Cisco AireOS Controller to Cisco Catalyst 9800 Series Wireless Controller, Command Reference Mapping Guide

Interface Configuration
Interface Configuration - IOS Global Parameters
Radius Global Parameters
Authentication TACACS Server
Accounting TACACS Server
Authorization TACACS Server
Authentication Radius Server
Accounting Radius Server
FlexConnect ACL
ACL
Multicast Parameters
Mobility Configuration
Rogue Global Configuration
Rogue Rules Configuration
SNMP Trap Receiver Global Configuration
SNMP Community Global Configuration
SNMP Syscontact and Syslocation Global Configuration
Location Global Configuration - Trapflags
Wireless Global Parameters
Media-stream Configuration
Mac-Filtering at WLAN level
WLAN Profile Configuration
Flow Exporter Configuration
Flow Monitor Configuration
Class Map Configuration for AVC Profile
Policy Map Configuration for AVC Profile
Policy Profile Configuration
Policy Tag Configuration
Global Radio Parameters
RF Profile Configuration
RF Tag Configuration
Flex Profile Configuration
AP Profile Configuration
Site Tag Configuration
Attaching tags to AP

Interface Configuration

Table 1. Interface Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config interface create `vlan-name` `vlan-number` config interface vlan `vlan-name` `vlan-number` config interface address dynamic-interface `vlan-name` `primary-ip-address` `subnet-mask` config interface dhcp dynamic-interface `vlan-name` primary `primary-ip-address` secondary `secondary-ip-address`	vlan `vlan-number` no shutdown interface vlan `vlan-number` description `"vlan-name"` ip address `ip-address` `subnet-mask` ip helper-address `primary-ip-address` ip helper-address `secondary-ip-address` no shutdown
`config interface create 001-wifi 3001 config interface vlan 001-wifi 3001 config interface address dynamic-interface 001-wifi 10.1.224.2 255.255.224.0 10.1.224.1 config interface dhcp dynamic-interface 001-wifi primary 10.240.208.31 secondary 10.240.208.33`	`vlan 3001 no shutdown interface vlan 3001 description "001-wifi" ip address 10.1.224.2 255.255.224.0 ip helper-address 10.240.208.31 ip helper-address 10.240.208.33 no shutdown`

Interface Configuration - IOS Global Parameters

Table 2. Interface Configuration - IOS Global Parameters
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config sysname `hostname` config logging syslog host `ip-address` config logging syslog level `critical` config logging syslog level `level` config time ntp server 1 `ip-address` config prompt `hostname` config sessions timeout `timeout-value`	hostname `hostname` logging host `ip-address` logging trap `level` ntp server `ip-address` prompt `hostname` line console 0 exec-timeout `timeout-value`
`config sysname CORE_8540 config logging syslog host 10.240.222.27 config logging syslog level critical config logging syslog level 2 config time ntp server 1 10.240.222.1 config prompt CORE_8540 config sessions timeout 60`	`hostname CORE_8540 logging host 10.240.222.27 logging trap 2 ntp server 10.240.222.1 prompt CORE_8540 line console 0 exec-timeout 60`

Radius Global Parameters

Table 3. Radius Global Parameters
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config radius auth `call-station-type` `ap-name-ssid` config radius acct mac-delimiter `delimiter`	aaa new-model radius-server attribute wireless authentication `call-station-id` `ap-name-ssid` `delimiter` radius-server attribute wireless accounting mac-delimiter
`config radius auth callstationidtype ap-name-ssid config radius acct mac-delimiter colon`	`aaa new-model radius-server attribute wireless authentication call-station-id ap-name-ssid radius-server attribute wireless accounting mac-delimiter colon`

Authentication TACACS Server

Table 4. Authentication TACACS Server
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config tacacs auth add encrypt 1 `ip-address` password 1 `password` config tacacs auth server-timeout 1 `timeout-value`	tacacs server `authentication-sever` address ipv4 `ip-address` port `port-number` timeout `timeout-value`
`config tacacs auth add encrypt 1 192.16.176.96 49 password 1 * * 16 *** config tacacs auth server-timeout 1 5`	`tacacs server TACACS_SERVER_AUTH_1 address ipv4 192.16.176.96 port 49 timeout 5`

