Cisco AireOS Controller to Cisco Catalyst 9800 Series Wireless Controller - CLI Mapping
Interface Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config interface create vlan-name vlan-number config interface vlan vlan-name vlan-number config interface address dynamic-interface vlan-name primary-ip-address subnet-mask config interface dhcp dynamic-interface vlan-name primary primary-ip-address secondary secondary-ip-address |
vlan vlan-number no shutdown interface vlan vlan-number description "vlan-name" ip address ip-address subnet-mask ip helper-address primary-ip-address ip helper-address secondary-ip-address no shutdown |
|
|
Interface Configuration - IOS Global Parameters
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config sysname
hostname config logging syslog host ip-address config logging syslog level critical config logging syslog level level config time ntp server 1 ip-address config prompt hostname config sessions timeout timeout-value |
hostname hostname logging host ip-address logging trap level ntp server ip-address prompt hostname line console 0 exec-timeout timeout-value |
|
|
Radius Global Parameters
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config radius auth call-station-type ap-name-ssid config radius acct mac-delimiter delimiter |
aaa new-model radius-server attribute wireless authentication call-station-id ap-name-ssid delimiter radius-server attribute wireless accounting mac-delimiter |
|
|
Authentication TACACS Server
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config tacacs auth add encrypt 1 ip-address password 1 password config tacacs auth server-timeout 1 timeout-value |
tacacs server authentication-sever address ipv4 ip-address port port-number timeout timeout-value |
|
|
Accounting TACACS Server
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config tacacs acct add encrypt 1 ip-address 49 password password config tacacs acct server-timeout 1 timeout-value |
tacacs server accounting-server address ipv4 ip-address port port-number timeout timeout-value |
|
|
Authorization TACACS Server
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config tacacs athr add encrypt 1 ip-address49 password 1 password config tacacs athr server-timeout 1 ip-address
|
tacacs server authorization-server address ipv4 ip-address port-number port timeout timeout-value |
|
|
Authentication Radius Server
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config radius auth add encrypt 4 ip-address 1812 password 1 password config radius auth retransmit-timeout 4 timeout-value |
aaa new-model radius server radius-authentication-server address ipv4 ip-addressauth-port authentication-portacct-port accounting-port |
|
|
Accounting Radius Server
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config radius acct add encrypt 1 ip-address1813 password 1 password config radius acct retransmit-timeout 1 timeout-value |
aaa new-model radius server radius-accounting-server address ipv4 ip-address auth-port authentication-port acct-port accounting-port |
|
|
FlexConnect ACL
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config flexconnect acl apply Secured-Wireless-Networks config flexconnect acl create Secured-Wireless-Networks config flexconnect acl rule add Secured-Wireless-Networks 1 config flexconnect acl rule action Secured-Wireless-Networks 1 permit config flexconnect acl rule protocol Secured-Wireless-Networks 1 17 config flexconnect acl rule destination port range Secured-Wireless-Networks 1 1812 1813 |
ip access-list extended Secured-Wireless-Networks 1 permit 17 any any range 1812 1813 2 permit 17 any range 67 68 3 permit ip any ip-address 0.0.0.0 4 permit ip ip-address 0.0.0.0 any |
|
|
ACL
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config acl apply Apply_All config acl create Allow_All config acl rule add Allow_All 1 config acl rule action Allow_all 1 permit config acl rule source port range Allow_All 1 permit Allow_All 1 0 65535 config acl rule destination port range Allow_All 1 0 65535 |
ip access-list extended Allow_All 1 permit ip any any |
|
|
Multicast Parameters
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config network multicast global enable/disable config network multicast igmp snooping enable/disable config network multicast mode multicast ip-address |
