: Transmission Errors:0: Soap Errors:0
This example shows how to display the license agent sessions information:
> show license agent sessions
License Agent Sessions: 0 open, maximum is 9
Related Commands
config license agent
clear license agent
show license all
show license detail
show license feature
show license image-level
show license summary
show license all
To display information for all licenses on the Cisco 5500 Series Controller, use the show license all command.
show license all
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display all the licenses:
> show license all
License Store: Primary License Storage
StoreIndex: 0 Feature: wplus-ap-count Version: 1.0
License Type: Permanent
License State: Inactive
License Count: 12/0/0
License Priority: Medium
StoreIndex: 1 Feature: base Version: 1.0
License Type: Permanent
License State: Active, Not in Use
License Count: Non-Counted
License Priority: Medium
StoreIndex: 2 Feature: wplus Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
License Store: Evaluation License Storage
StoreIndex: 0 Feature: wplus Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 6 weeks 6 days
License Count: Non-Counted
License Priority: Low
StoreIndex: 1 Feature: wplus-ap-count Version: 1.0
License Type: Evaluation
License State: Active, In Use
Evaluation total period: 8 weeks 4 days
Evaluation period left: 2 weeks 3 days
Expiry date: Thu Jun 25 18:09:43 2009
License Count: 250/250/0
License Priority: High
StoreIndex: 2 Feature: base Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Count: Non-Counted
License Priority: Low
StoreIndex: 3 Feature: base-ap-count Version: 1.0
License Type: Evaluation
License State: Active, Not in Use, EULA accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 3 days
License Count: 250/0/0
License Priority: Low
Related Commands
license install
show license agent
show license detail
show license feature
show license image-level
show license summary
license modify priority
show license capacity
To display the maximum number of access points allowed for this license on the Cisco 5500 Series Controller, the number of access points currently joined to the controller, and the number of access points that can still join the controller, use the show license capacity command.
show license capacity
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the license capacity:
> show license capacity
Licensed Feature Max Count Current Count Remaining Count
-----------------------------------------------------------------------
AP Count 250 47 203
Related Commands
license install
show license all
show license detail
show license feature
show license image-level
show license summary
license modify priority
show license evaluation
show license detail
To display details of a specific license on the Cisco 5500 Series Controller, use the show license detail command.
show license detail license-name
Syntax Description
license-name
Name of a specific license.
Command Default
None.
Examples
This example shows how to display the license details:
> show license detail wplus
Feature: wplus Period left: Life time
Index: 1 Feature: wplus Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Store Index: 2
Store Name: Primary License Storage
Index: 2 Feature: wplus Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 6 weeks 6 days
License Count: Non-Counted
License Priority: Low
Store Index: 0
Related Commands
license install
show license agent
show license all
show license feature
show license image-level
show license summary
license modify priority
show license expiring
To display details of expiring licenses on the Cisco 5500 Series Controller, use the show license expiring command.
show license expiring
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the details of the expiring licenses:
> show license expiring
StoreIndex: 0 Feature: wplus Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 6 weeks 6 days
License Count: Non-Counted
License Priority: Low
StoreIndex: 1 Feature: wplus-ap-count Version: 1.0
License Type: Evaluation
License State: Active, In Use
Evaluation total period: 8 weeks 4 days
Evaluation period left: 2 weeks 3 days
Expiry date: Thu Jun 25 18:09:43 2009
License Count: 250/250/0
License Priority: High
StoreIndex: 2 Feature: base Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Count: Non-Counted
License Priority: Low
StoreIndex: 3 Feature: base-ap-count Version: 1.0
License Type: Evaluation
License State: Active, Not in Use, EULA accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 3 days
License Count: 250/0/0
License Priority: Low
Related Commands
license install
show license all
show license detail
show license in-use
show license summary
license modify priority
show license evaluation
show license evaluation
To display details of evaluation licenses on the Cisco 5500 Series Controller, use the show license evaluation command.
show license evaluation
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the details of the evaluation licenses:
> show license evaluation
StoreIndex: 0 Feature: wplus Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 6 weeks 6 days
License Count: Non-Counted
License Priority: Low
StoreIndex: 1 Feature: wplus-ap-count Version: 1.0
License Type: Evaluation
License State: Active, In Use
Evaluation total period: 8 weeks 4 days
Evaluation period left: 2 weeks 3 days
Expiry date: Thu Jun 25 18:09:43 2009
License Count: 250/250/0
License Priority: High
StoreIndex: 2 Feature: base Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Count: Non-Counted
License Priority: Low
StoreIndex: 3 Feature: base-ap-count Version: 1.0
License Type: Evaluation
License State: Active, Not in Use, EULA accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 3 days
License Count: 250/0/0
License Priority: Low
Related Commands
license install
show license all
show license detail
show license expiring
show license in-use
show license summary
license modify priority
show license feature
To display a summary of license-enabled features on the Cisco 5500 Series Controller, use the show license feature command.
show license feature
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the license-enabled features:
> show license feature
Feature name Enforcement Evaluation Clear Allowed Enabled
wplus yes yes yes yes
wplus-ap-count yes yes yes yes
base no yes yes no
base-ap-count yes yes yes no
Related Commands
license install
show license all
show license detail
show license expiring
show license image-level
show license in-use
show license summary
show license modify priority
show license evaluation
show license file
To display a summary of license-enabled features on the Cisco 5500 Series Controller, use the show license file command.
show license file
Syntax Description
This command has no arguments or keywords.
Examples
This example shows how to display the license files:
> show license file
License Store: Primary License Storage
Store Index: 0
License: 11 wplus-ap-count 1.0 LONG NORMAL STANDALONE EXCL 12_KEYS INFINIT
E_KEYS NEVER NEVER NiL SLM_CODE CL_ND_LCK NiL *1AR5NS7M5AD8PPU400
NiL NiL NiL 5_MINS <UDI><PID>AIR-CT5508-K9</PID><SN>RFD000P2D27<
/SN></UDI> Pe0L7tv8KDUqo:zlPe423S5wasgM8G,tTs0i,7zLyA3VfxhnIe5aJa
m63lR5l8JM3DPkr4O2DI43iLlKn7jomo3RFl1LjMRqLkKhiLJ2tOyuftQSq2bCAO6
nR3wIb38xKi3t$<WLC>AQEBIQAB//++mCzRUbOhw28vz0czAY0iAm7ocDLUMb9ER0
+BD3w2PhNEYwsBN/T3xXBqJqfC+oKRqwInXo3s+nsLU7rOtdOxoIxYZAo3LYmUJ+M
FzsqlhKoJVlPyEvQ8H21MNUjVbhoN0gyIWsyiJaM8AQIkVBQFzhr10GYolVzdzfJf
EPQIx6tZ++/Vtc/q3SF/5Ko8XCY=</WLC>
Comment:
Hash: iOGjuLlXgLhcTB113ohIzxVioHA=
. . .
Related Commands
license install
show license all
show license detail
show license expiring
show license feature
show license image-level
show license in-use
show license summary
show license evaluation
show license handle
To display the license handles on the Cisco 5500 Series Controller, use the show license handle command.
show license handle
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the license handles:
To display the license image level that is in use on the Cisco 5500 Series Controller, use the show license image-level command.
show license image-level
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the image level license settings:
> show license image-level
Module name Image level Priority Configured Valid license
wnbu wplus 1 YES wplus
base 2 NO
NOTE: wplus includes two additional features: Office Extend AP, Mesh AP.
Related Commands
license install
show license all
show license detail
show license expiring
show license feature
license modify priority
show license in-use
show license summary
show license in-use
To display the licenses that are in use on the Cisco 5500 Series Controller, use the show license in-use command.
show license in-use
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the licenses that are in use:
> show license in-use
StoreIndex: 2 Feature: wplus Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
StoreIndex: 1 Feature: wplus-ap-count Version: 1.0
License Type: Evaluation
License State: Active, In Use
Evaluation total period: 8 weeks 4 days
Evaluation period left: 2 weeks 3 days
Expiry date: Thu Jun 25 18:09:43 2009
License Count: 250/250/0
License Priority: High
Related Commands
license install
show license all
show license detail
show license expiring
show license feature
show license image-level
show license modify priority
show license summary
show license permanent
show license evaluation
show license permanent
To display the permanent licenses on the Cisco 5500 Series Controller, use the show license permanent command.
show license permanent
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the permanent license’s information:
> show license permanent
StoreIndex: 0 Feature: wplus-ap-count Version: 1.0
License Type: Permanent
License State: Inactive
License Count: 12/0/0
License Priority: Medium
StoreIndex: 1 Feature: base Version: 1.0
License Type: Permanent
License State: Active, Not in Use
License Count: Non-Counted
License Priority: Medium
StoreIndex: 2 Feature: wplus Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Related Commands
license install
show license all
show license detail
show license expiring
show license feature
show license image-level
show license in-use
show license summary
license modify priority
show license evaluation
show license status
To display the license status on the Cisco 5500 Series Controller, use the show license status command.
show license status
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the license status:
> show license status
License Type Supported
permanent Non-expiring node locked license
extension Expiring node locked license
evaluation Expiring non node locked license
License Operation Supported
install Install license
clear Clear license
annotate Comment license
save Save license
revoke Revoke license
Device status
Device Credential type: DEVICE
Device Credential Verification: PASS
Rehost Type: DC_OR_IC
Related Commands
license install
show license all
show license detail
show license expiring
show license feature
show license image-level
show license in-use
show license summary
license modify priority
show license evaluation
show license statistics
To display license statistics on the Cisco 5500 Series Controller, use the show license statistics command.
show license statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the license statistics:
> show license statistics
Administrative statistics
Install success count: 0
Install failure count: 0
Install duplicate count: 0
Comment add count: 0
Comment delete count: 0
Clear count: 0
c Save count: 0
Save cred count: 0
Client status
Request success count 2
Request failure count 0
Release count 0
Global Notify count 0
Related Commands
license install
show license all
show license detail
show license expiring
show license feature
show license image-level
show license in-use
show license summary
license modify priority
show license evaluation
show license summary
To display a brief summary of all licenses on the Cisco 5500 Series Controller, use the show license summary command.
show license summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display a brief summary of all licenses:
> show license summary
Index 1 Feature: wplus
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: wplus-ap-count
Period left: 2 weeks 3 days
License Type: Evaluation
License State: Active, In Use
License Count: 250/250/0
License Priority: High
Index 3 Feature: base
Period left: Life time
License Type: Permanent
License State: Active, Not in Use
License Count: Non-Counted
License Priority: Medium
Index 4 Feature: base-ap-count
Period left: 8 weeks 3 days
License Type: Evaluation
License State: Active, Not in Use, EULA accepted
License Count: 250/0/0
License Priority: Low
Related Commands
license install
show license all
show license detail
show license expiring
show license feature
show license image-level
show license in-use
show license permanent
license modify priority
show license evaluation
show license udi
To display unique device identifier (UDI) values for licenses on the Cisco 5500 Series Controller, use the show license udi command.
show license udi
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the UDI values for licenses:
> show license udi
Device# PID SN UDI
-------------------------------------------------------------------------------------
*0 AIR-CT5508-K9 RFD000P2D27 AIR-CT5508-K9:RFD000P2D27
Related Commands
license install
show license all
show license detail
show license expiring
show license feature
show license image-level
show license in-use
show license summary
license modify priority
show license evaluation
show load-balancing
To display the status of the load-balancing feature, use the show load-balancing command.
show load-balancing
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the load-balancing status:
> show load-balancing
Aggressive Load Balancing........................ Enabled
Aggressive Load Balancing Window................. 0 clients
Aggressive Load Balancing Denial Count........... 3
Statistics
Total Denied Count............................... 10 clients
Total Denial Sent................................ 20 messages
Exceeded Denial Max Limit Count.................. 0 times
None 5G Candidate Count.......................... 0 times
None 2.4G Candidate Count..................... 0 times
Related Commands
config load-balancing
show logging
To display the syslog facility logging parameters and buffer contents, use the show logging command.
show logging
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the current settings and buffer content details:
> show logging
Logging to buffer :
- Logging of system messages to buffer :
- Logging filter level.......................... errors
- Number of system messages logged.............. 67227
- Number of system messages dropped............. 21136
- Logging of debug messages to buffer ........... Disabled
- Number of debug messages logged............... 0
- Number of debug messages dropped.............. 0
Logging to console :
- Logging of system messages to console :
- Logging filter level.......................... errors
- Number of system messages logged.............. 0
- Number of system messages dropped............. 88363
- Logging of debug messages to console .......... Enabled
- Number of debug messages logged............... 0
- Number of debug messages dropped.............. 0
Logging to syslog :
- Syslog facility................................ local0
- Logging of system messages to syslog :
- Logging filter level.......................... errors
- Number of system messages logged.............. 67227
- Number of system messages dropped............. 21136
- Logging of debug messages to syslog ........... Disabled
- Number of debug messages logged............... 0
- Number of debug messages dropped.............. 0
- Number of remote syslog hosts.................. 0
- Host 0....................................... Not Configured
- Host 1....................................... Not Configured
- Host 2....................................... Not Configured
Logging of traceback............................. Disabled
Logging of process information................... Disabled
Logging of source file informational............. Enabled
Timestamping of messages.........................
- Timestamping of system messages................ Enabled
- Timestamp format.............................. Date and Time
- Timestamping of debug messages................. Enabled
- Timestamp format.............................. Date and Time
Logging buffer (67227 logged, 21136 dropped)
*Apr 03 09:48:01.728: %MM-3-INVALID_PKT_RECVD: mm_listen.c:5508 Received an invalid
packet from 1.100.163.51. Source member:0.0.0.0. source member unknown.
*Apr 03 09:47:34.194: %LWAPP-3-DECODE_ERR: spam_lrad.c:1271 Error decoding discovery
request from AP 00:13:5f:0e:d4:20
*Apr 03 09:47:34.194: %LWAPP-3-DISC_OTAP_ERR: spam_lrad.c:5554 Ignoring OTAP discovery
request from AP 00:13:5f:0e:d4:20, OTAP is disabled
Previous message occurred 2 times.
Related Commands
config logging syslog host
config logging syslog facility
config logging syslog level
show loginsession
To display the existing sessions, use the show loginsession command.
show loginsession
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the current session details:
> show loginsession
ID username Connection From Idle Time Session Time
-- --------------- --------------- ------------ ------------
00 admin EIA-232 00:00:00 00:19:04
Related Commands
config loginsession close
show mgmtuser
To display the local management user accounts on the Cisco wireless LAN controller, use the show mgmtuser command.
show mgmtuser
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display a list of management users:
> show mgmtuser
User Name Permissions Description Password Strength
----------------------- ------------ -------------- ------------------
admin read-write Weak
Related Commands
config mgmtuser add
config mgmtuser delete
config mgmtuser description
config mgmtuser password
show netuser
To display the configuration of a particular user in the local user database, use show netuser command.
show netuser {
detail user_name |
guest-roles |
summary}
Syntax Description
detail
Displays detailed information about the specified network user.
user_name
Network user.
guest_roles
Displays configured roles for guest users.
summary
Displays a summary of all users in the local user database.
Command Default
None.
Examples
This example shows how to display a summary of all users in the local user database:
> show netuser summary
Maximum logins allowed for a given username ........Unlimited
This example shows how to display detailed information on the specified network user:
> show netuser detail john10
username........................................... abc
WLAN Id............................................. Any
Lifetime............................................ Permanent
Description......................................... test user
Related Commands
config netuser add
config netuser delete
config netuser description
config netuser guest-role apply
config netuser wlan-id
config netuser guest-roles
show netuser guest-roles
To display a list of the current quality of service (QoS) roles and their bandwidth parameters, use the show netuser guest-roles command.
show netuser guest-roles
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display a QoS role for the guest network user:
> show netuser guest-roles
Role Name.............................. Contractor
Average Data Rate.................. 10
Burst Data Rate.................... 10
Average Realtime Rate.............. 100
Burst Realtime Rate................ 100
Role Name.............................. Vendor
Average Data Rate.................. unconfigured
Burst Data Rate.................... unconfigured
Average Realtime Rate.............. unconfigured
Burst Realtime Rate................ unconfigured
Related Commands
config netuser add
config netuser delete
config netuser description
config netuser guest-role apply
config netuser wlan-id
show netuser guest-roles
show netuser
show network
To display the current status of 802.3 bridging for all WLANs, use the show network command.
show network
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the network details:
> show network
Related Commands
config network
show network summary
show network multicast mgid detail
show network multicast mgid summary
show network summary
To display the network configuration of the Cisco wireless LAN controller, use the show network summary command.
show network summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display a summary configuration:
> show network summary
RF-Network Name............................. RF
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Enable
Ethernet Multicast Mode..................... Disable Mode: Ucast
Ethernet Broadcast Mode..................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
MLD snooping................................ Disabled
MLD timeout................................. 60 seconds
MLD query interval.......................... 20 seconds
User Idle Timeout........................... 300 seconds
AP Join Priority............................ Disable
ARP Idle Timeout............................ 300 seconds
ARP Unicast Mode............................ Disabled
Cisco AP Default Master..................... Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Over The Air Provisioning of AP's........... Enable
Apple Talk ................................. Disable
Mesh Full Sector DFS........................ Enable
AP Fallback ................................ Disable
Web Auth CMCC Support ...................... Disabled
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Web Auth Captive-Bypass .................. Disable
Web Auth Secure Web ....................... Enable
Fast SSID Change ........................... Disabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
CCX-lite status ............................ Disable
oeap-600 dual-rlan-ports ................... Disable
oeap-600 local-network ..................... Enable
mDNS snooping............................... Disabled
mDNS Query Interval......................... 15 minutes
Related Commands
config network
show network multicast mgid summary
show network multicast mgid detail
show network
show network multicast mgid detail
To display all the clients joined to the multicast group in a specific multicast group identification (MGID), use the show network multicast mgid detail command.
show network multicast mgid detail mgid_value
Syntax Description
mgid_value
Number between 550 and 4095.
Command Default
None.
Examples
This example shows how to display details of the multicast database:
> show network multicast mgid detail
Mgid ............................... 550
Multicast Group Address ............ 239.255.255.250
Vlan ............................... 0
Rx Packet Count .................... 807399588
No of clients ...................... 1
Client List ........................
Client MAC Expire TIme (mm:ss)
00:13:02:23:82:ad 0:20
Related Commands
show network summary
show network multicast mgid detail
show network
show network multicast mgid summary
To display all the multicast groups and their corresponding multicast group identifications (MGIDs), use the show network multicast mgid summary command.
show network multicast mgid summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display a summary of multicast groups and their MGIDs:
> show network multicast mgid summary
Layer2 MGID Mapping:
-------------------
InterfaceName vlanId MGID
----------------------------- ------ -----
management 0 0
test 0 9
wired 20 8
Layer3 MGID Mapping:
-------------------
Number of Layer3 MGIDs ................ 1
Group address Vlan MGID
------------------ ----- ------
239.255.255.250 0 550
Related Commands
show network summary
show network multicast mgid detail
show network
show nmsp notify-interval summary
To display the Network Mobility Services Protocol (NMSP) configuration settings, use the show nmsp notify-interval summary command.
show nmsp notify-interval summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display NMSP configuration settings:
To display Network Mobility Services Protocol (NMSP) counters, use the show nmsp statistics command.
show nmsp statistics {
summary |
connection all}
Syntax Description
summary
Displays common NMSP counters.
connection all
Displays all connection-specific counters.
Command Default
None.
Examples
This example shows how to display a summary of common NMSP counters:
> show nmsp statistics summary
Send RSSI with no entry: 0
Send too big msg: 0
Failed SSL write: 0
Partial SSL write: 0
SSL write attempts to want write:
Transmit Q full:0
Max Measure Notify Msg: 0
Max Info Notify Msg: 0
Max Tx Q Size: 2
Max Rx Size: 1
Max Info Notify Q Size: 0
Max Client Info Notify Delay: 0
Max Rogue AP Info Notify Delay: 0
Max Rogue Client Info Notify Delay: 0
Max Client Measure Notify Delay: 0
Max Tag Measure Notify Delay: 0
Max Rogue AP Measure Notify Delay: 0
Max Rogue Client Measure Notify Delay: 0
Max Client Stats Notify Delay: 0
Max Tag Stats Notify Delay: 0
RFID Measurement Periodic : 0
RFID Measurement Immediate : 0
Reconnect Before Conn Timeout: 0
This example shows how to display all the connection-specific NMSP counters:
> show nmsp statistics connection all
NMSP Connection Counters
Connection 1 :
Connection status: UP
Freed Connection: 0
Nmsp Subscr Req: 0 NMSP Subscr Resp: 0
Info Req: 1 Info Resp: 1
Measure Req: 2 Measure Resp: 2
Stats Req: 2 Stats Resp: 2
Info Notify: 0 Measure Notify: 0
Loc Capability: 2
Location Req: 0 Location Rsp: 0
Loc Subscr Req: 0 Loc Subscr Rsp: 0
Loc Notif: 0
Loc Unsubscr Req: 0 Loc Unsubscr Rsp: 0
IDS Get Req: 0 IDS Get Resp: 0
IDS Notif: 0
IDS Set Req: 0 IDS Set Resp: 0
Related Commands
show nmsp notify-interval summary
clear nmsp statistics
config nmsp notify-interval measurement
show nmsp status
show nmsp status
To display the status of active Network Mobility Services Protocol (NMSP) connections, use the show nmsp status command.
show nmsp status
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the status of the active NMSP connections:
> show nmsp status
LocServer IP TxEchoResp RxEchoReq TxData RxData
-------------- ----------- --------- ------- -------
171.71.132.158 21642 21642 51278 21253
Related Commands
show nmsp notify-interval summary
clear nmsp statistics
config nmsp notify-interval measurement
show nmsp status
clear locp statistics
show nmsp statistics
show nmsp subscription
To display the Network Mobility Services Protocol (NMSP) services that are active on the controller, use the show nmsp subscription command.
show nmsp subscription {
summary |
detail ip_addr}
Syntax Description
summary
Displays all of the NMSP services to which the controller is subscribed.
detail
Displays details for all of the NMSP services to which the controller is subscribed.
ip_addr
Details only for the NMSP services subscribed to by a specific IP address.
Command Default
None.
Examples
This example shows how to display a summary of all the NMSP services to which the controller is subscribed:
> show nmsp subscription summary
Mobility Services Subscribed:
Server IP Services
--------- --------
10.10.10.31 RSSI, Info, Statistics
This example shows how to display details of all the NMSP services:
> show nmsp subscription detail 10.10.10.31
Mobility Services Subscribed by 10.10.10.31
Services Sub-services
-------- ------------
RSSI Mobile Station, Tags,
Info Mobile Station,
Statistics Mobile Station, Tags,
Related Commands
show nmsp notify-interval summary
show nmsp statistics
config nmsp notify-interval measurement
clear nmsp statistics
clear locp statistics
show ntp-keys
To display network time protocol authentication key details, use the show ntp-keys command.
show ntp-keys
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display NTP authentication key details:
> show ntp-keys
Ntp Authentication Key Details...................