Accounting TACACS Server

Table 5. Accounting TACACS Server
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config tacacs acct add encrypt 1 `ip-address` 49 password `password` config tacacs acct server-timeout 1 `timeout-value`	tacacs server `accounting-server` address ipv4 `ip-address` port `port-number` timeout `timeout-value`
`config tacacs acct add encrypt 1 192.16.176.96 49 password 1 * * 16 *** config tacacs acct server-timeout 1 5`	`tacacs server TACACS_SERVER_ACCT_1 address ipv4 192.16.176.96 port 49 timeout 5`

Authorization TACACS Server

Table 6. Authorization TACACS Server
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config tacacs athr add encrypt 1 `ip-address`49 password 1 `password` config tacacs athr server-timeout 1 `ip-address`	tacacs server `authorization-server` address ipv4 `ip-address` `port-number` port timeout `timeout-value`
`config tacacs athr add encrypt 1 192.16.176.96 49 password 1 * * 16 *** config tacacs athr server-timeout 1 5`	`tacacs server TACACS_SERVER_ATHR_1 address ipv4 192.16.176.96 port 49 timeout 5`

Authentication Radius Server

Table 7. Authentication Radius Server
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config radius auth add encrypt 4 `ip-address` 1812 password 1 `password` config radius auth retransmit-timeout 4 `timeout-value`	aaa new-model radius server `radius-authentication-server` address ipv4 `ip-address`auth-port `authentication-port`acct-port `accounting-port`
`config radius auth add encrypt 4 10.240.222.72 1812 password 1 * * 16 *** config radius auth retransmit-timeout 4 5`	`aaa new-model radius server RADIUS_SERVER_AUTH_4 address ipv4 10.240.222.72 auth-port 1812 acct-port 1813`

Accounting Radius Server

Table 8. Accounting Radius Server
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config radius acct add encrypt 1 `ip-address`1813 password 1 `password` config radius acct retransmit-timeout 1 `timeout-value`	aaa new-model radius server `radius-accounting-server` address ipv4 `ip-address` auth-port `authentication-port` acct-port `accounting-port`
`config radius acct add encrypt 1 10.240.222.15 1813 password 1 * * 16 *** config radius acct retransmit-timeout 1 2`	`aaa new-model radius server RADIUS_SERVER_ACCT_1 address ipv4 10.240.222.15 auth-port 1812 acct-port 1813`

FlexConnect ACL

Table 9. FlexConnect ACL
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config flexconnect acl apply `Secured-Wireless-Networks` config flexconnect acl create `Secured-Wireless-Networks` config flexconnect acl rule add `Secured-Wireless-Networks 1` config flexconnect acl rule action `Secured-Wireless-Networks 1 permit` config flexconnect acl rule protocol `Secured-Wireless-Networks 1 17` config flexconnect acl rule destination port range `Secured-Wireless-Networks 1 1812 1813`	ip access-list extended `Secured-Wireless-Networks` 1 permit 17 any any range `1812 1813` 2 permit 17 any range `67 68` 3 permit ip any `ip-address 0.0.0.0` 4 permit ip `ip-address 0.0.0.0 any`
`config flexconnect acl apply Secured-Wireless-Networks config flexconnect acl create Secured-Wireless-Networks config flexconnect acl rule add Secured-Wireless-Networks 1 config flexconnect acl rule action Secured-Wireless-Networks 1 permit config flexconnect acl rule protocol Secured-Wireless-Networks 1 17 config flexconnect acl rule destination port range Secured-Wireless-Networks 1 1812 1813`	`ip access-list extended Secured-Wireless-Networks 1 permit 17 any any range 1812 1813 2 permit 17 any range 67 68 any range 67 68 3 permit ip any 168.213.64.215 0.0.0.0 4 permit ip 168.213.64.215 0.0.0.0 any`

ACL

Table 10. ACL
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config acl apply `Apply_All` config acl create `Allow_All` config acl rule add `Allow_All 1` config acl rule action `Allow_all 1 permit` config acl rule source port range `Allow_All 1 permit Allow_All 1 0 65535` config acl rule destination port range `Allow_All 1 0 65535`	ip access-list extended `Allow_All` 1 permit ip any `any`
`config acl apply Allow_All config acl create Allow_All config acl rule add Allow_All 1 config acl rule action Allow_All 1 permit config acl rule source port range Allow_All 1 0 65535 config acl rule destination port range Allow_All 1 0 65535`	`ip access-list extended Allow_All 1 permit ip any any`

Multicast Parameters

Table 11. Multicast Parameters
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config network multicast global `enable/disable` config network multicast igmp snooping `enable/disable` config network multicast mode multicast `ip-address`	wireless multicast ip igmp snooping querier wireless multicast `ip-address`
`config network multicast global enable config network multicast igmp snooping enable config network multicast mode multicast 239.240.222.41`	`wireless multicast ip igmp snooping ip igmp snooping querier wireless multicast 239.240.222.41`

