-
Cisco Wireless LAN Controller Command Reference, Release 7.6
-
Preface
-
Using the Command-Line Interface
- System Management Commands
- Ports and Interfaces Commands
- VideoStream Commands
- Security Commands
- WLAN Commands
- Lightweight Access Point Commands
- Mesh Access Point Commands
- Radio Resource Management Commands
- CleanAir Commands
- FlexConnect Commands
- Mobility Commands
-
Index
-
Feedback
Contents
CLI Commands
The Cisco Wireless LAN solution command-line interface (CLI) enables operators to connect an ASCII console to the Cisco wireless LAN controller and configure the controller and its associated access points.
- show Commands
- config Commands
- Timeout Commands
- Clearing Configurations, Log files, and Other Actions
- Resetting the System Reboot Time
- Uploading and Downloading Files and Configurations
- Installing and Modifying Licenses on Cisco 5500 Series Controllers
- Right to Use Licensing Commands
- Troubleshooting the Controller Settings
show Commands
This section lists the show commands that you can use to display information about the controller settings and user accounts.
- show 802.11 cu-metrics
- show advanced 802.11 l2roam
- show advanced send-disassoc-on-handoff
- show advanced sip-preferred-call-no
- show advanced sip-snooping-ports
- show arp kernel
- show arp switch
- show avc applications
- show avc engine
- show avc profile
- show avc protocol-pack
- show avc statistics application
- show avc statistics client
- show avc statistics guest-lan
- show avc statistics remote-lan
- show avc statistics top-apps
- show avc statistics wlan
- show boot
- show band-select
- show buffers
- show cac voice stats
- show cac voice summary
- show cac video stats
- show cac video summary
- show cdp
- show certificate compatibility
- show certificate lsc
- show certificate ssc
- show certificate summary
- show client calls
- show client roam-history
- show client summary
- show client summary guest-lan
- show client tsm
- show client username
- show client voice-diag
- show coredump summary
- show cpu
- show custom-web
- show database summary
- show dhcp
- show dtls connections
- show dhcp proxy
- show dhcp timeout
- show flow exporter
- show flow monitor summary
- show guest-lan
- show invalid-config
- show inventory
- show license all
- show license capacity
- show license detail
- show license expiring
- show license evaluation
- show license feature
- show license file
- show license handle
- show license image-level
- show license in-use
- show license permanent
- show license status
- show license statistics
- show license summary
- show license udi
- show load-balancing
- show local-auth certificates
- show logging
- show loginsession
- show mesh cac
- show mdns ap summary
- show mdns domain-name-ip summary
- show mdns profile
- show mdns service
- show mgmtuser
- show mobility group member
- show netuser
- show netuser guest-roles
- show network
- show network summary
- show network multicast mgid detail
- show network multicast mgid summary
- show nmsp notify-interval summary
- show nmsp statistics
- show nmsp status
- show nmsp subscription
- show ntp-keys
- show qos
- show queue-info
- show reset
- show route kernel
- show route summary
- show run-config
- show sessions
- show snmpcommunity
- show snmpengineID
- show snmptrap
- show snmpv3user
- show snmpversion
- show switchconfig
- show sysinfo
- show tech-support
- show time
- show trapflags
- show traplog
- show queue-info
- show rfid client
- show rfid config
- show rfid detail
- show rfid summary
show 802.11 cu-metrics
Syntax Description
Command History
Examples
The following is a sample output of the show 802.11a cu-metrics command:
(Cisco Controller) > show 802.11a cu-metrics AP1 AP Interface Mac: 30:37:a6:c8:8a:50 Measurement Duration: 90sec Timestamp Thu Jan 27 09:08:48 2011 Channel Utilization stats ================ Picc (50th Percentile)...................... 0 Pib (50th Percentile)....................... 76 Picc (90th Percentile)...................... 0 Pib (90th Percentile)....................... 77 Timestamp Thu Jan 27 09:34:34 2011show advanced 802.11 l2roam
To display 802.11a or 802.11b/g Layer 2 client roaming information, use the show advanced 802.11 l2roam command.
Syntax Description
Command History
Examples
The following is a sample output of the show advanced 802.11b l2roam rf-param command:
(Cisco Controller) > show advanced 802.11b l2roam rf-param L2Roam 802.11bg RF Parameters..................... Config Mode.................................. Default Minimum RSSI................................. -85 Roam Hysteresis.............................. 2 Scan Threshold............................... -72 Transition time.............................. 5show advanced send-disassoc-on-handoff
show arp kernel
show arp switch
To display the Cisco wireless LAN controller MAC addresses, IP addresses, and port types, use the show arp switch command.
Command History
Examples
The following is a sample output of the show arp switch command:
(Cisco Controller) > show arp switch MAC Address IP Address Port VLAN Type ------------------- ---------------- ------------ ---- ------------------- xx:xx:xx:xx:xx:xx xxx.xxx.xxx.xxx service port 1 xx:xx:xx:xx:xx:xx xxx.xxx.xxx.xxx service port xx:xx:xx:xx:xx:xx xxx.xxx.xxx.xxx service portshow avc applications
To display all the supported Application Visibility and Control (AVC) applications, use the show avc applications command.
Command History
Usage Guidelines
AVC uses the Network-Based Application Recognition (NBAR) deep packet inspection technology to classify applications based on the protocol they use. Using AVC, the controller can detect more than 1500 Layer 4 to Layer 7 protocols.
Examples
The following is a sample output of the show avc applications command:
(Cisco Controller) > show avc applications Application-Name App-ID Engine-ID Selector-ID Application-Group-Name ================ ====== ========= =========== ====================== 3com-amp3 538 3 629 other 3com-tsmux 977 3 106 obsolete 3pc 788 1 34 layer3-over-ip 914c/g 1109 3 211 net-admin 9pfs 479 3 564 net-admin acap 582 3 674 net-admin acas 939 3 62 other accessbuilder 662 3 888 other accessnetwork 607 3 699 other acp 513 3 599 other acr-nema 975 3 104 industrial-protocols active-directory 1194 13 473 other activesync 1419 13 490 business-and-productivity-tools adobe-connect 1441 13 505 other aed-512 963 3 149 obsolete afpovertcp 1327 3 548 business-and-productivity-tools agentx 609 3 705 net-admin alpes 377 3 463 net-admin aminet 558 3 2639 file-sharing an 861 1 107 layer3-over-ip ---- ---- --- ----- -------------show avc engine
show avc profile
Syntax Description
summary Displays a summary of AVC profiles.
detailed Displays the details of an AVC profile.
profile_name Name of the AVC profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.
Command History
Examples
The following is a sample output of the show avc profile summary command.
(Cisco Controller) > show avc profile summary Profile-Name Number of Rules ============ ============== profile 1 3 avc_profile2 1The following is a sample output of the show avc profile detailed command.
(Cisco Controller) > show avc profile detailed Application-Name Application-Group-Name Action DSCP ================ ======================= ====== ==== ftp file-sharing Drop - flash-video browsing Mark 10 facebook browsing Mark 10 Associated WLAN IDs : Associated Remote LAN IDs : Associated Guest LAN IDs :show avc protocol-pack
To display information about the Application Visibility and Control (AVC) protocol pack in the Cisco Wireless LAN Controller (WLC), use the show avc protocol-pack command.
Syntax Description
Command History
show avc statistics application
show avc statistics application application_name top-users [ downstream wlan | upstream wlan | wlan] [ wlan_id ]}
Syntax Description
application_name Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
top-users Displays AVC statistics for top application users.
downstream (Optional) Displays statistics of top downstream applications.
wlan (Optional) Displays AVC statistics of a WLAN.
wlan_id WLAN identifier from 1 to 512.
upstream (Optional) Displays statistics of top upstream applications.
Command History
Examples
The following is a sample output of the show avc statistics application command:
(Cisco Controller) > show avc statistics application ftp top-users downstream wlan 1 Client MAC Client IP WLAN ID Packets Bytes Avg Pkt Packets Bytes DSCP (Up/Down) (n secs) (n secs) Size (Total) (Total) In Out =========== ========= ====== ======= ======= ====== ======= ======= === === 00:0a:ab:15:00:9c(U) 172.16.31.156 1 16 91 5 43 338 0 0 (D) 172.16.31.156 1 22 5911 268 48 6409 0 0 00:0a:ab:15:00:5a(U) 172.16.31.90 1 7 39 5 13 84 0 0 (D) 172.16.31.90 1 12 5723 476 18 5869 0 0 00:0a:ab:15:00:60(U) 172.16.31.96 1 19 117 6 75 8666 0 0 (D) 172.16.31.96 1 19 4433 233 83 9595 0 0 00:0a:ab:15:00:a4(U) 172.16.31.164 1 18 139 7 21 161 0 0 (D) 172.16.31.164 1 23 4409 191 24 4439 0 0 00:0a:ab:15:00:48(U) 172.16.31.72 1 21 2738 130 21 2738 0 0 (D) 172.16.31.72 1 22 4367 198 22 4367 0 0 00:0a:ab:15:00:87(U) 172.16.31.135 1 11 47 4 49 301 0 0 (D) 172.16.31.135 1 12 4208 350 48 7755 0 0 00:0a:ab:15:00:92(U) 172.16.31.146 1 10 73 7 11 84 0 0 (D) 172.16.31.146 1 9 4168 463 11 4201 0 0 00:0a:ab:15:00:31(U) 172.16.31.49 1 11 95 8 34 250 0 0 (D) 172.16.31.49 1 18 3201 177 43 3755 0 0 00:0a:ab:15:00:46(U) 172.16.31.70 1 7 47 6 20 175 0 0 (D) 172.16.31.70 1 10 3162 316 23 3448 0 0 00:0a:ab:15:00:b3(U) 172.16.31.179 1 10 85 8 34 241 0 0show avc statistics client
To display the client Application Visibility and Control (AVC) statistics, use the show avc statistics client command.
show avc statistics client client_MAC { application application_name | top-apps [ upstream | downstream]}
Syntax Description
client_MAC MAC address of the client.
application Displays AVC statistics for an application.
application_name Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
top-apps Displays AVC statistics for top applications.
upstream (Optional) Displays statistics of top upstream applications.
downstream (Optional) Displays statistics of top downstream applications.
Command History
Examples
The following is a sample output of the show avc statistics client command:
(Cisco Controller) > show avc statistics client 00:0a:ab:15:00:01 application http Description Upstream Downstream =========== ======== ========== Number of Packtes(n secs) 5059 6369 Number of Bytes(n secs) 170144 8655115 Average Packet size(n secs) 33 1358 Total Number of Packtes 131878 150169 Total Number of Bytes 6054464 205239972 DSCP Incoming packet 16 0 DSCP Outgoing Packet 16 0The following is a sample output of the show avc statistics client command.
(Cisco Controller) > show avc statistics client 00:0a:ab:15:00:01 top-apps Application-Name Packets Bytes Avg Pkt Packets Bytes DSCP DSCP (Up/Down) (n secs) (n secs) Size (Total) (Total) In Out ================ ======= ====== ====== ======= ====== ==== ==== http (U) 6035 637728 105 6035 637728 16 16 (D) 5420 7218796 1331 5420 7218796 0 0 ggp (U) 1331 1362944 1024 1331 1362944 0 0 (D) 0 0 0 0 0 0 0 smp (U) 1046 1071104 1024 1046 1071104 0 0 (D) 0 0 0 0 0 0 0 vrrp (U) 205 209920 1024 205 209920 0 0 (D) 0 0 0 0 0 0 0 bittorrent (U) 117 1604 13 117 1604 0 0 (D) 121 70469 582 121 70469 0 0 icmp (U) 0 0 0 0 0 0 0 (D) 72 40032 556 72 40032 48 48 edonkey (U) 112 4620 41 112 4620 0 0 (D) 105 33076 315 105 33076 0 0 dns (U) 10 380 38 10 380 0 0 (D) 7 1743 249 7 1743 0 0 realmedia (U) 2 158 79 2 158 24 24 (D) 2 65 32 2 65 0 0show avc statistics guest-lan
To display the Application Visibility and Control (AVC) statistics of a guest LAN, use the show avc statistics guest-lan command.
show avc statistics guest-lan guest-lan_id { application application_name | top-app-groups [ upstream | downstream] | top-apps [ upstream | downstream]}
Syntax Description
guest-lan_id Guest LAN identifier from 1 to 5.
application Displays AVC statistics for an application.
application_name Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
top-app-groups Displays AVC statistics for top application groups.
upstream (Optional) Displays statistics of top upstream applications.
downstream (Optional) Displays statistics of top downstream applications.
top-apps Displays AVC statistics for top applications.
Command History
Examples
The following is a sample output of the show avc statistics command.
(Cisco Controller) > show avc statistics guest-lan 1 Application-Name Packets Bytes Avg Pkt Packets Bytes (Up/Down) (n secs) (n secs) Size (Total) (Total) ================ ======= ====== ====== ====== ======= unclassified (U) 191464 208627 1 92208613 11138796586 (D) 63427 53440610 842 16295621 9657054635 ftp (U) 805 72880 90 172939 11206202 (D) 911 58143 63 190900 17418653 http (U) 264904 12508288 47 27493945 2837672192 (D) 319894 436915253 1365 29850934 36817587924 gre (U) 0 0 0 10158872 10402684928 (D) 0 0 0 0 0 icmp (U) 1 40 40 323 98476 (D) 7262 4034576 555 2888266 1605133372 ipinip (U) 62565 64066560 1024 11992305 12280120320 (D) 0 0 0 0 0 imap (U) 1430 16798 11 305161 3795766 (D) 1555 576371 370 332290 125799465 irc (U) 9 74 8 1736 9133 (D) 11 371 33 1972 173381 nntp (U) 22 158 7 1705 9612 (D) 22 372 16 2047 214391show avc statistics remote-lan
To display the Application Visibility and Control (AVC) statistics of a remote LAN, use the show avc statistics remote-lan command.
show avc statistics remote-lan remote-lan_id{ application application_name | top-app-groups [ upstream | downstream] | top-apps [ upstream | downstream]}
Syntax Description
remote-lan_id Remote LAN identifier from 1 to 512.
application Displays AVC statistics for an application.
application_name Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
top-app-groups Displays AVC statistics for top application groups.
upstream (Optional) Displays statistics of top upstream applications.
downstream (Optional) Displays statistics of top downstream applications.
top-apps Displays AVC statistics for top applications.
Command History
Examples
The following is a sample output of the show avc statistics remote-lan command.
(Cisco Controller) > show avc statistics remote-lan 1 Application-Name Packets Bytes Avg Pkt Packets Bytes (Up/Down) (n secs) (n secs) Size (Total) (Total) ================ ======= ====== ====== ====== ======= unclassified (U) 191464 208627 1 92208613 11138796586 (D) 63427 53440610 842 16295621 9657054635 ftp (U) 805 72880 90 172939 11206202 (D) 911 58143 63 190900 17418653 http (U) 264904 12508288 47 27493945 2837672192 (D) 319894 436915253 1365 29850934 36817587924 gre (U) 0 0 0 10158872 10402684928 (D) 0 0 0 0 0 icmp (U) 1 40 40 323 98476 (D) 7262 4034576 555 2888266 1605133372 ipinip (U) 62565 64066560 1024 11992305 12280120320 (D) 0 0 0 0 0 imap (U) 1430 16798 11 305161 3795766 (D) 1555 576371 370 332290 125799465 irc (U) 9 74 8 1736 9133 (D) 11 371 33 1972 173381 nntp (U) 22 158 7 1705 9612 (D) 22 372 16 2047 214391show avc statistics top-apps
To display the Application Visibility and Control (AVC) statistics for the most used applications, use the show avc statistics top-apps command.
Syntax Description
upstream (Optional) Displays statistics of the most used upstream applications.
downstream (Optional) Displays statistics of the most used downstream applications.
Command History
Examples
The following is a sample output of the show avc statistics top-aps command:
(Cisco Controller) > show avc statistics top-apps Application-Name Packets Bytes Avg Pkt Packets Bytes (Up/Down) (n secs) (n secs) Size (Total) (Total) ================ ======= ======= ======= ======= ======== http (U) 204570 10610912 51 28272539 2882294016 (D) 240936 327624221 1359 30750570 38026889010 realmedia (U) 908 62154 68 400698 26470359 (D) 166694 220522943 1322 35802836 47131836785 mpls-in-ip (U) 77448 79306752 1024 10292787 10539813888 (D) 0 0 0 0 0 fire (U) 70890 72591360 1024 10242484 10488303616 (D) 0 0 0 0 0 pipe (U) 68296 69935104 1024 10224255 10469637120 (D) 0 0 0 0 0 gre (U) 60982 62445568 1024 10340221 10588386304 (D) 0 0 0 0 0 crudp (U) 26430 27064320 1024 10109812 10352447488 (D) 0 0 0 0 0 rtp (U) 0 0 0 0 0 (D) 7482 9936096 1328 2603923 3458009744 icmp (U) 0 0 0 323 98476 (D) 10155 5640504 555 2924693 1625363564show avc statistics wlan
To display the Application Visibility and Control (AVC) statistics of a WLAN, use the show avc statistics wlan command.
show avc statistics wlan wlan_id { application application_name | top-app-groups [ upstream | downstream] | top-apps [ upstream | downstream]}
Syntax Description
wlan_id WLAN identifier from 1 to 512.
application Displays AVC statistics for an application.
application_name Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
top-app-groups Displays AVC statistics for top application groups.
upstream (Optional) Displays statistics of top upstream applications.
downstream (Optional) Displays statistics of top downstream applications.
top-apps Displays AVC statistics for top applications.
Command History
Examples
The following is a sample output of the show avc statistics command.
(Cisco Controller) >show avc statistics wlan 1 Application-Name Packets Bytes Avg Pkt Packets Bytes (Up/Down) (n secs) (n secs) Size (Total) (Total) ================ ======= ====== ====== ====== ======= unclassified (U) 191464 208627 1 92208613 11138796586 (D) 63427 53440610 842 16295621 9657054635 ftp (U) 805 72880 90 172939 11206202 (D) 911 58143 63 190900 17418653 http (U) 264904 12508288 47 27493945 2837672192 (D) 319894 436915253 1365 29850934 36817587924 gre (U) 0 0 0 10158872 10402684928 (D) 0 0 0 0 0 icmp (U) 1 40 40 323 98476 (D) 7262 4034576 555 2888266 1605133372 ipinip (U) 62565 64066560 1024 11992305 12280120320 (D) 0 0 0 0 0 imap (U) 1430 16798 11 305161 3795766 (D) 1555 576371 370 332290 125799465 irc (U) 9 74 8 1736 9133 (D) 11 371 33 1972 173381 nntp (U) 22 158 7 1705 9612 (D) 22 372 16 2047 214391The following is a sample output of the show avc statistics wlan command.
(Cisco Controller) >show avc statistics wlan 1 application ftp Description Upstream Downstream =========== ======== ========== Number of Packtes(n secs) 0 0 Number of Bytes(n secs) 0 0 Average Packet size(n secs) 0 0 Total Number of Packtes 32459 64888 Total Number of Bytes 274 94673983show boot
To display the primary and backup software build numbers with an indication of which is active, use the show boot command.
Command History
Usage Guidelines
Each Cisco wireless LAN controller retains one primary and one backup operating system software load in nonvolatile RAM to allow controllers to boot off the primary load (default) or revert to the backup load when desired.
show band-select
Command History
Examples
The following is a sample output of the show band-select command:
(Cisco Controller) > show band-select Band Select Probe Response....................... per WLAN enabling Cycle Count................................... 3 cycles Cycle Threshold............................... 200 milliseconds Age Out Suppression........................... 20 seconds Age Out Dual Band............................. 60 seconds Client RSSI................................... -80 dBmshow buffers
Command History
Examples
The following is a sample output of the show buffers command:
(Cisco Controller) > show buffers Pool[00]: 16 byte chunks chunks in pool: 50000 chunks in use: 9196 bytes in use: 147136 bytes requested: 73218 (73918 overhead bytes) Pool[01]: 64 byte chunks chunks in pool: 50100 chunks in use: 19222 bytes in use: 1230208 bytes requested: 729199 (501009 overhead bytes) Pool[02]: 128 byte chunks chunks in pool: 26200 chunks in use: 9861 bytes in use: 1262208 bytes requested: 848732 (413476 overhead bytes) Pool[03]: 256 byte chunks chunks in pool: 3000 chunks in use: 596 bytes in use: 152576 bytes requested: 93145 (59431 overhead bytes) Pool[04]: 384 byte chunks chunks in pool: 6000 chunks in use: 258 bytes in use: 99072 bytes requested: 68235 (30837 overhead bytes) Pool[05]: 512 byte chunks chunks in pool: 18700 chunks in use: 18667 bytes in use: 9557504 bytes requested: 7933814 (1623690 overhead bytes) Pool[06]: 1024 byte chunks chunks in pool: 3500 chunks in use: 94 bytes in use: 96256 bytes requested: 75598 (20658 overhead bytes) Pool[07]: 2048 byte chunks chunks in pool: 1000 chunks in use: 54 bytes in use: 110592 bytes requested: 76153 (34439 overhead bytes) Pool[08]: 4096 byte chunks chunks in pool: 1000 chunks in use: 47 bytes in use: 192512 bytes requested: 128258 (64254 overhead bytes) Raw Pool: chunks in use: 256 bytes requested: 289575125show cac voice stats
To view the detailed voice CAC statistics of the 802.11a or 802.11b radio, use the show cac voice stats command.
Syntax Description
802.11a Displays detailed voice CAC statistics for 802.11a.
802.11b Displays detailed voice CAC statistics for 802.11b/g.
Command History
Examples
The following is a sample output of the show cac voice stats 802.11b command:
(Cisco Controller) > show cac voice stats 802.11b WLC Voice Call Statistics for 802.11b Radio WMM TSPEC CAC Call Stats Total num of Calls in progress................. 0 Num of Roam Calls in progress.................. 0 Total Num of Calls Admitted.................... 0 Total Num of Roam Calls Admitted............... 0 Total Num of exp bw requests received.......... 0 Total Num of exp bw requests Admitted.......... 0 Total Num of Calls Rejected.................... 0 Total Num of Roam Calls Rejected............... 0 Num of Calls Rejected due to insufficent bw.... 0 Num of Calls Rejected due to invalid params.... 0 Num of Calls Rejected due to PHY rate.......... 0 Num of Calls Rejected due to QoS policy........ 0 SIP CAC Call Stats Total Num of Calls in progress................. 0 Num of Roam Calls in progress.................. 0 Total Num of Calls Admitted.................... 0 Total Num of Roam Calls Admitted............... 0 Total Num of Preferred Calls Received.......... 0 Total Num of Preferred Calls Admitted.......... 0 Total Num of Ongoing Preferred Calls........... 0 Total Num of Calls Rejected(Insuff BW)......... 0 Total Num of Roam Calls Rejected(Insuff BW).... 0 KTS based CAC Call Stats Total Num of Calls in progress................. 0 Num of Roam Calls in progress.................. 0 Total Num of Calls Admitted.................... 0 Total Num of Roam Calls Admitted............... 0 Total Num of Calls Rejected(Insuff BW)......... 0 Total Num of Roam Calls Rejected(Insuff BW).... 0show cac voice summary
show cac video stats
To view the detailed video CAC statistics of the 802.11a or 802.11b radio, use the show cac video stats command.
Syntax Description
802.11a Displays detailed video CAC statistics for 802.11a.
802.11b Displays detailed video CAC statistics for 802.11b/g.
Command History
Examples
The following is a sample output of the show cac video stats 802.11b command:
(Cisco Controller) > show cac video stats 802.11b WLC Video Call Statistics for 802.11b Radio WMM TSPEC CAC Call Stats Total num of Calls in progress................. 0 Num of Roam Calls in progress.................. 0 Total Num of Calls Admitted.................... 0 Total Num of Roam Calls Admitted............... 0 Total Num of Calls Rejected.................... 0 Total Num of Roam Calls Rejected............... 0 Num of Calls Rejected due to insufficent bw.... 0 Num of Calls Rejected due to invalid params.... 0 Num of Calls Rejected due to PHY rate.......... 0 Num of Calls Rejected due to QoS policy........ 0 SIP CAC Call Stats Total Num of Calls in progress................. 0 Num of Roam Calls in progress.................. 0 Total Num of Calls Admitted.................... 0 Total Num of Roam Calls Admitted............... 0 Total Num of Calls Rejected(Insuff BW)......... 0 Total Num of Roam Calls Rejected(Insuff BW).... 0show cac video summary
To view the list of all access points with brief video statistics (includes bandwidth used, maximum bandwidth available, and the number of calls information), use the show cac video summary command.
Command History
Examples
The following is a sample output of the show cac video summary command:
(Cisco Controller) > show cac video summary AP Name Slot# Radio BW Used/Max Calls ----------------- ------- ----- ----------- ----- AP001b.d571.88e0 0 11b/g 0/10937 0 1 11a 0/18750 0 AP5_1250 0 11b/g 0/10937 0 1 11a 0/18750 0show cdp
Syntax Description
neighbors Displays a list of all CDP neighbors on all interfaces.
detail (Optional) Displays detailed information of the controller’s CDP neighbors. This command shows only the CDP neighbors of the controller; it does not show the CDP neighbors of the controller’s associated access points.
entry all Displays all CDP entries in the database.
traffic Displays CDP traffic information.
Command History
show certificate compatibility
show certificate lsc
To verify that the controller has generated a Locally Significant Certificate (LSC), use the show certificate lsc summary command.
Syntax Description
Displays a summary of LSC certificate settings and certificates.
Displays details about the access points that are provisioned using the LSC.
Command History
Examples
The following is a sample output of the show certificate lsc summary command:
(Cisco Controller) > show certificate lsc summary LSC Enabled...................................... Yes LSC CA-Server.................................... http://10.0.0.1:8080/caserver LSC AP-Provisioning.............................. Yes Provision-List............................... Not Configured LSC Revert Count in AP reboots............... 3 LSC Params: Country...................................... 4 State........................................ ca City......................................... ss Orgn......................................... org Dept......................................... dep Email........................................ dep@co.com KeySize...................................... 390 LSC Certs: CA Cert...................................... Not Configured RA Cert...................................... Not ConfiguredThis example shows how to display the details about the access points that are provisioned using the LSC:
(Cisco Controller) > show certificate lsc ap-provision LSC AP-Provisioning.............................. Yes Provision-List................................... Present Idx Mac Address --- ------------- 1 00:18:74:c7:c0:90show certificate ssc
To view the Self Signed Device Certificate (SSC) and hash key of the virtual controller, use the show certificate ssc command.
Command History
Examples
The following is a sample output of the show certificate ssc command :
(Cisco Controller) > show certificate ssc SSC Hash validation.............................. Enabled. SSC Device Certificate details: Subject Name : C=US, ST=California, L=San Jose, O=Cisco Virtual Wireless LAN Controller, CN=DEVICE-vWLC-AIR-CTVM-K9-000C297F2CF7, MAILTO=support@vwlc.com Validity : Start : 2012 Jul 23rd, 15:47:53 GMT End : 2022 Jun 1st, 15:47:53 GMT Hash key : 5870ffabb15de2a617132bafcd73show certificate summary
To verify that the controller has generated a certificate, use the show certificate summary command.
Command History
Examples
The following is a sample output of the show certificate summary command:
(Cisco Controller) > show certificate summary Web Administration Certificate................. Locally Generated Web Authentication Certificate................. Locally Generated Certificate compatibility mode:................ offshow client calls
To display the total number of active or rejected calls on the controller, use the show client calls command.
Syntax Description
Command History
Examples
The following is a sample output of the show client calls active 802.11a command :
(Cisco Controller) > show client calls active 802.11a Client MAC Username Total Call AP Name Radio Type Duration (sec) -------------------- --------- ---------- --------------- ---------- 00:09: ef: 02:65:70 abc 45 VJ-1240C-ed45cc 802.11a 00:13: ce: cc: 51:39 xyz 45 AP1130-a416 802.11a 00:40:96: af: 15:15 def 45 AP1130-a416 802.11a 00:40:96:b2:69: df def 45 AP1130-a416 802.11a Number of Active Calls ------------------------------------ 4show client summary
To display a summary of clients associated with a Cisco lightweight access point, use the show client summary command.