Key Index
-----------
1
3
Related Commands
config time ntp
show qos
To display quality of service (QoS) information, use the show qos command.
show qos {
bronze |
gold |
platinum |
silver}
Syntax Description
bronze
Displays QoS information for the bronze profile of the WLAN.
gold
Displays QoS information for the gold profile of the WLAN.
platinum
Displays QoS information for the platinum profile of the WLAN.
silver
Displays QoS information for the silver profile of the WLAN.
Command Default
None.
Examples
This example shows how to display QoS information for the silver profile:
> show qos
Description...................................... For Best Effort
Maximum Priority................................. besteffort
Unicast Default Priority......................... besteffort
Multicast Default Priority....................... besteffort
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
protocol......................................... none
Related Commands
config qos protocol-type
show reset
To display the scheduled system reset parameters, use the show reset command.
show reset
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the scheduled system reset parameters:
> show reset
System reset is scheduled for Mar 27 01 :01 :01 2010
Current local time and date is Mar 24 02:57:44 2010
A trap will be generated 10 minutes before each scheduled system reset.
Use ‘reset system cancel’ to cancel the reset.
Configuration will be saved before the system reset.
Related Commands
reset system at
reset system in
reset system cancel
reset system notify-time
show route kernel
To display the kernel route cache information, use the show route kernel command.
show route kernel
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the kernel route cache information:
To display the routes assigned to the Cisco wireless LAN controller service port, use the show route summary command.
show route summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display all the configured routes:
> show route summary
Number of Routes............................... 1
Destination Network Genmask Gateway
------------------- ------------------- -------------------
xxx.xxx.xxx.xxx 255.255.255.0 xxx.xxx.xxx.xxx
Related Commands
config route
show sessions
To display the console port login timeout and maximum number of simultaneous command-line interface (CLI) sessions, use the show sessions command.
show sessions
Syntax Description
This command has no arguments or keywords.
Command Default
5 minutes, 5 sessions.
Examples
This example shows how to display the CLI session configuration setting:
> show sessions
CLI Login Timeout (minutes)............ 0
Maximum Number of CLI Sessions......... 5
The response indicates that the CLI sessions never time out and that the Cisco wireless LAN controller can host up to five simultaneous CLI sessions.
Related Commands
config sessions maxsessions
config sessions timeout
show snmpcommunity
To display Simple Network Management Protocol (SNMP) community entries, use the show snmpcommunity command.
show snmpcommunity
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display SNMP community entries:
> show snmpcommunity
SNMP Community Name Client IP Address Client IP Mask Access Mode Status
------------------- ----------------- ----------------- ----------- --------
public 0.0.0.0 0.0.0.0 Read Only Enable
********** 0.0.0.0 0.0.0.0 Read/Write Enable
Related Commands
config snmp community accessmode
config snmp community create
config snmp community delete
config snmp community ipaddr
config snmp community mode
config snmp syscontact
show snmpengineID
To display the SNMP engine ID, use the show snmpengineID command.
show snmpengineID
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the SNMP engine ID:
> show snmpengineID
SNMP EngineId... ffffffffffff
Related Commands
config snmp engineID
show snmptrap
To display Cisco wireless LAN controller Simple Network Management Protocol (SNMP) trap receivers and their status, use the show snmptrap command.
show snmptrap
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display SNMP trap receivers and their status:
> show snmptrap
SNMP Trap Receiver Name IP Address Status
------------------------ ----------------- --------
xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx Enable
Related Commands
config snmp trapreceiver create
config snmp trapreceiver delete
show snmpv3user
To display Simple Network Management Protocol (SNMP) version 3 configuration, use the show snmpv3user command.
show snmpv3user
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display SNMP version 3 configuration information:
To display parameters that apply to the Cisco wireless LAN controller, use the show switchconfig command.
show switchconfig
Syntax Description
This command has no arguments or keywords.
Command Default
Enabled.
Examples
This example shows how to display parameters that apply to the Cisco wireless LAN controller:
> show switchconfig
802.3x Flow Control Mode......................... Disabled
FIPS prerequisite features....................... Enabled
Boot Break....................................... Enabled
secret obfuscation............................... Enabled
Strong Password Check Features:
case-check ...........Disabled
consecutive-check ....Disabled
default-check .......Disabled
username-check ......Disabled
Related Commands
config switchconfig mode
config switchconfig secret-obfuscation
config switchconfig strong-pwd
config switchconfig flowcontrol
config switchconfig fips-prerequisite
show stats switch
show sysinfo
To display high-level Cisco wireless LAN controller information, use the show sysinfo command.
show sysinfo
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display wireless LAN controller information:
> show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.133.0
Build Information................................ Tue Mar 31 11:44:12 PDT 2009
Bootloader Version............................... 0.14.0
Field Recovery Image Version..................... 5.3.38.0-BL-9-16
Firmware Version................................. FPGA 1.0, Env 0.8, USB console 1.27
Build Type....................................... DATA + WPS
System Name...................................... 5500
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1
IP Address....................................... 10.10.10.7
Last Reset....................................... Software reset
System Up Time................................... 1 days 15 hrs 17 mins 48 secs
System Timezone Location....................
Current Boot License Level....................... wplus
Current Boot License Type........................ Permanent
Next Boot License Level.......................... wplus
Next Boot License Type........................... Permanent
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +45 C
External Temperature............................. +29 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 18
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 1
Burned-in MAC Address............................ 00:00:1B:EE:12:E0
Power Supply 1................................... Not Available
Power Supply 2................................... Not Available
Maximum number of APs supported.................. 250
Related Commands
config sysname
show tech-support
To display Cisco wireless LAN controller variables frequently requested by Cisco Technical Assistance Center (TAC), use the show tech-support command.
show tech-support
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display system resource information:
> show tech-support
Current CPU Load................................. 0%
System Buffers
Max Free Buffers.............................. 4608
Free Buffers.................................. 4604
Buffers In Use................................ 4
Web Server Resources
Descriptors Allocated......................... 152
Descriptors Used.............................. 3
Segments Allocated............................ 152
Segments Used................................. 3
System Resources
Uptime........................................ 747040 Secs
Total Ram..................................... 127552 Kbytes
Free Ram...................................... 19540 Kbytes
Shared Ram.................................... 0 Kbytes
Buffer Ram.................................... 460 Kbytes
show time
To display the Cisco wireless LAN controller time and date, use the show time command.
show time
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the controller time and date when authentication is not enabled:
> show time
Time............................................. Wed Apr 13 09:29:15 2011
Timezone delta................................... 0:0
Timezone location........................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata
NTP Servers
NTP Polling Interval......................... 3600
Index NTP Key Index NTP Server NTP Msg Auth Status
------- ---------------------------------------------------------------
1 0 9.2.60.60 AUTH DISABLED
This example shows successful authentication of NTP Message results in the AUTH Success:
> show time
Time............................................. Thu Apr 7 13:56:37 2011
Timezone delta................................... 0:0
Timezone location........................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata
NTP Servers
NTP Polling Interval......................... 3600
Index NTP Key Index NTP Server NTP Msg Auth Status
------- ---------------------------------------------------------------
1 1 9.2.60.60 AUTH SUCCESS
This example shows that if the packet received has errors, then the NTP Msg Auth status will show AUTH Failure:
> show time
Time............................................. Thu Apr 7 13:56:37 2011
Timezone delta................................... 0:0
Timezone location........................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata
NTP Servers
NTP Polling Interval......................... 3600
Index NTP Key Index NTP Server NTP Msg Auth Status
------- ---------------------------------------------------------------
1 10 9.2.60.60 AUTH FAILURE
This example shows that if there is no response from NTP server for the packets, the NTP Msg Auth status will be blank:
> show time
Time............................................. Thu Apr 7 13:56:37 2011
Timezone delta................................... 0:0
Timezone location................................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata
NTP Servers
NTP Polling Interval......................... 3600
Index NTP Key Index NTP Server NTP Msg Auth Status
------- ---------------------------------------------------------------
1 11 9.2.60.60
Related Commands
config time manual
config time ntp
config time timezone
config time timezone location
show trapflags
To display the Cisco wireless LAN controller Simple Network Management Protocol (SNMP) trap flags, use the show trapflags command.
show trapflags
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display controller SNMP trap flags:
To display the Cisco wireless LAN controller Simple Network Management Protocol (SNMP) trap log, use the show traplog command.
show traplog
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display controller SNMP trap log settings:
> show traplog
Number of Traps Since Last Reset........... 2447
Number of Traps Since Log Last Displayed... 2447
Log System Time Trap
--- ------------------------ -------------------------------------------------
0 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:52:62:fe detected on Base Rad
io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11
b/g) with RSSI: -78 and SNR: 10
1 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:52:19:d8 detected on Base Rad
io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11
b/g) with RSSI: -72 and SNR: 16
2 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:26:a1:8d detected on Base Rad
io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11
b/g) with RSSI: -82 and SNR: 6
3 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:14:b3:4f detected on Base Rad
io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11
b/g) with RSSI: -56 and SNR: 30
Would you like to display more entries? (y/n)
Related Commands
show trapflags
Config Commands
This section lists the config commands that you can use to configure the controller settings, and manage user accounts.
Specifies the aggregated MAC protocol data unit priority level between 0 through 7.
all
Configures all of the priority levels at once.
enable
Specifies the traffic associated with the priority level uses A-MPDU transmission.
disable
Specifies the traffic associated with the priority level uses A-MSDU transmission.
Command Default
By default, Priority 0 is enabled.
Usage Guidelines
Aggregation is the process of grouping packet data frames together rather than transmitting them separately. Two aggregation methods are available: Aggregated MAC Protocol Data Unit (A-MPDU) and Aggregated MAC Service Data Unit (A-MSDU). A-MPDU is performed in the software whereas A-MSDU is performed in the hardware.
Aggregated MAC Protocol Data Unit priority levels assigned per traffic type are as follows:
1—Background
2—Spare
0—Best effort
3—Excellent effort
4—Controlled load
5—Video, less than 100-ms latency and jitter
6—Voice, less than 10-ms latency and jitter
7—Network control
all—Configure all of the priority levels at once.
Note
Configure the priority levels to match the aggregation method used by the clients.
Examples
This example shows how to configure all the priority levels at once so that the traffic associated with the priority level uses A-MSDU transmission:
> config 802.11a 11nsupport a-mpdu tx priority all enable
Related Commands
config 802.11 11nsupport mcs tx
config 802.11a disable network
config 802.11a disable
config 802.11a channel ap
config 802.11a txpower ap
config 802.11 11nsupport a-mpdu tx scheduler
To configure the 802.11n-5 GHz A-MPDU transmit aggregation scheduler, use the config 802.11 11nsupport a-mpdu tx scheduler command.
To configure an access point to use a specific antenna, use the config 802.11 11nsupport antenna command.
config 802.11{
a |
b}
11nsupport antenna cisco_ap {
A |
B |
C |
D} {
enable |
disable}
Syntax Description
a
Specifies the 802.11a/n network.
b
Specifies the 802.11b/g/n network.
cisco_ap
Access point.
A/B/C/D
Specifies an antenna port.
enable
Enables the configuration.
disable
Disables the configuration.
Command Default
None.
Examples
This example shows how to configure transmission to a single antenna for legacy orthogonal frequency-division multiplexing:
> config 802.11 11nsupport antenna AP1 C enable
Related Commands
config 802.11 11nsupport mcs tx
config 802.11a disable network
config 802.11a disable
config 802.11a channel ap
config 802.11a txpower ap
config 802.11a chan_width
config 802.11 11nsupport guard-interval
To configure the guard interval, use the config 802.11 11nsupport guard-interval command.
config 802.11 {
a |
b}
11nsupport guard-interval {
any |
long}
Syntax Description
any
Enables either a short or a long guard interval.
long
Enables only a long guard interval.
Command Default
None.
Examples
This example shows how to configure a long guard interval:
> config 802.11 11nsupport guard-interval long
Related Commands
config 802.11 11nsupport mcs tx
config 802.11a disable network
config 802.11a channel ap
config 802.11a txpower ap
config 802.11a chan_width
config 802.11 11nsupport mcs tx
To specify the modulation and coding scheme (MCS) rates at which data can be transmitted between the access point and the client, use the config 802.11 11nsupport mcs tx command.
To configure the default Call Admission Control (CAC) parameters for the 802.11a and 802.11b/g network, use the config 802.11 cac defaults command.
config 802.11 {
a |
b}
cac defaults
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acm enable or config 802.11{a | b}cac video acm enable command.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to configure the default CAC parameters for the 802.11a network:
> config 802.11 cac defaults
Related Commands
show cac voice stats
show cac voice summary
show cac video stats
show cac video summary
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video sip
config 802.11 cac video roam-bandwidth
config 802.11 cac load-based
config 802.11 cac media-stream
config 802.11 cac multimedia
config 802.11 cac video cac-method
debug cac
config 802.11 cac video acm
To enable or disable video Call Admission Control (CAC) for the 802.11a or 802.11b/g network, use the config 802.11 cac video acm command.
config 802.11{
a |
b}
cac video acm {
enable |
disable}
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
enable
Enables video CAC settings.
disable
Disables video CAC settings.
Command Default
Disabled.
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acm enable, or config 802.11{a | b}cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to enable the video CAC for the 802.11a network:
> config 802.11 cac video acm enable
This example shows how to disable the video CAC for the 802.11b network:
> config 802.11 cac video acm disable
Related Commands
config 802.11 cac video max-bandwidth
config 802.11 cac video roam-bandwidth
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video cac-method
To configure the Call Admission Control (CAC) method for video applications on the 802.11a or 802.11b/g network, use the config 802.11 cac video cac-method command.
config 802.11 {
a |
b}
cac video cac-method {
static |
load-based}
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
static
Enables the static CAC method for video applications on the 802.11a or 802.11b/g network.
Static or bandwidth-based CAC enables the client to specify how much bandwidth or shared medium time is required to accept a new video request and in turn enables the access point to determine whether it is capable of accommodating the request.
load-based
Enables the load-based CAC method for video applications on the 802.11a or 802.11b/g network.
Load-based or dynamic CAC incorporates a measurement scheme that takes into account the bandwidth consumed by all traffic types from itself, from co-channel access points, and by collocated channel interference. Load-based CAC also covers the additional bandwidth consumption results from PHY and channel impairment. The access point admits a new call only if the channel has enough unused bandwidth to support that call.
Load-based CAC is not
supported
if SIP-CAC is enabled.
Command Default
Static.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acm enable or config 802.11{a | b}cac video acm enable command.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Video CAC consists of two parts: Unicast Video-CAC and MC2UC CAC. If you need only Unicast Video-CAC, you must configure only
static mode.
If you need only MC2UC CAC, you must configure Static or Load-based CAC. Load-based CAC is not
supported
if SIP-CAC is enabled.
Examples
This example shows how to enable the static CAC method for video applications on the 802.11a network:
> config 802.11 cac video cac-method static
Related Commands
show cac voice stats
show cac voice summary
show cac video stats
show cac video summary
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video sip
config 802.11 cac video roam-bandwidth
config 802.11 cac load-based
config 802.11 cac defaults
config 802.11 cac media-stream
config 802.11 cac multimedia
debug cac
config 802.11 cac video load-based
To enable or disable load-based Call Admission Control (CAC) for video applications on the 802.11a or 802.11b/g network, use the config 802.11 cac video load-based command.
config 802.11 {
a |
b}
cac video load-based {
enable |
disable}
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
enable
Enables load-based CAC for video applications on the 802.11a or 802.11b/g network.
Load-based or dynamic CAC incorporates a measurement scheme that takes into account the bandwidth consumed by all traffic types from itself, from co-channel access points, and by collocated channel interference. Load-based CAC also covers the additional bandwidth consumption results from PHY and channel impairment. The access point admits a new call only if the channel has enough unused bandwidth to support that call.
disable
Disables load-based CAC method for video applications on the 802.11a or 802.11b/g network.
Command Default
Disabled.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acm enable or config 802.11{a | b}cac video acm enable command.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Video CAC consists of two parts: Unicast Video-CAC and MC2UC CAC. If you need only Unicast Video-CAC, you must configure only
static mode.
If you need only MC2UC CAC, you must configure Static or Load-based CAC. Load-based CAC is not
supported
if SIP-CAC is enabled.
Note
Load-based CAC is not
supported
if SIP-CAC is enabled.
Examples
This example shows how to enable load-based CAC method for video applications on the 802.11a network:
> config 802.11 cac video load-based enable
Related Commands
show cac voice stats
show cac voice summary
show cac video stats
show cac video summary
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video sip
config 802.11 cac video roam-bandwidth
config 802.11 cac load-based
config 802.11 cac defaults
config 802.11 cac media-stream
config 802.11 cac multimedia
config 802.11 cac video cac-method
debug cac
config 802.11 cac video max-bandwidth
To set the percentage of the maximum bandwidth allocated to clients for video applications on the 802.11a or 802.11b/g network, use the config 802.11 cac video max-bandwidth command.
config 802.11{
a |
b}
cac video max-bandwidth bandwidth
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
bandwidth
Bandwidth percentage value from 5 to 85%.
Command Default
0%.
Usage Guidelines
The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. Once the client reaches the value specified, the access point rejects new calls on this network.
Note
If this parameter is set to zero (0), the controller assumes that you do not want to allocate any bandwidth and allows all bandwidth requests.
Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acm enable, or config 802.11{a | b}cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to specify the percentage of the maximum allocated bandwidth for video applications on the selected radio band:
> config 802.11 cac video max-bandwidth 50
Related Commands
config 802.11 cac video acm
config 802.11 cac video roam-bandwidth
config 802.11 cac voice stream-size
config 802.11 cac voice roam-bandwidth
config 802.11 cac media-stream
To configure media stream Call Admission Control (CAC) voice and video quality parameters for 802.11a and 802.11b networks, use the config 802.11 cac media-stream command.
Configures CAC parameters for multicast-direct media streams.
max-retry-percent
Configures the percentage of maximum retries that are allowed for multicast-direct media streams.
retry-percentage
Percentage of maximum retries that are allowed for multicast-direct media streams.
min-client-rate
Configures the minimum transmission data rate to the client for multicast-direct media streams.
dot11-rate
Minimum transmission data rate to the client for multicast-direct media streams. Rate in kbps at which the client can operate.
If the transmission data rate is below this rate, either the video will not start or the client may be classified as a bad client. The bad client video can be demoted for better effort QoS or subject to denial. The available data rates are 6000, 9000, 12000, 18000, 24000, 36000, 48000, 54000, and 11n rates.
Command Default
The default value for the maximum retry percent is 80. If it exceeds 80, either the video will not start or the client might be classified as a bad client. The bad client video will be demoted for better effort QoS or is subject to denial.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acm enable or config 802.11{a | b}cac video acm enable command.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to configure the maximum retry percent for multicast-direct media streams as 90 on a 802.11a network:
To configure the CAC media voice and video quality parameters for 802.11a and 802.11b networks, use the config 802.11 cac multimedia command.
config 802.11 {
a |
b}
cac multimedia max-bandwidth bandwidth
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
max-bandwidth
Configures the percentage of maximum bandwidth allocated to Wi-Fi Multimedia (WMM) clients for voice and video applications on the 802.11a or 802.11b/g network.
bandwidth
Percentage of the maximum bandwidth allocated to WMM clients for voice and video applications on the 802.11a or 802.11b/g network. Once the client reaches the specified value, the access point rejects new calls on this radio band. The range is from 5 to 85%.
Command Default
The default value is 85%.
Usage Guidelines
Call Admission Control (CAC) commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acm enable or config 802.11{a | b}cac video acm enable command.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to configure the percentage of the maximum bandwidth allocated to WMM clients for voice and video applications on the 802.11a network:
> config 802.11 cac multimedia max-bandwidth 80
Related Commands
show cac voice stats
show cac voice summary
show cac video stats
show cac video summary
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video sip
config 802.11 cac video roam-bandwidth
config 802.11 cac load-based
config 802.11 cac defaults
debug cac
config 802.11 cac video roam-bandwidth
To configure the percentage of the maximum allocated bandwidth reserved for roaming video clients on the 802.11a or 802.11b/g network, use the config 802.11 cac video roam-bandwidth command.
config 802.11{
a |
b}
cac video roam-bandwidth bandwidth
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
bandwidth
Bandwidth percentage value from 5 to 85%.
Command Default
0%.
Usage Guidelines
The controller reserves the specified bandwidth from the maximum allocated bandwidth for roaming video clients.
Note
If this parameter is set to zero (0), the controller assumes that you do not want to do any bandwidth allocation and, therefore, allows all bandwidth requests.
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
Disable the radio network you want to configure by entering the config 802.11 {a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11 {a | b}cac voice acm enable or config 802.11 {a | b}cac video acm enable command.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to specify the percentage of the maximum allocated bandwidth reserved for roaming video clients on the selected radio band:
> config 802.11 cac video roam-bandwidth 10
Related Commands
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video cac-method
config 802.11 cac video sip
config 802.11 cac video load-based
config 802.11 cac video sip
To enable or disable video Call Admission Control (CAC) for non-traffic specifications (TSPEC) SIP clients using video applications on the 802.11a or 802.11b/g network, use the config 802.11 cac video sip command.
config 802.11 {
a |
b}
cac video sip {
enable |
disable}
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
enable
Enables video CAC for non-TSPEC SIP clients using video applications on the 802.11a or 802.11b/g network.
When you enable video CAC for non-TSPEC SIP clients, you can use applications like Facetime and CIUS video calls.
disable
Disables video CAC for non-TSPEC SIP clients using video applications on the 802.11a or 802.11b/g network.
Command Default
None.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11 {a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acm enable or config 802.11{a | b}cac video acm enable command.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Enable call snooping on the WLAN on which the SIP client is present by entering the config wlan call-snoop enable wlan_id command.
Examples
This example shows how to enable video CAC for non-TSPEC SIP clients using video applications on the 802.11a network:
> config 802.11 cac video sip enable
Related Commands
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video cac-method
config 802.11 cac video load-based
config 802.11 cac video roam-bandwidth
config 802.11 cac video tspec-inactivity-timeout
To process or ignore the Call Admission Control (CAC) Wi-Fi Multimedia (WMM) traffic specifications (TSPEC) inactivity timeout received from an access point, use the config 802.11 cac video tspec-inactivity-timeout command.
config 802.11{
a |
b}
cac video tspec-inactivity-timeout {
enable |
ignore}
Syntax Description
a
Specifies the 802.11a network.
ab
Specifies the 802.11b/g network.
enable
Processes the TSPEC inactivity timeout messages.
ignore
Ignores the TSPEC inactivity timeout messages.
Command Default
Disabled (ignore).