Mobility Configuration

Table 12. Mobility Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config mobility group domain BISD config mobility group member add `mac-address` `ip-address BISD`	wireless mobility group name BISD wireless mobility group member ip `ip-address` public-ip `ip-address` group BISD
`config mobility group domain BISD config mobility group member add 54:4a:00:32:b7:80 10.240.222.45 BISD`	`wireless mobility group name BISD wireless mobility group member ip 10.240.222.45 public-ip 10.240.222.45 group BISD`

Rogue Global Configuration

Table 13. Rogue Global Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config rogue ap rldp `enable alarm-only monitor-ap-only` config rogue detection `report-interval time` config rogue detection `monitor-ap report-interval time` config rogue detection `min-rssi time` config rogue ap classify friendly state internal `mac-address` config rogue ap friendly add `mac-address` config rogue client mse `enable`	wireless wps rogue ap rldp `alarm-only monitor-ap-only` wireless wps rogue detection `report-interval time` wireless wps rogue detection `monitor-ap report-interval time` wireless wps rogue detection `min-rssi -time` wireless wps rogue ap friendly `mac-address` state internal wireless wps rogue client mse
`config rogue ap rldp enable alarm-only monitor-ap-only config rogue detection report-interval 30 config rogue detection monitor-ap report-interval 30 config rogue detection min-rssi -70 config rogue ap classify friendly state internal 68:72:51:2c:b5:85 config rogue ap friendly add 2c:3e:cf:3c:a5:a0 config rogue client mse enable`	`wireless wps rogue ap rldp alarm-only monitor-ap-only wireless wps rogue detection report-interval 30 wireless wps rogue detection monitor-ap report-interval 30 wireless wps rogue detection min-rssi -70 wireless wps rogue ap friendly 6872.512c.b585 state internal wireless wps rogue client mse`

Rogue Rules Configuration

Table 14. Rogue Rules Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config rogue rule add ap priority `priority` classify friendly notify none state external `128_Ignore` config rogue rule condition ap set rssi `-128 128_Ignore` config rogue rule `enable 128_Ignore` config rogue rule match `any 128_Ignore`	wireless wps rogue rule `128_Ignore` priority `priority` shutdown classify friendly state `external` condition rssi `-128` match `any` no shutdown
`config rogue rule add ap priority 3 classify friendly notify none state external 128_Ignore config rogue rule condition ap set rssi -128 128_Ignore config rogue rule enable 128_Ignore config rogue rule match any 128_Ignore`	`wireless wps rogue rule 128_Ignore priority 3 shutdown classify friendly state external condition rssi -128 match any no shutdown`

SNMP Trap Receiver Global Configuration

Table 15. SNMP Trap Receiver Global Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config snmp trapreceiver create `ip-aaddress ip-address`	snmp-server host `ip-address` version `2c ip-address`
`config snmp trapreceiver create 10.240.222.40 10.240.222.40`	`snmp-server host 10.240.222.40 version 2c 10.240.222.40`

SNMP Community Global Configuration

Table 16. SNMP Community Global Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config snmp community ipaddr `ip-address ip-aaddress read2008bisd` config snmp community create `read2008bisd` config snmp community mode `enable read2008bisd` `rw read2008bisd` config snmp community accessmode	ip access-list extended `read2008bisd_ACL` permit udp any host `ip-address eq snmp` snmp-server community `read2008bisd rw read2008bisd_ACL`
`config snmp community ipaddr 10.240.222.0 255.255.255.0 read2008bisd config snmp community create read2008bisd config snmp community mode enable read2008bisd config snmp community accessmode rw read2008bisd`	`ip access-list extended read2008bisd_ACL permit udp any host 10.240.222.0 eq snmp snmp-server community read2008bisd rw read2008bisd_ACL`

SNMP Syscontact and Syslocation Global Configuration

Table 17. SNMP Syscontact and Syslocation Global Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config snmp syslocation NOC	snmp-server contact NOC
`config snmp syslocation NOC`	`snmp-server contact NOC`

Location Global Configuration - Trapflags

Table 18. Location Global Configuration - Trapflags
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config trapflags 802.11-security ids-sig-attack `disable`	no trapflags client dot11 ids-sig-attack
`config trapflags 802.11-security ids-sig-attack disable`	`no trapflags client dot11 ids-sig-attack`

