Feedback
Contents
CLI Commands
The Cisco Wireless LAN solution command-line interface (CLI) enables operators to connect an ASCII console to the Cisco Wireless LAN Controller and configure the controller and its associated access points.
- Show Commands
- Other Show Commands
- Config Commands
- Resetting the System Reboot Time
- Uploading and Downloading Files and Configurations
- Installing and Modifying Licenses on Cisco 5500 Series Controllers
- Configure Right to Use (RTU) Licensing Commands
- Troubleshooting the Controller Settings
Show Commands
This section lists the show commands that you can use to display information about the controller settings and user accounts.
- Show AVC Commands
- Show CAC Commands
- Show Client Commands
- show flow exporter
- show flow monitor summary
- Show mDNS Commands
- Show Radio Frequency ID Commands
Show AVC Commands
- show avc applications
- show avc profile
- show avc statistics application
- show avc statistics client
- show avc statistics guest-lan
- show avc statistics remote-lan
- show avc statistics top-apps
- show avc statistics wlan
show avc applications
To display all the supported Application Visibility and Control (AVC) applications, use the show avc applications command.
Usage Guidelines
AVC uses the Network-Based Application Recognition (NBAR) deep packet inspection technology to classify applications based on the protocol they use. Using AVC, the controller can detect more than 1500 Layer 4 to Layer 7 protocols.
Examples
This example shows how to display all the supported AVC applications:
> show avc applications Application-Name App-ID Engine-ID Selector-ID Application-Group-Name ================ ====== ========= =========== ====================== 3com-amp3 538 3 629 other 3com-tsmux 977 3 106 obsolete 3pc 788 1 34 layer3-over-ip 914c/g 1109 3 211 net-admin 9pfs 479 3 564 net-admin acap 582 3 674 net-admin acas 939 3 62 other accessbuilder 662 3 888 other accessnetwork 607 3 699 other acp 513 3 599 other acr-nema 975 3 104 industrial-protocols active-directory 1194 13 473 other activesync 1419 13 490 business-and-productivity-tools adobe-connect 1441 13 505 other aed-512 963 3 149 obsolete afpovertcp 1327 3 548 business-and-productivity-tools agentx 609 3 705 net-admin alpes 377 3 463 net-admin aminet 558 3 2639 file-sharing an 861 1 107 layer3-over-ip ---- ---- --- ----- -------------show avc profile
Syntax Description
summary Displays a summary of AVC profiles.
detailed Displays the details of an AVC profile.
profile_name Name of the AVC profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.
Examples
This example shows how to display a summary of AVC profiles:
> show avc profile summary Profile-Name Number of Rules ============ ============== profile 1 3 avc_profile2 1This example shows how to display details of an AVC profile:
> show avc profile detailed Application-Name Application-Group-Name Action DSCP ================ ======================= ====== ==== ftp file-sharing Drop - flash-video browsing Mark 10 facebook browsing Mark 10 Associated WLAN IDs : Associated Remote LAN IDs : Associated Guest LAN IDs :show avc statistics application
show avc statistics application application_name top-users [ downstream wlan | upstream wlan | wlan] [ wlan_id ]}
Syntax Description
application_name Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
top-users Displays AVC statistics for top application users.
downstream (Optional) Displays statistics of top downstream applications.
wlan (Optional) Displays AVC statistics of a WLAN.
wlan_id WLAN identifier from 1 to 512.
upstream (Optional) Displays statistics of top upstream applications.
Examples
This example shows how to display the AVC statistics of the top clients in WLAN 1 that use FTP as the downstream application:
> show avc statistics application ftp top-users downstream wlan 1 Client MAC Client IP WLAN ID Packets Bytes Avg Pkt Packets Bytes DSCP (Up/Down) (n secs) (n secs) Size (Total) (Total) In Out =========== ========= ====== ======= ======= ====== ======= ======= === === 00:0a:ab:15:00:9c(U) 172.16.31.156 1 16 91 5 43 338 0 0 (D) 172.16.31.156 1 22 5911 268 48 6409 0 0 00:0a:ab:15:00:5a(U) 172.16.31.90 1 7 39 5 13 84 0 0 (D) 172.16.31.90 1 12 5723 476 18 5869 0 0 00:0a:ab:15:00:60(U) 172.16.31.96 1 19 117 6 75 8666 0 0 (D) 172.16.31.96 1 19 4433 233 83 9595 0 0 00:0a:ab:15:00:a4(U) 172.16.31.164 1 18 139 7 21 161 0 0 (D) 172.16.31.164 1 23 4409 191 24 4439 0 0 00:0a:ab:15:00:48(U) 172.16.31.72 1 21 2738 130 21 2738 0 0 (D) 172.16.31.72 1 22 4367 198 22 4367 0 0 00:0a:ab:15:00:87(U) 172.16.31.135 1 11 47 4 49 301 0 0 (D) 172.16.31.135 1 12 4208 350 48 7755 0 0 00:0a:ab:15:00:92(U) 172.16.31.146 1 10 73 7 11 84 0 0 (D) 172.16.31.146 1 9 4168 463 11 4201 0 0 00:0a:ab:15:00:31(U) 172.16.31.49 1 11 95 8 34 250 0 0 (D) 172.16.31.49 1 18 3201 177 43 3755 0 0 00:0a:ab:15:00:46(U) 172.16.31.70 1 7 47 6 20 175 0 0 (D) 172.16.31.70 1 10 3162 316 23 3448 0 0 00:0a:ab:15:00:b3(U) 172.16.31.179 1 10 85 8 34 241 0 0show avc statistics client
To display the client Application Visibility and Control (AVC) statistics, use the show avc statistics client command.
show avc statistics client client_MAC { application application_name | top-apps [ upstream | downstream]}
Syntax Description
client_MAC MAC address of the client.
application Displays AVC statistics for an application.
application_name Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
top-apps Displays AVC statistics for top applications.
upstream (Optional) Displays statistics of top upstream applications.
downstream (Optional) Displays statistics of top downstream applications.
Examples
This example shows how to display the AVC statistics of an application for a client:
> show avc statistics client 00:0a:ab:15:00:01 application http Description Upstream Downstream =========== ======== ========== Number of Packtes(n secs) 5059 6369 Number of Bytes(n secs) 170144 8655115 Average Packet size(n secs) 33 1358 Total Number of Packtes 131878 150169 Total Number of Bytes 6054464 205239972 DSCP Incoming packet 16 0 DSCP Outgoing Packet 16 0This example shows how to display the AVC statistics of the top applications for a client:
> show avc statistics client 00:0a:ab:15:00:01 top-apps Application-Name Packets Bytes Avg Pkt Packets Bytes DSCP DSCP (Up/Down) (n secs) (n secs) Size (Total) (Total) In Out ================ ======= ====== ====== ======= ====== ==== ==== http (U) 6035 637728 105 6035 637728 16 16 (D) 5420 7218796 1331 5420 7218796 0 0 ggp (U) 1331 1362944 1024 1331 1362944 0 0 (D) 0 0 0 0 0 0 0 smp (U) 1046 1071104 1024 1046 1071104 0 0 (D) 0 0 0 0 0 0 0 vrrp (U) 205 209920 1024 205 209920 0 0 (D) 0 0 0 0 0 0 0 bittorrent (U) 117 1604 13 117 1604 0 0 (D) 121 70469 582 121 70469 0 0 icmp (U) 0 0 0 0 0 0 0 (D) 72 40032 556 72 40032 48 48 edonkey (U) 112 4620 41 112 4620 0 0 (D) 105 33076 315 105 33076 0 0 dns (U) 10 380 38 10 380 0 0 (D) 7 1743 249 7 1743 0 0 realmedia (U) 2 158 79 2 158 24 24 (D) 2 65 32 2 65 0 0show avc statistics guest-lan
To display the Application Visibility and Control (AVC) statistics of a guest LAN, use the show avc statistics guest-lan command.
show avc statistics guest-lan guest-lan_id { application application_name | top-app-groups [ upstream | downstream] | top-apps [ upstream | downstream]}
Syntax Description
guest-lan_id Guest LAN identifier from 1 to 5.
application Displays AVC statistics for an application.
application_name Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
top-app-groups Displays AVC statistics for top application groups.
upstream (Optional) Displays statistics of top upstream applications.
downstream (Optional) Displays statistics of top downstream applications.
top-apps Displays AVC statistics for top applications.
Examples
This example shows how to display the AVC statistics of a guest LAN:
> show avc statistics guest-lan 1 Application-Name Packets Bytes Avg Pkt Packets Bytes (Up/Down) (n secs) (n secs) Size (Total) (Total) ================ ======= ====== ====== ====== ======= unclassified (U) 191464 208627 1 92208613 11138796586 (D) 63427 53440610 842 16295621 9657054635 ftp (U) 805 72880 90 172939 11206202 (D) 911 58143 63 190900 17418653 http (U) 264904 12508288 47 27493945 2837672192 (D) 319894 436915253 1365 29850934 36817587924 gre (U) 0 0 0 10158872 10402684928 (D) 0 0 0 0 0 icmp (U) 1 40 40 323 98476 (D) 7262 4034576 555 2888266 1605133372 ipinip (U) 62565 64066560 1024 11992305 12280120320 (D) 0 0 0 0 0 imap (U) 1430 16798 11 305161 3795766 (D) 1555 576371 370 332290 125799465 irc (U) 9 74 8 1736 9133 (D) 11 371 33 1972 173381 nntp (U) 22 158 7 1705 9612 (D) 22 372 16 2047 214391show avc statistics remote-lan
To display the Application Visibility and Control (AVC) statistics of a remote LAN, use the show avc statistics remote-lan command.
show avc statistics remote-lan remote-lan_id{ application application_name | top-app-groups [ upstream | downstream] | top-apps [ upstream | downstream]}
Syntax Description
remote-lan_id Remote LAN identifier from 1 to 512.
application Displays AVC statistics for an application.
application_name Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
top-app-groups Displays AVC statistics for top application groups.
upstream (Optional) Displays statistics of top upstream applications.
downstream (Optional) Displays statistics of top downstream applications.
top-apps Displays AVC statistics for top applications.
Examples
This example shows how to display the AVC statistics of a remote LAN:
> show avc statistics remote-lan 1 Application-Name Packets Bytes Avg Pkt Packets Bytes (Up/Down) (n secs) (n secs) Size (Total) (Total) ================ ======= ====== ====== ====== ======= unclassified (U) 191464 208627 1 92208613 11138796586 (D) 63427 53440610 842 16295621 9657054635 ftp (U) 805 72880 90 172939 11206202 (D) 911 58143 63 190900 17418653 http (U) 264904 12508288 47 27493945 2837672192 (D) 319894 436915253 1365 29850934 36817587924 gre (U) 0 0 0 10158872 10402684928 (D) 0 0 0 0 0 icmp (U) 1 40 40 323 98476 (D) 7262 4034576 555 2888266 1605133372 ipinip (U) 62565 64066560 1024 11992305 12280120320 (D) 0 0 0 0 0 imap (U) 1430 16798 11 305161 3795766 (D) 1555 576371 370 332290 125799465 irc (U) 9 74 8 1736 9133 (D) 11 371 33 1972 173381 nntp (U) 22 158 7 1705 9612 (D) 22 372 16 2047 214391show avc statistics top-apps
To display the Application Visibility and Control (AVC) statistics for the top applications, use the show avc statistics top-apps command.
Syntax Description
upstream (Optional) Displays statistics of top upstream applications.
downstream (Optional) Displays statistics of top downstream applications.
Examples
This example shows how to display the AVC statistics for the top applications:
> show avc statistics top-apps Application-Name Packets Bytes Avg Pkt Packets Bytes (Up/Down) (n secs) (n secs) Size (Total) (Total) ================ ======= ======= ======= ======= ======== http (U) 204570 10610912 51 28272539 2882294016 (D) 240936 327624221 1359 30750570 38026889010 realmedia (U) 908 62154 68 400698 26470359 (D) 166694 220522943 1322 35802836 47131836785 mpls-in-ip (U) 77448 79306752 1024 10292787 10539813888 (D) 0 0 0 0 0 fire (U) 70890 72591360 1024 10242484 10488303616 (D) 0 0 0 0 0 pipe (U) 68296 69935104 1024 10224255 10469637120 (D) 0 0 0 0 0 gre (U) 60982 62445568 1024 10340221 10588386304 (D) 0 0 0 0 0 crudp (U) 26430 27064320 1024 10109812 10352447488 (D) 0 0 0 0 0 rtp (U) 0 0 0 0 0 (D) 7482 9936096 1328 2603923 3458009744 icmp (U) 0 0 0 323 98476 (D) 10155 5640504 555 2924693 1625363564show avc statistics wlan
To display the Application Visibility and Control (AVC) statistics of a WLAN, use the show avc statistics wlan command.
show avc statistics wlan wlan_id { application application_name | top-app-groups [ upstream | downstream] | top-apps [ upstream | downstream]}
Syntax Description
wlan_id WLAN identifier from 1 to 512.
application Displays AVC statistics for an application.
application_name Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
top-app-groups Displays AVC statistics for top application groups.
upstream (Optional) Displays statistics of top upstream applications.
downstream (Optional) Displays statistics of top downstream applications.
top-apps Displays AVC statistics for top applications.
Examples
This example shows how to display the AVC statistics of a WLAN:
> show avc statistics wlan 1 Application-Name Packets Bytes Avg Pkt Packets Bytes (Up/Down) (n secs) (n secs) Size (Total) (Total) ================ ======= ====== ====== ====== ======= unclassified (U) 191464 208627 1 92208613 11138796586 (D) 63427 53440610 842 16295621 9657054635 ftp (U) 805 72880 90 172939 11206202 (D) 911 58143 63 190900 17418653 http (U) 264904 12508288 47 27493945 2837672192 (D) 319894 436915253 1365 29850934 36817587924 gre (U) 0 0 0 10158872 10402684928 (D) 0 0 0 0 0 icmp (U) 1 40 40 323 98476 (D) 7262 4034576 555 2888266 1605133372 ipinip (U) 62565 64066560 1024 11992305 12280120320 (D) 0 0 0 0 0 imap (U) 1430 16798 11 305161 3795766 (D) 1555 576371 370 332290 125799465 irc (U) 9 74 8 1736 9133 (D) 11 371 33 1972 173381 nntp (U) 22 158 7 1705 9612 (D) 22 372 16 2047 214391This example shows how to display the AVC statistics of an FTP application for a WLAN:
> show avc statistics wlan 1 application ftp Description Upstream Downstream =========== ======== ========== Number of Packtes(n secs) 0 0 Number of Bytes(n secs) 0 0 Average Packet size(n secs) 0 0 Total Number of Packtes 32459 64888 Total Number of Bytes 274 94673983Show CAC Commands
Use the show cac commands to display Call Admission Control (CAC) voice and video summary and statistics.
show cac voice stats
To view the detailed voice CAC statistics of the 802.11a or 802.11b radio, use the show cac voice stats command.
Syntax Description
802.11a Displays detailed voice CAC statistics for 802.11a.
802.11b Displays detailed voice CAC statistics for 802.11b/g.
Examples
This example shows how to view the detailed voice CAC statistics for the 802.11b radio:
> show cac voice stats 802.11b WLC Voice Call Statistics for 802.11b Radio WMM TSPEC CAC Call Stats Total num of Calls in progress................. 0 Num of Roam Calls in progress.................. 0 Total Num of Calls Admitted.................... 0 Total Num of Roam Calls Admitted............... 0 Total Num of exp bw requests received.......... 0 Total Num of exp bw requests Admitted.......... 0 Total Num of Calls Rejected.................... 0 Total Num of Roam Calls Rejected............... 0 Num of Calls Rejected due to insufficent bw.... 0 Num of Calls Rejected due to invalid params.... 0 Num of Calls Rejected due to PHY rate.......... 0 Num of Calls Rejected due to QoS policy........ 0 SIP CAC Call Stats Total Num of Calls in progress................. 0 Num of Roam Calls in progress.................. 0 Total Num of Calls Admitted.................... 0 Total Num of Roam Calls Admitted............... 0 Total Num of Preferred Calls Received.......... 0 Total Num of Preferred Calls Admitted.......... 0 Total Num of Ongoing Preferred Calls........... 0 Total Num of Calls Rejected(Insuff BW)......... 0 Total Num of Roam Calls Rejected(Insuff BW).... 0 KTS based CAC Call Stats Total Num of Calls in progress................. 0 Num of Roam Calls in progress.................. 0 Total Num of Calls Admitted.................... 0 Total Num of Roam Calls Admitted............... 0 Total Num of Calls Rejected(Insuff BW)......... 0 Total Num of Roam Calls Rejected(Insuff BW).... 0show cac voice summary
To view the list of all APs with brief voice statistics (includes bandwidth used, maximum bandwidth available, and the number of calls information), use the show cac voice summary command.
show cac video stats
To view the detailed video CAC statistics of the 802.11a or 802.11b radio, use the show cac video stats command.
Syntax Description
802.11a Displays detailed video CAC statistics for 802.11a.
802.11b Displays detailed video CAC statistics for 802.11b/g.
Examples
This example shows how to view the detailed video CAC statistics for the 802.11b radio:
> show cac video stats 802.11b WLC Video Call Statistics for 802.11b Radio WMM TSPEC CAC Call Stats Total num of Calls in progress................. 0 Num of Roam Calls in progress.................. 0 Total Num of Calls Admitted.................... 0 Total Num of Roam Calls Admitted............... 0 Total Num of Calls Rejected.................... 0 Total Num of Roam Calls Rejected............... 0 Num of Calls Rejected due to insufficent bw.... 0 Num of Calls Rejected due to invalid params.... 0 Num of Calls Rejected due to PHY rate.......... 0 Num of Calls Rejected due to QoS policy........ 0 SIP CAC Call Stats Total Num of Calls in progress................. 0 Num of Roam Calls in progress.................. 0 Total Num of Calls Admitted.................... 0 Total Num of Roam Calls Admitted............... 0 Total Num of Calls Rejected(Insuff BW)......... 0 Total Num of Roam Calls Rejected(Insuff BW).... 0show cac video summary
To view the list of all access points with brief video statistics (includes bandwidth used, maximum bandwidth available, and the number of calls information), use the show cac video summary command.
Examples
This example shows how to display the list of all access points with brief video statistics:
> show cac video summary AP Name Slot# Radio BW Used/Max Calls ----------------- ------- ----- ----------- ----- AP001b.d571.88e0 0 11b/g 0/10937 0 1 11a 0/18750 0 AP5_1250 0 11b/g 0/10937 0 1 11a 0/18750 0Show Client Commands
- show client calls
- show client roam-history
- show client summary
- show client summary guest-lan
- show client tsm
- show client username
- show client voice-diag
show client calls
To display the total number of active or rejected calls on the controller, use the show client calls command.
Syntax Description
Examples
This example shows how to display the active client calls on an 802.11a network:
> show client calls active 802.11a Client MAC Username Total Call AP Name Radio Type Duration (sec) -------------------- --------- ---------- --------------- ---------- 00:09: ef: 02:65:70 abc 45 VJ-1240C-ed45cc 802.11a 00:13: ce: cc: 51:39 xyz 45 AP1130-a416 802.11a 00:40:96: af: 15:15 def 45 AP1130-a416 802.11a 00:40:96:b2:69: df def 45 AP1130-a416 802.11a Number of Active Calls ------------------------------------ 4show client summary
To display a summary of clients associated with a Cisco lightweight access point, use the show client summary command.
Usage Guidelines
The show client ap command may list the status of automatically disabled clients. Use the show exclusionlist command to display clients on the exclusion list (blacklisted).
Examples
This example shows how to display a summary of the active clients:
> show client summary Number of Clients................................ 24 Number of PMIPV6 Clients......................... 200 MAC Address AP Name Status WLAN/GLAN/RLAN Auth Protocol Port Wired PMIPV6 ----------------- ----------------- ------------- -------------- ---- ---------------- ---- ----- ------ 00:00:15:01:00:01 NMSP-TalwarSIM1-2 Associated 1 Yes 802.11a 13 No Yes 00:00:15:01:00:02 NMSP-TalwarSIM1-2 Associated 1 Yes 802.11a 13 No No 00:00:15:01:00:03 NMSP-TalwarSIM1-2 Associated 1 Yes 802.11a 13 No Yes 00:00:15:01:00:04 NMSP-TalwarSIM1-2 Associated 1 Yes 802.11a 13 No Noshow client summary guest-lan
Examples
This example shows how to display a summary of the active wired guest LAN clients:
> show client summary guest-lan Number of Clients................................ 1 MAC Address AP Name Status WLAN Auth Protocol Port Wired ----------- --------- ---------- ---- ---- -------- ---- ----- 00:16:36:40:ac:58 N/A Associated 1 No 802.3 1 Yesshow client tsm
Syntax Description
Examples
This example shows how to display the client’s TSM for the 802.11a network:
> show client tsm 802.11a xx:xx:xx:xx:xx:xx all AP Interface MAC: 00:0b:85:01:02:03 Client Interface Mac: 00:01:02:03:04:05 Measurement Duration: 90 seconds Timestamp 1st Jan 2006, 06:35:80 UpLink Stats ================ Average Delay (5sec intervals)............................35 Delay less than 10 ms.....................................20 Delay bet 10 - 20 ms......................................20 Delay bet 20 - 40 ms......................................20 Delay greater than 40 ms..................................20 Total packet Count.........................................80 Total packet lost count (5sec).............................10 Maximum Lost Packet count(5sec)............................5 Average Lost Packet count(5secs)...........................2 DownLink Stats ================ Average Delay (5sec intervals)............................35 Delay less than 10 ms.....................................20 Delay bet 10 - 20 ms......................................20 Delay bet 20 - 40 ms......................................20 Delay greater than 40 ms..................................20 Total packet Count.........................................80 Total packet lost count (5sec).............................10 Maximum Lost Packet count(5sec)............................5 Average Lost Packet count(5secs)...........................2show client username
show client voice-diag
Syntax Description
show flow exporter
Syntax Description
summary Displays summary of flow exporter.
statistics Displays the statistics of flow exporters such as number of records sent, time when the last record was sent.
show flow monitor summary
Usage Guidelines
Netflow record monitoring and export are used for integration with an NMS or any Netflow analysis tool.
Show mDNS Commands
Use the show mdns commands to display information about Multicast DNS (mDNS).
show mdns profile
Syntax Description
summary Displays the summary of the mDNS profiles.
detailed Displays details of an mDNS profile.
profile-name Name of the mDNS profile.
Examples
This example shows how to display the summary of all the mDNS profiles:
> show mdns profile summary Number of Profiles............................... 2 ProfileName No. Of Services -------------------------------- --------------- default-mdns-profile 5 profile1 2This example shows how to display the detailed information of an mDNS profile:
> show mdns profile detailed default-mdns-profile Profile Name..................................... default-mdns-profile Profile Id....................................... 1 No of Services................................... 5 Services......................................... AirPrint AppleTV HP_Photosmart_Printer_1 HP_Photosmart_Printer_2 Printer No. Interfaces Attached.......................... 0 No. Interface Groups Attached.................... 0 No. Wlans Attached............................... 1 Wlan Ids......................................... 1show mnds service
Syntax Description
summary Displays the summary of all mDNS services.
detailed Displays details of an mDNS service.
service-name Name of the mDNS service.