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acm enable or config 802.11{a | b}cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to process the response to TSPEC inactivity timeout messages received from an access point:
> config 802.11a cac video tspec-inactivity-timeout enable
This example shows how to ignore the response to TSPEC inactivity timeout messages received from an access point:
> config 802.11a cac video tspec-inactivity-timeout ignore
Related Commands
config 802.11 cac video acm
config 802.11 cac video max-bandwidth
config 802.11 cac video roam-bandwidth
config 802.11 cac voice acm
To enable or disable bandwidth-based voice Call Admission Control (CAC) for the 802.11a or 802.11b/g network, use the config 802.11 cac voice acm command.
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acm enable or config 802.11{a | b}cac video acmenable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to enable the bandwidth-based CAC:
> config 802.11c cac voice acm enable
This example shows how to disable the bandwidth-based CAC:
> config 802.11b cac voice acm disable
Related Commands
config 802.11 cac video acm
config 802.11 cac voice max-bandwidth
To set the percentage of the maximum bandwidth allocated to clients for voice applications on the 802.11a or 802.11b/g network, use the config 802.11 cac voice max-bandwidth command.
config 802.11{
a |
b}
cac voice max-bandwidth bandwidth
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
bandwidth
Bandwidth percentage value from 5 to 85%.
Command Default
0%.
Usage Guidelines
The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. Once the client reaches the value specified, the access point rejects new calls on this network.
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acm enable or config 802.11{a | b}cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to specify the percentage of the maximum allocated bandwidth for voice applications on the selected radio band:
> config 802.11a cac voice max-bandwidth 50
Related Commands
config 802.11 cac voice roam-bandwidth
config 802.11 cac voice stream-size
config 802.11 exp-bwreq
config 802.11 tsm
config wlan save
show wlan
show wlan summary
config 802.11 cac voice tspec-inactivity-timeout
config 802.11 cac voice load-based
config 802.11 cac video acm
config 802.11 cac voice roam-bandwidth
To configure the percentage of the Call Admission Control (CAC) maximum allocated bandwidth reserved for roaming voice clients on the 802.11a or 802.11b/g network, use the config 802.11 cac voice roam-bandwidth command.
config 802.11{
a |
b}
cac voice roam-bandwidth bandwidth
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
bandwidth
Bandwidth percentage value from 0 to 85%.
Command Default
85%.
Usage Guidelines
The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. The controller reserves the specified bandwidth from the maximum allocated bandwidth for roaming voice clients.
Note
If this parameter is set to zero (0), the controller assumes you do not want to allocate any bandwidth and therefore allows all bandwidth requests.
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acm enable or config 802.11{a | b}cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to configure the percentage of the maximum allocated bandwidth reserved for roaming voice clients on the selected radio band:
> config 802.11 cac voice roam-bandwidth 10
Related Commands
config 802.11 cac voice acm
config 802.11cac voice max-bandwidth
config 802.11 cac voice stream-size
config 802.11 cac voice tspec-inactivity-timeout
To process or ignore the Wi-Fi Multimedia (WMM) traffic specifications (TSPEC) inactivity timeout received from an access point, use the config 802.11 cac voice tspec-inactivity-timeout command.
Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acmenable or config 802.11{a | b}cac video acmenable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to enable the voice TSPEC inactivity timeout messages received from an access point:
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acmenable or config 802.11{a | b}cac video acmenable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to enable the voice load-based CAC parameters:
> config 802.11a cac voice load-based enable
This example shows how to disable the voice load-based CAC parameters:
> config 802.11a cac voice load-based disable
Related Commands
config 802.11 cac voice tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac voice stream-size
config 802.11 cac voice max-calls
Note
Do not use the config 802.11 cac voice max-calls command if the SIP call snooping feature is disabled and if the SIP based Call Admission Control (CAC) requirements are not met.
To configure the maximum number of voice call supported by the radio, use the config 802.11 cac voice max-calls command.
config 802.11{
a |
b}
cac voice max-calls number
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
number
Number of calls to be allowed per radio.
Command Default
0, which means that there is no maximum limit check for the number of calls.
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acmenable or config 802.11{a | b}cac video acmenable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to configure the maximum number of voice calls supported by radio:
> config 802.11 cac voice max-calls 10
Related Commands
config 802.11 cac voice roam-bandwidth
config 802.11 cac voice stream-size
config 802.11 exp-bwreq
config 802.11 cac voice tspec-inactivity-timeout
config 802.11 cac voice load-based
config 802.11 cac video acm
config 802.11 cac voice sip bandwidth
Note
SIP bandwidth and sample intervals are used to compute per call bandwidth in case of the SIP-based Call Admission Control (CAC).
To configure the bandwidth that is required per call for the 802.11a or 802.11b/g network, use the config 802.11 cac voice sip bandwidth command.
Specifies the packetization interval for SIP codec.
number_msecs
Packetization sample interval in msecs. The sample interval for SIP codec is 20 seconds.
Command Default
None.
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acmenable or config 802.11{a | b}cac video acmenable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to configure the bandwidth and voice packetization interval for a SIP codec:
To configure the Call Admission Control (CAC) codec name and sample interval as parameters and to calculate the required bandwidth per call for the 802.11a or 802.11b/g network, use the config 802.11 cac voice sip codec command.
Specifies the packetization interval for SIP codec.
number_msecs
Packetization interval in msecs. The sample interval for SIP codec value is 20 seconds.
Command Default
g711.
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acmenable or config 802.11{a | b}cac video acmenable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to configure the codec name and sample interval as parameters for SIP G711 codec:
To configure the number of aggregated voice Wi-Fi Multimedia (WMM) traffic specification (TSPEC) streams at a specified data rate for the 802.11a or 802.11b/g network, use the config 802.11 cac voice stream-size command.
config 802.11{
a |
b}
cac voice stream-size stream_size number mean_datarate max-streams mean_datarate
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
stream-size
Configures the maximum data rate for the stream.
stream_size
Range of stream size is between 84000 and 92100.
number
Number (1 to 5) of voice streams.
mean_datarate
Configures the mean data rate.
max-streams
Configures the mean data rate of a voice stream.
mean_datarate
Mean data rate (84 to 91.2 kbps) of a voice stream.
Command Default
The default number of streams is 2 and the mean data rate of a stream is 84 kbps.
Usage Guidelines
Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acmenable or config 802.11{a | b}cac video acmenable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to configure the number of aggregated voice traffic specifications stream with the stream size 5 and the mean data rate of 85000 kbps:
To change the beacon period globally for an 802.11a, 802.11b, or other supported 802.11 network, use the config 802.11 beacon period command.
config 802.11{
a |
b}
beacon period time_units
Note
Disable the 802.11 network before using this command. See the “Usage Guidelines” section.
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
time_units
Beacon interval in time units (TU). One TU is 1024 microseconds.
Command Default
None.
Usage Guidelines
In Cisco wireless LAN solution 802.11 networks, all Cisco lightweight access point wireless LANs broadcast a beacon at regular intervals. This beacon notifies clients that the 802.11a service is available and allows the clients to synchronize with the lightweight access point.
Before you change the beacon period, make sure that you have disabled the 802.11 network by using the config 802.11 disable command. After changing the beacon period, enable the 802.11 network by using the config 802.11 enable command.
Examples
This example shows how to configure an 802.11a network for a beacon period of 120 time units:
> config 802.11 beacon period 120
Related Commands
show 802.11a
config 802.11b beaconperiod
config 802.11a disable
config 802.11a enable
config 802.11 disable
To disable radio transmission for an entire 802.11 network or for an individual Cisco radio, use the config 802.11 disable command.
config 802.11{
a |
b}
disable {
network |
cisco_ap}
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
network
Disables transmission for the entire 802.11a network.
cisco_ap
Individual Cisco lightweight access point radio.
Command Default
The transmission is enabled for the entire network by default.
Usage Guidelines
Note
You must use this command to disable the network before using many config 802.11 commands.
This command can be used any time that the CLI interface is active.
Examples
This example shows how to disable the entire 802.11a network:
> config 802.11a disable network
This example shows how to disable access point AP01 802.11b transmissions:
> config 802.11b disable AP01
Related Commands
show sysinfo
show 802.11a
config 802.11a enable
config 802.11b disable
config 802.11b enable
config 802.11a beaconperiod
config 802.11 dtpc
To enable or disable the Dynamic Transmit Power Control (DTPC) setting for an 802.11 network, use the config 802.11 dtpc command.
config 802.11{
a |
b}
dtpc {
enable |
disable}
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
enable
Enables the support for this command.
disable
Disables the support for this command.
Command Default
Enabled.
Examples
This example shows how to disable DTPC for an 802.11a network:
> config 802.11a dtpc disable
Related Commands
show 802.11a
config 802.11a beaconperiod
config 802.11a disable
config 802.11a enable
config 802.11 enable
To enable radio transmission for an entire 802.11 network or for an individual Cisco radio, use the config 802.11 enable command.
config 802.11{
a |
b}
enable {
network |
cisco_ap}
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
network
Disables transmission for the entire 802.11a network.
cisco_ap
Individual Cisco lightweight access point radio.
Command Default
The transmission is enabled for the entire network by default.
Usage Guidelines
Note
Use this command in conjunction with the config 802.11 disable command when configuring 802.11 settings.
This command can be used any time that the CLI interface is active.
Examples
This example shows how to enable radio transmission for the entire 802.11a network:
> config 802.11a enable network
This example shows how to enable radio transmission for AP1 on an 802.11b network:
> config 802.11b enable AP1
Related Commands
show sysinfo show 802.11a
config wlan radio
config 802.11a disable
config 802.11b disable
config 802.11b enable
config 802.11b 11gSupport enable
config 802.11b 11gSupport disable
config 802.11 exp-bwreq
To enable or disable the Cisco Client eXtension (CCX) version 5 expedited bandwidth request feature for an 802.11 radio, use the config 802.11 exp-bwreq command.
config 802.11{
a |
b}
exp-bwreq {
enable |
disable}
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
enable
Enables the expedited bandwidth request feature.
disable
Disables the expedited bandwidth request feature.
Command Default
The expedited bandwidth request feature is disabled by default.
Usage Guidelines
When this command is enabled, the controller configures all joining access points for this feature.
Examples
This example shows how to enable the CCX expedited bandwidth settings:
> config 802.11a exp-bwreq enable
Cannot change Exp Bw Req mode while 802.11a network is operational.
This example shows how to disable the CCX expedited bandwidth settings:
> config 802.11a exp-bwreq disable
Related Commands
show 802.11a
show ap stats 802.11a
config 802.11 fragmentation
To configure the fragmentation threshold on an 802.11 network, use the config 802.11 fragmentation command.
config 802.11{
a |
b}
fragmentation threshold
Note
This command can only be used when the network is disabled using the config 802.11 disable command.
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
threshold
Number between 256 and 2346 bytes (inclusive).
Command Default
None.
Examples
This example shows how to configure the fragmentation threshold on an 802.11a network with the threshold number of 6500 bytes:
> config 802.11a fragmentation 6500
Related Commands
config 802.11b fragmentation
show 802.11b
show ap auto-rtf
config 802.11 l2roam rf-params
To configure 802.11a or 802.11b/g Layer 2 client roaming parameters, use the config 802.11 l2roam rf-params command.
Minimum received signal strength indicator (RSSI) that is required for the client to associate to the access point. If the client’s average received signal power dips below this threshold, reliable communication is usually impossible. Clients must already have found and roamed to another access point with a stronger signal before the minimum RSSI value is reached. The valid range is –80 to –90 dBm, and the default value is –85 dBm.
roam_hyst
How much greater the signal strength of a neighboring access point must be in order for the client to roam to it. This parameter is intended to reduce the amount of roaming between access points if the client is physically located on or near the border between the two access points. The valid range is 2 to 4 dB, and the default value is 2 dB.
scan_thresh
Minimum RSSI that is allowed before the client should roam to a better access point. When the RSSI drops below the specified value, the client must be able to roam to a better access point within the specified transition time. This parameter also provides a power-save method to minimize the time that the client spends in active or passive scanning. For example, the client can scan slowly when the RSSI is above the threshold and scan more rapidly when the RSSI is below the threshold. The valid range is –70 to –77 dBm, and the default value is –72 dBm.
trans_time
Maximum time allowed for the client to detect a suitable neighboring access point to roam to and to complete the roam, whenever the RSSI from the client’s associated access point is below the scan threshold. The valid range is 1 to 10 seconds, and the default value is 5 seconds.
Note
For high-speed client roaming applications in outdoor mesh environments, we recommend that you set the transition time to 1 second.
Command Default
min_rssi
–85
roam_hyst
2
scan_thresh
–72
trans_time
5
Usage Guidelines
For high-speed client roaming applications in outdoor mesh environments, we recommend that you set the trans_time to 1 second.
Examples
This example shows how to configure custom Layer 2 client roaming parameters on an 802.11a network:
To configure the maximum number of clients per access point, use the config 802.11 max-clients command.
config 802.11{
a |
b}
max-clients max-clients
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
max-clients
Configures the maximum number of client connections per access point.
max-clients
Maximum number of client connections per access point. The range is from 1 to 200.
Command Default
None.
Examples
This example shows how to set the maximum number of clients at 22:
> config 802.11 max-clients 22
Related Commands
show ap config 802.11a
config 802.11b rate
config 802.11 multicast data-rate
To configure the minimum multicast datarate, use the config 802.11 multicast data-rate command.
config 802.11{
a |
b}
multicast data-rate data_rate [
ap ap_name |
default]
Syntax Description
data_rate
Minimum multicast data rates. The options are 6, 9, 12, 18, 24, 36, 48, 54. Enter 0 to specify that APs will dynamically adjust the number of the buffer allocated for multicast.
ap_name
Specific AP radio in this datarate.
default
Configures all APs radio in this datarate.
Command Default
The default is 0 where the configuration is disabled and the multicast rate is the lowest mandatory data rate and unicast client data rate.
Usage Guidelines
When you configure the datarate without the AP name or default keyword, you globally reset all the APs to the new value and update the controller global default with this new datarate value. If you configure the data-rate with default keyword, you only update the controller global default value and do not reset the value of APs already joined the controller. The APs that join the controller after the new datarate value is set will receive the new datarate value.
Examples
This example shows how to configure minimum multicast data rate settings:
> config 802.11 multicast data-rate 12
config 802.11 rate
To set mandatory and supported operational data rates for an 802.11 network, use the config 802.11 rate command.
Specifies that a client supports the data rate in order to use the network.
supported
Specifies to allow any associated client that supports the data rate to use the network.
rate
Rate value of 6, 9, 12, 18, 24, 36, 48, or 54 Mbps.
Command Default
None.
Usage Guidelines
The data rates set with this command are negotiated between the client and the Cisco wireless LAN controller. If the data rate is set to mandatory, the client must support it in order to use the network. If a data rate is set as supported by the Cisco wireless LAN controller, any associated client that also supports that rate may communicate with the Cisco lightweight access point using that rate. It is not required that a client is able to use all the rates marked supported in order to associate.
Examples
This example shows how to set the 802.11b transmission at a mandatory rate at 12 Mbps:
> config 802.11b rate mandatory 12
Related Commands
show ap config 802.11a
config 802.11b rate
config 802.11 tsm
To enable or disable the video Traffic Stream Metric (TSM) option for the 802.11a or 802.11b/g network, use the config 802.11 tsm command.
config 802.11{
a |
b}
tsm {
enable |
disable}
Syntax Description
a
Specifies the 802.11a network.
b
Specifies the 802.11b/g network.
enable
Enables the video TSM settings.
disable
Disables the video TSM settings.
Command Default
Disabled.
Examples
This example shows how to enable the video TSM option for the 802.11b/g network:
> config 802.11b tsm enable
This example shows how to disable the video TSM option for the 802.11b/g network:
> config 802.11b tsm disable
Related Commands
show ap stats
show client tsm
Configure Advanced 802.11 Commands
Use the config advanced 802.11 commands to configure advanced settings and devices on 802.11a, 802.11b/g, or other supported 802.11 networks.
Configures the call admission limit for the 7920s.
G711-CU-Quantum
Configures the value supplied by the infrastructure indicating the current number of channel utilization units that would be used by a single G.711-20ms call.
limit
Call admission limit (from 0 to 255). The default value is 105.
quantum
G711 quantum value. The default value is 15.
Command Default
None.
Examples
This example shows how to configure the call admission limit for 7920 VISE parameters:
To enable a specific enhanced distributed channel access (EDCA) profile on the 802.11a network, use the config advanced 802.11 edca-parameters command.
Enables the Wi-Fi Multimedia (WMM) default parameters. Choose this option when voice or video services are not deployed on your network.
svp-voice
Enables Spectralink voice priority parameters. Choose this option if Spectralink phones are deployed on your network to improve the quality of calls.
optimized-voice
Enables EDCA voice-optimized profile parameters. Choose this option when voice services other than Spectralink are deployed on your network.
optimized-video-voice
Enables EDCA voice- and video-optimized profile parameters. Choose this option when both voice and video services are deployed on your network.
Note
If you deploy video services, admission control (ACM) must be disabled.
custom-voice
Enables custom voice EDCA parameters for 802.11a. The EDCA parameters under this option also match the 6.0 WMM EDCA parameters when this profile is applied.
Command Default
wmm-default
Examples
This example shows how to enable Spectralink voice priority parameters:
Preferred call number that can contain up to 27 characters.
none
Deletes the preferred call set for the specified index.
Command Default
None.
Usage Guidelines
Before you configure voice prioritization, you must complete the following prerequisites:
Set the voice to the platinum QoS level by entering the config wlan qoswlan-idplatinum command.
Enable the admission control (ACM) to this radio by entering the config 802.11 {a | b} cac {voice | video} acm enable command.
Enable the call-snooping feature for a particular WLAN by entering the config wlan call-snoop enablewlan-id command.
To view statistics about preferred calls, enter the show ap stats {802.11{a | b} | wlan} cisco_ap command.
Examples
This example shows how to add a new preferred call for index 2:
To create a new Application Visibility and Control (AVC) profile, use the config avc profile create command.
config avc profile profile_name create
Syntax Description
profile_name
Name of the AVC profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.
create
Creates a new AVC profile.
Command Default
None.
Usage Guidelines
You can configure up to 16 AVC profiles on a controller and associate an AVC profile with multiple WLANs. You can configure only one AVC profile per WLAN and each AVC profile can have up to 32 rules. Each rule states a Mark or Drop action for an application, which allows you to configure up to 32 application actions per WLAN.
Examples
This example shows how to create a new AVC profile:
> config avc profile avcprofile1 create
Related Commands
config avc profile delete
config avc profile rule
config wlan avc
show avc profile
show avc applications
show avc statistics
debug avc error
debug avc events
config avc profile delete
To delete an AVC profile, use the config avc profile delete command.
config avc profile profile_name delete
Syntax Description
profile_name
Name of the AVC profile.
delete
Deletes an AVC profile.
Command Default
None.
Examples
This example shows how to delete an AVC profile:
> config avc profile avcprofile1 delete
Related Commands
config avc profile create
config avc profile rule
config wlan avc
show avc profile summary
show avc profile detailed
debug avc error
debug avc events
config avc profile rule
To configure a rule for an AVC profile, use the config avc profile rule command.
config avc profile profile_name rule {
add |
remove}
application application_name {
drop |
mark dscp}
Syntax Description
profile_name
Name of the AVC profile.
rule
Configures a rule for the AVC profile.
add
Creates a rule for the AVC profile.
remove
Deletes a rule for the AVC profile.
application
Specifies the application that has to be dropped or marked.
application_name
Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
drop
Drops the upstream and downstream packets that correspond to the chosen application.
mark
Marks the upstream and downstream packets that correspond to the chosen application with the Differentiated Services Code Point (DSCP) value that you specify in the drop-down list. The DSCP value helps you provide differentiated services based on the QoS levels.
dscp
Packet header code that is used to define the QoS across the Internet. The range is from 0 to 63.
Command Default
None.
Examples
This example shows how to configure a rule for an AVC profile:
Name of the AVC profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.
visibility
Configures application visibility on a WLAN.
enable
Enables application visibility on a WLAN.
You can view the classification of applications based on the Network Based Application Recognition (NBAR) deep packet inspection technology.
Use the show avc statistics client command to view the client AVC statistics.
disable
Disables application visibility on a WLAN.
Command Default
None.
Usage Guidelines
You can configure only one AVC profile per WLAN and each AVC profile can have up to 32 rules. Each rule states a Mark or Drop action for an application, which allows you to configure up to 32 application actions per WLAN. You can configure up to 16 AVC profiles on a controller and associate an AVC profile with multiple WLANs.
Examples
This example shows how to associate an AVC profile with a WLAN:
> config wlan avc 5 profile profile1 enable
Related Commands
config avc profile delete
config avc profile create
config avc profile rule
show avc statistics
show avc profile applications
show avc applications
show avc statistics client
show avc statistics wlan
show avc statistics top-apps
show avc statistics guest-lan
show avc statistics remote-lan
debug avc error
debug avc events
Configure Band-Select Commands
Use the config band-select command to configure the band selection feature on the controller.
This example shows how to enable a wireless LAN with the LAN ID 16:
> config guest-lan enable 16
Related Commands
show wlan
config guest-lan custom-web ext-webauth-url
To redirect guest users to an external server before accessing the web login page, use the config guest-lan custom-web ext-webauth-url command to specify the URL of the external server.
To use a guest-LAN specific custom web configuration rather than a global custom web configuration, use the config guest-lan custom-web global disable command.
config guest-lan custom-web global disable guest_lan_id
Syntax Description
guest_lan_id
Guest LAN identifier between 1 and 5 (inclusive).
Command Default
None.
Usage Guidelines
If you enter the config guest-lan custom-web global enableguest_lan_id command, the custom web authentication configuration at the global level is used.
Examples
This example shows how to disable the global web configuration for guest LAN ID 1:
> config guest-lan custom-web global disable 1
Related Commands
config guest-lan
config guest-lan create
config guest-lan custom-web ext-webauth-url
config guest-lan custom-web login_page
config guest-lan custom-web webauth-type
config guest-lan custom-web login_page
To enable wired guest users to log into a customized web login page, use the config guest-lan custom-web login_page command.
To configure the wired guest VLAN’s ingress interface which provides a path between the wired guest client and the controller by way of the Layer 2 access switch, use the config guest-lan ingress-interface command.
To configure an mDNS profile for an interface group, use the config interface group mdns-profile command.
config interface group mdns-profile {
all |
interface-group-name}
{
profile-name |
none}
Syntax Description
all
Configures an mDNS profile for all interface groups.
interface-group-name
Name of the interface group to which the mDNS profile has to be associated. The interface group name can be up to 32 case-sensitive, alphanumeric
characters.
profile-name
Name of the mDNS profile.
none
Removes all existing mDNS profiles from the interface group. You cannot configure mDNS profiles on the interface group.
Command Default
None.
Usage Guidelines
If the mDNS profile is associated to a WLAN, an error appears.
Examples
This example shows how to configure an mDNS profile for an interface group floor1:
> config interface group mdns-profile floor1 profile1
Related Commands
config mdns query interval
config mdns service
config mdns snooping
config interface mdns-profile
config mdns profile
config wlan mdns
show mdns profile
show mnds service
clear mdns service-database
debug mdns all
debug mdns error
debug mdns detail
debug mdns message
config interface mdns-profile
To configure an mDNS profile for an interface, use the config interface mdns-profile command.