Wireless Global Parameters

Table 19. Wireless Global Parameters
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config exclusionlist add `58:3f:54:c8:04:8f "IDS EAPOL Flood Attack "` config exclusionlist add `2c:8a:72:b6:da:4b MDNSInterfere` config exclusionlist add `f0:f7:55:75:f0:f0 OE-AP` config advanced fra `enable` config wps client-exclusion 802.11-assoc `disable` config wps client-exclusion ip-theft `disable` config wps client-exclusion 802.11-auth `disable` config wps client-exclusion 802.1x-auth `disable` config network mgmt-via-wireless `enable` config rfid status `enable` config rfid timeout `1200` config advanced probe limit 2 `500` config network rf-network-name `RF1` config country `US` load-balancing window `20` config load-balancing window `20`	wireless exclusionlist `583f.54c8.048f` description `"IDS EAPOL Flood Attack "` wireless exclusionlist `2c8a.72b6.da4b` description `MDNSInterfere` wireless exclusionlist `f0f7.5575.f0f0` description `OE-AP` ap fra no wireless wps client-exclusion ip-theft no wireless wps client-exclusion dot11-assoc no wireless wps client-exclusion dot11-auth no wireless wps client-exclusion dot1x-auth wireless mgmt-via-wireless wireless rfid wireless rfid timeout `1200` wireless probe limit 2 `500` wireless rf-network `RF1` ap country `US` wireless load-balancing window `20`
config exclusionlist add 58:3f:54:c8:04:8f "IDS EAPOL Flood Attack " config exclusionlist add 2c:8a:72:b6:da:4b MDNSInterfere config exclusionlist add f0:f7:55:75:f0:f0 OE-AP config advanced fra enable config wps client-exclusion 802.11-assoc disable config wps client-exclusion ip-theft disable config wps client-exclusion 802.11-auth disable config wps client-exclusion 802.1x-auth disable config network mgmt-via-wireless enable config rfid status enable config rfid timeout 1200 config advanced probe limit 2 500 config network rf-network-name RF1 config country US load-balancing window 20 config load-balancing window 20	wireless exclusionlist 583f.54c8.048f description "IDS EAPOL Flood Attack " wireless exclusionlist 2c8a.72b6.da4b description MDNSInterfere wireless exclusionlist f0f7.5575.f0f0 description OE-AP ap fra no wireless wps client-exclusion ip-theft no wireless wps client-exclusion dot11-assoc no wireless wps client-exclusion dot11-auth no wireless wps client-exclusion dot1x-auth wireless mgmt-via-wireless wireless rfid wireless rfid timeout 1200 wireless probe limit 2 500 wireless rf-network RF1 ap country US wireless load-balancing window 20

Media-stream Configuration

Table 20. Media-stream Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
media-stream multicast-direct `disable` media-stream multicast-direct `enable`	wireless media-stream multicast-direct
`media-stream multicast-direct disable media-stream multicast-direct enable`	`wireless media-stream multicast-direct`

Mac-Filtering at WLAN level

Table 21. Mac-Filtering at WLAN level
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config macfilter add `mac-address 4 240-sysops Roku` config wlan radius_server auth add `4 5` config wlan create `4 SYSOPS SYSOPS` config wlan `enable 4` config wlan broadcast-ssid `enable 4` config wlan security wpa `disable 4` `wpa2 disable 4` config wlan security wpa config wlan security wpa `wpa2 ciphers aes disable 4` config wlan security wpa `akm 802.1x disable 4` config wlan `wmm allow 4` config wlan mac-filtering `enable 4`	aaa new-model aaa attribute list ATTR_LIST_SYSOPS attribute type ssid SYSOPS username b0ee7b3ff473 mac aaa attribute list ATTR_LIST_SYSOPS
`config macfilter add b0:ee:7b:3f:f4:73 4 240-sysops Roku config wlan radius_server auth add 4 5 config wlan create 4 SYSOPS SYSOPS config wlan enable 4 config wlan broadcast-ssid enable 4 config wlan security wpa disable 4 config wlan security wpa wpa2 disable 4 config wlan security wpa wpa2 ciphers aes disable 4 config wlan security wpa akm 802.1x disable 4 config wlan wmm allow 4 config wlan mac-filtering enable 4`	`aaa new-model aaa attribute list ATTR_LIST_SYSOPS attribute type ssid SYSOPS username b0ee7b3ff473 mac aaa attribute list ATTR_LIST_SYSOPS`