wireless multicast ip igmp snooping querier wireless multicast ip-address |
|
|
Mobility Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config mobility group domain BISD config mobility group member add mac-address ip-address BISD |
wireless mobility group name BISD wireless mobility group member ip ip-address public-ip ip-address group BISD |
|
|
Rogue Global Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config rogue ap rldp enable alarm-only monitor-ap-only config rogue detection report-interval time config rogue detection monitor-ap report-interval time config rogue detection min-rssi time config rogue ap classify friendly state internal mac-address config rogue ap friendly add mac-address config rogue client mse enable |
wireless wps rogue ap rldp alarm-only monitor-ap-only wireless wps rogue detection report-interval time wireless wps rogue detection monitor-ap report-interval time wireless wps rogue detection min-rssi -time wireless wps rogue ap friendly mac-address state internal wireless wps rogue client mse |
|
|
Rogue Rules Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config rogue rule add ap priority priority classify friendly notify none state external 128_Ignore config rogue rule condition ap set rssi -128 128_Ignore config rogue rule enable 128_Ignore config rogue rule match any 128_Ignore |
wireless wps rogue rule 128_Ignore priority priority shutdown classify friendly state external condition rssi -128 match any no shutdown |
|
|
SNMP Trap Receiver Global Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config snmp trapreceiver create ip-aaddress ip-address |
snmp-server host ip-address version 2c ip-address |
|
|
SNMP Community Global Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config snmp community ipaddr ip-address ip-aaddress read2008bisd config snmp community create read2008bisd config snmp community mode enable read2008bisd rw read2008bisd config snmp community accessmode |
ip access-list extended read2008bisd_ACL permit udp any host ip-address eq snmp snmp-server community read2008bisd rw read2008bisd_ACL |
|
|
SNMP Syscontact and Syslocation Global Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config snmp syslocation NOC |
snmp-server contact NOC |
|
|
Location Global Configuration - Trapflags
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config trapflags 802.11-security ids-sig-attack disable |
no trapflags client dot11 ids-sig-attack |
|
|
Wireless Global Parameters
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config exclusionlist add 58:3f:54:c8:04:8f "IDS EAPOL Flood Attack " config exclusionlist add 2c:8a:72:b6:da:4b MDNSInterfere config exclusionlist add f0:f7:55:75:f0:f0 OE-AP config advanced fra enable config wps client-exclusion 802.11-assoc disable config wps client-exclusion ip-theft disable config wps client-exclusion 802.11-auth disable config wps client-exclusion 802.1x-auth disable config network mgmt-via-wireless enable config rfid status enable config rfid timeout 1200 config advanced probe limit 2 500 config network rf-network-name RF1 config country US load-balancing window 20 config load-balancing window 20 |
wireless exclusionlist 583f.54c8.048f description "IDS EAPOL Flood Attack " wireless exclusionlist 2c8a.72b6.da4b description MDNSInterfere wireless exclusionlist f0f7.5575.f0f0 description OE-AP ap fra no wireless wps client-exclusion ip-theft no wireless wps client-exclusion dot11-assoc no wireless wps client-exclusion dot11-auth no wireless wps client-exclusion dot1x-auth wireless mgmt-via-wireless wireless rfid wireless rfid timeout 1200 wireless probe limit 2 500 wireless rf-network RF1 ap country US wireless load-balancing window 20 |
|
|
Media-stream Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
media-stream multicast-direct disable media-stream multicast-direct enable |
wireless media-stream multicast-direct |
|
|
Mac-Filtering at WLAN level
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config macfilter add mac-address 4 240-sysops Roku config wlan radius_server auth add 4 5 config wlan create 4 SYSOPS SYSOPS config wlan enable 4 config wlan broadcast-ssid enable 4 config wlan security wpa disable 4 wpa2 disable 4 config wlan security wpa config wlan security wpa wpa2 ciphers aes disable 4 config wlan security wpa akm 802.1x disable 4 config wlan wmm allow 4 config wlan mac-filtering enable 4 |
aaa new-model aaa attribute list ATTR_LIST_SYSOPS attribute type ssid SYSOPS username b0ee7b3ff473 mac aaa attribute list ATTR_LIST_SYSOPS |
|
|
WLAN Profile Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config wlan radius_server auth add 1 4 config wlan radius_server acct add 1 1 config wlan create 1 BISD-5G BISD-5G config wlan security wpa akm 802.1x enable 1 config wlan security wpa akm 802.1x enable 1 config wlan security wpa enable 1 config wlan security wpa akm ft 802.1x enable 1 config wlan enable 1 config wlan broadcast-ssid enable 1 config wlan band-select allow enable 1 config wlan security wpa wpa1 enable 1 config wlan security wpa wpa1 ciphers aes enable 1 config wlan wmm allow 1 config wlan ccx aironetiesupport disable 1 config wlan radio 1 802.11a-only |
aaa new-model aaa group server radius RADIUS_SERVER_GROUP_AUTH_BISD-5G server name RADIUS_SERVER_AUTH_4 server name RADIUS_SERVER_AUTH_5 aaa authentication dot1x DOT1X_RADIUS_AUTH_LIST_BISD-5G group RADIUS_SERVER_GROUP_AUTH_RADIUS_SERVER_GROUP_AUTH_BISD-5G aaa group server radius RADIUS_SERVER_GROUP_ACCT_BISD-5G server name RADIUS_SERVER_ACCT_1 aaa accounting identity RADIUS_ACCT_LIST_BISD-5G start-stop group RADIUS_SERVER_GROUP_ACCT_BISD-5G wlan BISD-5G 1 BISD-5G security wpa security wpa wpa1 security wpa wpa1 ciphers aes security wpa akm dot1x security wpa akm ft dot1x security dot1x authentication-list DOT1X_RADIUS_AUTH_LIST_BISD-5G broadcast-ssid band-select wmm allowed no ccx aironet-iesupport radio dot11a no shutdown |
|
|
Flow Exporter Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config flow create exporter "Cisco Prime" mac-address port port-number |
flow exporter "Cisco Prime" destination mac-addresstransport udp port-number |
|
|
Flow Monitor Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config flow create monitor "Cisco Prime" config flow add monitor "Cisco Prime" exporter "Cisco Prime" |
flow monitor "Cisco Prime" flow exporter "Cisco Prime" flow monitor "Cisco Prime" exporter "Cisco Prime" |
|
|
Class Map Configuration for AVC Profile
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config avc profile Sample rule add application application-name drop |
class-map match-any CM_AVC_1_1 description Class-map for AVC-Profile - Sample, Action - police cir 8000 conform-action drop exceed-action drop match protocol application-name |
|
|
Policy Map Configuration for AVC Profile
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config avc profile sample-create config avc profile Sample rule add application application-name drop |
policy-map sample description Policy-map for AVC-Profile - sample class CM_AVC_1_1 police cir 8000 conform-action drop exceed-action drop |
|
|
Policy Profile Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config wlan aaa-override enable/disable 1 config wlan apgroup interface-mapping add vlan-number vlan-id vlan-name config interface vlan vlan-name vlan-number config wlan interface vlan-id vlan-interface config wlan session-timeout 1 timeout-value config wlan user-idle-threshold threshold-value 1 config wlan qos 1 qos-profile config wlan avc 1 visibility enable config wlan exclusionlist 1 60 config wlan profiling local dhcp enable 1 config wlan profiling local http enable 1 config wlan nac radius enable 1 |
wireless profile policy POLICY_PROFILE_1 description "Policy profile for wlan-ids=['vlan-id']" shutdown aaa-override vlan vlan-number session-timeout timeout-value idle-threshold threshold-value service-policy output qos-profile ipv4 flow monitor wireless-avc-basic input ipv4 flow monitor wireless-avc-basic output exclusionlist timeout timeout-value local-dhcp-profiling local-http-profiling nac |
|
|
Policy Tag Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config wlan apgroup add 001 "group-name" config wlan apgroup description 001 "group-name" config wlan apgroup interface-mapping add 001 2 guest-wifi config wlan apgroup interface-mapping add 001 3 001-wifi config wlan apgroup interface-mapping add 001 1 001-wifi |
wireless tag policy APG_001 description "Policy tag for wlan-ids=set(['1', '3', '2'])" wlan BISD-5G policy POLICY_PROFILE_34 wlan BISD-Guest policy POLICY_PROFILE_38 wlan BISD policy POLICY_PROFILE_62 |
|
|
Global Radio Parameters
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config 802.11a cac voice sip bandwidth 64 sample-interval interval config advanced 802.11a channel add channel-id config advanced 802.11a channel dca chan-width channel-width config 802.11a cleanair enable config advanced 802.11a channel cleanair-event enable config advanced 802.11a profile foreign global 60 config advanced 802.11a profile clients global 30 |
ap dot11 5ghz cac voice sip bandwidth 64 sample-interval interval ap dot11 5ghz rrm channel dca add channel-id ap dot11 5ghz rrm channel dca chan-width channel-width ap dot11 5ghz cleanair ap dot11 5ghz cleanair no ap dot11 5ghz rrm channel cleanair-event ap dot11 5ghz rrm channel cleanair-event |
|
|
RF Profile Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config rf-profile create 802.11a rf-profile-name config rf-profile data-rates 802.11a mandatory 1 2 rf-profile-name config rf-profile trap-threshold clients threshold-value rf-profile-name config rf-profile trap-threshold interference 60 rf-profile-name config rf-profile load-balancing window 20 rf-profile-name config rf-profile channel add channel-width rf-profile-name config rf-profile channel chan-width channel-width rf-profile-name |
ap dot11 5ghz rf-profile rf-profile-name shutdown rate RATE_12M mandatory rate RATE_6M mandatory rate RATE_24M mandatory rate RATE_48M supported rate RATE_36M supported rate RATE_9M supported rate RATE_18M supported rate RATE_54M supported trap threshold clients threshold-value trap threshold interference 60 load-balancing window 20 channel add channel-number channel chan-width channel-width no shutdown |
|
|
RF Tag Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config wlan apgroup profile-mapping add ap-group-profile
|
wireless tag rf ap-group-profile description "RF-Tag for AP-Group - BISDOEAP" 5ghz-rf-policy A_Profile |
|
|
Flex Profile Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config flexconnect group flex-group-name add config flexconnect group default-flex-group radius ap authority id group-id config flexconnect group default-flex-group radius ap authority info "group-info" config flexconnect group default-flex-group radius ap server-key encrypt 1 *** *** *** |
eap method fast profile EF_default-flex-group description "Eap-Fast profile: fc-grp=default-flex-group" authority-id identity id authority-id information "info" pac-password unencrypted/hidden server-key wireless profile flex flex-profile-name description flex-group-name no local-auth ap eap-fast EF_default-flex-group |
|
|
AP Profile Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config advanced backup-controller primary WISM-Central4 mac-address config ap packet-dump ftp serverip mac-address path / username username password password config ap packet-dump buffer-size buffer-size config ap packet-dump capture-time duration config ap packet-dump truncate 0 config ap packet-dump classifier control enable config ap packet-dump classifier management enable config ap packet-dump classifier ip enable config ap packet-dump classifier data enable config ap packet-dump classifier udp enable config ap ssh enable all |
wireless profile ap packet-capture pc_default-ap-profile ftp serverip mac-address ftp username usename ftp password 0 password ftp path / buffer-size buffer-size duration duration classifier control classifier management classifier data classifier udp ap profile default-ap-profile packet-capture pc_default-ap-profile capwap backup primary WISM-Central4 mac-address ssh |
|
|
Site Tag Configuration
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
flexconnect group NACHA ap add mac-address |
wireless tag site NACHA flex-profile NACHA |
|
|
Attaching tags to AP
AireOS CLIs |
Cisco Catalyst 9800 Series Wireless Controller CLIs |
---|---|
config flexconnect group SIN-SingaporeChangi ap add mac-address |
ap mac-address policy-tag FCG_SIN-SingaporeChangi site-tag SIN-SingaporeChangi |
|
|