Configures an mDNS profile for the management interface.
all
Configures an mDNS profile for all interfaces.
interface-name
Name of the interface on which the mDNS profile has to be configured. The interface name can be up to 32 case-sensitive, alphanumeric
characters.
profile-name
Name of the mDNS profile.
none
Removes all existing mDNS profiles from the interface. You cannot configure mDNS profiles on the interface.
Command Default
None.
Usage Guidelines
If the mDNS profile is associated to a WLAN, an error appears.
Examples
This example shows how to configure an mDNS profile for an interface lab1:
> config interface mdns-profile lab1 profile1
Related Commands
config mdns query interval
config mdns service
config mdns snooping
config mdns profile
config interface group mdns-profile
config wlan mdns
show mdns profile
show mnds service
clear mdns service-database
debug mdns all
debug mdns error
debug mdns detail
debug mdns message
config mdns profile
To configure an mDNS profile and associate a service with the profile, use the config mdns profile command.
config mdns profile {
create |
delete |
service {
add |
delete}
service _name profile_name
Syntax Description
create
Creates an mDNS profile.
delete
Deletes an mDNS profile. If the profile is associated to an interface group, an interface, or a WLAN, an error appears.
service
Configures an mDNS service.
add
Adds an mDNS service to an mDNS profile.
delete
Deletes an mDNS service from an mDNS profile.
service -name
Name of the mDNS service.
profile_name
Name of the mDNS profile. You can create a maximum of 16 profiles.
Command Default
None.
Usage Guidelines
After creating a new profile, you must map the profile to an interface group, an interface, or a WLAN. Clients receive service advertisements only for the services associated with the profile. The controller gives the highest priority to the profiles associated to interface groups, followed by the interface profiles, and then the WLAN profiles. Each client is mapped to a profile based on the order of priority.
By default, the controller has an mDNS profile, default-mdns-profile. You cannot delete this default profile.
Examples
This example shows how to add the Apple TV mDNS service to the mDNS profile1:
> config mdns profile create profile1 Apple TV
Related Commands
config mdns query interval
config mdns service
config mdns snooping
config interface mdns-profile
config interface group mdns-profile
config wlan mdns
show mdns profile
show mnds service
clear mdns service-database
debug mdns all
debug mdns error
debug mdns detail
debug mdns message
config mdns query interval
To configure the query interval for mDNS services, use the config mdns query interval command.
config mdns query interval interval_value
Syntax Description
interval_value
mDNS query interval, in minutes that you can set. The query interval is the frequency at which the controller sends periodic queries to all the services defined in the Master Service database. The range is from 10 to 120 minutes.
Command Default
15 minutes.
Usage Guidelines
The controller snoops and learns about the mDNS service advertisements only if the service is available in the Master Services database. mDNS uses the multicast IP address 224.0.0.251 as the destination address and 5353 as UDP destination port.
Examples
This example shows how to configure the query interval for mDNS services as 20 minutes:
> config mdns query interval 20
Related Commands
config mdns profile
config mdns service
config mdns snooping
config interface mdns-profile
config interface group mdns-profile
config wlan mdns
show mdns profile
show mnds service
clear mdns service-database
debug mdns all
debug mdns error
debug mdns detail
debug mdns message
config mdns service
To configure mDNS services in the Master Services database, use the config mdns service command.
Adds a new mDNS service to the Master Services database.
service_name
Name of the mDNS service. For example, Air Tunes, iTunes Music Sharing, FTP, Apple File Sharing Protocol (AFP).
service_string
Unique string associated to an mDNS service. For example,“ _airplay._tcp.local.” is the service string associated with Apple TV.
query
Configures the query status for the mDNS service.
enable
Enables periodic query for an mDNS service by the controller.
disable
Disables periodic query for an mDNS service by the controller.
delete
Deletes an mDNS service from the Master Services database. Before deleting the service, the controller checks if any profile uses the service. You must delete the service from all profiles before deleting the service.
Command Default
None.
Usage Guidelines
The controller snoops and learns about the mDNS service advertisements only if the service is available in the Master Services database. The controller can snoop and learn a maximum of 64 services.
Examples
This example shows how to add the Apple TV mDNS service to the Master Services database:
> config mdns service create Apple TV _airplay._tcp.local. query enable
Related Commands
config mdns query interval
config mdns profile
config mdns snooping
config interface mdns-profile
config interface group mdns-profile
config wlan mdns
show mdns profile
show mnds service
clear mdns service-database
debug mdns all
debug mdns error
debug mdns detail
debug mdns message
config mdns snooping
To enable or disable global mDNS snooping on the controller, use the config mdns snooping command.
config mdns snooping {
enable |
disable}
Syntax Description
enable
Enables mDNS snooping on the controller.
disable
Disables mDNS snooping on the controller.
Command Default
Enabled.
Usage Guidelines
Multicast DNS (mDNS) service discovery provides a way to announce and discover services on the local network. mDNS perform DNS queries over IP multicast. mDNS supports zero configuration IP networking.
Examples
This example shows how to enable mDNS snooping:
> config mdns snooping enable
Related Commands
config mdns query interval
config mdns service
config mdns profile
config interface mdns-profile
config interface group mdns-profile
config wlan mdns
show mdns profile
show mnds service
clear mdns service-database
debug mdns all
debug mdns error
debug mdns detail
debug mdns message
config wlan mdns
To configure an muticast DNS (mDNS) profile for a WLAN, use the config wlan mdns command.
Name of the mDNS profile to be associated with a WLAN.
none
Removes all existing mDNS profiles from the WLAN. You cannot configure mDNS profiles on the WLAN.
wlan_id
Wireless LAN identifier from 1 to 512.
all
Configures the mDNS profile for all WLANs.
Command Default
Enabled.
Usage Guidelines
You must disable the WLAN before you use this command. Clients receive service advertisements only for the services associated with the profile. The controller gives the highest priority to the profiles associated to interface groups, followed by the interface profiles, and then the WLAN profiles. Each client is mapped to a profile based on the order of priority.
Examples
This example shows how to configure an mDNS profile for a WLAN:
> config wlan mdns profile profile1 1
Related Commands
config mdns query interval
config mdns service
config mdns snooping
config interface mdns-profile
config interface group mdns-profile
config mdns profile
show mdns profile
show mnds service
clear mdns service-database
debug mdns all
debug mdns error
debug mdns detail
debug mdns message
Configure Management-User Commands
Use the config mgmtuser commands to configure management user settings.
If you do not assign a QoS role to a guest user, the Role field in the User Details shows the role as default. The bandwidth contracts for this user are defined in the QoS profile for the WLAN.
If you want to unassign a QoS role from a guest user, use the config netuser guest-role applyusernamedefault. This user now uses the bandwidth contracts defined in the QoS profile for the WLAN.
Examples
This example shows how to apply a QoS role to a guest user jsmith with the QoS guest role named Contractor:
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
Examples
This example shows how to configure an average rate for the QoS guest named guestuser1:
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
Examples
This example shows how to configure an average data rate for the QoS guest user named guestuser1 with the rate for TCP traffic of 0 Kbps:
The burst data rate should be greater than or equal to the average data rate. Otherwise, the QoS policy may block traffic to and from the wireless client.
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
Examples
This example shows how to configure the peak data rate for the QoS guest named guestuser1 with the rate for TCP traffic of 0 Kbps:
To configure the burst real-time data rate for UDP traffic on a per user basis, use the config netuser guest-role qos data-rate burst-realtime-rate command.
The burst real-time rate should be greater than or equal to the average real-time rate. Otherwise, the quality of service (QoS) policy may block traffic to and from the wireless client.
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
Examples
This example shows how to configure a burst real-time rate for the QoS guest user named guestuser1 with the rate for TCP traffic of 0 Kbps:
To enable or disable 802.3 bridging on a controller, use the config network 802.3-bridging command.
config network 802.3-bridging {
enable |
disable}
Syntax Description
enable
Enables the 802.3 bridging.
disable
Disables the 802.3 bridging.
Command Default
Disabled.
Usage Guidelines
In controller software release 5.2, the software-based forwarding architecture for Cisco 2100 Series Controllers is being replaced with a new forwarding plane architecture. As a result, Cisco 2100 Series Controllers and the Cisco wireless LAN controller Network Module for Cisco Integrated Services Routers bridge 802.3 packets by default. Therefore, 802.3 bridging can now be disabled only on Cisco 4400 Series Controllers, the Cisco WiSM, and the Catalyst 3750G Wireless LAN Controller Switch.
To determine the status of 802.3 bridging, enter the show netuser guest-roles command.
Examples
This example shows how to enable the 802.3 bridging:
> config network 802.3-bridging enable
Related Commands
show netuser guest-roles
show network
config network allow-old-bridge-aps
To configure an old bridge access point’s ability to associate with a switch, use the config network allow-old-bridge-aps command.
Enables use of NAT IP only in discovery response. This is the default.
disable
Enables use of both NAT IP and non NAT IP in discovery response.
Command Default
Enabled.
Usage Guidelines
If the config interface nat-address management command is set, this command controls which address(es) are sent in the CAPWAP discovery responses.
If all APs are on the outside of the NAT gateway of the controller, enter the config network ap-discovery nat-ip-only enable command, and only the management NAT address is sent.
If the controller has both APs on the outside and the inside of its NAT gateway, enter the config network ap-discovery nat-ip-only disable command, and both the management NAT address and the management inside address are sent. Ensure that you have entered the config ap link-latency disable all command to avoid stranding APs.
Examples
This example shows how to enable NAT IP in an AP discovery response:
> config network ap-discovery nat-ip-only enable
config network ap-fallback
To configure Cisco lightweight access point fallback, use the config network ap-fallback command.
config network ap-fallback {
enable |
disable}
Syntax Description
enable
Enables the Cisco lightweight access point fallback.
disable
Disables the Cisco lightweight access point fallback.
Command Default
Enabled.
Examples
This example shows how to enable the Cisco lightweight access point fallback:
> config network ap-fallback enable
Related Commands
show network summary
config network ap-priority
To enable or disable the option to prioritize lightweight access points so that after a controller failure they reauthenticate by priority rather than on a first-come-until-full basis, use the config network ap-priority command.
config network ap-priority {
enable |
disable}
Syntax Description
enable
Enables the lightweight access point priority reauthentication.
disable
Disables the lightweight access point priority reauthentication.
Command Default
Disabled.
Examples
This example shows how to enable the lightweight access point priority reauthorization:
> config network ap-priority enable
Related Commands
config ap priority
show ap summary
show network summary
config network apple-talk
To configure AppleTalk bridging, use the config network apple-talk command.
config network apple-talk {
enable |
disable}
Syntax Description
enable
Enables the AppleTalk bridging.
disable
Disables the AppleTalk bridging.
Command Default
None.
Examples
This example shows how to configure AppleTalk bridging:
> config network apple-talk enable
Related Commands
show network summary
config network arptimeout
To set the Address Resolution Protocol (ARP) entry timeout value, use the config network arptimeout command.
config network arptimeout seconds
Syntax Description
seconds
Timeout in seconds. The minimum value is 10. The default value is 300.
Command Default
300.
Examples
This example shows how to set the ARP entry timeout value to 240 seconds:
> config network arptimeout 240
Related Commands
show network summary
config network bridging-shared-secret
To configure the bridging shared secret, use the config network bridging-shared-secret command.
Bridging shared secret string. The string can contain up to 10 bytes.
Command Default
Enabled.
Usage Guidelines
This command creates a secret that encrypts backhaul user data for the mesh access points that connect to the switch.
The zero-touch configuration must be enabled for this command to work.
Examples
This example shows how to configure the bridging shared secret string “shhh1”:
> config network bridging-shared-secret shhh1
Related Commands
show network summary
config network broadcast
To enable or disable broadcast packet forwarding, use the config network broadcast command.
config network broadcast {
enable |
disable}
Syntax Description
enable
Enables the broadcast packet forwarding.
disable
Disables the broadcast packet forwarding.
Command Default
Disabled.
Usage Guidelines
This command allows you to enable or disable broadcasting. You must enable multicast mode before enabling broadcast forwarding. Use the config network multicast mode command to configure multicast mode on the controller.
Note
The default multicast mode is unicast in case of all controllers except for Cisco 2106 Controllers. The broadcast packets and multicast packets can be independently controlled. If multicast is off and broadcast is on, broadcast packets still reach the access points, based on the configured multicast mode.
Examples
This example shows how to enable broadcast packet forwarding:
> config network broadcast enable
Related Commands
show network summary
config network multicast global
config network multicast mode
config network fast-ssid-change
To enable or disable fast Service Set Identifier (SSID) changing for mobile stations, use the config network fast-ssid-change command.
Enables the fast SSID changing for mobile stations
disable
Disables the fast SSID changing for mobile stations.
Command Default
None.
Usage Guidelines
When you enable the Fast SSID Change feature, the controller allows clients to move between SSIDs. When the client sends a new association for a different SSID, the client entry in the controller connection table is cleared before the client is added to the new SSID.
When you disable the FastSSID Change feature, the controller enforces a delay before clients are allowed to move to a new SSID.
Examples
This example shows how to enable the fast SSID changing for mobile stations:
> config network fast-ssid-change enable
Related Commands
show network summary
config network ip-mac-binding
To validate the source IP address and MAC address binding within client packets, use the config network ip-mac-binding command.
In controller software release 5.2, the controller enforces strict IP address-to-MAC address binding in client packets. The controller checks the IP address and MAC address in a packet, compares them to the addresses that are registered with the controller, and forwards the packet only if they both match. In previous releases, the controller checks only the MAC address of the client and ignores the IP address.
Note
You might want to disable this binding check if you have a routed network behind a workgroup bridge (WGB).
Examples
This example shows how to validate the source IP and MAC address within client packets:
> config network ip-mac-binding enable
config network master-base
To enable or disable the Cisco wireless LAN controller as an access point default master, use the config network master-base command.
config network master-base {
enable |
disable}
Syntax Description
enable
Enables the Cisco wireless LAN controller acting as a Cisco lightweight access point default master.
disable
Disables the Cisco wireless LAN controller acting as a Cisco lightweight access point default master.
Command Default
None.
Usage Guidelines
This setting is only used upon network installation and should be disabled after the initial network configuration. Because the Master Cisco wireless LAN controller is normally not used in a deployed network, the Master Cisco wireless LAN controller setting can be saved from 6.0.199.0 or later releases.
Examples
This example shows how to enable the Cisco wireless LAN controller as a default master:
> config network master-base enable
config network mgmt-via-wireless
To enable Cisco wireless LAN controller management from an associated wireless client, use the config network mgmt-via-wireless command.
Enables the switch management from a wireless interface.
disable
Disables the switch management from a wireless interface.
Command Default
Disabled.
Usage Guidelines
This feature allows wireless clients to manage only the Cisco wireless LAN controller associated with the client and the associated Cisco lightweight access point. That is, clients cannot manage another Cisco wireless LAN controller with which they are not associated.
Examples
This example shows how to configure switch management from a wireless interface:
> config network mgmt-via-wireless enable
Related Commands
show network summary
config network multicast global
To enable or disable multicasting on the controller, use the config network multicast global command.
config network multicast global {
enable |
disable}
Syntax Description
enable
Enables the multicast global support.
disable
Disables the multicast global support.
Command Default
Disabled.
Usage Guidelines
The config network broadcast {enable | disable} command allows you to enable or disable broadcasting without enabling or disabling multicasting as well. This command uses the multicast mode configured on the controller (by using the config network multicast mode command) to operate.
Examples
This example shows how to enable the global multicast support:
> config network multicast global enable
Related Commands
show network summary
config network broadcast
config network multicast mode
config network multicast igmp query interval
To configure the IGMP query interval, use the config network multicast igmp query interval command.
config network multicast igmp query interval value
Syntax Description
value
Frequency at which controller sends IGMP query messages. The range is from 15 to 2400 seconds.
Command Default
20 seconds.
Usage Guidelines
To configure IGMP query interval, ensure that you do the following:
Enable the global multicast by entering the config network multicast global enable command.
Enable IGMP snooping by entering the config network multicast igmp snooping enable command.
Examples
This example shows how to configure the IGMP query interval at 20 seconds:
> config network multicast igmp query interval 20
Related Commands
config network multicast global
config network multicast igmp snooping
config network multicast igmp timeout
config network multicast igmp snooping
To enable or disable IGMP snooping, use the config network multicast igmp snooping command.
This example shows how to enable internet IGMP snooping settings:
> config network multicast igmp snooping enable
Related Commands
config network multicast global
config network multicast igmp query interval
config network multicast igmp timeout
config network multicast igmp timeout
To set the IGMP timeout value, use the config network multicast igmp timeout command.
config network multicast igmp timeout value
Syntax Description
value
Timeout range from 30 to 7200 seconds.
Command Default
None.
Usage Guidelines
You can enter a timeout value between 30 and 7200 seconds. The controller sends three queries in one timeout value at an interval of timeout/3 to see if any clients exist for a particular multicast group. If the controller does not receive a response through an IGMP report from the client, the controller times out the client entry from the MGID table. When no clients are left for a particular multicast group, the controller waits for the IGMP timeout value to expire and then deletes the MGID entry from the controller. The controller always generates a general IGMP query (to destination address 224.0.0.1) and sends it on all WLANs with an MGID value of 1.
Examples
This example shows how to configure the timeout value 50 for IGMP network settings:
> config network multicast igmp timeout 50
Related Commands
config network multicast global
config network igmp snooping
config network multicast igmp query interval
config network multicast l2mcast
To configure the Layer 2 multicast on an interface or all interfaces, use the config network multicast l2mcast command.
Configures query interval to send MLD query messages.
interval-value
Query interval in seconds. The range is from 15 to 2400 seconds.
snooping
Configures MLD snooping.
enable
Enables MLD snooping.
disable
Disables MLD snooping.
timeout
Configures MLD timeout.
timeout-value
Timeout value in seconds. The range is from 30 seconds to 7200 seconds.
Command Default
None.
Examples
This example shows how to set a query interval of 20 seconds for MLD query messages:
> config network multicast mld query interval 20
Related Commands
config network multicast global
config network multicast igmp snooping
config network multicast igmp query interval
config network multicast l2mcast
config network multicast mode multicast
To configure the controller to use the multicast method to send broadcast or multicast packets to an access point, use the config network multicast mode multicast command.
config network multicast mode multicast
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to configure the multicast mode to send a single copy of data to multiple receivers:
> config network multicast mode multicast
Related Commands
config network multicast global
config network broadcast
config network multicast mode unicast
config network multicast mode unicast
To configure the controller to use the unicast method to send broadcast or multicast packets to an access point, use the config network multicast mode unicast command.
config network multicast mode unicast
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to configure the controller to use the unicast mode:
> config network multicast mode unicast
Related Commands
config network multicast global
config network broadcast
config network multicast mode multicast
config network oeap-600 dual-rlan-ports
To configure the Ethernet port 3 of Cisco OfficeExtend 600 Series access points to operate as a remote LAN port in addition to port 4, use the config network oeap-600 dual-rlan-ports command.
Enables access to the local network for the Cisco 600 Series OfficeExtend access points.
disable
Disables access to the local network for the Cisco 600 Series OfficeExtend access points.
Command Default
Disabled.
Examples
This example shows how to enable access to the local network for the Cisco 600 Series OfficeExtend access points:
> config network oeap-600 local-network enable
Related Commands
show network summary
config network otap-mode
To enable or disable over-the-air provisioning (OTAP) of Cisco lightweight access points, use the config network otap-mode command.
config network otap-mode {
enable |
disable}
Syntax Description
enable
Enables the OTAP provisioning.
disable
Disables the OTAP provisioning.
Command Default
Enabled.
Examples
This example shows how to disable the OTAP provisioning:
> config network otap-mode disable
Related Commands
show network summary
config network rf-network-name
To set the RF-Network name, use the config network rf-network-name command.
config network rf-network-name name
Syntax Description
name
RF-Network name. The name can contain up to 19 characters.
Command Default
None.
Examples
This example shows how to set the RF-network name to travelers:
> config network rf-network-name travelers
Related Commands
show network summary
config network secureweb
To change the state of the secure web (https is http and SSL) interface for management users, use the config network secureweb command.
config network secureweb {
enable |
disable}
Syntax Description
enable
Enables the secure web interface for management users.
disable
Disables the secure web interface for management users.
Command Default
Enabled.
Usage Guidelines
This command allows management users to access the controller GUI using an http://ip-address. Web mode is not a secure connection.
Examples
This example shows how to enable the secure web interface settings for management users:
> config network secureweb enable
You must reboot for the change to take effect.
Related Commands
config network secureweb cipher-option
show network summary
config network secureweb cipher-option
To enable or disable secure web mode with increased security, or to enable or disable Secure Sockets Layer (SSL v2) for web administration and web authentication, use the config network secureweb cipher-option command.
Configures whether or not 128-bit ciphers are required for web administration and web authentication.
sslv2
Configures SSLv2 for both web administration and web authentication.
rc4-preference
Configures preference for RC4-SHA (Rivest Cipher 4-Secure Hash Algorithm) cipher suites (over CBC cipher suites) for web authentication and web administration.
enable
Enables the secure web interface.
disable
Disables the secure web interface.
Command Default
The default is disabled for secure web mode with increased security and enabled for SSL v2.
Usage Guidelines
Note
The config network secureweb cipher-option command allows users to access the controller GUI using an http://ip-address but only from browsers that support 128-bit (or larger) ciphers.
When cipher-option sslv2 is disabled, users cannot connect using a browser configured with SSLv2 only. They must use a browser that is configured to use a more secure protocol such as SSLv3 or later.
In RC4-SHA based cipher suites, RC4 is used for encryption and SHA is used for message authentication.
Examples
This example shows how to enable secure web mode with increased security:
Specifies the average data rate for the queue bronze.
silver
Specifies the average data rate for the queue silver.
gold
Specifies the average data rate for the queue gold.
platinum
Specifies the average data rate for the queue platinum.
per-ssid
Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
per-client
Configures the rate limit for each client associated with the SSID.
downstream
Configures the rate limit for downstream traffic.
upstream
Configures the rate limit for upstream traffic.
rate
Average data rate for TCP traffic per user. A value between 0 and 51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
Command Default
None.
Examples
This example shows how to configure the average data rate 0 Kbps for the queue gold per SSID:
> config qos average-data-rate gold per ssid downstream 0
Related Commands
config qos burst-data-rate
config qos average-realtime-rate
config qos burst-realtime-rate
config wlan override-rate-limit
config qos average-realtime-rate
To define the average real-time data rate in Kbps for UDP traffic per user or per service set identifier (SSID), use the config qos average-realtime-rate command.
Specifies the average real-time data rate for the queue bronze.
silver
Specifies the average real-time data rate for the queue silver.
gold
Specifies the average real-time data rate for the queue gold.
platinum
Specifies the average real-time data rate for the queue platinum.
per-ssid
Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
per-client
Configures the rate limit for each client associated with the SSID.
downstream
Configures the rate limit for downstream traffic.
upstream
Configures the rate limit for upstream traffic.
rate
Average real-time data rate for UDP traffic per user. A value between 0 and 51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
Command Default
None.