WLAN Profile Configuration

Table 22. WLAN Profile Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config wlan radius_server auth add `1 4` config wlan radius_server acct add `1 1` config wlan create `1 BISD-5G BISD-5G` config wlan security wpa `akm 802.1x enable 1` config wlan security wpa `akm 802.1x enable 1` config wlan security wpa `enable 1` config wlan security wpa `akm ft 802.1x enable 1` config wlan `enable 1` config wlan broadcast-ssid `enable 1` config wlan band-select allow `enable 1` config wlan security wpa `wpa1 enable 1` config wlan security wpa `wpa1 ciphers aes enable 1` config wlan `wmm allow 1` config wlan `ccx aironetiesupport disable 1` config wlan `radio 1 802.11a-only`	aaa new-model aaa group server radius RADIUS_SERVER_GROUP_AUTH_BISD-5G server name RADIUS_SERVER_AUTH_4 server name RADIUS_SERVER_AUTH_5 aaa authentication dot1x DOT1X_RADIUS_AUTH_LIST_BISD-5G group RADIUS_SERVER_GROUP_AUTH_RADIUS_SERVER_GROUP_AUTH_BISD-5G aaa group server radius RADIUS_SERVER_GROUP_ACCT_BISD-5G server name RADIUS_SERVER_ACCT_1 aaa accounting identity RADIUS_ACCT_LIST_BISD-5G start-stop group RADIUS_SERVER_GROUP_ACCT_BISD-5G wlan BISD-5G 1 BISD-5G security wpa security wpa wpa1 security wpa wpa1 ciphers aes security wpa akm dot1x security wpa akm ft dot1x security dot1x authentication-list DOT1X_RADIUS_AUTH_LIST_BISD-5G broadcast-ssid band-select wmm allowed no ccx aironet-iesupport radio dot11a no shutdown
config wlan radius_server auth add 1 4 config wlan radius_server auth add 1 5 config wlan radius_server acct add 1 1 config wlan create 1 BISD-5G BISD-5G config wlan security wpa akm 802.1x enable 1 config wlan security wpa enable 1 config wlan security wpa akm ft 802.1x enable 1 config wlan enable 1 config wlan broadcast-ssid enable 1 config wlan band-select allow enable 1 config wlan security wpa wpa1 enable 1 config wlan security wpa wpa1 ciphers aes enable 1 config wlan wmm allow 1 config wlan ccx aironetiesupport disable 1 config wlan radio 1 802.11a-only	aaa new-model aaa group server radius RADIUS_SERVER_GROUP_AUTH_BISD-5G server name RADIUS_SERVER_AUTH_4 server name RADIUS_SERVER_AUTH_5 aaa authentication dot1x DOT1X_RADIUS_AUTH_LIST_BISD-5G group RADIUS_SERVER_GROUP_AUTH_RADIUS_SERVER_GROUP_AUTH_BISD-5G aaa group server radius RADIUS_SERVER_GROUP_ACCT_BISD-5G server name RADIUS_SERVER_ACCT_1 aaa accounting identity RADIUS_ACCT_LIST_BISD-5G start-stop group RADIUS_SERVER_GROUP_ACCT_BISD-5G wlan BISD-5G 1 BISD-5G security wpa security wpa wpa1 security wpa wpa1 ciphers aes security wpa akm dot1x security wpa akm ft dot1x security dot1x authentication-list DOT1X_RADIUS_AUTH_LIST_BISD-5G broadcast-ssid band-select wmm allowed no ccx aironet-iesupport radio dot11a no shutdown

Flow Exporter Configuration

Table 23. Flow Exporter Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config flow create exporter "Cisco Prime" `mac-address` port `port-number`	flow exporter "Cisco Prime" destination `mac-address`transport udp `port-number`
`config flow create exporter "Cisco Prime" 10.240.222.40 port 9991`	`flow exporter "Cisco Prime" destination 10.240.222.40 transport udp 9991`

Flow Monitor Configuration

Table 24. Flow Monitor Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config flow create monitor `"Cisco Prime"` config flow add monitor "Cisco Prime" exporter `"Cisco Prime"`	flow monitor `"Cisco Prime"` flow exporter `"Cisco Prime"` flow monitor `"Cisco Prime"` exporter `"Cisco Prime"`
`config flow create monitor "Cisco Prime" config flow add monitor "Cisco Prime" exporter "Cisco Prime"`	`flow monitor "Cisco Prime" flow exporter "Cisco Prime" flow monitor "Cisco Prime" exporter "Cisco Prime"`