Examples
This example shows how to display the summary of the mDNS services:
> show mnds service summary Number of Services............................... 5 Service-Name Service-string -------------------------------- --------------- AirPrint _ipp._tcp.local. AppleTV _airplay._tcp.local. HP_Photosmart_Printer_1 _universal._sub._ipp._tcp.local. HP_Photosmart_Printer_2 _cups._sub._ipp._tcp.local. Printer _printer._tcp.local.This example shows how to display the details of an mDNS service:
> show mnds service detailed AirPrint Service Name..................................... AirPrint Service Id....................................... 1 Service query status............................. Enabled Number of Profiles............................... 2 Profile.......................................... student-profile guest-profile Number of Service Providers ..................... 2 Service Provider MAC-Address VLAN Type ---------------- ----------- ------- ---- user1 60:33:4b:2b:a6:9a 104 Wired laptopa 00:21:1b:ea:36:60 105 WirelessShow Radio Frequency ID Commands
show rfid client
To display the radio frequency identification (RFID) tags that are associated to the controller as clients, use the show rfid client command.
Examples
This example shows how to display the RFID tag that is associated to the controller as clients:
> show rfid client ------------------ -------- --------- ----------------- ------ ---------------- Heard RFID Mac VENDOR Sec Ago Associated AP Chnl Client State ------------------ -------- --------- ----------------- ------ ---------------- 00:14:7e:00:0b:b1 Pango 35 AP0019.e75c.fef4 1 Probingshow rfid config
To display the current radio frequency identification (RFID) configuration settings, use the show rfid config command.
Examples
This example shows how to display the current RFID configuration settings:
> show rfid config RFID Tag Data Collection ............................... Enabled RFID Tag Auto-Timeout .................................. Enabled RFID Client Data Collection ............................ Disabled RFID Data Timeout ...................................... 200 secondsshow rfid detail
To display detailed radio frequency identification (RFID) information for a specified tag, use the show rfid detail command.
Syntax Description
Examples
This example shows how to display detailed RFID information:
> show rfid detail 00:12:b8:00:20:52 RFID address..................................... 00:12:b8:00:20:52 Vendor........................................... G2 Last Heard....................................... 51 seconds ago Packets Received................................. 2 Bytes Received................................... 324 Cisco Type....................................... Content Header ================= Version.......................................... 0 Tx Power......................................... 12 dBm Channel.......................................... 1 Reg Class........................................ 12 Burst Length..................................... 1 CCX Payload =========== Last Sequence Control............................ 0 Payload length................................... 127 Last Sequence Control............................ 0 Payload length................................... 127 Payload Data Hex Dump 01 09 00 00 00 00 0b 85 52 52 52 02 07 4b ff ff 7f ff ff ff 03 14 00 12 7b 10 48 53 c1 f7 51 4b 50 ba 5b 97 27 80 00 67 00 01 03 05 01 42 34 00 00 03 05 02 42 5c 00 00 03 05 03 42 82 00 00 03 05 04 42 96 00 00 03 05 05 00 00 00 55 03 05 06 42 be 00 00 03 02 07 05 03 12 08 10 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 03 0d 09 03 08 05 07 a8 02 00 10 00 23 b2 4e 03 02 0a 03 Nearby AP Statistics: lap1242-2(slot 0, chan 1) 50 seconds ag.... -76 dBm lap1242(slot 0, chan 1) 50 seconds ago..... -65 dBmshow rfid summary
To display a summary of the radio frequency identification (RFID) information for a specified tag, use the show rfid summary command.
Examples
This example shows how to display a summary of RFID information:
> show rfid summary Total Number of RFID : 5 ----------------- -------- ------------------ ------ --------------------- RFID ID VENDOR Closest AP RSSI Time Since Last Heard ----------------- -------- ------------------ ------ --------------------- 00:04:f1:00:00:04 Wherenet ap:1120 -51 858 seconds ago 00:0c:cc:5c:06:d3 Aerosct ap:1120 -51 68 seconds ago 00:0c:cc:5c:08:45 Aerosct AP_1130 -54 477 seconds ago 00:0c:cc:5c:08:4b Aerosct wolverine -54 332 seconds ago 00:0c:cc:5c:08:52 Aerosct ap:1120 -51 699 seconds agoOther Show Commands
This section lists the other show commands to display controller settings.
- show 802.11 cu-metrics
- show advanced 802.11 l2roam
- show advanced send-disassoc-on-handoff
- show advanced sip-preferred-call-no
- show advanced sip-snooping-ports
- show arp kernel
- show arp switch
- show boot
- show band-select
- show buffers
- show cdp
- show certificate lsc
- show certificate ssc
- show certificate summary
- show coredump summary
- show cpu
- show custom-web
- show database summary
- show dhcp
- show dtls connections
- show dhcp proxy
- show dhcp timeout
- show guest-lan
- show invalid-config
- show inventory
- show license agent
- show license all
- show license capacity
- show license detail
- show license expiring
- show license evaluation
- show license feature
- show license file
- show license handle
- show license image-level
- show license in-use
- show license permanent
- show license status
- show license statistics
- show license summary
- show license udi
- show load-balancing
- show logging
- show loginsession
- show mgmtuser
- show netuser
- show netuser guest-roles
- show network
- show network summary
- show network multicast mgid detail
- show network multicast mgid summary
- show nmsp notify-interval summary
- show nmsp statistics
- show nmsp status
- show nmsp subscription
- show ntp-keys
- show qos
- show reset
- show route kernel
- show route summary
- show sessions
- show snmpcommunity
- show snmpengineID
- show snmptrap
- show snmpv3user
- show snmpversion
- show switchconfig
- show sysinfo
- show tech-support
- show time
- show trapflags
- show traplog
show 802.11 cu-metrics
Syntax Description
Examples
This example shows how to display AP channel utilization metrics of the AP myAP1:
> show 802.11a cu-metrics AP1 AP Interface Mac: 30:37:a6:c8:8a:50 Measurement Duration: 90sec Timestamp Thu Jan 27 09:08:48 2011 Channel Utilization stats ================ Picc (50th Percentile)...................... 0 Pib (50th Percentile)....................... 76 Picc (90th Percentile)...................... 0 Pib (90th Percentile)....................... 77 Timestamp Thu Jan 27 09:34:34 2011show advanced 802.11 l2roam
To display 802.11a or 802.11b/g Layer 2 client roaming information, use the show advanced 802.11 l2roam command.
Syntax Description
Examples
This example shows how to display 802.11b Layer 2 client roaming information:
> show advanced 802.11b l2roam rf-param L2Roam 802.11bg RF Parameters..................... Config Mode.................................. Default Minimum RSSI................................. -85 Roam Hysteresis.............................. 2 Scan Threshold............................... -72 Transition time.............................. 5show advanced send-disassoc-on-handoff
show advanced sip-snooping-ports
show arp kernel
To display the kernel Address Resolution Protocol (ARP) cache information, use the show arp kernel command.
show arp switch
To display the Cisco wireless LAN controller MAC addresses, IP addresses, and port types, use the show arp switch command.
Examples
This example shows how to display Address Resolution Protocol (ARP) cache information for the switch:
> show arp switch MAC Address IP Address Port VLAN Type ------------------- ---------------- ------------ ---- ------------------- xx:xx:xx:xx:xx:xx xxx.xxx.xxx.xxx service port 1 xx:xx:xx:xx:xx:xx xxx.xxx.xxx.xxx service port xx:xx:xx:xx:xx:xx xxx.xxx.xxx.xxx service portshow boot
To display the primary and backup software build numbers with an indication of which is active, use the show boot command.
Usage Guidelines
Each Cisco wireless LAN controller retains one primary and one backup operating system software load in nonvolatile RAM to allow controllers to boot off the primary load (default) or revert to the backup load when desired.
show band-select
Examples
This example shows how to display band selection information:
> show band-select Band Select Probe Response....................... per WLAN enabling Cycle Count................................... 3 cycles Cycle Threshold............................... 200 milliseconds Age Out Suppression........................... 20 seconds Age Out Dual Band............................. 60 seconds Client RSSI................................... -80 dBmshow buffers
Examples
This example shows how to display buffer information of the controller:
> show buffers Pool[00]: 16 byte chunks chunks in pool: 50000 chunks in use: 9196 bytes in use: 147136 bytes requested: 73218 (73918 overhead bytes) Pool[01]: 64 byte chunks chunks in pool: 50100 chunks in use: 19222 bytes in use: 1230208 bytes requested: 729199 (501009 overhead bytes) Pool[02]: 128 byte chunks chunks in pool: 26200 chunks in use: 9861 bytes in use: 1262208 bytes requested: 848732 (413476 overhead bytes) Pool[03]: 256 byte chunks chunks in pool: 3000 chunks in use: 596 bytes in use: 152576 bytes requested: 93145 (59431 overhead bytes) Pool[04]: 384 byte chunks chunks in pool: 6000 chunks in use: 258 bytes in use: 99072 bytes requested: 68235 (30837 overhead bytes) Pool[05]: 512 byte chunks chunks in pool: 18700 chunks in use: 18667 bytes in use: 9557504 bytes requested: 7933814 (1623690 overhead bytes) Pool[06]: 1024 byte chunks chunks in pool: 3500 chunks in use: 94 bytes in use: 96256 bytes requested: 75598 (20658 overhead bytes) Pool[07]: 2048 byte chunks chunks in pool: 1000 chunks in use: 54 bytes in use: 110592 bytes requested: 76153 (34439 overhead bytes) Pool[08]: 4096 byte chunks chunks in pool: 1000 chunks in use: 47 bytes in use: 192512 bytes requested: 128258 (64254 overhead bytes) Raw Pool: chunks in use: 256 bytes requested: 289575125show cdp
To display the status of Cisco Discovery Protocol (CDP) and view the details of the CDP protocol, use the show cdp command.
Syntax Description
neighbors Displays a list of all CDP neighbors on all interfaces.
detail Displays detailed information of the controller’s CDP neighbors. This command shows only the CDP neighbors of the controller, it does not show the CDP neighbors of the controller’s associated access points.
entry all Displays all CDP entries in the database.
traffic Displays CDP traffic information.
show certificate lsc
To verify that the controller has generated a Locally Significant Certificate (LSC), use the show certificate lsc summary command.
Syntax Description
Displays a summary of LSC certificate settings and certificates.
Displays details about the access points that are provisioned using the LSC.
Examples
This example shows how to display a summary of the LSC:
> show certificate lsc summary LSC Enabled...................................... Yes LSC CA-Server.................................... http://10.0.0.1:8080/caserver LSC AP-Provisioning.............................. Yes Provision-List............................... Not Configured LSC Revert Count in AP reboots............... 3 LSC Params: Country...................................... 4 State........................................ ca City......................................... ss Orgn......................................... org Dept......................................... dep Email........................................ dep@co.com KeySize...................................... 390 LSC Certs: CA Cert...................................... Not Configured RA Cert...................................... Not ConfiguredThis example shows how to display the details about the access points that are provisioned using the LSC:
> show certificate lsc ap-provision LSC AP-Provisioning.............................. Yes Provision-List................................... Present Idx Mac Address --- ------------- 1 00:18:74:c7:c0:90show certificate ssc
To view the Self Signed Device Certificate (SSC) and hash key of the virtual controller, use the show certificate ssc command.
Examples
This example shows how to display the SSC:
> show certificate ssc SSC Hash validation.............................. Enabled. SSC Device Certificate details: Subject Name : C=US, ST=California, L=San Jose, O=Cisco Virtual Wireless LAN Controller, CN=DEVICE-vWLC-AIR-CTVM-K9-000C297F2CF7, MAILTO=support@vwlc.com Validity : Start : 2012 Jul 23rd, 15:47:53 GMT End : 2022 Jun 1st, 15:47:53 GMT Hash key : 5870ffabb15de2a617132bafcd73show certificate summary
To verify that the controller has generated a certificate, use the show certificate summary command.
show coredump summary
Examples
This example shows how to display the core dump summary:
> show coredump summary Core Dump is enabled FTP Server IP.................................... 10.10.10.17 FTP Filename..................................... file1 FTP Username..................................... ftpuser FTP Password.................................. *********show custom-web
Examples
This example shows how to display the web authentication customization information:
> show custom-web Radius Authentication Method..................... PAP Cisco Logo....................................... Enabled CustomLogo....................................... None Custom Title..................................... None Custom Message................................... None Custom Redirect URL.............................. None External web authentication Mode................. Disabled External web authentication URL.................. Noneshow database summary
Examples
This example shows how to display a summary of the local database configuration:
> show database summary Maximum Database Entries......................... 2048 Maximum Database Entries On Next Reboot.......... 2048 Database Contents MAC Filter Entries........................... 2 Exclusion List Entries....................... 0 AP Authorization List Entries................ 1 Management Users............................. 1 Local Network Users.......................... 1 Local Users.............................. 1 Guest Users.............................. 0 Total..................................... 5show dhcp
To display the internal Dynamic Host Configuration Protocol (DHCP) server configuration, use the show dhcp command.
Syntax Description
Examples
This example shows how to display the allocated DHCP leases:
> show dhcp leases No leases allocated.This example shows how to display the DHCP summary information:
> show dhcp summary Scope Name Enabled Address Range 003 No 0.0.0.0 -> 0.0.0.0This example shows how to display the DHCP information for the scope 003:
> show dhcp 003 Enabled....................................... No Lease Time.................................... 0 Pool Start.................................... 0.0.0.0 Pool End...................................... 0.0.0.0 Network....................................... 0.0.0.0 Netmask....................................... 0.0.0.0 Default Routers............................... 0.0.0.0 0.0.0.0 0.0.0.0 DNS Domain.................................... DNS........................................... 0.0.0.0 0.0.0.0 0.0.0.0 Netbios Name Servers.......................... 0.0.0.0 0.0.0.0 0.0.0.0show dtls connections
To display the Datagram Transport Layer Security (DTLS) server status, use the show dtls connections command.
Examples
This example shows how to display the established DTLS connections:
> show dtls connections AP Name Local Port Peer IP Peer Port Ciphersuite --------------- ------------- --------------- ------------- ----------------------- 1130 Capwap_Ctrl 1.100.163.210 23678 TLS_RSA _WITH_AES_128_CBC_SHA 1130 Capwap_Data 1.100.163.210 23678 TLS_RSA _WITH_AES_128_CBC_SHA 1240 Capwap_Ctrl 1.100.163.209 59674 TLS_RSA _WITH_AES_128_CBC_SHAshow dhcp proxy
show dhcp timeout
show guest-lan
Syntax Description
Usage Guidelines
To display all wired guest LANs configured on the controller, use the show guest-lan summary command.
Examples
This example shows how to display the guest LAN configuration:
> show guest-lan 2 Guest LAN Identifier........................... 1 Profile Name................................... guestlan Network Name (SSID)............................ guestlan Status......................................... Enabled AAA Policy Override............................ Disabled Number of Active Clients....................... 1 Exclusionlist Timeout.......................... 60 seconds Session Timeout................................ Infinity Interface...................................... wired Ingress Interface.............................. wired-guest WLAN ACL....................................... unconfigured DHCP Server.................................... 10.20.236.90 DHCP Address Assignment Required............... Disabled Quality of Service............................. Silver (best effort) Security Web Based Authentication................... Enabled ACL........................................ Unconfigured Web-Passthrough............................ Disabled Conditional Web Redirect................... Disabled Auto Anchor................................ Disabled Mobility Anchor List GLAN ID IP Address Statusshow invalid-config
show inventory
To display a physical inventory of the Cisco wireless LAN controller, use the show inventory command.
Usage Guidelines
Some wireless LAN controllers may have no crypto accelerator (VPN termination module) or power supplies listed because they have no provisions for VPN termination modules or power supplies.
Examples
This example shows how to display a physical inventory of the controller:
> show inventory Switch Description............................... Cisco Controller Machine Model.................................... WLC4404-100 Serial Number.................................... FLS0923003B Burned-in MAC Address............................ 00:0B:85:32:AB:60 Crypto Accelerator 1............................. Absent Crypto Accelerator 2............................. Absent Power Supply 1................................... Absent Power Supply 2................................... Present, OKshow license agent
To display the license agent counter and session information on the Cisco 5500 Series Controller, use the show license agent command.
Syntax Description
Examples
This example shows how to display the license agent counters information:
> show license agent counters License Agent Counters Request Messages Received:0: Messages with Errors:0 Request Operations Received:0: Operations with Errors:0 Notification Messages Sent:0: Transmission Errors:0: Soap Errors:0This example shows how to display the license agent sessions information:
> show license agent sessions License Agent Sessions: 0 open, maximum is 9show license all
To display information for all licenses on the Cisco 5500 Series Controller, use the show license all command.
Examples
This example shows how to display all the licenses:
> show license all License Store: Primary License Storage StoreIndex: 0 Feature: wplus-ap-count Version: 1.0 License Type: Permanent License State: Inactive License Count: 12/0/0 License Priority: Medium StoreIndex: 1 Feature: base Version: 1.0 License Type: Permanent License State: Active, Not in Use License Count: Non-Counted License Priority: Medium StoreIndex: 2 Feature: wplus Version: 1.0 License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium License Store: Evaluation License Storage StoreIndex: 0 Feature: wplus Version: 1.0 License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 6 weeks 6 days License Count: Non-Counted License Priority: Low StoreIndex: 1 Feature: wplus-ap-count Version: 1.0 License Type: Evaluation License State: Active, In Use Evaluation total period: 8 weeks 4 days Evaluation period left: 2 weeks 3 days Expiry date: Thu Jun 25 18:09:43 2009 License Count: 250/250/0 License Priority: High StoreIndex: 2 Feature: base Version: 1.0 License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days License Count: Non-Counted License Priority: Low StoreIndex: 3 Feature: base-ap-count Version: 1.0 License Type: Evaluation License State: Active, Not in Use, EULA accepted Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 3 days License Count: 250/0/0 License Priority: Lowshow license capacity
To display the maximum number of access points allowed for this license on the Cisco 5500 Series Controller, the number of access points currently joined to the controller, and the number of access points that can still join the controller, use the show license capacity command.
show license detail
To display details of a specific license on the Cisco 5500 Series Controller, use the show license detail command.
Syntax Description
Examples
This example shows how to display the license details:
> show license detail wplus Feature: wplus Period left: Life time Index: 1 Feature: wplus Version: 1.0 License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Store Index: 2 Store Name: Primary License Storage Index: 2 Feature: wplus Version: 1.0 License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 6 weeks 6 days License Count: Non-Counted License Priority: Low Store Index: 0show license expiring
To display details of expiring licenses on the Cisco 5500 Series Controller, use the show license expiring command.
Examples
This example shows how to display the details of the expiring licenses:
> show license expiring StoreIndex: 0 Feature: wplus Version: 1.0 License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 6 weeks 6 days License Count: Non-Counted License Priority: Low StoreIndex: 1 Feature: wplus-ap-count Version: 1.0 License Type: Evaluation License State: Active, In Use Evaluation total period: 8 weeks 4 days Evaluation period left: 2 weeks 3 days Expiry date: Thu Jun 25 18:09:43 2009 License Count: 250/250/0 License Priority: High StoreIndex: 2 Feature: base Version: 1.0 License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days License Count: Non-Counted License Priority: Low StoreIndex: 3 Feature: base-ap-count Version: 1.0 License Type: Evaluation License State: Active, Not in Use, EULA accepted Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 3 days License Count: 250/0/0 License Priority: Lowshow license evaluation
To display details of evaluation licenses on the Cisco 5500 Series Controller, use the show license evaluation command.
Examples
This example shows how to display the details of the evaluation licenses:
> show license evaluation StoreIndex: 0 Feature: wplus Version: 1.0 License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 6 weeks 6 days License Count: Non-Counted License Priority: Low StoreIndex: 1 Feature: wplus-ap-count Version: 1.0 License Type: Evaluation License State: Active, In Use Evaluation total period: 8 weeks 4 days Evaluation period left: 2 weeks 3 days Expiry date: Thu Jun 25 18:09:43 2009 License Count: 250/250/0 License Priority: High StoreIndex: 2 Feature: base Version: 1.0 License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days License Count: Non-Counted License Priority: Low StoreIndex: 3 Feature: base-ap-count Version: 1.0 License Type: Evaluation License State: Active, Not in Use, EULA accepted Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 3 days License Count: 250/0/0 License Priority: Lowshow license feature
To display a summary of license-enabled features on the Cisco 5500 Series Controller, use the show license feature command.
show license file
To display a summary of license-enabled features on the Cisco 5500 Series Controller, use the show license file command.
Examples
This example shows how to display the license files:
> show license file License Store: Primary License Storage Store Index: 0 License: 11 wplus-ap-count 1.0 LONG NORMAL STANDALONE EXCL 12_KEYS INFINIT E_KEYS NEVER NEVER NiL SLM_CODE CL_ND_LCK NiL *1AR5NS7M5AD8PPU400 NiL NiL NiL 5_MINS <UDI><PID>AIR-CT5508-K9</PID><SN>RFD000P2D27< /SN></UDI> Pe0L7tv8KDUqo:zlPe423S5wasgM8G,tTs0i,7zLyA3VfxhnIe5aJa m63lR5l8JM3DPkr4O2DI43iLlKn7jomo3RFl1LjMRqLkKhiLJ2tOyuftQSq2bCAO6 nR3wIb38xKi3t$<WLC>AQEBIQAB//++mCzRUbOhw28vz0czAY0iAm7ocDLUMb9ER0 +BD3w2PhNEYwsBN/T3xXBqJqfC+oKRqwInXo3s+nsLU7rOtdOxoIxYZAo3LYmUJ+M FzsqlhKoJVlPyEvQ8H21MNUjVbhoN0gyIWsyiJaM8AQIkVBQFzhr10GYolVzdzfJf EPQIx6tZ++/Vtc/q3SF/5Ko8XCY=</WLC> Comment: Hash: iOGjuLlXgLhcTB113ohIzxVioHA= . . .show license handle
To display the license handles on the Cisco 5500 Series Controller, use the show license handle command.
Examples
This example shows how to display the license handles:
> show license handle Feature: wplus , Handle Count: 1 Units: 01( 0), ID: 0x5e000001, NotifyPC: 0x1001e8f4 LS-Handle (0x00000001), Units: ( 1) Registered clients: 1 Context 0x1051b610, epID 0x10029378 Feature: base , Handle Count: 0 Registered clients: 1 Context 0x1053ace0, epID 0x10029378 Feature: wplus-ap-count , Handle Count: 1 Units: 250( 0), ID: 0xd4000002, NotifyPC: 0x1001e8f4 LS-Handle (0x000 00002), Units: (250) Registered clients: None Feature: base-ap-count , Handle Count: 0 Registered clients: None Global Registered clients: 2 Context 0x10546270, epID 0x100294cc Context 0x1053bae8, epID 0x100294ccshow license image-level
To display the license image level that is in use on the Cisco 5500 Series Controller, use the show license image-level command.
show license in-use
To display the licenses that are in use on the Cisco 5500 Series Controller, use the show license in-use command.