Examples
This example shows how to configure the average real-time actual rate for queue gold:
> config qos average-realtime-rate gold per ssid downstream 10
Related Commands
config qos average-data-rate
config qos burst-data-rate
config qos burst-realtime-rate
config wlan override-rate-limit
config qos burst-data-rate
To define the peak data rate in Kbps for TCP traffic per user or per service set identifier (SSID), use the config qos burst-data-rate command.
Specifies the peak data rate for the queue bronze.
silver
Specifies the peak data rate for the queue silver.
gold
Specifies the peak data rate for the queue gold.
platinum
Specifies the peak data rate for the queue platinum.
per-ssid
Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
per-client
Configures the rate limit for each client associated with the SSID.
downstream
Configures the rate limit for downstream traffic.
upstream
Configures the rate limit for upstream traffic.
rate
Peak data rate for TCP traffic per user. A value between 0 and 51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
Command Default
None.
Examples
This example shows how to configure the peak rate 30000 Kbps for the queue gold:
> config qos burst-data-rate gold per ssid downstream 30000
Related Commands
config qos average-data-rate
config qos average-realtime-rate
config qos burst-realtime-rate
config wlan override-rate-limit
config qos burst-realtime-rate
To define the burst real-time data rate in Kbps for UDP traffic per user or per service set identifier (SSID), use the config qos burst-realtime-rate command.
Specifies the burst real-time data rate for the queue bronze.
silver
Specifies the burst real-time data rate for the queue silver.
gold
Specifies the burst real-time data rate for the queue gold.
platinum
Specifies the burst real-time data rate for the queue platinum.
per-ssid
Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
per-client
Configures the rate limit for each client associated with the SSID.
downstream
Configures the rate limit for downstream traffic.
upstream
Configures the rate limit for upstream traffic.
rate
Burst real-time data rate for UDP traffic per user. A value between 0 and 51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
Command Default
None.
Examples
This example shows how to configure the burst real-time actual rate 2000 Kbps for the queue gold:
> config qos burst-realtime-rate gold per ssid downstream 2000
Related Commands
config qos average-data-rate
config qos burst-data-rate
config qos average-realtime-rate
config wlan override-rate-limit
config qos description
To change the profile description, use the config qos description command.
Specifies the QoS 802.1p tag for the queue bronze.
silver
Specifies the QoS 802.1p tag for the queue silver.
gold
Specifies the QoS 802.1p tag for the queue gold.
platinum
Specifies the QoS 802.1p tag for the queue platinum.
dot1p_tag
Dot1p tag value between 1 and 7.
Command Default
None.
Examples
This example shows how to configure the a QoS 802.1p tag for the queue gold with the dot1p tag value of 5:
> config qos dot1p-tag gold 5
Related Commands
show qos queue_length all
config qos protocol-type
config qos priority
To define the maximum and default QoS levels for unicast and multicast traffic when you assign a QoS profile to a WLAN, use the config qos priority command.
Default multicast priority as one of the following:
besteffort
background
video
voice
Usage Guidelines
The maximum priority level should not be lower than the default unicast and multicast priority levels.
Examples
This example shows how to configure the QoS priority for a gold profile of the WLAN with voice as the maximum priority, video as the default unicast priority, and besteffort as the default multicast priority.
> config qos priority gold voice video besteffort
Related Commands
config qos protocol-type
config qos protocol-type
To define the maximum value (0-7) for the priority tag associated with packets that fall within the profile, use the config qos protocol-type command.
To modify the access mode (read only or read/write) of an SNMP community, use the config snmp community accessmode command.
config snmp community accessmode {
ro |
rw}
name
Syntax Description
ro
Specifies a read-only mode.
rw
Specifies a read/write mode.
name
SNMP community name.
Command Default
Two communities are provided by default with the following settings:
SNMP Community Name Client IP Address Client IP Mask Access Mode Status
------------------- ----------------- ---------------- ----------- ------
public 0.0.0.0 0.0.0.0 Read Only Enable
private 0.0.0.0 0.0.0.0 Read/Write Enable
Examples
This example shows how to configure read/write access mode for SNMP community:
> config snmp community accessmode rw private
Related Commands
show snmp community
config snmp community mode
config snmp community create
config snmp community delete
config snmp community ipaddr
config snmp community create
To create a new SNMP community, use the config snmp community create command.
config snmp community create name
Syntax Description
name
SNMP community name of up to 16 characters.
Command Default
None.
Usage Guidelines
Use this command to create a new community with the default configuration.
Examples
This example shows how to create a new SNMP community named test:
> config snmp community create test
Related Commands
show snmp community
config snmp community mode
config snmp community accessmode
config snmp community delete
config snmp community ipaddr
config snmp community delete
To delete an SNMP community, use the config snmp community delete command.
config snmp community delete name
Syntax Description
name
SNMP community name.
Command Default
None.
Examples
This example shows how to delete an SNMP community named test:
> config snmp community delete test
Related Commands
show snmp community
config snmp community mode
config snmp community accessmode
config snmp community create
config snmp community ipaddr
config snmp community ipaddr
To configure the IP address of an SNMP community, use the config snmp community ipaddr command.
config snmp community ipaddr ip_address ip_mask name
Syntax Description
ip_address
SNMP community IP address.
ip_mask
SNMP community subnet mask.
name
SNMP community name.
Command Default
None.
Examples
This example shows how to configure an SNMP community with the IP address 10.10.10.10, IP mask 255.255.255.0, and SNMP community named public:
> config snmp community ipaddr 10.10.10.10 255.255.255.0 public
Related Commands
show snmp community
config snmp community mode
config snmp community accessmode
config snmp community create
config snmp community delete
config snmp community mode
To enable or disable an SNMP community, use the config snmp community mode command.
config snmp community mode {
enable |
disable}
name
Syntax Description
enable
Enables the community.
disable
Disables the community.
name
SNMP community name.
Command Default
None.
Examples
This example shows how to enable the SNMP community named public:
> config snmp community mode disable public
Related Commands
show snmp community
config snmp community delete
config snmp community accessmode
config snmp community create
config snmp community ipaddr
config snmp engineID
To configure the SNMP engine ID, use the config snmp engineID command.
config snmp engineID {
engine_id |
default}
Syntax Description
engine_id
Engine ID in hexadecimal characters (a minimum of 10 and a maximum of 24 characters are allowed).
default
Restores the default engine ID.
Command Default
None.
Usage Guidelines
The SNMP engine ID is a unique string used to identify the device for administration purposes. You do need to specify an engine ID for the device because a default string is automatically generated using Cisco’s enterprise number and the MAC address of the first interface on the device.
If you change the engine ID, then a reboot is required for the change to take effect.
Caution If you change the value of the SNMP engine ID, then the password of the user entered on the command line is converted to an MD5 (Message-Digest algorithm 5) or SHA (Secure Hash Algorithm) security digest. This digest is based on both the password and the local engine ID. The command line password is then deleted. Because of this deletion, if the local value of the engine ID changes, the security digests of the SNMP users will become invalid, and the users will have to be reconfigured.
Examples
This example shows how to configure the SNMP engine ID with the value fffffffffff:
> config snmp engineID fffffffffff
Related Commands
show snmpengineID
config snmp syscontact
To set the SNMP system contact name, use the config snmp syscontact command.
config snmp syscontact contact
Syntax Description
contact
SNMP system contact name. The contact can be up to 31 alphanumeric characters.
Command Default
None.
Examples
This example shows how to set the SMNP system contact named Cisco WLAN Solution_administrator:
To configure the threshold value of the number of clients that associate with the controller, after which an SNMP trap and a syslog message is sent to the controller, use the config trapflags client max-warning-threshold command.
Configures the threshold percentage value of the number of clients that associate with the controller, after which an SNMP trap and a syslog message is sent to the controller. The range is from 80 to 100.
The minimum interval between two warnings is 10 mins You cannot configure this interval.
enable
Enables the generation of the traps and syslog messages.
disable
Disables the generation of the traps and syslog messages.
Command Default
90.
Usage Guidelines
Table 1 Maximum Number of Clients Supported on Different Controllers
Controller
Maximum number of supported clients
Cisco 5500 Series Controllers
7000
Cisco 2500 Series Controllers
500
Cisco Wireless Services Module 2
15000
Cisco Flex 7500 Series Controllers
64000
Cisco 8500 Series Controllers
64000
Cisco Virtual Wireless LAN Controllers
30000
Examples
This example shows how to configure the threshold value of the number of clients that associate with the controller:
Enables the sending of IPsec traps when an ESP authentication failure occurs.
esp-reply
Enables the sending of IPsec traps when an ESP replay failure occurs.
invalidSPI
Enables the sending of IPsec traps when an ESP invalid SPI is detected.
ike-neg
Enables the sending of IPsec traps when an IKE negotiation failure occurs.
suite-neg
Enables the sending of IPsec traps when a suite negotiation failure occurs.
invalid-cookie
Enables the sending of IPsec traps when a Isakamp invalid cookie is detected.
enable
Enables sending of IPsec traps.
disable
Disables sending of IPsec traps.
Command Default
Enabled.
Examples
This example shows how to enable the sending of IPsec traps when ESP authentication failure occurs:
> config trapflags IPsec esp-auth enable
Related Commands
show trapflags
config trapflags linkmode
To enable or disable Cisco wireless LAN controller level link up/down trap flags, use the config trapflags linkmode command.
config trapflags linkmode {
enable |
disable}
Syntax Description
enable
Enables Cisco wireless LAN controller level link up/down trap flags.
disable
Disables Cisco wireless LAN controller level link up/down trap flags.
Command Default
Enabled.
Examples
This example shows how to enable the Cisco wireless LAN controller level link up/down trap:
> config trapflags linkmode disable
Related Commands
show trapflags
config trapflags mesh
To configure trap notifications when a mesh access point is detected, use the config trapflags mesh command.
config trapflags mesh {
enable |
disable}
Syntax Description
enable
Enables trap notifications when a mesh access point is detected.
disable
Disables trap notifications when a mesh access point is detected.
Command Default
None.
Examples
This example shows how to enable trap notifications when a mesh access point is detected:
> config trapflags mesh enable
Related Commands
config trapflags 802.11-Security
config trapflags aaa
config trapflags ap
config trapflags adjchannel-rogueap
config trapflags authentication
config trapflags client
config trapflags configsave
config trapflags IPsec
config trapflags linkmode
config trapflags multiusers
config trapflags strong-pwdcheck
config trapflags rfid
config trapflags rogueap
show trapflags
config trapflags multiusers
To enable or disable the sending of traps when multiple logins are active, use the config trapflags multiusers command.
config trapflags multiusers {
enable |
disable}
Syntax Description
enable
Enables the sending of traps when multiple logins are active.
disable
Disables the sending of traps when multiple logins are active.
Command Default
Enabled.
Examples
This example shows how to disable the sending of traps when multiple logins are active:
> config trapflags multiusers disable
Related Commands
show trapflags
config trapflags rfid
To configure the threshold value of the maximum number of RFID tags, after which an SNMP trap and a syslog message is sent to the controller, use the config trapflags rfid command.
config trapflags rfid {
threshold |
enable |
disable}
Syntax Description
threshold
Configures the threshold percentage value of the maximum number of RFID tags, after which an SNMP trap and a syslog message is sent to the controller. The range is from 80 to 100.
The traps and syslog messages are generated every 10 minutes. You cannot configure this interval.
enable
Enables the generation of the traps and syslog messages.
disable
Disables the generation of the traps and syslog messages.
Command Default
90.
Usage Guidelines
The table below shows the maximum number of RFID tags supported on different controllers:
Table 2 Maximum Number of RFID Tags Supported on Different Controllers
Controller
Maximum number of supported clients
Cisco 5500 Series Controllers
5000
Cisco 2500 Series Controllers
500
Cisco Wireless Services Module 2
10000
Cisco Flex 7500 Series Controllers
50000
Cisco 8500 Series Controllers
50000
Cisco Virtual Wireless LAN Controllers
3000
Examples
This example shows how to configure the threshold value of the maximum number of RFID tags:
> config trapflags rfid 80
Related Commands
config trapflags 802.11-Security
config trapflags aaa
config trapflags ap
config trapflags adjchannel-rogueap
config trapflags authentication
config trapflags client
config trapflags configsave
config trapflags IPsec
config trapflags linkmode
config trapflags multiusers
config trapflags mesh
config trapflags strong-pwdcheck
config trapflags rogueap
config trapflags mesh
show trapflags
config trapflags rogueap
To enable or disable sending rogue access point detection traps, use the config trapflags rogueap command.
config trapflags rogueap {
enable |
disable}
Syntax Description
enable
Enables the sending of rogue access point detection traps.
disable
Disables the sending of rogue access point detection traps.
Command Default
Enabled
Examples
This example shows how to disable the sending of rogue access point detection traps:
> config trapflags rogueap disable
Related Commands
config rogue ap classify
config rogue ap friendly
config rogue ap rldp
config rogue ap ssid
config rogue ap timeout
config rogue ap valid-client
show rogue ap clients
show rogue ap detailed
show rogue ap summary
show rogue ap friendly summary
show rogue ap malicious summary
show rogue ap unclassified summary
show trapflags
config trapflags rrm-params
To enable or disable the sending of Radio Resource Management (RRM) parameters traps, use the config trapflags rrm-params command.
Specifies the Certificate Authority (CA) server settings.
http://url:port/path
Domain name or IP address of the CA server.
ca-cert
Specifies CA certificate database settings.
add
Obtains a CA certificate from the CA server and adds it to the controller’s certificate database.
delete
Deletes a CA certificate from the controller’s certificate database.
subject-params
Specifies the device certificate settings.
country state city orgn dept email
Country, state, city, organization, department, and email of the certificate authority.
Note
The common name (CN) is generated automatically on the access point using the current MIC/SSC format Cxxxx-MacAddr, where xxxx is the product number.
other-params
Specifies the device certificate key size settings.
keysize
Value from 384 to 2048 (in bits); the default value is 2048.
ap-provision
Specifies the access point provision list settings.
auth-list
Specifies the provision list authorization settings.
ap_mac
MAC address of access point to be added or deleted from the provision list.
revert-cert
Specifies the number of times the access point attempts to join the controller using an LSC before reverting to the default certificate.
retries
Value from 0 to 255; the default value is 3.
Note
If you set the number of retries to 0 and the access point fails to join the controller using an LSC, the access point does not attempt to join the controller using the default certificate. If you are configuring LSC for the first time, we recommend that you configure a nonzero value.
Command Default
The default value of keysize is 2048 bits. The default value of retries is 3.
Usage Guidelines
You can configure only one CA server. To configure a different CA server, delete the configured CA server by using the config certificate lsc ca-server delete command, and then configure a different CA server.
If you configure an access point provision list, only the access points in the provision list are provisioned when you enable AP provisioning (in Step 8). If you do not configure an access point provision list, all access points with an MIC or SSC certificate that join the controller are LSC provisioned.
Examples
This example shows how to enable the LSC settings:
> config certificate lsc enable
This example shows how to enable the LSC settings for Certificate Authority (CA) server settings:
Configures hash validation of the SSC certificate.
enable
Enables hash validation of the SSC certificate.
disable
Disables hash validation of the SSC certificate.
Command Default
Enabled.
Usage Guidelines
When you enable the SSC hash validation, an AP validates the SSC certificate of the virtual controller. When an AP validates the SSC certificate, it checks if the hash key of the virtual controller matches the hash key stored in its flash. If a match is found, the validation passes and the AP moves to the Run state. If a match is not found, the validation fails and the AP disconnects from the controller and restarts the discovery process. By default, hash validation is enabled. Hence, an AP must have the virtual controller hash key in its flash before associating with the virtual controller. If you disable hash validation of the SSC certificate, the AP bypasses the hash validation and directly moves to the Run state.
APs can associate with a physical controller, download the hash keys and then associate with a virtual controller. If the AP is associated to a physical controller and if hash validation is disabled, it joins any virtual controller without hash validation.
Examples
This example shows how to enable hash validation of the SSC certificate:
This example shows how to use a device certificate for web administration:
> config certificate use-device-certificate webadmin
Use device certificate for web administration. Do you wish to continue? (y/n) y
Using device certificate for web administration.
Save configuration and restart controller to use new certificate.
Related Commands
config certificate
show certificate compatibility
show certificate lsc
show certificate ssc
show certificate summary
show local-auth certificates
config coredump
To enable or disable the controller to generate a core dump file following a crash, use the config cordump command.
config coredump {
enable |
disable}
Syntax Description
enable
Enables the controller to generate a core dump file.
disable
Disables the controller to generate a core dump file.
Command Default
None.
Examples
This example shows how to enable the controller to generate a core dump file following a crash:
> config coredump enable
Related Commands
config coredump ftp
config coredump username
show coredump summary
config coredump ftp
To automatically upload a controller core dump file to an FTP server after experiencing a crash, use the config coredump ftp command.
config coredump ftp server_ip_address filename
Syntax Description
server_ip_address
IP address of the FTP server to which the controller sends its core dump file.
filename
Name given to the controller core dump file.
Command Default
None.
Usage Guidelines
The controller must be able to reach the FTP server to use this command.
Examples
This example shows how to configure the controller to upload a core dump file named core_dump_controller to an FTP server at network address 192.168.0.13:
To specify the FTP server username and password when uploading a controller core dump file after experiencing a crash, use the config coredump username command.
Enables the external URL web-based client authorization.
disable
Disables the external URL we-based client authentication.
Command Default
None.
Examples
This example shows how to enable the external URL web-based client authorization:
> config custom-web ext-webauth-mode enable
Related Commands
config custom-web redirectUrl
config custom-web weblogo
config custom-web webmessage
config custom-web webtitle
config custom-web ext-webauth-url show custom-web
config custom-web ext-webauth-url
To configure the complete external web authentication URL for the custom-web authentication page, use the config custom-web ext-webauth-url command.
config custom-web ext-webauth-url URL
Syntax Description
URL
URL used for web-based client authorization.
Command Default
None.
Examples
This example shows how to configure the complete external web authentication URL http://www.AuthorizationURL.com/ for the web-based client authorization:
Configures an address range to allocate. You must specify the scope name and the first and last addresses of the address range.
create-scopename
Creates a new DHCP scope. You must specify the scope name.
default-routerscoperouter_1 [router_2] [router_3]
Configures the default routers for the specified scope and specify the IP address of a router. Optionally, you can specify the IP addresses of secondary and tertiary routers.
delete-scopescope
Deletes the specified DHCP scope.
disablescope
Disables the specified DHCP scope.
dns-serversscopedns1 [dns2] [dns3]
Configures the name servers for the given scope. You must also specify at least one name server. Optionally, you can specify secondary and tertiary name servers.
domainscopedomain
Configures the DNS domain name. You must specify the scope and domain names.
enablescope
Enables the specified dhcp scope.
leasescopelease_duration
Configures the lease duration (in seconds) for the specified scope.
netbios-name-serverscope wins1 [wins2] [wins3]
Configures the netbios name servers. You must specify the scope name and the IP address of a name server. Optionally, you can specify the IP addresses of secondary and tertiary name servers.
networkscopenetwork netmask
Configures the network and netmask. You must specify the scope name, the network address, and the network mask.
opt-82 remote-id
Configures the DHCP option 82 remote ID field format.
DHCP option 82 provides additional security when DHCP is used to allocate network addresses. The controller acts as a DHCP relay agent to prevent DHCP client requests from untrusted sources. The controller adds option 82 information to DHCP requests from clients before forwarding the requests to the DHCP server.
ap_mac
MAC address of the access point to the DHCP option 82 payload.
ap_mac:ssid
MAC address and SSID of the access point to the DHCP option 82 payload.
ap-ethmac
Remote ID format as AP Ethernet MAC address.
apname:ssid
Remote ID format as AP name:SSID.
ap-group-name
Remote ID format as AP group name.
flex-group-name
Remote ID format as FlexConnect group name .
ap-location
Remote ID format as AP location.
apmac-vlan_id
Remote ID format as AP radio MAC address:VLAN_ID.
apname-vlan_id
Remote ID format as AP Name:VLAN_ID.
ap-ethmac-ssid
Remote ID format as AP Ethernet MAC:SSID address.
Command Default
The default values for ap-group-name is "default-group", and for ap-location is "default location".
If ap-group-name and flex-group-name are null, then the system MAC is sent as the remote ID field.
Usage Guidelines
Use the show dhcp command to display the internal DHCP configuration.
Examples
This example shows how to configure the DHCP lease for the scope 003:
> config dhcp lease 003
Related Commands
config dhcp proxy
config dhcp timeout
config interface dhcp
config wlan dhcp_server
debug dhcp
debug dhcp service-port
debug disable-all
show dhcp
show dhcp proxy
config dhcp proxy
To specify the level at which DHCP packets are modified, use the config dhcp proxy command.
Allows the controller to modify the DHCP packets without a limit.
disable
Reduces the DHCP packet modification to the level of a relay.
bootp-broadcast
Configures DHCP BootP broadcast option.
Command Default
Enabled.
Usage Guidelines
Follow these guidelines when you use this command:
Use the show dhcp proxy command to display the status of DHCP proxy handling.
To enable third-party WGB support, you must enable the passive-client feature on the wirless LAN by entering the config wlan passive-client enable command.
Examples
This example shows how to disable the DHCP packet modification:
> config dhcp proxy disable
This example shows how to enable the DHCP BootP broadcast option:
Associates a NetFlow monitor with an exporter, or a NetFlow record with a NetFlow monitor.
delete
Dissociates a NetFlow monitor from an exporter, or a NetFlow record from a NetFlow monitor.
monitor
Configures a NetFlow monitor.
monitor_name
Name of the NetFlow monitor. The monitor name can be up to 32 case-sensitive, alphanumeric characters. You cannot include spaces for a monitor name.
exporter
Configures a NetFlow exporter.
exporter_name
Name of the NetFlow exporter. The exporter name can be up to 32 case-sensitive, alphanumeric characters. You cannot include spaces for an exporter name.
record
Associates a NetFlow record to the NetFlow monitor.
record_name
Name of the IPv4 NetFlow record of the client application.
Command Default
None.
Usage Guidelines
An exporter is a network entity that exports the template with the IP traffic information. The controller acts as an exporter. A NetFlow record in the controller contains the information about the traffic in a given flow such as client MAC address, client source IP address, WLAN ID, incoming and outgoing bytes of data, incoming and outgoing packets, incoming and outgoing DSCP.
Examples
This example shows how to configure the flow monitor and exporter:
Configures the license agent to receive license requests from the Cisco License Manager (CLM).
plaintext
Disables encryption (HTTP).
encrypt
Enables encryption (HTTPS).
url
URL where the license agent receives the requests.
acl
(Optional) Specifies the access control list.
acl_name
Specifies the access control list for license requests.
max-message
Specifies the maximum message size for license requests.
size
Maximum message size for license request is from 0 to 65535.
max-session
Specifies the maximum number of sessions allowed.
sessions
Maximum number of sessions allowed for the license agent is from 1 to 25.
notify
Configures the license agent to send license notifications to the CLM.
username
Username used in license agent notification.
password
Password used in license agent notification.