Syntax Description
(Optional) Displays all clients with the specified device type.
device
Device type such as Samsung-Device, or WindowsXP-Workstation.
Command History
Usage Guidelines
Use show client ap command to list the status of automatically disabled clients. Use the show exclusionlist command to display clients on the exclusion list (blacklisted).
Examples
The following example shows how to display a summary of the active clients:
(Cisco Controller) > show client summary Number of Clients................................ 24 Number of PMIPV6 Clients......................... 200 MAC Address AP Name Status WLAN/GLAN/RLAN Auth Protocol Port Wired PMIPV6 ----------------- ----------------- ------------- -------------- ---- ---------------- ---- ----- ------ 00:00:15:01:00:01 NMSP-TalwarSIM1-2 Associated 1 Yes 802.11a 13 No Yes 00:00:15:01:00:02 NMSP-TalwarSIM1-2 Associated 1 Yes 802.11a 13 No No 00:00:15:01:00:03 NMSP-TalwarSIM1-2 Associated 1 Yes 802.11a 13 No Yes 00:00:15:01:00:04 NMSP-TalwarSIM1-2 Associated 1 Yes 802.11a 13 No NoExamples
The following example shows how to display all clients that are WindowsXP-Workstation device types:
(Cisco Controller) >show client devicetype WindowsXP-Workstation Number of Clients in WLAN........................ 0 MAC Address AP Name Status Auth Protocol Port Wired Mobility Role ----------------- -------- ------------- ---------------- ---------- -------------- Number of Clients with requested device type..... 0show client summary guest-lan
Command History
Examples
The following is a sample output of the show client summary guest-lan command:
(Cisco Controller) > show client summary guest-lan Number of Clients................................ 1 MAC Address AP Name Status WLAN Auth Protocol Port Wired ----------- --------- ---------- ---- ---- -------- ---- ----- 00:16:36:40:ac:58 N/A Associated 1 No 802.3 1 Yesshow client tsm
Syntax Description
Command History
Examples
The following is a sample output of the show client tsm 802.11a command:
(Cisco Controller) > show client tsm 802.11a xx:xx:xx:xx:xx:xx all AP Interface MAC: 00:0b:85:01:02:03 Client Interface Mac: 00:01:02:03:04:05 Measurement Duration: 90 seconds Timestamp 1st Jan 2006, 06:35:80 UpLink Stats ================ Average Delay (5sec intervals)............................35 Delay less than 10 ms.....................................20 Delay bet 10 - 20 ms......................................20 Delay bet 20 - 40 ms......................................20 Delay greater than 40 ms..................................20 Total packet Count.........................................80 Total packet lost count (5sec).............................10 Maximum Lost Packet count(5sec)............................5 Average Lost Packet count(5secs)...........................2 DownLink Stats ================ Average Delay (5sec intervals)............................35 Delay less than 10 ms.....................................20 Delay bet 10 - 20 ms......................................20 Delay bet 20 - 40 ms......................................20 Delay greater than 40 ms..................................20 Total packet Count.........................................80 Total packet lost count (5sec).............................10 Maximum Lost Packet count(5sec)............................5 Average Lost Packet count(5secs)...........................2show client username
Syntax Description
Command History
show client voice-diag
Syntax Description
Command History
show coredump summary
Command History
Examples
The following is a sample output of the show coredump summary command:
(Cisco Controller) > show coredump summary Core Dump is enabled FTP Server IP.................................... 10.10.10.17 FTP Filename..................................... file1 FTP Username..................................... ftpuser FTP Password.................................. *********show custom-web
Command History
Examples
The following is a sample output of the show custom-web command:
(Cisco Controller) > show custom-web Radius Authentication Method..................... PAP Cisco Logo....................................... Enabled CustomLogo....................................... None Custom Title..................................... None Custom Message................................... None Custom Redirect URL.............................. None External web authentication Mode................. Disabled External web authentication URL.................. Noneshow database summary
Examples
The following is a sample output of the show database summary command:
(Cisco Controller) > show database summary Maximum Database Entries......................... 2048 Maximum Database Entries On Next Reboot.......... 2048 Database Contents MAC Filter Entries........................... 2 Exclusion List Entries....................... 0 AP Authorization List Entries................ 1 Management Users............................. 1 Local Network Users.......................... 1 Local Users.............................. 1 Guest Users.............................. 0 Total..................................... 5show dhcp
To display the internal Dynamic Host Configuration Protocol (DHCP) server configuration, use the show dhcp command.
Syntax Description
Command History
Examples
The following example shows how to display the allocated DHCP leases:
(Cisco Controller) >show dhcp leases No leases allocated.The following example shows how to display the DHCP summary information:
(Cisco Controller) >show dhcp summary Scope Name Enabled Address Range 003 No 0.0.0.0 -> 0.0.0.0The following example shows how to display the DHCP information for the scope 003:
(Cisco Controller) >show dhcp 003 Enabled....................................... No Lease Time.................................... 0 Pool Start.................................... 0.0.0.0 Pool End...................................... 0.0.0.0 Network....................................... 0.0.0.0 Netmask....................................... 0.0.0.0 Default Routers............................... 0.0.0.0 0.0.0.0 0.0.0.0 DNS Domain.................................... DNS........................................... 0.0.0.0 0.0.0.0 0.0.0.0 Netbios Name Servers.......................... 0.0.0.0 0.0.0.0 0.0.0.0show dtls connections
To display the Datagram Transport Layer Security (DTLS) server status, use the show dtls connections command.
Command History
Examples
The following is a sample output of the show dtls connections command.
Device > show dtls connections AP Name Local Port Peer IP Peer Port Ciphersuite --------------- ------------- --------------- ------------- ----------------------- 1130 Capwap_Ctrl 1.100.163.210 23678 TLS_RSA _WITH_AES_128_CBC_SHA 1130 Capwap_Data 1.100.163.210 23678 TLS_RSA _WITH_AES_128_CBC_SHA 1240 Capwap_Ctrl 1.100.163.209 59674 TLS_RSA _WITH_AES_128_CBC_SHAshow flow exporter
show flow monitor summary
show guest-lan
Syntax Description
Command History
Usage Guidelines
To display all wired guest LANs configured on the controller, use the show guest-lan summary command.
Examples
The following is a sample output of the show guest-lan guest_lan_id command:
(Cisco Controller) >show guest-lan 2 Guest LAN Identifier........................... 1 Profile Name................................... guestlan Network Name (SSID)............................ guestlan Status......................................... Enabled AAA Policy Override............................ Disabled Number of Active Clients....................... 1 Exclusionlist Timeout.......................... 60 seconds Session Timeout................................ Infinity Interface...................................... wired Ingress Interface.............................. wired-guest WLAN ACL....................................... unconfigured DHCP Server.................................... 10.20.236.90 DHCP Address Assignment Required............... Disabled Quality of Service............................. Silver (best effort) Security Web Based Authentication................... Enabled ACL........................................ Unconfigured Web-Passthrough............................ Disabled Conditional Web Redirect................... Disabled Auto Anchor................................ Disabled Mobility Anchor List GLAN ID IP Address Statusshow invalid-config
show inventory
To display a physical inventory of the Cisco wireless LAN controller, use the show inventory command.
Command History
Usage Guidelines
Some wireless LAN controllers may have no crypto accelerator (VPN termination module) or power supplies listed because they have no provisions for VPN termination modules or power supplies.
Examples
The following is a sample output of the show inventory command:
(Cisco Controller) > show inventory Burned-in MAC Address............................ 50:3D:E5:1A:31:A0 Power Supply 1................................... Present, OK Power Supply 2................................... Absent Maximum number of APs supported.................. 500 NAME: "Chassis" , DESCR: "Cisco 5500 Series Wireless LAN Controller" PID: AIR-CT5508-K9, VID: V01, SN: XXXXXXXXXXXshow license all
To display information for all licenses on the Cisco 5500 Series Controller, use the show license all command.
Examples
This example shows how to display all the licenses:
> show license all License Store: Primary License Storage StoreIndex: 0 Feature: wplus-ap-count Version: 1.0 License Type: Permanent License State: Inactive License Count: 12/0/0 License Priority: Medium StoreIndex: 1 Feature: base Version: 1.0 License Type: Permanent License State: Active, Not in Use License Count: Non-Counted License Priority: Medium StoreIndex: 2 Feature: wplus Version: 1.0 License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium License Store: Evaluation License Storage StoreIndex: 0 Feature: wplus Version: 1.0 License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 6 weeks 6 days License Count: Non-Counted License Priority: Low StoreIndex: 1 Feature: wplus-ap-count Version: 1.0 License Type: Evaluation License State: Active, In Use Evaluation total period: 8 weeks 4 days Evaluation period left: 2 weeks 3 days Expiry date: Thu Jun 25 18:09:43 2009 License Count: 250/250/0 License Priority: High StoreIndex: 2 Feature: base Version: 1.0 License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days License Count: Non-Counted License Priority: Low StoreIndex: 3 Feature: base-ap-count Version: 1.0 License Type: Evaluation License State: Active, Not in Use, EULA accepted Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 3 days License Count: 250/0/0 License Priority: Lowshow license capacity
To display the maximum number of access points allowed for this license on the Cisco 5500 Series Controller, the number of access points currently joined to the controller, and the number of access points that can still join the controller, use the show license capacity command.
show license detail
To display details of a specific license on the Cisco 5500 Series Controller, use the show license detail command.
Syntax Description
Examples
This example shows how to display the license details:
> show license detail wplus Feature: wplus Period left: Life time Index: 1 Feature: wplus Version: 1.0 License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Store Index: 2 Store Name: Primary License Storage Index: 2 Feature: wplus Version: 1.0 License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 6 weeks 6 days License Count: Non-Counted License Priority: Low Store Index: 0show license expiring
To display details of expiring licenses on the Cisco 5500 Series Controller, use the show license expiring command.
Examples
This example shows how to display the details of the expiring licenses:
> show license expiring StoreIndex: 0 Feature: wplus Version: 1.0 License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 6 weeks 6 days License Count: Non-Counted License Priority: Low StoreIndex: 1 Feature: wplus-ap-count Version: 1.0 License Type: Evaluation License State: Active, In Use Evaluation total period: 8 weeks 4 days Evaluation period left: 2 weeks 3 days Expiry date: Thu Jun 25 18:09:43 2009 License Count: 250/250/0 License Priority: High StoreIndex: 2 Feature: base Version: 1.0 License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days License Count: Non-Counted License Priority: Low StoreIndex: 3 Feature: base-ap-count Version: 1.0 License Type: Evaluation License State: Active, Not in Use, EULA accepted Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 3 days License Count: 250/0/0 License Priority: Lowshow license evaluation
To display details of evaluation licenses on the Cisco 5500 Series Controller, use the show license evaluation command.
Examples
This example shows how to display the details of the evaluation licenses:
> show license evaluation StoreIndex: 0 Feature: wplus Version: 1.0 License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 6 weeks 6 days License Count: Non-Counted License Priority: Low StoreIndex: 1 Feature: wplus-ap-count Version: 1.0 License Type: Evaluation License State: Active, In Use Evaluation total period: 8 weeks 4 days Evaluation period left: 2 weeks 3 days Expiry date: Thu Jun 25 18:09:43 2009 License Count: 250/250/0 License Priority: High StoreIndex: 2 Feature: base Version: 1.0 License Type: Evaluation License State: Inactive Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days License Count: Non-Counted License Priority: Low StoreIndex: 3 Feature: base-ap-count Version: 1.0 License Type: Evaluation License State: Active, Not in Use, EULA accepted Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 3 days License Count: 250/0/0 License Priority: Lowshow license feature
To display a summary of license-enabled features on the Cisco 5500 Series Controller, use the show license feature command.
show license file
To display a summary of license-enabled features on the Cisco 5500 Series Controller, use the show license file command.
Examples
This example shows how to display the license files:
> show license file License Store: Primary License Storage Store Index: 0 License: 11 wplus-ap-count 1.0 LONG NORMAL STANDALONE EXCL 12_KEYS INFINIT E_KEYS NEVER NEVER NiL SLM_CODE CL_ND_LCK NiL *1AR5NS7M5AD8PPU400 NiL NiL NiL 5_MINS <UDI><PID>AIR-CT5508-K9</PID><SN>RFD000P2D27< /SN></UDI> Pe0L7tv8KDUqo:zlPe423S5wasgM8G,tTs0i,7zLyA3VfxhnIe5aJa m63lR5l8JM3DPkr4O2DI43iLlKn7jomo3RFl1LjMRqLkKhiLJ2tOyuftQSq2bCAO6 nR3wIb38xKi3t$<WLC>AQEBIQAB//++mCzRUbOhw28vz0czAY0iAm7ocDLUMb9ER0 +BD3w2PhNEYwsBN/T3xXBqJqfC+oKRqwInXo3s+nsLU7rOtdOxoIxYZAo3LYmUJ+M FzsqlhKoJVlPyEvQ8H21MNUjVbhoN0gyIWsyiJaM8AQIkVBQFzhr10GYolVzdzfJf EPQIx6tZ++/Vtc/q3SF/5Ko8XCY=</WLC> Comment: Hash: iOGjuLlXgLhcTB113ohIzxVioHA= . . .show license handle
To display the license handles on the Cisco 5500 Series Controller, use the show license handle command.
Examples
This example shows how to display the license handles:
> show license handle Feature: wplus , Handle Count: 1 Units: 01( 0), ID: 0x5e000001, NotifyPC: 0x1001e8f4 LS-Handle (0x00000001), Units: ( 1) Registered clients: 1 Context 0x1051b610, epID 0x10029378 Feature: base , Handle Count: 0 Registered clients: 1 Context 0x1053ace0, epID 0x10029378 Feature: wplus-ap-count , Handle Count: 1 Units: 250( 0), ID: 0xd4000002, NotifyPC: 0x1001e8f4 LS-Handle (0x000 00002), Units: (250) Registered clients: None Feature: base-ap-count , Handle Count: 0 Registered clients: None Global Registered clients: 2 Context 0x10546270, epID 0x100294cc Context 0x1053bae8, epID 0x100294ccshow license image-level
To display the license image level that is in use on the Cisco 5500 Series Controller, use the show license image-level command.
show license in-use
To display the licenses that are in use on the Cisco 5500 Series Controller, use the show license in-use command.
Examples
This example shows how to display the licenses that are in use:
> show license in-use StoreIndex: 2 Feature: wplus Version: 1.0 License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium StoreIndex: 1 Feature: wplus-ap-count Version: 1.0 License Type: Evaluation License State: Active, In Use Evaluation total period: 8 weeks 4 days Evaluation period left: 2 weeks 3 days Expiry date: Thu Jun 25 18:09:43 2009 License Count: 250/250/0 License Priority: Highshow license permanent
To display the permanent licenses on the Cisco 5500 Series Controller, use the show license permanent command.
Examples
This example shows how to display the permanent license’s information:
> show license permanent StoreIndex: 0 Feature: wplus-ap-count Version: 1.0 License Type: Permanent License State: Inactive License Count: 12/0/0 License Priority: Medium StoreIndex: 1 Feature: base Version: 1.0 License Type: Permanent License State: Active, Not in Use License Count: Non-Counted License Priority: Medium StoreIndex: 2 Feature: wplus Version: 1.0 License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Mediumshow license status
To display the license status on the Cisco 5500 Series Controller, use the show license status command.
Examples
This example shows how to display the license status:
> show license status License Type Supported permanent Non-expiring node locked license extension Expiring node locked license evaluation Expiring non node locked license License Operation Supported install Install license clear Clear license annotate Comment license save Save license revoke Revoke license Device status Device Credential type: DEVICE Device Credential Verification: PASS Rehost Type: DC_OR_ICshow license statistics
To display license statistics on the Cisco 5500 Series Controller, use the show license statistics command.
Examples
This example shows how to display the license statistics:
> show license statistics Administrative statistics Install success count: 0 Install failure count: 0 Install duplicate count: 0 Comment add count: 0 Comment delete count: 0 Clear count: 0 c Save count: 0 Save cred count: 0 Client status Request success count 2 Request failure count 0 Release count 0 Global Notify count 0show license summary
To display a brief summary of all licenses on the Cisco 5500 Series Controller, use the show license summary command.
Examples
This example shows how to display a brief summary of all licenses:
> show license summary Index 1 Feature: wplus Period left: Life time License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Index 2 Feature: wplus-ap-count Period left: 2 weeks 3 days License Type: Evaluation License State: Active, In Use License Count: 250/250/0 License Priority: High Index 3 Feature: base Period left: Life time License Type: Permanent License State: Active, Not in Use License Count: Non-Counted License Priority: Medium Index 4 Feature: base-ap-count Period left: 8 weeks 3 days License Type: Evaluation License State: Active, Not in Use, EULA accepted License Count: 250/0/0 License Priority: Lowshow license udi
To display unique device identifier (UDI) values for licenses on the Cisco 5500 Series Controller, use the show license udi command.
show load-balancing
Examples
This example shows how to display the load-balancing status:
> show load-balancing Aggressive Load Balancing........................ Enabled Aggressive Load Balancing Window................. 0 clients Aggressive Load Balancing Denial Count........... 3 Statistics Total Denied Count............................... 10 clients Total Denial Sent................................ 20 messages Exceeded Denial Max Limit Count.................. 0 times None 5G Candidate Count.......................... 0 times None 2.4G Candidate Count..................... 0 timesshow local-auth certificates
show logging
To display the syslog facility logging parameters and buffer contents, use the show logging command.
Command History
Examples
The following example shows how to display the current settings and buffer content details:
(Cisco Controller) >show logging Logging to buffer : - Logging of system messages to buffer : - Logging filter level.......................... errors - Number of system messages logged.............. 67227 - Number of system messages dropped............. 21136 - Logging of debug messages to buffer ........... Disabled - Number of debug messages logged............... 0 - Number of debug messages dropped.............. 0 Logging to console : - Logging of system messages to console : - Logging filter level.......................... errors - Number of system messages logged.............. 0 - Number of system messages dropped............. 88363 - Logging of debug messages to console .......... Enabled - Number of debug messages logged............... 0 - Number of debug messages dropped.............. 0 Logging to syslog : - Syslog facility................................ local0 - Logging of system messages to syslog : - Logging filter level.......................... errors - Number of system messages logged.............. 67227 - Number of system messages dropped............. 21136 - Logging of debug messages to syslog ........... Disabled - Number of debug messages logged............... 0 - Number of debug messages dropped.............. 0 - Number of remote syslog hosts.................. 0 - Host 0....................................... Not Configured - Host 1....................................... Not Configured - Host 2....................................... Not Configured Logging of traceback............................. Disabled Logging of process information................... Disabled Logging of source file informational............. Enabled Timestamping of messages......................... - Timestamping of system messages................ Enabled - Timestamp format.............................. Date and Time - Timestamping of debug messages................. Enabled - Timestamp format.............................. Date and Time Logging buffer (67227 logged, 21136 dropped) *Apr 03 09:48:01.728: %MM-3-INVALID_PKT_RECVD: mm_listen.c:5508 Received an invalid packet from 1.100.163.51. Source member:0.0.0.0. source member unknown. *Apr 03 09:47:34.194: %LWAPP-3-DECODE_ERR: spam_lrad.c:1271 Error decoding discovery request from AP 00:13:5f:0e:d4:20 *Apr 03 09:47:34.194: %LWAPP-3-DISC_OTAP_ERR: spam_lrad.c:5554 Ignoring OTAP discovery request from AP 00:13:5f:0e:d4:20, OTAP is disabled Previous message occurred 2 times.show loginsession
show mesh cac
To display call admission control (CAC) topology and the bandwidth used or available in a mesh network, use the show mesh cac command.
Syntax Description
Command History
Examples
The following example shows how to display a summary of the call admission control settings:
(Cisco Controller) >show mesh cac summary AP Name Slot# Radio BW Used/Max Calls ----------------- ------- ----- ----------- ----- SB_RAP1 0 11b/g 0/23437 0 1 11a 0/23437 0 SB_MAP1 0 11b/g 0/23437 0 1 11a 0/23437 0 SB_MAP2 0 11b/g 0/23437 0 1 11a 0/23437 0 SB_MAP3 0 11b/g 0/23437 0 1 11a 0/23437 0The following example shows how to display the mesh topology and the voice bandwidth used or available:
(Cisco Controller) >show mesh cac bwused voice SB_MAP1 AP Name Slot# Radio BW Used/Max ------------- ------- ----- ----------- SB_RAP1 0 11b/g 0/23437 1 11a 0/23437 | SB_MAP1 0 11b/g 0/23437 1 11a 0/23437 || SB_MAP2 0 11b/g 0/23437 1 11a 0/23437 ||| SB_MAP3 0 11b/g 0/23437 1 11a 0/23437The following example shows how to display the access voice calls in progress in a tree topology:
(Cisco Controller) >show mesh cac access 1524_Map1 AP Name Slot# Radio Calls ------------- ------- ----- ----- 1524_Rap 0 11b/g 0 1 11a 0 2 11a 0 | 1524_Map1 0 11b/g 0 1 11a 0 2 11a 0 || 1524_Map2 0 11b/g 0 1 11a 0 2 11a 0show mdns ap summary
To display all the access points for which multicast Domain Name System (mDNS) forwarding is enabled, use the show mnds ap summary command.
Command History
Examples
The following is a sample output of the show mnds ap summary command:
(Cisco Controller) > show mdns ap summary Number of mDNS APs............................. 2 AP Name Ethernet MAC Number of Vlans VlanIdentifiers --------- ---------------- ----------------- ------------------ ap-3500 cc:ef:48:72:0d:d9 0 Not applicable ap-3600 00:22:bd:df:04:68 2 124,122The following table describes the significant fields shown in the display.
Table 1 show mdns ap summary Field Descriptions Field Description AP Name
Name of the mDNS access point (access point for which mDNS forwarding is enabled).
Ethernet MAC
MAC address of the mDNS access point.
Number of VLANs
Number of VLANs from which the access point snoops the mDNS advertisements from the wired side. An access point can snoop on a maximum of 10 VLANs.
VLAN Identifiers
Identifiers of the VLANs the access point snoops on.
show mdns domain-name-ip summary
To display the summary of the multicast Domain Name System (mDNS) domain names, use the show mdns domain-name-ip summary command.
Command History
Usage Guidelines
Each service advertisement contains a record that maps the domain name of the service provider to the IP address. The mapping also contains details such as the client MAC address, VLAN ID, Time to Live (TTL), and IPv4 address.
Examples
The following is a sample output of the show mdns domain-name-ip summary command:
(Cisco Controller) > show mdns domain-name-ip summary Number of Domain Name-IP Entries................. 1 DomainName MAC Address IP Address Vlan Id Type TTL Time left (in seconds) (in seconds) ------------- ------------- ----------- -------------------- ------ tixp77.local. 00:50:b6:4f:69:70 209.165. 202.128 999 mDNSAP 4725 906The following table describes the significant fields shown in the display.
Table 2 show mdns domain-name-ip summary Field Descriptions Field Description Domain Name
Domain name of the service provider.
MAC Address
MAC address of the service provider.
IP Address
IP address of the service provider.
VLAN ID
VLAN ID of the service provider.
Type
Origin of service that can be one of the following:
TTL
TTL value, in seconds, that determines the validity of the service offered by the service provider. The service provider is removed from the Cisco Wireless LAN Controller when the TTL expires.
Time Left
Time remaining, in seconds, before the service provider is removed from the Cisco WLC.
show mdns profile
Syntax Description
summary Displays the summary of the mDNS profiles.
detailed Displays details of an mDNS profile.
profile-name Name of the mDNS profile.
Command History
Examples
This example shows how to display a summary of all the mDNS profiles:
> show mdns profile summary Number of Profiles............................... 2 ProfileName No. Of Services -------------------------------- --------------- default-mdns-profile 5 profile1 2This example shows how to display the detailed information of an mDNS profile:
> show mdns profile detailed default-mdns-profile Profile Name..................................... default-mdns-profile Profile Id....................................... 1 No of Services................................... 5 Services......................................... AirPrint AppleTV HP_Photosmart_Printer_1 HP_Photosmart_Printer_2 Printer No. Interfaces Attached.......................... 0 No. Interface Groups Attached.................... 0 No. Wlans Attached............................... 1 Wlan Ids......................................... 1Related Commands
config mdns service
config mdns snooping
config interface mdns-profile
config interface group mdns-profile
config wlan mdns
config mdns profile
show mdns ap
config mdns ap
show mnds service
clear mdns service-database
debug mdns all
debug mdns error
debug mdns detail
debug mdns message
show mdns service
To display multicast Domain Name System (mDNS) service information, use the show mnds service command.
Syntax Description
summary Displays the summary of all mDNS services.
detailed Displays the details of an mDNS service.
service-name Name of the mDNS service.
not-learnt Displays the summary of all the service advertisements that were received by the controller but were not discovered because the service query status was disabled.
Service advertisements for all VLANs and origin types that are not learned are displayed in the output. The top 500 services appear in the summary list.
Command History
Examples
The following is a sample output of the show mnds summary command:
Device > show mdns service summary Number of Services............................... 5 Service-Name LSS Origin No SP Service-string ------------------------ -------------- ------ -------- AirPrint Yes Wireless 1 _ipp._tcp.local. AppleTV Yes Wireless 1 _airplay._tcp.local. HP_Photosmart_Printer_1 Yes Wireless 1 _universal._sub._ipp._tcp.local. HP_Photosmart_Printer_2 No Wired 0 _cups._sub._ipp._tcp.local. Printer No Wired 0 _printer._tcp.local.The following is a sample output of the show mnds service detailed command:
Device > show mdns service detailed AirPrint Service Name..................................... AirPrint Service Id....................................... 1 Service query status............................. Enabled Service LSS status............................... Disabled Service learn origin............................. Wired Number of Profiles............................... 2 Profile.......................................... student-profile, guest-profile Number of Service Providers ..................... 2 Service Provider MAC-Address AP Radio MAC VLAN ID Type TTL Time left ---------------- ----------- ------------ ------- ---- ---------------- user1 60:33:4b:2b:a6:9a ----- 104 Wired 4500 4484 laptopa 00:21:1b:ea:36:60 3c:ce:73:1e:69:20 105 Wireless 4500 4484 Number of priority MAC addresses ................ 1 Sl.No MAC Address AP group name ----- ------------------- -------------- 1 44:03:a7:a3:04:45 AP_floor1The following is a sample output of the show mnds service not-learntcommand:
Device > show mdns service not-learnt Number of Services............................... 4 Origin VLAN TTL TTL left Client MAC AP-MAC Service-string (sec) (sec) ---------- ------ ------ ------ ------------------ ------------------ ---------------------- Wireless 106 120 105 00:21:6a:76:88:04 04:da:d2:b3:11:00 100.106.11.9.in-addr.arpa. Wireless 106 120 112 00:21:6a:78:ff:82 04:da:d2:b3:11:00 102.106.11.9.in-addr.arpa. Wireless 106 120 75 00:21:6a:78:ff:82 04:da:d2:b3:11:00 108.104.11.9.in-addr.arpa. Wireless 106 120 119 00:21:6a:78:ff:82 04:da:d2:b3:11:00 _airplayit._tcp.local.show mgmtuser
To display the local management user accounts on the Cisco wireless LAN controller, use the show mgmtuser command.
show mobility group member
To display the details of the mobility group members in the same domain, use the show mobility group member command.
Syntax Description
Command History
Examples
The following example shows how to display the hash keys of the mobility group members:
(Cisco Controller) >show mobility group member hash Default Mobility Domain.......................... new-mob IP Address Hash Key --------------------------------------------------------- 9.2.115.68 a819d479dcfeb3e0974421b6e8335582263d9169 9.6.99.10 0974421b6e8335582263d9169a819d479dcfeb3e 9.7.7.7 feb3e0974421b6e8335582263d9169a819d479dcshow netuser
To display the configuration of a particular user in the local user database, use the show netuser command.