Examples
This example shows how to display the licenses that are in use:
> show license in-use StoreIndex: 2 Feature: wplus Version: 1.0 License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium StoreIndex: 1 Feature: wplus-ap-count Version: 1.0 License Type: Evaluation License State: Active, In Use Evaluation total period: 8 weeks 4 days Evaluation period left: 2 weeks 3 days Expiry date: Thu Jun 25 18:09:43 2009 License Count: 250/250/0 License Priority: Highshow license permanent
To display the permanent licenses on the Cisco 5500 Series Controller, use the show license permanent command.
Examples
This example shows how to display the permanent license’s information:
> show license permanent StoreIndex: 0 Feature: wplus-ap-count Version: 1.0 License Type: Permanent License State: Inactive License Count: 12/0/0 License Priority: Medium StoreIndex: 1 Feature: base Version: 1.0 License Type: Permanent License State: Active, Not in Use License Count: Non-Counted License Priority: Medium StoreIndex: 2 Feature: wplus Version: 1.0 License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Mediumshow license status
To display the license status on the Cisco 5500 Series Controller, use the show license status command.
Examples
This example shows how to display the license status:
> show license status License Type Supported permanent Non-expiring node locked license extension Expiring node locked license evaluation Expiring non node locked license License Operation Supported install Install license clear Clear license annotate Comment license save Save license revoke Revoke license Device status Device Credential type: DEVICE Device Credential Verification: PASS Rehost Type: DC_OR_ICshow license statistics
To display license statistics on the Cisco 5500 Series Controller, use the show license statistics command.
Examples
This example shows how to display the license statistics:
> show license statistics Administrative statistics Install success count: 0 Install failure count: 0 Install duplicate count: 0 Comment add count: 0 Comment delete count: 0 Clear count: 0 c Save count: 0 Save cred count: 0 Client status Request success count 2 Request failure count 0 Release count 0 Global Notify count 0show license summary
To display a brief summary of all licenses on the Cisco 5500 Series Controller, use the show license summary command.
Examples
This example shows how to display a brief summary of all licenses:
> show license summary Index 1 Feature: wplus Period left: Life time License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Index 2 Feature: wplus-ap-count Period left: 2 weeks 3 days License Type: Evaluation License State: Active, In Use License Count: 250/250/0 License Priority: High Index 3 Feature: base Period left: Life time License Type: Permanent License State: Active, Not in Use License Count: Non-Counted License Priority: Medium Index 4 Feature: base-ap-count Period left: 8 weeks 3 days License Type: Evaluation License State: Active, Not in Use, EULA accepted License Count: 250/0/0 License Priority: Lowshow license udi
To display unique device identifier (UDI) values for licenses on the Cisco 5500 Series Controller, use the show license udi command.
show load-balancing
Examples
This example shows how to display the load-balancing status:
> show load-balancing Aggressive Load Balancing........................ Enabled Aggressive Load Balancing Window................. 0 clients Aggressive Load Balancing Denial Count........... 3 Statistics Total Denied Count............................... 10 clients Total Denial Sent................................ 20 messages Exceeded Denial Max Limit Count.................. 0 times None 5G Candidate Count.......................... 0 times None 2.4G Candidate Count..................... 0 timesshow logging
To display the syslog facility logging parameters and buffer contents, use the show logging command.
Examples
This example shows how to display the current settings and buffer content details:
> show logging Logging to buffer : - Logging of system messages to buffer : - Logging filter level.......................... errors - Number of system messages logged.............. 67227 - Number of system messages dropped............. 21136 - Logging of debug messages to buffer ........... Disabled - Number of debug messages logged............... 0 - Number of debug messages dropped.............. 0 Logging to console : - Logging of system messages to console : - Logging filter level.......................... errors - Number of system messages logged.............. 0 - Number of system messages dropped............. 88363 - Logging of debug messages to console .......... Enabled - Number of debug messages logged............... 0 - Number of debug messages dropped.............. 0 Logging to syslog : - Syslog facility................................ local0 - Logging of system messages to syslog : - Logging filter level.......................... errors - Number of system messages logged.............. 67227 - Number of system messages dropped............. 21136 - Logging of debug messages to syslog ........... Disabled - Number of debug messages logged............... 0 - Number of debug messages dropped.............. 0 - Number of remote syslog hosts.................. 0 - Host 0....................................... Not Configured - Host 1....................................... Not Configured - Host 2....................................... Not Configured Logging of traceback............................. Disabled Logging of process information................... Disabled Logging of source file informational............. Enabled Timestamping of messages......................... - Timestamping of system messages................ Enabled - Timestamp format.............................. Date and Time - Timestamping of debug messages................. Enabled - Timestamp format.............................. Date and Time Logging buffer (67227 logged, 21136 dropped) *Apr 03 09:48:01.728: %MM-3-INVALID_PKT_RECVD: mm_listen.c:5508 Received an invalid packet from 1.100.163.51. Source member:0.0.0.0. source member unknown. *Apr 03 09:47:34.194: %LWAPP-3-DECODE_ERR: spam_lrad.c:1271 Error decoding discovery request from AP 00:13:5f:0e:d4:20 *Apr 03 09:47:34.194: %LWAPP-3-DISC_OTAP_ERR: spam_lrad.c:5554 Ignoring OTAP discovery request from AP 00:13:5f:0e:d4:20, OTAP is disabled Previous message occurred 2 times.show loginsession
show mgmtuser
To display the local management user accounts on the Cisco wireless LAN controller, use the show mgmtuser command.
show netuser
To display the configuration of a particular user in the local user database, use show netuser command.
Syntax Description
Examples
This example shows how to display a summary of all users in the local user database:
> show netuser summary Maximum logins allowed for a given username ........UnlimitedThis example shows how to display detailed information on the specified network user:
> show netuser detail john10 username........................................... abc WLAN Id............................................. Any Lifetime............................................ Permanent Description......................................... test usershow netuser guest-roles
To display a list of the current quality of service (QoS) roles and their bandwidth parameters, use the show netuser guest-roles command.
Examples
This example shows how to display a QoS role for the guest network user:
> show netuser guest-roles Role Name.............................. Contractor Average Data Rate.................. 10 Burst Data Rate.................... 10 Average Realtime Rate.............. 100 Burst Realtime Rate................ 100 Role Name.............................. Vendor Average Data Rate.................. unconfigured Burst Data Rate.................... unconfigured Average Realtime Rate.............. unconfigured Burst Realtime Rate................ unconfiguredshow network summary
To display the network configuration of the Cisco wireless LAN controller, use the show network summary command.
Examples
This example shows how to display a summary configuration:
> show network summary RF-Network Name............................. RF Web Mode.................................... Disable Secure Web Mode............................. Enable Secure Web Mode Cipher-Option High.......... Disable Secure Web Mode Cipher-Option SSLv2......... Disable Secure Web Mode RC4 Cipher Preference....... Disable OCSP........................................ Disabled OCSP responder URL.......................... Secure Shell (ssh).......................... Enable Telnet...................................... Enable Ethernet Multicast Mode..................... Disable Mode: Ucast Ethernet Broadcast Mode..................... Disable Ethernet Multicast Forwarding............... Disable Ethernet Broadcast Forwarding............... Disable AP Multicast/Broadcast Mode................. Unicast IGMP snooping............................... Disabled IGMP timeout................................ 60 seconds IGMP Query Interval......................... 20 seconds MLD snooping................................ Disabled MLD timeout................................. 60 seconds MLD query interval.......................... 20 seconds User Idle Timeout........................... 300 seconds AP Join Priority............................ Disable ARP Idle Timeout............................ 300 seconds ARP Unicast Mode............................ Disabled Cisco AP Default Master..................... Disable Mgmt Via Wireless Interface................. Disable Mgmt Via Dynamic Interface.................. Disable Bridge MAC filter Config.................... Enable Bridge Security Mode........................ EAP Over The Air Provisioning of AP's........... Enable Apple Talk ................................. Disable Mesh Full Sector DFS........................ Enable AP Fallback ................................ Disable Web Auth CMCC Support ...................... Disabled Web Auth Redirect Ports .................... 80 Web Auth Proxy Redirect ................... Disable Web Auth Captive-Bypass .................. Disable Web Auth Secure Web ....................... Enable Fast SSID Change ........................... Disabled AP Discovery - NAT IP Only ................. Enabled IP/MAC Addr Binding Check .................. Enabled CCX-lite status ............................ Disable oeap-600 dual-rlan-ports ................... Disable oeap-600 local-network ..................... Enable mDNS snooping............................... Disabled mDNS Query Interval......................... 15 minutesshow network multicast mgid detail
To display all the clients joined to the multicast group in a specific multicast group identification (MGID), use the show network multicast mgid detail command.
Syntax Description
Examples
This example shows how to display details of the multicast database:
> show network multicast mgid detail Mgid ............................... 550 Multicast Group Address ............ 239.255.255.250 Vlan ............................... 0 Rx Packet Count .................... 807399588 No of clients ...................... 1 Client List ........................ Client MAC Expire TIme (mm:ss) 00:13:02:23:82:ad 0:20show network multicast mgid summary
To display all the multicast groups and their corresponding multicast group identifications (MGIDs), use the show network multicast mgid summary command.
Examples
This example shows how to display a summary of multicast groups and their MGIDs:
> show network multicast mgid summary Layer2 MGID Mapping: ------------------- InterfaceName vlanId MGID ----------------------------- ------ ----- management 0 0 test 0 9 wired 20 8 Layer3 MGID Mapping: ------------------- Number of Layer3 MGIDs ................ 1 Group address Vlan MGID ------------------ ----- ------ 239.255.255.250 0 550show nmsp notify-interval summary
To display the Network Mobility Services Protocol (NMSP) configuration settings, use the show nmsp notify-interval summary command.
show nmsp statistics
To display Network Mobility Services Protocol (NMSP) counters, use the show nmsp statistics command.
Syntax Description
Examples
This example shows how to display a summary of common NMSP counters:
> show nmsp statistics summary Send RSSI with no entry: 0 Send too big msg: 0 Failed SSL write: 0 Partial SSL write: 0 SSL write attempts to want write: Transmit Q full:0 Max Measure Notify Msg: 0 Max Info Notify Msg: 0 Max Tx Q Size: 2 Max Rx Size: 1 Max Info Notify Q Size: 0 Max Client Info Notify Delay: 0 Max Rogue AP Info Notify Delay: 0 Max Rogue Client Info Notify Delay: 0 Max Client Measure Notify Delay: 0 Max Tag Measure Notify Delay: 0 Max Rogue AP Measure Notify Delay: 0 Max Rogue Client Measure Notify Delay: 0 Max Client Stats Notify Delay: 0 Max Tag Stats Notify Delay: 0 RFID Measurement Periodic : 0 RFID Measurement Immediate : 0 Reconnect Before Conn Timeout: 0This example shows how to display all the connection-specific NMSP counters:
> show nmsp statistics connection all NMSP Connection Counters Connection 1 : Connection status: UP Freed Connection: 0 Nmsp Subscr Req: 0 NMSP Subscr Resp: 0 Info Req: 1 Info Resp: 1 Measure Req: 2 Measure Resp: 2 Stats Req: 2 Stats Resp: 2 Info Notify: 0 Measure Notify: 0 Loc Capability: 2 Location Req: 0 Location Rsp: 0 Loc Subscr Req: 0 Loc Subscr Rsp: 0 Loc Notif: 0 Loc Unsubscr Req: 0 Loc Unsubscr Rsp: 0 IDS Get Req: 0 IDS Get Resp: 0 IDS Notif: 0 IDS Set Req: 0 IDS Set Resp: 0show nmsp status
To display the status of active Network Mobility Services Protocol (NMSP) connections, use the show nmsp status command.
show nmsp subscription
To display the Network Mobility Services Protocol (NMSP) services that are active on the controller, use the show nmsp subscription command.
Syntax Description
Examples
This example shows how to display a summary of all the NMSP services to which the controller is subscribed:
> show nmsp subscription summary Mobility Services Subscribed: Server IP Services --------- -------- 10.10.10.31 RSSI, Info, StatisticsThis example shows how to display details of all the NMSP services:
> show nmsp subscription detail 10.10.10.31 Mobility Services Subscribed by 10.10.10.31 Services Sub-services -------- ------------ RSSI Mobile Station, Tags, Info Mobile Station, Statistics Mobile Station, Tags,show ntp-keys
show qos
Syntax Description
Displays QoS information for the bronze profile of the WLAN.
Displays QoS information for the platinum profile of the WLAN.
Displays QoS information for the silver profile of the WLAN.
Examples
This example shows how to display QoS information for the silver profile:
> show qos Description...................................... For Best Effort Maximum Priority................................. besteffort Unicast Default Priority......................... besteffort Multicast Default Priority....................... besteffort Per-SSID Rate Limits............................. Upstream Downstream Average Data Rate................................ 0 0 Average Realtime Data Rate....................... 0 0 Burst Data Rate.................................. 0 0 Burst Realtime Data Rate......................... 0 0 Per-Client Rate Limits........................... Upstream Downstream Average Data Rate................................ 0 0 Average Realtime Data Rate....................... 0 0 Burst Data Rate.................................. 0 0 Burst Realtime Data Rate......................... 0 0 protocol......................................... noneshow reset
Examples
This example shows how to display the scheduled system reset parameters:
> show reset System reset is scheduled for Mar 27 01 :01 :01 2010 Current local time and date is Mar 24 02:57:44 2010 A trap will be generated 10 minutes before each scheduled system reset. Use ‘reset system cancel’ to cancel the reset. Configuration will be saved before the system reset.show route kernel
Examples
This example shows how to display the kernel route cache information:
> show route kernel Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT dtl0 14010100 00000000 0001 0 0 0 FFFFFF00 0 0 0 dtl0 28282800 00000000 0001 0 0 0 FFFFFF00 0 0 0 dtl0 34010100 00000000 0001 0 0 0 FFFFFF00 0 0 0 eth0 02020200 00000000 0001 0 0 0 FFFFFF00 0 0 0 dtl0 33010100 00000000 0001 0 0 0 FFFFFF00 0 0 0 dtl0 0A010100 00000000 0001 0 0 0 FFFFFF00 0 0 0 dtl0 32010100 00000000 0001 0 0 0 FFFFFF00 0 0 0 dtl0 0A000000 0202020A 0003 0 0 0 FF000000 0 0 0 lo 7F000000 00000000 0001 0 0 0 FF000000 0 0 0 dtl0 00000000 0A010109 0003 0 0 0 00000000 0 0 0show route summary
To display the routes assigned to the Cisco wireless LAN controller service port, use the show route summary command.
show sessions
To display the console port login timeout and maximum number of simultaneous command-line interface (CLI) sessions, use the show sessions command.
Examples
This example shows how to display the CLI session configuration setting:
> show sessions CLI Login Timeout (minutes)............ 0 Maximum Number of CLI Sessions......... 5The response indicates that the CLI sessions never time out and that the Cisco wireless LAN controller can host up to five simultaneous CLI sessions.
show snmpcommunity
To display Simple Network Management Protocol (SNMP) community entries, use the show snmpcommunity command.
Examples
This example shows how to display SNMP community entries:
> show snmpcommunity SNMP Community Name Client IP Address Client IP Mask Access Mode Status ------------------- ----------------- ----------------- ----------- -------- public 0.0.0.0 0.0.0.0 Read Only Enable ********** 0.0.0.0 0.0.0.0 Read/Write Enableshow snmpengineID
show snmptrap
To display Cisco wireless LAN controller Simple Network Management Protocol (SNMP) trap receivers and their status, use the show snmptrap command.
show snmpv3user
To display Simple Network Management Protocol (SNMP) version 3 configuration, use the show snmpv3user command.
show snmpversion
To display which versions of Simple Network Management Protocol (SNMP) are enabled or disabled on your controller, use the show snmpversion command.
show switchconfig
To display parameters that apply to the Cisco wireless LAN controller, use the show switchconfig command.
Examples
This example shows how to display parameters that apply to the Cisco wireless LAN controller:
> show switchconfig 802.3x Flow Control Mode......................... Disabled FIPS prerequisite features....................... Enabled Boot Break....................................... Enabled secret obfuscation............................... Enabled Strong Password Check Features: case-check ...........Disabled consecutive-check ....Disabled default-check .......Disabled username-check ......Disabledshow sysinfo
Examples
This example shows how to display wireless LAN controller information:
> show sysinfo Manufacturer's Name.............................. Cisco Systems Inc. Product Name..................................... Cisco Controller Product Version.................................. 6.0.133.0 Build Information................................ Tue Mar 31 11:44:12 PDT 2009 Bootloader Version............................... 0.14.0 Field Recovery Image Version..................... 5.3.38.0-BL-9-16 Firmware Version................................. FPGA 1.0, Env 0.8, USB console 1.27 Build Type....................................... DATA + WPS System Name...................................... 5500 System Location.................................. System Contact................................... System ObjectID.................................. 1.3.6.1.4.1.9.1.1 IP Address....................................... 10.10.10.7 Last Reset....................................... Software reset System Up Time................................... 1 days 15 hrs 17 mins 48 secs System Timezone Location.................... Current Boot License Level....................... wplus Current Boot License Type........................ Permanent Next Boot License Level.......................... wplus Next Boot License Type........................... Permanent Configured Country............................... US - United States Operating Environment............................ Commercial (0 to 40 C) Internal Temp Alarm Limits....................... 0 to 65 C Internal Temperature............................. +45 C External Temperature............................. +29 C Fan Status....................................... OK State of 802.11b Network......................... Enabled State of 802.11a Network......................... Disabled Number of WLANs.................................. 18 3rd Party Access Point Support................... Disabled Number of Active Clients......................... 1 Burned-in MAC Address............................ 00:00:1B:EE:12:E0 Power Supply 1................................... Not Available Power Supply 2................................... Not Available Maximum number of APs supported.................. 250show tech-support
To display Cisco wireless LAN controller variables frequently requested by Cisco Technical Assistance Center (TAC), use the show tech-support command.
Examples
This example shows how to display system resource information:
> show tech-support Current CPU Load................................. 0% System Buffers Max Free Buffers.............................. 4608 Free Buffers.................................. 4604 Buffers In Use................................ 4 Web Server Resources Descriptors Allocated......................... 152 Descriptors Used.............................. 3 Segments Allocated............................ 152 Segments Used................................. 3 System Resources Uptime........................................ 747040 Secs Total Ram..................................... 127552 Kbytes Free Ram...................................... 19540 Kbytes Shared Ram.................................... 0 Kbytes Buffer Ram.................................... 460 Kbytesshow time
Examples
This example shows how to display the controller time and date when authentication is not enabled:
> show time Time............................................. Wed Apr 13 09:29:15 2011 Timezone delta................................... 0:0 Timezone location........................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata NTP Servers NTP Polling Interval......................... 3600 Index NTP Key Index NTP Server NTP Msg Auth Status ------- --------------------------------------------------------------- 1 0 9.2.60.60 AUTH DISABLEDThis example shows successful authentication of NTP Message results in the AUTH Success:
> show time Time............................................. Thu Apr 7 13:56:37 2011 Timezone delta................................... 0:0 Timezone location........................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata NTP Servers NTP Polling Interval......................... 3600 Index NTP Key Index NTP Server NTP Msg Auth Status ------- --------------------------------------------------------------- 1 1 9.2.60.60 AUTH SUCCESSThis example shows that if the packet received has errors, then the NTP Msg Auth status will show AUTH Failure:
> show time Time............................................. Thu Apr 7 13:56:37 2011 Timezone delta................................... 0:0 Timezone location........................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata NTP Servers NTP Polling Interval......................... 3600 Index NTP Key Index NTP Server NTP Msg Auth Status ------- --------------------------------------------------------------- 1 10 9.2.60.60 AUTH FAILUREThis example shows that if there is no response from NTP server for the packets, the NTP Msg Auth status will be blank:
> show time Time............................................. Thu Apr 7 13:56:37 2011 Timezone delta................................... 0:0 Timezone location................................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata NTP Servers NTP Polling Interval......................... 3600 Index NTP Key Index NTP Server NTP Msg Auth Status ------- --------------------------------------------------------------- 1 11 9.2.60.60show trapflags
To display the Cisco wireless LAN controller Simple Network Management Protocol (SNMP) trap flags, use the show trapflags command.
Examples
This example shows how to display controller SNMP trap flags:
> show trapflags Authentication Flag............................ Enable Link Up/Down Flag.............................. Enable Multiple Users Flag............................ Enable Spanning Tree Flag............................. Enable Client Related Traps 802.11 Disassociation......................... Disable 802.11 Association.............................Disabled 802.11 Deauthenticate......................... Disable 802.11 Authenticate Failure................... Disable 802.11 Association Failure.................... Disable Authentication.................................Disabled Excluded...................................... Disable Max Client Warning Threshold.................. 90% Nac-Alert Traps................................. Disabled RFID Related Traps Max RFIDs Warning Threshold..................... 90% 802.11 Security related traps WEP Decrypt Error............................. Enable IDS Signature Attack............................ Disable Cisco AP Register...................................... Enable InterfaceUp................................... Enable Auto-RF Profiles Load.......................................... Enable Noise......................................... Enable Interference.................................. Enable Coverage...................................... Enable Auto-RF Thresholds tx-power...................................... Enable channel....................................... Enable antenna....................................... Enable AAA auth.......................................... Enable servers....................................... Enable rogueap........................................ Enable adjchannel-rogueap............................... Disabled wps............................................ Enable configsave..................................... Enable IP Security esp-auth...................................... Enable esp-replay.................................... Enable invalidSPI.................................... Enable ike-neg....................................... Enable suite-neg..................................... Enable invalid-cookie................................ Enable Mesh auth failure.................................... Enabled child excluded parent........................... Enabled parent change................................... Enabled child moved..................................... Enabled excessive parent change......................... Enabled onset SNR....................................... Enabled abate SNR....................................... Enabled console login................................... Enabled excessive association........................... Enabled default bridge group name....................... Enabled excessive hop count............................. Disabled excessive children.............................. Enabled sec backhaul change............................. Disabledshow traplog
To display the Cisco wireless LAN controller Simple Network Management Protocol (SNMP) trap log, use the show traplog command.
Examples
This example shows how to display controller SNMP trap log settings:
> show traplog Number of Traps Since Last Reset........... 2447 Number of Traps Since Log Last Displayed... 2447 Log System Time Trap --- ------------------------ ------------------------------------------------- 0 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:52:62:fe detected on Base Rad io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11 b/g) with RSSI: -78 and SNR: 10 1 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:52:19:d8 detected on Base Rad io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11 b/g) with RSSI: -72 and SNR: 16 2 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:26:a1:8d detected on Base Rad io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11 b/g) with RSSI: -82 and SNR: 6 3 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:14:b3:4f detected on Base Rad io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11 b/g) with RSSI: -56 and SNR: 30 Would you like to display more entries? (y/n)Config Commands
This section lists the config commands that you can use to configure the controller settings, and manage user accounts.