Class Map Configuration for AVC Profile

Table 25. Class Map Configuration for AVC Profile
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config avc profile Sample rule add application `application-name` drop	class-map match-any CM_AVC_1_1 description Class-map for AVC-Profile - Sample, Action - police cir 8000 conform-action drop exceed-action drop match protocol `application-name`
`config avc profile Sample rule add application facebook drop`	`class-map match-any CM_AVC_1_1 description Class-map for AVC-Profile - Sample, Action - police cir 8000 conform-action drop exceed-action drop match protocol facebook`

Policy Map Configuration for AVC Profile

Table 26. Policy Map Configuration for AVC Profile
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config avc profile `sample-create` config avc profile Sample rule add application `application-name` drop	policy-map `sample` description Policy-map for AVC-Profile - `sample` class CM_AVC_1_1 police cir 8000 conform-action drop exceed-action `drop`
`config avc profile Sample create config avc profile Sample rule add application facebook drop`	`policy-map Sample description Policy-map for AVC-Profile - Sample class CM_AVC_1_1 police cir 8000 conform-action drop exceed-action drop`

Policy Profile Configuration

Table 27. Policy Profile Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config wlan aaa-override `enable/disable 1` config wlan apgroup interface-mapping add `vlan-number vlan-id vlan-name` config interface vlan `vlan-name vlan-number` config wlan interface `vlan-id vlan-interface` config wlan session-timeout `1 timeout-value` config wlan user-idle-threshold `threshold-value 1` config wlan qos `1 qos-profile` config wlan avc 1 `visibility enable` config wlan exclusionlist `1 60` config wlan profiling local dhcp `enable 1` config wlan profiling local http `enable 1` config wlan nac radius `enable 1`	wireless profile policy POLICY_PROFILE_1 description "Policy profile for wlan-ids=['vlan-id']" shutdown aaa-override vlan `vlan-number` session-timeout `timeout-value` idle-threshold `threshold-value` service-policy output `qos-profile` ipv4 flow monitor wireless-avc-basic input ipv4 flow monitor wireless-avc-basic output exclusionlist timeout `timeout-value` local-dhcp-profiling local-http-profiling nac
`config wlan aaa-override enable 1 config wlan apgroup interface-mapping add 119 1 119-wifi config interface create 119-wifi 3119 config interface vlan 119-wifi 3119 config wlan interface 1 012-wifi config wlan session-timeout 1 28800 config wlan user-idle-threshold 70 1 config wlan qos 1 platinum config wlan avc 1 visibility enable config wlan exclusionlist 1 60 config wlan profiling local dhcp enable 1 config wlan profiling local http enable 1 config wlan nac radius enable 1`	`wireless profile policy POLICY_PROFILE_1 description "Policy profile for wlan-ids=['1']" shutdown aaa-override vlan 3119 session-timeout 28800 idle-threshold 70 service-policy input platinum-up service-policy output platinum ipv4 flow monitor wireless-avc-basic input ipv4 flow monitor wireless-avc-basic output exclusionlist timeout 60 local-dhcp-profiling local-http-profiling nac`

Policy Tag Configuration

Table 28. Policy Tag Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config wlan apgroup add `001 "group-name"` config wlan apgroup description `001 "group-name"` config wlan apgroup interface-mapping add `001 2 guest-wifi` config wlan apgroup interface-mapping add `001 3 001-wifi` config wlan apgroup interface-mapping add `001 1 001-wifi`	wireless tag policy `APG_001` description "Policy tag for `wlan-ids=set(['1', '3', '2'])"` wlan BISD-5G policy `POLICY_PROFILE_34` wlan BISD-Guest policy `POLICY_PROFILE_38` wlan BISD policy `POLICY_PROFILE_62`
`config wlan apgroup add 001 "Haltom HS" config wlan apgroup description 001 "Haltom HS" config wlan apgroup interface-mapping add 001 2 guest-wifi config wlan apgroup interface-mapping add 001 3 001-wifi config wlan apgroup interface-mapping add 001 1 001-wifi`	`wireless tag policy APG_001 description "Policy tag for wlan-ids=set(['1', '3', '2'])" wlan BISD-5G policy POLICY_PROFILE_34 wlan BISD-Guest policy POLICY_PROFILE_38 wlan BISD policy POLICY_PROFILE_62`

Global Radio Parameters

Table 29. Global Radio Parameters
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config 802.11a cac voice sip bandwidth `64 sample-interval interval` config advanced 802.11a channel add `channel-id` config advanced 802.11a channel dca chan-width `channel-width` config 802.11a cleanair `enable` config advanced 802.11a channel cleanair-event `enable` config advanced 802.11a profile foreign global `60` config advanced 802.11a profile clients global `30`	ap dot11 5ghz cac voice sip bandwidth 64 sample-interval `interval` ap dot11 5ghz rrm channel dca add `channel-id` ap dot11 5ghz rrm channel dca chan-width `channel-width` ap dot11 5ghz cleanair ap dot11 5ghz cleanair no ap dot11 5ghz rrm channel cleanair-event ap dot11 5ghz rrm channel cleanair-event
`config 802.11a cac voice sip bandwidth 64 sample-interval 20 config advanced 802.11a channel add 140 config advanced 802.11a channel dca chan-width 40 config 802.11a cleanair enable config advanced 802.11a channel cleanair-event enable config advanced 802.11a profile foreign global 60 config advanced 802.11a profile clients global 30`	`ap dot11 5ghz cac voice sip bandwidth 64 sample-interval 20 ap dot11 5ghz rrm channel dca add 140 ap dot11 5ghz rrm channel dca chan-width 40 ap dot11 5ghz cleanair ap dot11 5ghz cleanair no ap dot11 5ghz rrm channel cleanair-event ap dot11 5ghz rrm channel cleanair-event`

RF Profile Configuration

Table 30. RF Profile Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config rf-profile create `802.11a rf-profile-name` config rf-profile data-rates 802.11a mandatory 1 `2 rf-profile-name` config rf-profile trap-threshold clients `threshold-value rf-profile-name` config rf-profile trap-threshold interference `60 rf-profile-name` config rf-profile load-balancing window `20 rf-profile-name` config rf-profile channel add `channel-width rf-profile-name` config rf-profile channel chan-width `channel-width rf-profile-name`	ap dot11 5ghz rf-profile `rf-profile-name` shutdown rate RATE_12M mandatory rate RATE_6M mandatory rate RATE_24M mandatory rate RATE_48M supported rate RATE_36M supported rate RATE_9M supported rate RATE_18M supported rate RATE_54M supported trap threshold clients `threshold-value` trap threshold interference `60` load-balancing window `20` channel add `channel-number` channel chan-width `channel-width` no shutdown
`config rf-profile create 802.11a A_Profile config rf-profile data-rates 802.11a mandatory 12 A_Profile config rf-profile trap-threshold clients 30 A_Profile config rf-profile trap-threshold interference 60 A_Profile config rf-profile load-balancing window 20 A_Profile config rf-profile channel add 112 A_Profile config rf-profile channel chan-width 80 A_Profile`	`ap dot11 5ghz rf-profile A_Profile shutdown rate RATE_12M mandatory rate RATE_6M mandatory rate RATE_24M mandatory rate RATE_48M supported rate RATE_36M supported rate RATE_9M supported rate RATE_18M supported rate RATE_54M supported trap threshold clients 30 trap threshold interference 60 load-balancing window 20 channel add 112 channel chan-width 80 no shutdown`

RF Tag Configuration

Table 31. RF Tag Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config wlan apgroup profile-mapping add `ap-group-profile`	wireless tag rf `ap-group-profile` description `"RF-Tag for AP-Group - BISDOEAP"` 5ghz-rf-policy `A_Profile`
`config wlan apgroup profile-mapping add BISDOEAP A_Profile`	`wireless tag rf BISDOEAP description "RF-Tag for AP-Group - BISDOEAP" 5ghz-rf-policy A_Profile`

Flex Profile Configuration

Table 32. Flex Profile Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config flexconnect group `flex-group-name add` config flexconnect group default-flex-group radius ap authority `id group-id` config flexconnect group default-flex-group radius ap authority `info "group-info"` config flexconnect group default-flex-group radius ap server-key encrypt 1 * * ***	eap method fast profile `EF_default-flex-group` description `"Eap-Fast profile: fc-grp=default-flex-group"` authority-id identity `id` authority-id information `"info"` pac-password `unencrypted/hidden server-key` wireless profile flex `flex-profile-name` description `flex-group-name` no local-auth ap eap-fast `EF_default-flex-group`
`config flexconnect group default-flex-group add config flexconnect group default-flex-group radius ap authority id 436973636f0000000000000000000000 config flexconnect group default-flex-group radius ap authority info "Cisco A_ID" config flexconnect group default-flex-group radius ap server-key encrypt 1 * * ***`	`eap method fast profile EF_default-flex-group description "Eap-Fast profile: fc-grp=default-flex-group" authority-id identity 436973636f0000000000000000000000 authority-id information "Cisco A_ID" pac-password <UNENCRYPTED/HIDDEN> <SERVER_KEY> wireless profile flex default-flex-group description default-flex-group no local-auth ap eap-fast EF_default-flex-group`

AP Profile Configuration

Table 33. AP Profile Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config advanced backup-controller primary `WISM-Central4 mac-address` config ap packet-dump ftp serverip `mac-address path /` username `username` password `password` config ap packet-dump buffer-size `buffer-size` config ap packet-dump capture-time `duration` config ap packet-dump `truncate 0` config ap packet-dump classifier control `enable` config ap packet-dump classifier management `enable` config ap packet-dump classifier ip `enable` config ap packet-dump classifier data `enable` config ap packet-dump classifier udp `enable` config ap ssh `enable all`	wireless profile ap packet-capture `pc_default-ap-profile` ftp serverip `mac-address` ftp username `usename` ftp password 0 `password` ftp `path /` buffer-size `buffer-size` duration `duration` classifier `control` classifier `management` classifier `data` classifier `udp` ap profile `default-ap-profile` packet-capture `pc_default-ap-profile` capwap backup primary `WISM-Central4 mac-address` ssh
config advanced backup-controller primary WISM-Central4 10.240.222.44 config ap packet-dump ftp serverip 10.240.222.27 path / username ncsadmin password @dmin2015 config ap packet-dump buffer-size 3000 config ap packet-dump capture-time 10 config ap packet-dump truncate 0 config ap packet-dump classifier control enable config ap packet-dump classifier management enable config ap packet-dump classifier ip enable config ap packet-dump classifier data enable config ap packet-dump classifier udp enable config ap ssh enable all	`wireless profile ap packet-capture pc_default-ap-profile ftp serverip 10.240.222.27 ftp username ncsadmin ftp password 0 @dmin2015 ftp path / buffer-size 3000 duration 10 classifier control classifier management classifier ip classifier data classifier udp ap profile default-ap-profile packet-capture pc_default-ap-profile capwap backup primary WISM-Central4 10.240.222.44 ssh`

Site Tag Configuration

Table 34. Site Tag Configuration
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
flexconnect group NACHA ap add `mac-address`	wireless tag site NACHA flex-profile NACHA
`flexconnect group NACHA ap add 6c:41:6a:29:5b:cf`	`wireless tag site NACHA flex-profile NACHA`

Attaching tags to AP

Table 35. Attaching tags to AP
AireOS CLIs	Cisco Catalyst 9800 Series Wireless Controller CLIs
config flexconnect group SIN-SingaporeChangi ap add `mac-address`	ap `mac-address` policy-tag FCG_SIN-SingaporeChangi site-tag SIN-SingaporeChangi
`config flexconnect group SIN-SingaporeChangi ap add 00:06:f6:16:c2:5b`	`ap 0006.f616.c25b policy-tag FCG_SIN-SingaporeChangi site-tag SIN-SingaporeChangi`

Bias-Free Language

Results

Chapter: Cisco AireOS Controller to Cisco Catalyst 9800 Series Wireless Controller, Command Reference Mapping Guide

Cisco AireOS Controller to Cisco Catalyst 9800 Series Wireless Controller, Command Reference Mapping Guide

Cisco AireOS Controller to Cisco Catalyst 9800 Series Wireless Controller - CLI Mapping

Interface Configuration

Interface Configuration - IOS Global Parameters

Radius Global Parameters

Authentication TACACS Server

Accounting TACACS Server

Authorization TACACS Server

Authentication Radius Server

Accounting Radius Server

FlexConnect ACL

ACL

Multicast Parameters

Mobility Configuration

Rogue Global Configuration

Rogue Rules Configuration

SNMP Trap Receiver Global Configuration

SNMP Community Global Configuration

SNMP Syscontact and Syslocation Global Configuration

Location Global Configuration - Trapflags

Wireless Global Parameters

Media-stream Configuration

Mac-Filtering at WLAN level

WLAN Profile Configuration

Flow Exporter Configuration

Flow Monitor Configuration

Class Map Configuration for AVC Profile

Policy Map Configuration for AVC Profile

Policy Profile Configuration

Policy Tag Configuration

Global Radio Parameters

RF Profile Configuration

RF Tag Configuration

Flex Profile Configuration

AP Profile Configuration

Site Tag Configuration

Attaching tags to AP

Was this Document Helpful?

Contact Cisco