Syntax Description
Command History
Examples
The following is a sample output of the show netuser summary command:
(Cisco Controller) > show netuser summary Maximum logins allowed for a given username ........UnlimitedThe following is a sample output of the show netuser detail command:
(Cisco Controller) > show netuser detail john10 username........................................... abc WLAN Id............................................. Any Lifetime............................................ Permanent Description......................................... test usershow netuser guest-roles
To display a list of the current quality of service (QoS) roles and their bandwidth parameters, use the show netuser guest-roles command.
Examples
This example shows how to display a QoS role for the guest network user:
> show netuser guest-roles Role Name.............................. Contractor Average Data Rate.................. 10 Burst Data Rate.................... 10 Average Realtime Rate.............. 100 Burst Realtime Rate................ 100 Role Name.............................. Vendor Average Data Rate.................. unconfigured Burst Data Rate.................... unconfigured Average Realtime Rate.............. unconfigured Burst Realtime Rate................ unconfiguredshow network summary
To display the network configuration of the Cisco wireless LAN controller, use the show network summary command.
Examples
This example shows how to display a summary configuration:
> show network summary RF-Network Name............................. RF Web Mode.................................... Disable Secure Web Mode............................. Enable Secure Web Mode Cipher-Option High.......... Disable Secure Web Mode Cipher-Option SSLv2......... Disable OCSP........................................ Disabled OCSP responder URL.......................... Secure Shell (ssh).......................... Enable Telnet...................................... Enable Ethernet Multicast Mode..................... Disable Mode: Ucast Ethernet Broadcast Mode..................... Disable Ethernet Multicast Forwarding............... Disable Ethernet Broadcast Forwarding............... Disable AP Multicast/Broadcast Mode................. Unicast IGMP snooping............................... Disabled IGMP timeout................................ 60 seconds IGMP Query Interval......................... 20 seconds MLD snooping................................ Disabled MLD timeout................................. 60 seconds MLD query interval.......................... 20 seconds User Idle Timeout........................... 300 seconds AP Join Priority............................ Disable ARP Idle Timeout............................ 300 seconds ARP Unicast Mode............................ Disabled Cisco AP Default Master..................... Disable Mgmt Via Wireless Interface................. Disable Mgmt Via Dynamic Interface.................. Disable Bridge MAC filter Config.................... Enable Bridge Security Mode........................ EAP Over The Air Provisioning of AP's........... Enable Apple Talk ................................. Disable Mesh Full Sector DFS........................ Enable AP Fallback ................................ Disable Web Auth CMCC Support ...................... Disabled Web Auth Redirect Ports .................... 80 Web Auth Proxy Redirect ................... Disable Web Auth Captive-Bypass .................. Disable Web Auth Secure Web ....................... Enable Fast SSID Change ........................... Disabled AP Discovery - NAT IP Only ................. Enabled IP/MAC Addr Binding Check .................. Enabled CCX-lite status ............................ Disable oeap-600 dual-rlan-ports ................... Disable oeap-600 local-network ..................... Enable mDNS snooping............................... Disabled mDNS Query Interval......................... 15 minutesshow network multicast mgid detail
To display all the clients joined to the multicast group in a specific multicast group identification (MGID), use the show network multicast mgid detail command.
Syntax Description
Examples
This example shows how to display details of the multicast database:
> show network multicast mgid detail Mgid ............................... 550 Multicast Group Address ............ 239.255.255.250 Vlan ............................... 0 Rx Packet Count .................... 807399588 No of clients ...................... 1 Client List ........................ Client MAC Expire TIme (mm:ss) 00:13:02:23:82:ad 0:20show network multicast mgid summary
To display all the multicast groups and their corresponding multicast group identifications (MGIDs), use the show network multicast mgid summary command.
Examples
This example shows how to display a summary of multicast groups and their MGIDs:
> show network multicast mgid summary Layer2 MGID Mapping: ------------------- InterfaceName vlanId MGID ----------------------------- ------ ----- management 0 0 test 0 9 wired 20 8 Layer3 MGID Mapping: ------------------- Number of Layer3 MGIDs ................ 1 Group address Vlan MGID ------------------ ----- ------ 239.255.255.250 0 550show nmsp notify-interval summary
To display the Network Mobility Services Protocol (NMSP) configuration settings, use the show nmsp notify-interval summary command.
show nmsp statistics
To display Network Mobility Services Protocol (NMSP) counters, use the show nmsp statistics command.
Syntax Description
Examples
This example shows how to display a summary of common NMSP counters:
> show nmsp statistics summary Send RSSI with no entry: 0 Send too big msg: 0 Failed SSL write: 0 Partial SSL write: 0 SSL write attempts to want write: Transmit Q full:0 Max Measure Notify Msg: 0 Max Info Notify Msg: 0 Max Tx Q Size: 2 Max Rx Size: 1 Max Info Notify Q Size: 0 Max Client Info Notify Delay: 0 Max Rogue AP Info Notify Delay: 0 Max Rogue Client Info Notify Delay: 0 Max Client Measure Notify Delay: 0 Max Tag Measure Notify Delay: 0 Max Rogue AP Measure Notify Delay: 0 Max Rogue Client Measure Notify Delay: 0 Max Client Stats Notify Delay: 0 Max Tag Stats Notify Delay: 0 RFID Measurement Periodic : 0 RFID Measurement Immediate : 0 Reconnect Before Conn Timeout: 0This example shows how to display all the connection-specific NMSP counters:
> show nmsp statistics connection all NMSP Connection Counters Connection 1 : Connection status: UP Freed Connection: 0 Nmsp Subscr Req: 0 NMSP Subscr Resp: 0 Info Req: 1 Info Resp: 1 Measure Req: 2 Measure Resp: 2 Stats Req: 2 Stats Resp: 2 Info Notify: 0 Measure Notify: 0 Loc Capability: 2 Location Req: 0 Location Rsp: 0 Loc Subscr Req: 0 Loc Subscr Rsp: 0 Loc Notif: 0 Loc Unsubscr Req: 0 Loc Unsubscr Rsp: 0 IDS Get Req: 0 IDS Get Resp: 0 IDS Notif: 0 IDS Set Req: 0 IDS Set Resp: 0show nmsp status
To display the status of active Network Mobility Services Protocol (NMSP) connections, use the show nmsp status command.
show nmsp subscription
To display the Network Mobility Services Protocol (NMSP) services that are active on the controller, use the show nmsp subscription command.
Syntax Description
Examples
This example shows how to display a summary of all the NMSP services to which the controller is subscribed:
> show nmsp subscription summary Mobility Services Subscribed: Server IP Services --------- -------- 10.10.10.31 RSSI, Info, StatisticsThis example shows how to display details of all the NMSP services:
> show nmsp subscription detail 10.10.10.31 Mobility Services Subscribed by 10.10.10.31 Services Sub-services -------- ------------ RSSI Mobile Station, Tags, Info Mobile Station, Statistics Mobile Station, Tags,show ntp-keys
show qos
Syntax Description
Displays QoS information for the bronze profile of the WLAN.
Displays QoS information for the platinum profile of the WLAN.
Displays QoS information for the silver profile of the WLAN.
Examples
This example shows how to display QoS information for the silver profile:
> show qos Description...................................... For Best Effort Maximum Priority................................. besteffort Unicast Default Priority......................... besteffort Multicast Default Priority....................... besteffort Per-SSID Rate Limits............................. Upstream Downstream Average Data Rate................................ 0 0 Average Realtime Data Rate....................... 0 0 Burst Data Rate.................................. 0 0 Burst Realtime Data Rate......................... 0 0 Per-Client Rate Limits........................... Upstream Downstream Average Data Rate................................ 0 0 Average Realtime Data Rate....................... 0 0 Burst Data Rate.................................. 0 0 Burst Realtime Data Rate......................... 0 0 protocol......................................... noneshow queue-info
To display all the message queue information pertaining to the system, use the show queue-info command.
Command History
Examples
The following is a sample output of the show queue-info command.
(Cisco Controller) > show queue-info Total message queue count = 123 Queue Name Allocated InUse MaxUsed --------------------------------------------------------------- PRINTF-Q 256 0 0 dtlqueue 4096 0 6 GRE Queue 100 0 1 dtlarpqueue 4096 0 6 NIM-Q 116 0 1 SIM-Q 116 0 6 DHCP Client Queue 8 0 0 dhcpv6ProxyMsgQueue 250 0 0 FDQ-Q 30300 0 3 dot1d_Queue 512 0 29 Garp-Q 256 0 1 dot3ad_queue 1024 0 0 DEBUG-Q 8192 0 8 LOGGER-Q 8192 0 5 TS-Q 256 0 0The following table describes the significant fields shown in the display.
Table 3 show queue-info Field Descriptions Field Description Queue Name
Name of the task message queue.
Allocated
Memory size, in bytes, of the message queue.
InUse
Queue that is currently used. A value of 0 indicates that there are no messages that have to be processed by the task.
MaxUsed
Maximum number of messages processed by the task after the controller is up.
show reset
Examples
This example shows how to display the scheduled system reset parameters:
> show reset System reset is scheduled for Mar 27 01 :01 :01 2010 Current local time and date is Mar 24 02:57:44 2010 A trap will be generated 10 minutes before each scheduled system reset. Use ‘reset system cancel’ to cancel the reset. Configuration will be saved before the system reset.show route kernel
Examples
This example shows how to display the kernel route cache information:
> show route kernel Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT dtl0 14010100 00000000 0001 0 0 0 FFFFFF00 0 0 0 dtl0 28282800 00000000 0001 0 0 0 FFFFFF00 0 0 0 dtl0 34010100 00000000 0001 0 0 0 FFFFFF00 0 0 0 eth0 02020200 00000000 0001 0 0 0 FFFFFF00 0 0 0 dtl0 33010100 00000000 0001 0 0 0 FFFFFF00 0 0 0 dtl0 0A010100 00000000 0001 0 0 0 FFFFFF00 0 0 0 dtl0 32010100 00000000 0001 0 0 0 FFFFFF00 0 0 0 dtl0 0A000000 0202020A 0003 0 0 0 FF000000 0 0 0 lo 7F000000 00000000 0001 0 0 0 FF000000 0 0 0 dtl0 00000000 0A010109 0003 0 0 0 00000000 0 0 0show route summary
To display the routes assigned to the Cisco wireless LAN controller service port, use the show route summary command.
show run-config
To display a comprehensive view of the current Cisco wireless LAN controller configuration, use the show run-config command.
Syntax Description
Command History
Usage Guidelines
These commands have replaced the show running-config command.
Some WLAN controllers may have no Crypto Accelerator (VPN termination module) or power supplies listed because they have no provisions for VPN termination modules or power supplies.
The show run-config command shows only values configured by the user. It does not show system-configured default values.
Examples
The following is a sample output of the show run-config command:
(Cisco Controller) > show run-config Press Enter to continue... System Inventory Switch Description............................... Cisco Controller Machine Model.................................... Serial Number.................................... FLS0923003B Burned-in MAC Address............................ xx:xx:xx:xx:xx:xx Crypto Accelerator 1............................. Absent Crypto Accelerator 2............................. Absent Power Supply 1................................... Absent Power Supply 2................................... Present, OK Press Enter to continue Or <Ctl Z> to abort...show sessions
To display the console port login timeout and maximum number of simultaneous command-line interface (CLI) sessions, use the show sessions command.
Examples
This example shows how to display the CLI session configuration setting:
> show sessions CLI Login Timeout (minutes)............ 0 Maximum Number of CLI Sessions......... 5The response indicates that the CLI sessions never time out and that the Cisco wireless LAN controller can host up to five simultaneous CLI sessions.
show snmpcommunity
To display Simple Network Management Protocol (SNMP) community entries, use the show snmpcommunity command.
Examples
This example shows how to display SNMP community entries:
> show snmpcommunity SNMP Community Name Client IP Address Client IP Mask Access Mode Status ------------------- ----------------- ----------------- ----------- -------- public 0.0.0.0 0.0.0.0 Read Only Enable ********** 0.0.0.0 0.0.0.0 Read/Write Enableshow snmpengineID
show snmptrap
To display Cisco wireless LAN controller Simple Network Management Protocol (SNMP) trap receivers and their status, use the show snmptrap command.
show snmpv3user
To display Simple Network Management Protocol (SNMP) version 3 configuration, use the show snmpv3user command.
show snmpversion
To display which versions of Simple Network Management Protocol (SNMP) are enabled or disabled on your controller, use the show snmpversion command.
show switchconfig
To display parameters that apply to the Cisco wireless LAN controller, use the show switchconfig command.
Examples
This example shows how to display parameters that apply to the Cisco wireless LAN controller:
> show switchconfig 802.3x Flow Control Mode......................... Disabled FIPS prerequisite features....................... Enabled Boot Break....................................... Enabled secret obfuscation............................... Enabled Strong Password Check Features: case-check ...........Disabled consecutive-check ....Disabled default-check .......Disabled username-check ......Disabledshow sysinfo
Examples
This example shows how to display wireless LAN controller information:
> show sysinfo Manufacturer's Name.............................. Cisco Systems Inc. Product Name..................................... Cisco Controller Product Version.................................. 6.0.133.0 Build Information................................ Tue Mar 31 11:44:12 PDT 2009 Bootloader Version............................... 0.14.0 Field Recovery Image Version..................... 5.3.38.0-BL-9-16 Firmware Version................................. FPGA 1.0, Env 0.8, USB console 1.27 Build Type....................................... DATA + WPS System Name...................................... 5500 System Location.................................. System Contact................................... System ObjectID.................................. 1.3.6.1.4.1.9.1.1 IP Address....................................... 10.10.10.7 Last Reset....................................... Software reset System Up Time................................... 1 days 15 hrs 17 mins 48 secs System Timezone Location.................... Current Boot License Level....................... wplus Current Boot License Type........................ Permanent Next Boot License Level.......................... wplus Next Boot License Type........................... Permanent Configured Country............................... US - United States Operating Environment............................ Commercial (0 to 40 C) Internal Temp Alarm Limits....................... 0 to 65 C Internal Temperature............................. +45 C External Temperature............................. +29 C Fan Status....................................... OK State of 802.11b Network......................... Enabled State of 802.11a Network......................... Disabled Number of WLANs.................................. 18 3rd Party Access Point Support................... Disabled Number of Active Clients......................... 1 Burned-in MAC Address............................ 00:00:1B:EE:12:E0 Power Supply 1................................... Not Available Power Supply 2................................... Not Available Maximum number of APs supported.................. 250show tech-support
To display Cisco wireless LAN controller variables frequently requested by Cisco Technical Assistance Center (TAC), use the show tech-support command.
Examples
This example shows how to display system resource information:
> show tech-support Current CPU Load................................. 0% System Buffers Max Free Buffers.............................. 4608 Free Buffers.................................. 4604 Buffers In Use................................ 4 Web Server Resources Descriptors Allocated......................... 152 Descriptors Used.............................. 3 Segments Allocated............................ 152 Segments Used................................. 3 System Resources Uptime........................................ 747040 Secs Total Ram..................................... 127552 Kbytes Free Ram...................................... 19540 Kbytes Shared Ram.................................... 0 Kbytes Buffer Ram.................................... 460 Kbytesshow time
Examples
This example shows how to display the controller time and date when authentication is not enabled:
> show time Time............................................. Wed Apr 13 09:29:15 2011 Timezone delta................................... 0:0 Timezone location........................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata NTP Servers NTP Polling Interval......................... 3600 Index NTP Key Index NTP Server NTP Msg Auth Status ------- --------------------------------------------------------------- 1 0 9.2.60.60 AUTH DISABLEDThis example shows successful authentication of NTP Message results in the AUTH Success:
> show time Time............................................. Thu Apr 7 13:56:37 2011 Timezone delta................................... 0:0 Timezone location........................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata NTP Servers NTP Polling Interval......................... 3600 Index NTP Key Index NTP Server NTP Msg Auth Status ------- --------------------------------------------------------------- 1 1 9.2.60.60 AUTH SUCCESSThis example shows that if the packet received has errors, then the NTP Msg Auth status will show AUTH Failure:
> show time Time............................................. Thu Apr 7 13:56:37 2011 Timezone delta................................... 0:0 Timezone location........................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata NTP Servers NTP Polling Interval......................... 3600 Index NTP Key Index NTP Server NTP Msg Auth Status ------- --------------------------------------------------------------- 1 10 9.2.60.60 AUTH FAILUREThis example shows that if there is no response from NTP server for the packets, the NTP Msg Auth status will be blank:
> show time Time............................................. Thu Apr 7 13:56:37 2011 Timezone delta................................... 0:0 Timezone location................................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata NTP Servers NTP Polling Interval......................... 3600 Index NTP Key Index NTP Server NTP Msg Auth Status ------- --------------------------------------------------------------- 1 11 9.2.60.60show trapflags
To display the Cisco wireless LAN controller Simple Network Management Protocol (SNMP) trap flags, use the show trapflags command.
Examples
This example shows how to display controller SNMP trap flags:
> show trapflags Authentication Flag............................ Enable Link Up/Down Flag.............................. Enable Multiple Users Flag............................ Enable Spanning Tree Flag............................. Enable Client Related Traps 802.11 Disassociation......................... Disable 802.11 Association.............................Disabled 802.11 Deauthenticate......................... Disable 802.11 Authenticate Failure................... Disable 802.11 Association Failure.................... Disable Authentication.................................Disabled Excluded...................................... Disable Max Client Warning Threshold.................. 90% Nac-Alert Traps................................. Disabled RFID Related Traps Max RFIDs Warning Threshold..................... 90% 802.11 Security related traps WEP Decrypt Error............................. Enable IDS Signature Attack............................ Disable Cisco AP Register...................................... Enable InterfaceUp................................... Enable Auto-RF Profiles Load.......................................... Enable Noise......................................... Enable Interference.................................. Enable Coverage...................................... Enable Auto-RF Thresholds tx-power...................................... Enable channel....................................... Enable antenna....................................... Enable AAA auth.......................................... Enable servers....................................... Enable rogueap........................................ Enable adjchannel-rogueap............................... Disabled wps............................................ Enable configsave..................................... Enable IP Security esp-auth...................................... Enable esp-replay.................................... Enable invalidSPI.................................... Enable ike-neg....................................... Enable suite-neg..................................... Enable invalid-cookie................................ Enable Mesh auth failure.................................... Enabled child excluded parent........................... Enabled parent change................................... Enabled child moved..................................... Enabled excessive parent change......................... Enabled onset SNR....................................... Enabled abate SNR....................................... Enabled console login................................... Enabled excessive association........................... Enabled default bridge group name....................... Enabled excessive hop count............................. Disabled excessive children.............................. Enabled sec backhaul change............................. Disabledshow traplog
To display the Cisco wireless LAN controller Simple Network Management Protocol (SNMP) trap log, use the show traplog command.
Command History
Examples
The following is a sample output of the show traplog command:
(Cisco Controller) > show traplog Number of Traps Since Last Reset........... 2447 Number of Traps Since Log Last Displayed... 2447 Log System Time Trap --- ------------------------ ------------------------------------------------- 0 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:52:62:fe detected on Base Rad io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11 b/g) with RSSI: -78 and SNR: 10 1 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:52:19:d8 detected on Base Rad io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11 b/g) with RSSI: -72 and SNR: 16 2 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:26:a1:8d detected on Base Rad io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11 b/g) with RSSI: -82 and SNR: 6 3 Thu Aug 4 19:54:14 2005 Rogue AP : 00:0b:85:14:b3:4f detected on Base Rad io MAC : 00:0b:85:18:b6:50 Interface no:1(802.11 b/g) with RSSI: -56 and SNR: 30 Would you like to display more entries? (y/n)show queue-info
To display all the message queue information pertaining to the system, use the show queue-info command.
Command History
Examples
The following is a sample output of the show queue-info command.
(Cisco Controller) > show queue-info Total message queue count = 123 Queue Name Allocated InUse MaxUsed --------------------------------------------------------------- PRINTF-Q 256 0 0 dtlqueue 4096 0 6 GRE Queue 100 0 1 dtlarpqueue 4096 0 6 NIM-Q 116 0 1 SIM-Q 116 0 6 DHCP Client Queue 8 0 0 dhcpv6ProxyMsgQueue 250 0 0 FDQ-Q 30300 0 3 dot1d_Queue 512 0 29 Garp-Q 256 0 1 dot3ad_queue 1024 0 0 DEBUG-Q 8192 0 8 LOGGER-Q 8192 0 5 TS-Q 256 0 0The following table describes the significant fields shown in the display.
Table 4 show queue-info Field Descriptions Field Description Queue Name
Name of the task message queue.
Allocated
Memory size, in bytes, of the message queue.
InUse
Queue that is currently used. A value of 0 indicates that there are no messages that have to be processed by the task.
MaxUsed
Maximum number of messages processed by the task after the controller is up.
show rfid client
To display the radio frequency identification (RFID) tags that are associated to the controller as clients, use the show rfid client command.
Examples
This example shows how to display the RFID tag that is associated to the controller as clients:
> show rfid client ------------------ -------- --------- ----------------- ------ ---------------- Heard RFID Mac VENDOR Sec Ago Associated AP Chnl Client State ------------------ -------- --------- ----------------- ------ ---------------- 00:14:7e:00:0b:b1 Pango 35 AP0019.e75c.fef4 1 Probingshow rfid config
To display the current radio frequency identification (RFID) configuration settings, use the show rfid config command.
Examples
This example shows how to display the current RFID configuration settings:
> show rfid config RFID Tag Data Collection ............................... Enabled RFID Tag Auto-Timeout .................................. Enabled RFID Client Data Collection ............................ Disabled RFID Data Timeout ...................................... 200 secondsshow rfid detail
To display detailed radio frequency identification (RFID) information for a specified tag, use the show rfid detail command.
Syntax Description
Examples
This example shows how to display detailed RFID information:
> show rfid detail 00:12:b8:00:20:52 RFID address..................................... 00:12:b8:00:20:52 Vendor........................................... G2 Last Heard....................................... 51 seconds ago Packets Received................................. 2 Bytes Received................................... 324 Cisco Type....................................... Content Header ================= Version.......................................... 0 Tx Power......................................... 12 dBm Channel.......................................... 1 Reg Class........................................ 12 Burst Length..................................... 1 CCX Payload =========== Last Sequence Control............................ 0 Payload length................................... 127 Last Sequence Control............................ 0 Payload length................................... 127 Payload Data Hex Dump 01 09 00 00 00 00 0b 85 52 52 52 02 07 4b ff ff 7f ff ff ff 03 14 00 12 7b 10 48 53 c1 f7 51 4b 50 ba 5b 97 27 80 00 67 00 01 03 05 01 42 34 00 00 03 05 02 42 5c 00 00 03 05 03 42 82 00 00 03 05 04 42 96 00 00 03 05 05 00 00 00 55 03 05 06 42 be 00 00 03 02 07 05 03 12 08 10 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 03 0d 09 03 08 05 07 a8 02 00 10 00 23 b2 4e 03 02 0a 03 Nearby AP Statistics: lap1242-2(slot 0, chan 1) 50 seconds ag.... -76 dBm lap1242(slot 0, chan 1) 50 seconds ago..... -65 dBmshow rfid summary
To display a summary of the radio frequency identification (RFID) information for a specified tag, use the show rfid summary command.
Examples
This example shows how to display a summary of RFID information:
> show rfid summary Total Number of RFID : 5 ----------------- -------- ------------------ ------ --------------------- RFID ID VENDOR Closest AP RSSI Time Since Last Heard ----------------- -------- ------------------ ------ --------------------- 00:04:f1:00:00:04 Wherenet ap:1120 -51 858 seconds ago 00:0c:cc:5c:06:d3 Aerosct ap:1120 -51 68 seconds ago 00:0c:cc:5c:08:45 Aerosct AP_1130 -54 477 seconds ago 00:0c:cc:5c:08:4b Aerosct wolverine -54 332 seconds ago 00:0c:cc:5c:08:52 Aerosct ap:1120 -51 699 seconds agoconfig Commands
This section lists the config commands that you can use to configure the controller settings, and manage user accounts.
- config 802.11h channelswitch
- config 802.11h powerconstraint
- config 802.11h setchannel
- config 802.11 11nsupport
- config 802.11 11nsupport a-mpdu tx priority
- config 802.11 11nsupport a-mpdu tx scheduler
- config 802.11 11nsupport antenna
- config 802.11 11nsupport guard-interval
- config 802.11 11nsupport mcs tx
- config 802.11 11nsupport rifs
- config 802.11 beacon period
- config 802.11 cac defaults
- config 802.11 cac video acm
- config 802.11 cac video cac-method
- config 802.11 cac video load-based
- config 802.11 cac video max-bandwidth
- config 802.11 cac media-stream
- config 802.11 cac multimedia
- config 802.11 cac video roam-bandwidth
- config 802.11 cac video sip
- config 802.11 cac video tspec-inactivity-timeout
- config 802.11 cac voice acm
- config 802.11 cac voice max-bandwidth
- config 802.11 cac voice roam-bandwidth
- config 802.11 cac voice tspec-inactivity-timeout
- config 802.11 cac voice load-based
- config 802.11 cac voice max-calls
- config 802.11 cac voice sip bandwidth
- config 802.11 cac voice sip codec
- config 802.11 cac voice stream-size
- config 802.11 disable
- config 802.11 dtpc
- config 802.11 enable
- config 802.11 exp-bwreq
- config 802.11 fragmentation
- config 802.11 l2roam rf-params
- config 802.11 max-clients
- config 802.11 multicast data-rate
- config 802.11 rate
- config 802.11 rssi-check
- config 802.11 rssi-threshold
- config 802.11 tsm
- config advanced 802.11 7920VSIEConfig
- config advanced 802.11 edca-parameters
- config advanced fastpath fastcache
- config advanced fastpath pkt-capture
- config advanced sip-preferred-call-no
- config advanced sip-snooping-ports
- config avc profile create
- config avc profile delete
- config avc profile rule
- config band-select cycle-count
- config band-select cycle-threshold
- config band-select expire
- config band-select client-rssi
- config boot
- config cdp
- config certificate
- config certificate lsc
- config certificate ssc
- config certificate use-device-certificate webadmin
- config coredump
- config coredump ftp
- config coredump username
- config custom-web ext-webauth-mode
- config custom-web ext-webauth-url
- config custom-web ext-webserver
- config custom-web logout-popup
- config custom-web radiusauth
- config custom-web redirectUrl
- config custom-web sleep-client
- config custom-web webauth-type
- config custom-web weblogo
- config custom-web webmessage
- config custom-web webtitle
- config dhcp
- config dhcp proxy
- config dhcp timeout
- config flow
- config guest-lan
- config guest-lan custom-web ext-webauth-url
- config guest-lan custom-web global disable
- config guest-lan custom-web login_page
- config guest-lan custom-web webauth-type
- config guest-lan ingress-interface
- config guest-lan interface
- config guest-lan mobility anchor
- config guest-lan nac
- config guest-lan security
- config license boot
- config load-balancing
- config location
- config logging buffered
- config logging console
- config logging debug
- config logging fileinfo
- config logging procinfo
- config logging traceinfo
- config logging syslog host
- config logging syslog facility
- config logging syslog level
- config loginsession close
- config mdns ap
- config mdns profile
- config mdns query interval
- config mdns service
- config mdns snooping
- config memory monitor errors
- config memory monitor leaks
- config mgmtuser add
- config mgmtuser delete
- config mgmtuser description
- config mgmtuser password
- config mgmtuser telnet
- config mobility group member
- config netuser add
- config netuser delete
- config netuser description
- config netuser guest-lan-id
- config netuser guest-role apply
- config netuser guest-role create
- config netuser guest-role delete
- config netuser guest-role qos data-rate average-data-rate
- config netuser guest-role qos data-rate average-realtime-rate
- config netuser guest-role qos data-rate burst-data-rate
- config netuser guest-role qos data-rate burst-realtime-rate
- config netuser lifetime
- config netuser maxUserLogin
- config netuser password
- config netuser wlan-id
- config network 802.3-bridging
- config network allow-old-bridge-aps
- config network ap-discovery
- config network ap-fallback
- config network ap-priority
- config network apple-talk
- config network arptimeout
- config network bridging-shared-secret
- config network broadcast
- config network fast-ssid-change
- config network ip-mac-binding
- config network master-base
- config network mgmt-via-wireless
- config network multicast global
- config network multicast igmp query interval
- config network multicast igmp snooping
- config network multicast igmp timeout
- config network multicast l2mcast
- config network multicast mld
- config network multicast mode multicast
- config network multicast mode unicast
- config network oeap-600 dual-rlan-ports
- config network oeap-600 local-network
- config network otap-mode
- config network rf-network-name
- config network secureweb
- config network secureweb cipher-option
- config network ssh
- config network telnet
- config network usertimeout
- config network web-auth captive-bypass
- config network web-auth cmcc-support
- config network web-auth port
- config network web-auth proxy-redirect
- config network web-auth secureweb
- config network webmode
- config network web-auth
- config network zero-config
- config nmsp notify-interval measurement
- config paging
- config passwd-cleartext
- config prompt
- config qos average-data-rate
- config qos average-realtime-rate
- config qos burst-data-rate
- config qos burst-realtime-rate
- config qos description
- config qos max-rf-usage
- config qos dot1p-tag
- config qos priority
- config qos protocol-type
- config qos queue_length
- config rfid auto-timeout
- config rfid status
- config rfid timeout
- config service timestamps
- config sessions maxsessions
- config sessions timeout
- config switchconfig boot-break
- config switchconfig fips-prerequisite
- config switchconfig strong-pwd
- config switchconfig flowcontrol
- config switchconfig mode
- config switchconfig secret-obfuscation
- config sysname
- config snmp community accessmode
- config snmp community create
- config snmp community delete
- config snmp community ipaddr
- config snmp community mode
- config snmp engineID
- config snmp syscontact
- config snmp syslocation
- config snmp trapreceiver create
- config snmp trapreceiver delete
- config snmp trapreceiver mode
- config snmp v3user create
- config snmp v3user delete
- config snmp version
- config time manual
- config time ntp
- config time timezone
- config time timezone location
- config trapflags 802.11-Security
- config trapflags aaa
- config trapflags adjchannel-rogueap
- config trapflags ap
- config trapflags authentication
- config trapflags client
- config trapflags client max-warning-threshold
- config trapflags configsave
- config trapflags IPsec
- config trapflags linkmode
- config trapflags mesh
- config trapflags multiusers
- config trapflags rfid
- config trapflags rogueap
- config trapflags rrm-params
- config trapflags rrm-profile
- config trapflags stpmode
- config trapflags strong-pwdcheck
- config trapflags wps
- save config
config 802.11h channelswitch
Syntax Description
loud Enables the 802.11h channel switch announcement in the loud mode. The 802.11h-enabled clients can send packets while switching channel.
quiet Enables 802.11h-enabled clients to stop transmitting packets immediately because the AP has detected radar and client devices should also quit transmitting to reduce interference.