Command Default
The license agent is disabled by default.
The listener is disabled by default.
Notify is disabled by default.
The default maximum number of sessions is 9.
The default maximum message size is 0.
Usage Guidelines
If your network contains various Cisco licensed devices, you might consider using the CLM to manage all of the licenses using a single application. CLM is a secure client/server application that manages Cisco software licenses network wide.
The license agent is an interface module that runs on the controller and mediates between CLM and the controller’s licensing infrastructure. CLM can communicate with the controller using various channels, such as HTTP, Telnet, and so on. If you want to use HTTP as the communication method, you must enable the license agent on the controller.
The license agent receives requests from the CLM and translates them into license commands. It also sends notifications to the CLM. It uses XML messages over HTTP or HTTPS to receive the requests and send the notifications. For example, if the CLM sends a license clear command, the agent notifies the CLM after the license expires.
This example shows how to authenticate the default license agent settings:
> config license agent default authenticate
This example shows how to configure the license agent with the number of maximum sessions allowed as 5:
> config license agent max-session 5
Related Commands
license install
show license agent
clear license agent
config license boot
To specify the license level to be used on the next reboot of the Cisco 5500 Series Controller, use the config license boot command.
config license boot {
base |
wplus |
auto}
Syntax Description
base
Specifies the base boot level.
wplus
Specifies the wplus boot level.
auto
Specifies the auto boot level.
Command Default
None.
Usage Guidelines
If you enter auto, the licensing software automatically chooses the license level to use on the next reboot. It generally chooses permanent licenses over evaluation licenses and wplus licenses over base licenses.
Note
If you are considering upgrading from a base license to a wplus license, you can try an evaluation wplus license before upgrading to a permanent wplus license. To activate the evaluation license, you need to set the image level to wplus in order for the controller to use the wplus evaluation license instead of the base permanent license.
Note
To prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the controller defaults to the same feature set level as the expired evaluation license. If no permanent license at the same feature set level is installed, the controller uses a permanent license at another level or an unexpired evaluation license.
Examples
This example shows how to set the license boot settings to wplus:
> config license boot wplus
Related Commands
license install
show license in-use
license modify priority
config load-balancing
To globally configure aggressive load balancing on the controller, use the config load-balancing command.
Specifies the aggressive load balancing client window.
client_count
Aggressive load balancing client window with the number of clients from 1 to 20.
status
Sets the load balancing status.
enable
Enables load balancing feature.
disable
Disables load balancing feature.
denial
Specifies the number of association denials during load balancing.
denial_count
Maximum number of association denials during load balancing. from 0 to 10.
uplink-threshold
Specifies
the threshold traffic for an
access point to deny new associations.
traffic_threshold
Threshold traffic for an
access point to deny new associations. This value is a percentage of the WAN utilization measured over a 90 second interval.
For example, the default
threshold value of 50 triggers the load balancing upon detecting
an utilization of 50% or more on an access point WAN interface.
Command Default
Disabled.
Usage Guidelines
Load-balancing-enabled WLANs do not support time-sensitive applications like voice and video because of roaming delays.
When you use Cisco 7921 and 7920 Wireless IP Phones with controllers, make sure that aggressive load balancing is disabled on the voice WLANs for each controller. Otherwise, the initial roam attempt by the phone might fail, causing a disruption in the audio path.
Clients can only be load balanced across access points joined to the same controller. The WAN utilization is calculated as a percentage using the following formula: (Transmitted Data Rate (per second) + Received Data Rate (per second))/(1000Mbps TX + 1000Mbps RX) * 100
Examples
This example shows how to enable the aggressive load-balancing settings:
> config load-balancing aggressive enable
Related Commands
show load-balancing
config wlan load-balance
config location
To configure a location-based system, use the config location command.
This example shows how to save the debug messages to the controller console:
> config logging debug console enable
Related Commands
show logging
config logging fileinfo
To cause the controller to include information about the source file in the message logs or to prevent the controller from displaying this information, use the config logging fileinfo command.
config logging fileinfo {
enable |
disable}
Syntax Description
enable
Includes information about the source file in the message logs.
disable
Prevents the controller from displaying information about the source file in the message logs.
Command Default
None.
Examples
This example shows how to enable the controller to include information about the source file in the message logs:
> config logging fileinfo enable
Related Commands
show logging
config logging procinfo
To cause the controller to include process information in the message logs or to prevent the controller from displaying this information, use the config logging procinfo command.
config logging procinfo {
enable |
disable}
Syntax Description
enable
Includes process information in the message logs.
disable
Prevents the controller from displaying process information in the message logs.
Command Default
None.
Examples
This example shows how to enable the controller to include the process information in the message logs:
> config logging procinfo enable
Related Commands
show logging
config logging traceinfo
To cause the controller to include traceback information in the message logs or to prevent the controller from displaying this information, use the config logging traceinfo command.
config logging traceinfo {
enable |
disable}
Syntax Description
enable
Includes traceback information in the message logs.
disable
Prevents the controller from displaying traceback information in the message logs.
Command Default
None.
Examples
This example shows how to disable the controller to include the traceback information in the message logs:
> config logging traceinfo disable
Related Commands
show logging
config logging syslog host
To configure a remote host for sending syslog messages, use the config logging syslog host command.
config logging syslog host host_IP_address
Syntax Description
host_IP_address
IP address for the remote host.
Command Default
None.
Usage Guidelines
To remove a remote host that was configured for sending syslog messages, enter the config logging syslog hosthost_IP_addressdelete command.
Examples
This example shows how to configure a remote host 10.92.125.52 for sending the syslog messages:
> config logging syslog host 10.92.125.52
Related Commands
config logging syslog facility
config logging syslog level
show logging
config logging syslog facility
To set the facility for outgoing syslog messages to the remote host, use the config logging syslog facility command.
auth-private—Authorization system (private). Facility level—10.
cron—Cron/at facility. Facility level—9.
daemon—System daemons. Facility level—3.
ftp—FTP daemon. Facility level—11.
kern—Kernel. Facility level—0.
local0—Local use. Facility level—16.
local1—Local use. Facility level—17.
local2—Local use. Facility level—18.
local3—Local use. Facility level—19.
local4—Local use. Facility level—20.
local5—Local use. Facility level—21.
local6—Local use. Facility level—22.
local7—Local use. Facility level—23.
lpr—Line printer system. Facility level—6.
mail—Mail system. Facility level—2.
news—USENET news. Facility level—7.
sys12—System use. Facility level—12.
sys13—System use. Facility level—13.
sys14—System use. Facility level—14.
sys15—System use. Facility level—15.
syslog—The syslog itself. Facility level—5.
user—User process. Facility level—1.
uucp—UNIX-to-UNIX copy system. Facility level—8.
Command Default
None.
Examples
This example shows how to set the facility for outgoing syslog messages to authorization:
> config logging syslog facility authorization
Related Commands
config logging syslog host
config logging syslog level
show logging
config logging syslog level
To set the severity level for filtering syslog messages to the remote host, use the config logging syslog level command.
config logging syslog level severity_level
Syntax Description
severity_level
Severity level. Choose one of the following:
emergencies—Severity level 0
alerts—Severity level 1
critical—Severity level 2
errors—Severity level 3
warnings—Severity level 4
notifications—Severity level 5
informational—Severity level 6
debugging—Severity level 7
Command Default
None.
Examples
This example shows how to set the severity level for syslog messages to 3:
> config logging syslog level 3
Related Commands
config logging syslog host
config logging syslog facility
show logging
config loginsession close
To close all active Telnet sessions, use the config loginsession close command.
config loginsession close {
session_id |
all}
Syntax Description
session_id
ID of the session to close.
all
Closes all Telnet sessions.
Command Default
None.
Examples
This example shows how to close all active Telnet sessions:
> config loginsession close all
Related Commands
show loginsession
config nmsp notify-interval measurement
To modify the Network Mobility Services Protocol (NMSP) notification interval value on the controller to address latency in the network, use the config nmsp notify-interval measurement command.
Modifies the interval for active radio frequency identification (RFID) tags.
rogue
Modifies the interval for rogue access points and rogue clients.
interval
Time interval. The range is from 1 to 30 seconds.
Command Default
None.
Usage Guidelines
The TCP port (16113) that the controller and location appliance communicate over must be open (not blocked) on any firewall that exists between the controller and the location appliance for NMSP to function.
Examples
This example shows how to modify the NMSP notification interval for the active RFID tags to 25 seconds:
> config nmsp notify-interval measurement rfid 25
Related Commands
clear locp statistics
clear nmsp statistics
show nmsp notify-interval summary
show nmsp statistics
show nmsp status
config paging
To enable or disable scrolling of the page, use the config paging command.
config paging {
enable |
disable}
Syntax Description
enable
Enables the scrolling of the page.
disable
Disables the scrolling of the page.
Command Default
Enabled.
Examples
This example shows how to enable scrolling of the page
> config paging enable
Related Commands
show run-config
config passwd-cleartext
To enable or disable temporary display of passwords in plain text, use the config passwd-cleartext command.
config passwd-cleartext {
enable |
disable}
Syntax Description
enable
Enables the display of passwords in plain text.
disable
Disables the display of passwords in plain text.
Command Default
Disabled.
Usage Guidelines
This command must be enabled if you want to see user-assigned passwords displayed in clear text when using the show run-config command.
To execute this command, you must enter an admin password. This command is valid only for this particular session. It is not saved following a reboot.
Examples
This example shows how to enable display of passwords in plain text:
> config passwd-cleartext enable
The way you see your passwds will be changed
You are being warned.
Enter admin password:
Related Commands
show run-config
config prompt
To change the CLI system prompt, use the config prompt command.
config prompt prompt
Syntax Description
prompt
New CLI system prompt enclosed in double quotes. The prompt can be up to 31 alphanumeric characters and is case sensitive.
Command Default
The system prompt is configured using the startup wizard.
Usage Guidelines
Because the system prompt is a user-defined variable, it is omitted from the rest of this documentation.
Examples
This example shows how to change the CLI system prompt to Cisco 4400:
> config prompt “Cisco 4400”
config rfid auto-timeout
To configure an automatic timeout of radio frequency identification (RFID) tags, use the config rfid auto-timeout command.
config rfid auto-timeout {
enable |
disable}
Syntax Description
enable
Enables an automatic timeout.
disable
Disables an automatic timeout.
Command Default
None.
Examples
This example shows how to enable an automatic timeout of RFID tags:
> config rfid auto-timeout enable
Related Commands
show rfid summary
config rfid status
config rfid timeout
config rfid status
To configure radio frequency identification (RFID) tag data tracking, use the config rfid status command.
config rfid status {
enable |
disable}
Syntax Description
enable
Enables RFID tag tracking.
disable
Enables RFID tag tracking.
Command Default
None.
Examples
This example shows how to configure RFID tag tracking settings:
> config rfid status enable
Related Commands
show rfid summary
config rfid auto-timeout
config rfid timeout
config rfid timeout
To configure a static radio frequency identification (RFID) tag data timeout, use the config rfid timeout command.
config rfid timeout seconds
Syntax Description
seconds
Timeout in seconds (from 60 to 7200).
Command Default
None.
Examples
This example shows how to configure a static RFID tag data timeout of 60 seconds.
> config rfid timeout 60
Related Commands
show rfid summary
config rfid statistics
config service timestamps
To enable or disable timestamps in message logs, use the config service timestamps command.
Enables the breaking into boot prompt by pressing the Esc key at system startup.
disable
Disables the breaking into boot prompt by pressing the Esc key at system startup.
Command Default
Disabled.
Usage Guidelines
You must enable the features that are prerequisites for the Federal Information Processing Standard (FIPS) mode before enabling or disabling the breaking into boot prompt.
Examples
This example shows how to enable the breaking into boot prompt by pressing the Esc key at system startup:
> config switchconfig boot-break enable
Related Commands
show switchconfig
config switchconfig flowcontrol
config switchconfig mode
config switchconfig secret-obfuscation
config switchconfig fips-prerequisite
config switchconfig strong-pwd
config switchconfig fips-prerequisite
To enable or disable the features that are prerequisites for the Federal Information Processing Standard (FIPS) mode, use the config switchconfig fips-prerequisite command.
Secrets and user passwords are obfuscated in the exported XML configuration file.
Usage Guidelines
To keep the secret contents of your configuration file secure, do not disable secret obfuscation. To further enhance the security of the configuration file, enable configuration file encryption.
Examples
This example shows how to enable secret obfuscation:
> config switchconfig secret-obfuscation enable
Related Commands
show switchconfig
config sysname
To set the Cisco wireless LAN controller system name, use the config sysname command.
config sysname name
Syntax Description
name
System name. The name can contain up to 31 alphanumeric characters.
Command Default
None.
Examples
This example shows how to configure the system named Ent_01:
> config sysname Ent_01
Related Commands
show sysinfo
config time manual
To set the system time, use the config time manual command.
config time manual MM |
DD |
YY HH:
MM:
SS
Syntax Description
MM/DD/YY
Date.
HH:MM:SS
Time.
Command Default
None.
Examples
This example shows how to configure the system date to 04/04/2010 and time to 15:29:00:
> config time manual 04/04/2010 15:29:00
Related Commands
show time
config time ntp
To set the Network Time Protocol (NTP), use the config time ntp command.
NTP polling interval in seconds (between 3600 and 604800).
key-auth
Configures the NTP authentication key.
add
Adds an NTP authentication key.
md5
Specifies the authentication protocol.
ascii
Specifies the ASCII key format (a maximum of 16 characters).
hex
Specifies the hexadecimal key format (a maximum of 32 digits).
delete
Deletes an authentication key.
server
Configures the NTP servers.
ip_address
NTP server’s IP address. Use 0.0.0.0 to delete the entry.
Command Default
None.
Examples
This example shows how to configure the NTP polling interval to 7000 seconds:
> config time ntp interval 7000
This example shows how to enable NTP authentication where the server index is 4 and the key index is 1:
> config time ntp auth enable 4 1
This example shows how to add an NTP authentication key of value ff where the key format is in hexadecimal characters and the key index is 1:
> config time ntp key-auth add 1 md5 hex ff
This example shows how to add an NTP authentication key of value ff where the key format is in ASCII characters and the key index is 1:
> config time ntp key-auth add 1 md5 ascii ciscokey
Related Commands
show ntp-keys
config time timezone
To configure the system time zone, use the config time timezone command.
config time timezone {
enable |
disable}
delta_hours delta_mins
Syntax Description
enable
Enables daylight saving time.
disable
Disables daylight saving time.
delta_hours
Local hour difference from the Universal Coordinated Time (UCT).
delta_mins
Local minute difference from UCT.
Command Default
None.
Examples
This example shows how to enable the daylight saving time:
> config time timezone enable 2 0
Related Commands
show time
config time timezone location
To set the location of the time zone in order to have daylight saving time set automatically when it occurs, use the config time timezone location command.
config time timezone location location_index
Syntax Description
location_index
Number representing the time zone required. The time zones are as follows:
To process or ignore the Call Admission Control (CAC) Wi-Fi Multimedia (WMM) traffic specifications (TSPEC) inactivity timeout received from an access point, use the config 802.11 cac video tspec-inactivity-timeout command.
config 802.11{
a |
b}
cac video tspec-inactivity-timeout {
enable |
ignore}
Syntax Description
a
Specifies the 802.11a network.
ab
Specifies the 802.11b/g network.
enable
Processes the TSPEC inactivity timeout messages.
ignore
Ignores the TSPEC inactivity timeout messages.
Command Default
Disabled (ignore).
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acm enable or config 802.11{a | b}cac video acm enable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to process the response to TSPEC inactivity timeout messages received from an access point:
> config 802.11a cac video tspec-inactivity-timeout enable
This example shows how to ignore the response to TSPEC inactivity timeout messages received from an access point:
> config 802.11a cac video tspec-inactivity-timeout ignore
Related Commands
config 802.11 cac video acm
config 802.11 cac video max-bandwidth
config 802.11 cac video roam-bandwidth
config 802.11 cac voice tspec-inactivity-timeout
To process or ignore the Wi-Fi Multimedia (WMM) traffic specifications (TSPEC) inactivity timeout received from an access point, use the config 802.11 cac voice tspec-inactivity-timeout command.
Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
Disable all WLANs with WMM enabled by entering the config wlan disablewlan_id command.
Disable the radio network you want to configure by entering the config 802.11{a | b}disable network command.
Save the new configuration by entering the save config command.
Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b}cac voice acmenable or config 802.11{a | b}cac video acmenable commands.
For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to enable the voice TSPEC inactivity timeout messages received from an access point:
Cisco lightweight access point discovery timeout value between 1 and 10 seconds.
Command Default
10 seconds.
Usage Guidelines
The Cisco lightweight access point discovery timeout is how often a Cisco wireless LAN controller attempts to discover unconnected Cisco lightweight access points.
Examples
This example shows how to configure an access point discovery-timeout with the timeout value of 20:
Cisco lightweight access point heartbeat timeout value between 1 and 30 seconds.
Command Default
30 seconds.
Usage Guidelines
The Cisco lightweight access point heartbeat timeout controls how often the Cisco lightweight access point sends a heartbeat keep-alive signal to the Cisco wireless LAN controller.
This seconds value should be at least three times larger than the fast heartbeat timer.
Examples
This example shows how to configure an access point heartbeat timeout to 20:
Remote LAN identifier. Valid values are between 1 and 512.
seconds
Timeout or session duration in seconds. A value of zero is equivalent to no timeout.
Command Default
None.
Examples
This example shows how to configure the client session timeout to 6000 seconds for a remote LAN with ID 1:
> config remote-lan session-timeout 1 6000
Related Commands
show remote-lan
config network usertimeout
To change the timeout for idle client sessions, use the config network usertimeout command.
config network usertimeout seconds
Syntax Description
seconds
Timeout duration in seconds. The minimum value is 90. The default value is 300.
Command Default
300.
Usage Guidelines
Use this command to set the idle client session duration on the Cisco wireless LAN controller. The minimum duration is 90 seconds.
Examples
This example shows how to configure the idle session timeout to 1200 seconds:
> config network usertimeout 1200
Related Commands
show network summary
config radius acct retransmit-timeout
To change the default transmission timeout for a RADIUS accounting server for the Cisco wireless LAN controller, use the config radius acct retransmit-timeout command.
config radius acct retransmit-timeout index timeout
Syntax Description
index
RADIUS server index.
timeout
Number of seconds (from 2 to 30) between retransmissions.
Command Default
None.
Examples
This example shows how to configure retransmission timeout value 5 seconds between the retransmission:
> config radius acct retransmit-timeout 5
Related Commands
show radius acct statistics
config radius auth mgmt-retransmit-timeout
To configure a default RADIUS server retransmission timeout for management users, use the config radius auth mgmt-retransmit-timeout command.
config radius auth mgmt-retransmit-timeout index retransmit-timeout
Syntax Description
index
RADIUS server index.
retransmit-timeout
Timeout value. The range is from 1 to 30 seconds.
Command Default
None.
Examples
This example shows how to configure a default RADIUS server retransmission timeout for management users:
> config radius auth mgmt-retransmit-timeout 1 10
Related Commands
config radius auth management
config radius auth retransmit-timeout
To change a default transmission timeout for a RADIUS authentication server for the Cisco wireless LAN controller, use the config radius auth retransmit-timeout command.
config radius auth retransmit-timeout index timeout
Syntax Description
index
RADIUS server index.
timeout
Number of seconds (from 2 to 30) between retransmissions.
Command Default
None.
Examples
This example shows how to configure a retransmission timeout of 5 seconds for a RADIUS authentication server:
> config radius auth retransmit-timeout 5
Related Commands
show radius auth statistics
config radius auth server-timeout
To configure a retransmission timeout value for a RADIUS accounting server, use the config radius auth server-timeout command.
config radius auth server-timeout index timeout
Syntax Description
index
RADIUS server index.
timeout
Timeout value. The range is from 2 to 30 seconds.
Command Default
The default timeout is 2 seconds.
Examples
This example shows how to configure a server timeout value of 2 seconds for RADIUS authentication server index 10:
> config radius auth server-timeout 2 10
Related Commands
show radius auth statistics
show radius summary
config rogue ap timeout
To specify the number of seconds after which the rogue access point and client entries expire and are removed from the list, use the config rogue ap timeout command.
config rogue ap timeout seconds
Syntax Description
seconds
Value of 240 to 3600 seconds (inclusive), with a default value of 1200 seconds.
Command Default
1200 seconds.
Examples
This example shows how to set an expiration time for entries in the rogue access point and client list to 2400 seconds:
> config rogue ap timeout 2400
Related Commands
config rogue ap classify
config rogue ap friendly
config rogue ap rldp
config rogue ap ssid
config rogue rule
config trapflags rogueap
show rogue ap clients
show rogue ap detailed
show rogue ap summary
show rogue ap friendly summary
show rogue ap malicious summary
show rogue ap unclassified summary
show rogue ignore-list
show rogue rule detailed
show rogue rule summary
config tacacs athr mgmt-server-timeout
To configure a default TACACS+ authorization server timeout for management users, use the config tacacs athr mgmt-server-timeout command.
config tacacs athr mgmt-server-timeout index timeout
Syntax Description
index
TACACS+ authorization server index.
timeout
Timeout value. The range is 1 to 30 seconds.
Command Default
None.
Examples
This example shows how to configure a default TACACS+ authorization server timeout for management users:
> config tacacs athr mgmt-server-timeout 1 10
Related Commands
config tacacs athr
config tacacs auth mgmt-server-timeout
To configure a default TACACS+ authentication server timeout for management users, use the config tacacs auth mgmt-server-timeout command.
config tacacs auth mgmt-server-timeout index timeout
Syntax Description
index
TACACS+ authentication server index.
timeout
Timeout value. The range is 1 to 30 seconds.
Command Default
None.
Examples
This example shows how to configure a default TACACS+ authentication server timeout for management users:
> config tacacs auth mgmt-server-timeout 1 10
Related Commands
config tacacs auth
config rfid auto-timeout
To configure an automatic timeout of radio frequency identification (RFID) tags, use the config rfid auto-timeout command.
config rfid auto-timeout {
enable |
disable}
Syntax Description
enable
Enables an automatic timeout.
disable
Disables an automatic timeout.
Command Default
None.
Examples
This example shows how to enable an automatic timeout of RFID tags:
> config rfid auto-timeout enable
Related Commands
show rfid summary
config rfid status
config rfid timeout
config rfid timeout
To configure a static radio frequency identification (RFID) tag data timeout, use the config rfid timeout command.
config rfid timeout seconds
Syntax Description
seconds
Timeout in seconds (from 60 to 7200).
Command Default
None.