- Configure 802.11h Commands
- Configure 802.11 11n Support Commands
- Configure 802.11 CAC Commands
- Config 802.11 Commands
- Configure Advanced 802.11 Commands
- Configure AVC Commands
- Configure Band-Select Commands
- Configure Guest-LAN Commands
- Configure mDNS Commands
- Configure Management-User Commands
- Configure Net User Commands
- Configure Network Commands
- Configure QoS Commands
- Configure SNMP Commands
- Configure Trap Flag Commands
- Other Config Commands
- Saving Configurations
- Timeout Commands
- Clearing Configurations, Log files, and Other Actions
Configure 802.11h Commands
config 802.11h channelswitch
config 802.11h powerconstraint
Configure 802.11 11n Support Commands
- config 802.11 11nsupport
- config 802.11 11nsupport a-mpdu tx priority
- config 802.11 11nsupport a-mpdu tx scheduler
- config 802.11 11nsupport antenna
- config 802.11 11nsupport guard-interval
- config 802.11 11nsupport mcs tx
- config 802.11 11nsupport rifs
config 802.11 11nsupport
config 802.11 11nsupport a-mpdu tx priority
To specify the aggregation method used for 802.11n packets, use the config 802.11 11nsupport a-mpdu tx priority command.
Syntax Description
Usage Guidelines
Aggregation is the process of grouping packet data frames together rather than transmitting them separately. Two aggregation methods are available: Aggregated MAC Protocol Data Unit (A-MPDU) and Aggregated MAC Service Data Unit (A-MSDU). A-MPDU is performed in the software whereas A-MSDU is performed in the hardware.
Aggregated MAC Protocol Data Unit priority levels assigned per traffic type are as follows:
- 1—Background
- 2—Spare
- 0—Best effort
- 3—Excellent effort
- 4—Controlled load
- 5—Video, less than 100-ms latency and jitter
- 6—Voice, less than 10-ms latency and jitter
- 7—Network control
- all—Configure all of the priority levels at once.
NoteConfigure the priority levels to match the aggregation method used by the clients.
config 802.11 11nsupport a-mpdu tx scheduler
To configure the 802.11n-5 GHz A-MPDU transmit aggregation scheduler, use the config 802.11 11nsupport a-mpdu tx scheduler command.
Syntax Description
config 802.11 11nsupport antenna
To configure an access point to use a specific antenna, use the config 802.11 11nsupport antenna command.
Syntax Description
config 802.11 11nsupport guard-interval
config 802.11 11nsupport mcs tx
Configure 802.11 CAC Commands
- config 802.11 cac defaults
- config 802.11 cac video acm
- config 802.11 cac video cac-method
- config 802.11 cac video load-based
- config 802.11 cac video max-bandwidth
- config 802.11 cac media-stream
- config 802.11 cac multimedia
- config 802.11 cac video roam-bandwidth
- config 802.11 cac video sip
- config 802.11 cac video tspec-inactivity-timeout
- config 802.11 cac voice acm
- config 802.11 cac voice max-bandwidth
- config 802.11 cac voice roam-bandwidth
- config 802.11 cac voice tspec-inactivity-timeout
- config 802.11 cac voice load-based
- config 802.11 cac voice max-calls
- config 802.11 cac voice sip bandwidth
- config 802.11 cac voice sip codec
- config 802.11 cac voice stream-size
config 802.11 cac defaults
To configure the default Call Admission Control (CAC) parameters for the 802.11a and 802.11b/g network, use the config 802.11 cac defaults command.
Syntax Description
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable command. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to configure the default CAC parameters for the 802.11a network:
> config 802.11 cac defaultsRelated Commands
show cac video stats
show cac video summary
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video sip
config 802.11 cac video roam-bandwidth
config 802.11 cac load-based
config 802.11 cac media-stream
config 802.11 cac multimedia
config 802.11 cac video cac-method
debug cac
config 802.11 cac video acm
To enable or disable video Call Admission Control (CAC) for the 802.11a or 802.11b/g network, use the config 802.11 cac video acm command.
Syntax Description
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable, or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
config 802.11 cac video cac-method
To configure the Call Admission Control (CAC) method for video applications on the 802.11a or 802.11b/g network, use the config 802.11 cac video cac-method command.
Syntax Description
static Enables the static CAC method for video applications on the 802.11a or 802.11b/g network.
Static or bandwidth-based CAC enables the client to specify how much bandwidth or shared medium time is required to accept a new video request and in turn enables the access point to determine whether it is capable of accommodating the request.
load-based Enables the load-based CAC method for video applications on the 802.11a or 802.11b/g network.
Load-based or dynamic CAC incorporates a measurement scheme that takes into account the bandwidth consumed by all traffic types from itself, from co-channel access points, and by collocated channel interference. Load-based CAC also covers the additional bandwidth consumption results from PHY and channel impairment. The access point admits a new call only if the channel has enough unused bandwidth to support that call.
Load-based CAC is not supported if SIP-CAC is enabled.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable command. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Video CAC consists of two parts: Unicast Video-CAC and MC2UC CAC. If you need only Unicast Video-CAC, you must configure only static mode. If you need only MC2UC CAC, you must configure Static or Load-based CAC. Load-based CAC is not supported if SIP-CAC is enabled.
Examples
This example shows how to enable the static CAC method for video applications on the 802.11a network:
> config 802.11 cac video cac-method staticRelated Commands
show cac video stats
show cac video summary
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video sip
config 802.11 cac video roam-bandwidth
config 802.11 cac load-based
config 802.11 cac defaults
config 802.11 cac media-stream
config 802.11 cac multimedia
debug cac
config 802.11 cac video load-based
To enable or disable load-based Call Admission Control (CAC) for video applications on the 802.11a or 802.11b/g network, use the config 802.11 cac video load-based command.
Syntax Description
enable Enables load-based CAC for video applications on the 802.11a or 802.11b/g network.
Load-based or dynamic CAC incorporates a measurement scheme that takes into account the bandwidth consumed by all traffic types from itself, from co-channel access points, and by collocated channel interference. Load-based CAC also covers the additional bandwidth consumption results from PHY and channel impairment. The access point admits a new call only if the channel has enough unused bandwidth to support that call.
disable Disables load-based CAC method for video applications on the 802.11a or 802.11b/g network.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable command. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Video CAC consists of two parts: Unicast Video-CAC and MC2UC CAC. If you need only Unicast Video-CAC, you must configure only static mode. If you need only MC2UC CAC, you must configure Static or Load-based CAC. Load-based CAC is not supported if SIP-CAC is enabled.
NoteLoad-based CAC is not supported if SIP-CAC is enabled.
Examples
This example shows how to enable load-based CAC method for video applications on the 802.11a network:
> config 802.11 cac video load-based enableRelated Commands
show cac video stats
show cac video summary
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video sip
config 802.11 cac video roam-bandwidth
config 802.11 cac load-based
config 802.11 cac defaults
config 802.11 cac media-stream
config 802.11 cac multimedia
config 802.11 cac video cac-method
debug cac
config 802.11 cac video max-bandwidth
To set the percentage of the maximum bandwidth allocated to clients for video applications on the 802.11a or 802.11b/g network, use the config 802.11 cac video max-bandwidth command.
Syntax Description
Usage Guidelines
The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. Once the client reaches the value specified, the access point rejects new calls on this network.
NoteIf this parameter is set to zero (0), the controller assumes that you do not want to allocate any bandwidth and allows all bandwidth requests.
Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable, or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
config 802.11 cac media-stream
To configure media stream Call Admission Control (CAC) voice and video quality parameters for 802.11a and 802.11b networks, use the config 802.11 cac media-stream command.
config 802.11 { a | b} cac media-stream multicast-direct { max-retry-percent retry-percentage | min-client-rate dot11-rate}
Syntax Description
multicast-direct Configures CAC parameters for multicast-direct media streams.
max-retry-percent Configures the percentage of maximum retries that are allowed for multicast-direct media streams.
retry-percentage Percentage of maximum retries that are allowed for multicast-direct media streams.
min-client-rate Configures the minimum transmission data rate to the client for multicast-direct media streams.
dot11-rate Minimum transmission data rate to the client for multicast-direct media streams. Rate in kbps at which the client can operate.
If the transmission data rate is below this rate, either the video will not start or the client may be classified as a bad client. The bad client video can be demoted for better effort QoS or subject to denial. The available data rates are 6000, 9000, 12000, 18000, 24000, 36000, 48000, 54000, and 11n rates.
Command Default
The default value for the maximum retry percent is 80. If it exceeds 80, either the video will not start or the client might be classified as a bad client. The bad client video will be demoted for better effort QoS or is subject to denial.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable command. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to configure the maximum retry percent for multicast-direct media streams as 90 on a 802.11a network:
> config 802.11 cac media-stream multicast-direct max-retry-percent 90Related Commands
show cac video stats
show cac video summary
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video sip
config 802.11 cac video roam-bandwidth
config 802.11 cac load-based
config 802.11 cac defaults
config 802.11 cac multimedia
debug cac
config 802.11 cac multimedia
To configure the CAC media voice and video quality parameters for 802.11a and 802.11b networks, use the config 802.11 cac multimedia command.
Syntax Description
max-bandwidth Configures the percentage of maximum bandwidth allocated to Wi-Fi Multimedia (WMM) clients for voice and video applications on the 802.11a or 802.11b/g network.
bandwidth Percentage of the maximum bandwidth allocated to WMM clients for voice and video applications on the 802.11a or 802.11b/g network. Once the client reaches the specified value, the access point rejects new calls on this radio band. The range is from 5 to 85%.
Usage Guidelines
Call Admission Control (CAC) commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable command. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to configure the percentage of the maximum bandwidth allocated to WMM clients for voice and video applications on the 802.11a network:
> config 802.11 cac multimedia max-bandwidth 80Related Commands
show cac video stats
show cac video summary
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video sip
config 802.11 cac video roam-bandwidth
config 802.11 cac load-based
config 802.11 cac defaults
debug cac
config 802.11 cac video roam-bandwidth
To configure the percentage of the maximum allocated bandwidth reserved for roaming video clients on the 802.11a or 802.11b/g network, use the config 802.11 cac video roam-bandwidth command.
Syntax Description
Usage Guidelines
The controller reserves the specified bandwidth from the maximum allocated bandwidth for roaming video clients.
NoteIf this parameter is set to zero (0), the controller assumes that you do not want to do any bandwidth allocation and, therefore, allows all bandwidth requests.
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11 {a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11 {a | b} cac voice acm enable or config 802.11 {a | b} cac video acm enable command. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
config 802.11 cac video sip
To enable or disable video Call Admission Control (CAC) for non-traffic specifications (TSPEC) SIP clients using video applications on the 802.11a or 802.11b/g network, use the config 802.11 cac video sip command.
Syntax Description
enable Enables video CAC for non-TSPEC SIP clients using video applications on the 802.11a or 802.11b/g network.
When you enable video CAC for non-TSPEC SIP clients, you can use applications like Facetime and CIUS video calls.
disable Disables video CAC for non-TSPEC SIP clients using video applications on the 802.11a or 802.11b/g network.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11 {a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable command. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
- Enable call snooping on the WLAN on which the SIP client is present by entering the config wlan call-snoop enable wlan_id command.
config 802.11 cac video tspec-inactivity-timeout
To process or ignore the Call Admission Control (CAC) Wi-Fi Multimedia (WMM) traffic specifications (TSPEC) inactivity timeout received from an access point, use the config 802.11 cac video tspec-inactivity-timeout command.
Syntax Description
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to process the response to TSPEC inactivity timeout messages received from an access point:
> config 802.11a cac video tspec-inactivity-timeout enableThis example shows how to ignore the response to TSPEC inactivity timeout messages received from an access point:
> config 802.11a cac video tspec-inactivity-timeout ignoreconfig 802.11 cac voice acm
To enable or disable bandwidth-based voice Call Admission Control (CAC) for the 802.11a or 802.11b/g network, use the config 802.11 cac voice acm command.
Syntax Description
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
config 802.11 cac voice max-bandwidth
To set the percentage of the maximum bandwidth allocated to clients for voice applications on the 802.11a or 802.11b/g network, use the config 802.11 cac voice max-bandwidth command.
Syntax Description
Usage Guidelines
The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. Once the client reaches the value specified, the access point rejects new calls on this network.
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
config 802.11 cac voice roam-bandwidth
To configure the percentage of the Call Admission Control (CAC) maximum allocated bandwidth reserved for roaming voice clients on the 802.11a or 802.11b/g network, use the config 802.11 cac voice roam-bandwidth command.
Syntax Description
Usage Guidelines
The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. The controller reserves the specified bandwidth from the maximum allocated bandwidth for roaming voice clients.
NoteIf this parameter is set to zero (0), the controller assumes you do not want to allocate any bandwidth and therefore allows all bandwidth requests.
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
config 802.11 cac voice tspec-inactivity-timeout
To process or ignore the Wi-Fi Multimedia (WMM) traffic specifications (TSPEC) inactivity timeout received from an access point, use the config 802.11 cac voice tspec-inactivity-timeout command.
Syntax Description
Usage Guidelines
Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
config 802.11 cac voice load-based
To enable or disable load-based Call Admission Control (CAC) for the 802.11a or 802.11b/g network, use the config 802.11 cac voice load-based command.
Syntax Description
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
config 802.11 cac voice max-calls
NoteDo not use the config 802.11 cac voice max-calls command if the SIP call snooping feature is disabled and if the SIP based Call Admission Control (CAC) requirements are not met.
To configure the maximum number of voice call supported by the radio, use the config 802.11 cac voice max-calls command.
Syntax Description
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
config 802.11 cac voice sip bandwidth
NoteSIP bandwidth and sample intervals are used to compute per call bandwidth in case of the SIP-based Call Admission Control (CAC).
To configure the bandwidth that is required per call for the 802.11a or 802.11b/g network, use the config 802.11 cac voice sip bandwidth command.
Syntax Description
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
config 802.11 cac voice sip codec
To configure the Call Admission Control (CAC) codec name and sample interval as parameters and to calculate the required bandwidth per call for the 802.11a or 802.11b/g network, use the config 802.11 cac voice sip codec command.
Syntax Description
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to configure the codec name and sample interval as parameters for SIP G711 codec:
> config 802.11a cac voice sip codec g711 sample-interval 40This example shows how to configure the codec name and sample interval as parameters for SIP G729 codec:
> config 802.11a cac voice sip codec g729 sample-interval 40config 802.11 cac voice stream-size
To configure the number of aggregated voice Wi-Fi Multimedia (WMM) traffic specification (TSPEC) streams at a specified data rate for the 802.11a or 802.11b/g network, use the config 802.11 cac voice stream-size command.
config 802.11{ a | b} cac voice stream-size stream_size number mean_datarate max-streams mean_datarate
Syntax Description
Usage Guidelines
Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Config 802.11 Commands
Use the config 802.11 commands to configure settings for an 802.11 network.
- config 802.11 beacon period
- config 802.11 disable
- config 802.11 dtpc
- config 802.11 enable
- config 802.11 exp-bwreq
- config 802.11 fragmentation
- config 802.11 l2roam rf-params
- config 802.11 max-clients
- config 802.11 multicast data-rate
- config 802.11 rate
- config 802.11 tsm
config 802.11 beacon period
To change the beacon period globally for an 802.11a, 802.11b, or other supported 802.11 network, use the config 802.11 beacon period command.
config 802.11{ a | b} beacon period time_units
NoteDisable the 802.11 network before using this command. See the “Usage Guidelines” section.
Syntax Description
Usage Guidelines
In Cisco wireless LAN solution 802.11 networks, all Cisco lightweight access point wireless LANs broadcast a beacon at regular intervals. This beacon notifies clients that the 802.11a service is available and allows the clients to synchronize with the lightweight access point.
Before you change the beacon period, make sure that you have disabled the 802.11 network by using the config 802.11 disable command. After changing the beacon period, enable the 802.11 network by using the config 802.11 enable command.
config 802.11 disable
To disable radio transmission for an entire 802.11 network or for an individual Cisco radio, use the config 802.11 disable command.
Syntax Description
Usage Guidelines
NoteYou must use this command to disable the network before using many config 802.11 commands.
This command can be used any time that the CLI interface is active.
config 802.11 dtpc
config 802.11 enable
To enable radio transmission for an entire 802.11 network or for an individual Cisco radio, use the config 802.11 enable command.
Syntax Description
Usage Guidelines
NoteUse this command in conjunction with the config 802.11 disable command when configuring 802.11 settings.
This command can be used any time that the CLI interface is active.
config 802.11 exp-bwreq
To enable or disable the Cisco Client eXtension (CCX) version 5 expedited bandwidth request feature for an 802.11 radio, use the config 802.11 exp-bwreq command.
Syntax Description
Usage Guidelines
When this command is enabled, the controller configures all joining access points for this feature.
config 802.11 fragmentation
To configure the fragmentation threshold on an 802.11 network, use the config 802.11 fragmentation command.
config 802.11{ a | b} fragmentation threshold
NoteThis command can only be used when the network is disabled using the config 802.11 disable command.
Syntax Description
config 802.11 l2roam rf-params
To configure 802.11a or 802.11b/g Layer 2 client roaming parameters, use the config 802.11 l2roam rf-params command.
config 802.11{ a | b} l2roam rf-params { default | custom min_rssi roam_hyst scan_thresh trans_time}
Syntax Description
Usage Guidelines
For high-speed client roaming applications in outdoor mesh environments, we recommend that you set the trans_time to 1 second.
config 802.11 max-clients
To configure the maximum number of clients per access point, use the config 802.11 max-clients command.
Syntax Description
Configures the maximum number of client connections per access point.
max-clients
Maximum number of client connections per access point. The range is from 1 to 200.
config 802.11 multicast data-rate
Syntax Description
Minimum multicast data rates. The options are 6, 9, 12, 18, 24, 36, 48, 54. Enter 0 to specify that APs will dynamically adjust the number of the buffer allocated for multicast.
Command Default
The default is 0 where the configuration is disabled and the multicast rate is the lowest mandatory data rate and unicast client data rate.
Usage Guidelines
When you configure the datarate without the AP name or default keyword, you globally reset all the APs to the new value and update the controller global default with this new datarate value. If you configure the data-rate with default keyword, you only update the controller global default value and do not reset the value of APs already joined the controller. The APs that join the controller after the new datarate value is set will receive the new datarate value.
config 802.11 rate
To set mandatory and supported operational data rates for an 802.11 network, use the config 802.11 rate command.
Syntax Description
Specifies that a client supports the data rate in order to use the network.
Specifies to allow any associated client that supports the data rate to use the network.
Usage Guidelines
The data rates set with this command are negotiated between the client and the Cisco wireless LAN controller. If the data rate is set to mandatory, the client must support it in order to use the network. If a data rate is set as supported by the Cisco wireless LAN controller, any associated client that also supports that rate may communicate with the Cisco lightweight access point using that rate. It is not required that a client is able to use all the rates marked supported in order to associate.
config 802.11 tsm
To enable or disable the video Traffic Stream Metric (TSM) option for the 802.11a or 802.11b/g network, use the config 802.11 tsm command.
Syntax Description
Configure Advanced 802.11 Commands
- config advanced 802.11 7920VSIEConfig
- config advanced 802.11 edca-parameters
- config advanced fastpath fastcache
- config advanced fastpath pkt-capture
- config advanced sip-preferred-call-no
- config advanced sip-snooping-ports
config advanced 802.11 7920VSIEConfig
To configure the Cisco unified wireless IP phone 7920 VISE parameters, use the config advanced 802.11 7920VSIEConfig command.
config advanced 802.11{ a | b} 7920VSIEConfig { call-admission-limit limit | G711-CU-Quantum quantum}
Syntax Description
config advanced 802.11 edca-parameters
To enable a specific enhanced distributed channel access (EDCA) profile on the 802.11a network, use the config advanced 802.11 edca-parameters command.
config advanced 802.11{ a | b} edca-parameters { wmm-default | svp-voice | optimized-voice | optimized-video-voice | custom-voice}
Syntax Description
Enables the Wi-Fi Multimedia (WMM) default parameters. Choose this option when voice or video services are not deployed on your network.
Enables Spectralink voice priority parameters. Choose this option if Spectralink phones are deployed on your network to improve the quality of calls.
Enables EDCA voice-optimized profile parameters. Choose this option when voice services other than Spectralink are deployed on your network.
Enables EDCA voice- and video-optimized profile parameters. Choose this option when both voice and video services are deployed on your network.
Note If you deploy video services, admission control (ACM) must be disabled.
Enables custom voice EDCA parameters for 802.11a. The EDCA parameters under this option also match the 6.0 WMM EDCA parameters when this profile is applied.
config advanced fastpath fastcache
config advanced fastpath pkt-capture
config advanced sip-preferred-call-no
Syntax Description
Usage Guidelines
Before you configure voice prioritization, you must complete the following prerequisites:
- Set the voice to the platinum QoS level by entering the config wlan qos wlan-id platinum command.
- Enable the admission control (ACM) to this radio by entering the config 802.11 {a | b} cac {voice | video} acm enable command.
- Enable the call-snooping feature for a particular WLAN by entering the config wlan call-snoop enable wlan-id command. To view statistics about preferred calls, enter the show ap stats {802.11{a | b} | wlan} cisco_ap command.
config advanced sip-snooping-ports
Syntax Description
start_port Starting port for call snooping. The range is from 0 to 65535.
end_port Ending port for call snooping. The range is from 0 to 65535.
Usage Guidelines
If you need only a single port for call snooping, configure the start and end port with the same number.
The port used by the CIUS tablet is 5060 and the port range used by Facetime is from 16384 to16402.
Configure AVC Commands
Use the config avc commands to configure Application and Visibility settings on the controller.
config avc profile create
To create a new Application Visibility and Control (AVC) profile, use the config avc profile create command.
Syntax Description
profile_name Name of the AVC profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.
create Creates a new AVC profile.
Usage Guidelines
You can configure up to 16 AVC profiles on a controller and associate an AVC profile with multiple WLANs. You can configure only one AVC profile per WLAN and each AVC profile can have up to 32 rules. Each rule states a Mark or Drop action for an application, which allows you to configure up to 32 application actions per WLAN.
config avc profile rule
config avc profile profile_name rule { add | remove} application application_name { drop | mark dscp}
Syntax Description
profile_name Name of the AVC profile.
rule Configures a rule for the AVC profile.
add Creates a rule for the AVC profile.
remove Deletes a rule for the AVC profile.
application Specifies the application that has to be dropped or marked.
application_name Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
drop Drops the upstream and downstream packets that correspond to the chosen application.
mark Marks the upstream and downstream packets that correspond to the chosen application with the Differentiated Services Code Point (DSCP) value that you specify in the drop-down list. The DSCP value helps you provide differentiated services based on the QoS levels.
dscp Packet header code that is used to define the QoS across the Internet. The range is from 0 to 63.
config wlan avc
Syntax Description
wlan_id Wireless LAN identifier from 1 to 512.
profile Associates or removes an AVC profile from a WLAN.
profile_name Name of the AVC profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.
visibility Configures application visibility on a WLAN.
enable Enables application visibility on a WLAN. You can view the classification of applications based on the Network Based Application Recognition (NBAR) deep packet inspection technology.
Use the show avc statistics client command to view the client AVC statistics.
disable Disables application visibility on a WLAN.
Usage Guidelines
You can configure only one AVC profile per WLAN and each AVC profile can have up to 32 rules. Each rule states a Mark or Drop action for an application, which allows you to configure up to 32 application actions per WLAN. You can configure up to 16 AVC profiles on a controller and associate an AVC profile with multiple WLANs.
Examples
This example shows how to associate an AVC profile with a WLAN:
> config wlan avc 5 profile profile1 enableConfigure Band-Select Commands
- config band-select cycle-count
- config band-select cycle-threshold
- config band-select expire
- config band-select client-rssi
config band-select cycle-count
config band-select cycle-threshold
config band-select expire
config band-select client-rssi
Configure Guest-LAN Commands
- config guest-lan
- config guest-lan custom-web ext-webauth-url
- config guest-lan custom-web global disable
- config guest-lan custom-web login_page
- config guest-lan custom-web webauth-type
- config guest-lan ingress-interface
- config guest-lan interface
- config guest-lan mobility anchor
- config guest-lan nac
- config guest-lan security
config guest-lan
config guest-lan custom-web ext-webauth-url
To redirect guest users to an external server before accessing the web login page, use the config guest-lan custom-web ext-webauth-url command to specify the URL of the external server.
Syntax Description
config guest-lan custom-web global disable
To use a guest-LAN specific custom web configuration rather than a global custom web configuration, use the config guest-lan custom-web global disable command.
Syntax Description
Usage Guidelines
If you enter the config guest-lan custom-web global enable guest_lan_id command, the custom web authentication configuration at the global level is used.
config guest-lan custom-web login_page
config guest-lan custom-web webauth-type
To define the web login page for wired guest users, use the config guest-lan custom-web webauth-type command.
Syntax Description
Displays the default web login page for the controller. This is the default value.
Displays the custom web login page that was previously configured.
config guest-lan ingress-interface
To configure the wired guest VLAN’s ingress interface which provides a path between the wired guest client and the controller by way of the Layer 2 access switch, use the config guest-lan ingress-interface command.
Syntax Description
config guest-lan interface
To configure an egress interface to transmit wired guest traffic out of the controller, use the config guest-lan interface command.
Syntax Description
config guest-lan mobility anchor
Syntax Description
Examples
This example shows how to delete a mobility anchor for WAN ID 4 and the anchor IP 192.168.0.14:
> config guest-lan mobility anchor delete 4 192.168.0.14Related Commands
config mobility group domain
config mobility group keepalive count
config mobility group keepalive interval
config mobility group member
config mobility group multicast-address
config mobility multicast-mode
config mobility secure-mode
config wlan mobility anchor
debug mobility
show mobility anchor
show mobility statistics
show mobility summary
config guest-lan nac
config guest-lan security
To configure the security policy for the wired guest LAN, use the config guest-lan security command.
config guest-lan security { web-auth { enable | disable | acl | server-precedence} guest_lan_id | web-passthrough { acl | email-input | disable | enable} guest_lan_id}
Syntax Description
Configures the authentication server precedence order for web authentication users.
Specifies the web captive portal with no authentication required.
Configure mDNS Commands
Use the config mdns commands to configure Multicast DNS (mDNS) settings on the controller.
- config interface group mdns-profile
- config interface mdns-profile
- config mdns profile
- config mdns query interval
- config mdns service
- config mdns snooping
- config wlan mdns
config interface group mdns-profile
To configure an mDNS profile for an interface group, use the config interface group mdns-profile command.
Syntax Description
all Configures an mDNS profile for all interface groups.
interface-group-name Name of the interface group to which the mDNS profile has to be associated. The interface group name can be up to 32 case-sensitive, alphanumeric characters.
profile-name Name of the mDNS profile.
none Removes all existing mDNS profiles from the interface group. You cannot configure mDNS profiles on the interface group.
config interface mdns-profile
Syntax Description
management Configures an mDNS profile for the management interface.
all Configures an mDNS profile for all interfaces.
interface-name Name of the interface on which the mDNS profile has to be configured. The interface name can be up to 32 case-sensitive, alphanumeric characters.
profile-name Name of the mDNS profile.
none Removes all existing mDNS profiles from the interface. You cannot configure mDNS profiles on the interface.
config mdns profile
To configure an mDNS profile and associate a service with the profile, use the config mdns profile command.
Syntax Description
create Creates an mDNS profile.
delete Deletes an mDNS profile. If the profile is associated to an interface group, an interface, or a WLAN, an error appears.
service Configures an mDNS service.
add Adds an mDNS service to an mDNS profile.
delete Deletes an mDNS service from an mDNS profile.
service -name Name of the mDNS service.
profile_name Name of the mDNS profile. You can create a maximum of 16 profiles.
Usage Guidelines
After creating a new profile, you must map the profile to an interface group, an interface, or a WLAN. Clients receive service advertisements only for the services associated with the profile. The controller gives the highest priority to the profiles associated to interface groups, followed by the interface profiles, and then the WLAN profiles. Each client is mapped to a profile based on the order of priority.
By default, the controller has an mDNS profile, default-mdns-profile. You cannot delete this default profile.
Examples
This example shows how to add the Apple TV mDNS service to the mDNS profile1:
> config mdns profile create profile1 Apple TVconfig mdns query interval
Syntax Description
interval_value mDNS query interval, in minutes that you can set. The query interval is the frequency at which the controller sends periodic queries to all the services defined in the Master Service database. The range is from 10 to 120 minutes.
Usage Guidelines
The controller snoops and learns about the mDNS service advertisements only if the service is available in the Master Services database. mDNS uses the multicast IP address 224.0.0.251 as the destination address and 5353 as UDP destination port.
config mdns service
config mdns service { create service_name service_string query { enable | disable} | delete service_name | query { enable | disable}}
Syntax Description
create Adds a new mDNS service to the Master Services database.
service_name Name of the mDNS service. For example, Air Tunes, iTunes Music Sharing, FTP, Apple File Sharing Protocol (AFP).
service_string Unique string associated to an mDNS service. For example,“ _airplay._tcp.local.” is the service string associated with Apple TV.
query Configures the query status for the mDNS service.
enable Enables periodic query for an mDNS service by the controller.
disable Disables periodic query for an mDNS service by the controller.
delete Deletes an mDNS service from the Master Services database. Before deleting the service, the controller checks if any profile uses the service. You must delete the service from all profiles before deleting the service.
Usage Guidelines
The controller snoops and learns about the mDNS service advertisements only if the service is available in the Master Services database. The controller can snoop and learn a maximum of 64 services.
Examples
This example shows how to add the Apple TV mDNS service to the Master Services database:
> config mdns service create Apple TV _airplay._tcp.local. query enableconfig mdns snooping
config wlan mdns
Syntax Description
enable Enables mDNS snooping on a WLAN.
disable Disables mDNS snooping on a WLAN.
profile Configures an mDNS profile for a WLAN.
profile-name Name of the mDNS profile to be associated with a WLAN.
none Removes all existing mDNS profiles from the WLAN. You cannot configure mDNS profiles on the WLAN.
wlan_id Wireless LAN identifier from 1 to 512.
all Configures the mDNS profile for all WLANs.
Usage Guidelines
You must disable the WLAN before you use this command. Clients receive service advertisements only for the services associated with the profile. The controller gives the highest priority to the profiles associated to interface groups, followed by the interface profiles, and then the WLAN profiles. Each client is mapped to a profile based on the order of priority.
Examples
This example shows how to configure an mDNS profile for a WLAN:
> config wlan mdns profile profile1 1Configure Management-User Commands
config mgmtuser add
To add a local management user to the Cisco wireless LAN controller, use the config mgmtuser add command.
Syntax Description
Account username. The username can be up to 24 alphanumeric characters.
Account password. The password can be up to 24 alphanumeric characters.
(Optional) Description of the account. The description can be up to 32 alphanumeric characters within double quotes.
config mgmtuser delete
config mgmtuser description
To add a description to an existing management user login to the Cisco wireless LAN controller, use the config mgmtuser description command.
Syntax Description
Account username. The username can be up to 24 alphanumeric characters.
Description of the account. The description can be up to 32 alphanumeric characters within double quotes.
config mgmtuser password
Syntax Description
Account username. The username can be up to 24 alphanumeric characters.
Account password. The password can be up to 24 alphanumeric characters.
Configure Net User Commands
- config netuser add
- config netuser delete
- config netuser description
- config netuser guest-lan-id
- config netuser guest-role apply
- config netuser guest-role create
- config netuser guest-role delete
- config netuser guest-role qos data-rate average-data-rate
- config netuser guest-role qos data-rate average-realtime-rate
- config netuser guest-role qos data-rate burst-data-rate
- config netuser guest-role qos data-rate burst-realtime-rate
- config netuser lifetime
- config netuser maxUserLogin
- config netuser password
- config netuser wlan-id
config netuser add
To add a guest user on a WLAN or wired guest LAN to the local user database on the controller, use the config netuser add command.
config netuser add username password { wlan wlan_id | guestlan guestlan_id} userType guest lifetime lifetime description description
Syntax Description
Guest username. The username can be up to 50 alphanumeric characters.
User password. The password can be up to 24 alphanumeric characters.
Specifies the wireless LAN identifier to associate with or zero for any wireless LAN.
Wireless LAN identifier assigned to the user. A zero value associates the user with any wireless LAN.
Specifies the guest LAN identifier to associate with or zero for any wireless LAN.
Lifetime value (60 to 259200 or 0) in seconds for the guest user.
Note Short description of user. The description can be up to 32 characters enclosed in double-quotes.
Usage Guidelines
Local network usernames must be unique because they are stored in the same database.
Examples
This example shows how to add a permanent username Jane to the wireless network for 1 hour:
> config netuser add jane able2 1 wlan_id 1 userType permanentThis example shows how to add a guest username George to the wireless network for 1 hour:
> config netuser add george able1 guestlan 1 3600config netuser delete
config netuser description
Syntax Description
Network username. The username can contain up to 24 alphanumeric characters.
(Optional) User description. The description can be up to 32 alphanumeric characters enclosed in double quotes.
config netuser guest-lan-id
Syntax Description
Network username. The username can be 24 alphanumeric characters.
Wired guest LAN identifier to associate with the user. A zero value associates the user with any wired LAN.
config netuser guest-role apply
To apply a quality of service (QoS) role to a guest user, use the config netuser guest-role apply command.
Syntax Description
Usage Guidelines
If you do not assign a QoS role to a guest user, the Role field in the User Details shows the role as default. The bandwidth contracts for this user are defined in the QoS profile for the WLAN.
If you want to unassign a QoS role from a guest user, use the config netuser guest-role apply username default. This user now uses the bandwidth contracts defined in the QoS profile for the WLAN.
config netuser guest-role create
config netuser guest-role delete
config netuser guest-role qos data-rate average-data-rate
To configure the average data rate for TCP traffic on a per user basis, use the config netuser guest-role qos data-rate average-data-rate command.
Syntax Description
Usage Guidelines
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
config netuser guest-role qos data-rate average-realtime-rate
To configure the average data rate for TCP traffic on a per user basis, use the config netuser guest-role qos data-rate average-realtime-rate command.
Syntax Description
Usage Guidelines
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
config netuser guest-role qos data-rate burst-data-rate
To configure the peak data rate for TCP traffic on a per user basis, use the config netuser guest-role qos data-rate burst-data-rate command.
Syntax Description
Usage Guidelines
The burst data rate should be greater than or equal to the average data rate. Otherwise, the QoS policy may block traffic to and from the wireless client.
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
config netuser guest-role qos data-rate burst-realtime-rate
To configure the burst real-time data rate for UDP traffic on a per user basis, use the config netuser guest-role qos data-rate burst-realtime-rate command.
Syntax Description
Usage Guidelines
The burst real-time rate should be greater than or equal to the average real-time rate. Otherwise, the quality of service (QoS) policy may block traffic to and from the wireless client.
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
config netuser lifetime
config netuser maxUserLogin
To configure the maximum number of login sessions allowed for a network user, use the config netuser maxUserLogin command.
Syntax Description
config netuser password
config netuser wlan-id
Syntax Description
Network username. The username can be 24 alphanumeric characters.
Wireless LAN identifier to associate with the user. A zero value associates the user with any wireless LAN.
Configure Network Commands
- config network 802.3-bridging
- config network allow-old-bridge-aps
- config network ap-discovery
- config network ap-fallback
- config network ap-priority
- config network apple-talk
- config network arptimeout
- config network bridging-shared-secret
- config network broadcast
- config network fast-ssid-change
- config network ip-mac-binding
- config network master-base
- config network mgmt-via-wireless
- config network multicast global
- config network multicast igmp query interval
- config network multicast igmp snooping
- config network multicast igmp timeout
- config network multicast l2mcast
- config network multicast mld
- config network multicast mode multicast
- config network multicast mode unicast
- config network oeap-600 dual-rlan-ports
- config network oeap-600 local-network
- config network otap-mode
- config network rf-network-name
- config network secureweb
- config network secureweb cipher-option
- config network ssh
- config network telnet
- config network usertimeout
- config network web-auth captive-bypass
- config network web-auth cmcc-support
- config network web-auth port
- config network web-auth proxy-redirect
- config network web-auth secureweb
- config network webmode
- config network web-auth
- config network zero-config
config network 802.3-bridging
Syntax Description
Usage Guidelines
In controller software release 5.2, the software-based forwarding architecture for Cisco 2100 Series Controllers is being replaced with a new forwarding plane architecture. As a result, Cisco 2100 Series Controllers and the Cisco wireless LAN controller Network Module for Cisco Integrated Services Routers bridge 802.3 packets by default. Therefore, 802.3 bridging can now be disabled only on Cisco 4400 Series Controllers, the Cisco WiSM, and the Catalyst 3750G Wireless LAN Controller Switch.
To determine the status of 802.3 bridging, enter the show netuser guest-roles command.
config network allow-old-bridge-aps
config network ap-discovery
To enable or disable NAT IP in an AP discovery response, use the config network ap-discovery command.
Syntax Description
Enables use of NAT IP only in discovery response. This is the default.
Enables use of both NAT IP and non NAT IP in discovery response.
Usage Guidelines
If the config interface nat-address management command is set, this command controls which address(es) are sent in the CAPWAP discovery responses.
If all APs are on the outside of the NAT gateway of the controller, enter the config network ap-discovery nat-ip-only enable command, and only the management NAT address is sent.
If the controller has both APs on the outside and the inside of its NAT gateway, enter the config network ap-discovery nat-ip-only disable command, and both the management NAT address and the management inside address are sent. Ensure that you have entered the config ap link-latency disable all command to avoid stranding APs.
config network ap-fallback
config network ap-priority
To enable or disable the option to prioritize lightweight access points so that after a controller failure they reauthenticate by priority rather than on a first-come-until-full basis, use the config network ap-priority command.
Syntax Description
Enables the lightweight access point priority reauthentication.
Disables the lightweight access point priority reauthentication.
config network arptimeout
config network bridging-shared-secret
Syntax Description
Usage Guidelines
This command creates a secret that encrypts backhaul user data for the mesh access points that connect to the switch.
The zero-touch configuration must be enabled for this command to work.
config network broadcast
Syntax Description
Usage Guidelines
This command allows you to enable or disable broadcasting. You must enable multicast mode before enabling broadcast forwarding. Use the config network multicast mode command to configure multicast mode on the controller.
NoteThe default multicast mode is unicast in case of all controllers except for Cisco 2106 Controllers. The broadcast packets and multicast packets can be independently controlled. If multicast is off and broadcast is on, broadcast packets still reach the access points, based on the configured multicast mode.
config network fast-ssid-change
To enable or disable fast Service Set Identifier (SSID) changing for mobile stations, use the config network fast-ssid-change command.
Syntax Description
Usage Guidelines
When you enable the Fast SSID Change feature, the controller allows clients to move between SSIDs. When the client sends a new association for a different SSID, the client entry in the controller connection table is cleared before the client is added to the new SSID.
When you disable the FastSSID Change feature, the controller enforces a delay before clients are allowed to move to a new SSID.
config network ip-mac-binding
To validate the source IP address and MAC address binding within client packets, use the config network ip-mac-binding command.
Syntax Description
Usage Guidelines
In controller software release 5.2, the controller enforces strict IP address-to-MAC address binding in client packets. The controller checks the IP address and MAC address in a packet, compares them to the addresses that are registered with the controller, and forwards the packet only if they both match. In previous releases, the controller checks only the MAC address of the client and ignores the IP address.
NoteYou might want to disable this binding check if you have a routed network behind a workgroup bridge (WGB).
config network master-base
To enable or disable the Cisco wireless LAN controller as an access point default master, use the config network master-base command.
Syntax Description
Enables the Cisco wireless LAN controller acting as a Cisco lightweight access point default master.
Disables the Cisco wireless LAN controller acting as a Cisco lightweight access point default master.
Usage Guidelines
This setting is only used upon network installation and should be disabled after the initial network configuration. Because the Master Cisco wireless LAN controller is normally not used in a deployed network, the Master Cisco wireless LAN controller setting can be saved from 6.0.199.0 or later releases.
config network mgmt-via-wireless
To enable Cisco wireless LAN controller management from an associated wireless client, use the config network mgmt-via-wireless command.
Syntax Description
Usage Guidelines
This feature allows wireless clients to manage only the Cisco wireless LAN controller associated with the client and the associated Cisco lightweight access point. That is, clients cannot manage another Cisco wireless LAN controller with which they are not associated.
config network multicast global
To enable or disable multicasting on the controller, use the config network multicast global command.
Syntax Description
Usage Guidelines
The config network broadcast {enable | disable} command allows you to enable or disable broadcasting without enabling or disabling multicasting as well. This command uses the multicast mode configured on the controller (by using the config network multicast mode command) to operate.
config network multicast igmp query interval
Syntax Description
config network multicast igmp snooping
config network multicast igmp timeout
Syntax Description
Usage Guidelines
You can enter a timeout value between 30 and 7200 seconds. The controller sends three queries in one timeout value at an interval of timeout/3 to see if any clients exist for a particular multicast group. If the controller does not receive a response through an IGMP report from the client, the controller times out the client entry from the MGID table. When no clients are left for a particular multicast group, the controller waits for the IGMP timeout value to expire and then deletes the MGID entry from the controller. The controller always generates a general IGMP query (to destination address 224.0.0.1) and sends it on all WLANs with an MGID value of 1.
config network multicast l2mcast
To configure the Layer 2 multicast on an interface or all interfaces, use the config network multicast l2mcast command.
Syntax Description
config network multicast mld
To configure the Multicast Listener Discovery (MLD) parameters, use the config network multicast mld command.
config network multicast mld { query interval interval-value | snooping { enable | disable} | timeout timeout-value}
Syntax Description
Query interval in seconds. The range is from 15 to 2400 seconds.
Timeout value in seconds. The range is from 30 seconds to 7200 seconds.
config network multicast mode multicast
To configure the controller to use the multicast method to send broadcast or multicast packets to an access point, use the config network multicast mode multicast command.
config network multicast mode unicast
config network oeap-600 dual-rlan-ports
To configure the Ethernet port 3 of Cisco OfficeExtend 600 Series access points to operate as a remote LAN port in addition to port 4, use the config network oeap-600 dual-rlan-ports command.
Syntax Description
Enables Ethernet port 3 of Cisco OfficeExtend 600 Series access points to operate as a remote LAN port in addition to port 4.
Resets the Ethernet port 3 Cisco OfficeExtend 600 Series access points to function as a local LAN port.
config network oeap-600 local-network
To configure access to the local network for the Cisco 600 Series OfficeExtend access points, use the config network oeap-600 local-network command.
Syntax Description
Enables access to the local network for the Cisco 600 Series OfficeExtend access points.
Disables access to the local network for the Cisco 600 Series OfficeExtend access points.
config network otap-mode
config network rf-network-name
config network secureweb
To change the state of the secure web (https is http and SSL) interface for management users, use the config network secureweb command.
Syntax Description
Usage Guidelines
This command allows management users to access the controller GUI using an http://ip-address. Web mode is not a secure connection.
config network secureweb cipher-option
To enable or disable secure web mode with increased security, or to enable or disable Secure Sockets Layer (SSL v2) for web administration and web authentication, use the config network secureweb cipher-option command.
Syntax Description
Configures whether or not 128-bit ciphers are required for web administration and web authentication.
Configures SSLv2 for both web administration and web authentication.
rc4-preference
Configures preference for RC4-SHA (Rivest Cipher 4-Secure Hash Algorithm) cipher suites (over CBC cipher suites) for web authentication and web administration.
Command Default
The default is disabled for secure web mode with increased security and enabled for SSL v2.
Usage Guidelines
NoteThe config network secureweb cipher-option command allows users to access the controller GUI using an http://ip-address but only from browsers that support 128-bit (or larger) ciphers.
When cipher-option sslv2 is disabled, users cannot connect using a browser configured with SSLv2 only. They must use a browser that is configured to use a more secure protocol such as SSLv3 or later.
In RC4-SHA based cipher suites, RC4 is used for encryption and SHA is used for message authentication.
config network telnet
config network usertimeout
config network web-auth captive-bypass
To configure the controller to support bypass of captive portals at the network level, use the config network web-auth captive-bypass command.
Syntax Description
config network web-auth cmcc-support
config network web-auth port
To configure an additional port to be redirected for web authentication at the network level, use the config network web-auth port command.
Syntax Description
config network web-auth proxy-redirect
To configure proxy redirect support for web authentication clients, use the config network web-auth proxy-redirect command.
Syntax Description
Allows proxy redirect support for web authentication clients.
Disallows proxy redirect support for web authentication clients.
config network web-auth secureweb
To configure the secure web (https) authentication for clients, use the config network web-auth secureweb command.
Syntax Description
config network web-auth
Syntax Description
Configures additional ports for web authentication redirection.
Configures proxy redirect support for web authentication clients.
Enables proxy redirect support for web authentication clients.
Note Web-auth proxy redirection will be enabled for ports 80, 8080, and 3128, along with user defined port 345.
Disables proxy redirect support for web authentication clients.
Configure QoS Commands
Use the config qos commands to configure Quality of Service (QoS) settings.
- config qos average-data-rate
- config qos average-realtime-rate
- config qos burst-data-rate
- config qos burst-realtime-rate
- config qos description
- config qos max-rf-usage
- config qos dot1p-tag
- config qos priority
- config qos protocol-type
- config qos queue_length
config qos average-data-rate
To define the average data rate in Kbps for TCP traffic per user or per service set identifier (SSID), use the config qos average-data-rate command.
config qos average-data-rate { bronze | silver | gold | platinum} { per-ssid | per-client} { downstream | upstream} rate
Syntax Description
per-ssid Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
per-client Configures the rate limit for each client associated with the SSID.
downstream Configures the rate limit for downstream traffic.
upstream Configures the rate limit for upstream traffic.
Average data rate for TCP traffic per user. A value between 0 and 51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
config qos average-realtime-rate
To define the average real-time data rate in Kbps for UDP traffic per user or per service set identifier (SSID), use the config qos average-realtime-rate command.
config qos average-realtime-rate { bronze | silver | gold | platinum} { per-ssid | per-client} { downstream | upstream} rate
Syntax Description
Specifies the average real-time data rate for the queue bronze.
Specifies the average real-time data rate for the queue silver.
Specifies the average real-time data rate for the queue gold.
Specifies the average real-time data rate for the queue platinum.
per-ssid Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
per-client Configures the rate limit for each client associated with the SSID.
downstream Configures the rate limit for downstream traffic.
upstream Configures the rate limit for upstream traffic.
Average real-time data rate for UDP traffic per user. A value between 0 and 51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
config qos burst-data-rate
To define the peak data rate in Kbps for TCP traffic per user or per service set identifier (SSID), use the config qos burst-data-rate command.
config qos burst-data-rate { bronze | silver | gold | platinum} { per-ssid | per-client} { downstream | upstream} rate
Syntax Description
per-ssid Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
per-client Configures the rate limit for each client associated with the SSID.
downstream Configures the rate limit for downstream traffic.
upstream Configures the rate limit for upstream traffic.
Peak data rate for TCP traffic per user. A value between 0 and 51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
config qos burst-realtime-rate
To define the burst real-time data rate in Kbps for UDP traffic per user or per service set identifier (SSID), use the config qos burst-realtime-rate command.
config qos burst-realtime-rate { bronze | silver | gold | platinum} { per-ssid | per-client } { downstream | upstream } rate
Syntax Description
Specifies the burst real-time data rate for the queue bronze.
Specifies the burst real-time data rate for the queue silver.
Specifies the burst real-time data rate for the queue platinum.
per-ssid Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
per-client Configures the rate limit for each client associated with the SSID.
downstream Configures the rate limit for downstream traffic.
upstream Configures the rate limit for upstream traffic.
Burst real-time data rate for UDP traffic per user. A value between 0 and 51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
config qos description
config qos max-rf-usage
To specify the maximum percentage of RF usage per access point, use the config qos max-rf-usage command.
Syntax Description
Specifies the maximum percentage of RF usage for the queue bronze.
Specifies the maximum percentage of RF usage for the queue silver.
Specifies the maximum percentage of RF usage for the queue gold.
Specifies the maximum percentage of RF usage for the queue platinum.
config qos dot1p-tag
To define the maximum value (0-7) for the priority tag associated with packets that fall within the profile, use the config qos dot1p-tag command.
Syntax Description
config qos priority
To define the maximum and default QoS levels for unicast and multicast traffic when you assign a QoS profile to a WLAN, use the config qos priority command.
config qos priority { bronze | silver | gold | platinum} { maximum-priority | default-unicast-priority | default-multicast-priority}
Syntax Description
Usage Guidelines
The maximum priority level should not be lower than the default unicast and multicast priority levels.
config qos protocol-type
config qos queue_length
Configure SNMP Commands
- config snmp community accessmode
- config snmp community create
- config snmp community delete
- config snmp community ipaddr
- config snmp community mode
- config snmp engineID
- config snmp syscontact
- config snmp syslocation
- config snmp trapreceiver create
- config snmp trapreceiver delete
- config snmp trapreceiver mode
- config snmp v3user create
- config snmp v3user delete
- config snmp version
config snmp community accessmode
To modify the access mode (read only or read/write) of an SNMP community, use the config snmp community accessmode command.
Syntax Description
Command Default
Two communities are provided by default with the following settings:
SNMP Community Name Client IP Address Client IP Mask Access Mode Status ------------------- ----------------- ---------------- ----------- ------ public 0.0.0.0 0.0.0.0 Read Only Enable private 0.0.0.0 0.0.0.0 Read/Write Enableconfig snmp community create
config snmp community delete
config snmp community ipaddr
config snmp community mode
config snmp engineID
Syntax Description
Usage Guidelines
The SNMP engine ID is a unique string used to identify the device for administration purposes. You do need to specify an engine ID for the device because a default string is automatically generated using Cisco’s enterprise number and the MAC address of the first interface on the device.
If you change the engine ID, then a reboot is required for the change to take effect.
Caution If you change the value of the SNMP engine ID, then the password of the user entered on the command line is converted to an MD5 (Message-Digest algorithm 5) or SHA (Secure Hash Algorithm) security digest. This digest is based on both the password and the local engine ID. The command line password is then deleted. Because of this deletion, if the local value of the engine ID changes, the security digests of the SNMP users will become invalid, and the users will have to be reconfigured.
config snmp syscontact
config snmp syslocation
config snmp trapreceiver create
config snmp trapreceiver delete
config snmp trapreceiver mode
To send or disable sending traps to a selected server, use the config snmp trapreceiver mode command.
Syntax Description
Usage Guidelines
This command enables or disables the Cisco wireless LAN controller from sending the traps to the selected server.
config snmp v3user create
config snmp v3user create username { ro | rw} { none | hmacmd5 | hmacsha} { none | des | aescfb128} [ auth_key] [ encrypt_key]
Syntax Description
Specifies Hashed Message Authentication Coding Message Digest 5 (HMAC-MD5) for authentication.
Specifies Hashed Message Authentication Coding-Secure Hashing Algorithm (HMAC-SHA) for authentication.
Specifies to use Cipher Block Chaining-Digital Encryption Standard (CBC-DES) encryption.
Specifies to use Cipher Feedback Mode-Advanced Encryption Standard-128 (CFB-AES-128) encryption.
(Optional) Authentication key for the HMAC-MD5 or HMAC-SHA authentication protocol.
(Optional) Encryption key for the CBC-DES or CFB-AES-128 encryption protocol.
Command Default
SNMP v3 username AccessMode Authentication Encryption
-------------------- ------------- -------------- ----------- default Read/Write HMAC-SHA CFB-AESConfigure Trap Flag Commands
- config trapflags 802.11-Security
- config trapflags aaa
- config trapflags adjchannel-rogueap
- config trapflags ap
- config trapflags authentication
- config trapflags client
- config trapflags client max-warning-threshold
- config trapflags configsave
- config trapflags IPsec
- config trapflags linkmode
- config trapflags mesh
- config trapflags multiusers
- config trapflags rfid
- config trapflags rogueap
- config trapflags rrm-params
- config trapflags rrm-profile
- config trapflags stpmode
- config trapflags strong-pwdcheck
- config trapflags wps
config trapflags 802.11-Security
config trapflags aaa
config trapflags adjchannel-rogueap
To configure trap notifications when a rogue access point is detected at the adjacent channel, use the config trapflags adjchannel-rogueap command.
Syntax Description
enable Enables trap notifications when a rogue access point is detected at the adjacent channel.
disable Disables trap notifications when a rogue access point is detected at the adjacent channel.
Examples
This example shows how to enable trap notifications when a rogue access point is detected at the adjacent channel:
> config trapflags adjchannel-rogueap enableRelated Commands
config trapflags 802.11-Security
config trapflags ap
config trapflags authentication
config trapflags client
config trapflags configsave
config trapflags IPsec
config trapflags linkmode
config trapflags multiusers
config trapflags mesh
config trapflags strong-pwdcheck
config trapflags rfid
config trapflags rogueap
show trapflags
config trapflags ap
To enable or disable the sending of Cisco lightweight access point traps, use the config trapflags ap command.
Syntax Description
Enables sending a trap when a Cisco lightweight access point registers with Cisco switch.
Enables sending a trap when a Cisco lightweight access point interface (A or B) comes up.
config trapflags authentication
config trapflags client
To enable or disable the sending of client-related DOT11 traps, use the config trapflags client command.
config trapflags client { 802.11-associate 802.11-disassociate | 802.11-deauthenticate | 802.11-authfail | 802.11-assocfail | authentication | excluded} { enable | disable}
Syntax Description
802.11-associate
Enables the sending of Dot11 association traps to clients.
Enables the sending of Dot11 disassociation traps to clients.
Enables the sending of Dot11 deauthentication traps to clients.
Enables the sending of Dot11 authentication fail traps to clients.
Enables the sending of Dot11 association fail traps to clients.
authentication
Enables the sending of authentication success traps to clients.
config trapflags client max-warning-threshold
To configure the threshold value of the number of clients that associate with the controller, after which an SNMP trap and a syslog message is sent to the controller, use the config trapflags client max-warning-threshold command.
Syntax Description
threshold Configures the threshold percentage value of the number of clients that associate with the controller, after which an SNMP trap and a syslog message is sent to the controller. The range is from 80 to 100.
The minimum interval between two warnings is 10 mins You cannot configure this interval.
enable Enables the generation of the traps and syslog messages.
disable Disables the generation of the traps and syslog messages.
Usage Guidelines
Table 1 Maximum Number of Clients Supported on Different Controllers Controller
Maximum number of supported clients
Cisco 5500 Series Controllers 7000 Cisco 2500 Series Controllers 500 Cisco Wireless Services Module 2 15000 Cisco Flex 7500 Series Controllers 64000 Cisco 8500 Series Controllers 64000 Cisco Virtual Wireless LAN Controllers 30000 config trapflags configsave
config trapflags IPsec
config trapflags IPsec { esp-auth | esp-reply | invalidSPI | ike-neg | suite-neg | invalid-cookie} { enable | disable}
Syntax Description
Enables the sending of IPsec traps when an ESP authentication failure occurs.
Enables the sending of IPsec traps when an ESP replay failure occurs.
Enables the sending of IPsec traps when an ESP invalid SPI is detected.
Enables the sending of IPsec traps when an IKE negotiation failure occurs.
Enables the sending of IPsec traps when a suite negotiation failure occurs.
Enables the sending of IPsec traps when a Isakamp invalid cookie is detected.
config trapflags linkmode
To enable or disable Cisco wireless LAN controller level link up/down trap flags, use the config trapflags linkmode command.
Syntax Description
Enables Cisco wireless LAN controller level link up/down trap flags.
Disables Cisco wireless LAN controller level link up/down trap flags.
config trapflags mesh
To configure trap notifications when a mesh access point is detected, use the config trapflags mesh command.
Syntax Description
enable Enables trap notifications when a mesh access point is detected.
disable Disables trap notifications when a mesh access point is detected.
Examples
This example shows how to enable trap notifications when a mesh access point is detected:
> config trapflags mesh enableRelated Commands
config trapflags 802.11-Security
config trapflags ap
config trapflags adjchannel-rogueap
config trapflags authentication
config trapflags client
config trapflags configsave
config trapflags IPsec
config trapflags linkmode
config trapflags multiusers
config trapflags strong-pwdcheck
config trapflags rfid
config trapflags rogueap
show trapflags
config trapflags multiusers
To enable or disable the sending of traps when multiple logins are active, use the config trapflags multiusers command.
Syntax Description
Enables the sending of traps when multiple logins are active.
Disables the sending of traps when multiple logins are active.
config trapflags rfid
To configure the threshold value of the maximum number of RFID tags, after which an SNMP trap and a syslog message is sent to the controller, use the config trapflags rfid command.
Syntax Description
threshold Configures the threshold percentage value of the maximum number of RFID tags, after which an SNMP trap and a syslog message is sent to the controller. The range is from 80 to 100.
The traps and syslog messages are generated every 10 minutes. You cannot configure this interval.
enable Enables the generation of the traps and syslog messages.
disable Disables the generation of the traps and syslog messages.
Usage Guidelines
The table below shows the maximum number of RFID tags supported on different controllers:
Table 2 Maximum Number of RFID Tags Supported on Different Controllers Controller
Maximum number of supported clients
Cisco 5500 Series Controllers 5000 Cisco 2500 Series Controllers 500 Cisco Wireless Services Module 2 10000 Cisco Flex 7500 Series Controllers 50000 Cisco 8500 Series Controllers 50000 Cisco Virtual Wireless LAN Controllers 3000 Examples
This example shows how to configure the threshold value of the maximum number of RFID tags:
> config trapflags rfid 80Related Commands
config trapflags 802.11-Security
config trapflags ap
config trapflags adjchannel-rogueap
config trapflags authentication
config trapflags client
config trapflags configsave
config trapflags IPsec
config trapflags linkmode
config trapflags multiusers
config trapflags mesh
config trapflags strong-pwdcheck
config trapflags rogueap
config trapflags mesh
show trapflags
config trapflags rogueap
To enable or disable sending rogue access point detection traps, use the config trapflags rogueap command.
Syntax Description
Examples
This example shows how to disable the sending of rogue access point detection traps:
> config trapflags rogueap disableRelated Commands
config rogue ap friendly
config rogue ap rldp
config rogue ap ssid
config rogue ap timeout
config rogue ap valid-client
show rogue ap clients
show rogue ap detailed
show rogue ap summary
show rogue ap friendly summary
show rogue ap malicious summary
show rogue ap unclassified summary
show trapflags
config trapflags rrm-params
To enable or disable the sending of Radio Resource Management (RRM) parameters traps, use the config trapflags rrm-params command.
Syntax Description
Enables trap sending when the RF manager automatically changes the tx-power level for the Cisco lightweight access point interface.
Enables trap sending when the RF manager automatically changes the channel for the Cisco lightweight access point interface.
Enables trap sending when the RF manager automatically changes the antenna for the Cisco lightweight access point interface.
config trapflags rrm-profile
To enable or disable the sending of Radio Resource Management (RRM) profile-related traps, use the config trapflags rrm-profile command.
Syntax Description
Enables trap sending when the load profile maintained by the RF manager fails.
Enables trap sending when the noise profile maintained by the RF manager fails.
Enables trap sending when the interference profile maintained by the RF manager fails.
Enables trap sending when the coverage profile maintained by the RF manager fails.
config trapflags stpmode
config trapflags strong-pwdcheck
To configure trap notifications for strong password checks, use the config trapflags strong-pwdcheck command.
Syntax Description
enable Enables trap notifications for strong password checks.
disable Disables trap notifications for strong password checks.
Examples
This example shows how to enable trap notifications for strong password checks:
> config trapflags strong-pwdcheck enableRelated Commands
config trapflags 802.11-Security
config trapflags ap
config trapflags adjchannel-rogueap
config trapflags authentication
config trapflags client
config trapflags configsave
config trapflags IPsec
config trapflags linkmode
config trapflags multiusers
config trapflags mesh
config trapflags rfid
config trapflags rogueap
show trapflags
Other Config Commands
This section lists the other config commands to configure the controller settings.
- config boot
- config cdp
- config certificate
- config certificate lsc
- config certificate ssc
- config certificate use-device-certificate webadmin
- config coredump
- config coredump ftp
- config coredump username
- config custom-web ext-webauth-mode
- config custom-web ext-webauth-url
- config custom-web ext-webserver
- config custom-web logout-popup
- config custom-web redirectUrl
- config custom-web webauth-type
- config custom-web weblogo
- config custom-web webmessage
- config custom-web webtitle
- config dhcp
- config dhcp proxy
- config dhcp timeout
- config flow
- config license agent
- config license boot
- config load-balancing
- config location
- config logging buffered
- config logging console
- config logging debug
- config logging fileinfo
- config logging procinfo
- config logging traceinfo
- config logging syslog host
- config logging syslog facility
- config logging syslog level
- config loginsession close
- config nmsp notify-interval measurement
- config paging
- config passwd-cleartext
- config prompt
- config rfid auto-timeout
- config rfid status
- config rfid timeout
- config service timestamps
- config sessions maxsessions
- config sessions timeout
- config switchconfig boot-break
- config switchconfig fips-prerequisite
- config switchconfig strong-pwd
- config switchconfig flowcontrol
- config switchconfig mode
- config switchconfig secret-obfuscation
- config sysname
- config time manual
- config time ntp
- config time timezone
- config time timezone location
- config wlan flow
config boot
Syntax Description
Usage Guidelines
Each Cisco wireless LAN controller can boot off the primary, last-loaded operating system image (OS) or boot off the backup, earlier-loaded OS image.
Examples
This example shows how to set the primary image as active so that the LAN controller can boot off the primary, last loaded image:
> config boot primaryThis example shows how to set the backup image as active so that the LAN controller can boot off the backup, earlier loaded OS image:
> config boot backupconfig cdp
config cdp { enable | disable | advertise-v2 { enable | disable} | timerseconds | holdtime holdtime_interval}
Syntax Description
enable
Enables CDP on the controller.
disable
Disables CDP on the controller.
advertise-v2
Configures CDP version 2 advertisements.
timer
Configures the interval at which CDP messages are to be generated.
seconds
Time interval at which CDP messages are to be generated. The range is from 5 to 254 seconds.
Configures the amount of time to be advertised as the time-to-live value in generated CDP packets.
holdtime_interval
Maximum hold timer value. The range is from 10 to 255 seconds.
Command Default
The default value for CDP timer is 60 seconds.
The default value for CDP holdtime is 180 seconds.
config certificate
Syntax Description
Examples
This example shows how to generate a new web administration SSL certificate:
> config certificate generate webadmin Creating a certificate may take some time. Do you wish to continue? (y/n)This example shows how to configure the compatibility mode for inter-Cisco wireless LAN controller IPsec settings:
> config certificate compatibilityconfig certificate lsc
To configure Locally Significant Certificate (LSC) certificates, use the config certificate lsc commands.
config certificate lsc { enable | disable | ca-server http://url:port/path | ca-cert { add | delete} | subject-params country state city orgn dept email | other-params keysize} | ap-provision { auth-list { add | delete} ap_mac | revert-cert retries}
Syntax Description
Obtains a CA certificate from the CA server and adds it to the controller’s certificate database.
Deletes a CA certificate from the controller’s certificate database.
Country, state, city, organization, department, and email of the certificate authority.
Note The common name (CN) is generated automatically on the access point using the current MIC/SSC format Cxxxx-MacAddr, where xxxx is the product number.
Value from 384 to 2048 (in bits); the default value is 2048.
MAC address of access point to be added or deleted from the provision list.
Specifies the number of times the access point attempts to join the controller using an LSC before reverting to the default certificate.
Value from 0 to 255; the default value is 3.
Note If you set the number of retries to 0 and the access point fails to join the controller using an LSC, the access point does not attempt to join the controller using the default certificate. If you are configuring LSC for the first time, we recommend that you configure a nonzero value.
Usage Guidelines
You can configure only one CA server. To configure a different CA server, delete the configured CA server by using the config certificate lsc ca-server delete command, and then configure a different CA server.
If you configure an access point provision list, only the access points in the provision list are provisioned when you enable AP provisioning (in Step 8). If you do not configure an access point provision list, all access points with an MIC or SSC certificate that join the controller are LSC provisioned.
Examples
This example shows how to enable the LSC settings:
> config certificate lsc enableThis example shows how to enable the LSC settings for Certificate Authority (CA) server settings:
> config certificate lsc ca-server http://10.0.0.1:8080/caserverThis example shows how to add a CA certificate from the CA server and add it to the controller’s certificate database:
> config certificate lsc ca-cert addThis example shows how to configure an LSC certificate with the keysize of 2048 bits:
> config certificate lsc keysize 2048config certificate ssc
Syntax Description
hash Configures the SSC hash key.
validation Configures hash validation of the SSC certificate.
enable Enables hash validation of the SSC certificate.
disable Disables hash validation of the SSC certificate.
Usage Guidelines
When you enable the SSC hash validation, an AP validates the SSC certificate of the virtual controller. When an AP validates the SSC certificate, it checks if the hash key of the virtual controller matches the hash key stored in its flash. If a match is found, the validation passes and the AP moves to the Run state. If a match is not found, the validation fails and the AP disconnects from the controller and restarts the discovery process. By default, hash validation is enabled. Hence, an AP must have the virtual controller hash key in its flash before associating with the virtual controller. If you disable hash validation of the SSC certificate, the AP bypasses the hash validation and directly moves to the Run state.
APs can associate with a physical controller, download the hash keys and then associate with a virtual controller. If the AP is associated to a physical controller and if hash validation is disabled, it joins any virtual controller without hash validation.
config certificate use-device-certificate webadmin
To use a device certificate for web administration, use the config certificate use-device-certificate webadmin command.
Examples
This example shows how to use a device certificate for web administration:
> config certificate use-device-certificate webadmin Use device certificate for web administration. Do you wish to continue? (y/n) y Using device certificate for web administration. Save configuration and restart controller to use new certificate.config coredump
config coredump ftp
To automatically upload a controller core dump file to an FTP server after experiencing a crash, use the config coredump ftp command.
Syntax Description
config coredump username
To specify the FTP server username and password when uploading a controller core dump file after experiencing a crash, use the config coredump username command.
Syntax Description
config custom-web ext-webauth-mode
To configure external URL web-based client authorization for the custom-web authentication page, use the config custom-web ext-webauth-mode command.
Syntax Description
config custom-web ext-webauth-url
To configure the complete external web authentication URL for the custom-web authentication page, use the config custom-web ext-webauth-url command.
Syntax Description
config custom-web ext-webserver
Syntax Description
Index of the external web server in the list of external web server. The index must be a number between 1 and 20.
config custom-web logout-popup
To enable or disable the custom web authentication logout popup, use the config custom-web logout-popup command.
Syntax Description
enable Enables the custom web authentication logout popup. This page appears after a successful login or a redirect of the custom web authentication page.
disable Disables the custom web authentication logout popup.
config custom-web redirectUrl
config custom-web webauth-type
config custom-web weblogo
config custom-web webmessage
To configure the custom web authentication message text for the custom-web authentication page, use the config custom-web webmessage command.
Syntax Description
config custom-web webtitle
config dhcp
config dhcp { address-pool scope start end | create-scope scope | default-router scope router_1 [ router_2] [ router_3] | delete-scope scope | disable scope | dns-servers scope dns1 [ dns2] [ dns3] | domain scope domain | enable scope | lease scope lease_duration | netbios-name-server scope wins1 [ wins2] [ wins3] | networkscope network netmask}
config dhcpopt-82 remote-id { ap_mac | ap_mac:ssid | ap-ethmac | apname:ssid | ap-group-name | flex-group-name | ap-location | apmac-vlan_id | apname-vlan_id | ap-ethmac-ssid }
Syntax Description
Configures an address range to allocate. You must specify the scope name and the first and last addresses of the address range.
Configures the default routers for the specified scope and specify the IP address of a router. Optionally, you can specify the IP addresses of secondary and tertiary routers.
Configures the name servers for the given scope. You must also specify at least one name server. Optionally, you can specify secondary and tertiary name servers.
Configures the DNS domain name. You must specify the scope and domain names.
Configures the lease duration (in seconds) for the specified scope.
Configures the netbios name servers. You must specify the scope name and the IP address of a name server. Optionally, you can specify the IP addresses of secondary and tertiary name servers.
Configures the network and netmask. You must specify the scope name, the network address, and the network mask.
Configures the DHCP option 82 remote ID field format.
DHCP option 82 provides additional security when DHCP is used to allocate network addresses. The controller acts as a DHCP relay agent to prevent DHCP client requests from untrusted sources. The controller adds option 82 information to DHCP requests from clients before forwarding the requests to the DHCP server.
MAC address of the access point to the DHCP option 82 payload.
MAC address and SSID of the access point to the DHCP option 82 payload.
apname:ssid
Remote ID format as AP name:SSID.
ap-group-name
Remote ID format as AP group name.
flex-group-name
Remote ID format as FlexConnect group name .
ap-location
Remote ID format as AP location.
apmac-vlan_id
Remote ID format as AP radio MAC address:VLAN_ID.
apname-vlan_id
Remote ID format as AP Name:VLAN_ID.
ap-ethmac-ssid
Remote ID format as AP Ethernet MAC:SSID address.
Command Default
The default values for ap-group-name is "default-group", and for ap-location is "default location".
If ap-group-name and flex-group-name are null, then the system MAC is sent as the remote ID field.
config dhcp proxy
Syntax Description
Allows the controller to modify the DHCP packets without a limit.
Reduces the DHCP packet modification to the level of a relay.
config flow
Syntax Description
add Associates a NetFlow monitor with an exporter, or a NetFlow record with a NetFlow monitor.
delete Dissociates a NetFlow monitor from an exporter, or a NetFlow record from a NetFlow monitor.
monitor Configures a NetFlow monitor.
monitor_name Name of the NetFlow monitor. The monitor name can be up to 32 case-sensitive, alphanumeric characters. You cannot include spaces for a monitor name.
exporter Configures a NetFlow exporter.
exporter_name Name of the NetFlow exporter. The exporter name can be up to 32 case-sensitive, alphanumeric characters. You cannot include spaces for an exporter name.
record Associates a NetFlow record to the NetFlow monitor.
record_name Name of the IPv4 NetFlow record of the client application.
Usage Guidelines
An exporter is a network entity that exports the template with the IP traffic information. The controller acts as an exporter. A NetFlow record in the controller contains the information about the traffic in a given flow such as client MAC address, client source IP address, WLAN ID, incoming and outgoing bytes of data, incoming and outgoing packets, incoming and outgoing DSCP.
config license agent
To configure the license agent on the Cisco 5500 Series Controller, use the config license agent command.
config license agent { default { disable | authenticate [ none]}} { listener http { disable | { plaintext | encrypt} url authenticate [ acl acl_name] { max-message size [ none]}} { max-session sessions} { notify { disable | url} username password}
Syntax Description
Configures the license agent to receive license requests from the Cisco License Manager (CLM).
Maximum message size for license request is from 0 to 65535.
Maximum number of sessions allowed for the license agent is from 1 to 25.
Configures the license agent to send license notifications to the CLM.
Command Default
The license agent is disabled by default.
The listener is disabled by default.
Notify is disabled by default.
The default maximum number of sessions is 9.
The default maximum message size is 0.
Usage Guidelines
If your network contains various Cisco licensed devices, you might consider using the CLM to manage all of the licenses using a single application. CLM is a secure client/server application that manages Cisco software licenses network wide.
The license agent is an interface module that runs on the controller and mediates between CLM and the controller’s licensing infrastructure. CLM can communicate with the controller using various channels, such as HTTP, Telnet, and so on. If you want to use HTTP as the communication method, you must enable the license agent on the controller.
The license agent receives requests from the CLM and translates them into license commands. It also sends notifications to the CLM. It uses XML messages over HTTP or HTTPS to receive the requests and send the notifications. For example, if the CLM sends a license clear command, the agent notifies the CLM after the license expires.
NoteYou can download the CLM software and access user documentation at this URL: http://www.cisco.com/en/US/products/ps7138/index.html
config license boot
To specify the license level to be used on the next reboot of the Cisco 5500 Series Controller, use the config license boot command.
Syntax Description
Usage Guidelines
If you enter auto, the licensing software automatically chooses the license level to use on the next reboot. It generally chooses permanent licenses over evaluation licenses and wplus licenses over base licenses.
NoteIf you are considering upgrading from a base license to a wplus license, you can try an evaluation wplus license before upgrading to a permanent wplus license. To activate the evaluation license, you need to set the image level to wplus in order for the controller to use the wplus evaluation license instead of the base permanent license.
NoteTo prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the controller defaults to the same feature set level as the expired evaluation license. If no permanent license at the same feature set level is installed, the controller uses a permanent license at another level or an unexpired evaluation license.
config load-balancing
To globally configure aggressive load balancing on the controller, use the config load-balancing command.
Syntax Description
Aggressive load balancing client window with the number of clients from 1 to 20.
Specifies the number of association denials during load balancing.
Maximum number of association denials during load balancing. from 0 to 10.
uplink-threshold
Specifies the threshold traffic for an access point to deny new associations.
traffic_threshold
Threshold traffic for an access point to deny new associations. This value is a percentage of the WAN utilization measured over a 90 second interval. For example, the default threshold value of 50 triggers the load balancing upon detecting an utilization of 50% or more on an access point WAN interface.
Usage Guidelines
Load-balancing-enabled WLANs do not support time-sensitive applications like voice and video because of roaming delays.
When you use Cisco 7921 and 7920 Wireless IP Phones with controllers, make sure that aggressive load balancing is disabled on the voice WLANs for each controller. Otherwise, the initial roam attempt by the phone might fail, causing a disruption in the audio path.
Clients can only be load balanced across access points joined to the same controller. The WAN utilization is calculated as a percentage using the following formula: (Transmitted Data Rate (per second) + Received Data Rate (per second))/(1000Mbps TX + 1000Mbps RX) * 100config location
config location { add location [ description] | delete location | enable | disable | description location description | algorithm { simple | rssi-average} | { rssi-half-life | expiry} [ client | calibrating-client | tags | rogue-aps] seconds | notify-threshold [ client | tags | rogue-aps] threshold | interface-mapping { add | delete} location wlan_id interface_name | plm { client { enable | disable} burst_interval | calibrating { enable | disable} { uniband | multiband}}}
Syntax Description
Element description. Optional with the add command, and required with the description command.
Note We recommend that you do not use or modify the config location algorithm command. It is set to optimal default values.
Configures the algorithm used to average RSSI and SNR values.
Specifies a faster algorithm that requires low CPU overhead but provides less accuracy.
Specifies a more accurate algorithm but requires more CPU overhead.
Note We recommend that you do not use or modify the config location rssi-half-life command. It is set to optimal default values.
Note We recommend that you do not use or modify the config location expiry command. It is set to optimal default values.
(Optional) Specifies the parameter applies to client devices.
(Optional) Specifies the parameter is used for calibrating client devices.
(Optional) Specifies the parameter applies to radio frequency identification (RFID) tags.
(Optional) Specifies the parameter applies to rogue access points.
Time value (0, 1, 2, 5, 10, 20, 30, 60, 90, 120, 180, 300 seconds).
Note We recommend that you do not use or modify the config location notify-threshold command. It is set to optimal default values.
Specifies the NMSP notification threshold for RSSI measurements.
Threshold parameter. The range is 0 to 10 dB, and the default value is 0 dB.
Adds or deletes a new location, wireless LAN, or interface mapping element.
Specifies the path loss measurement (S60) request for normal clients or calibrating clients.
Burst interval. The range is from 1 to 3600 seconds, and the default value is 60 seconds.
Specifies the associated 802.11a or 802.11b/g radio (uniband).
Command Default
See the “Syntax Description” section for default values of individual arguments and keywords.
config logging buffered
config logging console
config logging debug
config logging fileinfo
To cause the controller to include information about the source file in the message logs or to prevent the controller from displaying this information, use the config logging fileinfo command.
Syntax Description
Includes information about the source file in the message logs.
Prevents the controller from displaying information about the source file in the message logs.
config logging procinfo
To cause the controller to include process information in the message logs or to prevent the controller from displaying this information, use the config logging procinfo command.
Syntax Description
config logging traceinfo
To cause the controller to include traceback information in the message logs or to prevent the controller from displaying this information, use the config logging traceinfo command.
Syntax Description
config logging syslog host
Syntax Description
Usage Guidelines
To remove a remote host that was configured for sending syslog messages, enter the config logging syslog host host_IP_address delete command.
config logging syslog facility
To set the facility for outgoing syslog messages to the remote host, use the config logging syslog facility command.
Syntax Description
Facility code. Choose one of the following:
- authorization—Authorization system. Facility level—4.
- auth-private—Authorization system (private). Facility level—10.
- cron—Cron/at facility. Facility level—9.
- daemon—System daemons. Facility level—3.
- ftp—FTP daemon. Facility level—11.
- kern—Kernel. Facility level—0.
- local0—Local use. Facility level—16.
- local1—Local use. Facility level—17.
- local2—Local use. Facility level—18.
- local3—Local use. Facility level—19.
- local4—Local use. Facility level—20.
- local5—Local use. Facility level—21.
- local6—Local use. Facility level—22.
- local7—Local use. Facility level—23.
- lpr—Line printer system. Facility level—6.
- mail—Mail system. Facility level—2.
- news—USENET news. Facility level—7.
- sys12—System use. Facility level—12.
- sys13—System use. Facility level—13.
- sys14—System use. Facility level—14.
- sys15—System use. Facility level—15.
- syslog—The syslog itself. Facility level—5.
- user—User process. Facility level—1.
- uucp—UNIX-to-UNIX copy system. Facility level—8.
config logging syslog level
config loginsession close
config nmsp notify-interval measurement
To modify the Network Mobility Services Protocol (NMSP) notification interval value on the controller to address latency in the network, use the config nmsp notify-interval measurement command.
Syntax Description
Modifies the interval for active radio frequency identification (RFID) tags.
Modifies the interval for rogue access points and rogue clients.
Usage Guidelines
The TCP port (16113) that the controller and location appliance communicate over must be open (not blocked) on any firewall that exists between the controller and the location appliance for NMSP to function.
config passwd-cleartext
To enable or disable temporary display of passwords in plain text, use the config passwd-cleartext command.
Syntax Description
Usage Guidelines
This command must be enabled if you want to see user-assigned passwords displayed in clear text when using the show run-config command.
To execute this command, you must enter an admin password. This command is valid only for this particular session. It is not saved following a reboot.
config prompt
config rfid auto-timeout
config rfid status
config rfid timeout
config service timestamps
Syntax Description
config sessions maxsessions
To configure the number of Telnet CLI sessions allowed by the Cisco wireless LAN controller, use the config sessions maxsessions command.
Syntax Description
Usage Guidelines
Up to five sessions are possible while a setting of zero prohibits any Telnet CLI sessions.
config sessions timeout
config switchconfig boot-break
To enable or disable the breaking into boot prompt by pressing the Esc key at system startup, use the config switchconfig boot-break command.
Syntax Description
Enables the breaking into boot prompt by pressing the Esc key at system startup.
Disables the breaking into boot prompt by pressing the Esc key at system startup.
Usage Guidelines
You must enable the features that are prerequisites for the Federal Information Processing Standard (FIPS) mode before enabling or disabling the breaking into boot prompt.
config switchconfig fips-prerequisite
To enable or disable the features that are prerequisites for the Federal Information Processing Standard (FIPS) mode, use the config switchconfig fips-prerequisite command.
Syntax Description
Enables the features that are prerequisites for the FIPS mode.
Disables the features that are prerequisites for the FIPS mode.
Usage Guidelines
You must configure the FIPS authorization secret before you can enable or disable the FIPS prerequisite features.
config switchconfig strong-pwd
To enable or disable your controller to check the strength of newly created passwords, use the config switchconfig strong-pwd command.
config switchconfig strong-pwd { case-check | consecutive-check | default-check | username-check | all-checks} { enable | disable}
Syntax Description
Checks at least three combinations: lowercase characters, uppercase characters, digits, or special characters.
config switchconfig flowcontrol
config switchconfig mode
config switchconfig secret-obfuscation
Syntax Description
Usage Guidelines
To keep the secret contents of your configuration file secure, do not disable secret obfuscation. To further enhance the security of the configuration file, enable configuration file encryption.
config time manual
config time ntp
config time ntp { auth { enable server_index key_index | disable server_index}} | { interval seconds} | { key-auth { add key_index md5 { ascii | hex} key_value | delete key_index}} | { server server_index ip-address}
Syntax Description
Specifies the ASCII key format (a maximum of 16 characters).
Specifies the hexadecimal key format (a maximum of 32 digits).
Examples
This example shows how to configure the NTP polling interval to 7000 seconds:
> config time ntp interval 7000This example shows how to enable NTP authentication where the server index is 4 and the key index is 1:
> config time ntp auth enable 4 1This example shows how to add an NTP authentication key of value ff where the key format is in hexadecimal characters and the key index is 1:
> config time ntp key-auth add 1 md5 hex ffThis example shows how to add an NTP authentication key of value ff where the key format is in ASCII characters and the key index is 1:
> config time ntp key-auth add 1 md5 ascii ciscokeyconfig time timezone
config time timezone location
To set the location of the time zone in order to have daylight saving time set automatically when it occurs, use the config time timezone location command.
Syntax Description
Number representing the time zone required. The time zones are as follows:
- (GMT-12:00) International Date Line West
- (GMT-11:00) Samoa
- (GMT-10:00) Hawaii
- (GMT-9:00) Alaska
- (GMT-8:00) Pacific Time (US and Canada)
- (GMT-7:00) Mountain Time (US and Canada)
- (GMT-6:00) Central Time (US and Canada)
- (GMT-5:00) Eastern Time (US and Canada)
- (GMT-4:00) Atlantic Time (Canada)
- (GMT-3:00) Buenos Aires (Argentina)
- (GMT-2:00) Mid-Atlantic
- (GMT-1:00) Azores
- (GMT) London, Lisbon, Dublin, Edinburgh (default value)
- (GMT +1:00) Amsterdam, Berlin, Rome, Vienna
- (GMT +2:00) Jerusalem
- (GMT +3:00) Baghdad
- (GMT +4:00) Muscat, Abu Dhabi
- (GMT +4:30) Kabul
- (GMT +5:00) Karachi, Islamabad, Tashkent
- (GMT +5:30) Colombo, Kolkata, Mumbai, New Delhi
- (GMT +5:45) Katmandu
- (GMT +6:00) Almaty, Novosibirsk
- (GMT +6:30) Rangoon
- (GMT +7:00) Saigon, Hanoi, Bangkok, Jakatar
- (GMT +8:00) Hong Kong, Bejing, Chongquing
- (GMT +9:00) Tokyo, Osaka, Sapporo
- (GMT +9:30) Darwin
- (GMT+10:00) Sydney, Melbourne, Canberra
- (GMT+11:00) Magadan, Solomon Is., New Caledonia
- (GMT+12:00) Kamchatka, Marshall Is., Fiji
- (GMT+12:00) Auckland (New Zealand)
config wlan flow
Syntax Description
wlan_id Wireless LAN identifier from 1 to 512 (inclusive).
monitor Configures a NetFlow monitor.
monitor_name Name of the NetFlow monitor. The monitor name can be up to 32 case-sensitive, alphanumeric characters. You cannot include spaces for a monitor name.
enable Associates a NetFlow monitor with a WLAN.
disable Dissociates a NetFlow monitor from a WLAN.
Saving Configurations
Use the save config command before you log out of the CLI to save all previous configuration changes.
Timeout Commands
This section lists the timeout commands of the controller:
- config 802.11 cac video tspec-inactivity-timeout
- config 802.11 cac voice tspec-inactivity-timeout
- config advanced timers ap-discovery-timeout
- config advanced timers ap-heartbeat-timeout
- config advanced timers ap-primary-discovery-timeout
- config advanced timers auth-timeout
- config advanced timers eap-timeout
- config dhcp timeout
- config ldap
- config remote-lan session-timeout
- config network usertimeout
- config radius acct retransmit-timeout
- config radius auth mgmt-retransmit-timeout
- config radius auth retransmit-timeout
- config radius auth server-timeout
- config rogue ap timeout
- config tacacs athr mgmt-server-timeout
- config tacacs auth mgmt-server-timeout
- config rfid auto-timeout
- config rfid timeout
- config wlan session-timeout
- config wlan usertimeout
- config wlan security wpa akm ft
- config wlan security ft
config 802.11 cac video tspec-inactivity-timeout
To process or ignore the Call Admission Control (CAC) Wi-Fi Multimedia (WMM) traffic specifications (TSPEC) inactivity timeout received from an access point, use the config 802.11 cac video tspec-inactivity-timeout command.
Syntax Description
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to process the response to TSPEC inactivity timeout messages received from an access point:
> config 802.11a cac video tspec-inactivity-timeout enableThis example shows how to ignore the response to TSPEC inactivity timeout messages received from an access point:
> config 802.11a cac video tspec-inactivity-timeout ignoreconfig 802.11 cac voice tspec-inactivity-timeout
To process or ignore the Wi-Fi Multimedia (WMM) traffic specifications (TSPEC) inactivity timeout received from an access point, use the config 802.11 cac voice tspec-inactivity-timeout command.
Syntax Description
Usage Guidelines
Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
config advanced timers ap-discovery-timeout
To configure the Cisco lightweight access point discovery time-out, use the config advanced timers ap-discovery-timeout command.
Syntax Description
Usage Guidelines
The Cisco lightweight access point discovery timeout is how often a Cisco wireless LAN controller attempts to discover unconnected Cisco lightweight access points.
config advanced timers ap-heartbeat-timeout
To configure the Cisco lightweight access point heartbeat timeout, use the config advanced timers ap-heartbeat-timeout command.
Syntax Description
Usage Guidelines
The Cisco lightweight access point heartbeat timeout controls how often the Cisco lightweight access point sends a heartbeat keep-alive signal to the Cisco wireless LAN controller.
This seconds value should be at least three times larger than the fast heartbeat timer.
config advanced timers ap-primary-discovery-timeout
To configure the access point primary discovery request timer, use the config advanced timers ap-primary-discovery-timeout command.
Syntax Description
config advanced timers auth-timeout
config advanced timers eap-timeout
config ldap
config remote-lan session-timeout
config network usertimeout
config radius acct retransmit-timeout
To change the default transmission timeout for a RADIUS accounting server for the Cisco wireless LAN controller, use the config radius acct retransmit-timeout command.
Syntax Description
config radius auth mgmt-retransmit-timeout
To configure a default RADIUS server retransmission timeout for management users, use the config radius auth mgmt-retransmit-timeout command.
Syntax Description
config radius auth retransmit-timeout
To change a default transmission timeout for a RADIUS authentication server for the Cisco wireless LAN controller, use the config radius auth retransmit-timeout command.
Syntax Description
config radius auth server-timeout
To configure a retransmission timeout value for a RADIUS accounting server, use the config radius auth server-timeout command.
Syntax Description
config rogue ap timeout
To specify the number of seconds after which the rogue access point and client entries expire and are removed from the list, use the config rogue ap timeout command.
Syntax Description
Examples
This example shows how to set an expiration time for entries in the rogue access point and client list to 2400 seconds:
> config rogue ap timeout 2400Related Commands
config rogue ap friendly
config rogue ap rldp
config rogue ap ssid
config rogue rule
config trapflags rogueap
show rogue ap clients
show rogue ap detailed
show rogue ap summary
show rogue ap friendly summary
show rogue ap malicious summary
show rogue ap unclassified summary
show rogue ignore-list
show rogue rule detailed
show rogue rule summary
config tacacs athr mgmt-server-timeout
To configure a default TACACS+ authorization server timeout for management users, use the config tacacs athr mgmt-server-timeout command.
Syntax Description
config tacacs auth mgmt-server-timeout
To configure a default TACACS+ authentication server timeout for management users, use the config tacacs auth mgmt-server-timeout command.
Syntax Description
config rfid auto-timeout
config rfid timeout
config wlan session-timeout
config wlan usertimeout
To configure the timeout for idle client sessions for a WLAN, use the config wlan usertimeout command.
Syntax Description
timeout Timeout for idle client sessions for a WLAN. If the client sends traffic less than the threshold, the client is removed on timeout. The range is from 15 to 100000 seconds.
wlan_id Wireless LAN identifier between 1 and 512.
Usage Guidelines
The timeout value that you configure here overrides the global timeout that you define using the command config network usertimeout.
config wlan security wpa akm ft
To configure authentication key-management using 802.11r fast transition 802.1X, use the config wlan security wpa akm ft command.
config wlan security wpa akm ft [ over-the-air | over-the-ds | psk | [ reassociation-timeout seconds]] { enable | disable} wlan_id
Syntax Description
(Optional) Configures 802.11r fast transition roaming over-the-air support.
(Optional) Configures 802.11r fast transition roaming DS support.
(Optional) Configures the reassociation deadline interval.
The valid range is between 1 to 100 seconds. The default value is 20 seconds.
config wlan security ft
Syntax Description
Examples
This example shows how to enable 802.11r fast transition roaming support on WLAN 2:
> config wlan security ft enable 2This example shows how to set the reassociation timeout value of 20 seconds for 802.11r fast transition roaming support on WLAN 2:
> config wlan security ft reassociation-timeout 20 2Clearing Configurations, Log files, and Other Actions
- clear acl counters
- clear ap-config
- clear ap-eventlog
- clear ap join stats
- clear arp
- clear avc statistics
- clear client tsm
- clear config
- clear ext-webauth-url
- clear license agent
- clear location rfid
- clear location statistics rfid
- clear locp statistics
- clear login-banner
- clear lwapp private-config
- clear mdns service-database
- clear nmsp statistics
- clear radius acct statistics
- clear tacacs auth statistics
- clear redirect-url
- clear stats ap wlan
- clear stats local-auth
- clear stats mobility
- clear stats port
- clear stats radius
- clear stats switch
- clear stats tacacs
- clear transfer
- clear traplog
- clear webimage
- clear webmessage
- clear webtitle
clear ap-config
To clear (reset to the default values) a lightweight access point’s configuration settings, use the clear ap-config command.
Syntax Description
clear ap-eventlog
To delete the existing event log and create an empty event log file for a specific access point or for all access points joined to the controller, use the clear ap-eventlog command.
Syntax Description
Name of the access point for which the event log file will be emptied.
Deletes the event log for all access points joined to the controller.
clear ap join stats
clear arp
clear avc statistics
To clear AVC statistics of a client, guest LAN, remote LAN, or a WLAN use the clear avc statistics command.
clear avc statistics { client { all | client-mac} | guest-lan { all | guest-lan-id} | remote-lan { all | remote-lan-id} | wlan { all | wlan-id}}
Syntax Description
client Clears AVC statistics of a client.
all Clears AVC statistics of all clients.
client-mac MAC address of a client.
guest-lan Clears AVC statistics of a guest LAN.
all Clears AVC statistics of all guest LANs.
guest-lan-id Guest LAN Identifier between 1 and 5.
remote-lan Clears AVC statistics of a remote LAN.
all Clears AVC statistics of all remote LANs.
remote-lan-id Remote LAN Identifier between 1 and 512.
wlan Clears AVC statistics of a WLAN.
all Clears AVC statistics of all WLANs.
wlan-id WLAN Identifier between 1 and 512.
clear client tsm
To clear the traffic stream metrics (TSM) statistics for a particular access point or all the access points to which this client is associated, use the clear client tsm command.
Syntax Description
clear config
clear ext-webauth-url
clear license agent
clear location rfid
clear location statistics rfid
clear lwapp private-config
To clear (reset to default values) an access point’s current Lightweight Access Point Protocol (LWAPP) private configuration, which contains static IP addressing and controller IP address configurations, use the clear lwapp private-config command.
Usage Guidelines
This command is executed from the access point console port.
Prior to changing the FlexConnect configuration on an access point using the access point’s console port, the access point must be in standalone mode (not connected to a controller) and you must remove the current LWAPP private configuration by using the clear lwapp private-config command.
NoteThe access point must be running Cisco IOS Release 12.3(11)JX1 or higher releases.
clear mdns service-database
Syntax Description
all Clears the mDNS service database.
service-name Name of the mDNS service. The controller clears the details of the mDNS service.
Usage Guidelines
The controller snoops and learns about the mDNS service advertisements only if the service is available in the Master Services database.
clear nmsp statistics
clear radius acct statistics
clear tacacs auth statistics
To clear the RADIUS authentication server statistics in the controller, use the clear tacacs auth statistics command.
Syntax Description
clear redirect-url
clear stats ap wlan
clear stats local-auth
clear stats mobility
clear stats radius
clear stats switch
clear stats tacacs
clear transfer
clear traplog
clear webmessage
Resetting the System Reboot Time
reset system at
reset system in
reset system notify-time
Uploading and Downloading Files and Configurations
- transfer download certpasswor
- transfer download datatype
- transfer download filename
- transfer download mode
- transfer download password
- transfer download path
- transfer download port
- transfer download serverip
- transfer download start
- transfer download tftpPktTimeout
- transfer download tftpMaxRetries
- transfer download username
- transfer encrypt
- transfer upload datatype
- transfer upload filename
- transfer upload mode
- transfer upload pac
- transfer upload password
- transfer upload path
- transfer upload peer-start
- transfer upload port
- transfer upload serverip
- transfer upload start
- transfer upload username
transfer download certpasswor
To set the password for the .PEM file so that the operating system can decrypt the web administration SSL key and certificate, use the transfer download certpassword command.
Syntax Description
transfer download datatype
transfer download datatype { config | code | image | signature | webadmincert | webauthbundle | eapdevcert | eapcacert}
Syntax Description
transfer download filename
Syntax Description
Examples
This example shows how to transfer a file named build603:
> transfer download filename build603transfer download mode
transfer download password
transfer download path
Syntax Description
Note Path names on a TFTP or FTP server are relative to the server’s default or root directory. For example, in the case of the Solarwinds TFTP server, the path is “/”.
Examples
This example shows how to transfer a file to the path c:\install\version2:
> transfer download path c:\install\version2transfer download serverip
To configure the IP address of the TFTP server from which to download information, use the transfer download serverip command.
Syntax Description
Examples
This example shows how to configure the IP address of the TFTP server with the IP address 175.34.56.78:
> transfer download serverip 175.34.56.78Related Commands
transfer download filename
transfer download mode
transfer download path
transfer download serverip
transfer download start
transfer upload datatype
transfer upload filename
transfer upload mode
transfer upload path
transfer upload serverip
transfer upload start
clear transfer
transfer download filename
transfer download mode
transfer download path
transfer download certpassword
transfer download start
transfer upload datatype
transfer upload filename
transfer upload mode
transfer upload path
transfer upload serverip
transfer upload start
transfer download start
Examples
This example shows how to initiate a download:
> transfer download start Mode........................................... TFTP Data Type...................................... Site Cert TFTP Server IP................................. 172.16.16.78 TFTP Path...................................... directory path TFTP Filename.................................. webadmincert_name This may take some time. Are you sure you want to start? (y/n) Y TFTP Webadmin cert transfer starting. Certificate installed. Please restart the switch (reset system) to use the new certificate.transfer download tftpPktTimeout
transfer download tftpMaxRetries
transfer download username
transfer upload datatype
To set the controller to upload specified log and crash files, use the transfer upload datatype command.
transfer upload datatype { config | coredump | crashfile | errorlog | invalid-config | pac | packet-capture | panic-crash-file | radio-core-dump | signature | systemtrace | traplog | watchdog-crash-file}
Syntax Description
Uploads a console dump file resulting from a software-watchdog-initiated controller reboot following a crash.
transfer upload pac
To load a Protected Access Credential (PAC) to support the local authentication feature and allow a client to import the PAC, use the transfer upload pac command.
Syntax Description
transfer upload password
transfer upload path
transfer upload peer-start
Examples
This example shows how to start uploading a file to the peer controller:
> transfer upload peer-start Mode............................................. FTP FTP Server IP.................................... 209.165.201.1 FTP Server Port.................................. 21 FTP Path......................................... /builds/nimm/ FTP Filename..................................... AS_5500_7_4_1_20.aes FTP Username..................................... wnbu FTP Password..................................... ********* Data Type........................................ Error Log Are you sure you want to start upload from standby? (y/N) n Transfer Canceledtransfer upload serverip
transfer upload start
Examples
This example shows how to initiate an upload of a file:
> transfer upload start Mode........................................... TFTP TFTP Server IP................................. 172.16.16.78 TFTP Path...................................... c:\find\off/ TFTP Filename.................................. wps_2_0_75_0.aes Data Type...................................... Code Are you sure you want to start? (y/n) n Transfer CancelledInstalling and Modifying Licenses on Cisco 5500 Series Controllers
Use the license commands to install, remove, modify, or rehost licenses.
NoteSome license commands are available only on the Cisco 5500 Series Controller. Right to Use (RTU) licensing is not supported on Cisco 5500 Series Controllers.
NoteFor detailed information on installing and rehosting licenses on the Cisco 5500 Series Controller, see the “Installing and Configuring Licenses” section in Chapter 4 of the Cisco Wireless LAN Controller Configuration Guide.
license clear
Syntax Description
Usage Guidelines
You can delete an expired evaluation license or any unused license. You cannot delete unexpired evaluation licenses, the permanent base image license, or licenses that are in use by the controller.
license comment
To add comments to a license or delete comments from a license on the Cisco 5500 Series Controller, use the license comment command.
Syntax Description
license install
Syntax Description
Usage Guidelines
We recommend that the access point count be the same for the base-ap-count and wplus-ap-count licenses installed on your controller. If your controller has a base-ap-count license of 100 and you install a wplus-ap-count license of 12, the controller supports up to 100 access points when the base license is in use but only a maximum of 12 access points when the wplus license is in use.
You cannot install a wplus license that has an access point count greater than the controller's base license. For example, you cannot apply a wplus-ap-count 100 license to a controller with an existing base-ap-count 12 license. If you attempt to register for such a license, an error message appears indicating that the license registration has failed. Before upgrading to a wplus-ap-count 100 license, you would first have to upgrade the controller to a base-ap-count 100 or 250 license.
license modify priority
To raise or lower the priority of the base-ap-count or wplus-ap-count evaluation license on a Cisco 5500 Series Controller, use the license modify priority command.
Syntax Description
Usage Guidelines
If you are considering upgrading to a license with a higher access point count, you can try an evaluation license before upgrading to a permanent version of the license. For example, if you are using a permanent license with a 50 access point count and want to try an evaluation license with a 100 access point count, you can try out the evaluation license for 60 days.
AP-count evaluation licenses are set to low priority by default so that the controller uses the ap-count permanent license. If you want to try an evaluation license with an increased access point count, you must change its priority to high. If you no longer want to have this higher capacity, you can lower the priority of the ap-count evaluation license, which forces the controller to use the permanent license.
NoteYou can set the priority only for ap-count evaluation licenses. AP-count permanent licenses always have a medium priority, which cannot be configured.
NoteIf the ap-count evaluation license is a wplus license and the ap-count permanent license is a base license, you must also change the feature set to wplus.
NoteTo prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the controller defaults to the same feature set level as the expired evaluation license. If no permanent license at the same feature set level is installed, the controller uses a permanent license at another level or an unexpired evaluation license.
license revoke
Syntax Description
URL of the TFTP server (tftp://server_ip/path/filename) where you saved the permission ticket.
URL of the TFTP server (tftp://server_ip/path/filename) where you saved the rehost ticket.
Usage Guidelines
Before you revoke a license, save the device credentials by using the license save credential url command.
You can rehost all permanent licenses except the permanent base image license. Evaluation licenses and the permanent base image license cannot be rehosted.
In order to rehost a license, you must generate credential information from the controller and use it to obtain a permission ticket to revoke the license from the Cisco licensing site (www.cisco.com/go/license). Next, you must obtain a rehost ticket and use it to obtain a license installation file for the controller on which you want to install the license.
For detailed information on rehosting licenses, see the “Installing and Configuring Licenses” section in Chapter 4 of the Cisco Wireless LAN Controller Configuration Guide.
Examples
This example shows how to revoke the license settings from the saved permission ticket URL tftp://10.10.10.10/path/permit_ticket.lic:
> license revoke tftp://10.10.10.10/path/permit_ticket.licThis example shows how to revoke the license settings from the saved rehost ticket URL tftp://10.10.10.10/path/rehost_ticket.lic:
> license revoke rehost tftp://10.10.10.10/path/rehost_ticket.liclicense save
To save a backup copy of all installed licenses or license credentials on the Cisco 5500 Series Controller, use the license save command.
Syntax Description
credential
Device credential information.
url
URL of the TFTP server (tftp://server_ip/path/filename).
Usage Guidelines
Save the device credentials before you revoke the license by using the license revoke command.
Configure Right to Use (RTU) Licensing Commands
Use the license commands to configure RTU licensing on Cisco Flex 7500 Series and 8500 Series controllers. This feature allows you to enable an AP license count on the controller without using any external tools after accepting an End User License Agreement (EULA).
- license activate ap-count eval
- license activate feature
- license add ap-count
- license add feature
- license deactivate ap-count eval
- license deactivate feature
- license delete ap-count
- license delete feature
license activate ap-count eval
To activate an evaluation access point license on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN Controllers, use the license activate ap-count eval command.
Command Default
By default, in release 7.3 Cisco Flex 7500 Series Controllers and Cisco 8500 Series Wireless LAN Controllers support 6000 APs.
Usage Guidelines
When you activate this license, the controller prompts you to accept or reject the End User License Agreement (EULA) for the given license. If you activate a license that supports a smaller number of APs than the current number of APs connected to the controller, the activation command fails.
Examples
This example shows how to activate an evaluation AP-count license on a Cisco Flex 7500 Series controller:
> license activate ap-count evalRelated Commands
license activate feature
license add ap-count
license add feature
license deactivate feature
license deactivate ap-count
license delete ap-count
license delete feature
show license all
show license evaluation
show license feature
show license summary
show license detail
show license statistics
license activate feature
To activate a feature license on Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN Controllers, use the license activate feature command.
Syntax Description
license_name Name of the feature license. The license name can be up to 50 case-sensitive characters.
Examples
This example shows how to activate a data DTLS feature license on a Cisco Flex 7500 Series controller:
> license activate feature data-DTLSRelated Commands
license activate ap-count eval
license add ap-count
license add feature
license deactivate feature
license deactivate ap-count
license delete ap-count
license delete feature
show license all
show license evaluation
show license feature
show license summary
show license detail
show license statistics
license add ap-count
To configure the number of access points (APs) that an AP license can support on Cisco Flex 7500 and 8500 Series Wireless LAN controllers, use the license add ap-count command.
Syntax Description
count Number of APs that the AP license supports. The range is from 1 to the maximum number of APs that the controller can support. The count must be a multiple of 5.
Usage Guidelines
Right to Use (RTU) licensing allows you to enable a desired AP license count on the controller after accepting the End User License Agreement (EULA). You can now easily add AP counts on a controller without using external tools. RTU licensing is available only on Cisco Flex 7500 and 8500 series Wireless LAN controllers.
You can use this command to increase the count of an existing AP license. When you activate a license that supports a smaller number of APs than the current number of APs connected to the controller, the activation command fails.
Examples
This example shows how to configure the count of an AP license on a Cisco Flex 7500 Series controller:
> license add ap-count 5000Related Commands
license activate feature
license activate ap-count eval
license add feature
license deactivate feature
license deactivate ap-count
license delete ap-count
license delete feature
show license all
show license evaluation
show license feature
show license summary
show license detail
show license statistics
license add feature
To add a license for a feature on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN controllers, use the license add feature command.
Syntax Description
license_name Name of the feature license. The license name can be up to 50 case-sensitive characters. For example, data_DTLS.
Examples
This example shows how to add a DTLS feature license on a Cisco Flex 7500 Series controller:
> license add feature data_DTLSRelated Commands
license add ap-count
license activate feature
license activate ap-count eval
license deactivate feature
license deactivate ap-count
license delete ap-count
license delete feature
show license all
show license evaluation
show license feature
show license summary
show license detail
show license statistics
license deactivate ap-count eval
To deactivate an evaluation access point license on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN Controllers, use the license deactivate ap-count eval command.
Examples
This example shows how to deactivate an evaluation AP license on a Cisco Flex 7500 Series controller:
> license deactivate ap-count evalRelated Commands
license activate ap-count
license activate feature
license add ap-count
license add feature
license deactivate feature
license delete ap-count
license delete feature
show license all
show license evaluation
show license feature
show license summary
show license detail
show license statistics
license deactivate feature
To deactivate a feature license on Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN controllers, use the license deactivate feature command.
Syntax Description
license_name Name of the feature license. The license name can be up to 50 case-sensitive characters.
Examples
This example shows how to deactivate a data DTLS feature license on a Cisco Flex 7500 Series controller:
> license deactivate feature data_DTLSRelated Commands
license activate ap-count eval
license activate feature
license add ap-count
license add feature
license deactivate ap-count
license delete ap-count
license delete feature
show license all
show license evaluation
show license feature
show license summary
show license detail
show license statistics
license delete ap-count
To delete an access point (AP) count license on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN Controllers, use the license delete ap-count command.
Syntax Description
count Number of APs that the AP license supports. The range is from 1 to the maximum number of APs that the controller can support. The count must be a multiple of 5.
Examples
This example shows how to delete an AP count license on a Cisco Flex 7500 Series controller:
> license delete ap-count 5000Related Commands
license activate feature
license activate ap-count eval
license add ap-count
license add feature
license deactivate feature
license deactivate ap-count
license delete feature
show license all
show license evaluation
show license feature
show license summary
show license detail
show license statistics
license delete feature
To delete a license for a feature on Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN controllers, use the license delete feature command.
Syntax Description
Examples
This example shows how to delete the High Availability feature license on a Cisco Flex 7500 Series controller:
> license delete feature high_availabilityRelated Commands
license activate feature
license activate ap-count eval
license add feature
license add ap-count eval
license deactivate feature
license deactivate ap-count
license delete ap-count
show license all
show license evaluation
show license feature
show license summary
show license detail
show license statistics
Troubleshooting the Controller Settings
This section describes the debug and config commands that you can use to troubleshoot the controller.
- debug arp
- debug avc error
- debug avc events
- debug cac
- debug crypto
- debug dhcp
- debug dhcp service-port
- debug disable-all
- debug l2age
- debug mac
- debug mdns all
- debug mdns detail
- debug mdns error
- debug mdns message
- debug memory
- debug nmsp
- debug ntp
- debug poe
- debug rbcp
- debug rfid
- debug snmp
- debug transfer
- debug voice-diag
- show debug
- show eventlog
- show memory monitor
- show run-config
- show process
- show tech-support
- Configure Memory Monitor Commands
- Configure Message Log Level Commands
debug arp
debug cac
Syntax Description
Examples
This example shows how to enable debug CAC settings:
> debug cac event enable > debug cac packet enabledebug crypto
debug dhcp service-port
debug mac
debug mdns all
debug mdns error
debug mdns message
debug memory
debug nmsp
debug rfid
debug voice-diag
Syntax Description
Enables voice diagnostics for voice client(s) involved in a call.
(Optional) MAC address of an additional voice client.
Note Voice diagnostics can be enabled or disabled for a maximum of two voice clients at a time.
(Optional) Enables debug information to be displayed on the console.
Note When voice diagnostics is enabled from the WCS, the verbose option is not available.
Disables voice diagnostics for voice client(s) involved in a call.
Usage Guidelines
Follow these guidelines when you use the debug voice-diag command:
- When the command is entered, the validity of the client(s) is not checked.
- A few output messages of the command are sent to the WCS.
- The command expires automatically after 60 minutes.
- The command provides the details of the call flow between a pair of client MACs involved in an active call.
NoteVoice diagnostics can be enabled for a maximum of two voice clients at a time.
show debug
To determine if the MAC address and other flag debugging is enabled or disabled, sse the show debug command.
show eventlog
Examples
This example shows how to display the event log entries:
> show eventlog Time File Line TaskID Code d h m s EVENT> bootos.c 788 125CEBCC AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 125CEBCC AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 125C597C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 125C597C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 125C597C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 125C597C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 125C597C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 125C597C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 1216C36C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 1216C36C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 1216C36C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 1216C36C AAAAAAAA 0 0 0 11show memory monitor
To display a summary of memory analysis settings and any discovered memory issues, use the show memory monitor command.
Syntax Description
Usage Guidelines
Be careful when changing the defaults for the config memory monitor command unless you know what you are doing, you have detected a problem, or you are collecting troubleshooting information.
Examples
This example shows how to display a summary of memory monitoring settings and a summary of test results:
> show memory monitor Memory Leak Monitor Status: low_threshold(10000), high_threshold(30000), current status(disabled) ------------------------------------------- Memory Error Monitor Status: Crash-on-error flag currently set to (disabled) No memory error detected.This example shows how to display the monitor test results:
> show memory monitor detail Memory error detected. Details: ------------------------------------------------ - Corruption detected at pmalloc entry address: (0x179a7ec0) - Corrupt entry:headerMagic(0xdeadf00d),trailer(0xabcd),poison(0xreadceef), entrysize(128),bytes(100),thread(Unknown task name,task id = (332096592)), file(pmalloc.c),line(1736),time(1027) Previous 1K memory dump from error location. ------------------------------------------------ (179a7ac0): 00000000 00000000 00000000 ceeff00d readf00d 00000080 00000000 00000000 (179a7ae0): 17958b20 00000000 1175608c 00000078 00000000 readceef 179a7afc 00000001 (179a7b00): 00000003 00000006 00000001 00000004 00000001 00000009 00000009 0000020d (179a7b20): 00000001 00000002 00000002 00000001 00000004 00000000 00000000 5d7b9aba (179a7b40): cbddf004 192f465e 7791acc8 e5032242 5365788c a1b7cee6 00000000 00000000 (179a7b60): 00000000 00000000 00000000 00000000 00000000 ceeff00d readf00d 00000080 (179a7b80): 00000000 00000000 17958dc0 00000000 1175608c 00000078 00000000 readceef (179a7ba0): 179a7ba4 00000001 00000003 00000006 00000001 00000004 00000001 00003763 (179a7c00): 1722246c 1722246c 00000000 00000000 00000000 00000000 00000000 ceeff00d (179a7c20): readf00d 00000080 00000000 00000000 179a7b78 00000000 1175608c 00000078 ...show run-config
To display a comprehensive view of the current Cisco wireless LAN controller configuration, use the show run-config command.
Syntax Description
Usage Guidelines
These commands have replaced the show running-config command.
Some WLAN controllers may have no Crypto Accelerator (VPN termination module) or power supplies listed because they have no provisions for VPN termination modules or power supplies.
The show run-config command shows only values configured by the user. It does not show system-configured default values.
Examples
This example shows how to display the current controller running configuration:
> show run-config Press Enter to continue... System Inventory Switch Description............................... Cisco Controller Machine Model.................................... Serial Number.................................... FLS0923003B Burned-in MAC Address............................ xx:xx:xx:xx:xx:xx Crypto Accelerator 1............................. Absent Crypto Accelerator 2............................. Absent Power Supply 1................................... Absent Power Supply 2................................... Present, OK Press Enter to continue Or <Ctl Z> to abort...show process
To display how various processes in the system are using the CPU at that instant in time, use the show process command.
Syntax Description
Displays how various system tasks are using the CPU at that moment.
Displays the allocation and deallocation of memory from various processes in the system at that moment.
Usage Guidelines
This command is helpful in understanding if any single task is monopolizing the CPU and preventing other tasks from being performed.
Examples
This example shows how to display various tasks in the system that are using the CPU at a given moment:
> show process cpu Name Priority CPU Use Reaper reaperWatcher ( 3/124) 0 % ( 0/ 0)% I osapiReaper (10/121) 0 % ( 0/ 0)% I TempStatus (255/ 1) 0 % ( 0/ 0)% I emWeb (255/ 1) 0 % ( 0/ 0)% T 300 cliWebTask (255/ 1) 0 % ( 0/ 0)% I UtilTask (255/ 1) 0 % ( 0/ 0)% T 300This example shows how to display the allocation and deallocation of memory from various processes at a given moment:
> show process memory Name Priority BytesinUse Reaper reaperWatcher ( 3/124) 0 ( 0/ 0)% I osapiReaper (10/121) 0 ( 0/ 0)% I TempStatus (255/ 1) 308 ( 0/ 0)% I emWeb (255/ 1) 294440 ( 0/ 0)% T 300 cliWebTask (255/ 1) 738 ( 0/ 0)% I UtilTask (255/ 1) 308 ( 0/ 0)% T 300show tech-support
To display Cisco wireless LAN controller variables frequently requested by Cisco Technical Assistance Center (TAC), use the show tech-support command.
Examples
This example shows how to display system resource information:
> show tech-support Current CPU Load................................. 0% System Buffers Max Free Buffers.............................. 4608 Free Buffers.................................. 4604 Buffers In Use................................ 4 Web Server Resources Descriptors Allocated......................... 152 Descriptors Used.............................. 3 Segments Allocated............................ 152 Segments Used................................. 3 System Resources Uptime........................................ 747040 Secs Total Ram..................................... 127552 Kbytes Free Ram...................................... 19540 Kbytes Shared Ram.................................... 0 Kbytes Buffer Ram.................................... 460 KbytesConfigure Memory Monitor Commands
config memory monitor errors
To enable or disable monitoring for memory errors and leaks, use the config memory monitor errors command:
CautionThe config memory monitor commands can be disruptive to your system and should be run only when you are advised to do so by the Cisco TAC.
Syntax Description
config memory monitor leaks
To configure the controller to perform an auto-leak analysis between two memory thresholds, use the config memory monitor leaks command.
CautionThe config memory monitor commands can be disruptive to your system and should be run only when you are advised to do so by the Cisco TAC.
Syntax Description
Command Default
The default value for low_thresh is 10000 KB; the default value for high_thresh is 30000 KB.
Usage Guidelines
NoteBe cautious about changing the defaults for the config memory monitor command unless you know what you are doing, you have detected a problem, or you are collecting troubleshooting information.
Use this command if you suspect that a memory leak has occurred.
If the free memory is lower than the low_thresh threshold, the system crashes, generating a crash file. The default value for this parameter is 10000 KB, and you cannot set it below this value.
Set the high_thresh threshold to the current free memory level or higher so that the system enters auto-leak-analysis mode. After the free memory reaches a level lower than the specified high_thresh threshold, the process of tracking and freeing memory allocation begins. As a result, the debug memory events enable command shows all allocations and frees, and the show memory monitor detail command starts to detect any suspected memory leaks.
Configure Message Log Level Commands
- config msglog level critical
- config msglog level error
- config msglog level security
- config msglog level verbose
- config msglog level warning
config msglog level critical
To reset the message log so that it collects and displays only critical (highest-level) messages, use the config msglog level critical command.
Usage Guidelines
The message log always collects and displays critical messages, regardless of the message log level setting.
config msglog level error
To reset the message log so that it collects and displays both critical (highest-level) and error (second-highest) messages, use the config msglog level error command.
config msglog level security
To reset the message log so that it collects and displays critical (highest-level), error (second-highest), and security (third-highest) messages, use the config msglog level security command.
config msglog level verbose
config msglog level warning
To reset the message log so that it collects and displays critical (highest-level), error (second-highest), security (third-highest), and warning (fourth-highest) messages, use the config msglog level warning command.