Command History
config 802.11h powerconstraint
config 802.11h setchannel
config 802.11 11nsupport
config 802.11 11nsupport a-mpdu tx priority
To specify the aggregation method used for 802.11n packets, use the config 802.11 11nsupport a-mpdu tx priority command.
Syntax Description
Usage Guidelines
Aggregation is the process of grouping packet data frames together rather than transmitting them separately. Two aggregation methods are available: Aggregated MAC Protocol Data Unit (A-MPDU) and Aggregated MAC Service Data Unit (A-MSDU). A-MPDU is performed in the software whereas A-MSDU is performed in the hardware.
Aggregated MAC Protocol Data Unit priority levels assigned per traffic type are as follows:
- 1—Background
- 2—Spare
- 0—Best effort
- 3—Excellent effort
- 4—Controlled load
- 5—Video, less than 100-ms latency and jitter
- 6—Voice, less than 10-ms latency and jitter
- 7—Network control
- all—Configure all of the priority levels at once.
Note
Configure the priority levels to match the aggregation method used by the clients.
Command History
config 802.11 11nsupport a-mpdu tx scheduler
To configure the 802.11n-5 GHz A-MPDU transmit aggregation scheduler, use the config 802.11 11nsupport a-mpdu tx scheduler command.
Syntax Description
Command History
config 802.11 11nsupport antenna
To configure an access point to use a specific antenna, use the config 802.11 11nsupport antenna command.
Syntax Description
Command History
config 802.11 11nsupport guard-interval
config 802.11 11nsupport mcs tx
To specify the modulation and coding scheme (MCS) rates at which data can be transmitted between the access point and the client, use the config 802.11 11nsupport mcs tx command.
Syntax Description
Command History
config 802.11 11nsupport rifs
config 802.11 beacon period
To change the beacon period globally for an 802.11a, 802.11b, or other supported 802.11 network, use the config 802.11 beacon period command.
config 802.11{ a | b} beacon period time_units
Note
Disable the 802.11 network before using this command. See the “Usage Guidelines” section.
Syntax Description
Usage Guidelines
In Cisco wireless LAN solution 802.11 networks, all Cisco lightweight access point wireless LANs broadcast a beacon at regular intervals. This beacon notifies clients that the 802.11a service is available and allows the clients to synchronize with the lightweight access point.
Before you change the beacon period, make sure that you have disabled the 802.11 network by using the config 802.11 disable command. After changing the beacon period, enable the 802.11 network by using the config 802.11 enable command.
Command History
config 802.11 cac defaults
To configure the default Call Admission Control (CAC) parameters for the 802.11a and 802.11b/g network, use the config 802.11 cac defaults command.
Syntax Description
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable command. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
Examples
This example shows how to configure the default CAC parameters for the 802.11a network:
(Cisco Controller) > config 802.11 cac defaultsRelated Commands
show cac video stats
show cac video summary
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video sip
config 802.11 cac video roam-bandwidth
config 802.11 cac load-based
config 802.11 cac media-stream
config 802.11 cac multimedia
config 802.11 cac video cac-method
debug cac
config 802.11 cac video acm
To enable or disable video Call Admission Control (CAC) for the 802.11a or 802.11b/g network, use the config 802.11 cac video acm command.
Syntax Description
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable, or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
config 802.11 cac video cac-method
To configure the Call Admission Control (CAC) method for video applications on the 802.11a or 802.11b/g network, use the config 802.11 cac video cac-method command.
Syntax Description
static Enables the static CAC method for video applications on the 802.11a or 802.11b/g network.
Static or bandwidth-based CAC enables the client to specify how much bandwidth or shared medium time is required to accept a new video request and in turn enables the access point to determine whether it is capable of accommodating the request.
load-based Enables the load-based CAC method for video applications on the 802.11a or 802.11b/g network.
Load-based or dynamic CAC incorporates a measurement scheme that takes into account the bandwidth consumed by all traffic types from itself, from co-channel access points, and by collocated channel interference. Load-based CAC also covers the additional bandwidth consumption results from PHY and channel impairment. The access point admits a new call only if the channel has enough unused bandwidth to support that call.
Load-based CAC is not supported if SIP-CAC is enabled.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable command. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Video CAC consists of two parts: Unicast Video-CAC and MC2UC CAC. If you need only Unicast Video-CAC, you must configure only static mode. If you need only MC2UC CAC, you must configure Static or Load-based CAC. Load-based CAC is not supported if SIP-CAC is enabled.
Command History
Examples
This example shows how to enable the static CAC method for video applications on the 802.11a network:
(Cisco Controller) > config 802.11 cac video cac-method staticRelated Commands
show cac video stats
show cac video summary
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video sip
config 802.11 cac video roam-bandwidth
config 802.11 cac load-based
config 802.11 cac defaults
config 802.11 cac media-stream
config 802.11 cac multimedia
debug cac
config 802.11 cac video load-based
To enable or disable load-based Call Admission Control (CAC) for video applications on the 802.11a or 802.11b/g network, use the config 802.11 cac video load-based command.
Syntax Description
enable Enables load-based CAC for video applications on the 802.11a or 802.11b/g network.
Load-based or dynamic CAC incorporates a measurement scheme that takes into account the bandwidth consumed by all traffic types from itself, from co-channel access points, and by collocated channel interference. Load-based CAC also covers the additional bandwidth consumption results from PHY and channel impairment. The access point admits a new call only if the channel has enough unused bandwidth to support that call.
disable Disables load-based CAC method for video applications on the 802.11a or 802.11b/g network.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable command. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Video CAC consists of two parts: Unicast Video-CAC and MC2UC CAC. If you need only Unicast Video-CAC, you must configure only static mode. If you need only MC2UC CAC, you must configure Static or Load-based CAC. Load-based CAC is not supported if SIP-CAC is enabled.
Note
Load-based CAC is not supported if SIP-CAC is enabled.
Command History
Examples
This example shows how to enable load-based CAC method for video applications on the 802.11a network:
(Cisco Controller) > config 802.11 cac video load-based enableRelated Commands
show cac video stats
show cac video summary
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video sip
config 802.11 cac video roam-bandwidth
config 802.11 cac load-based
config 802.11 cac defaults
config 802.11 cac media-stream
config 802.11 cac multimedia
config 802.11 cac video cac-method
debug cac
config 802.11 cac video max-bandwidth
To set the percentage of the maximum bandwidth allocated to clients for video applications on the 802.11a or 802.11b/g network, use the config 802.11 cac video max-bandwidth command.
Syntax Description
Command Default
The default maximum bandwidth allocated to clients for video applications on the 802.11a or 802.11b/g network is 0%.
Usage Guidelines
The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. Once the client reaches the value specified, the access point rejects new calls on this network.
Note
If this parameter is set to zero (0), the controller assumes that you do not want to allocate any bandwidth and allows all bandwidth requests.
Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable, or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
config 802.11 cac media-stream
To configure media stream Call Admission Control (CAC) voice and video quality parameters for 802.11a and 802.11b networks, use the config 802.11 cac media-stream command.
config 802.11 { a | b} cac media-stream multicast-direct { max-retry-percent retry-percentage | min-client-rate dot11-rate}
Syntax Description
multicast-direct Configures CAC parameters for multicast-direct media streams.
max-retry-percent Configures the percentage of maximum retries that are allowed for multicast-direct media streams.
retry-percentage Percentage of maximum retries that are allowed for multicast-direct media streams.
min-client-rate Configures the minimum transmission data rate to the client for multicast-direct media streams.
dot11-rate Minimum transmission data rate to the client for multicast-direct media streams. Rate in kbps at which the client can operate.
If the transmission data rate is below this rate, either the video will not start or the client may be classified as a bad client. The bad client video can be demoted for better effort QoS or subject to denial. The available data rates are 6000, 9000, 12000, 18000, 24000, 36000, 48000, 54000, and 11n rates.
Command Default
The default value for the maximum retry percent is 80. If it exceeds 80, either the video will not start or the client might be classified as a bad client. The bad client video will be demoted for better effort QoS or is subject to denial.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable command. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
Examples
The following example shows how to configure the maximum retry percent for multicast-direct media streams as 90 on a 802.11a network:
(Cisco Controller) > config 802.11 cac media-stream multicast-direct max-retry-percent 90Related Commands
show cac video stats
show cac video summary
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video sip
config 802.11 cac video roam-bandwidth
config 802.11 cac load-based
config 802.11 cac defaults
config 802.11 cac multimedia
debug cac
config 802.11 cac multimedia
To configure the CAC media voice and video quality parameters for 802.11a and 802.11b networks, use the config 802.11 cac multimedia command.
Syntax Description
max-bandwidth Configures the percentage of maximum bandwidth allocated to Wi-Fi Multimedia (WMM) clients for voice and video applications on the 802.11a or 802.11b/g network.
bandwidth Percentage of the maximum bandwidth allocated to WMM clients for voice and video applications on the 802.11a or 802.11b/g network. Once the client reaches the specified value, the access point rejects new calls on this radio band. The range is from 5 to 85%.
Command Default
The default maximum bandwidth allocated to Wi-Fi Multimedia (WMM) clients for voice and video applications on the 802.11a or 802.11b/g network is 85%.
Usage Guidelines
Call Admission Control (CAC) commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable command. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
Examples
The following example shows how to configure the percentage of the maximum bandwidth allocated to WMM clients for voice and video applications on the 802.11a network:
(Cisco Controller) > config 802.11 cac multimedia max-bandwidth 80Related Commands
show cac video stats
show cac video summary
config 802.11 cac video tspec-inactivity-timeout
config 802.11 cac video max-bandwidth
config 802.11 cac video acm
config 802.11 cac video sip
config 802.11 cac video roam-bandwidth
config 802.11 cac load-based
config 802.11 cac defaults
debug cac
config 802.11 cac video roam-bandwidth
To configure the percentage of the maximum allocated bandwidth reserved for roaming video clients on the 802.11a or 802.11b/g network, use the config 802.11 cac video roam-bandwidth command.
Syntax Description
Command Default
The maximum allocated bandwidth reserved for roaming video clients on the 802.11a or 802.11b/g network is 0%.
Usage Guidelines
The controller reserves the specified bandwidth from the maximum allocated bandwidth for roaming video clients.
Note
If this parameter is set to zero (0), the controller assumes that you do not want to do any bandwidth allocation and, therefore, allows all bandwidth requests.
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11 {a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11 {a | b} cac voice acm enable or config 802.11 {a | b} cac video acm enable command. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
config 802.11 cac video sip
To enable or disable video Call Admission Control (CAC) for nontraffic specifications (TSPEC) SIP clients using video applications on the 802.11a or 802.11b/g network, use the config 802.11 cac video sip command.
Syntax Description
enable Enables video CAC for non-TSPEC SIP clients using video applications on the 802.11a or 802.11b/g network.
When you enable video CAC for non-TSPEC SIP clients, you can use applications like Facetime and CIUS video calls.
disable Disables video CAC for non-TSPEC SIP clients using video applications on the 802.11a or 802.11b/g network.
Usage Guidelines
CAC commands for video applications on the 802.11a or 802.11b/g network require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Gold.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11 {a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable command. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
- Enable call snooping on the WLAN on which the SIP client is present by entering the config wlan call-snoop enable wlan_id command.
config 802.11 cac video tspec-inactivity-timeout
To process or ignore the Call Admission Control (CAC) Wi-Fi Multimedia (WMM) traffic specifications (TSPEC) inactivity timeout received from an access point, use the config 802.11 cac video tspec-inactivity-timeout command.
Syntax Description
Command Default
The default CAC WMM TSPEC inactivity timeout received from an access point is disabled (ignore).
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to process the response to TSPEC inactivity timeout messages received from an access point:
(Cisco Controller) > config 802.11a cac video tspec-inactivity-timeout enableThis example shows how to ignore the response to TSPEC inactivity timeout messages received from an access point:
(Cisco Controller) > config 802.11a cac video tspec-inactivity-timeout ignoreconfig 802.11 cac voice acm
To enable or disable bandwidth-based voice Call Admission Control (CAC) for the 802.11a or 802.11b/g network, use the config 802.11 cac voice acm command.
Syntax Description
Command Default
The default bandwidth-based voice CAC for the 802.11a or 802.11b/g network id disabled.
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
config 802.11 cac voice max-bandwidth
To set the percentage of the maximum bandwidth allocated to clients for voice applications on the 802.11a or 802.11b/g network, use the config 802.11 cac voice max-bandwidth command.
Syntax Description
Command Default
The default maximum bandwidth allocated to clients for voice applications on the 802.11a or 802.11b/g network is 0%.
Usage Guidelines
The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. Once the client reaches the value specified, the access point rejects new calls on this network.
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
config 802.11 cac voice roam-bandwidth
To configure the percentage of the Call Admission Control (CAC) maximum allocated bandwidth reserved for roaming voice clients on the 802.11a or 802.11b/g network, use the config 802.11 cac voice roam-bandwidth command.
Syntax Description
Command Default
The default CAC maximum allocated bandwidth reserved for roaming voice clients on the 802.11a or 802.11b/g network is 85%.
Usage Guidelines
The maximum radio frequency (RF) bandwidth cannot exceed 85% for voice and video. The controller reserves the specified bandwidth from the maximum allocated bandwidth for roaming voice clients.
Note
If this parameter is set to zero (0), the controller assumes you do not want to allocate any bandwidth and therefore allows all bandwidth requests.
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
config 802.11 cac voice tspec-inactivity-timeout
To process or ignore the Wi-Fi Multimedia (WMM) traffic specifications (TSPEC) inactivity timeout received from an access point, use the config 802.11 cac voice tspec-inactivity-timeout command.
Syntax Description
Command Default
The default WMM TSPEC inactivity timeout received from an access point is disabled (ignore).
Usage Guidelines
Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
config 802.11 cac voice load-based
To enable or disable load-based Call Admission Control (CAC) for the 802.11a or 802.11b/g network, use the config 802.11 cac voice load-based command.
Syntax Description
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
config 802.11 cac voice max-calls
Note
Do not use the config 802.11 cac voice max-calls command if the SIP call snooping feature is disabled and if the SIP based Call Admission Control (CAC) requirements are not met.
To configure the maximum number of voice call supported by the radio, use the config 802.11 cac voice max-calls command.
Syntax Description
Command Default
The default maximum number of voice call supported by the radio is 0, which means that there is no maximum limit check for the number of calls.
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
config 802.11 cac voice sip bandwidth
Note
SIP bandwidth and sample intervals are used to compute per call bandwidth for the SIP-based Call Admission Control (CAC).
To configure the bandwidth that is required per call for the 802.11a or 802.11b/g network, use the config 802.11 cac voice sip bandwidth command.
Syntax Description
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
config 802.11 cac voice sip codec
To configure the Call Admission Control (CAC) codec name and sample interval as parameters and to calculate the required bandwidth per call for the 802.11a or 802.11b/g network, use the config 802.11 cac voice sip codec command.
Syntax Description
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
Examples
The following example shows how to configure the codec name and sample interval as parameters for SIP G711 codec:
(Cisco Controller) > config 802.11a cac voice sip codec g711 sample-interval 40This example shows how to configure the codec name and sample interval as parameters for SIP G729 codec:
(Cisco Controller) > config 802.11a cac voice sip codec g729 sample-interval 40config 802.11 cac voice stream-size
To configure the number of aggregated voice Wi-Fi Multimedia (WMM) traffic specification (TSPEC) streams at a specified data rate for the 802.11a or 802.11b/g network, use the config 802.11 cac voice stream-size command.
config 802.11{ a | b} cac voice stream-size stream_size number mean_datarate max-streams mean_datarate
Syntax Description
Usage Guidelines
Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
config 802.11 disable
config 802.11 dtpc
config 802.11 enable
To enable radio transmission for an entire 802.11 network or for an individual Cisco radio, use the config 802.11 enable command.
Syntax Description
Usage Guidelines
Use this command with the config 802.11 disable command when configuring 802.11 settings.
This command can be used any time that the CLI interface is active.
Command History
config 802.11 exp-bwreq
To enable or disable the Cisco Client eXtension (CCX) version 5 expedited bandwidth request feature for an 802.11 radio, use the config 802.11 exp-bwreq command.
Syntax Description
Usage Guidelines
When this command is enabled, the controller configures all joining access points for this feature.
Command History
Examples
The following example shows how to enable the CCX expedited bandwidth settings:
(Cisco Controller) > config 802.11a exp-bwreq enable Cannot change Exp Bw Req mode while 802.11a network is operational.The following example shows how to disable the CCX expedited bandwidth settings:
(Cisco Controller) > config 802.11a exp-bwreq disableconfig 802.11 fragmentation
To configure the fragmentation threshold on an 802.11 network, use the config 802.11 fragmentation command.
config 802.11{ a | b} fragmentation threshold
Note
This command can only be used when the network is disabled using the config 802.11 disable command.
Syntax Description
Command History
config 802.11 l2roam rf-params
To configure 802.11a or 802.11b/g Layer 2 client roaming parameters, use the config 802.11 l2roam rf-params command.
config 802.11{ a | b} l2roam rf-params { default | custom min_rssi roam_hyst scan_thresh trans_time}
Syntax Description
Command Default
The default minimum RSSI is -85 dBm. The default signal strength of a neighboring access point is 2 dB. The default scan threshold value is -72 dBm. The default time allowed for the client to detect a suitable neighboring access point to roam to and to complete the roam is 5 seconds.Usage Guidelines
For high-speed client roaming applications in outdoor mesh environments, we recommend that you set the trans_time to 1 second.
Command History
config 802.11 max-clients
To configure the maximum number of clients per access point, use the config 802.11 max-clients command.
Syntax Description
Configures the maximum number of client connections per access point.
max-clients
Maximum number of client connections per access point. The range is from 1 to 200.
Command History
config 802.11 multicast data-rate
Syntax Description
Minimum multicast data rates. The options are 6, 9, 12, 18, 24, 36, 48, 54. Enter 0 to specify that APs will dynamically adjust the number of the buffer allocated for multicast.
Command Default
The default is 0 where the configuration is disabled and the multicast rate is the lowest mandatory data rate and unicast client data rate.
Usage Guidelines
When you configure the data rate without the AP name or default keyword, you globally reset all the APs to the new value and update the controller global default with this new data rate value. If you configure the data rate with default keyword, you only update the controller global default value and do not reset the value of the APs that are already joined to the controller. The APs that join the controller after the new data rate value is set receives the new data rate value.
Command History
config 802.11 rate
To set mandatory and supported operational data rates for an 802.11 network, use the config 802.11 rate command.
Syntax Description
Specifies that a client supports the data rate in order to use the network.
Specifies to allow any associated client that supports the data rate to use the network.
Usage Guidelines
The data rates set with this command are negotiated between the client and the Cisco wireless LAN controller. If the data rate is set to mandatory, the client must support it in order to use the network. If a data rate is set as supported by the Cisco wireless LAN controller, any associated client that also supports that rate may communicate with the Cisco lightweight access point using that rate. It is not required that a client is able to use all the rates marked supported in order to associate.
Command History
config 802.11 rssi-check
config 802.11 rssi-threshold
config 802.11 tsm
To enable or disable the video Traffic Stream Metric (TSM) option for the 802.11a or 802.11b/g network, use the config 802.11 tsm command.
Syntax Description
Command History
config advanced 802.11 7920VSIEConfig
To configure the Cisco unified wireless IP phone 7920 VISE parameters, use the config advanced 802.11 7920VSIEConfig command.
config advanced 802.11{ a | b} 7920VSIEConfig { call-admission-limit limit | G711-CU-Quantum quantum}
Syntax Description
Configures the value supplied by the infrastructure indicating the current number of channel utilization units that would be used by a single G.711-20ms call.
Call admission limit (from 0 to 255). The default value is 105.
Command History
config advanced 802.11 edca-parameters
To enable a specific enhanced distributed channel access (EDCA) profile on the 802.11a network, use the config advanced 802.11 edca-parameters command.
config advanced 802.11{ a | b} edca-parameters { wmm-default | svp-voice | optimized-voice | optimized-video-voice | custom-voice}
Syntax Description
Enables the Wi-Fi Multimedia (WMM) default parameters. Choose this option when voice or video services are not deployed on your network.
Enables Spectralink voice priority parameters. Choose this option if Spectralink phones are deployed on your network to improve the quality of calls.
Enables EDCA voice-optimized profile parameters. Choose this option when voice services other than Spectralink are deployed on your network.
Enables EDCA voice- and video-optimized profile parameters. Choose this option when both voice and video services are deployed on your network.
Note If you deploy video services, admission control (ACM) must be disabled.
Enables custom voice EDCA parameters for 802.11a. The EDCA parameters under this option also match the 6.0 WMM EDCA parameters when this profile is applied.
Command History
config advanced fastpath fastcache
config advanced fastpath pkt-capture
config advanced sip-preferred-call-no
Syntax Description
Usage Guidelines
Before you configure voice prioritization, you must complete the following prerequisites:
- Set the voice to the platinum QoS level by entering the config wlan qos wlan-id platinum command.
- Enable the admission control (ACM) to this radio by entering the config 802.11 {a | b} cac {voice | video} acm enable command.
- Enable the call-snooping feature for a particular WLAN by entering the config wlan call-snoop enable wlan-id command. To view statistics about preferred calls, enter the show ap stats {802.11{a | b} | wlan} cisco_ap command.
Command History
config advanced sip-snooping-ports
Syntax Description
start_port Starting port for call snooping. The range is from 0 to 65535.
end_port Ending port for call snooping. The range is from 0 to 65535.
Usage Guidelines
If you need only a single port for call snooping, configure the start and end port with the same number.
The port used by the CIUS tablet is 5060 and the port range used by Facetime is from 16384 to16402.
Command History
config avc profile create
To create a new Application Visibility and Control (AVC) profile, use the config avc profile create command.
Syntax Description
profile_name Name of the AVC profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.
create Creates a new AVC profile.
Command History
Usage Guidelines
You can configure up to 16 AVC profiles on a controller and associate an AVC profile with multiple WLANs. You can configure only one AVC profile per WLAN and each AVC profile can have up to 32 rules. Each rule states a Mark or Drop action for an application, which allows you to configure up to 32 application actions per WLAN.
config avc profile delete
config avc profile rule
To configure a rule for an Application Visibility and Control (AVC) profile, use the config avc profile rule command.
config avc profile profile_name rule { add | remove} application application_name { drop | mark dscp}
Syntax Description
profile_name Name of the AVC profile.
rule Configures a rule for the AVC profile.
add Creates a rule for the AVC profile.
remove Deletes a rule for the AVC profile.
application Specifies the application that has to be dropped or marked.
application_name Name of the application. The application name can be up to 32 case-sensitive, alphanumeric characters.
drop Drops the upstream and downstream packets that correspond to the chosen application.
mark Marks the upstream and downstream packets that correspond to the chosen application with the Differentiated Services Code Point (DSCP) value that you specify in the drop-down list. The DSCP value helps you provide differentiated services based on the QoS levels.
dscp Packet header code that is used to define the QoS across the Internet. The range is from 0 to 63.
Command History
config band-select cycle-count
config band-select cycle-threshold
To set the time threshold for a new scanning cycle, use the config band-select cycle-threshold command.
Syntax Description
Command History
config band-select expire
config band-select client-rssi
To set the client received signal strength indicator (RSSI) threshold for band select, use the config band-select client-rssi command.
Syntax Description
Command History
config boot
Syntax Description
Command History
Usage Guidelines
Each Cisco wireless LAN controller can boot off the primary, last-loaded operating system image (OS) or boot off the backup, earlier-loaded OS image.
Examples
The following example shows how to set the primary image as active so that the LAN controller can boot off the primary, last loaded image:
(Cisco Controller) > config boot primaryThe following example shows how to set the backup image as active so that the LAN controller can boot off the backup, earlier loaded OS image:
(Cisco Controller) > config boot backupconfig cdp
config cdp { enable | disable | advertise-v2 { enable | disable} | timerseconds | holdtime holdtime_interval}
Syntax Description
enable
Enables CDP on the controller.
disable
Disables CDP on the controller.
advertise-v2
Configures CDP version 2 advertisements.
timer
Configures the interval at which CDP messages are to be generated.
seconds
Time interval at which CDP messages are to be generated. The range is from 5 to 254 seconds.
Configures the amount of time to be advertised as the time-to-live value in generated CDP packets.
holdtime_interval
Maximum hold timer value. The range is from 10 to 255 seconds.
Command Default
The default value for CDP timer is 60 seconds.
The default value for CDP holdtime is 180 seconds.
Command History
config certificate
Syntax Description
Command History
Examples
The following example shows how to generate a new web administration SSL certificate:
(Cisco Controller) > config certificate generate webadmin Creating a certificate may take some time. Do you wish to continue? (y/n)The following example shows how to configure the compatibility mode for inter-Cisco wireless LAN controller IPsec settings:
(Cisco Controller) > config certificate compatibilityconfig certificate lsc
To configure Locally Significant Certificate (LSC) certificates, use the config certificate lsc command.
config certificate lsc { enable | disable | ca-server http://url:port/path | ca-cert { add | delete} | subject-params country state city orgn dept email | other-params keysize} | ap-provision { auth-list { add | delete} ap_mac | revert-cert retries}
Syntax Description
Obtains a CA certificate from the CA server and adds it to the controller’s certificate database.