Examples
This example shows how to configure a static RFID tag data timeout of 60 seconds.
> config rfid timeout 60
Related Commands
show rfid summary
config rfid statistics
config wlan session-timeout
To change the timeout of wireless LAN clients, use the config wlan session-timeout command.
Timeout or session duration in seconds. A value of zero is equivalent to no timeout.
Command Default
None.
Examples
This example shows how to configure the client timeout to 6000 seconds for WLAN ID 1:
> config wlan session-timeout 1 6000
Related Commands
show wlan
config wlan usertimeout
To configure the timeout for idle client sessions for a WLAN, use the config wlan usertimeout command.
config wlan usertimeout timeout wlan_id
Syntax Description
timeout
Timeout for idle client sessions for a WLAN. If the client sends traffic less than the threshold, the client is removed on timeout. The range is from 15 to 100000 seconds.
wlan_id
Wireless LAN identifier between 1 and 512.
Command Default
300 seconds.
Usage Guidelines
The timeout value that you configure here overrides the global timeout that you define using the command config network usertimeout.
Examples
This example shows how to
configure the idle client sessions for a WLAN:
> config wlan usertimeout 100 1
Related Commands
config network usertimeout
config wlan user-idle-threshold
config wlan security wpa akm ft
To configure authentication key-management using 802.11r fast transition 802.1X, use the config wlan security wpa akm ft command.
To clear the current counters for an access control list (ACL), use the clear acl counters command.
clear acl counters acl_name
Syntax Description
acl_name
ACL name.
Command Default
None.
Usage Guidelines
Note
ACL counters are available only on the following controllers: Cisco 4400 Series Controller, Cisco WiSM, and Catalyst 3750G Integrated Wireless LAN Controller Switch.
Examples
This example shows how to clear the current counters for acl1:
> clear acl counters acl1
Related Commands
config acl counter
show acl
clear ap-config
To clear (reset to the default values) a lightweight access point’s configuration settings, use the clear ap-config command.
clear ap-config ap_name
Syntax Description
ap_name
Access point name.
Command Default
None.
Usage Guidelines
Entering this command does not clear the static IP address of the access point.
Examples
This example shows how to clear the access point’s configuration settings for the access point named ap1240_322115:
> clear ap-config ap1240_322115
Clear ap-config will clear ap config and reboot the AP. Are you sure you want continue? (y/n)
Related Commands
show ap config
clear ap-eventlog
To delete the existing event log and create an empty event log file for a specific access point or for all access points joined to the controller, use the clear ap-eventlog command.
clear ap-eventlog {
specific ap_name |
all}
Syntax Description
specific
Specifies a specific access point log file.
ap_name
Name of the access point for which the event log file will be emptied.
all
Deletes the event log for all access points joined to the controller.
Command Default
None.
Examples
This example shows how to delete the event log for all access points:
> clear ap-eventlog all
This will clear event log contents for all APs. Do you want continue? (y/n) :y
Any AP event log contents have been successfully cleared.
Related Commands
show ap eventlog
clear ap join stats
To clear the join statistics for all access points or for a specific access point, use the clear ap join stats command.
clear ap join stats {
all |
ap_mac}
Syntax Description
all
Specifies all access points.
ap_mac
Access point MAC address.
Command Default
None.
Examples
This example shows how to clear the join statistics of all the access points:
> clear ap join stats all
Related Commands
show ap config
clear arp
To clear the Address Resolution Protocol (ARP) table, use the clear arp command.
clear arp
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to clear the ARP table:
> clear arp
Are you sure you want to clear the ARP cache? (y/n)
Related Commands
clear transfer
clear download datatype
clear download filename
clear download mode
clear download serverip
clear download start
clear upload datatype
clear upload filename
clear upload mode
clear upload path
clear upload serverip
clear upload start
clear stats port
clear avc statistics
To clear AVC statistics of a client, guest LAN, remote LAN, or a WLAN use the clear avc statistics command.
clear avc statistics {
client {
all |
client-mac} |
guest-lan {
all |
guest-lan-id} |
remote-lan {
all |
remote-lan-id} |
wlan {
all |
wlan-id}}
Syntax Description
client
Clears AVC statistics of a client.
all
Clears AVC statistics of all clients.
client-mac
MAC address of a client.
guest-lan
Clears AVC statistics of a guest LAN.
all
Clears AVC statistics of all guest LANs.
guest-lan-id
Guest LAN Identifier between 1 and 5.
remote-lan
Clears AVC statistics of a remote LAN.
all
Clears AVC statistics of all remote LANs.
remote-lan-id
Remote LAN Identifier between 1 and 512.
wlan
Clears AVC statistics of a WLAN.
all
Clears AVC statistics of all WLANs.
wlan-id
WLAN Identifier between 1 and 512.
Command Default
None.
Examples
This example shows how to clear the AVC statistics of a client:
> clear avc statistics client 00:21:1b:ea:36:60
Related Commands
config avc profile create
config avc profile delete
config avc profile rule
config wlan avc
show avc profile
show avc applications
show avc statistics
debug avc error
debug avc events
clear client tsm
To clear the traffic stream metrics (TSM) statistics for a particular access point or all the access points to which this client is associated, use the clear client tsm command.
This example shows how to clear the TSM for the MAC address 00:40:96:a8:f7:98:
> clear client tsm 802.11a 00:40:96:a8:f7:98 all
Related Commands
clear upload start
clear config
To reset configuration data to factory defaults, use the clear config command.
clear config
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to reset the configuration data to factory defaults:
> clear config
Are you sure you want to clear the configuration? (y/n)
n
Configuration not cleared!
Related Commands
clear transfer
clear download datatype
clear download filename
clear download mode
clear download serverip
clear download start
clear upload datatype
clear upload filename
clear upload mode
clear upload path
clear upload serverip
clear upload start
clear stats port
clear ext-webauth-url
To clear the external web authentication URL, use the clear ext-webauth-url command.
clear ext-webauth-url
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to clear the external web authentication URL:
> clear ext-webauth-url
URL cleared.
Related Commands
clear transfer
clear download datatype
clear download filename
clear download mode
clear download serverip
clear download start
clear upload datatype
clear upload filename
clear upload mode
clear upload path
clear upload serverip
clear upload start
clear stats port
clear license agent
Command Default
To clear the license agent’s counter or session statistics, use the clear license agent command.
clear license agent {
counters |
sessions}
Syntax Description
counters
Clears the counter statistics.
sessions
Clears the session statistics.
Command Default
None.
Examples
This example shows how to clear the license agent’s counter settings:
> clear license agent counters
Related Commands
config license agent
show license agent
license install
clear location rfid
To clear a specific radio frequency identification (RFID) tag or all of the RFID tags in the entire database, use the clear location rfid command.
clear location rfid {
mac_address |
all}
Syntax Description
mac_address
MAC address of a specific RFID tag.
all
Specifies all of the RFID tags in the database.
Command Default
None.
Examples
This example shows how to clear all of the RFID tags in the database:
> clear location rfid all
Related Commands
clear location statistics rfid
config location
show location
show location statistics rfid
clear location statistics rfid
To clear radio frequency identification (RFID) statistics, use the clear location statistics rfid command.
clear location statistics rfid
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to clear RFID statistics:
> clear location statistics rfid
Related Commands
config location
show location
show location statistics rfid
clear locp statistics
To clear the Location Protocol (LOCP) statistics, use the clear locp statistics command.
clear locp statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to clear the statistics related to LOCP:
> clear locp statistics
Related Commands
clear nmsp statistics
config nmsp notify-interval measurement
show nmsp notify-interval summary
show nmsp statistics
show nmsp status
clear login-banner
To remove the login banner file from the controller, use the clear login-banner command.
clear login-banner
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to clear the login banner file:
> clear login-banner
Related Commands
transfer download datatype
clear lwapp private-config
To clear (reset to default values) an access point’s current Lightweight Access Point Protocol (LWAPP) private configuration, which contains static IP addressing and controller IP address configurations, use the clear lwapp private-config command.
clear lwapp private-config
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Usage Guidelines
This command is executed from the access point console port.
Prior to changing the FlexConnect configuration on an access point using the access point’s console port, the access point must be in standalone mode (not connected to a controller) and you must remove the current LWAPP private configuration by using the clear lwapp private-config command.
Note
The access point must be running Cisco IOS Release 12.3(11)JX1 or higher releases.
Examples
This example shows how to clear an access point’s current LWAPP private configuration:
AP# clear lwapp private-config
removing the reap config file flash:/lwapp_reap.cfg
Related Commands
debug capwap
debug capwap reap
debug lwapp console cli
show capwap reap association
show capwap reap status
clear mdns service-database
To clear the mDNS service database, use the clear mdns service-databasecommand.
clear mdns service-database {
all |
service-name
Syntax Description
all
Clears the mDNS service database.
service-name
Name of the mDNS service. The controller clears the details of the mDNS service.
Command Default
None.
Usage Guidelines
The controller snoops and learns about the mDNS service advertisements only if the service is available in the Master Services database.
Examples
This example shows how to clear the mDNS service database:
> clear mdns service-database all
Related Commands
config mdns query interval
config mdns service
config mdns snooping
config interface mdns-profile
config interface group mdns-profile
config wlan mdns
show mdns profile
show mnds service
config mdns profile
debug mdns all
debug mdns error
debug mdns detail
debug mdns message
clear nmsp statistics
To clear the Network Mobility Services Protocol (NMSP) statistics, use the clear nmsp statistics command.
clear nmsp statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to delete the NMSP statistics log file:
> clear nmsp statistics
Related Commands
clear locp statistics
config nmsp notify-interval measurement
show nmsp notify-interval summary
show nmsp status
clear radius acct statistics
To clear the RADIUS accounting statistics on the controller, use the clear radius acc statistics command.
clear radius acct statistics [
index |
all]
Syntax Description
index
(Optional) Specifies the index of the RADIUS accounting server.
all
(Optional) Specifies all RADIUS accounting servers.
Command Default
None.
Examples
This example shows how to clear the RADIUS accounting statistics:
> clear radius acc statistics
Related Commands
show radius acct statistics
clear tacacs auth statistics
To clear the RADIUS authentication server statistics in the controller, use the clear tacacs auth statistics command.
clear tacacs auth statistics [
index |
all]
Syntax Description
index
(Optional) Specifies the index of the RADIUS authentication server.
all
(Optional) Specifies all RADIUS authentication servers.
Command Default
None.
Examples
This example shows how to clear the RADIUS authentication server statistics:
> clear tacacs auth statistics
Related Commands
show tacacs auth statistics
show tacacs summary
config tacacs auth
clear redirect-url
To clear the custom web authentication redirect URL on the Cisco Wireless LAN Controller, use the clear redirect-url command.
clear redirect-url
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to clear the custom web authentication redirect URL:
> clear redirect-url
URL cleared.
Related Commands
clear transfer
clear download datatype
clear download filename
clear download mode
clear download path
clear download start
clear upload datatype
clear upload filename
clear upload mode
clear upload path
clear upload serverip
clear upload start
clear stats ap wlan
To clear the WLAN statistics, use the clear stats ap wlan command.
clear stats ap wlan cisco_ap
Syntax Description
cisco_ap
Selected configuration elements.
Command Default
None.
Examples
This example shows how to clear the WLAN configuration elements of the access point cisco_ap:
> clear stats ap wlan cisco_ap
WLAN statistics cleared.
Related Commands
show ap stats
show ap wlan
clear stats local-auth
To clear the local Extensible Authentication Protocol (EAP) statistics, use the clear stats local-auth command.
clear stats local-auth
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to clear the local EAP statistics:
> clear stats local-auth
Local EAP Authentication Stats Cleared.
Related Commands
config local-auth active-timeout
config local-auth eap-profile
config local-auth method fast
config local-auth user-credentials
debug aaa local-auth
show local-auth certificates
show local-auth config
show local-auth statistics
clear stats mobility
To clear mobility manager statistics, use the clear stats mobility command.
clear stats mobility
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to cleat mobility manager statistics:
> clear stats mobility
Mobility stats cleared.
Related Commands
clear transfer
clear download datatype
clear download filename
clear download mode
clear download serverip
clear download start
clear upload datatype
clear upload filename
clear upload mode
clear upload path
clear upload serverip
clear upload start
clear stats port
clear stats port
To clear statistics counters for a specific port, use the clear stats port command.
clear stats port port
Syntax Description
port
Physical interface port number.
Command Default
None.
Examples
This example shows how to clear the statistics counters for port 9:
> clear stats port 9
Related Commands
clear transfer
clear download datatype
clear download filename
clear download mode
clear download serverip
clear download start
clear upload datatype
clear upload filename
clear upload mode
clear upload path
clear upload serverip
clear upload start
clear stats port
clear stats radius
To clear the statistics for one or more RADIUS servers, use the clear stats radius command.
clear stats radius {
auth |
acct} {
index |
all}
Syntax Description
auth
Clears statistics regarding authentication.
acct
Clears statistics regarding accounting.
index
Specifies the index number of the RADIUS server to be cleared.
all
Clears statistics for all RADIUS servers.
Command Default
None.
Examples
This example shows how to clear the statistics for all RADIUS authentication servers:
> clear stats radius auth all
Related Commands
clear transfer
clear download datatype
clear download filename
clear download mode
clear download serverip
clear download start
clear upload datatype
clear upload filename
clear upload mode
clear upload path
clear upload serverip
clear upload start
clear stats port
clear stats switch
To clear all switch statistics counters on a Cisco wireless LAN controller, use the clear stats switch command.
clear stats switch
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to clear all switch statistics counters:
> clear stats switch
Related Commands
clear transfer
clear download datatype
clear download filename
clear download mode
clear download path
clear download start
clear upload datatype
clear upload filename
clear upload mode
clear upload path
clear upload serverip
clear upload start
clear stats tacacs
To clear the TACACS+ server statistics on the controller, use the clear stats tacacs command.
To set the password for the .PEM file so that the operating system can decrypt the web administration SSL key and certificate, use the transfer download certpassword command.
transfer download certpassword private_key_password
Syntax Description
private_key_password
Certificate’s private key password.
Command Default
None.
Examples
This example shows how to transfer a file to the switch with the certificate’s private key password certpassword:
> transfer download certpassword
Clearing password
Related Commands
clear transfer
transfer download filename
transfer download mode
transfer download path
transfer download serverip
transfer download start
transfer upload datatype
transfer upload filename
transfer upload mode
transfer upload path
transfer upload serverip
transfer upload start
transfer download datatype
To set the download file type, use the transfer download datatype command.
Downloads a certificate for web administration to the system.
webauthbundle
Downloads a custom webauth bundle to the system.
eapdevcert
Downloads an EAP dev certificate to the system.
eapcacert
Downloads an EAP ca certificate to the system.
Command Default
None.
Examples
This example shows how to download an executable image to the system:
> transfer download datatype code
Related Commands
clear transfer
transfer download filename
transfer download mode
transfer download path
transfer download serverip
transfer download start
transfer upload filename
transfer upload mode
transfer upload path
transfer upload serverip
transfer upload start
transfer download filename
To download a specific file, use the transfer download filename command.
transfer download filename filename
Syntax Description
filename
Filename that contains up to 512 alphanumeric characters.
Command Default
None.
Usage Guidelines
You cannot use special characters such as \ : * ? " < > | for the filename.
Examples
This example shows how to transfer a file named build603:
> transfer download filename build603
Related Commands
clear transfer
transfer download certpassword
transfer download mode
transfer download path
transfer download serverip
transfer download start
transfer upload datatype
transfer upload certpassword
transfer upload mode
transfer upload path
transfer upload serverip
transfer upload start
transfer download mode
To set the transfer mode, use the transfer download mode command.
transfer upload mode {
ftp |
tftp |
sftp}
Syntax Description
ftp
Sets the transfer mode to FTP.
tftp
Sets the transfer mode to TFTP.
sftp
Sets the transfer mode to SFTP.
Command Default
None.
Examples
This example shows how to transfer a file using the TFTP mode:
> transfer download mode tftp
Related Commands
clear transfer
transfer download filename
transfer download certpassword
transfer download path
transfer download serverip
transfer download start
transfer upload datatype
transfer upload filename
transfer upload path
transfer upload serverip
transfer upload start
transfer download password
To set the password for an FTP transfer, use the transfer download password command.
transfer download password password
Syntax Description
password
Password.
Command Default
None.
Examples
This example shows how to set the password for FTP transfer to pass01:
> transfer download password pass01
Related Commands
transfer download mode
transfer download port
transfer download username
transfer download path
To set a specific FTP or TFTP path, use the transfer download path command.
transfer download path path
Syntax Description
path
Directory path.
Note
Path names on a TFTP or FTP server are relative to the server’s default or root directory. For example, in the case of the Solarwinds TFTP server, the path is “/”.
Command Default
None.
Usage Guidelines
You cannot use special characters such as \ : * ? " < > | for the file path.
Examples
This example shows how to transfer a file to the path c:\install\version2:
> transfer download path c:\install\version2
Related Commands
clear transfer
transfer download filename
transfer download mode
transfer download certpassword
transfer download serverip
transfer download start
transfer upload datatype
transfer upload filename
transfer upload mode
transfer upload path
transfer upload serverip
transfer upload start
transfer download port
To specify the FTP port, use the transfer download port command.
transfer download port port
Syntax Description
port
FTP port.
Command Default
The default FTP port is 21.
Examples
This example shows how to specify FTP port number 23:
> transfer download port 23
Related Commands
transfer download mode
transfer download path
transfer download username
transfer download serverip
To configure the IP address of the TFTP server from which to download information, use the transfer download serverip command.
transfer download serverip TFTP_server ip_address
Syntax Description
TFTP_server
TFTP IP address.
ip_address
Server IP address.
Command Default
None.
Examples
This example shows how to configure the IP address of the TFTP server with the IP address 175.34.56.78:
> transfer download serverip 175.34.56.78
Related Commands
clear transfer
transfer download filename
transfer download mode
transfer download path
transfer download serverip
transfer download start
transfer upload datatype
transfer upload filename
transfer upload mode
transfer upload path
transfer upload serverip
transfer upload start
clear transfer
transfer download filename
transfer download mode
transfer download path
transfer download certpassword
transfer download start
transfer upload datatype
transfer upload filename
transfer upload mode
transfer upload path
transfer upload serverip
transfer upload start
transfer download start
To initiate a download, use the transfer download start command.
transfer download start
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to initiate a download:
> transfer download start
Mode........................................... TFTP
Data Type...................................... Site Cert
TFTP Server IP................................. 172.16.16.78
TFTP Path...................................... directory path
TFTP Filename.................................. webadmincert_name
This may take some time.
Are you sure you want to start? (y/n) Y
TFTP Webadmin cert transfer starting.
Certificate installed.
Please restart the switch (reset system) to use the new certificate.
Related Commands
clear transfer
transfer download filename
transfer download mode
transfer download path
transfer download serverip
transfer download certpassword
transfer upload datatype
transfer upload filename
transfer upload mode
transfer upload path
transfer upload serverip
transfer upload start
transfer download tftpPktTimeout
To specify the TFTP packet timeout, use the transfer download tftpPktTimeout command.
transfer download tftpPktTimeout timeout
Syntax Description
timeout
Timeout in seconds between 1 and 254.
Command Default
None.
Examples
This example shows how to transfer a file with the TFTP packet timeout of 55 seconds:
> transfer download tftpPktTimeout 55
Related Commands
clear transfer
transfer download filename
transfer download mode
transfer download path
transfer download serverip
transfer download start
transfer upload datatype
transfer upload filename
transfer upload mode
transfer upload path
transfer upload serverip
transfer upload start
transfer download tftpMaxRetries
To specify the number of allowed TFTP packet retries, use the transfer download tftpMaxRetries command.
transfer download tftpMaxRetries retries
Syntax Description
retries
Number of allowed TFTP packet retries between 1 and 254 seconds.
Command Default
None.
Examples
This example shows how to set the number of allowed TFTP packet retries to 55:
> transfer download tftpMaxRetries 55
Related Commands
clear transfer
transfer download filename
transfer download mode
transfer download path
transfer download serverip
transfer download start
transfer upload datatype
transfer upload filename
transfer upload mode
transfer upload path
transfer upload serverip
transfer upload start
transfer download username
To specify the FTP username, use the transfer download username command.
transfer download username username
Syntax Description
username
Username.
Command Default
None.
Examples
This example shows how to set the FTP username to ftp_username:
> transfer download username ftp_username
Related Commands
transfer download mode
transfer download path
transfer download password
transfer encrypt
To configure encryption for configuration file transfers, use the transfer encrypt command.
transfer encrypt {
enable |
disable |
set-key key}
Syntax Description
enable
Enables the encryption settings.
disable
Disables the encryption settings.
set-key
Specifies the encryption key for configuration file transfers.
key
Encryption key for config file transfers.
Command Default
None.
Examples
This example shows how to enable the encryption settings:
> transfer encrypt enable
Related Commands
clear transfer
transfer download filename
transfer download mode
transfer download path
transfer download serverip
transfer download start
transfer upload datatype
transfer upload filename
transfer upload mode
transfer upload path
transfer upload serverip
transfer upload start
transfer upload datatype
To set the controller to upload specified log and crash files, use the transfer upload datatype command.
Uploads a console dump file resulting from a software-watchdog-initiated controller reboot following a crash.
Command Default
None.
Examples
This example shows how to upload the system error log file:
> transfer upload datatype errorlog
Related Commands
clear transfer
transfer upload filename
transfer upload mode
transfer upload pac
transfer upload password
transfer upload path
transfer upload port
transfer upload serverip
transfer upload start
transfer upload username
transfer upload filename
To upload a specific file, use the transfer upload filename command.
transfer upload filename filename
Syntax Description
filename
Filename that contains up to 16 alphanumeric characters.
Command Default
None.
Usage Guidelines
You cannot use special characters such as \ : * ? " < > | for the filename.
Examples
This example shows how to upload a file build603:
> transfer upload filename build603
Related Commands
clear transfer
transfer upload datatype
transfer upload mode
transfer upload pac
transfer upload password
transfer upload path
transfer upload port
transfer upload serverip
transfer upload start
transfer upload username
transfer upload mode
To configure the transfer mode, use the transfer upload mode command.
transfer upload mode {
ftp |
tftp |
sftp}
Syntax Description
ftp
Sets the transfer mode to FTP.
tftp
Sets the transfer mode to TFTP.
sftp
Sets the transfer mode to SFTP.
Command Default
None.
Examples
This example shows how to set the transfer mode to TFTP:
> transfer upload mode tftp
Related Commands
clear transfer
transfer upload filename
transfer upload datatype
transfer upload pac
transfer upload password
transfer upload path
transfer upload port
transfer upload serverip
transfer upload start
transfer upload username
transfer upload pac
To load a Protected Access Credential (PAC) to support the local authentication feature and allow a client to import the PAC, use the transfer upload pac command.
transfer upload pac username validity password
Syntax Description
username
User identity of the PAC.
validity
Validity period (days) of the PAC.
password
Password to protect the PAC.
Command Default
None.
