- 11w client | association-comeback | saquery-retry (SSID configuration mode)
- aaa authentication login default local cache
- aaa authorization exec default local cache
- aaa cache profile
- aaa new-model
- aaa pod server
- accounting (SSID configuration mode)
- address
- address
- admission-control (QOS Class interface configuration mode)
- admit-traffic (QOS Class interface configuration mode)
- anonymous-id (dot1x credentials configuration mode)
- antenna
- ampdu
- authentication (local server configuration mode)
- authentication client
- authentication key-management
- authentication key-management wpa version 2 dot11r
- authentication network-eap (SSID configuration mode)
- authentication open (SSID configuration mode)
- authentication shared (SSID configuration mode)
- beacon
- beacon privacy guest-mode
- bgp-policy
- boot buffersize
- boot ios-break
- boot mode-button
- boot upgrade
- bridge aging-time
- bridge forward-time
- bridge hello-time
- bridge max-age
- bridge multiple-port client-vlan
- bridge priority
- bridge protocol ieee
- bridge-group block-unknown-source
- bridge-group path-cost
- bridge-group port-protected
- bridge-group priority
- bridge-group spanning-disabled
- bridge-group subscriber-loop-control
- bridge-group unicast-flooding
- broadcast-key
- cache authentication profile
- cache authorization profile
- cache expiry
- cca
- cca-threshold
- channel
- channel-match (LBS configuration mode)
- class-map
- clear dot11 aaa authentication mac-authen filter-cache
- clear dot11 cckm-statistics
- clear dot11 client
- clear dot11 hold-list
- clear dot11 next-aps
- clear dot11 statistics
- clear dot11 ids mfp client statistics
- clear eap sessions
- clear iapp rogue-ap-list
- clear iapp statistics
- clear ip igmp snooping membership
- clear wlccp wds
- clear wlccp wds recovery statistics
- concatenation
- copy run scp://url
- countermeasure tkip hold-time
- crypto key generate rsa
- cw-max (QOS Class interface configuration mode)
- cw-min (QOS Class interface configuration mode)
- debug dot11
- debug dot11 aaa
- debug dot11 autoconfigsm
- debug dot11 autoconfigev
- debug dot11 cac
- debug dot11 dot11radio
- debug dot11 ft
- debug dot11 ft-scan
- debug dot11 ids
- debug dot11 ids mfp
- debug eap
- debug iapp
- debug l2tp packet
- debug radius local-server
- debug vpdn packet
- debug wlccp ap
- debug wlccp ap rm enhanced-neighbor-list
- debug wlccp packet
- debug wlccp rmlib
- debug wlccp wds
- description (dot1x credentials configuration mode)
- dfs band
- distance
- dot11 aaa authentication attributes service
- dot11 aaa authentication mac-authen filter-cache
- dot11 aaa csid
- dot11 activity-timeout
- dot11 adjacent-ap age-timeout
- dot11 adjacent-ap age-timeout
- dot11 ant-band-mode
- dot11 arp-cache
- dot11 association mac-list
- dot11 auto-immune
- dot11 band-select parameters
- dot11 carrier busy
- dot11 dhcp broadcast allowed
- dot11 dot11r pre-authentication
- dot11 dot11r re-association timer
- dot11 extension aironet
- dot11 extension power native
- dot11 guest username
- dot11 holdoff-time
- dot11 ids eap attempts
- dot11 ids mfp
- dot11 igmp snooping-helper
- dot11 lbs
- dot11 linktest
- dot11 location isocc
- dot11 mbssid
- dot11 meter
- dot11 network-map
- dot11 pause-time
- dot11 phone
- dot11 priority-map avvid
- dot11 qos class
- dot11 ssid
- dot11 ssid band-select
- dot11 syslog
- dot11 update-group-key
- dot11 vlan-name
- dot11 wpa handshake init-delay
- dot11 wpa handshake timeout
- dot1x credentials
- dot1x eap profile (configuration interface mode)
- dot1x eap profile (SSID configuration mode)
- dot1x timeout reauth-period
- dot1x timeout supp-response
- duplex
- eap profile
- eapfast authority
- eapfast pac expiry
- eapfast server-key
- encryption key
- encryption mode ciphers
- encryption mode wep
- exception crashinfo buffersize
- exception crashinfo file
- fixed-slot (QOS Class interface configuration mode)
- fragment-threshold
- group (local server configuration mode)
- guard-interval
- guest-mode (SSID configuration mode)
- iapp path destination
- iapp path destination source
- iapp standby mac-address
- iapp standby poll-frequency
- iapp standby primary-shutdown
- iapp standby timeout
- ids mfp client
- information-element ssidl (SSID configuration mode)
- infrastructure-client
- infrastructure-ssid (SSID configuration mode)
- interface dot11 (LBS configuration mode)
- interface dot11radio
- ip admission web_passthrough
- ip cef
- ip igmp snooping vlan
- ip redirection
- ip SSH version
- ipv6 access-list
- ipv6 address autoconfig
- ipv6 address dhcp rapid-commit
- ipv6 address ipv6-address link-local
- ipv6 nd autoconfig
- ipv6 nd cache
- ipv6 nd dad
- ipv6 nd na glean
- ipv6 nd ns-interval
- ipv6 nd reachable-time
- ipv6 traffic-filter
- l2-filter bridge-group-acl
- l2-filter-block-arp
- led display
- led flash
- logging buffered
- logging snmp-trap
- match (class-map configuration)
- max-associations (SSID configuration mode)
- mbssid
- mbssid (SSID configuration mode)
- method (eap profile configuration mode)
- method (LBS configuration mode)
- mobile station
- mobility network-id
- multicast address (LBS configuration mode)
- nas (local server configuration mode)
- packet max-retries
- packet retries
- packet speed
- packet timeout
- packet-type (LBS configuration mode)
- parent
- parent timeout
- password (dot1x credentials configuration mode)
- payload-encapsulation
- pki-trustpoint (dot1x credentials configuration mode)
- power client
- power inline negotiation
- power local
- preamble-short
- probe-response gratuitous
- radius local-server pac-generate
- radius server
- radius-server local
- routing dynamic
- rts
- rxsop-threshold
- server-address (LBS configuration mode)
- short-slot-time
- show dot11 autoconfig status
- show boot mode-button
- show controllers dot11radio
- show dot11 aaa authentication mac-authen filter-cache
- show dot11 adjacent-ap
- show dot11 associations
- show dot11 bssid
- show dot11 cac
- show dot11 carrier busy
- show dot11 directed-roam
- show dot11 ids eap
- show dot11 ids mfp
- show dot11 neighbor-ap
- show dot11 network-map
- show dot11 statistics client-traffic
- show dot11 traffic-streams
- show dot11 vlan-name
- show dot1x
- show dot1x credentials
- show eap registrations
- show eap sessions
- show environment
- show iapp rogue-ap-list
- show iapp standby-parms
- show iapp statistics
- show interfaces dot11radio
- show interfaces dot11radio aaa
- show interfaces dot11radio statistics
- show ip igmp snooping groups
- show l2tp tunnel packets
- show led flash
- show power-injector
- show radius local-server statistics
- show running-config ssid
- show spanning-tree
- show specrum recover | status
- show wlccp
- show wlccp ap mn
- show wlccp ap rm enhanced-neighbor-list
- snmp-server enable traps
- snmp-server enable traps envmon temperature
- snmp-server group
- snmp-server location
- snmp-server user
- snmp-server view
- speed (Ethernet interface)
- speed (radio interface)
- speed ofdm
- ssid
- station-role
- station-role install
- tacacs server
- timeout-absolute
- transmit-op (QOS Class interface configuration mode)
- traffic-class
- traffic-stream
- username (dot1x credentials configuration mode)
- user (local server configuration mode)
- username privilege password
- vlan (SSID configuration mode)
- vocera
- web-auth
- wlccp ap eap profile
- wlccp ap username
- wlccp authentication-server
- wlccp wds aaa authentication mac-authen filter-cache
- wlccp wds mode wds-only
- wlccp wds priority
- wlccp wnm ip address
- workgroup-bridge client-vlan
- workgroup-bridge no_reset
- workgroup-bridge timeouts assoc-response
- workgroup-bridge timeouts auth-response
- workgroup-bridge timeouts channel-scan
- workgroup-bridge timeouts client-add
- workgroup-bridge timeouts eap-timeout
- workgroup-bridge timeouts iapp-refresh
- workgroup-bridge unified-vlan-client
- world-mode
- wpa-psk
- write memory
- write terminal
Cisco IOS Commands for Access Points
and Bridges
This chapter lists and describes Cisco IOS commands in Cisco IOS Releases 15.2(2)JB that you use to configure and manage your access point, bridge, and wireless LAN. The commands are listed alphabetically. Refer to Appendix A, “List of Supported Cisco IOS Commands,” for a complete list of Cisco IOS commands supported by access points and bridges.
11w client | association-comeback | saquery-retry (SSID configuration mode)
To enable 802.11w data transfer, use the 11w client | association-comeback | saquery-retry command in SSID configuration mode command.
11w client | association-comeback | saquery-retry
Syntax Description
Specifies the association comeback time. Valid range is from 1000ms to 20000ms. |
|
Specifies the saquery retry time. Valid range is from 100ms to 500ms. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
aaa authentication login default local cache
To set a local login cache for authentication, authorization, and accounting (AAA) authentication, use the aaa authentication login default local cache command in global configuration mode. To disable the local login cache, use the no form of this command:
[no] aaa authentication login default local cache [word | radius | tacacs+]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
The following example creates a local cache for an AAA authentication list called tac_admin set as the default list used for all login authentications. This authentication checks the local cache first, and if the information is not available, the authentication server (group tac_admin) is contacted and the information is also stored in the local cache.
Related Commands
|
|
|
|---|---|
aaa authorization exec default local cache
To set a local cache for AAA exec authorization, use the aaa authorization exec default local cache command in global configuration mode. To disable the local cache, use the no form of this command:
[no] aaa authorization exec default local cache [word| radius | tacacs+]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
The following example creates a local exec mode cache for an AAA authorization list called tac_admin set as the default list used for all login authorizations. This authorization checks the local cache first, and if the information is not available, the authorization server (group tac_admin) is contacted and the information is also stored in the local cache.
Related Commands
|
|
|
|---|---|
aaa cache profile
To set storage rules for the AAA cache, use the aaa cache profile command in global configuration mode. To disable the AAA cache profile, use the no form of this command:
[no] aaa cache profile name
[no] profile exact match [no-auth]
[no] regexp match expression [any | only] [no-auth]
[no] all [no-auth]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
The following example sets a name of admin_cache for the AAA cache profile and only stores AAA server responses with the username administrator in the cache.
Related Commands
|
|
|
|---|---|
aaa new-model
To enable new commands on the access point, use the aaa new-model command in the global configuration mode. This command disables all old commands.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable new commands on an access point:
aaa pod server
To enable inbound user sessions to be disconnected when specific session attributes are presented, use the aaa pod server command in global configuration mode. To disable this feature, use the no form of this command.
Packet of Disconnect (POD) consists of a method of terminating a session that is already connected. The POD is a RADIUS disconnect_request packet and is intended to be used in situations where the authenticating agent server wants to disconnect the user after the session has been accepted by the RADIUS access_accept packet.
aaa pod server {
auth-type [all | any | session-key] |
clients IP-address |
ignore [server-key | session-key] |
port number |
server-key string}
Syntax Description
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
For a session to be disconnected, the values in one or more of the key fields in the POD request must match the values for a session on one of the network access server ports. Which values must match depends on the auth-type attribute defined in the command. If no auth-type is specified, all four values must match. If no match is found, all connections remain intact and an error response is returned. The key fields are:
Related Commands
|
|
|
|---|---|
Delays generation of the start accounting record until the user IP address is established. |
|
accounting (SSID configuration mode)
Use the accounting SSID configuration mode command to enable RADIUS accounting for the radio interface (for the specified SSID). Use the no form of the command to disable accounting.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You create accounting lists using the aaa accounting command. These lists indirectly reference the server where the accounting information is stored.
Examples
This example shows how to enable RADIUS accounting and set the RADIUS server name:
This example shows how to disable RADIUS accounting:
Related Commands
|
|
|
|---|---|
address
To specify the IP address, authentication port and accounting port while configuring the RADIUS server on the access point, use the address command in the radius server configuration submode.
address [IP address ip-address ] [auth-port port-number ] [acct-port port-number ]
Syntax Description
Specifies the IP address. It can be an IPv4 or IPv6 address. |
|
Specifies the UDP destination port for authentication requests |
|
Defaults
Command Modes
RADIUS server configuration submode
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the IP address, authentication port and accounting port while configuring the RADIUS server on the access point:
address
To specify the IP address, while configuring the TACACs server on the access point, use the address command in the tacacs server configuration submode.
Syntax Description
Specifies the IP address. It can be an IPv4 or IPv6 address. |
Defaults
Command Modes
TACACS server configuration submode
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the IP address, while configuring the TACACS server on the access point:
admission-control (QOS Class interface configuration mode)
Use the admission-control QOS Class interface configuration mode command to require call admission control (CAC) traffic for a radio interface. Use the no form of the command to remove the setting.
Note
This command is not supported on c1200 and c1100 platforms.
Note This command is not supported when operating in repeater mode.
Syntax Description
Defaults
Command Modes
QOS Class interface configuration mode
Command History
|
|
|
|---|---|
Examples
This example shows how to configure CAC admission control as a requirement for the radio interface:
This example shows how to remove the CAC admission control requirement on the radio interface:
Related Commands
admit-traffic (QOS Class interface configuration mode)
Use the admit-traffic QOS Class interface configuration mode command to enable CAC traffic for a radio interface. Use the no form of the command to disable all CAC traffic for the access point.
admit-traffic {narrowband | signaling} {infinite | max-channel percent}
[roam-channel roam]
Note This command is not supported when operating in repeater mode.
Syntax Description
Defaults
Command Modes
QOS Class interface configuration mode
Command History
|
|
|
|---|---|
Examples
This example shows how to configure CAC voice traffic parameters for the radio interface:
This example shows how to disable CAC traffic on the radio interface:
Related Commands
anonymous-id (dot1x credentials configuration mode)
Use the anonymous-id dot1x credentials configuration mode command to configure an anonymous username for the dot1x credentials. Use the no form of the command to disable anonymous-id.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure a dot1x certificate anonymous username:
This example shows how to disable the anonymous username:
Related Commands
|
|
|
|---|---|
Displays the configured dot1x credentials on the access point. |
antenna
Use the antenna configuration interface command to configure the radio receive or transmit antenna settings. Use the no form of this command to reset the receive antenna to defaults.
[no] antenna
{gain gain |
{receive | transmit {diversity | left | middle | right}}}
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the right receive antenna option:
This example shows how to set the receive antenna option to defaults:
This example shows how to enter an antenna gain setting:
Related Commands
|
|
|
|---|---|
ampdu
Use the ampdu command to allow or disallow the use of 802.11n AMPDU aggregation for a particular class of service. The command should be used on classes of service that have considerable traffic (such as best effort or video) where the packets are transmitted close together in time so that they can be aggregated. The command applies only to the 802.11n radio interfaces.
Use the no form of this command to reset the receive antenna to defaults.
[no] ampdu
{transmit |
{priority |0-7|}
Syntax Description
Assigns a class of service transmit priority to the selected 802.11n radio interface as follows: |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify AMPDU transmit priority 7 to an 802.11n radio interface
This example shows how to disable AMPDU transmit priority to the 802.11 radio interface:
authentication (local server configuration mode)
Use the authentication local server configuration command to specify the authentication types that are allowed on the local authenticator. By default, a local authenticator access point performs LEAP, EAP-FAST, and MAC-based authentication for up to 50 client devices. You use the no form of the authentication command to limit the local authenticator to one or more authentication types.
[no] authentication [eapfast] [leap] [ mac ]
Note This command is not supported on bridges.
Syntax Description
Defaults
By default, a local authenticator access point performs LEAP, EAP-FAST, and MAC-based authentication. To limit the local authenticator to one or two authentication types, use the no form of the command to disable unwanted authentication types.
Command Modes
Local server configuration mode
Command History
|
|
|
|---|---|
Examples
This example shows how to limit the local authenticator to perform only LEAP authentications for client devices:
Related Commands
authentication client
Use the authentication client configuration interface command to configure a LEAP username and password that the access point uses when authenticating to the network as a repeater.
authentication client username username password password
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the LEAP username and password that the repeater uses to authenticate to the network:
Related Commands
|
|
|
|---|---|
authentication key-management
Use the authentication key-management SSID configuration mode command to configure the radio interface (for the specified SSID) to support authenticated key management. Cisco Centralized Key Management (CCKM) and Wi-Fi Protected Access (WPA) are the key management types supported on the access point.
authentication key-management {[wpa version] [cckm]} [optional]
Note This command is not supported on bridges.
Syntax Description
Specifies WPA MFP version authenticated key management for the SSID |
|
Specifies that client devices that do not support authenticated key management can use the SSID |
Defaults
Command Modes
Command History
|
|
|
|---|---|
This command was modified to allow you to enable both WPA and CCKM for an SSID. |
|
This command was modified to allow you to specify MFP versions 1 or 2 usage. |
Usage Guidelines
Use this command to enable authenticated key management for client devices.
- To enable authenticated key management, you must enable a cipher suite using the encryption mode ciphers command.
- To support WPA on a wireless LAN where 802.1x-based authentication is not available, you must use the wpa-psk command to configure a pre-shared key for the SSID.
- When you enable both WPA and CCKM for an SSID, you must enter wpa first and cckm second in the command. Any WPA client can attempt to authenticate, but only CCKM voice clients can attempt to authenticate. Only 802.11b and 802.11g radios support WPA and CCKM simultaneously.
- To enable both WPA and CCKM, you must set the encryption mode to a cipher suite that includes TKIP.
Examples
This example shows how to enable both WPA and CCKM for an SSID:
Related Commands
|
|
|
|---|---|
authentication key-management wpa version 2 dot11r
To configure the 802.11 r radio interface (for the specified SSID), use the authentication key-management wpa version 2 dot11r command in SSID configuration mode.
authentication key-management wpa version 2 dot11r
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure 802.11r radio interface for a specified interface:
authentication network-eap (SSID configuration mode)
Use the authentication network-eap SSID configuration mode command to configure the radio interface (for the specified SSID) to support network-EAP authentication with optional MAC address authentication. Use the no form of the command to disable network-eap authentication for the SSID.
[no] authentication
network-eap list-name
[mac-address list-name]
Note The mac-address option is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Use this command to authenticate clients using the network EAP method, with optional MAC address screening. You define list names for MAC addresses and EAP using the aaa authentication login command. These lists define the authentication methods activated when a user logs in and indirectly identify the location where the authentication information is stored.
Note Using the CLI, you can configure up to 2,048 MAC addresses for filtering. Using the web-browser interface, however, you can configure only up to 43 MAC addresses for filtering.
Examples
This example shows how to set the authentication to open for devices on a specified address list:
This example shows how to reset the authentication to default values:
Related Commands
|
|
|
|---|---|
authentication open (SSID configuration mode)
Use the authentication open SSID configuration mode command to configure the radio interface (for the specified SSID) to support open authentication and optionally EAP authentication or MAC address authentication. Use the no form of the command to disable open authentication for the SSID.
[no] authentication open
[[optional] eap list-name]
[mac-address list-name [alternate] ]
Note The mac-address and alternate options are not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Use this command to authenticate clients using the open method, with optional MAC address or EAP screenings. If you use the alternate keyword, the client must pass either MAC address or EAP authentication. Otherwise, the client must pass both authentications. Use the optional keyword to allow client devices using either open or EAP authentication to associate and become authenticated. You define list names for MAC addresses and EAP using the aaa authentication login command. These lists define the authentication methods activated when a user logs in and indirectly identify the location where the authentication information is stored.
Examples
This example shows how to enable open authentication with MAC address restrictions:
This example shows how to disable open authentication for the SSID:
Related Commands
|
|
|
|---|---|
authentication shared (SSID configuration mode)
Use the authentication shared SSID configuration mode command to configure the radio interface (for the specified SSID) to support shared authentication with optional MAC address authentication and EAP authentication. Use the no form of the command to disable shared authentication for the SSID.
[no] authentication shared
[mac-address list-name]
[eap list-name]
Note The mac-address option is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Use this command to authenticate clients using the shared method, with optional MAC address or EAP screenings. You define list names for MAC addresses and EAP using the aaa authentication login command. These lists define the authentication methods activated when a user logs in and indirectly identify the location where the authentication information is stored.
Examples
This example shows how to set the authentication to shared for devices on a MAC address list:
This example shows how to reset the authentication to default values:
Related Commands
|
|
|
|---|---|
beacon
Use the beacon configuration interface command to specify how often the beacon contains a Delivery Traffic Indicator Message (DTIM). Use the no form of this command to reset the beacon interval to defaults.
[no] beacon {period Kms | dtim-period count }
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Clients normally wake up each time a beacon is sent to check for pending packets. Longer beacon periods let the client sleep longer and preserve power. Shorter beacon periods reduce the delay in receiving packets.
Controlling the DTIM period has a similar power-saving result. Increasing the DTIM period count lets clients sleep longer, but delays the delivery of multicast packets. Because multicast packets are buffered, large DTIM period counts can cause a buffer overflow.
Examples
This example shows how to specify a beacon period of 15 Kms (15.36 milliseconds):
This example shows how to set the beacon parameter to defaults:
Related Commands
|
|
|
|---|---|
beacon privacy guest-mode
This command must be configured if you wish the beacon frames to use the privacy settings of the guest-mode SSID. If there is no guest-mode SSID configured, the command has no effect. If there is a guest-mode SSID and the command is configured, the privacy bit present in the beacon frames are set to ON/OFF according to how the security (encryption) settings of the guest-mode SSID are configured.
The command has no effect in MBSSID mode.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
The following is a sample showing how the command is used.
bgp-policy
To configure the bgp-policy, use the bgp-policy command in BVI interface mode.
bgp-policy accounting {input | output} | destination {ip-prec-map | ip-qos-map} | source {ip-prec-map | ip-qos-map}
Syntax Description
Configures bgp based policy accounting of traffic (input on default). |
|
Defaults
Command Modes
Command History
|
|
|
|---|---|
boot buffersize
To modify the buffer size used to load configuration files, use the boot buffersize global configuration command. Use the no form of the command to return to the default setting.
Syntax Description
Specifies the size of the buffer to be used. Enter a value from 4 KB to 512 KB. |
Defaults
The default buffer size for loading configuration files is 32 KB.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Increase the boot buffer size if your configuration file size exceeds 512 KB.
Examples
This example shows how to set the buffer size to 512 KB:
boot ios-break
Use the boot ios-break global configuration command to enable an access point or bridge to be reset using a send break Telnet command.
After you enter the boot ios-break command, you can connect to the access point console port and press Ctrl-] to bring up the Telnet prompt. At the Telnet prompt, enter send break. The access point reboots and reloads the image.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable an access point or bridge to be reset using a send break Telnet command:
boot mode-button
Use the boot mode-button global configuration command to enable or disable the operation of the mode button on access points with a console port. This command can be used to prevent password recovery and to prevent unauthorized users from gaining access to the access point CLI.
Use the no form of the command to disable the access point mode button.
This command can be used to disable password recovery. If you lose the privileged EXEC password for the access point after entering this command, you need to contact Cisco Technical Assistance Center (TAC) to regain access to the access point CLI.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
| Note This command requires the 12.3(2)JA or later access point boot loader. |
Examples
This example shows how to disable the Mode button on an access point with a console port:
This example shows how to reenable the Mode button on an access point with a console port:
Note You must know the privileged EXEC password for your access point to access the CLI.
Related Commands
|
|
|
|---|---|
boot upgrade
Use the boot upgrade global interface command to configure access points and bridges to automatically load a configuration and use DHCP options to upgrade system software.
When your access point renews its IP address with a DHCP request, it uses the details configured on the DHCP server to download a specified configuration file from a TFTP server. If a boot system command is part of the configuration file and the unit’s current software version is different, the access point or bridge image is automatically upgraded to the version in the configuration. The access point or bridge reloads and executes the new image.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to prevent an access point or bridge from automatically loading a configuration and upgrading system software:
bridge aging-time
Use the bridge aging-time global configuration command to configure the length of time that a dynamic entry can remain in the bridge table from the time the entry is created or last updated.
bridge group aging-time seconds
Note This command is supported only on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the aging time for bridge group 1:
Related Commands
|
|
|
|---|---|
Specifies the interval that the bridge waits to hear BPDUs from the spanning tree root |
|
bridge forward-time
Use the bridge forward-time global configuration command to configure the forward delay interval on the bridge.
bridge group aging-time seconds
Note This command is supported only on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the forward time for bridge group 2:
Related Commands
bridge hello-time
Use the bridge hello-time global configuration command to configure the interval between hello bridge protocol data units (BPDUs).
bridge group hello-time seconds
Note This command is supported only on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the hello time for bridge group 1:
Related Commands
bridge max-age
Use the bridge max-age global configuration command to configure the interval that the bridge waits to hear BPDUs from the spanning tree root. If the bridge does not hear BPDUs from the spanning tree root within this specified interval, it assumes that the network has changed and recomputes the spanning-tree topology.
Note This command is supported only on bridges.
Syntax Description
Specifies the max-age interval in seconds (enter a value between 10 and 200 seconds) |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the max age for bridge group 1:
Related Commands
|
|
|
|---|---|
Specifies the length of time that a dynamic entry can remain in the bridge table from the time the entry is created or last updated |
|
bridge multiple-port client-vlan
To configure vlan-id in secondary ethernet port, use the bridge multiple-port client-vlan command in Interface configuration mode command.
bridge multiple-port client-vlan
Note This command is supported only on bridges.
Syntax Description
Specifies the VLAN ID of all the ethernet connected clients. Valid range is from 1 to 4095. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the vlan-id in secondary ethernet port.
bridge priority
Use the bridge priority global configuration command to configure the spanning tree priority for the bridge. STP uses the bridge priority to select the spanning tree root. The lower the priority, the more likely it is that the bridge will become the spanning tree root.
The radio and Ethernet interfaces and the native VLAN on the bridge are assigned to bridge group 1 by default. When you enable STP and assign a priority on bridge group 1, STP is enabled on the radio and Ethernet interfaces and on the primary VLAN, and those interfaces adopt the priority assigned to bridge group 1. You can create bridge groups for sub-interfaces and assign different STP settings to those bridge groups.
bridge group priority priority
Note This command is supported only on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the priority for the bridge:
Related Commands
bridge protocol ieee
Use the bridge number protocol ieee global configuration command to enable Spanning Tree Protocol (STP) on the bridge. STP is enabled for all interfaces assigned to the bridge group that you specify in the command.
The radio and Ethernet interfaces and the native VLAN on the bridge are assigned to bridge group 1 by default. When you enable STP and assign a priority on bridge group 1, STP is enabled on the radio and Ethernet interfaces and on the primary VLAN, and those interfaces adopt the priority assigned to bridge group 1. You can create bridge groups for sub-interfaces and assign different STP settings to those bridge groups.
bridge number protocol ieee [suspend]
Note This command is supported only on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable STP for bridge group 1:
Related Commands
bridge-group block-unknown-source
Use the bridge-group block-unknown-source configuration interface command to block traffic from unknown MAC addresses on a specific interface. Use the no form of the command to disable unknown source blocking on a specific interface.
For STP to function properly, block-unknown-source must be disabled for interfaces participating in STP.
bridge-group group block-unknown-source
Syntax Description
Defaults
When you enable STP on an interface, block unknown source is disabled by default.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to disable block unknown source for bridge group 2:
Related Commands
bridge-group path-cost
Use the bridge-group path-cost configuration interface command to configure the path cost for the bridge Ethernet and radio interfaces. Spanning Tree Protocol (STP) uses the path cost to calculate the shortest distance from the bridge to the spanning tree root.
bridge-group group path-cost cost
Note This command is supported only on bridges.
Syntax Description
Defaults
The default path cost for the Ethernet interface is 19, and the default path cost for the radio interface is 33.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the path cost for bridge group 2:
Related Commands
bridge-group port-protected
Use the bridge-group port-protected configuration interface command to enable protected port for public secure mode configuration. In Cisco IOS software, there is no exchange of unicast, broadcast, or multicast traffic between protected ports.
bridge-group bridge-group
port-protected
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable protected port for bridge group 71:
Related Commands
bridge-group priority
Use the bridge-group priority configuration interface command to configure the spanning tree priority for the bridge Ethernet and radio interfaces. Spanning Tree Protocol (STP) uses the interface priority to select the root interface on the bridge.
The radio and Ethernet interfaces and the native VLAN on the bridge are assigned to bridge group 1 by default. When you enable STP and assign a priority on bridge group 1, STP is enabled on the radio and Ethernet interfaces and on the primary VLAN, and those interfaces adopt the priority assigned to bridge group 1. You can create bridge groups for sub-interfaces and assign different STP settings to those bridge groups.
bridge-group group priority priority
Syntax Description
Defaults
The default priority for both the Ethernet and radio interfaces is 128.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the priority for an interface on bridge group 2:
Related Commands
bridge-group spanning-disabled
Use the bridge-group spanning-disabled configuration interface command to disable Spanning Tree Protocol (STP) on a specific interface. Use the no form of the command to enable STP on a specific interface.
For STP to function properly, spanning-disabled must be disabled for interfaces participating in STP.
bridge-group group spanning-disabled
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to disable STP for bridge group 2:
Related Commands
bridge-group subscriber-loop-control
Use the bridge-group subscriber-loop-control configuration interface command to enable loop control on virtual circuits associated with a bridge group. Use the no form of the command to disable loop control on virtual circuits associated with a bridge group.
For Spanning Tree Protocol (STP) to function properly, subscriber-loop-control must be disabled for interfaces participating in STP.
bridge-group group subscriber-loop-control
Syntax Description
Defaults
When you enable STP for an interface, subscriber loop control is disabled by default.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to disable subscriber loop control for bridge group 2:
Related Commands
bridge-group unicast-flooding
Use the bridge-group unicast-flooding configuration interface command to enable unicast flooding for a specific interface. Use the no form of the command to disable unicast flooding for a specific interface.
bridge-group group unicast-flooding
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure unicast flooding for bridge group 2:
Related Commands
broadcast-key
Use the broadcast-key configuration interface command to configure the time interval between rotations of the broadcast encryption key used for clients. Use the no form of the command to disable broadcast key rotation.
[no] broadcast-key
[vlan vlan-id ]
[change secs]
[ membership-termination ]
[ capability-change ]
Note Client devices using static WEP cannot use the access point when you enable broadcast key rotation. When you enable broadcast key rotation, only wireless client devices using 802.1x authentication (such as LEAP, EAP-TLS, or PEAP) can use the access point.
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure vlan10 to support broadcast key encryption with a 5-minute key rotation interval:
This example shows how to disable broadcast key rotation:
cache authentication profile
Use the cache authentication profile server configuration command to configure the cache authentication profile. Use the no form of the command to disable the cache authentication profile.
[no] cache authentication profile name
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure a RADIUS cache authentication profile:
This example shows how to to configure a TACACS+ cache authentication profile:
Related Commands
|
|
|
|---|---|
cache authorization profile
Use the cache authorization profile server configuration command to configure the cache authorization profile. Use the no form of the command to disable the cache authorization profile.
[no] cache authorization profile name
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure a RADIUS cache authorization profile:
This example shows how to to configure a TACACS+ cache authorization profile:
Related Commands
|
|
|
|---|---|
cache expiry
Use the cache expiry server group configuration command to configure the expiration time of the server group cache. Use the no form of the command to disable the cache expiration.
[no] cache expiry hours [enforce | failover]
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure a RADIUS cache expiration time of 5 hours:
This example shows how to to configure a TACACS+ cache expiration time of 5 hours:
Related Commands
|
|
|
|---|---|
cca
Use the cca configuration interface command to configure the clear channel assessment (CCA) noise floor level for the bridge radio. The value you enter is used as an absolute value of dBm.
Note This command is supported only on bridges.
Syntax Description
Specifies the radio noise floor in dBm. Enter a number from –60 to 0. Zero configures the radio to use a received validate frame as the CCA indication. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the CCA level for the bridge radio:
cca-threshold
Use the cca-threshold command to add the value of the Clear Channel Assessment (CCA) threshold. This is the threshold above which the radio considers the channel to be clear, especially for transmission.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
Related Commands
|
|
|
|---|---|
channel
Use the channel configuration interface command to set the radio channel frequency and the 802.11n radio channel width. Use the no form of this command to reset the channel frequency to defaults.
[no] channel { number | frequency | least-congested | width [20] [40-above] [40-below] | dfs}
802.11n allows both 20-MHz and 40-Mhz channel widths consisting of 2 contiguous non-overlapping channels (for example, 2.4-GHz channels 1 and 6)
Note This command is disabled on 5-GHz radios that support Dynamic Frequency Selection (DFS). All 5-GHz radios configured at the factory for use in the European Union and Signapore support DFS. Radios configured for use in other regulatory domains do not support DFS.
Syntax Description
Specifies a channel number. For a list of channels for the 2.4-GHz radio, see Table 2-1 . For a list of channels for the 5-GHz radio, see Table 2-2 . Note The valid numbers depend on the channels allowed in your regulatory region and are set during manufacturing. For additional information, refer to the hardware installation guide for your access point or bridge. |
|
Specifies the center frequency for the radio channel. For a list of center frequencies for the 2.4-GHz access point radio, see Table 2-1 . For a list of center frequencies for the 5-GHz access point radio, see Table 2-2 . For a list of center frequencies for the 5-GHz bridge radio, see Table 2-3 . Note The valid frequencies depend on the channels allowed in your regulatory region and are set during manufacturing. For additional information, refer to the hardware installation guide for your access point or bridge. |
|
Enables or disables the scanning for a least busy radio channel to communicate with the client adapter |
|
Specifies a channel width. One of the 20-MHz channels is called the control channel. Legacy clients and 20-MHz high throughput clients use the control channel. Beacons can only be sent on this channel. The second 20-MHz channel is called the extension channel. 40-MHz stations may use this channel and the control channel simultaneously. Use the width option to specify a bandwidth to use. This option is available for the 1250 series access point and consists of three available settings: 20, 40-above, and 40-below. Choosing 20 sets the channel width to 20 MHz. Choosing 40-above sets the channel width to 40 Mhz with the extension channel above the control channel. Choosing 40-below sets the channel width to 40 MHz with the extension channel below the control channel. |
|
|
|
(MHz) |
|
(MHz) |
|
|---|---|---|---|---|
|
|
(MHz) |
|
(MHz) |
|
(MHz) |
||
|---|---|---|---|---|---|---|---|
|
|
(MHz) |
|---|---|
Defaults
Command Modes
Command History
|
|
|
|---|---|
Parameters were added to support the 5-GHz access point radio. |
|
The width option was added to support 2.4-GHz and 5-GHz 802.11n radios. |
Examples
This example shows how to set the access point radio to channel 10 with a center frequency of 2457.
This example shows how to set the access point to scan for the least-congested radio channel.
This example shows how to set the frequency to the default setting:
Related Commands
|
|
|
|---|---|
channel-match (LBS configuration mode)
Use the channel-match location based services (LBS) configuration mode command to specify that the LBS packet sent by an LBS tag must match the radio channel on which the access point receives the packet. If the channel used by the tag and the channel used by the access point do not match, the access point drops the packet.
Syntax Description
Defaults
Command History
|
|
|
|---|---|
Examples
This example shows how to enable the channel match option for an LBS profile:
Related Commands
|
|
|
|---|---|
Specifies the multicast address that LBS tag devices use when they send LBS packets |
|
Specifies the IP address of the location server on your network |
class-map
Use the class-map global configuration command to create a class map to be used for matching packets to the class whose name you specify and to enter class-map configuration mode. Use the no form of this command to delete an existing class map and return to global configuration mode.
Syntax Description
Defaults
This command has no defaults, and there is not a default class map.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Use this command to specify the name of the class for which you want to create or modify class-map match criteria and to enter class-map configuration mode. In this mode, you can enter one match command to configure the match criterion for this class.
The class-map command and its subcommands are used to define packet classification, marking, and aggregate policing as part of a globally named service policy applied on a per-interface basis.
After you are in quality of service (QoS) class-map configuration mode, these configuration commands are available:
- description : describes the class map (up to 200 characters). The show class-map privileged EXEC command displays the description and the name of the class-map.
- exit : exits from QoS class-map configuration mode.
- match : configures classification criteria. For more information, see the match (class-map configuration) command.
- no : removes a match statement from a class map.
- rename : renames the current class map. If you rename a class map with a name already in use, the message
A class-map with this name already existsis displayed.
Only one match criterion per class map is supported. For example, when defining a class map, only one match command can be issued.
Because only one match command per class map is supported, the match-all and match-any keywords function the same.
Only one access control list (ACL) can be configured in a class map. The ACL can have multiple access control entries (ACEs).
Examples
This example shows how to configure the class map called class1. class1 has one match criterion, which is an access list called 103.
This example shows how to delete the class map class1 :
You can verify your settings by entering the show class-map privileged EXEC command.
Related Commands
clear dot11 aaa authentication mac-authen filter-cache
Use the clear dot11 aaa authentication mac-authen filter-cache privileged EXEC command to clear entries from the MAC authentication cache.
clear dot11 aaa authentication mac-authen filter-cache [address]
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to clear a specific MAC address from the MAC authentication cache:
Related Commands
|
|
|
|---|---|
clear dot11 cckm-statistics
Use the clear dot11 cckm-statistics privileged EXEC command to reset CCKM statistics.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to clear CCKM statistics:
Related Commands
|
|
|
|---|---|
clear dot11 client
Use the clear dot11 client privileged EXEC command to deauthenticate a radio client with a specified MAC address. The client must be directly associated with the access point, not a repeater.
clear dot11 client { mac-address }
Syntax Description
Specifies a radio client MAC address (in xxxx.xxxx.xxxx format) |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to deauthenticate a specific radio client:
AP# clear dot11 client 0040.9645.2196
You can verify that the client was deauthenticated by entering the following privileged EXEC command:
AP# show dot11 associations 0040.9645.2196
Related Commands
|
|
|
|---|---|
Displays the radio association table or optionally displays association statistics or association information about repeaters or clients |
clear dot11 hold-list
Use the clear dot11 hold-list privileged EXEC command to reset the MAC, LEAP, and EAP authentications hold list.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to clear the hold-off list of MAC authentications:
clear dot11 next-aps
To reset the next available access point, use the clear dot11 next-aps command in privileged EXEC mode.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to clear the hold-off list of MAC authentications:
clear dot11 statistics
Use the clear dot11 statistics privileged EXEC command to reset statistic information for a specific radio interface or for a particular client with a specified MAC address.
clear dot11 statistics
{interface | mac-address}
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to clear radio statistics for radio interface 0:
This example shows how to clear radio statistics for the client radio with a MAC address of 0040.9631.81cf:
You can verify that the radio interface statistics are reset by entering the following privileged EXEC command:
Related Commands
|
|
|
|---|---|
clear dot11 ids mfp client statistics
Use th e clear dot11 ids mfp client statistics privileged EXEC command to clear MFP-2 statistics on the access point console.
clear dot11 ids mfp client statistics
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to clear ids mfp statistics:
clear eap sessions
|
|
|
|---|---|
Use the clear eap sessions privileged EXEC command to clear the EAP session information on the access point.
clear eap sessions
[credentials profile name ]
[interface name [number ]]
[method name ]
[transport name ]
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to clear all the EAP session information on the access point:
This command shows how to clear all EAP session information for the fast Ethernet interface:
This command shows how to clear all EAP session information for the EAP-FAST method:
Related Commands
|
|
|
|---|---|
Displays all the EAP session information on the access point. |
clear iapp rogue-ap-list
Use the clear iapp rogue-ap-list privileged EXEC command to clear the list of IAPP rogue access points.
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to clear the IAPP rogue access point list:
You can verify that the rogue AP list was deleted by entering the show iapp rogue-ap-list privileged EXEC command.
Related Commands
|
|
|
|---|---|
clear iapp statistics
Use the clear iapp statistics privileged EXEC command to clear all the IAPP statistics.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to clear the IAPP statistics:
You can verify that the IAPP statistics were cleared by entering the following privileged EXEC command:
Related Commands
|
|
|
|---|---|
clear ip igmp snooping membership
Use the clear ip igmp snooping membership privileged EXEC command to reset IGMP host membership information on the access point.
clear ip igmp snooping membership
[vlan vlan id ]
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to reset the IGMP membership information on the access point:
This example shows how to reset the IGMP membership information by vlan:
Related CommandsT
|
|
|
|---|---|
clear wlccp wds
Use the clear wlccp wds privileged EXEC command to clear WDS statistics and to remove devices from the WDS database.
clear wlccp wds {[ap [mac-address]] | [mn [mac-address]] | statistics |
aaa authentication mac-authen filter-cache [mac-address]}
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to remove an access point from the WDS database:
Related Commands
|
|
|
|---|---|
Displays information on devices participating in Cisco Centralized Key Management (CCKM) |
|
clear wlccp wds recovery statistics
Use the clear wlccp wds recovery statistics privileged EXEC command to clear WDS recovery statistics.
clear wlccp wds recovery statistics
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to clear the WDS recovery statistics:
Related Commands
|
|
|
|---|---|
Displays information on devices participating in Cisco Centralized Key Management (CCKM) |
concatenation
Use the concatenation configuration interface command to enable packet concatenation on the bridge radio. Using concatenation, the bridge combines multiple packets into one packet to reduce packet overhead and overall latency, and to increase transmission efficiency.
Note This command is supported only on bridges.
Syntax Description
(Optional) Specifies a maximum size for concatenated packets in bytes. Enter a value from 1600 to 4000. |
Defaults
Concatenation is enabled by default, and the default maximum concatenated packet size is 3500.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure concatenation on the bridge radio:
copy run scp://url
To perform secure copy, use the copy run scp://url command in configuration interface.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to perform SCP:
countermeasure tkip hold-time
Use the countermeasure tkip hold-time configuration interface command to configure a TKIP MIC failure holdtime. If the access point detects two MIC failures within 60 seconds, it blocks all the TKIP clients on that interface for the holdtime period.
countermeasure tkip hold-time seconds
Syntax Description
Specifies the length of the TKIP holdtime in seconds (if the holdtime is 0, TKIP MIC failure hold is disabled) |
Defaults
TKIP holdtime is enabled by default, and the default holdtime is 60 seconds.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the TKIP holdtime on the access point radio:
crypto key generate rsa
To generate the RSA keys while configuring SSH, use the crypto key generate rsa command in privileged EXEC mode.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to generate RSA keys:
cw-max (QOS Class interface configuration mode)
Use the cw-max QOS Class interface configuration mode command to configure the CAC 802.11 maximum contention window size for a radio interface. Use the no form of the command to remove the setting.
Syntax Description
Defaults
When QoS is enabled, the default cw-max settings for access points match the values in Table 2-4 , and the default cw-max settings for bridges match the values in Table 2-5 .
|
|
|
|---|---|
|
|
|
|---|---|
Command Modes
QOS Class interface configuration mode
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the CAC 802.11 maximum contention window size for the radio interface:
This example shows how to remove the CAC 802.11 maximum contention window for the radio interface:
Related Commands
cw-min (QOS Class interface configuration mode)
Use the cw-min QOS Class interface configuration mode command to configure the CAC 802.11 minimum contention window size for a radio interface. Use the no form of the command to remove the setting.
Syntax Description
Defaults
When QoS is enabled, the default cw-min settings for access points match the values in Table 2-6 , and the default cw-min settings for bridges match the values in Table 2-7 .
|
|
|
|---|---|
|
|
|
|---|---|
Command Modes
QOS Class interface configuration mode
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the CAC 802.11 minimum contention window size for the radio interface:
This example shows how to remove the CAC 802.11 minimum contention window for the radio interface:
Related Commands
debug dot11
Use the debug dot11 privileged EXEC command to begin debugging of radio functions. Use the no form of this command to stop the debug operation.
[no] debug dot11
{ events | packets | forwarding | mgmt | network-map | virtual-interface | nextap}
Syntax Description
Activates debugging of radio packets received and transmitted |
|
Activates debugging of radio access point management activity |
|
Activates debugging of radio association management network map |
|
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to begin debugging of all radio-related events:
This example shows how to begin debugging of radio packets:
This example shows how to stop debugging of all radio related events:
Related Commands
|
|
|
|---|---|
Displays configuration and status information for the radio interface |
debug dot11 aaa
Use the debug dot11 aaa privileged EXEC command to activate debugging of dot11 authentication, authorization, and accounting (AAA) operations. Use the no form of this command to stop the debug operation.
[no] debug dot11 aaa
{ accounting | authenticator | dispatcher | manager }
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
This command was modified to include the accounting, authenticator, dispatcher, and manager debugging options. |
Examples
This example shows how to begin debugging of dot11 AAA accounting packets:
Related Commands
|
|
|
|---|---|
debug dot11 autoconfigsm
To enable debugging of state machine transition, use the debug dot11 autoconfigsm command.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to activate wireless IDS debugging for authentication events:
debug dot11 autoconfigev
To enable debugging of an autoconfig event, use the debug dot11 autoconfigev command.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to activate wireless IDS debugging for authentication events:
debug dot11 cac
Use the debug dot11 cac privileged EXEC command to begin debugging of admission control radio functions. Use the no form of this command to stop the debug operation.
[no] debug dot11 cac
{ events | unit }
Note This command is not supported on repeaters.
Syntax Description
Activates verbose debugging of radio admission control events. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to begin debugging of all admission control radio-related events:
This example shows how to begin verbose debugging of all admission control radio-related events:
This example shows how to stop debugging of all admission control radio-related events:
This example shows how to stop verbose debugging of all admission control radio-related events:
Related Commands
|
|
|
|---|---|
Enables CAC admission control for an SSID on the access point. |
|
Configures CAC traffic data rates and priorities for a radio interface on the access point. |
debug dot11 dot11radio
Use the debug dot11 dot11radio privileged EXEC command to turn on radio debug options. These options include run RF monitor mode and trace frames received or transmitted on the radio interface. Use the no form of this command to stop the debug operation.
[no] debug dot11 dot11radio interface-number { accept-radio-firmware |
monitor {ack | address | beacon | crc | lines | plcp | print | probe | store} |
print {hex | if | iv | lines | mic | plcp | printf | raw | shortadr} |
radio_debug flag-value | stop-on-failure |
trace {off | print | store | }
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable packet printing with MAC addresses in short form:
This example shows how to begin monitoring of all packets with CRC errors:
This example shows how to stop monitoring of packets with CRC errors:
Related Commands
|
|
|
|---|---|
Displays configuration and status information for the radio interface |
|
debug dot11 ft
To enable debugging of 802.11r Fast BSS Transition, use the debug dot11 ft command in privileged EXEC mode. Use the no form of this command to disable Fast BSS Transition debugging.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to activate wireless IDS debugging for authentication events:
debug dot11 ft-scan
To enable debugging of 802.11r Fast BSS Transition scan, use the debug dot11 ft-scan command in privileged EXEC mode. Use the no form of this command to disable Fast BSS Transition debugging.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to activate wireless IDS debugging for authentication events:
debug dot11 ids
Use the debug dot11 ids eap privileged EXEC command to enable debugging for wireless IDS monitoring. Use the no form of the command to disable IDS debugging.
[no] debug dot11 ids {eap | cipher-errors}
Note This command is not supported on 1400 series bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to activate wireless IDS debugging for authentication events:
Related Commands
|
|
|
|---|---|
Configures limits on authentication attempts and EAPOL flooding on scanner access points in monitor mode |
|
debug dot11 ids mfp
Use the debug dot11 ids mfp privileged EXEC command to debug Management Frame Protection (MFP) operations on the access point.
[no] debug dot11 ids mfp
ap {all |detector | events |generator | io}
wds {all | detectors | events | generators | statistics}|
wlccp
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to debug the MFP detectors on the access point:
Related Commands
|
|
|
|---|---|
debug eap
To display information about Extensible Authentication Protocol (EAP), use the debug eap command in privileged EXEC mode. To disable debugging output, use the no form of this command.
[no] debug eap {all | authenticator | errors | events | fast | gtc | leap | md5 | mschapv2 |
packets | peer | sm | tls}
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to activate debugging for EAP-FAST authentication events:
This example shows how to deactivate EAP-FAST authentication debugging:
Related Commands
|
|
|
|---|---|
debug iapp
Use the debug iapp privileged EXEC command to begin debugging of IAPP operations. Use the no form of this command to stop the debug operation.
[no] debug iapp
{ packets | event | error }
Syntax Description
Displays IAPP packets sent and received by the access point. Link test packets are not displayed |
|
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to begin debugging of IAPP packets:
This example shows how to begin debugging of IAPP events:
This example shows how to begin debugging of IAPP errors:
Related Commands
|
|
|
|---|---|
debug l2tp packet
To debug control channel exchanges, use debug l2tp packet command.
debug l2tp packet event | error
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to begin debugging of L2TP packets:
debug radius local-server
To control the display of debug messages for the local authenticator, use the debug radius local-server command.
debug radius local-server {client | eapfast | error | packets }
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to begin debugging for local authenticator errors:
Related Commands
|
|
|
|---|---|
debug vpdn packet
To debug data packets via tunnel, use debug vpdn packet command.
debug vpdn packet event | error
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to begin debugging of L2TP packets:
debug wlccp ap
Use the debug wlccp ap privileged EXEC command to enable debugging for devices that interact with the access point that provides wireless domain services (WDS).
debug wlccp ap {mn | rm [statistics | context | packet] | state | wds-discovery}
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to begin debugging for LEAP-enabled client devices participating in Cisco Centralized Key Management (CCKM):
Related Commands
|
|
|
|---|---|
debug wlccp ap rm enhanced-neighbor-list
Use the debug wlccp ap rm enhanced-neighbor-list privileged EXEC command to enable internal debugging information and error messages of the Enhanced Neighbor List feature. Use the no form of the command to disable the debugging and error messages.
[no] debug wlccp ap rm enhanced-neighbor-list
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to activate debugging and error messages of the Enhanced Neighbor List feature on the access point:
Related Commands
|
|
|
|---|---|
Displays Enhanced Neighbor List feature related information. |
|
debug wlccp packet
Use the debug wlccp packet privileged EXEC command to activate display of packets to and from the access point that provides wireless domain services (WDS).
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to activate display of packets to and from the WDS access point:
Related Commands
|
|
|
|---|---|
debug wlccp rmlib
Use the debug wlccp rmlib privileged EXEC command to activate display of radio management library functions on the access point that provides wireless domain services (WDS).
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to activate display of radio management library functions on the access point that provides WDS:
Related Commands
|
|
|
|---|---|
debug wlccp wds
Use the debug wlccp wds privileged EXEC command to activate display of wireless domain services (WDS) debug messages.
debug wlccp wds
aggregator [packet]
authenticator {all | dispatcher | mac-authen | process | rxdata | state-machine | txdata}
nm [packet | loopback]
state
statistics
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
This command was modified to include the aggregator and nm options. |
Examples
This example shows how to begin debugging for LEAP-enabled client devices participating in Cisco Centralized Key Management (CCKM):
Related Commands
|
|
|
|---|---|
description (dot1x credentials configuration mode)
Use the description dot1x credentials configuration mode command to specify a text description for the dot1x credential. Use the no form of the command to disable anonymous-id.
Syntax Description
Defaults
Command Modes
Dot1x credentials configuration interface
Command History
|
|
|
|---|---|
Examples
This example shows how to specify text description for the dot1x credential:
Related Commands
|
|
|
|---|---|
Displays the configured dot1x credentials on the access point. |
dfs band
Use the dfs band configuration interface command to prevent the access point from automatically selecting specific groups of 5-GHz channels during dynamic frequency selection (DFS). Use the no form of the command to unblock groups of channels.
[no] dfs band [1] [2] [3] [4] block
Note This command is supported only on 5-GHz radios configured at the factory for use in the European Union and Signapore.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
This command was modified to provide backward compatibility with clients that do not yet support the new channels in band 3. |
Examples
This example shows how to prevent the access point from selecting frequencies 5.150 to 5.350 GHz during DFS:
This example shows how to unblock frequencies 5.150 to 5.350 for DFS:
This example shows how to unblock all frequencies for DFS:
Usage Guidelines
Some regulatory domains limit the 5-GHz channels that can be used in specific locations; for example, indoors or outdoors. Use the dfs band command to comply with the regulations in your regulatory domain.
Related Commands
|
|
|
|---|---|
Specifies the radio frequency on which a radio interface operates |
distance
To specify the distance from a root bridge to the non-root bridge or bridges with which it communicate, use the distance configuration interface command. The distance setting adjusts the bridge’s timeout values to account for the time required for radio signals to travel from bridge to bridge. You do not need to adjust this setting on non-root bridges.
Note This command is supported only on outdoor bridges.
Note If more than one non-root bridge communicates with the root bridge, enter the distance from the root bridge to the non-root bridge that is farthest away.
Syntax Description
Specifies the bridge distance setting (enter a value from 0 to 99 km) |
Defaults
In installation mode, the default distance setting is 99 km. In all other modes, such as root and non-root, the default distance setting is 0 km.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the distance setting for the root bridge radio:
dot11 aaa authentication attributes service
Use the dot11 aaa authentication attributes service global configuration command to set the service-type attribute in reauthentication requests. By default, the access point sends reauthentication requests to the authentication server with the service-type attribute set to authenticate-only. However, some Microsoft IAS servers do not support the authenticate-only service-type attribute. Depending on the user requirements, set the service-type attribute to login-user or framed-user.
dot11 aaa authentication attributes service [login-user | framed-user]
Syntax Description
Specifies a service-type attribute of framed-user to support servers such as radius servers that do not support a login-user service-type. |
Defaults
The default service-type attribute in authentication requests is login-user. The default service-type attribute in reauthentication requests is set to authenticate-only.
Command Modes
Command History
|
|
|
|---|---|
This command was modified to introduce framed-user as a service-type option to support radius servers, which do not support the login-user service-type. |
Related Commands
|
|
|
|---|---|
Selects the format for MAC addresses in Called-Station-ID (CSID) and Calling-Station-ID attributes |
dot11 aaa authentication mac-authen filter-cache
Use the dot11 aaa authentication mac-authen filter-cache global configuration command to enable MAC authentication caching on the access point. MAC authentication caching reduces overhead because the access point authenticates devices in its MAC-address cache without sending the request to your authentication server. When a client device completes MAC authentication to your authentication server, the access point adds the client’s MAC address to the cache.
dot11 aaa authentication mac-authen filter-cache [timeout seconds]
Syntax Description
Specifies a timeout value for MAC authentications in the cache. |
Defaults
MAC authentication caching is disabled by default. When you enable it, the default timeout value is 1800 (30 minutes).
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure MAC authentication caching with a one-hour timeout:
Related Commands
|
|
|
|---|---|
dot11 aaa csid
Use the dot11 aaa csid global configuration command to select the format for MAC addresses in Called-Station-ID (CSID) and Calling-Station-ID attributes in RADIUS packets.
dot11 aaa csid { default | ietf | unformatted }
Syntax Description
Defaults
The default CSID format looks like this example:
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You can also use the wlccp wds aaa csid command to select the CSID format.
Related Commands
|
|
|
|---|---|
Begin debugging of dot11 authentication, authorization, and accounting (AAA) operations |
dot11 activity-timeout
Use the dot11 activity-timeout global configuration command to configure the number of seconds that the access point tracks an inactive device (the number depends on its device class). The access point applies the unknown device class to all non-Cisco Aironet devices.
dot11 activity-timeout { [ client-station | repeater | bridge | workgroup-bridge | unknown ] [ default <1 - 100000> ] [ maximum <1 - 100000> ] }
Syntax Description
Defaults
Table 2-8 lists the default activity timeouts for each device class. All values are in seconds.
|
|
|
|---|---|
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure default and maximum activity timeouts for all device classes:
Usage Guidelines
To set an activity timeout for all device types, set a default or maximum timeout without specifying a device class (for example, enter dot11 activity-timeout default 5000). The access point applies the timeout to all device types that are not already configured with a timeout.
Related Commands
dot11 adjacent-ap age-timeout
Use the dot11 adjacent-ap age-timeout global configuration command to specify the number of hours an inactive entry remains in the list of adjacent access points.
dot11 adjacent-ap age-timeout hours
Note This command is not supported on bridges.
Syntax Description
Specifies the number of hours an inactive entry remains in the list of adjacent access points |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the timeout setting for inactive entries in the adjacent access point list:
Related Commands
|
|
|
|---|---|
dot11 adjacent-ap age-timeout
Use the dot11 adjacent-ap age-timeout global configuration command to specify the number of hours an inactive entry remains in the list of adjacent access points.
dot11 adjacent-ap age-timeout hours
Note This command is not supported on bridges.
Syntax Description
Specifies the number of hours an inactive entry remains in the list of adjacent access points |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the timeout setting for inactive entries in the adjacent access point list:
Related Commands
|
|
|
|---|---|
dot11 ant-band-mode
To enable single or dual band antenna on an access point use the dot11 ant-band-mode in global configuration mode.
dot11 ant-band-mode {dual | single}
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable dual antenna on an access point.
This example shows how to enable single antenna on an access point.
dot11 arp-cache
Use the dot11 arp-cache global configuration command to enable client ARP caching on the access point. ARP caching on the access point reduces the traffic on your wireless LAN and increases client battery life by stopping ARP requests for client devices at the access point. Instead of forwarding ARP requests to client devices, the access point responds to requests on behalf of associated client devices and drops ARP requests that are not directed to clients associated to the access point. When ARP caching is optional, the access point responds on behalf of clients with IP addresses known to the access point but forwards through its radio port any ARP requests addressed to unknown clients. When the access point knows all the IP addresses for associated clients, it drops any ARP requests not directed to its clients. In its beacon, the access point includes an information element to alert client devices that they can safely ignore broadcast messages to increase battery life.
[no] dot11 arp-cache [optional]
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable ARP caching:
dot11 association mac-list
To specify a MAC address access list used for dot11 association use the dot11 association mac-list command.
dot11 association mac-list number
Syntax Description
Specifies a number (700 to 799) for a 48-bit MAC address access list. |
Defaults
Examples
AP(config)# dot11 association mac-list 700
Related Commands
|
|
|
|---|---|
dot11 auto-immune
Use the dot11 auto-immune command to enable or disable protection from Denial of Service (DoS) attacks. This feature protects against auto-immune attacks on the AP.
dot11 auto-immune {enable | disable}
Syntax Description
Defaults
Command History
|
|
|
|---|---|
Usage Guidelines
A potential attacker can use specially crafted packets to mislead the Intrusion Detection System (IDS) into treating a legitimate client as an attacker. It causes the controller to disconnect this legitimate client and launch a DoS attack. The auto-immune feature, when enabled, is designed to protect against such attacks. However, conversations using Cisco 792x phones might be interrupted intermittently when the auto-immune feature is enabled. If you experience frequent disruptions when using 792x phones, you might want to disable this feature.
Examples
dot11 band-select parameters
To assign parameters for Band Select feature, use the dot11 band-select parameters command in global configuration mode.
dot11 band-select parameters {cycle-count cycle-count | cycle-threshold milliseconds | expire-supression milliseconds | expire-dual-band milliseconds | client-rssi dBm }
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to assign cycle-count parameters for Band-Select:
This example shows how to assign cycle-threshold parameters for Band-Select:
This example shows how to assign expire-supression parameters for Band-Select:
This example shows how to assign expire-dual-band parameters for Band-Select:
This example shows how to assign client-rssi parameters for Band-Select:
dot11 carrier busy
Use the dot11 carrier busy privileged exec command to display levels of radio activity on each channel.
dot11 interface-number carrier busy
Syntax Description
Specifies the radio interface number (The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.) |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
During the carrier busy test, the access point or bridge drops all associations with wireless networking devices for about 4 seconds while it conducts the carrier test and then displays the test results.
Examples
This example shows how to run the carrier busy test for radio interface 0:
This example shows the carrier busy test results:
Related Commands
|
|
|
|---|---|
dot11 dhcp broadcast allowed
When the wired clients behind a third party WGB device fail to get an IP address, use the dot11 dhcp broadcast allowed command, in the global configuration mode. By enabling this command, the DHCP packets that AP receives will not be unicast to its clients.
Syntax Description
Defaults
Disabled by default. This means that the DHCP packets are unicast to its clients.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable new commands on an access point:
dot11 dot11r pre-authentication
To enable or disable over air or over-ds transition, use the dot11 dot11r pre-authentication command in configuration mode.
[no] dot11 dot11r pre-authentication [ over-air |over-ds ]
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
dot11 dot11r re-association timer
To configure the re-association timer, use the dot11 dot11r re-association timer command in configuration mode.
dot11 dot11r re-association timer value
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
dot11 extension aironet
Use the dot11 extension aironet configuration interface command to enable or disable Cisco Aironet extensions to the IEEE 802.11b standard. Use the no form of this command to disable the Cisco Aironet extensions.
Note You cannot disable Cisco Aironet extensions on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The Cisco Aironet extensions help clients choose the best access point. You must enable these extensions to use advanced features such as Cisco MIC and key hashing. Disable these extensions for non-Cisco clients that misinterpret the extensions.
Examples
This example shows how to enable Cisco Aironet extensions for the radio interface:
This example shows how to disable Cisco Aironet extensions for the radio interface:
Related Commands
|
|
|
|---|---|
dot11 extension power native
Use the dot11 extension power native configuration interface command to configure the native MIB power table to be used to respond to SNMP queries on the access point power levels. This command works with the cd11IfPhyNativePowerUseStandard MIB object of the Cisco DOT11-IF-MIB. Use the no form of this command to use the standard MIB power table.
[no] dot11 extension power native
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable the native MIB power table for the radio interface:
This example shows how to return to the standard MIB power table for the radio interface:
Related Commands
|
|
|
|---|---|
dot11 guest username
To configure web authorization for a guest user, use the dot11 guest username command in global configuration mode.
dot11 guest username name lifetime mins password value
Syntax Description
Specifies timeout time for the guest user. The value ranges from 5 minutes to 35791minutes. |
|
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure web authorization for a guest user:
dot11 holdoff-time
Use the dot11 holdoff-time global configuration command to specify the hold-off time for EAP and MAC address authentication. The holdoff time is invoked when a client fails three login attempts or fails to respond to three authentication requests from the access point. Use the no form of the command to reset the parameter to defaults.
[no] dot11 holdoff-time seconds
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify a 2-minute hold-off time:
This example shows how reset the hold-off time to defaults:
Related Commands
|
|
|
|---|---|
Displays information on the current running access point configuration |
dot11 ids eap attempts
Use the dot11 ids eap attempts global configuration command to configure the number of authentication attempts and the number of seconds of EAPOL flooding that trigger a fault on a scanner access point in monitor mode.
Setting an authentication failure limit protects your network against a denial-of-service attack called EAPOL flooding. The 802.1X authentication that takes place between a client and the access point triggers a series of messages between the access point, the authenticator, and an authentication server using EAPOL messaging. The authentication server can quickly become overwhelmed if there are too many authentication attempts. If not regulated, a single client can trigger enough authentication requests to impact your network.
A scanner access point in monitor mode tracks the rate at which 802.1X clients attempt to authenticate through the access point. If your network is attacked through excessive authentication attempts, the access point generates an alert when the authentication threshold has been exceeded.
[no] dot11 ids eap attempts number period seconds
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure a limit on authentication attempts and on the duration of EAPOL flooding on a scanner access point in monitor mode:
Related Commands
|
|
|
|---|---|
dot11 ids mfp
Use the dot11 ids mfp global configuration command to configure Management Frame Protection (MFP) parameters on the access point.
Note To configure an MFP distributor, the access point must be configured as a WDS.
[no] dot11 ids mfp {detector | distributor | generator}
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the MFP detector, enable the MFP gesticulator, and configure the MFP generator on the access point:
Related Commands
|
|
|
|---|---|
dot11 igmp snooping-helper
Use the dot11 igmp snooping-helper global configuration command to begin sending IGMP Query requests when a new client associates with the access point. Use the no form of this command to disable the IGMP Query requests.
[no] dot11 igmp snooping-helper
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable IGMP Query requests:
This example shows how to stop or disable the IGMP Query requests:
dot11 lbs
Use the dot11 lbs global configuration command to create a location based services (LBS) profile and to enter LBS configuration mode.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to create an LBS profile and enter LBS configuration mode:
Related Commands
dot11 linktest
Use the dot11 linktest privileged EXEC command to test a radio link between the access point and a client device.
dot11 interface-number linktest
[target mac-address]
[count packet-number]
[interval sec]
[packet-size size]
[rate value]
Syntax Description
Defaults
The default target for a root access point is the first client. The default target for a repeater is its parent access point.
The default count specifies that test runs once.
The default interval is 5 seconds.
Command Modes
Command History
|
|
|
|---|---|
Parameters were added to support the 5-GHz access point radio. |
|
Parameters were added to support the 802.11g, 2.4-GHz access point radio. |
Usage Guidelines
The link test verifies the radio link between the access point and a client device by sending the client a series of special packets, which the client returns to the access point.
Note Some client devices, such as non-Cisco wireless clients, wired clients that are connected to a workgroup bridge, or non-Cisco clients connected to a repeater access point, might not respond to link test packets.
The client adds information to the packets that quantify how well it received the request. Results are displayed as a table of packet statistics, quality, and signal-level information.
If you specify an interval, the test repeats continuously separated by the specified number of seconds. To abort the test, type the escape sequence (Ctrl key and ^ key). Without an interval, the test runs once.
Examples
This example shows how to initiate a radio link test to send 10 packets to client MAC address 0040963181CF on radio interface 0:
This example shows how to initiate a radio link test to send 100 packets of 500 bytes to client MAC address 0040963181CF on radio interface 0:
Related Commands
|
|
|
|---|---|
dot11 location isocc
Use the dot11 location isocc global configuration command to configure location identifiers that the access point sends with all RADIUS authentication and accounting requests.
dot11 location isocc ISO-country-code cc country-code ac area-code
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You can find a list of ISO and ITU country and area codes at the ISO and ITU websites. Cisco IOS software does not check the validity of the country and area codes that you enter with this command.
Examples
This example shows how to configure the ISO and ITU location codes on the access point:
This example shows how the access point adds the SSID used by the client device and how it formats the location-ID string:
Related Commands
|
|
|
|---|---|
Specifies the SNMP system location and the WISPr location-name attribute |
dot11 mbssid
Use the dot11 mbssid global configuration command to enable multiple basic SSIDs on all access point radio interfaces.
Note This command is supported only on access points that contain at least one radio interface that supports multiple basic SSIDs. To determine whether a radio supports multiple basic SSIDs, enter the show controllers radio_interface command. Multiple basic SSIDs are supported if the results include this line:
Number of supported simultaneous BSSID on radio_interface: 8
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable multiple basic SSIDs on all interfaces that support multiple basic SSIDs:
Related Commands
|
|
|
|---|---|
Specifies that a BSSID is included in beacons and specifies a DTIM period for the BSSID |
|
dot11 meter
Use the dot11 meter privileged EXEC command to measure the performance of packet forwarding. To display the results, use the show dot11 statistics metered-traffic command.
Syntax Description
Specifies the radio interface number. The 2.4-GHz radio is radio 0. The 5-GHz radio is radio 1. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to activate the meter tool for radio interface 0:
Related Commands
|
|
|
|---|---|
dot11 network-map
Use the dot11 network-map global configuration command to enable the radio network map feature. When enabled, the access point broadcasts a IAPP GenInfo Request every collection interval. This request solicits information from all Cisco access points in the same Layer 2 domain. Upon receiving a GetInfo Request, the access point sends a unicast IAPP GenInfo Response back to the requester. The access point uses these IAPP GenInfo Responses to build a network-map.
dot11 network-map [ collect-interval ]
Syntax Description
Specifies the time interval between IAPP GenInfo Requests (1 to 60 seconds) |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to generate a radio network map with a collection interval of 30 seconds:
You can verify the network map by using the show dot11 network-map EXEC command.
Related Commands
|
|
|
|---|---|
dot11 pause-time
Use the dot11 pause-time global configuration command to set the retransmission timeout for 802.11 data frames, in milliseconds. The default, and also the maximum, value is 100 ms. The minimum is 10 ms.
Syntax Description
Specifies the retransmission timeout for 802.11 data frames, in milliseconds. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example sets the retransmission timeout for 802.11 data frames to 50 milliseconds:
dot11 phone
Use the dot11 phone global configuration command to enable or disable IEEE 802.11 compliance phone support. Use the no form of this command to disable the IEEE 802.11 phone.
Note This command is not supported on bridges.
Syntax Description
Specifies the use of the standard QBSS Load Information Element (IE). |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Parameter added for the standard (IEEE 802.11e draft 13) QBSS Load IE. |
Usage Guidelines
Enabling IEEE 802.11 compliance phone support adds information to the access point beacons and probe responses. This information helps some 802.11 phones make intelligent choices about the access point to which they should associate. Some phones do not associate with an access point without this additional information.
The dot11e parameter enables the future upgrade of the 7920 Wireless Phone firmware to support the standard QBSS Load IE. The new 7920 Wireless Phone firmware will be announced at a later date.
Note This release continues to support your existing 7920 Wireless Phone firmware. Please do not attempt to use the standard (IEEE 802.11e draft 13) QBSS Load IE with the 7920 Wireless Phone until new phone firmware is available for you to upgrade your phones.
Examples
This example shows how to enable IEEE 802.11 phone support with the legacy QBSS Load element:
This example shows how to enable IEEE 802.11 phone support with the standard (IEEE 802.11e
draft 13) QBSS Load element:
AP(config)# no dot11 phone dot11e
This example shows how to stop or disable the IEEE 802.11 phone support:
dot11 priority-map avvid
Use the dot11 priority-map avvid global configuration command to enable or disable Cisco AVVID (Architecture for Voice, Video and Integrated Data) priority mapping. AVVID priority mapping maps Ethernet packets tagged as class of service 5 to class of service 6. This feature enables the access point to apply the correct priority to voice packets for compatibility with Cisco AVVID networks. Use the no form of this command to disable AVVID priority mapping.
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to stop or disable AVVID priority mapping:
AP(config)# no dot11 priority-map avvid
This example shows how to enable AVVID priority mapping:
Related Commands
|
|
|
|---|---|
Creates a class map to be used for matching packets to the class whose name you specify |
|
dot11 qos class
Use the dot11qos class interface configuration mode command to configure QOS class parameters for the radio interface. Use the no form of the command to disable the QOS parameters.
[no] dot11 qos class {background | best-effort | video | voice}
{ [both] [cell] [local] }
Note This command is not supported when operating in repeater mode.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify video traffic support on radio cells:
This example shows how to disable video traffic support on radio cells:
Related Commands
|
|
|
|---|---|
Configures CAC traffic data rates and priorities on the access point. |
|
Provides debug information for CAC admission control on the access point. |
dot11 ssid
Use the dot11 ssid global configuration command to create a global SSID. The SSID is inactive until you use the ssid configuration interface command to assign the SSID to a specific radio interface.
In Cisco IOS Release 12.3(4)JA, you can configure SSIDs globally or for a specific radio interface. However, when you create an SSID using the ssid configuration interface command, the access point stores the SSID in global configuration mode.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
- Create an SSID in global configuration mode
- Configure the SSID for RADIUS accounting
- Set the maximum number of client devices that can associate using this SSID to 15
- Assign the SSID to a VLAN
- Assign the SSID to a radio interface
Related Commands
dot11 ssid band-select
To enable Band Select under an SSID, use the dot11 ssid band-select command in global configuration mode.
Syntax Description
Specifies a name to assign to a SSID. The name can contain up to 32 ASCII characters. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable Band Select on a SSID:
dot11 syslog
The ASSOC/DISASSOC messages can be enabled to appear on the console using the dot11 syslog command. To disable these messages, use the no dot11 syslog command.
Syntax Description
Defaults
By default the dot11 syslog command is enabled and the ASSOC/DISASSOC messages appear on the console.
Command Modes
Command History
|
|
|
|---|---|
Examples
To enable the ASSOC/DISASSOC messages to appear on the console:
To disable the ASSOC/DISASSOC messages from appearing on the console:
dot11 update-group-key
Use the dot11 update-group-key privileged EXEC command to trigger an update of the WPA group key. When you enter the command, the access point distributes a new WPA group key to authenticated client devices.
dot11 interface-number update-group-key [vlan vlan-id]
Syntax Description
Specifies the radio interface number (the 2.4-GHz radio is radio 0; the 5-GHz radio is radio 1) |
|
Specifies the VLAN on which the access point sends out the group key update |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to trigger a group key update on VLAN 2:
Related Commands
|
|
|
|---|---|
Configures the radio interface (for a specified SSID) to support authenticated key management |
dot11 vlan-name
Use the dot11 vlan-name global configuration command to assign a name to a VLAN in addition to its numerical ID.
dot11 vlan-name name vlan vlan-id
Syntax Description
Specifies a name to assign to a VLAN ID. The name can contain up to 32 ASCII characters. |
|
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Keep these guidelines in mind when using VLAN names:
- The mapping of a VLAN name to a VLAN ID is local to each access point, so across your network, you can assign the same VLAN name to a different VLAN ID.
Note If clients on your wireless LAN require seamless roaming, Cisco recommends that you assign the same VLAN name to the same VLAN ID across all access points, or that you use only VLAN IDs without names.
- Every VLAN configured on your access point must have an ID, but VLAN names are optional.
- VLAN names can contain up to 32 ASCII characters. However, a VLAN name cannot be a number between 1 and 4095. For example, vlan4095 is a valid VLAN name, but 4095 is not. The access point reserves the numbers 1 through 4095 for VLAN IDs.
Examples
This example shows how to assign a name to a VLAN:
You can view VLAN name and ID pairs by using the show dot11 vlan-name EXEC command.
Related Commands
|
|
|
|---|---|
dot11 wpa handshake init-delay
Use the dot11 wpa handshake init-delay configuration command to introduce a delay to start the four-way handshake in WPA PSK or dot1x. This command is applicable to an AP working in root or bridge mode.
dot11 wpa handshake init-delay time
Syntax Description
Specifies the delay value. Valid range is from 0 ms to 10 ms. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to assign a delay to start the four-way handshake in WPA PSK or dot1x:
dot11 wpa handshake timeout
Use the dot11 wpa handshake timeout configuration command to adjust the duration before timing out WPA key packet transmission. This timer value may need to be increased with WPA clients in PSP mode.
dot11 wpa handshake timeout time
Syntax Description
Specifies the new timeout time. Valid range is from 100ms to 2000ms. |
Defaults
Command Modes
Usage Guidelines
The WPA handshake timeout timer starts when the access point's state machine submits the key packet for transmission. If the client is in power save mode (PSP) at this time, the timer may expire before the client can come out of PSP mode and the packet can actually be transmitted. For PSP clients, a timeout value of 1000ms may work more reliably.
dot1x credentials
Use the dot1x credentials global configuration command to configure a dot1x credentials profile. The no form of the command disables the profile.
[no] dot1x credentials profile-name
Note This command is not supported on c1200 and c1100 platforms.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Use the dot1x credentials command to configure a dot1x credentials profile. Issuing
dot1x credentials profile-name puts you in dot1x credentials configuration mode where you can specify profile parameters using these subcommands:
|
|
|
|---|---|
Examples
This example shows how to configure a dot1x credentials profile and specify the profile description, authentication password, and username:
dot1x eap profile (configuration interface mode)
Use the dot1x eap profile interface configuration mode command to enable a preconfigured EAP profile for the fast Ethernet interface. Use the no form of this command to disable the EAP profile.
[no] dot1x eap profile profile-name
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You must first configure an EAP profile before you can enable the profile on the fast Ethernet interface. To configure an EAP profile, use the eap profile configuration command. To enable a preconfigured EAP profile on the fast Ethernet interface, use the dot1x eap profile configuration interface command.
Examples
This example shows how to enable the preconfigured EAP test profile on the fast Ethernet interface:
This example shows how to disable the EAP test profile on the fast Ethernet interface:
Related Commands
|
|
|
|---|---|
dot1x eap profile (SSID configuration mode)
Use the dot1x eap profile SSID configuration mode command to enable a preconfigured EAP profile for the SSID. Use the no form of this command to disable the EAP profile.
[no] dot1x eap profile profile-name
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You must configure an EAP profile before you can enable the profile for the SSID interface. To configure an EAP profile, use the eap profile configuration command. To enable a preconfigured EAP profile for the SSID interface, use the dot1x eap profile configuration interface command.
Examples
This example shows how to enable the preconfigured EAP profile test on the SSID configuration interface:
This example shows how to disable the EAP test profile on the SSID interface:
Related Commands
|
|
|
|---|---|
dot1x timeout reauth-period
Use the dot1x timeout reauth-period configuration interface command to configure the dot1x client reauthentication period. The no form of the command disables reauthentication.
[no] dot1x timeout reauth-period {<sec> | server}
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure a dot1x client reauthentication period to a value of 100 seconds:
dot1x timeout supp-response
Use the dot1x timeout supp-response global configuration command to configure the time that an access point waits for the wireless client to reply to an EAP dot1x message. The no form of the command disables the timeout.
[no] dot1x timeout supp-response time [local]
Syntax Description
Specifies that the access point must use the local configured timeout value and ignore the override timeout value from the RADIUS server. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure an access point to control the EAP dot1x wireless client response timeout and configure a value of 100 seconds:
duplex
To configure the duplex operation on a wireless device’s Ethernet port, use the duplex interface configuration command. Use the no form of this command to return the system to auto-duplex mode.
[no] duplex {auto | full | half}
Note Cisco recommends that you use auto, the default setting, for both duplex and speed settings on the Ethernet port.
Syntax Description
Specifies auto-duplex operation. Cisco recommends that you use this setting. |
|
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Cisco recommends that you use auto, the default setting, for both the speed and duplex settings on the Ethernet port.
When the access point or bridge receives inline power from a switch, any change in the speed or duplex settings that resets the Ethernet link reboots the unit. If the switch port to which the wireless device is connected is not set to auto, you can change the wireless device port to half or full to correct a duplex mismatch and the Ethernet link is not reset. However, if you change from half or full back to auto, the link is reset and, if the wireless device receives inline power from a switch, the wireless device reboots.
Note The speed and duplex settings on the wireless device Ethernet port must match the Ethernet settings on the port to which the wireless device is connected. If you change the settings on the port to which the wireless device is connected, change the settings on the wireless device Ethernet port to match.
Examples
This example shows how to configure the Ethernet port for auto duplex:
Related Commands
|
|
|
|---|---|
eap profile
Use the eap profile global configuration command to configure an EAP profile. Use the no form of this command to disable the EAP profile.
Note This command is not supported on c1200 and c1100 platforms.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Use the eap profile command to configure an eap profile. Issuing the eap profile command puts you in dot1x eap profile mode.
You can specify eap profile parameters using these subcommands:
Examples
This example shows how to create and provide a description for the EAP profile test:
This example shows how to disable the EAP test profile:
Related Commands
|
|
|
|---|---|
eapfast authority
Use the eapfast authority command to configure an EAP-FAST authority ID (AID) for a local authenticator access point. The EAP-FAST AID identifies the server that authenticates the EAP-FAST client. The local authenticator sends its AID to an authenticating client, and the client checks its database for a matching AID. If the client does not recognize the AID, it requests a new Protected Access Credential (PAC).
[no] eapfast authority {id identifier | info string}
Syntax Description
Defaults
Command Modes
Configuration mode for local authenticators
Command History
|
|
|
|---|---|
Examples
This example shows how to configure an AID for the local authenticator access point:
This example shows how to configure an information string for the AID:
Related Commands
|
|
|
|---|---|
eapfast pac expiry
Use the eapfast pac expiry global configuration command to set the Protected Access Credential (PAC) expiration time and grace period for a group of EAP-FAST clients associated to a local authenticator access point.
[no] eapfast pac expiry days [grace days]
Syntax Description
Defaults
The default is infinite days for both the expiration time and the grace period.
Command Modes
Client group configuration mode for local authenticators
Command History
|
|
|
|---|---|
Examples
In this example, PACs for the user group clerks expire in 10 days with a grace period of two days:
Related Commands
|
|
|
|---|---|
eapfast server-key
Use the eapfast server-key command to configure EAP-FAST server keys. The local authenticator uses server keys to encrypt Protected Access Credential (PAC) files that it generates and to decrypt PACs when it is authenticating clients. The server maintains two keys, a primary key and a secondary key, and uses the primary key to encrypt PACs. Periodically, the local authenticator switches keys, making the primary key the secondary and using the secondary key as the primary. If you do not configure server keys, the local authenticator generates keys automatically.
When the local authenticator receives a client PAC, it attempts to decrypt the PAC with the primary key. If decryption fails with the primary key, the authenticator attempts to decrypt the PAC with the secondary key. If decryption fails with the secondary key, the authenticator rejects the PAC as invalid.
[no] eapfast server-key { primary {auto-generate | [0 | 7] key} |
secondary [0 | 7] key}
Syntax Description
Defaults
By default, the local authenticator generates server keys automatically.
Command Modes
Configuration mode for local authenticators
Command History
|
|
|
|---|---|
Examples
This example shows how to configure a primary server key for the local authenticator access point:
This example shows how to configure a secondary server key:
Related Commands
|
|
|
|---|---|
encryption key
Use the encryption key configuration interface command to define a WEP key used for data encryption on the wireless LAN or on a specific virtual LAN (VLAN). Use the no form of the command to remove a specific encryption key.
Note You need to configure static WEP keys only if your access point supports client devices that use static WEP. If all the client devices that associate to the access point use key management (WPA, CCKM, or 802.1x authentication) you do not need to configure static WEP keys.
Note Encryption VLAN is not supported on bridges.
[no] encryption
[vlan vlan-id ]
key 1-4
size {40bit | 128Bit}
encryption-key
[transmit-key]
Syntax Description
Specifies the number of the key (1 to 4) that is being configured. (A total of four encryption keys can be configured for each VLAN.) Note If you configure static WEP with MIC or CMIC, the access point and associated client devices must use the same WEP key as the transmit key, and the key must be in the same key slot on the access point and the clients. See Table 2-9 for a list of WEP key restrictions based on your security configuration. |
|
Specifies the key for encrypting transmit data from the access point. Key slot 1 is the default key slot. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Using security features such as authenticated key management can limit WEP key configurations. Table 2-9 lists WEP key restrictions based on your security configuration.
Examples
This example shows how to configure a 40-bit encryption key with a value of 11aa33bb55 as
WEP key 1 used on VLAN number 1:
This example shows how to remove WEP key 1 on VLAN 1:
Related Commands
|
|
|
|---|---|
encryption mode ciphers
Use the encryption mode ciphers configuration interface command to enable a cipher suite. Cipher suites are sets of encryption algorithms that, like WEP, protect radio communication on your wireless LAN. You must use a cipher suite to enable Wi-Fi Protected Access (WPA) or Cisco Centralized Key Management (CCKM).
Because cipher suites provide the protection of WEP while also allowing use of authenticated key management, Cisco recommends that you enable WEP by using the encryption mode ciphers command in the CLI or by using the cipher drop-down menu in the web-browser interface. Cipher suites that contain TKIP provide the best security for your wireless LAN, and cipher suites that contain only WEP are the least secure.
Note You can also use the encryption mode wep command to set up static WEP. However, you should use encryption mode wep only if all clients that associate to the access point are not capable of key management.
Note Encryption VLAN is not supported on bridges.
encryption [vlan vlan] mode ciphers
{[aes-ccm | ckip | cmic | ckip-cmic | tkip]}
{[wep128 | wep40]}
Syntax Description
ckip1 |
|
Specifies that both ckip and cmic are included in the cipher suite. |
|
Specifies that TKIP is included in the cipher suite. Note If you enable a cipher suite with two elements (such as TKIP and 128-bit WEP), the second cipher becomes the group cipher. |
|
|
1.You must enable Aironet extensions to use this option in the cipher suite. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
|
|
|
|---|---|
Note You must enable Aironet extensions to include CKIP, CMIC, or CKIP-CMIC in a cipher suite. Use the dot11 extension aironet command to enable Aironet extensions.
Refer to the Cisco IOS Software Configuration Guide for Cisco Aironet Access Points for a complete description of WPA and CCKM and instructions for configuring authenticated key management.
Examples
This example sets up a cipher suite for VLAN 22 that enables CKIP, CMIC, and 128-bit WEP.
Related Commands
|
|
|
|---|---|
Configures the client authentication type for an SSID, including WPA and CCKM authenticated key management |
encryption mode wep
Use the encryption mode wep configuration interface command to enable a specific encryption type that is used to communicate on the wireless LAN or on a specific VLAN. When encryption is enabled, all client devices on the wireless LAN or on a VLAN must support the specified encryption methods to communicate with the access point. Use the no form of the command to disable the encryption features on a specific VLAN.
Note Because cipher suites provide the protection of WEP while also allowing use of authenticated key management, Cisco recommends that you enable WEP by using the encryption mode ciphers command. Cipher suites that contain TKIP provide the best security for your wireless LAN, and cipher suites that contain only WEP are the least secure.
Note Encryption VLAN is not supported on bridges.
[no] encryption [vlan vlan-id ] mode wep
{ mandatory | optional}
{key-hash | mic [key-hash] }
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify that encryption key hashing must be used on VLAN number 1:
This example shows how to disable mandatory encryption on VLAN 1:
Related Commands
|
|
|
|---|---|
exception crashinfo buffersize
To change the size of the buffer used for crashinfo files, use the exception crashinfo buffersize command in global configuration mode. To revert to the default buffersize, use the no form of this command.
exception crashinfo buffersize kilobytes
no exception crashinfo buffersize kilobytes
Syntax Description
Sets the size of the buffersize to the specified value within the range of 32 to 100 kilobytes. The default is 32 KB. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example sets the crashinfo buffer to 100 KB:
Related Commands
|
|
|
|---|---|
Enables the creation of a diagnostic file at the time of unexpected system shutdowns. |
exception crashinfo file
To enable the creation of a diagnostic file at the time of unexpected system shutdowns, use the exception crashinfo file command in global configuration mode. To disable the creation of crashinfo files, use the no form of this command.
exception crashinfo file device:filename
no exception crashinfo file device:filename
Syntax Description
Specifies the flash device and file name to be used for storing the diagnostic information. The colon is required. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
In this example, the access point creates a crashinfo file called crashdata in the default flash memory device if a system crash occurs:
Related Commands
|
|
|
|---|---|
fixed-slot (QOS Class interface configuration mode)
Use the fixed-slot QOS Class interface configuration mode command to configure the CAC 802.11 fixed backoff slot time for a radio interface. Use the no form of the command to remove the setting.
Note This command is not supported when operating in repeater mode.
Syntax Description
Defaults
When QoS is enabled, the default fixed-slot settings for access points match the values in Table 2-11 , and the default fixed-slot settings for bridges match the values in Table 2-12 .
|
|
|
|---|---|
|
|
|
|---|---|
Command Modes
QOS Class interface configuration mode
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the CAC 802.11 fixed backoff slot time for the radio interface:
This example shows how to remove the CAC 802.11 fixed backoff slot time for the radio interface:
Related Commands
fragment-threshold
Use the fragment-threshold configuration interface command to set the size at which packets are fragmented. Use the no form of the command to reset the parameter to defaults.
[no] fragment-threshold 256-2346
Syntax Description
Specifies the packet fragment threshold size (256 to 2346 bytes) |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to set the packet fragment threshold size to 1800 bytes:
This example shows how to reset the packet fragment threshold size to defaults:
Related Commands
|
|
|
|---|---|
group (local server configuration mode)
Use the group local server configuration mode command to enter user group configuration mode and configure a user group to which you can assign shared settings. In user group configuration mode you can specify settings for the user group such as VLAN and SSID.
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Local server configuration mode
Command History
|
|
|
|---|---|
Examples
This example shows how to create a user group on the local authenticator:
Related Commands
guard-interval
Use the guard-interval configuration mode command to configure the The 802.11n guard interval. The guard interval is the period in nanoseconds the radio listens between packets. Two settings are available: short (400ns) and long (800ns).
Syntax Description
Allows the radio to use either short or long guard intervals. |
|
Defaults
Command Modes
Dot11Radio configuration interface
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to set a long guard interval on a 2.4-GHz 802.11n radio:
Related Commands
guest-mode (SSID configuration mode)
Use the guest-mode SSID configuration mode command to configure the radio interface (for the specified SSID) to support guest mode. Use the no form of the command to disable the guest mode.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The access point can have one guest-mode SSID or none at all. The guest-mode SSID is used in beacon frames and response frames to probe requests that specify the empty or wildcard SSID. If no guest-mode SSID exists, the beacon contains no SSID and probe requests with the wildcard SSID are ignored. Disabling the guest mode makes the networks slightly more secure. Enabling the guest mode helps clients that passively scan (do not transmit) associate with the access point. It also allows clients configured without a SSID to associate.
Examples
This example shows how to set the wireless LAN for the specified SSID into guest mode:
This example shows how to reset the guest-mode parameter to default values:
Related Commands
|
|
|
|---|---|
iapp path destination
To configure the IAPP path parameters, use the iapp path destination command in global configuration mode.
iapp path destination destination
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the destination city in an access point.
iapp path destination source
To configure the IAPP path parameters, use the iapp path destination source command in global configuration mode.
iapp path destination destination source source
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the destination and source cities in an access point.
iapp standby mac-address
Use the iapp standby mac-address global configuration command to configure an access point to be in standby mode and specify the monitored access point’s MAC address. Use the no form of this command to disable the access point standby mode.
[no] iapp standby mac-address mac-address
Note This command is not supported on bridges.
Syntax Description
Specifies the MAC address (in xxxx.xxxx.xxxx format) of the active access point |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to place the access point in standby mode and indicate the MAC address of the active access point:
Related CommandsYou can verify your settings by entering the show class-map privileged EXEC command.
|
|
|
|---|---|
Shuts down the radio interface on the monitored access point when the standby access point takes over |
|
iapp standby poll-frequency
Use the iapp standby poll-frequency global configuration command to configure the standby mode polling interval. Use the no form of this command to clear the access point standby mode poll frequency.
[no] iapp standby poll-frequency sec [mac-address]
Note This command is not supported on bridges.
Syntax Description
Defaults
When you enable hot standby, the default poll frequency is 2 seconds.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the standby mode poll frequency of 5 minutes:
Related CommandsYou can verify your settings by entering the show class-map privileged EXEC command.
iapp standby primary-shutdown
Use the iapp standby primary-shutdown global configuration command to disable the radio interfaces on the monitored access point when the standby access point becomes active. The standby access point sends a Dumb Device Protocol (DDP) message to disable the radios of the monitored access point when it detects a failure (for example, if the standby unit cannot associate to the monitored access point, or if the standby unit detects a link test failure on any of the monitored interfaces).
[no] iapp standby primary-shutdown
Note This command is not supported on bridges.
Note When the monitored access point receives the message to disable its radios it puts the radio interfaces into the admin down state. You must re-enable the radios to bring the radio interfaces back up.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable the primary shutdown feature on a standby access point:
Related CommandsYou can verify your settings by entering the show class-map privileged EXEC command.
|
|
|
|---|---|
Places the access point into standby mode and identifies the MAC address of the active access point |
|
Specifies the access point standby mode polling timeout value |
iapp standby timeout
Use the iapp standby timeout global configuration command to configure the standby mode polling timeout value. Use the no form of this command to clear the standby mode polling timeout value.
Syntax Description
Defaults
When you enable hot standby, the default standby timeout is 20 seconds.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the standby mode polling timeout of 1 minute:
This example shows how to clear the standby mode timeout value:
Related CommandsYou can verify your settings by entering the show class-map privileged EXEC command.
ids mfp client
Use the ids mfp client SSID configuration command to enable and explicitly specify the status of MFP-2. To disable MFP-2 on an access point, use the no form of this command.
[no] ids mfp client{[required | optional] }
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable MFP-2 for mandatory authentication:
This example shows how to enable MFP-2 for optional authentication:
information-element ssidl (SSID configuration mode)
Use the information-element ssidl SSID configuration command to designate an SSID for inclusion in an SSIDL information element (IE) that the access point includes in beacons. When you designate an SSID to be included in an SSIDL IE, client devices detect that the SSID is available, and they also detect the security settings required to associate using that SSID.
[no] information-element ssidl {[advertisement] [wps]}
Note When multiple basic SSIDs are enabled on the access point, the SSIDL IE does not contain a list of SSIDs; it contains only extended capabilities.
Syntax Description
Includes the SSID name and capabilities in the access point SSIDL IE. |
|
Defaults
By default, the access point does not include SSIDL IEs in beacons.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to designate an SSID for inclusion in the WPS IE:
Related Commands
|
|
|
|---|---|
infrastructure-client
Use the infrastructure-client configuration interface command to configure a virtual interface for a workgroup bridge client. Use the no form of the command to disable the workgroup bridge client virtual interface.
Note Enter this command on an access point or bridge. This command is not supported on devices configured as workgroup bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Enable the infrastructure client feature to increase the reliability of multicast messages to workgroup bridges. When enabled, the access point sends directed packets containing the multicasts, which are retried if necessary, to the associated workgroup bridge. Enable only when necessary because it can greatly increase the load on the radio cell.
Examples
This example shows how to configure a virtual interface for a workgroup bridge client.
This example shows how to specify that a workgroup bridge client virtual interface is not supported.
Related Commands
|
|
|
|---|---|
Displays information on the current running access point configuration |
infrastructure-ssid (SSID configuration mode)
Use the infrastructure-ssid command in SSID configuration mode to reserve this SSID for infrastructure associations, such as those from one access point or bridge to another. Use the no form of the command to revert to a normal non-infrastructure SSID.
[ no ] infrastructure-ssid [ optional ]
Syntax Description
Specifies that both infrastructure and mobile client devices are allowed to associate using the SSID |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
This command controls the SSID that access points and bridges use when associating with one another. A root access point only allows a repeater access point to associate using the infrastructure SSID. A root bridge only allows a non-root bridge to associate using the infrastructure SSID. Repeater access points and non-root bridges use this SSID to associate with root devices. The infrastructure SSID must be assigned to the native VLAN. It cannot be assigned a non-native VLAN.
For configurations using the CLI, the infrastructure-ssid command is not a requirement unless multiple SSIDs are configured on the radio. In this case the infrastructure-ssid command is used to identify the SSID a non-root bridge uses to connect to the uplink. Other non-infrastructure SSIDs are used for client association to the non-root bridge.
However, using the GUI requires that the infrastructure ssid be configured for repeaters, workgroup bridges, and non-root bridges. The goal of the CLI is to provide the maximum flexibility while the GUI provides the minimum working configuration for the purpose of ease of use.
Examples
This example shows how to reserve the specified SSID for infrastructure associations on the wireless LAN:
This example shows how to restore the SSID to non-infrastructure associations:
Related Commands
|
|
|
|---|---|
interface dot11 (LBS configuration mode)
Use the interface dot11 location based services (LBS) configuration mode command to specify the radio interface on which an LBS profile is enabled. An LBS profile remains inactive until you enter this command.
Syntax Description
Specifies the radio interface. The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1. |
Defaults
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the radio interface for an LBS profile:
Related Commands
interface dot11radio
Use the interface dot11radio global configuration command to place access point into the radio configuration mode.
interface dot11radio interface-number
Syntax Description
Specifies the radio interface number (The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.) |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to place the access point into the radio configuration mode:
Related Commands
|
|
|
|---|---|
ip admission web_passthrough
To enable a web pass-through, use the ip admission web_passthrough command in interface configuration mode.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable a web pass-through:
ip cef
To enable Cisco Express Forwarding, use the ip cef command.
ip cef accounting {load-balance-hash {non-recursive {per-prefix prefix-length | prefix-length per-prefix } | per-prefix | prefix-length} load-sharing algorithm {include-ports {destination Fixed ID | source { Fixed ID | {destination Fixed ID }} | original | tunnel Fixed ID | universal Fixed ID } | optimize neighbor resolution | traffic-statistics {load-interval seconds | update-rate seconds }
Syntax Description
Enables accounting for traffic through non-recursive prefixes. |
|
Specifies the load interval delay in seconds. The load interval must be in multiples of 30. |
|
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable Cisco Express Forwarding
ip igmp snooping vlan
To enable IGMP snooping on a Catalyst VLAN, use the ip igmp snooping vlan command.
[no] ip igmp snooping vlan vlan-id
Note If there is no multicast router for processing IGMP query and response from the host, it is mandatory that no ip igmp snooping be configured on the access point. When IGMP snooping is enabled, all multicast group traffic must send IGMP query and response. If an IGMP query or response is not detected, all multicast traffic for that group is dropped.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable IGMP snooping on a Catalyst VLAN:
This example shows how to disable IGMP snooping on a Catalyst VLAN:
Related Commands
|
|
|
|---|---|
ip redirection
Use the ip redirection SSID configuration mode command to enable IP redirection for an SSID. When you configure IP redirection for an SSID, the access point redirects packets sent from client devices associated to that SSID to a specific IP address. IP redirection is used mainly on wireless LANs serving handheld devices that use a central software application and are statically configured to communicate with a specific IP address.
You can redirect all packets from client devices associated using an SSID or redirect only packets directed to specific TCP or UDP ports (as defined in an access control list). When you configure the access point to redirect only packets addressed to specific ports, the access point redirects those packets from clients using the SSID and drops all other packets from clients using the SSID.
Note When you perform a ping test from the access point to a client device that is associated using an IP-redirect SSID, the response packets from the client are redirected to the specified IP address and are not received by the access point.
[no] ip redirection {host ip-address [access-group { access-list-number | access-list-name } in]}
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure IP redirection for an SSID without applying an ACL. The access point redirects all packets that it receives from client devices associated to the SSID zorro:
Related Commands
|
|
|
|---|---|
ip SSH version
To specify the protocol version to be supported, use the ip SSH version command in configuration mode.
Syntax Description
Specifies the protocol version to be supported. The valid versions are 1 and 2. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the protocol version to be supported:
ipv6 access-list
To configure the IPv6 access list globally, use the command ipv6 access-list in BVI interface mode.
ipv6 access-list | default | deny | evaluate | exit | no | permit | remark | sequence
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to set a command to its defaults:
This example shows how to specify packets to reject:
This example shows how to evaluate an access list:
ipv6 address autoconfig
To enable stateless autoconfiguration, use the ipv6 address autoconfig command in BV1 interface mode.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable stateless autoconfiguration:
ipv6 address dhcp rapid-commit
To enable the dhcpv6 client, use the ipv6 address dhcp rapid-commit command in BV1 interface mode.
ipv6 address dhcp rapid-commit
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable the dhcpv6 client:
ipv6 address ipv6-address link-local
To configure a link-local address, use the ipv6 address ipv6-address [eui-64] link-local command in BV1 interface.
ipv6 address X:X:X:X::X [eui-64] link-local
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure a link-local address:
ipv6 nd autoconfig
To configure Neighbor Discovery-derived default router, use the ipv6 nd autoconfig command in BV1 interface mode.
ipv6 nd autoconfig {default-route| prefix}
Syntax Description
Sends a router solicitation message to solicit a router advertisement. |
|
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure Neighbor Discovery-derived default router:
This example shows how to install the prefix in the RIB:
ipv6 nd cache
To configure the time before an IPv6 neighbor discovery cache entry expires, use the ipv6 nd cache command in BV1 interface mode.
ipv6 nd cache {expire seconds | interface-limit value }
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the time before an IPv6 neighbor discovery cache entry expires:
This example shows how to specify the number of entries for each interface:
ipv6 nd dad
To configure the number of attempts and the interval between consecutive neighbor solicitation messages that are sent on an interface for duplicate address detection, use the ipv6 nd dad command in BV1 interface mode.
ipv6 nd dad {attempts value | time ms }
Syntax Description
Specifies IPv6 Duplicate Address Detection Transmits, in seconds. Valid range is from 0 to 600. |
|
Specifies IPv6 Duplicate Address Detection Time, in milliseconds. Valid range is from 1 to 600. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify IPv6 Duplicate Address Detection Transmits:
This example shows how to specify IPv6 Duplicate Address Detection Time:
ipv6 nd na glean
To configure the neighbor discovery to glean an entry from an unsolicited neighbor advertisement, use the ipv6 nd na glean command in BV1 interface mode.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the neighbor discovery to glean an entry from an unsolicited neighbor advertisement:
ipv6 nd ns-interval
To specify the time interval between IPv6 neighbor solicitation retransmissions on an interface, use the ipv6 nd ns-interval in BV1 interface mode.
Syntax Description
Specifies the time interval between the IPv6 neighbor solicitation retransmission attempts, in milliseconds. Valid range is from 1000 to 172800000. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the time interval between IPv6 neighbor solicitation retransmissions on an interface:
ipv6 nd reachable-time
To specify the time that a remote IPv6 node is reachable, use the ipv6 nd reachable-time command in BV1 interface mode.
Syntax Description
Specifies the time that a remote IPv6 node is reachable, in milliseconds. Valid range is from 0 to 3600000. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the time that a remote IPv6 node is reachable:
ipv6 traffic-filter
To assign the globally configured ACL to the outbound and inbound traffic in the Layer 3 interface, use the ipv6 traffic-filter acl-name command in BV1 interface mode.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to assign the globally configured ACL to the outbound and inbound traffic in the Layer 3 interface:
l2-filter bridge-group-acl
Use the l2-filter b ridge-group-acl configuration interface command to apply a Layer 2 ACL filter to the bridge group incoming and outgoing packets between the access point and the host (upper layer). Use the no form of the command to disable the Layer 2 ACL filter.
[no] l2-filter bridge-group-acl
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to apply a Layer 2 ACL filter to the bridge group packets:
Related Commands
|
|
|
|---|---|
Displays information on the bridge group or classes of entries in the bridge forwarding database |
|
l2-filter-block-arp
Use the l2-filter block-arp command on radio interface to block all ARP requests whose target L3-address is the access point IP address.
The Address Resolution Protocol (ARP) is used to dynamically map physical hardware addresses to an IP address. Network devices and workstations maintain internal tables in which these mappings are stored for some period of time.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to apply a l2-filter block-arp command to a radio interface:
led display
Use the led display global configuration command to reduce the brightness or to turn-off the Status LED on the Cisco Aironet 1130AG access point. Use the no form of the command to return the Status LED to full intensity operation.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to reduce the brightness of the 1130AG Status LED:
This example shows how to turn-on the 1130AG Status LED.
This example shows how to return the 1130AG Status LED to full brightness operation.
Related Commands
|
|
|
|---|---|
Displays the contents of the currently running configuration file. |
led flash
Use the led flash privileged EXEC command to start or stop the blinking of the LED indicators on the access point for a specified number of seconds. Without arguments, this command blinks the LEDs continuously.
led flash [ seconds | disable]
Syntax Description
Specifies the number of seconds (1 to 3600) that the LEDs blink |
|
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to blink the access point LEDs for 30 seconds:
Related Commands
|
|
|
|---|---|
logging buffered
Use the logging buffered global configuration command to begin logging of messages to an internal buffer. Use the no form of this command to stop logging messages.
[no] logging buffered [ size ] [ severity ]
Syntax Description
Specifies the size of the internal buffer (4096 to 2147483647 bytes) |
|
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to begin logging severity 3 messages to an internal 5000-byte buffer:
Related Commands
|
|
|
|---|---|
logging snmp-trap
Use the logging snmp-trap global configuration command to specify the severity level of syslog messages for which the access point sends SNMP traps.
[no] logging snmp-trap severity
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
For the logging snmp-trap command to operate correctly, you must also configure these global configuration commands on the access point:
AP(config)# snmp-server enable traps
AP(config)# snmp-server host address syslog
Examples
This example shows how to configure the access point to send SNMP traps for all severity levels:
This example shows how to configure the access point to send SNMP traps only for warning messages:
Related Commands
|
|
|
|---|---|
match (class-map configuration)
Use the match class-map configuration command to define the match criteria to classify traffic. Use the no form of this command to remove the match criteria.
[no] match { access-group acl-index-or-name |
ip [dscp dscp-list | precedence precedence-list] |
vlan vlan-id}
Syntax Description
Note Though visible in the command-line help strings, the any, class-map, destination-address, input-interface, mpls, not, protocol, and source-address keywords are not supported.
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Use the class-map global configuration command to enter the class-map configuration mode. The match command in the class-map configuration mode is used to specify which fields in the incoming packets are examined to classify the packets. Only the IP access group or the MAC access group matching to the Ether Type/Len are supported.
You can use the match ip dscp dscp-list command only in a policy map that is attached to an egress interface.
Only one match command per class map is supported.
For the match ip dscp dscp-list or the match ip precedence ip-precedence-list command, you can enter a mnemonic name for a commonly used value. For example, you can enter the match ip dscp af11 command, which is the same as entering the match ip dscp 10 command. You can enter the match ip precedence critical command, which is the same as entering the match ip precedence 5 command. For a list of supported mnemonics, enter the match ip dscp ? or the match ip precedence ? command to see the command-line help strings.
Examples
This example shows how to create a class map called class2, which matches all the incoming traffic with DSCP values of 10, 11, and 12:
This example shows how to create a class map called class3, which matches all the incoming traffic with IP-precedence values of 5, 6, and 7:
This example shows how to delete the IP-precedence match criteria and to classify traffic by vlan:
You can verify your settings by entering the show class-map privileged EXEC command.
Related Commands
|
|
|
|---|---|
Creates a class map to be used for matching packets to the class whose name you specify |
|
max-associations (SSID configuration mode)
Use the max-associations SSID configuration mode command to configure the maximun number of associations supported by the radio interface (for the specified SSID). Use the no form of the command to reset the parameter to the default value.
Syntax Description
Specifies the maximum number (1 to 255) of associations supported |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to set the maximum number of associations to 5 on the wireless LAN for the specified SSID:
This example shows how to reset the maximum number of associations to the default value:
Related Commands
|
|
|
|---|---|
mbssid
Use the mbssid configuration interface command to enable multiple basic SSIDs on an access point radio interface.
Note This command is supported only on radio interfaces that support multiple BSSIDs. To determine whether a radio supports multiple BSSIDs, enter the show controllers radio_interface command. Multiple BSSIDs are supported if the results include this line:
Number of supported simultaneous BSSID on radio_interface: 8
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable multiple BSSIDs on a radio interface:
To enable multiple BSSIDs on all radio interfaces, use the dot11 mbssid global configuration command.
Related Commands
|
|
|
|---|---|
Enables multiple BSSIDs on all radio interfaces that support multiple BSSIDs |
|
Specifies that a BSSID is included in beacons and specifies a DTIM period for the BSSID |
|
mbssid (SSID configuration mode)
Use the mbssid SSID configuration mode command to include the SSID name in the beacon and broadcast probe response and to configure the DTIM period for the SSID.
[no] mbssid [guest-mode] [dtim-period period ]
Note This command is supported only on radio interfaces that support multiple basic SSIDs. To determine whether a radio supports multiple basic SSIDs, enter the show controllers radio_interface command. Multiple basic SSIDs are supported if the results include this line:
Number of supported simultaneous BSSID on radio_interface: 8
Syntax Description
Specifies the rate at which the device sends a beacon that contains a Delivery Traffic Indicator Message (DTIM). Enter a beacon rate between 1 and 100. |
Defaults
Guest mode is disabled by default. The default period is 2, which means that every other beacon contains a DTIM.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The guest mode and DTIM period configured in this command are applied only when MBSSIDs are enabled on the radio interface.
When client devices receive a beacon that contains a DTIM, they normally wake up to check for pending packets. Longer intervals between DTIMs let clients sleep longer and preserve power. Conversely, shorter DTIM periods reduce the delay in receiving packets but use more battery power because clients wake up more often.
Note Increasing the DTIM period count delays the delivery of multicast packets. Because multicast packets are buffered, large DTIM period counts can cause a buffer overflow.
If you configure a DTIM period for a BSSID and you also use the beacon command to configure a DTIM period for the radio interface, the BSSID DTIM period takes precedence.
Examples
This example shows how to include a BSSID in the beacon:
This example shows how to configure a DTIM period for a BSSID:
This example shows how to include a BSSID in the beacon and to configure a DTIM period:
Related Commands
|
|
|
|---|---|
Enables BSSIDs on all radio interfaces that support multiple BSSIDs |
|
method (eap profile configuration mode)
Use the method EAP profile configuration mode command to enable method types used in an EAP profile. Use the no form of the command to disable the EAP method.
[no] method [fast] [gtc] [leap] [md5] [mschapv2] [tls]
Syntax Description
Note EAP-GTC, EAP-MD5, and EAP-MSCHAPV2 should not be used as the primary authentication method.
Defaults
Command Modes
EAP profile configuration mode
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the EAP-FAST method for the EAP test profile:
Related Commands
|
|
|
|---|---|
Configures an EAP profile and enters into EAP profile configuration mode. |
|
method (LBS configuration mode)
Use the method location based services (LBS) configuration mode command to specify the location method used in an LBS profile.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the location method used in the LBS profile:
Related Commands
mobile station
Use the mobile station configuration interface command to configure a bridge or a workgroup bridge as a mobile device. When you enable this setting on a device in non-root or workgroup bridge mode, the device scans for a new parent association when it encounters a poor Received Signal Strength Indicator (RSSI), excessive radio interference, or a high frame-loss percentage. Using these criteria, a bridge configured as a mobile station searches for a new parent association and roams to a new parent before it loses its current association. When the mobile station setting is disabled (the default setting) the bridge does not search for a new association until it loses its current association.
[no] mobile station [period] [threshold] [scan] [ignore neighbor-list] [minimum-rate]
Syntax Description
Defaults
This command is disabled by default.
The default period is 20 seconds.
Command Modes
Command History
Usage Guidelines
This command can prevent data loss on a mobile workgroup bridge or bridge by ensuring that the bridge roams to a new parent device before it loses its current association.
Examples
This example shows how to specify that a bridge is a mobile station and sets the period and threshold to 20 seconds and 70 dBm:
This example shows how to specify a scan for channels 1 and 6:
This example shows how to set a minimum rate of MCS rate index 15, below which the AP is rejected:
Related Commands
|
|
|
|---|---|
mobility network-id
Use the mobility network-id SSID configuration mode command to associate an SSID to a Layer 3 mobility network ID. Use the no form of the command to disassociate the SSID from the mobility network ID.
[no] mobility network-id network-id
Syntax Description
Specifies the Layer 3 mobility network identification number for the SSID |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to an SSID with a Layer 3 mobility network ID:
This example shows how to reset the VLAN parameter to default values:
Related Commands
|
|
|
|---|---|
multicast address (LBS configuration mode)
Use the multicast address location based services (LBS) configuration mode command to specify the multicast address that LBS tag devices use when they send LBS packets.
Syntax Description
Specifies the multicast address that LBS tag devices use when they send LBS packets. |
Defaults
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the multicast address used in the LBS profile:
Related Commands
nas (local server configuration mode)
Use the nas local server configuration mode command to add an access point to the list of devices that use the local authenticator.
Syntax Description
Defaults
Command Modes
Local server configuration mode
Command History
|
|
|
|---|---|
Examples
This example shows how to add an access point to the list of NAS access points on the local authenticator:
Related Commands
packet max-retries
Use the packet max-retries configuration interface command to specify the maximum number of attempts per non-best-effort data packet before discarding the packet. Use the no form of the command to reset the parameter to defaults.
[no] packet max-retries number 1 number 2
fail-threshold number 3 number 4
priority value
drop-packet
Syntax Description
Defaults
number 1 default is 3, number 2 default is 0, number 3 default is 100, number 4 default is 500, value does not have a default and drop-packet default is no, that is - non-best-effort data packets will not be discarded.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the packet max-retries.
This example shows how reset the packet retries to defaults.
Related Commands
|
|
|
|---|---|
packet retries
Use the packet retries configuration interface command to specify the maximum number of attempts to send a packet. Use the no form of the command to reset the parameter to defaults.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify 15 as the maximum number of retries.
This example shows how reset the packet retries to defaults.
Related Commands
|
|
|
|---|---|
packet speed
Use the packet speed configuration interface command to specify downlink data rates and priorities for packets which have been declared discard-eligible in the packet max-retries command. Use the no form of the command to disable specified speeds and priorities and to restore the default data rates.
[no] packet speed [rate1....rateN | default]
priority 0-7
Specifies one or multiple data rates that can be used for packets. Possible data rates are listed below: – |
|
Defaults
802.11b default data rates (Mbps): 5.5, 11.0
802.11a default data rates (Mbps): 6.0, 12.0, 24.0
802.11g default data rates (Mbps): 5.5, 6.0, 11.0, 12.0, 24.0
Priority default is 6(voice). Currently, only priority 6 is allowed pending future releases.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify default packet speeds for priority 7.
This example shows how remove packet speeds of 1.0, 2.0, 5.5, 6.0, and 9.0 Mbps data rates at priority 7.
Related Commands
|
|
|
|---|---|
packet timeout
Use the packet timeout configuration interface command to specify the packet timeout period for a priority. Queued packets whose age has exceeded the timeout threshold will be discarded if they have been declared discard-eligible in the packet max-retries command. Use the no form of the command to reset the parameter to defaults.
[no] packet timeout 1-128
priority 0-7
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify a packet timeout of 12 msec at a priority of 7:
This example shows how remove the packet timeout of 12 at a priority of 7:
Related Commands
|
|
|
|---|---|
packet-type (LBS configuration mode)
Use the packet-type location based services (LBS) configuration mode command to specify the LBS packet type that accepted in an LBS profile.
packet-type {extended | short}
Syntax Description
Defaults
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the packet type used in the LBS profile:
Related Commands
parent
Use the parent configuration interface command to add a parent to a list of valid parent access points. Use the no form of the command to remove a parent from the list.
Syntax Description
Specifies the MAC address (in xxxx.xxxx.xxxx format) of a parent access point |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The parent command adds a parent to the list of valid parent access points. Use this command multiple times to define up to four valid parents. A repeater access point operates best when configured to associate with specific root access points that are connected to the wired LAN.
Examples
This example shows how to set up repeater operation with the parent 1 access point:
This example shows how to set up repeater operation with the parent 2 access point:
This example shows how to remove a parent from the parent list:
Related Commands
|
|
|
|---|---|
parent timeout
Use the parent timeout configuration interface command to define the amount of time that a repeater tries to associate with a parent access point. Use the no form of the command to disable the timeout.
Syntax Description
Specifies the amount of time the access point attempts to associate with the specified parent access point (0 to 65535 seconds) |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The parent timeout defines how long the access point attempts to associate with a parent in the parent list. After the timeout, another acceptable parent is used. You set up the parent list using the parent command. With the timeout disabled, the parent must come from the parent list.
Examples
This example shows how to set up repeater operation with the parent 1 access point with a timeout of 60 seconds:
This example shows how to disable repeater operation:
Related Commands
|
|
|
|---|---|
password (dot1x credentials configuration mode)
Use the password dot1x credentials configuration mode command to specify dot1x credential user password. Use the no form of the command to disable the password.
[no] password [number] password
Syntax Description
Specifies the type of password that follows. 0 indicates the password is unencrypted. 7 indicates the password is hidden. |
|
Defaults
Command Modes
Dot1x credentials configuration interface
Command History
|
|
|
|---|---|
Examples
This example shows how to specify an unencrpted user password for the dot1x credential:
This example shows how to specify a hidden user password for the dot1x credential:
This example shows how to disable the credential user password:
Related Commands
|
|
|
|---|---|
Displays the configured dot1x credentials on the access point. |
payload-encapsulation
Use the payload-encapsulation configuration interface command to specify the Ethernet encapsulation type used to format Ethernet data packets that are not formatted using IEEE 802.3 headers. Data packets that are not IEEE 802.3 packets must be reformatted using IEEE 802.1H or RFC1042. Use the no form of the command to reset the parameter to defaults.
[no] payload-encapsulation
{snap | dot1h}
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the use of IEEE 802.1H encapsulation:
This example shows how to reset the parameter to defaults:
Related Commands
|
|
|
|---|---|
pki-trustpoint (dot1x credentials configuration mode)
Use the pki-trustpoint dot1x credentials configuration mode command to configure the PKI-Trustpoint for the dot1x credential. Use the no form of the command to disable the PKI-Trustpoint.
Syntax Description
Specifies the default PKI-Trustpoint for the dot1x credential. |
Defaults
Command Modes
Dot1x credentials configuration interface
Command History
|
|
|
|---|---|
Examples
This example shows how to specify default PKI-Trustpoint for the dot1x credential:
This example shows how to disable the default PKI-Trustpoint:
Related Commands
|
|
|
|---|---|
Displays the configured dot1x credentials on the access point. |
power client
Use the power client configuration interface command to configure the maximum power level clients should use for IEEE 802.11b radio transmissions to the access point. The power setting is transmitted to the client device during association with the access point. Use the no form of the command to not specify a power level.
[no] power client {1 | 5 | 20 | 30 | 50 | 100 | maximum }2
[no] power client {1 | 5 | 10 | 20 | 30 | 50 | 100} | maximum)1
[no] power client {-1 | 2 | 5 | 8 | 11 | 14 | 17 | 20 | maximum }3
[no] power client {5 | 10 | 20 | 40} | maximum }1
[no] power client {-1 | 2 | 5 | 8 | 11 | 14 | 15 | 17 | maximum }2
[no] power client {-1 | 2 | 5 | 8 | 11 | 14 | 15 | maximum }2
Note This command is supported only on access points and the 1300 series bridge.
Note The supported client power levels differ on the various access points and the 1300 series bridge.
Syntax Description
For the 802.11b, 2.4-GHz radio: For the 802.11g, 2.4-GHz radio: -1, 2, 5, 8, 11, 14, 16, 17, 20, maximum5 For 802.11a, 5-GHz radio: |
Specifies a specific power level in mW or in dBm. Maximum power is regulated by the regulatory domain for the country of operation and is set during manufacture of the access point and client device. Note The maximum power level allowed depends on the gain of the antenna being used on your access point or bridge and on your regulatory domain. For a list of maximum power levels allowed in each regulatory domain for the 2.4-GHz radio and the 5-GHz radio, refer to the “Channels and Antenna Settings” section in the hardware installation guide for your access point or bridge. Note The 802.11g radio transmits at up to 100 mW or 20 dBm for the 1, 2, 5.5, and 11Mbps data rates. However, for the 6, 9, 12, 18, 24, 36, 48, and 54Mbps data rates, the maximum transmit power for the 802.11g radio is 30 mW or 17 dBm. |
|
|
Defaults
The default is no power level specification during association with the client.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Use this command to specify the desired transmitter power level for clients. Lower power levels reduce the radio cell size and interference between cells. The client software chooses the actual transmit power level, choosing between the lower of the access point value and the locally configured value. The maximum transmit power is limited according to regulatory region.
Examples
This example shows how to specify a 20-mW power level for client devices associated to the access point radio:
This example shows how to disable power level requests:
Related Commands
|
|
|
|---|---|
power inline negotiation
Use the power inline negotiation configuration command to configure the Cisco Aironet 1130AG or 1240AG series access point to operate with older switch software that does not support Cisco Intelligent Power Management power negotiations. Use the no form of the command to disable the access point inline power settings.
[no] power inline negotiation {prestandard source |
injector{installed | override | MAC address}}
Syntax Description
Defaults
The manufacturing default configuration is power inline negotiation prestandard source. If your switch supports Intelligent Power Management, you should change this setting by using the no power inline negotiation prestandard source command.
Command Modes
Command History
|
|
|
|---|---|
The command was modified to include the installed, override, and MAC address keywords. |
Usage Guidelines
To help avoid an over-current condition with low power sources and to optimize power usage on Cisco switches, Cisco developed Intelligent Power Management, which uses Cisco Discovery Protocol (CDP) to allow powered devices (the Cisco Aironet 1130AG and 1240AG series access points) to negotiate with a Cisco switch for sufficient power.
Intelligent Power Management support is dependent on the version of software resident in the Cisco switch that is providing power to the access point. Each Cisco switch should be upgraded to support Intelligent Power Management. Until the software is upgraded, you can configure the access point to operate with older switch software using the power inline negotiation command. Refer to the Troubleshooting section of the hardware installation guide for your access point for additional information.
A power injector can be used to supply power to the Cisco Aironet 1130AG or 1240AG series access point. If your switch supports Intelligent Power Management, the power injector will be detected without the need for any configuration changes on the access point.
Note Cisco switches that do not support inline power can run software that supports Intelligent Power Management. If your Cisco switch software cannot be upgraded, the access point must be reconfigured using the power inline negotiation injector command.
You must cautiously use the power inline negotiation injector override command because this command causes the access point to enter high power mode without performing power checks and can potentially cause an overcurrent condition in underpowered power sources. Always verify that a power injector is correctly installed before using this command.
When an access point was previously configured with a power injector and you relocate the access point to another switch port, you must use the power inline negotiation injector MAC address command with the MAC address of the new switch port. You must verify that the power injector is correctly installed before using this command.
Examples
This example shows how to set up the Cisco Aironet 1130AG or 1240AG series access point to be powered from a Cisco switch that can supply sufficient power but does not support Intelligent Power Management negotiations:
This example shows how to set up the Cisco Aironet 1130AG or 1240AG series access point to be powered from a power injector connected to a Cisco switch port that does not support Intelligent Power Management. The access point automatically determines the MAC address of the switch port:
Related Commands
|
|
|
|---|---|
Displays the current running configuration of the access point, which indicates how the access point is being powered. |
power local
Use the power local configuration interface command to configure the access point or bridge radio power level. Use the no form of the command to reset the parameter to defaults. On the 2.4-GHz, 802.11g radio, you can set Orthogonal Frequency Division Multiplexing (OFDM) power levels and Complementary Code Keying (CCK) power levels. CCK modulation is supported by 802.11b and 802.11g devices. OFDM modulation is supported by 802.11g and 802.11a devices.
2.4-GHz Access Point Radio (802.11b)
[no] power local {1 | 5 | 20 | 30 | 50 | 100 | maximum}6
2.4-GHz Access Point Radio (802.11g)
[no] power local cck {1 | 5 | 10 | 20 | 30 | 50 | 100 | maximum}1
[no] power local cck {-1 | 2 | 5 | 8 | 11 | 14 | 15 | 17 | 20 | maximum}7
[no] power local ofdm {1 | 5 | 10 | 20 | 30 | maximum}1
[no] power local ofdm {-1 | 2 | 5 | 8 | 11 | 14 | 17 | maximum}2
5-GHz Access Point Radio (801.11a)
[no] power local {5 | 10 | 20 | 40 | maximum}1
[no] power local { -1 | 2 | 5 | 8 | 11 | 14 | 15 | maximum }2
[no] power local { -1 | 2 | 5 | 8 | 11 | 14 | 15 | 17 | maximum }2
1400 Series Bridge 5.8-GHz Radio
[no] power local {12 | 15 | 18 | 21 | 22 | 23 | 24 | maximum}2
Note The maximum transmit power depends on your regulatory domain and the antenna gain for your access point or bridge. For additional information refer to the “Channels and Antenna Settings” section of the hardware installation guide for your access point or bridge.
Note The supported transmit power levels differ on the various access points and bridges.
Note This command requires the radio to be turned on and enabled to determine valid power settings allowed on your access point radio.
Syntax Description
For the 802.11b, 2.4-GHz access point radio: For the 802.11g, 2.4-GHz access point radio: 1, 2, 5, 8, 11, 14, 15, 17, 20, or maximum9 1 | 5 | 10 | 20 | 30 | maximum1 -1 | 2 | 5 | 8 | 11 | 14 | 17 | maximum2 For the 5-GHz access point radio: -1, 2, 5, 8, 11, 14, 15, or maximum2 -1, 2, 5, 8, 11, 14, 15, 17, or maximum2 For the 5.8-GHz 1400 series bridge radio: |
Specifies access point power setting in mW or in dBm. Maximum power is regulated by the regulatory domain for the country of operation and is set during manufacture of the access point and client device. Note The maximum power level allowed depends on the gain of the antenna being used on your access point or bridge and on your regulatory domain. For a list of maximum power levels allowed in each regulatory domain for the 2.4-GHz radio and the 5-GHz radio, refer to the “Channels and Antenna Settings” section in the hardware installation guide for your access point or bridge. Note The 802.11g radio transmits at up to 100 mW or 20 dBm for the 1, 2, 5.5, and 11Mbps data rates. However, for the 6, 9, 12, 18, 24, 36, 48, and 54Mbps data rates, the maximum transmit power for the 802.11g radio is 30 mW or 17 dBm. |
|
|
Defaults
Command Modes
Command History
Usage Guidelines
Use this command to specify the local transmit power level for the current operating radio channel on the access point. This command requires the access point radio to be turned on. Lower power levels reduce the radio cell size and interference between cells. The maximum transmit power for the access point is limited by the regulatory domain for your country of operation.
On some access point radios, the available transmit power settings vary on a per-channel basis. Prior to using the power local command, you should set the access point to the desired radio channel. If the access point is set to scan for the best channel, then the power settings available in the power local command are limited by the radio channel selected by the access point. You can use the power local ? command to display the available power settings for that channel.
Examples
This example shows how to specify a 20-mW transmit power level for the 802.11b access point radio:
This example shows how to reset power to defaults on one of the access point radios:
Related Commands
|
|
|
|---|---|
preamble-short
Use the preamble-short configuration interface command to enable short radio preambles. The radio preamble is a selection of data at the head of a packet that contains information that the access point and client devices need when sending and receiving packets. Use the no form of the command to change back to default values.
Note This command is not supported on the 5-GHz access point radio interface (dot11radio1).
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
If short radio preambles are enabled, clients may request either short or long preambles and the access point formats packets accordingly. Otherwise, clients are told to use long preambles.
Examples
This example shows how to set the radio packet to use a short preamble.
This example shows how to set the radio packet to use a long preamble.
Related Commands
|
|
|
|---|---|
probe-response gratuitous
Gratuitous Probe Response (GPR) aids in conserving battery power in dual mode phones that support cellulcar and WLAN modes of operation. GPR is available on 5-GHz radios and is disabled by default. Use the probe-response gratuitous configuration interface command to define amount of time between GPRs and the daterate used to transmit the GPR.
Use the no form of the command to disable the GPR settings.
[no] probe-response gratuitous [period <Kms>] [speed <rate>
Syntax Description
Defaults
The command is disabled by default. The default period is 10 and the default speed is 6.0.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure a GPR period of 10 Kms at a speed of 18 Mbps:
This example shows how to configure a GPR period of 200 Kms at the default speed.
This example shows how to disable the GPR settings:
radius local-server pac-generate
Use the radius local-server pac-generate global configuration command to generate a Protected Access Credential (PAC) for a client device on a local authenticator access point. The local authenticator automatically generates PACs for EAP-FAST clients that request them. However, you might need to generate a PAC manually for some client devices. When you enter the command, the local authenticator generates a PAC file and writes it to the network location that you specify. The user imports the PAC file into the client profile.
radius local-server pac-generate username filename [password password] [expire days]
Syntax Description
Defaults
This default password for a PAC file is test, and the default expiration time is 1 day.
Command Modes
Command History
|
|
|
|---|---|
Examples
In this example, the local authenticator generates a PAC for the username joe, password-protects the file with the password bingo, sets the PAC to expire in 10 days, and writes the PAC file to the TFTP server at 10.0.0.5:
Related Commands
|
|
|
|---|---|
Configures an access point as a local or backup authenticator |
|
Adds a user to the list of users allowed to authenticate to the local authenticator |
radius server
To configure the RADIUS server on the access point, use the radius server command in configuration mode.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
radius-server local
Use the radius-server local global configuration command to enable the access point as a local or backup authenticator and to enter configuration mode for the local authenticator.
Note This command is not supported on bridges.
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable the access point as a local or backup authenticator:
Related Commands
routing dynamic
To configure routing protocols, use the routing dynamic command in BV1 interface mode.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the routing protocols:
rts
Use the rts configuration interface command to set the Request-To-Send (RTS) threshold and the number of retries. Use the no form of the command to reset the parameter to defaults.
[no] rts
{threshold 0-4000 | retries 1-128}
[no] rts
{threshold 0-4000 | retries 1-128}
Syntax Description
Defaults
The default threshold is 2347 bytes for all access points and bridges.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
On bridges set up in a point-to-point configuration, set the RTS threshold to 4000 on both the root and non-root bridges. If you have multiple bridges set up in a point-to-multipoint configuration, set the RTS threshold to 4000 on the root bridge and to 0 on the non-root bridges.
You have the option to change the rts threshold value on BR1310 and BR1410 bridges to any value in the range 0 to 4000. For the BR1310 and BR1410, it would be useful to set the rts threshold value in the range 2348 to 4000 if the packet concatenation feature is enabled and the maximum packet concatenation size is in the range 0 to 2348.
Examples
This example shows how to set the RTS threshold on a bridge to 4000 bytes:
This example shows how to set the RTS retries count to 3:
This example shows how to reset the parameter to defaults:
rxsop-threshold
Use the rxsop-threshold command to add the value of the Receiver Start of Packet Detection Threshold (RX-SOP) threshold. This threshold determines the Wi-Fi signal level in dBm at which an AP radio demodulates and decodes a packet.
rxsop-threshold threshold-value
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
Related Commands
|
|
|
|---|---|
server-address (LBS configuration mode)
Use the server-address LBS configuration mode command to specify the IP address of your location server and the port number on the server to which LBS access points send UDP packets that contain positioning information.
server-address ip-address port port-number
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the IP address of your location server and a port on the server:
Related Commands
short-slot-time
Use the short-slot-time configuration interface command to enable short slot time on the 802.11g, 2.4-GHz radio. Short slot time reduces the slot time from 20 microseconds to 9 microseconds, thereby increasing throughput. The access point uses short slot time only when all clients that are associated to the 802.11g radio can support short slot time.
Note This command is supported only on 802.11g, 2.4-GHz radios.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable short slot time:
Related Commands
|
|
|
|---|---|
Configures an access point as a candidate to provide wireless domain services (WDS) |
show dot11 autoconfig status
To display the Dot11 L2TPv3 auto configuration status, use the show dot11 autoconfig status command.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the access point Mode button status:
show boot mode-button
Use the show boot mode-button privileged EXEC command to display the access point mode button status.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the access point Mode button status:
ap#
Related Commands
|
|
|
|---|---|
show controllers dot11radio
Use the show controllers dot11radio privileged EXEC command to display the radio controller status.
show controllers dot11radio interface-number
Syntax Description
Specifies the radio interface number. The 2.4-GHz radio(b, g, or n) is radio 0. The 5-GHz(a or n) radio is radio 1. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the radio controller status for radio interface 0:
A portion of the output of this command shows the active power levels by rate, as shown below:
-4 means 40-MHz wide band. A similar output, -4s means 40-MHz wide band with short guard interval turned on.
Related Commands
|
|
|
|---|---|
Displays configuration and status information for the radio interface |
show dot11 aaa authentication mac-authen filter-cache
Use the show dot11 aaa authentication mac-authen filter-cache privileged EXEC command to display MAC addresses in the MAC authentication cache.
show dot11 aaa authentication mac-authen filter-cache [address]
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Related Commands
|
|
|
|---|---|
show dot11 adjacent-ap
Use the show dot11 adjacent-ap privileged EXEC command to display the fast, secure roaming list of access points that are adjacent to this access point. The WDS access point builds the adjacent access point list based on data from client devices that support fast, secure roaming. This command works only when you configure your wireless LAN for fast, secure roaming and there are client devices on your wireless LAN that support fast, secure roaming.
Note For this command to work, dot11network-map should be enabled
Note This command is not supported on bridges.
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the adjacent access point list:
This example shows a list of adjacent access points:
These are descriptions of the list columns:
- Radio—the interface number to which the client is currently associated
- Address—the MAC address of the adjacent access point from which the client device roamed
- Channel—the radio channel used by the adjacent access point
- Age (Hours)—the number of hours since a client roamed from the adjacent access point
- SSID—the SSID the client used to associate to the adjacent access point
Related Commands
|
|
|
|---|---|
Specifies the number of hours an inactive entry remains in the adjacent access point list |
show dot11 associations
Use the show dot11 associations privileged EXEC command to display the radio association table, radio association statistics, or to selectively display association information about all repeaters, all clients, a specific client, or basic service clients.
show dot11 associations
[client | repeater | statistics | H.H.H | bss-only | all-client | cckm-statistics]
Note The show dot11 associationss command shows only the first 15 characters of the association table. To see the entire table use the show dot11 associations client command.,
Syntax Description
Defaults
When parameters are not specified, this command displays the complete radio association table.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The data retrieved depends on the state of the device. If the station/wireless client is associated, the following states are printed:
If the station/wireless client is not associated, the actual states are printed:
Examples
This example shows how to display the radio association table:
This example shows how to display all client devices associated with the access point:
This example shows how to display access point radio statistics:
Related Commands
|
|
|
|---|---|
Resets the statistics for a specified radio interface or client device |
|
Starts a link test between the access point and a client device |
show dot11 bssid
Use the show dot11 bssid privileged EXEC command to display the relationship between SSIDs and BSSIDs or MAC addresses.
Syntax Description
DefaultsDefaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display a list of BSSIDs and SSIDs:
This example shows the command output:
Related Commands
|
|
|
|---|---|
Enables BSSIDs on all radio interfaces that support multiple BSSIDs |
|
Specifies that a BSSID is included in beacons and specifies a DTIM period for the BSSID |
show dot11 cac
Use the show dot11 cac command to display CAC information for a radio interface.
show dot11 cac [dot11radio number]
Note This command is not supported on repeaters.
Syntax Description
Displays admission control statistics for the 802.11 radio interface, where number is 0 for the 802.11a and 802.11g radios or 1 for the 801.11a radio. |
DefaultsDefaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display CAC information for the access point:
Related Commands
|
|
|
|---|---|
Configures CAC traffic data rates and priorities on the access point. |
|
Provides debug information for CAC admission control on the access point. |
show dot11 carrier busy
Use the show dot11 carrier busy privileged EXEC command to display recent carrier busy test results. You can display test results once using this command. After the display, you must use the dot11 carrier busy command to run the carrier busy test again.
Syntax Description
DefaultsDefaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the carrier busy test results:
This example shows the carrier busy test results:
Related Commands
|
|
|
|---|---|
show dot11 directed-roam
Use the show dot11 directed-roam privileged EXEC command to display recent carrier busy test results. You can display test results once using this command. After the display, you must use the dot11 directed-roam command to run the carrier busy test again.
show dot11 directed-roam [clients] [aps]
Syntax Description
DefaultsDefaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the carrier busy test results:
This example shows the carrier busy test results:
Related Commands
|
|
|
|---|---|
show dot11 ids eap
Use the show dot11 ids eap privileged EXEC command to display wireless IDS statistics.
Syntax Description
DefaultsDefaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
This command displays wireless IDS information only if you first enable IDS on a scanner access point in monitor mode.
Examples
This example shows how to display wireless IDS statistics:
Related Commands
|
|
|
|---|---|
Configures limits on authentication attempts and EAPOL flooding on scanner access points in monitor mode |
show dot11 ids mfp
Use the show dot11 ids mfp privileged EXEC command to display to Management Frame Protection (MFP) parameters on the access point.
show dot11 ids mfp
detector [statistics]
distributor {detectors |generators | statistics}
generator
client statistics
Indicates if the MFP detector is configured on the access point. |
|
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the MFP detectors configured on the access point:
Related Commands
|
|
|
|---|---|
show dot11 neighbor-ap
To display the neighbour access point, use the show dot11 neighbor-ap command in privileged EXEC mode.
Syntax Description
DefaultsDefaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the radio network map:
show dot11 network-map
Use the show dot11 network-map privileged EXEC command to display the radio network map. The radio network map contains information from Cisco access points in the same Layer 2 domain as this access point.
Syntax Description
DefaultsDefaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
This command displays network map information only if you first enable the network map feature with the dot11 network map command.
Examples
This example shows how to display the radio network map:
Related Commands
|
|
|
|---|---|
show dot11 statistics client-traffic
Use the show dot 11 statistics client-traffic privileged EXEC command to display the radio client traffic statistics.
show dot11 statistics client-traffic
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the radio client traffic statistics:
Related Commands
|
|
|
|---|---|
Resets the statistics for a specified radio interface or client device |
show dot11 traffic-streams
Use the show dot11 traffic streams command to display a list of traffic streams admitted by the AP. It lists the access category and TSID of the streams as well as medium time allocated for the traffic stream.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
show dot11 vlan-name
Use the show dot11 vlan-name privileged EXEC command to display VLAN name and ID pairs configured on the access point. If your access point is not configured with VLAN names or is configured only with VLAN IDs, there is no output for this command.
show dot11 vlan-name [vlan-name]
Syntax Description
(Optional) Displays the VLAN name and VLAN ID for a specific VLAN name |
Defaults
When you do not specify a VLAN name, this command displays all VLAN name and ID pairs configured on the access point.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display all VLAN name and ID pairs on an access point:
This example shows how to display the VLAN name and ID for a specific VLAN name:
Related Commands
|
|
|
|---|---|
show dot1x
Use the show dot1x command to display dot1x information on the access point.
show dot1x [all |
interface {dot11radio number | fastethernet number} [details | statistics] |
statistics
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display all DOT1x information on an access point:
This example shows how to display all theDOT1x statistics:
This example shows how to display the fast Ethernet interface statistics:
This example shows how to display the fast Ethernet interface details:
Related Commands
|
|
|
|---|---|
show dot1x credentials
Use the show dot1x credentials EXEC mode command to display the dot1x credentials configured on the access point.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the dot1x credentials on the access point:
Related Commands
|
|
|
|---|---|
show eap registrations
Use the show eap registrations privileged EXEC command to display the EAP registrations configured on the access point.
show eap registrations [method [name] | transport [name]
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example displays typical EAP registrations on an access point:
This example displays typical EAP transport registrations on an access point:
This example displays typical EAP-FAST transport details on an access point:
Related Commands
|
|
|
|---|---|
show eap sessions
Use the show eap sessions privileged EXEC command to display the EAP sessions on the access point.
show eap sessions [credentials <name>] [interface <name>] [method <name>]
[transport <name>]
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display EAP session information:
Related Commands
|
|
|
|---|---|
show environment
Use the show environment EXEC command to display information about the internal temperature of the bridge radio.
Note This command is supported only on bridges. It measures and displays the internal temperature of the unit and should not be confused with the external temperature limits for the device.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display temperature information for the bridge radio:
Related Commands
|
|
|
|---|---|
Enable an SNMP trap to announce near-out-of-range bridge radio temperature. |
show iapp rogue-ap-list
Use the show iapp rogue-ap-list privileged EXEC command to display a list of rogue access points.
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The list contains an entry for each access point that a client station reported as a possible rogue access point. Each list entry contains the following information:
Rogue AP —MAC address of the reported rogue access point
Count —The number of times the access point was reported
Last Rpt Src —The MAC address of the last client to report the rogue access point
Prev Rpt Src —The MAC address of any previous client that reported the rogue access point
Last(Min) —The number of minutes since the last report
1st(Min) —The number of minutes since the access point was first reported as a possible rogue
Name —The name of a Cisco rogue access point
The following reason codes are displayed:
1 —The rogue was not running 802.1x
Examples
This example shows how to display the list of IAPP rogue access points:
Related Commands
|
|
|
|---|---|
show iapp standby-parms
Use the show iapp standby-parms privileged EXEC command to display IAPP standby parameters when a standby MAC address is configured. The information displayed includes the standby MAC address, the time-out value, and the poll-frequency value.
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the IAPP standby parameters:
Related Commands
|
|
|
|---|---|
Configures an access point with a specified MAC address as the standby |
|
show iapp statistics
Use the show iapp statistics privileged EXEC command to display the IAPP transmit and receive statistics.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
This command displays IAPP transmit and receive packet counts and IAPP error counts. The operating mode for the access point is also displayed.
Examples
This example shows how to display the IAPP statistics:
Related Commands
|
|
|
|---|---|
show interfaces dot11radio
Use the show interfaces dot11radio privileged EXEC command to display the radio interface configuration and statistics.
show interfaces dot11radio interface-number
Syntax Description
Specifies the radio interface number. The 2.4-GHz radio is radio 0. The 5-GHz radio is radio 1. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the radio interface configuration and statistics:
Related Commands
|
|
|
|---|---|
Displays the access point run time configuration information |
show interfaces dot11radio aaa
Use the show interfaces dot11radio aaa privileged EXEC command to display the radio interface information.
show interfaces dot11radio interface-number
aaa [timeout]
Syntax Description
Specifies the radio interface number. The 2.4-GHz radio is radio 0. The 5-GHz radio is radio 1. |
|
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display AAA information for interface 0:
Related Commands
|
|
|
|---|---|
show interfaces dot11radio statistics
Use the show interfaces dot11radio statistics privileged EXEC command to display the radio interface statistics.
show interfaces dot11radio interface-number statistics
Syntax Description
Specifies the radio interface number. The 2.4-GHz radio is radio 0. The 5-GHz radio is radio 1. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the radio interface statistics for interface 0:
Related Commands
|
|
|
|---|---|
Displays the access point run time configuration information |
|
Displays configuration and statistics for a specified radio interface |
show ip igmp snooping groups
Use the show ip igmp snooping groups privileged EXEC command to display IGMP snooping status information.
show ip igmp snooping groups
[count] [network-id network id]
[vlan vlan id [group address] [count] ]
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the numbrer of IGMP snooping groups configured on the access point:
This example shows how to display IGMP snooping group information by vlan:
This example shows how to display the number of IGMP snooping group in a vlan:
Related Commands
|
|
|
|---|---|
show l2tp tunnel packets
To display the L2TP counters and statistics, use the show l2tp tunnel packets command.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the L2TP counters and statistics:
show led flash
To display the LED flashing status, use the show led flashcommand.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the LED flashing status:
Related Commands
|
|
|
|---|---|
show power-injector
Use the show power-injector privileged EXEC command to view link statistics and the current operating mode for the two physical Ethernet ports (port 0 and port 1) of a Cisco Aironet power-injector.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The power injector provides power over Ethernet (PoE) to the access point or bridge.
Port 0 connects to the access point or bridge and port 1 connects to the network switch or router.
The following information is available for each of the two power-injector ports:
- port descriptors (port number, port speed, operating mode:auto, full or half duplex)
- total transmitted and received unicast, broadcast, and multicast packets
- transmit and receive error statistics including collisions, undersized packets and oversized packets
Note This command is supported on Cisco Aironet 1300 and 1400 series access points.
Examples
The following example shows a possible display for show power-injector.
Note Only ports 0 and 1 are used in the power-injector. Ports 2, 3, 4, 5 and 6 are not used and will always display as down or disabled.
Note The Ethernet port of the access point or bridge and the Ethernet port of the network switch or router that connect to the power-injector should be set to auto-negotiation. This will prevent an operating mismatch between the power injector, access point and network switch or router.
Related Commands
|
|
|
|---|---|
Resets (clears) the statistics on the power-injector ports 0 and 1. |
show radius local-server statistics
Use the show radius local-server statistics privileged EXEC command to view statistics collected by the local authenticator.
show radius local-server statistics
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display statistics from the local authenticator:
This example shows local server statistics:
The first section of statistics lists cumulative statistics from the local authenticator.
The second section lists statistics for each access point (NAS) authorized to use the local authenticator. The EAP-FAST statistics in this section include the following:
- Auto provision success—the number of PACs generated automatically
- Auto provision failure—the number of PACs not generated because of an invalid handshake packet or invalid username or password
- PAC refresh—the number of PACs renewed by clients
- Invalid PAC received—the number of PACs received that were expired, that the authenticator could not decrypt, or that were assigned to a client username not in the authenticator’s database
The third section lists stats for individual users. If a user is blocked and the lockout time is set to infinite, blocked appears at the end of the stat line for that user. If the lockout time is not infinite, Unblocked in x seconds appears at the end of the stat line for that user.
Use this privileged exec mode command to reset local authenticator statistics to zero:
Related Commands
|
|
|
|---|---|
Configures the access point as a local or backup authenticator |
show running-config ssid
Use the show running-config ssid privileged EXEC command to view configuration details for SSIDs that are configured globally.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Related Commands
|
|
|
|---|---|
Creates an SSID for a specific radio interface or assigns a globally configured SSID to a specific interface |
show spanning-tree
Use the show spanning-tree privileged EXEC command to display information about the spanning tree topology.
show spanning-tree
{group | active | blockedports | bridge | brief | inconsistentports | interface interface | root | summary}
Syntax Description
Displays status and configuration information for the spanning tree root |
|
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display STP information for bridge group 1:
This example shows how to display STP information for the bridge’s radio interface:
Related Commands
|
|
|
|---|---|
show specrum recover | status
To display information about the spectrum mode, use the show spectrum command in privileged EXEC mode.
show spectrum recover | status
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
show wlccp
Use the show wlccp privileged EXEC command to display information on devices participating in Cisco Centralized Key Management (CCKM).
Use the show wlccp privileged EXEC command to display information on devices participating in Cisco Centralized Key Management (CCKM).
show wlccp
ap [rm [context | accumulation]] |
wnm status |
wds [ap [detail | mac-address mac-address [mn-list]]] |
[mn [detail | mac-address mac-address]] | [statistics] | [nm] |
[aaa authentication mac-authen filter-cache]
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
This command was modified to include radio measurement options. |
Examples
This example shows the command you enter on the access point providing WDS to list all client devices (mobile nodes) participating in CCKM:
Related Commands
|
|
|
|---|---|
Resets WDS statistics and removes devices from the WDS database |
|
Configures an access point as a candidate to provide wireless domain services (WDS) |
show wlccp ap mn
Use the show wlccp ap mn privileged EXEC command to display information on a mobile node.
show wlccp ap [mn mac address]
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows the command you enter on the access point providing WDS to display information on the mobile nodes:
This example shows the command you enter on the access point providing WDS to display information on the specified mobile node:
Related Commands
show wlccp ap rm enhanced-neighbor-list
Use the show wlccp ap enhanced-neighbor-list privileged EXEC command to display the enhanced neighbor list. The enhanced neighbor list feature is enabled on specific access points from the Cisco WLSE.
show wlccp ap rm enhanced-neighbor list
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows the command you enter on the access point providing WDS to display information on the mobile nodes:
Related Commands5 0000.0f47.080e 48 5 1 50 50 5 65 60
|
|
|
|---|---|
Displays internal debugging and error messages of the Enhanced Neighbor List feature. |
|
snmp-server enable traps
To enable all Simple Network Management Protocol (SNMP) notification types that are available on your system, use the snmp-server enable traps command in global configuration mode. To disable all available SNMP notifications, use the no form of this command.
snmp-server enable traps [notification-type]
no snmp-server enable traps [notification-type]
Syntax Description
Command Default
This command is disabled by default. Most notification types are disabled. However, some notification types cannot be controlled with this command.
If you enter this command with no notification-type keyword extenstions, the default is to enable (or disable, if the no form is used) all notification types controlled by this command..
Command Modes
Examples
This example shows how to enable the SNMP 802.11 deathenticate trap:
This example shows how to enable all available SNMP 802.11 traps:
Command History
|
|
|
|---|---|
Usage Guidelines
For additional notification types, see the Related Commands table for this command.
SNMP notifications can be sent as traps or inform requests. This command enables both traps and inform requests for the specified notification types. To specify whether the notifications should be sent as traps or informs, use the snmp-server host [traps | informs] command.
If you do not enter an snmp-server enable traps command, no notifications controlled by this command are sent. In order to configure the router to send these SNMP notifications, you must enter at least one snmp-server enable traps command. If you enter the command with no keywords, all notification types are enabled. If you enter the command with a keyword, only the notification type related to that keyword is enabled. In order to enable multiple types of notifications, you must issue a separate snmp-server enable traps command for each notification type and notification option.
Related Commands
|
|
|
|---|---|
Displays current temperature of the the radio in a wireless bridge |
snmp-server enable traps envmon temperature
Use the snmp-server enable traps envmon temperature global configuration command to enable an SNMP trap for monitoring bridge radio temperature. This trap is sent out when the bridge radio temperature approaches the limits of its operating range (55° C to –33° C; 131° F to –27.4° F).
snmp-server enable traps envmon temperature
Note This command is supported only on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable the envmon temperature trap:
Related Commands
|
|
|
|---|---|
snmp-server group
To configure a new SNMP group, or a table that maps SNMP users to SNMP views, use the snmp-server group global configuration command. To remove a specified SNMP group, use the no form of this command.
[no] snmp-server group [groupname {v1 | v2c | v3 {auth | noauth | priv}}] [read readview]
[write writeview] [notify notifyview] [access access-list]
Syntax Description
Defaults
Table 2-13 lists the default settings for the SNMP views:
Table 2-13 Default View Settings
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
When a community string is configured internally, two groups with the name public are autogenerated, one for the v1 security model and the other for the v2c security model. Similarly, deleting a community string will delete a v1 group with the name public and a v2c group with the name public.
Although the notifyview option allows you to specify a notify view when configuring an SNMP group, Cisco recommends that you avoid specifying a notify view for these reasons:
- The snmp-server host command autogenerates a notify view for the user and adds it to the group associated with that user.
- Modifying the group’s notify view affects all users associated with that group.
The notifyview option is available for two reasons:
- If a group has a notify view that is set using SNMP, you might need to change the notify view.
- The snmp-server host command might have been configured before the snmp-server group command. In this case, you must either reconfigure the snmp-server host command or specify the appropriate notify view.
Instead of specifying the notify view for a group as part of the snmp-server group command, use the following commands in global configuration mode:
|
|
|
|
|---|---|---|
Autogenerates the notify view by specifying the recipient of a trap operation. |
Working with Passwords and Digests
No default values exist for authentication or privacy algorithms when you configure the command. Also, no default passwords exist. The minimum length for a password is one character, although Cisco recommends using eight characters for security. If you forget a password, you cannot recover it and will need to reconfigure the user. You can specify either a plain-text password or a localized MD5 digest.
The following example shows how to enter a plain-text password for the string arizona2 for user John in group Johngroup, type the following command line:
When you enter a show running-config command, you will not see a line for this user. To see if this user has been added to the configuration, type the show snmp user command.
If you have the localized MD5 or SHA digest, you can specify that string instead of the plain-text password. The digest should be formatted as aa:bb:cc:dd where aa, bb, and cc are hex values. Also, the digest should be exactly 16 octets long.
The following example shows how to specify the command with a digest name of 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:
Related Commands
|
|
|
|---|---|
snmp-server location
Use the snmp-server location global configuration command to specify the SNMP system location and the location-name attribute recommended by the Wi-Fi Alliance’s guidelines for Wireless Internet Service Provider roaming (WISPr).
Syntax Description
Specifies the SNMP system location and the WISPr location-name attribute |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
The WISPr Best Current Practices for Wireless Internet Service Provider (WISP) Roaming document recommends that you enter the location name in this format:
hotspot_operator_name,location
This example shows how to configure the SNMP system location and the WISPr location-name attribute:
Related Commands
|
|
|
|---|---|
Specifies ISO and ITU country and area codes that the access point includes in accounting and authentication requests |
snmp-server user
To configure a new user to an SNMP group, use the snmp-server user global configuration command. To remove a user from an SNMP group, use the no form of the command.
[no] snmp-server user username [groupname remote ip-address [udp-port port]
{v1 | v2c | v3}[encrypted][auth {md5 | sha} auth-password [priv des56 priv password]] [access access-list]
Syntax Description
Defaults
Table 2-14 describes default values for the encrypted option, passwords and access lists:
Table 2-14 Default Values for snmp-server user Options
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
To configure a remote user, specify the IP address or port number for the remote SNMP agent of the device where the user resides. Also, before you configure remote users for a particular agent, configure the SNMP engine ID, using the command snmp-server engineID with the remote option. The remote agent’s SNMP engine ID is needed when computing the authentication/privacy digests from the password. If the remote engine ID is not configured first, the configuration command will fail.
SNMP passwords are localized using the SNMP engine ID of the authoritative SNMP engine. For informs, the authoritative SNMP agent is the remote agent. You need to configure the remote agent’s SNMP engine ID in the SNMP database before you can send proxy requests or informs to it.
Related Commands
|
|
|
|---|---|
snmp-server view
To create or update a view entry, use the snmp-server view global configuration command. To remove the specified SNMP server view entry, use the no form of the command.
[no] snmp-server view view-name oid-tree {included | excluded}
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Other SNMP commands require a view as an argument. You use this command to create a view to be used as arguments for other commands that create records including a view.
When a view is required, you can use one of two standard predefined views instead of defining a view. One predefined view is everything, which indicates that the user can see all objects. The other is restricted, which indicates that the user can see three groups: system, snmpStats, and snmpParties. The predefined views are described in RFC 1447.
The first snmp-server command that you enter enables both versions of SNMP.
Examples
The following example creates a view that includes all objects in the MIB-II subtree:
The following example creates a view that includes all objects in the MIB-II system group and all objects in the Cisco enterprise MIB:
The following example creates a view that includes all objects in the MIB-II system group except for sysServices (System 7) and all objects for interface 1 in the MIB-II interfaces group:
Related Commands
|
|
|
|---|---|
speed (Ethernet interface)
Use the speed (Ethernet) configuration interface command to configure the clock speed on the Ethernet port.
Note Cisco recommends that you use auto, the default setting, for both the speed and duplex settings on the Ethernet port.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelinesti
Cisco recommends that you use auto, the default setting, for both the speed and duplex settings on the Ethernet port.
When the access point or bridge receives inline power from a switch, any change in the speed or duplex settings that resets the Ethernet link reboots the unit.
Note The speed and duplex settings on the wireless device Ethernet port must match the Ethernet settings on the port to which the wireless device is connected. If you change the settings on the port to which the wireless device is connected, change the settings on the wireless device Ethernet port to match.
Examples
This example shows how to configure the Ethernet port for auto duplex:
Related Commands
|
|
|
|---|---|
speed (radio interface)
Use the speed configuration interface command to configure the data rates supported by the access point radios. An individual data rate can be set only to a basic or a non-basic setting, not both. Use the no form of the command to remove one or more data rates from the configuration.
This command now includes Modulation Coding Scheme (MCS) settings for 2.4-GHz and 5-GHz 802.11n radios. MCS is a specification of PHY parameters consisting of modulation order (BPSK, QPSK, 16-QAM, 64-QAM) and FEC code rate (1/2, 2/3, 3/4, 5/6). MCS is used in the 1250 series 802.11n radios, which define 32 symmetrical settings (8 per spatial stream):
The 1250 series access point supports MCS 0–15. High throughput clients support at least MCS 0–7.
MCS is an important setting because it provides for potentially greater throughput. High throughput data rates are a function of MCS, bandwidth, and guard interval.
Syntax Description
Defaults
On the 802.11b, 2.4-GHz radio, all data rates are set to basic by default.
On the 802.11g, 2.4-GHz radio, data rates 1.0, 2.0, 5.5, 6.0, 11.0, 12.0, and 24.0 are set to basic by default, and the other data rates are supported.
On the 5-GHz radio, data rates 6.0, 12.0 and 24.0 are set to basic by default, and the other data rates are supported.
On the 802.11n 2.4-GHz radio, data rates 1.0, 2.0, 5.5, and 11.0 are set to basic by default and the other data rates are supported..
On the 802.11n 5-GHz radio, data rates 6.0, 12.0, and 24.0 are set to basic by default and the other data rates are supported.
The default MCS rate setting for both 802.11n radios is 0–15.
Command Modes
Command History
Examples
This example shows how to set the radio data rates for best throughput:
This example shows how to set the radio data rates support a low-speed client device while still supporting higher-speed client devices:
The following example shows a speed and mcs setting for an 802.11n 5-GHz radio:
Related Commands
|
|
|
|---|---|
Specifies the way that the access point advertises supported OFDM data rates in beacons and probe responses |
speed ofdm
Use the speed ofdm configuration interface command to adjust the way that the access point advertises supported OFDM data rates in beacons and probe responses. Use the no form of the command to return to the default setting.
[no] speed ofdm {join | separate}
Syntax Description
Specifies that supported OFDM data rates appear in both information element (IE) 1 and IE 50. This is the default setting. |
|
Specifies that supported OFDM data rates appear only in IE 50. |
Defaults
By default, supported OFDM data rates are listed in beacons and probe responses in both IE 1 and in IE 50.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
By default, access points are configured with the speed ofdm join command and advertise supported data rates in ascending order in both IE 1 and in IE 50 in beacons and probe responses:
IE 1: 1, 2, 5.5, 6, 9, 11, 12, 18
However, some legacy 802.11b client devices cannot properly interpret the OFDM data rates in IE 1 and either associate at a data rate below 11 Mps or do not associate at all. To improve performance for these clients, you can use the speed ofdm separate command to list only 802.11b data rates in IE 1 and OFDM data rates in IE 50:
Examples
This example shows how to configure the access point to advertise only 802.11b data rates in IE 1 in beacons and probe responses:
Related Commands
|
|
|
|---|---|
Configures the supported data rates on access point radio interfaces |
ssid
Use the ssid interface configuration command to assign a globally configured SSID to a radio interface. Use the no form of the command to remove an SSID from a radio interface.
In Cisco IOS Release 12.3(4)JA, you can configure SSIDs globally or for a specific radio interface, but all SSIDs are stored globally. After you use the dot11 ssid global interface command to create an SSID, you use the ssid command to assign the SSID to a specific interface.
Syntax Description
Specifies the SSID name for the radio, expressed as a case-sensitive alphanumeric string from 1 to 32 characters. |
Defaults
On access points, the factory default SSID is tsunami. On bridges, the default SSID is autoinstall.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Use this command to specify a unique SSID for your wireless network. Several access points on a network, or subnetwork, can share an SSID. The no form of the command removes the SSID, which inhibits clients that use that SSID from associating with the access point.
Examples
- Create an SSID in global configuration mode
- Configure the SSID for RADIUS accounting
- Set the maximum number of client devices that can associate using this SSID to 15
- Assign the SSID to a VLAN
- Assign the SSID to a radio interface
Related Commands
station-role
Use the station-role configuration interface command to set the role of the radio interface. Use the no form of the command to reset the parameter to the default value.
1100 and 1130 AG Series Access Points
station-role
{repeater |
root [access-point [fallback {shutdown | repeater}] |
scanner |
workgroup-bridge }
1200 and 1240AG Series Access Points
station-role
{non-root [bridge [wireless-clients] | wireless clients] |
repeater |
root [access-point [fallback {shutdown | repeater}] | ap-only] |
root [bridge [wireless-clients]] |
scanner |
workgroup-bridge }
Note Bridge mode is not supported for 802.11n or non-802.11n data rates. Also, Cisco does not recommend configuring bridge mode on the 1250 series access point even though the commands for it are available.
station-role
{repeater |
root [fallback {shutdown | repeater}] |
scanner}
station-role
{ install [automatic | non-root | root] |
non-root [bridge | wireless clients] |
repeater |
root [access-point [fallback {shutdown | repeater}] | ap-only] |
root [bridge [wireless-clients]] |
scanner |
workgroup-bridge}
station-role
{ install [automatic | non-root | root] |
non-root bridge |
root bridge }
Defaults
Access points operate as root access points by default. When set to defaults, Cisco Aironet 1400 Series Wireless Bridges start up in install mode and adopt the root role if they do not associate to another bridge. If a 1400 series bridge associates to another bridge at start-up, it automatically adopts the non-root role. Cisco Aironet 1310 Access Points/Bridges operate as root access points by default.
Command Modes
Command History
Examples
This example shows how to configure an access point for root operation and shutdown when Ethernet is not functional:
This example shows how to configure an access point for repeater operation:
This example shows how to reset an access point or bridge to default operation:
This example shows how to set a bridge to root operation:
This example shows how to set a 1310 access point/bridge to root access point operation and shutdown when Ethernet is not functional:
This example shows how to configure a 1310 access point/bridge as a non-root bridge that accepts associations from client devices:
Related Commands
|
|
|
|---|---|
station-role install
To configure the bridge for installation mode, use the station-role install in the configuration interface mode. In installation mode, the bridge flashes the LEDs to indicate received signal strength.
station-role install [automatic | non-root | root]
Note This command is supported only on 1310,1400 and 1530 series bridges.
Syntax Description
Defaults
When set to defaults, the bridges start up in root mode and adopt the root role if they do not associate to another bridge. If a bridge associates to another bridge at start-up, it automatically adopts the non-root role. The station-role install command can be configured only on one radio at a time.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to set the bridge to install mode, non-root:
Related Commands
|
|
|
|---|---|
tacacs server
To configure the TACACS server on the access point, use the tacacs server command in the configuration mode.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
timeout-absolute
To specify a timeout period that controls the duration for a session that can be connected before it is terminated, use the timeout absolute command in the interface configuration mode. To remove the session timeout period, use the no form of this command.
timeout absolute minutes [seconds]
Syntax Description
Session lifetime, in minutes. The range is 0 to 71582. (Optional) Session lifetime, in seconds. The range is 0 to 59. |
Defaults
Command Modes
Interface configuration (config-if)
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the timeout period in the interface configuration mode:
transmit-op (QOS Class interface configuration mode)
Use the transmit-op QOS Class interface configuration mode command to configure the CAC transmit opportunity time for a radio interface. Use the no form of the command to remove the setting.
Note This command is not supported when operating in repeater mode.
Syntax Description
Defaults
When QoS is enabled, the default transmit-op settings for access points match the values in Table 2-15 , and the default transmit-op settings for bridges match the values in Table 2-16 .
|
|
|
|---|---|
300810 |
|
150411 |
|
|
|
|
|
|---|---|
Command Modes
QOS Class interface configuration mode
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the CAC transmit opportunity time for the radio interface:
This example shows how to remove the CAC transmit opportunity time for the radio interface:
Related Commands
traffic-class
Use the traffic-class configuration interface mode command to configure the radio interface quality-of-service (QoS) traffic class parameters for each of the eight traffic types. Use the no form of the command to reset a specific traffic class to the default values.
[no] traffic-class { best-effort | background | video | voice }
cw-min 0-10
cw-max 0-10
fixed-slot 0-20
Syntax Description
Specifies the minimum value (0 to 10) for the contention window |
|
Specifies the maximum value (0 to 10) for the contention window |
|
Defaults
When QoS is enabled, the default traffic class settings for access points match the values in Table 2-17 , and the default traffic class settings for bridges match the values in Table 2-18 .
|
|
|
|
|
|
|---|---|---|---|---|
300812 |
||||
150413 |
|
|
|
|
|
|
|
|
|---|---|---|---|---|
Command Modes
Command History
|
|
|
|---|---|
This command was modified to support four traffic classes (best-effort, background, video, and voice) instead of eight (0–7). |
Usage Guidelines
Use this command to control the backoff parameters for each class of traffic. Backoff parameters control how the radio accesses the airwaves. The cw-min and cw-max arguments specify the collision window as a power of 2. For example, if the value is set to 3, the contention window is 0 to 7 backoff slots (2 to the power 3 minus 1). The fixed-slot arguments specify the number of backoff slots that are counted before the random backoff counter starts to count down.
For best performance on your bridge links, adjust the CW-min and CW-max contention window settings according to the values listed in Table 2-19 . The default settings, CW-min 3 and CW-max 10, are best for point-to-point links. However, for point-to-multipoint links, you should adjust the settings depending on the number of non-root bridges that associate to the root bridge.
Note If packet concatenation is enabled on the bridge, adjust the CW-min and CW-max settings only for traffic class 0. Concatenation is enabled by default.
Examples
This example shows how to configure the best-effort traffic class for contention windows and fixed slot backoff values. Each time the backoff for best-effort is started, the backoff logic waits a minimum of the 802.11 SIFS time plus 2 backoff slots. Then it begins counting down the 0 to 15 backoff slots in the contention window.
This example shows how to disable traffic class support:
Related Commands
|
|
|
|---|---|
concatenation (bridges only) |
|
traffic-stream
Use the traffic-stream configur ation interface command to specify CAC traffic stream properties for a radio interface. Use the no form of the command to disable the properties.
traffic-stream priority 0-7 sta-rates rate1 [rate2] [rate3]
no traffic-stream priority 0-7 sta-rates
Note This command is not supported on repeaters.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure CAC traffic-stream support for a nominal 24 Mbps rate for priority 7 on the 802.11a radio interface:
This example shows how to disable CAC traffic-stream priority 7 support on the radio interface:
Related Commands
|
|
|
|---|---|
Provides debug information for CAC admission control on the access point. |
username (dot1x credentials configuration mode)
Use the username dot1x credentials configuration mode command to specify dot1x credential username. Use the no form of the command to disable the credential username.
Syntax Description
Defaults
Command Modes
Dot1x credentials configuration interface
Command History
|
|
|
|---|---|
Examples
This example shows how to specify the dot1x credential username:
This example shows how to disable the credential username:
Related Commands
|
|
|
|---|---|
Displays the configured dot1x credentials on the access point. |
user (local server configuration mode)
Use the user local server configuration command to specify the users allowed to authenticate using the local authenticator. As a local authenticator, the access point performs LEAP, EAP-FAST, and MAC-based authentication for up to 50 client devices. The access point performs up to 5 authentications per second.
user username
{password | nthash} password
[group group-name]
[mac-auth-only]
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Local server configuration mode
Command History
Examples
This example shows how to add a user to the list of clients allowed to authenticate using LEAP on the local authenticator:
This example shows how to add a user to the list of clients allowed to authenticate using MAC-based authentication on the local authenticator:
Related Commands
username privilege password
To assign a username, set privilege levels and create a password while configuring SSH, use the user privilge password command in local server configuration mode.
user username
[privilege 0-15]
[password 0,7]
Syntax Description
Defaults
Command Modes
Local server configuration mode
Command History
|
|
|
|---|---|
Examples
This example shows how to add a username, assign user privilges and create a encrypted password.
vlan (SSID configuration mode)
Use the vlan SSID configuration mode command to configure the radio interface (for the specified SSID) to support a specific Ethernet virtual LAN (VLAN). Use the no form of the command to reset the parameter to the default value.
Syntax Description
Specifies the virtual Ethernet LAN identification number for the SSID |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the VLAN that uses the radio SSID (wireless LAN):
This example shows how to reset the VLAN parameter to default values:
Related Commands
|
|
|
|---|---|
vocera
802.11b audio transmissions from a Vocera B1000 (Gen 1) badge may intermittently fail to be forwarded by a Cisco access point. The same failure to forward can impact Zebra Print servers (Model 420+ revision C) and Marvell 88W8385 cards. A wireless packet trace can show you that the AP1142 or AP1252 will intermittently fail to acknowledge the data transmissions from the B1000 badge. You can use the radio interface configuration command vocera to resolve this data transmission loss.
The radio interface configuration command vocera is applicable to Marvell Radio APs such as AP 1040, AP 1140, AP 1250, and newer models. This command is not applicable to AMAC radios such as AP 1130 and AP 1240. You can run this command on autonomous APs running Cisco IOS release 12.4(21a)JY or later.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
web-auth
To enable web authentication of a SSID user, use the web-auth command in SSID configuration interface mode.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable web authentication of a SSID user:
This example shows how to disable web authentication of a SSID user:
wlccp ap eap profile
Use the wlccp ap eap profile global configuration command to enable an EAP profile for WLSM. Use the no form of this command to disable the EAP profile.
wlccp ap eap profile profile name
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Use the wlccp ap eap profile command to enable an eap profile for WLSM.
This example shows how to create an EAP profile:
This example shows how to disable the EAP profile:
Related Commands
|
|
|
|---|---|
wlccp ap username
Use the wlccp ap username global configuration command to configure an access point to authenticate through the device configured for wireless domain services (WDS) and participate in Cisco Centralized Key Management (CCKM). Use the no form of the command to disable the username.
wlccp ap username username password password
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the username and password for an access point that will participate in CCKM:
Related Commands
|
|
|
|---|---|
Specifies server lists for 802.1x authentication for client and infrastructure devices participating in CCKM |
wlccp authentication-server
Use the wlccp authentication-server global configuration command to configure the list of servers to be used for 802.1x authentication for infrastructure devices and client devices enabled for Cisco Centralized Key Management (CCKM).
wlccp authentication-server
client { any | eap | leap | mac } list |
infrastructure list
Note This command is not supported on bridges and 350 series access points.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the server list for LEAP authentication for client devices:
This example shows how to configure the server list for 802.1x authentication for infrastructure devices participating in CCKM:
Related Commands
wlccp wds aaa authentication mac-authen filter-cache
Use the wlccp wds aaa authentication mac-authen filter-cache global configuration command to enable MAC authentication caching on the access point. MAC authentication caching reduces overhead because the access point authenticates devices in its MAC-address cache without sending the request to your authentication server. When a client device completes MAC authentication to your authentication server, the access point adds the client’s MAC address to the cache.
wlccp wds aaa authentication mac-authen filter-cache [timeout seconds]
Syntax Description
Specifies a timeout value for MAC authentications in the cache. |
Defaults
MAC authentication caching is disabled by default. When you enable it, the default timeout value is 1800 (30 minutes).
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure MAC authentication caching with a one-hour timeout:
Related Commands
|
|
|
|---|---|
Display information on devices participating in Cisco Centralized Key Management (CCKM) and WDS, including addresses in the MAC authentication cache. |
wlccp wds mode wds-only
Use the wlccp wds mode wds-only global configuration command to configure 16b access poins to operate in the WDS-only mode. After issuing this command and restarting, the access point starts working in the WDS-only mode. In WDS-only mode, the dot11 subsystems are not initialized and the dot11 interface related commands cannot be configured. In WDS-only mode, the WDS supports up to 60 infrastructure access points and up to 1200 clients.
This command is supported only on 16 Mb access points (1100 and 1200 series). It is not supported on 32 Mb access points (1130, 1240 series, etc.) It is intended to be used to free up memory necessary to run as a WDS. To run a 32 Mb access point in WDS-only mode, set the Dot11Radio0 and Dot11Radio1 interfaces to shutdown.
To set the WDS access point to operate in both AP and WDS modes, use the no wlccp wds mode wds-only command and restart the access point immediately. After the access point restarts, the dot11 radio subsytems initialize. The access point and WDS associate directly to wireless clients. In this mode, the WDS supports 30 infrastructure access points and 600 clients in addition to 20 direct wireless client associations.
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure WDS-only mode:
Related Commands
|
|
|
|---|---|
Display information on devices participating in Cisco Centralized Key Management (CCKM) and WDS, including addresses in the MAC authentication cache. |
wlccp wds priority
Use the wlccp wds priority global configuration command to configure an access point to provide Wireless Domain Services (WDS). When configuring Cisco Centralized Key Management (CCKM), you configure one or more access points or switches as candidates to provide WDS. The device with the highest priority provides WDS.
wlccp wds
priority priority
interface interface
Note This command is not supported on bridges and 350 series access points.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the priority for an access point as a candidate to provide WDS:
Related Commands
|
|
|
|---|---|
Specifies server lists for 802.1x authentication for client and infrastructure devices participating in CCKM |
wlccp wnm ip address
Use the wlccp wnm ip address global configuration command to configure the IP address of the wireless network manager (WNM) that performs network management for the wireless LAN to which the access point belongs.
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the IP address of the wireless network manager:
Related Commands
|
|
|
|---|---|
Specifies server lists for 802.1x authentication for client and infrastructure devices participating in CCKM |
workgroup-bridge client-vlan
Use the workgroup-bridge client-vlan configuration interface command to assign a VLAN to the devices attached to a workgroup bridge. This command enables VLAN trunking on the workgroup bridge’s radio and Ethernet interfaces.
workgroup-bridge client-vlan vlan-id
Note This command is supported only on 1100 and 1200 series access points and 1300 series access points/bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
This command was modified to support 1100 series access points. |
Examples
This example shows how to assign a VLAN to the devices attached to a workgroup bridge:
Related Commands
|
|
|
|---|---|
workgroup-bridge no_reset
Use the workgroup-bridge no_reset configuration to prevent a WGB from resetting while roaming. This allows the WGB to roam reliably, when using 5GHz. However, note that enabling this command may impact the WGB's maximum transmit power.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to set a radio to not reset while roaming with power changes between channels:
workgroup-bridge timeouts assoc-response
Use the workgroup-bridge timeouts assoc-response global configuration command to fine tune the association response timeout for WGB. This CLI command is applicable to an AP working in WGB mode.
workgroup-bridge timeouts assoc-response ms
Note This command is supported only on APs that support a station role of “WGB.”
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to assign an authentication response timeout for a workgroup bridge:
workgroup-bridge timeouts auth-response
Use the workgroup-bridge timeouts auth-response global configuration command to fine tune the authentication response timeout for WGB. This CLI command is applicable to an AP working in WGB mode.
workgroup-bridge timeouts auth-response ms
Note This command is supported only on APs that support a station role of “WGB.”
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to assign an authentication response timeout for a workgroup bridge:
workgroup-bridge timeouts channel-scan
Use the workgroup-bridge timeouts channel-scan global configuration command to set the time spent by a WGB for scanning channels. If a WGB spends too much time scanning for parent APs, thereby taking too long to roam, then you can use this command to shorten the time spent by the WGB for scanning a channel. Also, if a WGB is unable to find parent APs, you can set a longer scan time to enable the WGB to scan the channels more. This command is particularly useful when the WGB is physically roaming, wherein it faces multiple parent-AP candidates.
workgroup-bridge timeouts channel-scan ms
Note This command is supported only on APs that support a station role of “WGB.”
Syntax Description
Defaults
By default, the Cisco Aironet 700, 1530 and 803 series APs use a default channel scan duration of 40 ms, while other APs use a channel scan duration of 8 ms.
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to assign a fast scan timeout for a workgroup bridge:
Related Commands
|
|
|
|---|---|
workgroup-bridge timeouts client-add
Use the workgroup-bridge timeouts client-add global configuration command to fine tune the client add timeout for WGB. This CLI command is applicable to an AP working in WGB mode.
workgroup-bridge timeouts client-add ms
Note This command is supported only on APs that support a station role of “WGB.”
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to assign a client add timeout to a workgroup bridge:
workgroup-bridge timeouts eap-timeout
Use the workgroup-bridge timeouts eap-timeout global configuration command to fine tune the EAP timeout for WGB. This CLI command is applicable to an AP working in WGB mode.
workgroup-bridge timeouts eap-timeout sec
Note This command is supported only on APs that support a station role of “WGB.”
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
This is the timeout to complete the full EAP authentication on a workgroup bridge.
This value highly depends on the EAP authentication algorithm. Ensure that you understand the deployment scenario (depending on the turn-around time to the radius server and the number of transactions) and use this command appropriately. If you want to use 802.1x EAP, you should not assign a timeout value of less than 30 seconds.
When this command is used along with the CLI command “mobile station scan period <>”, it is suggested to use “scan period” > “eap timeout”.
Examples
This example shows how to assign an EAP timeout on a workgroup bridge:
workgroup-bridge timeouts iapp-refresh
Use the workgroup-bridge timeouts iapp-refresh global configuration command to fine tune the IAPP refresh timeout. This CLI command is applicable to an AP working in WGB mode only.
workgroup-bridge timeouts iapp-refresh ms
Note This command is supported only on APs that support a station role of “WGB.”
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to assign an IAPP refresh timeout to a workgroup bridge:
workgroup-bridge unified-vlan-client
Use the workgroup-bridge unified-vlan-client configuration interface command to enable the Workgroup Bridge (WGB) VLAN tagging feature.
[no] workgroup-bridge unified-vlan-client [broadcast-replicate]
Note This command is supported only on APs that support a station role of “WGB.”
Syntax Description
Enables/disables the The Workgroup-Bridge (WGB) VLAN tagging feature. |
|
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to enable WGB broadcast to all VLANs:
Related Commands
|
|
|
|---|---|
world-mode
Use the world-mode configuration interface mode command to enable access point world mode operation. You can configure the access point to support 802.11d world mode or Cisco legacy world mode. Use the no form of the command to disable world mode operation.
[no] world-mode
dot11d country_code code {both | indoor | outdoor} |
legacy
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
With world mode enabled, the access point advertises the local settings, such as allowed frequencies and transmitter power levels. Clients with this capability then passively detect and adopt the advertised world settings, and then actively scan for the best access point. Cisco client devices running firmware version 5.30.17 or later detect whether the access point is using 802.11d or Cisco legacy world mode and automatically use world mode that matches the mode used by the access point.
Examples
This example shows how to enable 802.11d world mode operation:
This example shows how to disable world mode operation:
Related Commands
|
|
|
|---|---|
wpa-psk
Use the wpa-psk SSID interface configuration command to configure a pre-shared key for use in WPA authenticated key management. To support WPA on a wireless LAN where 802.1x-based authentication is not available, you must configure a pre-shared key for the SSID.
wpa-psk { hex | ascii } [ 0 | 7 ] encryption-key
Note This command is not supported on bridges.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure a WPA pre-shared key for an SSID:
Related Commands
|
|
|
|---|---|
write memory
Use the write memory command to copy the running configuration into flash memory (NVRAM).
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
If an error message similar to the following displays, then there is no available space for the configuration file in the flash memory:
Examples
This example shows the command entry and the resulting command response:
Related Commands
write terminal
Use the write terminal command to write the running configuration to the terminal screen.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows the command entry and the resulting command response:
Feedback