Deletes a CA certificate from the controller’s certificate database.
Country, state, city, organization, department, and email of the certificate authority.
Note The common name (CN) is generated automatically on the access point using the current MIC/SSC format Cxxxx-MacAddr, where xxxx is the product number.
Value from 384 to 2048 (in bits); the default value is 2048.
MAC address of access point to be added or deleted from the provision list.
Specifies the number of times the access point attempts to join the controller using an LSC before reverting to the default certificate.
Value from 0 to 255; the default value is 3.
Note If you set the number of retries to 0 and the access point fails to join the controller using an LSC, the access point does not attempt to join the controller using the default certificate. If you are configuring LSC for the first time, we recommend that you configure a nonzero value.
Command History
Usage Guidelines
You can configure only one CA server. To configure a different CA server, delete the configured CA server by using the config certificate lsc ca-server delete command, and then configure a different CA server.
If you configure an access point provision list, only the access points in the provision list are provisioned when you enable AP provisioning (in Step 8). If you do not configure an access point provision list, all access points with an MIC or SSC certificate that join the controller are LSC provisioned.
Examples
The following example shows how to enable the LSC settings:
(Cisco Controller) >config certificate lsc enableThis example shows how to enable the LSC settings for Certificate Authority (CA) server settings:
(Cisco Controller) >config certificate lsc ca-server http://10.0.0.1:8080/caserverThe following example shows how to add a CA certificate from the CA server and add it to the controller’s certificate database:
(Cisco Controller) >config certificate lsc ca-cert addThe following example shows how to configure an LSC certificate with the keysize of 2048 bits:
(Cisco Controller) >config certificate lsc keysize 2048config certificate ssc
Syntax Description
hash Configures the SSC hash key.
validation Configures hash validation of the SSC certificate.
enable Enables hash validation of the SSC certificate.
disable Disables hash validation of the SSC certificate.
Command History
Usage Guidelines
When you enable the SSC hash validation, an AP validates the SSC certificate of the virtual controller. When an AP validates the SSC certificate, it checks if the hash key of the virtual controller matches the hash key stored in its flash. If a match is found, the validation passes and the AP moves to the Run state. If a match is not found, the validation fails and the AP disconnects from the controller and restarts the discovery process. By default, hash validation is enabled. Hence, an AP must have the virtual controller hash key in its flash before associating with the virtual controller. If you disable hash validation of the SSC certificate, the AP bypasses the hash validation and directly moves to the Run state.
APs can associate with a physical controller, download the hash keys and then associate with a virtual controller. If the AP is associated to a physical controller and if hash validation is disabled, it joins any virtual controller without hash validation.
config certificate use-device-certificate webadmin
To use a device certificate for web administration, use the config certificate use-device-certificate webadmin command.
Command History
Examples
The following example shows how to use a device certificate for web administration:
(Cisco Controller) > config certificate use-device-certificate webadmin Use device certificate for web administration. Do you wish to continue? (y/n) y Using device certificate for web administration. Save configuration and restart controller to use new certificate.config coredump
To enable or disable the controller to generate a core dump file following a crash, use the config cordump command.
Syntax Description
Command History
config coredump ftp
To automatically upload a controller core dump file to an FTP server after experiencing a crash, use the config coredump ftp command.
Syntax Description
Command History
config coredump username
To specify the FTP server username and password when uploading a controller core dump file after experiencing a crash, use the config coredump username command.
Syntax Description
Command History
config custom-web ext-webauth-mode
To configure external URL web-based client authorization for the custom-web authentication page, use the config custom-web ext-webauth-mode command.
Syntax Description
Command History
config custom-web ext-webauth-url
To configure the complete external web authentication URL for the custom-web authentication page, use the config custom-web ext-webauth-url command.
Syntax Description
Command History
config custom-web ext-webserver
Syntax Description
Index of the external web server in the list of external web server. The index must be a number between 1 and 20.
Command History
config custom-web logout-popup
To enable or disable the custom web authentication logout popup, use the config custom-web logout-popup command.
Syntax Description
enable Enables the custom web authentication logout popup. This page appears after a successful login or a redirect of the custom web authentication page.
disable Disables the custom web authentication logout popup.
Command History
config custom-web radiusauth
Syntax Description
chap Configures the RADIUS web authentication method as Challenge Handshake Authentication Protocol (CHAP).
md5chap Configures the RADIUS web authentication method as Message Digest 5 CHAP (MD5-CHAP).
pap Configures the RADIUS web authentication method as Password Authentication Protocol (PAP).
Command History
config custom-web redirectUrl
To configure the redirect URL for the custom-web authentication page, use the config custom-web redirectUrl command.
Syntax Description
Command History
config custom-web sleep-client
config custom-web webauth-type
config custom-web weblogo
config custom-web webmessage
To configure the custom web authentication message text for the custom-web authentication page, use the config custom-web webmessage command.
Syntax Description
Command History
config custom-web webtitle
To configure the web authentication title text for the custom-web authentication page, use the config custom-web webtitle command.
Syntax Description
Command History
config dhcp
config dhcp { address-pool scope start end | create-scope scope | default-router scope router_1 [ router_2] [ router_3] | delete-scope scope | disable scope | dns-servers scope dns1 [ dns2] [ dns3] | domain scope domain | enable scope | lease scope lease_duration | netbios-name-server scope wins1 [ wins2] [ wins3] | networkscope network netmask}
config dhcpopt-82 remote-id { ap_mac | ap_mac:ssid | ap-ethmac | apname:ssid | ap-group-name | flex-group-name | ap-location | apmac-vlan_id | apname-vlan_id | ap-ethmac-ssid }
Syntax Description
Configures an address range to allocate. You must specify the scope name and the first and last addresses of the address range.
Configures the default routers for the specified scope and specify the IP address of a router. Optionally, you can specify the IP addresses of secondary and tertiary routers.
Configures the name servers for the given scope. You must also specify at least one name server. Optionally, you can specify secondary and tertiary name servers.
Configures the DNS domain name. You must specify the scope and domain names.
Configures the lease duration (in seconds) for the specified scope.
Configures the netbios name servers. You must specify the scope name and the IP address of a name server. Optionally, you can specify the IP addresses of secondary and tertiary name servers.
Configures the network and netmask. You must specify the scope name, the network address, and the network mask.
Configures the DHCP option 82 remote ID field format.
DHCP option 82 provides additional security when DHCP is used to allocate network addresses. The controller acts as a DHCP relay agent to prevent DHCP client requests from untrusted sources. The controller adds option 82 information to DHCP requests from clients before forwarding the requests to the DHCP server.
MAC address of the access point to the DHCP option 82 payload.
MAC address and SSID of the access point to the DHCP option 82 payload.
apname:ssid
Remote ID format as AP name:SSID.
ap-group-name
Remote ID format as AP group name.
flex-group-name
Remote ID format as FlexConnect group name .
ap-location
Remote ID format as AP location.
apmac-vlan_id
Remote ID format as AP radio MAC address:VLAN_ID.
apname-vlan_id
Remote ID format as AP Name:VLAN_ID.
ap-ethmac-ssid
Remote ID format as AP Ethernet MAC:SSID address.
Command Default
The default value for ap-group-name is default-group, and for ap-location, the default value is default location.
If ap-group-name and flex-group-name are null, the system MAC is sent as the remote ID field.
Command History
config dhcp proxy
Syntax Description
Allows the controller to modify the DHCP packets without a limit.
Reduces the DHCP packet modification to the level of a relay.
Command History
config flow
Syntax Description
add Associates a NetFlow monitor with an exporter, or a NetFlow record with a NetFlow monitor.
delete Dissociates a NetFlow monitor from an exporter, or a NetFlow record from a NetFlow monitor.
monitor Configures a NetFlow monitor.
monitor_name Name of the NetFlow monitor. The monitor name can be up to 32 case-sensitive, alphanumeric characters. You cannot include spaces for a monitor name.
exporter Configures a NetFlow exporter.
exporter_name Name of the NetFlow exporter. The exporter name can be up to 32 case-sensitive, alphanumeric characters. You cannot include spaces for an exporter name.
record Associates a NetFlow record to the NetFlow monitor.
record_name Name of the IPv4 NetFlow record of the client application.
Command History
Usage Guidelines
An exporter is a network entity that exports the template with the IP traffic information. The controller acts as an exporter. A NetFlow record in the controller contains the information about the traffic in a given flow such as client MAC address, client source IP address, WLAN ID, incoming and outgoing bytes of data, incoming and outgoing packets, incoming and outgoing DSCP.
config guest-lan
config guest-lan custom-web ext-webauth-url
To redirect guest users to an external server before accessing the web login page, use the config guest-lan custom-web ext-webauth-url command.
Syntax Description
Command History
config guest-lan custom-web global disable
To use a guest-LAN specific custom web configuration rather than a global custom web configuration, use the config guest-lan custom-web global disable command.
Syntax Description
Command History
Usage Guidelines
If you enter the config guest-lan custom-web global enable guest_lan_id command, the custom web authentication configuration at the global level is used.
config guest-lan custom-web login_page
To enable wired guest users to log into a customized web login page, use the config guest-lan custom-web login_page command.
Syntax Description
Command History
config guest-lan custom-web webauth-type
To define the web login page for wired guest users, use the config guest-lan custom-web webauth-type command.
Syntax Description
Displays the default web login page for the controller. This is the default value.
Displays the custom web login page that was previously configured.
Command History
config guest-lan ingress-interface
To configure the wired guest VLAN’s ingress interface that provides a path between the wired guest client and the controller through the Layer 2 access switch, use the config guest-lan ingress-interface command.
Syntax Description
Command History
config guest-lan interface
To configure an egress interface to transmit wired guest traffic out of the controller, use the config guest-lan interface command.
Syntax Description
Command History
config guest-lan mobility anchor
Syntax Description
Command History
Examples
The following example shows how to delete a mobility anchor for WAN ID 4 and the anchor IP 192.168.0.14:
(Cisco Controller) > config guest-lan mobility anchor delete 4 192.168.0.14Related Commands
config mobility group domain
config mobility group keepalive count
config mobility group keepalive interval
config mobility group member
config mobility group multicast-address
config mobility multicast-mode
config mobility secure-mode
config wlan mobility anchor
debug mobility
show mobility anchor
show mobility statistics
show mobility summary
config guest-lan nac
To enable or disable Network Admission Control (NAC) out-of-band support for a guest LAN, use the config guest-lan nac command:
Syntax Description
Command History
config guest-lan security
To configure the security policy for the wired guest LAN, use the config guest-lan security command.
config guest-lan security { web-auth { enable | disable | acl | server-precedence} guest_lan_id | web-passthrough { acl | email-input | disable | enable} guest_lan_id}
Syntax Description
Configures the authentication server precedence order for web authentication users.
Specifies the web captive portal with no authentication required.
Command History
config license boot
To specify the license level to be used on the next reboot of the Cisco 5500 Series Controller, use the config license boot command.
Syntax Description
Command History
Usage Guidelines
If you enter auto, the licensing software automatically chooses the license level to use on the next reboot. It generally chooses permanent licenses over evaluation licenses and wplus licenses over base licenses.
Note
If you are considering upgrading from a base license to a wplus license, you can try an evaluation wplus license before upgrading to a permanent wplus license. To activate the evaluation license, you need to set the image level to wplus in order for the controller to use the wplus evaluation license instead of the base permanent license.
Note
To prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the controller defaults to the same feature set level as the expired evaluation license. If no permanent license at the same feature set level is installed, the controller uses a permanent license at another level or an unexpired evaluation license.
config load-balancing
To globally configure aggressive load balancing on the controller, use the config load-balancing command.
Syntax Description
Aggressive load balancing client window with the number of clients from 1 to 20.
Specifies the number of association denials during load balancing.
Maximum number of association denials during load balancing. from 0 to 10.
uplink-threshold
Specifies the threshold traffic for an access point to deny new associations.
traffic_threshold
Threshold traffic for an access point to deny new associations. This value is a percentage of the WAN utilization measured over a 90 second interval. For example, the default threshold value of 50 triggers the load balancing upon detecting an utilization of 50% or more on an access point WAN interface.
Command History
Usage Guidelines
Load-balancing-enabled WLANs do not support time-sensitive applications like voice and video because of roaming delays.
When you use Cisco 7921 and 7920 Wireless IP Phones with controllers, make sure that aggressive load balancing is disabled on the voice WLANs for each controller. Otherwise, the initial roam attempt by the phone might fail, causing a disruption in the audio path.
Clients can only be load balanced across access points joined to the same controller. The WAN utilization is calculated as a percentage using the following formula: (Transmitted Data Rate (per second) + Received Data Rate (per second))/(1000Mbps TX + 1000Mbps RX) * 100config location
config location { add location [ description] | delete location | enable | disable | description location description | algorithm { simple | rssi-average} | { rssi-half-life | expiry} [ client | calibrating-client | tags | rogue-aps] seconds | notify-threshold [ client | tags | rogue-aps] threshold | interface-mapping { add | delete} location wlan_id interface_name | plm { client { enable | disable} burst_interval | calibrating { enable | disable} { uniband | multiband}}}
Syntax Description
Element description. Optional with the add command, and required with the description command.
Note We recommend that you do not use or modify the config location algorithm command. It is set to optimal default values.
Configures the algorithm used to average RSSI and SNR values.
Specifies a faster algorithm that requires low CPU overhead but provides less accuracy.
Specifies a more accurate algorithm but requires more CPU overhead.
Note We recommend that you do not use or modify the config location rssi-half-life command. It is set to optimal default values.
Note We recommend that you do not use or modify the config location expiry command. It is set to optimal default values.
(Optional) Specifies the parameter applies to client devices.
(Optional) Specifies the parameter is used for calibrating client devices.
(Optional) Specifies the parameter applies to radio frequency identification (RFID) tags.
(Optional) Specifies the parameter applies to rogue access points.
Time value (0, 1, 2, 5, 10, 20, 30, 60, 90, 120, 180, 300 seconds).
Note We recommend that you do not use or modify the config location notify-threshold command. It is set to optimal default values.
Specifies the NMSP notification threshold for RSSI measurements.
Threshold parameter. The range is 0 to 10 dB, and the default value is 0 dB.
Adds or deletes a new location, wireless LAN, or interface mapping element.
Specifies the path loss measurement (S60) request for normal clients or calibrating clients.
Burst interval. The range is from 1 to 3600 seconds, and the default value is 60 seconds.
Specifies the associated 802.11a or 802.11b/g radio (uniband).
Command Default
See the “Syntax Description” section for default values of individual arguments and keywords.
Command History
config logging buffered
To set the severity level for logging messages to the controller buffer, use the config logging buffered command.
Syntax Description
Command History
config logging console
To set the severity level for logging messages to the controller console, use the config logging console command.
Syntax Description
Command History
config logging debug
To save debug messages to the controller buffer, the controller console, or a syslog server, use the config logging debug command.
Syntax Description
Command Default
The console command is enabled and the buffered and syslog commands are disabled by default.
Command History
config logging fileinfo
To cause the controller to include information about the source file in the message logs or to prevent the controller from displaying this information, use the config logging fileinfo command.
Syntax Description
Includes information about the source file in the message logs.
Prevents the controller from displaying information about the source file in the message logs.
Command History
config logging procinfo
To cause the controller to include process information in the message logs or to prevent the controller from displaying this information, use the config logging procinfo command.
Syntax Description
Command History
config logging traceinfo
To cause the controller to include traceback information in the message logs or to prevent the controller from displaying this information, use the config logging traceinfo command.
Syntax Description
Command History
config logging syslog host
Syntax Description
Command History
Usage Guidelines
To remove a remote host that was configured for sending syslog messages, enter the config logging syslog host host_IP_address delete command.
config logging syslog facility
To set the facility for outgoing syslog messages to the remote host, use the config logging syslog facility command.
Syntax Description
Facility code. Choose one of the following:
- authorization—Authorization system. Facility level—4.
- auth-private—Authorization system (private). Facility level—10.
- cron—Cron/at facility. Facility level—9.
- daemon—System daemons. Facility level—3.
- ftp—FTP daemon. Facility level—11.
- kern—Kernel. Facility level—0.
- local0—Local use. Facility level—16.
- local1—Local use. Facility level—17.
- local2—Local use. Facility level—18.
- local3—Local use. Facility level—19.
- local4—Local use. Facility level—20.
- local5—Local use. Facility level—21.
- local6—Local use. Facility level—22.
- local7—Local use. Facility level—23.
- lpr—Line printer system. Facility level—6.
- mail—Mail system. Facility level—2.
- news—USENET news. Facility level—7.
- sys12—System use. Facility level—12.
- sys13—System use. Facility level—13.
- sys14—System use. Facility level—14.
- sys15—System use. Facility level—15.
- syslog—The syslog itself. Facility level—5.
- user—User process. Facility level—1.
- uucp—UNIX-to-UNIX copy system. Facility level—8.
Command History
config logging syslog level
To set the severity level for filtering syslog messages to the remote host, use the config logging syslog level command.
Syntax Description
Command History
config loginsession close
config mdns ap
To configure multicast Domain Name System (mDNS) snooping on an access point, use the config mdns ap command.
config mdns ap { enable { ap_name | all} [ vlan vlan_id] | disable { ap_name | all} | vlan { add | delete} vlan ap_name}
Syntax Description
enable Enables mDNS snooping on an access point.
ap_name Name of the access point on which mDNS snooping has to be configured.
all Configures mDNS snooping on all access points.
vlan (Optional) Configures the VLAN on which the access point snoops and forwards the mDNS packets.
vlan_id VLAN identifier.
disable Disables mDNS snooping on an access point.
add Adds a VLAN from which the access point snoops and forwards the mDNS packets to the Cisco Wireless LAN Controller (WLC). You can configure up to 10 VLANs for an mDNS access point.
delete Deletes a VLAN from which the access point snoops and forwards the mDNS packets to the Cisco WLC.
Command History
Usage Guidelines
Enabling mDNS snooping on access points allows the access points to snoop the wired services on VLANs that are invisible to the Cisco WLC. mDNS snooping is supported only on local-mode and monitor-mode access points. The access point must be in the access mode or trunk mode. If the access point is in the trunk mode, you must configure the VLAN on the Cisco WLC on which the access point snoops and forwards the mDNS packets. You must also configure the native VLAN from the Cisco WLC for the access point to snoop and send mDNS queries on. The access point also tags the packets with the native VLAN.
Global mDNS snooping overrides mDNS access point snooping.
config mdns profile
To configure a multicast DNS (mDNS) profile and associate a service with the profile, use the config mdns profile command.
Syntax Description
create Creates an mDNS profile.
delete Deletes an mDNS profile. If the profile is associated to an interface group, an interface, or a WLAN, an error appears.
service Configures an mDNS service.
add Adds an mDNS service to an mDNS profile.
delete Deletes an mDNS service from an mDNS profile.
service -name Name of the mDNS service.
profile_name Name of the mDNS profile. You can create a maximum of 16 profiles.
Command Default
By default, the controller has an mDNS profile, default-mdns-profile. You cannot delete this default profile.
Command History
Usage Guidelines
After creating a new profile, you must map the profile to an interface group, an interface, or a WLAN. Clients receive service advertisements only for the services associated with the profile. The controller gives the highest priority to the profiles associated to interface groups, followed by the interface profiles, and then the WLAN profiles. Each client is mapped to a profile based on the order of priority.
By default, the controller has an mDNS profile, default-mdns-profile. You cannot delete this default profile.
Examples
The following example shows how to add the Apple TV mDNS service to the mDNS profile1.
(Cisco Controller) > config mdns profile create profile1 Apple TVconfig mdns query interval
To configure the query interval for multicast DNS (mDNS) services, use the config mdns query interval command.
Syntax Description
interval_value mDNS query interval, in minutes, that you can set. The query interval is the frequency at which the controller sends periodic queries to all the services defined in the Master Services database. The range is from 10 to 120.
Command History
Usage Guidelines
The controller snoops and learns about the mDNS service advertisements only if the service is available in the Master Services database. mDNS uses the multicast IP address 224.0.0.251 as the destination address and 5353 as UDP destination port.
config mdns service
To configure multicast DNS (mDNS) services in the master services database, use the config mdns service command.
The following command is valid in Release 7.5 and later releases:
config mdns service { create service_name service_string origin { Wireless | Wired | All} lss { enable | disable} [ query { enable | disable}] | lss { enable | disable} { service_name | all} | priority-mac { add | delete} priority-mac service_name [ ap-group ap-group-name] | origin { Wireless | Wired | All} { service_name | all}}
Syntax Description
create Adds a new mDNS service to the Master Services database.
service_name Name of the mDNS service, for example, Air Tunes, iTunes Music Sharing, FTP, Apple File Sharing Protocol (AFP).
service_string Unique string associated to an mDNS service, for example, _airplay._tcp.local. is the service string associated with Apple TV.
delete
Note You must delete the service from all profiles before deleting it. query Configures the query status for the mDNS service.
enable Enables periodic query for an mDNS service by the controller.
disable Disables periodic query for an mDNS service by the controller.
origin Configures the origin of the mDNS service. You can restrict the origin of the service as wired or wireless.
Wireless Configures the origin of the mDNS service as wireless.
Wired Configures the origin of the mDNS service as wired.
All Configures the origin of the mDNS service as wireless or wired.
lss Configures Location Specific Services (LSS) for a service or all mDNS services. LSS is not applicable for registered service providers. The registered service providers are always included if the querying client corresponds to the user. You cannot configure LSS on the services configured as only wired.
all Configures LSS for all mDNS services.
priority-mac Configures the MAC address of a service provider device. This device gets a priority even if the service provider database is full.
add Adds the MAC address of a service provider device for priority.
You can configure up to 50 MAC addresses for a service.
delete Deletes the MAC address of a service provider device from the priority list.
priority-mac MAC address of a service provider device that needs priority. The MAC address must be unique for each service.
ap-group Configures the access point group for wired service providers. These service providers get priority over others. When a client mNDS query originates from this AP group, the wired entries with priority MAC addresses and access point groups are listed first in the aggregated response.
ap-group-name Name of the access point group to which the service provider belongs.
Command History
Release Modification 7.4
This command was introduced.
7.5
This command was modified. The origin, Wireless, Wired, All, lss, priority-mac, add, delete, ap-group keywords and priority-mac ap-group-name arguments were added.
Usage Guidelines
In Release 7.5 and later releases, the maximum number of service providers for different controller models are as follows:You cannot change the services with the origin set to Wireless to Wired if LSS is enabled for the service.
Examples
The following example shows how to add the HTTP mDNS service to the Master Services database, configure the origin as wireless, and enable LSS for the service:
(Cisco Controller) > config mdns service create http _http._tcp.local. origin wireless lss enableThe following example shows how to add a priority MAC address of a HTTP service provider device:
(Cisco Controller) >config mdns service priority-mac add 44:03:a7:a3:04:45 httpconfig mdns snooping
To enable or disable global multicast DNS (mDNS) snooping on the Cisco WLC, use the config mdns snooping command.
Syntax Description
Command History
Usage Guidelines
mDNS service discovery provides a way to announce and discover services on the local network. mDNS perform DNS queries over IP multicast. mDNS supports zero configuration IP networking.
config memory monitor errors
To enable or disable monitoring for memory errors and leaks, use the config memory monitor errors command.
Caution
The config memory monitor commands can be disruptive to your system and should be run only when you are advised to do so by the Cisco TAC.
Syntax Description
Command History
Usage Guidelines
Be cautious about changing the defaults for the config memory monitor command unless you know what you are doing, you have detected a problem, or you are collecting troubleshooting information.
config memory monitor leaks
To configure the controller to perform an auto-leak analysis between two memory thresholds, use the config memory monitor leaks command.
Caution
The config memory monitor commands can be disruptive to your system and should be run only when you are advised to do so by the Cisco TAC.
Syntax Description
Command Default
The default value for low_thresh is 10000 KB; the default value for high_thresh is 30000 KB.
Command History
Usage Guidelines
Note
Be cautious about changing the defaults for the config memory monitor command unless you know what you are doing, you have detected a problem, or you are collecting troubleshooting information.
Use this command if you suspect that a memory leak has occurred.
If the free memory is lower than the low_thresh threshold, the system crashes, generating a crash file. The default value for this parameter is 10000 KB, and you cannot set it below this value.
Set the high_thresh threshold to the current free memory level or higher so that the system enters auto-leak-analysis mode. After the free memory reaches a level lower than the specified high_thresh threshold, the process of tracking and freeing memory allocation begins. As a result, the debug memory events enable command shows all allocations and frees, and the show memory monitor detail command starts to detect any suspected memory leaks.
config mgmtuser add
Syntax Description
Account username. The username can be up to 24 alphanumeric characters.
Account password. The password can be up to 24 alphanumeric characters.
(Optional) Description of the account. The description can be up to 32 alphanumeric characters within double quotes.
Command History
config mgmtuser delete
config mgmtuser description
To add a description to an existing management user login to the controller, use the config mgmtuser description command.
Syntax Description
Account username. The username can be up to 24 alphanumeric characters.
Description of the account. The description can be up to 32 alphanumeric characters within double quotes.
Command History
config mgmtuser password
Syntax Description
Account username. The username can be up to 24 alphanumeric characters.
Account password. The password can be up to 24 alphanumeric characters.
Command History
config mgmtuser telnet
To enable local management users to use Telnet to connect to the Cisco Wireless LAN Controller, use the config mgmtuser telnet command.
Syntax Description
user_name Username of a local management user.
enable Enables a local management user to use Telnet to connect to the Cisco WLC. You can enter up to 24 alphanumeric characters.
disable Disables a local management user from using Telnet to connect to the Cisco WLC.
Command History
config mobility group member
To add or delete users from the mobility group member list, use the config mobility group member command.
config mobility group member { add MAC IP_address [ group_name] | delete MAC IP _address | hash IP _address { key | none}}
Syntax Description
(Optional) Member switch group name (if different from the default group name).
hash
Configures the hash key for authorization. You can configure the hash key only if the member is a virtual controller in the same domain.
key
Hash key of the virtual controller. For example, a819d479dcfeb3e0974421b6e8335582263d9169
none
Clears the previous hash key of the virtual controller.
Command History
Examples
The following example shows how to add a mobility group member to the list:
(Cisco Controller) >config mobility group member add 11:11:11:11:11:11 192.12.1.2The following example shows how to configure the hash key of a virtual controller in the same domain:
(Cisco Controller) >config mobility group member hash 9.2.115.68 a819d479dcfeb3e0974421b6e8335582263d9169config netuser add
To add a guest user on a WLAN or wired guest LAN to the local user database on the controller, use the config netuser add command.
config netuser add username password { wlan wlan_id | guestlan guestlan_id} userType guest lifetime lifetime description description
Syntax Description
Guest username. The username can be up to 50 alphanumeric characters.
User password. The password can be up to 24 alphanumeric characters.
Specifies the wireless LAN identifier to associate with or zero for any wireless LAN.
Wireless LAN identifier assigned to the user. A zero value associates the user with any wireless LAN.
Specifies the guest LAN identifier to associate with or zero for any wireless LAN.
Lifetime value (60 to 259200 or 0) in seconds for the guest user.
Note Short description of user. The description can be up to 32 characters enclosed in double-quotes.
Command History
Usage Guidelines
Local network usernames must be unique because they are stored in the same database.
Examples
The following example shows how to add a permanent username Jane to the wireless network for 1 hour:
(Cisco Controller) > config netuser add jane able2 1 wlan_id 1 userType permanentThe following example shows how to add a guest username George to the wireless network for 1 hour:
(Cisco Controller) > config netuser add george able1 guestlan 1 3600config netuser delete
Syntax Description
Command History
Usage Guidelines
Local network usernames must be unique because they are stored in the same database.
config netuser description
Syntax Description
Network username. The username can contain up to 24 alphanumeric characters.
(Optional) User description. The description can be up to 32 alphanumeric characters enclosed in double quotes.
Command History
config netuser guest-lan-id
Syntax Description
Network username. The username can be 24 alphanumeric characters.
Wired guest LAN identifier to associate with the user. A zero value associates the user with any wired LAN.
Command History
config netuser guest-role apply
To apply a quality of service (QoS) role to a guest user, use the config netuser guest-role apply command.
Syntax Description
Command History
Usage Guidelines
If you do not assign a QoS role to a guest user, the Role field in the User Details shows the role as default. The bandwidth contracts for this user are defined in the QoS profile for the WLAN.
If you want to unassign a QoS role from a guest user, use the config netuser guest-role apply username default. This user now uses the bandwidth contracts defined in the QoS profile for the WLAN.
config netuser guest-role create
To create a quality of service (QoS) role for a guest user, use the config netuser guest-role create command.
Syntax Description
Command History
config netuser guest-role delete
To delete a quality of service (QoS) role for a guest user, use the config netuser guest-role delete command.
Syntax Description
Command History
config netuser guest-role qos data-rate average-data-rate
To configure the average data rate for TCP traffic on a per user basis, use the config netuser guest-role qos data-rate average-data-rate command.
Syntax Description
Usage Guidelines
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
config netuser guest-role qos data-rate average-realtime-rate
To configure the average data rate for TCP traffic on a per user basis, use the config netuser guest-role qos data-rate average-realtime-rate command.
Syntax Description
Usage Guidelines
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
config netuser guest-role qos data-rate burst-data-rate
To configure the peak data rate for TCP traffic on a per user basis, use the config netuser guest-role qos data-rate burst-data-rate command.
Syntax Description
Command History
Usage Guidelines
The burst data rate should be greater than or equal to the average data rate. Otherwise, the QoS policy may block traffic to and from the wireless client.
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
config netuser guest-role qos data-rate burst-realtime-rate
To configure the burst real-time data rate for UDP traffic on a per user basis, use the config netuser guest-role qos data-rate burst-realtime-rate command.
Syntax Description
Command History
Usage Guidelines
The burst real-time rate should be greater than or equal to the average real-time rate. Otherwise, the quality of service (QoS) policy may block traffic to and from the wireless client.
For the role_name parameter in each of these commands, enter a name for the new QoS role. The name uniquely identifies the role of the QoS user (such as contractor, vendor, and so on.). For the rate parameter, you can enter a value between 0 and 60,000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS role.
config netuser lifetime
config netuser maxUserLogin
To configure the maximum number of login sessions allowed for a network user, use the config netuser maxUserLogin command.
Syntax Description
Command Default
By default, the maximum number of login sessions for a single user is 0 (unlimited).
Command History
config netuser password
Syntax Description
Network username. The username can be up to 24 alphanumeric characters.
Network user password. The password can contain up to 24 alphanumeric characters.
Command History
config netuser wlan-id
Syntax Description
Network username. The username can be 24 alphanumeric characters.
Wireless LAN identifier to associate with the user. A zero value associates the user with any wireless LAN.
Command History
config network 802.3-bridging
Syntax Description
Command History
Usage Guidelines
In controller software release 5.2, the software-based forwarding architecture for Cisco 2100 Series Controllers is being replaced with a new forwarding plane architecture. As a result, Cisco 2100 Series Controllers and the Cisco wireless LAN controller Network Module for Cisco Integrated Services Routers bridge 802.3 packets by default. Therefore, 802.3 bridging can now be disabled only on Cisco 4400 Series Controllers, the Cisco WiSM, and the Catalyst 3750G Wireless LAN Controller Switch.
To determine the status of 802.3 bridging, enter the show netuser guest-roles command.
config network allow-old-bridge-aps
config network ap-discovery
To enable or disable NAT IP in an AP discovery response, use the config network ap-discovery command.
Syntax Description
Command History
Usage Guidelines
If the config interface nat-address management command is set, this command controls which address(es) are sent in the CAPWAP discovery responses.
If all APs are on the outside of the NAT gateway of the controller, enter the config network ap-discovery nat-ip-only enable command, and only the management NAT address is sent.
If the controller has both APs on the outside and the inside of its NAT gateway, enter the config network ap-discovery nat-ip-only disable command, and both the management NAT address and the management inside address are sent. Ensure that you have entered the config ap link-latency disable all command to avoid stranding APs.
config network ap-priority
To enable or disable the option to prioritize lightweight access points so that after a controller failure they reauthenticate by priority rather than on a first-come-until-full basis, use the config network ap-priority command.
Syntax Description
Enables the lightweight access point priority reauthentication.
Disables the lightweight access point priority reauthentication.
Command History
config network arptimeout
config network bridging-shared-secret
Syntax Description
Command History
Usage Guidelines
This command creates a secret that encrypts backhaul user data for the mesh access points that connect to the switch.
The zero-touch configuration must be enabled for this command to work.
config network broadcast
Syntax Description
Command History
Usage Guidelines
This command allows you to enable or disable broadcasting. You must enable multicast mode before enabling broadcast forwarding. Use the config network multicast mode command to configure multicast mode on the controller.
Note
The default multicast mode is unicast in case of all controllers except for Cisco 2106 Controllers. The broadcast packets and multicast packets can be independently controlled. If multicast is off and broadcast is on, broadcast packets still reach the access points, based on the configured multicast mode.
config network fast-ssid-change
To enable or disable fast Service Set Identifier (SSID) changing for mobile stations, use the config network fast-ssid-change command.
Syntax Description
Command History
Usage Guidelines
When you enable the Fast SSID Change feature, the controller allows clients to move between SSIDs. When the client sends a new association for a different SSID, the client entry in the controller connection table is cleared before the client is added to the new SSID.
When you disable the FastSSID Change feature, the controller enforces a delay before clients are allowed to move to a new SSID.
config network ip-mac-binding
To validate the source IP address and MAC address binding within client packets, use the config network ip-mac-binding command.
Syntax Description
Enables the validation of the source IP address to MAC address binding in clients packets.
Disables the validation of the source IP address to MAC address binding in clients packets.
Command Default
The validation of the source IP address to MAC address binding in clients packets is enabled by default.
Command History
Usage Guidelines
In controller software release 5.2, the controller enforces strict IP address-to-MAC address binding in client packets. The controller checks the IP address and MAC address in a packet, compares them to the addresses that are registered with the controller, and forwards the packet only if they both match. In previous releases, the controller checks only the MAC address of the client and ignores the IP address.
Note
You might want to disable this binding check if you have a routed network behind a workgroup bridge (WGB).
config network master-base
To enable or disable the Cisco wireless LAN controller as an access point default master, use the config network master-base command.
Syntax Description
Enables the Cisco wireless LAN controller acting as a Cisco lightweight access point default master.
Disables the Cisco wireless LAN controller acting as a Cisco lightweight access point default master.
Command History
Usage Guidelines
This setting is only used upon network installation and should be disabled after the initial network configuration. Because the Master Cisco wireless LAN controller is normally not used in a deployed network, the Master Cisco wireless LAN controller setting can be saved from 6.0.199.0 or later releases.
config network mgmt-via-wireless
To enable Cisco wireless LAN controller management from an associated wireless client, use the config network mgmt-via-wireless command.
Syntax Description
Command History
Usage Guidelines
This feature allows wireless clients to manage only the Cisco wireless LAN controller associated with the client and the associated Cisco lightweight access point. That is, clients cannot manage another Cisco wireless LAN controller with which they are not associated.
config network multicast global
To enable or disable multicasting on the controller, use the config network multicast global command.
Syntax Description
Command History
Usage Guidelines
The config network broadcast {enable | disable} command allows you to enable or disable broadcasting without enabling or disabling multicasting as well. This command uses the multicast mode configured on the controller (by using the config network multicast mode command) to operate.
config network multicast igmp query interval
Syntax Description
Command History
config network multicast igmp snooping
config network multicast igmp timeout
Syntax Description
Command History
Usage Guidelines
You can enter a timeout value between 30 and 7200 seconds. The controller sends three queries in one timeout value at an interval of timeout/3 to see if any clients exist for a particular multicast group. If the controller does not receive a response through an IGMP report from the client, the controller times out the client entry from the MGID table. When no clients are left for a particular multicast group, the controller waits for the IGMP timeout value to expire and then deletes the MGID entry from the controller. The controller always generates a general IGMP query (to destination address 224.0.0.1) and sends it on all WLANs with an MGID value of 1.
config network multicast l2mcast
To configure the Layer 2 multicast on an interface or all interfaces, use the config network multicast l2mcast command.
Syntax Description
Command History
config network multicast mld
To configure the Multicast Listener Discovery (MLD) parameters, use the config network multicast mld command.
config network multicast mld { query interval interval-value | snooping { enable | disable} | timeout timeout-value}
Syntax Description
Query interval in seconds. The range is from 15 to 2400 seconds.
Timeout value in seconds. The range is from 30 seconds to 7200 seconds.
Command History
config network multicast mode multicast
To configure the controller to use the multicast method to send broadcast or multicast packets to an access point, use the config network multicast mode multicast command.
Command History
config network multicast mode unicast
To configure the controller to use the unicast method to send broadcast or multicast packets to an access point, use the config network multicast mode unicast command.
Command History
config network oeap-600 dual-rlan-ports
To configure the Ethernet port 3 of Cisco OfficeExtend 600 Series access points to operate as a remote LAN port in addition to port 4, use the config network oeap-600 dual-rlan-ports command.
Syntax Description
Enables Ethernet port 3 of Cisco OfficeExtend 600 Series access points to operate as a remote LAN port in addition to port 4.
Resets the Ethernet port 3 Cisco OfficeExtend 600 Series access points to function as a local LAN port.
Command History
config network oeap-600 local-network
To configure access to the local network for the Cisco 600 Series OfficeExtend access points, use the config network oeap-600 local-network command.
Syntax Description
Enables access to the local network for the Cisco 600 Series OfficeExtend access points.
Disables access to the local network for the Cisco 600 Series OfficeExtend access points.
Command History
config network otap-mode
config network rf-network-name
config network secureweb
To change the state of the secure web (https is http and SSL) interface for management users, use the config network secureweb command.
Syntax Description
Command History
Usage Guidelines
This command allows management users to access the controller GUI using an http://ip-address. Web mode is not a secure connection.
config network secureweb cipher-option
To enable or disable secure web mode with increased security, or to enable or disable Secure Sockets Layer (SSL v2) for web administration and web authentication, use the config network secureweb cipher-option command.
Syntax Description
Configures whether or not 128-bit ciphers are required for web administration and web authentication.
Configures SSLv2 for both web administration and web authentication.
rc4-preference
Configures preference for RC4-SHA (Rivest Cipher 4-Secure Hash Algorithm) cipher suites (over CBC cipher suites) for web authentication and web administration.
Command Default
The default is disable for secure web mode with increased security and enable for SSL v2.
Command History
Usage Guidelines
Note
The config network secureweb cipher-option command allows users to access the controller GUI using an http://ip-address but only from browsers that support 128-bit (or larger) ciphers.
When cipher-option sslv2 is disabled, users cannot connect using a browser configured with SSLv2 only. They must use a browser that is configured to use a more secure protocol such as SSLv3 or later.
In RC4-SHA based cipher suites, RC4 is used for encryption and SHA is used for message authentication.
config network ssh
config network telnet
config network usertimeout
Syntax Description
Usage Guidelines
Use this command to set the idle client session duration on the Cisco wireless LAN controller. The minimum duration is 90 seconds.
config network web-auth captive-bypass
To configure the controller to support bypass of captive portals at the network level, use the config network web-auth captive-bypass command.
Syntax Description
config network web-auth cmcc-support
config network web-auth port
To configure an additional port to be redirected for web authentication at the network level, use the config network web-auth port command.
Syntax Description
Command History
config network web-auth proxy-redirect
To configure proxy redirect support for web authentication clients, use the config network web-auth proxy-redirect command.
Syntax Description
Allows proxy redirect support for web authentication clients.
Disallows proxy redirect support for web authentication clients.
Command History
config network web-auth secureweb
To configure the secure web (https) authentication for clients, use the config network web-auth secureweb command.
Syntax Description
Disallows secure web (https) authentication for clients. Enables http web authentication for clients.
Command History
Usage Guidelines
Note
If you configure the secure web (https) authentication for clients using the config network web-auth secureweb disable command, then you must reboot the Cisco WLC to implement the change.
config network webmode
config network web-auth
Syntax Description
Configures additional ports for web authentication redirection.
Configures proxy redirect support for web authentication clients.
Enables proxy redirect support for web authentication clients.
Note Web-auth proxy redirection will be enabled for ports 80, 8080, and 3128, along with user defined port 345.
Disables proxy redirect support for web authentication clients.
Command History
config nmsp notify-interval measurement
To modify the Network Mobility Services Protocol (NMSP) notification interval value on the controller to address latency in the network, use the config nmsp notify-interval measurement command.
Syntax Description
Modifies the interval for active radio frequency identification (RFID) tags.
Modifies the interval for rogue access points and rogue clients.
Command History
Usage Guidelines
The TCP port (16113) that the controller and location appliance communicate over must be open (not blocked) on any firewall that exists between the controller and the location appliance for NMSP to function.
config paging
config passwd-cleartext
To enable or disable temporary display of passwords in plain text, use the config passwd-cleartext command.
Syntax Description
Command History
Usage Guidelines
This command must be enabled if you want to see user-assigned passwords displayed in clear text when using the show run-config command.
To execute this command, you must enter an admin password. This command is valid only for this particular session. It is not saved following a reboot.
config prompt
config qos average-data-rate
To define the average data rate in Kbps for TCP traffic per user or per service set identifier (SSID), use the config qos average-data-rate command.
config qos average-data-rate { bronze | silver | gold | platinum} { per-ssid | per-client} { downstream | upstream} rate
Syntax Description
per-ssid Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
per-client Configures the rate limit for each client associated with the SSID.
downstream Configures the rate limit for downstream traffic.
upstream Configures the rate limit for upstream traffic.
Average data rate for TCP traffic per user. A value between 0 and 51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
Command History
config qos average-realtime-rate
To define the average real-time data rate in Kbps for UDP traffic per user or per service set identifier (SSID), use the config qos average-realtime-rate command.
config qos average-realtime-rate { bronze | silver | gold | platinum} { per-ssid | per-client} { downstream | upstream} rate
Syntax Description
Specifies the average real-time data rate for the queue bronze.
Specifies the average real-time data rate for the queue silver.
Specifies the average real-time data rate for the queue gold.
Specifies the average real-time data rate for the queue platinum.
per-ssid Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
per-client Configures the rate limit for each client associated with the SSID.
downstream Configures the rate limit for downstream traffic.
upstream Configures the rate limit for upstream traffic.
Average real-time data rate for UDP traffic per user. A value between 0 and 51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
Command History
config qos burst-data-rate
To define the peak data rate in Kbps for TCP traffic per user or per service set identifier (SSID), use the config qos burst-data-rate command.
config qos burst-data-rate { bronze | silver | gold | platinum} { per-ssid | per-client} { downstream | upstream} rate
Syntax Description
per-ssid Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
per-client Configures the rate limit for each client associated with the SSID.
downstream Configures the rate limit for downstream traffic.
upstream Configures the rate limit for upstream traffic.
Peak data rate for TCP traffic per user. A value between 0 and 51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
Command History
config qos burst-realtime-rate
To define the burst real-time data rate in Kbps for UDP traffic per user or per service set identifier (SSID), use the config qos burst-realtime-rate command.
config qos burst-realtime-rate { bronze | silver | gold | platinum} { per-ssid | per-client } { downstream | upstream } rate
Syntax Description
Specifies the burst real-time data rate for the queue bronze.
Specifies the burst real-time data rate for the queue silver.
Specifies the burst real-time data rate for the queue platinum.
per-ssid Configures the rate limit for an SSID per radio. The combined traffic of all clients will not exceed this limit.
per-client Configures the rate limit for each client associated with the SSID.
downstream Configures the rate limit for downstream traffic.
upstream Configures the rate limit for upstream traffic.
Burst real-time data rate for UDP traffic per user. A value between 0 and 51,2000 Kbps (inclusive). A value of 0 imposes no bandwidth restriction on the QoS profile.
Command History
config qos description
config qos max-rf-usage
To specify the maximum percentage of RF usage per access point, use the config qos max-rf-usage command.
Syntax Description
Specifies the maximum percentage of RF usage for the queue bronze.
Specifies the maximum percentage of RF usage for the queue silver.
Specifies the maximum percentage of RF usage for the queue gold.
Specifies the maximum percentage of RF usage for the queue platinum.
Command History
config qos dot1p-tag
To define the maximum value (0 to 7) for the priority tag associated with packets that fall within the profile, use the config qos dot1p-tag command.
Syntax Description
Command History
config qos priority
To define the maximum and default QoS levels for unicast and multicast traffic when you assign a QoS profile to a WLAN, use the config qos priority command.
config qos priority { bronze | silver | gold | platinum} { maximum-priority | default-unicast-priority | default-multicast-priority}
Syntax Description
Maximum QoS priority as one of the following:
Default unicast priority as one of the following:
Default multicast priority as one of the following:
Command History
Usage Guidelines
The maximum priority level should not be lower than the default unicast and multicast priority levels.
config qos protocol-type
To define the maximum value (0 to 7) for the priority tag associated with packets that fall within the profile, use the config qos protocol-type command.
Syntax Description
Command History
config qos queue_length
To specify the maximum number of packets that access points keep in their queues, use the config qos queue_length command.
Syntax Description
Command History
config rfid auto-timeout
config rfid status
config rfid timeout
config service timestamps
Syntax Description
Command History
Examples
The following example shows how to configure time-stamp message logs with the standard date and time:
(Cisco Controller) > config service timestamps log datetimeThe following example shows how to prevent message logs being time-stamped:
(Cisco Controller) > config service timestamps debug disableconfig sessions maxsessions
To configure the number of Telnet CLI sessions allowed by the Cisco wireless LAN controller, use the config sessions maxsessions command.
Syntax Description
Command History
Usage Guidelines
Up to five sessions are possible while a setting of zero prohibits any Telnet CLI sessions.
config sessions timeout
config switchconfig boot-break
To enable or disable the breaking into boot prompt by pressing the Esc key at system startup, use the config switchconfig boot-break command.
Syntax Description
Enables the breaking into boot prompt by pressing the Esc key at system startup.
Disables the breaking into boot prompt by pressing the Esc key at system startup.
Command Default
By default, the breaking into boot prompt by pressing the Esc key at system startup is disabled.
Usage Guidelines
You must enable the features that are prerequisites for the Federal Information Processing Standard (FIPS) mode before enabling or disabling the breaking into boot prompt.
config switchconfig fips-prerequisite
To enable or disable the features that are prerequisites for the Federal Information Processing Standard (FIPS) mode, use the config switchconfig fips-prerequisite command.
Syntax Description
Enables the features that are prerequisites for the FIPS mode.
Disables the features that are prerequisites for the FIPS mode.
Usage Guidelines
You must configure the FIPS authorization secret before you can enable or disable the FIPS prerequisite features.
config switchconfig strong-pwd
To enable or disable your controller to check the strength of newly created passwords, use the config switchconfig strong-pwd command.
config switchconfig strong-pwd { case-check | consecutive-check | default-check | username-check | position-check | case-digit-check | minimum { upper-case | lower-case | digits | special-chars} no._of_characters | min-length | password_length | lockout{ mgmtuser | snmpv3user | time | attempts} | lifetime { mgmtuser | snmpv3user} lifetime | all-checks} { enable | disable}
Syntax Description
Checks at least three combinations: lowercase characters, uppercase characters, digits, or special characters.
position-check
Checks whether the password has a four-character change from the old password.
case-digit-check
Checks whether the password has all the four combinations: lower, upper, digits, or special characters.
minimum
Checks whether the password has a minimum number of upper case and lower case characters, digits, or special characters.
upper-case
Checks whether the password has a minimum number of upper case characters.
lower-case
Checks whether the password has a minimum number of lower case characters.
digits
Checks whether the password has a minimum number of digits.
special-chars
Checks whether the password has a minimum number of special characters.
min-length
Configures the minimum length for the password.
password_length
Minimum length for the password. The range is from 3 to 24 case-sensitive characters.
lockout
Configures the lockout feature for a management user or Simple Network Management Protocol version 3 (SNMPv3) user.
mgmtuser
Locks out a management user when the number of successive failed attempts exceed the management user lockout attempts.
snmpv3user
Locks out a SNMPv3 user when the number of successive failed attempts exceeds the SNMPv3 user lockout attempts.
time
Configures the time duration after the lockout attempts when the management user or SNMPv3 user is locked.
attempts
Configures the number of successive incorrect password attempts after which the management user or SNMPv3 user is locked.
lifetime
Configures the number of days before the management user or SNMPv3 user requires a change of password due to the age of the password.
mgmtuser
Configures the number of days before the management user requires a change of password due to the password age.
snmpv3user
Configures the number of days before the SNMPv3 user requires a change of password due to the age of the password.
lifetime
Number of days before the management user or SNMPv3 user requirlifetimees a change of password due to the age of the password.
Enables a strong password check for the access point and Cisco WLC.
Disables a strong password check for the access point and Cisco WLC.
Command History
config switchconfig flowcontrol
config switchconfig mode
To configure Lightweight Access Port Protocol (LWAPP) transport mode for Layer 2 or Layer 3, use the config switchconfig mode command.
Syntax Description
Command History
config switchconfig secret-obfuscation
Syntax Description
Command History
Usage Guidelines
To keep the secret contents of your configuration file secure, do not disable secret obfuscation. To further enhance the security of the configuration file, enable configuration file encryption.
config sysname
config snmp community accessmode
To modify the access mode (read only or read/write) of an SNMP community, use the config snmp community accessmode command.
Syntax Description
Command Default
Two communities are provided by default with the following settings:
SNMP Community Name Client IP Address Client IP Mask Access Mode Status ------------------- ----------------- ---------------- ----------- ------ public 0.0.0.0 0.0.0.0 Read Only Enable private 0.0.0.0 0.0.0.0 Read/Write EnableCommand History
config snmp community create
config snmp community delete
config snmp community ipaddr
config snmp community mode
config snmp engineID
Syntax Description
Command History
Usage Guidelines
The SNMP engine ID is a unique string used to identify the device for administration purposes. You do need to specify an engine ID for the device because a default string is automatically generated using Cisco’s enterprise number and the MAC address of the first interface on the device.
If you change the engine ID, then a reboot is required for the change to take effect.
Caution If you change the value of the SNMP engine ID, then the password of the user entered on the command line is converted to an MD5 (Message-Digest algorithm 5) or SHA (Secure Hash Algorithm) security digest. This digest is based on both the password and the local engine ID. The command line password is then deleted. Because of this deletion, if the local value of the engine ID changes, the security digests of the SNMP users will become invalid, and the users will have to be reconfigured.
config snmp syscontact
config snmp syslocation
config snmp trapreceiver create
config snmp trapreceiver delete
config snmp trapreceiver mode
To send or disable sending traps to a selected server, use the config snmp trapreceiver mode command.
Syntax Description
Command History
Usage Guidelines
This command enables or disables the Cisco wireless LAN controller from sending the traps to the selected server.
config snmp v3user create
config snmp v3user create username { ro | rw} { none | hmacmd5 | hmacsha} { none | des | aescfb128} [ auth_key] [ encrypt_key]
Syntax Description
Specifies Hashed Message Authentication Coding Message Digest 5 (HMAC-MD5) for authentication.
Specifies Hashed Message Authentication Coding-Secure Hashing Algorithm (HMAC-SHA) for authentication.
Specifies to use Cipher Block Chaining-Digital Encryption Standard (CBC-DES) encryption.
Specifies to use Cipher Feedback Mode-Advanced Encryption Standard-128 (CFB-AES-128) encryption.
(Optional) Authentication key for the HMAC-MD5 or HMAC-SHA authentication protocol.
(Optional) Encryption key for the CBC-DES or CFB-AES-128 encryption protocol.
Command Default
SNMP v3 username AccessMode Authentication Encryption
-------------------- ------------- -------------- ----------- default Read/Write HMAC-SHA CFB-AESCommand History
config snmp v3user delete
config snmp version
config time manual
config time ntp
config time ntp { auth { enable server_index key_index | disable server_index}} | { interval seconds} | { key-auth { add key_index md5 { ascii | hex} key_value | delete key_index}} | { server server_index ip-address}
Syntax Description
Specifies the ASCII key format (a maximum of 16 characters).
Specifies the hexadecimal key format (a maximum of 32 digits).
Command History
Examples
The following example shows how to configure the NTP polling interval to 7000 seconds:
(Cisco Controller) > config time ntp interval 7000The following example shows how to enable NTP authentication where the server index is 4 and the key index is 1:
(Cisco Controller) > config time ntp auth enable 4 1The following example shows how to add an NTP authentication key of value ff where the key format is in hexadecimal characters and the key index is 1:
(Cisco Controller) > config time ntp key-auth add 1 md5 hex ffThe following example shows how to add an NTP authentication key of value ff where the key format is in ASCII characters and the key index is 1:
(Cisco Controller) > config time ntp key-auth add 1 md5 ascii ciscokeyconfig time timezone
config time timezone location
To set the location of the time zone in order to have daylight saving time set automatically when it occurs, use the config time timezone location command.
Syntax Description
Number representing the time zone required. The time zones are as follows:
- (GMT-12:00) International Date Line West
- (GMT-11:00) Samoa
- (GMT-10:00) Hawaii
- (GMT-9:00) Alaska
- (GMT-8:00) Pacific Time (US and Canada)
- (GMT-7:00) Mountain Time (US and Canada)
- (GMT-6:00) Central Time (US and Canada)
- (GMT-5:00) Eastern Time (US and Canada)
- (GMT-4:00) Atlantic Time (Canada)
- (GMT-3:00) Buenos Aires (Argentina)
- (GMT-2:00) Mid-Atlantic
- (GMT-1:00) Azores
- (GMT) London, Lisbon, Dublin, Edinburgh (default value)
- (GMT +1:00) Amsterdam, Berlin, Rome, Vienna
- (GMT +2:00) Jerusalem
- (GMT +3:00) Baghdad
- (GMT +4:00) Muscat, Abu Dhabi
- (GMT +4:30) Kabul
- (GMT +5:00) Karachi, Islamabad, Tashkent
- (GMT +5:30) Colombo, Kolkata, Mumbai, New Delhi
- (GMT +5:45) Katmandu
- (GMT +6:00) Almaty, Novosibirsk
- (GMT +6:30) Rangoon
- (GMT +7:00) Saigon, Hanoi, Bangkok, Jakatar
- (GMT +8:00) Hong Kong, Bejing, Chongquing
- (GMT +9:00) Tokyo, Osaka, Sapporo
- (GMT +9:30) Darwin
- (GMT+10:00) Sydney, Melbourne, Canberra
- (GMT+11:00) Magadan, Solomon Is., New Caledonia
- (GMT+12:00) Kamchatka, Marshall Is., Fiji
- (GMT+12:00) Auckland (New Zealand)
Command History
config trapflags 802.11-Security
To enable or disable sending 802.11 security-related traps, use the config trapflags 802.11-Security command.
Syntax Description
Command History
config trapflags aaa
config trapflags adjchannel-rogueap
To configure trap notifications when a rogue access point is detected at the adjacent channel, use the config trapflags adjchannel-rogueap command.
Syntax Description
enable Enables trap notifications when a rogue access point is detected at the adjacent channel.
disable Disables trap notifications when a rogue access point is detected at the adjacent channel.
Command History
Examples
The following example shows how to enable trap notifications when a rogue access point is detected at the adjacent channel:
(Cisco Controller) > config trapflags adjchannel-rogueap enableRelated Commands
config trapflags 802.11-Security
config trapflags ap
config trapflags authentication
config trapflags client
config trapflags configsave
config trapflags IPsec
config trapflags linkmode
config trapflags multiusers
config trapflags mesh
config trapflags strong-pwdcheck
config trapflags rfid
config trapflags rogueap
show trapflags
config trapflags ap
To enable or disable the sending of Cisco lightweight access point traps, use the config trapflags ap command.
Syntax Description
Enables sending a trap when a Cisco lightweight access point registers with Cisco switch.
Enables sending a trap when a Cisco lightweight access point interface (A or B) comes up.
Command History
config trapflags authentication
config trapflags client
To enable or disable the sending of client-related DOT11 traps, use the config trapflags client command.
config trapflags client { 802.11-associate 802.11-disassociate | 802.11-deauthenticate | 802.11-authfail | 802.11-assocfail | authentication | excluded} { enable | disable}
Syntax Description
802.11-associate
Enables the sending of Dot11 association traps to clients.
Enables the sending of Dot11 disassociation traps to clients.
Enables the sending of Dot11 deauthentication traps to clients.
Enables the sending of Dot11 authentication fail traps to clients.
Enables the sending of Dot11 association fail traps to clients.
authentication
Enables the sending of authentication success traps to clients.
Command History
config trapflags client max-warning-threshold
To configure the threshold value of the number of clients that associate with the controller, after which an SNMP trap and a syslog message is sent to the controller, use the config trapflags client max-warning-threshold command.
Syntax Description
threshold Configures the threshold percentage value of the number of clients that associate with the controller, after which an SNMP trap and a syslog message is sent to the controller. The range is from 80 to 100.
The minimum interval between two warnings is 10 mins You cannot configure this interval.
enable Enables the generation of the traps and syslog messages.
disable Disables the generation of the traps and syslog messages.
Command Default
The default threshold value of the number of clients that associate with the controller is 90 %.
Command History
Usage Guidelines
This table lists the maximum number of clients for different controllers.
Table 5 Maximum Number of Clients Supported on Different Controllers Controller
Maximum Number of Supported Clients
Cisco 5500 Series Controllers 7000 Cisco 2500 Series Controllers 500 Cisco Wireless Services Module 2 15000 Cisco Flex 7500 Series Controllers 64000 Cisco 8500 Series Controllers 64000 Cisco Virtual Wireless LAN Controllers 30000 config trapflags configsave
config trapflags IPsec
config trapflags IPsec { esp-auth | esp-reply | invalidSPI | ike-neg | suite-neg | invalid-cookie} { enable | disable}
Syntax Description
Enables the sending of IPsec traps when an ESP authentication failure occurs.
Enables the sending of IPsec traps when an ESP replay failure occurs.
Enables the sending of IPsec traps when an ESP invalid SPI is detected.
Enables the sending of IPsec traps when an IKE negotiation failure occurs.
Enables the sending of IPsec traps when a suite negotiation failure occurs.
Enables the sending of IPsec traps when a Isakamp invalid cookie is detected.
Command History
config trapflags linkmode
To enable or disable Cisco wireless LAN controller level link up/down trap flags, use the config trapflags linkmode command.
Syntax Description
Enables Cisco wireless LAN controller level link up/down trap flags.
Disables Cisco wireless LAN controller level link up/down trap flags.
Command History
config trapflags mesh
To configure trap notifications when a mesh access point is detected, use the config trapflags mesh command.
Syntax Description
enable Enables trap notifications when a mesh access point is detected.
disable Disables trap notifications when a mesh access point is detected.
Command History
Examples
The following example shows how to enable trap notifications when a mesh access point is detected:
(Cisco Controller) > config trapflags mesh enableRelated Commands
config trapflags 802.11-Security
config trapflags ap
config trapflags adjchannel-rogueap
config trapflags authentication
config trapflags client
config trapflags configsave
config trapflags IPsec
config trapflags linkmode
config trapflags multiusers
config trapflags strong-pwdcheck
config trapflags rfid
config trapflags rogueap
show trapflags
config trapflags multiusers
To enable or disable the sending of traps when multiple logins are active, use the config trapflags multiusers command.
Syntax Description
Enables the sending of traps when multiple logins are active.
Disables the sending of traps when multiple logins are active.
Command History
config trapflags rfid
To configure the threshold value of the maximum number of radio frequency identification (RFID) tags, after which an SNMP trap and a syslog message is sent to the controller, use the config trapflags rfid command.
Syntax Description
threshold Configures the threshold percentage value of the maximum number of RFID tags, after which an SNMP trap and a syslog message is sent to the controller. The range is from 80 to 100.
The traps and syslog messages are generated every 10 minutes. You cannot configure this interval.
enable Enables the generation of the traps and syslog messages.
disable Disables the generation of the traps and syslog messages.
Command History
Usage Guidelines
The following table shows the maximum number of RFID tags supported on different controllers:
Table 6 Maximum Number of RFID Tags Supported on Different Controllers Controller
Maximum Number of Supported Clients
Cisco 5500 Series Controllers 5000 Cisco 2500 Series Controllers 500 Cisco Wireless Services Module 2 10000 Cisco Flex 7500 Series Controllers 50000 Cisco 8500 Series Controllers 50000 Cisco Virtual Wireless LAN Controllers 3000 Examples
The following example shows how to configure the threshold value of the maximum number of RFID tags:
(Cisco Controller) > config trapflags rfid 80Related Commands
config trapflags 802.11-Security
config trapflags ap
config trapflags adjchannel-rogueap
config trapflags authentication
config trapflags client
config trapflags configsave
config trapflags IPsec
config trapflags linkmode
config trapflags multiusers
config trapflags mesh
config trapflags strong-pwdcheck
config trapflags rogueap
config trapflags mesh
show trapflags
config trapflags rogueap
To enable or disable sending rogue access point detection traps, use the config trapflags rogueap command.
Syntax Description
Command History
Examples
The following example shows how to disable the sending of rogue access point detection traps:
(Cisco Controller) > config trapflags rogueap disableRelated Commands
config rogue ap friendly
config rogue ap rldp
config rogue ap ssid
config rogue ap timeout
config rogue ap valid-client
show rogue ap clients
show rogue ap detailed
show rogue ap summary
show rogue ap friendly summary
show rogue ap malicious summary
show rogue ap unclassified summary
show trapflags
config trapflags rrm-params
To enable or disable the sending of Radio Resource Management (RRM) parameters traps, use the config trapflags rrm-params command.
Syntax Description
Enables trap sending when the RF manager automatically changes the tx-power level for the Cisco lightweight access point interface.
Enables trap sending when the RF manager automatically changes the channel for the Cisco lightweight access point interface.
Enables trap sending when the RF manager automatically changes the antenna for the Cisco lightweight access point interface.
Command History
config trapflags rrm-profile
To enable or disable the sending of Radio Resource Management (RRM) profile-related traps, use the config trapflags rrm-profile command.
Syntax Description
Enables trap sending when the load profile maintained by the RF manager fails.
Enables trap sending when the noise profile maintained by the RF manager fails.
Enables trap sending when the interference profile maintained by the RF manager fails.
Enables trap sending when the coverage profile maintained by the RF manager fails.
Command History
config trapflags stpmode
config trapflags strong-pwdcheck
To configure trap notifications for strong password checks, use the config trapflags strong-pwdcheck command.
Syntax Description
enable Enables trap notifications for strong password checks.
disable Disables trap notifications for strong password checks.
Command History
Examples
The following example shows how to enable trap notifications for strong password checks:
(Cisco Controller) > config trapflags strong-pwdcheck enableRelated Commands
config trapflags 802.11-Security
config trapflags ap
config trapflags adjchannel-rogueap
config trapflags authentication
config trapflags client
config trapflags configsave
config trapflags IPsec
config trapflags linkmode
config trapflags multiusers
config trapflags mesh
config trapflags rfid
config trapflags rogueap
show trapflags
config trapflags wps
Timeout Commands
This section lists the timeout commands of the controller:
- config 802.11 cac video tspec-inactivity-timeout
- config 802.11 cac voice tspec-inactivity-timeout
- config advanced timers
- config dhcp timeout
- config ldap
- config remote-lan session-timeout
- config network usertimeout
- config radius acct retransmit-timeout
- config radius auth mgmt-retransmit-timeout
- config radius auth retransmit-timeout
- config radius auth server-timeout
- config rogue ap timeout
- config tacacs athr mgmt-server-timeout
- config tacacs auth mgmt-server-timeout
- config rfid auto-timeout
- config rfid timeout
- config wlan session-timeout
- config wlan usertimeout
- config wlan security wpa akm ft
- config wlan security ft
config 802.11 cac video tspec-inactivity-timeout
To process or ignore the Call Admission Control (CAC) Wi-Fi Multimedia (WMM) traffic specifications (TSPEC) inactivity timeout received from an access point, use the config 802.11 cac video tspec-inactivity-timeout command.
Syntax Description
Command Default
The default CAC WMM TSPEC inactivity timeout received from an access point is disabled (ignore).
Usage Guidelines
CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Examples
This example shows how to process the response to TSPEC inactivity timeout messages received from an access point:
(Cisco Controller) > config 802.11a cac video tspec-inactivity-timeout enableThis example shows how to ignore the response to TSPEC inactivity timeout messages received from an access point:
(Cisco Controller) > config 802.11a cac video tspec-inactivity-timeout ignoreconfig 802.11 cac voice tspec-inactivity-timeout
To process or ignore the Wi-Fi Multimedia (WMM) traffic specifications (TSPEC) inactivity timeout received from an access point, use the config 802.11 cac voice tspec-inactivity-timeout command.
Syntax Description
Command Default
The default WMM TSPEC inactivity timeout received from an access point is disabled (ignore).
Usage Guidelines
Call Admission Control (CAC) commands require that the WLAN you are planning to modify is configured for Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.
Before you can configure CAC parameters on a network, you must complete the following prerequisites:
- Disable all WLANs with WMM enabled by entering the config wlan disable wlan_id command.
- Disable the radio network you want to configure by entering the config 802.11{a | b} disable network command.
- Save the new configuration by entering the save config command.
- Enable voice or video CAC for the network you want to configure by entering the config 802.11{a | b} cac voice acm enable or config 802.11{a | b} cac video acm enable commands. For complete instructions, see the “Configuring Voice and Video Parameters” section in the “Configuring Controller Settings” chapter of the Cisco Wireless LAN Controller Configuration Guide for your release.
Command History
config advanced timers
config advanced timers { ap-discovery-timeout discovery-timeout | ap-fast-heartbeat { local | flexconnect | all} { enable | disable} fast_heartbeat_seconds | ap-heartbeat-timeout heartbeat_seconds | ap-primary-discovery-timeout primary_discovery_timeout | ap-primed-join-timeout primed_join_timeout | auth-timeout auth_timeout | pkt-fwd-watchdog { enable | disable} { watchdog_timer | default} | eap-identity-request-delay eap_identity_request_delay | eap-timeout eap_timeout}
Syntax Description
Configures the Cisco lightweight access point discovery timeout value.
discovery-timeout
Cisco lightweight access point discovery timeout value, in seconds. The range is from 1 to 10.
ap-fast-heartbeat
Configures the fast heartbeat timer, which reduces the amount of time it takes to detect a controller failure in access points.
local
Configures the fast heartbeat interval for access points in local mode.
flexconnect
Configures the fast heartbeat interval for access points in FlexConnect mode.
all
Configures the fast heartbeat interval for all the access points.
enable
disable
fast_heartbeat_seconds
Small heartbeat interval, which reduces the amount of time it takes to detect a controller failure, in seconds. The range is from 1 to 10.
ap-heartbeat-timeout
Configures Cisco lightweight access point heartbeat timeout value.
heartbeat_seconds
Cisco the Cisco lightweight access point heartbeat timeout value, in seconds. The range is from 1 to 30. This value should be at least three times larger than the fast heartbeat timer.
ap-primary-discovery-timeout
Configures the access point primary discovery request timer.
primary_discovery_timeout
Access point primary discovery request time, in seconds. The range is from 30 to 3600.
ap-primed-join-timeout
Configures the access point primed discovery timeout value.
primed_join_timeout
Access point primed discovery timeout value, in seconds. The range is from 120 to 43200.
auth-timeout
Configures the authentication timeout.
auth_timeout
Authentication response timeout value, in seconds. The range is from 10 to 600.
pkt-fwd-watchdog
Configures the packet forwarding watchdog timer to protect from fastpath deadlock.
watchdog_timer
Packet forwarding watchdog timer, in seconds. The range is from 60 to 300.
default
Configures the watchdog timer to the default value of 240 seconds.
eap-identity-request-delay
Configures the advanced Extensible Authentication Protocol (EAP) identity request delay, in seconds.
eap_identity_request_delay
Advanced EAP identity request delay, in seconds. The range is from 0 to 10.
eap-timeout
Configures the EAP expiration timeout.
eap_timeout
Command History
Usage Guidelines
The Cisco lightweight access point discovery timeout indicates how often a Cisco WLC attempts to discover unconnected Cisco lightweight access points.
The Cisco lightweight access point heartbeat timeout controls how often the Cisco lightweight access point sends a heartbeat keepalive signal to the Cisco Wireless LAN Controller.
Examples
The following example shows how to configure an access point discovery timeout with a timeout value of 20:
(Cisco Controller) >config advanced timers ap-discovery-timeout 20The following example shows how to enable the fast heartbeat interval for an access point in FlexConnect mode:
(Cisco Controller) >config advanced timers ap-fast-heartbeat flexconnect enable 8The following example shows how to configure the authentication timeout to 20 seconds:
(Cisco Controller) >config advanced timers auth-timeout 20config ldap
To configure the Lightweight Directory Access Protocol (LDAP) server settings, use the config ldap command.
config ldap { add | delete | enable | disable | retransmit-timeout | retry | user | security-mode | simple-bind} index
Syntax Description
retry
Configures the retry attempts for an LDAP server.
user
Configures the user search parameters.
security-mode
Configures the security mode.
simple-bind
Configures the local authentication bind method.
Specifies that a username and password be entered to secure access to the LDAP server.
Distinguished name for the subtree that contains all of the users.
secure
(Optional) Specifies that Transport Layer Security (TLS) is used.
retransmit-timeout
Retransmit timeout for an LDAP server. The range is from 2 to 30.
attempts
Number of attempts that each LDAP server is retried.
attr
Configures the attribute that contains the username.
base
Configures the distinguished name of the subtree that contains all the users.
type
Configures the user type.
Command History
Release Modification 7.6 This command was introduced in a release earlier than Release 7.6. 7.6
The secure keyword was added to support secure LDAP.
Usage Guidelines
When you enable secure LDAP, the controller does not validate the server certificate.
config remote-lan session-timeout
config network usertimeout
Syntax Description
Usage Guidelines
Use this command to set the idle client session duration on the Cisco wireless LAN controller. The minimum duration is 90 seconds.
config radius acct retransmit-timeout
To change the default transmission timeout for a RADIUS accounting server for the Cisco wireless LAN controller, use the config radius acct retransmit-timeout command.
Syntax Description
Command History
config radius auth mgmt-retransmit-timeout
To configure a default RADIUS server retransmission timeout for management users, use the config radius auth mgmt-retransmit-timeout command.
Syntax Description
Command History
config radius auth retransmit-timeout
To change a default transmission timeout for a RADIUS authentication server for the Cisco wireless LAN controller, use the config radius auth retransmit-timeout command.
Syntax Description
Command History
config radius auth server-timeout
To configure a retransmission timeout value for a RADIUS accounting server, use the config radius auth server-timeout command.
Syntax Description
Command History
config rogue ap timeout
To specify the number of seconds after which the rogue access point and client entries expire and are removed from the list, use the config rogue ap timeout command.
Syntax Description
Command Default
The default number of seconds after which the rogue access point and client entries expire is 1200 seconds.
Command History
Examples
The following example shows how to set an expiration time for entries in the rogue access point and client list to 2400 seconds:
(Cisco Controller) > config rogue ap timeout 2400Related Commands
config rogue ap friendly
config rogue ap rldp
config rogue ap ssid
config rogue rule
config trapflags rogueap
show rogue ap clients
show rogue ap detailed
show rogue ap summary
show rogue ap friendly summary
show rogue ap malicious summary
show rogue ap unclassified summary
show rogue ignore-list
show rogue rule detailed
show rogue rule summary
config tacacs athr mgmt-server-timeout
To configure a default TACACS+ authorization server timeout for management users, use the config tacacs athr mgmt-server-timeout command.
Syntax Description
Command History
config tacacs auth mgmt-server-timeout
To configure a default TACACS+ authentication server timeout for management users, use the config tacacs auth mgmt-server-timeout command.
Syntax Description
Command History
config rfid auto-timeout
config rfid timeout
config wlan session-timeout
config wlan usertimeout
To configure the timeout for idle client sessions for a WLAN, use the config wlan usertimeout command.
Syntax Description
timeout Timeout for idle client sessions for a WLAN. If the client sends traffic less than the threshold, the client is removed on timeout. The range is from 15 to 100000 seconds.
wlan_id Wireless LAN identifier between 1 and 512.
Command History
config wlan security wpa akm ft
To configure authentication key-management using 802.11r fast transition 802.1X, use the config wlan security wpa akm ft command.
config wlan security wpa akm ft [ over-the-air | over-the-ds | psk | [ reassociation-timeout seconds]] { enable | disable} wlan_id
Syntax Description
(Optional) Configures 802.11r fast transition roaming over-the-air support.
(Optional) Configures 802.11r fast transition roaming DS support.
(Optional) Configures the reassociation deadline interval.
The valid range is between 1 to 100 seconds. The default value is 20 seconds.
Command History
config wlan security ft
Syntax Description
Command History
Examples
The following example shows how to enable 802.11r fast transition roaming support on WLAN 2:
(Cisco Controller) >config wlan security ft enable 2The following example shows how to set the reassociation timeout value of 20 seconds for 802.11r fast transition roaming support on WLAN 2:
(Cisco Controller) >config wlan security ft reassociation-timeout 20 2Clearing Configurations, Log files, and Other Actions
- clear acl counters
- clear ap config
- clear ap eventlog
- clear ap join stats
- clear arp
- clear avc statistics
- clear client tsm
- clear config
- clear ext-webauth-url
- clear location rfid
- clear location statistics rfid
- clear locp statistics
- clear login-banner
- clear lwapp private-config
- clear mdns service-database
- clear nmsp statistics
- clear radius acct statistics
- clear tacacs auth statistics
- clear redirect-url
- clear stats ap wlan
- clear stats local-auth
- clear stats mobility
- clear stats port
- clear stats radius
- clear stats switch
- clear stats tacacs
- clear transfer
- clear traplog
- clear webimage
- clear webmessage
- clear webtitle
clear acl counters
clear ap config
clear ap eventlog
To delete the existing event log and create an empty event log file for a specific access point or for all access points joined to the controller, use the clear ap eventlog command.
Syntax Description
Name of the access point for which the event log file will be emptied.
Deletes the event log for all access points joined to the controller.
Command History
clear ap join stats
clear arp
clear avc statistics
To clear Application Visibility and Control (AVC) statistics of a client, guest LAN, remote LAN, or a WLAN use the clear avc statistics command.
clear avc statistics { client { all | client-mac} | guest-lan { all | guest-lan-id} | remote-lan { all | remote-lan-id} | wlan { all | wlan-id}}
Syntax Description
client Clears AVC statistics of a client.
all Clears AVC statistics of all clients.
client-mac MAC address of a client.
guest-lan Clears AVC statistics of a guest LAN.
all Clears AVC statistics of all guest LANs.
guest-lan-id Guest LAN Identifier between 1 and 5.
remote-lan Clears AVC statistics of a remote LAN.
all Clears AVC statistics of all remote LANs.
remote-lan-id Remote LAN Identifier between 1 and 512.
wlan Clears AVC statistics of a WLAN.
all Clears AVC statistics of all WLANs.
wlan-id WLAN Identifier between 1 and 512.
Command History
clear client tsm
To clear the traffic stream metrics (TSM) statistics for a particular access point or all the access points to which this client is associated, use the clear client tsm command.
Syntax Description
Command History
clear config
clear ext-webauth-url
clear location rfid
To clear a specific radio frequency identification (RFID) tag or all of the RFID tags in the entire database, use the clear location rfid command.
Syntax Description
Command History
clear location statistics rfid
clear locp statistics
clear login-banner
clear lwapp private-config
To clear (reset to default values) an access point’s current Lightweight Access Point Protocol (LWAPP) private configuration, which contains static IP addressing and controller IP address configurations, use the clear lwapp private-config command.
Command History
Usage Guidelines
Enter the command on the access point console port.
Prior to changing the FlexConnect configuration on an access point using the access point’s console port, the access point must be in standalone mode (not connected to a Cisco WLC ) and you must remove the current LWAPP private configuration by using the clear lwapp private-config command.
Note
The access point must be running Cisco Access Point IOS Release 12.3(11)JX1 or later releases.
clear mdns service-database
Syntax Description
all Clears the mDNS service database.
service-name Name of the mDNS service. The Cisco WLC clears the details of the mDNS service.
Command History
Usage Guidelines
The Cisco WLC snoops and learns about the mDNS service advertisements only if the service is available in the Master Services database.
clear nmsp statistics
clear radius acct statistics
To clear the RADIUS accounting statistics on the controller, use the clear radius acc statistics command.
Syntax Description
Command History
clear tacacs auth statistics
To clear the RADIUS authentication server statistics in the controller, use the clear tacacs auth statistics command.
Syntax Description
Command History
clear redirect-url
clear stats local-auth
clear stats port
Syntax Description
Command History
Examples
The following example shows how to clear the statistics counters for port 9:
(Cisco Controller) > clear stats port 9clear stats radius
clear stats switch
clear stats tacacs
Syntax Description
(Optional) Clears the TACACS+ authentication server statistics.
(Optional) Clears the TACACS+ authorization server statistics.
Command History
clear transfer
clear traplog
clear webimage
clear webmessage
Resetting the System Reboot Time
reset system notify-time
Uploading and Downloading Files and Configurations
- transfer download certpasswor
- transfer download datatype
- transfer download filename
- transfer download mode
- transfer download password
- transfer download path
- transfer download port
- transfer download serverip
- transfer download start
- transfer download tftpPktTimeout
- transfer download tftpMaxRetries
- transfer download username
- transfer encrypt
- transfer upload datatype
- transfer upload filename
- transfer upload mode
- transfer upload pac
- transfer upload password
- transfer upload path
- transfer upload peer-start
- transfer upload port
- transfer upload serverip
- transfer upload start
- transfer upload username
transfer download certpasswor
transfer download datatype
transfer download datatype { avc-protocol-pack | code | config | eapdevcert | eapcacert | icon | image | ipseccacert | ipsecdevcert| login-banner | signature | webadmincert | webauthbundle | webauthcert}
Syntax Description
avc-protocol-pack
Downloads an AVC protocol pack to the system.
code
Downloads an executable image to the system.
eapcacert
Downloads an EAP ca certificate to the system.
eapdevcert
Downloads an EAP dev certificate to the system.
icon
Downloads an executable image to the system.
ipseccacert
Downloads an IPSec Certificate Authority (CA) certificate to the system.
ipsecdevcert
Downloads an IPSec dev certificate to the system.
login-banner
Downloads the controller login banner. Only text file is supported with a maximum of 1500 bytes.
Downloads a certificate for web administration to the system.
Downloads a web certificate for the web portal to the system.
Command History
transfer download path
transfer download serverip
transfer download start
Command History
Examples
The following example shows how to initiate a download:
(Cisco Controller) > transfer download start Mode........................................... TFTP Data Type...................................... Site Cert TFTP Server IP................................. 172.16.16.78 TFTP Path...................................... directory path TFTP Filename.................................. webadmincert_name This may take some time. Are you sure you want to start? (y/n) Y TFTP Webadmin cert transfer starting. Certificate installed. Please restart the switch (reset system) to use the new certificate.transfer download tftpMaxRetries
transfer encrypt
transfer upload datatype
To set the controller to upload specified log and crash files, use the transfer upload datatype command.
transfer upload datatype { config | coredump | crashfile | errorlog | invalid-config | pac | packet-capture | panic-crash-file | radio-core-dump | signature | systemtrace | traplog | watchdog-crash-file}
Syntax Description
Uploads a console dump file resulting from a software-watchdog-initiated controller reboot following a crash.
Command History
transfer upload pac
transfer upload password
transfer upload peer-start
Command History
Examples
The following example shows how to start uploading a file to the peer controller:
> transfer upload peer-start Mode............................................. FTP FTP Server IP.................................... 209.165.201.1 FTP Server Port.................................. 21 FTP Path......................................... /builds/nimm/ FTP Filename..................................... AS_5500_7_4_1_20.aes FTP Username..................................... wnbu FTP Password..................................... ********* Data Type........................................ Error Log Are you sure you want to start upload from standby? (y/N) n Transfer Canceledtransfer upload serverip
transfer upload start
Command History
Examples
The following example shows how to initiate an upload of a file:
(Cisco Controller) > transfer upload start Mode........................................... TFTP TFTP Server IP................................. 172.16.16.78 TFTP Path...................................... c:\find\off/ TFTP Filename.................................. wps_2_0_75_0.aes Data Type...................................... Code Are you sure you want to start? (y/n) n Transfer CancelledInstalling and Modifying Licenses on Cisco 5500 Series Controllers
Use the license commands to install, remove, modify, or rehost licenses.
NoteSome license commands are available only on the Cisco 5500 Series Controller. Right to Use (RTU) licensing is not supported on Cisco 5500 Series Controllers.
NoteFor detailed information on installing and rehosting licenses on the Cisco 5500 Series Controller, see the “Installing and Configuring Licenses” section in Chapter 4 of the Cisco Wireless LAN Controller Configuration Guide.
license clear
license comment
license install
Syntax Description
Command History
Usage Guidelines
We recommend that the access point count be the same for the base-ap-count and wplus-ap-count licenses installed on your controller. If your controller has a base-ap-count license of 100 and you install a wplus-ap-count license of 12, the controller supports up to 100 access points when the base license is in use but only a maximum of 12 access points when the wplus license is in use.
You cannot install a wplus license that has an access point count greater than the controller's base license. For example, you cannot apply a wplus-ap-count 100 license to a controller with an existing base-ap-count 12 license. If you attempt to register for such a license, an error message appears indicating that the license registration has failed. Before upgrading to a wplus-ap-count 100 license, you would first have to upgrade the controller to a base-ap-count 100 or 250 license.
license modify priority
To raise or lower the priority of the base-ap-count or wplus-ap-count evaluation license on a Cisco 5500 Series Controller, use the license modify priority command.
Syntax Description
Command History
Usage Guidelines
If you are considering upgrading to a license with a higher access point count, you can try an evaluation license before upgrading to a permanent version of the license. For example, if you are using a permanent license with a 50 access point count and want to try an evaluation license with a 100 access point count, you can try out the evaluation license for 60 days.
AP-count evaluation licenses are set to low priority by default so that the controller uses the ap-count permanent license. If you want to try an evaluation license with an increased access point count, you must change its priority to high. If you no longer want to have this higher capacity, you can lower the priority of the ap-count evaluation license, which forces the controller to use the permanent license.
Note
You can set the priority only for ap-count evaluation licenses. AP-count permanent licenses always have a medium priority, which cannot be configured.
Note
If the ap-count evaluation license is a wplus license and the ap-count permanent license is a base license, you must also change the feature set to wplus.
Note
To prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the controller defaults to the same feature set level as the expired evaluation license. If no permanent license at the same feature set level is installed, the controller uses a permanent license at another level or an unexpired evaluation license.
license revoke
Syntax Description
URL of the TFTP server (tftp://server_ip/path/filename) where you saved the permission ticket.
URL of the TFTP server (tftp://server_ip/path/filename) where you saved the rehost ticket.
Command History
Usage Guidelines
Before you revoke a license, save the device credentials by using the license save credential url command.
You can rehost all permanent licenses except the permanent base image license. Evaluation licenses and the permanent base image license cannot be rehosted.
In order to rehost a license, you must generate credential information from the controller and use it to obtain a permission ticket to revoke the license from the Cisco licensing site, https://tools.cisco.com/SWIFT/LicensingUI/Quickstart. Next, you must obtain a rehost ticket and use it to obtain a license installation file for the controller on which you want to install the license.
For detailed information on rehosting licenses, see the “Installing and Configuring Licenses” section in the Cisco Wireless LAN Controller Configuration Guide.
Examples
The following example shows how to revoke the license settings from the saved permission ticket URL tftp://10.10.10.10/path/permit_ticket.lic:
(Cisco Controller) > license revoke tftp://10.10.10.10/path/permit_ticket.licThe following example shows how to revoke the license settings from the saved rehost ticket URL tftp://10.10.10.10/path/rehost_ticket.lic:
(Cisco Controller) > license revoke rehost tftp://10.10.10.10/path/rehost_ticket.liclicense save
To save a backup copy of all installed licenses or license credentials on the Cisco 5500 Series Controller, use the license save command.
Syntax Description
credential
Device credential information.
url
URL of the TFTP server (tftp://server_ip/path/filename).
Command History
Right to Use Licensing Commands
Use the license commands to configure Right to Use (RTU) licensing on Cisco Flex 7500 Series and 8500 Series controllers. This feature allows you to enable an AP license count on the controller without using any external tools after accepting an End User License Agreement (EULA).
- license activate ap-count eval
- license activate feature
- license add ap-count
- license add feature
- license deactivate ap-count eval
- license deactivate feature
- license delete ap-count
- license delete feature
license activate ap-count eval
To activate an evaluation access point license on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN Controllers, use the license activate ap-count eval command.
Command Default
By default, in release 7.3 Cisco Flex 7500 Series Controllers and Cisco 8500 Series Wireless LAN Controllers support 6000 APs.
Command History
Usage Guidelines
When you activate this license, the controller prompts you to accept or reject the End User License Agreement (EULA) for the given license. If you activate a license that supports a smaller number of APs than the current number of APs connected to the controller, the activation command fails.
license activate feature
license add ap-count
To configure the number of access points (APs) that an AP license can support on Cisco Flex 7500 and 8500 Series Wireless LAN controllers, use the license add ap-count command.
Syntax Description
count Number of APs that the AP license supports. The range is from 1 to the maximum number of APs that the controller can support. The count must be a multiple of 5.
Command History
Usage Guidelines
Right to Use (RTU) licensing allows you to enable a desired AP license count on the controller after accepting the End User License Agreement (EULA). You can now easily add AP counts on a controller without using external tools. RTU licensing is available only on Cisco Flex 7500 and 8500 series Wireless LAN controllers.
You can use this command to increase the count of an existing AP license. When you activate a license that supports a smaller number of APs than the current number of APs connected to the controller, the activation command fails.
license add feature
To add a license for a feature on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN controllers, use the license add feature command.
Syntax Description
license_name Name of the feature license. The license name can be up to 50 case-sensitive characters. For example, data_DTLS.
Command History
license deactivate ap-count eval
license deactivate feature
license delete ap-count
To delete an access point (AP) count license on the Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN Controllers, use the license delete ap-count command.
Syntax Description
count Number of APs that the AP license supports. The range is from 1 to the maximum number of APs that the controller can support. The count must be a multiple of 5.
Command History
Troubleshooting the Controller Settings
This section describes the debug and config commands that you can use to troubleshoot the controller.
- debug arp
- debug avc
- debug cac
- debug cdp
- debug crypto
- debug dhcp
- debug dhcp service-port
- debug disable-all
- debug fastpath
- debug l2age
- debug mac
- debug mdns all
- debug mdns detail
- debug mdns error
- debug mdns message
- debug mdns ha
- debug memory
- debug nmsp
- debug ntp
- debug packet error
- debug packet logging
- debug poe
- debug rbcp
- debug rfid
- debug snmp
- debug transfer
- debug voice-diag
- show debug
- show eventlog
- show memory monitor
- show run-config
- show process
- show tech-support
- config memory monitor errors
- config memory monitor leaks
- config msglog level critical
- config msglog level error
- config msglog level security
- config msglog level verbose
- config msglog level warning
debug arp
debug avc
To configure the debugging of Application Visibility and Control (AVC) options, use the debug avc error command.
Syntax Description
events Configures the debugging of AVC events.
error Configures the debugging of AVC errors.
enable Enables the debugging of AVC events or errors.
disable Disables the debugging of AVC events or errors.
Command History
debug cac
Syntax Description
Command History
Examples
The following example shows how to enable debugging of CAC settings:
(Cisco Controller) > debug cac event enable (Cisco Controller) > debug cac packet enabledebug cdp
debug crypto
debug dhcp service-port
debug fastpath
To debug the issues in the 10-Gigabit Ethernet interface of the controller and to view details of all the management and control features of the controller, use the debug fastpath command.
debug fastpath [ disable | | enable | | errors | | events | | warning | | log | | status | | dump | | audit | | clear ]
debug fastpath log [ { error | | events | | show } ]
debug fastpath dump [ { stats DP_number } | { fpapool DP_number } | { ownerdb } | { portdb } | { tun4db | index | DP_number } | { scbdb | index | DP_number } | { cfgtool -- dump.sfp } | { vlandb } | { dpcp-stats } | { clear | | stats } | { systemdb } | { debug | | { wlanappstats | | wlan_id } } | { appqosdb } ]
Syntax Description
disable Enables debug of fastpath messages.
enable Disables debug of fastpath messages.
errors Displays the debug messages related to the fastpath errors.
events Displays the debug messages related to the fastpath events.
warnings Displays the debug messages related to the fastpath warnings.
log Configures debug of log messages.
errors Configures debug of fastpath errors.
events Configures debug of fastpath events.
show Displays log of most recent events related to fastpath.
status Displays status of fastpath configuration.
dump Displays the CLI dump commands.
stats Displays the debug statistics from the data plane.
DP_number
- The index 0 for the Cisco Wireless LAN Controller 2504 Series, Cisco Wireless LAN Controller 5508 Series, Cisco Wireless LAN Controller 7500 Series, Cisco Wireless LAN Controller 8500 Series.
- The index 0 and/or 1 respectively for the two data planes in WiSM2 to view statistics of individual data plane or from both.
fpapool Displays statistics of packet buffer in data plane.
DP_number
- The index 0 for the Cisco Wireless LAN Controller 2504 Series, Cisco Wireless LAN Controller 5508 Series, Cisco Wireless LAN Controller 7500 Series, Cisco Wireless LAN Controller 8500 Series.
- The index 0 and/or 1 respectively for the two data planes in WiSM2 to view statistics of individual data plane or from both.
ownerdb Displays the data plane owner information.
portdb Displays the port database at data plane.
tun4db Dumps the first 20 tunnels from the data plane.
index Dumps 20 tunnel entries from index provided. You must use data plane number 0/1 to denote WISM2 data plane processor.
DP_number
- The index 0 for the Cisco Wireless LAN Controller 2504 Series, Cisco Wireless LAN Controller 5508 Series, Cisco Wireless LAN Controller 7500 Series, Cisco Wireless LAN Controller 8500 Series.
- The index 0 and/or 1 respectively for the two data planes in WiSM2 to view statistics of individual data plane or from both.
scbdb Dumps 20 client entries starting from index provided. You must use data plane number 0/1 to denote WISM2 data plane processor.
index Dumps client information for the selected MAC address.
DP_number
- The index 0 for the Cisco Wireless LAN Controller 2504 Series, Cisco Wireless LAN Controller 5508 Series, Cisco Wireless LAN Controller 7500 Series, Cisco Wireless LAN Controller 8500 Series.
- The index 0 and/or 1 respectively for the two data planes in WiSM2 to view statistics of individual data plane or from both.
cfgtool -- dump.sfp Displays the model/type of SX/LC/T small form-factor plug-in (SFP) modules with the OUI Partnumber.
vlandb Dumps the VLAN database in the dataplane.
dpcp-stats Displays the dataplane to controlplane message statistics.
clear stats Clears the data plane statistic counters.
systemdb Displays the global data plane configuration.
debug Displays the few latest messages of the data plane to enable troubleshooting.
wlanappstats Displays Application Visibility and Control (AVC) statistics of a WLAN.
wlan_id The WLAN identifier of the WLAN you need identify the AVC statistics.
appqosdb Displays Application Visibility and Control (AVC) database statistics of the data plane.
clear Clear command.
Command History
Examples
Examples
The following is an example of the SX/LC/T small form-factor plug-in (SFP) modules model/type with the respective OUI Partnumber.
(Cisco Controller) >debug fastpath status STP Admin Physical Physical Link Link Pr Type Stat Mode Mode Status Status Trap POE SFPType -- ------- ---- ------- ---------- ---------- ------ ------- ------- ---------- 1 Normal Forw Enable Auto 1000 Full Up Enable N/A 1000BaseTX 2 Normal Forw Enable Auto 1000 Full Up Enable N/A 1000BaseTXThe following is an example of the fastpath status displayed while you execute the status command.
(Cisco Controller) >debug fastpath status FP0.03:(119115)Received command: FP_CMD_ACL_COUNTER_GET FP0.00:(119115)Received command: FP_CMD_ACL_COUNTER_GET FP0.06:(119115)Received command: FP_CMD_ACL_COUNTER_GET FP0.05:(119115)Received command: FP_CMD_ACL_COUNTER_GET FP0.06:(119115)Received command: FP_CMD_ACL_COUNTER_GET FP0.03:(119115)Received command: FP_CMD_ACL_COUNTER_GET FP0.06:(119115)Received command: FP_CMD_ACL_COUNTER_GET FP0.07:(119125)Received command: FP_CMD_ACL_COUNTER_GET FP0.04:(119125)Received command: FP_CMD_ACL_COUNTER_GET FP0.03:(119125)Received command: FP_CMD_ACL_COUNTER_GETThe following is an example of the fastpath errors displayed while you execute the debug fastpath log errors command.
(Cisco Controller) >debug fastpath log errors FP0.04:(873365)[fp_ingress_capwap:429]Discarding Control/Data Plane DTLS-Application packets after Lookup Failed FP0.02:(873418)Change logDebugLevel from: 0x1e to 0x9The following is an example of the fastpath events displayed while you execute the debug fastpath log events command.
(Cisco Controller) >debug fastpath log events FP0.09:(873796)[fp_ingress_capwap:429]Discarding Control/Dat a Plane DTLS-Application packets after Lookup Failed FP0.06:(873921)Change logDebugLevel from: 0x9 to 0x1eThe following is an example displayed while you execute the debug fastpath log show command.
(Cisco Controller) >debug fastpath log show FP0.07:(874033)Change logDebugLevel from: 0x1e to 0x9 Fastpath CPU0.02: FAST CACHE DISABLED Fastpath CPU0.02: FAST CACHE ENABLED Fastpath CPU0.00: Received command: FP_CMD_ADD_AP Fastpath CPU0.05: Received command: FP_CMD_DEL_TUN4 ifTun=1113 Fastpath CPU0.03: Received command: FP_CMD_DEL_TUN4 ifTun=3161 Fastpath CPU0.03: Received command: FP_CMD_DEL_AP FP0.02:[cmdDelMcastRgTun:6733]failed to delete mcast rg tun 0 ifTun=3161 FP0.07:[fp_ingress_capwap:429]Discarding Control/Data Plane DTLS-Application packets after Lookup Failed FP0.01:[fp_ingress_capwap:429]Discarding Control/Data Plane DTLS-Application packets after Lookup Failed Fastpath CPU0.01: Received command: FP_CMD_ADD_TUN4 type=CAPWAP ifTun=1114 dstIP =9.4.110.100 dstMac=2037.06e2.5ec4 dstIPv6= 0000:0000:0000:0000:0000:0000:0000:0000 Fastpath CPU0.01: Tunnel 1114 srcip=9041820 dstip=9046e64 xor=0x7644(30276) LAG Offset=0,0,0,0,1,0,1,4 Fastpath CPU0.09: Received command: FP_CMD_ADD_TUN4 type=CAPWAP ifTun=3162 dstIP =9.4.110.100 dstMac=2037.06e2.5ec4 dstIPv6= 0000:0000:0000:0000:0000:0000:0000:0000 Fastpath CPU0.09: Tunnel 3162 srcip=9041820 dstip=9046e64 xor=0x7644(30276) LAG Offset=0,0,0,0,1,0,1,4 Fastpath CPU0.00: Received command: FP_CMD_SET_INTERFACE_MTU Fastpath CPU0.00: FAST CACHE DISABLED Fastpath CPU0.00: FAST CACHE ENABLED Fastpath CPU0.00: Received command: FP_CMD_ADD_AP Fastpath CPU0.03: Received command: FP_CMD_UPDATE_EOIP for index=5122 Fastpath CPU0.02: Received command: FP_CMD_UPDATE_EOIP for index=5122 Fastpath CPU0.00: Received command: FP_CMD_DEL_TUN4 ifTun=1114 Fastpath CPU0.03: Received command: FP_CMD_DEL_TUN4 ifTun=3162 Fastpath CPU0.03: Received command: FP_CMD_DEL_AP FP0.04:[cmdDelMcastRgTun:6733]failed to delete mcast rg tun 0 ifTun=3162debug l2age
debug mac
debug mdns all
Syntax Description
enable Enables the debugging of all mDNS messages, details, and errors.
disable Disables the debugging of all mDNS messages, details, and errors.
Command History
debug mdns detail
debug mdns error
Syntax Description
Command History
Examples
The following example shows how to enable the debugging of mDNS errors.
(Cisco Controller) > debug mdns error enabledebug mdns message
Syntax Description
Command History
Examples
The following example shows how to enable the debugging of mDNS messages:
(Cisco Controller) > debug mdns message enabledebug mdns ha
debug memory
To enable or disable the debugging of errors or events during the memory allocation of the Cisco WLC, use the debug memory command.
Syntax Description
Command Default
By default, the debugging of errors or events during the memory allocation of the Cisco WLC is disabled.
Command History
debug nmsp
To configure the debugging of the Network Mobility Services Protocol (NMSP), use the debug nmsp command.
Syntax Description
Command History
debug ntp
debug packet error
debug packet logging
To configure logging of the packets sent to the Cisco Wireless LAN Controller CPU, use the debug packet logging command.
debug packet logging { acl | disable | enable { rx | tx | all} packet_count display_size | format { hex2pcap | text2pcap}}
debug packet logging acl { clear-all | driver rule_index action npu_encap port | eoip-eth rule_index action dst src type vlan | eoip-ip rule_index action src dst proto src_port dst_port | eth rule_index action dst src type vlan | ip rule_index action src dst proto src_port dst_port | lwapp-dot11rule_index action dst src bssid type | lwapp-ip rule_index action src dst proto src_port dst_port}
Syntax Description
acl Filters the displayed packets according to a rule.
disable Disables logging of all the packets.
enable Enables logging of all the packets.
rx Displays all the received packets.
tx Displays all the transmitted packets.
all Displays both the transmitted and the received packets.
packet_count Maximum number of packets to be logged. The range is from 1 to 65535. The default value is 25.
display_size Number of bytes to be displayed when printing a packet. By default, the entire packet is displayed.
format Configures the format of the debug output.
hex2pcap Configures the output format to be compatible with the hex2pcap format. The standard format used by Cisco IOS supports the use of hex2pcap and can be decoded using an HTML front end.
text2pcap Configures the output format to be compatible with the text2pcap format. In this format, the sequence of packets can be decoded from the same console log file. .
clear-all Clears all the existing rules pertaining to the packets.
driver Filters the packets based on an incoming port or a Network Processing Unit (NPU) encapsulation type.
rule_index Index of the rule that is a value between 1 and 6 (inclusive).
action Action for the rule, which can be permit, deny, or disable.
npu_encap NPU encapsulation type that determines how the packets are filtered. The possible values are dhcp, dot11-mgmt, dot11-probe, dot1x, eoip-ping, iapp, ip, lwapp, multicast, orphan-from-sta, orphan-to-sta, rbcp, wired-guest, or any.
port Physical port for packet transmission or reception.
eoip-eth Filters packets based on the Ethernet II header in the Ethernet over IP (EoIP) payload.
dst Destination MAC address.
src Source MAC address.
type Two-byte type code, such as 0x800 for IP, 0x806 for Address Resolution Protocol (ARP). You can also enter a few common string values such as ip (for 0x800) or arp (for 0x806).
vlan Two-byte VLAN identifier.
eoip-ip Filters packets based on the IP header in the EoIP payload.
proto Protocol. Valide values are: ip, icmp, igmp, ggp, ipencap, st, tcp, egp, pup, udp, hmp, xns-idp, rdp, iso-tp4, xtp, ddp, idpr-cmtp, rspf, vmtp, ospf, ipip, and encap.
src_port User Datagram Protocol or Transmission Control Protocol (UDP or TCP) two-byte source port, such as telnet, 23 , or any. The Cisco WLC supports the following strings: tcpmux, echo, discard, systat, daytime, netstat, qotd, msp, chargen, ftp-data, ftp, fsp, ssh, telnet, smtp, time, rlp, nameserver, whois, re-mail-ck, domain, mtp, bootps, bootpc, tftp, gopher, rje, finger, www, link, kerberos, supdup, hostnames, iso-tsap, csnet-ns, 3com-tsmux, rtelnet, pop-2, pop-3, sunrpc, auth, sftp, uucp-path, nntp, ntp, netbios-ns, netbios-dgm, netbios-ssn, imap2, snmp, snmp-trap, cmip-man, cmip-agent, xdmcp, nextstep, bgp, prospero, irc, smux, at-rtmp, at-nbp, at-echo, at-zis, qmtp, z3950, ipx, imap3, ulistserv, https, snpp, saft, npmp-local, npmp-gui, and hmmp-ind.
dst_port UDP or TCP two-byte destination port, such as telnet, 23, or any. The Cisco WLC supports the same strings as those for the src_port.
eth Filters packets based on the values in the Ethernet II header.
ip Filters packets based on the values in the IP header.
lwapp-dot11 Filters packets based on the 802.11 header in the Lightweight Access Point Protocol (LWAPP) payload.
bssid Basic Service Set Identifier of the VLAN.
lwapp-ip Filters packets based on the IP header in the LWAPP payload.
Command History
debug poe
debug rbcp
debug rfid
debug snmp
debug transfer
debug voice-diag
Syntax Description
Enables the debugging of voice diagnostics for voice clients involved in a call.
(Optional) MAC address of an additional voice client.
Note Voice diagnostics can be enabled or disabled for a maximum of two voice clients at a time.
(Optional) Enables debug information to be displayed on the console.
Note When voice diagnostics is enabled from the NCS or Prime Infrastructure, the verbose option is not available.
Disables the debugging of voice diagnostics for voice clients involved in a call.
Usage Guidelines
Follow these guidelines when you use the debug voice-diag command:
- When the command is entered, the validity of the clients is not checked.
- A few output messages of the command are sent to the NCS or Prime Infrastructure.
- The command expires automatically after 60 minutes.
- The command provides the details of the call flow between a pair of client MACs involved in an active call.
Note
Voice diagnostics can be enabled for a maximum of two voice clients at a time.
show debug
To determine if the MAC address and other flag debugging is enabled or disabled, sse the show debug command.
Syntax Description
Examples
This example shows how to display if debugging is enabled:
> show debug MAC debugging............................... disabled Debug Flags Enabled: arp error enabled. bcast error enabled.This example shows how to display if debugging is enabled:
> show debug packet Status........................................... disabled Number of packets to display..................... 0 Bytes/packet to display.......................... 0 Packet display format............................ text2pcap Driver ACL: [1]: disabled [2]: disabled [3]: disabled [4]: disabled [5]: disabled [6]: disabled Ethernet ACL: [1]: disabled [2]: disabled [3]: disabled [4]: disabled [5]: disabled [6]: disabled IP ACL: [1]: disabled [2]: disabled [3]: disabled [4]: disabled [5]: disabled [6]: disabled EoIP-Ethernet ACL: [1]: disabled [2]: disabled [3]: disabled [4]: disabled [5]: disabled [6]: disabled EoIP-IP ACL: [1]: disabled [2]: disabled [3]: disabled [4]: disabled [5]: disabled [6]: disabled LWAPP-Dot11 ACL: [1]: disabled [2]: disabled [3]: disabled [4]: disabled [5]: disabled [6]: disabled LWAPP-IP ACL: [1]: disabled [2]: disabled [3]: disabled [4]: disabled [5]: disabled [6]: disabledshow eventlog
Command History
Examples
The following is a sample output of the show eventlog command:
(Cisco Controller) > show eventlog Time File Line TaskID Code d h m s EVENT> bootos.c 788 125CEBCC AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 125CEBCC AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 125C597C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 125C597C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 125C597C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 125C597C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 125C597C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 125C597C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 1216C36C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 1216C36C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 1216C36C AAAAAAAA 0 0 0 6 EVENT> bootos.c 788 1216C36C AAAAAAAA 0 0 0 11show memory monitor
To display a summary of memory analysis settings and any discovered memory issues, use the show memory monitor command.
Syntax Description
Command History
Usage Guidelines
Be careful when changing the defaults for the config memory monitor command unless you know what you are doing, you have detected a problem, or you are collecting troubleshooting information.
Examples
The following is a sample output of the show buffers command:
(Cisco Controller) > show memory monitor Memory Leak Monitor Status: low_threshold(10000), high_threshold(30000), current status(disabled) ------------------------------------------- Memory Error Monitor Status: Crash-on-error flag currently set to (disabled) No memory error detected.The following is a sample output of the show memory monitor detail command:
(Cisco Controller) > show memory monitor detail Memory error detected. Details: ------------------------------------------------ - Corruption detected at pmalloc entry address: (0x179a7ec0) - Corrupt entry:headerMagic(0xdeadf00d),trailer(0xabcd),poison(0xreadceef), entrysize(128),bytes(100),thread(Unknown task name,task id = (332096592)), file(pmalloc.c),line(1736),time(1027) Previous 1K memory dump from error location. ------------------------------------------------ (179a7ac0): 00000000 00000000 00000000 ceeff00d readf00d 00000080 00000000 00000000 (179a7ae0): 17958b20 00000000 1175608c 00000078 00000000 readceef 179a7afc 00000001 (179a7b00): 00000003 00000006 00000001 00000004 00000001 00000009 00000009 0000020d (179a7b20): 00000001 00000002 00000002 00000001 00000004 00000000 00000000 5d7b9aba (179a7b40): cbddf004 192f465e 7791acc8 e5032242 5365788c a1b7cee6 00000000 00000000 (179a7b60): 00000000 00000000 00000000 00000000 00000000 ceeff00d readf00d 00000080 (179a7b80): 00000000 00000000 17958dc0 00000000 1175608c 00000078 00000000 readceef (179a7ba0): 179a7ba4 00000001 00000003 00000006 00000001 00000004 00000001 00003763 (179a7c00): 1722246c 1722246c 00000000 00000000 00000000 00000000 00000000 ceeff00d (179a7c20): readf00d 00000080 00000000 00000000 179a7b78 00000000 1175608c 00000078 ...show run-config
To display a comprehensive view of the current Cisco wireless LAN controller configuration, use the show run-config command.
Syntax Description
Command History
Usage Guidelines
These commands have replaced the show running-config command.
Some WLAN controllers may have no Crypto Accelerator (VPN termination module) or power supplies listed because they have no provisions for VPN termination modules or power supplies.
The show run-config command shows only values configured by the user. It does not show system-configured default values.
Examples
The following is a sample output of the show run-config command:
(Cisco Controller) > show run-config Press Enter to continue... System Inventory Switch Description............................... Cisco Controller Machine Model.................................... Serial Number.................................... FLS0923003B Burned-in MAC Address............................ xx:xx:xx:xx:xx:xx Crypto Accelerator 1............................. Absent Crypto Accelerator 2............................. Absent Power Supply 1................................... Absent Power Supply 2................................... Present, OK Press Enter to continue Or <Ctl Z> to abort...show process
To display how various processes in the system are using the CPU at that instant in time, use the show process command.
Syntax Description
Displays how various system tasks are using the CPU at that moment.
Displays the allocation and deallocation of memory from various processes in the system at that moment.
Usage Guidelines
This command is helpful in understanding if any single task is monopolizing the CPU and preventing other tasks from being performed.
Examples
This example shows how to display various tasks in the system that are using the CPU at a given moment:
> show process cpu Name Priority CPU Use Reaper reaperWatcher ( 3/124) 0 % ( 0/ 0)% I osapiReaper (10/121) 0 % ( 0/ 0)% I TempStatus (255/ 1) 0 % ( 0/ 0)% I emWeb (255/ 1) 0 % ( 0/ 0)% T 300 cliWebTask (255/ 1) 0 % ( 0/ 0)% I UtilTask (255/ 1) 0 % ( 0/ 0)% T 300This example shows how to display the allocation and deallocation of memory from various processes at a given moment:
> show process memory Name Priority BytesinUse Reaper reaperWatcher ( 3/124) 0 ( 0/ 0)% I osapiReaper (10/121) 0 ( 0/ 0)% I TempStatus (255/ 1) 308 ( 0/ 0)% I emWeb (255/ 1) 294440 ( 0/ 0)% T 300 cliWebTask (255/ 1) 738 ( 0/ 0)% I UtilTask (255/ 1) 308 ( 0/ 0)% T 300show tech-support
To display Cisco wireless LAN controller variables frequently requested by Cisco Technical Assistance Center (TAC), use the show tech-support command.
Examples
This example shows how to display system resource information:
> show tech-support Current CPU Load................................. 0% System Buffers Max Free Buffers.............................. 4608 Free Buffers.................................. 4604 Buffers In Use................................ 4 Web Server Resources Descriptors Allocated......................... 152 Descriptors Used.............................. 3 Segments Allocated............................ 152 Segments Used................................. 3 System Resources Uptime........................................ 747040 Secs Total Ram..................................... 127552 Kbytes Free Ram...................................... 19540 Kbytes Shared Ram.................................... 0 Kbytes Buffer Ram.................................... 460 Kbytesconfig memory monitor errors
To enable or disable monitoring for memory errors and leaks, use the config memory monitor errors command.
Caution
The config memory monitor commands can be disruptive to your system and should be run only when you are advised to do so by the Cisco TAC.
Syntax Description
Command History
Usage Guidelines
Be cautious about changing the defaults for the config memory monitor command unless you know what you are doing, you have detected a problem, or you are collecting troubleshooting information.
config memory monitor leaks
To configure the controller to perform an auto-leak analysis between two memory thresholds, use the config memory monitor leaks command.
Caution
The config memory monitor commands can be disruptive to your system and should be run only when you are advised to do so by the Cisco TAC.
Syntax Description
Command Default
The default value for low_thresh is 10000 KB; the default value for high_thresh is 30000 KB.
Command History
Usage Guidelines
Note
Be cautious about changing the defaults for the config memory monitor command unless you know what you are doing, you have detected a problem, or you are collecting troubleshooting information.
Use this command if you suspect that a memory leak has occurred.
If the free memory is lower than the low_thresh threshold, the system crashes, generating a crash file. The default value for this parameter is 10000 KB, and you cannot set it below this value.
Set the high_thresh threshold to the current free memory level or higher so that the system enters auto-leak-analysis mode. After the free memory reaches a level lower than the specified high_thresh threshold, the process of tracking and freeing memory allocation begins. As a result, the debug memory events enable command shows all allocations and frees, and the show memory monitor detail command starts to detect any suspected memory leaks.
config msglog level critical
To reset the message log so that it collects and displays only critical (highest-level) messages, use the config msglog level critical command.
Command History
Usage Guidelines
The message log always collects and displays critical messages, regardless of the message log level setting.
config msglog level error
To reset the message log so that it collects and displays both critical (highest-level) and error (second-highest) messages, use the config msglog level error command.
Command History
config msglog level security
To reset the message log so that it collects and displays critical (highest-level), error (second-highest), and security (third-highest) messages, use the config msglog level security command.
Command History
config msglog level verbose
config msglog level warning
To reset the message log so that it collects and displays critical (highest-level), error (second-highest), security (third-highest), and warning (fourth-highest) messages, use the config msglog level warning command.
Command History