Usage Guidelines
The client upload process uses a TFTP or FTP server.
Examples
This example shows how to upload a PAC with the username user1, validity period 53, and password pass01:
> transfer upload pac user1 53 pass01
Related Commands
clear transfer
transfer upload filename
transfer upload mode
transfer upload datatype
transfer upload password
transfer upload path
transfer upload port
transfer upload serverip
transfer upload start
transfer upload username
transfer upload password
To configure the password for FTP transfer, use the transfer upload password command.
Syntax Description
password
Password needed to access the FTP server.
transfer upload password password
Command Default
None.
Examples
This example shows how to configure the password for the FTP transfer to pass01:
> transfer upload password pass01
Related Commands
clear transfer
transfer upload filename
transfer upload mode
transfer upload pac
transfer upload datatype
transfer upload path
transfer upload port
transfer upload serverip
transfer upload start
transfer upload username
transfer upload path
To set a specific upload path, use the transfer upload path command.
transfer upload path path
Syntax Description
path
Server path to file.
Command Default
None.
Usage Guidelines
You cannot use special characters such as \ : * ? " < > | for the file path.
Examples
This example shows how to set the upload path to c:\install\version2:
> transfer upload path c:\install\version2
Related Commands
clear transfer
transfer upload filename
transfer upload mode
transfer upload pac
transfer upload password
transfer upload datatype
transfer upload port
transfer upload serverip
transfer upload start
transfer upload username
transfer upload peer-start
To upload a file to the peer controller, use the transfer upload peer-start command.
transfer upload peer-start
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to start uploading a file to the peer controller:
> transfer upload peer-start
Mode............................................. FTP
FTP Server IP.................................... 209.165.201.1
FTP Server Port.................................. 21
FTP Path......................................... /builds/nimm/
FTP Filename..................................... AS_5500_7_4_1_20.aes
FTP Username..................................... wnbu
FTP Password..................................... *********
Data Type........................................ Error Log
Are you sure you want to start upload from standby? (y/N) n
Transfer Canceled
Related Commands
clear transfer
transfer upload filename
transfer upload mode
transfer upload pac
transfer upload password
transfer upload path
transfer upload port
transfer upload serverip
transfer upload datatype
transfer upload username
transfer upload port
To specify the FTP port, use the transfer upload port command.
transfer upload port port
Syntax Description
port
Port number.
Command Default
The default FTP port is 21.
Examples
This example shows how to specify FTP port 23:
> transfer upload port 23
Related Commands
clear transfer
transfer upload filename
transfer upload mode
transfer upload pac
transfer upload password
transfer upload path
transfer upload datatype
transfer upload serverip
transfer upload start
transfer upload username
transfer upload serverip
To configure the IP address of the TFTP server to upload files to, use the transfer upload serverip command.
transfer upload serverip ip_address
Syntax Description
ip_address
Server IP address.
Command Default
None.
Examples
This example shows how to set the IP address of the TFTP server to 175.31.56.78:
> transfer upload serverip 175.31.56.78
Related Commands
clear transfer
transfer upload filename
transfer upload mode
transfer upload pac
transfer upload password
transfer upload path
transfer upload port
transfer upload datatype
transfer upload start
transfer upload username
transfer upload start
To initiate an upload, use the transfer upload start command.
transfer upload start
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to initiate an upload of a file:
> transfer upload start
Mode........................................... TFTP
TFTP Server IP................................. 172.16.16.78
TFTP Path...................................... c:\find\off/
TFTP Filename.................................. wps_2_0_75_0.aes
Data Type...................................... Code
Are you sure you want to start? (y/n) n
Transfer Cancelled
Related Commands
clear transfer
transfer upload filename
transfer upload mode
transfer upload pac
transfer upload password
transfer upload path
transfer upload port
transfer upload serverip
transfer upload datatype
transfer upload username
transfer upload username
To specify the FTP username, use the transfer upload username command.
transfer upload username
Syntax Description
username
Username required to access the FTP server. The username can contain up to 31 characters.
Command Default
None.
Examples
This example shows how to set the FTP username to ftp_username:
> transfer upload username ftp_username
Related Commands
clear transfer
transfer upload filename
transfer upload mode
transfer upload pac
transfer upload password
transfer upload path
transfer upload port
transfer upload serverip
transfer upload start
transfer upload datatype
Installing and Modifying Licenses on Cisco 5500 Series Controllers
Use the license commands to install, remove, modify, or rehost licenses.
Note
Some license commands are available only on the Cisco 5500 Series Controller. Right to Use (RTU) licensing is not supported on Cisco 5500 Series Controllers.
Note
For detailed information on installing and rehosting licenses on the Cisco 5500 Series Controller, see the “Installing and Configuring Licenses” section in Chapter 4 of the Cisco Wireless LAN Controller Configuration Guide.
To remove a license from the Cisco 5500 Series Controller, use the license clear command.
license clear license_name
Syntax Description
license_name
Name of the license.
Command Default
None.
Usage Guidelines
You can delete an expired evaluation license or any unused license. You cannot delete unexpired evaluation licenses, the permanent base image license, or licenses that are in use by the controller.
Examples
This example shows how to remove the license settings of the license named wplus-ap-count:
> license clear wplus-ap-count
Related Commands
license comment
license install
license revoke
license save
show license all
license comment
To add comments to a license or delete comments from a license on the Cisco 5500 Series Controller, use the license comment command.
This example shows how to add a comment “wplus ap count license” to the license name wplus-ap-count:
> license comment add wplus-ap-count Comment for wplus ap count license
Related Commands
license clear
license install
license revoke
license save
show license all
license install
To install a license on the Cisco 5500 Series Controller, use the license install command.
license install url
Syntax Description
url
URL of the TFTP server (tftp://server_ip/path/filename).
Command Default
None.
Usage Guidelines
We recommend that the access point count be the same for the base-ap-count and wplus-ap-count licenses installed on your controller. If your controller has a base-ap-count license of 100 and you install a wplus-ap-count license of 12, the controller supports up to 100 access points when the base license is in use but only a maximum of 12 access points when the wplus license is in use.
You cannot install a wplus license that has an access point count greater than the controller's base license. For example, you cannot apply a wplus-ap-count 100 license to a controller with an existing base-ap-count 12 license. If you attempt to register for such a license, an error message appears indicating that the license registration has failed. Before upgrading to a wplus-ap-count 100 license, you would first have to upgrade the controller to a base-ap-count 100 or 250 license.
Examples
This example shows how to install a license on the controller from the URL tftp://10.10.10.10/path/license.lic:
To raise or lower the priority of the base-ap-count or wplus-ap-count evaluation license on a Cisco 5500 Series Controller, use the license modify priority command.
license modify priority license_name {
high |
low}
Syntax Description
license_name
Ap-count evaluation license.
high
Modifies the priority of an ap-count evaluation license.
low
Modifies the priority of an ap-count evaluation license.
Command Default
None.
Usage Guidelines
If you are considering upgrading to a license with a higher access point count, you can try an evaluation license before upgrading to a permanent version of the license. For example, if you are using a permanent license with a 50 access point count and want to try an evaluation license with a 100 access point count, you can try out the evaluation license for 60 days.
AP-count evaluation licenses are set to low priority by default so that the controller uses the ap-count permanent license. If you want to try an evaluation license with an increased access point count, you must change its priority to high. If you no longer want to have this higher capacity, you can lower the priority of the ap-count evaluation license, which forces the controller to use the permanent license.
Note
You can set the priority only for ap-count evaluation licenses. AP-count permanent licenses always have a medium priority, which cannot be configured.
Note
If the ap-count evaluation license is a wplus license and the ap-count permanent license is a base license, you must also change the feature set to wplus.
Note
To prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the controller defaults to the same feature set level as the expired evaluation license. If no permanent license at the same feature set level is installed, the controller uses a permanent license at another level or an unexpired evaluation license.
Examples
This example shows how to set the priority of the wplus-ap-count to high:
> license modify priority wplus-ap-count high
Related Commands
license clear
license install
license revoke
license save
show license all
license revoke
To rehost a license on a Cisco 5500 Series Controller, use the license revoke command.
URL of the TFTP server (tftp://server_ip/path/filename) where you saved the permission ticket.
rehost
Specifies the rehost license settings.
rehost_ticket_url
URL of the TFTP server (tftp://server_ip/path/filename) where you saved the rehost ticket.
Command Default
None.
Usage Guidelines
Before you revoke a license, save the device credentials by using the license save credential url command.
You can rehost all permanent licenses except the permanent base image license. Evaluation licenses and the permanent base image license cannot be rehosted.
In order to rehost a license, you must generate credential information from the controller and use it to obtain a permission ticket to revoke the license from the Cisco licensing site (www.cisco.com/go/license). Next, you must obtain a rehost ticket and use it to obtain a license installation file for the controller on which you want to install the license.
For detailed information on rehosting licenses, see the “Installing and Configuring Licenses” section in Chapter 4 of the Cisco Wireless LAN Controller Configuration Guide.
Examples
This example shows how to revoke the license settings from the saved permission ticket URL tftp://10.10.10.10/path/permit_ticket.lic:
To save a backup copy of all installed licenses or license credentials on the Cisco 5500 Series Controller, use the license save command.
license save credential url
Syntax Description
credential
Device credential information.
url
URL of the TFTP server (tftp://server_ip/path/filename).
Command Default
None.
Usage Guidelines
Save the device credentials before you revoke the license by using the license revoke command.
Examples
This example shows how to save a backup copy of all installed licenses or license credentials on tftp://10.10.10.10/path/cred.lic:
> license save credential tftp://10.10.10.10/path/cred.lic
Related Commands
license clear
license install
license revoke
license modify priority
show license all
Configure Right to Use (RTU) Licensing Commands
Use the license commands to configure RTU licensing on Cisco Flex 7500 Series and 8500 Series controllers. This feature allows you to enable an AP license count on the controller without using any external tools after accepting an End User License Agreement (EULA).
To activate an evaluation access point license on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN Controllers, use the license activate ap-count eval command.
license activate ap-count eval
Syntax Description
This command has no arguments or keywords.
Command Default
By default, in release 7.3 Cisco Flex 7500 Series Controllers and Cisco 8500 Series Wireless LAN Controllers support 6000 APs.
Usage Guidelines
When you activate this license, the controller prompts you to accept or reject the End User License Agreement (EULA) for the given license. If you activate a license that supports a smaller number of APs than the current number of APs connected to the controller, the activation command fails.
Examples
This example shows how to activate an evaluation AP-count license on a Cisco Flex 7500 Series controller:
> license activate ap-count eval
Related Commands
license activate feature
license add ap-count
license add feature
license deactivate feature
license deactivate ap-count
license delete ap-count
license delete feature
show license all
show license evaluation
show license feature
show license summary
show license detail
show license statistics
license activate feature
To activate a feature license on Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN Controllers, use the license activate feature command.
license activate feature license_name
Syntax Description
license_name
Name of the feature license. The license name can be up to 50 case-sensitive characters.
Command Default
None.
Examples
This example shows how to activate a data DTLS feature license on a Cisco Flex 7500 Series controller:
> license activate feature data-DTLS
Related Commands
license activate ap-count eval
license add ap-count
license add feature
license deactivate feature
license deactivate ap-count
license delete ap-count
license delete feature
show license all
show license evaluation
show license feature
show license summary
show license detail
show license statistics
license add ap-count
To configure the number of access points (APs) that an AP license can support on Cisco Flex 7500 and 8500 Series Wireless LAN controllers, use the license add ap-countcommand.
license add ap-count count
Syntax Description
count
Number of APs that the AP license supports. The range is from 1 to the maximum number of APs that the controller can support. The count must be a multiple of 5.
Command Default
None.
Usage Guidelines
Right to Use (RTU) licensing allows you to enable a desired AP license count on the controller after accepting the End User License Agreement (EULA). You can now easily add AP counts on a controller without using external tools. RTU licensing is available only on Cisco Flex 7500 and 8500 series Wireless LAN controllers.
You can use this command to increase the count of an existing AP license. When you activate a license that supports a smaller number of APs than the current number of APs connected to the controller, the activation command fails.
Examples
This example shows how to configure the count of an AP license on a Cisco Flex 7500 Series controller:
> license add ap-count 5000
Related Commands
license activate feature
license activate ap-count eval
license add feature
license deactivate feature
license deactivate ap-count
license delete ap-count
license delete feature
show license all
show license evaluation
show license feature
show license summary
show license detail
show license statistics
license add feature
To add a license for a feature on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN controllers, use the license add feature command.
license add feature license_name
Syntax Description
license_name
Name of the feature license. The license name can be up to 50 case-sensitive characters. For example, data_DTLS.
Command Default
None.
Examples
This example shows how to add a DTLS feature license on a Cisco Flex 7500 Series controller:
> license add feature data_DTLS
Related Commands
license add ap-count
license activate feature
license activate ap-count eval
license deactivate feature
license deactivate ap-count
license delete ap-count
license delete feature
show license all
show license evaluation
show license feature
show license summary
show license detail
show license statistics
license deactivate ap-count eval
To deactivate an evaluation access point license on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN Controllers, use the license deactivate ap-count eval command.
license deactivate ap-count eval
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to deactivate an evaluation AP license on a Cisco Flex 7500 Series controller:
> license deactivate ap-count eval
Related Commands
license activate ap-count
license activate feature
license add ap-count
license add feature
license deactivate feature
license delete ap-count
license delete feature
show license all
show license evaluation
show license feature
show license summary
show license detail
show license statistics
license deactivate feature
To deactivate a feature license on Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN controllers, use the license deactivate feature command.
license deactivate feature license_name
Syntax Description
license_name
Name of the feature license. The license name can be up to 50 case-sensitive characters.
Command Default
None.
Examples
This example shows how to deactivate a data DTLS feature license on a Cisco Flex 7500 Series controller:
> license deactivate feature data_DTLS
Related Commands
license activate ap-count eval
license activate feature
license add ap-count
license add feature
license deactivate ap-count
license delete ap-count
license delete feature
show license all
show license evaluation
show license feature
show license summary
show license detail
show license statistics
license delete ap-count
To delete an access point (AP) count license on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN Controllers, use the license delete ap-count command.
license delete ap-count count
Syntax Description
count
Number of APs that the AP license supports. The range is from 1 to the maximum number of APs that the controller can support. The count must be a multiple of 5.
Command Default
None.
Examples
This example shows how to delete an AP count license on a Cisco Flex 7500 Series controller:
> license delete ap-count 5000
Related Commands
license activate feature
license activate ap-count eval
license add ap-count
license add feature
license deactivate feature
license deactivate ap-count
license delete feature
show license all
show license evaluation
show license feature
show license summary
show license detail
show license statistics
license delete feature
To delete a license for a feature on Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN controllers, use the license delete feature command.
license delete feature license_name
Syntax Description
license_name
Name of the feature license.
Command Default
None.
Examples
This example shows how to delete the High Availability feature license on a Cisco Flex 7500 Series controller:
> license delete feature high_availability
Related Commands
license activate feature
license activate ap-count eval
license add feature
license add ap-count eval
license deactivate feature
license deactivate ap-count
license delete ap-count
show license all
show license evaluation
show license feature
show license summary
show license detail
show license statistics
Troubleshooting the Controller Settings
This section describes the debug and config commands that you can use to troubleshoot the controller.
To display a summary of memory analysis settings and any discovered memory issues, use the show memory monitor command.
show memory monitor [
detail]
Syntax Description
detail
(Optional) Displays details of any memory leaks or corruption.
Command Default
None.
Usage Guidelines
Be careful when changing the defaults for the config memory monitor command unless you know what you are doing, you have detected a problem, or you are collecting troubleshooting information.
Examples
This example shows how to display a summary of memory monitoring settings and a summary of test results:
> show memory monitor
Memory Leak Monitor Status:
low_threshold(10000), high_threshold(30000), current status(disabled)
-------------------------------------------
Memory Error Monitor Status:
Crash-on-error flag currently set to (disabled)
No memory error detected.
This example shows how to display the monitor test results:
To display a comprehensive view of the current Cisco wireless LAN controller configuration, use the show run-config command.
show run-config [
no-ap |
commands]
Syntax Description
no-ap
(Optional) Excludes access point configuration settings.
commands
(Optional) Displays a list of user-configured commands on the controller.
Command Default
None.
Usage Guidelines
These commands have replaced the show running-config command.
Some WLAN controllers may have no Crypto Accelerator (VPN termination module) or power supplies listed because they have no provisions for VPN termination modules or power supplies.
The show run-config command shows only values configured by the user. It does not show system-configured default values.
Examples
This example shows how to display the current controller running configuration:
> show run-config
Press Enter to continue...
System Inventory
Switch Description............................... Cisco Controller
Machine Model....................................
Serial Number.................................... FLS0923003B
Burned-in MAC Address............................ xx:xx:xx:xx:xx:xx
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Press Enter to continue Or <Ctl Z> to abort...
Related Commands
config passwd-cleartext
show process
To display how various processes in the system are using the CPU at that instant in time, use the show process command.
show process {
cpu |
memory}
Syntax Description
cpu
Displays how various system tasks are using the CPU at that moment.
memory
Displays the allocation and deallocation of memory from various processes in the system at that moment.
Command Default
None.
Usage Guidelines
This command is helpful in understanding if any single task is monopolizing the CPU and preventing other tasks from being performed.
Examples
This example shows how to display various tasks in the system that are using the CPU at a given moment:
> show process cpu
Name Priority CPU Use Reaper
reaperWatcher ( 3/124) 0 % ( 0/ 0)% I
osapiReaper (10/121) 0 % ( 0/ 0)% I
TempStatus (255/ 1) 0 % ( 0/ 0)% I
emWeb (255/ 1) 0 % ( 0/ 0)% T 300
cliWebTask (255/ 1) 0 % ( 0/ 0)% I
UtilTask (255/ 1) 0 % ( 0/ 0)% T 300
This example shows how to display the allocation and deallocation of memory from various processes at a given moment:
> show process memory
Name Priority BytesinUse Reaper
reaperWatcher ( 3/124) 0 ( 0/ 0)% I
osapiReaper (10/121) 0 ( 0/ 0)% I
TempStatus (255/ 1) 308 ( 0/ 0)% I
emWeb (255/ 1) 294440 ( 0/ 0)% T 300
cliWebTask (255/ 1) 738 ( 0/ 0)% I
UtilTask (255/ 1) 308 ( 0/ 0)% T 300
Related Commands
debug memory
transfer upload datatype
show tech-support
To display Cisco wireless LAN controller variables frequently requested by Cisco Technical Assistance Center (TAC), use the show tech-support command.
show tech-support
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display system resource information:
> show tech-support
Current CPU Load................................. 0%
System Buffers
Max Free Buffers.............................. 4608
Free Buffers.................................. 4604
Buffers In Use................................ 4
Web Server Resources
Descriptors Allocated......................... 152
Descriptors Used.............................. 3
Segments Allocated............................ 152
Segments Used................................. 3
System Resources
Uptime........................................ 747040 Secs
Total Ram..................................... 127552 Kbytes
Free Ram...................................... 19540 Kbytes
Shared Ram.................................... 0 Kbytes
Buffer Ram.................................... 460 Kbytes
Configure Memory Monitor Commands
To troubleshoot hard-to-solve or hard-to-reproduce memory problems, use the config memory monitor commands.
Note
The commands in this section can be disruptive to your system and should be run only when you are advised to do so by the Cisco Technical Assistance Center (TAC).
To enable or disable monitoring for memory errors and leaks, use the config memory monitor errors command:
config memory monitor errors {
enable |
disable}
Caution
The config memory monitor commands can be disruptive to your system and should be run only when you are advised to do so by the Cisco TAC.
Syntax Description
enable
Enables the monitoring for memory settings.
disable
Disables the monitoring for memory settings.
Command Default
Disabled by default.
Usage Guidelines
Note
Be cautious about changing the defaults for the config memory monitor command unless you know what you are doing, you have detected a problem, or you are collecting troubleshooting information.
Examples
This example shows how to enable monitoring for memory errors and leaks for a controller:
> config memory monitor errors enable
Related Commands
config memory monitor leaks
debug memory
show memory monitor
config memory monitor leaks
To configure the controller to perform an auto-leak analysis between two memory thresholds, use the config memory monitor leaks command.
The config memory monitor commands can be disruptive to your system and should be run only when you are advised to do so by the Cisco TAC.
Syntax Description
low_thresh
Value below which free memory cannot fall without crashing. This value cannot be set lower than 10000 KB.
high_thresh
Value below which the controller enters auto-leak-analysis mode. See the “Usage Guidelines” section.
Command Default
The default value for low_thresh is 10000 KB; the default value for high_thresh is 30000 KB.
Usage Guidelines
Note
Be cautious about changing the defaults for the config memory monitor command unless you know what you are doing, you have detected a problem, or you are collecting troubleshooting information.
Use this command if you suspect that a memory leak has occurred.
If the free memory is lower than the low_thresh threshold, the system crashes, generating a crash file. The default value for this parameter is 10000 KB, and you cannot set it below this value.
Set the high_thresh threshold to the current free memory level or higher so that the system enters auto-leak-analysis mode. After the free memory reaches a level lower than the specified high_thresh threshold, the process of tracking and freeing memory allocation begins. As a result, the debug memory events enable command shows all allocations and frees, and the show memory monitor detail command starts to detect any suspected memory leaks.
Examples
This example shows how to set the threshold values for auto-leak-analysis mode to 12000 KB for the low threshold and 35000 KB for the high threshold:
> config memory monitor leaks 12000 35000
Related Commands
config memory monitor leaks
debug memory
show memory monitor
Configure Message Log Level Commands
Use the config msglog commands to configure msglog level settings.
To reset the message log so that it collects and displays only critical (highest-level) messages, use the config msglog level critical command.
config msglog level critical
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Usage Guidelines
The message log always collects and displays critical messages, regardless of the message log level setting.
Examples
This example shows how to configure the message log severity level and display critical messages:
> config msglog level critical
Related Commands
show msglog
config msglog level error
To reset the message log so that it collects and displays both critical (highest-level) and error (second-highest) messages, use the config msglog level error command.
config msglog level error
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to reset the message log to collect and display critical and noncritical error messages:
> config msglog level error
Related Commands
show msglog
config msglog level security
To reset the message log so that it collects and displays critical (highest-level), error (second-highest), and security (third-highest) messages, use the config msglog level security command.
config msglog level security
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to reset the message log so that it collects and display critical, noncritical, and authentication or security-related errors:
> config msglog level security
Related Commands
show msglog
config msglog level verbose
To reset the message log so that it collects and displays all messages, use the config msglog level verbose command.
config msglog level verbose
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to reset the message logs so that it collects and display all messages:
> config msglog level verbose
Related Commands
show msglog
config msglog level warning
To reset the message log so that it collects and displays critical (highest-level), error (second-highest), security (third-highest), and warning (fourth-highest) messages, use the config msglog level warning command.
config msglog level warning
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to reset the message log so that it collects and displays warning messages in addition to critical, noncritical, and authentication or security-related errors: